There are conditions on applications, but there are different levels. As Mr. Maxwell said, there are CEAA triggers to do an assessment as part of administrative authorization. There are letters of advice that require a developer to do an evaluation of mitigation. There are several layers to ensure protection. What we saw from the samples is that there are big gaps in the required steps. There were things missing, weaknesses, and lack of fundamental documentation.
On May 26th, 2009. See this statement in context.