The concept of having more than one person required to complete a task. Separation of duty, as a security principle, has as its primary objective the prevention of fraud and errors. This objective is achieved by disseminating the tasks and associated privileges for a specific business process among multiple users.
The accounting profession has invested significantly in separation of duties because of the understood risks accumulated over years of accounting practice.
Separation of duties is commonly used in large IT organizations so that no single person is in a position to introduce fraudulent or malicious code or data without detection. Role based access control is frequently used in IT systems where SoD is required. Strict control of software and data changes will require that the same person or organizations performs only one of the following roles:
- Identification of a requirement (or change request); e.g. a business person;
- Authorisation and approval; e.g. an IT governance board or manager;
- Design and development; e.g. a developer;
- Review, inspection and approval; e.g. development manager or architect;
- Implementation in production; typically a software change manager or system administrator.