The purpose of this policy is to define the way in which FundApps raises, approves, records and reviews exceptions to its information security policies.
This policy applies to all exceptions to FundApps' security policies.
All exceptions must be raised to the Head of Information Security, the CTO, or the CEO and approved before the event. Ensure that items are recorded appropriately in either the Security Exception Log or the Incident Log.
Exceptions must be approved by the Head of Information Security, the CTO or the CEO.
Exceptions must be recorded in the Security Exception Log here[Restricted to FundApps staff].
Exceptions will be reviewed by the Head of Information Security annually.