The University of Texas at San Antonio
Office of Information Technology
Office of Information Security (OIS) Standards
OIS 29 – Standard for Policy Exception and Risk Assumption
I. STANDARD STATEMENT
While it is the intent of the Office of Information Technology that policies and procedures be adopted by the owners and stewards of information technology resources, there may be occasional exceptions to the application of policy due to technical, operational or administrative issues. In such cases the exception must be registered, the risk must be evaluated and documented, and formal approval must be obtained. The department requesting the exception will assume the risk(s) resulting from the exception.
This standard supports HOP Policy 8-12 Information Resources Use and Security Policy
This standard applies to all UTSA faculty, staff, and students.
If you have any questions about OIS 29 – Standard for Policy Exception and Risk Assumption contact the following office:
The Office of Information Security
Effective Date: January 10, 2012
Last Revised: July 8, 2014