Segregation of duties is the control principle of dividing critical tasks so one person does not control every step of a sensitive process.
Segregation of duties is the control principle of dividing critical tasks or authorities among different people or roles. In plain language, it means one person should not be able to request, approve, execute, and review a sensitive action alone.
Segregation of duties matters because concentrated authority increases the chance of fraud, error, abuse, or unreviewed high-impact changes. Requiring more than one role or checkpoint creates accountability and reduces single-person control over sensitive outcomes.
It also matters because many security failures involve process weakness as much as technical weakness. Governance controls often keep powerful systems from being used carelessly or invisibly.
Segregation of duties appears in privileged-access approvals, financial systems, change management, identity administration, and compliance controls. Organizations use it where a single actor controlling request, approval, execution, and review would create too much unchecked power.
Security teams tie it to Least Privilege, Privileged Access Management, Access Review, and Audit Log.
| Process step | Why separation helps |
|---|---|
| Request | Stops people from self-initiating sensitive access without oversight |
| Approval | Adds independent judgment before the action proceeds |
| Execution | Limits who can carry out the sensitive change |
| Review | Preserves after-the-fact accountability and evidence |
A team member can request privileged access to a production database, but a different authorized person must approve the request, and the resulting administrative activity is logged separately for later review. No one person owns the whole sensitive workflow alone.
Segregation of duties is not the same as simply having many people on a team. The control works only when sensitive steps are divided intentionally.
It is also not a purely financial concept. It is widely relevant to cybersecurity, especially where identity, privileged operations, and high-impact system changes are involved.