Policy exceptions register
This document is intentionally internal-only.
Operational record of policy exceptions, justifications, expiry, and Security Officer approvals. The exception process itself is documented in the information security policy and the patch management policy; the per-exception details are tracked internally.
What we can share
Customer security reviews receive a summary of the controls described in this document via the HECVAT response. To request the relevant summary, contact [email protected].