Skip to content
Log in

Policy Exception

Definition

A formal, time-bounded approval to deviate from a policy or standard requirement when the standard control is not achievable. Exceptions must be approved by the policy owner, document the residual risk, and include a compensating control and a remediation timeline.

Related terms

Document control
The systematic management of all procedural documents in a quality management system, ensuring that the current approved version is in use, all...
Information Security Policy
A high-level governance document that states what the organisation intends to achieve in protecting information, assigns accountability to roles, and sets the...
Operating effectiveness
The assessment of whether a control has consistently functioned as designed over the audit period. Requires evidence of actual operation, such as...
Procedure
A step-by-step operational instruction that tells a specific role how to carry out a task in conformance with the relevant standard. Procedures...
Standard
A document that translates a policy requirement into specific, measurable criteria. For example, a password policy may require strong authentication; the accompanying...

Explained in

  • Information Security Policy HierarchyA formal, time-bounded approval to deviate from a policy or standard requirement when the standard control is not achievable. Exceptions must be approved by th...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account