Under what conditions can exceptions be granted to UAP Document 301 policies?

• A. Exceptions can be granted through informal waivers with no formal documentation.
• B. Exceptions may be granted with a written justification, but no explicit approval date.
• C. Exceptions require formal waivers with documented justification, limited scope, and explicit approval and review dates.
• D. Exceptions must be approved through a formal governance process with documented records, including scope and review dates.

Answer: (C)

When a policy allows for exceptions, the process must add clear controls so that deviations are deliberate, accountable, and temporary. Requiring formal waivers with documented justification, limited scope, and explicit approval and review dates sets that control. The formal waiver creates a defined authorization path rather than ad hoc changes, and the documented justification ensures the reason for the exception is recorded and reviewable. Limiting the scope keeps the exception from expanding beyond what’s necessary, preserving the policy’s intent. Explicit approval and scheduled review dates guarantee there’s a finite timeframe and a mechanism to re-evaluate whether the exception remains appropriate, preventing indefinite non-compliance.

Informal waivers with no documentation lack traceability, so you can’t demonstrate why the exception was granted or who approved it. Having just a justification without an approval date leaves ambiguity about timing and renewal. A formal governance process with records and scope/review dates is broader and may be appropriate in some contexts, but the combination described—formal waivers with justification, limited scope, and explicit approval and review dates—provides the precise, auditable controls that the policy intends for exceptions.