[trustable-software] Segregation of Duties
trustable at panic.fluff.org
trustable at panic.fluff.org
Mon Apr 3 15:44:13 UTC 2017
On Mon, 3 Apr 2017, Colin Robbins wrote:
> A.6.1.2 Segregation of duties Control. Conflicting duties and areas of
> responsibility shall be segregated to reduce opportunities for
> unauthorized or unintentional modification or misuse of the
> organization's assets.
>
>
yes I've noted this in lots of standards, however it doesn't say what
duties should be associated with which responsbilities..
For example, developers can only make changes in version control and in
turn this gets deployed to test environments, However, only production
administrated can log into production environments, not developers.
Another example, is those developers cannot review their own work.
These seem sensible but don't seem to be written down in any standards as
requirements.
Edmund
--
========================================================================
Edmund J. Sutcliffe Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org> Implemented and Communicated
<http://panic.fluff.org> +44 (0) 7976 938841
More information about the trustable-software
mailing list