The purpose of this policy is to define the way in which FundApps raises, approves, records and reviews exceptions to its information security policies.
This policy applies to all exceptions to FundApps' security policies.
All exceptions must be raised to the Information Security Lead, the CTO or the CEO in a timely fashion once they have been detected.
Exceptions must be approved by the Information Security Lead, the CTO or the CEO.
Exceptions will be reviewed by the Information Security Lead yearly.
Exceptions must be recorded in the Security Exception Log .