Removed due to a change from a compliance culture to a risk management culture.
2017
For any control where the authority field is ‘ASD’, system owners must seek and be grantedapproval for non-compliance from the Director ASD in consultation with their accreditationauthority.
2015
For any control where the authority field is ‘ASD’, system owners must seek and be grantedapproval for non–compliance from the Director ASD in consultation with theiraccreditation authority.
2010
System owners seeking a dispensation for non-compliance with any control with a ‘must’ or ‘must not’compliance requirement must seek the dispensation from their accreditation authority and their agency head.
2008
Agencies varying from a control with a must' or must not’ compliance requirement are required to: a. follow the requirements for varying from a control with a `should’ compliance requirement b. ensure the agency head has accepted the risks associated with the variation c. follow the same processes as a waiver for provisions of the PSM as outlined in part A of the PSM.