Government of Canada Information Technology Strategic Plan 2016-2020
Note to readers
The Information Technology Strategic Plan is closed for consultation. Thank you to those who took the time to provide feedback. A “What We Heard” summary report will be published in the fall.
Table of Contents
- Message from the Chief Information Officer of the Government of Canada
- Executive Summary
- The Vision
- Mission Statement
- Guiding Principles
- Strategic Goals
- Service IT
- Secure IT
- Manage IT
- Work IT
- The Way Forward
- Appendix A: Implementation Roadmap
- Appendix B: Key Performance Indicators
- Appendix C: Government of Canada Modernization Priorities 2016–19
- Appendix D: Roles and Responsibilities
Message from the Chief Information Officer of the Government of Canada
The Government of Canada’s Information Technology Strategic Plan sets out the four-year strategic direction for information technology (IT) in the federal government. In responding to government priorities and current challenges, the plan charts the path forward for IT from a whole-of-government or “enterprise” perspective, positioning the government to manage and use IT as a strategic asset, in innovative ways, to deliver better programs and services and ultimately value to Canadians.
Developing this plan provided the opportunity to assess our progress and reconfirm the Government of Canada’s commitment to the continued enterprise transformation of IT. The goal of this transformation is to enable improved and easier access to government services by business and individuals in ways that meet their expectations for a responsive, modern and secure digital government. In developing this plan, we also looked at what other jurisdictions are doing to organize internal capacity to drive innovation in digital services. We will consider various models as we explore new approaches to utilize internal capacity to meet our current and future needs.
At its core, the plan is intended to guide federal organizations and the IT community on IT priority setting and decision-making. This is why it includes actions to strengthen the current enterprise governance, a key to our success going forward.
This plan will also inform Shared Services Canada’s (SSC’s) direction and priorities as SSC revises and implements the plan to renew the Government of Canada’s IT infrastructure. The strategic actions outlined in this plan include both current commitments and activities, as well as new enterprise directions, some of which may require additional approvals or funding to be fully implemented. Regardless of their status, the directions outlined provide important guideposts for departments and agencies as they develop their individual IT plans and prioritize their IT investments.
Not all actions set out in this plan are expected to be completed by 2020. Neither is it expected that all departments and agencies will implement these actions within the same time frame. Some actions may not be applicable or appropriate for all departments, most notably small departments and agencies. Deputy heads, in consultation with the Treasury Board of Canada Secretariat (TBS), will take this into consideration when implementing the strategic plan.
I extend my sincere thanks to the Government of Canada’s Chief Information Officer (CIO) community and many other federal partners who helped us build this strategic plan. Through careful planning and cooperation within the Government of Canada enterprise, we can achieve the IT vision and meet the strategic goals outlined in this document.
Chief Information Officer of the Government of Canada
Traditionally, government organizations have set up and run their own IT infrastructure and services in order to carry out their respective mandates. Over the last few years, the Government of Canada has taken the first steps to transform its approach to IT infrastructure and service delivery. These steps have included initiatives to transform the “back office” services provided to employees, such as human resources, financial services and records management, and to provide IT infrastructure, email, data centres and network services across government through Shared Services Canada.
This IT strategic plan builds on the lessons learned from these initiatives, and seizes on the opportunities created by technologies such as social media, mobile devices, analytics and cloud computing to fully maximize the benefits of an enterprise approach to IT. This plan will deliver to Canadians the kind of government they expect – one that is open and transparent yet safeguards their personal information, one that delivers effective and responsive programs and services while being fiscally prudent, and one that makes decisions based on sound evidence while seeking meaningful engagement and collaboration with Canadians and other stakeholders.
To deliver on these citizen expectations, employees require modern and effective tools for their day-to-day work. They demand a modern workplace with digital tools that are integrated, collaborative and efficient. Along with these requirements, constantly evolving technology and the need to protect vital data and information from malicious cyber threats, make it essential that we renew our aging and mission-critical IT systems. At the same time, we must balance the growing demand for IT services with realistic capacity limitations.
Building on these key drivers, the overarching goals of service, security, value and agility set the direction for the strategy. The Government of Canada is committed to responsive and innovative IT services that meet business needs and enhance the end-user experience, to a secure and resilient enterprise infrastructure that enables the trusted delivery of programs and services, to smart investments across the board that ensure high-value and cost-effectiveness, and to an agile, connected and high-performing workforce with modern tools. Four strategic areas of action will achieve these goals over the next four years and beyond. Each area of focus, Service IT, Secure IT, Manage IT, and Work IT details specific actions and activities that are currently underway or that represent new enterprise directions.
The first, Service IT, calls for the use of cloud computing, information-sharing platforms, and technologies and tools to manage service delivery and improve client satisfaction. These actions are necessary in order to develop a modern, reliable and sustainable IT infrastructure that allows for the secure sharing of information. This in turn will ultimately result in better internal services for government employees and improved external services for Canadians and other users.
The second area, Secure IT, focuses on layered defences to reduce exposure to cyber threats, increased awareness and understanding to proactively manage these threats, and protective measures to enable the secure processing and sharing of data and information across government. These actions will ensure that Canadians and others who access online services trust the government with their personal information.
The third area, Manage IT presents a strengthened governance approach, the evolution of IT management practices, process and tools and a focus on innovation as well as sustainability. Implementing these strategic actions will ensure that IT investments are sustainable, take advantage of economies of scale, and demonstrate value by helping departments deliver on their mandates.
The fourth area, Work IT, introduces actions to build a high-performing IT workforce and a modern workplace that provides public service employees with the tools they need to do their jobs. This is vital because the Government of Canada’s employees are its greatest asset when it comes to delivering the kind of government that Canadians want.
Progress towards achieving the strategic goals outlined in the IT strategic plan will be tracked, evaluated and reported. As it evolves, the government’s IT strategic plan will require the government to make investment choices. It will be reviewed yearly to ensure it stays up to date and relevant, supported by an implementation roadmap to track and report on progress (Appendix A). Departments and agencies through their investment plans, will detail how this enterprise approach will be implemented in their organization.
With this strategic plan, the Government of Canada has set out a clear path to getting the maximum benefit out of the money it spends on IT. Implementing this agenda is crucial to ensuring that the Government of Canada is ready and able to meet the needs and expectations of Canadians in the years ahead.
IT services in the Government of Canada are delivered by 17,000 IT professionals working in more than 1,500 government locations across Canada and around the world.
The government’s total annual spending on IT is $5 billion, an amount that has been stable over the past 5 years.
Government departments spend $3 billion annually on applications, computing devices and IT program management.
The Government of Canada is made up of more than 100 separate organizations that deliver a broad range of programs and services to individuals and businesses in Canada and abroad. IT supports the government in delivery of these programs and services. In the past, many operated their own IT infrastructure and services to carry out their respective mandates. Increasingly, the disadvantages of this approach have become apparent. Inefficiency, duplication and IT-systems incompatibility have hindered the ability of government decision-makers to get the high-quality, real-time information they need to deliver excellent results.
A whole-of-government, or “enterprise” approach to IT infrastructure and service delivery is addressing these short-comings. The responsibility for delivering IT services to core departments and agencies is now shared between central providers such as Shared Services Canada (SSC) and Public Services and Procurement Canada (PSPC). Cyber and IT security is the shared responsibility of SSC, the Communications Security Establishment (CSE) and Public Safety Canada. The Chief Information Officer Branch (CIOB), of Treasury Board Secretariat (TBS) supports Treasury Board by developing strategy, setting government-wide policy for IT and cybersecurity, and providing implementation guidance.
Today’s business environment continues to be characterized by disruption and the imperative to do more, faster, with less. In our digital era, individuals, business and others who interact with government have high standards for the services they receive. The Government of Canada is transforming how government works so that it better reflects the values and expectations of its clients.
This IT strategic plan supports the continued transformation to enterprise IT infrastructure and service delivery and proposes to address these and other challenges by responding to the following key drivers:
- Citizen expectations
- Workplace and workforce evolution
- The enterprise approach
- Aging IT and sustainability
Canadians want and deserve technology that provides the best service to them, when and where they need it, and in a client-centric manner. They want to be assured that departments and agencies are using the best available data to make evidence-based decisions with respect to policies, programs and services that affect everyone. They value government that is open with its data and other business information yet protects their privacy.
Workplace and workforce evolution
Internal clients, including employees, expect modern and effective tools that connect up to make their day-to-day work efficient and provide value-added to their efforts. They demand a digital experience that is optimized, integrated and diversely client-centric. Employees in a modern workplace need digital tools that promote collaboration, information sharing and increased productivity.
Cybersecurity is an ever-evolving aspect of any information technology strategy. While bringing important opportunities, the consolidation of systems leads to a greater attack surface that requires enhanced security measures to minimize risks. Inconsistent management of government networks and the security profiles of government endpoint devices – computer devices capable of connecting to the Internet – also has the potential to increase the risk of cyber-attack.
The enterprise approach
Sharing our infrastructure, and using common IT solutions to meet common needs, is one part of leveraging technology in a whole-of-government, or enterprise, approach, along with addressing security, privacy, accessibility, and open information requirements.
For IT users, it will be important to ensure a consistent end-user experience government-wide, regardless of geographical location. Issues of latency, bandwidth, security, infrastructure and other considerations need to be taken into account. As well, the complexity of IT-enabled projects is increasing as we move toward a more horizontal delivery model. Authoritative governance is needed to make enterprise decisions about IT investments.
Aging IT and sustainability
There is a continued need to renew the government’s aging and mission critical IT infrastructure and systems that are at risk of breaking down. IT infrastructure transformation is proceeding slower than anticipated; complexity of the task has caused some delays and procurement is taking longer than planned. Funding pressures are arising, in part, from stronger than forecasted growth in demand. Chronic under investment puts the government’s ability to deliver some essential services to Canadians at risk. While progress has been made to rationalize applications, current system health indicators signal more work is needed to address this risk.
The provision of secure, agile and reliable IT services delivers improved productivity and streamlined, high quality government services that are simpler and easier to access, where and when our clients want them.
Aging IT risks have been reduced through the completion of the IT infrastructure transformation and implementation of models and processes to ensure sustainable funding to address IT renewal. IT platforms that are the backbone for information sharing, big data analytics and collaboration, enable the use of high quality government data to inform decisions and identify innovative approaches to public policy. The use of enabling technologies such as cloud computing and social media offer more ways to engage with Canadians and others.
Through proactive measures, the government has reduced the threat surface of internet-connected networks and improved controls regarding access to government-held information. Enhancing government network and system security ensures that Canadians and others assessing online services can trust the government with their personal information.
IT investment that is targeted at business priorities drives greater efficiency and encourages innovation by government and third parties. Better management of IT investment maximizes value and reduces service delivery costs, enabling the government to respond more rapidly to emerging issues.
The government is served by a high performing, strategically minded IT workforce who enjoy exciting career opportunities in the federal government. The Public Service is highly connected, and technology integrates seamlessly into daily work life. IT allows people to work smarter and solve problems more effectively by providing secure, agile and reliable systems and tools for information sharing, collaboration, and innovation.
Federal information technology professionals are strategic partners within our organizations, providing excellence in IT services and delivering secure, reliable and agile technology. Working collaboratively with stakeholders and across government, our efforts add value in the workplace and contribute to better programs and services for Canadians.
Principle 1: Enable a modern workplace: Anywhere, anytime, with anyone
The Government of Canada strives to be an innovative organization that provides its employees with modern technology that supports information sharing, collaboration, and that will attract, retain and encourage public servants to work smarter, be innovative, greener and healthier so that they may better serve Canadians.
Principle 2: Think “enterprise” first
Where an enterprise solution exists to meet a common business need, departments and agencies should stop investing in departmental legacy versions and refocus efforts, resources and funds on becoming ready to adopt the enterprise solution and on accelerating its delivery.
Principle 3: Use cloud computing services
Departments and agencies should explore Software as a Service (SaaS) cloud computing services before developing solutions in-house. Cloud computing services are to be procured through SSC, which will act as the Government of Canada’s cloud service broker.
Principle 4: Meet common business needs through shared solutions
Departments and agencies should actively seek out opportunities to pool resources inter-departmentally to address common business needs.
Principle 5: Examine options
Where an enterprise solution to meet a common business need does not exist, departments and agencies should examine potential solutions taking into consideration total cost of ownership, ability to meet current and future business requirements, interoperability and assessing internal capacity.
The overarching strategic goals of service, security, value, and agility along with the mission statement set the direction for the IT strategic plan. The Government of Canada is committed to responsive and innovative IT services that meet business needs and enhance the end-user experience, to a secure and resilient enterprise infrastructure that enables the trusted delivery of programs and services, to smart investments across the board that ensure high-value and cost-effectiveness, and to a connected and high-performing workforce with modern tools.
Strategic goal #1: Service
A responsive and innovative IT service that meets business needs and enhances the end-user experience
- Adopt emerging technology to improve service delivery
- Continue enterprise-wide approach to delivering IT services
- Provide public service employees access to modern self-service tools and applications
Strategic goal #2: Security
A secure and resilient enterprise infrastructure that enables the trusted delivery of programs and services
- Enhance security measures to minimize risk
- Provide more consistent management of government networks
- Protect personal and sensitive information
Strategic goal #3: Value
Smart investments that are both high in value and cost-effective
- Encourage collective use of resources, tools, processes and systems
- Develop enterprise-wide solutions to address common business needs
- Ensure sustainability of IT systems and infrastructure
Strategic goal #4: Agility
An agile, connected and high-performing workforce with modern tools
- Attract and retain highly-skilled and diverse IT talent
- Provide a technologically advanced workplace
- Promote digital literacy and collaboration
Four key areas of action, Service IT, Secure IT, Manage IT, and Work IT, and have been identified to achieve these strategic goals over the next four years and beyond. Each of these four key areas detail the specific actions and activities required to deliver results under the goals of service, security, value and agility. The IT strategic plan framework is illustrated below.
A responsive and innovative IT service that meets business needs and enhances the end-user experience
Service IT focuses on developing a modern, reliable, interoperable and sustainable IT infrastructure that allows for secure sharing of information, ultimately resulting in better internal services for government employees and improved external services for Canadians.
Table 1 (below) shows the strategic actions that are currently underway, and those that represent new enterprise directions which may require additional approvals or funding to be implemented.
|Actions underway||Future actions|
Service management and modernization
The more open, transparent and integrated government programs and services become, the more they will depend on IT to deliver secure and reliable services that meet agreed upon expectations.
Develop IT service portfolios and catalogues Actions underway
An IT service portfolio describes services in terms of business value, including:
- A list of services
- A description of how they are bundled or packaged
- The benefits they deliver
An IT service catalogue is a list of available technology resources and offerings within an organization. It is a tactical, operational tool that is intended to make it easier for clients to request IT services on a day-to-day basis.
SSC and PSPC will develop IT service portfolios and service catalogues that clearly articulate enterprise service expectations for the services they provide, including:
- Roles and responsibilities
- Service targets
- Associated reporting commitments
SSC and PSPC will price their services to facilitate the introduction of:
- Chargeback models
- Price comparisons of external service providers
- The adoption of cloud services
With respect to IT security, SSC will establish expectations and provide the necessary information to partners for the IT infrastructure that it manages.
Report on key areas of IT system health performance Actions underway
Key performance indicators that focus on operational excellence and delivery are critical tools in managing the delivery of IT services. Departments and agencies will put in place metrics for monitoring client satisfaction and key areas of IT system performance (e.g., security, availability, reliability and capacity).
For the services they provide, SSC and PSPC will:
- Set enterprise-wide service-level expectations in collaboration with departments and agencies
- Report to departments and agencies on performance based on these expectations
- Engage their clients to resolve issues if service levels fall below targets
Implement enterprise IT service management tools Future actions
IT service management (ITSM) refers to an organization’s planning, delivery, operations and control of IT services offered to clients. Departments and agencies traditionally have implemented their own ITSM tools. These tools are expensive to implement and maintain, and the diversity of tools affects overall ITSM efficiencies. Moreover, service request and trouble tickets do not flow easily within and between organizations.
SSC will put in place enterprise ITSM tools and make them available to all departments and agencies. This will bring consistency to the practice of ITSM and, more importantly, reduce the cost and delays of fulfilling service requests.
Complete data centre consolidation and modernization Actions underway
The Government of Canada operates over 500 aging data centres that support mission-critical and non-mission-critical business functions. Consolidating these data centres into fewer modern and secure data centre services is the most cost-effective way to address the government’s “rust out” issue. These enterprise data centres will be designed with the ability for backup and retention, as part of disaster recovery plans and in support of business continuity.
