---
title: Segregation of duties
description: Identity Governance enables centralized management of end-user access to resources throughout your company ensuring corporate and regulatory compliance.
component: pingoneaic
page_id: pingoneaic:identity-governance:administration/sod-policies-preface
canonical_url: https://docs.pingidentity.com/pingoneaic/identity-governance/administration/sod-policies-preface.html
keywords: ["segregation of duties", "SoD", "policies", "policy rules", "violations", "exceptions"]
---

# Segregation of duties

Identity Governance enables centralized management of end-user access to resources throughout your company ensuring corporate and regulatory compliance.

Identity Governance implements an internal control process, also known as *segregation of duties (SoD)*, to prevent the granting of privileges to a single individual in situations where conflict of interest could arise. For example, end users responsible for authorizing financial transactions should be different from those users responsible for reconciling, recording, or reviewing these transactions.

To implement SoD, Identity Governance uses [policies](sod-policies.html) consisting of [policy rules](sod-rules.html), which outline the conditions for conflicting entitlements during end-user access requests. You can also schedule [policy scans](sod-policy-scans.html) on a regular basis to catch any policy violations.

Identity Governance also provides [workflow nodes](workflow-nodes.html) to handle SoD violations, letting you grant an exception for the violation, reject the violation, or remediate any conflicting entitlements. When Identity Governance detects non-compliant access requests, whether due to error or fraudulent activity, it marks them as [violations](../end-user/sod-violations.html) and displays them on the Violations page. Identity Governance also displays all allowed violations on the Exceptions page.