Privileged access to the production network is restricted to a small number of authorised users. 2LRN4 applies segregation of duties. Roles are defined in the application based on tasks, responsibilities, and authorisations, with extra attention for high-privilege accounts. Access to the production environment is additionally protected with a hardware token.