SSC will enable the migration of departmental legacy applications to segregated partner-specific locations (called enclaves) within the new enterprise data centres. This migration will accelerate the closure of aging data centres, enhance data security and minimize the financial and business impact to organizations.
To ease the demand for data centre capacity, departments will reduce the number of back office applications to be migrated. The extent to which the government leverages external cloud service providers could also reduce the requirement for data centre capacity.
Successfully consolidating data centres depends on departments’ readiness to prepare their applications for migration within prescribed timeframes. Departments and agencies will work with SSC and other government and external partners to ensure that:
- Mission-critical and other applications are in appropriate environments
- These applications are supported with appropriate technologies and procedures to ensure their availability
Complete network consolidation Actions underway
To streamline and modernize the government’s network infrastructure and services, SSC will eliminate unused phone lines and migrate departments from outdated and costly legacy phone systems to wireless devices and VoIP service.
SSC will also work with departments and agencies to:
- Consolidate the 50 existing SSC partner wide-area networks into a single enterprise network
- Establish shared network infrastructure in office buildings that house multiple departments
- Secure and reduce the number of connections to the Internet
Complete government email consolidation Actions underway
Departments and agencies have traditionally operated their own email systems, leading to business and cost inefficiencies. Departments and agencies will reduce the size of employees’ mailboxes. SSC and departments and agencies will work to complete the task of consolidating email services to a common system.
Cloud computing, or on-demand computing, provides access to shared computing resources (e.g. networks, servers, storage, applications, and services). This capacity is provided using “pay for use” models, similar to those used for traditional utilities such as water or electricity.
Cloud computing eliminates the need to buy hardware or software. This allows governments to move from a capital expense model to an operational expense model. Moreover, cloud computing is best positioned to satisfy the substantial need for agility and scalability of today’s unpredictable business environments.
In the context of cloud, enterprise-wide and shared solutions, departments and agencies have a duty to apply safeguards that will enable them to retain uncompromised control over information they have collected or created.
Adopt cloud computing services Actions underway
TBS will publish the Government of Canada’s Cloud Adoption Strategy to guide the adoption of cloud computing services in a cost effective and secure manner. Departments and agencies will choose cloud computing services from a number of options that will include extensions to existing legacy solutions and private and public cloud offerings. In making these choices, departments and agencies will need to consider:
- Data residency and sovereignty
- Vendor lock-in considerations
- Commercial risk
- Latency and performance
- Data transfer
Departments and agencies will consider solutions that employ Software as a Service (SaaS) before Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
To ensure Canada’s sovereign control over its data, departments and agencies will adopt the policy that all sensitive or protected data under government control will be stored on servers that reside in Canada. Departments and agencies will evaluate risks based on an assessment of data sensitivity, and apply the appropriate security controls for cloud services.
Establish a cloud service broker Actions underway
A cloud service broker (CSB) functions as a bridge between organizations and cloud providers. Using a CSB makes cloud services less expensive, easier, safer and more productive for organizations to navigate, integrate, consume and extend cloud services, particularly when services span multiple and diverse providers.
A CSB’s key functions are procurement, billing, security accreditation, networking, credential and identity federation, application integration, customer support, and vendor service-level agreements (pertaining to management and skills).
SSC will create and operate a “light-touch” CSB role that includes all these functions, including access to SaaS, PaaS, IaaS and marketplace (online storefront) services.
Offer public cloud services Actions underway
A public cloud refers to a cloud environment shared by multiple tenants that are isolated from each other. SSC will direct its efforts toward acquiring and brokering multiple enterprise-grade public cloud services. Several of these will have a presence in Canada with the capability to store and process protected data. Public cloud services will be the priority choice for departments and agencies when choosing a cloud deployment model.
Offer private cloud services Future actions
A private cloud has the attributes of a public cloud, except that the services are for use by a single enterprise, in this case the Government of Canada. The cloud’s hardware, storage and networks are dedicated to a single client and typically require capital investment.
Private clouds can be implemented as pre-engineered commercial offerings or as tailored solutions engineered and assembled by staff. SSC will direct its efforts toward acquiring the former, with the latter being implemented when unique requirements arise. Departments and agencies will use private clouds where needs cannot be met by public clouds.
Interoperable platforms are the backbone of data and information sharing, big data analytics and collaboration. By seizing on these opportunities, government can create a modern workplace in which employees have the enabling tools needed to keep pace with the expectations of the Canadians and businesses they serve.
Build a platform for enterprise interoperability Actions underway
Enterprise interoperability fosters openness and collaboration. To strengthen digital business and promote integrated business services among enterprise systems, TBS, PSPC, and SSC will create a set of modern integration tools called the GC Interoperability Platform. This platform will act as an information broker, enabling the exchange of data and information between back-office enterprise systems and organizational applications.
The platform will feature a service bus and a message fabric, built and operated by PSPC and SSC. The service bus will connect enterprise applications for integrated business needs and the message fabric provides the messaging infrastructure that connects and enables communication between components. The two features will combine to provide a dedicated, secure and high-speed information access layer, allowing organizations to easily share data.
Government application programming interfaces (GAPIs), a single language used across siloed business systems, will allow for interoperable business by using common information exchange standards. TBS will lead the creation of common and approved GAPIs from “single sources of the truth” to support information sharing within government. TBS will also establish governance for enterprise interoperability and information sharing.
Introduce a government mobile applications store Future actions
Canadians and business want to use mobile applications to interact with government data and obtain government services. TBS will lead the creation of mobile application stores that enable digital distribution of easy-to-use and trusted mobile applications.
Introduce a government API store Future actions
An application programming interface (API) is a set of routines, protocols and tools for building software applications. An API specifies how software components should interact and how APIs are to be used in programming user interfaces. APIs are increasingly becoming the way to facilitate sharing of government data and information. TBS will lead the creation of an API store to support information sharing with Canadians, business and other entities external to government.
Implement a platform for external collaboration Future actions
Technology makes it easier for citizens, academia, scientists, businesses and government to share ideas and information and to collaborate with one another. TBS will lead the establishment of an external collaboration service provider to host departments and to provide them with a dedicated workspace and computing storage for unclassified and transitory data. Cloud pilot projects will test-drive requirements and determine the most suitable platform to meet government business, information and security needs.
TBS, in collaboration with departments, agencies, PSPC and SSC, will provide departments and agencies with a secure platform to share opinions, information and analyses, and to collaborate with external partners, academia, businesses, other governments and citizens.
While meeting the government’s requirements for security classification, disposition and recordkeeping, the platform will support an array of functions such as document sharing, co-authoring, tasks, meetings and discussions.
Advance analytics capabilities Future actions
Business intelligence involves creating, aggregating, analyzing and visualizing data to inform and facilitate business management and strategy. Analytics is about asking questions and refers to all the ways in which data can be broken down, compared and examined for trends. “Big data” is the technology that stores and processes data and information in datasets that are so large or complex that traditional data processing applications can’t perform analysis. Big data can make available almost limitless amounts of information, improving data-driven decision-making and expanding open data initiatives.
TBS, working with departments and agencies, will lead the development of enterprise data analytics requirements. SSC, under TBS leadership and direction, will work with departments and agencies to implement an enterprise analytics platform that takes advantage of big data and market innovation to foster better analytics and promote collaboration.
A secure and resilient enterprise infrastructure that enables the trusted delivery of programs and services
Secure IT focuses on safeguarding sensitive government data and ensuring the Canadians accessing online services can trust the government with their personal information. The strategic actions outlined below align with the Communications Security Establishment’s Top 10 security practices and with industry best practices. Departments and agencies will use the CSE Top 10 to prioritize their IT security actions that will support the elimination of active cyber threats on government networks. Table 2 (below) shows the strategic actions that are currently underway, and those that represent new enterprise directions that may require additional approvals or funding to be implemented.
|Actions underway||Future actions|
Defence in depth
Canada’s competitive advantage, our economic prosperity and our national security depend upon government adopting new and accessible technologies to better serve Canadians and public service employees. If not managed well, however, making information and data more open could risk exposing networks, systems, devices and data, including personal information, vulnerable to malicious or accidental breaches. This is just one reason why strengthening IT security is paramount.
Secure the government’s network perimeter Future actions
Though the Internet is a game-changer for the ease with which public service employees can access and share information, it also brings considerable risk. Malicious software (malware) can be unknowingly downloaded from websites or through email and seriously compromise IT systems and disrupt government operations.
To protect the government’s network, world-class monitoring services and defensive measures have been implemented at the government’s network perimeter through SSC-managed gateways. The completion of network consolidation projects will ensure that all SSC partners use these gateways. There remain, however, organizations that continue to use non-SSC networks to access the Internet.
To address risks to the network, the Government of Canada is standardizing protection and creating a secure, government-wide network perimeter. Departments and agencies that do not currently use SSC Internet services will be migrated to the SSC-managed enterprise network and will use SSC Internet services exclusively.
TBS, CSE and SSC will establish additional Trusted Interconnection Points (GC-TIPs) between the government network and external partners to provide standardized and secure connectivity with external partners, the Internet, and to act as a gateway to cloud computing services.
These actions will reduce the risk of rogue, ad hoc or unauthorized Internet connections to and from government networks. They will also enhance the government’s ability to defensively monitor data entering or exiting the government perimeter, and so ensure maximum protection of government information assets.
Implement endpoint security profiles Future actions
Malicious parties frequently seek out exposed or misconfigured Internet-facing services or equipment to gain access to IT systems or information. Endpoint devices such as laptop computers, tablets and servers provide a doorway for these kinds of threats. Malware, rootkits and phishing can lead to the loss and compromise of government data, including personal information. Operating systems and applications that use default configuration settings typically include unnecessary components, services and options. These default settings are well known and easily discovered using automated tools.
In the enterprise context, weaknesses and misconfigurations in an organization’s systems could be exploited and used to attack other organizations’ systems. Making the government’s endpoint devices more resistant to attacks is key to securing the government enterprise.
Recognizing the risk posed by misconfigured endpoint devices, SSC, in consultation with TBS and CSE, will develop endpoint device profiles. These standardized profiles will be based on security best practices, and will represent securely configured operating systems and applications. The profiles will be validated and refreshed regularly to update their security configuration. Additional security controls, such as host-based intrusion prevention and application whitelisting – a computer administrative practice used to prevent unauthorized programs from running – will be implemented to further ensure the integrity of systems and information.
Implement an enterprise approach to vulnerability and patch management Future actions
The government must ensure that vulnerabilities are identified and remediated quickly to minimize the risk of future intrusion and potential loss. TBS and SSC will implement an enterprise-wide vulnerability and patch management capability to systematically detect and remediate vulnerabilities. Departments and agencies will implement these tools and processes, meet standard timelines for remediation, and ensure quick response times for emergency or critical patch deployment.
Manage and control administrative privileges Future actions
Organizations also need to manage internal risks to the security of their IT. Privileged accounts (such as local or domain administrators and other accounts with elevated access) are the most powerful accounts in any organization and are also the most targeted by malicious parties that wish to compromise government information.
TBS, SSC and departments and agencies will work together to minimize the misuse of any account with elevated privileges, either malicious or accidental. Tools and processes will be implemented to ensure the proper management, control and monitoring of such accounts. These will include establishing strong authentication mechanisms for all privileged accounts.
Departments and agencies will also implement measures to manage and control the life cycle of and access to privileged accounts, including:
- Audits and reviews to confirm validity of privileges
- Continuous monitoring to look for uncharacteristic behaviour
Establishing identity is fundamental to most government interactions that involve exchanging information or permitting access to sensitive resources.
Protect web transactions to and from external-facing websites Actions underway
What is GCKey?
GCKey is a standards-based authentication service provided by the Government of Canada. It provides Canadians with secure access to online information and government services and assists Canadian federal government departments in managing and controlling access to their on-line programs through standardized registration and authentication processes.
The GCKey Service issues a GCKey, which is a unique, anonymous credential that protects communications with online Government programs and services. The GCKey service can be used for those who do not have, or choose not to use, their online banking credentials with a Sign-in Partner (SecureKey Concierge).
As more Canadians interface electronically with the Government of Canada, the amount of sensitive information transferred to and from government websites will increase. To maintain maximum trust in these online transactions, the government must protect them.
TBS will establish an “HTTPS everywhere” standard that will require departments and agencies to use the HTTPS protocol for all external-facing websites and cloud services. This protocol, along with approved encryption algorithms, will ensure the secure transmission of data online and the delivery of secure web services.
Implement an improved cyber authentication service Future actions
Currently, Canadians and others external to the government can securely access government services online using a trusted credential. The credential (i.e., a username and password) is either issued by the Government of Canada’s GCKey service or by a private sector organization that has partnered with SecureKey Technologies to enable their customers to use their online credentials (such as card numbers or user names and passwords) to access Government of Canada services.
This mandatory solution for all online government applications offered to the public is cost-effective, secure and convenient for users. Still, improvements to the existing cyber authentication service are needed to support new initiatives such as Canada’s Digital Interchange. Building on the existing solution and maintaining a pan-Canadian approach, TBS and SSC will develop a renewed cyber authentication service. This service will meet current business needs yet support enhanced functionality required for future federated identity and digital service delivery initiatives.
Implement a trusted digital identity for people accessing internal government networks and systems Actions underway
TBS will complete an enterprise-wide approach to internal identity, credential and access management to:
- Reduce costs
- Promote interoperability
- Improve end-user experience (by reducing the need for multiple user IDs and passwords)
Under TBS leadership, SSC will implement common internal identity and credential processes and technologies tailored to the level of assurance required for a particular business process. For example, a unique digital identity will be needed to authenticate employees, contractors, trusted guests or any other authorized users accessing internal government networks and systems.
Departments and agencies will migrate applications to this new enterprise service when their applications are upgraded as part of regular asset life cycle maintenance.
Implement a secure communication service for classified information Future actions
Every day, departments and agencies create, store and process classified information. Failure to protect this information could lead to:
- National security risks
- Economic losses
- Loss of government credibility
Although several special environments allow some organizations to safely share classified information, there is no common solution available government-wide.
SSC, under the strategic direction of TBS and supported by CSE, will implement a single, common and integrated enterprise-wide secret-level network to enable classified data to be securely transmitted, stored and processed across departments and agencies. Classified voice and mobile capabilities will also be implemented for users who need to regularly discuss classified information.
Implement enterprise data loss prevention Future actions
With its responsibility for maintaining large amounts of sensitive data, the government needs to minimize the risk of unauthorized disclosure. TBS will establish a framework to support an enterprise approach to data loss prevention. Preventing the unauthorized transfer or release of sensitive information involves first identifying sensitive data. Unauthorized data flows and operations will be monitored, detected and blocked. SSC, with departments and agencies, will implement the framework.
Awareness and understanding
Understanding the assets within an IT environment is essential to knowing what to protect and enables the government to be more proactive and efficient when responding to threats and attacks.
Enable comprehensive understanding of endpoint devices Future actions
It is critical to be able to proactively and accurately determine the status of all endpoint devices, what is running on them and who is accessing them. In this way, endpoint devices that pose a risk to the enterprise can be identified, allowing the government to become more effective when responding to threats and attacks.
Under TBS leadership, SSC, and departments and agencies will acquire and implement tools and processes to enable a real-time, enterprise view of the current status and configuration of government endpoint devices. This includes information on:
- Hardware and software versions
- Operating system versions
- Patch installations
Enhance awareness of enterprise cyber threat and risk environment Future actions
Departments and agencies are accountable for managing cyber risks to their particular program areas. However, as the government adopts an enterprise approach and programs and services become more integrated, it will be imperative that cyber risks are also managed at the enterprise level.
Key to effective enterprise risk management is understanding the changing cyber-threat landscape (e.g., who is trying to exploit government networks and systems, by what means, and for what purpose).
TBS will establish a centralized capability to continuously monitor and analyze the enterprise cyber-risk landscape. This monitoring will pull together data from multiple sources, e.g. threat assessments, risk registers, investment plans, audit results, critical asset listings, etc., to feed a consolidated enterprise view of cyber risks. One of the key data sources will be the GC Enterprise Threat Assessment, which CSE will refresh on an ongoing basis to keep pace with evolving internal and external cyber-threat environments.
The continuous monitoring of the cyber-threat and -risk landscape will inform decision-making and influence how corrective actions are prioritized across the enterprise to ensure maximum protection of government assets.
Smart investments that are both high in value and cost-effective
Manage IT addresses the management and governance of IT across government in a way that ensures IT investments take advantage of economies of scale, demonstrate value and are sustainable. Table 3 (below) shows the strategic actions that are currently underway, and those that represent new enterprise directions which may require additional approvals or funding to be implemented.
|Actions underway||Future actions|
To fully embrace an enterprise IT approach, departments and agencies need clear direction on agreed-upon priorities and approved approaches, which comes from an authoritative source. Oversight is required to ensure sustained progress in advancing shared objectives. Roles and responsibilities must be documented for effective implementation of an IT governance structure.
