Glossary term
Glossary term
Governance and Compliance
The controlled handling of deviations from policy, standards, or expected processes. Exceptions should be assessed, approved by appropriate authority, documented, monitored, and time-bound. Exception data is valuable governance intelligence because recurring exceptions often reveal policy gaps, weak tooling, training needs, or unrealistic requirements.
ServiceNow GRC, OneTrust GRC, and LogicGate Risk Cloud provide exception management workflows used by enterprises for AI policies.
Under SR 11-7, US banks must document and approve exceptions to model risk management policies through Model Risk Committees.
Microsoft's Responsible AI Sensitive Uses process formally manages exceptions through Office of Responsible AI review.