Government of Canada Strategic Plan for Information Management and Information Technology 2017 to 2021
On this page
- About this document / what’s new
- Message from the Government of Canada Chief Information Officer
- The vision
- Mission statement
- Guiding principles
- Strategic goals
- Strategic actions
- The way forward
- Appendix A: Government of Canada IM/IT modernization priorities
- Appendix B: implementation roadmap
- Appendix C: key performance indicators
- Appendix D: roles and responsibilities
- Appendix E: definitions
- Appendix F: draft digital principles
About this document / what’s new
This is the first update to the Government of Canada Information Technology Strategic Plan, published in June 2016. This document provides insight into the digital direction being established by the Government of Canada (GC). This document can be considered as a directive.
This Strategic Plan sets the information management (IM) and information technology (IT) direction for the GC and identifies enterprise-wide priorities and key activities for departments,Footnote 1 including those that provide services to other departments. It is a key input to the departmental IT planning process as an element of the prioritization framework used to identify overall IM-IT investment and work priorities for the GC. As part of this process, departments should use this document to internally prioritize IM-IT investments and initiatives, and demonstrate alignment with enterprise direction.
For service provider departments such as Shared Services Canada (SSC) and Public Services and Procurement Canada (PSPC), this Strategic Plan identifies foundational priorities and activities that are required in order to modernize service delivery and improve sustainability. Completion of these initiatives will enable departments to partake in the enterprise approach while moving toward digital program and service delivery for Canadians.
This update addresses feedback provided through consultation with the public in summer and fall 2016 and with the GC Chief Information Officer (CIO) and Information Management Senior Official communities in February 2017. This plan:
- closes gaps identified through public consultation in the areas of accessibility, open source and procurement
- clarifies alignment with GC priorities and strategies
- clarifies areas that need improvement
- further develops the case for change
This plan addresses the key message from the GC IM-IT community that IT supports IM, which must support the business.
This plan also brings together the foundational enablers of information, data, technology and security required to deliver open and transparent government and improved services to Canadians.
Message from the Government of Canada Chief Information Officer
Digital capabilities continue to transform the way individuals and businesses work. In parallel, a data revolution is taking place that requires transformative action to support different forms of collaboration. The GC must adapt to meet demands and expectations from clients, stakeholders, partners and employees. This update to the Government of Canada Information Technology Strategic Plan (June 2016) is an interim step to a larger digital policy and strategy that is currently under development for the 2018 to 2019 fiscal year.
The GC delivers a broad range of programs and services to individuals and businesses in Canada and abroad. IM and IT support the government in providing these programs and services.
Over the last few years, the GC has taken the first steps to shift toward an enterprise approach to managing information, data, technology and security. This direction supports priorities identified in recent budgets, ministers’ mandate letters, reports and audits while responding to key drivers.
This plan creates a framework and sets direction for the GC to become an open and service-oriented organization that provides programs and services to citizens and businesses in simple, modern and effective ways that are optimized for digital and available anytime, anywhere and from any device.
Consistent with the GC’s first Strategic Plan, the following 4 strategic goals frame the direction for the GC:
Four strategic areas of action will achieve these goals over the next 4 years and beyond. Each area of focus, “service”, “manage”, “security” and “community”, details specific actions and activities that are currently underway or that represent new enterprise directions.
“Service” focuses on building and evolving IM-IT foundational elements, including processes, practices and infrastructure, to enable implementation of current capabilities, technologies and solutions. Focusing on these elements will ultimately result in improved programs and services for Canadians and better internal services for government employees through development of a modern, reliable, interoperable and accessible IM-IT environment that:
- allows for secure sharing of information and data
- improves the government’s ability to leverage opportunities across multiple channels
“Manage” addresses how the management and governance of IM-IT across government ensure that IM-IT investments take advantage of economies of scale, demonstrate value and are sustainable. This goal encompasses:
- a strengthened governance approach
- the evolution of IM-IT management practices, process and tools
- a focus on innovation and sustainability
“Secure” focuses on safeguarding sensitive government data and ensuring that Canadians who access online services can trust the government with their personal information. Security involves:
- layered defences to reduce exposure to cyberthreats
- increased awareness and understanding to proactively manage such threats
- protective measures to enable the secure processing and sharing of data and information across government
As the shift to digital services increases and the sophistication and frequency of cyberattacks grow, the GC’s defences must also evolve.
“Community” focuses on:
- building a high-performing IM-IT workforce that has the skills and mindset needed to work effectively in an open digital environment
- ensuring that public service employees have a modern workplace, professional development and the IM-IT tools they need to do their jobs
GC employees and the environment they work in are vital because the GC’s employees are its greatest asset in delivering the kind of government that Canadians want.
Progress toward achieving the 4 strategic goals outlined in this Strategic Plan will be tracked, evaluated and reported. As it evolves, the plan will require the government to make investment choices. The plan will be reviewed yearly to ensure it stays up to date and relevant, supported by an implementation roadmap to track and report on progress (see Appendix B). Departments, through their departmental IM-IT plans, will detail how this enterprise approach will be implemented in their organizations.
With this Strategic Plan, the GC has set out a clear path to obtaining maximum benefit from the money it spends on IM-IT. Implementing this agenda is crucial to ensuring that the GC is ready and able to meet the needs and expectations of Canadians in the years ahead.
This plan represents the last instalment before we proceed to a broader agenda based on digital government adoption, supported by the right technologies.
Chief Information Officer
Government of Canada
Digital capabilities continue to transform the way individuals and businesses work. In parallel, a data revolution is taking place that requires transformative action to support different forms of collaboration. The GC must adapt to meet demands and expectations from clients, stakeholders, partners and employees. This update to the Government of Canada Information Technology Strategic Plan (June 2016) is an interim step to a larger digital policy and strategy that are currently under development for the 2018 to 2019 fiscal year.
The GC is made up of more than 100 organizations that deliver a broad range of programs and services to individuals and businesses in Canada and abroad. IM and IT support the government in providing these programs and services.
In each GC department, IM-IT is operated separately and focuses on fulfilling the individual mandate of the department. This siloed approach continues to lead to:
- inefficiencies through duplication of platforms
- incompatibility of systems and data models
- inconsistent service delivery and standards
- lack of information sharing
- inability to find information
- other factors
This approach has led to complex, time-consuming and costly client interactions with government.
Similarly, the IM and IT workforces are managed separately and in silos, leading to:
- inconsistent and sometimes limited professional development
- greater outsourcing
- weak integration of roles and functions that fit closely together
A whole-of-government or “enterprise” approach is being taken to address some of these challenges through the creation of a common IM-IT foundation as a first step. The responsibility for delivering IT services to core departments is now shared between central providers such as SSC and PSPC. GC cybersecurity is the shared responsibility of SSC, Communications Security Establishment Canada, and TBS, in partnership with departments. The Treasury Board of Canada Secretariat’s (TBS’s) Chief Information Officer Branch (CIOB) supports the Treasury Board by:
- developing strategy
- setting government-wide policy
- providing implementation guidance for IM-IT, service, access to information, privacy and security
- establishing technology standards for the GC
A number of priorities have been identified at the federal level through recent budgets and ministers’ mandate letters, Destination 2020, reports and audits. This GC Strategic Plan for IM-IT supports these priorities by setting a path for continued evolution to an enterprise approach. It also proposes to address additional IM-IT challenges by responding to the following key drivers:
- citizens’ expectations
- workplace and workforce evolution
- privacy and security
- the enterprise approach
- IM-IT sustainability and aging IT
Citizens expect their government to be open, transparent and accountable. They also expect their government to deliver real and meaningful results fairly, efficiently and responsibly. Canadians want and deserve programs and services that provide the best experience for them, when and where they need it, and in a client-centred manner. This means that:
- services are simple and easy to access and use; services are essentially user centric
- data is shared and reused where appropriate
- interactions with government are consistent
- there are connections across jurisdictions (federal, provincial, territorial, municipal) where it makes sense
- services are digitally enabled and seamless
Citizens value government that is open with its data and other business information yet protects their privacy. Canadians accessing and using open information and data generates economic opportunities and increases trust and engagement in government activities.
Citizens want to be assured that departments are using the best available information and data from a variety of authoritative sources to make evidence-based decisions with respect to policies, programs and services that affect everyone. In addition, they want access to digital tools to better participate in policy and program development.
Workplace and workforce evolution
Employees expect to have modern and effective tools that are interconnected, intuitive and accessible when and where they need them. The GC cannot properly serve Canadians if its public service has outdated tools. Clients and employees are supported by updated business processes to make day-to-day work efficient and add value to their efforts. They want to be part of a networked workforce and want an experience that is open, inclusive, nimble and optimized for digital. Employees in a modern workplace need digital tools that promote collaboration, information sharing and increased productivity, and that are accessible to and usable by people with disabilities.
Privacy and security
Cybersecurity is an ever-evolving aspect of any IM-IT strategy and plan. Consolidating systems prompts important opportunities but also leads to a greater “attack surface” that requires enhanced security measures to minimize risks. Inconsistent management of government networks and security profiles of government end-point devices (computer devices that connect to the Internet) also have the potential to increase the risk of cyberattack.
As the government moves to an “open by default” culture, it must continue to balance openness and transparency with the requirements for information and data privacy and security that Canadians have come to expect. Greater investment in cybersecurity is required to maintain these expectations.
The enterprise approach
Sharing infrastructure and information, when appropriate, and using common IM-IT solutions to meet common needs is one part of leveraging information and technology in an enterprise approach. Another aspect is addressing requirements for security, privacy, interoperability, accessibility and open information.
For Canadians, it is important to ensure a consistent end-user experience government-wide, regardless of geographical location. Issues of latency (delays in transmission), bandwidth, security, infrastructure, service levels and other considerations need to be taken into account in designing programs and services.
An enterprise approach also means that the size and complexity of IT-enabled projects are increasing as we move toward a more horizontal delivery model. Stronger prioritization and authoritative governance is needed to make enterprise decisions on IM-IT investments. Such an approach will change projects where scalable and rapid deployment of IM-IT business solutions to accommodate the size and complexity of various departments is needed. These solutions must also be adaptable to meet evolving business needs.
In support of the enterprise approach, a new GC Enterprise Architecture Review Board (EARB) has been established to further the “whole of government as one enterprise” vision. It is integrated into the larger GC governance structure and looks at alignment of initiatives, system and solution gaps and overlaps, development of new digital capabilities and innovation opportunities, setting technology standards and providing IM-IT investment direction.
IM-IT sustainability and aging IT
Information and data are growing exponentially, and it is increasingly challenging to find, use and share these assets. Modern and efficient IM solutions ensure long-term access to information and data of business value. Such information and data must be preserved to minimize the risk of it becoming obsolete.
In order to maintain access to quality information and data, and to continue programs and services for Canadians, there is a continued need to renew the government’s aging and mission-critical IT infrastructure and systems that are at risk of breaking down. IT infrastructure transformation is proceeding slower than anticipated; the complexity of these initiatives has caused some delays and procurement is taking longer than planned. Funding pressures are arising, in part, from stronger than forecasted growth in demand in digital government and from requirements to maintain existing IM-IT environments longer than was anticipated. Chronic under-investment puts the government’s ability to deliver some essential services to Canadians at risk. New mechanisms are being established to improve stability of existing systems and services such as use of cloud and other alternative service options to better balance infrastructure supply and demand. While progress has been made to rationalize applications, the GC still operates over 8700 applications. In addition, current system health indicators signal that more work is needed to address the risks associated with aging IT. These factors make cloud adoption difficult.
Effectively addressing these expectations and challenges will require new ideas and approaches. Departmental CIOs and their departments will increasingly be working with peers in other jurisdictions (provincial and municipal), academia, and the private sector through existing and new forums such as the Public Sector Chief Information Officer Council, the Open Government Partnership, the Digital Advisory Board and their supporting sub-committees and working groups to collaborate, learn and work more strategically.
The GC is an open and service-oriented organization that delivers programs and services to citizens and businesses in simple, modern and effective ways that are optimized for digital and available anytime, anywhere and from any device. Digitally, the GC must operate as one to benefit all Canadians.
Information and data management, IT and cybersecurity are enablers for GC digital services and play critical roles in achieving this vision.
IM-IT solutions are connected and interoperable, and facilitate:
- information and data sharing
- “big data” analytics
- an open-by-default approach
- user centric development
- adoption of open standards
These solutions enable the use of high-quality government data to inform decisions and identify innovative approaches to public policy. The use of enabling technologies such as cloud and social media offer additional ways to engage with Canadians and the world.
Open and accessible
Information and data are available, accessible and proactively released to generate economic opportunities and increase trust and engagement in government activities.
GC digital services and internal tools are accessible and inclusive by design, reducing barriers for users with disabilities. Federal departments continue to seek out partnerships and work collaboratively with public and private sector organizations that are responsible for enhancing accessibility to advance mutual efforts in IM-IT accessibility.
