Hi
We just had an auditor tell us to formally review our logging parameters on the server and implement best practice for logging, based on a risk assessment. Phew!
Before my time here, there was no reasoning behind what we chose to log or not log.
Any ideas where such a "best practice" guide could be found. Its not financial data on the server, but we need to implement a "decent" logging policy.
Cheers