Item - 2011.AU4.4

Tracking Status

  • City Council adopted this item on November 29, 2011 with amendments.
  • This item was considered by the Audit Committee on October 20, 2011 and adopted without amendment. It will be considered by City Council on November 29, 2011.

AU4.4 - Remote Access to the City's Computer Network - The Management of the Process Requires Improvement

Decision Type:
ACTION
Status:
Amended
Wards:
All

City Council Decision

City Council on November 29, 30 and December 1, 2011, adopted the following:

 

1.         City Council request the Chief Information Officer  to advise divisions of the impacts of inaccurate estimates for the supply of remote secure access tokens and stress the importance of providing accurate projected estimates.

 

2.         City Council request the Chief Information Officer to revise the procedures for charging back the cost of remote secure access tokens such that divisions are charged for costs incurred where estimates are significantly in excess of actual requirement.

 

3.         City Council request the Chief Information Officer to explore options available for all City staff to remotely access the City's network including tokens, smart card, and DirectAccess to ensure the most cost-effective solution is implemented prior to December 31, 2011.

Background Information (Committee)

(September 8, 2011) Staff Report - Remote Access to the City's Computer Network - The Management of the Process Requires Improvement
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-41419.pdf
(September 8, 2011) Appendix 1 to the Staff Report - Review of Remote Access to the City's Computer Network - The Management of the Process Requires Improvement
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-41420.pdf
(September 8, 2011) Appendix 2 to the Staff Report - Management's Response to the Auditor General's Review of Remote Access to the City's Computer Network - The Management of the Process Requires Improvement
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-41421.pdf

Motions (City Council)

1 - Motion to Amend Item moved by Councillor Paul Ainslie (Carried)

That Audit Committee Recommendation 3 be deleted and replaced with a new Recommendation 3:

 

Recommendation 3 to be deleted:

 

3.         City Council request the Chief Information Officer to explore options available for staff to remotely access the City's network to ensure the most cost-effective solution is implemented prior to December 31, 2011.

 

New Recommendation 3:

 

3.         City Council request the Chief Information Officer to explore options available for all City staff to remotely access the City's network including tokens, smart card, and DirectAccess to ensure the most cost-effective solution is implemented prior to December 31, 2011.

Vote (Amend Item) Nov-30-2011 12:32 PM

Result: Carried Majority Required - AU4.4 - Ainslie - motion 1
Total members that voted Yes: 35 Members that voted Yes are Paul Ainslie, Maria Augimeri, Ana Bailão, Michelle Berardinetti, Shelley Carroll, Raymond Cho, Josh Colle, Gary Crawford, Vincent Crisanti, Janet Davis, Glenn De Baeremaeker, Mike Del Grande, Frank Di Giorgio, Sarah Doucette, Paula Fletcher, Doug Ford, Rob Ford, Mary Fragedakis, Mark Grimes, Doug Holyday, Norman Kelly, Chin Lee, Mary-Margaret McMahon, Joe Mihevc, Peter Milczyn, Frances Nunziata (Chair), Cesar Palacio, John Parker, James Pasternak, Gord Perks, Anthony Perruzza, Jaye Robinson, David Shiner, Adam Vaughan, Kristyn Wong-Tam
Total members that voted No: 0 Members that voted No are
Total members that were Absent: 10 Members that were absent are John Filion, Mike Layton, Gloria Lindsay Luby, Giorgio Mammoliti, Josh Matlow, Pam McConnell, Denzil Minnan-Wong, Ron Moeser, Karen Stintz, Michael Thompson

Motion to Adopt Item as Amended (Carried)

Vote (Adopt Item as Amended) Nov-30-2011 12:33 PM

Result: Carried Majority Required - AU4.4 - Adopt the item as amended
Total members that voted Yes: 35 Members that voted Yes are Paul Ainslie, Maria Augimeri, Ana Bailão, Michelle Berardinetti, Shelley Carroll, Raymond Cho, Josh Colle, Gary Crawford, Vincent Crisanti, Janet Davis, Glenn De Baeremaeker, Frank Di Giorgio, Sarah Doucette, Paula Fletcher, Doug Ford, Rob Ford, Mary Fragedakis, Mark Grimes, Doug Holyday, Norman Kelly, Chin Lee, Mary-Margaret McMahon, Joe Mihevc, Peter Milczyn, Frances Nunziata (Chair), Cesar Palacio, John Parker, James Pasternak, Gord Perks, Anthony Perruzza, Jaye Robinson, David Shiner, Karen Stintz, Adam Vaughan, Kristyn Wong-Tam
Total members that voted No: 0 Members that voted No are
Total members that were Absent: 10 Members that were absent are Mike Del Grande, John Filion, Mike Layton, Gloria Lindsay Luby, Giorgio Mammoliti, Josh Matlow, Pam McConnell, Denzil Minnan-Wong, Ron Moeser, Michael Thompson

AU4.4 - Remote Access to the City's Computer Network - The Management of the Process Requires Improvement

Decision Type:
ACTION
Status:
Adopted
Wards:
All

Committee Recommendations

The Audit Committee recommends that:

 

1.         City Council request the Chief Information Officer  to advise divisions of the impacts of inaccurate estimates for the supply of remote secure access tokens and stress the importance of providing accurate projected estimates.

 

2.         City Council request the Chief Information Officer to revise the procedures for charging back the cost of remote secure access tokens such that divisions are charged for costs incurred where estimates are significantly in excess of actual requirement.

 

3.         City Council request the Chief Information Officer to explore the options available for staff to remotely access the City’s network to ensure the most cost-effective solution is implemented prior to December 31, 2011.

Origin

(September 8, 2011) Report from the Auditor General

Summary

Remote secure access tokens are used by the City to improve security over access to the City’s computer network from a computer that is not directly linked to the network.   Remote secure access tokens and related licences are priced on a per user basis and the costs charged back to City divisions as tokens are issued.  The licence agreement for individual tokens is for a four-year period.

 

When staff of the Auditor General’s Office received tokens with only three years remaining in a four-year lifespan, the Auditor General decided to perform a brief review of this area.  The objective of this review was to assess the procedures and controls over the acquisition and distribution of remote secure access tokens to ensure the process is being effectively managed.  This audit covered the period from January 2009 to April 2011.

 

This report contains three recommendations along with a management response to each of the recommendations.  The implementation of these recommendations will improve the overall cost effectiveness of managing the remote secure access token program and could result in cost savings.

 

Background Information

(September 8, 2011) Staff Report - Remote Access to the City's Computer Network - The Management of the Process Requires Improvement
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-41419.pdf
(September 8, 2011) Appendix 1 to the Staff Report - Review of Remote Access to the City's Computer Network - The Management of the Process Requires Improvement
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-41420.pdf
(September 8, 2011) Appendix 2 to the Staff Report - Management's Response to the Auditor General's Review of Remote Access to the City's Computer Network - The Management of the Process Requires Improvement
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-41421.pdf

Motions

Motion to Adopt Item moved by Councillor Vincent Crisanti (Carried)

 

 

 

Source: Toronto City Clerk at www.toronto.ca/council