NOVA SCOTIA HOUSE OF ASSEMBLY
Wednesday, April 18, 2012
Chief Information Office
Disaster Preparedness - Major Government Information Systems
Printed and Published by Nova Scotia Hansard Reporting Services
Public Accounts Committee
Hon. Keith Colwell, Chairman
Mr. Howard Epstein, Vice-Chairman
Mr. Clarrie MacKinnon
Mr. Gary Ramey
Mr. Mat Whynott
Mr. Brian Skabar
Hon. Manning MacDonald
Mr. Chuck Porter
Mr. Allan MacMaster
[Mr. Andrew Younger replaced Hon. Manning MacDonald]
[Mr. Keith Bain replaced Mr. Chuck Porter]
Ms. Kim Leadley
Legislative Committees Office
Mr. Jacques Lapointe
Mr. Alan Horgan
Deputy Auditor General
Mr. Gordon Hebb
Chief Legislative Counsel Office
Chief Information Office
Ms. Holly Fancy, Chief Information Officer
Mr. Steve Feindel, Executive Director, Infrastructure Services Management, CIO
Mr. Kevin Briand, Director, Corporate Information Systems, Department of Finance
HALIFAX, WEDNESDAY, APRIL 18, 2012
STANDING COMMITTEE ON PUBLIC ACCOUNTS
Hon. Keith Colwell
Mr. Howard Epstein
MR. CHAIRMAN: I call this committee to order, and we'll start with the introduction of our members.
[The committee members and witnesses introduced themselves.]
MR. CHAIRMAN: Good morning. My name is Keith Colwell, I am the chairman and MLA for Preston.
I'd like to ask Ms. Fancy to start with a presentation, if you have one.
MS. HOLLY FANCY: Yes, I do; I have some opening remarks.
Mr. Chairman, and members of the committee, I want to thank you for inviting us here today. I appreciate the opportunity to talk about the work we have underway to address recommendations outlined in the recent Auditor General's Report, and to also speak a bit about how the Chief Information Office is working towards securing the information assets for the Province of Nova Scotia.
Mr. Chairman, as you and the members of this committee know, the Chief Information Office was created in 2009 with a mandate to plan, organize and direct efficient, effective and secure information technology services to the provincial government. The Chief Information Office supports government's goals and priorities by developing and implementing IT strategies, policies and standards, and through the delivery of IT services and solutions.
Two years ago the Chief Information Office began the process of identifying and consolidating the various aspects of IT operations from all departments across government. During this process we have gained a solid understanding of current contracts and have developed a comprehensive picture of the technology available to us on the horizon. The CIO has made great initial progress in these areas, but we also recognize there is still work to be done. The office has assumed responsibility for IT service delivery from nine organizations. Since that time the CIO has streamlined, standardized, and reduced much of the complexity inherent in IT delivery.
The office is continuing the redesign of networks, consolidating hardware and standardizing and reducing the number of tools used for IT operation tasks. By increasing efficiency, the CIO is able to save taxpayer dollars on purchases, maintenance, training, and the amount of services needed.
Let me give you a real example of the work underway at the CIO - when the office was first created there were seven IT service desks providing support across government, and each desk had its own set of standards and methods of delivering services. Those seven desks are now being consolidated into one consistent service desk with one standard - this means that no matter what department you work in, you will call one central number for all IT support. This will make for a better client experience and more effective use of government resources.
Another area for improving efficiency is in the upgrading of government networks. The CIO has taken buildings with multiple wide-area network connections and reduced them to one. This has not only streamlined the system, it has also allowed CIO to redeploy equipment where duplicates were identified.
These are the types of projects that have been the focus of government's three-year technology and information strategy, connecting the future today. Among its priorities are to deliver tangible results and make a positive difference to the government and the people of Nova Scotia. The strategy will accelerate the shift to new technology; it will make government more accessible to the people of Nova Scotia; and it will capitalize on innovations to improve technology and information service delivery.
The office is off to a solid start in meeting its mandate; however, technology is an ever-evolving subject area and government must continue its work to protect information technology and prepare systems for disaster recovery. With the creation of the CIO, government for the first time, now, has a single point of management for data centre and disaster recovery services to support information technology. The CIO has recognized and identified the vulnerabilities of the data centre, as well as the need for a comprehensive disaster recovery plan to support the business of government.
Through significant investments in the existing provincial data centre, the office has been able to increase the capabilities of government’s primary facility during a disaster-type event. For example, backup power systems and other data centre capabilities have been improved to limit the exposure for key government IT systems. Government has also established disaster recovery capabilities for key systems such as Health and Finance and Human Resources.
An initiative has also been established to acquire an alternate data centre facility to further reduce risks from disaster events. In addition, a disaster recovery plan has been created to guide government IT staff during an event that requires systems to be supported from alternate locations. This disaster recovery plan represents the first time that government has had one IT plan to respond to a disaster event. We have also identified the need for resources and staff functions dedicated to business continuity and disaster recovery. In the next three to four months we will have additional staff to facilitate important planning activities relating to the disaster recovery plan.
The office has started a planning process for an additional data centre location, which will further mitigate risks for government’s information technology capabilities in the event of a disaster. The CIO is also partnering across the public sector to ensure best value for government.
Mr. Chairman, the CIO takes all of its obligations seriously. We work hard to manage contracts prudently, and secure the best value for government while ensuring the needs of Nova Scotians are being met with secure and effective services. For example, as government encourages less travel, there is greater demand for services like teleconferencing and Webinars - and while this demand can increase corresponding budgets, it can also represent an overall savings and efficiencies for the province. These are the types of advances we are exploring - ways to allow technology to better serve the people of Nova Scotia while bringing value to government.
Mr. Chairman, there is no doubt there are challenges ahead and the need for greater collaboration across government. The CIO believes it is doing the right things the right ways and is providing better service and real savings to government and to Nova Scotians.
MR. CHAIRMAN: Thank you very much, and our first questioner will be Mr. Younger.
MR. ANDREW YOUNGER: Thank you, Mr. Chairman, and thank you for your opening statement.
In the audit of November 2011, the top recommendation was that the disaster recovery plan, which at that point was some months overdue, had not yet been completed - has that been completed at this point?
MS. FANCY: Yes, it has. Since we created the Chief Information Office, and we’ve had this organization, that has been very much focused on IT across government. One of the first things we did when we created the office was to look at the nine organizations that already existed and look at their disaster recovery plan. So, in fact, our first plan was an amalgamation of all of the existing plans from the different organizations. But since that time we have consolidated hardware and moved a lot of the infrastructure to our primary data centre and, therefore, we have come out with and developed our second version of the disaster recovery plan, one that is holistic and looks at it across the provincial government. That disaster recovery plan was delivered to the end of December 2011.
MR. YOUNGER: I’m a little bit concerned with something you just said there - and maybe I misunderstood it - you talked about the consolidation of some of the infrastructure to the primary data centre. I heard, if I understood correctly, in your opening remarks that you’ve done some work at the primary data centre but you are still looking for a secondary site, which would lead me to the second recommendation of the Auditor General, which was to implement a strategy that provides restoration facilities in case the provincial data centre goes down.
Where are we in that case? It sounds to me like - while I understand that you are looking to address that by finding a secondary site, in the meantime by consolidating the infrastructure to the primary site the situation may actually be worse now, because if that site goes down you now lose even more than you would have lost at the time of the audit.
MS. FANCY: Certainly we have consolidated to the primary data centre site. There were small server rooms and sort of mini data centres throughout government, and we have moved a lot of that equipment to the primary data centre. We’ve also invested a considerable amount in capital funding around the disaster recovery of that primary data centre, so there was a lot of due diligence and resilience built in the existing data centre.
While we are working on the plan to acquire a second data centre, we do have plans in place. If that data centre was unavailable, within our existing disaster recovery plan we would take the equipment and we would move it to the existing server rooms that are in existence in the department. We still have those rooms, so as our backup strategy we would be moving the equipment and we would be bringing the systems back to life in the individual rooms that still exist. We would be able to commandeer that.
We have other partnerships - and we have very good relationships with the vendors in the province who have data centres, so there would also be a fallback of being able to acquire space. But our first plan is that we have enough space in these existing server rooms that we would be able to bring everything back to life.
MR. YOUNGER: There are two things there that concern me. We’ve all had - and yours is like a giant computer - we’ve all experienced a computer failure now and again; I’d be surprised if there is anybody in this room who hasn’t. It sounds to me like that relies on being able to access the equipment - or one of two scenarios: either being able to access the equipment that’s in the primary data centre (Interruption) It doesn’t?
MS. FANCY: No.
MR. YOUNGER: Okay. Maybe I misunderstood, but it sounded like you said to be able to go in and get that equipment and move it to the old server rooms.
MS. FANCY: I’ll let Steve handle this.
Yes, I did say that, but we do have vendor contracts in place, so we can replace it. But I’ll let Steve handle that.
MR. STEVE FEINDEL: Perhaps I’ll answer your question from the perspective of this being a path that we’re going on to reduce risk over time, and the first step in reducing the risk for disaster recovery is actually to - and it may be counterintuitive - consolidate some of the equipment. Out of the server rooms that we have out there, none of them - very few of them, if any - have backup power and the kinds of facilities that we require even to run operations during the day. Now that we’ve actually completed the investment in the primary data centre, it is much more resilient to all kinds of different events.
We recognize that a second data centre is our plan and certainly is required for the future, but in terms of risk reduction we’re actually at less risk now by consolidating some of the equipment into a more capable facility and making that more resilient to existing - as was referenced in the opening remarks – things, like we have dual generators in that facility now so we could go seven days without power. Those are capabilities that simply don’t exist in some of these other smaller server rooms around the province. That was step one - we’re consolidating.
Now we’re also continuing the work of making the primary data centre more resilient, and the next step is to look at the alternate data centre from a more holistic standpoint.
MR. YOUNGER: I understand what you’re saying in terms of not having battery backups and UPS and all that sort of thing, my concern, however - in fact it was raised in the audit - I assume the sprinkler system is still a water-based sprinkler system in the primary server site - it isn’t?
