Skip Maine state header navigation
Maine State Government
Administrative & Financial Services
Information Technology (OIT)
Adherence to policy, standards, and procedures is a
necessary part of conducting state business. It is equally important
to document the process for exceptions.
The purpose of this policy is
to document the waiver workflow and compliance-tracking.
This policy is
applicable to all Office of Information Technology (OIT) issued policies,
standards, and procedures.
The Enterprise Architect facilitates the waiver
seeking a waiver are not permitted to proceed with their desired outcome until
they receive an email from the Enterprise Architect on behalf of the CIO indicating
the waiver has been granted.
C. Those seeking a
waiver must ensure that the business owner identified in section V.A.1 supports
the waiver request, understands and accepts the risk, and supports the
remediation strategy to achieve standard/policy compliance within the timeframe
waiver application is initiated through an email to Enterprise.Architect@Maine.Gov detailing
the answers to the following questions:
the name of the person requesting the waiver, the IT Manager
approving the request to move forward, and the business owner accepting
the risk of the change identified in the waiver request.
the policy or standard for which the waiver is being requested.
the compelling technical or business case that identifies the specific action
and how it warrants exemption.
the duration of the waiver.
the exit strategy to terminate the
waiver and to bring the product into our standard offering. The exit
strategy for a technology (containment or retirement) waiver must include the
support model to be used until compliance is achieved.
what is the impact if the waiver is not approved?
or denial of the request will be made within three weeks of the submittal
via email to the requestor and will include the Names outlined in V.A.1. Emergency requests will be handled in the same manner only
on an expedited scale.
C. By the
expiration of the waiver period, it is expected that corrective actions would
have been undertaken to convert to an accepted standard or policy. Should that
not be the case, the requester may petition for a follow-up waiver with an
explicit explanation as to why they did not adhere to the terms of the
original waiver grant.
Initial Issue Date: February 22, 2010
Latest Revision Date: August 26, 2014
Point of Contact: Henry Quintal, Architecture-Policy
Administrator, OIT, 207- 624-8836.
Approved By: James R. Smith, Chief Information Officer,
Position Title(s) or Agency Responsible for
Enforcement: Greg McNeal, Chief Technology Officer, OIT, 207-624-7568.
Legal Citation: 5
M.R.S.A. Chapter 163 Section 1973 paragraphs (1)B and (1)D, which read in part,
“The Chief Information Officer shall:” “Set policies and standards for the
implementation and use of information and telecommunications technologies…” and
“Identify and implement information technology best business practices and
Waiver Process: N/A