:
Thank you very much, Mr. Chairman.
Thank you for the opportunity to make some brief opening remarks to describe the progress that Shared Services Canada has made in its first year of operation.
[Translation]
The government announced the establishment of Shared Services Canada on August 4th, 2011, with a mandate to consolidate, standardize and streamline the delivery of email, data centres and network services in the Government of Canada.
[English]
The first step in achieving those objectives was the transfer, by order in council, of information technology infrastructure responsibilities and resources—including approximately 1,200 employees from Public Works and Government Services Canada—to Shared Services Canada. This was followed by a second set of orders in council on November 15, 2011, which transferred IT infrastructure services and resources from 42 other departments and agencies, as well as over 5,000 employees who were responsible for supporting those services.
On April 1, 2012, SSC was granted full financial authorities. For 2012-13, SSC has an appropriated annual budget of $1.5 billion, with additional revenue authority of $368 million.
[Translation]
And on June 29th, 2012, royal assent was granted to the Shared Services Canada Act, which established the department in legislation. Under the terms of that legislation, SSC's minister has the authority to procure goods and services related to the department's mandate. Resources were therefore transferred from PWGSC to SSC to support the new procurement functions.
As a result, the legislated departmental structure is now in place with the necessary authorities for SSC to function. We have now brought together some 6,500 employees, as well as the assets, funding, contracts and projects related to IT infrastructure across the Government of Canada.
[English]
The department is now focused on four priority areas, as set out in our report on plans and priorities for 2012-13.
[Translation]
Our first priority has been to maintain and improve the delivery of IT infrastructure services. This is critical, as over 2,100 mission-critical systems across the Government of Canada depend on our infrastructure to continue delivering programs and services to Canadians and businesses on a daily basis.
[English]
In order to make sure that we were equipped to assume the responsibility for those operations as of November 15, 2011, we focused on completing the following steps.
We established an operating model organized around seven operational portfolios to promote visibility, accountability, and responsiveness. We identified qualified staff for key positions. We designed and implemented an incident management process to identify, address, track, and monitor incidents that affect the performance of the mission-critical systems for which we're responsible. Also, we developed, in consultation with our staff, an initial operational plan around which they could align their activities and objectives.
[Translation]
The model that we put in place has served us well through our first year of operations, and will evolve as we move forward with our modernization plans.
[English]
Our second priority is to launch the renewal of the Government of Canada's IT infrastructure, with a focus on e-mail, data centres, and networks. As planned, the e-mail transformation initiative is the most advanced, with a commitment to the delivery of a single e-mail solution for partner departments by 2015.
This integrated solution will replace the 63 individual e-mail systems currently in place in the 43 departments we serve. The new solution will support a consistent approach to all aspects of e-mail, including instant messaging, calendars, contacts, folders, directories, and anti-virus and anti-spam protection.
[Translation]
SSC has made substantial progress on this initiative since last November. We have completed an inventory of existing email systems in use today, and confirmed the future requirements of partner departments. The project has been scoped to consider all relevant considerations, including security, mobility and the need for application integration.
[English]
Following an industry engagement phase that began in June 2012, a procurement process is now in progress to identify a potential supplier. This will lead us to the identification of an e-mail solution by the spring of 2013, followed by implementation in waves over the next 24 months.
SSC is also moving forward on plans to consolidate data centres and networks, which will enable us to deliver greater security, higher service quality, and lower costs.
[Translation]
Given the size and complexity of such an initiative, the planning stage is particularly critical. We are therefore carefully assessing the current state of our data centre and network operations. At the same time, we are working with our partners and the industry to design what the future data centre and network configuration should be. We expect to have this work completed, along with a proposed strategy for the transition from current state to end state, for presentation during the first half of 2013.
[English]
Our third priority is to establish the governance mechanisms and implement the partnerships that are essential to a successful enterprise-wide approach. As part of this work, we've undertaken extensive engagement with partners, both within government, including departments and bargaining agents, and in the private sector.
Between November 15, 2011, and March 31, 2012, in advance of the establishment of the necessary SSC financial authorities, we operated on the basis of business continuity framework agreements with our partner departments, according to which we all agreed to continue to provide services and support in such a way as to maintain operational continuity. Since April 1, we've been entering into business arrangements that set out the high-level expectations and commitments that will govern our relationship with our partners.
In the case of organizations with unique business requirements, such as the RCMP, for example, we're also entering into bilateral operating protocols or memoranda of understanding to reflect specific commitments.