Establish enterprise IT governance Actions underway
Adopting an enterprise approach requires sound governance structures that support clear and informed decision-making. The Deputy Minister and Assistant Deputy Minister Committees on Enterprise Priorities and Planning (CEPP) will be the governance and oversight bodies for all government IT investments.
CEPP will encourage departments and agencies to move toward enterprise IT solutions for consolidated services. CEPP will establish the “rules of engagement” for adopting enterprise IT solutions and services, including the process for addressing exceptions. As such, CEPP will approve all implementation plans for enterprise services.
CEPP will manage demand from departments and agencies for SSC IT infrastructure services, and guide how SSC provides those supply-side services. SSC will report to CEPP on its progress with transformation efforts. Through principles-based prioritization and a risk-based approach to balancing demand and supply, CEPP will align IT and IT-enabled initiatives with enterprise business priorities.
In addition, CEPP will provide direction for and oversee the implementation of the Government of Canada IT Strategic Plan. The Committees’ Terms of Reference, including mandates, authorities and accountabilities, have been updated accordingly.
All the business needs of government will be managed according to IT governance principles. Under CEPP leadership, TBS will:
- Clearly define the key roles of business owner, service provider and client
- Clarify how existing governance structures will be integrated with the IT governance structure
- Determine an appropriate decision-making process
- See that departments and agencies avoid duplication or unnecessary overlap
Develop methods to prioritize investments in legacy and transformation initiatives Actions underway
The Deputy Minister and Assistant Deputy Minister Committees on Enterprise Priorities and Planning (CEPP) endorses four IT investment principles which guide departmental investment strategies ensuring they reflect business and enterprise priorities.
- Principle 1: Think “Enterprise” first
- Principle 2: Use cloud computing services
- Principle 3: Meet common business needs through shared services
- Principle 4: Examine options
SSC and PSPC will develop and define methods with which to measure the progress of transformation initiatives, aligning them with key benefits. Progress must be reported clearly and reliably.
SSC, supported by TBS and departments and agencies, and under the oversight and direction of CEPP, will develop a methodology to prioritize and allocate funding for investments in legacy and transformation initiatives. SSC will also develop a clear process to address funding deficiencies. Methodologies and processes will be refined periodically to ensure accurate determination and reporting of savings. CEPP endorses a principles-based approach to guide departmental investment strategies ensuring they reflect business and enterprise priorities. New or significant changes to IT and IT-enabled projects will be subject to consultation with TBS and approval by CEPP.
Document roles and responsibilities for IT and IT security Future actions
Departments and agencies have a role in managing and delivering IT, as described in Appendix D. TBS will work to elaborate and document the roles and responsibilities of departments and agencies, SSC, PSPC and central agencies for delivering IT services and implementing the government’s IT strategic plan so that they are clearly defined, communicated and executed. TBS will also continue to provide clear direction to departments and agencies on IT security roles and responsibilities. These include security-control objectives and other security-related requirements.
Sound IT management starts with consistent planning based on documented descriptions of the enterprise. With an understanding of what’s in play, IT managers can adopt solutions that best address their business needs.
Evolve IT management practices, processes and tools Actions underway
CIOs should plan and execute departmental IT plans in a way that aligns with the government’s IT strategic plan and overall enterprise modernization priorities. Important tools to support them include:
- Investment plans
- Architectural reviews
- Application Portfolio Management
- Expenditure Reporting
- Performance Reporting
Optimizing IT investments to meet business outcomes will propel the evolution of IT management processes and tools. TBS policy and guidance will allow departments and agencies to:
- Manage IT consistently and with greater maturity
- Better understand IT at the enterprise level
- Benchmark themselves against similar organizations
- Monitor and track progress against government priorities
- Set future priorities
TBS will also provide policy guidance to assist departments and agencies:
- Develop sound project cost estimates
- Implement good project management practices in the area of complex IT projects
Develop enterprise architectures for business and information Actions underway
Describing the enterprise allows us to understand how government processes work. Enterprise architectures show where there are similarities and differences in business units, programs and departmental boundaries.
IT enterprise architectures show:
- What IT systems are in use
- How IT systems interact
- How mission-critical business applications are deployed across the government’s IT infrastructure
Understanding enterprise architecture enables effective decision-making about IT investments, costs and risks. It allows us to optimize performance and deliver on government priorities in the digital era.
Working with functional communities, TBS will lead the development of an enterprise architecture framework.
Adopt agile approaches to implementing IT solutions Actions underway
Departments and agencies will take advantage of existing multi-departmental contracts when investing in solutions to meet common needs. In cases where multi-departmental contracts or tools do not meet identified business requirements, departments and agencies will contact TBS to discuss other options. Departments and agencies are required to keep TBS up to date on their investments and plans.
Where a customized or in-house solution is the only choice, application development teams should adopt modern agile approaches that deliver greater speed and agility. They must also take into account the increasingly complex IT ecosystem of interdependent software architecture, infrastructure and processes.
Departments and agencies will promote a learning culture that allows IT solutions architects and developers to:
- Understand and adopt iterative development approaches, automate release schedules and embrace a layered testing strategy, including automated testing
- Increase engagement with business colleagues to advance iterative approaches
- Adopt an approach that considers a service-oriented architecture (SOA) and application programming interface (API) first, rather than monolithic constructs
The Government of Canada is transforming its IT to better serve Canadians, with innovation key to delivering on this agenda. Successful innovation combines creativity with process to transform novel ideas into business enablers that deliver tangible results. It embraces experimentation and intelligent risk taking, bringing new approaches which address existing problems and leverage future opportunities. Innovation calls for collaboration both with new and traditional partners, identifying and breaking down any barriers that prevent us from achieving maximum results.
Lead innovation Future actions
The role of CIOs is evolving from service provider to full strategic business partner. These leaders are innovation agents, business enablers, and catalysts for enterprise transformation. Departmental CIOs will be strategic business partners who bring IT innovations to the table to address the organization’s business needs.
Adopt modern and flexible business models Future actions
To achieve a better balance between demand and capacity, SSC and PSPC will fully adopt cost-recovery business models for all IT services. As an enterprise, departments and agencies will achieve better business value by sharing IT resources, capacity and capabilities.
Ensuring that IT investments are sustainable and meet business needs will enable departments and agencies to deliver better services to Canadians.
Ensure IT infrastructure sustainability Future actions
A sustainable funding model must take into account the regular renewal cycle of IT infrastructure assets with the appropriate level of investment. TBS and SSC will explore alternative financial models to address IT renewal.
Rationalize investments Future actions
In keeping with CEPP investment principles, spending on new or significant changes to certain IT and IT-enabled projects will be subject to consultation with TBS and approval by CEPP. This includes spending on systems for common business domains such as:
- Case management
- Information management
- Human resources management
- Financial management
- Other back office administrative processes
- Identity and credential solutions
- IT infrastructure and associated solutions
Departments and agencies will take an enterprise approach to managing their portfolio of applications to determine opportunities for common, government-wide solutions, as well as retire aging and at-risk applications. Those applications that remain in use, supporting mission-critical business functions, are to be kept evergreen until they can be replaced by modern solutions.
An agile, connected and high-performing workforce with modern tools
Work IT is focused on building a high performing IT workforce and ensuring that public service employees have a modern workplace and the IT tools they need to do their jobs. Table 4 (below) shows the strategic actions that are currently underway, and those that represent new enterprise directions which may require additional approvals or funding to be implemented.
|Actions underway||Future actions|
Successfully delivering IT services requires a skilled, agile, connected and high-performing IT workforce that combines a knowledge of business and technology. IT professionals need to be able to keep pace with the speed at which technology is evolving. To enable a high-performing, strategic IT workforce will require continued investment in career and talent management.
Invest in executive talent management Actions underway
Talent management reviews and succession planning identify key skills gaps and mitigation strategies for the enterprise as a whole. Such efforts are supported by the 2016 Management Accountability Framework, which includes talent management indicators for CIOs and IT assistant deputy ministers.
Departments and agencies will support enterprise-wide IT executive talent management and succession planning by:
- Identifying sources of new talent to address gaps
- Identifying and creating opportunities at various levels
- Promoting and fostering the leadership and strategic partner component of the new and emerging CIO role
- Encouraging and facilitating learning and assignment opportunities for CIOs and aspiring CIOs
- Encouraging CIOs to explore diversified career paths, both within and outside IT organizations.
