A variety of exceptions to this standard may be expected. These exceptions, when granted, will be documented in either a platform specific standard or in a memo documenting the exception. Exceptions may be granted by the BCC IT Security Administrator, the Dean of Information Resources (IR), or any IR director authorized by the Dean. Copies of all documentation regarding exceptions will be kept on file with the BCC IT Security Administrator. This documentation will include:
- A detailed description of the exception.
- A description of why the exception is necessary.
- A risk assessment by the BCC IT Security Administrator and/or the Dean of Information Resources, or designee.
- A description of the compensating controls that are in place to mitigate risk created by the exception.