Digital Operations Strategic Plan: 2021–2024

Develop digital policy

Changes to IM and IT policies will serve as the foundation of ongoing work to develop a new digital policy. The new policy will integrate and evolve Treasury Board policies on service, IT, IM and elements of cybersecurity into a policy that better reflects the current operational environment of departments and drives more transformational change toward a digital government.

Closed

Introduction of the Policy on Service and Digital and its associated directives were published in July 2019 and came into force on April 1, 2020.

Promoting user‑focused design

To promote the digital standard of “Design with users,” the Treasury Board of Canada Secretariat (TBS) will work with government user experience practitioners to identify and address administrative barriers to user research, provide guidance on user research practices, and encourage departments to adopt user research methods and activities as a key component of designing and building services, programs and operations.

Closed

TBS introduced the GC Digital Standards (September 2018), as well as the mandatory requirements for GC Architectural standards (December 2018), which formalize the principles that must be adhered to.

Service standards and real‑time performance reporting

The current Treasury Board Policy on Service has a requirement that priority services have service standards and real‑time reporting on the performance of services, and the Government of Canada Service Strategy has identified this as an area of continued focus. In the context of the digital policy, consideration is being given to expanding these requirements to cover most or all services.

Departments must aim to have meaningful service standards and real‑time performance reporting in place for priority services as soon as possible and should consider establishing different types of service standards to monitor access, accuracy and timeliness for their full range of services.

Carry forward

This work is further reflected in strategic pillar 2 (2.1. Improve the service experience of all clients) of the 2021–2024 DOSP.

Real‑time service application statuses

In the Policy on Service, there is a requirement for departments to develop real‑time application status update systems for priority services by November 2017, and the Government of Canada Service Strategy has identified this as an area of continued focus. In the context of the digital policy, consideration is being given to expanding these requirements to cover most or all services.

Nevertheless, CIOs and departments and agencies should aim make this functionality available to users.

Carry forward

TBS will work with departments and agencies to meet these requirements. This work is reflected in strategic pillar 2 (2.1. Improve the service experience of all clients) of the 2021–2024 DOSP.

Develop a OneGC Platform Strategy

OneGC Platform is the Omni Channel Digital Strategy for the GC, in which services and technology solutions are designed to be user‑centric and interoperable. Omni channel can be defined as a fully synchronized operating model in which the government’s service channels present as a single presence to the citizen on any platform, through any device and with any partner.

TBS will provide leadership and central coordination for OneGC Platform, including working with partners within and outside the government.

Carry forward

This work is reflected in strategic pillar 2 (2.3. Build and use secure common solutions for digital service delivery) of the 2021–2024 DOSP.

Horizontal review on information sharing

From 2018 to 2020, TBS and key service delivery departments will build on this initial feasibility study and undertake a horizontal review on information‑sharing and privacy. This will identify barriers to information‑sharing and make recommendations on how to eliminate roadblocks to “tell us once” government services while strengthening privacy oversight. This review will set the foundation for recommendations and potential policy changes in the future.

Closed

TBS OCIO completed this work in 2019, with proposals provided.

Shift culture and processes toward open by design

To achieve the vision of a more transparent, accountable and responsive government, an “open government” lens needs to increasingly be applied to new or renewed program and service design and at all stages of policy and program development and implementation.

The long‑term goal is to transform the work processes and culture of the public service to one where programs, services and information are open by design. TBS will lead work that includes designing new processes, protocols and standards to enable and facilitate the proactive release of government data and information by default.

The government will continue with Phase 2 of the Open‑by‑Default project, where we will improve the process of releasing unclassified working documents to the public.

Closed

TBS continues to lead work that includes designing new processes, protocols and standards to enable and facilitate the proactive release of government data and information by default.

2018 to 2020 Open Government Action Plan

As part of its Open Government Partnership membership, Canada expects to release the 2018 to 2020 National Action Plan on Open Government in fall 2018. The draft plan includes 10 commitments on topics ranging from digital government and services, to open science, to reconciliation and open government. These actions will supplement this strategic plan.

Carry forward

The National Action Plan on Open Government (https://open.canada.ca/en/content/canadas-2018-2020-national-action-plan-open-government) was published December 2018. Due to the COVID‑19 pandemic, the Open Government Partnership has extended the implementation of the plan to 2021.

Access to Information portal

A new Access to Information and Privacy Online Request Service portal was launched on October 10, 2018. This portal, designed through user testing, uses artificial intelligence to enable requesters to search for summaries of previously released access to information requests and help requesters identify which institutions would likely hold the information they seek. It also allows for electronic payments and electronic transfer of the request to federal institutions. The solution will continue to be iterated through additional user testing, and institutions will continue to be phased in until all institutions (more than 260 of them) subject to the Access to Information Act and the Privacy Act are receiving requests through this service.

To reduce the administrative burden on federal institutions and to improve service to Canadians, efforts are currently underway to digitize the end‑to‑end access to information and personal information requests by 2021.

Closed

TBS deployed a new Access to Information and Privacy Online Request Service portal on October 10, 2018.

A Public Service Accessibility Strategy and Action Plan

A Public Service Accessibility Strategy and Action Plan will be released in 2019 to guide efforts to remove barriers to accessing government information and services, and to ensure that all public service employees with disabilities have the tools and support they need to contribute to their full potential. This strategy and action plan will explore what guidelines, training and tools on accessibility by design are needed to ensure that the public service has the expertise and awareness to promote accessible government.

Closed

In June 2019, the Office of the Public Service Accessibility published “Nothing without us: An accessibility strategy for the Public Service of Canada” to remove barriers to accessing government information and services, and to ensure that all public service employees with disabilities have the tools and support they need to contribute to their full potential.

Incorporate digital principles into operations, programs and service design

In 2018, TBS developed a set of digital standards to guide digital development in the Government of Canada based on international best practices. These principles will guide and shape how government information, technology and service delivery will be managed in a new digital ecosystem. These principles will need to be built into policy, operations and program development, including building accessibility by design, privacy by design, designing with users and working in the open. TBS will be working on socializing these standards across government, and departments should begin to use them to guide their policy, operations and service design work.

Closed

In September 2018, TBS developed a set of digital standards to guide digital development in the GC based on international best practices.

These principles guide and shape how government information, technology and service delivery will be managed in a new digital ecosystem.

Improving Canada.ca content through targeted user‑based initiatives

The TBS Digital Transformation Office is working on projects with federal departments to make it easier for people to find and understand Government of Canada information and services on Canada.ca.

For each project, the office co‑creates prototypes, sets concrete usability targets and runs usability tests with Canadians, trying to improve to address specific questions that people have about specific Government of Canada services. For a prototype to launch, it must make it at least 20% easier for people to get the right answer.

Closed

Closed as an ongoing activity.

Better management of mobile applications

As part of the overall web strategy, it was announced in the 2017 to 2021 GC IM‑IT Strategic Plan that the government will develop a strategy and framework for the development and management of mobile applications that are easy to use and trusted, with an approval process. Approved Government of Canada mobile applications will be identified on Canada.ca and available through application stores.

Before creating a downloadable mobile application, departments should develop clear use cases and determine whether more accessible options will achieve their desired results.

Carry forward

Departments should develop clear use cases and determine whether more accessible options will achieve their desired results. This work is reflected in strategic pillar (3.3. Deploy modern and accessible workplace tools and devices) of the 2021–2024 DOSP.

Compatibility with personal voice assistants

The government is working to make government information easier for personal assistants to search so that these devices could serve as a window to access services in the future.

Consistent with the government’s policy approach on optimizing for mobile devices, government interfaces through personal voice assistants should be an optional information channel that complements, rather than replaces, other information channels for those that opt into these third‑party platforms.

Closed

In line with the GC Digital Standards (September 2018) requirement to build in accessibility from the start:

• services should meet or exceed accessibility standards
• users with distinct needs should be engaged from the outset to ensure that what is delivered will work for everyone

Implement enterprise IT service management tools

IT service management (ITSM) refers to an organization’s planning, delivery, operations and control of IT services offered to clients. Departments traditionally have implemented their own ITSM tools. Such tools are expensive to implement and maintain, and the diversity of tools affects overall ITSM efficiencies. Moreover, service request and trouble tickets do not flow easily within and between departments and tool sets.

SSC will put in place enterprise ITSM tools and make them available to all departments. Doing so will bring consistency to the practice of ITSM and, more importantly, reduce the cost and delays of fulfilling service requests.

Carry forward

In March 2020, SSC received GC EARB endorsement of the projects next steps. The targeted completion is August 2022. This work is reflected in strategic pillar (Implement enterprise) of the Digital Operations Strategy 2021–2024.

Workload migration and cloud adoption

Given the risks posed by aging data centres, TBS and Shared Services Canada (SSC) are leading the Workload Migration initiative, working with departments and agencies to migrate their applications from legacy data centres to new infrastructure in either enterprise data centres or cloud services.

Carry forward

This work is reflected in strategic pillar 1 (1.1. Strengthen the overall health of the government’s application portfolio) of the 2021–2024 DOSP.

Complete telecom and network consolidation

To streamline and modernize the government’s network infrastructure and services, SSC will eliminate unused phone lines and migrate departments from outdated and costly legacy phone systems to wireless devices and VoIP (voice over Internet protocol) service.

SSC will also work with departments to:

• consolidate the 50 existing SSC partner wide‑area networks into a single enterprise network
• establish shared network infrastructure in office buildings that house multiple departments
• secure and reduce the number of connections to the Internet

Carry forward

SSC will work with departments to:

• consolidate the 50 existing SSC partner wide‑area networks into a single enterprise network
• establish shared network infrastructure in office buildings that house multiple departments
• secure and reduce the number of connections to the Internet

This work is reflected in strategic pillar 1 (1.2. Provide modern, reliable and secure networks and infrastructure) of the 2021–2024 DOSP.

Ensure IT infrastructure sustainability

A sustainable funding model must take into account the regular renewal cycle of IT infrastructure assets and the appropriate level of investment. TBS and SSC will explore alternative financial and service delivery models to address IT renewal.

Budget 2018 announced significant funding over 6 years to improve the management and provision of IT infrastructure for the Government of Canada. A revised funding model will complement these new investments, with a goal of ensuring that a clear and predictable funding source is available for both existing and new IT infrastructure requirements.

Closed

The evolution of an enterprise approach for delivering digital services while improving the user experience by consolidating, modernizing and standardizing networks, tools and services as addressed by SSC 3.0.

Establish SSC asset inventory and baseline

SSC will create an inventory of assets to establish a baseline that can be used to inform prioritization discussions at the Committee on Enterprise Priorities and Planning (CEPP) and ensure that work is focused in the most important areas, such as evergreening and managing organic growth.

Carry forward

This work is reflected in strategic pillar 3 (3.3. Deploy modern and accessible tools and devices) of the 2021–2024 DOSP.

Network connectivity

The government requires a diverse network landscape to deliver on its digital government vision. To begin, high‑performing Internet service is required to enable citizens’ interactions with their government through multiple channels, as well as public servants’ use of digital, telepresence and cloud‑based tools. In this way, reliable and responsive networks will be the highway upon which the government’s data travels.

In parallel, the government will continue to support special purpose networks, such as the Government of Canada’s secret network and science network.

Dedicated, reliable network connections to cloud service providers are also a prerequisite to government cloud adoption at an enterprise scale, ensuring CIOs can fulfill their cloud‑first policy requirement. This diverse landscape of networks will continue to evolve as data volumes increase and locations of data change over time.

Carry forward

This work is reflected in strategic pillar 1 (1.2. Provide modern, reliable and secure networks and infrastructure) of the 2021–2024 DOSP.

Secure the government’s evolving perimeter

Although the Internet is a game changer in how the public service accesses and shares information, it also brings considerable risk. Malicious software (malware) can compromise any number of these platforms and seriously impact digital systems and disrupt government operations. As the government adopts alternate service delivery models such as public cloud and hybrid clouds, it must continue to provide a secure, reliable and interoperable service delivery environment for internal services and business applications that are hosted in cloud‑based environments. At the same time, the government must continue to protect against cyberthreats at critical ingress and egress points on the government enterprise network, both on premises and in the cloud.

The government has implemented world‑class monitoring services and defensive measures at its network perimeter through SSC‑managed gateways. To address risks to its network, the government is standardizing protection and creating a secure, government‑wide perimeter that will protect government data both on premises and in the cloud.

TBS, the Communications Security Establishment (CSE) and SSC are establishing additional trusted interconnection points between the government network and external partners to:

• provide standardized and secure connectivity with external partners and the Internet
• act as a gateway to cloud services
• protect cloud‑based workloads from direct attacks from the Internet

Departments that do not currently use SSC Internet services will be migrated to the SSC‑managed enterprise network and will use SSC Internet services exclusively.

These actions will reduce the risk of rogue, ad hoc or unauthorized connections to and from the government’s networks. They will also enhance the government’s ability to monitor data that crosses the government perimeter and ensure maximum protection of government information assets. In addition, with government workloads now shifted to the cloud, the government must adapt its approach to securing this evolving perimeter, including applying an information‑centric approach. By establishing a risk‑based adaptive service that protects the information systems and data processed and stored in cloud‑based government digital services, the government will fulfill its cloud‑first policy requirement while maintaining continuous awareness of the cyberthreat landscape.

Carry forward

Departments that do not currently use SSC Internet services will be migrated to the SSC‑managed enterprise network and will use SSC Internet services exclusively.

Implement endpoint security profiles

Malicious parties frequently seek out exposed or misconfigured public‑facing services or equipment to gain access to IT systems and information. Endpoint devices such as laptop computers, tablets, mobile and portable devices, and servers provide a doorway for such threats. Malware, rootkits (software tools to gain control of a system) and phishing can lead to the loss and compromise of government data, including personal information. Operating systems and applications that use default configuration settings typically include unnecessary components, services and options. These default settings are well known and easily discovered using automated tools.

In the enterprise context, weaknesses and misconfigurations in an organization’s systems could be exploited and expose organizations to unnecessary risk. The goal of this initiative is to evolve endpoints to be more resistant to attack and reduce security incidents due to insecure endpoints. As successful attacks cannot be realistically eliminated, an associated goal is to limit the damage that can occur when an attack succeeds. In addition to establishing administrative processes and tools to proactively quarantine threats when identified, making the government’s endpoint devices more resistant to attacks is key to securing the government enterprise.

Recognizing the risk posed by misconfigured endpoint devices, SSC, in consultation with TBS and CSE, will develop endpoint device profiles, for use by departments and agencies. These standardized profiles will be based on security best practices and will represent securely configured operating systems and applications. The profiles will be validated and refreshed regularly to update their security configuration. Additional security controls, such as host‑based intrusion prevention and application whitelisting (a computer administrative practice used to prevent unauthorized programs from running) and user agents to facilitate data‑sharing will be implemented to further ensure the integrity of systems and information.

Carry forward

This work is reflected in strategic pillar 1 (1.2. Provide modern, reliable and secure networks and infrastructure) of the 2021–2024 DOSP.

Implement an enterprise approach to vulnerability and patch management

The government must ensure that vulnerabilities are identified and remediated quickly to minimize the risk of intrusion and potential loss. Failing to promptly apply security‑related patches and updates can result in exposed vulnerabilities and may lead to serious security incidents. Applying patches to operating systems, applications and devices is a critical activity in ensuring the security of systems, maintaining trust in connected assets, and reducing the government’s attack surface. Good configuration management practices include patch management and will alleviate one of the leading causes of security issues in large enterprises.

TBS and SSC will implement an enterprise‑wide vulnerability and patch management capability to systematically detect and remediate vulnerabilities. Departments will:

• implement these tools and processes
• meet standard timelines for remediation
• ensure quick response times for emergency or critical patch deployment

Closed

Closed as an ongoing activity.

Manage and control administrative privileges

Departments also need to manage internal risks to the security of their IM and IT environments. Privileged accounts (such as those of local or domain administrators and those of other users who have elevated access) are the most powerful accounts in any organization and are therefore appealing targets for attackers.

TBS, SSC and departments will work together to minimize the misuse of any account that has elevated privileges, either malicious or accidental. They will implement tools and processes to ensure that all privileged accounts are managed, controlled and monitored properly, and have strong authentication mechanisms (for example, multi‑factor authentication).

Departments will also implement measures to manage and control the life cycle of and access to privileged accounts, including:

• privileged account management processes and technologies
• audits and reviews to confirm validity of privileges
• continuous monitoring to look for uncharacteristic behaviour

Closed

As per the Digital Hygiene Status Report, tools and processes have been implemented to ensure that all privileged accounts are managed, controlled and monitored properly, and have strong authentication mechanisms (for example, multi‑factor authentication).

Departments have measures to manage and control the life cycle of and access to privileged accounts, including:

• privileged account management processes and technologies

• audits and reviews to confirm validity of privileges

• continuous monitoring to look for uncharacteristic behaviour.

Protect transactions to and from external‑facing digital services

As more Canadians interface electronically with the government, the amount of sensitive information transferred to and from government services will increase. To maintain maximum trust in online transactions, the government must protect them.

