Skip to main content
Custom print
Download Original PDF

Appendix C - How to Request 2 Waiver from the Framework

No: 43028139 Date(g): 4/11/2021 | Date(h): 29/3/1443

Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right

Below the illustration of the process for requesting a waiver from the Framework.

  • Detail description about the reasons that the member organization could not meet the required control.
  • Details description about the available or suggested compensating controls.
  • The waiver request should first be approved by CIO before submitting to IT steering committee.
  • The waiver request should approved by the members of Member Organization's IT steering committee.
  • The waiver request should be signed by the CIO and relevant (business) owner.
  • The waiver request should be formally issued in writing to the manager of 'General Department of Cyber Risk Control' via the Member Organization's CEO or managing director.
  • ‘General Department of Cyber Risk Control' will evaluate the waiver request and informs the Member Organization.

The current Framework remains applicable while the requested waiver is being evaluated and processed, until the moment of granting the waiver.