MR. FEINDEL: No.
MR. YOUNGER: So that has been changed?
MR. FEINDEL: There is a gas system in place there in the data centre. That whole system is being updated. There are some concerns around the way the water system is set up right now, so those are being addressed in the coming year.
MR.YOUNGER: I’m glad those are being addressed, because that was certainly one of the concerns. What I’m concerned about is that - I understand the reason for consolidating in one place, that all makes sense, but in the absence of having a second site, if you have a catastrophic loss of equipment, or you can’t access that building, or if you have a flood - I realize it’s not on the first floor, but I think we all understand floods can happen for a lot of different reasons that aren’t just water, and water and computers don’t tend to mix terribly well - there are all kinds of possible things that could happen in that building, and it strikes me that until you have that secondary site in place, it sounds as though on the one hand you’ve reduced the risk for certain types of infrastructure challenges, but on the other hand the risk has now increased if there’s a catastrophic failure.
In the absence of a secondary site, having it at all these other little sites, if you had a catastrophic failure at the primary site you actually wouldn’t have lost anything in these small server rooms. It probably did need to be phased out.
MR. FEINDEL: So let me clarify - when Ms. Fancy mentioned that through the consolidation we still have the availability of those server rooms, so they are an active part of our disaster recovery plan until we get the second site in place, and as well some of the equipment, whether it’s older equipment or not, is still in place in some of those facilities for the purpose of having some temporary backup capabilities.
We’ve consolidated the data, I guess to be clear, at the data centre, but some of the equipment has remained and we don’t plan to remove it, in the short term, until we have other mitigations in place.
MR. YOUNGER: You mentioned vendor contracts as another part of this, where you can go to the other, I assume, data centres and hardware suppliers and that sort of thing. That sounds good. The one thing that comes immediately to mind is the protection of privacy and protection of data. How is that addressed in terms of those vendor contracts?
There are two parts to that question. One, in terms of if you have to shift information over there and the concern over access by non-government employees to private information of individuals; and, secondly, the information you have now, I assume, is backed up somewhere other than the primary data centre - I hope it is - is that backed up at a government-controlled facility or is it backed up with private vendors?
MR. FEINDEL: Yes, it is. The backups are kept in a government facility and managed by government staff.
MR. YOUNGER: Can you explain how, if you had to use the vendor services, you would address that issue of protection of privacy and access to information?
MR. FEINDEL: We have controls in place so vendors typically do not have access to government data unless we are in control of the access that takes place. We have procedures and policies in place with that. We do reporting to the Department of Justice on an annual basis if there has been any access that was required, but in all cases we control that access.
In the case of a disaster event, we would be looking to vendors to provide hardware equipment support resources, but it would largely be our staff that would be managing the data itself and the actual restoration of information on the backup systems.
MR. YOUNGER: You talked about two things - that it’s your group that is managing the access to the data, and you also said there are policies. There is obviously a difference between having a policy that somebody doesn’t follow – and the policy is important, I don’t want to undermine the fact that it is important to have those policies in place, but what’s more important is how the policies are controlled and implemented.
What ability do you have to understand and know who is accessing which government data at any time, and to control that access? For example, I can go on the GroupWise network in here - and GroupWise is a terrible system, you've got to get rid of it - but I can go on the GroupWise network, and obviously I'm not a hacker so I can't get in and access DMV records or hospital records, but it's all on the big government system, so what controls do you have in place, other than policies, to be monitoring that on a regular basis?
MR. FEINDEL: There are multiple levels of security in place in the network that begin at what we call the firewall, which is really that security level that's between the outside networks and our internal network. That is our primary first front against any attack or information that might get accessed in an improper way. Then we have other devices on the network that have inherent security capabilities, as well as we have authentication built into all the servers and IT devices that would require passwords and different levels of authentication for people to be able to access the information.
Just for clarity in terms of - and as an example, the staff in the CIO typically do not have access at an application level, so there's application. For example, a system like Registry of Motor Vehicles would have information of a very sensitive nature in it. Our staff have abilities to manage the server level and data base side of things, but they don't have access at an application level. So there are different levels of protection. It's not only staff but it's users as well as any vendors who happen to be working in our environment who would have to follow and be monitored by those kinds of capabilities.
MR. YOUNGER: So at the user and vendor level, if you - you mentioned the Registry of Motor Vehicles, so let's use that as an example - if your support staff are there or, frankly, DMV staff, can you monitor what files they access? I'm not asking whether you can get the information, because I understand that you've said that you can't see the information, but my question is if you have an employee who is a DMV staff person and is accessing information that they shouldn't be accessing, are you able to - I'm not saying that you would necessarily know that at the time - but do your records allow you to show who has accessed what information at any given time?
MR. FEINDEL: I can't speak to the application piece - that would be something that, in the case of the Registry of Motor Vehicles, Service Nova Scotia would have to respond to. But at the areas that we manage, like servers and data bases, there are activity and transaction logs kept of all kinds of access, which we can go and monitor and look back through to validate whether the access was appropriate.
MR. YOUNGER: I want to ask you about your plans for the secondary site, which I would suggest, and it sounded like you agree, that would be a priority - what timeline do you have for having a secondary site in place?
MR. FEINDEL: We've begun the vendor consultations for the secondary site. We are currently fine tuning some of the criteria through results of those consultations. We looked across - many vendors came to the table and expressed interest and helped us look at the different possibilities that are there, so we've been analyzing and assimilating that information, as well as consultations with other jurisdictions on some of the best practices that are out there with regard to their disaster recovery plans.
We are at the stage now where we expect to be able to finalize that information in the next three months or so. With regard to putting an RFP out, total time frame, our objective right now is within the next 12 to 18 months to be in a position where we can stand up an alternate data centre location and begin putting equipment and capabilities in that site.
MR. YOUNGER: Is the intent for that to basically be a mirror site of what you currently have, so you can basically leave this site and go right in and be completely operational?
MR. FEINDEL: You bring up a very interesting point because to provide pure disaster recovery, typically that only provides, in the case of a disaster, that you are using that. The business case we feel is much better if it is a more active site; it's a quicker recovery when a disaster event happens. So yes, in fact that's the general path that we're on is to actually use it as almost a secondary active site, if you will.
MR. YOUNGER: I understand that your primary data centre - I assume it's in Halifax somewhere, it doesn't matter to me where in Halifax, but it is in Halifax somewhere - would I be right in assuming you would look for a site that is not in close proximity to the existing site, perhaps in another part of the province?
MR. FEINDEL: That’s a key piece that we’ve been looking at, because in order to do a mirrored site and things like that there are some considerations around the proximity that we need to consider. One of the things that we’ve been looking at in the last few months is the risk evaluation criteria that we would use for the decision around what the actual distance between the two facilities needs to be. That will help guide us on the decision, to make the appropriate risk-based decision once we have the RFP in place.
MR. YOUNGER: At this point where does it look like - what sort of distance are you looking at? The reason I ask is because you look at Hurricane Juan or White Juan - and there have been other ones - and you have very widespread power outages that affect regions. In that case, most of central HRM, at least, was out for a significant time. I understand you have generators and so forth, but there are also realities that you don’t want to be running on generators all the time either.
Whether it’s Truro or you’re in Sheet Harbour - I realize that you also need the data connections at the same time, but the odds of having a severe power outage or flood or whatever the case may be in two different parts of the province at the same time are obviously less than within one region.
MR. FEINDEL: It depends on the situation. In the situations that you made reference to, with Hurricane Juan and White Juan, we did not have an event at the data centre that we have today as a result of those events. We had backup power and it was fine for our - we do work with the power utility to make sure that power is restored. We have access to EMO to be able to prioritize power restoration. Those kinds of events are actually not the highest on our risk register. It’s more events that would affect a more widespread event, that would impact either damage to a building or some other type of widespread event that would prevent us from being able to manage the two data centres together.
MR. YOUNGER: The 911 centre, for example, and the EMO centre - their primary site is in Dartmouth at the Spicer Building and their backup centre is out in Bedford, which gives it a certain amount of distance. What sort of risks do you consider to be your biggest risks?
MR. FEINDEL: For example, a couple that I can identify are an environmental disaster, which might affect a wider area. Here in Halifax there’s an oil refinery across the way, so those are the kinds of . . .
MR. CHAIRMAN: Order, please. Unfortunately, Mr. Younger’s time has expired. Thank you.
MR. KEITH BAIN: Thank you very much, Mr. Chairman. I just have a couple of questions and I’ll be turning it over to my colleague. I’m wondering about testing - the testing of the existing system, and as well, I want to ask, is there ongoing testing as things are progressing in the new data centre? Are there tests being performed so that at the end of the day we know everything is up to scratch when it’s done?
MS. FANCY: Certainly testing is very much a focus of our disaster recovery program. If we look at the financial and HR systems as well as health systems, they have full disaster recovery and full testing capabilities and do undertake those on a regular basis. For us, having delivered our second version of our plan at the end of December, we have been living with that for about three months.
We’ve done some tabletop exercises and some testing of our new disaster recovery plan. Within the next three or four months we are hiring four people who will be absolutely focused on the next stages of our testing around disaster recovery and our program as a whole. It is one of continuous improvement, and we will continue the testing around our disaster recovery plan that we delivered at the end of December.
MR. BAIN: Thank you. The other question I have is concerning training and the whole process. I think it’s noted that there is training that takes place, but it’s informal. I wonder if you could comment on that, please. We’re talking about something very serious here, and I’m just wondering, is there a plan or is there formal training that takes place? You mentioned just the hiring of some more individuals just to do the testing, well, the training is going to have to take place in that respect as well, so I wonder, would you comment on just the overall training and whether or not it’s both informal and formal?
MS. FANCY: Yes. The individuals that we are hiring around the business continuity management, as well as disaster recovery, will be looking at all aspects of those programs, not just testing, but testing will be a portion of that as well. From a training perspective, I agree training is absolutely critical. We have the plan in place so we want to make sure that people understand their roles and their responsibilities and can carry those out in the event of a disaster.
So within our plan we have established teams for every service that we would have to bring back up, and everyone is aware of who is on what team and who is accountable and who is leading those teams inside our disaster recovery. So the individuals themselves, if they’re on a day-to-day basis, if they’re working with databases for instance they will be the ones who are responsible for the disaster recovery around databases or servers. So a lot of the training that they have, they’re living that on a day-to-day basis. What we’ll have our new team doing, the four people that we’re hiring to really continuously improve our program, is to focus on more of the formal training around the plan, and so they’ll be doing that. From a Finance perspective, I’m not sure - in Health, because they have a robust disaster recovery plan and they’re testing that, training is also part of that.
MR. BAIN: I guess my final question before I turn it over would be - you mentioned to my colleague, the member for Dartmouth East, the existing sites will remain until the secondary site, so I guess I’m wondering if you can give a timeline as to, even after the secondary site is in place, how long the existing sites will remain because you’re not just going to have a blanket closure, I would assume, and how long would you expect to keep the existing sites open when all is said and done?
MS. FANCY: I think part of that, we had talked about the 12 to 18 months to have the secondary site up and running and, certainly part of that, we will start to decommission the other sites as soon as we can. What we’ll want to do is a lot of the previous questions that you asked around testing and training, so we’re going to want to make sure that we do a very thorough, more formal training around having the alternate data centre, as well as the testing of that, and then we’ll start immediately to decommission those other groups.
MR. BAIN: But you’re really not in a rush to actually close these existing sites, I guess, until you’re satisfied that everything is . . .
MS. FANCY: Yes, we want to make sure that we’re doing our due diligence around mitigating the risk and so we will not decommission those until we’re satisfied.
MR. CHAIRMAN: Mr. MacMaster.
MR. ALLAN MACMASTER: Mr. Chairman, how many minutes would I have left in the first round?
MR. CHAIRMAN: You have until 9:48 a.m.
MR. MACMASTER: We have some good help with math here next to me.
My first question actually has to do with math - can you tell us about some of the technology changes you’ve made in the last number of years that have saved the province money?
MS. FANCY: Certainly. When we created the Chief Information Office that was certainly one of the focus areas that we had, to be able to look at IT across the departments and agencies with an eye of making sure that we’re delivering quality service, but also that we’re looking at the economies of scale and that we can really bring value to government.
So I can give you a few examples of that.
Certainly from a contracting perspective, whether it’s with telecom or hardware contracts or software contracts, because of the economies of scale and the fact that we’re bringing volume purchasing together, we’ve been able to save government money on contracts - our local voice, we save about $1 million a year on that; in negotiating software contracts, we’ve been able to negotiate very aggressively because we are looking at it holistically, and in several contracts we’ve had cost avoidance of about $2 million on certain software contracts - so we’ve been able to negotiate good prices in that regard.
As well, because we're looking at all the buildings and we're looking at the networks and wide-area network connections into the building and also looking at how those networks are, we've been able to reduce the number of networks in buildings. We've been able to take some of the duplicate equipment within those buildings and redeploy it to other areas, so we haven't had to purchase additional equipment. Those would be a few examples in that regard.
MR. MACMASTER: I know we're talking about disaster preparedness specifically today, but just to follow up on the telecom, would your office be responsible for negotiating the telecom agreement for the entire government?
MS. FANCY: Yes, we are.
MR. MACMASTER: And it is something that always continues to amaze me, how much we pay for - I look at my own phone bill, and I think it was to the tune of about $330. That includes data and long-distance charges and network access charges. I am amazed that a little device - and I'm thinking, I'm just one person. Granted I am on the phone a lot. How are we negotiating to get those volume discounts? Can you give me some perspective on that?
MS. FANCY: I can. Certainly we have - when we look at telecommunications we're looking at it from a long-distance, local voice, mobile, and also data networks, so we've broken it up into the different components. We have a road map of going out and timelines when we're doing vendor consultations, so we do consult with the vendor around what the industry best practices are, what's happening out there in the industry. As well, it provides us an opportunity to let them know what our requirements are in advance, and then to be able to get at the best price, or the best value - to get the best service at the best price, we go out for competitive bids. All of them will be going out to tender within the next couple of years, I believe it is, on the road map. So it's competition. Competition is breeding the value and the price.
MR. MACMASTER: Just on competition, because it's such a large contract, there's probably few people who can bid on it. Has that been an issue? I mean, recognizing the importance of having competition, the size of the contract, does that actually limit competition?
MS. FANCY: I wouldn't say that it limits competition, since we've just gone out with vendor consultation around local voice and some of the other contracts. I don't know if you have any additional comments you'd like to provide? Steve was more involved with that consultation.
MR. CHAIRMAN: Mr. Feindel.
MR. FEINDEL: I think over time the market is providing more options for other vendors to be able to provide various services. Mobile phone is an example. We're aware that companies are now coming into the market locally that weren't there before. So we're trying to line up our procurement and contracting process so that we're not wedding ourselves to a long-term direction, because the market is changing so quickly. We're trying to adopt new technologies as part of that.
The overall plan is that we have multiple streams with long distance - we have the mobile, we have the data network contracts. What we're trying to do is get to a point where they are lined up in such a way that, should we choose to do so, for volume purchasing purchases, we can go out to the market to look at them as a package. That may provide further discounting opportunities for us.
The other thing that we do extensively is we work with the other areas of the public sector on these contracts. We're increasing that over time, so that, for example, Health and the municipalities - working collaboratively with them to coordinate our contracting activities, to specify our needs, and going out to the market in a coordinated way. Today, for example, the mobile phones can be used by municipal entities, as well as our long-distance contracts, but we're going to formalize the contracting process so that we get the buying power and leverage discount capabilities as much as possible.
MR. MACMASTER: That's good. It's good to hear that coordinating, because DHAs, as one example, are certainly a part of government. So it makes sense to try to ensure that we're getting the most volume we can before we go out to the market.
You mentioned an interesting point about how there are some new entrants entering the market. I just happened to be reading the other day that there was a feeling that in the telecom market only those that are able to offer combined services or bundled services - like Internet, telephone, and cable or satellite television - only those companies are going to be able to survive, because they will start undercutting the single-service providers by offering bundles and offering them at a lower price point, combined, to try to cut out the - an example would be the cell service providers. Is that sort of seen as a risk on the horizon to further reduce competition?
MR. FEINDEL: As I say, the market is evolving a lot and there are complexities out there, but from our perspective, we’re not seeing those kinds of things impacting our ability to have choice when it comes to - in fact, today, as an example, the mobile piece, we have a choice of two vendors that we can contract with and that actually plays into the disaster recovery and disaster preparedness side of things. We recognize that we need options when those kinds of events happen. It’s actually a good thing from a number of perspectives to have choice out there.
MR. MACMASTER: Absolutely. In recent years have we actually seen the cost of telecom services drop, for government?
MR. FEINDEL: Yes, we have actually and that was one of the examples that we referred to in the last while for government savings. Even though we have a contract with some of our providers, it doesn’t prevent us from going back to them at any time and saying market conditions are changing, how about we look at that. If any extension of a contract is coming up, we certainly take advantage, in all ways, of trying to make sure that we do reduce costs wherever possible. That has taken place in the long-distance market as well as the mobile-phone market.
MR. MACMASTER: Can you quantify that in terms of dollars that the government has saved in the last number of years? If you want to refer from contract to contract that would be fine.
MR. FEINDEL: I believe one of the savings on the long distance side was in the vicinity of $1 million to a recent adjustment that we made to a contract.
MR. MACMASTER: What would that work out to on a percentage basis? Would that be like a 1 per cent saving?
MR. FEINDEL: No, it’s actually probably higher than that. I would have to get you those numbers though.
MR. MACMASTER: Okay, if you could provide that at a later date to the committee, it would be appreciated.
MR. FEINDEL: That would be no problem.
MR. MACMASTER: Would you say that the pricing we’re receiving from the telecommunication companies is fair from the perspective of - I don’t know how they recover their costs. When I think of using my cellphone I imagine some kind of signal travelling through the air, hitting a tower and getting transferred to another cellphone somewhere else. To me, there doesn’t seem like there are a lot of costs involved, but I know there are. Do you feel - and I respect if you wouldn’t have the specific knowledge on what the telecom companies’ costs are - but the question is, do you feel their pricing is fair relative to the costs they have to cover to support the technology that we use in government?
MR. FEINDEL: As I’ve mentioned, the market is changing quickly. That’s one of the reasons why we do have constant discussions with the vendors on these kinds of topics. Our requirements are to have provincial coverage, in most cases, so the vendors we deal with not only have to provide service in a concentrated area like Halifax but also in rural areas of the province. To get the coverage that we need for these kinds of services for our entire government and Public Service, we do expect the vendors to be investing to provide those services elsewhere and that comes at a cost.
We’re constantly looking at the cost that we pay compared to other government entities across the country. There’s constant change happening on that now when the federal government procures versus when other provincial entities procure. We’re constantly watching for those opportunities to reduce those costs and other elements of our service that we have. For example, the phones that we have today for our mobile coverage can be renewed for a new phone every year. That cost is built into the cost of the contract with the supplier so as we go forward we’re actually looking at changing that aspect so that cost is not borne through the air-time charges that we’re paying and that sort of thing, just to give you an example of the kinds of things we’re looking at to vary the cost there.
MR. MACMASTER: Is that because maybe people would be trading in their phone after a year when it’s still good and getting a brand new model when it’s really not necessary?
MR. FEINDEL: Although we’ve set policies that that shouldn’t be happening now, we’re finding that may be a cost. Best practice that we’ve seen in other jurisdictions would say that perhaps we don’t build in a one-year renewal cost to that equipment, in fact, maybe we pay it as we go.
MR. MACMASTER: I think that’s a great idea. The people working outside of government would probably resent the fact that here we can get a brand new phone every year when the one we have is working perfectly well. I think that’s good because if that saves us money somewhere else, that’s a good thing.
I started out by asking what investments have we made, technology changes that we made in the last number of years that have saved the province money - can you give us some perspective on the return on investment? We’ve made investments to save the province money - I’ve kind of heard that we’ve saved some money on the telecom side to the tune of about $1 million; I think that was more through tendering and using larger volumes. You mentioned that we actually made some software investments and we’ve reduced networks in buildings - what was the return on investment, say, for software?
