This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:exception [2023/02/07 21:13] katcow |
wiki:policies:exception [2023/02/07 21:46] (current) katcow |
||
---|---|---|---|
Line 2: | Line 2: | ||
+ | ===== Purpose ===== | ||
+ | |||
+ | The purpose of this policy is to ensure that exceptions to security policies are documented and approved through an exception process. | ||
===== Scope ===== | ===== Scope ===== | ||
Line 11: | Line 14: | ||
An exception to an information security policy may be granted in the following cases: | An exception to an information security policy may be granted in the following cases: | ||
- | * a more secure solution exists | + | * The implicated system does not have the capacity to comply with the relevant security standard. |
+ | * Immediate compliance would disrupt critical business | ||
+ | * A more secure | ||
+ | * Compliance would adversely affect business operations | ||
+ | * A lawsuit or investigation requires exception to the relevant security policy. | ||
+ | * Compliance would cause a major adverse financial loss | ||
+ | * An emergency situation requires violation of the relevant security policy. | ||
- | + | === To Request | |
- | To request | + | |
Email or slack the [[wiki: | Email or slack the [[wiki: | ||
Line 27: | Line 35: | ||
* Controls in place to mitigate risks. | * Controls in place to mitigate risks. | ||
- | **Example: ** | + | === Example |
- | * Steve would like to share Carl' | + | Steve would like to share Carl's Pizza Planet |
- | * Request: I would like shared | + | * Request: I would like share access to Carl's Pizza Planet |
- | * Policy: | + | * Policy: |
- | * Application; this affects our account on the Planet | + | * Device/Application: Carl' |
- | * Rationale: | + | * Rationale: Pizza Planet |
* Duration: Four - Six months. | * Duration: Four - Six months. | ||
- | * Risk: Passwords shared online may be intercepted, | + | * Risk: Passwords shared online may be intercepted, |
- | * Mitigation: | + | * Mitigation: |
- | ---- | + | |
- | * For example, attach the Access Control | + | ===== Compliance ===== |
+ | Policy | ||
===== Revision History ===== | ===== Revision History ===== | ||
+ | |||
+ | |||
+ | ^Author^Date of Revision/ | ||
+ | |K. Cowie|02/ | ||
+ | |||
+ | |||
+ | [[: | ||
+ |