Thank you, Mr. Chairman, for the question. First, there is essentially, as I should call it, the management response to the OAG recommendations, which was filed with the committee, and that is very specific to the recommendations that were made and accepted by the department. That's number one.
Number two, one of those recommendations was to develop a comprehensive action plan in order to be able to track progress as well as results measured. We have done that. It took us a while to do that, months. It was a lot of work. It's normal. It's not unusual. Now that's been made public as of April 18. Not only that but we have also developed a framework to track progress, so that is also available.
The sector tables all have an action plan of sorts. They're busy looking at risk, managing risk, sharing information. As well, we are going to, on cyber, augment the frequency of meetings, and we will do that against actions that we will collectively agree we need to take in order to manage a cyber-risk, as a for instance. They all kind of fit together, but “separate but connected” is the way I would describe that.