*4.4.5 Auditing and monitoring*

Systems and applications should create records for auditing and monitoring. Specifically, archives should be generated before and after critical functions take place. These logs are stored in the system/server backend for regulatory requirements, performance indicators and other analytics. Different components are typically checked during risk management.