[Translation]
I am also pleased to note that we have established a constructive relationship with bargaining agents over the course of the last 12 months. Working through bilateral and multilateral approaches, we have collectively designed a national consultation framework and addressed operational and other issues as they arose in the course of the year.
[English]
From the very beginning, we understood that the development of a positive relationship with the information and communications technology sector would be key to our success. We therefore launched an early engagement process with industry associations to seek their views on a variety of issues, from procurement to innovation. The results of that process led us to propose the establishment of what we are calling the IT Infrastructure Roundtable, which is a forum that will bring leading technology innovators together with SSC staff and key government partners, for a dialogue on our long-term transformation agenda.
[Translation]
Our final priority is to implement the efficient and effective business management processes and services. As a new organization, and as an organization established to take an enterprise approach, we are seizing the opportunity to apply best practices. We are designing a lean and efficient corporate services model that relies on technology to offer responsive services at lower costs; we are adopting common business procedures and partnering with other departments to implement financial and HR systems.
And we are introducing a workforce management strategy to support our staff through the transition that lies ahead.
I will conclude my remarks by recognizing that SSC has much more to do to realize all the objectives that the government has set for us. Nonetheless, a good foundation is now in place — thanks to the active contribution of staff at all levels of the department. They have offered up their expertise and their commitment to deliver results.
[English]
We're very proud of what they've accomplished and look forward to great things in the future, as SSC supports the delivery of programs and services to the Canadians and businesses that depend on them, by providing modern, reliable, and secure IT infrastructure services to the Government of Canada.
We look forward to your questions.
[Translation]
Thank you very much.
As I mentioned in my opening statement, we really launched our initiative to modernize and merge the email systems right from the outset. This was, indeed, the first initiative we undertook. In certain respects, this was the easiest of the three initiatives but, despite everything, it is not a simple one to do. Departments are all organized in their own way. We are talking about 63 systems at present.
We began by really focussing on the situation, establishing how the current systems operated, drawing up an inventory and so on and so forth. We consulted the departments to determine their requirements and what they needed in that respect. We also considered the issue of security. We held discussions with our partners, in particular with the CSTC, Public Works Canada and Justice Canada. It was acknowledged that the email systems are vulnerable in the current information technology systems. I believe that this holds true for both the government and the private sector. Agents are often able to infiltrate our systems through the email systems. And these systems are all interconnected. The email systems are connected to the networks which are in turn connected to the data centres, etc. There really is a gap here which makes the system vulnerable. From the outset we understood that we had to adopt an approach offering greater security.
We then turned to industry for their input. We held information briefings with representatives from the technology sector. These initiatives generated a great deal of interest. Approximately 150 people participated in these sessions. Following that, we prepared a request for information for the industry. In zeroing in on our requirements, we wanted to ensure that we were as well-informed as possible about what industry could provide.
In September, after going through this entire process, we implemented our purchasing and procurement process. We will proceed by determining which preselected companies we will work with for a period varying from six weeks to two months. Our objective is to specify the contract requirements. We did not want to specify these requirements ourselves without first having spoken to people who would be able to provide such services.
The process will be over by the end of this week. This is what we call—and I will refer to it in English as I do not know what the term is in French—
[English]
“the request for responses for evaluation”.
[Translation]
We have established our requirements with respect to both security and tangible experience. We are expecting that approximately five or ten firms will be able to meet these requirements. We are then going to work with these five or ten companies in order to specify the requirements and then, next January, we will prepare a proper request for proposal. We are expecting a solution to be determined before the spring of 2013. Only the 5 or 10 preselected firms will be authorized to submit proposals.
I'll try to answer this in a straightforward manner, although sometimes it gets a little bit complicated. The reality today is that most of our systems are interconnected, because departments communicate with each other. Our purpose now, through a number of initiatives that we've worked on with Public Safety and with CSEC, is to in fact establish a much more solid foundation upon which to move forward.
By way of example, in the past two years, we've created a thing called SCNet, which is a singular way for the government to connect to the Internet. Most of the departments in the Government of Canada now use that as the means by which they connect to the Internet.
By doing it that way, as opposed to having multiple departments with multiple different connection points, we can now establish monitoring and sensing to see what's actually going on. Our colleagues at CSEC are extraordinarily adept at determining whether or not there are inappropriate behaviours and that sort of thing going on. Because of this sensing and the way we've done it, we're now much more capable of actually determining whether or not things are appropriate. That's one example.
