What is Separation of duties?

Understanding Separation of duties

The practice of ensuring that no organizational process can be completed by a single person forces collusion as a means to reduce insider threats. Separation of duties SoD divides critical functions among multiple individuals to prevent fraud errors and abuse of privilege. By requiring multiple people to complete sensitive transactions or processes it ensures that no single person has excessive control while creating a requirement for collusion between multiple individuals for malicious activities. SoD is required by frameworks like ISO 27001 NIST SP 800-53 SOX PCI DSS and various regulatory standards. Organizations implement SoD through role design transaction approval workflows dual control mechanisms and periodic SoD analysis to identify conflicts. For example a financial institution might implement separation of duties in payment processing by requiring one employee to create a wire transfer another to approve it and neither having the ability to both create and approve making it impossible for a single employee to fraudulently transfer funds without collusion. Related terms Dual control Least privilege Role-based access control Segregation of responsibilities Transaction authorization Job rotation Access control Insider threat.