Office of Information Security Logo
about UMS link buttonPolicies and Practices Link ButtonTraining and Services Link ButtonResources and Information Link ButtonContact Us Link Button
Policies and Practices Logo
Exception Policy Logo
 

The exception process is to help the end user create an exception to a published Policy or Standard.  Once completed the exception request must be submitted to the CISO for review.

Exception Process

If approved the exception shall be maintained on file by the requester and actions taken to address the exception will be recorded with the exception.

An exception to a published Policy or Standard may be granted in any of the following situations:


- A Temporary situation

- A different solution is available with equivalent or superior protection


- Lack of resources


The Security Exception Request shall be submitted to the CISO and must include:


- System affected and classification


- Description of the non-compliance


- Duration of the exception and review dates


- Assessment of risk and plan for alternate risk management


The CISO will review the exception with the requester and determine whether the exception shall be granted, the duration of the exception, and what reviews are required at what dates.


An approved exception shall be maintained on file by the requester and actions taken to address the exception will be recorded with the exception.


16 Central Street Bangor, Maine 04401
Telephone: (207) 973-3201 | Fax: (207) 973-3296
Express Message: (207) 973-3399 | TTY Phone (24 Hours)(207) 973-3262