Evidence of meeting #126 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was kpmg.
A video is available from Parliament.
5:30 p.m.
President, Donna Cona Inc.
The only ones we would have had would have been possible sole sources under $40,000. That's the only thing we've had. Everything else we've competed for in a typical RFP process.
5:30 p.m.
Conservative
The Chair Conservative John Williamson
Ms. Sinclair‑Desgagné, you have time to ask one last question,
5:30 p.m.
Conservative
The Chair Conservative John Williamson
Okay.
Thank you very much.
Mr. Desjarlais, you have the floor for two and a half minutes, please.
5:30 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Thank you very much, Mr. Chair.
Did KPMG employees who worked on ArriveCAN receive a valid security clearance?
5:30 p.m.
Partner and National Leader, Digital Health Transformation Practice, KPMG
Thank you for the member's question. I'll comment on the Public Health Agency related work.
All of the staff who worked on the ArriveCAN program did, yes. For the Public Health Agency, we had all the proper security clearance. We required reliability for those contracts.
5:30 p.m.
NDP
5:30 p.m.
Partner and National Leader, Digital Health Transformation Practice, KPMG
For the Public Health Agency work, we were required to have reliability security clearance. All of our resources had that—reliability or higher. I myself have secret security clearance.
5:30 p.m.
Partner, Cybersecurity, KPMG
If you don't mind me adding, for the cybersecurity assessment work, just to reiterate what I said earlier, I had a mix of some secret-cleared people who were doing more of the hands-on work, with the rest of the staff at the reliability level.
5:30 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Did KPMG at any time share the results of the security vulnerability assessment with GC Strategies?
5:30 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Did it share them in any capacity—sharing of reports, potential vulnerabilities found in the assessment, incident response plans or any information, even if it was meeting in a lobby, Mr. Bashir?
5:30 p.m.
Partner, Cybersecurity, KPMG
Thank you for the member's question.
All of our results were shared directly with the CBSA, but I can't speak to who they shared them with after that.
5:30 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
Moving on to intellectual property, does KPMG consider any algorithm it produces for the government, in particular ArriveCAN, its intellectual property?
May 30th, 2024 / 5:30 p.m.
Partner and National Leader, Digital Health Transformation Practice, KPMG
Thank you for the member's question.
I'll just clarify that for work related to the Public Health Agency, we did not develop any algorithms.
5:30 p.m.
Partner, Cybersecurity, KPMG
Similarly, when you say “algorithm”, I just want to clarify that KPMG didn't create or edit any code for the ArriveCAN app. Our work was more of an assessment after the code was developed to confirm that the code complied with the Government of Canada's security standards and policies.
5:30 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
I understand.
I'll ask the same question regarding security clearances for TEK and Donna Cona. Did you receive security clearances for all those employees who worked on the ArriveCAN app?
5:30 p.m.
Director, Canadian Government Services, TEKsystems
Yes, we validate the security clearance of all the professionals we place with the government.
5:30 p.m.
NDP
Blake Desjarlais NDP Edmonton Griesbach, AB
What about Donna Cona? Did they have security clearance?
5:30 p.m.
Conservative
5:30 p.m.
Conservative
John Nater Conservative Perth—Wellington, ON
Thank you, Chair.
It's too bad that the Liberal national caucus chair doesn't like our questions, but unfortunately, the government failed. We have to ask questions on behalf of Canadians so that taxpayer money is properly spent.
Mr. Bashir, you mentioned that you would have briefed your leadership team on your meetings with GC Strategies. Who were the members that you would have briefed on those meetings?
5:35 p.m.
Partner, Cybersecurity, KPMG
As I mentioned earlier, given the time frame, it likely would have been Marc Brouillard.
