"We do it under the guise of a staff-wide security review."