Public Accounts Committee on March 10th, 2016

The strategic plan?

Maybe I could clarify why Ron was asking the question.

The strategic IT plan has some enterprise initiatives and it's because it's strategic it is a directional plan for departments. Then there are specific plans that are very operational that every department would have, and Ron has those for Shared Services Canada. We have the IT strategic plan. We've done a lot of consultation with the community, with CIOs across government, and the completion of that document is March 31. We expect at the latest to have that approved and out to the departments for implementation in the spring time frame. Probably a June time frame is what we're looking at.

June 2016, correct.

I would like to begin by remarking that indeed the IT infrastructure services that Shared Services Canada provides are secure. We have made important progress in securing the IT infrastructure, the perimeter of the IT infrastructure. As I mentioned in my speaking notes, a 24-7-365 security operation centre has been established, providing an overall perspective on the threats to the Government of Canada's IT infrastructure. We monitor the potential threats to the infrastructure services incredibly closely, along with our security agency partners. While there's never any guarantee—there's no immunity against cyber threats—we are very vigilant and have made investments over the last number of years to increase the security of our IT infrastructure.

In terms of information provided to partners, we agreed with the Auditor General's recommendation that there needs to be better communication. We're taking firm steps already to clarify the roles and responsibilities. Those documents have been circulated to our partners and we're engaging in further action to improve communication.

Absolutely. When Shared Services Canada was stood up, it inherited a vast array of different types and qualities of IT services and infrastructure. In most cases, there were no existing service level agreements that came with that IT infrastructure. It's been a big job just to figure out what the IT infrastructure is that was inherited and what is the map to it. We are well on the way to completing that. It is necessary in order to consolidate the networks and the data centres, for example.

We are going to be establishing service level expectations for our clients. You can see in the report on plans and priorities for 2016-17 that we are shifting to a model that is truly business for Shared Services Canada. We are setting targets, for example. They are around the reliability and stability of the desktop functions, the percentage of time that email systems are available, the number of applications migrated, the time that the mission-critical systems are available, and the mean time to restore those systems. All of those indicators are being developed. It's our intent to hold ourselves to account on the targets that we will set for our clients.

We're also intent on measuring customer satisfaction. The Auditor General mentioned this. That as well is an important feedback mechanism for us to understand how we're doing. We've done the first survey and have the results. That's a baseline for us to grow the organization in terms of its maturity.

I'm going to ask Mr. Glowacki to take that question.

Thank you.

First of all, I have to say that it's a privilege to be here.

Mr. Chair, it is quite typical in this managed service provider industry that when you go into an engagement such as this, you take on the existing status. The agreements are quite standard to come in and say, as the phrase goes, “your mess for less”. Basically, you run it at the same status. If there are pre-existing measurements, you take on those measurements and you agree to run them at the same status. What we had here was that, in many cases, there were not sufficient systems in place doing the operational metrics that we could take on and say now we have a baseline and we will continue to measure against that baseline. Absent that baseline, it becomes a best effort kind of engagement.

To your question about service credits, if you will, this goes back to some of the previous questions about how things are paid for. We are trying to migrate from what we were created as. Some base had to be established with the appropriations, but as we move forward, we're going into what we call a fee-for-service environment. As demand goes up, additional services are always added. That's just the law of nature. We will have agreements in place that show the level we will provide, the availabilities, the liabilities, etc. We're all in the government, so it is not typical to say that we'll provide some sort of service credit if we miss the mark.

Now, the caveat is that we inherited a hybrid environment where we do go to industry for a certain amount of our services. It's predictable that we'll continue to do some services ourselves. For some it will make perfect business sense to have industry doing those. The benefit we get with industry is that we ensure that we have service credits through them. Take email, for instance; we do have service credits. Those are piling up, and we have a very careful count of those. As we unfold the operation, we will apply those as necessary.

Mr. Chair, the transformation is one program with separate components. There's an email component, a data centre component, and a networks component. We are working in parallel on all of those components. I think it's very essential to do that, because there are many interdependencies between all of these. The networks are essential to email, and essential to data centres, and modernizing them along the way is crucial to the success, in fact, of the data centre project as well.

We have a set of separate projects for email, the data centres, and the network. Their interdependencies have been identified, and we are working to manage those projects so that they intersect at the right time and the right place to enable one another.