The principles of open by default and inclusive by design are integrated into all new processes, systems, solutions and services.
The GC takes advantage of the increasing number of opportunities to develop policies and solutions “in the open” and in collaboration with stakeholders.
Risks related to cybersecurity and aging IT have been reduced through the implementation of proactive measures to reduce the threat surface of Internet-connected networks and improved controls over access to government-held information. The completion of IT infrastructure transformation activities ensures that hardware, software and supporting processes are in place with funded renewal plans, ensuring long-term sustainability. These measures reassure Canadians and others who access GC digital services that they can trust the government with their personal and business information.
- address business problems and opportunities
- align strategically with the direction for the GC-wide enterprise architecture
- are effectively managed through best practices that are:
- applied to project management and governance
- gained from lessons learned from previous projects’ concept-to-benefits realization
Achieving investment goals will be through reviewing investment concept cases early, prior to defining the solution or the project to implement the solution, allowing for early engagement and direction setting and for periodic reviews by the GC EARB. For high-risk project investments, TBS monitors and reports on performance and governance throughout the life of the project. Better management of project investments, coupled with an agile approach to developing and delivering projects and solutions, will maximize value and reduce service delivery costs, enabling the government to respond more rapidly to emerging issues.
Strong CIO leadership improves:
- development of the IM, IT and cybersecurity community
- retention of talent
The community is diverse, collaborative, agile and service-oriented in support of the shift to digital service delivery.
The federal public service is highly connected, with information, technology and security integrating seamlessly into daily work life. Efficient digital processes have rendered paper records obsolete. Public servants can easily find, use and share their documents. A common, customizable digital workspace follows public servants and allows them to work smarter and solve problems more effectively by providing secure, agile, accessible, and reliable systems and tools for information sharing, collaboration and innovation. Information and data management practices are automated and made invisible as much as possible to the average public servant.
Much work is required to achieve a truly digital public service mindset where programs and services are designed for digital first, policy development approaches are open and innovative and Canadians are actively engaged.
Figure 1 outlines the framework for the Strategic Plan.
Federal IM-IT professionals are strategic partners and integrators within our departments, providing excellence in IM and IT services and enabling delivery of secure, reliable, accessible and agile digital business solutions. Working openly and collaboratively with external partners, stakeholders and across various levels of government, our efforts:
- add value in the workplace
- advance risk and evidence-based decision making
- contribute to better programs and services for Canadians
- create opportunities for innovation
Principle 1: client and service-centred design
GC solutions and services are designed from a client-centred and end-to-end digital service delivery perspective to increase the value they bring to clients through:
- early user engagement
- convenient access and availability through multiple channels
- pre-population of information when possible and where appropriate
- simplified, streamlined and joined-up workflows
- reuse of information where appropriate
- rigorous user testing
Principle 2: open
GC information and data is open by default, ensuring that:
- information and data are made open to the public to the greatest extent possible
- new processes are designed to enable and facilitate proactive release of government data and information by default
- the public actively participates in policy, program and service design
- citizens are consulted and engaged in government decisions and operations
- GC employees work “in the open”
Principle 3: enterprise first
Departments will follow common standards, approaches and direction, and use existing enterprise assets, such as processes, data, contracts and solutions, as accelerators where:
- information is created once, reused numerous times, and managed GC-wide as a single-aligned asset that is consistent, standardized and interoperable
- solutions support the use of open standards, are scalable and can be rapidly deployed
- cost-effective and efficient business solutions facilitate information and data integration, reuse, management, sharing and analytics
- common business needs are addressed through enterprise or shared solutions, and departments stop investing in departmental legacy systems and refocus efforts, resources and funds on becoming ready to adopt an enterprise or shared solution and on accelerating its implementation
- efforts across the GC are more coherent, integrated, secure and effective
Principle 4: secure
GC information is safeguarded for security, privacy and confidentiality, is monitored to prevent leaks, and is protected for future generations.
Principle 5: cloud first approach
Departments will explore “… as a service” (XaaS) cloud services before developing solutions in-house. This includes private and public cloud offerings.
Principle 6: enable a modern workplace: anywhere, anytime with anyone
The GC strives to be an innovative organization that:
- provides its employees with modern technology that supports information retrieval, use, sharing and collaboration by making information and data accessible when and where needed
- provides customizable tools and resources with minimized learning requirements for users
- provides automated, digital processes in support of better services
- attracts, retains and encourages public servants to work smarter and be innovative, greener and healthier so that they better serve Canadians
Early thinking on new digital principles is in progress in support of the shift to digital (see Appendix F).
The overarching strategic goals of service, value, security and agility, along with the IM-IT mission statement, set the direction for the GC Strategic Plan for IM-IT. The GC is committed to:
- offering responsive and innovative IM-IT services that meet business needs, enhance the end-user experience and enable digital service delivery
- making smart investments that ensure high-value and cost-effectiveness
- ensuring a secure, accessible and resilient enterprise infrastructure that enables the trusted delivery of programs and services
- providing a connected and high-performing workforce that uses modern tools
Strategic goal 1: service
A responsive, open and innovative IM-IT environment supports the delivery of integrated, accessible, client-centred programs and services to Canadians and:
- aligns architecture and plans to a “whole of government as one enterprise” vision
- simplifies IM processes and systems to ensure that they are effective, support objectives for openness and relieve burden on GC workers
- continues the enterprise-wide approach to delivering IM-IT services
- adopts emerging technology to improve program and service delivery such as artificial intelligence and blockchain
Strategic goal 2: value
Smart investments are high in value, cost-effective, reusable, aligned with business outcomes, and:
- encourage collective use of resources, tools, processes and systems
- develop enterprise-wide solutions to address common business needs
- ensure sustainability of IM-IT systems and infrastructure
- strengthen data governance and accountabilities
- adopt more agile procurement approaches, where possible
Strategic goal 3: security
A secure and resilient enterprise infrastructure protects information and data, enables the trusted delivery of programs and services, and:
- enhances security measures to minimize risk
- provides more consistent management of government networks
- protects personal and sensitive information
- broadens awareness of cybersecurity risks
Strategic goal 4: agility
An agile, connected and high-performing workforce with modern tools:
- attracts and retains highly skilled and diverse IM-IT talent
- provides a technologically advanced workplace that supports mobility
- promotes digital literacy and collaboration
- pilots new practices, processes and solutions that exploit information as a strategic asset
- rethinks how data and information professionals can help meet current and future business needs
The plan’s strategic actions represent a range of activities, from core operating requirements to forward-looking and strategic initiatives. Those established in the inaugural GC IT Strategic Plan 2016 to 2020 maintained their original numbers (1 through 47) to simplify reporting. Numbering for new strategic actions begins at number 48. Some of these may require additional approvals or funding to be fully implemented. Priorities for the 2018 to 2019 fiscal year are key elements that enable the shift to digital service delivery (see Appendix A).
The strategic goal of “service” focuses on building and evolving IM-IT foundational elements, including processes, practices and infrastructure to enable implementation of current capabilities, technologies and solutions such as blockchain and artificial intelligence. This approach will ultimately result in improved programs and services for Canadians and better internal services for government employees by focusing on developing a modern, reliable, interoperable and accessible IM-IT environment that:
- allows for secure sharing of information and data via policy and possible legislative changes
- improves the government’s ability to leverage opportunities across multiple channels
- adopts open standards, where applicable
While these foundational elements support all departments broadly, the science-based departments have additional requirements for network connectivity, specialized tools and a data strategy so that they can conduct research and collaborate with their partners and communities.
The sections below list the strategic actions that are currently underway and those that represent new enterprise directions that may require additional approvals or funding to be implemented.
- 1. Develop IT service portfolios and catalogues
- 2. Report on key areas of IT system health performance
- 48. Develop digital policy
- 49. Identify and prioritize SSC essential services
- 50. Establish SSC asset inventory and baseline
- 7. Adopt cloud services
- 8. Establish a cloud service broker
- 9. Offer public cloud services
- 10. Offer private cloud services
- 4. Complete data centre consolidation and modernization
- 5. Complete telecom / network consolidation
- 6. Reassess government email consolidation
Information and data sharing
- 11. Build a platform for enterprise interoperability
- 53. Develop an application programming interface (API) strategy
- 13. Introduce a government API store
- 54. Enhance online infrastructure to enable departments to release their data and information
- 14. Implement a platform for external collaboration
- 56. Implement GCDOCS
- 57. Migrate websites to Canada.ca and assess options for a single GC digital service platform
- 3. Implement enterprise IT service management tools
Information and data sharing
- 51. Determine the feasibility of developing a “tell us once” approach for government
- 52. Introduce a strategy for use of open source software and open standards
- 12. Introduce a mobile application strategy and framework
- 55. Develop master data management program
- 15. Advance analytics
Note: Numbering of the strategic actions above corresponds with the strategic actions listed in Appendix B.
The more open, transparent and integrated government programs and services become, the more they will depend on IM and IT to deliver secure and reliable services that meet agreed-upon expectations.
Develop IT service portfolios and catalogues (actions underway)
An IT service portfolio describes services in terms of business value, including:
- a list of services
- a description of how they are bundled or packaged
- a description of the benefits they deliver
An IT service catalogue is a list of available technology resources and offerings within an organization. It is a tactical, operational tool that is intended to make it easier for clients to request IT services on a day-to-day basis.
SSC and PSPC will develop IT service portfolios and service catalogues that clearly articulate enterprise service expectations for the services they provide, including:
- service descriptions
- ordering and provisioning processes
- roles and responsibilities
- service targets
- associated reporting commitments
- pricing (if applicable)
SSC and PSPC will price their services to facilitate the introduction of:
- chargeback models
- price comparisons of external service providers
- the adoption of cloud services
With respect to IT security, SSC will establish expectations and provide the necessary information to partners for the IT infrastructure that it manages through the service dashboards.
Report on key areas of IT system health performance (actions underway)
Key performance indicators that focus on operational excellence and delivery are critical tools in managing the delivery of IM-IT services. Departments will put in place metrics for monitoring client satisfaction and key areas of IT system performance (security, availability, reliability and capacity).
For the services they provide, SSC and PSPC will:
- set enterprise-wide service levels in collaboration with departments
- report to departments on performance based on these service levels
- engage their clients to resolve issues if service levels fall below targets
SSC will also report on a quarterly basis to the Deputy Minister and Assistant Deputy Minister Committees on Enterprise Priorities and Planning (CEPP) on key performance indicators.
Implement enterprise IT service management tools (planned actions)
IT service management (ITSM) refers to an organization’s planning, delivery, operations and control of IT services offered to clients. Departments traditionally have implemented their own ITSM tools. Such tools are expensive to implement and maintain, and the diversity of tools affects overall ITSM efficiencies. Moreover, service request and trouble tickets do not flow easily within and between departments and tool sets.
SSC will put in place enterprise ITSM tools and make them available to all departments. Doing so will bring consistency to the practice of ITSM and, more importantly, reduce the cost and delays of fulfilling service requests.
Develop digital policy (actions underway)
In order to remain relevant in the digital era, the GC must move away from its traditional siloed and complex web of rules. Citizens today have high expectations of government. These expectations are driven by their interactions with a more digitally sophisticated private sector. Government IT policies have not kept pace with this evolving landscape and do not reflect current realities or future strategic direction.
TBS will develop a new digital policy that focuses on service to Canadians within an open and transparent environment that is enabled by information, data, technology and cybersecurity to ensure that a strong foundation can be leveraged to achieve business outcomes across government and support innovation.
Identify and prioritize SSC essential services (actions underway)
As stated in the Federal Public Sector Labour Relations Act, the GC determines whether “any service, facility or activity of the Government of Canada is essential because it is or will be necessary for the safety or security of the public or a segment of the public.” TBS, with SSC and the GC’s new Digital Advisory Board, will establish a list of SSC essential services and identify top priorities. Consistent with IM-IT governance, this list will be approved by CEPP.
Establish SSC asset inventory and baseline (actions underway)
SSC will create an inventory of assets within 2 years. The inventory will establish a baseline that can be used to inform prioritization discussions at CEPP and ensure that work is focused in the most important areas such as evergreening and managing organic growth.
Cloud computing, or on-demand computing, introduces a fundamental shift in providing IT services. It provides access to shared IT resources (networks, servers, storage, applications and services) through “pay for use” models, similar to those used for traditional utilities such as water and electricity.
Cloud is best positioned to satisfy the substantial need for agility and scalability of today’s unpredictable business environments, and to improve the balance of supply and demand of infrastructure. Cloud adoption will ensure that the GC can maintain IT service excellence during a period of increasing demand for online services, and provide timely access to accurate information to Canadians. Cloud supports the GC’s digital and innovation agendas.
In the context of cloud and enterprise-wide and shared solutions, departments have a duty to apply safeguards that will enable them to retain uncompromised control over information they have collected or created.
Adopt cloud services (actions underway)
TBS has published the Government of Canada Cloud Adoption Strategy to guide the cost-effective and secure adoption of cloud services. Departments will choose cloud services from a number of options that will include extensions to existing legacy solutions and private and public cloud offerings. TBS published right cloud selection guidance to assist departments in making these choices. They will need to consider:
- data residency and sovereignty
- vendor lock-in considerations
- commercial risk
- latency and performance
- data transfer
Departments will consider solutions that employ software as a service (SaaS) before platform as a service (PaaS) and infrastructure as a service (IaaS).
To ensure Canada’s sovereign control over its data, departments will adopt the policy that all sensitive data under government control, that has been categorized at Protected B, Protected C, or is Classified, will be stored in a GC-approved computing facility located within the geographic boundaries of Canada or within the premises of a GC department located abroad, such as a diplomatic or consular missions. Departments and agencies will evaluate risks based on an assessment of data sensitivity and apply the appropriate security controls for cloud services. Examples of sensitive data include personally identifiable information or program/business information.
Establish a cloud service broker (actions underway)
A cloud service broker (CSB) functions as a bridge between organizations and cloud providers. Using a CSB makes cloud services less expensive, easier, safer and more productive for organizations to navigate, integrate, consume and extend cloud services, particularly when services span multiple and diverse providers.
A CSB’s key functions are as follows:
- security accreditation
- credential and identity federation
- application integration
- customer support
- vendor service-level agreements (pertaining to management and skills)
SSC is responsible for providing a CSB quickly by implementing contracts with cloud service providers, thereby enabling departments to use a self-service model for providing cloud resources (computing power, storage and platforms). SSC will be responsible for connecting the cloud environments as extensions of end-state data centres, with a catalogue of cloud resources pre-configured to the GC’s standards. All cloud projects will be reviewed and approved by GC EARB.
PSPC is also responsible for implementing additional contracts for services and must use the same demand intake process as SSC. PSPC will work closely with SSC to leverage its suite of cloud broker functions and infrastructure capabilities.
Offer public cloud services (actions underway)
A public cloud refers to a cloud environment shared by multiple tenants that are isolated from each other. SSC will direct its efforts toward acquiring and brokering multiple enterprise-grade public cloud services. Several of these will have a presence in Canada and be capable of storing and processing protected data. Public cloud services will be the priority choice for departments when choosing a cloud deployment model.
Offer private cloud services (actions underway)
A private cloud has all of the self-service and dynamic attributes of a public cloud except that the services are for use by a single enterprise, in this case the GC. Under this deployment model, the GC will be the only tenant residing in the cloud. This model includes off-premise as well as on-premise clouds that are managed by the GC or by a third party.
Private clouds can be implemented as pre-engineered commercial offerings or as tailored solutions that are engineered and assembled by staff. SSC will direct its efforts toward acquiring the former, with the latter being implemented when unique requirements arise. Departments will use private clouds where needs cannot be met by public clouds (e.g. secret information).
A technology infrastructure that is modern, sustainable, reliable and robust enables horizontal digital service delivery, collaboration and information sharing within the federal government and with citizens, external business, stakeholders and partners. It is a critical component that enables the GC’s shift to being client-centred and service-centred, with open programs and services.
Complete data centre consolidation and modernization (actions underway)
The GC operates over 500 aging data centres that support mission-critical and non-mission-critical business functions. Consolidating these data centres into fewer modern and secure data centre services is the most cost-effective way to address the government’s “rust out” issue. These enterprise data centres will be designed to have backup and retention capability as part of disaster recovery plans and in support of business continuity.
SSC will enable the migration of departmental legacy applications to segregated partner-specific locations (called enclaves) within the new enterprise data centres. This migration will:
- accelerate the closure of aging data centres
- enhance data security
- minimize the financial and business impact to departments
To ease the demand for data centre capacity, departments will reduce the number of back office applications to be migrated. The extent to which the government leverages external cloud service providers could also reduce the requirement for data centre capacity.
Successfully consolidating data centres depends on departments’ readiness to prepare their applications for migration within prescribed time frames. Departments will work with SSC and other government and external partners to ensure that:
- mission-critical and other applications are in appropriate environments
- such applications are supported with appropriate technologies and procedures to ensure their availability
Complete telecom/network consolidation (actions underway)
To streamline and modernize the government’s network infrastructure and services, SSC will eliminate unused phone lines and migrate departments from outdated and costly legacy phone systems to wireless devices and VoIP (voice over Internet protocol) service.
SSC will also work with departments to:
- consolidate the 50 existing SSC partner wide-area networks into a single enterprise network
- establish shared network infrastructure in office buildings that house multiple departments
- secure and reduce the number of connections to the Internet
Reassess government email consolidation (actions underway)
Departments have traditionally operated their own email systems, leading to business and cost inefficiencies. SSC, as the service provider, and TBS, as the enterprise business owner, will develop a strategy for next-generation email services for the GC.
Information and data sharing
Interoperable platforms are the backbone of data and information sharing, big data analytics and collaboration. By seizing on these opportunities, government can create a modern workplace in which employees have the enabling tools needed to keep pace with the expectations of the Canadians and businesses they serve.
Determine the feasibility of developing a “tell us once” approach for government (planned actions)
TBS will investigate the “tell us once” approach for the GC from various perspectives to understand possible risks and challenges including: security, privacy, IM and IT.
Build a platform for enterprise interoperability (actions underway)
TBS will continue to work with stakeholders to develop a unified service approach and to create a set of modern integration tools called the GC Interoperability Platform (GCIP). This platform acts as an information broker, enabling the exchange of data and information between enterprise systems, departments and governments.
The GCIP project will implement a central data exchange where information can be shared securely and reliably between government applications. Three core solutions for financial management, human resource management and information management will be connected to seamlessly exchange information, regardless of the technologies underpinning them. These systems operate on a “tell us once” principle, where data is entered in one system and then reused by multiple other systems, as legislation and policy permit, thus reducing the need for duplicate data entry while improving data integrity and accuracy.
This work will lay the foundation to link internal departmental information with solutions for delivering programs and services and enable greater GC-wide collaboration when designing digital services.
TBS will continue to lead the adoption of a common GCIP to support information sharing inside and outside the GC domain. This approach will enable business process improvement within the government and across jurisdictions, leading to improved program and service delivery for citizens and businesses.
Through the creation and use of a governance framework (policies, directives, guidelines and open standards) for the GCIP, TBS will:
- foster openness and collaboration
- promote digital services
- advance enterprise interoperability and information sharing across the government
Introduce a strategy for use of open source software and open standards (planned actions)
The use of open source software supports interoperability and information sharing and should be considered in the assessment of IM-IT solutions. Open source products are publicly available, and the availability of their source code promotes open and collaborative development around their specifications, making them more robust and interoperable. The use of open standards ensures interoperability between products and systems, and maintains flexibility within the IM-IT environment. TBS will lead the development of a strategy to set direction for the government on the use and release of open source software and open standards that will be ratified by GC EARB.
Introduce a mobile application strategy and framework (planned actions)
Canadians and business want to use mobile applications to interact with government data and obtain government services. As part of the overall web strategy, TBS will lead the development of a strategy and framework for the development and management of mobile applications that are easy to use and trusted that will be validated through GC EARB. GC mobile applications will be identified on Canada.ca and available through application stores.
Develop an application programming interface strategy (actions underway)
APIs are used to reveal GC digital capabilities and can be combined and reused to create digital services. APIs are increasingly becoming the way to facilitate sharing of government data and information and, as such, are foundational building blocks that support the GC’s commitment to digital services. TBS will develop an API strategy for the GC.
Introduce a government API store (actions underway)
TBS will lead the creation of an API store to support information sharing with Canadians, business and other entities external to government. Departments have already made available a number of APIs. The GC API store will offer a consistent means to discovering APIs and subscribing to them. The store will provide API publishers and users with a central, multi-tenant API management platform that includes:
- a searchable catalogue
- version control
- automated access provisioning workflows
Operating under a self-service model, API publishers will be allowed to sign up and benefit from “active documentation” that allows them to drill into API definitions, try APIs and share their feedback in the store’s forum.
Interoperability, mobile applications and APIs are key elements to supporting digital services for the GC.
Enhance online infrastructure to enable departments to release their data and information (actions underway)
Having reliable infrastructure in place to ensure the maximum release of government data and information ultimately results in:
- a platform for Canadians that enables access to open government data and information
- the opportunity to meaningfully engage on related issues
The long-term goals of these activities are to deliver value to Canadians through open information and data that:
- fosters greater citizen participation in government
- promotes innovation
- creates economic opportunities
Canada’s Open Data Exchange (ODX) is an organization that helps Canadian companies make use of open data. TBS will work with the ODX to deepen insight into the commercial open data landscape and to understand what challenges need to be overcome in order to make Canadian open data companies more competitive.
Develop a master data management program (planned actions)
In an open and distributed operational environment such as the GC, there is a risk that business-critical data becomes redundant, inconsistent and scattered throughout the enterprise.
Master data management (MDM) can be defined as the processes, governance, tools, rules and technology required to create and maintain consistent and accurate master data. It focuses on common critical data elements and establishes strong governance around them. MDM can eliminate redundancy and inconsistency of data in an organization and ensure its quality and control. It can provide a single, authoritative point of reference that can be shared by many processes and applications across the organization. It can also streamline data sharing and facilitate interoperability.
TBS will work with key business owners (for example, the Office of the Comptroller General and the Office of the Chief Human Resources Officer) to establish a government-wide MDM program to formally identify standard data elements and single authoritative sources for key information domains, where appropriate.
Advance analytics (planned actions)
Business intelligence involves creating, aggregating, analyzing and visualizing data to inform and facilitate business management and strategy. Analytics is about asking questions and refers to all the ways in which data can be broken down, compared and examined for trends. Big data is the technology that stores and processes data and information in datasets that are so large or complex that traditional data processing applications can’t analyze them. Big data can make available almost limitless amounts of information, improving data-driven decision making and expanding open data initiatives.
TBS, working with departments, will lead the development of requirements for an enterprise analytics platform.
TBS will work with departments to identify a business lead to develop a data lake (a repository of raw data) service strategy so that the GC can take advantage of big data and market innovation to foster better analytics and promote horizontal data sharing.
Implement a platform for external collaboration (actions underway)
Technology makes it easier for citizens, academia, scientists, businesses and government to share ideas and information and to collaborate with one another. TBS will lead the establishment of an external collaboration service provider to host departments and provide them with a dedicated workspace and computing storage for unclassified and transitory data. Cloud pilot projects will test-drive requirements and determine the most suitable platform to meet government business, information and security needs.
TBS, in collaboration with departments, including PSPC and SSC, provides departments with a secure platform called GCCollab to:
- share opinions, information and analyses
- collaborate with external partners, academia, businesses, other governments and citizens
While meeting the government’s requirements for security classification, disposition and recordkeeping, the platform will support an array of functions such as document sharing, co-authoring, assigning tasks, organizing meetings and holding discussions.
Implement GCDOCS (actions underway)
Time and productivity are frequently lost due to the lack of consistent tools and systems to help employees store, search and find the information and data they need to do their jobs. Enterprise IM solutions such as GCDOCS streamline and simplify these processes, but they need to be configured properly to make back-end IM processes as invisible as possible to users.
Automation can provide opportunities to:
- simplify and streamline key IM processes and practices
- deliver a seamless user experience that relieves burden on individual GC workers
Furthermore, implementing integrated and standardized solutions across departments can help make it easier for GC employees to find, use and share the information and data they need to do their job, while ensuring consistent, foundational management of GC information assets. Information and data can be leveraged to help departments achieve their business objectives and meet their mandated requirements.
TBS and PSPC will enhance the government-wide GCDOCS service for departments, including:
- full deployment by 2022
- broadening its integration with back office systems
- piloting its use as a tool for increasing the openness of government information
Migrate websites to Canada.ca and assess options for a single GC digital service platform (actions underway)
The GC’s Web Renewal Initiative will improve Canadians’ access to GC online services through a single online window (Canada.ca). This initiative will bring hundreds of existing sites into one, designed to better meet the needs of Canadians. TBS will develop a new strategy to set further direction on providing a single window to Canadians for all GC information and services and create the conditions required to transition to a single GC service platform.
The strategic goal of “manage” addresses the management and governance of IM-IT across government in a way that ensures that IM-IT investments:
- take advantage of economies of scale
- demonstrate value
- are sustainable
Strengthening the role of departmental CIOs and enhancing the role of the GC CIO:
- move to a digital GC culture
- will further develop business and IM-IT partnerships
- enable stronger IM-IT direction setting
- influence community management
The sections below list the strategic actions that are currently underway and those that represent new enterprise directions that may require additional approvals or funding in order to be implemented.
- 27. Establish enterprise IM-IT governance
- 28. Develop methods to prioritize investments in legacy and transformation initiatives
Enterprise architecture alignment and practices
- 30. Evolve IT management practices, processes and tools
- 31. Develop enterprise architectures for business, information, applications and technology
- 32. Adopt agile approaches to implementing business solutions
Agility and innovation
- 65. Establish a Digital Advisory Board
- 66. Introduce digital government principles
- 67. Advance financial management transformation
- 29. Document roles and responsibilities for IT and IT security
- 58. Introduce stronger project oversight at the concept phase
- 59. Establish data governance
Enterprise architecture alignment and practices
- 60. Standardize metadata
- 61. Develop information and data valuation framework
- 62. Develop an information management performance framework
Agility and innovation
- 33. Lead innovation
- 34. Adopt modern and flexible business models
- 63. Provide tools and resources to make innovative use of information and data
- 64. Shift culture and processes toward open by design
- 35. Ensure IT infrastructure sustainability
- 36. Rationalize investments
- 68. Develop process to balance infrastructure supply and demand
Note: Numbering of the strategic actions above corresponds with the strategic actions listed in Appendix B.
To fully embrace an enterprise approach, departments need clear direction on agreed-upon priorities and approved approaches that come from an authoritative source. Strong oversight is required to ensure sustained progress in advancing shared objectives. Roles and responsibilities must be documented for effective implementation of an IM-IT governance structure.
Establish enterprise IM-IT governance (actions underway)
Adopting an enterprise approach requires sound governance structures that support clear and informed decision making. The Deputy Minister and Assistant Deputy Minister Committees on Enterprise Priorities and Planning (CEPP) will be the governance, priority setting and oversight bodies for all GC IM-IT investments. CEPP will also provide oversight on SSC service delivery.
CEPP will encourage departments to move toward enterprise solutions for consolidated services. CEPP will establish the “rules of engagement” for adopting enterprise IM-IT solutions and services, including the process for addressing exceptions. As such, CEPP will prioritize all plans for enterprise services.
CEPP will manage demand from departments for SSC IT infrastructure services and guide how SSC provides those supply-side services. SSC will report to CEPP on its progress with transformation efforts and bring forward annually an investment plan for endorsement in advance of seeking Treasury Board approval.
Through principles, prioritization and a risk-based approach to balancing demand and supply, CEPP will align IT and IT-enabled initiatives with enterprise business priorities.
In addition, CEPP will provide direction for and oversee the implementation of the GC Strategic Plan for IM-IT that will be published annually in October. The Strategic Plan outlines GC IM-IT priorities and serves as the basis for SSC’s planning. CEPP’s Terms of Reference, including mandates, authorities and accountabilities, are being reviewed accordingly.
All the business needs of government will be managed according to IM-IT governance principles. Under CEPP leadership, TBS will:
- clearly define the key roles of business owner, service provider and client
- clarify with the CIO Council and the Enterprise Architecture Review Board how existing governance structures will be integrated into the IM-IT governance structure
- determine an appropriate decision-making process
- see that departments avoid duplication and unnecessary overlap
Develop methods to prioritize investments in legacy and transformation initiatives (actions underway)
SSC and PSPC will develop and define methods to measure the progress of transformation initiatives, aligning them with key benefits. Progress must be reported clearly and reliably.
TBS, supported by SSC and other departments, and under CEPP’s oversight and direction, will develop a methodology to prioritize and allocate funding for investments in legacy and transformation initiatives. SSC will also develop a clear process to address funding and capacity deficiencies. Methodologies and processes will be refined periodically to ensure accurate determination and reporting of savings. These processes will be integrated into enterprise planning initiatives.
CEPP endorses a principles-based approach and prioritization methodology to guide departmental investment strategies, ensuring that they reflect business and enterprise priorities. New or significant changes to IM-IT and IT-enabled projects will be subject to consultation with TBS and approval by CEPP.
As the GC shifts to a digital policy and strategy, its enterprise IM-IT governance, planning, prioritization and project management processes will evolve.
Document roles and responsibilities for IT and IT security (planned actions)
Departments have a role in managing and delivering IT, as described in Appendix D. TBS will work to elaborate and document the roles and responsibilities of departments, SSC, PSPC and central agencies for delivering IT services and implementing the government’s IM-IT Strategic Plan so that roles and responsibilities are clearly defined, communicated and executed. They will be clarified through the revised policies on government security, IM and IT. TBS will also continue to provide clear direction to departments on IT security roles and responsibilities, including security-control objectives and other security-related requirements.
Introduce stronger project oversight at the concept phase (planned actions)
TBS will enhance and strengthen the oversight function for IT-enabled projects by introducing earlier reviews of investment concept cases. Such reviews will take place prior to defining the solution or the project to implement the solution, allowing for early engagement and setting of direction. Concept cases will also be reviewed and assessed by the GC EARB for alignment with the GC business capability model.
For high-risk project investments, TBS will monitor and report on performance and governance throughout the life of the project. Better management of project investments, coupled with an agile approach to development and delivery, maximizes value and reduces service delivery costs, enabling the government to respond more rapidly to emerging issues.
Establish data governance (planned actions)
The GC is committed to making better use of data to inform decision making. To do so, the GC must ensure that the maximum value possible can be extracted from the large quantities of data that departments collect in support of providing their individual programs and services. Currently, data is fragmented and stored in departmental or program silos, with minimal infrastructure in place to support sharing among stakeholders and to effectively manage the data across its lifetime.
Many departments collect and use similar or related data, but no coherent government-wide approach to managing data is in place for providing services that stretch across departments and jurisdictions. Ownership for individual datasets is often not clear, and business development processes do not sufficiently consider other potential uses of data collected. In order to ensure informed decision making based on enterprise-wide data, the government needs to take steps to ensure the sound governance of data and its integrity and quality.
TBS will work with data creators and user communities to define governance principles that assign formal accountabilities for individual data assets.
Enterprise architecture alignment and practices
Sound IM-IT management starts with consistent planning based on documented descriptions of the enterprise. With an understanding of what is in play, managers can adopt solutions that best address their business needs while advancing government-wide architecture.
Evolve IT management practices, processes and tools (actions underway)
CIOs should plan and execute departmental IT plans so that they align with the GC’s Strategic Plan for IM-IT and overall enterprise modernization priorities. Important tools to support CIOs include:
- investment plans
- architectural reviews
- application portfolio management
- expenditure reporting
- performance reporting
Optimizing IM-IT investments to meet business outcomes will propel the evolution of IM-IT management processes and tools. TBS policy and guidance will allow departments to:
- manage IM-IT consistently and with greater maturity
- better understand IM-IT at the enterprise level
- evolve digital service delivery
- benchmark themselves against similar departments
- monitor and track progress against government priorities
- set future priorities
TBS will also provide policy guidance and more robust project oversight to help departments:
- develop sound project cost estimates
- implement good project management practices for complex IM-IT projects
- guide investments from concept to benefits realization
Develop enterprise architectures for business, information, application and technology (actions underway)
Enterprise architecture will be used to provide all GC departments with a structured approach to identify and describe GC business needs and the information, applications and technology that are required to enable them.
Enterprise architectures show:
- the capabilities and services being provided to Canadians
- the information that supports each GC service
- the people impacted by business decisions
- the secure enabling applications and technologies for each GC service
Understanding enterprise architecture enables effective decision making about IM-IT investments, costs and risks, allowing the GC to act as one to optimize performance and deliver on government priorities in the digital era.
Working with functional communities, TBS will lead the development of an enterprise architecture framework, including an GC EARB that is integrated with IM-IT governance. The GC EARB, with representation of business and technology stakeholders from across the GC, will work collaboratively to simplify the GC IM-IT environment by:
- assessing alignment of initiatives
- identifying opportunities for reusing solutions that support similar needs
- developing new digital capabilities and innovation opportunities
- setting standards for GC technology
- providing direction on IM-IT investment
Adopt agile approaches to implementing business solutions (actions underway)
It is a challenge to be able to acquire goods and services in a timely manner to operationalize government mandates that provide value to citizens. TBS and PSPC are leading a government-wide initiative to identify and support key improvements in the federal procurement regime.
Departments will take advantage of existing multi-departmental contracts when investing in solutions to meet common needs. In cases where multi-departmental contracts or tools do not meet business requirements, departments will contact TBS to discuss other options. Departments are required to keep TBS up to date on their investments and plans.
Where a customized or in-house solution is the only option, application development teams should take modern and agile approaches to achieve greater speed and agility. They must also take into account the increasingly complex ecosystem of interdependent software architecture, infrastructure and processes.
Departments will promote a learning culture that allows solutions architects and developers to:
- understand and adopt iterative development approaches, automate release schedules and embrace a layered testing strategy, including automated testing
- increase engagement with business colleagues to advance iterative approaches
- engage functional (IM) experts early in the development process
- adopt an approach that considers a service-oriented architecture and application programming interface (API) first rather than large and complex constructs
Standardize metadata (planned actions)
Metadata is the backbone of digital automated processes, information retrieval, and the use and sharing of information and data. Metadata defines and describes the structure and meaning of information and data and of the context and systems in which they exist. Metadata supports efficient and effective management of information and data resources over time, which facilitates decision making, accountability and the efficient delivery of government programs and services.
Standardized metadata supports:
- interoperability within and across systems
- reuse of information resources within, across and outside the GC
Along with standardized metadata, consistent use of authoritative vocabularies supports the exchange of information and data resources within and across systems.
Automated metadata collection, creation, use and reuse can greatly relieve burden on individual GC workers.
TBS, in conjunction with business owners, will standardize metadata schemas and maximize their benefits to simplify and automate metadata usage and make it invisible to users.
Develop an information and data valuation framework (planned actions)
Organizations that are information-centred and information-savvy recognize information and data as valuable assets. These organizations move beyond considering the business value of information and data to determining its value in monetary terms. Accounting for information and data as strategic assets, similar to human and financial assets, allows organizations and its partners to maximize the full potential of all information and data. When information and data assets are valued and managed as such, they can pave the way for innovation and cultural change within an organization. As the old adage goes, “You can’t manage what you don’t measure.” This also means that if something can’t be measured, it can’t be improved. It is therefore important to quantify the value of information and data through a formal methodology. Currently, there is no common agreement across government on how to measure the value of information and data.
TBS will test industry practices for assigning value to unstructured information assets (infonomics) within targeted domains and examine best practices for potential broader use.
TBS will leverage data inventories as a baseline for a systematic and coherent approach to the quantitative and qualitative evaluation of data, including the use of industry practices to quantify the value of individual data assets.
Develop an information management performance framework (planned actions)
Considerable effort is expended throughout government to produce coherent analysis and reporting that leverages common metrics. Much of this effort is a result of inconsistent data definitions and traditional measures of IM (for example, through the Management Accountability Framework) that reinforce an increasingly outdated view of IM (recordkeeping). Differences in the level of maturity of IM across departments place constraints on the availability of quality metrics.
By leveraging the right performance metrics, the government can better understand the impact of information and data management on its business. More importantly, it can serve to elicit desired behaviours on the part of departments and their employees. Designing metrics that are forward-looking and closely linked to business outcomes can help establish and better communicate the value of information and data. Furthermore, by shifting the focus of measurement away from compliance toward outcomes, desired behaviour changes can be fostered, including increased information sharing and reuse and improved data quality.
TBS will develop a performance framework, including a renewed Management Accountability Framework, that is rooted in business outcomes and results and is aligned with emerging needs. Over time, this framework will evolve into the digital policy performance framework.
Agility and innovation
The GC is transforming its IM-IT to better serve Canadians, with innovation being key to delivering on this agenda. Successful innovation combines creativity with process to transform novel ideas into business enablers that deliver tangible results. It embraces experimentation and intelligent risk taking, bringing new approaches that address existing problems and leverage future opportunities. Innovation calls for collaboration, both with new and traditional partners, to identify and break down any barriers that prevent us from achieving maximum results.
Lead innovation (planned actions)
The role of CIOs is evolving from a service provider to a full strategic business partner and digital enabler. CIOs are innovation agents, business enablers and catalysts for enterprise transformation. Departmental CIOs will be strategic business partners who bring IM-IT to the table in innovative ways to address the department’s business needs. To explore working in ways that are more agile, new opportunities with various innovations hubs will be pursued.
Adopt modern and flexible business models (planned actions)
To achieve a better balance between demand and capacity, SSC and PSPC will adopt cost-recovery business models for some IT services. Doing so will provide greater flexibility to provide agile and effective services to the government. As an enterprise, departments will achieve better business value by sharing IT resources, capacity and capabilities.
Provide tools and resources to make innovative use of information and data (planned actions)
Departments have expressed a desire for safe sandbox environments in which to develop and test innovative uses of information and data. Departments expect that these environments are compliant with pertinent policies (for example, the Policy on Official Languages and the Standard on Web Accessibility).
Encouraging exploration of new ideas in managing information and data can bring the community together to experiment with creative approaches and help the GC adapt more quickly to the pace of change. By highlighting where innovation is happening, steps can be taken to encourage and enable innovation for broader implementation across the government. Incubating innovative solutions that create or exploit federal information and data can also generate enhanced value for the GC. Furthermore, creating a clear path for proposing new ideas could focus departments’ investment of their innovation reserves on information and data pilot projects. With a strong commitment to supporting innovation and increasing openness, the government can:
- inspire the creativity and develop the skills of future innovators
- attract key talent to the public service
TBS will provide tools and resources for departments to test and make innovative use of information and data (for example, support for developing APIs that enhance access to open data).
