2016-2017 Report on Plans and Priorities

Minister’s Message

Organizational Context

Raison d’être

Shared Services Canada (SSC) was created on August 4, 2011 to transform how the Government of Canada manages its information technology (IT) infrastructure. SSC delivers email, data centre, network and workplace technology device services to departments and agencies in a consolidated and standardized manner to support the delivery of Government of Canada programs and services. With a whole‑of‑government approach to IT infrastructure services, SSC is generating economies of scale to deliver more efficient, reliable and secure IT infrastructure services. SSC also provides certain optional technology services to other organizations on a cost-recovery basis.

Responsibilities

The Shared Services Canada Act recognizes that the Government of Canada wishes to standardize and streamline, within a single shared services entity, certain administrative services that support government institutions. Through Orders-in-Council (OIC), the Department received specific responsibilities in the area of IT infrastructure services.

SSC’s focus is to maintain and improve IT service delivery across the Government of Canada, enhance security, and implement government-wide solutions to transform IT infrastructure to improve value for money and services to Canadians.

SSC is working with the information and communications technology sector to deliver an enterprise-wide email system, consolidate and modernize government data centres, and transform telecommunications services. Budget 2013 further expanded SSC’s mandate, adding the consolidation of government-wide procurement of software and hardware for workplace technology devices (e.g. printers, and desktop and laptop computers).

SSC contributes to the achievement of other critically important Government of Canada initiatives, including border security, benefit payments and weather forecasting, as well as the vision of the future public service as articulated in Blueprint 2020. In addition, SSC works collaboratively with Government of Canada cyber security agencies to improve cyber and IT security.

As of September 1, 2015, OIC 2015-1071 provides SSC the authority to offer any or all of its services to any federal government entity on a voluntary basis, as well as to another Canadian jurisdiction or a foreign government, as long as there are no additional costs incurred or additional resources allocated by SSC. The OIC also expands the mandatory nature of a sub-set of SSC services related to email, data centres and networks to a range of new clients. Most small departments and agencies previously not served, or served only on an optional basis, are set out as mandatory clients for this sub-set of services.

Strategic Outcome and Program Alignment Architecture

SSC’s Program Alignment Architecture (PAA) illustrates how the Department’s program, sub-programs and sub-sub-programs are linked in order to achieve the Department’s strategic outcome and mandate.

Government of Canada departments and agencies are required to report their planned and actual expenditures and performance against their PAA, including at the sub-sub-program level, in accordance with the Policy on Management, Resources and Results Structure.

• 1. Strategic Outcome
  Modern, reliable, secure and cost-effective IT infrastructure services to support government priorities and program delivery.
  
  
  • 1.1 Program: IT Infrastructure Services
    • 1.1.1 Sub-Program: Distributed Computing Services
      • 1.1.1.1 Sub-Sub-Program: Workstation Services
      • 1.1.1.2 Sub-Sub-Program: Desktop and Office Productivity Suite Services
      • 1.1.1.3 Sub-Sub-Program: Email and Mobile Enterprise Server Services
      • 1.1.1.4 Sub-Sub-Program: File/Print Services
      • 1.1.1.5 Sub-Sub-Program: Remote Access Services
    • 1.1.2 Sub-Program: Production and Operations Computing Services (Data Centres)
      • 1.1.2.1 Sub-Sub-Program: Utility Computing Services
      • 1.1.2.2 Sub-Sub-Program: Dedicated Application Hosting and Management Services
      • 1.1.2.3 Sub-Sub-Program: Facilities Management Services
    • 1.1.3 Sub-Program: Telecommunications Services (Data, Voice and Video)
      • 1.1.3.1 Sub-Sub-Program: Data Network Infrastructure Services
      • 1.1.3.2 Sub-Sub-Program: Inter- and Intra- Data Centre Network Services
      • 1.1.3.3 Sub-Sub-Program: Voice Network Services
      • 1.1.3.4 Sub-Sub-Program: Conferencing Services
      • 1.1.3.5 Sub-Sub-Program: Contact/Call Centre Services (Data and Voice Network Infrastructure)
    • 1.1.4 Sub-Program: Cyber and IT Security Services
      • 1.1.4.1 Sub-Sub-Program: IT Environment Protection Services
      • 1.1.4.2 Sub-Sub-Program: Identification, Authentication, and Authorization Services
      • 1.1.4.3 Sub-Sub-Program: Secure Communications Services
      • 1.1.4.4 Sub-Sub-Program: Perimeter Defence, Detection, Response, Recovery and Audit Services
      • 1.1.4.5 Sub-Sub-Program: Cyber and IT Security Management Services
  • Internal Services

