Yes. Thank you. I will take that.
We did dedicate IT security expertise. We looked at it as a “security by design” approach. When we developed and implemented ArriveCAN, we needed security assessment and authorization as per the government processes that Ms. O'Gorman mentioned earlier. For each release, we did a review at the beginning of the release to determine the amount of functionality changes that we would have. If the functionality changes were significant and we felt that it warranted a full review, we did do full security assessment and authorization processes for those.
We did 11 of those in total across the 70 functionality releases. Those were for our major releases when we were introducing such things as pre-arrival testing and the validation and verification of the proof-of-vaccination credentials.