Exceptions are deviations from published policies, standards and procedures. They may be necessary for urgent business needs, resource gaps or academic pursuits. All exceptions carry inherent risk that should be monitored by the university. Exceptions should be minimized as they increase the university’s risk exposure in areas including but not limited to:
-
Information security and infrastructure
-
Data exposure
-
Non-compliance with statutory/regulatory requirements
-
Deviations from industry best practices
Users may request an exception using the "Request for Exception" form (click "Request for Exception" button to the right to begin). If an exception is granted, the risk will be added to the ITS risk register and presented to the Information Security Officer (ISO), Information Resource Manager (IRM), Chief Information Officer (CIO) and Chancellor. For more information on TWU’s exception policy, please see URP 04.797 Information Technology Exceptions.