PS Product SecurityKnowledge Base

Security Exception Decision Record Template

Summary

  • Service / system:
  • Business owner:
  • Technical owner:
  • Requested by:
  • Date opened:
  • Expiry date:
  • Approval authority:

Control or standard affected

  • Required control:
  • Current deviation:
  • Why the control cannot be met now:

Risk statement

In plain language, describe what could go wrong, under which conditions, and what the customer or business effect would be.

Compensating controls

  • Control 1:
  • Control 2:
  • Monitoring or detection added:
  • Temporary deployment or access limits:

Alternatives considered

  • Alternative A:
  • Alternative B:
  • Reason not selected:

Review evidence

  • linked ticket or review:
  • architecture review reference:
  • detection or monitoring reference:

Closure decision

  • Closed / renewed / escalated:
  • Reason:
  • Next review date: