G-1.03 - Act respecting the governance and management of the information resources of public bodies and government enterprises

Texte complet
À jour au 1er avril 2020
Ce document a valeur officielle.
chapter G-1.03
Act respecting the governance and management of the information resources of public bodies and government enterprises
CHAPTER I
OBJECT AND SCOPE
1. The object of this Act is to set out rules for the governance and management of information resources in public bodies and government enterprises with a view to
(1)  implementing an integrated and coordinated system of governance based on the provision of quality services to individuals and enterprises and the preservation of the Government’s digital heritage;
(2)  optimizing operations by sharing and pooling know-how, information, infrastructures and resources; and
(3)  ensuring rigorous and transparent planning of how amounts allocated to information resources will be used while promoting, among other things, the efficient management of public funds;
(4)  fostering best practices in information resource project management; and
(5)  allowing the implementation of guidelines common to all public bodies.
2011, c. 19, s. 1; 2017, c. 28, s. 1.
2. For the purposes of this Act, the following are public bodies:
(1)  government departments;
(2)  the budget-funded bodies listed in Schedule 1 to the Financial Administration Act (chapter A-6.001), except those referred to in subparagraph 5, and the Sûreté du Québec;
(3)  the bodies other than budget-funded bodies listed in Schedule 2 to that Act, except those referred to in subparagraph 5, as well as the Commission des normes, de l’équité, de la santé et de la sécurité du travail, the Conseil de gestion de l’assurance parentale in the performance of its fiduciary functions, Retraite Québec and the Société de l’assurance automobile du Québec in the performance of its fiduciary functions;
(4)  school boards and the Comité de gestion de la taxe scolaire de l’île de Montréal;
(4.1)  general and vocational colleges and the educational institutions at the university level listed in paragraphs 1 to 11 of section 1 of the Act respecting educational institutions at the university level (chapter E-14.1);
(5)  public institutions governed by the Act respecting health services and social services (chapter S-4.2), joint procurement groups referred to in section 435.1 of that Act, the Nunavik Regional Board of Health and Social Services established under section 530.25 of that Act, the Cree Board of Health and Social Services of James Bay established under the Act respecting health services and social services for Cree Native persons (chapter S-5), health communication centres within the meaning of the Act respecting pre-hospital emergency services (chapter S-6.2), the Health and Welfare Commissioner, the Corporation d’urgences-santé, Héma-Québec, the Institut national d’excellence en santé et en services sociaux, the Institut national de santé publique du Québec, the Office des personnes handicapées du Québec and the Régie de l’assurance maladie du Québec; and
(6)  other bodies designated by the Government.
Persons designated or appointed by the Government or a minister and listed in Schedules 1 and 2 to the Financial Administration Act, together with the personnel directed by them, are considered to be budget-funded bodies and bodies other than budget-funded bodies, respectively, in the exercise of the functions assigned to them by law or by the Government or the Minister.
2011, c. 19, s. 2; 2013, c. 28, s. 134; 2015, c. 15, s. 237; 2015, c. 20, s. 61; 2017, c. 21, s. 78; 2017, c. 28, s. 2.
3. The National Assembly, a person appointed or designated by the National Assembly to an office under its jurisdiction together with the personnel directed by that person, and the Commission de la représentation, are not subject to this Act except to the extent provided for by law.
2011, c. 19, s. 3.
4. For the purposes of this Act, government enterprises means the bodies listed in Schedule 3 to the Financial Administration Act (chapter A-6.001), the Caisse de dépôt et placement du Québec and the Commission de la construction du Québec.
2011, c. 19, s. 4; 2017, c. 28, s. 3.
5. The Government may, on the recommendation of the Conseil du trésor, exempt a public body or category of public bodies referred to in section 2 or a government enterprise referred to in section 4 from all or part of this Act.
2011, c. 19, s. 5.
CHAPTER II
CHIEF INFORMATION OFFICER AND INFORMATION OFFICERS
2011, c. 19, c. II; 2017, c. 28, s. 4.
DIVISION I
CHIEF INFORMATION OFFICER
6. In accordance with the Public Service Act (chapter F-3.1.1), the Government appoints a chief information officer to an office within the secretariat of the Conseil du trésor.