Enhance workforce planning Actions underway
Building on efforts to better understand the workforce in the IT community, departments are developing three-year departmental workforce strategies. These strategies will serve as a foundation for workforce planning. To support successful business outcomes, they will align with the departments’ human resources plans and the government’s enterprise approach for IT.
TBS will leverage this work in order to provide enterprise-level analysis that will identify:
- Shifts and gaps in workforce complement and competencies
- Emerging issues
- Strategic opportunities
TBS will work with departments and agencies to explore new approaches to utilize internal capacity to meet current and future needs.
TBS will continue to evolve tools to support workforce planning and to project workforce requirements in the future. One such example is IT Community Generics, a suite of tools to help CIOs and IT managers direct IT resources in a way that reflects best practices in IT organizational design. IT Community Generics facilitate an enterprise approach to managing IT human resources.
Enable career development Actions underway
IT professionals need to be well positioned to support CIOs in their evolving role as strategic business enablers and partners. Competency tools, available through IT Community Generics, support computer science (CS) career development. Career-development materials, including career-related research on GCpedia, will further enable IT professionals to identify career paths and required competencies.
TBS will lead the development of an internal skills inventory of the public service IT workforce and make it available to departments and agencies.
Working with government and private sector stakeholders, including industry associations, TBS will share best practices, identify trends and support IT career development. The Canada School Public Service will design new learning products that target new and non-traditional skills for IT professionals.
Promote gender parity Future actions
An innovative workplace demands a workforce that accurately represents the full breadth of the Canadian talent pool. Currently, IT remains predominantly a male domain. Recent data reveals that women occupy only 27% of all CS positions in the Government of Canada. What’s more, the percentage of women in younger cohorts has diminished steadily to a low of 13% in the under-30 age group.
To support the government’s commitments to gender parity and a balanced and diverse workforce, departments and agencies will develop and leverage partnerships with organizations that encourage IT as a career choice for young women. TBS will work with these organizations and with post-secondary institutions to ensure that women in IT programs, as well as potential candidates, are aware of job opportunities in the field. Departments and central agencies will also work to increase labour mobility among women by encouraging leaders from within the public service, as well as the private sector, to consider roles within the government’s CIO community.
To retain women within the IT community, departments and agencies will encourage developmental opportunities such as internships and mentorships. TBS will develop communications to raise awareness of opportunities for women to develop, advance and participate fully in the IT workforce.
Initiatives such as the Women in Communications and Technology Public Sector Network, a government-wide forum designed to engage women in IT, provide opportunities for women to network and take advantage of professional development programs.
Technology is a key enabler of a modern workplace that supports collaboration, innovation and mobility. Ensuring that smart technology provides a consistent, accessible workplace experience throughout government will improve how all employees work together and deliver better services to Canadians.
Modernize workplace technology devices Actions underway
Workplace technology devices are essential for a modern workplace and a collaborative, mobile workforce, consistent with the Blueprint 2020 vision. TBS will work closely with departments and agencies to ensure that workplace technology devices meet the Blueprint 2020 vision.
TBS will establish enterprise standards and processes for life cycle management and set direction to guide future workplace technology devices standards and configurations.
SSC will continue to consolidate contracts and procurement activities to improve security, reduce costs and improve service to Canadians. SSC will procure workplace technology devices, and work with TBS, and departments and agencies to standardize devices.
Departments and agencies are responsible for support and maintenance of workplace technology devices. They will explore support models such as self-service and regional clusters, to reduce costs while promoting consistent user experience and service expectations.
Support a mobile workforce Actions underway
The Government of Canada is committed to and encourages an open and collaborative work environment where mobile devices are used. Departments and agencies will balance the cost of these devices, and their support, against the business value achieved.
Provide Wi-Fi access Actions underway
Access to wireless data networks is critical for employee productivity. The broader deployment of Wi-Fi may also reduce costs by displacing the need to provide wireline infrastructure, which is expensive to install and maintain.
TBS and SSC will put in place the necessary services and policies to support Wi-Fi usage. Departments and agencies will implement Wi-Fi access to data networks for all employees within common areas and their workspaces, where the job requires mobility. Departments and agencies will migrate to Wi-Fi-capable devices and support Wi-Fi access to local area networks for registered users, as well as Wi-Fi guest-network access where security requirements are appropriate.
Provide desktop videoconferencing to employees Actions underway
Increased access to videoconferencing supports the collaborative operations of virtual teams across organizations, time zones and regions. Departments and agencies will complete the re-engineering of their in-house videoconferencing facilities to enable full interconnectivity across the government. Where appropriate, and where the user profile supports such functionality, SSC will also create the network and bandwidth capacity needed to support videoconferencing at desktops.
Implement managed print services Actions underway
The Government of Canada will continue to improve the sustainability of workplace operations by completing the implementation of the Office of Greening Government Operations’ strategy for printing. Departments and agencies will achieve an 8:1 average ratio of office employees to printing units. Departments and agencies will also use SSC’s managed print services to facilitate improvements to their organizations’ environmental efficiencies in imaging, specifically, reduced energy costs and paper consumption and proper disposal of electronic equipment.
Digital collaboration tools
Digital collaboration refers to the skills and mindset needed to work effectively in an open digital environment. Tools that respect government requirements such as accessibility, privacy, security, information management and official languages will be used to promote digital collaboration.
Promote digital literacy and collaboration Future actions
Digital literacy goes beyond basic computer skills. And it’s essential to make the most of investments already made in IT infrastructure, devices and tools and to ensure that IT helps workforce productivity rather than detracts from it.
Public service employees should be able to use GCTools such as GCpedia, GCconnex and GCintranet channels to share information and to build the professional networks needed to respond to shifting priorities and problems. Collaborating digitally involves “working out loud,” where others can see, benefit from and help improve how employees work.
To promote a culture of openness and collaboration, departments and agencies will nurture these skills throughout public service by:
- Adopting and using GCTools for everyday work
- Deploying targeted and general learning and community outreach activities
- Promoting the use of self-directed learning tools and materials
Senior leaders’ adoption of GCTools will be critical to successfully integrating digital collaboration into their organizations and to demonstrating the full benefits of these collaborative tools. Leaders will adopt an “open first” attitude toward content creation and encourage their employees to participate in shared-knowledge and collaborative digital spaces, other than where security requirements prohibit this.
Advance digital collaboration Actions underway
The Ambassadors Network consists of volunteers from various departments and regions that provide support to teams on the use of GCpedia and GCconnex.
GCTools such as GCpedia, GCconnex and the GCintranet channels enable collaboration across the government. Employees are able to access and share information and work across departments, agencies and geographic boundaries, resulting in better service to Canadians.
GCTools that support government requirements on accessibility and official languages will be further developed and integrated into other applications. This will allow employees to easily connect with the colleagues and information they need to work effectively. GCTools will connect to a digital workspace that provides simplified access to other activities such as staffing, learning and professional development.
TBS will make adopting GCTools part of standard practices for employee onboarding throughout government. Departments will then be in a better position to adopt and use GCTools through the Ambassadors Network and in formal training and ongoing communications. The Ambassadors Network consists of volunteers from various departments or regions that provide support to teams on the use of GCpedia and GCconnex to enhance their work.
Departments and agencies will decommission standalone collaborative platforms unless they are linked to core local business requirements. Email communication will be reduced in favour of open discussions or in favour of instant messaging, where transitory communications can occur without bogging down government systems.
The Way Forward
Implementing the plan
In support of the Government of Canada, the Deputy Minister Committee on Enterprise Priorities and Planning (CEPP) will provide oversight and guidance on government IT investments, supported by the Assistant Deputy Minister (ADM) CEPP. An implementation roadmap for the plan’s initiatives has been developed (Appendix A) and financial analysis is underway to help determine the extent and pace of implementation, particularly in terms of infrastructure modernization. This roadmap will be refined as planning advances.
Guided by CEPP, TBS will work with SSC, PSPC and departments and agencies to prioritize the elements of the plan and, as these initiatives are more fully developed, approved and funded, to implement them. Not all actions set out in this plan will be completed by 2020 and some actions may not be appropriate for all organizations, most notably small departments and agencies. Deputy heads, in consultation with TBS, will take this into consideration when preparing their own IT strategies.
