Can't Find What You Need?


Have a Suggestion?


Browse by Category


Skip to end of metadata
Go to start of metadata

Tell Me

Please review the appropriate guideline before requesting an exemption:

  • Guideline for Security of Endpoints
  • Guideline for Security of Systems
  • Guideline for Security of Applications

All information technology resources connected to the University network are expected to comply with the above guidelines. However, it is understood that exceptions may be needed. The following process was designed to evaluate risk and inform approving authorities of risk.

Definitions

  1. Requestor:  faculty or staff member who is requesting the exception.
  2. ITS Security Team: central ITS staff charged with assessing the risk related to the request.
  3. Approving Authority: Approving authorities vary depending on request and risk. Depending on risk, approving authorities can range from a department chair, associate dean or dean or manager, director, or vice chancellor.

The Process

  1. Review the appropriate guideline. If an exception is needed, faculty and/or staff complete the UNC Charlotte Security Exception Request form.
  2. The ITS Security team gets notified of your request; they will notify others as needed e.g. College IT Directors and/or managers/department chairs
  3. The Security team will review the request and consider:
    1. Compensating controls in place
    2. Impact on organizational mission
    3. Technical or operational obstacles that affect ability to comply
    4. Data classification
    5. System integration
    6. Risk
  4. Once the review is completed, the Security team member enters additional information about the request including recommended compensating controls and the overall risk assessment.
  5. When this information is added to the request, email notifications will be sent to Approving Authority and other designated personnel e.g. College IT Director.
  6. The approving authority will log into the form to approve/deny.
  7. The time it takes to process exception requests varies on scope and impact. ITS Security team will contact the Requester within 2-3 business days of submission. 

Exemptions are valid for 1 year; renewal notifications will be sent out in advance of the expiration. If the exemption request is still needed, the form will need to be completed again.



Related FAQs

Page viewed times