Strategy for Management in Canadian Jurisdictions

Transcription

1 Strategy for Management in Canadian Jurisdictions is a fundamental part of doing business today, and the management of has become a critical issue across all jurisdictions. All governments must ensure compliance with legislative and policy obligations to document government activities and decisions, to protect the privacy of their citizens, and to produce records as required. As well, jurisdictions are under increasing pressure to more efficiently and effectively meet these obligations. Under the direction of the PSCIOC IM Subcommittee (IMSC), jurisdictions across Canada have prepared the following Strategy to address management. This focused, principles-based approach to management will lead to: increased productivity (as employees search for poorly managed s); decreased risks (legal, reputational, etc.); decreased storage costs; and decreased duplication of information resources, leading to potential discrepancies due to version control issues. For more information on this Strategy, please contact the IMSC chairs or send an to IM-GI@tbs-sct.gc.ca. For access to the repository of management policies and best practices, please also contact IM-GI@tbs-sct.gc.ca. TBS GCDOCS # FINAL Page 1 of 9

2 s These governing principles are derived from policies and best practices currently in place in jurisdictions across Canada. They have been developed to help guide effective and efficient management practices that comply with relevant legislation in Canadian government organizations. They do not take precedence on specific jurisdiction s legislation. One: Adopt an Enterprise Approach to Management In order to meet legislated requirements, provide clarity regarding roles and responsibilities, and improve risk management, appropriate governance models must be in place. Establishing an enterprise approach to management will lead to efficient and effective implementation across government. Two: Handle as a Corporate Asset to Support Decision- Making and Accountability should be understood as a medium for communicating information. As is the case with all other formats, information found in must be managed as a corporate asset. Three: Secure Content In order to manage risk, all government must be managed in a secure digital environment and protected against unauthorized access, use, manipulation, destruction, or loss. Four: Use Technology for Organizational Benefit Information Technology (IT) and Information Management (IM) must have an ongoing interaction regarding all aspects of management by coordinating policies and best practices. Business needs as well as IM and IT requirements should drive the overall management system solution. TBS GCDOCS # FINAL Page 2 of 9

3 Key Activities The following key activities support the principles outlined above. One: Adopt an Enterprise Approach to Management 1. Establish a strategic governance framework for the management of across the organization that details the leadership, decision-making processes, and accountability and includes IM/IT and business perspectives from multiple departments/ministries. 2. Implement enterprise-wide management policies, guidelines, practices, and training and information technology system design. 3. Centralize and standardize management operations in order to provide consistent, cost-effective, and sustainable support for government. Two: Handle as a Corporate Asset to Support Decision- Making and Accountability 1. Promote awareness of the relevant legislation and enterprise policy direction that impact management (e.g. privacy and protection of personal information, transparency and accountability in financial reporting, freedom of information, etc.). 2. Manage according to the value of the information it contains: that does not relate to government business should be deleted as soon as possible. Transitory should be deleted as soon as no longer required. Official information should be treated as any other information resource and managed throughout its lifecycle. 3. Educate all users on the roles and responsibilities associated with the management of Implement a standard method of classification and retention to improve consistency and better enforcement of information management policies. 5. Establish practices or systems for organizing (e.g. classification structure, folder hierarchy, or metadata tagging) that align with retention schedules and perform regular disposition in accordance with appropriate authorities. TBS GCDOCS # FINAL Page 3 of 9

4 6. Monitor, review and/or audit departmental/ministerial practices for compliance on a regular basis. Three: Secure Content 1. Conduct a thorough risk analysis of the environment that includes all applications and devices used that interact with the client, and models best practices to address all the identified business risks. 2. Ensure that information associated with government business is communicated through an authorized account, on a secure network. 3. Secure access to to ensure integrity of the system and enhance the reliability of the messages. 4. Ensure that employees have secure remote access to the environment to prevent use of unauthorized electronic transmission. 5. Protect sensitive government information and ensure that access is controlled based on enterprise information security policies, standards and processes. 6. Implement security categorization and labelling functionality within the system. 7. Educate employees on the highest level of information that may be transmitted by the system. 8. Implement encryption technologies to mitigate the security risks associated with the transmission of . Four: Use Technology for Organizational Benefit 1. Implement solutions to minimize the demands for storage, manage retention of official business related s, and enable the discovery of information. 2. Implement software that supports information lifecycle management. 3. Ensure that management practices or systems have the ability to securely retain, retrieve, archive, and monitor in its entirety (including structure, content, links, attachments, metadata and context.) to support relevant regulatory, legal, operational, and information management requirements. 4. Ensure users are made aware that corporate systems belong to the organization and that there should be no expectations regarding the privacy of Promote awareness of acceptable uses of . TBS GCDOCS # FINAL Page 4 of 9

5 PSCIOC Information Management Subcommittee (IMSC) Stephen Walker, Chair Senior Director, Information Management, Chief Information Officer Branch Treasury Board of Canada Secretariat Government of Canada Tel.: Cathryn Landreth, Co-chair Assistant Deputy Minister, Open Government Service Alberta Government of Alberta Tel.: (780) PSCIOC IMSC Secretariat TBS GCDOCS # FINAL Page 5 of 9

6 Appendix A: Repository of Management Policies and Best Practices The following supporting material is available in the Repository of Management Policies and Best Practices hosted on the Public Service without Borders collaborative space. For access to the Repository, contact the or your PSCIOC IMSC member. Document Alberta Administrative Records Disposition Authority ARMC: Management of Spam and Junk Messages Access and Privacy Considerations GoA Information Management and Technology (IMT) Policy GoA IMT Policy Definition GoA IMT Strategy GoA Internet and Use Policy GoA Shared Information and Communication Technology (ICT) Orientation Handbook Managing Electronic Mail in the GoA Policy for the Transmission of Personal Information via Electronic Mail and Facsimile Spam Information Sheet Your Guide To Information Security Government of Canada Information Management Protocol: Management for Employees (French version available) TBS GCDOCS # FINAL Page 6 of 9

7 Document Information Management Protocol: Employee Departure (French version available) Information Management Protocol: Instant Messaging Using a Mobile Device (French version available) Standard on Management French version available) Standard on Management Frequently Asked Questions (French version available) Standard on Management Implementation Plan for Departments (French version available) Standard on Management Presentation, January 2014 (French version available) Manitoba Guideline for Data Classification IM Guideline Managing Work IM Guideline Transitory Records Fact Sheet New Brunswick Management for Senior Officials What to keep and what to delete Online Newfoundland and Labrador Accounts Management Acceptable Use Clear Out Day Guideline Delete or Keep Guidelines Policy Managing Quick Reference Phishing TBS GCDOCS # FINAL Page 7 of 9

8 Document Retention Schedule Inactive Network Accounts Safe Practices Using Effectively Nova Scotia Electronic Mail Policy Electronic Mail Policy FAQs (Web-based) Electronic Mail Management Quick Reference Guide (Brochure) A Guideline for the Use and Management of Electronic Mail Managing Confidential Information Management Requirements Analysis (IMRA) Tool Clean-Up Guidelines (Developed for Office Suite Migration Project) Records Management Solutions Standard: FileNet ERMS (not yet integrated with ) WAN Security Standards Ontario Acceptable Use of Information and Information Technology (I&IT) Resources Policy Corporate Policy on Electronic Identity, Authentication and Authorization (IAA) Corporate Policy on Recordkeeping Guidelines for the Ontario Public Service GO-ITS 25.0 General Security Requirements Version 1.2 GO-ITS 25.7 Security Requirements for Remote Access Services TBS GCDOCS # FINAL Page 8 of 9

9 Document GO-ITS Standard Security Requirements for Mobile Devices GO-ITS Use of Cryptography Version 1.2 GO-ITS Security Requirements for Password Management and Use GO-ITS Disposal, Loss and Incident Reporting of Computerized Devices and Digital Storage Media Information Security & Privacy Classification Policy Information Security & Privacy Classification Operating Procedures Records and Information Management (RIM) 101 Training Module TBS GCDOCS # FINAL Page 9 of 9