Yes, an SoD policy can define mitigating controls. Mitigating controls are measures put in place to reduce the risk of having conflicting duties. For example, if it's not possible to completely segregate duties due to resource constraints or other business factors, mitigating controls such as enhanced auditing, periodic reviews, or dual approvals can be defined to manage the risk. SailPoint IdentityNow allows for the creation of SoD policies that include such mitigating controls to ensure compliance with security and governance requirements.
Key Reference from SailPoint Documentation:
Mitigating Controls in SoD Policies: SailPoint supports the definition of mitigating controls within SoD policies to manage and reduce risks when full separation of duties cannot be achieved.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit