In this episode of The ITSM Practice, Luigi Ferri explores ISO/IEC 27001:20 22 Control 5.3 – Segregation of Duties (SoD). Learn how to reduce risk, design accountability, and strengthen your ISMS with actionable SoD strategies, especially in ITIL 4 environments. Master RBAC, role clarity, and audit readiness to build trust into your IT processes by design.

In this episode, we answer to:

How does ISO 27001:20 22 Control 5.3 define and implement Segregation of Duties?

What are effective ways to apply RBAC and SoD in small or resource-limited teams?

How can organizations monitor, log, and prove SoD compliance for audits?

Resources Mentioned in this Episode:

ISMS-Online, article "ISO 27001:20 22 Annex A 5.3 – Segregation of duties", link https://de.isms.online/iso-27001/annex-a/5-3-segregation-of-duties-2022/

Morgan Hill website, template "ISO/IEC 27002:20 22 | 5.3 - Segregation of Duties Policy Template", link https://morganhillcg.com/blog/item/iso-iec-27002-2022-5-3-segregation-of-duties-policy-template-2

HighTable, article "The Ultimate Guide to ISO 27001:20 22 Clause 5.3: Organisational Roles, Responsibilities and Authorities", link https://hightable.io/iso-27001-clause-5-3-organisational-roles-responsibilities-and-authorities/

Connect with me on:

LinkedIn: https://www.linkedin.com/in/theitsmpractice/

Website: http://www.theitsmpractice.com

And if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.

Credits:

Sound engineering by Alan Southgate - http://alsouthgate.co.uk/

Graphics by Yulia Kolodyazhnaya