Information Technology Vision
Medium Term Vision - 2025
The foundational pieces for “Government as a service” vision are available and in production, based on the Digital Operations Strategic Plan: 2018-2022 Timeline. This includes:
- Trusted digital identity for public-facing services (Sign-in Canada);
- Horizontal review on information-sharing - eliminate roadblocks (Tell us once);
- Build a platform for enterprise interoperability (API Store and Tell us once);
- One GC vision and Omni Channel Digital Strategy (Any device, any platform, any partner).
The GC Digital Standards, the Policy and Directive on Service and Digital, with the Mandatory Procedures for Enterprise Architecture Assessment have shifted GC departments and agencies. They are increasingly using open standards (data formats and protocols) and open source software. Being agile and focusing on the needs of the user is the new normal and there’s growing collaboration via open source software communities within and outside the GC. Organizations have migrated massively to cloud environments, choosing the most cost/time effective and security/privacy compliant deployment options , and are sharing/reusing software and code. GC communities of practices such as Open Source Software, Cloud and Agile host regular events for public servants.
ESDC (especially IITB though it has influenced other branches as well) has seen a major shift towards Agile project management and Automation. ESDC is a leader in OneGC Council and Clusters. Its own digital transformation initiative is going well with Benefits Delivery Modernization (BDM) and the Service Transformation progressing according to plan.
IT within ESDC
IT is used as a strategic asset to improve services to citizens and is no longer seen as a “back-end” function. ESDC service lines understand the cost and risks of leveraging IT and have started to share its accountability by using a different governance and investment method as a means to reduce IT-related risks. This means part of their budget is set to ensure technical debt is documented and handled in a timely manner. IT fully understands its impact on ESDC’s mandate and has heavily invested in Learning, Agility and Automation as means to respond faster to business changes.
The ESDC IT Strategy have put in place Continuous Improvement Transformation based on the capabilities and recommendations of the DevOps Research and Assessment (DORA) and the annual State of DevOps Report. The goal has been to continuously increase frequency of delivery while reducing lead time, time to restore service when an incident occurs and rate of failure.
The continuous improvement transformation is for all things that IT is responsible for. This includes applications (software delivery, operations) and infrastructure (user devices, services, networks).
Employees feel that their work is meaningful and leverages their expertise. They have the tools and resources necessary to get work done. These include technical resources, such as access to servers or environments necessary to develop and test, or learning resources to acquire new skills. Employees spend more time leveraging their creativity to add business value and less time on repetitive tasks. They also have access to a modern workplace that encourages collaboration and fosters a culture of flexibility, mobility and well-being.
Employees feel they can be honest with management without fear of reproach and be confident that things will improve. Scope of changes are purposefully small, de-risking failures that enables learning as opposed to overanalyzing risks of non-compliance. The organization learns from failure, holds blameless postmortems and continuously asks questions such as “Why did it fail?”.
Teams spend 20% of their time at work focusing on automation of current processes, prototyping related technologies or keeping up to date with trends and technologies, related to their work or the broader GC IT direction. Employees with great innovation-related skills are encouraged to spend more than 20% of their time to these tasks. Said time also includes time for informal, self-directed, on-the-job learning and completing courses or attending conferences. The budget for learning opportunities has increased every year for the past 5 years.
Employees attend presentations and events, which are held at least once a month by IT and provide opportunities and spaces for employees to learn and share their knowledge, such as a project they are working on or something they are researching. People who attend conferences or take courses share their learning via presentations or trip reports. IT employees are encouraged to complete online courses and form study groups as part of normal work activity.
Cooperation between IT and business has increased and there is a conscious effort to break down silos. Responsibility for building, deploying and maintaining systems, is shared by cross-functional teams that include representatives from each functional area of the software delivery process (business analysts, developers, quality engineers, operations, security, …).
Overall employees working in IT at ESDC are happier, more productive and more up to date on technology, making them better able to support the evolving needs of the department so that it can deliver more efficient services to Canadians.
Processes empower cross-functional teams and allow them to work on new ideas in pursuit of business goals that solve important problems. Information is treated as a corporate asset – it is open by default, easily searchable, secure and not duplicated. Teams are provided with up-to-date information and context enabling them to make informed decisions about the right work to do. Organizational outcomes are measured and also provide information critical to making the best decisions. Hackathons are held at least twice a year by IT and are open to internal and relevant external audiences (e.g. other governments, academia).
