I'm sorry to interrupt you. I think my question was misunderstood.
PSPC indicated, in appendix I, that it had implemented a new checklist and sent a communiqué to staff reminding them of the security policy requirements. That's what you've done.
My question is this: How do you ensure that all aspects of that security policy have indeed been fully implemented?
I'm not talking about what the ombud said. I'm putting the monkey on your back. How do you ensure that employees follow the rules strictly?