We use Auditing for SQL Database and SQL Server audit to track database events and write them to an audit log. Auditing enables us to understand ongoing database activities, as well as analyze and investigate historical activity to identify potential threats or suspected abuse and security violations.
Every successful or unsuccessful login in the system is audited.
Every URL visited in the system is audited.
Every record in the system maintains the created on, created by, modified on, and modified by records.
Sensitive information such as employees and payroll calculations are audited when changed or deleted.
These logs are retained for a period of 60 days on a rolling basis.