Directive on Service and Digital

• 1.2.1Directive on Management of Information Technology, April 1, 2009
• 1.2.2.Directive on Information Management Roles and Responsibilities, October 8, 2007
• 1.2.3Directive on Recordkeeping, June 1, 2009
• 1.2.4Policy on Acceptable Network and Device Use, October 1, 2013, Appendices A, B, C, and D.

• 4.2.1The designated official for service, in collaboration with other officials as necessary, is responsible for the following, in accordance with TBS direction and guidance:

  Client-centric service

  • 4.2.1.1Ensuring that client feedback, including in-service client feedback, client satisfaction surveys and user experience testing, is collected and used to inform design, delivery and continuous improvement of services;
  • 4.2.1.2Ensuring that newly designed or redesigned online services provide real-time application status to clients;

  Service inventory

  • 4.2.1.3Developing and annually updating a departmental service inventory;
  • 4.2.1.4Working with TBS to make the departmental service inventory available through the Government of Canada open government portal;

  Service standards

  • 4.2.1.5Ensuring the development, management and regular review of service standards, related targets and performance information, for all services and all service delivery channels in use;
  • 4.2.1.6Ensuring the reporting of real-time performance information for service standards is available on the department’s web presence;

  Service review

  • 4.2.1.7Ensuring that each service is regularly reviewed with clients, partners and stakeholders, in collaboration with the departmental CIO, as appropriate, at least once every five years to identify opportunities for improvement, including redesign for client-centricity, digital enablement, online availability and uptake, efficiency, partnership arrangements, and alternate approaches to service delivery, and alignment with the Government of Canada Digital Standards .

• 4.3.1The departmental CIO, in collaboration with other departmental officials as necessary, is responsible for:

  Strategic management of information

  • 4.3.1.1Establishing departmental information architecture in alignment with prescribed enterprise-wide standards.
  • 4.3.1.2Ensuring digital systems are the preferred means of creating, capturing and managing information.
  • 4.3.1.3Ensuring information and data are managed to enable data interoperability, reuse and sharing to the greatest extent possible within and with other departments across the government to avoid duplication and maximize utility, while respecting security and privacy requirements.
  • 4.3.1.4Ensuring departmental information is created in an accessible format, where appropriate, in accordance with TBS guidance.
  • 4.3.1.5Establishing and maintaining taxonomies or classification structures to manage, store, search, and retrieve information and data in all formats according to prescribed enterprise-wide standards.
  • 4.3.1.6Documenting life cycle management practices within the department that align with the nature or purpose of the information or data, and that address accountability, stewardship, performance measurement, reporting, and legal requirements.
  • 4.3.1.7Establishing, implementing and maintaining retention periods for all information and data, as appropriate, according to format.
  • 4.3.1.8Developing a documented disposition process and performing regular disposition activities for all information and data, as required.

  Protection

  • 4.3.1.9Protecting information and data by documenting and mitigating risks, and by taking into consideration the business value of the information, legal and regulatory risks, access to information, security of information, and the protection of personal information.

  Recordkeeping

  • 4.3.1.10Identifying information of business value, based on an analysis of the functions and activities carried out by a department to enable or support its legislated mandate.
  • 4.3.1.11Maximizing the removal of access restrictions on departmental information that has been identified as having archival value before the information is transferred to Library and Archives Canada as part of planned disposition activities.
  • 4.3.1.12Ensuring that an approved Government of Canada enterprise information management solution is used to document business activities, decisions and decision-making processes.
  • 4.3.1.13Identifying, establishing, implementing and maintaining designated corporate repositories in which information of business value is managed throughout its life cycle while respecting privacy and security requirements.
  • 4.3.1.14Ensuring that the quality of information is managed and preserved to satisfy the requirements and expectations of users to meet operational needs, responsibilities, and long-term retention requirements.
• 4.3.2Managers are responsible for:
  • 4.3.2.1Informing employees of their duty to document their activities and decisions of business value.
• 4.3.3Employees are responsible for:
  • 4.3.3.1Documenting their activities and decisions of business value.

Leveraging technology

• 4.4.1

  The Chief Information Officer of Canada is responsible for:

  • 4.4.1.1Defining requirements and criteria of Appendix D: Standard on Information Technology User and Workpoint Profiles and Appendix E: Standard on Information Technology Provisions .
• 4.4.2

  The Deputy Head of SSC is responsible for:

  • 4.4.2.1Providing services within their mandate respecting the provisions, limits and thresholds specified in Appendix D: Standard on Information Technology User and Workpoint Profiles and Appendix E: Standard on Information Technology Provisions ;
  • 4.4.2.2Providing departmental CIOs and the CIO of Canada with details on service offering, availability and their department’s actual consumption, subject to data availability;
  • 4.4.2.3Releasing for publication on the Open Government portal enterprise-wide annual statistics on availability and actual consumption, subject to data availability; and
  • 4.4.2.4Providing to departments, subject to data availability, inventories of applications and associated software and versions.
• 4.4.3

  The departmental CIO is responsible for:

