First of all, every privacy impact assessment, in other words, the assessment that departments or agencies are subject to when implementing a program or policy, includes a security component. So we ask serious questions about that.
Second, we take note of any vulnerabilities for our audit plan, which is based on risk. And, clearly, we take those factors into account when choosing which audits to do next, precisely to ensure we are focusing on areas that present risks.