Governance Risk Compliance
例外管理
A formal process for documenting, assessing, approving, and monitoring deviations from standard policies or controls, ensuring appropriate risk evaluation and accountability.
Quick answer: A formal process for documenting, assessing, approving, and monitoring deviations from standard policies or controls, ensuring appropriate risk evaluation and accountability.
This term page is part of the Protermify Cybersecurity glossary and is published as static HTML for fast indexing and clear language coverage.
Definition
A formal process for documenting, assessing, approving, and monitoring deviations from standard policies or controls, ensuring appropriate risk evaluation and accountability.
Operational example
All policy deviations must be formally submitted and tracked through the exception management system, with clear risk justification and periodic review.
Localized example
所有政策偏差都必须通过例外管理系统正式提交和跟踪,并有明确的风险说明和定期审查。
Definition language
English reference definition
Source
ISO 27001, NIST Cybersecurity Framework, MITRE ATT&CK
Exam relevance
- CISSP
- CompTIA Security+
- CEH
Target audience
- SOC Analysts
- Security Engineers
- Incident Responders
