Advanced SoD –
Intelligent Segregation of Duties in IAM
Segregation of Duties (SoD) is a cornerstone of secure, compliant business processes. Advanced SoD delivers a modern, intelligent solution that helps organizations enforce regulatory requirements and avoid conflicts of interest in access management.
Why Segregation of Duties Is Essential
In many industries, Segregation of Duties (SoD) is not just a best practice – it’s a legal requirement. Particularly in finance and banking, separating operational tasks from risk oversight is critical for effective risk management. Regulatory frameworks such as MaRisk, BAIT, and international standards like ISO 27001, BSI IT-Grundschutz, and the NIST Cybersecurity Framework mandate strict SoD enforcement.
Our goal is to provide companies with Advanced SoD, a state-of-the-art, intelligent SoD solution for their Identity & Access Management (IAM). The solution ensures strict control over authorization assignments and safeguards your organization from fraud risks.
It’s the next-generation replacement for legacy SoD tools, such as those based on the Garancy Rule Engine, offering greater power, flexibility and automation.
Key Features of Advanced SoD
Advanced SoD provides intelligent, rule-based access control by assigning SoD classes to permission objects such as users, accounts, roles, and groups. These classes are cross-referenced via a centralized SoD matrix to detect and prevent conflicts before they occur.
Centralized SoD Policy Management
Define global segregation rules, responsibilities, and scopes.
Automated Conflict Detection
Instantly identify SoD violations during access assignments.
Exception Handling
Implement flexible approval workflows for temporary exceptions.
Policy-Driven Automation
Use built-in workflows for access requests, approvals and reviews.
Intelligent, Rule-Based Access Control
With Advanced SoD, you’ll streamline permissions, strengthen compliance, and protect your organization from unnecessary risk.
Contact us today for a free consultation.
:quality(50))
Two Operating Modes for Advanced SoD
1. User-Level Access Assignment
The SoD matrix is checked in real-time. If conflicts arise, they are either directly denied or require explicit exception approval. Approved exceptions include automated expiration following policy settings.
2. Role Creation and Modification
Potential conflicts are flagged during role design. Built-in validation tools support the creation of conflict-free role models by applying predefined checks, helping organizations establish secure and compliant role structures from the start.
Our Services at a Glance
Initial Consultation and Requirements Analysis
Conducting a workshop to assess your existing role models, authorization structures, and compliance requirements
Reviewing your current SoD (Segregation of Duties) implementation – e.g., using the Garancy Rule Engine – and identifying areas for improvement
Conceptual Design
Developing a customized SoD concept, including the definition of SoD classes, role ownership, and governance structures
Creating a company-specific SoD matrix based on industry-specific standards such as MaRisk, BAIT, or ISO 27001
Configuration and Implementation
Technical setup of Advanced SoD within your IAM solution
Defining and implementing automated validation logic as well as approval and escalation workflows
Integrating SoD controls into your existing role and access assignment processes
Training and Enablement
Delivering training sessions for administrators, business users, and compliance officers
Knowledge transfer to enable in-house maintenance of SoD policies and conflict rules
Supporting all testing phases, including unit, integration, and user acceptance testing
Assisting with go-live activities, including monitoring and fine-tuning
Analyzing and transferring existing SoD rules from legacy systems
Cleaning up and modernizing role models to prevent conflicts
Let’s work together to optimize your Identity and Access Management.