Glossary

Exception policy

A documented set of rules for when normal requirements may be bypassed, approved, tracked, and reviewed.

Quality, Compliance and TraceabilityNonconformance, MRB and CAPA (NCR)MRB, Deviations and Concessions

An exception policy is a documented set of rules that defines when a standard requirement, control, process step, or system rule may be temporarily bypassed or handled differently, and how that exception is requested, approved, recorded, and reviewed.

In industrial and regulated environments, the term commonly refers to governance around deviations from normal practice, not the exception itself. The policy sets the criteria, authority, duration, documentation, and oversight for exceptions. It may apply to areas such as quality procedures, production workflows, access controls, data handling, training requirements, change control, or supplier processes.

An exception policy usually includes what qualifies as an exception, who can approve it, what evidence must be captured, how risk is assessed, how long the exception remains valid, and when it must be re-evaluated or closed. In digital systems, it may also define how exceptions are logged in MES, QMS, ERP, ticketing, or workflow tools so they remain traceable.

An exception policy does not, by itself, approve a specific deviation. It is the governing framework for handling exceptions consistently. A one-time approved departure from a requirement is usually an exception request, deviation, waiver, concession, or similar record, depending on the process and industry.

Operational meaning

In practice, an exception policy appears where normal controls need a defined path for authorized override without losing accountability. Examples include:

  • temporary use of an alternate inspection step when equipment is unavailable

  • time-limited system access beyond a standard role

  • approved processing outside the usual workflow because of supply or scheduling constraints

  • documented acceptance of a temporary control gap while a corrective action is in progress

The policy is typically linked to evidence trails such as approval records, timestamps, justification, affected orders or batches, and expiration or review dates.

Common confusion

Exception policy is often confused with deviation, waiver, concession, or nonconformance.

  • An exception policy defines the rules for handling exceptions.

  • A deviation or exception record is the individual instance where normal requirements are not followed.

  • A waiver or concession often refers to formal acceptance of a requirement departure under defined conditions.

  • A nonconformance usually describes failure to meet a requirement, whether planned or unplanned.

In information security, the same term may focus on exceptions to security controls or policy requirements. In quality and manufacturing, it more often relates to controlled departures from approved procedures or specifications. The core idea is similar across disciplines: exceptions are not unmanaged workarounds, but documented departures handled under defined rules.

Related Blog Articles

There are no available FAQ matching the current filters.

Related FAQ

Which system should be the system of record for aerospace NCRs?

There is no single universal answer. In aerospace, the system of record for NCRs should usually be the platform that governs formal quality disposition, approvals, audit trail, and controlled closure, often QMS or a tightly governed NCR/MRB workflow. MES, ERP, and PLM may hold linked execution, material, or product data, but they are not automatically the authoritative NCR record.

When should an aerospace customer issue a SCAR to a supplier?

A SCAR should be issued when a supplier problem is significant enough that simple containment, routine communication, or a one-off supplier NCR is not sufficient. Typical triggers include repeated escapes, major requirement violations, ineffective corrective action, or risks to airworthiness, traceability, delivery, or regulatory obligations. Thresholds still depend on contract terms, supplier controls, and QMS maturity.

What are signs that a CAPA is not addressing the true root cause?

Common signs include repeat deviations, actions focused only on retraining or reminders, weak evidence linking causes to facts, and metrics that improve briefly then slip back. A CAPA may close administratively while the underlying process, system, measurement, supplier, or design issue remains unchanged. The answer depends on investigation quality, data integrity, and cross-functional follow-through.

Who should have authority to approve scrap, repair, or concession dispositions?

Authority should not sit with a single generic role. In most regulated operations, disposition approval belongs to defined, authorized functions based on risk, product criticality, and contract or customer requirements. Scrap may be locally approved in limited cases, but repair and concession decisions usually require quality-led review, engineering input, and documented traceability.

Related Glossary

Exception policy

A documented set of rules for when normal requirements may be bypassed, approved, tracked, and reviewed.

Disposition Cycle Time

The elapsed time required to review, decide, and formally close a disposition for an issue or nonconformance.

Nonconformance (NCR)

A nonconformance (NCR) is a documented instance where a product, process, or system does not meet specified requirements or standards.

Quality Escape

A quality escape is a defect or nonconforming condition that passes through internal controls and reaches the next process step, customer, or field use.

Let's talk

Ready to See How C-981 Can Accelerate Your Factory’s Digital Transformation?

Request a Demo

product

Shopfloor OperationsSupply Chain & ProcurementMROSolutions

Resources

BlogCommunitySecurity & ComplianceAPI & Integrations

About

About UsPrivacy PolicyCookie PolicyTerms of ServiceContact Us

© 2026 C981. All rights reserved.