Glossary
Exception Management
Exception management is how you handle rule-breaking that is allowed - when someone needs permission to not follow a rule and tracking that permission.
What is Exception Management?
The process of documenting, approving, tracking, and periodically reviewing deviations from security policies and standards.
Why Should You Care?
Exceptions are sometimes necessary but must be documented and risk-accepted. Untracked exceptions create unmanaged risk.
Is your business exposed?
Real-World Example
A legacy system cannot support MFA, so an exception is approved with compensating controls for 6 months while migration is planned.
How to Protect Against Exception Management
- 1.
Create exception request and approval process
- 2.
Implement exception tracking with expiration
Related Terms
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required