Separation of duties (“SOD”) is fundamental to reducing the risk of loss of confidentiality, integrity, and availability of information. To accomplish SOD, duties are divided among different individuals to reduce the risk of error or inappropriate action. In general, responsibility for related transactions should be divided among employees so that one employee’s work serves as a check on the work of other employees. When duties are separated, there must be collusion between employees for assets (e.g., Organizational Data, Information Systems) to be used inappropriately without detection. Departments must ensure that its organizational structure, job duties, business processes, and access procedures include an adequate system of SOD.
Related Guidelines, Procedures and Resources
Capitalized terms not otherwise defined herein shall have the same meaning as set forth in the Data Governance and Management Policy
|Accountable||Associate Data Trustee
|Support||Associate Data Steward
|Consulted||Data Governance team|
|Informed||Data Domain & Technology Sub-Committees
|2021-07-27||Zachary Hayes, Data Governance||New|