Exceptions

The Exceptions page in CyberGuard.ai provides a centralized space to record, track, and manage deviations from established security policies, standards, or controls. It ensures that exceptions are properly documented, justified, approved, and monitored — maintaining transparency while allowing flexibility in the organization’s governance process.

This page helps organizations control risk exposure resulting from temporary or strategic deviations, ensuring all exceptions are aligned with business and compliance requirements.

Usage Notes

1. Exception Overview

   • Each entry represents a documented exception with key details such as Reference ID, Name, Severity, Status, Expiration Date, and Domain.

   • Users can quickly search and filter exceptions by their attributes to locate specific records or review open exceptions.

2. Exception Lifecycle

   • The lifecycle typically includes stages like Draft, Submitted for Review, Approved, Rejected, or Resolved.

   • Approved exceptions include defined expiration dates to ensure periodic reassessment and closure once mitigations are in place.

3. Severity and Expiration Management

   • The Severity column identifies the potential impact of the exception (e.g., High, Medium, Low), helping prioritize follow-up actions.

   • The Expiration Date ensures no exception remains indefinitely open without reevaluation, supporting continuous risk governance.

4. Domain and Control Mapping

   • Each exception is linked to its respective Domain or Control, enabling traceability to related frameworks such as NIST, ISO 27001, or CMMC.

   • This mapping supports compliance tracking and demonstrates structured management of exceptions during audits.

5. Review and Update Actions

   • The View, Edit, and Delete icons allow authorized users to review exception details, make updates, or remove outdated records.

   • Exception records should be periodically reviewed to ensure continued justification and to implement mitigation plans when feasible.

Benefits

• Centralizes management of all policy or control deviations.

• Promotes transparency by documenting the reason and approval for each exception.

• Supports compliance readiness by linking exceptions to security controls and frameworks.

• Ensures accountability through expiration tracking and review requirements.

• Reduces unmanaged risk by enforcing a structured approval and review workflow.

Related Pages

• Policies – Defines the governance rules and standards from which exceptions may arise.

• Risk Acceptances – Documents decisions where the organization accepts risk associated with exceptions.

• Findings Tracking – Monitors issues or audit findings that may lead to new exceptions.

• Risk Register – Provides a complete view of risks influenced by open or approved exceptions.