SC7: User access to level 4 information on servers must be logged, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).
The logs of user activities on a Level 4 system should include the identity of the user, the user's IP address, the time and the action taken. This log is primarily for post incident analysis.