IT Examiner School, Providence, RI

Separation of Duties

Principal concept of separation of duties?

Potential control mechanisms includes: • Principle of least privilege

• Rotation of duties

• Independent review

• Dual review

Training

• Must include ALL employees of the institution. • Must be conducted annually. • The institution should collect signed acknowledgments of the employee acceptable use policy.