Rotation and Separation of Duties

Purpose

To define required separation and rotation of duties to minimize the risk of fraud.

Scope

University of Houston data processing employees and users of sensitive data.

Guidelines
  1. Programming and operations functions must be performed by different individuals.
  2. There should be cross training of operations staff to provide depth and backup, and to reduce individual dependence.
  3. Any exception to the following guidelines regarding separation of duties for the following groups of employees should be documented and reviewed on a periodic basis for justification and risk analysis purposes:
Programmers: Operators: Users: