[trustable-software] Segregation of Duties

trustable at panic.fluff.org trustable at panic.fluff.org
Mon Apr 3 15:44:13 UTC 2017


On Mon, 3 Apr 2017, Colin Robbins wrote:
> A.6.1.2 Segregation of duties Control. Conflicting duties and areas of 
> responsibility shall be segregated to reduce opportunities for 
> unauthorized or unintentional modification or misuse of the 
> organization's assets.
>
>

yes I've noted this in lots of standards, however it doesn't say what 
duties should be associated with which responsbilities..

For example, developers can only make changes in version control and in 
turn this gets deployed to test environments, However, only production 
administrated can log into production environments, not developers.

Another example, is those developers cannot review their own work.

These seem sensible but don't seem to be written down in any standards as 
requirements.

Edmund

-- 
========================================================================
Edmund J. Sutcliffe                     Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org>               Implemented and Communicated
<http://panic.fluff.org>                +44 (0) 7976 938841




More information about the trustable-software mailing list