SID-ORG-02 — Roles, Responsibilities, and Segregation of Duties
| Property | Value |
|---|---|
| Status | to_do |
| Owner | operator |
| Category | policy |
| CSF Function | govern |
| Group | Governance and Policy Controls |
Description
Define and assign information security roles and responsibilities. Segregate conflicting duties (e.g., development vs operations, key management vs audit). Document organizational chart showing security governance structure.
Audit Findings
| Finding | Severity | Status |
|---|---|---|
| ISO-O-8 — Partial segregation of duties | low | open |