The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards > Policy Exception and Risk Assumption Procedures

Policy Exception and Risk Assumption Procedures

While it is the intent of the Office of Information Technology that policies and procedures be adopted by the owners and stewards of information technology resources, there may be occasional exceptions to the application of policy due to technical, operational or administrative issues. In such cases the exception must be registered, the risk must be evaluated and documented, and formal approval must be obtained. The department requesting the exception will assume the risk(s) resulting from the exception.

Exception Process

The department requesting the exception must provide the following:

  • Identification of the applicable policy

  • Description of the requested exception

  • The date the exception will start and end

  • Reason why the policy cannot, or should not, apply

  • Description of the system impacted and the level of confidentiality of the data impacted

  • Description of other risks that might occur

  • Description of how the system will be monitored and compensating controls that will be established

Requests for exceptions will be submitted to the Information Security Officer electronically by the head or chairman of the responsible department, after consultation with the technical representative for that department or unit. If the exception is denied, the issue may be escalated to the Vice Provost for Information Technology and CIO.
Effective Date:

January 1, 2011

Compliance Date:

January 1, 2011

Last Revision:

December 16, 2010

Exception Request Form (PDF)

www.utsa.edu/oit/PDF/policy/sec_Policy_Exception_Rquest.pdf

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools