OGGO Committee Meeting
Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
For an advanced search, use Publication Search tool.
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
Standing Committee on Government Operations and Estimates
|
l |
|
l |
|
EVIDENCE
Tuesday, November 6, 2012
[Recorded by Electronic Apparatus]
[English]
Good morning, ladies and gentlemen.
We'll call our meeting to order.
We're very pleased to welcome to the government operations committee representatives from Shared Services Canada as we undertake a study of the first year of operation of this new entity.
We're pleased to welcome today—and we're grateful for their time—Liseanne Forand, the president of Shared Services Canada; Mr. Grant Westcott, the chief operating officer; and Gina Rallis, the assistant deputy minister and chief financial officer of corporate services.
We would welcome opening remarks from whomever chooses to speak—Ms. Forand, I presume—and then we look forward to questions.
The floors is yours, Ms. Forand.
Thank you very much, Mr. Chairman.
Thank you for the opportunity to make some brief opening remarks to describe the progress that Shared Services Canada has made in its first year of operation.
[Translation]
The government announced the establishment of Shared Services Canada on August 4th, 2011, with a mandate to consolidate, standardize and streamline the delivery of email, data centres and network services in the Government of Canada.
[English]
The first step in achieving those objectives was the transfer, by order in council, of information technology infrastructure responsibilities and resources—including approximately 1,200 employees from Public Works and Government Services Canada—to Shared Services Canada. This was followed by a second set of orders in council on November 15, 2011, which transferred IT infrastructure services and resources from 42 other departments and agencies, as well as over 5,000 employees who were responsible for supporting those services.
On April 1, 2012, SSC was granted full financial authorities. For 2012-13, SSC has an appropriated annual budget of $1.5 billion, with additional revenue authority of $368 million.
[Translation]
And on June 29th, 2012, royal assent was granted to the Shared Services Canada Act, which established the department in legislation. Under the terms of that legislation, SSC's minister has the authority to procure goods and services related to the department's mandate. Resources were therefore transferred from PWGSC to SSC to support the new procurement functions.
As a result, the legislated departmental structure is now in place with the necessary authorities for SSC to function. We have now brought together some 6,500 employees, as well as the assets, funding, contracts and projects related to IT infrastructure across the Government of Canada.
[English]
The department is now focused on four priority areas, as set out in our report on plans and priorities for 2012-13.
[Translation]
Our first priority has been to maintain and improve the delivery of IT infrastructure services. This is critical, as over 2,100 mission-critical systems across the Government of Canada depend on our infrastructure to continue delivering programs and services to Canadians and businesses on a daily basis.
[English]
In order to make sure that we were equipped to assume the responsibility for those operations as of November 15, 2011, we focused on completing the following steps.
We established an operating model organized around seven operational portfolios to promote visibility, accountability, and responsiveness. We identified qualified staff for key positions. We designed and implemented an incident management process to identify, address, track, and monitor incidents that affect the performance of the mission-critical systems for which we're responsible. Also, we developed, in consultation with our staff, an initial operational plan around which they could align their activities and objectives.
[Translation]
The model that we put in place has served us well through our first year of operations, and will evolve as we move forward with our modernization plans.
[English]
Our second priority is to launch the renewal of the Government of Canada's IT infrastructure, with a focus on e-mail, data centres, and networks. As planned, the e-mail transformation initiative is the most advanced, with a commitment to the delivery of a single e-mail solution for partner departments by 2015.
This integrated solution will replace the 63 individual e-mail systems currently in place in the 43 departments we serve. The new solution will support a consistent approach to all aspects of e-mail, including instant messaging, calendars, contacts, folders, directories, and anti-virus and anti-spam protection.
[Translation]
SSC has made substantial progress on this initiative since last November. We have completed an inventory of existing email systems in use today, and confirmed the future requirements of partner departments. The project has been scoped to consider all relevant considerations, including security, mobility and the need for application integration.
[English]
Following an industry engagement phase that began in June 2012, a procurement process is now in progress to identify a potential supplier. This will lead us to the identification of an e-mail solution by the spring of 2013, followed by implementation in waves over the next 24 months.
SSC is also moving forward on plans to consolidate data centres and networks, which will enable us to deliver greater security, higher service quality, and lower costs.
[Translation]
Given the size and complexity of such an initiative, the planning stage is particularly critical. We are therefore carefully assessing the current state of our data centre and network operations. At the same time, we are working with our partners and the industry to design what the future data centre and network configuration should be. We expect to have this work completed, along with a proposed strategy for the transition from current state to end state, for presentation during the first half of 2013.
[English]
Our third priority is to establish the governance mechanisms and implement the partnerships that are essential to a successful enterprise-wide approach. As part of this work, we've undertaken extensive engagement with partners, both within government, including departments and bargaining agents, and in the private sector.
Between November 15, 2011, and March 31, 2012, in advance of the establishment of the necessary SSC financial authorities, we operated on the basis of business continuity framework agreements with our partner departments, according to which we all agreed to continue to provide services and support in such a way as to maintain operational continuity. Since April 1, we've been entering into business arrangements that set out the high-level expectations and commitments that will govern our relationship with our partners.
In the case of organizations with unique business requirements, such as the RCMP, for example, we're also entering into bilateral operating protocols or memoranda of understanding to reflect specific commitments.
[Translation]
I am also pleased to note that we have established a constructive relationship with bargaining agents over the course of the last 12 months. Working through bilateral and multilateral approaches, we have collectively designed a national consultation framework and addressed operational and other issues as they arose in the course of the year.
[English]
From the very beginning, we understood that the development of a positive relationship with the information and communications technology sector would be key to our success. We therefore launched an early engagement process with industry associations to seek their views on a variety of issues, from procurement to innovation. The results of that process led us to propose the establishment of what we are calling the IT Infrastructure Roundtable, which is a forum that will bring leading technology innovators together with SSC staff and key government partners, for a dialogue on our long-term transformation agenda.
[Translation]
Our final priority is to implement the efficient and effective business management processes and services. As a new organization, and as an organization established to take an enterprise approach, we are seizing the opportunity to apply best practices. We are designing a lean and efficient corporate services model that relies on technology to offer responsive services at lower costs; we are adopting common business procedures and partnering with other departments to implement financial and HR systems.
And we are introducing a workforce management strategy to support our staff through the transition that lies ahead.
I will conclude my remarks by recognizing that SSC has much more to do to realize all the objectives that the government has set for us. Nonetheless, a good foundation is now in place — thanks to the active contribution of staff at all levels of the department. They have offered up their expertise and their commitment to deliver results.
[English]
We're very proud of what they've accomplished and look forward to great things in the future, as SSC supports the delivery of programs and services to the Canadians and businesses that depend on them, by providing modern, reliable, and secure IT infrastructure services to the Government of Canada.
We look forward to your questions.
[Translation]
Thank you very much.
[English]
Thank you very much, Ms. Forand.
I noticed that you've circulated quite a comprehensive package of information to committee members. They've had them in advance, and I'm sure that has generated some questions.
For the NDP, the official opposition, we'll go to Linda Duncan.
Five minutes, please.
Thanks, Mr. Chair.
Thank you for being here today.
Ms. Forand, I'm left a little bit confused. You have testified to us today that the first priority for Shared Services Canada is to maintain and improve the deliver of IT in the federal system, but in a letter in June of this year to the Parliamentary Budget Officer, you advised that your first priority is meeting your ambitious target of a $150 million reduction towards deficit reduction by 2014. Perhaps you could clarify for us what is the first priority of Shared Services Canada.