Building on that same example, in reference to the supplementary (C)s discussion around this year, we are now going to take that same framework around SCNet and build another Internet connection, but outside of the Ottawa area, because everything is concentrated in Ottawa. That's a secondary thing that we're going to do.
There's a third thing we're going to do when things happen. Prior to the creation of SSC, there were information protection centres. We had approximately 20 of these in various departments. When something went wrong, CSEC would determine it because of its sensing capability, but then it had to coordinate across all these information protection centres to mitigate any of the things that were going on or not happening properly. One of our responsibilities now is to actually consolidate all those information protection centres into a single centre so it's easier to coordinate when things go bump in the night and that sort of thing. Then we want to build a second centre to back that one up.
Those are examples of how we're progressing.
:
What we wanted to do was just work through what they thought was appropriate in terms of a sound working relationship. We touched on all kinds of issues around how innovation actually flows into the Government of Canada, what they thought about the existing procurement processes, and the best way forward in terms of us defining our requirements and this sort of thing.
After a four-month consultation process, where we also had partners with us, by the way.... Industry Canada joined us because of their sectoral interest, as did Treasury Board because of their oversight of the IT function writ large in the government. They were with us as we went through that process.
The conclusion was that it would be very beneficial if the government had a continuing and sustainable process whereby it could engage the private sector in a non-transactional way, so we could get the benefit of their views on how you formulate the right kinds of strategies, how you organize a view around the right architectural template to underpin what we're doing, how we organize the issues around innovation, and how we try to deal with attracting innovative solutions.
Governments are habitually very good a commoditizing things, but it doesn't lead you to very exciting things because they become commoditized, whereas our belief was that in order for us to support small business, it was integral that we find ways to bring innovation to the table. That is something that is important to us.
The associations all agreed. Then we created essentially four working groups to support the round table writ large. There is one on architecture, which has been the most active. There have been two working group sessions focusing on both our data centre and telecommunication strategies. They are helping us to organize how we think about these particular initiatives. The way it works is that we ask the associations to bring forward their subject matter experts, then we present what we think is the right way of going forward, and they comment on it. We work it backwards and forwards until we get to a comfortable place. That's how we put together all the tapestry of technologies that we have to work with.
In the three other areas of procurement, the work has not yet started because we've just stood up our own procurement organization, as Liseanne mentioned. Gina will actually work with the associations around things like procurement benchmarks, such as, what is an appropriate way of measuring performance? I think you've all been witness to procurements that take way too long and don't get to a result—the time is not helpful. That's another subject area that Gina is just about ready to launch.
Another issue that's also very important—and we use the term “smart sourcing”—is how we go through a process of actually figuring out what things should be outsourced versus what should be insourced. We owe that to our employees, for sure, to be clear and articulate on that. As well, it's something that I think needs to be studied in a very deliberate way in order to come to a foundation piece so we can determine the right way to move forward on that.
The final piece, as I've already mentioned, is on innovation. A number of our colleagues have started to formulate a working group on that particular subject. This will culminate in quarterly meetings as the working groups develop their thoughts. The first one is scheduled for November 22. The way that will work is that we'll have the associations plus their representatives there—they each bring one—and we'll be there with a number of other departments that are also interested in the subject. Then we'll convene a two-hour meeting that is structured around the topics at hand.
Thank you, Peter. You are well over time.
Just because you said something nice about my sweater, I can't give you extra minutes, as much as I'd like to.
Voices: Oh, oh!
Mr. Peter Braid: It was worth a try.
The Chair: Committee members, that concludes our first round.
As the chair, I almost fell over when I saw the number of contracts that you listed here. My only question, on behalf of taxpayers, is that with 6,500 employees, why do we have to give Bell Canada $409 million in consulting fees, CGI infotech, $129 million, MTS Allstream, $191 million, and IBM, $33 million...?
It's a staggering amount of money. Where I come from, a million-dollar consulting fee is huge. What could Bell possibly be telling us for $409 million that we didn't already know?
To our witnesses, first of all, I applaud you on your progress to date. I think it's great how much you've accomplished and great that you want to continue to streamline and reduce the duplication in our government IT services. It's still a bit mind-boggling why getting to this point has dragged on for so many years, but I'm glad that we're bringing all the services into I think this much-needed and efficient perspective in today's world of cybersecurity.
I wanted to follow up on my colleague Mr. Trottier's comments about the aspect of security. Yesterday I had the pleasure of hosting my provincial colleague, Minister Ben Stewart, from the B.C. government. I'm the member of Parliament for Kelowna—Lake Country in B.C. The British Columbia government has been very progressive on this initiative. I believe they received an award last night at the government and technology event, which is very timely. Thousands of people are in Ottawa this week talking about Shared Services Canada and the buzz in Ottawa, and how we can use that Canadian technology to help streamline and, as I said, reduce the duplication.
