~/Cedric

No structure responsible for defining, implementing and monitoring access privileges to information Vulnerabilities

Managers have no contact with the expertise or technology watch departments Vulnerabilities

No security policy for protecting the information processing infrastructure in the organisation's sites Vulnerabilities

No report for maintenance operations Vulnerabilities

No failure reporting (volumes, cost of incidents, downtime) Vulnerabilities

Contract contains no clauses concerning identification and verification of the origin of the software. Vulnerabilities

Analysis of match between needs and equipment capabilities not organised Vulnerabilities

No insurance cover for destruction of equipment Vulnerabilities

No management of emergency equipment inspection reports Vulnerabilities

No policy for storing and analysing activity tracks Vulnerabilities