Information Technology

The number of B.C. government teleworkers grew 20-fold after the COVID-19 pandemic started​. Teleworking has many benefits but it can also pose increased risk to sensitive government data. Our audit focused on the Office of the Chief Information Officer's responsibility for cybersecurity risk management in the government telework environment. It looked at the OCIO's strategic activities, such as risk assessment, telework-related policies, data protection measures, and cybersecurity training and guidance. 
 

This audit assessed whether the government is managing IT assets in accordance with good cybersecurity practices. It focused on five ministries: citizens’ services, finance, health, education, and natural resource.

In this audit, we looked at whether BC Hydro was effectively managing its cybersecurity risk by detecting, and responding to, cybersecurity incidents on its industrial control systems, which form an integral part of its electric power infrastructure.

The Ministry of Transportation and Infrastructure’s Regional Transportation Management Centre (RTMC) manages traffic flow at major bridges and roadways throughout the province. This audit looked to see if the RTMC had foundational cybersecurity controls in place. It didn’t assess the effectiveness of these controls.

This audit looked at whether the Ministry of Technology, Innovation and Citizens' Services and Health Shared Services BC completed appropriate due diligence when expanding government's 2004 agreement with the service provider to include the health authorities, and when extending the timeframe of the original agreement.