Organizational Priorities

Priority #1: Improve the delivery of IT infrastructure services

Priority #2: Consolidate and modernize the Government of Canada’s IT infrastructure

Description

The IT infrastructure that supports government programs and services is aging, vulnerable to security risks and inefficient. Renewal of this infrastructure will establish a secure and reliable platform for the delivery of digital services to Canadians. SSC’s plan for renewing the government’s infrastructure (the Transformation Plan) will undergo a comprehensive review and update in 2016–17 to ensure its continued sustainability and alignment with government priorities. This review will be informed by lessons learned from past experience and the advice of experts.

Priority Type

New

Key Supporting Initiatives

* Note: This date may change depending on the halt to migration that was started in November 2015.

Priority #3: Secure the Government of Canada’s data and technology assets

Description

The frequency and complexity of cyber security attacks pose a threat to Government of Canada IT infrastructure and networks that house critical data and provide services to Canadians. Enterprise-wide management of cyber and IT security issues is required to reduce risks and protect the integrity of Government of Canada services and operations. In 2016–17, SSC will work closely with Government of Canada security agencies to support the implementation of the “Top 10 IT Security Actions to Protect Government of Canada Internet-Connected Networks and Information” recommended by the Communications Security Establishment of Canada.

Priority Type

Previously Committed

Key Supporting Initiatives

Priority #4: Increase the efficiency and effectiveness of internal services

Description

Agile, responsive and effective internal services are needed to ensure SSC’s capacity to support enterprise IT Infrastructure Services.

Priority Type

Previously Committed

Key Supporting Initiatives

Risk Analysis

SSC faces significant operational risk in providing modern, reliable, secure and cost-effective IT infrastructure services to support government priorities and program delivery. Cyber attacks are more frequent and sophisticated, threatening the security of data and critical infrastructure. At the same time, aging IT systems are at risk of breaking down more often and disrupting government operations. Furthermore, larger than expected demand for IT services is diverting SSC’s resources from transformation projects.

The table below provides more detail on five key risks facing SSC’s operations and the actions the Department will take to mitigate these risks. Overall, SSC’s risk response will consist of implementing a service management framework and updating the Transformation Plan and associated funding mechanisms to ensure long-term sustainability.

In 2016‒17, SSC will continue to integrate risk management practices across the Department by monitoring its environment, actively managing risks and continually improving its integrated risk management policies. The Department produces an annual overview of organizational risks that could impede the achievement of its objectives. These organizational risks have implications across the Government of Canada, as departments depend on SSC to provide the IT services that enable them to fulfill their mandates.

The constantly evolving environment in which SSC operates, as well as the Department’s responsibilities in supporting other departments’ operations, both point to the importance of risk management at all levels. SSC is working with other departments to develop an enterprise IT risk analysis, while managing risk at the departmental and project levels. The integration of these three levels is necessary in order to ensure a robust risk management approach.

Key Risks

Planned Expenditures

Budgetary Financial Resources (dollars)

Human Resources (Full-Time Equivalents [FTEs])

Budgetary Planning Summary by Strategic Outcome and Program (dollars)

The Department’s planned spending reflects the amounts that received the approval of the Treasury Board (TB) by February 1, 2016 to support the departmental strategic outcome and program. The variance of $1.4 million between the 2016–17 Main Estimates and the 2016–17 Planned Spending is explained by the approved funding of the TB submission on the resettlement of Syrian refugees.

The forecast spending for 2015–16 represents the estimates to date as published in the 2016–17 Main Estimates, as well as the increase in employee benefit plans (EBP) related to the Vote-Netted Revenue (VNR) authority.

The 2016–17 Planned Spending indicates a total net increase of $34.7 million over the 2015–16 Forecast Spending. This increase is mostly caused by the re-profiling of the Carling Campus project from 2015–16 to 2016–17 and other adjustments related to projects and initiatives.

The total expenditures net decrease of $30.9 million between 2013–14 and 2014–15 is mostly attributed to the increase in revenues for standard and optional services offered to partner and client organizations, as well as to an increase in Internal Services.

The 2017–18 and 2018–19 Planned Spending indicates a decrease from the 2016–17 Planned Spending. This decrease is primarily caused by time-limited projects that do not have ongoing funding, such as the Carling Campus, Cyber Security, Census 2016 and other partner projects. The funding related to these time-limited projects are mostly in operating and maintenance, as well as capital, and therefore have no impact on FTEs.