Implementing secure protocols by default, such as HTTPS, DNSSEC and DMARC, along with approved encryption algorithms, increases the level of confidence that users are accessing a legitimate service and that their communications remain private and free from interference while offering a level of security and privacy that users expect from government services.

TBS has established an “HTTPS everywhere” standard that requires departments to use the HTTPS protocol for all external, publicly accessible websites and web services and will continue to monitor departments’ progress in implementing the standard. TBS will continue to develop guidance to ensure that web services that serve primarily non‑browser clients, such as APIs, are also configured with HTTPS by default.

Closed

Closed as an ongoing activity.

TBS has established an “HTTPS everywhere” standard that requires departments to use the HTTPS protocol for all external, publicly accessible websites and web services and will continue to monitor departments’ progress in implementing the standard. TBS will continue to develop guidance to ensure that web services that serve primarily non‑browser clients, such as APIs, are also configured with HTTPS by default.

Implement a trusted digital identity for public‑facing services

A trusted digital identity system is fundamental and a key enabler to seamless and frictionless security, in digital systems. Today, Canadians and the general public can securely access Government of Canada online services by signing in with an online banking credential (such as username and password) from Canadian financial institutions through the Credential Broker Service, or they can use the Government of Canada–branded credential service, known as GCKey.

The existing cyberauthentication service is evolving and has been rebranded as Sign-In Canada. Building on the existing solution and maintaining an enterprise approach, TBS and SSC are developing a renewed cyber-authentication service. The goal is to enable the service to accept trusted digital identities from provincial and territorial governments in addition to credentials provided by the private sector. The service is designed to be cost-effective, secure and convenient for users, meet current business needs, and support enhanced functionality required for future federated identity and digital service delivery initiatives.

By adopting approved trusted digital identity frameworks, the government will establish a common approach that will facilitate connections with various levels of government across Canada. Using open standards will increase usability and improve interoperability of private sector credentials and internationally accepted trusted digital identities within a larger standards-based digital identity ecosystem. In developing public-facing digital services that require authentication, departments will use this common enterprise solution.

Carry forward

This work is reflected in strategic pillar 2 (2.3. Build and use secure common solutions for digital service delivery) of the 2021–2024 DOSP.

Implement an internal authentication service for government workers

The intended outcomes for internal identity, credential and access management include:

• reduced costs while increasing integrity of business processes for establishing the identity of government workers
• promotion of interoperability
• improved end-user experience by reducing the need for multiple user IDs and passwords

Under TBS’s leadership, SSC will implement an internal identity and credential management service tailored to the level of assurance required for particular business processes. For example, a unique digital identity will be needed to authenticate employees, contractors, trusted guests and any other authorized users who access internal government networks and systems.

Departments will migrate applications to this enterprise service when their applications are upgraded as part of regular life-cycle maintenance of assets and will ensure that new applications integrate with this enterprise service when implemented.

Carry forward

This work is reflected in strategic pillar 2 (2.3. Build and use secure common solutions for digital service delivery) of the 2021–2024 DOSP.

Implement an enterprise secure communication service for classified information

Every day, departments create, store and process classified information. Failure to protect this information could lead to:

• national security risks
• economic losses
• loss of government credibility

Although several special environments allow some departments to safely share classified information, there is no common solution implemented government-wide.

Established by SSC, under the strategic direction of TBS and supported by CSE, the Government of Canada Secret Infrastructure (GCSI) will implement a single, common and integrated enterprise-wide secret-level network to enable classified data to be securely transmitted, stored and processed across departments. Departments will leverage this service to ensure that classified information is managed accordingly.

Classified voice and mobile capabilities will also be implemented for users who need to regularly discuss classified information.

Closed

The GC Secret Infrastructure (GCSI) has been implemented to provide a single, common and integrated enterprise-wide secret-level network.

This is helping enable classified data to be securely transmitted, stored and processed across departments.

Improve enterprise data‑loss prevention

As the government becomes more open by default, it must ensure that sensitive and protected information is not disclosed inadvertently. Preventing the unauthorized transfer or release of sensitive information involves first identifying sensitive data and then protecting it through adequate encryption and access controls. Unauthorized data flows and operations must be monitored, detected and blocked.

TBS has established a framework to support an enterprise approach to data loss prevention that relies on an information life cycle and IM solutions. SSC, with departments, will implement the framework to minimize the risk of unauthorized disclosure and inadvertent leakage of that sensitive government data.

Closed

Closed as an ongoing activity.

Enable comprehensive understanding of endpoint devices

Shifting from a traditional network-centric approach to one that focuses on protecting its information throughout the government and beyond increases the required trust level of the components in the system used to access the information. Understanding user behaviour and the set of assets that underpin a digital environment is essential to knowing what to protect and enables the government to be more proactive and efficient when responding to threats and attacks. Asset and configuration management are key elements of ensuring system security. The government must be able to proactively and accurately determine and monitor:

• the existence and status of all endpoint devices
• what is running on them
• who is accessing them

Ensuring that endpoint devices (for example, desktop, laptop, tablet and mobile devices) that pose a risk to the enterprise can be identified allows the government to be more effective when responding to threats and attacks. Understanding the landscape requires an understanding of the assets in the government environment. Supporting mechanisms that automate the gathering and analysis of the inventory of assets are critical to ensuring service efficiency amid a growing set of connectable devices, both controlled and not controlled.

Under TBS’s leadership, SSC and other departments will acquire and implement tools and processes to enable a real‑time, enterprise view of the current status and configuration of government endpoint devices. Such information includes:

• hardware and software versions
• operating system versions
• patch installations

Carry forward

The execution of this will be shared with the asset inventory (number 19) and Implement endpoint security profiles (number 22).

Enhance awareness of enterprise cyberthreat and risk environment

Departments are accountable for managing cyber‑risks to their particular program areas. However, as the government adopts an enterprise approach and programs and services become more integrated, it will be imperative that cyber‑risks also be managed at the enterprise level.

Key to effectively managing enterprise‑wide risk is understanding the changing cyberthreat landscape (for example, who is trying to exploit government networks and systems, by what means and for what purpose). A better understanding of the threat environments allows organizations to take a risk‑based approach and focus cybersecurity efforts and resources rather than attempt to protect against all possible threats.

Departments indicate a strong desire for a more proactive approach for government cybersecurity that emphasizes research and innovation in order to keep pace with emerging threats, technologies and trends. Departments have a strong desire to work cooperatively to:

• improve the government’s security environment
• reduce barriers to collaboration and sharing of information

TBS is establishing a centralized capability to conduct governance, risk and compliance management activities in order to gain a holistic picture of cyber‑related business risks in the government. This capability pulls together data from multiple sources, for example, threat assessments, risk registers, investment plans, audit results and critical asset listings, to feed a consolidated enterprise view of cyber‑risks.

TBS and CSE will work, with support from SSC, and in collaboration with departments, to establish holistic data sharing across all boundaries and levels of IT security within the government, which is essential to ensuring full awareness of activity on the growing and increasing attack surface.

Further, continuous monitoring of the cyberthreat and risk landscape will inform decision‑making and influence how corrective actions are prioritized across the enterprise to ensure maximum protection of government assets. Automated information‑sharing will ensure that the information that security operations teams require is provided on an ongoing and consistent basis, in a timely manner, from both vertical and horizontal sources, within and from outside the government. Ultimately, comprehensive awareness and understanding of the business technology environment require establishing a collaborative information‑sharing culture.

Carry forward

This work is reflected in strategic pillar 4 (4.2. Build a workforce for digital‑first delivery) of the 2021–2024 DOSP.

Document roles and responsibilities for IT and IT security

Departments have a role in managing and delivering IT. TBS will work to elaborate and document the roles and responsibilities of departments, SSC, Public Services and Procurement Canada (PSPC) and central agencies for delivering IT services and implementing the government’s digital Strategic Plan so that roles and responsibilities are clearly defined, communicated and executed. They will be clarified through the new digital policy. TBS will also continue to provide clear direction to departments on IT security roles and responsibilities, including security‑control objectives and other security‑related requirements.

Closed

The role of departments in managing and delivering IT is now included in the Policy on Service and Digital.

Improve insider threat protection

Although external threats to the government pose a great risk to the disruption of services and unauthorized disclosure of government information, threats also exist within the government. With its responsibility for maintaining large amounts of sensitive data, the government needs to minimize the risk of unauthorized disclosure.

Those with access to internal networks are often identified as a primary target for external attackers. As a means of compromising networks, external attackers are willing to engage in more forceful behaviour such as bribing key support and maintenance staff to attack IT assets from within government networks and information systems. Yet, organizations are much more likely to have an accidental breach as a result of employees’ activity than they are to have a malicious one by an outside actor. The vast majority of breaches occur as a result of compromised user credentials through social engineering, which can be largely mitigated through proper training. Balancing the government direction of “open by default” with the security requirements of compartmentalized information, access controls will be designed to take into account role‑based access and limit the exposure to information loss.

