Instructor for this course

Two fundamental elements of internal control are restricted access and segregation of certain key duties. Segregation of duties (SOD) and system access controls are used to prevent fraud and safeguard information assets, intellectual property, personally identifiable information (PII) and protected health information (PHI).

The underlying idea behind SOD is that no employee or group of employees should be in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. The principal duties typically outlined as incompatible and which should be segregated are:

  • Custody of assets
  • Authorization or approval of related transactions affecting those assets
  • Recording or reporting of related transactions

In Information Technology (IT), privilege controls are usually restricted according to user role. With today’s evolving technologies, SOD for information technology processes are critical to maintain safe and reliable data and protect against fraud.  A consistent framework should also encompass management duties (e.g., granting or revoking the proper rights to the appointed people, reporting and managing any exception to the procedures) and governance duties (evaluating, directing and monitoring SOD rules and practices in accordance with corporate governance).

This alternate model encompasses some management duties within the authorization of access granted and segregates them from the other duties. 

Learning Objectives

  • Explore the basic tenets of segregation of duties (SOD) as it relates to information technology (IT) processes.
  • Identify user categories for segregation of duties (SOD) related to information technology (IT).
  • Explore role based access controls (RBAC).
  • Discover methods to “scope” IT SOD through scoping of:
    • Assets as boundaries
    • Processes as boundaries
    • Identify the criticality of mapping activities with duties
    • Evaluation of systems and applications
    • Detecting conflicts that may arise
  • Discover the National Institute of Standards and Technology (NIST) categories of RBAC.
Last updated/reviewed: May 12, 2022

11 Reviews (49 ratings)Reviews

Member's Profile
Very comprehensive and imfo content The instructor explained all topics in the course in easy and friendly manner I highly recommend this course to everyone who seeks cybersecurity course or to fulfill isaca cpe for isca certifications. Many thanks to illumeo All your courses are excellent and comprehensive in all fields.
Anonymous Author
Good explanation of RBAC & SOD relating to information technology (IT) processes. Good definitions og user categories for segregation of duties (SOD) and methods to “scope” IT SOD, Identify the criticality of mapping activities with duties and introduction to NIST.
Anonymous Author
There is a great deal of information presented in this course, relevant to business as well as IT roles. Very thought-provoking and more complex than my initial assumptions on this topic.
Anonymous Author
Great concise course over SoD and role based access provisioning methods and the mitigating controls structures. I would recommend this course for any entry level IT associate.
Anonymous Author
Test is poorly written based on materials for this course. I would suggest a re-write as this was not representative of the materials and the concepts.
Member's Profile
Difficult training - more examples within the slides could be added as examples provided orally in the recording are very generic.
Anonymous Author
This is a refreshing RBAC training. Nothing surprised me. It will be most beneficial to performance auditors.
Anonymous Author
This course provides an understanding of segregation of duties from an information technology aspect.
Anonymous Author
This was an excellent course and the slides provided great explanations.
Anonymous Author
Good course review for IT personnel and intro for new IT personnel.
Anonymous Author
Final exam didn't seem to fully correspond with covered material.


Course Complexity:

No advanced preparation or prerequisites are required for this course.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  5:19Introduction to Role Based Access Information Technology Controls and Segregation of Duties
  17:52SOD Basic Tenants & Role Based Access Control
  3:33Designations of RBAC
  6:25Implementing RBAC
  9:32RBAC VS. ACLS & User Categories
  8:29Benefits of RBAC
  7:05Specific SOD
  1:00:21Introduction to Role Based Access Information Technology Controls and Segregation of Duties
  PDFSlides: Introduction to Role Based Access Information Technology Controls and Segregation of Duties
  PDFIntroduction to Role Based Access Information Technology Controls and Segregation of Duties Glossary/Index