Security Exception Request

In a small number of circumstances, it may not be possible to comply with the Stevens Security Policy.   The Division of Information Technology has provided the following method for obtaining an exception endorsement to work with Steven's constituents.  Exceptions should be approved and signed by the constituent, their department head, CISO (Chief Information Security Officer), and potentially the Dean/CIO depending on the risk level. Exceptions may be granted for a specific timeframe. These exceptions are reviewed on a case-by-case basis and their approval is not automatic. 

The Exception Request should be placed within our ticketing system to include: 

  • Description of the non-compliance 

  • Anticipated length of non-compliance 

  • Proposed assessment of risk associated with non-compliance. 

  • Proposed plan for managing the risk associated with non-compliance. 

  • Proposed metrics for evaluating the success of risk management (if risk is significant) 

  • Proposed review date to evaluate progress toward compliance. 

  • Endorsement of the request by the appropriate Information Trustee (VP, Dean, or CIO). 

 
Request Exception Form

Details

Service ID: 50239
Created
Fri 5/14/21 3:48 PM
Modified
Mon 11/29/21 5:41 PM