# Security Exception Management Policy

## Objective

The purpose of this policy is to define the way in which FundApps raises, approves, records and reviews exceptions to its information security policies.

## Scope

This policy applies to all exceptions to FundApps' security policies.

## Policy

### Raising Exceptions

All exceptions must be raised to the Head of Information Security, the CTO, or the CEO and approved before the event. Ensure that items are recorded appropriately in either the Security Exception Log or the Incident Log.

### Approving Exceptions

Exceptions must be approved by the Head of Information Security, the CTO or the CEO.

### Recording Exceptions

Exceptions must be recorded in the Security Exception Log [here\[Restricted to FundApps staff\]](https://www.notion.so/fundapps/Security-Exceptions-2749a868beac46d999f5918d02b83c73).

### Reviewing Exceptions

Exceptions will be reviewed by the Head of Information Security annually.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://policies.fundapps.co/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/infosec/security-exception-management-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.