Policy Exception Process
Sidebar
Policy Exception Process
Information security considerations such as regulatory, compliance, confidentiality, integrity and availability requirements are most easily met when university constituents employ centrally supported or recommended standards. The university understands that centrally supported or recommended technologies are not always feasible for a specific school, division or other university sub-division. Deviation from centrally supported or recommended technologies and controls is discouraged. However, it may be considered provided that:
- the alternative presents a reasonable, justifiable business and/or research case for an information security policy exception
- resources are sufficient to properly implement and maintain the alternative technology
- the process outlined in this and other related documents is followed and other university policies and standards are upheld
How to submit a policy exemption request
A policy exception is required any time compliance with policy cannot be achieved.
1
Submit the Initial Request form
Complete and submit the online Policy Exception – Initial Request Form (sign in required). All fields must be completed.
Policy Exception – Initial Request Form about2
Work with your Tier1
Your Tier1 should be involved and facilitate this process.
3
Submission of the request form does not guarantee or imply approval.
4
Request reviewed
Your request will be reviewed, and you will be contacted for next steps.