~/Cedric

No contractual clauses covering the maximum acceptable downtime of an essential service Vulnerabilities

Use of non-evaluated software Vulnerabilities

No storage of activity tracks Vulnerabilities

Are there logs? Are they sufficient in terms of the checks to be carried out?

No crisis management organisation Vulnerabilities

No hierarchical organisation or reporting procedure Vulnerabilities

No procedures for transfer of knowledge Vulnerabilities

Software not adequately tested before acceptance, especially concerning limit values Vulnerabilities

Use of software without a guarantee of its source Vulnerabilities

Lack of awareness of individual responsibilities Vulnerabilities

No organisation for protecting documentation and system maintenance resources Vulnerabilities