The institute’s Minimum Endpoint Security Standard defines a minimum set of security controls to increase protection of GT computing endpoints and data while reducing security incidents. This standard applies to all endpoints on the GT network, or any endpoint storing, accessing, or transmitting GT owned or protected data.

Common use cases have been identified for GT, with multiple alternate control plans established that are meant to enable institute business, research, and teaching. Policy exception requests are required for endpoints that deviate from the baseline or cannot use a pre-approved control plan.

Exceptions to GT endpoint security policies must be requested through the Policy Exception Request form. These requests for a custom security control plan must include a valid business justification and include compensating controls. Policy exceptions are required on a per-machine basis and must be renewed annually.

For more information on the exception process and criteria, please visit the following page detailing policy exceptions provided by OIT.


The policy exception request form is available here:


To complete the form, use the provided drop-down menus and text fields to submit details and justifications related to your requirements for an exception. 

These entries should reflect the policy and exception category you are requesting an exception for and provide answers for questions regarding protected data, potential system exposure, and mitigations put in place to reduce overall risk of the exception. Any impacts to business or research that would result of the exception not being permitted should be entered under the ‘Business Impact’ field.

If you need assistance with completing the form or have questions regarding the details and requirements of your request, please reach out to TSO Help Desk at