Security screening practices must provide reasonable assurance that individuals can be trusted to safeguard government information, assets and facilities, and to reliably fulfill their duties. TBS will improve how security screening information is shared across departments.

Closed

Security screening practices provide reasonable assurance that individuals can be trusted to safeguard government information, assets and facilities, and to reliably fulfill their duties. TBS has improved how security screening information is shared across departments.

Improve secure application development

Ensuring that software is doing what it is supposed to securely and resiliently is a key aspect in the protection of sensitive information. Software applications are rarely defect‑free, and many common defects can be readily exploited by unauthorized parties. Pilots and iterative development should seek to identify potential security issues during development and testing phases because the cost of removing defects and security flaws can be substantially higher after deployment government‑wide.

Applications that store, process, handle or have network access to sensitive information should be developed with security in mind from the start. Improving software security practices will help the government to reduce vulnerabilities and maximize the usability of applications while maintaining security in the development phase. Iterative development methods (such as agile development) require a well‑integrated security discipline to build or update software functionality, analyze software security risk, test for security vulnerabilities and address security‑related defects.

To support the delivery of a consistent approach to security across the government, TBS will establish an application security framework to enable a developer‑centred security approach by integrating security in application development practices. Guidance on best practices to support secure coding practices that consider security testing and reviews, incorporated into each phase of the software development life cycle to help mitigate risks of vulnerabilities in application software, will provide assurance that the government’s digital services are operating as intended. Departments will apply the framework when developing and implementing digital services.

Carry forward

This work is reflected in strategic pillar 3 (3.2. Plan and govern for the sustainable and integrated management of service, information, data, IT and cybersecurity) of the 2021–2024 DOSP.

Establish a government vulnerability disclosure framework

The government is underpinned by expansive and complex IT systems that are connecting to the Internet at an increasing rate. Numerous software programs and applications support the government in providing programs and services; thus, it is essential to ensure that the software used by the government can be trusted. However, vulnerabilities and bugs are constantly being discovered in software programs that, if exploited, could put government networks and information at risk of compromise. At times, vulnerabilities may also be identified by parties outside the government.

TBS, in collaboration with CSE, will establish a framework that will provide the roadmap for the development of a strong responsible disclosure program to help the government find out about and address risks quickly in order to assist in the protection of digital services. Departments will adopt the framework and ensure alignment with existing departmental cyber and IT security event management plans.

Closed

TBS, in collaboration with CCCS, has established a framework that will provide the roadmap for the development of a strong responsible disclosure program.

Evolve cyber event management plans

Cybersecurity events related to government information systems can have a significant impact on the delivery of government programs and services to Canadians and, consequently, confidence in government. The ability to respond to cybersecurity events in a consistent, coordinated and timely manner across the government is essential to ensure the security and resilience of government program and service delivery. Effective incident management is key to limiting the disruption caused by an incident and restoring normal business operations as quickly as possible.

TBS will update the Government of Canada Cyber Security Event Management Plan (GC CSEMP) to ensure that the operational framework for the management of cybersecurity events (including cyberthreats, vulnerabilities or incidents) is continuously improved. The plan will be tested and reviewed annually and modified as required. This includes annual tabletop exercises to ensure that cybersecurity events are addressed in a consistent, coordinated and timely fashion government‑wide.

Departments will update existing cybersecurity event management or incident response plans to align to the GC CSEMP.

Closed

Closed as an ongoing activity.

Departments update existing cybersecurity event management or incident response plans to align to the GC CSEMP.

Adopt agile approaches to implementing business solutions

It is a challenge to be able to acquire goods and services in a timely manner to operationalize government mandates that provide value to citizens. TBS and PSPC are leading a government‑wide initiative to identify and support key improvements in the federal procurement regime.

Departments will take advantage of existing multi‑departmental contracts when investing in solutions to meet common needs. In cases where multi‑departmental contracts or tools do not meet business requirements, departments will contact TBS to discuss other options. Departments are required to keep TBS up to date on their investments and plans.

Where a customized or in‑house solution is the only option, application development teams should take modern and agile approaches to achieve greater speed and agility. They must also take into account the increasingly complex ecosystem of interdependent software architecture, infrastructure and processes.

Departments will promote a learning culture that allows solutions architects and developers to:

• understand and adopt iterative development approaches, automate release schedules and embrace a layered testing strategy, including automated testing
• increase engagement with business colleagues to advance iterative approaches
• engage functional (IM) experts early in the development process
• adopt an approach that considers a service‑oriented architecture and application programming interface (API) first rather than large and complex constructs

Closed

Closed as an ongoing activity.

Updates to PSPC contracting approaches have enabled Departments to take advantage of existing multi‑departmental contracts when investing in solutions to meet common needs promoting reusability.

Departments continue to promote a learning culture that allows solutions architects and developers to:

• understand and adopt iterative development approaches, automate release schedules and embrace a layered testing strategy, including automated testing
• increase engagement with business colleagues to advance iterative approaches
• engage functional (IM) experts early in the development process
• adopt an approach that considers a service‑oriented architecture and application programming interface (API) first rather than large and complex constructs.

Government email solutions

Departments have traditionally operated their own email systems, resulting in business and cost inefficiencies. SSC as the service provider and TBS as the enterprise business owner are developing a strategy for next‑generation email services for the opportunity to procure a larger suite of communications tools for the government, including email services. To align with this direction, the current suite of GCTools will evolve into an Open and Accessible Digital Workspace.

To ensure stability, service continuity and facilitate transition to a new solution, SSC will upgrade legacy email environments.

Carry forward

This work is reflected in strategic pillar 3 (3.3. Deploy modern and accessible workplace tools and devices) of the 2021–2024 DOSP.

Build a platform for enterprise interoperability

The government knows that a platform for enterprise interoperability will lay the foundation for achieving the government vision for data‑sharing of getting the right information to the right people at the right time.

TBS will continue to work with stakeholders to provide a digital exchange toolkit: a suite of modern integration tools to serve the needs of a digital exchange ecosystem. Examples of components in this toolkit are the GC Service Bus, the Digital Exchange Platform and the API Store. These components enable the secure exchange of data between enterprise systems, departments, governments and the public.

The toolkit provides scalable, reliable and industry‑leading technology solutions for departments to leverage to more rapidly implement data exchange use cases. The capability to link internal departmental information with solutions for delivering programs and services will enable greater government‑wide collaboration when designing digital services. This approach will also enable business process improvement within the government and across jurisdictions, leading to improved program and service delivery for citizens and businesses.

Through the creation and use of a governance framework (policies, directives, guidelines and open standards) for the digital exchange ecosystem, TBS will:

• foster openness and collaboration
• promote digital services
• advance enterprise interoperability and information‑sharing across the government

Closed

The Canadian Digital Exchange Platform (CDXP) which provides different tools for modern data exchange has been procured.

Introduce a strategy for use of open‑source software and open standards

The use of open source software supports interoperability and information‑sharing and should be considered in the assessment of IM‑IT solutions. Open source products are publicly available, and the availability of their source code promotes open and collaborative development around their specifications, making them more robust and interoperable. The use of open standards ensures interoperability between products and systems and maintains flexibility within the IM‑IT environment. TBS will continue to run the Open Source Advisory Board and working group, as well as lead development of a strategy, including open source licences framework guidance, an open‑first white paper and an open resource exchange, to set direction for the government on the use and release of open source software and open standards that will be ratified by the Government of Canada Enterprise Architecture Review Board (GC EARB).

Carry forward

This work is reflected in strategic pillar 3 (3.2. Plan and govern for the sustainable and integrated management of service, information, data, IT and cybersecurity) of the 2021–2024 DOSP.

Develop an application programming interface (API) strategy

APIs are used to reveal government digital capabilities and can be combined and reused to create digital services. APIs are increasingly becoming the way to facilitate sharing of government data and information and, as such, are foundational building blocks that support the government’s commitment to digital services. TBS will develop an API strategy for the government.

Closed

APIs are used to reveal government digital capabilities and can be combined and reused to create digital services. APIs are increasingly becoming the way to facilitate sharing of government data and information and are foundational building blocks that support the government’s commitment to digital services.

Mandatory procedures for APIs were incorporated into the Directive on Service and Digital.

Advance analytics

Business intelligence involves creating, aggregating, analyzing and visualizing data to inform and facilitate business management and strategy. Analytics is about asking questions and refers to all the ways in which data can be broken down, compared and examined for trends. Big data is the technology that stores and processes data and information in datasets that are so large or complex that traditional data processing applications can’t analyze them. Big data can make available almost limitless amounts of information, improving data‑driven decision‑making and expanding open data initiatives.

TBS, working with departments, will lead the development of requirements for an enterprise analytics platform.

TBS will work with departments to identify a business lead to develop a data lake (a repository of raw data) service strategy so that the government can take advantage of big data and market innovation to foster better analytics and promote horizontal data‑sharing.

Carry forward

This work is reflected in strategic pillar 3 (3.3. Deploy modern and accessible workplace tools and devices) of the 2021–2024 DOSP.

Enhance online infrastructure to enable departments to release their data and information

The government has also worked to support the “demand side” of open data and information, identifying and collaborating with stakeholders in organizations and companies that leverage open government data and information. Canada’s Open Data Exchange is one organization that helps Canadian companies make use of open data. TBS has worked with the Open Data Exchange to deepen insight into the commercial open data landscape and to understand what challenges need to be overcome in order to make Canadian open data companies more competitive. In the last 2 years, Open Data Exchange has incubated 15 new data‑driven companies and has more work planned in future years to continue to promote the use of open government data among Canadian companies.

Closed

The open government team updated and improved the infrastructure of open.canada.ca by leveraging open source tools and migrating to a cloud environment. The open.canada.ca platform provides an easy to use internal metadata catalogue, or registry, which helps facilitate data publication, and standardization activities through the development of data and metadata templates. This internal platform provides a GC enterprise‑wide service to support departments in publishing open data, open information, access to information summary reports, as well as proactive disclosure reports in order to support Bill C‑58. Through these tools, Open.canada.ca provides the public with a one‑stop shop for open government resources created and published by GC organizations.

The government has worked to support the “demand side” of open data and information, identifying and collaborating with stakeholders in organizations and companies that leverage open government data and information. Canada’s Open Data Exchange is one organization that helps Canadian companies make use of open data. TBS has deepened its insight into the commercial open data landscape and what challenges need to be overcome in order to make Canadian open data companies more competitive.

Develop master data management (MDM) program

In an open and distributed operational environment such as the government, there is a risk that business‑critical data becomes redundant, inconsistent and scattered throughout the enterprise.

Master data management (MDM) can be defined as the processes, governance, tools, rules and technology required to create and maintain consistent and accurate master data. It focuses on common critical data elements and establishes strong governance around them. MDM can eliminate redundancy and inconsistency of data in an organization and ensure its quality and control. It can provide a single, authoritative point of reference that can be shared by many processes and applications across the organization. It can also streamline data sharing and facilitate interoperability.

TBS will work with Statistics Canada and other key business owners to establish a government‑wide MDM program to formally identify standard data elements and single authoritative sources for key information domains, where appropriate.

Carry forward

This work is reflected in strategic pillar 3 (3.1. Manage and use data and information as strategic assets) of the 2021–2024 DOSP.

Implement GCDocs

Time and productivity are frequently lost due to the lack of consistent tools and systems to help employees store, search and find the information and data they need to do their jobs. Enterprise IM solutions such as GCDocs streamline and simplify these processes, but they need to be configured properly to make back‑end IM processes as invisible as possible to users.

Automation can provide opportunities to:

• simplify and streamline key IM processes and practices
• deliver a seamless user experience that relieves burden on individual government workers

Furthermore, implementing integrated and standardized solutions across departments can help make it easier for government employees to find, use and share the information and data they need to do their jobs, while ensuring consistent, foundational management of government information assets. Information and data can be leveraged to help departments achieve their business objectives and meet their mandated requirements.

TBS and PSPC will enhance the government‑wide GCDocs service for departments, including:

• full deployment by 2022; 30 organizations have fully adopted GCDocs, an additional 79 organizations are in various stages of onboarding
• broadening its integration with back‑office systems
• piloting its use as a tool for increasing the openness of government information

Carry forward

TBS and PSPC have enhanced the government‑wide GCDocs service for departments. 55 organizations have fully adopted GCDocs; an additional 54 organizations are at various stages of onboarding.

Work to implement Enterprise IM solutions is reflected in strategic pillar 3 (3.3. Deploy modern and accessible workplace tools and devices) of the 2021–2024 DOSP.

Standardize metadata

Metadata is the backbone of digital automated processes, information retrieval, and the use and sharing of information and data. Metadata defines and describes the structure and meaning of information and data and of the context and systems in which they exist. Metadata supports efficient and effective management of information and data resources over time, which facilitates decision‑making, accountability and the efficient delivery of government programs and services.

Standardized metadata supports:

• interoperability within and across systems
• reuse of information resources within, across and outside the government

Along with standardized metadata, consistent use of authoritative vocabularies supports the exchange of information and data resources within and across systems.

Automated metadata collection, creation, use and reuse can greatly relieve the burden on individual government workers.

TBS, in conjunction with business owners, will standardize metadata schemas and maximize their benefits to simplify and automate metadata usage and make it invisible to users.

Carry forward

This work is reflected in strategic pillar 3 (3.1. Manage and use data and information as strategic assets) of the 2021–2024 DOSP.

Provide tools and resources to make innovative use of information and data

The need for tools to collect, store, analyze, manage, share and visualize data is increasing in all departments. Enabling open standards, open source, interoperability, and the sharing of expertise requires access to a common set of data tools commensurate with common data needs. At the same time, departments need a flexible framework to explore new tools and more advanced options that are both interoperable and secure.

The Government of Canada’s IT infrastructure must be able to support the ambitious agenda of its data system. There is a growing need for higher computing capacity and for the modernization of older data infrastructures. For example, collaborative efforts are underway through initiatives such as the Canadian Geospatial Data Infrastructure. This initiative provides national geospatial standards and infrastructure critical to address environmental assessments, emergency response and space program continuity.

It is important that the government take a proactive approach in addressing its future data requirements. Currently, many departments and agencies are anxious for the delivery of secure cloud infrastructure or procurement options. It is expected that public Protected B cloud services will be ready for departmental access by spring 2019.

• TBS will work with departments and agencies to identify common business requirements, develop a catalogue of recommended and preapproved tools, and establish updated guidelines and processes for their implementation.
• TBS and SSC will assess required infrastructure needs over the short and medium terms (that is, trajectories based on historical data usage, data pressures on the network and bandwidth consumption, and forward‑looking opportunities) and provide an interim report to DM CEPP by the end of summer 2019.
• TBS and SSC will provide a final report to DM CEPP by fall 2020, factoring in all organizational data strategies.

Closed

The Directive on Service and Digital outlines the requirements for data sharing (APIs) and GC EARB ensures departmental solutions are in alignment.

Broad collaboration across the GC with Enterprise Data Community of Practice allows for awareness of departmental activities and opportunities for sharing information.

Develop a data strategy for the Government of Canada

Under direction from the Clerk of the Privy Council, TBS has been co‑leading the development of a Data Strategy Roadmap with the Privy Council Office and Statistics Canada since January 2018, working with other departmental partners. The roadmap identifies strategic priorities for a unified and collaborative approach to manage government‑wide data as an asset while respecting privacy. Implementation of the Data Strategy Roadmap aims to support improved decision‑making and enhanced services to Canadians and a more transparent, collaborative and digitally enabled public service.

Recommendations in the roadmap are oriented around 4 themes:

1. stronger leadership and governance
2. improved data literacy and skills
3. enabling infrastructure and legislation
4. treatment of data as a strategic asset

The goal is to set a foundation so that the government creates more value for Canadians from the data we hold while ensuring the privacy and protection of personal information. Given the importance of data to supporting a digital government vision, the initiatives in the Data Strategy Roadmap complement, may overlap with, and are in some cases identical to the priorities identified in this strategic plan.

Carry forward

Work to advance these recommendations is reflected in strategic pillar 3 (3.1. Manage and use data and information as strategic assets) of the 2021–2024 DOSP.

Artificial intelligence

The use of automation and artificial intelligence also requires careful attention to the issues of potential bias, impacts on diverse populations, risk, and managing compatibility with administrative law. To begin to identify and navigate these issues, TBS developed a working paper on the responsible use of artificial intelligence in the Government of Canada using an open‑by‑default and collaborative approach that engaged experts, industry professionals and the public. Work is now ongoing in developing a Directive on Automated Decision‑Making and an Algorithmic Impact Assessment to provide an assessment framework that helps institutions better understand and mitigate the risks associated with automated decision‑making systems by providing the appropriate governance, oversight and reporting, and audit requirements. The tool is being developed with open collaboration.

As more use cases of automation and artificial intelligence are explored and adoption advances, more policy guidance, tools and training will be developed to help ensure that departments and public servants are using this technology in innovative and responsible ways.

