There's another way to close that loop. The specific item reported is not against which enforcement action will be taken. What will happen is that if a company does not respond appropriately, in accordance with the standards and expectations of the SMS, then we will go after the company using clauses like that to gain compliance. If it isn't reported that the company is not doing something that they should be doing, then we're back to where we were yesterday, which is talking about forensic audits to try to catch them.
Here we have the information coming freely to the company, in front of our eyes, where we can watch and then see what they do. If they don't act appropriately, we'll take certificate action. It bumps it all up one level and becomes much more serious for a company if they don't have the systems to deal with systemic problems that show up.