• Requesting a Compensating Control for an Information Security Procedure

    The UW System information security procedures contain provisions that allow for the UW System CIOs to propose compensating controls for mandatory information security measures that they deem are too difficult or impractical to implement. A compensating control is an alternative data security measure that is designed to satisfy the intent and rigor of the original control. To propose a compensating control, the institution CIO should answer the following questions.