Thank you.
In terms of the priorities, as we were established last November, we articulated very clearly for ourselves that our first priority was to maintain operations. We recognized that we were entrusted with the support of 2,100 mission-critical systems. The Government of Canada runs on IT and it was important for us to equip ourselves to be able to support all of that IT, so we did put a tremendous focus on operational continuity in context and in cooperation with our partners.
As well, as all other departments did, we did have as a priority to meet the deficit reduction targets of government. We were asked to identify initiatives that could add up to 5% and 10% savings. We made a proposal to that effect to the government, which was accepted and announced in the budget.
I don't really separate out the two. We did articulate our first priority in our RPP as being operational continuity. I would say that in identifying the potential initiatives for savings at Shared Services Canada, we did take great care to protect our ability to maintain operations while realizing those savings. We didn't want those changes to affect our ability to operate the systems of government, and we also didn't want those savings to jeopardize our ability to launch our transformation agenda, so we identified initiatives that would enable us to do that.
Thank you.
Following up on your response, I wonder if you could provide us briefly—and if you could provide to us later—the baseline unit costs for IT delivery and your performance framework for meeting these cost reduction targets.
I'll talk about the cost reduction targets first and then ask my colleague, Grant Westcott, to talk about the unit costs, perhaps, after that.
By the way, the initiatives that we identified for our cost reductions in the context of deficit reduction are listed in the integrated business plan that we provided to the committee and to committee members. If you want to look at it, it's on page 13 of that report. We did list the initiatives that we chose.
We were a new organization when we were faced with the requirement to identify 5% and 10% savings. We, as yet, did not have a financial system. We had not yet onboarded the bulk of our employees. We were still very much in a development phase. However, we knew, and I think we discussed this last year when we were before this committee and the minister mentioned it...we were confident that there was what we were calling a “consolidation dividend” that would be available by bringing departments together.
So we identified pricing and costing in the first instance. We had knowledge of contracts that had been passed where the prices had come down. We had knowledge of other contracts that we would be entering into where the prices would be at that level as well. So we were able to identify savings that really leveraged our buying power and our ability to consolidate contracts. Those are the areas that we went to in terms of our initiatives.
The measures for this fiscal year have already been achieved. We have achieved the savings that we identified for this year. Again, it's through contract consolidation and through.... As I mentioned in my opening remarks, in putting together our business processes, we're looking at a very lean internal services model. One of the areas where we identified the possibility of reductions was through internal services, and that's $25 million in cost reductions. That's not cutting; that is not building from the first—
In fact, none of our savings initiatives have to do with cybersecurity.
We have received additional funding this year to support the government's cybersecurity strategy, and those funds were included in the supplementary (A)s this year—$10 million for this year. We are actually receiving additional funding as part of the government's cybersecurity program.
I'm afraid that's the five minutes. People should keep in mind that the five minutes is for questions and answers, so the time goes very quickly.
Next, for the Conservatives, is Jacques Gourde.
You have five minutes, Jacques.
[Translation]
Thank you, Mr. Chair.
I would like to thank the witnesses for coming here this morning.
Ms. Forand, could you please tell us about the progress you have made with respect to emails and how this initiative will improve the efficiency, reliability and overall security of the system? Could you also tell us whether we are now able to see the impact and results of these changes?
Thank you very much.
As I mentioned in my opening statement, we really launched our initiative to modernize and merge the email systems right from the outset. This was, indeed, the first initiative we undertook. In certain respects, this was the easiest of the three initiatives but, despite everything, it is not a simple one to do. Departments are all organized in their own way. We are talking about 63 systems at present.
We began by really focussing on the situation, establishing how the current systems operated, drawing up an inventory and so on and so forth. We consulted the departments to determine their requirements and what they needed in that respect. We also considered the issue of security. We held discussions with our partners, in particular with the CSTC, Public Works Canada and Justice Canada. It was acknowledged that the email systems are vulnerable in the current information technology systems. I believe that this holds true for both the government and the private sector. Agents are often able to infiltrate our systems through the email systems. And these systems are all interconnected. The email systems are connected to the networks which are in turn connected to the data centres, etc. There really is a gap here which makes the system vulnerable. From the outset we understood that we had to adopt an approach offering greater security.
We then turned to industry for their input. We held information briefings with representatives from the technology sector. These initiatives generated a great deal of interest. Approximately 150 people participated in these sessions. Following that, we prepared a request for information for the industry. In zeroing in on our requirements, we wanted to ensure that we were as well-informed as possible about what industry could provide.
In September, after going through this entire process, we implemented our purchasing and procurement process. We will proceed by determining which preselected companies we will work with for a period varying from six weeks to two months. Our objective is to specify the contract requirements. We did not want to specify these requirements ourselves without first having spoken to people who would be able to provide such services.
The process will be over by the end of this week. This is what we call—and I will refer to it in English as I do not know what the term is in French—
[English]
“the request for responses for evaluation”.
[Translation]
We have established our requirements with respect to both security and tangible experience. We are expecting that approximately five or ten firms will be able to meet these requirements. We are then going to work with these five or ten companies in order to specify the requirements and then, next January, we will prepare a proper request for proposal. We are expecting a solution to be determined before the spring of 2013. Only the 5 or 10 preselected firms will be authorized to submit proposals.
We obviously cannot give you an answer right now, but I can tell you that we have established security requirements for those companies who will be given consideration. They will have to go through a security review of both their staff and facilities. They will also have to be able to guarantee their ability to protect Canadian information, what we refer to as data sovereignty. That means that the data centres receiving the emails will have to be located in Canada. Information will be protected in Canada and also when it is sent, for example, to our embassies abroad.
[English]
[Translation]
Thank you, Mr. Chair.
I would like to thank our witnesses for coming here. This is always an issue that I really like to discuss.
When we saw each other the last time, you had not yet understood what you had inherited in its entirety. Do you now have a full understanding of this initiative?
I will start to answer your question, and then I will give the floor to my colleague, who works in the technical sector much more than I do.
I will tell you that we have achieved a great deal of progress since last year. As I said, we have drawn up a complete inventory with respect to the email systems, and we are now in the process of doing the same thing with the data centres and the networks.
We also have an operating model which enables us to get a very complete overall picture of the business's activities, over the long term.
I think I will ask Mr. Westcott to give you a brief explanation of what we have observed.
[English]
Thank you, Mr. Chairman.
If you understand, we've organized our work around e-mail, data centres, and networks. In terms of the e-mail transformation, we're very advanced. We've completed all of our current state. We know exactly how much money we were spending and where.
We have a very good idea, because of our consultations with the private sector, what the art of the possible is. We've built a business case that confirms that it makes business sense to do this and we're in process to acquire the solution. So I think that in terms of that part, the clarity is there—
[Translation]
I'm going to stop you right there, because I have already read all about that. I know that you have a timeframe up until 2015.
The question I'm getting at is whether or not you have a complete inventory of everything that you have inherited with respect to human resources, server locations, software, contracts, etc. Have you done this yet, yes or no? If not, when do you think that you will be able to complete this process?
[English]
Thank you.
In terms of the data centres and telecommunications activities, we are almost complete; it's that complete inventory of everything we have in terms of the number of people, where they work, what they work on, the amount of the physical facilities we own, the amount of technologies that are deployed in these two areas of data centre operations and network operations, as well as all the software that supports both sets of activities. These things are fundamental for us to actually build a plan that we can execute from.
It has taken a long time, because there is a lot of complexity associated with doing this. We were basically dealing with the inheritances of 43 departments that had been building all of these facilities for 50-odd years. There is an inherent amount of complexity in doing that. We're almost complete with that now, as we speak.
[Translation]
Thank you.
You said that you were going to be able to achieve some savings. I see that, basically, you're banking on the IP telephony system in order to achieve savings this year. First of all, has this been done? In addition, in your estimate, how much money will you be able to save simply by installing the IP telephony?
To answer your first question, I would tell you that this has been done for this year. You are quite right in pointing out that we are banking a great deal on the telephony. In fact, this was the right time to do this. The government had a tendency to use old telephone systems that cost us a great deal of money. For example, the government uses a desktop telephone, which we refer to as the Centrex telephone, which costs us approximately $31 per month, whereas an IP telephone costs us approximately $15 per month.
Our plan calls for modernization. We used some aspects of this transformation plan to achieve savings this year. However, we are going to modernize the telephone system throughout the government. We are also going to consider the possibility that, for some people, it would make more sense to provide them with a cell phone rather than an office phone. At present, cell phones are not costing us a great deal of money.
I will ask my colleague if he has some specific numbers. In any case, we have already established that we will be able to save $50 million over three years.
However, we think that we will be able to achieve even more savings with our third initiative, which is to modernize the networks. By modernizing the networks, we will be able to complete this exercise of modernizing the Government of Canada's telephony.
[English]
Thank you, Mr. Chair.
Thank you to our guests for being with us once again on this important initiative.
Recently there has been some discussion in Canada about cybersecurity. The Auditor General recently had a report in which he was talking about some of the vulnerabilities we have.
Could you describe how an initiative like Shared Services Canada enhances cybersecurity? Some people would say that if you have everything connected, as you describe, once somebody is in, technically they could then penetrate all the systems of the Canadian government. You described a little bit of this in your presentation. Could you tell us in a little more detail how this initiative enhances security?
Thank you.
My colleague, Grant Westcott, has been very heavily involved in this since we created Shared Services Canada, so I'm going to ask him to answer your question.
Thank you, Mr. Chair.
I'll try to answer this in a straightforward manner, although sometimes it gets a little bit complicated. The reality today is that most of our systems are interconnected, because departments communicate with each other. Our purpose now, through a number of initiatives that we've worked on with Public Safety and with CSEC, is to in fact establish a much more solid foundation upon which to move forward.
By way of example, in the past two years, we've created a thing called SCNet, which is a singular way for the government to connect to the Internet. Most of the departments in the Government of Canada now use that as the means by which they connect to the Internet.
By doing it that way, as opposed to having multiple departments with multiple different connection points, we can now establish monitoring and sensing to see what's actually going on. Our colleagues at CSEC are extraordinarily adept at determining whether or not there are inappropriate behaviours and that sort of thing going on. Because of this sensing and the way we've done it, we're now much more capable of actually determining whether or not things are appropriate. That's one example.
Building on that same example, in reference to the supplementary (C)s discussion around this year, we are now going to take that same framework around SCNet and build another Internet connection, but outside of the Ottawa area, because everything is concentrated in Ottawa. That's a secondary thing that we're going to do.
There's a third thing we're going to do when things happen. Prior to the creation of SSC, there were information protection centres. We had approximately 20 of these in various departments. When something went wrong, CSEC would determine it because of its sensing capability, but then it had to coordinate across all these information protection centres to mitigate any of the things that were going on or not happening properly. One of our responsibilities now is to actually consolidate all those information protection centres into a single centre so it's easier to coordinate when things go bump in the night and that sort of thing. Then we want to build a second centre to back that one up.
Those are examples of how we're progressing.
Thank you.
Just for the benefit of the committee, could you restate...? In terms of the things that are top secret, that's not part of your mandate. Is that correct?
Okay.
My last question has to do with the cost side of it.
You mentioned three things you're trying to do: improve service quality, reduce costs, and enhance security. In the time I have, I want to talk about costing.
Mr. Westcott, I know that you've worked in financial services before, and I know you would extensively benchmark how you perform from a cost point of view vis-à-vis your competitors.
How does the Government of Canada look at benchmarks? Typically when you look at costs, you'd say that between 1% and 3% or 4% of revenues is an appropriate figure to be spending on information services. What's the appropriate figure for the Government of Canada? I know that maybe revenue is not the right measure....
That's a really difficult question. In the private sector, because of its competitive nature, you do get benchmarking services, and they are so focused on costs that the ability to actually compare is very well developed. In government, it's not quite the same thing.
By way of example, the U.S. government and the Canadian government are closely aligned in terms of organizational structures and mandates and those sorts of things. One way you can look at this is to say.... Usually, a way of perhaps describing this is that the U.S. itself—its economy and the government itself—is roughly 10 times the size of the Canadian government, but we spend about $5 billion in total on IT, whereas the U.S. government spends north of $81 billion on IT. When you do the 10:1 ratio, it doesn't quite work. I'm not sure whether we are underspending or they are overspending, but those are the only kinds of benchmarks we have on that type of thing at this juncture.
Part of what we are going to do, as we develop our business plans for data centres and networks, is to try to get to a more private-sector-like comparative framework, because we do have enough scale and we do have enough ability to actually figure out how much it costs to run a server, how much it costs us per square foot to manage a data centre, or how much it costs us to actually deploy a network connection per person in a building.
Those will feature in how we actually do our work in trying to move the agenda forward, and we will try to strive for private sector performance in that sense. As I said, it's a complicated subject, but that's a way of trying to describe it.
Thank you, Mr. Chair,
Welcome to our witnesses.
I notice that you have a contract with Bell for what's called “management consulting” for $400 million. That seems quite a lot of money, so I was wondering if you could explain what that's about.
Thank you, Mr. Chair.
This is a contract that was signed in 2007. It was a renewal to something called the secure channel contract. You may be familiar with the secure channel, which earlier—in 1999 or 2000, I think it was—was originally negotiated. It used something called a PKI technology to keep communications secure. That contract was signed with Bell.
That contract was renewed for the last time in 2007, with the understanding with Bell that the objective of this last renewal was to move beyond the PKI technology to something that was—it's called SAML and I can't remember what SAML stands for—less proprietary than the PKI technology that was being used. The objective of the renewal of the contract was to move off the PKI technology, to finish the dependence and the reliance of the Government of Canada on that particular technology and approach, and to move to a more off-the-shelf kind of solution.
What has happened since 2007 is that gradually the costs of the secure channel went down, but more importantly, the government has in fact migrated off that contract. You may have seen references to the ability now for Canadians to use their credentials from their banks to be authenticated for government programs such as EI or others.
That is the end of that contract; it formally comes to an end.... It has one more option year for next year, but we have completed the migration onto the new system.
Okay.
You were required to find I think $150 million in savings through the strategic and operating review. You mentioned page 13 of your report, which contains a list of items, but it doesn't contain any dollar figures. Have you found that $150 million and is that summarized in those items?
Thank you.
Well, we have identified savings initiatives worth $150 million and we can provide the committee with the list, with the dollar amounts next to them. For this first year, we identified an amount that was 5%, so it's $75 million for the first year, and those amounts have been identified and have been realized.
Over three years, okay.
For my next question, I think I remember that in your previous appearance you said that the upfront investment in the e-mail transformation would be funded by further savings, presumably in addition to the $150 million. Have you found those further savings? If so, can you tell us where you found them?
