►
From YouTube: Information Technology Sub-Committee – November 29, 2016
Description
Information Technology Sub-Committee meeting – November 29, 2016 – Audio Stream
Agenda and background materials can be found at http://www.ottawa.ca/agendas.
B
C
C
C
We've
got
over
3,700
smartphones,
500
tablets
and
more
than
1300
machine-to-machine
connections
as
well.
The
next
few
numbers
all
relate
to
technology
security.
Over
60,000
emails
in
a
three-month
period
are
roughly
quarantined
when
they
come
to
the
system.
Thousands
of
intrusion
events
are
detected
over
5,000
times
the
tools
that
we
have
put
in
place
block
access
to
certain
web
sites
over
a
thousand
times
to
work,
space
workstations
to
compromise
the
system
are
prevented
and
almost
7
million
spam
messages
were
blocked
in
a
three-month
period.
C
The
last
set
of
numbers
are
related
to
how
IT
probably
interacts
with
the
rest
of
the
City
of
Ottawa.
The
most
we
get
over
60,000
phone
requests
coming
to
the
service
desk
in
a
given
year.
20,000
requests
come
through
the
IT
s
portal.
6000
people
walk
into
the
IT
client
service
center
at
constellation.
We
have
another
one,
a
second
one,
opening
up
at
City
Hall
soon
V
visited
client
sites
10,000
times
in
a
12-month
period,
and
you
supported
more
than
3,000
physical
employments
maintained.
A
90
percent
plus
client
satisfaction
rating.
C
The
recent
what's
being
made
clear
to
us
is
that
we
are
in
the
business
of
providing
service
to
the
rest
of
business
operations
in
the
enabling
technology.
There
are
four
things
that
we
have
started
to
use
that
are
guiding
our
work
plan.
The
first
one
is
focused.
We
are
being
extremely
laser
sharp
focused
in
terms
of
what
is
it
that
we
are
picking
up
to
do.
We
are
trying
not
to
be
distracted
with
pet
projects
and
we're
also
simplifying
a
lot
of
internal
processes
within
IPS.
C
That
became
then
be
very
nimble
when
it
comes
to
responding
to
the
client
means.
We
are
looking
at
every
possible
action
that
we
conduct
with
MIT
and
trying
to
link
it
to
the
business
outcomes,
and
if
it's
not
linked
to
a
business
outcome,
we
are
questioning.
Why
is
it
that
we
are
doing
it
in
the
first
place?
And
in
all
of
this
we
are
trying
to
position.
The
client,
as
as
the
client
comes
first.
C
Just
a
a
quick
snapshot
of
the
Nuart
structure
of
IT,
some
of
you
may
have
seen
this
through
electronic
email,
but
the
first
one
is
network
operations
and
previous
to
the
reorg.
The
auth
chart
of
IT
was
quite
opaque.
It
was
very
difficult
to
find
out
who
is
doing
what
with
annuity,
but
we
have
done
is
brought
up.
Eight
functions
that
provide
some
critical
support
to
various
IT
performance.
The
first
one
is
network
operations,
and
these
are
the
people
that,
if
they
are
doing
the
job
right,
you'll
never
hear
about
them.
C
The
next
one
is
Sandra
Carlucci,
who
manages
the
s
AP
solutions,
we've
got
technology
security
and
that
position
is
still
vacant,
and
these
are
the
people
it's
a
small
team
of
about
eight
people,
but
they
are
the
people
who
are
making
sure
that
all
the
tools
are
in
place
to
to
manage
the
security
aspect
of
the
system.
We
have
consolidated
a
whole
bunch
of
modernization,
efforts
that
were
previously
happening
in
IT,
but
in
a
fragmented
way,
so
both
hardware
and
software
modernization
are
taking
place
in
that
branch
led
by
Ronnie
mechanists.
C
The
next
one
is
project
management
and
again
before
a
whole
bunch
of
different
project
management.
Expertise
was
spread
across
IT
that
has
been
brought
into
the
same
branch
under
Heather
Gerrard
and
the
last
one
is
technology
solutions
which
is
really
anytime
outside
the
typical
twenty
six
thousand
request.
When
you
have
to
engage
IT
on
a
project,
that
is
where
you
would
be
engaged
with
the
technology
solutions,
branch
which
operates
very
similar
to
an
FSU
model
in
finance
and
that's
led
by
Bev
Gillis.
