Segregation of duties is the control principle of dividing critical tasks so one person does not control every step of a sensitive process.
Segregation of duties is the control principle of dividing critical tasks or authorities among different people or roles. In plain language, it means one person should not be able to perform every step of a sensitive process without oversight or involvement from someone else.
Segregation of duties matters because concentrated authority increases the chance of fraud, error, abuse, or unreviewed high-impact changes. Requiring more than one role or checkpoint helps create accountability and reduce single-person control over sensitive outcomes.
It also matters because many security failures involve process weakness as much as technical weakness. Governance controls are often what keep powerful systems from being used carelessly or invisibly.
Segregation of duties appears in financial systems, privileged-access approvals, change management, identity administration, and compliance controls. Organizations use it where a single actor controlling request, approval, execution, and review would create too much unchecked power.
Security teams tie it to Least Privilege, Privileged Access Management, and Audit Log because those controls work better when authority is distributed and reviewable.
A team member can request privileged access to a production database, but a different authorized person must approve that request, and administrative activity is logged separately for later review. No one person owns the whole sensitive workflow alone.
Segregation of duties is not the same as simply having many people on a team. The important point is dividing sensitive control points intentionally, not just having multiple staff members in general.
It is also not a purely financial concept. It is widely relevant to cybersecurity, especially where identity, privileged operations, and high-impact system changes are involved.