Archived - Directive on Management of Information Technology

1.1 This directive takes effect on April 1, 2009.

1.2 Departments have until March 31, 2012, to fully implement this directive.

2.1 This directive applies to all departments as defined in section 2 of the Financial Administration Act (FAA), unless excluded by specific acts, regulations or Orders in Council.

2.2 Sections 6.2.2 and 7.1 of this directive do not apply to the Office of the Auditor General, the Office of the Privacy Commissioner, the Office of the Information Commissioner, the Office of the Chief Electoral Officer, the Office of the Commissioner of Lobbying, the Office of the Commissioner of Official Languages and the Office of the Public Sector Integrity Commissioner. In these organizations, deputy heads are solely responsible for monitoring and ensuring compliance with this directive and for responding to cases of non-compliance in accordance with any Treasury Board instruments providing principles and guidance on the management of compliance.

3.1 Information technology (IT) enables the federal government to effect operations and service transformation. IT is strategically critical to increasing government productivity and enhancing government services to the public for the benefit of citizens, businesses, taxpayers and employees. This directive provides essential support for the management of IT in the areas of IT governance, IT planning and IT strategy.

3.2 The federal government invests a significant portion of its annual budget on information technology and supporting infrastructure. Rapidly developing technology, incompatible business practices and the fragmented approach to IT investments undermine effective and efficient delivery of government programs and services. Multiple data centres and networks also pose significant security risks. A more strategic approach to IT investments is needed to ensure interoperability of departmental systems and compatible business practices.

3.3 This directive supports the Policy on Management of Information Technology by providing departmental chief information officers (CIO) or equivalents or other officials supporting the management of IT with additional requirements to ensure consistency in IT management processes.

3.4 This directive is to be read in conjunction with the Policy Framework for Information and Technology, the Policy on Management of Information Technology and the Policy on Information Management. The directive is also related to the Policy on Investment Planning – Assets and Acquired Services and the Policy on the Management of Projects. The departmental IT plan is a component of the broader departmental investment plan that has a five-year horizon (as required under the Policy on Investment Planning – Assets and Acquired Services). To keep up with the pace of technological changes, however, the departmental CIO or equivalent reviews the departmental IT plan annually and updates it, as required, at the time of the review. The departmental IT plan covers the strategic, tactical and operational aspects of the management of IT.

3.5 Additional requirements for IT governance, IT planning and IT strategy will be set out in the standards. The Chief Information Officer Branch (CIOB) of the Treasury Board Secretariat (TBS) will also publish guidelines and tools to assist departments if required.

3.6 The Treasury Board has delegated authority to the Secretary of the Treasury Board to issue this directive and to make administrative and technical changes.

4.1 Definitions to be used in the interpretation of this directive are attached in Appendix A.

5.1 Objectives

The objectives of this directive are to:

5.1.1 Ensure efficient and effective use of information technology to support federal government priorities, program delivery, increased innovation, productivity and enhanced services to the public; and

5.1.2 Support the management of IT on a government-wide basis by providing more robust and mature management practices to reduce duplication, enable the adoption of alternate service delivery models, including common and shared services, promote alignment and interoperability and optimize service delivery.

5.2 Expected results

The expected results of this directive are the following:

5.2.1 Stakeholders will exercise their roles and responsibilities in the management of IT more effectively by participating in designated governance, advisory and working group forums;

5.2.2 Efficiency and effectiveness in IT management will increase along with better decision making at all levels, thus ensuring that IT supports program delivery and provides value for money;

5.2.3 The use of common or shared IT assets and services by departments will increase and ensure efficiency gains;

5.2.4 IT will enable more innovative and responsive services; and

5.2.5 The consistency of security practices will improve as a result of the increased consolidation of systems and services.

6.1 Departmental CIO or equivalent

The departmental CIO or equivalent is responsible for the following:

6.1.1 IT governance

• Developing, for deputy head approval, departmental governance structures to support effective IT decision making;
• Coordinating, promoting and directing IT and collaborating on IT-enabled business transformation with the business owner and other stakeholders;
• Participating in federal government IT governance forums, including the Chief Information Officer Council (CIOC) and other designated governance and advisory forums, related to IT and federal government IT architecture matters;
• Balancing individual departmental interests with government-wide interests and aligning IT to government-wide directions and strategies;
• Advising the CIOC on the decisions, plans, strategies, directions, progress, risks and challenges related to the initiatives that affect the provision or use of IT services in or across departments;
• Monitoring and measuring departmental IT management performance using both government-wide and departmental key performance indicators as appropriate; and
• Advising the deputy head, as well as the business owner and other stakeholders, of the effect of new or amended legislation and policies on departmental IT plans.

