ProcedureInformationSecurityExceptionRequestOwner:Operations – Security Management ServicesNumber:3502Issue Date:5/12/2008Revised Date:7/1/2013DistributionAll employeesOwnershipThe California Department of Technology (CalTech), Office of Technology Services (OTech),Security Management Section (SMS), is responsible for ensuring this document is necessary,reflects actual practice, and supports organization policy. This document was lastreviewed/updated in July, 2013.Section 1 – IntroductionThe SMS published information security policies and multiple supporting security standards andprocedures to ensure a safe and secure working environment for its customers, visitors, andemployees. These security policies and procedures were written to directly reflect the position ofthe CalTech InformationSecurity Office; they should be adhered to by customers, visitors, andemployees. The SMS is aware that exceptions can occur from time to time. This documentexplains the exception request procedure for an SMS policy or procedure.Section 2 – ExceptionRequest ProcedureA. Exception QualificationThe exception request procedure should be followed if either of the criteria belowapplies.1. The security policy or procedure in question cannot be adhered to for unforeseenreasons outside of your control.2. In working closely with the SMS, alternative solutions have been exhausted andare not possible.B. ExceptionRequest ProcedureInformation security policy or procedure exception requests must be linked to an existingServiceRequest. The following procedure begins when a customer or employee has anexception request to a published security policy or procedure:1. An SMS representative provides risk assessment and alternativerecommendations to the requester’s InformationSecurity Officer (ISO); doing somay involve more CalTech subject matter experts.2. The requester’s ISO either accepts or declines the assessment and alternativerecommendations.a. If the requester’s ISO accepts, the SMS works with the customer tore-architect the issue to mitigate security risk(s). The exception isterminated and efforts continue.Page 1 of 2
This report studies the global Information Technology (IT) Security as a Service market, analyzes and researches the Information Technology (IT) Security as a Service development status and forecast in United States, EU, Japan, China, India and Southeast Asia.