Review required audit and logging requirements

Description

Review and document the required logging requirements for the activate account service.

Further details

Our preffered approach is to use the GCP logging functionality to store audit requirements.

Task list

Read through documents describing possible log requirements for successful and unsuccessful login attempts:

• https://help.uis.cam.ac.uk/system/files/security_logging_v1.pdf
• TDA NFRs

Document in this issue comments:

• What events need to be audit logged
• What information needs to be included in an audit log
• How long the logs must be retained

Acceptance criteria

• Documented what and how audit events must be logged.

Links/references