Key Universal Principles of Segregation of Duties
Kindly provide me with the key universal principles of segregation of duties with their explanations.
Assign topic to the user
The most common criteria to be considered for segregation of duties of critical activities are:
- the person who elaborates something does not approve it
- the person how performs a task does not review it
Considering that, for example, the internal auditor/security tester should not be the same person as the service manager. The service manager defines and handles changes/incidents, while internal auditor/security tester verifies if these are effective. So, you should verify exactly which activities will be performed by each role to identify potential conflicts of interest.
For further information, see:
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
These materials will also help you regarding segregation of duties:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 13, 2020