Exemptions

Last updated on December 21, 2023

Updated: December 21, 2023

***NOTE: Contact email changed to: CITZAS@gov.bc.ca

How Does the Exemption Process work?

If you need an exemption to Information Security Policy, an IMIT Standard, or Chapter 12 of Core Policy, you have come to the right page. There are times when ministries find they are unable to comply with an IMIT Standard or Policy and need more time to come into compliance. In this case, an exemption needs to be requested.

Exemption Request Process

Before you submit an Exemption Request, carefully review the FAQ section to determine if an Exemption is required. If you are still unsure, please contact us.

Once you have determined that an Exemption Request is required, complete one or more of the following, as appropriate to your request:

An approved Decision Note from the initiating Ministry to their MCIO for approval of the exemption - REQUIRED
Statement of Acceptable Risk (SoAR) - REQUIRED
- Security Threat and Risk Assessment (STRA)
Approval from your Ministry Information Security Officer (MISO) and Ministry Chief Information Officer (MCIO)
Privacy Impact Assessment (PIA)
Complete the online form in the link below and submit

Network (3PG, non-siteminder)
Non-standard Devices
Old JRE versions
BCeID
Identity Services

Password Timeouts
Production Data in Test
Shared or generic accounts
Device encryption
Audit logging

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics

Exemptions

How Does the Exemption Process work?

Exemption Request Process

More topics

Common Standards Exemptions

Related Links

Common Security Policy Exemptions