Current Reports

• ADM, Corporate Services, Human Resources and Communications Branch is the Office of Primary Interest.

• Director General, Health Safety Security Emergencies Administration is accountable for ensuring obligations have been fulfilled.

• ADM's/CEOs all Branches.

• Other Key Stakeholders, including Public Safety and Emergency Preparedness Canada, will be acknowledged and engaged as required.

Revisit and update PWGSCs high-level critical services list with all Branches using Business Impact Analysis. Expand to include prioritization (through maximum allowable downtime) and associated IT assets (applications and supporting IT infrastructure). Roll up and review all Branch submissions. Seek DM approval.

a) Presentation to Operations Committee 10 November 2004. Background briefing and approval of approach.

b) Update to Operations Committee detailing next steps 19 January 2005.

c) Brief Branch BCP Coordinators and roll out of software for Business Impact Analysis 21 February 2005.

d) Meet separately with each Branch/SOA BCP Coordinator to identify specific needs and approach for Branch. Prepare Branch Management Committees' presentations specific for each Branch. Begin March 2005. Complete June 2005.

e) Establish Regional BCP Working Group. First teleconference March 2005. Completed 23 March 2005.

f) Visit each Branch Management Committee to brief on BCP process and process to identify Branch critical services and associated IT assets. Begin March 2005. Complete July 31 2005.

g) Each Branch completes their Business Impact Analyses using Living Disaster Recovery Planning System (LDRPS) software and submits to Corporate Emergency Preparedness Directorate. Begin March 2005. Complete October 31 2005.

h) Branch roll ups are consolidated into a department-wide critical services list. Interim returns from Branches will be conveyed to ITSB when obtained. Begin upon receipt from Branches. Complete November 30 2005.

i) Present first iteration of prioritized critical services list to Operations Committee December 2005.

Reporting will be done against all "Implementation Actions" to be taken, on a quarterly basis. Milestones will be identified, and reported on when proposed, communicated and agreed upon by key stakeholders.

• OPI: ADM CSHRC/ADM ITSB

• OSI: ADMs All Branches, DG Strategic and Client Services; DG Standards, Engineering and Project Management

• Other Key Stakeholders will be acknowledged and engaged as required.

a) ITSB to implement a Branch BCP Committee with membership from key sectors including the Chief Information Officer's (CIO), the Business Continuity / Recovery Services sector, Application Maintenance Services, IT Security Directorate and regions. The committee's mandate will be to ensure a co-ordinated approach to the continuity of branch critical services and assets which support both PWGSC and OGD clients.

• Solicit ITSB Director Generals and Regional Directors to appoint members to participate in ITSB BCP Committee

• Develop Terms of Reference for ITSB BCP Committee

• Kick-off meeting to be held for the BCP Committee

b) ITSB will appoint key employees to participate in the Department's BCP Governance which provides for representation from all business units and whereby a co-ordinated approach to the continuity of Departmental critical services and assets will be addressed.

• Establish a meeting with Corporate Emergency Preparedness to identify roles and responsibilities of ITSB within the Departmental governance/committee structure.

• Solicit ITSB Director Generals to appoint members to participate in Departmental governance/commitee structure.

• Provide training and awareness to participants on their respective roles and responsibilities.

c) Define a framework within ITSB, involving key stakeholders, to review and assess Departmental Business Continuity Plans for IT Infrastructure recovery options which will provide for the continued availability of critical services.

• Arrange a meeting with ITSB stakeholders to confirm roles and responsibilities with regards to reviewing Departmental BCPs.

• Develop the framework and obtain approval from ITSB Senior Management.

• Ensure that Corporate Emergency Preparedness are aware of ITSB's framework.

• Distribute the framework to all Departmental BCP Coordinators.

d) To further strengthen the link ITSB will update its IT Security Risk Management Framework to be compliant with the new Government Security Policy (GSP) and the Operational Security Standard - Management of Information Technology Security (MITS) to include linkages to business continuity planning. As well, MITS mandates that a Certification and Accreditation (C&A;) process be applied which will assist business units in identifying safeguards that will ensure for the continued availability of the IT component of critical services.

• Business units are invited to attend training sessions at each project kick-off phase of the C&A; process.

• PWGSC Information Technology Security Officers (ITSO) who are Branch IT security representatives will be briefed at the ITSO Conference.

• There is a C&A; awareness session offered every Monday afternoon by the IT Security Directorate.

e)Re-establish the IT Security Advisory Group (ITSAG) whose mandate is to advise the Departmental Security Committee on ITS matters including ITS Certification & Accreditation and ITS Training and Awareness. This committee has representatives from all Branches.

f) Upon confirmation of a first iteration of Departmental critical services (Aug. 2005), CSHRC and ITSB will conduct an assessment to determine any key vulnerabilities that might impede the Department's ability to sustain delivery of these services. As well, an investment strategy will be developed and presented to the Department's Operations Committee for prioritization/funding.