EPISODE · Oct 21, 2025 · 10 MIN
How to Build IT Accountability with SoD (ISO 27001 Control 5.3)
from The ITSM Practice: Elevating ITSM and IT Security Knowledge · host Luigi Ferri
In this episode of The ITSM Practice, Luigi Ferri explores ISO/IEC 27001:2022 Control 5.3 – Segregation of Duties (SoD). Learn how to reduce risk, design accountability, and strengthen your ISMS with actionable SoD strategies, especially in ITIL 4 environments. Master RBAC, role clarity, and audit readiness to build trust into your IT processes by design.In this episode, we answer to:How does ISO 27001:2022 Control 5.3 define and implement Segregation of Duties?What are effective ways to apply RBAC and SoD in small or resource-limited teams?How can organizations monitor, log, and prove SoD compliance for audits?Resources Mentioned in this Episode:ISMS-Online, article "ISO 27001:2022 Annex A 5.3 – Segregation of duties", link https://de.isms.online/iso-27001/annex-a/5-3-segregation-of-duties-2022/ Morgan Hill website, template "ISO/IEC 27002:2022 | 5.3 - Segregation of Duties Policy Template", link https://morganhillcg.com/blog/item/iso-iec-27002-2022-5-3-segregation-of-duties-policy-template-2 HighTable, article "The Ultimate Guide to ISO 27001:2022 Clause 5.3: Organisational Roles, Responsibilities and Authorities", link https://hightable.io/iso-27001-clause-5-3-organisational-roles-responsibilities-and-authorities/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya
What this episode covers
In this episode of The ITSM Practice, Luigi Ferri explores ISO/IEC 27001:2022 Control 5.3 – Segregation of Duties (SoD). Learn how to reduce risk, design accountability, and strengthen your ISMS with actionable SoD strategies, especially in ITIL 4 environments. Master RBAC, role clarity, and audit readiness to build trust into your IT processes by design.In this episode, we answer to:How does ISO 27001:2022 Control 5.3 define and implement Segregation of Duties?What are effective ways to apply RBAC and SoD in small or resource-limited teams?How can organizations monitor, log, and prove SoD compliance for audits?Resources Mentioned in this Episode:ISMS-Online, article "ISO 27001:2022 Annex A 5.3 – Segregation of duties", link https://de.isms.online/iso-27001/annex-a/5-3-segregation-of-duties-2022/ Morgan Hill website, template "ISO/IEC 27002:2022 | 5.3 - Segregation of Duties Policy Template", link https://morganhillcg.com/blog/item/iso-iec-27002-2022-5-3-segregation-of-duties-policy-template-2 HighTable, article "The Ultimate Guide to ISO 27001:2022 Clause 5.3: Organisational Roles, Responsibilities and Authorities", link https://hightable.io/iso-27001-clause-5-3-organisational-roles-responsibilities-and-authorities/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya
NOW PLAYING
How to Build IT Accountability with SoD (ISO 27001 Control 5.3)
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m