Compliance Exception Request with Escalation Framework
Operational teams need to request exceptions to compliance rules while maintaining audit trail and governance.
Le problème
Exception requests (e.g., extended payment terms for a key customer, a rule waiver for a pilot program) are evaluated by Corules. Low-risk exceptions within established parameters auto-approve with required documentation. High-risk exceptions escalate with business justification and required compensating control. Every exception carries an expiration date enforced at policy runtime.
Comment Corules le résout
ALLOW: Low-risk exception with documented compensating control. Auto-approved for 45 days.
Exemple de politique
// Exception approval policy (CEL)
context.exception_risk_level <= params.auto_approve_risk_threshold
&& context.compensating_control_documented == true
&& context.expiration_date <= timestamp_add(now(), duration('90d'))Options d'intégration
Frequently Asked Questions
What is a compensating control?
A compensating control is an alternative measure that mitigates risk when a standard rule cannot be followed. The exception approval requires it to be documented in the request payload.
What happens when an exception expires?
Policy evaluation at runtime checks the expiration date. Expired exceptions return BLOCK with a specific 'exception_expired' reason code.