DMIA

Revision as of 15:17, 2 December 2022 by Abdulkader.hamdo (talk | contribs)


HC and PHAC Memorandum of Agreement (MoA)

Context

The Public Health Agency of Canada (PHAC) needs effective and efficient means to provision digital data services to Canadians. These means must provide opportunities to achieve parity across jurisdictions, timely and transparent public health reporting to all communities, and gain a foothold in international circles.

PHAC and Health Canada (HC) are currently exploring opportunities to modernize the data analytics capabilities of public health data scientists, in response to 2019 Office of Auditor General recommendations and the experience of managing data throughout the COVID-19 pandemic.

In January 2022, building on the PHAC Data Strategy, CDSB (Corporate Data and Surveillance Branch) received endorsement from PHAC Executives to implement a distributed network of Data Service Teams (DSTs), linked together with an enterprise-level data fabric that facilitates effective and secure data management, sharing, integration and analysis.

These activities are occurring while defining the new relationship between PHAC’s Corporate Data Surveillance Branch and HC’s Digital Transformation Branch, borne out of the context of the Memorandum of Agreement, signed in June 2022, providing increased autonomy in technologist (IT) hiring and technology direction for the Agency.

Presentation of the MOA

This MOA is, in effective since June 30, 2022, and, limited to the relationship between HC-DTB and PHAC-CDSB. It doesn't replace the Shared Services Partnership Framework Agreement (SSP) .

Scope:

  • Identification and delineation of responsibilities, accountabilities and collaboration between HC-DTB and PHAC-CDSB
  • Duty to comply with Government of Canada IM/IT and security direction, policies, standards, and guidelines
  • Support required for PHAC-CDSB to rapidly develop client-centered self-serve in its own cloud environment
  • Authority, coordination and support for PHAC’s hiring of IT-classified employees in support of PHAC-CDSB business activities
  • Provisioning of IT security services to protect Crown assets

Guiding Principles

  • Alignment to enterprise-wide authorities. Staffing and IM/IT services are delivered conform (to corporate GC-wide) relevant standards, policies, and procedures.
  • Mutual co-operation. Both HC-DTB and PHAC-CDSB recognize that this is a growing partnership in a rapidly changing space.
  • Iterative refinement. This MoA and partnership will begin as a Minimal Viable Product and evolve as priority decisions are made to support action.
  • Clear line of accountability. Both organizations agree to work towards the continuous definition and alignment of roles and responsibilities. Risk ownership and management will align to this delineation.
  • Shared value. Communities of practice will be strengthened by each organization contributing their area of expertise.

Classification, hiring and the management of IT employees

This MOA grants the Centre for Data Management, Innovation and Analytics (DMIA) the authority to staff IT positions.

PHAC IT Group employees will be mapped to the HC-DTB business centres (IT security, cloud operations, information architecture, etc.) and will take part in operational meetings, common learning and relationship building activities to ensure common foundations for working.

Three DTB resources (infrastructure, security, and digital solutions delivery) will ensure that PHAC-CDSB activities are aligned to broader PHAC-HC and Government of Canada architecture and security practices and guidelines and will ensure alignment across a variety of stakeholder groups within the health portfolio.

The Director General of PHAC-DMIA is responsible for:

  • Alignment with all GoC and HC-DTB security policies and practices.
  • Meeting or exceeding GoC standards in the agile development and deployment of data services residing on IT infrastructure.
  • Active participation in the delivery and fulfillment of GoC IT initiatives in cooperation with HC-DTB.
  • Proactive support of the HC-DTB’s Chief Information Officer’s delegated accountability for IT management, governance, and planning
  • Adherence to and shared development of corporate hardware, software, and architectural standards.
  • Participation in relevant HC-DTB IM/IT governance and oversight bodies.

The Director General(s) / Chief Information Officer of Health Canada/PHAC are responsible for:

  • Leading and partnering with PHAC-CDSB 3to ensure the agile, flexible, responsible and secure development and delivery of data services in PHAC.
  • Maintaining the appropriate oversight and governance of HC and PHAC IM and IT activities.
  • Supporting PHAC-CDSB in its ability to operate autonomously in both sandbox and production cloud environments, such as granting of permissions on corporate infrastructure.
  • Supporting, championing, and protecting the flexibility of PHAC-CDSB to procure and maintain data infrastructure and IT staff.
  • Approval and processing for all IT asset procurement requests.
  • Clear and timely communication of all corporate IT initiatives affecting or requiring input from PHAC-CDSB.

Governance, oversight, monitoring, and dispute resolution

CDSB and DTB commit to a shared governance reporting relationship to build and sustain a common vision and strategy, cohesive operations and execution, and the strong relationships and commitment needed to modernize data operations in the health portfolio. This may include:

  • Standing management and oversight meetings. At the Director level meetings will address: the ongoing activities, progress and issues. Meetings at the Director General level to address: strategic direction and alignment of the two organizations, resourcing and capacity challenges, and operational planning requirements.
  • Shared leadership and governance: This will:
    • Provide oversight, governance and prioritization of Data Service Teams
    • Inform investment planning activities
    • Align briefings and advice to PHAC Tier 1 and Tier 2 governance
  • HC-PHAC Architecture Review Board: CDSB will present a target architecture and any subsequent updates, additions to, or modifications of HC or shared infrastructure for approval, to a joint HC/PHAC Architecture Review Board.
  • Duration and Modification of the Agreement: the agreement will be reviewed annually
  • Modification: this agreement, once signed, remains in force until modified or terminated. It can be modified anytime upon agreement of both parties.
  • Termination: of this agreement requires mutual agreement between the ADM and the VP.
  • Issues: Failing mutual agreement between DTB and CDSB, issues and options will be jointly presented to respective ADM and VP for resolution.


References

1- https://www.oag-bvg.gc.ca/internet/English/parl_oag_202103_03_e_43785.html

Principles of partnerships

Mindset shift towards a new working way

Moving away from a “command and control” model, toward a model that champions flexibility and responsiveness via a delegated responsibility model allowing for increased capacity and teams placed closer to business problems.

Collaborative Governance

Outcome of the MOA

Recognizing the space that PHAC occupies within the public health ecosystem nationally and reflecting on the difficulty of aggregating like-data for critical public services, the Agency is looking to establish a standards-based approach to health system interoperability and is working on strengthening partnerships with key players across jurisdictions to enable this change.


DMIA will be working on building modular and loosely coupled services, using distributed architectures and purpose-built isolation between projects to minimize the “blast radius” of security events.

PHAC is going to work with leading Cloud Service Providers (e.g., Google, Amazon Web Services (AWS)), which provides additional exposure to SMEs (Subject Matter Experts) and opportunities to leverage an ever-growing ecosystem of technology assets, and managed Platforms.

This approach prioritizes exposing PHAC services’ functionality through public data interfaces (APIs), and an identity-based security model with strong authentication requirements (Zero Trust).

  • The Way Forward: “Digitally Enabling” Our Partners