In continuation to verifying the accesses of individuals based on their job functions, the Information Security And Compliance Lead must also verify that segregation of duties exist within the change management environment to ensure authorized change control.
This verification includes:
-
Ensuring access to source code repository is restricted to authorized personnel
-
Ensuring access to the production enviornment is controlled and developers are limited to read-only access
-
Ensuring developers cannot act as system administrators, security administrators, database administrators, or change implementors.
|
