Sometimes government agencies are unable to comply with a standard or policy, or need more time to come into compliance.  In this case an exemption needs to be requested.

How does the exemption process work?

If you are looking for an exemption to Information Security Policy, an IM/IT Standard or Chapter 12 of Core Policy, you’ve come to the right page. Here are the main steps involved when an exemption is submitted.

Overview of the exemption process

How do I know if I need an exemption?

Sometimes you may be unsure if an exemption is needed. Here is some guidance that could help you with your decision.

Request an Exemption

Before submitting an exemption request, please carefully review the FAQ section to determine if you require an exemption. If you are still unsure, please contact us. Once you have determined that an exemption request is required, complete one or more of the following, as appropriate to your request:

  • A Security Threat and Risk Assessment (STRA)
  • A Privacy Impact Assessment (PIA)
  • Obtain approval from your Ministry Information Security Officer (MISO) and Ministry Chief Information Officer (MCIO)
  • Fill out the online form below and submit