Things to Know

IEC PO

Roslyn will likely be replaced in June. Not sure who. According to Simon she will be a good fit. If that doesn’t work out he mentioned there might be someone else

New person should go on PO training

IEC and NPP Cooperation

Automating NPP sending project information to IEC so a duty to consult to be performed will required NPP and IEC business to cooperate and agree on the changes to both applications. I explained to Simon that the first step is a commitment from NPP and the new IEC PO, or management of both to do this work. It will also require the two dev teams to coordinate for a period of time as well.

Simon was going to speak with Nancy Harris and see how this agreement could be made.

Note, data sharing the tenant will have to be reconciled with what the regions are currently doing which is to send back the PCR report. PCR report (or similar) will continue to be of value as it needs to be stored in RDIMS for record keeping as a snapshot, but it will need to stop being the way information is transferred. All regions will need to be onboard for this streamlining. Hence the need for business to organize their people.

PCR Report: https://dev.azure.com/transport-canada/Dynamics/_workitems/edit/23330

ASIES on Protected B

Laura and Kriss want to be able to store Protected B information in ASIES, instead of what they are currently doing, which is putting the information into a document and saving it in RDIMS as Protected B.

RDIMS API people (Chris Parent , Cheryl McPhee-Howlett) are still in progress getting the API rated for Protected B. It’s unclear as to why special consideration is needed by security for this implementation as the only thing that is transferred between the RDIMS API, and browser is the DRF file, and the local PC RDIMS application runs the file, and enforces all authentication and authorization from the PC. You need to be on a TC computer, connected to TC LAN to even do this. What the issue is allowing PB to be searched or saved via the API is unclear.

According to IT Sec the following will need to be revised to update the ATO for ASIES to be deployed to Protected B dynamics:

1. Level Of Assurance

2. Statement of Sensitivity

3. Security Concept of Operations

4. SRTM Controls that are required to be met for Protected B.

ASIES Security Control Sheet, with all the above is here: http://mytc/rdims/16134788

Sharing Information to Reduce Consultation Fatigue

Consultation Hub Demo

During the Digital Academy Demo’s a prototype that showed a consultation tracking systems was demo’d. It 's key highlight was the implementation of a standard approach/process for capturing consultations.

The lead person to talk to about this, is Alejandro.Gomez@pbc-clcc.gc.ca and he has offered to hold more sessions to help explain the thinking behind the consultation tracker.

The tracker can be found here: https://sites.google.com/view/consultation-tracker/

And the basis for how the tracker was built is here. This document is the GoC issued guidance on holding consultations with Indigenous groups. https://www.aadnc-aandc.gc.ca/DAM/DAM-INTER-HQ/STAGING/texte-text/intgui_1100100014665_eng.pdf

How this can help, is that there are people out there that have been thinking about how to create a common consultation framework in the descriptive way, as opposed to a prescriptive way.

How the consultation happens is not important, but how the consultation is held is. There are common phases to all consultations that can be turned into a working framework. Here is some background information:

Hello Samantha,

Thank you for your interest and following up. Our sponsors for the prototype are Nadine Rompre and Catherine James (both in CC) at the Consultation and Accommodation Unit et CIRNAC. They are taking over the prototype and leading the next steps of the process after the Digital Academy.

 On my end, I am happy share insights and thoughts on the ideation process and how we integrated technology.  

 Here is the link to the working prototype:

https://sites.google.com/view/consultation-tracker/home

 The Digital Academy demo day session was streamed live and recorded. I don't yet have a copy of our pitch as a stand alone video, but here are the links to the full event.  If you slide to 53:15 you will land on the beginning of the Consultation Hub our pitch.

 Digital Academy - Demo Day Pitches

English version: https://www.youtube.com/watch?v=A_VeMJvnN4Q&t=24s

French version: https://www.youtube.com/watch?v=OgYFRY-DUbI

Floor / bilingual:  https://www.youtube.com/watch?v=g-TzQfeN-Z0

 I hope this helps and please do let me know if I can contribute in any way.

Best,

Alejandro

Auditing to Comply with SRTM Document

As part of the ATO Process certain information needs to be audited. The PO’s are currently in the process of working with an IM specialist to help them understand their retention and disposition requirements. Auditing will be affected by that conversation as the PO’s will need to know how long to keep audit tracking information available, before archiving or deletion (disposition) Note, that for the unclassified applications (OPPSES, SCES) there may be no requirements for auditing.

Essentially the auditing question comes down to, in the LoA there was information that was identified that made the application Protected, what is that information? Should auditing track the changes and for how long?

PBI here, which mentions the SRTM controls to review:

https://dev.azure.com/transport-canada/Dynamics/_workitems/edit/28447

Automation Process in Teams

I spoke with Elise on how she created the automatic renewal of SSL certificate PBI’s, and she provided a link to there documentation on how to create automation in teams.

Here are the links:

https://tcmarin.atlassian.net/wiki/spaces/OP/pages/494272699

https://tcmarin.atlassian.net/wiki/spaces/OP/pages/502137283