Information Technology Policy Manual 2022

E XCEPTIONS_______________________________________________________________________________ Requests for exceptions to this policy may be granted for systems or applications that have adequate security controls implemented. The security controls must provide good protection against Malware, cyber-attacks and other forms of threats. Requests must be submitted in writing to the Cyber Security and Compliance Manager for review and approval and must include the following details: 1) Purpose for requesting the exception 2) The risk to the City if the system or application becomes compromised 3) Mitigation controls that have been implemented to protect the system or application 4) End date for the exception

14

GSO-ITAUP-002