Submit a Policy Exception Request
What is a Policy Exception Request?
The Information Security Policy Base is central to Yale’s ability to protect the confidentiality, integrity and availability of Yale Data and IT Systems, while ensuring compliance with external regulatory, contractual, and legal obligations.
The size of Yale University prevents its leadership from crafting policies that address every possible scenario that we may encounter at Yale. Some Yale policies, standards, and procedures allow for policy exceptions for this reason.
Every effort will be made to not impact the individual’s mission-oriented work. The faculty mission will not be impeded. Academic and research needs will be accommodated. However, policy exceptions will not be granted for convenience, nor if no appropriate alternate security controls can be found to address any risk posed by the exception.
When Should I Request a Policy Exception?
Policy exceptions should be submitted when there is a valid business or academic justification for not being able to meet one or more of Yale’s policies, standards, or procedures.
How is a Policy Exception Granted?
Policy exception requests are submitted to the Information Security, Policy, and Compliance team. The Information Security, Policy, and Compliance team is responsible for analyzing the risk associated with the exception request, determining ways to mitigate that risk, and escalating the policy exception to departmental leadership, when necessary.
When a policy exception request is granted, users should expect to implement compensating controls that help mitigate the risk associated with the policy exception. Users will be notified via email when a decision has been made on their exception request.
Who can use it?
Faculty and staff in the Yale community with an active and valid NetID.
How much does it cost?
This service is available at no charge to the Yale community.
How do I get it?
Fill out the Policy Exception Request Form to submit a policy exception request.
Where can I get help?
Email the Information Security, Policy, and Compliance team at email@example.com.