During a compliance audit, investigators observe that the organization's off-site tape vault has two independent combination locks. One senior systems engineer knows only the first combination, and a different engineer knows only the second. The vault can be opened only when both individuals are physically present and unlock their respective combinations at the same time. Which risk-mitigation technique is the company applying?
The control described is two-person integrity (also called dual control). By splitting the two combinations between separate administrators and requiring their simultaneous presence, no single individual can gain access to the tape vault or its contents. This directly meets the definition of two-person integrity: a safeguard that prevents individual access to sensitive material by mandating that at least two authorized persons act together.
Separation of duties assigns different steps in a process to different roles but does not necessarily demand that the roles work concurrently; one user could still act alone at a given moment. Mandatory vacations rotate staff to uncover fraud but do not enforce joint access. Multifactor authentication involves two or more authentication factors for a single user, not multiple users working together. Therefore, only two-person integrity satisfies the scenario.