MOD is a large organisation with a commensurate number of contracts—almost 23,000 contracts were placed in Financial Year 2007-08. MOD is in the process of confirming full compliance with all its suppliers and expects to complete this task by end March. As an initial step those defence contractors who have declared to Defence Security and Safety Assurance (MOD’s Accreditation Authority), a requirement to have a connection to MOD’s restricted network (the RLI) or work electronically at confidential or above, have been asked to confirm their compliance with MOD’s List-X Notice on laptop and media encryption policy, issued in response to the data handling review. Some 73.3 per cent. have confirmed compliance. A further 8.3 per cent. have confirmed that they do not currently comply but have (or are in the process of) submitting risk balanced cases to describe how they are mitigating these risks together with plans to address shortcomings. 18.3 per cent. are still to respond formally and are being hastened.