SSC has not yet sought Treasury Board authority for its Vote Netted Revenue beyond 2016–17. As such, these amounts are not yet reflected in planned spending for 2017–18 and 2018–19.

Figures in the tables above are net of re-spendable revenue.

Departmental Spending Trend

Notes

1. These figures are net of re-spendable revenues. The statutory amounts represent the contribution to the employee benefit plans (EBP).
2. Spending for 2013–14 and 2014–15 represents the net actual expenditures incurred during the respective fiscal year, as reported in the Public Accounts.
3. Spending for 2015–16 reflects the estimates to date (2015–16 Main Estimates and Supplementary Estimates C), as well as the additional EBP related to the Vote-Netted Revenue authority.
4. Spending for 2016–17, 2017–18 and 2018–19 reflects TB-approved amounts as of February 1, 2016.

Estimates by Vote

Section II: Analysis of Program by Strategic Outcome

Strategic Outcome

Modern, reliable, secure and cost-effective IT infrastructure services to support government priorities and program delivery.

Program 1.1: IT Infrastructure Services

Description

This program delivers IT Infrastructure Services to federal government departments to enable and support the management, co-ordination and delivery of government programs to Canadians and the achievement of Government of Canada priorities. The IT Infrastructure Services consist of four main IT service groups: (a) Distributed Computing, (b) Production and Operations Computing (Data Centres), (c) Telecommunications (Data, Voice and Video), and (d) Cyber and IT Security. This program establishes a centralized common IT infrastructure service leading to consolidation and standardization in the management and delivery of IT services across the mandated partner and client organizations. This consolidation and standardization of services contributes to greater operational efficiencies and economies of scale, resulting in better value to Canadian taxpayers, enhanced reliability and security of the IT services, a reduction in the duplication of effort and managerial oversight, and the development of a harmonized response to partner and client organizations’ business requirements.

These figures are net of re-spendable revenues.

*SSC will increase its target rating each year as service improvements are implemented.

Planning Highlights

In 2016–17, SSC will improve the delivery of services to its partner and client organizations through more robust service management, project management and financial management. SSC will also complete a comprehensive review of its plan to consolidate and modernize the government’s IT infrastructure. More specifically, SSC will continue to implement a service management framework, including new governance structures and operational support to optimize service delivery. SSC will also continue to evolve its service catalogue content to include more detailed descriptions of roles and responsibilities and service level expectations. Standardizing and optimizing service management processes and tools will help accelerate SSC’s plan for migrating departments from legacy IT systems to a new, more secure enterprise IT platform. In executing this plan, SSC will:

• consolidate and standardize email, data centres and network infrastructure of partner and client organizations across the government;
• leverage cloud computing services securely and efficiently;
• consolidate the procurement of workplace technology devices, thereby standardizing hardware and software, to increase security, leverage economies of scale and realize lower unit costs;
• transition from aging technology and legacy systems to more advanced IT infrastructure; and
• enhance security of data and technology assets through enterprise cyber and IT security services.

Description

These services provide and support partner and client organizations with access to individual, workgroup and distributed computing services for program-specific and corporate applications. They also include workstation provisioning and technical support, as well as local area network (LAN) (physical or virtual) functionalities, including file/print services. Some of the services are provided on an optional basis to partners and clients.

These figures are net of re-spendable revenues.

The decrease in planned spending from 2016–17 to 2017–18 is primarily due to the planned reduction of costs for the email service.

Planning Highlights

In 2016–17, SSC will continue to support the day-to-day work of partner and client organizations through the reliable provision of distributed computing services, which includes ensuring the following:

• Partner and client organizations have the IT equipment they require (such as laptops and software), the IT equipment is supported over the course of its lifespan, and it is disposed of in a responsible manner when no longer useful or operational.
• Servers supporting email and scheduling capabilities both at workstations and on mobile devices are functional.
• Services are in place so personnel in partner and client organizations are able to print from their workstations and to access the network remotely (from outside the office) when necessary.

SSC will support distributed computing services by continuing to consolidate how workplace technology is being procured and delivered.

The transition to a single email solution across the federal government is expected to be largely completed in 2016–17. This consolidation of email service will enable easier access to government personnel and services, while supporting the Blueprint 2020 objective of an open, modern and networked public service.

