Actions taken by a system must be recorded in order to provide evidence to stakeholders:

  • that this system works as intended (successful actions are tracked).
  • that identify the initiator of certain actions (user activity is tracked).
  • that attempts to compromise the system were denied (unsuccessful actions are tracked).