Risks and mitigation strategies
The following risks to implementation and their mitigation strategies are identified:
- Lack of capacity (people):
- There is a risk that the government will not have sufficient capacity to implement the plan. Mitigation: Some strategic actions are identified as directional and can be deferred until sufficient capacity is available. CEPP (governance) will provide direction and oversee the implementation of the plan.
- Too much to do:
- There is a risk that the plan is overly ambitious and that the government will not be able to absorb all the new work. Mitigation: Some strategic actions are identified as directional and can be deferred until sufficient capacity is available. CEPP (governance) will provide direction and oversee the implementation of the plan.
- Insufficient funds:
- There is a risk of insufficient funding to implement all strategic actions identified in the plan. Mitigation: Strategic actions that are identified as directional will not proceed until funding is secured. Those currently underway will be assessed to ensure sufficient funding is available to complete implementation.
- Failure to adopt the enterprise approach:
- There is a risk that departments and agencies will not all act in an enterprise manner. Mitigation: CEPP will encourage departments and agencies to move toward enterprise IT solutions for consolidated services and address exceptions.
- Retiring IT workforce/skills gaps:
- There is a risk that the government will not retain its IT workforce due to increasing retirements and gaps in required skills. Mitigations: impacts could be avoided by actions to enhance workforce planning, enable career development, promote gender parity, and invest in executive talent management.
- Significant cyber event:
- There is a risk that a significant cyber security event could occur, delaying implementation of the plan. Mitigation: the impact of such an event could be reduced through measures such as securing the network perimeter, implementing security profiles for endpoint devices to reduce malicious threats, implementing vulnerability and patch management, and enhancing enterprise-wide awareness of the government’s cyber threat and risk environment.
CEPP will provide direction and oversight of the implementation of the Government of Canada IT Strategic Plan including the monitoring of enterprise-wide implementation risk.
Progress towards achieving the strategic goals outlined in the IT strategic plan will be tracked, evaluated and reported. Key performance indicators (KPIs) have been identified for strategic actions and are shown in Appendix B. The indicators will be reviewed in 2016 and revised as required. Benchmarks and targets will also be established in 2016, in consultation with departments and agencies, and leveraging existing assessment frameworks and tools, such as the Management Accountability Framework, key performance indicators for internal services, and departmental priorities and performance reports.
CEPP will track the overall progress of the strategic plan and a yearly progress report will be provided to the Secretary of the Treasury Board.
On an ongoing basis, CEPP will assess progress, consider the strategic plan’s effectiveness and align resources with priorities to get the intended results. The plan will also be kept evergreen through annual reviews. The first update to the plan is scheduled for June 2017. Going forward, updates will be aligned to the annual departmental IT planning cycle and completed in September to allow departmental IT plans to reflect new directions.
Advised by CEPP, TBS will make adjustments where necessary to ensure that the strategic direction:
- Remains relevant and aligned with government priorities
- Addresses IT issues
- Keeps pace with the ever-changing technology landscape
- Assigns appropriate accountabilities
By ensuring a strategic, whole-of-government approach to the Government of Canada’s information technology investments, we will drive better service to Canadians, ensure our networks and information are more secure, and deliver better value for money. We will enable the public service to deliver its best for Canadians.
Appendix A: Implementation Roadmap
|Strategic Actions||Status||Involved||Target Completion Date|
|Underway table 1 note *||Directional|
Table 1 Notes
|Service Management and Modernization|
|1. Develop IT service portfolios and catalogues||Yes||No||SSC, PSPC||2017|
|2. Report on key areas of IT system health performance||Yes||No||SSC, PSPC||2017|
|3. Implement enterprise IT service management tools||No||Yes||SSC, Departments||TBD|
|4. Complete data centre consolidation and modernization||Yes||No||SSC, Departments||2020|
|5. Complete network consolidation||Yes||No||SSC, Departments||2020|
|6. Complete government email consolidation||Yes||No||SSC, Departments||2020|
|7. Adopt cloud computing services||Yes||No||TBS, SSC, Departments||TBD|
|8. Establish a cloud service broker||Yes||No||SSC||TBD|
|9. Offer public cloud services||Yes||No||SSC||TBD|
|10. Offer private cloud services||No||Yes||SSC||TBD|
|11. Build a platform for enterprise interoperability||Yes||No||TBS, PSPC, SSC||2019|
|12. Introduce a government mobile applications store||No||Yes||TBS||TBD|
|13. Introduce a government API store||No||Yes||TBS||TBD|
|14. Implement a platform for external collaboration||No||Yes||TBS||TBD|
|15. Advance analytics capabilities||No||Yes||SSC, Departments||TBD|
|Strategic Actions||Status||Involved||Target Completion Date|
|Underway table 2 note *||Directional|
Table 2 Notes
|Defence in Depth|
|16. Secure the government’s network perimeter||No||Yes||TBS, SSC||TBD|
|17. Implement endpoint security profiles||No||Yes||TBS, SSC, CSE, Departments||TBD|
|18. Implement an enterprise approach to vulnerability and patch management||No||Yes||TBS, SSC, Departments||TBD|
|19. Manage and control administrative privileges||No||Yes||TBS, SSC, Departments||TBD|
|20. Protect web transactions to and from external-facing websites||Yes||No||TBS, SSC, Departments||2018|
|21. Implement an improved cyber authentication service||No||Yes||TBS, SSC||TBD|
|22. Implement a trusted digital identity for people accessing internal government networks and systems||Yes||No||TBS, SSC, Departments||2018|
|23. Implement a secure communication service for classified information||No||Yes||TBS, CSE, SSC, Departments||TBD|
|24. Implement enterprise data loss prevention||No||Yes||TBS, SSC, Departments||TBD|
|Awareness and Understanding|
|25. Enable comprehensive understanding of endpoint devices||No||Yes||TBS, SSC, Departments||TBD|
|26. Enhance awareness of enterprise cyber security threat and risk environment||No||Yes||TBS, CSE, Departments||TBD|
|Strategic Actions||Status||Involved||Target Completion Date|
|Underway table 3 note *||Directional|
Table 3 Notes
|27. Establish enterprise IT governance||Yes||No||TBS||2017|
|28. Develop methods to prioritize investments in legacy and transformation initiatives||Yes||No||SSC||2017|
|29. Document roles and responsibilities for IT and IT security||No||Yes||TBS||2017|
|30. Evolve IT management practices, processes and tools||Yes||No||TBS, Departments||On-going|
|31. Develop enterprise architectures for business and information||Yes||No||TBS, Functional communities||On-going|
|32. Adopt agile approaches to implementing IT solutions||Yes||No||Departments||On-going|
|33. Lead innovation||No||Yes||Departments||TBD|
|34. Adopt modern and flexible business models||No||Yes||SSC, PSPC||TBD|
|35. Ensure IT infrastructure sustainability||No||Yes||SSC||TBD|
|36. Rationalize investments||No||Yes||TBS, SSC, Departments||TBD|
|Strategic Actions||Status||Involved||Target Completion Date|
|Underway table 4 note *||Directional|
Table 4 Notes
|37. Invest in executive talent management||Yes||No||TBS, Departments||On-going|
|38. Enhance workforce planning||Yes||No||TBS, Departments||On-going|
|39. Enable career development||Yes||No||TBS, Departments, CSPS||On-going|
|40. Promote gender parity||No||Yes||TBS, Departments||TBD|
|41. Modernize workplace technology devices||Yes||No||TBS, SSC, Departments||On-going|
|42. Support a mobile workforce||Yes||No||SSC, Departments||2020|
|43. Provide Wi-Fi access||Yes||No||TBS, SSC, Departments||2020|
|44. Provide desktop videoconferencing to employees||Yes||No||SSC, Departments||2020|
|45. Implement managed print services||Yes||No||SSC, Departments||On-going|
|Digital Collaboration Tools|
|46. Promote digital literacy and collaboration||No||Yes||TBS, Departments||TBD|
|47. Advance digital collaboration||Yes||No||TBS, Departments||On-going|
|Strategic Actions||Status||Involved||Target Completion Date|
|Underway table 5 note *||Directional|
Table 5 Notes
|HR Transformation (My GCHR)||Yes||No||TBS-OCHRO||2019|
|IM Transformation (GCDocs)||Yes||No||TBS-CIOB||2019|
|Financial Management Transformation||Yes||No||TBS-OCG||2018|
|Shared Case Management||Yes||No||TBS-CIOB||2016|
|Canada.ca (web renewal)||Yes||No||TBS-CIOB||2018|
|Government identity, credential and access management service (ICAM)||Yes||No||TBS-CIOB, SSC||2021|
Appendix B: Key Performance Indicators
|Strategic Actions||Key Performance Indicators|
|Service IT||1. Develop IT service portfolios and catalogues||
|2. Report on key areas of IT system health performance||
|3. Implement enterprise IT service management (ITSM) tools||
Number of departments and agencies using enterprise ITSM tools
|4. Complete data centre consolidation and modernization||
Number of data centres
|5. Complete network consolidation||
Number of departmental wide-area networks
|6. Complete government email consolidation||
Number of departmental email systems
|7. Adopt cloud computing services||
Percentage of operational spending allocated to cloud computing services
|8. Establish a cloud service broker||
|9. Offer public cloud services||
Percentage of operational spending allocated to public cloud computing services
|10. Offer private cloud services||
Percentage of operational spending allocated to private cloud computing services
|11. Build a platform for enterprise interoperability||
Number of departments/departmental systems connected to the interoperability platform
|12. Introduce a government mobile applications store||
|13. Introduce a government API store||
|14. Implement a platform for external collaboration||
|15. Advance analytics capabilities||
|Secure IT||16. Secure the government’s network perimeter||
Percentage of departments and agencies migrated to SSC-managed gateways
|17. Implement endpoint security profiles||
Percentage of devices using SSC standardized endpoint device profiles
|18. Implement an enterprise approach to vulnerability and patch management||
Time to deploy patches (response time)
|19. Manage and control administrative privileges||
Number of privileged accounts (reduction)
|20. Protect web transactions to and from external-facing websites||
Rate of compliance to standard
|21. Implement an improved cyber authentication service||
Number of new initiatives supported by the governments cyber authentication service (Adoption rate)
|22. Implement a trusted digital identity for people accessing internal government networks and systems||
Number of applications using the GC internal credential authentication service
|23. Implement a secure communication service for classified information||
Number of departments and agencies using the common enterprise-wide secret network service
|24. Implement enterprise data loss prevention||
Number of incidents (involving unauthorized disclosure of sensitive data)
|25. Enable comprehensive understanding of endpoint devices||
Reduced time to investigate security incidents
|26. Enhance awareness of enterprise cyber security threat and risk environment||
Number of systems monitored within the enterprise dashboard
|Manage IT||27. Establish enterprise IT governance||
Rules of engagement established
|28. Develop methods to prioritize investments in legacy and transformation initiatives||
|29. Document roles and responsibilities for IT and IT security||
Employee awareness of roles and responsibilities
|30. Evolve IT management practices, processes and tools||
Percentage of variance between budgets, forecasts and actual costs
|31. Develop enterprise architectures for business and information||
Percentage of IT budget assigned to enterprise architecture development and maintenance
|32. Adopt agile approaches to implementing IT solutions||
Number of multi-departmental contacts being used
|33. Lead innovation||
Percentage of IT budgets assigned to innovation
|34. Adopt modern and flexible business models||
Cost-recovery business models adopted
|35. Ensure IT infrastructure sustainability||
Sustainable funding model in place
|36. Rationalize investments||
Number of at-risk applications retired
|Work IT||37. Invest in executive talent management||
Percentage of organizations that have a succession plan in place for the CIO position
|38. Enhance workforce planning||
Percentage of departments whose HR planning component in their Departmental IT Plan submissions meet the HR planning criteria requirements
|39. Enable career development||
Percent of core public administration CS’s with learning plans
|40. Promote gender parity||
Number of women occupying positions in the CS occupational group (comparison over time)
|41. Modernize workplace technology devices||
Compliance to standards
|42. Support a mobile workforce||
|43. Provide Wi-Fi access||
|44. Provide desktop videoconferencing to employees||
|45. Implement managed print services||
Number of departments at 8:1 average ratio of office employees to printing units
|46. Promote digital literacy and collaboration||
Number of GCTools Ambassadors by department
|47. Advance digital collaboration||
Percentage of Public Servants registered on the GCTools
Appendix C: Government of Canada Modernization Priorities 2016–19
|Data centre consolidation||
SSC is in the process of establishing the Government of Canada’s future IT infrastructure: a cost-effective and robust IT backbone that will support the current and future needs of our partner departments. As we transform our infrastructure, SSC and partner departments will need to work together to migrate applications and workloads from the legacy environment to a new, modern and consolidated environment.
The GCNet WAN project will consolidate and modernize Wide Area Network services for Shared Services Canada (SSC) and its Partners / Clients to reduce costs, increase security, and enhance program delivery to Canadian citizens and businesses.
|Migration to common E-mail solution||
The Email Transformation Initiative will consolidate and modernize email services to reduce costs, increase security and enhance program delivery to Canadian citizens and businesses.
|Preparation for Workplace Technology Device transformation||
TBS-CIOB will establish, publish and update a standard minimum software configuration for personal computers. The minimum standard will be based on an X86-64 bit and will include a minimum operating system configuration plus other software considered necessary for productivity, remote management and cyber security.
|Adoption of managed GC HR system||
My GCHR (PeopleSoft) v9.1 has been designated as the standard for the Government of Canada people management system. My GCHR will be the one-stop solution for all HR administrative transactions.
|Adoption of GCDocs for document management||
GCDOCS is the Government of Canada (GC) official Electronics Document Records Management (EDRM) solution to support organizations in their information management (IM) obligations for information lifecycle management. Within a GCDOCS enterprise repository, organizations can collect, store, share, organize, manage and search content. GCDOCS enables document centric collaboration while offering robust access controls through user and group administration rights.
|Shared Case Management||
The goal of this initiative is to provide a common Case Management Solution to departments and agencies across the Government of Canada (GC). This is a key initiative aligned with GC IT modernization strategies.
The need for interoperability arises from the GC’s pursuit of achieving improvements in the management and cost of government operations and for a more transparent, accountable and responsive federal government. Expected outcomes resulting from improved interoperability include Seamless information flow across jurisdictions; Cost optimizations through reuse; Increased responsiveness and agility; and Improved Reporting.
|Migration of GC Web sites to Canada.ca||
The Web Renewal initiative is a multi-year project that aims to enhance the effectiveness and usability of Government of Canada (GC) websites, with Service Canada functioning as the Principal Publisher for Canada.ca. Ultimately, Canada.ca will serve as a single integrated point of entry into the GC Web presence.
|Migration to GC Identity, Credential and Access Management Service||
GC ICAM is a critical, foundational element of the overall GC Enterprise Security Architecture (ESA) Program. GC ICAM will provide a GC-wide solution that will decrease costs, enhance the experience and efficiency of end users, improve the overall security posture of GC networks, systems and applications, and provide greater control of privacy. GC ICAM will be implemented in a phased, incremental approach over a number of years.
Appendix D: Roles and Responsibilities
The Government of Canada is made up of over 100 separate organizations that deliver a broad range of programs and services to individuals and businesses in Canada and abroad. Its programs and services are categorized into four spending areas: Economic Affairs, Social Affairs, International Affairs, and Government Affairs. IT supports the government in delivering these external-facing programs and services.
The Secretary of the Treasury Board sets government-wide strategic direction for IT, with input from organization deputy heads, chief information officers (CIOs) and other stakeholders. The responsibility for delivering IT services is shared between government organizations and central IT service providers such as Shared Services Canada (SSC) and Public Services and Procurement Canada (PSPC).
Shared Services Canada has the mandate to provide data centres, networks and email services to the largest government departments. Smaller government organizations receive these services on an optional basis. SSC, the Communications Security Establishment (CSE) and Public Safety Canada have a shared responsibility for cyber and IT security, with oversight provided by TBS. In addition, SSC is responsible for procuring hardware and software, including security software for workplace technology devices – the authorized physical devices and related software used in government office work. Departments and agencies are responsible for workplace technology device deployment, support and asset life cycle management. SSC spends $2 billion annually on the services it provides, portions of which it cost-recovers from federal organizations.
Public Services and Procurement Canada provides IT services supporting back office services such as human resource management systems, pay and pension, enterprise records and document management, and financial systems and services. SSC and PSPC jointly support federal organizations in procuring IT goods and services.
Treasury Board Secretariat, supported by the Chief Information Officer Branch (CIOB), develops strategy and sets government-wide policy and mandatory requirements for IT and cyber security, and provides guidance on implementing the direction through policy implementation notices.
Report a problem or mistake on this page
- Date modified: