Help Desk: (814)865-HELP

Security Policy Exception

Policy exceptions are outlined in the University Policy AD-95 and the Standard,  “Requests for Exception to Information Security Policy.” This Standard provides options in the event the strict application of policy cannot be met with reasonable efforts.  Penn State is committed to assisting the University in meeting its objective while appropriately protecting information assets.


What is a Security Policy Exception?

Penn State recognizes that units and individuals at Penn State operate in diverse and complex environments. In the event strict application of the Information Assurance and IT Security Policy and its supporting standards cannot be met with reasonable efforts, Penn State is committed to assisting individuals and units in the completion of their objectives while providing for appropriate protection of institutional information assets.

Who needs a Security Policy Exception?

The most common reasons for exceptions include:

  • compliance adversely affects an individual’s or a unit’s ability to accomplish its objectives and another acceptable solution with appropriate protection is available
  • the risks of non­compliance are outweighed by the compliance costs, OR
  • when immediate compliance would unacceptably disrupt operations.

How do I request a Security Policy Exception?

Please complete this form on ServiceNow to initiate the Security Policy Exception review process.

What if I still have questions?

Please contact the Office of Information Security.