In exceptional circumstances, the TAPA CA may be confronted with a waiver request for a specific security requirement in part or whole on behalf of the Supplier. TAPA reviews and approves/denies all waiver requests. It is the TAPA CA’s responsibility to decide whether the request is valid and that substantial mitigating reason(s) exist that led to the waiver application. Request for waivers are more likely to be approved by TAPA if alternative security controls are introduced to mitigate the security exposure.
Waivers are valid for up to a maximum of 3 year. The original requirement must be completed on the expiration date of the waiver or requested and approved again.
I. LSP considers a specific requirement in the FSR is not required from a security standpoint.
II. LSP completes and submits Waiver Request form to Authorized Auditor. One form must be completed for each FSR Waiver Request
III. Authorized Auditor reviews Waiver Request(s) and determines if request is valid.
IV. Authorized Auditor submits the Waiver Request form to the TAPA Regional Waiver Committee
V. If approved:
- *1 Waiver specifics are documented and signed by an authorized person on the TAPA Regional Waiver Committee
- *2 The TAPA Regional Waiver Committee assigns date for how long waiver will be approved and sends copy to the IAB
- *3 The IAB will notify the LSP of the outcome of the Waiver Request
- *4 LSP shall meet all requirements of waiver in the agreed upon time frame. Failure to do so shall result in the removal of the waiver approval.
VI. If not approved: LSP required to implement full requirement of FSR