Government Operations committee  Just to reassure the committee, we have a number of checks and balances that would prevent that from happening. There are reviews that have to be done, so you can't negotiate and sign these sorts of examples. There are always multiple sets of eyes. We also grade our projects in terms of their level of risk, and that determines the level of oversight to make sure that it is provided.

Government Operations committee  If there are any under way right now, to my knowledge, the answer is no. There have in the past been CITT complaints. We use the ombudsman regularly, and procurement monitors, and it is our intention never to break procurements. It goes against our ability to bulk them up and obtain the best deal for the Government of Canada and the Canadian taxpayer.

Government Operations committee  I would echo the minister's comment. I'm not aware of that. The vast majority of our procurement is done through competitive processes or through mini-competitions through pre-qualified vendors. It might not be open each and every time. We do over 10 or 11 contracts a day every day, so oftentimes we go to pre-qualified....

Government Operations committee  Mr. Chair, I will have to provide an answer in writing. I'm not sure off the top of my head.

Government Operations committee  In response to the previous question, also part of the strategy is no single points of failure and redundancy. With respect to this question, I was afraid you were going to ask that, and I don't want to jinx it. We are very good in this space. We block literally billions of attacks.

Government Operations committee  Do you want to do that one, Marc?

Government Operations committee  Thank you for the question and for your kind words. I am grateful to you for that. For us, moving forward, we have a document. It's available publicly. It's called SSC 3.0. It aligns with the minister's digital vision. It clearly lays out what we believe were the priorities before COVID, and it was reaffirmed during COVID.

Government Operations committee  Just briefly in response to the member's question, the ITSN tool we're using is from BDM, which is one of the Gartner magic quadrant companies. The short answer to the second question is that, yes, we are tapping into all sources. Again, my approach is that we don't have all the answers.

Government Operations committee  Sure.

Government Operations committee  Thank you, Mr. Chair, for the member's question. The short answer is that we would have to follow up in writing.

Government Operations committee  I would say it's the vast majority—maybe 80%. There is some software as a service—

Government Operations committee  I interpreted systems to also include software. When it comes to hardware and any of the hardware that gets plugged into the data centre and into our network—

Government Operations committee  No, Windows would not be allowed. Those are the kinds of things we do. We purchase any of the stuff that's critical to infrastructure. Then, we are able to monitor and see the software that runs on that. While we don't purchase it, we have to look at it to make sure it's properly configured and understand its load on the network and, therefore, we are able to assess its security.

Government Operations committee  I'll start, Mr. Chair. Marc, you could help. The short answer is that within Shared Services it is a box to tick. Security is paramount to what we do. It's part of how we patch. The second is the monitoring we do of any software. They're not allowed. They don't have what we would call “administrative rights” to install some of that critical stuff.

Government Operations committee  Thank you, Mr. Chair, for the member's question, and I will also ask Marc to help me with the response. I need to be briefer. I apologize to all the members for my rambling. The short answer is, I believe it is. These are fast-paced technologies that are developing very rapidly.