Skip to content
English
Customer portal
Contact us
  • There are no suggestions because the search field is empty.

Define Exceptions

The Define Exceptions page provides users with the ability to create and monitor exceptions to established policies and controls. This is the central location for tracking reviews and documenting justifications for modifications made to policies and controls based on specific circumstances. Additionally, this feature lays the groundwork for an approval process for these exceptions. To fully manage and oversee exceptions, users need to have the necessary permissions: Allow Access to “Governance” Menu, Able to View Exceptions, Able to Create Exceptions, Able to Update Exceptions, Able to Delete Exceptions, and Able to Approve Exceptions. Furthermore, this functionality can be enhanced with the E-mail Notification Extra, which keeps users informed about control exceptions that need attention. Configuration options for this feature can be accessed via the Notification Extra configuration page, and it operates in conjunction with the scheduled report “Automated Notifications of Unreviewed / Past Due Policy and Control Exceptions.”

This page features three distinct tabs: Policy Exceptions, Control Exceptions, and Unapproved Exceptions. You can click on each tab to view its specific content. To add new entries, simply click the “plus” icon located to the left of the tabs.

  1. Add (“+”) - This button enables users to initiate the creation of a new exception.
  2. Policy Exceptions - This section displays any existing policy exceptions.
  3. Control Exceptions - Here, you can view any control exceptions that are currently in place.
  4. Unapproved Exceptions - This tab reveals any exceptions that are pending approval or have not yet been accepted.
  5. Column Header - This row outlines the names of the various fields available.

    Creating New exception

  1. Exception Name - This field enables you to assign a unique name to the exception for easy identification.  
  2. Exception Status - Use the dropdown menu to indicate whether the exception is currently open or closed.  
  3. Policy -  This field allows you to select the relevant policy linked to this exception from a dropdown list.  
  4. Framework - This field allows you to select the relevant frameworks linked to this exception from a dropdown list.  
  5. Control - You can choose the controls associated with this exception from the dropdown menu.  
  6. Associated Risks - This field enables you to select the risks related to this exception from the dropdown options.  
  7. Exception Owner - This field designates the exception owner, usually the user responsible for managing the exception. You can select any user already defined in the system through the dropdown.  
  8. Additional Stakeholders - Here, you can select other users from the dropdown list who will receive updates whenever there are changes to the exception.  
  9. Creation Date - This field records the date when the exception was created.  
  10. Review Frequency - Use this field to specify how often the exception should be reviewed.  
  11. Next Review Date - This field is for noting the next scheduled date for reviewing the exception.  
  12. Approval Date - This field captures the date the exception was approved.  
  13. Approver - This is the user responsible for approving the exception once it has been created.  
  14. Description - This field is designated for providing a detailed description of the exception and its criteria.  
  15. Justification - Here, you can record the rationale behind the creation of this exception.  
  16. File - This field allows you to attach any relevant files related to the exception.  
  17. Add - Click this button to create the exception in the system.


Summary

The Governance Define Frameworks page allows you to add and manage your Control Frameworks in SimpleRisk. This page should have served to answer all questions related to the Define Frameworks page but if you feel anything has been missed or just seek further clarification please reach out to us at support@simplerisk.com.