Skip to main content
Entire section Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

Appendix C - How to Request 2 Waiver from the Framework

No: 43028139 Date(g): 4/11/2021 | Date(h): 29/3/1443 Status: In-Force

Below the illustration of the process for requesting a waiver from the Framework.

  • Detail description about the reasons that the member organization could not meet the required control.
  • Details description about the available or suggested compensating controls.
  • The waiver request should first be approved by CIO before submitting to IT steering committee.
  • The waiver request should approved by the members of Member Organization's IT steering committee.
  • The waiver request should be signed by the CIO and relevant (business) owner.
  • The waiver request should be formally issued in writing to the manager of 'General Department of Cyber Risk Control' via the Member Organization's CEO or managing director.
  • ‘General Department of Cyber Risk Control' will evaluate the waiver request and informs the Member Organization.

The current Framework remains applicable while the requested waiver is being evaluated and processed, until the moment of granting the waiver.