Consolidated Statutes and Regulations
Consolidated Statutes
Consolidated Regulations
Annual Statutes and Regulations
Annual Statutes
Annual Regulations
Additional information
Québec Official Publisher
What’s new?
Information note
Policy of the Minister of Justice
Laws: Amendments
Laws: Provisions not in force
Laws: Provisions brought into force
Annual Statutes: PDF versions since 1996
Regulations: Amendments
Annual Regulations: PDF versions since 1996
Court Decisions
G-1.03, r. 1 - Regulation respecting the terms and conditions of application of sections 12.2 to 12.4 of the Act respecting the governance and management of the information resources of public bodies and government enterprises
Section 7
Disposition versions
7. The communications provided for in the third paragraph of section 12.2 and section 12.3 of the Act must be made by any means that provides proper protection. They may be made using automated systems in the form, for example, of bulletins or warnings.
Where a security event is related to cybersecurity, the activities allowing the communications referred to in the first paragraph are carried out by cybersecurity practitioners as part of their respective responsibilities.
For such an event, the communications referred to in the first paragraph must be based on the obligation to take cybersecurity measures to follow good practices generally recognized by international benchmarks, such as ISO standards or the National Institute of Standards and Technology (NIST) benchmark.
In force: 2022-07-28
7. The communications provided for in the third paragraph of section 12.2 and section 12.3 of the Act must be made by any means that provides proper protection. They may be made using automated systems in the form, for example, of bulletins or warnings.
Where a security event is related to cybersecurity, the activities allowing the communications referred to in the first paragraph are carried out by cybersecurity practitioners as part of their respective responsibilities.
For such an event, the communications referred to in the first paragraph must be based on the obligation to take cybersecurity measures to follow good practices generally recognized by international benchmarks, such as ISO standards or the National Institute of Standards and Technology (NIST) benchmark.
