Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Governance, Risk, and Compliance
Table of Contents
Choose your release version
    Home London Governance, Risk, and Compliance Governance, Risk, and Compliance Policy and Compliance Management Understanding Policy and Compliance Management Manage policy exceptions

    Manage policy exceptions

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Manage policy exceptions

    Policy exceptions provide temporary relief for a non-compliant control. The policy exception captures the rationale, comments, and evidence to support the acceptance or rejection of a policy exception request. The control owner, the compliance manager, and the risk manager may be involved in the policy exception workflow. When a policy exception request exceeds the expiration date by more than 3 days, the approver, the requestor, and the requestor's manager receive a notification that it is expired.

    Policy exception workflow

    Policy exception workflow

    Approved policy exception

    Approved policy exception example
    • Request a policy exception

      Control owners may request a temporary policy exception for controls that are non-compliant. The policy exception request is related to the policy, policy statement, or issue from which it originates. All impacted controls are identified in a related list. After a policy exception is approved, the control owner may ask for an extension using the original policy exception.

    • Review the policy exception request

      After reviewing a policy exception request, a compliance manager can accept or reject the request. However, if the compliance manager does not have enough information to make a decision, they can request a risk assessment by the risk manager.

    • Assess the risk for the policy exception

      After the review of a policy exception request and before deciding to approve or reject a request, the compliance manager may choose to request a risk assessment by the risk manager.

    Previous topic
    • Manage policy statements and policies
    Next topic
    • Use UCF Common Controls Hub to manage compliance frameworks
    Previous topic
    • Manage risks, risk statements, and risk frameworks
    Next topic
    • Manage profile and risk dependencies using the GRC Workbench

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Manage policy exceptions

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Manage policy exceptions

      Policy exceptions provide temporary relief for a non-compliant control. The policy exception captures the rationale, comments, and evidence to support the acceptance or rejection of a policy exception request. The control owner, the compliance manager, and the risk manager may be involved in the policy exception workflow. When a policy exception request exceeds the expiration date by more than 3 days, the approver, the requestor, and the requestor's manager receive a notification that it is expired.

      Policy exception workflow

      Policy exception workflow

      Approved policy exception

      Approved policy exception example
      • Request a policy exception

        Control owners may request a temporary policy exception for controls that are non-compliant. The policy exception request is related to the policy, policy statement, or issue from which it originates. All impacted controls are identified in a related list. After a policy exception is approved, the control owner may ask for an extension using the original policy exception.

      • Review the policy exception request

        After reviewing a policy exception request, a compliance manager can accept or reject the request. However, if the compliance manager does not have enough information to make a decision, they can request a risk assessment by the risk manager.

      • Assess the risk for the policy exception

        After the review of a policy exception request and before deciding to approve or reject a request, the compliance manager may choose to request a risk assessment by the risk manager.

      Previous topic
      • Manage policy statements and policies
      Next topic
      • Use UCF Common Controls Hub to manage compliance frameworks
      Previous topic
      • Manage risks, risk statements, and risk frameworks
      Next topic
      • Manage profile and risk dependencies using the GRC Workbench

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login