During a compliance audit, investigators observe that the organization's off-site tape vault has two independent combination locks. One senior systems engineer knows only the first combination, and a different engineer knows only the second. The vault can be opened only when both individuals are physically present and unlock their respective combinations at the same time. Which risk-mitigation technique is the company applying?
The control described is two-person integrity (also called dual control). By splitting the two combinations between separate administrators and requiring their simultaneous presence, no single individual can gain access to the tape vault or its contents. This directly meets the definition of two-person integrity: a safeguard that prevents individual access to sensitive material by mandating that at least two authorized persons act together.
Separation of duties assigns different steps in a process to different roles but does not necessarily demand that the roles work concurrently; one user could still act alone at a given moment. Mandatory vacations rotate staff to uncover fraud but do not enforce joint access. Multifactor authentication involves two or more authentication factors for a single user, not multiple users working together. Therefore, only two-person integrity satisfies the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is two-person integrity (dual control)?
Open an interactive chat with Bash
How is two-person integrity different from separation of duties?
Open an interactive chat with Bash
Why would organizations use two-person integrity for off-site tape vaults?