To ensure effective continuous monitoring, adequate segregation-of-functions must be sustained. Continuous monitoring and segregation-of-functions are not new control concepts. Yet, technological integration issues can be a barrier to implementing continuous monitoring systems that are: independent of operational processes and capable of easy configuration for specific risk tolerance requirements. Procedurally, achieving appropriate functional independence in an automated system necessitates defining IT and operational user work units considering control context. As a result, when properly deployed, segregation-of-functions assures organizational responsibilities do not impinge upon independence or corrupt information system asset integrity while tracking and collecting datum regarding individual processes.
“View Part I of the Compliance through Automation: Continuous Monitoring series here“