>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SG-02Exception Management

>Control Description

Organization reviews exceptions to policies, standards and procedures; exceptions are documented and approved based on business need and removed when no longer required.

Theme

Process

Type

Detective

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Ensure that a process for the handling of exceptions is well defined and documented. 2. Ensure exceptions observed have thorough documentation, approval from higher management, and are promptly removed when no longer needed.

>Testing Procedure

1. Inspect organization's policy and/or standards to determine whether requirements to review, approve, and document exceptions to policies, standards, and procedures are defined. 2. Inspect a sample of exceptions to determine whether each exception is reviewed, approved, and documented based on business need and removed when no longer required.

>Audit Artifacts

E-SG-01
E-SG-04

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

2.2

SOC 2
2

CC3.2
CC5.3

BSI C5
1

SP-03

Ask AI

Configure your API key to use AI features.