ITSP COMMITTEE
MINUTES OF 1ST MEETING (VIRTUAL)
Thursday, 19 May 2022
13h00
Present: Serge FUNDY (Prairie-NWT), Allen IVERSON (PIPSC Director of IT & Program Management/Staff Resource), Mark MUENCH (ITSPC Chair), Derek ROUSSY (NCR), Leah SHAW (PIPSC Staff Resource), James VEY (Atlantic)
Invited: Gordon ELLERTON, PIPSC Manager of IT Operations & Program Management Regrets: James BROWN (Ontario), Even PAIKE (BC-Yukon)
Absent: Zahra ABDOU MOHAMED (Quebec)
1. CALL TO ORDER:
The meeting was called to order at 13h00.
2. INTRODUCTION:
After introductions, Committee Chair Mark MUENCH explained that the ITSPC would serve as a testing ground for applications destined for the greater membership, and provide two-way feedback between the Board of Directors and the IT & PM teams. Allen IVERSON, Director of IT & Program Management, emphasized the benefit of the high-value collaboration provided by the ITSPC and committed to bringing the full IT & PM Management Team to future meetings.
3. PRESENTATION BY PIPSC DIRECTOR OF IT & PROGRAM MANAGEMENT
An overview of the strategy, challenges, progress, and key active projects of the IT and Program Management teams was presented to the committee.
The IT team pivoted quickly during the pandemic, but the increasing demand for hybrid meetings presents new hurdles. Staffing and retaining skilled employees is difficult due to a highly competitive market.
The Board of Directors is holding a strategic planning session at the end of June which will play a critical role in ensuring IT’s alignment with the goals of the Institute and the development of an effective member engagement strategy.
4. SECURITY
A discussion was held around data security, including password management and multi-factor authentication (MFA). There was consensus regarding the need to strengthen current practices in order to protect member and institutional data, such as implementing forced password changes and multi-factor authentication (MFA). The Chair will confer with all ITSP committee members to ensure alignment and then raise the matter with the Board of Directors.
High-value collaboration and Board support will be needed to ensure buy-in from the membership. The ITSPC will socialize increased security practices through other committees, members, and the BoD by explaining the benefits. The Chair would like formal communications prepared to this end.
5. IT AUDIT
The committee discussed the objectives and benefits of an IT audit and current controls in place around access to PIPSC systems by members and employees.
The Director of IT & PM recommended a full systems access and control mechanism audit to examine all critical systems and determine what access people have to different systems, whether they are still active, how long passwords have been in place, etc. The audit would identify risks, make recommendations, and help develop controls in line with the maturity of the Institute. A briefing note will be prepared for the BoD.
6. ROUNDTABLE
7. NEXT MEETING: September 2022 (in person, if public health guidelines allow)
8. ADJOURNMENT: The meeting adjourned at 16h04.