~/Cedric

Possibility of installing a backdoor or Trojan horse in the operating system Vulnerabilities

No rules for checking equipment entering/leaving the organisation Vulnerabilities

Is there a hardware removal procedure? Is it formal? What hardware is affected? User laptops? Removable storage devices? BYODs?

No rules covering the operating environment of information processing infrastructures (temperature, humidity, etc.) Vulnerabilities

No clause covering response time for repair and treatment in the event of malfunction Vulnerabilities

The security policy is not applied especially in relation to processing of personal information Vulnerabilities

No training plan concerning security issues Vulnerabilities

No training plan for maintenance of new systems Vulnerabilities

No Quality Assurance Manual Vulnerabilities

No policy for checking the correct sizing of the equipment of the information processing infrastructure, including the emergency equipment Vulnerabilities

No continuity plan covering the organisation's essential activities Vulnerabilities