Policy Exception Request

In the policy exception request review process, our team works with the requestor to evaluate the risks that may arise because of the exception. Our office is particularly concerned with protecting personally identifiable information (PII), protected health information (PHI), and our community’s shared information resources. We assess each exception request in light of these concerns, allowing us to meet the unique needs of our community members while also maintaining the confidentiality, integrity, and availability of our information and resources.

Please Note

  • Please include as much detail as possible in your responses to form questions. See our Questions for Tickets page for additional guidance.
  • If you need assistance, please contact the Office of Information Security at infosec@wustl.edu.

Guidance

Creating a New Form

  1. From the Forms page on the OIS website, click “Policy Exception Request.”
  2. Enter your WUSTL email address in the OneTrust login page. If you aren’t already logged in with DUO, you will be prompted to complete our WashU 2FA process.
  3. From the Self-Service Assessment main page, click “Launch” on the Policy Exception Request button.

4. Enter a name for your Assessment. Please use the following format “PE-your last name.” In the “Respondent” line, please select “Assign to Me.”

5. Click “Launch” at the bottom of the page.

Form Questions

To submit a complete policy exception request, please answer all the required questions in the categories “Requestor Information,” “Device Information,” and “Policy.” Please provide as much information as possible.

A preview of these question is below. An asterisk indicates the question is required.

* 1.1     Please choose “Policy Exception” from the list below.  Search or click and scroll to “Policy Exception.”

* 1.2     Choose the date of submission.  

   1.3     Enter the requestor name.  

* 1.4     Enter the requestor’s department/school.  

* 1.5     Enter the requestor’s email address.  

* 1.6     Enter the requestor’s phone number.  

* 1.7     Enter the requestor’s business manager/department manager.

Click the “Forward Arrow” at the bottom of the page to continue the form.

* 2.1     Enter the device name.

* 2.2     Enter the device asset number.

* 2.3     Please describe whether the device is used for any affiliated hospital system (BJC) project. For example, is the device connected to BJC equipment, does it store BJC data, or is it access by any BJC employees? Please type your response in the textbox and provide as much detail as possible.

Click the “Forward Arrow” at the bottom of the page to continue the form.

* 3.1     Please enter the name of the Information Security Policy for which you are seeking an exception. For a full list of policies, visit https://informationsecurity.wustl.edu/policies/.

* 3.2     Please select the best option describing the duration of the exception.

* 3.3     Please describe the circumstance of this exception request or the reason for non-compliance with policy and describe compensating controls you will use to ensure the continued security of the device and the information it contains. Please type your response in the textbox and provide as much detail as possible.

Click the “Forward Arrow” at the bottom of the page to continue the form.

4.1       Please provide the reason you are requesting this exception.

4.2       Please provide the ServiceNow Ticket Number.

Once you have answered all required questions, the blue “Submit” button will become available. Click it to submit your form or click “Save and Exit” to come back later.