Security Exception Management Policy

Objective

The purpose of this policy is to define the way in which FundApps raises, approves, records and reviews exceptions to its information security policies.

Scope

This policy applies to all exceptions to FundApps' security policies.

Policy

Raising Exceptions

All exceptions must be raised to the Information Security Lead, the CTO or the CEO in a timely fashion once they have been detected.

Approving Exceptions

Exceptions must be approved by the Information Security Lead, the CTO or the CEO.

Recording Exceptions

Exceptions must be recorded in the Security Exception Log here[Restricted to FundApps staff].

Reviewing Exceptions

Exceptions will be reviewed by the Information Security Lead yearly.

PreviousVulnerability Management Policy NextInformation Security Risk Register

Last updated 4 years ago

Was this helpful?