Teams work using Agile methodologies to iterate on and continually improve solutions and services. Clients are included from the start of projects and can submit regular feedback. There is a big focus on automation of testing, deployments, security and service requests, removing the need for manual approval. Information about the flow of work across the whole value stream is readily available and teams have a good understanding of the flow of work from the business all the way to citizens or ESDC employees.
Governance is moving to Lean Project Management where desired outcomes are stated instead of requirements, and hypotheses are used instead of business cases, favouring smaller projects as a means to reduce risks and avoid feature bloat. ESDC investment management enables this by allowing smaller, more iterative investments in IT. Monitoring towards achievement of desired outcomes is used as project metrics as opposed to task completion.
Teams are able to provision an environment or device in an automated fashion, and know that any new environment or device generated from the same configuration is identical. Production services can be restored repeatedly and predictably even when catastrophic events occur. Chaos Engineering is being considered for use to build confidence in systems’ capabilities to withstand unexpected conditions.
Source code, assets, configurations, or other documents part of a project’s development and deployment are stored in a version control system that records changes to files. Changes trigger automated tests and a build process that creates packages (executable, container, virtual machine, …) that can be deployed to any environment (testing or production) in an automated way. Operations and infrastructure have moved towards automation as much as possible, being able to shift workloads and runtime from one service provider to another as it needs to. Builds are numbered, repeatable and being run on demand by teams giving them quick feedback on their small batches of work. Team members prioritize review of coworkers’ changes to ensure that they don’t have to wait days to get merged and deployed. The build status of projects is visible to the department. Teams have access to adequate test data to run automated tests for projects.
Enterprise Architecture (EA) enables agility by empowering teams to choose tools and technologies, rapidly responding to new standards adoption, as well as providing light reference architectures. EA enables ESDC to re-use investments via capability-based planning and influences where the department’s investments need to be allocated. Technology stacks are periodically reviewed as part of team retrospectives (Agile). EA and security periodically evaluate how well current tools address requirements. New technologies are also proactively investigated and opportunities are provided to discuss and demonstrate new technologies for the standard technology stacks. The Total Cost of Ownership (TCO), including exit costs, is calculated as part of solution options analysis.
The security team is involved in the design phase of all projects and a security review is now a gating factor for releasing the design to the development stage. Security tests are built into the automated testing process and identify common security vulnerabilities. Also, the Privacy by design approach is taken into account throughout the whole engineering process.
Teams must experience their own processes and procedures to properly appreciate their potential shortcomings. By implementing a service culture each team is responsible for providing digital services to their clients (portals and automated processes rather than generic mailboxes), meaning they must interact with the processes and procedures of the stream aligned teams. Security must code and use public or government wide version control solutions. Enterprise Architecture must code and use public or government wide version control solutions. Testers must code and use public or government wide version control solutions. Operations must code and use public or government wide version control solutions.
Teams have established Work In Progress (WIP) limits based on team capacity and assigned workload, in order to prioritize and focus on completing a small number of high-priority tasks.
IT teams provide proactive failure notifications, using key indicators and thresholds in monitoring software. They get alerted before an application fails and proactively resolve issues before they impact users. Following the diagnosis of incidents, indicators that could have predicted the incident are added to monitoring.
Applications, mapped to business line services, provide metrics on the overall health of the department’s services to Canadians. Business line performance metrics are used as benchmarks and the accountability of IT’s impact to ESDC’s mandate is shared.
Long Term Vision - 2030
Building on the Medium Term IT Picture, the Digital Operations Strategic Plan: 2018-2022 Timeline and the Policy on Service and Digital, digital delivery of services and benefits from the GC are automated and integrated in the lives of Canadians. Most Canadians use a trusted digital identity to get their services directly from the GC or with many partners that have integrated GC services into their offerings.
Departments and agencies of the GC are agile, modern, open and high performing organizations. Data, information and code is shared and collaboration both internally and externally is the norm for all types of work.
ESDC is a leader in the “new” digital GC and influences other organizations to create a learning culture, be agile and automate where possible. BDM has delivered a consolidated benefits platform that is aligned with the wider GC “Government as a service” model.
IT within ESDC
The ESDC IT Strategy continuous improvement transformation has continued to improve the capabilities and follow recommendations from the DevOps Research and Assessment (DORA) and the annual State of DevOps Report.
IT delivery is fast, reliable and secure for applications (software delivery, operations) and for infrastructure (user devices, services, networks). The goal is still to continuously increase frequency of delivery while reducing the lead time, the time to restore service when an incident occurs and the rate of failure.