Performance Management Program On–Line

Executive Summary

The Performance Management Program (PMP) On–line is a dynamic web–based performance management application used by managers and employees for setting objectives and performance indicators, measuring competencies, documenting training requirements and career aspirations and reviewing achievements.

PMP On–line also acts as a communication tool in as much as it includes information about the new performance management program, links to training programs, Frequently Asked Questions, newsletters, broadcast messages and links to the Foreign Affairs Canada (FAC) and International Trade Canada (ITCan) competency dictionary and competency profiles.

Although it is available to all employees of FAC and ITCan world–wide, PMP On–Line sits on a secure server in Ottawa. When completed, certain parts of the employee reviews (evaluations of results and competencies) are “Protected B.”

PMP On–Line is available in both official languages.

PMP On–Line is for internal use only.

Privacy Risk Mitigation

  1. User Accidentally Changes or Destroys Data
    User may accidentally change or destroy the data although this is very unlikely.
    Recommendation: To mitigate this risk, an audit trail exists, user awareness training is provided, revert to “read only” functions at critical stages of the review exists and there are warning messages before completing the review, printing, etc.
  2. User Accidentally Releases Data
    User may accidentally release the data although this is very unlikely.
    Recommendation: To mitigate this risk, user awareness training is provided.
  3. User Deliberately Changes or Destroys Data
    User may deliberately change or destroy the data although this is very unlikely.
    Recommendation: To mitigate this risk, an audit trail exists and revert to “read only” functions at critical stages of the review exists. In addition, the “Save As” function is disabled in the browser.
  4. User Deliberately Releases Data
    User may deliberately release the data although this is very unlikely.
    Recommendation: To mitigate this risk, the “Save As” function is disabled in the browser.
  5. Hackers or Script Kiddies
    Hackers or script kiddies may release the data although this is unlikely.
    Recommendation: To mitigate this risk, the “Save As” function is disabled in the browser.
  6. User is not aware of Privacy Issues
    Users may not be aware of privacy issues.
    • Recommendation: To mitigate this risk:
      • During the PMP training, managers and employees are provided with a security briefing vis–à–vis using the PMP application.
      • A warning message (When completed, performance reviews are protected “B”. Do not share your password and do not leave your application open when you are away from your desk) will be shown at the log–in of PMP.
      • Performance reviews are “Protected B” when completed. Although the departmental network on Signet D is currently operating at “Protected A”, the Department is working towards upgrading the network to a “Protected B” environment.