2011, c. 19, s. 6.
7. The functions of the chief information officer include
(0.1)  developing, and submitting to the Conseil du trésor, an overall vision for information resources;
(0.2)  facilitating a good match between, on the one hand, government priorities and the priorities of public bodies and, on the other hand, the possibilities offered by information resources in terms of supporting those bodies’ transformation projects and day-to-day activities;
(1)  implementing the policies and directives made under this Act, overseeing their application and coordinating their execution;
(2)  advising the Conseil du trésor on all aspects of information resources, in particular with regard to strategies, policies, budgets, management frameworks, standards, systems and acquisitions, and to human resources in relation to those information resources, and making recommendations on those matters;
(3)  drawing up the information resource investment and expenditure plan required under section 16.1 and any other planning document requested by the Chair of the Conseil du trésor;
(4)  coordinating the implementation of information resource initiatives, particularly those aimed at organizational transformation and, more specifically, e-government information resource initiatives centred on the needs of individuals, enterprises and public bodies;
(5)  rethinking and modernizing government enterprise architecture, in particular with regard to information security, information assets and information management;
(6)  defining information security rules, including authentication rules, which may be complemented by specific rules adopted under this Act;
(7)  disseminating best practices and innovative solutions and approaches with respect to information resources among public bodies and government enterprises, and informing the Conseil du trésor of the results observed and the benefits obtained;
(8)  taking the necessary measures to ensure that public bodies consider all the technologies offering potential savings or benefits and all the development or acquisition models available to meet their needs, including open-source software;
(9)  publishing guides, proposing practices and offering services to support public bodies and government enterprises with respect to their information resources; and
(10)  exercising any other function assigned by the Chair of the Conseil du trésor or by the Government.
2011, c. 19, s. 7; 2017, c. 28, s. 5.
DIVISION II
INFORMATION OFFICERS
2011, c. 19, Div. II; 2017, c. 28, s. 6.
8. The incumbent minister of a department, after consultation with the chief information officer, designates an information officer within the department for the department and all the other public bodies under the minister’s responsibility.
However, the Conseil du trésor may, on the recommendation of the minister responsible for a body referred to in the first paragraph, authorize the body to designate its own information officer. In such a case, the designation is made by the chief executive officer of the body after consultation with the chief information officer. As of that designation, no information officer designated in accordance with the first paragraph performs functions for that public body.
For the purposes of this Act, the chief executive officer of the public body is the person having the highest administrative authority, such as the deputy minister, the president, the director general or any other person responsible for the day-to-day management of the body. However, in the case of a public body referred to in subparagraph 4 or 4.1 of the first paragraph of section 2, the chief executive officer of the body is the board of governors or, in the case of a school board, the council of commissioners.
2011, c. 19, s. 8; 2017, c. 28, s. 6.
8.1. (Repealed).
2013, c. 28, s. 135; 2017, c. 28, s. 6.
9. Despite the first paragraph of section 8, a minister may, after consultation with the chief information officer, enter with another minister into an agreement under which the information officer designated by the latter under that paragraph is to also act as information officer for the minister’s department and for the other public bodies under the minister’s responsibility.
2011, c. 19, s. 9; 2017, c. 28, s. 6.
10. An information officer designated under the first paragraph of section 8 and attached to the public bodies referred to in subparagraph 4, 4.1 or 5 of the first paragraph of section 2 may be designated as “network information officer”.
2011, c. 19, s. 10; 2017, c. 28, s. 6.
10.1. The functions of an information officer include
(1)  ensuring that each public body to which the information officer is attached applies the governance and management rules established under this Act and that the guidelines determined under the second paragraph of section 21 are implemented;
(2)  coordinating and promoting organizational transformation within each of those bodies;
(3)  reporting to the chief information officer on the progress and results of the information resource projects of each of those bodies;
(4)  ensuring, if the information officer is attached to two or more public bodies, the consolidation of the planning tools produced by those bodies;
(5)  participating in the governance committee established under section 12.1;
(6)  advising the chief executive officer of each public body to which the information officer is attached on all aspects of information resources, in particular as regards innovative approaches and solutions that could meet its needs;
(7)  defining, as necessary and in keeping with the rules established in accordance with this Act, specific information management rules, including information security rules, which, after being approved by the Conseil du trésor, will be applicable to all or some of the public bodies to which the information officer is attached;
(8)  taking the necessary measures to ensure that the bodies to which the information officer is attached consider all the technologies offering potential savings or benefits and all the development or acquisition models available to meet their needs, including open-source software;
(9)  ensuring the longevity of the information assets of the public bodies to which the information officer is attached; and
(10)  exercising any other function required under this Act.
