Mr. Chair, I can elaborate on that to some extent.
We've done work on ports with respect to some of the resilience assessment tools that we have. We've done physical security assessments at 14 facilities in Canada. We've only done cyber-assessments at four facilities. If you're wondering if that's low, I would say it is. I think part of the reason for that is that the programs we offer are not mandatory. They are voluntary programs whereby Public Safety administers these on a free-of-charge basis. We basically rely on CI stakeholders coming to us to actually undertake these services.
In this case, it is a low sample size and we can't really draw any specific comparisons from that based on the overall vulnerability.
Of course, we don't share that information broadly, except with the owner and operator under confidentiality agreements that we sign with them. We do have non-disclosure agreements that we sign with CI owners and operators and—