@@ -8,7 +8,7 @@ Exceptions to [Security and Technology Policies](/handbook/security/security-and
Information security considerations such as regulatory, compliance, confidentiality, integrity and availability requirements are most easily met when companies employ centrally supported or recommended industry standards. Whereas GitLab operates under the principle of least privilege, we understand that centrally supported or recommended industry technologies are not always feasible for a specific job function or company need. Exceptions from the aforementioned standard or recommended technologies is discouraged. However, it may be considered provided that there is a reasonable, justifiable business and/or research case for a Security and Technology Policy exception; resources are sufficient to properly implement and maintain the alternative technology; the process outlined in this and other related documents is followed and other policies and standards are upheld.
In the event a team member requires an exception from the standard course of business or otherwise allowed by policy, the requester must submit an [Exception Request](https://gitlab.com/gitlab-com/gl-security/security-assurance/sec-compliance/exceptions/issues/new?issuable_template=exception_request) to the Security Assurance Department, which contains, at a minimum, the elements outlined in the issue template.
In the event a team member requires an exception from the standard course of business or otherwise allowed by policy, the requester must submit an [Exception Request](https://gitlab.com/gitlab-com/gl-security/security-assurance/security-compliance-commercial-and-dedicated/exceptions/-/issues/new?issuable_template=exception_request) to the Security Assurance Department, which contains, at a minimum, the elements outlined in the issue template.
Exception request approval requirements are documented within the issue template. The requester should tag the appropriate individuals who are required to provide an approval per the approval matrix.