We are indeed funding the e-mail project internally, so the amounts we've spent so far obviously have been devoted to project management: all the work required to do the analysis, the inventories, the specifications, and run the industry engagement and the procurement. We have been able to finance that internally without any additional funding.
We found this funding in the same way that we identified the initiatives under the deficit reduction action plan, that is, by identifying operational savings through consolidation. It's our expectation that we will be able to fund the e-mail initiative internally. We will know exactly what the total cost of that internal funding is, of course, once we have identified a supplier, which will be in the spring.
What is the approximate cost for which you will have to find savings to fund the e-mail transformation?
We've identified a maximum cost. It's not the approximate cost. In terms of the maximum authority we have to spend on the e-mail project, it's $80 million over three years, but that is, I would say again, a maximum. It was for the purposes of getting project authority to launch the project. We will have a much better idea once we've identified a supplier in terms of what that might require.
So your total savings would be a maximum of $80 million plus $150 million—$230 million over three years.
I'm not saying we've realized that $80 million. That's what we have the authority to spend, and we're confident that we will be able to find it internally.
My thanks to our witnesses for being here this morning and for providing us with an update on Shared Services Canada.
I want to zero in on the IT Infrastructure Roundtable initiative. Could you elaborate on that? It sounds like a very important, innovative, and collaborative initiative. Could you tell us more about when the round tables began, how they're working, and the value that they're providing?
Thank you.
I'm going to ask Grant to answer this one. He's been spearheading our engagement with industry from the very outset.
Thank you.
This came about, as Liseanne mentioned in her speech, because at the beginning, when we first created Shared Services Canada, we knew that we had to have a very sound and fluid relationship with the private sector in order for us to be successful. We engaged all of the major associations like ITAC, which has appeared here, CITPA, CATA, and Communitech out of Kitchener-Waterloo, etc.
What we wanted to do was just work through what they thought was appropriate in terms of a sound working relationship. We touched on all kinds of issues around how innovation actually flows into the Government of Canada, what they thought about the existing procurement processes, and the best way forward in terms of us defining our requirements and this sort of thing.
After a four-month consultation process, where we also had partners with us, by the way.... Industry Canada joined us because of their sectoral interest, as did Treasury Board because of their oversight of the IT function writ large in the government. They were with us as we went through that process.
The conclusion was that it would be very beneficial if the government had a continuing and sustainable process whereby it could engage the private sector in a non-transactional way, so we could get the benefit of their views on how you formulate the right kinds of strategies, how you organize a view around the right architectural template to underpin what we're doing, how we organize the issues around innovation, and how we try to deal with attracting innovative solutions.
Governments are habitually very good a commoditizing things, but it doesn't lead you to very exciting things because they become commoditized, whereas our belief was that in order for us to support small business, it was integral that we find ways to bring innovation to the table. That is something that is important to us.
The associations all agreed. Then we created essentially four working groups to support the round table writ large. There is one on architecture, which has been the most active. There have been two working group sessions focusing on both our data centre and telecommunication strategies. They are helping us to organize how we think about these particular initiatives. The way it works is that we ask the associations to bring forward their subject matter experts, then we present what we think is the right way of going forward, and they comment on it. We work it backwards and forwards until we get to a comfortable place. That's how we put together all the tapestry of technologies that we have to work with.
In the three other areas of procurement, the work has not yet started because we've just stood up our own procurement organization, as Liseanne mentioned. Gina will actually work with the associations around things like procurement benchmarks, such as, what is an appropriate way of measuring performance? I think you've all been witness to procurements that take way too long and don't get to a result—the time is not helpful. That's another subject area that Gina is just about ready to launch.
Another issue that's also very important—and we use the term “smart sourcing”—is how we go through a process of actually figuring out what things should be outsourced versus what should be insourced. We owe that to our employees, for sure, to be clear and articulate on that. As well, it's something that I think needs to be studied in a very deliberate way in order to come to a foundation piece so we can determine the right way to move forward on that.
The final piece, as I've already mentioned, is on innovation. A number of our colleagues have started to formulate a working group on that particular subject. This will culminate in quarterly meetings as the working groups develop their thoughts. The first one is scheduled for November 22. The way that will work is that we'll have the associations plus their representatives there—they each bring one—and we'll be there with a number of other departments that are also interested in the subject. Then we'll convene a two-hour meeting that is structured around the topics at hand.
Thank you.
Thank you, Peter. You are well over time.
Just because you said something nice about my sweater, I can't give you extra minutes, as much as I'd like to.
Voices: Oh, oh!
Mr. Peter Braid: It was worth a try.
The Chair: Committee members, that concludes our first round.
As the chair, I almost fell over when I saw the number of contracts that you listed here. My only question, on behalf of taxpayers, is that with 6,500 employees, why do we have to give Bell Canada $409 million in consulting fees, CGI infotech, $129 million, MTS Allstream, $191 million, and IBM, $33 million...?
It's a staggering amount of money. Where I come from, a million-dollar consulting fee is huge. What could Bell possibly be telling us for $409 million that we didn't already know?
That's a very good point, Mr. Chairman.
In fact, when we look at the contracts as they're listed there and the categories against which they're listed, I think the first thing that strikes us is how inappropriate the names of those categories are. For example, in the case of the $407-million secure channel contract, that was to provide technology support. It was the actual infrastructure—the pipes, the technology, and the networking—that provided secure Internet access and secure communications for the Government of Canada.
For example, IBM or Allstream...that's telephone services, networking services for telephones in government. A CGI contract would be for the provision of support and services—hardware and software—and maintenance. A lot of these things are labelled as management consulting, and we are in fact quite shocked at how these categorizations work. We would like them to better reflect what it is they do. All of the large contracts in that list are for large, managed services having to do with technology that is being provided, whether it's networking or hardware.
If you'd like more information, I'm sure Grant could give you more on what these things actually are, but they are not what you would consider to be individual management consultants. You'll often have the hardware, the software, the services, and the support.
We shouldn't need these charges anymore, then. Under this new Shared Services Canada, we don't need to give Bell $400 million anymore, or IBM, or any of them, frankly. Is that the idea?
We continue to need to have contracts with the telecommunications companies, with the IT companies. We in the Government of Canada operate our programs, our systems, and the infrastructure. Just like any other organization, be it in the private sector or the public sector, we rely on IT companies to build the computers, the hardware, and the software that we use. That's what we buy, and then our own staff operate those systems and work very closely with the providers.
Just as a very brief example, we were talking about cyber incidents before. If an incident is detected, our staff are the ones who are on the front line and who monitor and mitigate what's happening, but they do that in conjunction with the company. They'll call Allstream and say that they have an issue on their system or their network, and then the solution will be worked out together.
[Translation]
Thank you, Mr. Chair.
Ms. Forand, at a conference, you stated that it would take six, eight or ten years to complete the transformation process. A lot of things can change over such a long period of time. Life cycles can last two, three or four years.
First of all, can you guarantee that the solutions you adopt will not be obsolete once the project has been completed?
Moreover, will our systems have the flexibility required to adapt to new technologies? I myself have worked in the government and saw, at that time, some supposedly very modern systems when we were still using the green screen 10 years later. There were some problems.
Thank you very much. That is a good question.
First of all, we foresee this transformation period occurring over a 6 to 10-year timeframe; however, we will be implementing it on a gradual basis. We are not going to wait until the end before everything is implemented.
As I mentioned in my opening statement, this is exactly why the planning phase is so important. We have to know, first of all, where we are coming from and what we have.
You talked about a life cycle. We are going to want to integrate this life cycle into our transformation process in order to replace things as they become obsolete. We are going to replace what we now have.
However, with respect to the major transformations that will be taking place in our data centres and networks, our objective is to build for the future. This is one of our guiding principles. We must be looking forward. That does somewhat explain why we were so organized in our approach with industry. The information technology industry has the best knowledge. We do not simply want to rely on suppliers to determine what we could expect in the future. We want to have a better overall understanding. That is why we are working with people from this roundtable.
We are also talking to other companies, other thinkers, other influential people elsewhere. We really want to build something for the future. We want to integrate the flexibility you alluded to into the entire modernization process.
A problem will result. If we find a miracle solution for the financial planning of changes to come, I think that IBM and Apple will be happy to cooperate with you to get this information. In reality, we have no idea what the next 10 years will bring us.
I find it curious that you are making budget forecasts, claiming on the one hand to have a basis, and on the other hand, acknowledging the need for flexibility and adaptability. I do not believe that tomorrow the figures will reflect today's reality. We have no idea what is in store for us.
We have only to look back at previous initiatives. The Secure Channel Network was supposed to cost $96 million and wound up costing $1 billion. The Government of Canada Marketplace, which initially was to be very inexpensive, ultimately cost $50 million. We always find ourselves dealing with problems in the area of flexibility, adaptation and lack of information.
We also have to think about the complex relationships with the various departments and their characteristics. Do you have any mechanisms that enable you to deal with this technological divide that exists between the departments, while this transformation is proceeding? This could cost millions if not billions of dollars for the Department of National Defence, should there be any delays whatsoever.
When we deal with the relationships between the departments, we want to focus on certain aspects in particular. You are quite right in observing that the departments are very diversified. There are all kinds of requirements, capacities and degrees of complexity. Obviously, the Department of National Defence is a huge, very complex department with numerous requirements.
At the same time, when it comes to IT infrastructure, in the sector of concern to us, namely data centres, networks and email systems, we will be able to standardize many areas. We will do this horizontally within the 43 departments. Some processes, from the technological standpoint, are already standardized throughout a government such as ours. We are going to standardize procedures in these areas, while at the same time acknowledging the particular requirements of various departments in other areas.
We think that we will be able to nevertheless make great strides in defining and providing more standardized services throughout the government.
[English]
Thank you very much, Mr. Chair. I too join my colleagues in welcoming you here today. I think this has been a good discussion about the progress that has been made on Shared Services Canada.
I want to follow up on some of the questions my colleague was asking about industry engagement. I want to go back to the process regarding the round tables. Is this a pilot initiative, or do you see this becoming a permanent process whereby you engage in this kind of way?
We believe—and this was the nature of the conversation with the associations—that we needed to have this conversation on a sustained and continuing basis for it to actually serve us both well. It was important to have transparency around what are we doing and how we are doing it and clarity on the best way to do it.
Right from the beginning, it was thought that it was important that it be considered a regular thing done every quarter. If we have a six- to eight-year program for it to be helpful, the advice and counsel through the duration of it is essential.
Thank you.
You also mentioned in your response that you were actively seeking the engagement of SMEs. Would you speak to exactly what it is you're doing to engage SMEs and encourage them to come to the table or to help them even?
Two of the associations we're working with represent SMEs. We work very hard to make sure their voices are heard. ITAC is an interesting association, because it represents both very large companies and small companies, whereas CITPA and CABiNET really do represent small companies. The best way we think we can move forward is to in fact make sure that they have an equal voice and that we listen attentively to what they have to say.
I think things will be more interesting going forward when we get to this topic of innovation, because small businesses typically are very good at providing greater insight that way. That subgroup has not formed yet, but we think there will be very interesting things to come from that as we get going.
Earlier on, you also spoke about the challenge between perhaps what you're doing and the private sector in terms of performance benchmarks. I'm wondering if you could share with us what Shared Services Canada is doing to ensure that in fact you are adopting best practices and industry standards.
The background behind the government's decision to create Shared Services was the recognition that it was time for the government to start to consider that a new model was necessary in order to support the entire government. That was a kind of underpinning that came forward at that time.
It was based on the fact that in the private sector and in some other governmental areas people had benefited from these large-scale approaches in terms of consolidation and approaches to doing things properly, but from an enterprise perspective as opposed to a subunit perspective of a corporation, for instance.
Basically, we're benefiting from the experiences of other companies. They've been through this. They've reached the end of their journeys. The results have been, by and large, quite positive.
We've spent quite a lot of time since our formation in reaching out to companies like HP, IBM, and others that have gone through the whole journey for their own operations in order to look at how they've done it and the approaches they have put forward. We are adopting the same types of project management approaches, their approaches to governance, and their approaches to organizing business cases going forward.
From that perspective, we're trying to get the benefit of all of those lessons that have been successful in the past. Plagiarism is a great thing.
Some hon. members: Oh, oh!
Thank you, Mr. Chair.
I've noted this massive list of contracts. If I understand your intention from your materials, strategy, and presentation, you're in the process right now of moving to consolidate a sizable portion of this under one contract.
We've all gone through the experience of trying to get rid of a cellphone contract or a telephone contract on a land line. Have you calculated the costs of buyouts of the current contracts? Is that factored into the cost of implementing this system?
There's a great number of contracts. I'd just mention at the outset that on the list you received, when you're looking at 2011-12, the last fiscal year, these were all contracts that were entered into by 43 different departments. That's what we inherited.
We're looking at an approach to consolidating these contracts where we can, when it's best, and when it's most economical to do so. We aren't looking at breaking contracts and redoing them. As they come available for renewal, we look at consolidation or we work with the vendor.
For example, there's a vendor called CommVault. It provides data centre services—support to data centres and storage. We have consolidated all of our CommVault contracts, without any penalty, which will result in savings and cost avoidance over the next three years of $15 million.
We're working with our vendors—for example, large vendors—to see how we can consolidate Microsoft, IBM, or whatever. It's not our objective...I wouldn't want the committee to think that are going to end up with one huge contract for everything we buy, or even in each category. We're going to want to continue to have a diversity of suppliers to make sure we have good competition and good market-based competition.
We're managing the contracts in a way that makes the most sense in terms of what we need to buy, when we need to buy it, the state of the contract, the performances of the contractor and of the supplier, etc. We will be gradually consolidating all of these contracts as we go forward—
Ms. Linda Duncan: Okay—
Ms. Liseanne Forand: —but we'll never end up with a single one.
I have limited time, and I want to give some of my time to my colleagues.
It's reassuring that you are looking to additional smaller service providers. I know this from the experience of running an MP's office: we have a lot of support when we're here on the Hill, but in the riding we are abandoned. Certain suppliers are hired and they don't necessarily make you a priority; they have a whole list of clients.
How are you managing the issue of...? For many departments, like Environment Canada, for example, or Aboriginal Affairs, a lot of their work is done in the regions. How are you ensuring their critical support as you move to more and more reliance on computerized systems and e-mails, and replacing staff with online systems? Do you have as a factor ensuring that regional offices are well served?
Yes, thank you for that. We did inherit staff located all across the country. I believe we're in 300 different locations all across Canada, so we've built that into our operational model.