Sub-Sub-Program 1.1.1.1: Workstation Services

Description

These services help ensure partner and client organizations are provided with reliable, secure and cost-effective delivery of local physical workstation hardware for accessing and using Distributed Computing Services applications. They include the procurement, installation, configuration, operation, protection and decommissioning of devices, operating systems, Internet browsers and corporate portals. The procurement of hardware via SSC is a mandatory service. The installation, configuration, operation, protection and decommissioning of devices are optional.

These figures are net of re-spendable revenues.

Planning Highlights

Since 2013, SSC has held the authority to acquire and provide hardware (such as personal computers, docking stations, monitors, webcams and external storage devices), software (such as operating systems and security software) and optional associated support services (such as through a help desk) to partner and client organizations. SSC will continue to improve value for partners and clients by optimizing software and hardware procurement, delivery and support.

Through its various Workstation Services activities, SSC will ensure that reliable and stable desktop environments are made available to the partner and client organizations to which the services are delivered.

Sub-Sub-Program 1.1.1.2: Desktop and Office Productivity Suite Services

Description

These services ensure the reliable, secure and cost-effective provision of, and technical support for, desktop and office productivity suite applications and LAN-based standard utilities for partner and client organizations. These services include the procurement, installation, configuration, operation, protection and de-installation of desktop and standardized office suite software (such as word-processing, presentations and spreadsheets), and record and document management applications, as well as LAN-based standard utilities (such as anti­virus, security, data-handling tools and client-side printing utilities). The procurement of software via SSC is a mandatory service. The installation, configuration, operation, protection and decommissioning of software are optional.

These figures are net of re-spendable revenues.

Planning Highlights

In 2016–17, SSC will standardize software products and optimize procurement and provisioning processes and tools.

Sub-Sub-Program 1.1.1.3: Email and Mobile Enterprise Server Services

Description

These services provide partner and client organizations with support for email and mobile device management functionality, including the transmission of emails, the scheduling of events and the deployment of configuration policies and applications to mobile devices. These services also include the procurement, configuration, management and protection of email services and mobile device enterprise servers.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue the work to replace our partner and client organizations’ existing email systems with one email solution across the Government of Canada. This enterprise-wide email system will provide regular and encrypted messaging, contacts, and calendar functions on workstations and mobile devices. SSC will ensure that email services are available and secure by procuring and managing the servers that support them.

Sub-Sub-Program 1.1.1.4: File/Print Services

Description

These services provide partner and client organizations with support to user and group access for the storage, retrieval and protection of documents, distributed computing services, data files and shared workgroup folders. These services also include the provision of “server–side” print services, and file sharing and management servers.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue to develop and execute its Workplace Technology Devices Printing Products strategy in order to ensure partners and clients have access to functional printing services that align with relevant standards and policies.

Sub-Sub-Program 1.1.1.5: Remote Access Services

Description

These services provide partner and client organizations with support to remote end users with complete access to the standard distributed computing desktop components, applications and data via access over a Secure Remote Access, dial-in or wireless service. These services include remote access software, hardware and communications software.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue to support partner and client organizations by providing personnel who are off-site or working outside the office with complete access to the same desktop options, applications and data as their colleagues.

Sub-Program 1.1.2: Production and Operations Computing Services (Data Centres)

Description

These services provide data centre capabilities, including the end-to-end management of physical complexes and the establishment of computing environments for SSC’s partner and client organizations, for SSC’s internal needs across all computing platforms, and for the provision of technical support and certification for the hosting of enterprise applications and database computing environments. The Application Hosting service includes standardized application environments, databases and middleware, which allow partners and clients to host and manage their data and business applications. The service provides a standard approach to using these platforms in non-production (development and testing), pre-production and production environments, as required by partners’ and clients’ system development life cycles.

All figures are net of re–spendable revenues.

The decrease in planned spending from 2016–17 is primarily due to time-limited projects that do not have ongoing funding in 2017–18, the majority of which are attributed to Carling Campus (decrease of $6.8M), Cyber Security (decrease of $5.6M) and other partner projects (decrease of $2.5M). These decreases will be partially offset by increases in funding in 2017–18 and beyond to support biometric screening in Canada’s immigration system. The funding related to these time-limited projects are mostly in operating and maintenance, as well as capital, and therefore have no impact on FTEs.

Planning Highlights

SSC will continue to consolidate data centres by closing aging data centres and migrating applications and data to newer, more secure enterprise data centres. SSC will continue to:

• consolidate data centre buildings and IT infrastructure;
• optimize data centre services and service delivery, including cloud computing services; and
• standardize technologies and consolidate licences.

