Security Exception Request Process    

Technology Services – Galveston (TAMUG IT) utilizes a security exception request process for all information resources managed or located on the Campus.

This applies to all information resource owners and IT personnel responsible for ensuring Campus information resources are identified and reporting information resources not in compliance with our security controls.

Note: if an information resource can be upgraded to a supported operating system (OS) and the vendor of any specialized software supports the later OS, it is the information resource owner’s responsibility to acquire the latest software so the resource can be upgraded (unless the cost to do so is prohibitive), negating the need for an exception request.

Procedures
  • Once an information resource has been identified that cannot meet the full security requirements TAMUG IT will ask the information resource owner to fill out a TAMUG security exception request.
  • The information resource owner will complete the security exception request and provide all relevant information to enable a decision to be made regarding the resource, including compensatory controls.
  • The requestor will get their Department Head to review and sign the request if they approve it, before sending it to the TAMUG Service Desk.
  • The TAMUG ISO will review the request and must approve it.
  • If the request is unsatisfactory or missing relevant information, it will be returned to the information resources owner for the required updates and completion.
  • Once the request is completed satisfactorily and approved by the ISO the information resource owner is directed to the TAMU Security Exception request form ( https://it-lf-ecmf.tamu.edu/Forms/Exception-Request ) to submit the request to TAMU for formal approval. The pre-work carried out by TAMUG IT should help expedite the process for the TAMU reviewers.
  • If the request is approved by TAMU, TAMUG IT will make the necessary changes to the information resources to ensure it minimizes any potential security risk to the Campus.

References:
https://rules-saps.tamu.edu/PDFs/29.01.03.M0.03.pdf 
https://it.tamu.edu/policy/it-policy/exception-requests/index.php 
https://www.tamug.edu/it/images/TAMUG%20IT%20Security%20Exception%20Request%20DigiSign%202022%20-%20TAMUG.pdf
Security Exception Request Form