MS. FANCY: From a software perspective, our recent purchase that we’ve done since we created the office was around some Enterprise Content Management software that government required to manage information and also manage some of the electronic records, and certainly in that particular instance, the software that we purchased, it was about a $2 million discount or cost avoidance on that particular one. That’s probably one of the largest ones that we’ve been able to negotiate, but we’ve also been looking at our standards and our tools, so we’ll look at certain areas where perhaps we’re using two tools today in different departments and we could bring that down to, say, one, so we’ll standardize on one tool. So we’re rationalizing contracts.
We’re looking at, for your fiscal year 2013-14, within the Chief Information Office, reducing our contracts by $700,000 based on this type of work at managing the contracts - looking at the ones, rationalizing them, standardizing more and reducing the numbers that we have. That will be an annual reduction from a contract perspective.
MR. MACMASTER: Do we do any analysis of - say we invested $10 million in software upgrades, and I can appreciate in some cases it may be hard to quantify, but if we invest $10 million in some kind of software upgrade are we able to evaluate how much we may be saving over time? Maybe that’s a payoff over five years, let’s say, if we’re saving $2 million a year somewhere else because of the efficiency.
MS. FANCY: Certainly from an IT perspective - and if you look across government, any IT initiative that is $250,000 or over is considered a capital initiative, so the capital IT projects that are underway, all of those projects would have a business case associated with them.
MR. CHAIRMAN: Order, please. Mr. MacMaster’s time has expired.
MR. CLARRIE MACKINNON: Thank you very much, Mr. Chairman. One of my usual questions to departments and agencies relates to how we shape up in relation to other jurisdictions, other provinces and so on. I’m sure you have collaboration with the other provinces and perhaps you know what is happening in various states as well - can you tell us how we are doing in relationship to other provinces in Canada, perhaps?
MS. FANCY: It’s difficult to answer on a general basis, but as CIO here in Nova Scotia we meet twice a year with CIOs from across Canada in all of the provincial jurisdictions and the federal government. During those federal-provincial meetings, we talk about challenges that we may be having and we also do very much an information-sharing where we’re talking about where we’re at with our use of technology; talk about some of the successes, some of the projects that have been successfully implemented; where we’re going in the future; and to make sure - as a country and all of the provincial and federal jurisdictions - that we’re aligned.
I think if we looked across Canada and into some of the states, it depends on what we’re talking about. We’re definitely, I would say, in Nova Scotia, a leader as it relates to financial management and HR management with our SAP program and we have the acting executive director with us, with Corporate Information Systems with SAP, but we are definitely a lead in that regard from a financial management and HR management and our use of SAP across the broader public sector, and certainly I would say also leading in, if we looked in the United States and looked across the states, in that piece of work as well.
As a whole, I think we try to keep ourselves in line and make sure that we’re keeping up, all of us, that we’re making sure that we’re delivering those quality services to the departments and agencies. So it would depend on which aspect of IT we were talking about. I don’t know if you want to add any more to that, Kevin, around SAP?
MR. CHAIRMAN: Mr. Briand.
MR. KEVIN BRIAND: I think you’ve adequately covered it but I guess, in addition, when we talk about SAP, SAP really looks to us, often, to provide guidance as a leader in the implementation of SAP as it relates to the provincial and public sector. We really are a leading entity in that field.
MR. MACKINNON: You talked about keeping up and changes in technology used to be centuries, fundamental changes in technology, and then it moved down to sort of generations and then decades. We’ve actually come to the point now that we have fundamental changes that go beyond years. I mean we’re down to months. How are you keeping up with the technology that’s becoming available in this rapidly advancing world in technology?
MS. FANCY: Certainly it is an exciting challenge, actually, to have and if you’re in the IT community, it is one of constant learning and that can be extremely motivating as well. How we’re keeping up is - one of the things that we’re doing by creating the Chief Information Office is to reduce the complexity in our technical environment. We talked about consolidating things and reducing the number of networks, and by reducing the complexity in our technical environment it allows us to move quickly to new technologies that could benefit the citizens and businesses of Nova Scotia. One of the ways is to make sure that we are organized in such a way that we are agile.
The other is certainly through training and making sure that we keep up-to-date on where the industry is going and making sure that we train our staff in some of the new technologies, but also just to make sure that we’re attending different meetings and workshops where we’re actually keeping on top of those emerging technologies so that we understand the applicability to government and where these technologies can be used, also with an eye of making sure that they are sustainable, making sure that we understand the risks that are associated with them, and also making sure we understand when to start using a particular new technology to make sure that it is sustainable, that there is a business case, that it actually makes sense to use, because there’s a lot of hype around new technology. So one of our roles is to make sure that we understand that, that we provide some guidelines around usage of that; or that there are business cases around it before we jump in too quickly.
MR. MACKINNON: As a government member I shouldn’t really ask this question but do you have the budgetary resources to keep up?
MS. FANCY: That’s always a challenge. We certainly would never say no to more money and capacity, that’s for sure, but we do an operational plan and we have a three-year strategy. We work very closely with the departments and agencies and we spend around the capital projects and the major IT projects. There are business cases. We do prioritize those projects and we never have all of the money to be able to do all of them nor do we expect that we would be able to do that. So we make sure we prioritize and we do have the budget to take on the ones that would bring the most value.
MR. MACKINNON: Mr. Younger talked about the risk involved in going from seven desks to one desk, so you’ve already covered that. However, what about the time frame that has been involved in doing that from a start time to a finish time, the actual timeline that has been involved with going from seven to one?
MS. FANCY: The Chief Information Office was announced in April 2009. Our plan at that point was to take 12 months to transition everyone in, and it took us 14 months to be able to get everybody into the organization. We started managing IT services and solutions in June 2010. From a timeline, we’ve been working on it since that period of time, and we just consolidated all of those seven help desks into one help desk. We just finished the last one last month.
We take a very strategic but also a pragmatic approach to that, making sure that we have all the risks managed, because this is major change that we’re taking on, and a major transformation. We want to make sure that we can work through that transformation and be successful and at the same time still be able to deliver secure and timely services to our departments and agencies. In fact, we’ve completed that - seven service desks into one last month.
MR. MACKINNON: From a backup perspective there is always a concern regarding problems or disaster in having your main source and your backup too close together; it would be fundamentally wrong to have them in the same building or on the same block. Distance is important - what comments do you have in relationship to the distance from the main source to a backup?
MS. FANCY: We certainly have our backup. It is in a government building, so it’s not privatized. It’s within the provincial government; from a distance perspective, it’s certainly not on the same block. We feel that it’s adequate distance, that if we were to have a disaster it would be safe and we’ve mitigated the risk.
MR. MACKINNON: I had to go out and make a phone call, but some time back I had several meetings, or at least two meetings, with a private entity that had taken over the facility in Debert, which was actually a “Diefenbunker” that was set up during the Cold War time frame. A lot of people today don’t remember how fragile things were in the late 1950s and early 1960s - the fact that people were actually making bunkers in their basements and so on, and governments ended up with bunkers for some of the leading people in decision making to go to. The plan for that Diefenbunker - of course, because of Diefenbaker being in power at the time, federally - in Debert was that it would be one of the safest places in the world, probably, or at least in Canada, to store very valuable and vital information.
What’s the latest update on that facility? Changes were being made, and I don’t know if the dream came true or not - are you familiar with the details involved with that?
MS. FANCY: Steve will take this one.
MR. FEINDEL: I can say that we have had some awareness of that facility that you reference there. That company has been involved with the vendor consultation on our secondary data centre. We’re looking at all avenues and elements when it comes to securing backup information. I think it’s also valuable to point out that some of our more critical sensitive information is also stored away in vaulted areas outside the city, on tape copies. We use a variety of approaches and mechanisms to actually secure backup information.
MR. MACKINNON: How long would it take to get the system back up if there were severe problems, or a disaster?
MR. FEINDEL: In the case of some of our core systems like financials and HR, for example, there is already an existing capability to have a secondary data centre that will be reviewed and looked at. The plan is that that would incorporate into our corporate one at some point, but today to put those systems back in place we're looking at 24 to 48 hours to restore functionality and access to the information.
MR. MACKINNON: What impacts would a disaster or problem of the magnitude that you just talked about, what impact would there be on Nova Scotia for the period of time that the system was out?
MR. FEINDEL: The various businesses that use those systems have business continuity plans that would guide them through manual processes, as necessary, to be able to continue to function and deliver services to citizens and businesses. Those are all planned parts of these disaster recovery plans and the businesses are aware that it would potentially take 24 to 48 hours.
We plan, over time, to make sure that those are constantly reviewed and adjusted with the business as required, but they do have business continuity plans in place to deal with those periods of time.
MR. MACKINNON: Mr. Chairman, I'll be sharing my time with Mr. Epstein.
MR. CHAIRMAN: Mr. Epstein.
MR. HOWARD EPSTEIN: Thank you. I should probably begin by a confession that I know virtually nothing about IT, and I would gratefully appreciate any simplicity in your answers that would help me along in my understanding.
I was struck by something, which is that it looks to me as if you've been examined by the Auditor General a few times over the last few years. This struck me as unusual. I think the Auditor General looks regularly, of course, at big spending departments like Health, virtually non-stop, but I think you've been looked at in April 2009, and I think I see also in November 2010 and May 2011, and now November of 2011.
If I follow it correctly, I see that from the first, I think, three chapters in the Auditor General's Report there were some 25 recommendations and now, last November, there were another 15. I had a look at your site and there seems to be an accounting of what you've done about the different recommendations, but that seems to go up just to last November, which would have coincided with the last report, the one that I guess we're sort of particularly focusing on today, although there is some overlap, I think, as I read it, in the items looked at.
I wondered if I could start first by asking you about the posting that accounts for how you're dealing with the recommendations - is that going to be updated?
MS. FANCY: Yes, it will be updated. We have an individual who is accountable for tracking our progress on all of the Auditor General's recommendations and we record that in a system called TAGR and we will be updating that in the next month or so on the Internet.