C
Operating
budget
is
is
expected
to
remain
relatively
unchanged
in
2017
versus
2016.
At
fifty
seven
and
a
half
million,
we
will
see
a
slight
reduction
in
the
number
of
FTEs
about
nine,
and
that
is
related
to
the
management
positions
that
were
removed
as
part
of
the
reorg
in
terms
of
capital.
We
have
three
big
components.
The
first
one
is
is
the
technology
infrastructure
renewal
and
that
is
encompassing
a
range
of
capital
acquisitions
from
new
storage
devices,
servers
on
the
maintenance
of
data
center
network
equipment
such
as
laptop
etcetera.
C
The
first
portion
of
that
is
the
upgrading
of
a
number
of
hardware
and
software
infrastructure,
and
the
behind
that
is
a
combination
of
the
infrastructure
either
getting
obsolete
technology
security
concerns,
increasing
client
expectations,
and
sometimes
it's
the
talent
that
is
leaving
because
they
are
retiring
and
with
them
they're
also
taking
some
key
legacy.
Information
from
the
systems.
C
The
next
big
area
of
focus
next
year
is
going
to
be
ASAP
and
I
single
out
recipe
because
it
touches
such
key
functions
like
finance
and
HR
across
the
city,
and
our
peers
within
the
public
sector
have
started
to
move
forward
in
terms
of
their
sa
P
strategy,
either
they're
going
to
make
more
investments
or
do
something
different
when
via
the
city
have
been
stuck
on
a
platform
that
is
quite
obsolete
in
its
old-school.
So
so
that
is
going
to
be
a
big
big
focus
of
ours.
C
Updating
the
ideas
portal
executing
the
new
intake
process
hosting
vendor
information
sessions
are
some
of
the
things
that
they
that
we
are
planning
to
do
next
year.
Ip
standing
offer
is
coming
up
for
renewal
next
year
in
q1
of
2017,
and
we
want
to
make
sure
that
when
we
put
out
the
new
one
that
it
reflects,
the
current
and
future
needs
that
IT
is
expecting
that
we
are
going
to
rely
upon
the
external
external
vendors.
C
One
other
item
that
schema
on
our
list
is
often
the
procurement
when
it
comes
to
technology
gets
stuck
because
the
city
of
Ottawa's,
typical
contract
is
not
going
to
match
with
what
the
technology
vendors
are
wanting
to
put
in
the
contract.
So
what
we
are
doing
is
the
best
practice
that
we
are
creating
a
supplementary
terms
and
conditions
in
partnership
with
supply
and
legal
to
make
sure
that
we
can
fast-track
some
of
those
future
procurement
transactions.
C
Here
we
talked
about
technology
security
and
we
want
to
make
sure
that
the
business
operations
around
IT
do
not
get
stalled,
so
we
are
being
a
bit
more
proactive,
creating
standards
guidelines
such
as
cloud
framework.
These
are
the
kinds
of
things
that
we're
hoping
to
bring
forward
back
to
this
committee
and
and
lastly,
the
the
AG
conducted
an
audit
back
in
November
2015
and
as
a
result,
there
were
a
series
of
management
responses
that
have
to
be
executed
in
2017
and
that's
that's
top
of
our
mind
as
well.
C
We
severely
lack
in
basic
infrastructure
that
should
be
available
to
an
IT
shop
like
ours
and
I'm,
talking
about
architecture
lab
where
you
can
test
software
before
you
put
them
in
production,
I'm
talking
about
Quality,
Assurance
tools,
I'm
talking
about
network
monitoring
tools,
some
basic
stuff-
and
these
are
the
kinds
of
things
we're
hoping
to
bring
on
board
in
2017
as
well
as
I.
Recently,
when
I
married
I
met
with
the
chair
and
vice-chair
I,
we
expressed
interest
that
we
would
like
to
come
back
soon
in
regularly
to
this
committee.
C
C
Future,
that's
the
idea
and
we've
already
seen
that
the
businesses
not
stopping
for
IT.
So
there
are
lots
of
people
who
are
already
wanting
to
purchase
software.
That
is
going
to
have
data
residing
on
the
cloud,
and
so
we
are
a
little
bit
behind
in
terms
of
making
sure
that
we
have
all
of
our
in
place
and
that
absolutely
is
the
place
where
people
are
moving
forward
to.
E
E
The
how
we're
going
to
move
towards
I'll
call
it
the
smart
city,
part
of
it,
the.
Where
is
the
point
that
we're
kind
of
behind
in
our
technology
and
you're
trying
to
do
a
catch
up,
but
in
doing
the
catch
up,
cities
are
changing
a
lot
in
some
cities
have
made
mainframe
work.
Cerato
has
actually
got
a
person.
Now
that's
in
charge
of
doing
all
the
things
that
are
annoying
idiot
to
bring
in
the
smart
city
nurse,
not
only
transportation
that
people
think
about,
but
there's
a
lot
of
other
things
too.
E
It's
how
we
plan
our
cities,
it's
how
we
plan
our
operations.
Is
everything
like
that?
How
I
know
that
smart
cities
is
really
in
three
of
the
new
different
departments?
There's
a
plan,
ohmic
development
and
then
the
advanced
planning
things.
How
are
you
working
the
IT
part
of
that,
which
is
what
be
crucial,
I,
think
to
make
sure
that
we
don't
fall
even
further
behind
okay.
C
So
counselor
we
are
now
embedded
with
service
innovation
in
performance
department
that
is
coming
up
with
the
digital
strategy.
Part
of
that
digital
strategy
is
various
things
that
touch
smart
City.
So
you
know
you
know.
One
thing
is
that
we
are
trying
to
be
at
the
at
the
initial
stage,
with
both
economic
development
and
service
innovation.
So
IT
can
line
up
resources
as
they're
needed.
You
know.
C
I
will
admit
that
IT,
at
least
in
the
next
12
months,
given
the
number
of
things
that
we
need
to
focus
on
that
are
quite
internally
focused,
so
that
we
can
become
a
bit
more
modernized.
You
know
we
do
not
have
a
huge
number
of
resources
available
to
focus
externally,
so
the
projects
that
you
see
in
front
of
you,
you
know
they're
all
just
to
make
sure
that
we
can
keep
pace
with
technology.
So
at
this
point
in
time
we
are
going
to
do
our
level
best
to
support.
E
E
I
one
of
the
things
for
our
own
economic
development.
Here,
if
we,
if
the
city
gets
behind
in
technology,
it
will
actually
hurt
the
ability
to
move
forward
in
in
our
business
things,
because
we
need
things
in
our
communities
that
will
support
them
and
I'm,
not
sure
that
the
city
has
that
mindset,
yeah
I,
think
you
do
or
some
of
the
others,
but
to
actually
get
it
happening.
Even
if
you
haven't
got
the
money
this
year,
you
have
to
get
all
call
put
your
house
in
order.
E
C
And
unconsidered
to
your
point,
we
are
going
to
do
our
best
efforts
to
support
economic
development.
An
example
is,
as
you
may
remember,
economic
development
has
an
innovation
pilot
program
for
small
start-up
technologies,
and
often
IT
is
the
one
who
has
to
make
sure
that
you
know
it's.
It's
ready
to
go
and
be
part
of
the
city's
infrastructure,
we're
going
to
make
sure
that
we
provide.
You
know
the
level
best
support
to
have
more
of
those
IPP
projects
happening
across
the
city.
You.
E
I
just
heard
yesterday
that
the
is
for
the
information,
the
committee
they
first
permit
to
let
autonomous
vehicles
go
on
public
roads,
as
approved
by
the
province
yesterday
and
includes
Q
and
X
and
I
have
checked
with
qnx,
and
they
will
be
doing
it
in
in
the
Kannada
area,
where
they're
there
for
company
is
so
we
are
we're
getting
that
string
starting
to
happen
externally.
We
have
to
see
how
we
fit
that
into
our
internal
there's,
going
to
be
a
real
challenge,
I
think
for
the
city,
the
get
any
of
that
figures.
E
E
Those
aren't
small
that
there's
something
like
21
million
dollars
in
capital
or
something
this
year,
and
then
it
were
down
to
I,
can't
remember
the
number
about
79
and
they
were
down
to
about
four
in
the
third
year
and
I
looked
at
that
and
I
was
really
worried
about
that.
Because
are
we
not
going
to
make
technology
changes
every
six
months?
