Here are some segregation of duties ideas
- Developers should never have acccess to production data.
- Logical access should never be approved by those setting up user profiles
- Application/operation managers should not be responsible for network controls
- Database access monitoring should be performed by an independent party.
- Dual control over deletions and other significant changes should be considered.