Exemptions

Sometimes government agencies are unable to comply with a standard or policy, or need more time to come into compliance.  In this case an exemption needs to be requested.

How does the exemption process work?

If you are looking for an exemption to an Information Security Policy or an IM/IT Standard, you’ve come to the right page. Here are the main steps involved when an exemption is submitted.

Overview of the exemption process

How do I know if I need an exemption?

Sometimes you may be unsure if an exemption is needed. Here is some guidance that could help you with your decision.

Request an Exemption

Before submitting an exemption request, please carefully review the FAQ section to determine if you require an exemption. If you are still unsure, please contact us. Once you have determined that an exemption request is required, complete the following:

  • A Security Threat and Risk Assessment (STRA)
  • A Privacy Impact Assessment (PIA)
  • Obtain approval from your Ministry Information Security Officer (MISO) and Ministry Chief Information Officer (MCIO)
  • Fill out the online form below and submit