Actually, I would answer the following way.
Departments have to comply with the government's security policy that my colleague Mr. Cochrane spoke about. So it outlines the requirements. They have to have a departmental security officer, we heard in DND, and it's the same thing for Public Works and any other department. So it essentially sets the framework against which they have to be doing business as it relates to security requirements.
We in Public Works generate our own contracts, about 1,500 per annum. Therefore, it is a side of my department in proceeding with contracts—so-called contract authority—that this person has to say there is a requirement. When the requirement is identified, it goes to the industrial securities program segment of my department and things are done.
We also carry out so-called assessment work for departments for about 500 contracts. So per annum overall, for 2,000 contracts, 1,500 were generated by Public Works, and in 500 a department tells us it has a security requirement and would like the industrial security program to carry out the work needed to clear these individuals or companies.
That relationship, by the way, can exist between me and DCC. If DND flags a requirement and DCC says it will look into it, it can do it or come to me and I'll do it on its behalf. That is a sub-segment of the so-called 2,000 contracts we do per annum.
The point I'm making here is that departments have responsibilities under the government security policy. They can come to us in certain cases and we will do it. I generate a fair amount of work myself through the contracts that I issue.