It is imperative that a company’s global network and its users comply with all information security services (ISS) policies, procedures, standards and guidelines. However, there are instances that fall outside the ability to comply with and/or conform to an ISS policy, procedure, standard or guideline. In such cases, an exception must be documented and approved.

This policy addresses how exceptions and non-conformance to existing ISS policies, procedures, standards, guidelines, or a federal or state regulation are handled, and outlines a set of policies and procedures governing action to be taken when special circumstances prevent compliance.