Information system access control is designed in accordance with the "Segregation of Duty" requirements and is approved by the business.
System operation manuals are in place and maintained up-to-date for those entire IT systems supporting critical business processes.