Is
that
something
that
is
going
to
be
looked
at
for
future?
C
Cuz,
the
one
thing
that
you
will
expect
to
you
can
expect
to
see
is
that
we
will
be
quite
forward-thinking
when
it
comes
to
capital
investment
for
IT.
So
we,
when
we
come
back
next
to
you,
we
have
I'll
have
a
better
understanding
of
the
kinds
of
things
that
we
need
to
start
planning
for
beyond
the
next
couple
of
years,
so
that
there
is
no
big
surprise,
and
so
those
kinds
of
conversations
I
think
may
lead
to
you
know
creating
a
business
case
for
more
capital
investments
in
nineteen
well,.
E
Be
the
next
council
in
any
case,
but
I
just
thought.
We
should
be
thinking
that
way.
The
one
thing
you
mentioned,
which
I
support
is
that
you're
not
just
taking
when
Apodaca
says
I
want
this
technology,
which
has
happened
too
often
in
this
city
that
they're
going
to
take
the
approach
that
what
you
need
to
do
in
your
department
and
then
what
is
the
best
way
to
service
that
as
opposed
to
getting
something
that
may
be
fun
to
have?
E
It
doesn't
fit
into
our
system
and
then,
after
six
months
they
find
it
doesn't
really
work
and
and
we've
wasted
millions
and
millions
of
dollars.
So
a
of
being
very
rigid
in
that
I
know
they
started
that
last
year
of
having
it
you
don't.
If
you
want
to
get
something
done,
you
don't
just
ask
for
this.
You
first
lay
out
the
problem
that
IT
looks
at
solutions
with
that
department
and
comes
up
with
something
very.
C
Much
so
comes
learned.
You
already
have
some
live
examples,
such
as
the
replaced
of
map
when
it
comes
for
the
planning
department.
So,
instead
of
just
jumping
to
whatever
is
you
know,
has
the
the
nicest
brochure
out
there
in
the
marketplace.
We
are
being
quite.
You
know,
thoughtful
about
the
different
options
out
there
and
how
it's
going
to
fit
the
the
business
model
of
the
city
and
we
think
taking
the
same
approach
when
it
comes
to
binge
replacement
in
the
future
and
every
other
thing
for
sure.
I'm.
B
F
You,
chair,
miss
Michelle.
First
welcome
to
the
committee.
We
had
a
you've
done
some
impressive
things
of
the
economic
developments
and
I'm
looking
forward
to
working
with
you
in
your
nay
capacity
here
as
CIO.
Congratulations
and
I
only
have
one
set
of
questions
which
is
around
the
security.
The
technology
security
position
is
currently
vacant.
I
was
I
think
that
is
the
first
time
I've
seen
the
kinds
of
numbers
of
the
number
of
attempts
to
breach
our
systems
that
you
presented
this
morning
and
it's
it's
a
it's.
F
An
impressive
number
I
had
no
idea
of
the
scale
of
that.
How
are
we
keeping
up
with
changing
security
needs?
Are
we
training
our
staff
to
be
proactive
about
security
and
we
train
them
to
be
experts
in
security
or
the
generally
relying
on
vendor
patching
to
make
sure
that
the
system
works
and
then,
when
we
do
hire
the
technology
security
position?
Is
that
person
gonna
be
hired
with
that?
You
know
how
to
put
a
vendor
patch
in
place,
or
will
they
be
more
expert
than
that
as
the
environment
changes
all.
C
Great
questions
counselor,
so
on
the
the
current
state
of
how
are
we
practicing
the
whole
security
business?
We
are
quite
basic.
We
are,
you
know,
making
sure
that
all
the
patches
are
in
place.
We
are
doing
a
little
bit
of
awareness
here
and
there
we
have
recently
just
engaged
with
CGI,
which
is
providing
us
some
managed
security
services
and
they're,
providing
us
some
of
the
tools
to
make
sure
that
our
network
is
protected.
C
I
would
say
that
we're
just
scratching
the
surface.
You
know
one
of
the
stats
that
that
I
have
seen
recently
is
that
most
of
organizations
like
like
ours
are
exposed
to
security
risk,
not
because
of
a
lack
of
tools
or
because
of
a
lack
of
talent.
It's
because
people
are
just
not
aware.
The
regular
user
of
technology
is
not
aware
of
what
things
that
they
have
to
look
out
for.
C
So,
in
a
way,
looking
at
things
like
providing
some
awareness
tools
that
are
going
to
be
a
lot
more
engaging
versus
a
Lunch
and
Learn
we're
thinking
about
creatives
and
gamification,
you
know
various
tools
for
everybody
on
I.t
to
go
through
them
and
be
a
bit
more
educated.
We
are
also
taking
an
inventory
of
all
the
security
monitoring
tools
that
we
have
in
place
today
and
what
is
the
gap
and
we're
not
going
to
move
from
within
our
budget?
C
We
have,
we
have
room
to
go
out
and
and
get
those
tools
in
place
in
terms
of
the
the
person
who's
going
to
lead
the
technology
security
team.
We
did
run
a
competition
and
you
know
we
have
a
hard
time
finding
this
person
in
the
marketplace-
and
this
is
not
just
a
city,
but
it's
been
reported
widely
that
the
cyber
security
businesses
is
in
high
demand.
C
So
there
are
lots
of
consultants
out
there
who
want
to
do
this
on
a
six-month
contract,
but
nobody
wants
to
just
be
married
to
an
organization,
so
we
are
looking
both
internally
and
externally
as
well.
The
person
that
we
hire
is
not
going
to
necessarily
be
a
security
expert,
but
it's
going
to
know
enough
to
harness
the
security
talent
that
we
already
have
on.
The
team
is
going
to
know
how
the
business
works.
C
A
Thank
you
very
much.
First
of
all,
sad
thank
you.
I
know,
there's
a
it's
a
big
monster
ahead
of
you
and
I
just
wanted
to
ask
one
quick
question.
In
regards
to
the
EEG
report,
there
was
a
bit
of
a
focus
on
creating
you
know
the
Adair's
production
environments
that
are
required
to
be
able
to
do
staged
implementation
of
software
testing.
You
know
as
stuff
we
talked
about
this
before
is
that
kind
of
where
we're
headed,
virtualization
VMware,
whatever
the
case
may
be,
is
there
gonna
be
a
stronger
emphasis
on
that
to
go
forward
the.
C
Short
answer
comes
to
is
yes,
we
are,
you
know
in
the
midst
of
putting
an
architectural
lab
together,
we
are
in
the
midst
of
putting
a
quality
assurance
practice
so
that
all
the
200
business
applications
and
the
enterprise
applications,
the
level
of
effort
is
consistent,
and
so
yes,
the
answer
is
yes,
the
AG
report
that
you
reference
was
more
around
the
how
the
city
is
managing
technology
risk.
So
there's
a
lot
of
various
tools
and
business
processes
that
have
to
be
put
in
place
as
well.
Great.
A
D
You
mr.
chair,
and
thank
you
sad
for
giving
us
precession
and
I'm,
really
happy
to
see
you
in
this
position
and
I
know
it's
not
a
small.
It's
a
huge
mandate,
but
also
I'm
gonna,
follow
up
on
councillor
attorneys
question
we
did
have
in
the
previous.
We
had
so
many
reports
about
legacy,
software's
and
programs
on
a
business
application
and
at
one
point
we
did
have
the
count
of
how
many
legacy
legacy
software
and
programs
we
have
and
we
were
starting
to
do
so,
cleaning
them
up
and
making
sure.
D
Can
you
add
this
to
your
next
report
that
making
sure
that
you
keep
updating
us
on
the
progress
and
where
we're
at
with
this,
because
I
know
it's
nice
to
have
technology
and
add
the
new
softwares
and
I
understand
due
to
security.
We
need
to
make
sure
we
close
the
loop
on
all
programs
and
software's.
We
have
a
distrito
so
of.
C
B
Okay,
thank
you
very
much.
I
think
we're
at
the
end
of
this.
So
we
have
a
motion
moved
by
a
vice-chair
only
per
that
the
itsc
recommend
the
council
sitting
as
committee
at
all
approve
the
itsc
portion
of
the
2017
draft
operating
in
capital
budgets
as
follows:
information
technology
service
budget
operating
resource
requirement,
page
3
of
itsc
committee,
budget
book
and
itsc
capital
program,
funding
summary
on
page
4:
ok,
ok,
it's
scary!