Shift culture and processes toward open by design (planned actions)
To achieve the vision of a more transparent, accountable and responsive government, an “open government” lens needs to increasingly be applied to new or renewed program and service design and at all stages of policy and program development and implementation.
The long-term goal is to transform the work processes and culture of the public service to one where programs, services and information are open by design. TBS will lead work that includes designing new processes, protocols and standards to enable and facilitate the proactive release of government data and information by default.
Establish a Digital Advisory Board (actions underway)
To benefit from a broader range of expertise and experience, the GC CIO will establish a Digital Advisory Board made up of CIOs in the federal, provincial and private sectors. The Digital Advisory Board will provide advice to the GC CIO on IM-IT activities related to strategic direction, service delivery and investment priorities.
Introduce digital government principles (actions underway)
TBS will develop a set of principles to guide digital development in the Government of Canada based on international best practices. These principles will guide and shape how government information, technology, and service delivery will be managed in a new digital ecosystem.
Advance financial management transformation (actions underway)
Financial management transformation will modernize the business model for financial management across the GC to support:
- open and transparent government
- better service for Canadians
- evidence-based policy
The principal goal is to improve the business and systems of financial management across the GC. Working with departments, TBS will achieve this goal by:
- developing and applying policy instruments (policies, directives, guidelines and standards)
- building community support and leadership
- aligning and overseeing investments
- developing common solutions
Ensuring that IM-IT investments are sustainable and that they meet business needs will enable departments to provide better services to Canadians.
Ensure IT infrastructure sustainability (planned actions)
A sustainable funding model must take into account the regular renewal cycle of IT infrastructure assets and the appropriate level of investment. TBS and SSC will explore alternative financial and service delivery models to address IT renewal.
Rationalize investments (planned actions)
In keeping with enterprise IM-IT governance, spending on new or significant changes to certain IM-IT and IT-enabled projects will be subject to consultation with TBS and approval by CEPP. Consultation will include discussions on spending for systems for common business domains such as:
- case management
- human resources management
- financial management
- other back office administrative processes
- identity and credential solutions
- IT infrastructure and associated solutions
Departments will take an enterprise approach to managing their portfolio of applications to:
- determine opportunities for common, government-wide solutions
- retire aging and at-risk applications
Applications that remain in use and that support mission-critical business functions are to be kept evergreen until they can be replaced by modern solutions.
Develop a process to balance infrastructure supply and demand (planned actions)
In addition to prioritizing projects and initiatives, TBS and SSC will develop a framework to allow departments and the government to access alternative service options where appropriate, while maintaining enterprise standards. This approach will reduce capacity pressures on SSC while allowing departments to continue progressing with projects, programs and service delivery.
The strategic goal of “secure” focuses on safeguarding sensitive government data and ensuring that Canadians accessing online services can trust the government with their personal information. As the shift to digital services increases and the sophistication and frequency of cyberattacks grow, the GC’s defences must also evolve. Policy changes will be made to strengthen the security of the GC’s IM-IT environment.
The strategic actions outlined below align with Communications Security Establishment Canada’s (CSE’s) top 10 security practices and with industry best practices. Departments will use CSE’s top 10 practices to prioritize their IT security actions that will support the elimination of active cyberthreats on government networks.
The sections below list the strategic actions that are currently underway and those that represent new enterprise directions that may require additional approvals or funding in order to be implemented.
Defence in depth
- 18. Implement an enterprise approach to vulnerability and patch management
- 19. Manage and control administrative privileges
Trusted solutions and services
- 20. Protect web transactions to and from external-facing websites
- 22. Implement a trusted digital identity for people accessing internal government networks and systems
Defence in depth
- 16. Secure the government’s network perimeter
- 17. Implement end-point security profiles
Trusted solutions and services
- 21. Implement an improved cyber-authentication service
- 23. Implement a secure communication service for classified information
- 24. Implement enterprise data loss prevention
Awareness and understanding
- 25. Enable comprehensive understanding of end-point devices
- 26. Enhance awareness of enterprise cybersecurity threat and risk environment
Note: Numbering of the strategic actions above corresponds with the strategic actions listed in Appendix B.
Defence in depth
Canada’s competitive advantage, its economic prosperity and its national security depend on government adopting new and accessible technologies to better serve Canadians and public service employees. If not managed well, however, making information and data more open could risk exposing networks, systems, devices and data, including personal information, vulnerable to malicious or accidental breaches. This is just one reason why strengthening IT security is paramount.
Secure the government’s network perimeter (planned actions)
Although the Internet is a game changer in how public service employees access and share information, it also brings considerable risk. Malicious software (malware) can be unknowingly downloaded from websites or through email and seriously compromise IM-IT systems and disrupt government operations.
To protect the government’s network, world-class monitoring services and defensive measures have been implemented at the government’s network perimeter through SSC-managed gateways. The completion of network consolidation projects will ensure that all SSC partners use these gateways. There remain, however, departments that continue to use non-SSC networks to access the Internet.
To address risks to its network, the GC is standardizing protection and creating a secure, government-wide network perimeter. Departments that do not currently use SSC Internet services will be migrated to the SSC-managed enterprise network and will use SSC Internet services exclusively.
TBS, CSE and SSC will establish additional trusted interconnection points between the government network and external partners to:
- provide standardized and secure connectivity with external partners and the Internet
- act as a gateway to cloud services
These actions will reduce the risk of rogue, ad hoc or unauthorized Internet connections to and from the government’s networks. They will also enhance the government’s ability to defensively monitor data that crosses the government perimeter and ensure maximum protection of government information assets.
Implement end-point security profiles (planned actions)
Malicious parties frequently seek out exposed or misconfigured Internet-facing services or equipment to gain access to IM-IT systems and information. End-point devices such as laptop computers, tablets and servers provide a doorway for such threats. Malware, rootkits (software tools to gain control of a system) and phishing can lead to the loss and compromise of government data, including personal information. Operating systems and applications that use default configuration settings typically include unnecessary components, services and options. These default settings are well known and easily discovered using automated tools.
In the enterprise context, weaknesses and misconfigurations in an organization’s systems could be exploited and used to attack other organizations’ systems. Making the government’s end-point devices more resistant to attacks is key to securing the government enterprise.
Recognizing the risk posed by misconfigured end-point devices, SSC, in consultation with TBS and CSE, will develop end-point device profiles. These standardized profiles will be based on security best practices and will represent securely configured operating systems and applications. The profiles will be validated and refreshed regularly to update their security configuration. Additional security controls, such as host-based intrusion prevention and application whitelisting (a computer administrative practice used to prevent unauthorized programs from running) will be implemented to further ensure the integrity of systems and information.
Implement an enterprise approach to vulnerability and patch management (actions underway)
The government must ensure that vulnerabilities are identified and remediated quickly to minimize the risk of future intrusion and potential loss. TBS and SSC will implement an enterprise-wide vulnerability and patch management capability to systematically detect and remediate vulnerabilities. Departments will:
- implement these tools and processes
- meet standard timelines for remediation
- ensure quick response times for emergency or critical patch deployment
Manage and control administrative privileges (actions underway)
Departments also need to manage internal risks to the security of their IM-IT environment. Privileged accounts (such as local or domain administrators and other accounts that have elevated access) are the most powerful accounts in any organization. They are also the most targeted by malicious parties that wish to compromise government information.
TBS, SSC and departments will work together to minimize the misuse of any account that has elevated privileges, either malicious or accidental. Tools and processes will be implemented to ensure the proper management, control and monitoring of such accounts, including establishing strong authentication mechanisms for all privileged accounts.
Departments will also implement measures to manage and control the life cycle of and access to privileged accounts, including:
- audits and reviews to confirm validity of privileges
- continuous monitoring to look for uncharacteristic behaviour
Trusted solutions and services
Establishing identity is fundamental to most government interactions that involve exchanging information or permitting access to sensitive resources.
Protect web transactions to and from external-facing websites (actions underway)
As more Canadians interface electronically with the GC, the amount of sensitive information transferred to and from government websites will increase. To maintain maximum trust in these online transactions, the government must protect them.
TBS will establish an “HTTPS everywhere” standard that will require departments to use the HTTPS protocol for all external-facing websites and cloud services. This protocol, along with approved encryption algorithms, will ensure the secure transmission of data online and the delivery of secure web services.
Implement an improved cyber-authentication service (planned actions)
Currently, Canadians and others external to the government can securely access government services online using a trusted credential. The credential (a username and password) is issued either by the GC’s GCKey service or by a private sector organization that has partnered with SecureKey Technologies to enable their customers to use their online credentials (such as card numbers or user names and passwords) to access GC services.
This mandatory solution for all online government applications offered to the public is cost-effective, secure and convenient for users. Still, improvements to the existing cyber-authentication service are needed to support new initiatives such as Canada’s Digital Interchange. Building on the existing solution and maintaining an enterprise approach, TBS and SSC will develop a renewed cyber-authentication service. This service will meet current business needs and support enhanced functionality required for future federated identity and digital service delivery initiatives.
Implement a trusted digital identity for people accessing internal government networks and systems (actions underway)
TBS will take an enterprise-wide approach to internal identity, credential and access management to:
- reduce costs
- promote interoperability
- improve end-user experience by reducing the need for multiple user IDs and passwords
Under TBS’s leadership, SSC will implement common internal identity and credential processes and technologies tailored to the level of assurance required for particular business processes. For example, a unique digital identity will be needed to authenticate employees, contractors, trusted guests or any other authorized users who access internal government networks and systems.
Departments will migrate applications to this new enterprise service when their applications are upgraded as part of regular life-cycle maintenance of assets.
Implement a secure communication service for classified information (planned actions)
Every day, departments create, store and process classified information. Failure to protect this information could lead to:
- national security risks
- economic losses
- loss of government credibility
Although several special environments allow some departments to safely share classified information, there is no common solution available government-wide.
SSC, under the strategic direction of TBS and supported by CSE, will implement a single, common and integrated enterprise-wide secret-level network to enable classified data to be securely transmitted, stored and processed across departments. Classified voice and mobile capabilities will also be implemented for users who need to regularly discuss classified information.
Implement enterprise data loss prevention (planned actions)
With its responsibility for maintaining large amounts of sensitive data, the GC needs to minimize the risk of unauthorized disclosure. TBS will establish a framework to support an enterprise approach to data loss prevention that will be supported by IM solutions. Preventing the unauthorized transfer or release of sensitive information involves first identifying sensitive data. Unauthorized data flows and operations will be monitored, detected and blocked. SSC, with departments, will implement the framework.
Awareness and understanding
Understanding the assets within an IM-IT environment is essential to knowing what to protect and enables the government to be more proactive and efficient when responding to threats and attacks.
Enable comprehensive understanding of end-point devices (planned actions)
It is critical to be able to proactively and accurately determine:
- the status of all end-point devices
- what is running on them
- who is accessing them
End-point devices that pose a risk to the enterprise can be identified, allowing the government to be more effective when responding to threats and attacks.
Under TBS’s leadership, SSC and other departments will acquire and implement tools and processes to enable a real-time, enterprise view of the current status and configuration of government end-point devices. Such information includes:
- hardware and software versions
- operating system versions
- patch installations
Authorities will be strengthened and procedures established to mitigate risks to the GC network should immediate action be required.
Enhance awareness of enterprise cyberthreat and risk environment (planned actions)
Departments are accountable for managing cyber-risks to their particular program areas. However, as the government adopts an enterprise approach and programs and services become more integrated, it will be imperative that cyber-risks are also managed at the enterprise level.
Key to effectively managing enterprise-wide risk is understanding the changing cyberthreat landscape (for example, who is trying to exploit government networks and systems, by what means, and for what purpose). Departments indicate a strong desire for a more proactive approach for GC cybersecurity that emphasizes research and innovation in order to keep pace with emerging threats, technologies and trends. Departments also have a strong desire to work cooperatively to:
- improve the GC’s security environment
- reduce barriers to collaboration and sharing of information
A better understanding of departmental threat environments would allow departments to take a risk-based approach and focus cybersecurity efforts and resources rather than attempt to blindly protect against all possible threats.
Cybersecurity is a new reality for GC employees, and technological solutions alone will not protect the GC from cyberthreats. All tools and technologies used in a strong GC cyber-posture can be undermined by uninformed user behaviour.
TBS will establish a centralized capability to conduct governance, risk and compliance management activities in order to gain a holistic picture of cyber-related business risks in the GC. This capability will pull together data from multiple sources, for example, threat assessments, risk registers, investment plans, audit results and critical asset listings, to feed a consolidated enterprise view of cyber-risks. One of the key data sources will be the GC Enterprise Threat Assessment, which CSE will refresh on an ongoing basis to keep pace with evolving internal and external cyberthreat environments.