From the security perspective, though, I know that it's not only here but around the world.... I was in Japan last week with our trade committee, working with our Canadian embassy on concerns with international safety and security in the cyberworld. One of the things that we understand is unique in this procurement process is called the national security provisions—I think it's called the NSE. What does it stand for? I think it stands for national security enterprise or something to that effect.
An hon. member: Exemption.
Hon. Ron Cannan: That's it—or national security exception, which I believe I read online.
The problem is that we're trying to ensure Canadian contractors and the safety of Canadians using Canadian companies as principal jobs.... Maybe you can explain to us a little more why the minister has gone down this road of NSE. Do you believe the concern with security will stop the untrustworthy vendors?
:
Thank you for the question.
As was mentioned right from the outset here, perhaps in the first question I received, it has been obvious since the establishment of Shared Services Canada that one of the government's objectives, in addition to greater cost efficiency and better service, was to have a more secure IT infrastructure for the Government of Canada. We knew that security was going to be a focus of ours and a priority of ours from the beginning.
So from the very outset we consulted, as I mentioned earlier, with the Department of Justice, the Department of Foreign Affairs and International Trade, the Department of Public Works and Government Services, CSEC, and our Public Safety partners on what the vulnerabilities were that we would be facing as we built a new e-mail system and transformed the data centres and the networks.
As a result of this consultation, we came to the conclusion that in order to protect Canada's national security interests as we go forward with all of this, it would be relevant to invoke the national security exception. “Exception” is the word; it's the exception to the provisions of the trade agreements. That is essentially what it means. It's a provision that is in all of our trade agreements. It says that if it's required in order to protect national security interests, then governments can derogate from their obligations under those agreements.
But you have to do it in an organized way, which is what we did. There was a notification posted on MERX that summarized the analysis, which came to the view that because of the sensitivity of the systems, the interconnection of the systems, and the sensitivity of the information that is kept on those systems—all the private information of Canadians as well as national security interests—it was appropriate to invoke the national security exception. That's what we did.
What this does is remove us from the obligation of all of the provisions of the trade agreements. Essentially, the key ones are that we can specify country of origin without being subject to a trade tribunal complaint, and we can also not make public our requirements. You will understand that if we are designing the infrastructure and the architecture for a new, modern networking configuration for the Government of Canada, it's not something we would want to advertise. It's not something we would want to put on MERX—that this is what we're building, and this is how we're building it, and this is what we need you to do.
The NSE gives us the flexibility to keep things out of the public domain when we need to and to specify our requirements in terms of security, in terms of country of origin, etc.
We do have a wealth of opportunity when it comes to economies of scale. For example, when we inherited—of course, we inherited people, equipment, and contracts, etc.—we also inherited projects. When we started looking at these projects last winter, we estimated that we had inherited 750 projects “in flight” across the 43 departments. Those projects are already under way. They've been approved by the individual departments.
What we found in going through those projects is that there were several places where they might have five video conferencing projects all going on at the same time, with five different suppliers, five different ways of going about it, and five project management teams. We've been able to consolidate some of those projects. We've cancelled some. We've ended some. That's one example.
This is another very practical example. One department had a data centre in Regina that was nearing the end of its life, and it was part of their plan to build a new data centre on a floor of an office building in Regina. We found that another department in Regina had space in a different data centre, so we were able to not do that build there.
Earlier I mentioned CommVault data centre services, with which we have a contract. We've consolidated and will be saving $15 million and avoiding costs of $15 million over the next three years.
As I said, our back office received a transfer from departments of 13% to set up our internal services. We are aiming for internal services of no more than 11%, so we're just slashing 2% off the top, because we figure that we are able to use common business processes, and we're able to go on financial systems and human resource systems that other departments have put in place, because we believe in doing things that way. As well, we can leverage technology and look at self-serve kinds of solutions for our employees going forward.
Those are examples, but we have had a lot of them. We had a video conferencing system that Agriculture Canada had in place that was one of the better ones among all of the departments, and we were able to bring four other departments onto that same video conferencing system instead of having them develop their own.
That has permitted, among other things, service quality, which is part of this as well. Passport Canada, as a result of being able to use Agriculture Canada's video conferencing, can now video conference with its regional offices, which it couldn't do before.
Those are just some examples.