Thank you.
Good morning, Mr. Chair and members of the committee.
My name is Karen Robertson and I am the assistant director of finance and administration at the Canadian Security Intelligence Service. I am responsible for managing CSIS' financial functions as well as administrative functions pertaining to acquisitions, asset management, disposals and infrastructure requirements.
As my colleagues from Public Services and Procurement Canada, PSPC, and Shared Services Canada, SSC, have already provided an explanation of national security exceptions, I hope to provide you some insight into the rationale for applying these exceptions to CSIS' procurement contracts.
Although CSIS' procurement-related expenditures constitute a relatively small piece of the government's overall procurement budget, our mandate and operational activities create distinct requirements as they relate to the procurement of goods and services. As such, to contextualize my statements today, I would like to provide the committee with a brief overview of CSIS' authorities and why special consideration is required to protect the integrity of our work.
Everything we do at CSIS is grounded in the CSIS Act, which clearly articulates our mandate and authorities. Pursuant to section 12, CSIS is authorized to collect information, to the extent that is strictly necessary, on activities suspected of being threats to the security of Canada. These threats are explicitly defined in section 2 of the act, and are limited to terrorism, espionage, sabotage, and foreign interference.
CSIS collects information to detect, assess, and respond to threats to the security of Canada. A core function of our mandate is to report to and advise government on matters of national security. In principle, competitive and transparent government procurement practices are a healthy component of a democratic society. However, given CSIS' duties and functions, members of the committee will understand that the goods and services we acquire to support our activities are sensitive in nature and, as a result, must be protected from becoming widely known.
The main reason CSIS applies national security exceptions to the majority of our procurement contracts is to limit the disclosure of information about our practices, transactions, and vendors. If the targets of our investigations knew details about the equipment we procure and our technological capabilities, they could defeat or counter our investigative efforts.
In addition, knowledge of CSIS' procurement needs, even of seemingly innocuous contracts, may enable hostile actors to better understand our existing capabilities and resources. This is due to the potential mosaic effect of aggregating publicly released information about our procurement requirements, costs, and practices. As such, protecting how CSIS purchases goods and services matters just as much as protecting what we procure. Revealing any link to CSIS in a public tender may reveal our operational techniques, jeopardize our operations, and endanger employee safety. It could also risk the reputation and safety of those entities that supply us with goods and services.
The ability to apply national security exceptions to CSIS' procurement permits us the flexibility to define the requirements for a particular contract or vendor in light of our operational considerations and awareness of the threat environment.
Given these considerations, CSIS actually procures the majority of its contracts in-house as a result of exceptional contracting authorities that have been granted to us by the Treasury Board. CSIS has operated using these exceptional authorities since 1987. Very few goods and services are procured through the regular government process managed by PSPC and SSC. There are, however, certain circumstances in which we would manage contracts through PSPC and SSC, such as when the purchase exceeds our contracting authorities. National security exceptions would apply to all these contracts because of CSIS involvement.
CSIS is excluded from SSC's email, data centre, and network mandate. A minimal proportion of CSIS' network services and IT-related infrastructure are procured through SSC. With regard to SSC's mandate for end-user IT, CSIS works very closely with SSC to process IT procurements in a manner that aligns with security requirements.
CSIS does not apply national security exceptions to avoid undertaking competitive methods of procurement. While I cannot enter into much detail, it is important to note that CSIS' associated exceptional procurement authorities are backed by a rigorous internal control framework and oversight.
We leverage government-wide best practices to ensure the appropriate management of government resources. Our procurement practices are also subject to internal audit and evaluation functions, as well as to external review by the Office of the Auditor General.
Ladies and gentlemen, the application of national security exceptions is one way of adapting government-wide standards to accommodate the realities of CSIS' work. These exceptions allow us to be more responsive and agile in acquiring what we need to better investigate threats to the security of Canada. Keeping Canadians safe is our foremost concern and responsibility.
And with that, Mr. Chair, I will conclude my remarks and welcome any questions committee members may have.
I would just like to add that this is my first time appearing in front of a committee in Canada, and it's truly an honour to be here with you today.
Thank you.