6.1.2 IT planning

• Developing, implementing and sustaining an effective departmental IT planning process that is integrated with the overall departmental corporate planning process and aligned with the investment planning process to support business, enable transformation and guide IT decision making;
• Preparing an IT plan and an IT progress report against the plan as established in Appendix B and submitting it to TBS (CIOB) as requested; and
• Ensuring that the IT plan is aligned to support both departmental business and government-wide strategic directions by communicating with and engaging departmental and external stakeholders, as appropriate.

6.1.3 IT strategies

• Developing and maintaining efficient and effective departmental IT management practices and processes, as informed by ITIL (Information Technology Infrastructure Library) and COBIT (Control Objectives for Information and related Technology), with priority on IT asset management, the IT service catalogue and IT service costing and pricing, as appropriate;
• Aligning departmental IT management practices, processes and technology architecture with federal government strategy, directions, standards and guidelines as they become available and as they evolve under the guidance of the CIOC;
• Participating, as a service provider or a service user, in the conception, planning, evolution and oversight of common or shared IT services and solutions;
• Developing, implementing and sustaining departmental strategies for producing or using appropriate common or shared IT services and solutions, based on the IT plans;
• Aligning and documenting IT services, whether planned or currently offered to recipients, according to the Policy on Management, Resources and Results Structure (MRRS). The Profile of GC Information Technology Services provides additional guidance for the alignment and documentation of IT services; and
• Reviewing and assessing IT services periodically to identify opportunities for enhancing efficiency, effectiveness and innovation as determined by governance and in collaboration with service providers, service users and other stakeholders.

6.2 Monitoring and reporting requirements

6.2.1 Within departments

• The departmental CIO or equivalent is responsible for monitoring compliance with this directive and advising the deputy head of reporting results in the annual departmental performance report (DPR) and the Management Accountability Framework (MAF).

6.2.2 Government-wide

• TBS (CIOB) will monitor compliance with this directive through the MAF assessment process, examination of Treasury Board submissions, DPRs, and requested departmental evaluations and studies.
• TBS (CIOB) will review this directive and its effectiveness at the five-year mark of implementation. When substantiated by risk analysis, TBS (CIOB) will also ensure that an evaluation of this directive is conducted.

7.1 Consequences of non-compliance can include an informal follow-up or request for information from TBS, such as an external audit or report on corrective measures.

Note: This section identifies other departments that have a role in IT management. In and of itself, the section does not confer authority.

8.1 TBS (CIOB), in consultation with other departments, is responsible for the following:

8.1.1 Developing policy instruments, including frameworks, policies, directives, standards, guidelines and tools, and providing interpretive advice and guidance on these instruments;

8.1.2 Setting government-wide strategic directions for IT, including areas of IT that offer significant government-wide benefits or enable government to take the lead in achieving these benefits;

8.1.3 Coordinating implementation of government-wide IT strategic directions;

8.1.4 Communicating and engaging the government-wide IT community on plans, progress, risks and challenges associated with the management of IT in the federal government;

8.1.5 Developing competency and other professional standards for the federal government's IT specialists as required; and

8.1.6 Providing support to the CIOC and other committees and working groups, as necessary, to address government-wide strategic IT directions and issues.

8.2 The Department of Public Works and Government Services (PWGSC) is a key provider of a number of common and shared IT infrastructure products and services to departments. PWGSC is responsible for establishing governance for the delivery of its services to client departments.

8.3 The Office of the Chief Human Resources Officer (OCHRO), TBS is responsible for providing advice and guidance to stakeholders on a full range of sound human resources (HR) management strategies, including integrated business and HR planning. OCHRO representatives are available to advise TBS (CIOB) on recruitment and retention strategies and to share lessons learned.

8.4 The Canada School of Public Service is responsible for the development and delivery of a government-wide core learning strategy and program – consistent with the Policy on Learning, Training and Development and based on consultation with the relevant functional authority centres for all public service employees involved in IT management.

9.1 Relevant legislation

• Financial Administration Act

9.2 Related policy instruments and publications

• Common Services Policy
• Directive on Privacy Impact Assessment (not yet approved)
• Directive on Privacy Practices (not yet approved)
• Framework for the Management of Compliance (not yet approved)
• Government Security Policy
• Policy on Evaluation
• Policy on Information Management
• Policy on Internal Audit
• Policy on Investment Planning – Assets and Acquired Services
• Policy on Learning, Training, and Development
• Policy on Management of Information Technology
• Policy on Management, Resources and Results Structures
• Policy on the Management of Projects
• Policy on Privacy Protection
• Policy on Service (not yet approved)

9.3 Other publications

• An Enhanced Framework for the Management of Information Technology Projects
• Management Accountability Framework

Please address enquiries about this directive to the departmental CIO or equivalent. For assistance in interpreting this directive, the departmental CIO or equivalent should contact: