IFO4
Loading...The control principle that no single identity may complete a sensitive process end to end, requiring that initiation, approval, execution, and review be distributed across multiple identities with no overlap of incompatible functions. Segregation of duties is a load-bearing primitive of financial, security, and engineering integrity. The federation requires that segregation be enforced through automation rather than relying on policy alone, with break-glass exceptions logged and reviewed within a fixed window after invocation.
Long-standing internal-control principle in accounting and audit literature; codified in modern terms by COSO in 1992 and adopted into security frameworks subsequently.
Federation members must publish a segregation matrix for sensitive processes, identifying the incompatible functions and the controls enforcing separation. Manual-only segregation is reported as advisory under TGS-002:1.7 and does not satisfy accreditation.
@misc{ifo4_glossary_segregation_of_duties,
title = {{Segregation of Duties}},
author = {{IFO4 Federation Editorial Board}},
howpublished = {{IFO4 Federation Glossary, slug \texttt{segregation-of-duties}}},
year = {2026},
url = {https://ifo4.org/glossary/segregation-of-duties},
note = {Category: SecOps; key: SegregationofDuties}
}Federation members and accredited practitioners may challenge any entry under TGS-002:1.7. Filed challenges are routed to the editorial board, triaged into the revision register, and resolved in writing on the public docket. The slug remains stable through any revision.