Language selection


4.0 Conclusion

Since the fall of 2010, the Department has responded strongly to public criticisms regarding management of information. Accordingly, significant progress has been made. Given the importance of information management and the current sensitivity even with this progress, management should be aware that some activities continue to remain high risk. In addition this risk assessment has identified some overarching risks that the review team deemed require management action:

  • The absence of a fully operational and tested IT Continuity Plan exposes the Department to significant risk and could result in interruptions of service delivery.
  • The absence of an approved Emergency Operations Centre places the Department at risk in the event of a major incident.
  • Development of an Electronic Document and Records Management System has been approved in principle; however, funding has not been obtained. The current absence of such a system is problematic for capturing and receiving information.
  • VAC is not meeting the 30 day turnaround time for Access to Information and Privacy (ATIP) Requests which is not compliant with the Access to Information Act.
  • The current IM Continuity Plan lacks sufficient detail as to the roles, responsibilities, and associated accountabilities. The process of shipping information to and from Matane, Quebec, increases the risk for lost or misplaced information increasing the importance of a well developed IM Continuity Plan.
  • The intent of Transformation is to overhaul service delivery and reduce program complexity, thus requiring additional Privacy Impact Assessments. The resulting impact will be increased workload and a possible shift in responsibilities.


It is recommended that the Assistant Deputy Minister, Corporate Services table the above identified risks to Senior Management Committee to determine the appropriate departmental approach to manage these risks

Management Response

Management agrees with this recommendation. Action will be taken to schedule the IM Risk assessment at the Senior Management Committee within the next number of weeks. A recent Information Management briefing delivered to SMC on June 15th highlighted many of the concerns however; the results of this review will help inform the work that needs to be completed in the coming months.

Management Action Plan

  1. Corrective action to be taken
    Initial IM Briefing – Update

    Office of Primary Interest

    Target date
    June 2011
  2. Corrective action to be taken
    SMC Briefing – IM Risk Assessment

    Office of Primary Interest
    A&E/ADM CS

    Target date
    July 2011
  3. Corrective action to be taken
    Update IM Strategy and Develop Implementation Plan

    Office of Primary Interest

    Target date
    September 2011
  4. Corrective action to be taken
    Execute plan to coincide with transformation agenda

    Office of Primary Interest

    Target date
    March 2014
Date modified: