Hi Nasir
You've mixed your terminology a bit. Access Control is a Module of GRC component. Access Control comprises of Firefighter, Access Risk Analysis (SoD Rules), Business Role Management and Access Request Management.
Now in relation to your question - you are correct the two modules can be implemented independent of each other. If you make changes to SoD rules you will not impact Firefighter.
Regards
Colleen