The specific rules defined in accordance with subparagraph 7 of the first paragraph by the information officer designated by the Minister of Health and Social Services may, in the cases provided for in an Act administered by that minister, also apply to bodies and persons in the health and social services network. That information officer also exercises any functions required under such an Act.
2017, c. 28, s. 6.
10.2. If the chief information officer is of the opinion that an information officer is not exercising the information officer’s functions in accordance with the Act, the chief information officer may recommend to the person who designated the information officer that the information officer be replaced.
2017, c. 28, s. 6.
DIVISION III
Repealed, 2017, c. 28, s. 7.
2011, c. 19, Div. III; 2017, c. 28, s. 7.
11. (Repealed).
2011, c. 19, s. 11; 2013, c. 28, s. 136; 2017, c. 28, s. 7.
12. (Repealed).
2011, c. 19, s. 12; 2017, c. 28, s. 7.
CHAPTER II.1
GOVERNANCE COMMITTEE
2017, c. 28, s. 8.
12.1. A governance committee composed of the chief information officer and all the information officers is established. The mandate of the committee, which is chaired by the chief information officer, includes
(1)  developing guidelines to be proposed to the Conseil du trésor;
(2)  ensuring concerted implementation of the guidelines determined by the Conseil du trésor; and
(3)  identifying opportunities for optimizing, sharing and pooling information resource services and information assets, in particular by promoting their interoperability.
2017, c. 28, s. 8.
CHAPTER III
PUBLIC BODY PLANNING AND MANAGEMENT
2011, c. 19, c. III; 2017, c. 28, s. 9.
DIVISION I
PLANNING
2011, c. 19, Div. I; 2017, c. 28, s. 9.
DIVISION I
PLANNING, PROGRAMMING, FOLLOW-UP AND REVIEW
13. For the purposes of the development of government-wide information resource planning, a public body must
(1)  establish an information resource master plan that sets out, among other things, its risk management practices and the measures relating to information resources that will be implemented to achieve its mission and its strategic priorities in keeping with the guidelines determined under the second paragraph of section 21;
(2)  establish an information resource investment and expenditure program;
(3)  compile and keep up to date an inventory of its information assets, including an evaluation of their condition;
(4)  provide a portrait of the workforce assigned to information resources and of the use of consultants assigned to the same;
(5)  describe how amounts allocated to information resource investments and expenditures will be used; and
(6)  produce any other planning tool determined by the Conseil du trésor.
2011, c. 19, s. 13; 2017, c. 28, s. 9.
14. A public body must send or otherwise make available to the chief information officer and the information officer attached to the public body the planning tools produced under section 13.
2011, c. 19, s. 14; 2013, c. 28, s. 137; 2017, c. 28, s. 9.
15. The information officer must give an advisory opinion to the chief information officer and to each of the public bodies concerned, particularly as regards compliance with the guidelines determined under the second paragraph of section 21 and as regards possible avenues for optimization.
The information officer must also send to the chief information officer a consolidation of the planning tools obtained from the public bodies to which the information officer is attached and provide a copy to the minister responsible for each body for information purposes.
2011, c. 19, s. 15; 2013, c. 28, s. 138; 2017, c. 28, s. 9.
16. The Conseil du trésor must determine conditions and procedures relating to the planning tools to be produced under section 13 and the documents to be produced by the information officer under section 15, which may, in particular, pertain to the period they are to cover, their required content and form, the deadlines by which they must be sent and, if applicable, the intervals at which they must be reviewed.
When such conditions and procedures are to apply to the planning tools and documents of the public bodies referred to in any of subparagraphs 4, 4.1 and 5 of the first paragraph of section 2, they are determined after consultation with the minister responsible for those bodies.
2011, c. 19, s. 16; 2017, c. 28, s. 9.
16.1. Each year, the chief information officer must send to the Chair of the Conseil du trésor an investment and expenditure plan for the information resources of public bodies that includes
(1)  a description of the contribution of information resources to State activities and of how the master plans are aligned with the guidelines determined under the second paragraph of section 21;
(2)  information on the information resource investments and expenditures that public bodies plan to make;
(3)  information on information resource projects whose estimated total cost is greater than the threshold determined by the Conseil du trésor and on other projects that are of government-wide interest; and
(4)  an inventory of the information assets of public bodies, including an evaluation of their condition.
The plan is then made public not later than 60 days after it is sent to the Chair of the Conseil du trésor.
2017, c. 28, s. 9.
DIVISION II
MANAGEMENT OF INFORMATION RESOURCE PROJECTS
2011, c. 19, Div. II; 2017, c. 28, s. 9.
16.2. A public body must comply with the project management conditions and procedures determined by the Conseil du trésor and relating to such aspects as
(1)  the stages a project must go through;
(2)  the required opinions and authorizations;
(3)  the criteria to be considered for granting authorizations; and
(4)  project follow-up.
If the conditions and procedures relate to the management of projects carried out by the public bodies referred to in any of subparagraphs 4, 4.1 and 5 of the first paragraph of section 2, they must be determined on the joint recommendation of the Chair of the Conseil du trésor and the minister responsible for those bodies. If they relate to the management of projects carried out by a body having its own information officer in accordance with the second paragraph of section 8, they must be determined after consultation with the minister responsible for the body.
The management conditions and procedures may, in particular, pertain to the type of documents to be produced and their required content and form, as well as the deadlines by which they must be sent. They may also determine the types of projects that must be authorized and followed up on, and the authority responsible for authorizing an information resource project or a phase of such a project. Such determination may vary according to the costs of the project, its complexity and the risks it involves.
The Conseil du trésor may also allow the decision-making authority to delegate its power of authorization.
2017, c. 28, s. 9.
16.3. For the purposes of this Act, an information resource project consists in all the actions taken to develop, acquire, update or replace an information asset or information resource service. It is considered to be of “government-wide interest” if it is designated as such by the Conseil du trésor.
However, a technology research and development project carried out in the context of teaching or research under the direction of a professor, researcher, senior lecturer, student, intern, technician or research professional at a university institution referred to in subparagraph 4.1 of the first paragraph of section 2 is not an information resource project.
2017, c. 28, s. 9.
16.4. The chief information officer may require a public body to report on such aspects of an information resource project as the chief information officer determines.
2017, c. 28, s. 9.
16.5. The Conseil du trésor may impose support measures, such as the assistance of a monitoring committee, on a public body with respect to a project.
A public body on which support measures are imposed must send or otherwise make available to any person responsible for applying those measures any document or information that person considers necessary.
2017, c. 28, s. 9.
16.6. The chief information officer must periodically publish a report on the information resource projects of public bodies that meet the criteria determined by the Conseil du trésor.
2017, c. 28, s. 9.
DIVISION III
REPORTING
2017, c. 28, s. 9.
16.7. Each public body must report on the contribution of information resources to the achievement of its mission, in particular by describing the impact of such resources on the performance of its organization.
The Conseil du trésor determines reporting conditions and procedures. Such conditions and procedures may, in particular, pertain to the required content and form of the report, the deadline by which it must be filed and, if applicable, the intervals at which it must be reviewed.
Such a report must be made public every year.
2017, c. 28, s. 9.
CHAPTER IV
GOVERNEMENT-ENTERPRISE PLANNING AND MANAGEMENT
2011, c. 19, c. IV; 2017, c. 28, s. 10.
17. Government enterprises must adopt, within the time set by the Conseil du trésor, an information resource governance and management policy that reflects the objectives of this Act and provides, among other things, for the implementation of planning and management tools similar to those provided for in Chapter III.
Those enterprises must make their policy public within 30 days after adopting it.
2011, c. 19, s. 17; 2017, c. 28, s. 11.
18. A government enterprise must provide the chief information officer with information on its information assets and its information resource projects that meet the criteria determined by the Conseil du trésor, and any other information determined by the Conseil du trésor. However, the Conseil du trésor may not require information if the enterprise shows that its release would likely reveal an investment strategy or substantially reduce the enterprise’s competitive margin.
That information must be provided in accordance with the conditions and in the manner determined by the Conseil du trésor.
2011, c. 19, s. 18; 2017, c. 28, s. 12.
CHAPTER V
SPECIFIC RESPONSIBILITIES
2011, c. 19, c. V; 2017, c. 28, s. 13.
19. The Conseil du trésor is responsible for developing policies on information resource governance and management and proposing them to the Government.
2011, c. 19, s. 19.
20. In addition to exercising the powers conferred upon it by this Act, the Conseil du trésor may prepare an information resource governance and management directive applicable to public bodies or to a category of public bodies.
Without limiting the generality of the foregoing, the directive may
(1)  provide for rules to ensure the security of information resources, which includes the protection of personal and other confidential information;
(2)  provide for measures to ensure coherence in government actions and to allow the pooling of information resource services and information assets, and determine management procedures;
(3)  (paragraph repealed).
A directive requires the approval of the Government and is applicable from the date set in the directive. Once approved, a directive is binding on the public bodies concerned.
2011, c. 19, s. 20; 2017, c. 28, s. 14.
21. The Conseil du trésor may determine information resource standards for public bodies or for a category of public bodies.
It may also determine guidelines pertaining to the principles or practices to be applied in information resource management, including practices to optimize work organization and the necessity of considering all the technologies offering potential savings or benefits and all the development or acquisition models available to meet the needs of public bodies, including open-source software.
2011, c. 19, s. 21; 2017, c. 28, s. 15.
22. Despite any provision to the contrary in another Act, the Conseil du trésor may, on the recommendation of the chief information officer and under the conditions it determines, confer on the Centre de services partagés du Québec or on another public body the Conseil du trésor designates, the responsibility of carrying out all or part of a public body’s information resource project.
The decision of the Conseil du trésor must provide for, among other things, the remuneration of the designated public body.
The designated public body may require that the public body affected by the decision provide it with the documents and information concerning the project.
2011, c. 19, s. 22.
22.1. The Government may, on the conditions it determines and on the recommendation of the Conseil du trésor, require
(1)  that a public body use an information resource service of the Centre de services partagés du Québec or of another public body it designates; and
(2)  that the information assets of a public body and all the resulting obligations, including lease-related obligations, be transferred to a body designated under subparagraph 1.
The application of the first paragraph does not transfer ownership of personal information to the designated body or change the applicable confidentiality rules.
This section does not apply to administrative bodies established to exercise adjudicative functions.
2017, c. 28, s. 16.
CHAPTER V.1
AUDIT
2017, c. 28, s. 17.
22.2. The Chair of the Conseil du trésor may conduct an audit to determine whether a public body’s information resource investment and expenditure planning and information resource project management are consistent with the measures established under this Act. The audit may verify, among other things, whether the public body’s actions comply with this Act and with the rules and directives issued under it to which the body is subject.
The Chair of the Conseil du trésor may designate in writing a person to conduct the audit.
2017, c. 28, s. 17.
22.3. At the request of the Chair of the Conseil du trésor or the person designated to conduct the audit, the public body being audited must send or otherwise make available to the Chair or the designated person all documents and information considered necessary to conduct the audit.
2017, c. 28, s. 17.
22.4. The Chair of the Conseil du trésor makes any recommendations the Chair may have to the Conseil du trésor. The latter may then require the public body to take corrective measures, conduct any appropriate follow-up or comply with any other measure determined by the Conseil du trésor, including oversight or support measures. The Conseil du trésor may also recommend the suspension or termination of an information resource project.
2017, c. 28, s. 17.
CHAPTER VI
AMENDING PROVISIONS
PUBLIC ADMINISTRATION ACT
23. (Amendment integrated into c. A-6.01, s. 24).
2011, c. 19, s. 23.
24. (Omitted).
2011, c. 19, s. 24.
25. (Amendment integrated into c. A-6.01, s. 72).
2011, c. 19, s. 25.
26. (Amendment integrated into c. A-6.01, s. 74).
2011, c. 19, s. 26.
27. (Amendment integrated into c. A-6.01, s. 77.1).
2011, c. 19, s. 27.
ACT RESPECTING THE NATIONAL ASSEMBLY
28. (Amendment integrated into c. A-23.1, s. 110.2).
2011, c. 19, s. 28.
ACT RESPECTING PARENTAL INSURANCE
29. (Amendment integrated into c. A-29.011, s. 115.14).
2011, c. 19, s. 29.
ACT RESPECTING THE COMMISSION ADMINISTRATIVE DES RÉGIMES DE RETRAITE ET D’ASSURANCES
30. (Omitted).
2011, c. 19, s. 30.
31. (Amendment integrated into c. C-32.1.2, s. 10).
2011, c. 19, s. 31.
ELECTION ACT
32. (Amendment integrated into c. E-3.3, s. 488.2).
2011, c. 19, s. 32.
ACT RESPECTING THE MINISTÈRE DES SERVICES GOUVERNEMENTAUX
33. (Amendment integrated into c. M-26.1, s. 3).
2011, c. 19, s. 33.
34. (Omitted).
2011, c. 19, s. 34.
35. (Amendment integrated into c. M-26.1, s. 6).
2011, c. 19, s. 35.
PUBLIC PROTECTOR ACT
36. (Amendment integrated into c. P-32, s. 35.1).
2011, c. 19, s. 36.
ACT RESPECTING OCCUPATIONAL HEALTH AND SAFETY
37. (Omitted).
2011, c. 19, s. 37.
38. (Amendment integrated into c. S-2.1, s. 176.0.1).
2011, c. 19, s. 38.
ACT RESPECTING THE SOCIÉTÉ DE L’ASSURANCE AUTOMOBILE DU QUÉBEC
39. (Amendment integrated into c. S-11.011, s. 23.0.15).
2011, c. 19, s. 39.
AUDITOR GENERAL ACT
40. (Amendment integrated into c. V-5.01, s. 67).
2011, c. 19, s. 40.
CHAPTER VII
MISCELLANEOUS, TRANSITIONAL AND FINAL PROVISIONS
2011, c. 19, c. VII; 2017, c. 28, s. 18.
40.1. The conditions, procedures and other elements determined by the Conseil du trésor for the purposes of this Act may vary depending on the public body and, if applicable, the government enterprise.
2017, c. 28, s. 18.
41. A person who is exercising the functions of chief information officer on 12 June 2011 continues to exercise those functions until appointed or replaced under this Act.
2011, c. 19, s. 41.
42. Despite section 11, a person who, on 12 June 2011, is a person in authority in a public body referred to in that section and whose functions are mainly related to information resources is designated, without further formality, the first sectoral information officer of that body.
2011, c. 19, s. 42.
43. The obligation of a public body to establish and obtain approval for its information resource spending program for a fiscal year applies to fiscal years beginning more than 90 days after 13 June 2011.
2011, c. 19, s. 43.
44. The obligation of a public body to obtain authorization for an information resource project that satisfies the criteria determined by the Conseil du trésor does not apply to projects in progress on 13 June 2011.
2011, c. 19, s. 44.
45. Any decision about information resources made by the Conseil du trésor under section 66 or 74 of the Public Administration Act (chapter A-6.01) continues to apply to the extent that it is not inconsistent with this Act or with a directive or policy drawn up under this Act, until the decision is replaced by a decision on the same subject made under this Act.
2011, c. 19, s. 45.
46. A policy on the security and management of information resources that is in force in a public body on 13 June 2011 continues to apply to the extent that it is not inconsistent with this Act or with a directive or policy drawn up under this Act.
2011, c. 19, s. 46.
47. Not later than 13 June 2016, and subsequently every five years, the Chair of the Conseil du trésor must report to the Government on the carrying out of this Act and the advisability of maintaining it in force or amending it.
The report must be tabled in the National Assembly within 30 days or, if the Assembly is not sitting, within 30 days of resumption.
2011, c. 19, s. 47.
48. The Chair of the Conseil du trésor is responsible for the administration of this Act.
2011, c. 19, s. 48.
49. (Omitted).
2011, c. 19, s. 49.