MR. EPSTEIN: Right, so that will add the next - your progress on dealing with the next 15 recommendations from the Auditor General, is that right?
MS. FANCY: Absolutely.
MR. EPSTEIN: Okay. So looking at your report as it is posted to date, of the 25 recommendations that were made previously by the Auditor General, I see that there's only one that is categorized as being “do not intend to implement.” The others are either completed or in progress.
MS. FANCY: Yes.
MR. EPSTEIN: So I'd like to start by asking about that one item that says do not intend to implement.
What I was puzzled by wasn't that you are not implementing it, I was puzzled by - I couldn't really understand what the problem was in the first place, so maybe I can just tell you what I thought happened here. It seemed to have something to do with what are described as risks between security operations and IT operations. As I read it, you seemed to have a security authority and an IT service delivery authority, and they in turn report to executive directors, who are separate, who then report to you as the Chief Information Officer.
What was the problem? I don't understand what the problem was in the first place. That looks like a logical kind of structure for your office.
MS. FANCY: My understanding of the issue, and my understanding of the recommendation from the Office of the Auditor General, was that they would have preferred the security authority to be in another organization opposed to the Chief Information Office. The security authority produces standards around how we should operate and implement IT as it relates to security, and also audits the operations group to make sure they are living up to those security standards. So there was some concern around having those roles in the same organization.
We separated them into two separate divisions. As you said, they are reporting to two different executive directors - we also have an escalation process where we can invoke several deputy ministers to come together in case of a conflict between the two, so we feel that we've mitigated the risk through an escalation process and by separating them out in divisions.
MR. EPSTEIN: Okay, thank you.
And could I ask as well about a couple of the items that were still called “works in progress”? I'm not sure if this situation has changed since last November, but one of the items had to do with a security charter, and your last posting was that there was a draft security charter developed - I'm wondering, has that progressed beyond the draft state or is it still a draft?
MS. FANCY: We have evaluated the draft security charter and it is just going through some modifications at this point, based on the review. We're also working to align it and develop a security strategy, which was also part of some of the recommendations, so it's continuing to move forward.
MR. EPSTEIN: Do you have a timetable in mind as to when you think the security charter will be finalized?
MS. FANCY: We are hoping to finalize it by the end of May.
MR. EPSTEIN: Okay, thank you. One of the other items called work in progress referred to documented architecture standards, and I wasn't sure exactly what this had to do with. I assume it had to do with the buildings or the facilities - is that right? And, again, what's the state of play with respect to that?
MS. FANCY: It is standards around equipment, so standards around servers . . .
MR. EPSTEIN: This is architecture, not in the sense of buildings but equipment . . .
MS. FANCY: In the sense of technology, right . . .
MR. EPSTEIN: I see. Okay. All right
MS. FANCY: So sort of like blueprints and equipment . . .
MR. CHAIRMAN: Order, please. Unfortunately, Mr. Epstein's time has expired.
Mr. Younger, you have 14 minutes.
MR. YOUNGER: Thank you, Mr. Chairman. There are a couple of issues that I sort of want to continue down the road of - one, I heard it said there that it would take - and correct me if I understood this incorrectly - but under the current situation of the single data centre, in the event of a significant incident it would take 24 to 48 hours to bring systems back on-line for the departments?
MR. CHAIRMAN: Mr. Feindel.
MR. FEINDEL: It will vary by systems. I referred earlier to financial HR systems where that is the time window that is present, largely because they do have a secondary site already in place that runs as a regular part of the operation. So for our current disaster recovery plan for other areas of government, it ranges from 48 hours to seven days at this point and it would be prioritized by the system that we're trying to restore activity for, and
in the meantime the businesses would be following their business continuity plans while that activity was underway.
MR. YOUNGER: So what systems would be at the seven-day end? I don't need a list of them all, of course, I'm just trying to get a sense of what systems - granted, I realize that things can be done on paper.
MR. FEINDEL: So one of the levels of activity that we'll be doing with departments is going through a business impact assessment to make sure that we have a predefined list. Today, if that were to happen, we would pull together the necessary decision makers and stakeholders to provide guidance to us of which ones we do first, and that is outlined in our disaster recovery plan. Eventually we would have more predefined abilities on that - and once the secondary data centre is in place, then those times are likely to be reduced.
MR. YOUNGER: I’m a bit surprised that you don’t have that list now. You’re saying if there was a disaster this afternoon, it would be at that point that you would pull the decision makers together to figure out how you would prioritize which systems would come back up?
MR. FEINDEL: We already have a fairly good sense of what the major systems are and the large impacting systems and we do have some level of information in terms of how many days they can go on their business continuity plans without major impact. But we would focus on those systems first.
In terms of the full list, there’s a list of, I’ll say, close to 100 systems that we would be focused on in an event like that where we don’t have it itemized from zero to 100 at this point.
MR. YOUNGER: I understand there are a lot of systems. It strikes me that the last thing I’d want to be doing during a disaster is coming up with that list.
MR. FEINDEL: It can relate to the situation, the timing can affect some of the decisions that are made around that. We do have identification of the right individuals to have those discussions quickly. As well, we have plans in place around who needs to be meeting to make those decisions at the right times.
MS. FANCY: If I could just add to that as well. We do have the business continuity plans of the departments themselves. The departments have identified their priorities as it relates departmentally, so we do have that information. If you’re dealing with a specific department or an agency, we know basically what their priorities are because they’ve established that through the business continuity planning.
For us, there are two levels here. Our job is to make sure the technology is up and running; we have networks to get up, we have storage area networks to get up, so the databases and the actual sort of machinery of IT. We very much know the priority of that in getting the back-end technology up and running. We know what the priorities of the individual departments are through their business continuity planning. So we have individuals that we would contact if we wanted to take it to a further level, depending on the severity of the disaster, to look at the priorities from that point on.
MR. FEINDEL: It’s also not a sequential process. We would actually be actioning several things at once, in reality. There needs to be a sense of prioritization and focus on those activities.
MR. YOUNGER: Yes, of course. I understand it wouldn’t necessarily be sequential and things can be overlapping and obviously there are departments that would rely on similar things - so a network. It just strikes me, I understand that and I understand that depending on the type of disaster or type of incident, there might be different priorities. But I think there are probably also some pretty easy ones. Renewing your driver’s licence is probably not the top priority, or getting that system back up and running, in the event of a real, honest-to-goodness disaster; whereas ensuring EMO can access their systems would obviously be the top. I think we probably already know that.
MR. FEINDEL: Absolutely, yes.
MR. YOUNGER: Obviously health care and police, there are some obvious ones at the top and there are some obvious ones at the bottom. But what I’m concerned about is, when you look at managing a disaster - and this was peripherally raised in the audit when it talked about the issue of backups - if there’s only one person who knows what the backup protocol is as opposed to it being written out, then that’s obviously a problem if something happens to that person or they’re on vacation somewhere and unreachable. Though the same thing happened in a disaster - I understand you have a list of the people that can make those decisions but I can’t fathom why that list wouldn’t exist now. It should be fairly straightforward to say here’s the list, if we have a flood, if we have this - under certain circumstances you basically have a tree that works its way down.
Computer programmers love this stuff, right? Those little flow chart things that say if this happens, then do this. That strikes me as now would be the time I’d want to be doing that, not in the middle of a disaster.
MR. FEINDEL: We do have some of that information on those lists. I guess what I was trying to point out was that there are considerations of timing of when these things happen that may cause those to be looked at again. The next area of refinement of our disaster recovery planning is to make sure that the linkages between the business continuity and the business needs of those areas are better defined and that is an area we’re moving on to in the next generation.
As I say, when we get to a point where we have the secondary data centre and we have mirroring of the capabilities, we would further have to readjust those over time. It’s a bit of an involving model around that. We do have a starting point on that today. Is it as comprehensive as it needs to be? No, that’s an area that we are working on but I do believe we have starting point to be able to move through the right decisions.
MR. YOUNGER: I would just like to encourage you to really prioritize that because if I understood you correctly earlier, the data centre is 12, 18 months out - the secondary one - maybe longer because obviously then it’s going to rely on funding, tendering and maybe construction or outfitting at the very least, if it’s in a leased space. I think we all understand that, let’s face it, it doesn’t matter what party is in power, a lot of government capital projects tend to go over time and even if they don’t go over budget they take longer than we anticipate.
Whether it is hurricanes, whether it’s flood, I can’t think of a single year in the past five or six years that we haven’t have something happen. Now all of those things that have happened in Nova Scotia haven’t, obviously, affected your data centre and I understand that. But I am concerned that - it just strikes me to be the top priority because this isn’t the member from one of Pictou’s, and I apologize that I can’t remember . . .
AN HON. MEMBER: East.
MR. YOUNGER: East, thank you. I apologize that I can’t remember - talked about the Diefenbunker and in 1950s and this isn’t the 1950s anymore and we’re not using type writers and paper and everything else, which has pros but it also has cons, because it means that there are a lot of those business processes that just simply don’t function in the absence of computers. They try and they do their best, and I know that that happens, but we all know what the impact is. Do you have any sense of, if something majored happened this afternoon, what are things that people would be waiting seven days for?
MR. FEINDEL: I’d have to look at the list of systems that are out there. It would depend on what priority decisions are made in the early days of the identification of a disaster event to be able to answer that question for you.
MR. YOUNGER: Okay. I will go on to something else then with the last few things. My other colleague - I think it actually was the member for Pictou East - talked about technology changes and how fast they are coming. The one thing I’ve noticed since arriving here three years ago is – maybe it’s the size of the organization, I’m not sure, that makes technology in software changes happen at glacial pace. Whether it’s a two megabit limit on GroupWise accounts or it’s the inability to forward outside from GroupWise - and now I understand there’s a switch to Microsoft office - you know these sorts of things which I understand would be initiated out of the information office and then come down to the business units.
As the member for Pictou East rightly pointed out, these changes are happening much more rapidly and in order for us to be able to be compatible with other governments, with other departments, and not only other provincial governments but other levels of government, there seems to be a need to be upgrading, at least at a software level, much quicker than we did in the past and I’m just wondering what plans are in place to address that sort of problem.
