SSN Exception Requests

According to Security Control RA-2 - Security Categorization, information systems at Texas A&M are not allowed to store Social Security Numbers (SSNs). If an information system has a compelling business need to store SSNs, the information owner needs to submit an exception request.

To submit an exception request, email with the following information:

  • Business and technical contacts

  • Name of the information system (information systems can include multiple machines)

  • DNS name of each machine in the system

  • Business purpose for storing SSNs (e.g., State, Federal, Texas A&M regulations specifically require it)

  • Mitigation against data loss (e.g., encryption)

    • Provide technical details, including encryption method and algorithm strength, if applicable.

  • Data life cycle

    • How do you receive the data?

    • What do you with the data while you have it?

    • How and when do you dispose of the data?

  • Backups

    • What process is used to back up data?

    • What type of backup media is used and, if removable, how is media stored?

    • Are backups encrypted?

If you have questions, email

Questions? Comments?

Please send feedback and questions to Texas A&M IT Product Strategy & Communication at