Identifying Exceptions
The method we use to identify Exceptions
Introduction
Exceptions are rarely used as a stand-alone module, meaning that the module is used without connection to other modules and use cases. For that reason, the identification process for an exception is tightly related to other modules and we recommend looking at those modules to understand more.
Risk Exceptions
We recommend you look at the "Identifying Risk Solutions" episode in the Risk Management course to understand how Risk Exceptions are identified.
Compliance Exceptions
We recommend you look at the "TO BE DEFINED" episode in the Compliance Management course to understand how Compliance Exceptions are identified.
Policy Exceptions
The Policy Exception module is used when a request is made to the GRC team that goes against a documented Policy, Procedure, Standard, Etc. For example, the software development team needs access to production databases to correct an urgent issue instead of debugging this on a staging or development environment.
In such cases a controlled change request should take place and an exception is logged to that case that describes:
- Which team requested this exception
- What documents (from the Policy module) are being bypassed
- Until what date this is required
The three attributes mentioned above will be used to create an exception.
Playlist
- Episode 1Introduction to the Exceptions Module7 mins left
- Episode 2Problem vs. Solution Principle5 mins left
- Episode 3Exceptions Related Modules0 mins left
- Episode 4Typical Exception Questions0 mins left
- Episode 5Identifying Exceptions1 min left
- Episode 6Creating Exceptions2 mins left
- Episode 7Reviewing Exceptions2 mins left