Exemptions
Updated: May 19, 2023
Contact us for more information.
How Does the Exemption Process work?
If you need an exemption to Information Security Policy, an IM/IT Standard, or Chapter 12 of Core Policy, you’ve come to the right page. There are times when ministries find they are unable to comply with an IM/IT Standard or Policy and need more time to come into compliance. In this case, an exemption needs to be requested.
Exemption Request Process
Before you submit an Exemption Request, carefully review the FAQ section to determine if an Exemption is required. If you are still unsure, please contact us.
Once you have determined that an Exemption Request is required, complete one or more of the following, as appropriate to your request:
- An approved DBN from the initiating Ministry to their MCIO for approval of the exemption - REQUIRED
- Statement of Acceptable Risk (SoAR) - REQUIRED
- Security Threat and Risk Assessment (STRA)
- Security Threat and Risk Assessment (STRA)
- Approval from your Ministry Information Security Officer (MISO)
and Ministry Chief Information Officer (MCIO)
- Privacy Impact Assessment (PIA)
- Complete the online form in the link below and submit