MS. FANCY: Certainly one of the things that we are looking at is standardizing on some of our tools and reducing the numbers that we have because we often have two or three tools doing the same thing and so there is a process underway were we’re actually rationalizing that. We had mentioned earlier around getting the complexity out of our environment and that’s the kind of work we want to do, to be able to deliver the tools that departments need but to make sure that they are sustainable. We’re looking at the architecture, relooking at standards, reducing the complexity and that should increase our ability to be more timely and increase our ability to be able to upgrade.
We also have a contract management group in place and they look at all the contracts, making sure we’re taking advantage of upgrades when they are available to us. So there’s a fair bit of on-the-ground foundational work that’s being done to actually address the question that you just posed.
MR. YOUNGER: And the last thing is - and I realize I’m a little bit all over the place for this last few minutes - in this year’s estimates I notice that last year you had 192.3 staff and it’s going up to 217. That seems to be a fairly substantial jump?
MS. FANCY: Yes. In last year’s estimate we had 209 FTEs. In this year’s estimate we have 217, so it’s actually an increase of eight FTEs.
MR. YOUNGER: But you really had 192.3?
MS. FANCY: That was through vacancies, so our ability to hire as quickly as we would like to be able to - that is as a result of having some vacancies at the end of the year. So from a budget perspective, we increased by eight FTEs from one fiscal year to the other, and this year, in 2012-13, I think there is about $57.2 million worth of IT capital projects that will be undertaken in government. A lot of that requires work from our office, the Chief Information Office, to enable that. So some of those projects would have entailed us increasing our staff to be able to support the $57.2 million worth of projects that are going to be undertaken this year as it relates to IT. A lot of those IT projects are being led by departments.
MR. CHAIRMAN: Order, please. Mr. Younger’s time has expired. Mr. MacMaster.
MR. ALLAN MACMASTER: In my last question you were trying to answer about the return on investment, and I know in some cases it’s probably kind of hard to answer that question.
MS. FANCY: Right.
MR. MACMASTER: If we look at reducing networks and buildings, for instance, that’s just removing technology, but on the software side, if you invest in software that may create more efficiencies for people working in government, it’s a benefit - no question - but it’s hard to measure that. I’m trying to think of the best way to ask the question, but do you have any means of measuring return on investment when you make an investment through your office to change technology throughout government, whether it’s for disaster assistance or what have you?
MS. FANCY: I was trying to remember where I had left off in my answer, but certainly for capital projects - and the parameters around that are $250,000 and over, so those types of projects - we have a standard business case for all of the IT projects where we’re really detailing out what the costs are, what the risks are, what the benefits are, both from a qualitative and quantitative perspective. So before we take on a capital project - it’s either building a new system or putting a new application out there - there is a business case that is reviewed before that project would be even recommended for capital funding. So there is the ability to be able to do that and there is the due diligence around those sorts of things.
MR. MACMASTER: Thank you. It’s good to hear that that’s happening. I’m sure if anybody was ever interested, they could specify a particular case or investment and you could come back and say, well, we did it for these reasons?
MS. FANCY: Yes, exactly.
MR. MACMASTER: Well, that’s good to hear. Just back on the telecoms - forgive me for my interest in this one - I guess as a consumer you have little power, but when you think of government, it’s probably the one group in the province that does have some power. I know you were going to provide it to the committee at a later date - the savings on the last telecom contract - and you think it may be somewhere above 1 per cent.
I guess one question I would like to ask is, I know over time, if you had the same number of employees working in government, many people are using the phones the same amount, but I also know that there is the type of use of electronic devices. Sometimes as time goes on, we need to use more and more data because applications that we’re using are more - they’re prettier in some cases and they require more data to supply us with the same information with a nicer display, or what have you. What impact is that having? It seems to be a way for the telecoms to retain the amount of money that they’re receiving for these contracts. Does that play into the analysis of the savings of a million dollars?
MS. FANCY: Again, every application. So every time we’re applying IT inside a department to help deliver a service or a program, we go back to the business case. We try to include all costs in that, so if there is a specific project to implement a new system or whatever, we make sure that the costs are complete. It would include not only the cost to develop the system and implement it, but also the long-term sustainment costs, what is it actually going to cost to continue to evolve this and to support this and to make sure that it meets the needs of our clients. That is measured against the benefits that this particular system would bring and so the net of that would determine whether the project was, in fact, a value-add and something that government would want to invest in, so it’s considered.
MR. MACMASTER: That’s good to know - it’s considered in the cost analysis. With respect to the telecom contract, how many companies do we expect to see bidding on the next contract?
MS. FANCY: I’ll pass that one to Steve, please.
MR. FEINDEL: It actually varies by contract. We have long-distance; we have local; we have the mobile wireless and the data circuit. So it does vary. I would say, on average, we’re seeing three to four vendors per contract bidding in some way on that, but it does vary.
MR. MACMASTER: It’s hard, really, to predict, but we’re probably not going to see any more companies than that bidding in the future, are we?
MR. FEINDEL: Actually we do see companies entering the marketplace in these various areas over time - some more than others. A long-distance market, for example, is not going to have the growth in that we would see in the mobile space, but there are new players coming into the mobile space over the next while that weren’t there before, so we do see some growth.
MR. MACMASTER: The other question I had was do you require the bidders in their proposals to provide a breakdown of what they’re using to come up with the price that they’re offering you for services?
MR. FEINDEL: It can vary by the contract. Typically we don’t get to see the vendors’ cost models, although we would certainly like to try to drag that out. With our specifications, we try to make sure that they’re specific enough so that we can validate those proposal costs benchmarked against other providers or other jurisdictions or other clients in the public sector that may have existing contracts.
MR. MACMASTER: I can appreciate that. They wouldn’t want to be sharing that information with you or, of course, with their competitors. I guess, when I think about it, if there are only three to four bidders there is not a lot of competition anyway.
I don’t know what we can do. I suppose government is such a big client, we could say, either show us your numbers - if you want the contract, show us your numbers. Whether we’d get truthful numbers or not, I don’t know, but - or accurate numbers may be a better description. Anyway, I just thought I would ask that to get your perspective on it. I know telecommunications is a big expense for government, and with so few players in the market it’s difficult for us to have power over the cost to control it.
My next question has to do with the office. Last year there was a forecast for an estimate of 213 FTE positions. You came in well under that over the course of the year at 195, but the plan is to go back up to 221 this year. What would account for the variance that is happening there?
MS. FANCY: Since our creation in 2009 we have had some variations on FTEs throughout the fiscal years, and some were positions that have been transferred from other departments into the office over the years and, therefore, their FTEs would go down and of course ours would go up. We did actually reduce our FTEs by three as well, as a result of direction from government around vacancy management, so we have done that. The remainder of those around the increase in FTEs would be the new services that we were required to provide for the departments and agencies of government, based usually around new capital initiatives that they were taking on that required support from us. So some of the benefits in their department may have been a decrease in costs, or perhaps a decrease in FTEs on their end, but caused an increase on ours - but net overall would be positive for government.
MR. MACMASTER: I could see how that could happen. Would that not have been estimated, though, at the start of the year, what those needs would be for the year?
MS. FANCY: Yes, during budget preparation time we would have determined, based on the initiatives that we knew were going to take place that year, looked at the pressures we would have from an FTE perspective, and present that to government with the pros and cons, the risks of not having the FTEs to the success of the projects, and we would present all of the information required for government to make a decision on whether to provide us with those or not.
MR. MACMASTER: When you go back, do you try to include maybe a 10 per cent variance, just to make sure that you have enough for the year?
MS. FANCY: It's interesting when we're dealing with FTEs, because individuals just don't work on one thing, they work on multiple projects at one time. We try to be as lean as possible, though, so we're trying to keep it down. Rather than bolstering it up, we're trying to make sure that we are absolutely as realistic as possible and that we've had a really good look at the project, and have a very good understanding of the inventory of work that we're expected to be able to deliver on in order for that project to be a success. So it's all based on the inventory of work; that sort of determines our calculation as to what it is we need.
We always look within ourselves first, to see if we have the capacity somewhere to be able to take it on, before we ask for the increase.
MR. MACMASTER: So for the coming year you would want to make sure that you have some extra FTEs budgeted in case there may be initiatives that come up from other departments that may impact you, and that way you would have it budgeted in for the department.
MS. FANCY; Normally what we try and do is balance our priorities somewhat, so we may have to slow down something to speed up something else. We don't really have an overabundance of FTEs so we're cutting it pretty close to the line there. We've already started planning for 2013-2014, so yes.
MR. MACMASTER: And in the case of last year, there were 213 budgeted and you needed 195, so were there any projects that weren't - or activity that wasn't required that allowed you not to need those 18 FTEs?
MS. FANCY: I would say we probably did need those 18 FTEs, certainly based on the workload. So it's not so much based on projects slowing down or not needing them, it was just that people would have moved jobs. They were just vacancies that we had at the end of the year, so we didn't actually have a person in those jobs because they moved on and took a job somewhere else and we are in the process of recruiting again. It's basically vacancies, not a measure of we didn't need them.
MR. MACMASTER: I guess if there was a vacancy in a position and another position was filled, or there had been a vacancy, wouldn't that even out?
MS. FANCY: It would, but we weren't trending towards having - so we'll have a variety of vacancies throughout the year and we fill them as quickly as we can. But it's just a matter of timing, so we always will have some vacancies that we're trying to fill as quickly as possible.
MR. MACMASTER: Right, exactly. It's something that I've noticed right across government in pretty well every department, that there's about a 10 per cent variance. Okay.
The next question I would ask is in the Connecting the Future Today document, that a lot of the measures of success are subjective and qualitative, and I guess whenever we're looking at things from a Public Accounts perspective we're trying to see that there are quantitative measures for success - can you offer some comment on that and are there quantitative measures that perhaps you have that may not have been put in that document that you are using?
