Standards Exception Process
An exception request includes the rule, repository/component, technical reason, risk, compensating controls, owner, approver, and expiry. Security-impacting exceptions require Security review; pipeline/platform exceptions require Platform Engineering review.
Exceptions are stored in an auditable register and reviewed before expiry. CI suppressions reference the exception identifier. Repeated similar exceptions trigger a standards review or platform improvement.
Emergency break-glass action may precede approval only to restore service or contain active risk. It is documented and retrospectively reviewed promptly.