Kevin Radford, who's here with us and who's the senior ADM for operations, has organized his work in vertical portfolios, but also with regional coordinators. We have a regional coordinator in the Atlantic region. We have one in Ontario, one in Quebec, one in the west, and one for the north. Those people are our management eyes and ears on the ground. We work with staff in those regions, and we work with the departments in terms of their regional location.
I met last week with the Deputy Minister for Parks Canada, for example, and that was one of his real preoccupations, because they have a highly distributed workforce. He expressed his satisfaction that we were taking the needs of his workforce into account.
We're moving toward new innovative technologies, which is great, but one of the challenges is that in certain isolated regions you may not have providers who have any knowledge of servicing that technology. I'm wondering how you're going to factor in all of that.
Our predecessor organization, the IT shared services branch at Public Works, had a history of working with regional service providers, particularly in the telecom area. We're going to continue to do that and we are continuing to do that now.
We find, actually, that there is a good diversity of suppliers across the country. Increasingly, even in the far north, the infrastructure capacity is growing. We're confident that over the next few years we are going to be able to increase connectedness, if you will, even across the territories, to a much greater extent than what's there now. We work with Northwestel and organizations like that to make sure those interests are taken into account.
Thank you, Mr. Chair.
To our witnesses, first of all, I applaud you on your progress to date. I think it's great how much you've accomplished and great that you want to continue to streamline and reduce the duplication in our government IT services. It's still a bit mind-boggling why getting to this point has dragged on for so many years, but I'm glad that we're bringing all the services into I think this much-needed and efficient perspective in today's world of cybersecurity.
I wanted to follow up on my colleague Mr. Trottier's comments about the aspect of security. Yesterday I had the pleasure of hosting my provincial colleague, Minister Ben Stewart, from the B.C. government. I'm the member of Parliament for Kelowna—Lake Country in B.C. The British Columbia government has been very progressive on this initiative. I believe they received an award last night at the government and technology event, which is very timely. Thousands of people are in Ottawa this week talking about Shared Services Canada and the buzz in Ottawa, and how we can use that Canadian technology to help streamline and, as I said, reduce the duplication.
From the security perspective, though, I know that it's not only here but around the world.... I was in Japan last week with our trade committee, working with our Canadian embassy on concerns with international safety and security in the cyberworld. One of the things that we understand is unique in this procurement process is called the national security provisions—I think it's called the NSE. What does it stand for? I think it stands for national security enterprise or something to that effect.
An hon. member: Exemption.
Hon. Ron Cannan: That's it—or national security exception, which I believe I read online.
The problem is that we're trying to ensure Canadian contractors and the safety of Canadians using Canadian companies as principal jobs.... Maybe you can explain to us a little more why the minister has gone down this road of NSE. Do you believe the concern with security will stop the untrustworthy vendors?
Thank you for the question.
As was mentioned right from the outset here, perhaps in the first question I received, it has been obvious since the establishment of Shared Services Canada that one of the government's objectives, in addition to greater cost efficiency and better service, was to have a more secure IT infrastructure for the Government of Canada. We knew that security was going to be a focus of ours and a priority of ours from the beginning.
So from the very outset we consulted, as I mentioned earlier, with the Department of Justice, the Department of Foreign Affairs and International Trade, the Department of Public Works and Government Services, CSEC, and our Public Safety partners on what the vulnerabilities were that we would be facing as we built a new e-mail system and transformed the data centres and the networks.
As a result of this consultation, we came to the conclusion that in order to protect Canada's national security interests as we go forward with all of this, it would be relevant to invoke the national security exception. “Exception” is the word; it's the exception to the provisions of the trade agreements. That is essentially what it means. It's a provision that is in all of our trade agreements. It says that if it's required in order to protect national security interests, then governments can derogate from their obligations under those agreements.
But you have to do it in an organized way, which is what we did. There was a notification posted on MERX that summarized the analysis, which came to the view that because of the sensitivity of the systems, the interconnection of the systems, and the sensitivity of the information that is kept on those systems—all the private information of Canadians as well as national security interests—it was appropriate to invoke the national security exception. That's what we did.
What this does is remove us from the obligation of all of the provisions of the trade agreements. Essentially, the key ones are that we can specify country of origin without being subject to a trade tribunal complaint, and we can also not make public our requirements. You will understand that if we are designing the infrastructure and the architecture for a new, modern networking configuration for the Government of Canada, it's not something we would want to advertise. It's not something we would want to put on MERX—that this is what we're building, and this is how we're building it, and this is what we need you to do.
The NSE gives us the flexibility to keep things out of the public domain when we need to and to specify our requirements in terms of security, in terms of country of origin, etc.
I think you said at the beginning that you inherited something like 6,200 employees. As you look at these cuts of $150 million, plus a potential $80 million, how many employees do you think you would have when you're fully functioning in the new system—approximately?
In the first instance, in looking at our deficit reduction action plan targets—I mentioned at the beginning that we looked at how we could save the $150 million over three years—we wanted to protect our operational capacity, and we didn't want to jeopardize our ability to complete the transformation in the timelines that had been provided to us by the government, so we identified the items that we did.
Our expectation is that the $150 million will not have a big impact on our labour force. That was actually also a consideration of ours.
For example, we've identified $25 million in reductions in internal services. As I mentioned, we're doing that by not building rather than by cutting, so we do not identify any FTE losses. Well, we identified 250, but they weren't people that we already had. That was money we received from departments which we had not used for staffing yet, so we have not had to declare any employees affected or surplus in Shared Services Canada as a result of this. The 250 FTEs are related to internal services—those are jobs we are not filling—and then an extra 50 jobs over the three-year period will be affected in the telephony area. We're confident that we can manage those reductions through attrition.
Over the next three-year period to achieve the reductions that we've identified as part of budget 2012.
It's not that I'm favouring firing people, but I would have thought that if you consolidated 42 departments into one you would have more people than you needed because of that consolidation.
We have put in place something we called our workforce management strategy. The focus of that workforce management strategy is really to manage our way through this transformation. One of the provisions of that strategy is to favour continuity of employment for indeterminate employees. We want to manage it. We have a five-to-six-to-eight-year runway, if you will. We want to manage attrition. We want to manage our contingent workforce, whether they're casuals, terms, or contractors, in such a way as to provide continuity of employment for our indeterminate staff.
But with respect to the 300 FTEs to date, that is with respect to the 150. I think, as one of the other committee members said, that IT is continually evolving. So it's difficult for us to predict now what that IT infrastructure staff complement will look like in six or eight years, because we will have new and different kinds of requirements.
Coming back to this long list of contracts, I didn't add it up, but it looks like it's somewhere between $1 billion and $2 billion. Will the value of these contracts be smaller than it is on this list? Is that one of the sources of savings?
Yes. As we go through our transformation exercise, we are moving from 63 e-mail systems down to one. We will have some way of sourcing a supplier for that e-mail system, which will operate one solution across all of government. Right now, our 43 departments have at least 63 different contracts out there. That's just a small example. Without going to a single mega-contract, we will be maintaining a diversity of suppliers, but not diversity to the extent that you are seeing here.
Thank you, Chair.
My thanks to our witnesses for appearing before us today.
I think everybody would agree that SSC is a new department. It has an ambitious mandate. In your concluding remarks, Madam Forand, you stated that a lot has been done, but that you need to do a lot more to realize all of the objectives the government has set for the department. I think you should be commended on the tremendous work that has been done so far in such a short time.
I wonder if you could share with us some of the economies of scale that you have realized by consolidation. Would you be able to share some of those economies of scale with us?
Thank you.
We do have a wealth of opportunity when it comes to economies of scale. For example, when we inherited—of course, we inherited people, equipment, and contracts, etc.—we also inherited projects. When we started looking at these projects last winter, we estimated that we had inherited 750 projects “in flight” across the 43 departments. Those projects are already under way. They've been approved by the individual departments.
What we found in going through those projects is that there were several places where they might have five video conferencing projects all going on at the same time, with five different suppliers, five different ways of going about it, and five project management teams. We've been able to consolidate some of those projects. We've cancelled some. We've ended some. That's one example.
This is another very practical example. One department had a data centre in Regina that was nearing the end of its life, and it was part of their plan to build a new data centre on a floor of an office building in Regina. We found that another department in Regina had space in a different data centre, so we were able to not do that build there.
Earlier I mentioned CommVault data centre services, with which we have a contract. We've consolidated and will be saving $15 million and avoiding costs of $15 million over the next three years.
As I said, our back office received a transfer from departments of 13% to set up our internal services. We are aiming for internal services of no more than 11%, so we're just slashing 2% off the top, because we figure that we are able to use common business processes, and we're able to go on financial systems and human resource systems that other departments have put in place, because we believe in doing things that way. As well, we can leverage technology and look at self-serve kinds of solutions for our employees going forward.
Those are examples, but we have had a lot of them. We had a video conferencing system that Agriculture Canada had in place that was one of the better ones among all of the departments, and we were able to bring four other departments onto that same video conferencing system instead of having them develop their own.
That has permitted, among other things, service quality, which is part of this as well. Passport Canada, as a result of being able to use Agriculture Canada's video conferencing, can now video conference with its regional offices, which it couldn't do before.
Those are just some examples.
One of the other things we're looking at in this committee is energy efficiency across our government infrastructure. What can you tell us about some of the environmental benefits arising from the consolidation?
I'm going to turn this one over to Grant, because particularly on the topic of data centres I think it's very promising.
You've seen the numbers before. We've said that we have about 300 data centres. That breaks down into 20 large ones, with 65 in the middle, and a balance of smaller ones. In aggregate, that adds up to about 600,000 square feet of data centre floor space.
I've had an opportunity to actually visit 18 of the original 20 big ones. By and large, all of those data centres were built in the late seventies and the early eighties, using standards that existed at that time. Two things have happened through data centre evolution. The first thing is power efficiency and cooling efficiency, because those two things come in tandem in a data centre. When you power something, it creates heat, and you have to turn around and cool it, so you get that double effect.
New data centres are much more efficient. They're built to much higher standards, so there's a bonus in that you use less power. They're enormous power hogs.
The second thing, because technology is a lot more compact, is that you can use much less floor space. We estimate that instead of using 600,000 square feet, by the time we've finished all of the work we'll get to somewhere around 200,000 square feet, so there is a 3:1 space advantage just by taking advantage of advances in technology and that sort of thing.
All of that adds up. By the time you have increased efficiency and less floor space, you're going to end up with an environmental bonus at the end.
[Translation]
Thank you, Mr. Chair.
You mentioned a list of savings you had committed to achieve. Are you going to table this list?
Excellent.
When you made your savings commitments, you did not yet have an overall picture of your activities, something that you still do not have, moreover. Obviously, some things are easier, such as IP telephony. This is useful when you want to get off to a fast start. However, as far as the rest is concerned, you need to have a more in-depth knowledge.
The Plans and Priorities Report does not really show any staff reductions, something I'm quite happy about. I imagine that you are focussing more on maximizing contracts with outside firms.
I would like you to tell us about your approach with these outside firms and compare this with how you deal with internal employees. Are you going to draw more heavily on your internal employees or are you going to turn to consulting firms?
Thank you for your question.
As I mentioned earlier, we believe that we must find the right balance between using our internal employees and contract employees, or using employees hired for a set period of time. As Mr. Westcott mentioned earlier in answering another question, this is one of the areas we want to examine. Indeed, we want to know what the right balance is in this field, what are the jobs, activities and fields where we will always want to use government employees, and what are the fields where we need to call upon industry, as it is always better to have the best tools available for reasons of flexibility and modernization.
We intend to do an analysis of everything that we've inherited. In addition to all of the contracts, we have also inherited a certain number of contract employees. At times...
We do not have the exact number, but we think that we are talking about approximately 1,700 contract employees.
We want to know what these people are doing. Some of these contract employees were hired on an individual basis, but others come with services that we have purchased. For example, a department may, because of its small size, ask a company to provide the complete service for one of its programs. In such a case, we will buy everything as one piece: the staff, the equipment and the software. Some of these 1,700 contract employees come from arrangements that the departments have inherited. Others are people who work on slightly more specific projects.
We therefore want to analyze this number. We want to know where these people are located and what they do. We need to decide whether we want to continue on this basis or whether we would prefer to take a different approach, if we are not talking about permanent positions. For example, we need to determine whether it would be advantageous to use term staff as opposed to contract employees. We want to do a complete analysis and plan our human resources in a comprehensive fashion, as recommended by the Auditor General in his recent report.
That is excellent.
We dealt indirectly with the Secure Channel Network, which is relatively expensive. Are you going to trash it and start over with something else or are you going to continue using it? What is your game plan for this project?
We have already made substantial progress in this area.
I will ask Mr. Westcott to provide you with a brief update on the issue, as he sits on a deputy minister committee in charge of supervising this project.
[English]
Thank you, Mr. Chairman,
About four years ago, the Treasury Board Secretariat, in conjunction with a number of interested departments, went down the road that said that the secure channel, as it was originally conceived way back in 1999 and 2000, really was not serving us well. Therefore, we had to pursue other avenues that were less expensive and more consistent with the way things work today. We then went through a series of evaluations and RFPs and that sort of thing, and essentially ended up with two solutions to replace the secure channel.
One of those solutions uses what's called a broker service that facilitates people so they can use their own credit cards and the credentials they've established with the banks as a means of identifying themselves, which we would honour. That's one.
Then there was a second initiative that essentially said we would issue, using less expensive technologies, a credential that's issued by the Government of Canada, therefore allowing for choice. That process is now just about finishing its implementation phases. The departments have almost completed that. They will be done by the end of December, and the contract with Bell will cease at that point, so it will be replaced at the end of December.
Thank you, Mr. Chair.
I want to thank our guests today. It sounds like things are progressing quite well. I know that last year we had you here at committee and you were brand new. I'm not sure if you knew exactly what was going to happen in the year—
Voices: Oh, oh!
Mr. Mike Wallace: —but you answered the questions and we made a commitment to opposition members that we'd have you back in a year to see what progress had been made. I really appreciate this.
Because I get excited about numbers, I'm going to ask you some questions. I'm really excited about what you sent me, but I had no idea of how to understand it, so I thought I'd ask you a couple of questions about that. This is all submitted by Q, so we have Q2 and Q1, whatever the quarter is.
What's the difference between “Submitted” and “Added”? I have Q2 of 2011 and 2012, and we'll pick on IBM. The reference number is there and then it says “Submitted”, and then for Q2 two pages later, it says “Added”. What's the difference? Is that an addition? I have no idea what that is. Can anybody answer that question for me?
I don't think we can. I think it has to do with how the data is stored, but we will absolutely answer that question and provide the information to the committee. As you can tell, this list was run off automatically from our contracting lists. These contracts are all made available through proactive disclosure in any event, so I don't know if it has to do with how they've organized their stuff.