MS. FANCY: Certainly from a strategy perspective, when we developed that strategy we were looking for it to be a high-level document, an umbrella strategy that set the direction for IT work inside government. We wanted to set five strategic priorities and keep them at a fairly high level so that they would have a three-year lifespan, and they were specific enough to guide our work but general enough to live through three years of change. Then what happens as a result of that being an overriding strategy, what we would see is the projects that departments take on to implement new technology.
MR. CHAIRMAN: Order, please. Mr. MacMaster’s time has expired, unfortunately.
MR. EPSTEIN: I have a very good friend who lives on Gabriola Island in British Columbia, Bob Bossin, who is a well- known Canadian folksinger. For many years he had a group called Stringband, and at one point he travelled around the country and put on a show which was known as Dr. Bossin’s Medicine Show, and he sang peace songs and he offered for sale little vials of coloured liquid. His slogan was that this was Dr. Bossin’s elixir – “guaranteed to prevent nuclear war or your money cheerfully refunded.”
It made me think a bit about all this talk about disaster preparedness. It wasn’t clear to me just exactly what disasters we’re talking about - it seems to me if there is a nuclear war and we get hit, there may not be a lot of us around to be too concerned about whether the Department of Finance records are in good shape. It seems to me perhaps we’re – and I don’t mean to rule out some kind of nuclear disaster, but I’m wondering if you could give us an idea of what exactly it is that you do have in mind and the extent of damage that you might be prepared to deal with in terms of response, because surely the extent of the disaster would impact on even our fundamental ability to respond in any way.
MS. FANCY: If I look at it from a couple of examples - we can go from saying there isn’t power to the building for instance, we would look at what is not available in the data centre. Perhaps it’s a “White Juan” or it’s a hurricane or a tropical storm of that type, which is definitely plausible here in Nova Scotia - what would the repercussions be, what would the risk be around something like that, and make sure we’ve mitigated those. In those cases, it could be a loss of power supply, and that’s why when we look at what our mitigation strategies have been around something like that, it has been really to invest in our current data centre. There has been about $8 million worth of capital put in that data centre in the last three to four years - around having dual generators, re-looking at the electrical framework within the building, new air conditioners, the physical security of the building.
So, really, building up the resilience inside our building to the point where Steve has mentioned we have fuel on-site to run the generator for seven days. So it’s those types of disasters that we’re looking at.
If we’re looking at something more catastrophic than that, something where we can’t get into the building - it’s collapsed for whatever reason - that’s where we get into, okay, we’re starting, we’re bringing in equipment, we’re bringing into these alternate, for now, the alternate sites we have here in government and then later the alternate data centre. It’s one of looking at what would the impact be - what are the possible impacts that we could have and how do we mitigate those?
We’re on a path of continuous improvements - as we work through this we’re going to continue to improve.
MR. EPSTEIN: On top of mind, for you, seems to be loss of electrical energy for a short or longer period - I find that very logical and sensible and seems to be within the mandate of what we’re looking at here. That’s really the main focus - is it?
MS. FANCY: Yes. I think Steve wanted to add . . .
MR. FEINDEL: If I could just add some further clarity to that. We’re actually looking at a range of possible events. Nuclear war, I’m not sure is one of the ones that we’ve got on our list at the moment, but certainly significant events, whether it’s a terrorist event or environmental, as I think I referred to earlier, our risk evaluation model that we’re working with right now looks at the elements of what potential range of events could happen, what’s the likelihood of them happening, and then what’s the impact if they do happen and being able to put some quantitative measures around that, as best we can, so that our plans around disaster preparedness can be in a responsive situation to the most likely events.
MR. EPSTEIN: Sure.
MR. FEINDEL: It’s obviously a cost model that comes into play. You know, we don’t have unlimited resources to plan for every event. We do work extensively with EMO in terms of understanding the events that could have, you know - that’s why having them as a client, where we provide IT services, comes into play as well. We work very closely with them and we do work with them to understand what those events are that could potentially affect us in our IT environments as well as what are the potential mitigations that we can put around those, whether it’s at a data centre level or broader.
MR. EPSTEIN: Yes, that’s very helpful. It seems to me, I think in response to one of the earlier questions, I heard mention of a list of perhaps 100 systems that you try and prioritize, do I take it this is in line with the idea of Health, Finance, Human Resources and so on, and that you would have a number of others? Could you give us an estimate?
MR. FEINDEL: Yes, that was an estimate of the number. There are actually many more than that across government but the ones we would focus on would be a defined list.
MR. EPSTEIN: And it seemed to me, just in casually thinking about it, that perhaps Service Nova Scotia and Municipal Relations might also be a big collector of data inside of government as well. Would that be next on the list?
MR. FEINDEL: No, they would be included in those major systems, in most cases.
MR. EPSTEIN: Yes, and I guess what I was simply saying was that, although Health, Finance and Human Resources might be ones that would have a fairly direct and immediate impact on people’s lives and it would be good to rate them high on the list, I wondered about the next tier down. Would Service Nova Scotia and Municipal Relations be there and would there be another associated number of data centres inside the government that you might put on a secondary tier?
MR. FEINDEL: Yes, I think that would be fairly representative of the approach you would take in the event of a disaster. I think we referenced, in the opening remarks, that over the next three to four months we’re going to have disaster continuity planning resources come into play that will bring better definition to those kinds of lists and the priorities that would be applied there.
MR. EPSTEIN: I’m still wondering actually if you could tell me if there were other departments or data centres that would be in a secondary tier along with Service Nova Scotia and Municipal Relations or is everyone after those first three or four relatively small in terms of their data collection?
MR. FEINDEL: It can vary. We would go by the disaster, the business continuity plans that the departments have identified where they actually specify the number of days that they can go on certain processes. That’s what we would be guided by in the case of a disaster.
MR. EPSTEIN: And something else I think, perhaps, was not entirely clear in the earlier exchanges was the stated play with respect to developing the secondary site criteria. Are the criteria now developed or is that still being worked on?
MR. FEINDEL: It’s still being worked on but we’re very close to completing that process.
MR. EPSTEIN: And could you give us some examples of what the criteria are?
MR. FEINDEL: In addition to some of the ones that I’ve referenced around the distance from the primary to the secondary, there are standards and benchmarks out there for data centre capabilities. We’ve referenced that we have dual generation backup power capabilities in our primary centre. Those are the kinds of qualities and criteria that we would be looking for in a secondary centre as well. There are actually international standards and data centre standards that we can actually refer to to give us a lot of guidance on that and we’ve adopted many of those criteria.
Once again, they always come at a cost, right, but it comes down to security, the physical security of the facility, the kinds of qualities of service of the facilities that are in there, whether it be backup power or even just having dual power in the data centre itself, there are some fairly defined criteria that we’ve either picked up from those standards, consultation with jurisdictions, or consultations with our stakeholders that have requirements in those areas.
MR. EPSTEIN: And are you thinking of building or are you looking to put out an RFL or RFP.
MR. FEINDEL: Good question. We are going down the process of an RFP. We have done some initial analysis, which has indicated that the business case is better for us to go procure a facility instead of building and maintaining another facility at this stage, for many different reasons - timeliness and long-term costs. We’ve consulted with Transportation and Infrastructure Renewal on some of those topics. At the moment we’re on the path to doing RFP, which will go to the private sector to look for those solutions, which could include somebody building a data centre if that business case existed for them to do that.
MR. EPSTEIN: Again, I want to emphasize that this is not my area of expertise, but I wonder if any of you have toured the Diefenbunker that got mentioned, which has now become a data centre - the essential point being that it’s now offering services that promote security.
MR. FEINDEL: Yes, I believe some of our staff actually have toured that facility.
MR. EPSTEIN: Interesting, okay. I’d like to go back, if I could, to some of the questions I was working on before, which had to do with the work-in-progress items. Two of them, it seemed to me, might have moved beyond that. I was trying to remember something we had heard from you before, and one was that there’d be a security vulnerability assessment from an independent firm and the other was that there’d be intrusion detection hardware and software. Can you bring me up to date with respect to both of those?
MS. FANCY: We have had the threat risk assessment. We do an annual threat risk assessment on our network, which is conducted by our security authority in relation to industry standards that all jurisdictions are using around security threat risk assessments. The second part - I’m sorry?
MR. EPSTEIN: Just to go back, though, was that done by an external firm? I think that was what I understood.
MS. FANCY: We have had one done by an external firm since then, yes.
MR. EPSTEIN: Okay, thanks. The other part had to do with intrusion detection hardware and software, and I wondered what the state of play was with respect to that.
MS. FANCY: And we do have intrusion detection tools in response to the recommendations. They are in place today.
MR. EPSTEIN: Okay, thank you. Mr. Chairman, I believe my colleague Mr. Ramey wanted to ask a question.
MR. CHAIRMAN: Mr. Ramey, you have until 10:50.
MR. GARY RAMEY: Thank you very much. Not very much time, so I’m going to have to speak fast. I think in terms of having lived here all my life in Nova Scotia we’d be pretty safe to say if we were worried about disasters, wind or rain or a combination of both would be a pretty good bet.
My question relates to two things - or I really have two questions. The first is, one of my colleagues mentioned about the AG’s report and information being on the Web site in terms of updates as to how we’re doing. Does the government mandate to you how often you have to update that information, or are you doing it voluntarily? What’s the deal there?
MS. FANCY: There is a timetable around providing updates. We provide updates on an annual basis, to my understanding, around all of our recommendations. We provide that to the Treasury Board office.
MR. RAMEY: Okay, and very quickly, my second question is - we’re talking about disaster preparedness - how often do you test the system to find out what would happen if something did happen?
MR. FEINDEL: In the case of the key systems in Finance, HR, and Health, those are actually tested annually. In the case of Finance and HR, as part of the external audit process that’s undertaken for those systems, there’s an annual test that is performed that goes through the exercise and entire system restoration, trying to mimic a real situation as much as possible.
MR. RAMEY: Thank you very much. Those are my two.
MR. CHAIRMAN: Great. Thank you very much. I’d like to thank our guests for coming today. It has been very informative. I realize there are a lot of things you can’t talk about with the security around your systems, and you’ve handled that very well.
Are there any wrap-up comments you would like to make?
