Specific to our work on ArriveCAN, a significant component of it related to security. Security, in the case of the federal government, is defined by the government in terms of the security controls, guardrails, authority to operate and audit criteria. Our work was to configure AWS to comply with all of those regulations and to ensure that CBSA was able to pass those audit checks and requirements throughout the whole process.
As part of our engagement, a minimum of 15% of anything we do we is dictated as being security-related. In this case, it was a far higher ratio than that, just given that we were configuring systems to contain things like vaccine credentials, passport credentials, personal identification, automated purging and destruction of data, and a post-retention period. I would say that the bulk of our work was related to security to meet Government of Canada requirements.