psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5eade2d99bef262cef5be6d01dc0bbbc9119b82e
ISMS/04-registers/security-exceptions-register-template.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

64 lines
2.1 KiB
Markdown
Raw Blame History

Title: Security Exceptions Register Template
Document ID: [REG-EXCEPTION-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CISO (Paul Jenkins)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]
# Security Exceptions Register Template
## Purpose
This template provides the structure for recording and tracking approved security exceptions and their review status.
## Scope
This register applies to approved deviations from ISMS policies, standards, procedures, and mandatory security controls.
## Data Fields / Expected Columns
The register should record at least:
- exception ID
- date raised
- requesting owner
- affected requirement
- affected asset, service, or process
- business justification
- risk summary
- compensating controls
- approver
- approval date
- expiry date
- status
- review date
- linked risk or action
## Ownership
This register should be owned by [Role]. Exception owners are responsible for maintaining current status and closing exceptions when no longer needed.
## Update Frequency
The register should be updated when exceptions are requested, approved, rejected, renewed, reviewed, or closed.
## Retention
Current and historical exception records should be retained for auditability and risk traceability in line with retention requirements.
## Template Table
| Exception ID | Date Raised | Requesting Owner | Affected Requirement | Affected Asset / Service | Business Justification | Risk Summary | Compensating Controls | Approver | Approval Date | Expiry Date | Status | Review Date | Linked Risk / Action |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| [E-001] | [DD Month YYYY] | [Role] | [Policy / standard / control] | [Asset / service] | [Reason] | [Summary] | [Controls] | [Role] | [DD Month YYYY] | [DD Month YYYY] | [Requested / Approved / Rejected / Closed] | [DD Month YYYY] | [Risk / corrective action] |
## Related Documents
- Exception Management Procedure
- Risk Assessment Procedure
- Information Security Policy
- Risk Register Template
Reference in New Issue View Git Blame Copy Permalink