ISO/IEC 27001 Control 5.3: Segregation of duties

Conflicting duties and conflicting areas of responsibility should be segregated.

MidPoint is necessary to implement this control properly.

MidPoint features and capabilities are essential for efficient implementation of this control. While it is theoretically possible to implement this control without a comprehensive IGA platform in place, the implementation is likely to be inefficient, costly, slow and unreliable in the long run. MidPoint can make implementation of this control efficient and reliable.

MidPoint can manage, monitor and enforce segregation of duties (SoD) policies through the organization.

Segregation of duties (SoD) policies can be defined on role level (role exclusion) or role-class level (meta-role), with selective enforcement. The policies can be enforced gradually, reporting policy violations first, gradually addressing them, applying full policy enforcement when all violations are addressed. SoD violations can be optionally driven through approval process to "legalize" them.

MidPoint is necessary, as SoD policy cannot be practically enforced manually on large number of roles, and large number of role assignment changes. SoD evaluation and enforcement must be automated to be practical.