The continuous monitoring of the cyberthreat and risk landscape will inform decision making and influence how corrective actions are prioritized across the enterprise to ensure maximum protection of government assets.
The strategic goal of “community” focuses on building a high-performing IM-IT workforce and ensuring that public service employees have a modern workplace, professional development and the IM-IT tools they need to do their jobs.
The sections below list strategic actions that are currently underway and those that represent new enterprise directions that may require additional approvals or funding to be implemented.
- 39. Enable career development
- 40. Improve diversity
- 41. Modernize workplace technology devices
- 42. Support a mobile workforce
- 43. Provide Wi-Fi access
- 44. Provide desktop videoconferencing to employees
- 45. Implement managed print services
- 74. Improve IM-IT accessibility
- 47. Advance digital collaboration
- 75. Expand open government training and outreach
- 69. Strengthen recruitment
- 70. Modernize information and data management profession
- 71. Develop information and data management training
- 72. Strengthen leadership development
- 73. Lead targeted initiatives
- 46. Promote digital literacy and collaboration
Successfully delivering IM-IT services requires a skilled, agile, connected and high-performing IM-IT workforce that combines knowledge of business and technology. IM-IT professionals need to be able to keep pace with the speed at which the business environment is evolving. Today, the significant transformation of CIO organizations across the enterprise continues, calling for a broader and more integrated range of competencies in this increasingly digital and service-oriented work environment. To enable a high-performing IM-IT workforce, 3 overarching priorities have been established:
- evolve toward an enhanced community management model
- enhance the diversity of the IM-IT workforce
- advance transformation
Areas of action that support these priorities include recruitment, consideration of diversity, career development, leadership development, and targeted initiatives to source, attract, onboard, develop and grow the IM-IT workforce. Partnerships, workforce analytics, research and collaboration form the foundation that supports these activities.
Enable career development (actions underway)
Further enabling IM-IT professionals to evolve into new roles, and addressing competency gaps in areas such as strategic thinking, communications, innovation, change leadership and agility, requires investment in employees. To support IM-IT professionals, retain talent and re-skill the workforce, emphasis will be placed on:
- a career development portal
- learning provider solutions
- a development approach for the CS (Computer Systems) Group
TBS, in conjunction with the Canada School of Public Service, will lead work in this area.
Improve diversity (actions underway)
An innovative workplace is one where the workforce reflects the full breadth of the talent pool. Diverse teams bring broader perspectives and ideas for greater capacity to find creative solutions.
Currently, IT remains a predominantly male domain. In Canada, recent data reveals that women occupy only 27% of the CS population in the federal public service. Moreover, the percentage of millennial women in the CS ranks has diminished steadily to a low of under 15%. Activities to enhance diversity include focusing on recruitment and interdepartmental action plans. Building on current efforts, specific initiatives include the development of a multi-year action plan to improve diversity, inclusion and representation via recruitment, retention and development for women of the CS Group. To further support the government’s commitments to achieving greater representation and a balanced and diverse workforce, departments will develop and leverage partnerships with departments that encourage IT as a career choice for young women. Departments and central agencies will also work to increase labour mobility among women by encouraging leaders in the public service and the private sector to consider roles in the government’s IT community.
Strengthen recruitment (planned actions)
To address challenges that include branding issues, shortfalls in capacity and competency gaps, the GC will focus on CS recruitment campaigns, enterprise approaches and partnerships to support recruitment efforts and onboarding. Specific initiatives will focus on:
- outreach to college and university campuses
- onboarding tools and initiatives to improve the integration of new recruits
- partnership with the Public Service Commission of Canada to create a partially assessed CS inventory
TBS, working with departments, will lead work in these areas. Such initiatives will better position the GC to address capacity and competency gaps more efficiently.
Modernize information and data management profession (planned actions)
Revitalizing the information and data management profession is necessary to ensure that it keeps pace with current and emerging business needs in a digital, open and service-oriented environment. Currently, HR classifications (for example, the CS Group, the Administrative Services (AS) Group and the LS (Library Science) Group) do not adequately reflect the knowledge, skills and competencies needed. Furthermore, information and data professionals should be more involved early on in the development process when designing or renewing programs and systems to ensure that issues associated with information and data management and sharing are proactively considered. Realigning roles and responsibilities of information and data management professionals and other key stakeholders could help improve collaboration and overall coherence.
TBS will work with Office of the Chief Human Resources Officer to explore a classification standard for information and data management professionals, including developing new standardized:
- generic work streams and job descriptions
- competency profiles
- organizational structures
Develop information and data management training (planned actions)
By themselves, new policies, processes and technology will not bring the change needed to support digital government. As the need for quality information and data to support evidence-based decision making and digital service delivery continues to evolve, so too must the competencies of the information and data professionals that support the delivery of government programs and services.
By broadening the scope of competencies and the capacity of information and data management professionals to include business analysis, enterprise architecture, digital citizenship and horizontal skills, the government can enable them to meet evolving business needs. Also, educating information and data professionals to speak the language of the business side of government would help shift the overall focus of information and data management from process to business outcomes, making information and data a central part of today’s digital workspace.
TBS will develop partnerships to design learning and development opportunities for the next generation of information and data professionals.
Strengthen leadership development (planned actions)
There is a requirement to invest in current and aspiring leaders across the enterprise to:
- address talent retention issues
- increase capacity to develop leadership competencies
- address gaps in skills
Emphasis will be placed on:
- talent management and succession planning
- learning provider solutions
- cross-pollination with organizations outside the GC
Specific leadership development efforts include:
- talent reviews
- promoting leadership development programs at the Canada School of Public Service
- tracking and facilitating the movement of IM-IT leadership across the enterprise
TBS will lead work in these areas.
Lead targeted initiatives (planned actions)
The role of CIOs and their organizations continues to evolve, with a shift toward being a transformational business leader, technology strategist and innovator. Today’s environment further calls for experimentation and smart risk taking. To enable CIOs to become increasingly influential in shaping the business and supporting innovation, a number of targeted initiatives have been identified, including:
- a talent cloud to increase resourcing agility
- strengthened relationships between departmental CIOs and the GC CIO
TBS, working with departments, will lead work in these areas.
Information and technology are key enablers of a modern workplace that support collaboration, innovation and mobility. Ensuring that smart technology provides a consistent, accessible workplace experience throughout government will improve how all employees work together and provide better services to Canadians.
Modernize workplace technology devices (actions underway)
Workplace technology devices are essential for a modern workplace and a collaborative, mobile workforce, consistent with the Blueprint 2020 vision. TBS will work closely with departments to ensure that workplace technology devices meet the Blueprint 2020 vision.
TBS will establish enterprise standards and processes for life-cycle management and set direction to guide future workplace technology devices standards and secure configurations.
SSC will continue to consolidate contracts and procurement activities to improve security, reduce costs and improve service to Canadians. SSC will also procure workplace technology devices and work with TBS and other departments to standardize devices.
Departments are responsible for supporting and maintaining workplace technology devices. They will explore support models such as self-service and regional clusters to reduce costs while promoting consistent user experience and service expectations.
Support a mobile workforce (actions underway)
The GC is committed to and encourages an open and collaborative work environment where mobile devices are used. TBS will develop a mobility strategy, focusing initially on smartphones. Departments will balance the cost of these devices, and their support, against the business value achieved.
Provide Wi-Fi access (actions underway)
Access to wireless data networks is critical for employee productivity. The broader deployment of Wi-Fi may also reduce costs by displacing the need to provide wireline infrastructure, which is expensive to install and maintain.
TBS and SSC will put in place the necessary services and policies to support Wi-Fi usage. Departments will implement Wi-Fi access to networks for all employees within common areas and their workspaces, where the job requires mobility. Departments will migrate to Wi-Fi-capable devices and support Wi-Fi access to local area networks for registered users, as well as Wi-Fi guest-network access where security requirements are appropriate.
Provide desktop videoconferencing to employees (actions underway)
Increased access to videoconferencing supports the collaborative operations of virtual teams across departments, time zones and regions. Departments will complete the re-engineering of their in-house videoconferencing facilities to enable full interconnectivity across the government. Where appropriate and where a user profile supports such functionality, SSC will also create the network and bandwidth capacity needed to support videoconferencing at desktops.
Implement managed print services (actions underway)
The GC will continue to improve the sustainability of workplace operations by completing the implementation of the Centre for Greening Government’s strategy for printing. Departments will achieve an 8:1 average ratio of office employees to printing units. Departments will also use SSC’s managed print services to facilitate improvements in their organization’s environmental efficiencies in imaging, specifically:
- reduced energy costs and paper consumption
- proper disposal of electronic equipment
Improve IM-IT accessibility (actions underway)
An innovative workplace requires all its employees to contribute to their fullest potential and should attract the best and brightest talent. Today, public service employees with disabilities continue to face systemic barriers in the workplace, as information and communications technologies are not as accessible as they should be, with key tools posing accessibility and usability barriers to varying degrees.
In line with Blueprint 2020 and efforts by the federal government in the realm of accessibility, TBS
Digital collaboration refers to the skills and mindset needed to work effectively in an open digital environment. Tools that respect government requirements such as accessibility, privacy, security, IM and official languages will be used to promote digital collaboration.
Promote digital literacy and collaboration (planned actions)
Digital literacy goes beyond basic computer skills. It is essential to make the most of investments already made in the IM-IT environment, devices and tools, and to ensure that IM-IT helps workforce productivity rather than detracts from it.
Data literacy is a skill required for working digitally. GC employees need to be able to extract high-value insights from the wealth of available information and data and to communicate them.
TBS will develop partnerships to leverage and design an engagement and awareness program for all public servants to enable them to:
- become more data-literate
- leverage evidence-based decision making
- engage internally and externally as digital citizens
Public service employees should also be able to use GCTools such as GCpedia, GCconnex and GCintranet to share information and build the professional networks needed to respond to shifting priorities and problems. Collaborating digitally involves “working out loud,” where others can see, benefit from and help improve how employees work.
To promote a culture of openness and collaboration, departments will nurture these skills throughout the public service by:
- adopting and using GCTools for everyday work
- deploying targeted and general learning and community outreach activities
- promoting the use of self-directed learning tools and materials
Senior leaders’ adoption of GCTools will be critical to successfully integrating digital collaboration into their departments and to demonstrating the full benefits of these collaborative tools. Leaders will adopt an “open first” approach toward content creation and encourage their employees to participate in shared knowledge and collaborative digital spaces, other than where security requirements prohibit such an approach.
Advance digital collaboration (actions underway)
GCTools such as GCpedia, GCconnex and the GCintranet enable collaboration across the government. Employees are able to access and share information and work across departments and geographic boundaries, resulting in better service to Canadians.
GCTools that support government requirements for accessibility and official languages will be further developed and integrated into other applications. These tools will allow employees to easily connect with the colleagues and information they need to work effectively. GCTools will connect to a digital workspace that provides simplified access to other activities such as staffing, learning and professional development.
TBS will make adopting GCTools part of standard practices for employee onboarding throughout government. Departments will then be in a better position to adopt and use GCTools through the Ambassadors Network and in formal training and ongoing communications. The Ambassadors Network consists of volunteers from various departments and regions that provide support to teams using GCpedia and GCconnex to enhance their work.
Departments will decommission stand-alone collaborative platforms unless they are linked to core local business requirements. Email communication will be reduced in favour of open discussions or instant messaging, where transitory communications can occur without bogging down government systems.
Expand open government training and outreach (actions underway)
Training and awareness sessions are being provided to public servants across the federal government to enhance knowledge and skills for open government. The training resources developed will be made available through government-wide platforms, including through the Canada School of Public Service and on open.canada.ca.
The way forward
Implementing the Strategic Plan
In support of the GC, the Deputy Minister Committee on Enterprise Priorities and Planning (CEPP) provides oversight and guidance on government IM-IT investments, supported by the Assistant Deputy Minister (ADM) CEPP. Investments come forward through the annual departmental IT planning process and are analyzed and prioritized by TBS and SSC in order to understand demand and capacity. An implementation roadmap for the plan’s initiatives has been developed (see Appendix B), and financial analysis is underway to help determine the extent and pace of implementation, particularly in terms of infrastructure modernization. This roadmap will be refined as planning advances.
Information, data and technology can be leveraged to support the culture change required within the GC to shift to an open and service-oriented organization that delivers programs and services to citizens and businesses in simple, modern and effective ways that are:
- optimized for digital
- available anytime, anywhere and from any device
Risks and mitigation strategies
Table 5 outlines risks to implementing the Strategic Plan and their mitigation strategies.
|Risk to implementation||Mitigation strategy|
|Lack of capacity (people): There is a risk that the government will not have sufficient capacity to implement the plan.||Some strategic actions are identified as directional and can be deferred until sufficient capacity is available. CEPP (governance) will provide direction and oversee the implementation of the plan.|
|Too much to do: There is a risk that the plan is overly ambitious and that the government will not be able to absorb all the new work.||Some strategic actions are identified as directional and can be deferred until sufficient capacity is available. CEPP (governance) will provide direction and oversee the implementation of the plan.|
|Insufficient funds: There is a risk of insufficient funding to implement all strategic actions identified in the plan.||Strategic actions that are identified as directional will not proceed until funding is secured. Those currently underway will be assessed to ensure that sufficient funding is available to complete implementation.|
|Failure to adopt the enterprise approach: There is a risk that departments will not all act in an enterprise manner.||CEPP will drive departments to move toward enterprise IM-IT solutions for consolidated services and address exceptions.|
|Retiring IM-IT workforce and competency gaps: There is a risk that the government will not retain its IM-IT workforce due to increasing retirements and gaps in required competencies.||Impacts could be avoided by actions to strengthen recruitment, enable career development, improve diversity, and invest in developing leadership.|
|Significant cyber-event: There is a risk that a significant cyber-event could occur, delaying implementation of the plan.||
The impact of such an event could be reduced through measures such as:
|Resistance to change and insufficient momentum to drive culture change: There is a risk that employees will not want to or be able to change the culture enough to drive the change agenda (for example, break down silos, cultivate the mindset of “fail fast and iterate” (experimenting with small components and building from the results) openness and collaboration). Resistance to change, if not acknowledged and addressed, could delay or inhibit the realization of expected results and outcomes, as culture change is not a short-term activity.||TBS, through advocacy and promotional campaigns, will encourage departments to adopt the principles outlined in the Strategic Plan. Providing skills training and collaboration tools will help develop the desired new behaviours. In addition, policy direction and language regarding CIOs as business partners and integrators will promote the required behaviours over time.|
CEPP will provide direction and oversight in implementing the Strategic Plan, including the monitoring of enterprise-wide implementation risk.
Progress toward achieving the strategic goals outlined in the Strategic Plan will be tracked, evaluated and reported. Key performance indicators have been identified for strategic actions (see Appendix C). The indicators will be reviewed in 2017 and revised as required. Benchmarks and targets will also be established in 2017, in consultation with departments, as will leveraging existing assessment frameworks and tools, such as:
- the Management Accountability Framework
- key performance indicators for internal services
- reports on departmental priorities and performance
CEPP will track the overall progress of the Strategic Plan, and a yearly progress report will be provided to the Secretary of the Treasury Board.
On an ongoing basis, CEPP will:
- assess progress
- consider the Strategic Plan’s effectiveness
- align resources with priorities to get the intended results
Updates will be aligned with the new digital policy and strategy and the annual departmental IT planning cycle, and will be completed in September to allow departmental IT plans to reflect new directions.
Advised by CEPP, TBS will make adjustments where necessary to ensure that the Strategic Plan:
- remains relevant and aligned with government priorities
- addresses IM-IT issues
- keeps pace with the ever-changing digital landscape
- assigns appropriate accountabilities
By ensuring a strategic, whole-of-government approach to the GC’s information and technology investments, we will drive better service to Canadians, ensure that our networks and information are more secure, and deliver better value for money. We will enable the public service to deliver its best for Canadians.
Appendix A: Government of Canada IM-IT modernization priorities
The GC’s IM-IT modernization priorities are used in the GC departmental IT planning process to ensure departments are aligned with initiatives and spending at an enterprise level and to support prioritization of projects and activities across the GC through the ADM and DM CEPP.
Top priorities for departments in the 2018 to 2019 fiscal year
The priorities outlined in Table 6 will enable the shift to digital service delivery.
|Priority (lead)||Strategic actions||Overview|
|Stabilize legacy (SSC)||6, 35||Activities required to evergreen infrastructure and reduce risks related to aging IT, including email transformation.|
|Departmental application strategy and plan for data centre consolidation and cloud adoption (Departments and SSC)||4, 7||To support data centre consolidation and cloud adoption, departments require a strategy and plan to facilitate the transition of business applications from legacy data centres to new environments.|
|1, 2, 3||Implementation of enterprise service management processes and supporting tool set for consistency across departments and improved end-to-end service delivery.|
|11||The need for interoperability arises from the GC’s pursuit of achieving improvements in the management and cost of government operations and for a more transparent, accountable and responsive federal government. Expected outcomes resulting from improved interoperability include seamless information flow across jurisdictions, cost optimizations through reuse, increased responsiveness and agility, and improved reporting.|
|Migration to GC Identity, Credential and Access Management (ICAM) Service
|22||GC ICAM is a critical, foundational element of the overall GC Enterprise Security Architecture (ESA) Program. GC ICAM will provide a GC-wide solution that will decrease costs, enhance the experience and efficiency of end-users, improve the overall security posture of GC networks, systems and applications, and provide greater control of privacy. GC ICAM will be implemented in a phased, incremental approach over a number of years.|
|64, 75||Open government is about making government more accessible to everyone. This means giving greater access to government data and information to the Canadian public and the business community.|
|Priority (lead)||Strategic actions||Overview|
|Data centre consolidation
|4||SSC is in the process of establishing the GC’s future IT infrastructure: a cost-effective and robust IT backbone that will support the current and future needs of our partner departments. As we transform our infrastructure, SSC and partner departments will need to work together to migrate applications and workloads from the legacy environment to a new, modern and consolidated environment.|
|5||The GCNet WAN Services project will consolidate and modernize wide-area network services for SSC and its partners and clients to reduce costs, increase security, and enhance program delivery to Canadian citizens and businesses.|
|6||The Email Transformation Initiative will consolidate and modernize email services to reduce costs, increase security and enhance program delivery to Canadian citizens and businesses.|
|Preparation for Workplace Technology Device transformation
|41||TBS-CIOB will establish, publish and update a standard minimum software configuration for personal computers. The minimum standard will be based on an X86-64 bit and will include a minimum operating system configuration plus other software considered necessary for productivity, remote management and cybersecurity.|
|Adoption of managed GC HR system
(TBS-OCHRO (Office of the Chief Human Resources Officer))
|n/a||My GCHR (PeopleSoft) v9.1 has been designated as the standard for the GC people management system. My GCHR will be the one-stop solution for all HR administrative transactions.|
|Adoption of GCDOCS for document management
|56||GCDOCS is the GC official electronics document records management solution to support departments in their information management obligations for information life-cycle management. Within a GCDOCS enterprise repository, departments can collect, store, share, organize, manage and search content. GCDOCS enables document-centred collaboration while offering robust access controls through user and group administration rights.|
|Shared case management
|n/a||The goal of this initiative is to provide a common case-management solution to departments across the GC. This is a key initiative aligned with GC IT modernization strategies.|
|Financial management transformation
(TBS-OCG (Office of the Comptroller General))
|67||Financial management transformation will transform and modernize the financial management function to enable chief financial officers and the financial management function to provide higher-value services and advice to programs and decision makers, provide timely and accurate financial and resource management information across the GC, streamline financial services, and create an efficient and effective financial management systems environment.
The objective is to become best in class in terms of operational efficiency, business support effectiveness, and ability to provide increased value to the business decision makers and Canadians.
|Transformation of Pay Administration (TPA) Initiative
|n/a||The Pay Modernization Project replaced the government’s outdated pay system with Phoenix, a modern, commercial off-the-shelf solution that includes streamlined and modernized business processes. Phoenix provides increased automation and self-service, and seamless integration with the GC’s Human Resources Management System (GC HRMS, PeopleSoft). The focus will be to ensure that public servants are paid accurately and promptly for the highly valued work they do on behalf of Canadians and that the pay system is stabilized and able to perform within service standards.|
Appendix B: implementation roadmap
|Strategic actions||Status||Involved||Target completion|
|1. Develop IT service portfolios and catalogues||Yes||No||SSC, PSPC||2017|
|2. Report on key areas of IT system health performance||Yes||No||SSC, PSPC||2017|
|3. Implement enterprise IT service management tools||No||Yes||SSC, departments||TBD|
|48. Develop digital policy||Yes||No||TBS||2018|
|49. Identify and prioritize SSC essential services||Yes||No||SSC, TBS||2018|
|50. Establish SSC asset inventory and baseline||Yes||No||SSC||2019|
|7. Adopt cloud services||Yes||No||SSC, departments||TBD|
|8. Establish a cloud service broker||Yes||No||SSC||TBD|
|9. Offer public cloud services||Yes||No||SSC||TBD|
|10. Offer private cloud services||Yes||No||SSC||TBD|
|4. Complete data centre consolidation and modernization||Yes||No||SSC, departments||TBD|
|5. Complete telecom / network consolidation||Yes||No||SSC, departments||TBD|
|6. Reassess government email consolidation||Yes||No||SSC, departments||TBD|
|Information and data sharing|
|51. Determine the feasibility of developing a “tell us once” approach for government||No||Yes||TBS||TBD|
|11. Build a platform for enterprise interoperability||Yes||No||TBS, PSPC, SSC||2019|
|52. Introduce a strategy for use of open source software and open standards||No||Yes||TBS||TBD|
|12. Introduce a mobile application strategy and framework||No||Yes||TBS||TBD|
|53. Develop an API strategy||Yes||No||TBS||2018|
|13. Introduce a government API store||Yes||No||TBS||TBD|
|54. Enhance online infrastructure to enable departments to release their data and information||Yes||No||TBS, Open Data Exchange||TBD|
|55. Develop master data management program||No||Yes||TBS, departments||TBD|
|15. Advance analytics||No||Yes||TBS, SSC, departments||TBD|
|14. Implement a platform for external collaboration||Yes||No||TBS, SSC, PSPC, departments||TBD|
|56. Implement GCDOCS||Yes||No||TBS, PSPC, departments||2022|
|57. Migrate websites to Canada.ca and assess options for a single GC digital service platform||Yes||No||TBS, HC, CRA, IRCC, ECCC||TBD|
|Strategic actions||Status||Involved||Target completion|
|27. Establish enterprise IM-IT governance||Yes||No||TBS||2017|
|28. Develop methods to prioritize investments in legacy and transformation initiatives||Yes||No||TBS, SSC||2017|
|29. Document roles and responsibilities for IT and IT security||No||Yes||TBS||2017|
|58. Introduce stronger project oversight at the concept phase||No||Yes||TBS||2019|
|59. Establish data governance||No||Yes||TBS||TBD|
|Enterprise architecture alignment and practices|
|30. Evolve IM-IT management practices, processes and tools||Yes||No||TBS, departments||Ongoing|
|31. Develop enterprise architectures for business, information, applications and technology||Yes||No||TBS, functional communities||Ongoing|
|32. Adopt agile approaches to implementing business solutions||Yes||No||Departments||Ongoing|
|60. Standardize metadata||No||Yes||TBS, departments||TBD|
|61. Develop information and data valuation framework||No||Yes||TBS||TBD|
|62. Develop an information management performance framework||No||Yes||TBS||TBD|
|Agility and innovation|
|33. Lead innovation||No||Yes||Departments||TBD|
|34. Adopt modern and flexible business models||No||Yes||SSC, PSPC||TBD|
|63. Provide tools and resources to make innovative use of information and data||No||Yes||TBS||TBD|
|64. Shift culture and processes toward open by design||No||Yes||TBS, departments||2021|
|65. Establish a Digital Advisory Board||Yes||No||TBS||2018|
|66. Establish digital government principles||Yes||No||TBS||2018|
|67. Advance financial management transformation||Yes||No||TBS, departments||TBD|
|35. Ensure IT infrastructure sustainability||No||Yes||TBS, SSC||2019|
|36. Rationalize investments||No||Yes||TBS, SSC, departments||TBD|
|68. Develop process to balance infrastructure supply and demand||No||Yes||TBS, SSC, departments||2018|
|Strategic actions||Status||Involved||Target completion|
|Defence in depth|
|16. Secure the government’s network perimeter||No||Yes||TBS, SSC, CSE||TBD|
|17. Implement end-point security profiles||No||Yes||TBS, SSC, CSE, departments||TBD|
|18. Implement an enterprise approach to vulnerability and patch management||Yes||No||TBS, SSC, departments||2019|
|19. Manage and control administrative privileges||Yes||No||TBS, SSC, departments||2019|
|Trusted solutions and services|
|20. Protect web transactions to and from external-facing websites||Yes||No||TBS, SSC, departments||2018|
|21. Implement an improved cyber-authentication service||No||Yes||TBS, SSC||TBD|
|22. Implement a trusted digital identity for people accessing internal government networks and systems||Yes||No||TBS, SSC, departments||2018|
|23. Implement a secure communication service for classified information||No||Yes||TBS, CSE, SSC, departments||TBD|
|24. Implement enterprise data loss prevention||No||Yes||TBS, SSC, departments||TBD|
|Awareness and understanding|
|25. Enable comprehensive understanding of end-point devices||No||Yes||TBS, SSC, departments||TBD|
|26. Enhance awareness of enterprise cybersecurity threat and risk environment||No||Yes||TBS, CSE, departments||TBD|
|Strategic actions||Status||Involved||Target completion|
|39. Enable career development||Yes||No||TBS, departments, CSPS||Ongoing|
|40. Improve diversity||Yes||No||TBS, departments||2017|
|69. Strengthen recruitment||No||Yes||TBS, departments||TBD|
|70. Modernize information and data management profession||No||Yes||TBS||Ongoing|
