When to use this
Use this record when a system cannot meet the secure authentication standard and needs risk acceptance or compensating controls.
Related controls
Exception record
| Field | Value |
|---|---|
| System/application | TBD |
| Authentication gap | TBD |
| Reason standard cannot be met | TBD |
| Risk assessment reference | TBD |
| Compensating controls | TBD |
| Approved by | TBD |
| Expiry/review date | TBD |
| Monitoring required | TBD |
| Residual risk accepted by | TBD |
Minimum checks
- Gap is clearly described.
- Risk assessment supports the exception.
- Compensating controls are implemented.
- Exception has an expiry/review date.
- Residual risk is approved at the right level.
- Template
- Iso27001
- Technological controls
- Authentication
- Exception
Note Metadata
Aliases: Authentication Exception Record
Source: 90 Templates/Authentication Exception and Compensating Control Record.md