MS. FANCY: No, Mr. Chairman, that’s fine. Thank you very much.
MR. CHAIRMAN: Again, thank you for coming. We’re going to have a brief meeting after that.
Before that, does the Auditor General have any comments?
MR. JACQUES LAPOINTE: Mr. Chairman, no further comments today. Thank you.
MR. CHAIRMAN: Great, thank you. We will continue our committee meeting. If you’d like to leave, please feel free to do so.
We have a couple things on our agenda here. We have a record of decision - I believe everyone has that on their desk - of upcoming topics of the subcommittee. I would entertain a motion to adopt those.
MR. YOUNGER: So moved.
MR. CHAIRMAN: It has been moved. Mr. Epstein, second?
MR. EPSTEIN: No, but I want to speak to the list. I'm going to move that we omit two items from the list. I'm not sure if it would make more sense if we deal with the list without these two or - I'll just explain what I'm going to do, but is there a seconder? I assume there's a seconder.
MR. CHAIRMAN: Yes, Mr. MacMaster.
MR. EPSTEIN: Okay, then I'll just explain the two that we have some problems with. The two are, in fact, the first and the last on the list, one from the PC caucus and one from the Liberal caucus.
With respect to the last one on the list, Special Needs Funding, I think I heard the member for Dartmouth East say he thought the list had been agreed to but my understanding was that at the last subcommittee meeting there was a suggestion from my replacement at the meeting that this one was problematic. I'd like to point out that the issue was one that not only was there an opportunity to deal with it in estimates, in the 11 hours that the Minister of Education was being asked questions, but, in fact, the topic was dealt with in estimates during that time. I see no need to add two hours of this committee's time to something that has already been covered.
The other item, the first on the list, is the pilot project that was put in place, I think, in 2009-10 at the Department of Justice that had to do with a particular bail supervision program for some offenders. There are a couple of problems with this . . .
MR. CHAIRMAN: Maybe I could make a suggestion - maybe we should deal with one of these at a time and go from there.
MR. EPSTEIN: Absolutely, all right.
MR. CHAIRMAN: Any further comments on the Special Needs Funding for the Department of Education? Mr. Epstein.
MR. EPSTEIN; No further comments but I'm going to move that the list omit the Department of Education Special Needs Funding.
MR. CHAIRMAN: Do we have a seconder for that?
MR. MACKINNON: Seconded.
MR. CHAIRMAN: Mr. Younger.
MR. YOUNGER: Thank you, Mr. Chairman, and obviously I vehemently oppose removing that and I'm actually shocked by the member for Halifax Chebucto, especially given his previous comments at this committee in Opposition. For example, let me quote him before: If it's about money, let's get to the bottom of why the government refuses to make a fair offer to nurses and other health care workers. That was about Bill No. 68 when the Tory Government at the time made the exact same argument - the identical argument, I might add, to what Mr. Epstein is making - about why it shouldn't be brought forward.
The fact of the matter is, Mr. Epstein is right, there was a certain amount of time spent in estimates on this. However, the member for Halifax Chebucto is also quite well aware that estimates are limited in time. We are also aware that the school boards will be working out and finalizing their budgets in the coming weeks and coming days. That isn't done - and actually the June 13th date for this makes a lot of sense because it allows us to analyze the impact of that funding.
The minister has recognized that it's an issue, during estimates, that people are concerned about it. Obviously the minister has one view. There are many hundreds of parents and educators who have another view. If the government has nothing to hide on this issue and they feel they're doing the right thing when it comes to funding of special needs and delivery of programs and the appropriate spending of tax dollars, then the Public Accounts Committee is exactly the place where that should be addressed because it is a critical issue. It is an issue that is of significant importance. It's an issue where the government directs money and it is important to know if that money is being not only spent appropriately but delivering the results and whether it is appropriately funded.
This is exactly the place for it and, in fact, that is exactly the timing for it since a lot of the information is still even not out at this date, from the school boards and the Department of Education, and actually won't be available until into May, so June 13th for a discussion of that would strike me as making perfect sense. I can’t imagine why the NDP, who have said this is a priority, would have something to hide and not have it here.
This committee is here as the Opposition’s chance to review the accounts of the province and the spending priorities and how that money is allocated. That’s why we seek to have that there.
MR. CHAIRMAN: Are there any further comments? Mr. MacKinnon.
MR. MACKINNON: Mr. Chairman, I know what the motion is, but in a past meeting two members here voted the wrong way on something, I think one each way perhaps. I just want you to read the motion, please.
MR. CHAIRMAN: The motion is to remove the Department of Education, Special Needs Funding from the agenda. If I understand that properly - is that correct, Mr. Epstein?
MR. EPSTEIN: Yes.
MR. CHAIRMAN: Would all those in favour of removing Special Needs, Department of Education please say Aye. Contrary minded, Nay.
The motion is carried.
Mr. Epstein, on the Department of Justice.
MR. EPSTEIN: Yes, thank you. I have a second motion which again is to remove from the approved list the Department of Justice, the pilot project for adult and youth bail supervision programs. I want to speak briefly to this if I could.
This was a pilot project and is so described accurately on the list. It ended well before the fiscal year that has just been completed. It was a pilot project; it was not a project that this government brought in. It’s one that has been done, I think, since the Fall of 2010. It’s not a current expenditure and there’s no reason I can see, again, for spending two hours of this committee’s time on something that was not something this government brought in, nor endorsed, and hasn’t been part of the financial picture of the province for the last year.
There’s an associated point which is that the way . . .
MR. CHAIRMAN: Maybe I could interrupt you, Mr. Epstein, just for one second. We’re going to run out of time so I’d like to get the permission of the committee to continue past the 11:00 a.m. time period, until we’re finished.
Is it agreed?
It is agreed.
Sorry for the interruption, Mr.Epstein.
MR. EPSTEIN: That’s fine, Mr. Chairman. There’s an associated point. The way the subcommittee has tended to work is that the caucuses come with a variety of topics and we try to agree on something from everyone’s list.
Unfortunately, the PC caucus has come with just one topic on their list and that’s how this topic really ended up on the agenda; the caucus came to the subcommittee and continued to come to the subcommittee for a couple of meetings with just the one topic on the list. I have to say that in this case it turned out to be an inappropriate topic and I just want to be on record here at the full committee as encouraging the PC caucus to bring a number of options to the subcommittee so that we can have a general discussion about a variety of topics. It seems much more likely that we’re going to reach agreement on an appropriate list if we can see a variety of topics come from all caucuses. Anyway, that’s the underlying rationale; the motion is to omit this one.
MR. CHAIRMAN: We have a motion, is there a seconder? Seconded by Mr. Whynott. Mr. MacMaster.
MR. MACMASTER: Maybe we should just get rid of this committee of the Legislature. If we’re just going to discuss topics that are comfortable to the government, what’s the point of the Opposition participating on this committee? In this particular case I know there have been some very successful programs - I think of the Youth Advocate Program. It has been recognized nationally as a best practice; it’s something that we should be proud of in Nova Scotia. That’s one example of a program that’s helping youth who have been involved in crime.
Mr. Chairman, I think that that has probably been money that has been well spent by government, but my point is if we’re just going to come here and have the majority NDP members on this committee shut down topics that we would like to bring forward for discussion, what is the point of us coming here?
To me, if these members were confident about the work they’re doing as a government they would welcome questions and they would be happy to defend them, but instead they just want to shut down our efforts to bring up subjects that we feel are relevant. And whether I bring, as a member of the PC caucus, one subject forth or ten subjects forth, in my mind if we have something we want to bring forward we have just as much right being elected members of this Legislature - and Nova Scotians, by extension, have just as much right - to discuss these matters and not to be shut down by the majority NDP members of this committee.
MR. CHAIRMAN: Mr. Epstein.
MR. EPSTEIN: Mr. Chairman, one small point. The characterization of the program that I think appeared on the list that was just given by the honourable member doesn’t sound to me like the program that I understand it to be. The program that I understand it to be was a specific pilot project that had to do with ankle bracelets. If the member has a wider idea of what it is that he wanted to look at, or a different formulation, then perhaps we can take it up again at the subcommittee - but, as put forward, it really focuses on a very narrow specific project that was a pilot project and was abandoned a year and a half ago.
I may have misunderstood the member, but if he had something broader or different in mind, then perhaps we can think about that again at the subcommittee and, again, I would still encourage, in terms of the efficacious operation of the subcommittee and of the main committee, that we see a variety of topics.
In any event, I call for the question.
MR. CHAIRMAN: Any further comments?
MR. MACMASTER: Mr. Chairman, it would be good to have the motion read once again, just so that members are clear.
MR. CHAIRMAN: It is my understanding, and correct me, Mr. Epstein, if I make any errors with this, it’s your intention - what your motion is - to remove the Department of Justice regarding the costs and benefits of the pilot project for adult and youth bail supervision programs, is that correct?
MR. EPSTEIN: That’s correct, Mr. Chairman.
MR. CHAIRMAN: Any other comments? Would all those in favour of the motion as put forward please say Aye. Contrary minded, Nay.
The motion is carried.
So we’re down to four topics here, the remaining four topics. I would entertain a motion.
MR. EPSTEIN: I move that we adopt the four topics, the four remaining topics that emerged from the Subcommittee on Agenda and Procedures.
MR. CHAIRMAN: And a seconder for that?
MR. MAT WHYNOTT: So moved.
MR. CHAIRMAN: Would all those in favour of the motion please say Aye. Contrary minded, Nay.
The motion is carried.
We have our next meeting Wednesday, May 2nd. We were unable to arrange a meeting in between, regarding the nurses strike. The request for information that was put forward by SNSMR was already sent to the members. I would like to set another subcommittee meeting, probably for next week, so we can get some more things and that gives the staff time to get some more things. Is that agreeable with the two subcommittee members? (Interruptions) We’ll touch base with you to see what is an appropriate time because they don’t have a meeting next week of the committee, if that’s agreed.
A motion to adjourn is in order.
MR. WHYNOTT: So moved.
MR. CHAIRMAN: We stand adjourned.
[The committee adjourned at 11:04 a.m.]