ISO Security Exception

What Is It?

The Security Exception process aims to identify risks related to policy non-compliance. When a security exception is requested, the Information Security Office collaborates with the relevant department to create a risk management plan. Subsequently, the security exception document is drafted by the Information Security Office and sent for signatures. The Requestor’s Supervisor, Asset Owner, and Data Owner must accept the identified risks and recommendations for risk management.

It is the department’s responsibility to adhere to and complete the risk management plan within the specified timeframe of the security exception, ensuring compliance with UTRGV Security standards. Approved exceptions remain valid for no more than one year and require an annual review to determine their ongoing necessity. Additionally, it’s important to note that all Security Exceptions are reported to the University President.

Who Is Eligible to Use It?

Staff, Faculty, Researchers

Steps to Request

  1. Title: Provide a concise and descriptive title for the request. This title should capture the essence of what the request is about.
  2. Email of Requestor: Enter the email address of the person making the request. This ensures proper communication and follow-up.
  3. Contact #: Include a phone number or other relevant contact information for the requestor. This allows for direct communication if needed.
  4. Type of Request: Specify the nature of the request (e.g., security exception, system access, etc.).
  5. Equipment/System(s) Needing Exception: Clearly identify the specific equipment or systems for which the security exception is sought.
  6. Asset Tag # (If Applicable): If applicable, provide the asset tag number associated with the equipment.
  7. Asset Location (If Applicable): Indicate the physical location of the asset (e.g., building, room).
  8. CyberArk Usage: Confirm whether you have attempted to use CyberArk to address the issue. CyberArk is a privileged access management solution.
  9. Service Desk Call: Describe any attempts made to resolve the issue through a Service Desk call with IT Services.
  10. Description of Non-Compliance: Clearly outline the specific non-compliance issue that necessitates the security exception.
  11. Existing Technical Solutions: Explain any steps taken to address the issue using existing technical solutions.
  12. Agreement: Acknowledge that the submission of this request does not guarantee approval of the security exception. If approved, a separate form will be provided for necessary signatures.

Service availability and how to get support

Information Security Office
Email: is@utrgv.edu
Phone: (956) 665-7823
Fax: (956) 665-3154

Related Articles