Skip Maine state header navigation

Agencies | Online Services | Help

 Maine State Seal

Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

 

Waiver Policy

 

I. Statement of Policy

Adherence to policy, standards, and procedures is a necessary part of conducting state business.  It is equally important to document the process for exceptions.

II. Purpose

The purpose of this policy is to document the waiver workflow and compliance-tracking.

III. Applicability

This policy is applicable to all Office of Information Technology (OIT) issued policies, standards, and procedures.

IV. Responsibilities

A. The Enterprise Architect facilitates the waiver workflow.

B. Those seeking a waiver are not permitted to proceed with their desired outcome until they receive an email from the Enterprise Architect on behalf of the CIO indicating the waiver has been granted.

C. Those seeking a waiver must ensure that the business owner identified in section V.A.1 supports the waiver request, understands and accepts the risk, and supports the remediation strategy to achieve standard/policy compliance within the timeframe specified.

V. Directives

A. The waiver application is initiated through an email to Enterprise.Architect@Maine.Gov detailing the answers to the following questions:

1. State the name of the person requesting the waiver, the IT Manager approving the request to move forward, and the business owner accepting the risk of the change identified in the waiver request. 

2. Identify the policy or standard for which the waiver is being requested.  

3. Describe the compelling technical or business case that identifies the specific action and how it warrants exemption.

4. State the duration of the waiver.

5. Describe the exit strategy  to terminate the waiver and to bring the product into our standard offering. The exit strategy for a technology (containment or retirement) waiver must include the support model to be used until compliance is achieved.

6. Finally, what is the impact if the waiver is not approved?

B. Approval or denial of the request will be made within three weeks of the submittal via email to the requestor and will include the Names outlined in V.A.1.  Emergency requests will be handled in the same manner only on an expedited scale. 

C. By the expiration of the waiver period, it is expected that corrective actions would have been undertaken to convert to an accepted standard or policy. Should that not be the case, the requester may petition for a follow-up waiver with an explicit explanation as to why they did not adhere to the terms of the original waiver grant.

VI. Definitions

VII. References

VIII. Document Information

Initial Issue Date:  February 22, 2010

Latest Revision Date: August 26, 2014

 

Point of Contact: Henry Quintal, Architecture-Policy Administrator, OIT, 207- 624-8836.

 

Approved By: James R. Smith, Chief Information Officer, OIT, 207-624-7568

Position Title(s) or Agency Responsible for Enforcement: Greg McNeal, Chief Technology Officer, OIT, 207-624-7568.

 

Legal Citation:  5 M.R.S.A. Chapter 163 Section 1973 paragraphs (1)B and (1)D, which read in part, “The Chief Information Officer shall:” “Set policies and standards for the implementation and use of information and telecommunications technologies…” and “Identify and implement information technology best business practices and project management.”

 

Waiver Process: N/A