Health Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > About Health Canada > Reports & Publications > Audit Reports > Audit of Data Integrity - MCCS Feeder System Interfacing with SAP

Institutional links

About Health Canada

Management Response and Action Plan (MRAP) Audit of FNIHB -Data Integrity

Help on accessing alternative formats, such as Portable Document Format (PDF), Microsoft Word and PowerPoint (PPT) files, can be obtained in the alternate format help section.

Portable Document Format(PDF Version - 59 K)
Management Response and Action Plan (MRAP) Audit of FNIHB -Data Integrity
Recommendations Management Response:
  1. Accept
  2. Accept with conditions
  3. Reject
 Planned Management Action Deliverables Expected Completion Dates Accountability
1. It is recommended that the Director General of Business Planning and Management Directorate (BPMD), First Nation and Inuit Health Branch (FNIHB) continue to monitor the progress pertaining to the SAP/MCCS reconciliation process Accept Management is aware of this situation and has developed an automated SAP/MCCS reconciliation process. Automated SAP/MCCS reconciliation process. Completed
October 26, 2007		 Catherine Lyons, Director General, BPMD

2. It is recommended that the Director General of BPMD, FNIHB:

  1. request that the CIO establish and document standard operating procedures for monitoring the activities of the MCCS DBA and super users with access to the operating system; and
  2. ensure that the MCCS User Access Request Form is enhanced to capture the reason for modifying privileges on an existing MCCS account.
 Accept
Accept		 The Director General, BPMD has consulted the Chief Information Officer (CIO) of Health Canada who will provide standard operating procedures for monitoring the activities of the MCCS DBA and super users.

The MCCS account request form will be enhanced to capture the reason for privilege modification.		 The MCCS Support Team will expand the regular account review process to include a six month review of all MCCS DBA and Super User accounts.

Enhanced electronic account request form.		 February 15, 2008

March 31, 2008		 Christina Hastings, CIO, Health Canada

Catherine Lyons, Director General, BPMD

3. It is recommended that the Director General of BPMD, FNIHB:

  1. request that the CIO implement and document standard DBA operating procedures for approving privileges for DBAs and Super User Access to the operating system; and
  2. instruct all regions to carefully review the date of last access of users and deactivate user accounts for users not accessing MCCS over a predetermined number of months.
 Accept

Accept		 The Director General, BPMD has consulted the CIO and they will take responsibility for implementing and documenting of standard operating procedures for approving privileges for DBAs and Super Users.

Regional account managers will continue to perform the six month review of all accounts in their region with emphasis on the date of last access.		 The MCCS Support Team will document procedures for identifying and approving MCCS DBA and Super User accounts and privileges.

FNIHB will monitor date of last access during regular account review process.		 February 15, 2008

January 31, 2008		 Christina Hastings, CIO, Health Canada

Catherine Lyons, Director General, BPMD
4. It is recommended that the Director General of BPMD, FNIHB, request that the CIO document all the procedures for ensuring data integrity and correcting database problems. Accept The Director General, BPMD has consulted the CIO and they will prepare procedures for ensuring data integrity and correcting database problems. The MCCS Support Team will document the existing MCCS data integrity/recovery procedures. February 15, 2008 Christina Hastings, CIO, Health Canada
5. It is recommended that the Director General of BPMD, FNIHB, request that the CIO document backup and off-site storage procedures. These procedures should include at least:
  • instructions for performing the backups;
  • instructions for verifying that the backup worked properly;
  • instructions for verifying that the backup file device can be used to successfully restore the database(s);
  • instructions for properly labeling the backup file device;
  • instructions for shipping the backup file device or the off-site storage;
  • instructions for receiving the backup file device back from off-site storage;
  • retention periods for the backup storage device; and
 Accept The Director General, BPMD has consulted the CIO, and they will provide documentation for database backup and off-site storage procedures. The MCCS Support Team will engage Health Canada's Infrastructure Support Team to document current tape backup and off-site storage procedures.

Additionally, these procedures will include a yearly test of restoration from tape backup.		 March 31, 2008 Christina Hastings, CIO, Health Canada
6. It is recommended that the Director General of Business Planning and Management Directorate (BPMD), First Nations Inuit Health Branch (FNIHB), use an SDLC methodology to document the MCCS-SAP interface. Accept A document will be prepared to identify and describe the current MCCS-SAP interface process. The MCCS support team will prepare a document outlining the MCCS-SAP interface process. March 31, 2008 Catherine Lyons, Director General, BPMD
Date Modified: 2009-05-21

Top of Page
Important Notices