Thank you, Mr. Chair.
Thank you to the members of the committee for inviting KPMG to contribute to this important conversation.
My name is Imraan Bashir. I'm a cybersecurity partner at KPMG in Canada. I am here following the appearance of my colleagues Lydia Lee and Hartaj Nijjar on April 4, when they spoke about the services KPMG provided to support the ArriveCAN program.
I've been in the information technology and cybersecurity field for close to 24 years, with my career split across the public and private sectors. I started my career at a leading IT services company before joining the public service. I was a proud public servant for almost 11 years, spending time at Indigenous Services Canada and the Treasury Board of Canada Secretariat under both Conservative and Liberal governments. I joined KPMG four years ago, in May 2020. Since joining KPMG, I have worked with a variety of public and private sector clients to provide cybersecurity services in an ever-evolving threat landscape.
Lydia and I are here today to represent KPMG Canada, which employs approximately 11,000 people across our country. Our role is to serve and assist our clients, including governments at the federal, provincial and municipal levels, in identifying and closing strategic and operational gaps, providing specialized knowledge and services in areas where support is required. We consider our services to be an important part of our contribution to Canadian society.
While we are very proud of the services we provide to assist governments, KPMG is not a leading recipient of government contracts. As you are likely aware, an analysis by Carleton University noted that KPMG ranked 112 on the list of contracts awarded across all public service departments and agencies in 2021-22.
KPMG is very supportive of the important work being done by this committee. In addition to joining committee meetings, we have provided written responses, as requested, to questions that arose from our previous appearance. For today's session, to the extent the committee thinks I can be helpful or of further assistance, I am happy to answer your questions.
As my colleagues Lydia and Hartaj discussed at their previous appearance, KPMG's work related to the ArriveCAN program fell into two streams. The first stream, led by Lydia, was for the Public Health Agency of Canada. In this stream, KPMG provided in-depth subject matter expertise and global knowledge to assist in developing policies and procedures for the implementation of the ArriveCAN program. The second stream of work was the cybersecurity assessment that was performed for the CBSA's ArriveCAN application and supporting infrastructure. I was the local delivery partner on this work, supported by Hartaj, who leads our national cybersecurity practice. As you know, KPMG is well known in the field for its cybersecurity expertise. We offer a range of services to help organizations identify, assess and mitigate cyber-risks.
Between October 2021 and March 2022, KPMG provided an independent cybersecurity assessment of the ArriveCAN application. This work was subcontracted to KPMG through GC Strategies in October 2021 at the request of the CBSA. Our scope consisted of five streams of work performed under two separate task authorizations, which involved reviewing the CBSA's cloud security architecture, including a comprehensive security control review; the department's alignment with privacy regulations; its vulnerability management practices; its secure product development practices; and its security incident response protocols and procedures. Our work was completed on time and on budget, in alignment with Government of Canada policies, and was reviewed and ultimately approved by the CBSA.
We are very proud of the services that KPMG provided during the pandemic to assist not only governments but also health care organizations, academic institutions, not-for-profits and the private sector. We delivered highly specialized expertise at a time of unprecedented uncertainty for Canadians and the world.
Thank you. We'd be happy to take your questions.