Review the policy exception and extension request

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • After reviewing a policy exception request, a compliance manager can accept or reject the request. However, if the compliance manager doesn't have enough information decide, they can request a risk assessment by the risk manager.

    Before you begin

    Role required: compliance manager

    Procedure

    1. Navigate to All > Policy and Compliance > My Policy Exceptions.
    2. Select the policy exception.
    3. Perform one of the following actions.
      OptionAction
      To view or add impacted controls to the policy exception
      1. Select the Impacted Controls tab.
        Note:
        You can add a single control objective if your Source type is Control objective. However, if your Source type is Controls, then you can select multiple controls from different control objectives. For more information, see Request a policy exception.
      2. Select the Add or Add All buttonto add the manually created controls.
      3. Choose the controls to associate to the policy exception.
      To view mitigating controls on the policy exception

      Click the Mitigating Controls tab.
      To view or add risks to the policy exception

      Click the Risks tab.

      Note:
      This option is available when Risk Management plugin is also activated.
      To view or add approvers to the policy exception

      Click the Approvers tab.
      To request extension
      1. Click the Request extension button.
      2. Select a valid date that is later to the Valid to date in the Extension date field.
      3. Select a reason from the list in the Extension reason field.
      4. Enter an explanation for the request extension in the Justification field. Justification is also displayed in the Additional comments field of the Comments tab.
      5. Click Request.
    4. Perform one of the following actions.
      OptionAction
      To approve the policy exception

      Click Approve.

      An email notification is sent to the requester that the PER was approved and goes into effect.
      To reject the policy exception

      Click Reject.

      An email notification is sent to the requester that the PER was rejected and the request is closed.
      To approve the policy extension

      Click Approve Extension.

      An email notification is sent to the requester that the extension request was approved and goes into effect.
      To reject the policy extension

      Click Reject Extension.

      An email notification is sent to the requester that the extension request was rejected and the request is closed.
      To request a risk assessment on the policy exception

      Click Request Risk Assessment.

      An email notification is sent to the risk managers group.

      Note:
      This option is available when Risk Management is also activated.
      To request business owner approval

      Click Request Business Owner Approval .

      An email notification is sent to the business owner.
    5. Click Update.