University of Illinois System

Exception Process

The Illinois Security Program recognizes that business goals, research projects, and educational objectives happening at the university could justify an exception to the Standards & Controls defined for the program. The Information Security Policy and the Data Policy both call for an exception process. Each exception request is carefully considered by unit leadership and the Office of Privacy and Information Assurance. We have developed risk acceptance process for a couple specific use cases such as end of life operating system and SSH firewall exception. We will add to this list as common use cases present themselves. Any Standard or specific Control can have an exception if you have a business case and risk acceptance from campus and unit leadership. For any questions about exceptions or the process please contact securitysupport@illinois.edu.

Documented Exception Processes

General Exception Process: https://go.illinois.edu/policyexception

End of Life Operation System Exception Process: https://go.illinois.edu/osexception

Firewall SSH Block Exception Process: https://go.illinois.edu/ssh

Security Program logo featuring the Data Policy and Information Security Policy circling the Information Security standards, control requirements, and job aids.