Closed

The use of automation and artificial intelligence requires careful attention to the issues of potential bias, impacts on diverse populations, risk, and managing compatibility with administrative law. TBS published the Directive on Automated Decision‑Making and the Algorithmic Impact Assessment (AIA) to help institutions identify and navigate these issues. The tools provide an assessment framework that helps institutions understand and mitigate the risks associated with automated decision‑making systems by providing the appropriate governance, oversight and reporting, and audit requirements.

Ongoing, Departments conduct an AIA assessment as part of their GC EARB submissions.

Blockchain pilots

Blockchain use cases and the practicality of blockchain‑based applications are still being explored by governments around the world. The government announced in July 2017 the intention to run at least 6 select pilot projects on the use of blockchain.

Closed

Blockchain use cases have been explored and presented at GC EARB. The work continues and the practicality of blockchain‑based applications are still being explored by governments around the world.

Modernize workplace technology devices

Workplace technology devices are essential for a modern workplace and a collaborative, mobile workforce, as outlined in the Blueprint 2020 vision. TBS will work closely with departments to ensure that workplace technology devices meet the Blueprint 2020 vision.

TBS will establish enterprise standards and processes for life‑cycle management and set direction to guide future workplace technology devices standards and secure configurations.

SSC will continue to consolidate contracts and procurement activities to improve security, reduce costs and improve service to Canadians. SSC will also procure workplace technology devices and work with TBS and other departments to standardize devices.

Departments are responsible for supporting and maintaining workplace technology devices. They will explore support models such as self‑service and regional clusters to reduce costs while promoting consistent user experience and service expectations.

Carry forward

This work is reflected in strategic pillar 3 (3.3. Deploy modern and accessible workplace tools and devices) of the 2021–2024 DOSP.

Support a mobile workforce

The government is committed to and encourages an open and collaborative work environment where mobile devices are used. TBS will develop a mobility strategy, focusing initially on smartphones. Departments will balance the cost of these devices, and their support, against the business value achieved.

Carry forward

This work is reflected in strategic pillar 3 (3.3. Deploy modern and accessible workplace tools and devices) of the 2021–2024 DOSP.

Provide Wi‑Fi access

Access to wireless data networks is critical for employee productivity. The broader deployment of Wi‑Fi may also reduce costs by displacing the need to provide wireline infrastructure, which is expensive to install and maintain.

TBS and SSC will put in place the necessary services and policies to support Wi‑Fi usage. Departments will implement Wi‑Fi access to networks for all employees within common areas and their workspaces, where the job requires mobility. Departments will migrate to Wi‑Fi‑capable devices and support Wi‑Fi access to local area networks for registered users, as well as Wi‑Fi guest‑network access where security requirements are appropriate.

Carry forward

This work is reflected in strategic pillar 3 (3.3. Deploy modern and accessible workplace tools and devices) of the Digital Operations Strategy 2021–2024.

Provide desktop video conferencing to employees

Increased access to video conferencing supports the collaborative operations of virtual teams across departments, time zones and regions. Departments will complete the re‑engineering of their in‑house video conferences facilities to enable full interconnectivity across the government. Where appropriate and where a user profile supports such functionality, SSC will also create the network and bandwidth capacity needed to support video conferencing at desktops.

Closed

Increased access to video conferencing supports enhanced communication functionality for virtual teams across departments, time zones and regions.

Enterprise procurement of M365 has enabled this capability.

Advance digital collaboration

GCTools such as GCpedia, GCconnex, GCcollab, instant messaging and the GCintranet increase productivity and enable collaboration across the government and other partners. Employees are able to easily connect and share information and work across departments and geographic boundaries, resulting in better service to Canadians.

GCTools that support government requirements for accessibility, official languages and collaboration with external partners will be further developed and integrated into other applications. The current suite of GCTools will evolve into an open and accessible digital workspace, which will allow employees to easily connect with the information, colleagues and external partners they need to work effectively. The open and accessible digital workspace will also provide simplified access to other activities such as staffing, learning and professional development.

TBS will make adopting GCTools part of standard practices for employee onboarding throughout government. Departments will then be in a better position to adopt and use GCTools through the Ambassadors Network and in formal training and ongoing communications. The Ambassadors Network consists of volunteers from various departments and regions that provide support to teams using GCpedia, GCconnex and GCcollab to enhance their work.

Departments will decommission stand‑alone collaborative platforms unless they are linked to core local business requirements. Email communication will be reduced in favour of open discussions or instant messaging, where transitory communications can occur without bogging down government systems.

Closed

Closed as an ongoing activity.

The GC continues to support its current tools and will provide a modern government‑wide Enterprise Digital Workspace (EDW) for its employees. The EDW will include tools available within the newly acquired Microsoft 365 suite and enhancements made by the gcxchange platform, which will enable enterprise‑wide collaboration and information sharing functionalities for all public servants and external stakeholders.

Enable career development

Further enabling IM‑IT professionals to evolve into new roles and functions and addressing competency gaps in areas such as strategic thinking, influencing, innovation, collaboration and agility, requires investment in employees. To support IM‑IT professionals, retain talent and re‑skill or up-skill the workforce, emphasis will be placed on:

• a career management portal
• learning provider solutions

TBS, in conjunction with the Canada School of Public Service (CSPS), will lead work in this area.

Carry forward

This work is reflected in strategic pillar 4 (4.2. Build a workforce for digital‑first delivery) of the 2021–2024 DOSP.

Promote digital literacy and collaboration

Digital literacy goes beyond basic computer skills. It is essential to make the most of investments already made in the IM‑IT environment, devices and tools, and to ensure that IM‑IT supports workforce productivity rather than hinders it.

Data literacy is a skill required for working digitally. Government employees need to be able to extract high‑value insights from the wealth of available information and data and to communicate them.

TBS will develop partnerships to leverage and design an engagement and awareness program for all public servants to enable them to:

• become more data‑literate
• leverage evidence‑based decision‑making
• engage internally and externally as digital citizens

Public service employees should also be able to use GCTools such as GCpedia, GCconnex and GCintranet to share information and build the professional networks needed to respond to shifting priorities and problems. Collaborating digitally involves “working out loud,” where others can see, benefit from and help improve how employees work.

To promote a culture of openness and collaboration, departments will nurture these skills throughout the public service by:

• adopting and using GCTools for everyday work
• deploying targeted and general learning and community outreach activities
• promoting the use of self‑directed learning tools and materials

Senior leaders’ adoption of GCTools will be critical to successfully integrating digital collaboration into their departments and to demonstrating the full benefits of these collaborative tools. Leaders will adopt an “open first” approach toward content creation and encourage their employees to participate in shared knowledge and collaborative digital spaces, other than where security requirements prohibit such an approach.

Closed

Promoting a culture of openness and collaboration has been achieved by:

• adopting and using GCTools
• deploying targeted and general learning and community outreach activities
• promoting the use of self‑directed learning tools and materials
• Introduction of the CSPS Digital Academy.

Modernize the information and data management professions

Revitalizing the information and data management profession is necessary to ensure that it keeps pace with current and emerging business needs in a digital, open and service‑oriented environment. Furthermore, information and data professionals should be more involved early on in the development process when designing or renewing programs and systems to ensure that issues associated with information and data management and sharing are proactively considered. Realigning roles and responsibilities of information and data management professionals and other key stakeholders could help improve collaboration and overall coherence.

TBS will lead the development of new standardized:

• generic work streams and job descriptions
• generic competency profiles
• organizational structures

Carry forward

This work is reflected in strategic pillar 4 (4.2. Build a workforce for digital‑first delivery) of the 2021–2024 DOSP.

Strengthen leadership development

There is a requirement to invest in current and aspiring leaders across the enterprise to:

• address talent retention issues
• increase capacity to develop leadership competencies

Emphasis will be placed on:

• talent management and succession planning
• learning provider solutions completed

Specific leadership development efforts include:

• talent reviews
• promoting leadership development programs at CSPS
• tracking and facilitating the movement of IM‑IT leadership across the enterprise

TBS will lead work in these areas.

Carry forward

This work is reflected in strategic pillar 4 (4.2. Build a workforce for digital‑first delivery) of the 2021–2024 DOSP.

Expand open government training and outreach

Training and awareness sessions are being provided to public servants across the federal government to enhance knowledge and skills for open government.

TBS will continue its work to expand open government training and outreach in the coming years, in partnership with CSPS. In addition to hosting public webinars on open government issues and developing dedicated open government training and learning activities for public servants, the Government of Canada will develop and publish open government learning materials for use by teachers and post‑secondary instructors. This will help Canadians know about our open government work and more actively participate in it, which in turn increases Canada’s ability to harness the social and economic potential of open government.

