Actions taken by a system must be recorded in order to provide evidence to stakeholders:

• that this system works as intended (successful actions are tracked).
• that identify the initiator of certain actions (user activity is tracked).
• that attempts to compromise the system were denied (unsuccessful actions are tracked).