I'll start, Mr. Chair. Marc, you could help.
The short answer is that within Shared Services it is a box to tick. Security is paramount to what we do. It's part of how we patch.
The second is the monitoring we do of any software. They're not allowed. They don't have what we would call “administrative rights” to install some of that critical stuff. The access to the data centres is physically limited. The short answer is that we have the keys and they don't.
On cloud, we are setting that up to set up parameters that will limit what they are able to do. They can transact what they need in order to do the development to build the applications without compromising the security posture.