Closed

Training and awareness sessions are being provided to public servants across the federal government to enhance knowledge and skills for open government.

Enhance digital security awareness and reliability of government employees

The government is shifting its culture to digital and needs a better understanding of basic cyber/security hygiene with respect to digital systems, using services, sharing information and passwords. Improving behaviour and tendencies users have when interacting with systems will allow for a transition in security focus from building guardrails to innovation and evolution in security thinking and implementation. There is a need to ensure that patterns of behaviour are engrained into the daily activities of government staff to ensure a safe and secure digital infrastructure. Canadian Centre for Cyber Security will promote a general approach to training and awareness for IT security and supporting IT security teams across the government.

Closed

The government is shifting culture to digital and needs a better understanding of basic cyber/security hygiene with respect to digital systems, using services, sharing information and passwords. Improving behaviour and tendencies users have when interacting with systems will allow for a transition in security focus from building guardrails, to innovation and evolution in security thinking and implementation. There is a need to ensure that patterns of behaviour are engrained into the daily activities of government staff to ensure a safe and secure digital infrastructure.

Canadian Centre for Cyber Security will promote a general approach to training and awareness for IT security and supporting IT security teams across the government.

Broaden security innovation, collaboration and creativity in problem solving

There is a growing need to increase the capability/capacity of teams across the government to work together and develop creative solutions to problems that are being faced across the board. The government will provide a forum or platform to develop solutions and encourage teams to be curious in their own environments and be creative in how they look at managing their assets. Teams will be encouraged to consider pragmatic security solutions as much as innovative approaches; simple solutions that have the ability to enable business success are often an accidental development.

Closed

The government has provided a forum to develop solutions and encourage teams to be curious in their own environments and be creative in how they look at managing their assets. Teams continue to be encouraged to consider pragmatic security solutions as much as innovative approaches; simple solutions that can enable business success are often an accidental development.

Assessing public service skills and analyzing future needs

Technological disruption, changing approaches and digital government will require public servants to have new skills and competencies. To help public servants and the public service adapt to this evolving digital environment, TBS will work with partners such as CSPS to identify competencies for the digital age to better understand how the current skills profile of the government needs to evolve.

Closed

TBS has worked with CSPS to identify competencies for the digital age to better understand how the current skills profile of the government needs to evolve.

The creation and promotion of self‑directed learning tools, materials and the introduction of the CSPS Digital Academy have been established.

Digital Academy

The Government of Canada is launching a Digital Academy with the goal of increasing the offerings available to public servants who want to increase their digital literacy and understanding of key areas such as service design, data analytics and new technologies as they apply to their work. Informed by examples in other jurisdictions, we will build a made‑in‑Canada model that will lead to better understanding of how digital can improve how government functions and allow better services. CSPS will lead the delivery of the Digital Academy, in partnership with TBS, the Canadian Digital Service, Statistics Canada, other government departments and partners in the non‑profit, academic or private sectors.

The development of the Digital Academy will be especially guided by the principles of open by default, collaborating wisely and iterative development. Initial courses were piloted in September 2018, and the government will aim for this service to be available beginning in 2019.

Closed

The GC launched a Digital Academy with the goal of increasing the offerings available to public servants who want to increase their digital literacy and understanding of key areas such as service design, data analytics and new technologies as they apply to their work.

Improve diversity

An inclusive workplace is one where the workforce reflects the full breadth of the talent pool. Diverse teams bring broader perspectives and ideas for greater capacity to find creative solutions and innovate.

Currently, IT remains a predominantly male domain. Building on current efforts, initiatives include improving representation via recruitment for women in the CS (Computer Systems) Group. To further support the government’s commitments to achieving greater representation and a balanced and diverse workforce, departments will develop and leverage partnerships with organizations that encourage IT as a career choice for young women. Departments and central agencies will also work to increase labour mobility among women by encouraging leaders in the public service and the private sector to consider roles in the government’s IT community.

Carry forward

This work is reflected in strategic pillar 4 (4.2. Build a workforce for digital‑first delivery) of the 2021–2024 DOSP.

Strengthen recruitment

To address challenges that include branding issues, shortfalls in capacity and competency gaps, the government will focus on a CS recruitment campaigns, enterprise approaches and partnerships to support recruitment efforts and onboarding.

Specific initiatives will focus on:

• outreach to educational institutions
• onboarding tools and initiatives to improve the integration of recruits
• partnership with the Public Service Commission of Canada to create a partially assessed CS inventory

TBS, working with departments, will lead work in these areas. Such initiatives will better position the government to address capacity and competency gaps more efficiently.

Carry forward

This work is reflected in strategic pillar 4 (4.2. Build a workforce for digital‑first delivery) of the 2021–2024 DOSP.

Manage and maintain cyber‑talent

The government is working toward a future where services for Canadians are user‑centric, seamless and digitally enabled. Cybersecurity will remain a key element for protecting the information and maintaining the trust of Canadians when using government services. A robust, skilled and diverse workforce within the government is fundamental in supporting this transformation. However, there is a global shortage of qualified professionals in the cybersecurity domain, which is complex and requires a broad depth of skill sets. This growing gap between the supply and demand for skilled cybersecurity professionals has an impact on the government because it has to compete with the private sector and globally to recruit talent. To compete with the private sector, the government has to address the image that the government is bureaucratic, lagging in technology, slow with recruitment and has limited career development opportunities.

TBS must play a lead role in cultivating the federal public service as a model workplace where professional, skilled workers are trained and motivated to serve Canadians. This includes ensuring that there is a constant pool of proficient and capable people to support the delivery of government services for Canadians. There is a need to develop an agile human resource approach to address the skills gap in the Computer Science (CS) and related communities, specifically for the cybersecurity field, to enable a government digital transformation and further strengthen the government cyber posture. TBS will develop a strategy to recruit, retain and train the next generation of cybersecurity talent within the government in order to bolster the government’s capacity to deliver the services Canadians expect in a safe and secure manner.

Carry forward

This work is reflected in strategic pillar 4 (4.2. Build a workforce for digital‑first delivery) of the 2021–2024 DOSP.

Talent Cloud

Talent Cloud aims to creating a thriving marketplace where today’s talent can find exciting, high‑quality job opportunities in government that fit their passions and talents. This grassroots pilot project includes an experimental new staffing platform for project‑based employment, utilizing some of the practices and advantages of the gig economy but avoiding its precariousness. The platform will launch as a working pilot in fall 2018.

Closed

Talent Cloud is an experimental new staffing model for the GC, focused on bringing in external talent to term positions for project‑based work. GC Talent Cloud is also the world’s first public sector marketplace for the gig economy, structured around next generation workers’ rights. The website went live in October 2018 and the team continues to develop a wide range of new tools (e.g., job poster builder, screening plan builder, credential recognition engine). Using behavioural processes and business re‑engineering, the goal is to significantly reduce staffing time; while also making it easier to find the best candidate for the position.

Lead innovation

The role of departmental CIOs is evolving from IM‑IT service providers into strategic business partners, innovation agents, business enablers and catalysts for enterprise transformation. Departmental CIOs will be strategic business partners who bring IM‑IT to the table in innovative ways to address the department’s business needs. To explore working in ways that are more agile, new opportunities with various innovations hubs will be pursued.

Closed

GC Enterprise Architecture Review Board (EARB) has reviewed architectures for project investments from 46 different departments. These reviews ensure the alignment of the initiative to the GC Digital standards, GC Enterprise Architecture standards, and the business capabilities they will serve as per the GC Business Capability Model v2.

Evolve IM‑IT management practices, processes and tools

CIOs should plan and execute departmental IT plans so that they align with the government’s Strategic Plan for IM‑IT and overall enterprise modernization priorities. Important tools to support CIOs include:

• investment plans
• architectural reviews
• application portfolio management
• expenditure reporting
• performance reporting

Optimizing IM‑IT investments to meet business outcomes will propel the evolution of IM‑IT management processes and tools. TBS policy and guidance will allow departments to:

• manage IM‑IT consistently and with greater maturity
• better understand IM‑IT at the enterprise level
• evolve digital service delivery
• benchmark themselves against similar departments
• monitor and track progress against government priorities
• set future priorities

TBS will also provide policy guidance and more robust project oversight to help departments:

• develop sound project cost estimates
• implement good project management practices for complex IM‑IT projects
• guide investments from concept to benefits realization

Closed

Policies surrounding the implementation of project initiatives have been updated to reflect the digital realities and support departments in guiding their execution.

Policy on Service and Digital

Policy on the Planning and Management of Investments

Directive on the Management of Projects and Programmes

SSC partner departments continue to provide their IT Plans (in excess of 90%) in response to the Policy and Direction on Service and Digital.

