Article 38 – Electronic Mail
47110.18 Deviation from Policy
-
CDCRCalifornia Department of Corrections and Rehabilitation staff, contractors, volunteers, and agents operating on behalf of CDCRCalifornia Department of Corrections and Rehabilitation must comply with all applicable policies rules, standards, procedures and guidelines. Variations and exceptions to this policy will be based on instances where the cost to remediate non-compliant systems exceeds the cost and the risk of remaining non-compliant. Deviations to policy requests are reviewed and analyzed by the ISOInformation Security Officer, and if the request creates significant risks without compensating controls, it will not be approved.
-
All approved deviations to policy requests shall have an expiration date and must be reviewed prior to that date to ensure that assumptions or business conditions have not changed, and be reapproved if the deviation policy is still valid.