|71. Develop information and data management training||No||Yes||TBS, CSPS||TBD|
|72. Strengthen leadership development||No||Yes||TBS||TBD|
|73. Lead targeted initiatives||No||Yes||TBS||TBD|
|41. Modernize workplace technology devices||Yes||No||TBS, SSC, departments||Ongoing|
|42. Support a mobile workforce||Yes||No||TBS, SSC, departments||2020|
|43. Provide Wi-Fi access||Yes||No||TBS, SSC, departments||2020|
|44. Provide desktop videoconferencing to employees||Yes||No||SSC, departments||2020|
|45. Implement managed print services||Yes||No||SSC, departments||Ongoing|
|74. Improve IM-IT accessibility||Yes||No||TBS, departments||TBD|
|46. Promote digital literacy and collaboration||No||Yes||TBS, departments||TBD|
|47. Advance digital collaboration||Yes||No||TBS, departments||Ongoing|
|75. Expand open government training and outreach||Yes||No||TBS, CSPS||2018|
Appendix C: key performance indicators
|Strategic actions||Key performance indicators|
|1. Develop IT service portfolios and catalogues||Published catalogues
Client satisfaction with service targets
Time lag to resolve a service target issue
|2. Report on key areas of IT system health performance||Client satisfaction|
|3. Implement enterprise IT service management tools||Number of departments and agencies using enterprise ITSM tools|
|48. Develop digital policy||New policy is published and in effect
Implementation milestones are identified
|49. Identify and prioritize SSC essential services||Prioritized list of SSC essential services is developed|
|50. Establish SSC asset inventory and baseline||SSC asset inventory and baseline are established|
|7. Adopt cloud services||Percentage of operational spending allocated to cloud computing services|
|8. Establish a cloud service broker||Client satisfaction|
|9. Offer public cloud services||Percentage of operational spending allocated to public cloud computing services|
|10. Offer private cloud services||Percentage of operational spending allocated to private cloud computing services|
|4. Complete data centre consolidation and modernization||Number of data centres|
|5. Complete telecom / network consolidation||Number of departmental wide-area networks|
|6. Complete government email consolidation||Number of departmental email systems|
|Information and data sharing|
|51. Determine the feasibility of developing a “tell us once” approach for government||Feasibility assessment is completed|
|11. Build a platform for enterprise interoperability||Number of departments / departmental systems connected to the interoperability platform|
|52. Introduce a strategy for use of open source software and open standards||Strategy for use of open source software and open standards is developed|
|12. Introduce a mobile application strategy and framework||Mobile application strategy and framework are developed|
|53. Develop an API strategy||API strategy is developed|
|13. Introduce a government API store||Client satisfaction|
|54. Enhance online infrastructure to enable departments to release their data and information||Number of examples of use of government data and information to support innovation or economic growth|
|55. Develop master data management program||Program is defined|
|15. Advance analytics||Enterprise analytics platform requirements are developed|
|14. Implement a platform for external collaboration||Client satisfaction|
|56. Implement GCDOCS||Number of departments onboarded|
|57. Migrate websites to Canada.ca and assess options for a single GC digital service platform||Percentage of content migrated for 4 target organizations
A strategy to set future direction is developed
|Strategic actions||Key performance indicators|
|27. Establish enterprise IM-IT governance||Percentage of departments adopting enterprise solutions|
|28. Develop methods to prioritize investments in legacy and transformation initiatives||Documented methodology
Number of IT and IT-enabled projects approved by CEPP
|29. Document roles and responsibilities for IT and IT security||Employee awareness of roles and responsibilities
Number of employees trained in IT and IT security awareness
|58. Introduce stronger project oversight at the concept phase||Oversight at the concept phase is established|
|59. Establish data governance||Governance principles are defined|
|Enterprise architecture alignment and practices|
|30. Evolve IM-IT management practices, processes and tools||Percentage of variance between budgets, forecasts and actual costs|
|31. Develop enterprise architectures for business, information, applications and technology||Percentage of IT budget assigned to enterprise architecture development and maintenance (concept cases in the 2018 to 2019 fiscal year)|
|32. Adopt agile approaches to implementing business solutions||Number of multi-departmental contracts being used|
|60. Standardize metadata||Metadata registry is developed|
|61. Develop information and data valuation framework||Pilot is complete and lessons learned documented toward broader adoption|
|62. Develop an information management performance framework||An information management performance framework is developed|
|Agility and innovation|
|33. Lead innovation||Number of projects underway in partnership with innovation hubs|
|34. Adopt modern and flexible business models||Cost-recovery business models adopted
Number of departmental IT plans with full costing (including SSC component)
|63. Provide tools and resources to make innovative use of information and data||A sandbox for developing and testing innovative use of information and data is available to departments and partners|
|64. Shift culture and processes toward open by design||Number of government-wide open government initiatives being implemented
Percentage of Government of Canada processes that are open by default
|65. Establish a Digital Advisory Board||A Digital Advisory Board is established|
|66. Establish digital government principles||Digital government principles are established|
|67. Advance financial management transformation||Policy instruments in support of GC financial management are developed|
|35. Ensure IT infrastructure sustainability||Sustainable funding model in place|
|36. Rationalize investments||Number of at-risk applications retired
Application evergreen plans in place
Number of projects aimed at implementing common enterprise solutions
|68. Develop process to balance infrastructure supply and demand||A framework allowing departments to access alternate service options is developed|
|Strategic actions||Key performance indicators|
|Defence in depth|
|16. Secure the government’s network perimeter||Percentage of departments and agencies migrated to SSC-managed gateways
Percentage of external partners using GC trusted interconnection points
|17. Implement end-point security profiles||Percent increase in devices using end-point security profiles
Number of incidents related to devices using end-point security profiles
|18. Implement an enterprise approach to vulnerability and patch management||Percentage of GC IT systems with critical vulnerabilities|
|19. Manage and control administrative privileges||Number of inactive or unauthorized privileged accounts
Percentage of privileged accounts configured for strong authentication
|Trusted solutions and services|
|20. Protect web transactions to and from external-facing websites||Percentage of external-facing websites and services that are accessible only through a secure connection ("HTTPS only")
Percentage of internal websites and services that are accessible through a secure connection ("HTTPS only")
|21. Implement an improved cyber-authentication service||Contract awarded for evolved cyber-authentication solution
Number of new services signed on to enterprise cyber-authentication service
|22. Implement a trusted digital identity for people accessing internal government networks and systems||Percentage of GC workers with GCPass accounts
Percent increase in GCPass authentication transactions
|23. Implement a secure communication service for classified information||Percentage of users (within departments that have implemented this service) that have access to the service
Number of departments and agencies using the common enterprise-wide secret network service
Reduction in number of discrete departmental secret networks
|24. Implement enterprise data loss prevention||Reduced number of incidents (involving unauthorized disclosures of sensitive data, accidental or intentional)|
|Awareness and understanding|
|25. Enable comprehensive understanding of end-point devices||Average incident resolution time (decreased)
Percent of end-point devices covered by the service
|26. Enhance awareness of enterprise cybersecurity threat and risk environment||Percentage of information systems monitored and tracked within the service|
|Strategic actions||Key performance indicators|
|39. Enable career development||Percentage of core public administration CSs with learning plans
Number of departments using IT community generics (CIO suite)
|40. Improve diversity||Number of women occupying positions in the CS occupational group (comparison over time)
Percentage of departments that have a strategy to promote gender parity
|69. Strengthen recruitment||Recruitment campaign is developed
Number of outreach activities to post-secondary institutions
Number of onboarding tools and initiatives developed to improve integration of new recruits
Partially assessed CS inventory is developed
|70. Modernize information and data management profession||Generic job descriptions, competency profiles, and organizational structures for information and data management professionals are developed, used GC-wide, and maintained evergreen|
|71. Develop information and data management training||Learning and training opportunities for information and data professionals are developed, tested, made available, and assessed for relevancy to support the business, and maintained evergreen|
|72. Strengthen leadership development||Number of CS employees with a talent management plan
Number of departments with a succession plan
System for tracking IM-IT leadership across the enterprise is developed
|73. Lead targeted initiatives||Number of resourcing actions completed through the talent cloud|
|41. Modernize workplace technology devices||Enterprise standards and processes for life-cycle management are established
Compliance with standards
|42. Support a mobile workforce||A mobility strategy for the GC is developed
Percentage of public service employees with mobile work devices
|43. Provide Wi-Fi access||Percentage of public service employees with access to Wi-Fi
Number of wireless access points (WAPs) installed
|44. Provide desktop videoconferencing to employees||Number of usage minutes by end-point|
|45. Implement managed print services||Number of departments at 8:1 average ratio of office employees to printing units|
|74. Improve IM-IT accessibility||Number of targeted initiatives underway|
|46. Promote digital literacy and collaboration||Number of GCTools Ambassadors by department
Number of GCTools information sessions offered and the number of participants per session
Data literacy engagement and awareness initiatives are underway
|47. Advance digital collaboration||Percentage of public servants registered on GCTools|
|75. Expand open government training and outreach||Number of employees participating in open government learning opportunities
Percentage of departments or agencies sending employees to open government learning opportunities
Appendix D: roles and responsibilities
The Government of Canada is made up of over 100 organizations that deliver a broad range of programs and services to individuals and businesses in Canada and abroad. Its programs and services are categorized into 4 spending areas:
- economic affairs
- social affairs
- international affairs
- government affairs
IM-IT supports the government in delivering these external-facing programs and services.
The Secretary of the Treasury Board sets government-wide strategic direction for IM-IT, with input from departments’ deputy heads, CIOs, information management senior officials and other stakeholders. The responsibility for delivering IM-IT services is shared between government departments and central service providers such as Shared Services Canada and Public Services and Procurement Canada.
Shared Services Canada (SSC) has the mandate to provide data centres, networks and email services to the largest government departments. Smaller government departments receive these services on an optional basis. SSC, Communications Security Establishment Canada, and Public Safety Canada have a shared responsibility for cybersecurity, with oversight provided by TBS. In addition, SSC is responsible for procuring hardware and software, including security software for workplace technology devices (the authorized physical devices and related software used in government office work). Departments are responsible for workplace technology device deployment, support and asset life-cycle management. SSC spends $2 billion annually on the services it provides, portions of which it cost-recovers from federal departments.
Public Services and Procurement Canada (PSPC) provides IM-IT services supporting back office services such as:
- human resource management systems
- pay and pension
- enterprise records and document management
- financial systems and services
SSC and PSPC jointly support federal departments in procuring IM-IT goods and services.
The Treasury Board of Canada Secretariat, supported by the Chief Information Officer Branch, develops strategy and sets government-wide policy and mandatory requirements for IM, IT and cybersecurity, and provides guidance on implementing the direction through policy implementation notices.
Appendix E: definitions
- information management
- A discipline that directs and supports effective and efficient management of information in an organization, from planning and systems development to disposal or long-term preservation. Source: Policy Framework for Information and Technology
- information technology
- Includes any equipment or system that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. It includes all matters concerned with the design, development, installation and implementation of information systems and applications to meet business requirements. Source: Policy Framework for Information and Technology
Appendix F: draft digital principles
- Understand users and their needs
Start with user needs and build for them, and with them. Conduct ongoing testing with users. Do the hard work so that they don’t have to.
- Iterate and improve frequently
Develop in an agile manner using alpha, beta and live phases. Test end-to-end and continuously improve in response to user feedback. Test early and often.
- Build the right team
Create and empower multidisciplinary teams, linking policy with delivery.
- Build a service-oriented culture
Lead and implement a team and departmental culture focussed on users.
- Work in the open
Share and collaborate in the open, plan to make data open from the start.
- Integrate proportionate security and privacy from the outset
Consider business context. Manage risks.
- Build in an open and interoperable way
Give equal consideration for open source. Use open standards. Build in an interoperable and reusable way.
- Use the right tools for the job
Use common government solutions and platforms. Build cloud first.
- Design and deliver transparent and ethical services
Be open and transparent in the use of automated systems and comply with ethical guidelines.
- Be inclusive and provide support for those who need it
Build in inclusiveness, official languages and accessibility by design.
- Know your data
Manage data in line with standards. Implement analytical tools and use the data you collect.
- Be accountable to Canadians
Define user-centred performance metrics. Publish real time data.
- Develop open and innovative partnerships
Recognize that an organization can't have all the best ideas. Create partnerships and collaborate.
- Spend money wisely
Enter into sensible contracts and comply with procurement standards.
© Her Majesty the Queen in Right of Canada, represented by the President of the Treasury Board, 2017,
Report a problem or mistake on this page
- Date modified: