Skip to Content

Human Resources Department

Employee Resources

9-4 Information Technology Professionals Policy Manual - Security Policy/Standard Waiver

Information Systems Department

Return to IT Professionals Policy Manual Table of Contents

Approved by: Board of Supervisors of the County of Sonoma (“County”), and the Boards of Directors of the Northern Sonoma County Air Pollution Control District, the Russian River County Sanitation District, Sonoma Valley County Sanitation District, Occidental County Sanitation District, South Park County Sanitation District, and the Board of Directors of the Sonoma County Agricultural Preservation and Open Space District (collectively referred to hereinafter as “Special Districts”), and the Sonoma County Water Agency (“Agency”), and the Board of Commissioners of the Sonoma County Community Development Commission (“Commission”). The County, Special Districts, Agency and Commission are collectively referred to herein as “Local Agencies” or singularly as “Local Agency.”

Read next: Glossary

Text of Waiver

Local Agency Name: [name]
Waiver Requester Name/Title: [requester name and title]
Phone Number: [phone number]
Email: [email]
County Policy/Standard: [standard to be waived]

Exception Scope:
[Identify the scope of the exception being requested (i.e., for all systems/Users? One system/group of Users?):]

Justification for Exception:
[Explain why compliance with this policy/standard is not possible due to technical limitations, conflict with business requirements, or other circumstances:]

Exception Risk:
[Explain the potential impact or risk attendant upon granting the exception:]

Compensating Controls:
[In the absence of the controls specified by this policy/standard, what compensating controls will be implemented?]

Approval and Conditions:

I, hereby, acknowledge that I have reviewed the aforementioned request for a policy/standard waiver and certify that the compensating controls necessary to justify the policy/standard waiver are adequate.


[1]County Chief Information Security Officer or approved designee 
Local Agency Department Head, General Manager or approved designee

Upon approval, scan and e-mail to The approver shall retain the original.    

Please note: This waiver and its applicability must be reviewed at least annually by the requesting Local Agency. Waivers must be renewed every three years or when significant changes which affect the system categorization (e.g., Confidential, Restricted or Public), justification for noncompliance, and/or compensating controls are made.

[1]In most cases the Information Systems Director who serves as the Chief Information Security Officer will be the appropriate approver, unless otherwise noted in the individual policy or standard for which the waiver is submitted.

Download Security Policy/Standard Waiver
(PDF: 85 kB)

Back to top