  Strategic IT management

  • 4.4.3.1Providing IT services that are responsive to departmental priorities and to the needs of program delivery and business.
  • 4.4.3.2Ensuring that decisions and actions regarding IT are guided by the CIO of Canada’s enterprise-wide plan and prioritization of GC demand for IT services and assets.
  • 4.4.3.3Adopting, as applicable, enterprise solutions within their respective department.
  • 4.4.3.4Developing and maintaining departmental IT management practices and processes, as informed by ITIL (Information Technology Infrastructure Library) and COBIT (Control Objectives for Information and Related Technology), while prioritizing IT asset management, the IT service catalogue and IT service costing and pricing, as appropriate.
  • 4.4.3.5Developing, implementing and sustaining departmental strategies for producing or using appropriate enterprise IT services and solutions, based on the integrated service, information, IT and cyber security departmental plan.
  • 4.4.3.6Collaborating on digitally enabled business transformation with the business owner and other stakeholders.
  • 4.4.3.7Identifying emerging technologies that could potentially contribute to the strategic and business goals of the department and the GC.
  • 4.4.3.8Ensuring that IT services are designed and managed to support interoperability.
  • 4.4.3.9Collecting, maintaining, approving and updating annually the department’s inventory of employees and their assigned profiles per Appendix D: Standard on Information Technology Use and Appendix E: Standard on Information Technology Provisions ;
  • 4.4.3.10Complying with provisions, limits, configurations and thresholds as set out in Appendix E: Standard on Information Technology Provisions , Appendix F: Standard on Enterprise Information Technology Service Usage Restrictions , and Appendix G: Standard on Enterprise Information Technology Service Common Configurations ;
  • 4.4.3.11Identifying planned usage of IT services in the integrated service, information, data, IT and cyber security departmental plan using the Metrics for Government of Canada Information Technology Consumption ;
  • 4.4.3.12Ensuring open source software is encouraged and where used, contributing to the communities whose work is being leveraged.

  Information and data residency

  • 4.4.3.13Supporting the use of cloud services first by ensuring they are:
    • 4.4.3.13.1Identified and evaluated as a principal delivery option when initiating new departmental, enterprise, and community of interest cluster IT investments, initiatives, strategies and projects;
    • 4.4.3.13.2Adopted when they are the most effective option to meet business needs; and
    • 4.4.3.13.3Compliant with appropriate federal privacy and security legislation, policies and standards.
  • 4.4.3.14Ensuring computing facilities located within the geographic boundaries of Canada or within the premises of a Government of Canada department located abroad, such as a diplomatic or consular mission, be identified and evaluated as a principal delivery option for all sensitive electronic information and data under government control that has been categorized as Protected B, Protected C or is Classified.

  Network and device use

  • 4.4.3.15Drafting notices to authorized network and device users to inform them of:
    • 4.4.3.15.1Expectations for acceptable and unacceptable use of GC electronic networks and devices, including a link to the Policy on Service and Digital and instructions to consult Appendix A: Examples of Acceptable Network and Device Use (Non-Exhaustive List) and Appendix B: Examples of Unacceptable Network and Device Use (Non-Exhaustive List) ;
    • 4.4.3.15.2Electronic network monitoring practices applied by their own department or by Shared Services Canada (SSC) according to Appendix C: Privacy and Monitoring of Network and Device Use ;

  Alternative IT services

  • 4.4.3.16Ensuring compliance with procedures established for accessing alternatives to SSC service delivery mechanisms, as necessary.

  At-risk technology management

  • 4.4.3.17Ensuring that technologies are current and that technologies that are unsupported are not used, according to Appendix H: Standard on At-Risk Information Technology .

• 4.5.1The departmental CIO is responsible for:
  • 4.5.1.1Providing functional leadership in the department on the development and sustainability of the IT and information communities through talent management and community development strategies.

• 6.4.1For the purposes of this directive, small departments and agencies are defined as organizations that have reference levels including revenues credited to the vote of less than $300 million per year or that have been, for the purposes of this directive, designated as small departments or agencies by the President of the Treasury Board upon recommendation of the Secretary of the Treasury Board;
• 6.4.2Organizations whose reference levels change so as to bring them above or below the $300 million threshold will not be redefined as large or small departments or agencies unless their reference levels remain above or below the threshold for three consecutive years, to allow for stability and transition, unless otherwise determined by the President of the Treasury Board upon the recommendation of the Secretary of the Treasury Board;
• 6.4.3With regard to small departments and agencies, this directive applies as per subsection 6.1 with the exception of section 4.1.1.1.

• 6.5.1The heads of the following organizations are solely responsible for monitoring and ensuring compliance with this directive within their organizations:
  • Office of the Auditor General
  • Office of the Chief Electoral Officer
  • Office of the Commissioner of Lobbying of Canada
  • Office of the Commissioner of Official Languages
  • Office of the Information Commissioner of Canada
  • Office of the Privacy Commissioner of Canada
  • Office of the Public Sector Integrity Commissioner of Canada
• 6.5.2With regard to Agents of Parliament, the following subsections do not apply: 4.1.1.1, 4.1.1.2, 4.1.1.3, 4.1.1.4, 4.1.1.5, 4.1.1.10, 4.4.3.2 and 4.4.3.15.