Dual Control - Segregation of Duty Policy

Dual Control – Segregation of Duty Policy

The techniques of dual control and segregation of duties have to be implemented to enhance the control over activities wherever the risk and impact of an IT Security incident would likely result in financial or other material damage to the organization.

Segregation of duties is a primary internal control, which prevents, or decreases the risk of errors, or irregularities, and identifies problems. This is achieved when an individual does not have control over all phases of a transaction.

The objectives of this Policy are to ensure that:

a. Potential areas of fraud are identified and activities in those areas are placed under dual control, or segregation of duties is performed;

b. Live data or software could not be amended or modified by Network and Systems staff, either accidentally or for vindictive or fraudulent reasons;

c. Development staff (either from Company and Company owned companies or from a contractor) will not operate with powerful privileges in the operational environment, which would be high risk and hence unacceptable;

d. Systems administration and user activities have to be separated to avoid sensitive data to be compromised;

e. An evidence of information security incident must not be altered by any member of staff who has access to an audit trail that recorded their actions during the incident.

CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. REQUIREMENTS
4. ROLES AND RESPONSIBILITIES
4.1 DEPARTMENT MANAGER
4.2 IT SECURITY TEAM
4.3 EMPLOYEE
5. EXCEPTIONS
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION

Pages: 8

Review Dual Control – Segregation of Duty Policy.

Related Products:

€599.00

Purchase

This bundle contains all the products listed in the Identity and Access Management section. Take advantage of the 25% OFF when buying the bundle!

€49.00

Purchase

This standard documents the security requirements for Company’s Application Security and Development. This standard is aligned to Company’s Systems Management Policy and must be applied to all applications written and developed for the Company.

€49.00

Purchase

The primary goal of the Incident Management process is to restore normal service operation as quickly as possible and minimize the adverse impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained.