Sanctioned DLP Policy Exceptions define when an event, message, or document should be ignored by the policy. Exceptions use the same rule types as the Rules section of the policy, and can be combined with Boolean Logic using Rule Groups. But, Rule Groups used as exceptions do not have associated Severity levels.
You can also add an exclusion to the exception policy, or a whitelist, using a predefined dictionary of data identifiers, or you can manually exclude specific data identifiers.
To add an exception to a policy:
- Choose Policy > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy, or click the name of an existing policy to edit it.
- In the Descriptions page, enter a name for the policy, an optional description, select Classifications if available, deployment type, and services the policy should apply to.
- In the Rules page, add a rule.
- Click Add Exception. Select an exception type from the list. (The types available are the same as those listed in DLP Policy Rules and Rule Groups.)