GC Enterprise Architecture Review Board (EARB) has reviewed architectures for project investments from 46 different departments. These reviews ensure the alignment of the initiative to both the GC Digital standards as well the GC Enterprise Architecture standards.

Develop enterprise architectures for business, information, applications, technology and security

Enterprise architecture will be used to provide all government departments with a structured approach to identify and describe government business needs and the information, applications and technology that are required to enable them.

Enterprise architectures show:

• the capabilities and services being provided to Canadians
• the information that supports each government service
• the people impacted by business decisions
• the secure enabling applications and technologies for each government service

Understanding enterprise architecture enables effective decision‑making about IM‑IT investments, costs and risks, allowing the government to act as one to optimize performance and deliver on government priorities in the digital era.

TBS will improve architecture processes and tools established in 2017 and strengthen integration with various processes such as departmental IT planning, application portfolio management and project management and oversight. GC EARB, with representation of business and technology stakeholders from across the government, will continue to work collaboratively to simplify the government IM‑IT environment by:

• assessing alignment of initiatives
• identifying opportunities for reusing solutions that support similar needs
• developing new digital capabilities and innovation opportunities
• setting and documenting standards for government technology
• providing direction on IM‑IT investment

Closed

Mandatory procedures for Enterprise Architecture were published in December 2018.

Adherence is outlined in the Directive on Service and Digital.

Adopt modern and flexible business models

To achieve a better balance between demand and capacity, SSC and PSPC will adopt cost‑recovery business models for some IT services. Doing so will provide greater flexibility to provide agile and effective services to the government. As an enterprise, departments will achieve better business value by sharing IT resources, capacity and capabilities.

Based on the draft principles and framework developed in the 2017 to 2018 fiscal year, SSC will continue to work with its partners to finalize the model, including making adjustments to reflect the impact of funding decisions from the 2018 federal budget and the continuing evolution of the IT delivery environment. The goal remains to implement a new funding model beginning in the 2019 to 2020 fiscal year.

Closed

The information provided through the annual IT Planning process for SSC partner departments generates a prioritized list of project investments.

This input is presented to the DM Committee on Enterprise Planning and Priorities who validate the alignment with the GC and provide endorsement.

These activities have informed the updated business model for SSC 3.0

Rationalize investments

In keeping with enterprise IM‑IT governance, spending on new or significant changes to certain IM‑IT and IT‑enabled projects will be subject to consultation with TBS. Consultation will include discussions on spending for systems for common business domains such as:

• case management
• IM
• human resources management
• financial management
• other back office administrative processes
• identity and credential solutions
• IT infrastructure and associated solutions

Departments will take an enterprise approach to managing their portfolio of applications to:

• determine opportunities for common, government‑wide solutions
• retire aging and at‑risk applications

Applications that remain in use and that support mission‑critical business functions are to be kept evergreen until they can be replaced by modern solutions.

Closed

The GC Enterprise Architecture Review Board (EARB) has reviewed architectures for project investments from 46 different departments. These reviews ensure the alignment of the initiative to both the GC Digital standards as well the GC Enterprise Architecture standards.

All reviews look at: business, information, application, technology, security and privacy architectures with an eye to leveraging Enterprise solutions.

This execution is now entrenched and will carry on as part of normal business.

Introduce stronger project oversight at the concept phase

TBS will enhance and strengthen the oversight function for IT‑enabled projects by introducing earlier reviews of investment concept cases. Such reviews will take place prior to defining the solution or the project to implement the solution, allowing for early engagement and setting of direction.

For high‑risk project investments, TBS will monitor and report on performance and governance throughout the life of the project. Better management of project investments, coupled with an agile approach to development and delivery, maximizes value and reduces service delivery costs, enabling the government to respond more rapidly to emerging issues.

Closed

The Mandatory Procedures for Concept Case for Digital Projects, implemented on April 1, 2018, provide a mechanism for early engagement between departments and Treasury Board Secretariat on proposed digital investments.

In 2020, TBS started to review memorandum to cabinet to provide a mechanism for early engagement and integration of the digital perspective. This provides additional opportunity to promote a stronger project oversight earlier in the investment portfolio planning cycle and positively influence future results.

Developing a Digital Performance Measurement Framework and Maturity Model

To measure progress on digital transformation, a performance measurement framework will be developed to accompany the digital policy.

A maturity model will accompany this framework to assess departments on digital government adoption, mapped to the themes included in this strategic plan.

Data and insights generated from this process will support a continuous improvement process to inform evolving digital priorities or identify potential barriers to progress toward digital government that should be addressed.

Carry forward

This work is reflected in strategic pillar 3 (3.2. Plan and govern for the sustainable and integrated management of service, information, data, IT and cybersecurity) of the 2021–2024 DOSP.

Reviewing and updating governance committees

To ensure that our whole‑of‑government governance approach is appropriate to the needs of a digital government, TBS will be reviewing and updating enterprise governance, including committee mandates and memberships.

Closed

An integrated approach to governance at the DM level has been established in Treasury Board policy on Service and Digital which includes a requirement for the Secretary of the Treasury Board to establish and chair a senior‑level body responsible for providing advice and recommendations, in support of the GC’s priorities and the GC Digital Standards, regarding:

• strategic direction for the management of external and internal enterprise services, information, data, information technology (IT) and cybersecurity
• prioritization of GC demand for IT shared services and assets

A new committee has been established to support this policy requirement, the DM Committee on Service and Digital Government. TBS will review the underlying committees and update the terms of reference to align to and support the new DM Committee.

Advance financial management transformation

Financial Management Transformation (FMT) is modernizing the financial and materiel management (FM) business model across the Government of Canada, to provide more timely access to reliable, consistent GC‑wide information, and ensure that FM services better enable the delivery of programs for Canadians and remain cost effective and sustainable. FMT does so by designing standard, streamlined processes and common data structures, building modernized common systems to replace departmental platforms, helping managers, employees and financial and materiel management specialists adopt new processes and systems, and aligning financial management systems investments with government priorities.

FMT’s near‑term focus is to implement the digital core of the Government of Canada Financial and Materiel (GCFM) solution. The GCFM digital core will deliver SAP S/4 functionality common to each department to manage finance, materiel and other administrative activities in real‑time. This common platform will deliver a standardized and streamlined approach across Government of Canada departments and agencies to drive an effective digital government.

Carry forward

This work is reflected in strategic pillar 3 (3.3. Deploy modern and accessible workplace tools and devices) of the Digital Operations Strategy 2021–2024.

Leadership in the global digital government movement

In 2018, Canada signed the Digital 7 (D7) charter, joining leading digital nations in a mission to harness digital technology to the benefit of citizens. The D7 charter commits Canada to working toward core principles of digital development, with a focus on user needs, open government and a commitment to share and learn from D7 member nations. D7 comprises nations that are recognized as having the most advanced digital governments globally. It provides a forum for member nations to share best practices, identify how to improve service delivery to citizens, collaborate on common projects, and support and champion their respective growing digital economies.

Leadership in the global open government movement

The Open Government Partnership (OGP) is the leading global, multilateral organization focused on issues of openness, transparency, accountability and participation. Founded in 2011, the OGP now has 75 member countries and a number of sub‑national government members. Canada has been an OGP member since 2012 and has released three OGP action plans outlining actions it will undertake to make government more open, with a fourth action plan currently in progress.

In March 2017, Canada was elected to a 3‑year term on the OGP Steering Committee and in October 2018 started serving a 1‑year term as lead government co‑chair of the OGP. As lead government co‑chair for 2018 to 2019, Canada will publish a co‑chair strategy outlining the initiatives it will pursue under its key co‑chair priorities of inclusion, participation, impact and strengthening the OGP. Canada will track its progress in implementing this co‑chair strategy and report quarterly on its work.

In spring 2019, Canada will host an international OGP event, bringing together government and civil society representatives from a number of OGP member countries around the world.

Closed

In 2018, Canada signed the Digital Nation charter, joining leading digital nations in a mission to harness digital technology to the benefit of citizens. Canada is currently funding the organization’s secretariat, housed within TBS for 2018 to 2020 and is an active participant in meetings

Canada has been an OGP member since 2011 and has released 4 OGP action plans outlining actions it will undertake to make government more open, with a fifth action plan currently in progress.

In May 2020, Canada was re‑elected to a 3‑year term on the OGP Steering Committee. In spring 2019, Canada hosted an international OGP event, bringing together over 2,600 government and civil society representatives from several OGP member countries around the world. Canada is also a member of several OECD open‑government groups, including the OECD Working Party on Open Government, composed of senior public officials in charge of the open-government agenda; and the OECD Expert Group on Open Government Data.