The main change here is to move from a planning approach that would see projects being renewed on a cyclical basis. To take the analogy of a car, that would involve replacing the car every five years, for example. The approach we're taking is more based on a recognition that the world doesn't actually work that way and that in some cases, with respect to the life cycle of facilities, a cyclical approach might be right, but for security, a risk-based approach.... So you might have to replace that car every two years if the security environment is changing. If it is not, you might not have to replace that car for 10 years.
The planning is done internally and we compare notes with other like-minded countries in the various locations, as well as with others like DND and RCMP and so on, to gather all of the relevant inputs for planning. We also have expertise within the department, under the departmental security officer, and in the branches, which understand that risk environment. We also get the information from the missions. It's a fairly elaborate process but it's now risk-based rather than just having routine turnover.