This work will enable SSC to reliably support partner and client organizations’ ongoing needs and their delivery of programs and services to Canadians.

Sub-Sub-Program 1.1.2.1: Utility Computing Services

Description

These services deliver a fully managed infrastructure solution that offers secure, reliable and scalable computing, providing all partner and client organizations with the required processing capabilities. These cloud-based services utilize infrastructure-as-a-service technology, which includes physical or, more often, virtual machines. The operational support system can host large numbers of virtual machines with the ability to scale services up and down, while supporting application hosting requirements.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue to ensure that utility computing services are available to support partner and client organizations in the delivery of programs and services to Canadians, including high-performance computing for scientific purposes. SSC will also continue to pursue opportunities to leverage the secure and efficient use of cloud computing services.

Sub-Sub-Program 1.1.2.2: Dedicated Application Hosting and Management Services

Description

These services provide partners and clients with a fully managed, secure, reliable and scalable multi-tier platform, including standardized application and database middleware, which enables partner and client organizations to host and manage their data and business applications. The service provides a standard approach to using these platforms in non-production (development and testing), pre-production and production environments, as required by partners’ and clients’ system development life cycles.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue to support the applications that partner and client organizations need to manage their data and carry out their business. By modernizing, consolidating and standardizing its services, SSC is working towards ensuring that partner and client organizations’ various application-related requirements (in development, testing, pre-production and production environments) are available at least 99.5% of the time.

Sub-Sub-Program 1.1.2.3: Facilities Management Services

Description

These services encompass SSC’s data centre facilities supporting IT business programs for partner and client organizations while adhering to the established Government of Canada security requirements. These services cover the full life cycle (e.g. provisioning, configuration, maintenance and monitoring) of physical assets that support functions associated with physical security, conditioned power distribution, backup power, climate control, fire suppression, IT cabinets and cabling.

These figures are net of re-spendable revenues.

*Excludes the Borden data centre for 2016–17.

Planning Highlights

By consolidating and standardizing enterprise data centre facilities, SSC will ensure that the physical infrastructure is in place for the safety and security of the data centres and their contents. The modernization of these facilities, including the Borden data centre’s planned expansion under a public-private partnership, ensures that required services are reliably and consistently available to partner and client organizations.

Sub-Program 1.1.3: Telecommunications Services (Data, Voice and Video)

Description

These services support the delivery of data, voice and conferencing within and across the enterprise, thereby improving service delivery and enhancing value to Canadians. They are provided to partner and client organizations and include the provision and ongoing support of communications networks, services and required hardware. Data network services include the provision and ongoing support of multi–platform, multi–protocol electronic data and communications networks. Voice communication services include the provision of local and long–distance services, as well as secure voice and other related services. Conferencing services include the provision of a suite of video, web and audio conferencing services to partners and clients.

These figures are net of re-spendable revenues.

The decrease in planned spending from 2016–17 is primarily due to time-limited projects that do not have ongoing funding in 2017–18, the majority of which are attributed to Carling Campus (decrease of $56.8M), Census 2016 (decrease of $4.9M), Cyber Security (decrease of $3.7M) and other partner projects (decrease of $4M). The funding related to these time-limited projects are mostly in operating and maintenance, as well as capital, and therefore have no impact on FTEs.

Planning Highlights

SSC will continue to support partner and client organizations in the delivery of programs and services to Canadians by improving how data, including communication by voice and video, is sent and received. By consolidating and standardizing both technologies and supporting processes, SSC will continue to improve:

• Efficiency – Reducing redundant technology and services by consolidating networks, providing one telephone device per employee, improving conferencing capability and developing a shared contact/call centre, to increase efficiency.
• Cost savings – Modernizing and standardizing infrastructure and technology by moving from traditional telephone services to cellular and Voice over Internet Protocol (VoIP), using conferencing capacity instead of travel, and consolidating network infrastructure and call centre services, leading to cost savings.
• Workplace 2.0 – The migration towards updated network and communication technologies supports the Government of Canada’s Workplace 2.0 initiative, which seeks to create a modern workplace, enabling public servants to work more effectively.

Sub-Sub-Program 1.1.3.1: Data Network Infrastructure Services

Description

These services provide infrastructure support to partner and client organizations for all data network traffic on the network, through the management of network hardware and infrastructure. These services include support for client access connectivity and network and management operational activities.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue to implement and expand network services to connect additional partner and client organizations’ locations to consolidated networks, enabling them to communicate with other users and computers by voice, data (such as email) and video. SSC will work to ensure that the required infrastructure (cabling, Wi-Fi routers, etc.) is in place and that these network services are reliably available.

Sub-Sub-Program 1.1.3.2: Inter- and Intra-Data Centre Network Services

Description

These services provide interconnectivity of network elements between transmission facilities and computing facilities for partner and client organizations. They include network and management operational activities for inter- and intra-data centre network infrastructure and hardware (including network switches and routers, optical network devices, etc.).

These figures are net of re-spendable revenues.

Planning Highlights

SSC will ensure that consolidated and standardized Inter- and Intra-Data Centre Services are available to partner and client organizations as part of the migration to the new Government of Canada wide area network. SSC will also ensure critical incident reports and vendor reports are produced on a monthly basis and are available to support partner and client organizations’ activities.

Sub-Sub-Program 1.1.3.3: Voice Network Services

Description

These services include the provisioning and management of all voice service components, including telephony devices, to enable local and long-distance voice communications between internal stakeholders (Government of Canada employees) and external stakeholders (the general public and the private sector). The services are delivered through traditional means (Centrex and Public Branch Exchange [PBX] infrastructure), as well as through modern VoIP and cellular services infrastructure, leveraging carrier software and hardware environments.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue to modernize voice (telephone) services for the Government of Canada. This includes ensuring that voice services are reliable and available, while moving partner and client organizations from traditional telephone lines (Centrex and PBX) towards Internet-based (VoIP) and cell phones. By continuing to move towards a model where employees have a single telephone, SSC will continue to standardize services and reduce costs.

Sub-Sub-Program 1.1.3.4: Conferencing Services

Description

These services enable video, web and audio conferencing between public and private facilities and devices to support more effective and efficient communication and collaboration among partner and client organizations. Existing Government of Canada equipment and infrastructure, as well as industry solutions, are leveraged to provide the capacity to deliver conferencing services.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will ensure that partner and client organizations have access to functioning conferencing services.

Sub-Sub-Program 1.1.3.5: Contact/Call Centre Services (Data and Voice Network Infrastructure)

Description

These services include the provisioning and management of the contact centre and toll-free components to enable communications between external stakeholders (the general public and the private sector) and internal stakeholders (Government of Canada programs), as well as Government of Canada internal support functions. The services are delivered using both internal and external equipment and infrastructure to allow for communications via various media channels.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will modernize and standardize enterprise contact centre services and ensure that partner and client organizations have access to functioning contact centre and call centre services.

Sub-Program 1.1.4: Cyber and IT Security Services

Description

These services preserve the confidentiality, integrity, availability, intended use and value of electronically stored, processed or transmitted information by providing safety measures in accordance with the Policy on Government Security and the Operational Security Standard: Management of Information Technology Security. These services are provided to Government of Canada departments and agencies.

These figures are net of re-spendable revenues.

The decrease in planned spending from 2016–17 is primarily due to time-limited projects that do not have ongoing funding in 2017–18, the majority of which are attributed to Cyber Security (decrease of $6.6M in 2017–18). The funding related to these time–limited projects are mostly in operating and maintenance, as well as capital, and therefore have no impact on FTEs.

Planning Highlights

SSC will continue to ensure that information held by and entrusted to the Government of Canada is secure and available when needed. To achieve this, SSC will ensure the following:

• Enterprise data centres are physically secure.
• Using their user identities, personnel can access only the information and services they are authorized to access.
• Communications, including those at the Secret level, can be transmitted securely.
• Measures to defend against, detect and respond to cyber threats are in place.
• Security policies and standards are adhered to.

Sub-Sub-Program 1.1.4.1: IT Environment Protection Services

Description

These services provide physical security measures to data centres that serve Government of Canada departments and agencies to reduce the risk of unauthorized access to information, IT assets and data centre facilities. This includes the protection and disposal of sensitive data centre IT media in appropriate containers designed to resist fire, environmental damage and unforeseen hazards (for both on–site and off–site storage). It also includes the use of TEMPEST protection for data centres to ensure emanations by radiated signals do not contain compromising information. IT Environment Protection Services also involve personnel identification services that support the establishment of trust in personnel and others who require access to government data centre facilities, systems and networks, including security requirements for personnel screening.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will standardize and consolidate physical security measures for data centres, including measures either to protect the physical IT infrastructure itself, to secure information being transmitted in the data centre or to ensure that all personnel with access to the facilities have the appropriate security clearance.

Sub-Sub-Program 1.1.4.2: Identification, Authentication and Authorization Services

Description

These services enable the management of access to computer systems, applications or networks by providing security measures and obtaining information and data to validate user identity. These services include authentication, authorization, encryption, non-repudiation and credential management services for Government of Canada departments and agencies. They also provide access management, directories, identity management, password management, privilege management, password self-service and single sign-on.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will improve security by continuing to standardize and consolidate the ways in which personnel in partner and client organizations are able to use their user identities to access information, infrastructure and services.

Sub-Sub-Program 1.1.4.3: Secure Communications Services

Description

These services support the enterprise-wide need to create, store and transmit information at the classified (up to Secret) level, by consistently applying Government of Canada Security and Information Management policies and by providing streamlined service management and holistic IT security design and management. These services include office automation, classified information exchange, classified voice/video communications to Government of Canada and non-Government of Canada entities, in-service support to Government of Canada classified networks, reporting, accounting and procuring assets for SSC’s partner and client organizations.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will consolidate and expand secure communications services to ensure that partner and client organizations are able to create, store and transmit classified voice, video and data information, including Secret information.

Sub-Sub-Program 1.1.4.4: Perimeter Defence, Detection, Response, Recovery and Audit Services

Description

This sub-sub-program provides cyber and IT security operations and IT infrastructure security services. The Cyber and IT Security Operations Centre provides 24/7 protection, detection, response and recovery services for partner and client organizations as part of the SSC Cyber and IT Security Operations framework. The centre also provides vulnerability management services to ensure the compliance and integrity of the SSC infrastructure, as well as cyber intelligence through the Government of Canada Computer Incident Response team to inform the government authorities of current vulnerabilities and mitigations to put in place. These services are delivered through close collaboration with lead security agencies and partner and client organizations by constantly monitoring, auditing and testing Government of Canada systems and sharing cyber intelligence. IT infrastructure security services safeguard devices, networks and data for partner and client organizations from various forms of malware and intrusion into government networks and systems. They also enable the Operations Centre services to monitor and assist in the mitigation of unauthorized access, misuse or denial of network-accessible resources and data. This is achieved through strategic planning, design, engineering and implementation of enterprise-wide IT security infrastructure. Products and services also include network access controls, firewalls, security gateways, secure remote access, anti-malware, intrusion detection and prevention, data-loss prevention, and security information and event management systems.

These figures are net of re-spendable revenues.

Planning Highlights

SSC will continue to standardize and consolidate Security Operations Centre services and infrastructure security services.

Sub-Sub-Program 1.1.4.5: Cyber and IT Security Management Services

Description

These services ensure adherence to established security policies and standards to protect and preserve information and to manage and control information security risks through architecture, governance, compliance co-ordination and reporting for partner and client organizations. These services also include supply chain integrity services, security policy compliance, security architecture, designs, controls, assessments, performance and compliance, security audit co-ordination and other related services.

These figures are net of re-spendable revenues.

Planning Highlights

In order to protect information and manage security risks, SSC will continue to ensure compliance with established policies and standards, thereby improving security through effective governance, reporting and other management practices.

Internal Services

Description

Internal Services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. Internal Services include only those activities and resources that apply across an organization, not those provided to a specific program. The groups of activities are Management and Oversight Services, Communications Services, Legal Services, Human Resources Management Services, Financial Management Services, Information Management Services, Information Technology Services, Real Property Services, Materiel Services and Acquisition Services.

These figures are net of re-spendable revenues.

Planning Highlights

SSC continues to enhance the way Internal Services support the business of the Department. By focussing on stewardship, agility, reliability and quality of service delivery, SSC will continue to improve program management and delivery of internal services. Through an Enterprise Cost Management Framework, an updated Workforce Management Strategy, internal and external engagement and a focus on modernizing procurement practices, internal services will continue to support the business objectives of the Department’s evolving work environment and help the organization to manage change and support employees.

SSC will also continue to lead and support policy development, planning, reporting, risk management and performance measurement processes by leveraging best practices, ensuring effective communications and aligning with departmental and governmental priorities. By conducting ongoing analysis, effective planning and transparent reporting on departmental initiatives, SSC will increase the timeliness and availability of high-quality information, research and business analytics to support the achievement of its strategic outcome.

Section III: Supplementary Information

Future-Oriented Condensed Statement of Operations

The forecasted increase in expenses is mainly attributable to the increase of the amortization resulting from the acquisitions of tangible capital assets for the Carling Campus project. This increase is offset by savings related to time-limited projects and initiatives, by the decrease of expenses related to the reduction of forecasted salaries, and by the payments on lease obligations.

The forecasted decrease in revenues is mainly attributable to the reduction of telecommunication revenues related to the standard services, as well as other revenues related to time-limited projects.

Supplementary Information Tables

Tax Expenditures and Evaluations

Section IV: Organizational Contact Information

Appendix: Definitions

appropriation: Any authority of Parliament to pay money out of the Consolidated Revenue Fund.

budgetary expenditure: Includes operating and capital expenditures; transfer payments to other levels of government, organizations or individuals; and payments to Crown corporations.

Departmental Performance Report (DPR): Reports on an appropriated organization’s actual accomplishments against the plans, priorities and expected results set out in the corresponding Reports on Plans and Priorities. These reports are tabled in Parliament in the fall.

full-time equivalent (FTE): Is a measure of the extent to which an employee represents a full person year charge against a departmental budget. Full-time equivalents are calculated as a ratio of assigned hours of work to scheduled hours of work. Scheduled hours of work are set out in collective agreements.

Government of Canada outcomes:A set of 16 high-level objectives defined for the government as a whole, grouped into four spending areas: economic affairs, social affairs, international affairs and government affairs.

Management Resources and Results Structure (MRRS): A comprehensive framework that consists of an organization’s inventory of programs, resources, results, performance indicators and governance information. Programs and results are depicted in their hierarchical relationship to each other and to the strategic outcome(s) to which they contribute. The Management, Resources and Results Structure is developed from the Program Alignment Architecture.

non-budgetary expenditure: Includes net outlays and receipts related to loans, investments and advances, which change the composition of the financial assets of the Government of Canada.

performance: What an organization did with its resources to achieve its results, how well those results compare to what the organization intended to achieve and how well lessons learned have been identified.

performance indicator: A qualitative or quantitative means of measuring an output or outcome, with the intention of gauging the performance of an organization, program, policy or initiative respecting expected results.

performance reporting: The process of communicating evidence-based performance information. Performance reporting supports decision-making, accountability and transparency.

planned spending: For Reports on Plans and Priorities and Departmental Performance Reports, planned spending refers to those amounts that receive the approval of the Treasury Board by February 1. Therefore, planned spending may include amounts incremental to planned expenditures presented in the Main Estimates.

A department is expected to be aware of the authorities that it has sought and received. The determination of planned spending is a departmental responsibility, and departments must be able to defend the expenditure and accrual numbers presented in their Reports on Plans and Priorities and their Departmental Performance Reports.

plan: The articulation of strategic choices, which provides information on how an organization intends to achieve its priorities and associated results. Generally, a plan will explain the logic behind the strategies chosen and will tend to focus on actions that lead up to the expected result.

priority: A plan or project that an organization has chosen to focus and report on during the planning period. Priorities represent the things that are most important or what must be done first to support the achievement of the desired strategic outcome(s).

program: A group of related resource inputs and activities that are managed to meet specific needs and to achieve intended results and that are treated as a budgetary unit.

Program Alignment Architecture (PAA): A structured inventory of an organization’s programs depicting the hierarchical relationship between programs and the strategic outcome(s) to which they contribute.

Report on Plans and Priorities (RPP): Provides information on the plans and expected performance of appropriated organizations over a three-year period. These reports are tabled in Parliament each spring.

result: An external consequence attributed, in part, to an organization, policy, program or initiative. Results are not within the control of a single organization, policy, program or initiative; instead they are within the area of the organization’s influence.

strategic outcome: A long-term and enduring benefit to Canadians that is linked to the organization’s mandate, vision and core functions.

sunset program: A time-limited program that does not have an ongoing funding and policy authority. When the program is set to expire, a decision must be made whether to continue the program. In the case of a renewal, the decision specifies the scope, funding level and duration.

target: Measurable performance or a success level that an organization, program or initiative plans to achieve within a specified time period. Targets can be either quantitative or qualitative.

whole-of-government framework: Maps the financial contributions of federal organizations receiving appropriations by aligning their programs to a set of 16 government-wide, high-level outcome areas, grouped under four spending areas.

Endnotes

Free PDF download

To access the Portable Document Format (PDF) version you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet:

• Adobe Reader
• Foxit Reader
• Xpdf
• eXPert PDFReader