The you say in your compliance policy that you run regular audits for these kinds of actions and remediate them on a case-by-case basis.

E.g. run quarterly reports for changes to prod that didn't go through the regular release pipeline and note down which P0 they corresponded to.