Madam Chair, committee members, on behalf of VFS Global I'd like to thank you for the invitation to speak today.
I'd like to thank the committee also for accommodating the time difference, allowing us to appear today from our headquarters in Dubai.
Madam Chair, VFS welcomes this scrutiny. It's essential that Canadians have full confidence in the integrity and the security of their government's programs and services.
At VFS Global the security of personal information entrusted to our care is our paramount concern. We work with a range of world-leading cybersecurity providers and also very closely with our cybersecurity consultant, Conrad Prince, to ensure a very strong cybersecurity posture.
Mr. Prince was formerly the deputy head of the U.K. government's signals intelligence and cybersecurity agency, GCHQ. He led GCHQ's intelligence and cyber operations for seven years. After that, he was appointed the United Kingdom's cybersecurity ambassador. We work very closely with Mr. Prince and we take data security very seriously at VFS Global.
People around the world rely on us for visa and passport application services. Since we started in 2001, we have successfully received and transferred over 220 million applications, and 64 governments trust us around the world. We operate for them in 143 countries through nearly 3,500 application centres. They trust us with the secure handling of personal information. The members of the Five Eyes intelligence alliance, and virtually all European Union and NATO governments are our clients.
Our global operations are certified ISO 27001, 2013, the global gold standard for information and data security.
Our Canadian government client is IRCC. Our client applies stringent personal information protection standards and these are embedded in our contracts and we follow them strictly. We conduct deep identity, credit, criminal, residency, education and employment checks on all our employees before we hire them. All operations-related email and telephone communications of our staff are monitored. We don't store any personal data related to visa applications. Data is purged from our systems 30 days following a case being closed, in accordance with IRCC regulations. IRCC also conducts unannounced audits to review the integrity of our systems.
Madam Chair, I'd now like to address some of the specific issues that have been raised in recent weeks about our operations in China.
First, I'd like to make clear that our Canadian visa centres in China operate according to the same tough security standards we employ around the world.
All data servers transferring China visa applications to IRCC are located in Canada. We operate no servers for IRCC in China. All access to personal information is restricted to officials who have been authorized by the Canadian government.
Second, recent media reports have suggested that we have Chinese ownership. This is false. VFS Global is owned and controlled by EQT, a global investment organization and publicly listed company based in Sweden.
Third, It's been alleged that sensitive data we handle is vulnerable to abuse. This too is false. Yes, we work with Chinese-owned facility management companies, but virtually all foreign companies operating in China work with locally owned, often state-owned, facility management companies. For foreign companies, they are a fixture of the business landscape in China. Facility management companies provide us with office space and administrative staff—nothing more.
These companies do not operate our visa centres and they do not collect visa information. They do not set up or have access to our IT systems. They have no access to any data.
For all our centres in China, VFS Global uses the same security controls we rigorously apply globally.
Madam Chair, with that we are now pleased to take your and the committee's questions.
Thank you.