ISO/IEC 27001 Control 5.3: Segregation of duties
Control
Conflicting duties and conflicting areas of responsibility should be segregated.
Necessity of MidPoint
MidPoint is necessary to implement this control properly.
MidPoint features and capabilities are essential for efficient implementation of this control. While it is theoretically possible to implement this control without a comprehensive IGA platform in place, the implementation is likely to be inefficient, costly, slow and unreliable in the long run. MidPoint can make implementation of this control efficient and reliable.
Implementation Overview
MidPoint can manage, monitor and enforce segregation of duties (SoD) policies through the organization.
Implementation Details
Segregation of duties (SoD) policies can be defined on role level (role exclusion) or role-class level (meta-role), with selective enforcement. The policies can be enforced gradually, reporting policy violations first, gradually addressing them, applying full policy enforcement when all violations are addressed. SoD violations can be optionally driven through approval process to "legalize" them.
Rationale
MidPoint is necessary, as SoD policy cannot be practically enforced manually on large number of roles, and large number of role assignment changes. SoD evaluation and enforcement must be automated to be practical.
Documentation
Version | Title | Description |
---|---|---|
4.9 | Gradual Enforcement of Policies | Example of gradual enforcement of SoD policy. |
Segregation of Duties | Description of SoD mechanism configuration. | |
Development | Gradual Enforcement of Policies | Example of gradual enforcement of SoD policy. |
Segregation of Duties | Description of SoD mechanism configuration. |