Request an Information Security Policy Exception
Yale Policy - Information Security Requirement Exception Requests
Information Security Policies are central to Yale's ability to maintain reliable IT services for the Yale community. These policies also ensure Yale and its employees conduct themselves in compliance with laws, contracts and other University policies.
The size of Yale University prevents its leadership from crafting policies that address every possible scenario that we may encounter at Yale. Some Yale policies allow for policy exceptions for this reason. Exceptions may be possible under certain compelling circumstances and such determination should be made by Information Security, Policy and Compliance (ISPC). When ISPC receives such a request, it will evaluate the merit of each request. An exception may be granted should ISPC determines such an exception will not create any undue risk to the university. ITS is committed to protect Yale data, maintain compliance and support the university's mission.
The process outlined below was created to provide a transparent way for you to request a policy exception.
When an Exception will be Granted
The faculty mission will not be impeded. Academic and research needs will be accommodated. Every effort will be made to not impact the individuals mission oriented work. However, policy exceptions will not be granted for convenience, nor if no appropriate alternate security controls can be found to address any risk posed by the exception.
Who can use it?
Yale faculty and staff.
How much does it cost?
This service is free.
How do I get it?
Visit the EGRC tool to request an exception. Click on the "Policy Exception Center" tab at the top, and then on the "I need to request an exception link".
Additional instructions on how to complete the form will appear in the "About" section on the request form.
Where can I get help?
Email Information Security, Policy and Compliance (ISPC) at email@example.com.
FAQs and other resources