In the same way as I looked at the 24 contracts, I also looked at the overall sample of 86, and quite a number of them were done correctly. It was important to me because I wanted to understand if there was something systemic or systematic in the industrial security program. The answer to that is probably no, because the majority were done correctly.
In the case of those contracts that were done ahead of time--contracts awarded before security clearance was awarded correctly--the OAG picked up that at least in six cases some measures were put in place to mitigate risk. That's the first thing.
In the second phase of our action plan we looked at all those 24 contracts to see if measures had been taken. I know it was after the fact to see if measures had been taken to minimize risk, but for the 24, they had been. In the same way as the OAG looked at six, we looked at the 24. In some cases resources that had access to certain information were escorted; in some other cases the contract had started, but the sensitive information had not been used by the contractor.