I have another question, then. If I look at the reference numbers, in Q2 and Q3—I'm sorry to pick on IBM here, but IBM has the same reference number—in the one for Q3, it's $37 million, and in Q2, it's $32 million. It says “Rental of Software”. So in that quarter, is that what we paid them, or is that a cumulative piece? That's what I didn't understand.
What we proactively disclose is the amount of the contract, so it's not in terms of the actual drawdown from an expenditure. We have an obligation to post all contracts over $10,000. As we indicated earlier when we were looking at the contract that was Bell and that had $406 million, that was a multi-year contract.
So when I see a reference number that is the exact same, is that the same contract? There are two different final numbers here: $32 million and $37 million.
Thank you for the question.
As the president indicated earlier, these contracts were onboarded from the 43 different departments as they were doing individual contracts. We actually started having contracts under Services Canada at the first quarter of this fiscal, so what you're seeing are contracts that the 43 different departments had put in place for IT infrastructure support. There are numerous contracts with IBM because IBM, amongst other things, provides mainframe support in some of our data centres.
One of the pieces of work that we've been undertaking with vendors is looking at opportunities to consolidate where it makes sense.
Do you have a consolidated report or do you expect someday that if...? IBM is in here under different reference numbers doing different things all over the place. If I add up, as a stockholder of IBM, how much money the Government of Canada is spending, do you have a report that says we have x dollars in contracts with IBM, OpenText, or whoever it happens to be? Is there an actual report that lists that out? That's my first question.
Under the new system when you guys are fully under control, I'm assuming that, as was asked before, the list may shrink, but are you going to guarantee us that there is still an opportunity for SMEs to be involved and not have the IBMs of the world taking over the situation?
Thank you.
Well, this is a report that came off a database that's organized by quarter. The database can be organized by supplier. It could be organized by category as well. We have the ability to look in the aggregate. We do not issue reports to that effect. We do the proactive disclosure in the same manner as any department would do, but we can look in the aggregate in terms of individual suppliers if that's what we want to see.
It can be, when we're working with individual suppliers. When we're talking to them about the kind of business we have with them, we find it's useful to know what the total number is. That way we know where we....
Exactly: as the ministers mentioned when they announced the creation of the department, leveraging the government's buying power is one of the objectives of Shared Services Canada.
With respect to your second question about SMEs, we do expect to continue to have solid relationships with SMEs, and you will always find SMEs reflected in any kind of list that comes from us, no matter how it's organized, because we believe in the value of a diversity of suppliers. An SME is not going to be providing the telecommunications that Rogers or Telus would, but they do provide us with some very valuable.... In fact, we just recently signed an agreement, a contract for Internet-hosting, with an SME here in the national capital region. They are interested by the kinds of opportunities we make available, and we're interested in maintaining a relationship with them.
[Translation]
Thank you, Mr. Chair.
Ms. Forand, thank you for the answers that you have given us until now. I really like your frankness.
My only question pertains to the $10.8 million earmarked for cybersecurity. A year has gone by. You have access to sensitive material that you must build on.
Did your strategic planning not take this security into account?
That is an excellent question, thank you.
The $10.8 million that you alluded to are to be used to add to the already existing capacity. There was already capacity and this amount will be used to strengthen it.
Why do you need a reinforcement if this was included in the initial planning? Were there some issues that you could not foresee? Did new factors surface?
There are two things here.
First of all, the initial planning obviously was not done by Shared Services Canada. Departments organized themselves, on an individual basis, to provide this security capacity. So, initially, just bringing together everything under Shared Services Canada alone gave us a different perspective as well as a more global overview of what we could do and what we were going to have to do.
Secondly, this is part of the initiatives announced by the government in 2010, which included the Canadian Cybersecurity Strategy. We are therefore a player in this strategy. You no doubt know that—
Have you estimated the size of the increase required over the next few years? If this amount is only to do basic planning, we might find ourselves with some problems. Earlier, you acknowledged the changing technologies. The private sector has an influence over research and development. Tomorrow, we may wind up with interactive glasses. How are we going to incorporate those into our system?
You said that you were going to be saving money. However, if it is impossible to calculate these factors, how are you going to manage to do long-term financial planning?
As far as security is concerned, we have done planning over a five-year term. We will therefore be receiving additional amounts over a five-year period and on an ongoing basis after that.
No, it is quantified. You will recall that Mr. Toews announced an additional $155 million over five years for cybersecurity. Of this amount, we will receive $47 million over five years and, after that, $18 million, I believe, on an ongoing basis. This is so we can do things, so that we can increase—
That gives us the opportunity to strengthen our monitoring systems and our capacity to respond to cybercrime incidents.
Given the magnitude of what you are doing, $10.8 million does not really appear to be all that much, in all honesty. Indeed, you have an enormous undertaking.
The $10.8 million amount is an additional amount for one year. This is an additional amount to what we already had.
As Mr. Westcott explained earlier, this will enable us to create, over the next three years, coordinated capacity to protect information, which used to be the responsibility of 20 different departments. We will be able to coordinate that. We will have an additional centre to ensure that if something happens to the first centre, the backup centre will always be there. That will also enable us to open a second secure Internet access which, once again, will ensure that should something happen to the first access, the backup access will be there. This money will enable us to do this type of thing.
Let's use the example of this project that was undertaken in Australia in 2003. According to some figures, this country was supposed to achieve $56.6 million in savings annually. Finally, in July, the government had to cancel the project when it realized that the initiative would cost more than the amount saved.
Have you got a plan B? Let us not forget that we are talking about taxpayers' money. Given all of the investment that has been made and all of the fluctuations in planning, we do not want to be left in the lurch. We need to have something in our back pocket, a plan B. Is there a plan B?
In everything that we do, we invest heavily in the planning process, be it for the transformation pertaining to the email system, the data centres or the networks. We will not have just one plan for an eight-year period. For example, we will have a transformation plan for data centres that will be implemented in a phased-in manner. We are of course working with Treasury Board. You no doubt already know that large undertakings are monitored very closely by Treasury Board. We are going to have to make return visits to see Treasury Board officials on a frequent basis. We are going to have things—
My time is limited and I would like to ask you one final question. Could we have access to these documents as they are produced, and not just when you make your presentation? In the overall scheme of things, it would be good if we could see this planning.
The documents that we submit to Treasury Board are obviously confidential cabinet documents. However, we are going to be discussing our transformation plans, be it with industry or others, as we proceed. We are expecting that we will have documents that we could share sometime in the first half of 2013.
[English]
Thank you very much, Jean-François.
Thank you to our witnesses and guests today. We appreciate the frank presentation and the exchange we've had. I think there's a much better understanding of your efforts and the progress made to date. Thank you very much for being here, Madam Forand, Madam Rallis, and Mr. Westcott. We appreciate it very much.
I will excuse the witnesses and ask members to stay put for a few minutes. There's a vote coming up. I believe the bells will start to ring at about 10:40, although I don't believe we need that much time.
Thank you very much, Madam Forand.
I'd like to give the floor to Linda, who would like to serve notice of a motion. Copies are being circulated.
It's pretty straightforward. I'll read it out. Copies have been provided in French and English.
My motion is as follows:
That, the Standing Committee on Government Operations and Estimates invite witnesses from Parliamentary Precinct Branch, Public Works and Government Services Canada to appear before committee in order to provide an update on the status of renovations and associated costs for the Parliamentary Precinct Renovation Project.
We can potentially discuss that in our steering committee today.
Publication Explorer
Publication Explorer