Policy Exceptions & Risk Acceptance
Document ID: DPWAT-ISMS-POL-014
Version: 1.0
Owner: ISMS Manager / CISO (RMSI) — Timo Andreas Bejan
Approved by: Administrator (ADM) — Anna Boros
Effective date: 2025-10-15
Next review: 2027-02-01 (or on major change)
1. Policy
When a policy requirement cannot be met, DP WAT uses a controlled exception process that:
- documents the exception and its justification,
- assesses and records risk,
- defines compensating controls (if any),
- assigns an expiry date and review date,
- obtains appropriate approval.
2. Records
Use 02.04-risk-acceptance-record to record and approve exceptions/risk acceptance.