Internal Audit and Compliance Standards — Audit Trail Requirements. All systems processing, storing, or transmitting sensitive data must maintain comprehensive audit trails in accordance with SOX Section 802 and the company's internal control framework. Audit trail records shall capture the following minimum data elements: user identifier, timestamp (UTC with millisecond precision), action performed, resource identifier, source IP address, and outcome (success or failure). Audit trail records and access logs shall be retained for a minimum of 7 years in compliance with SOX Section 802 and local regulatory requirements. Records must be stored in append-only, tamper-evident storage with cryptographic integrity verification. Access to audit trail data is restricted to the Internal Audit team, the Chief Information Security Officer, and external auditors as required. Any attempt to modify or delete audit trail records must trigger an immediate security alert to the SOC. Quarterly reviews of audit trail completeness and integrity are performed by the Internal Audit team, with findings reported to the Audit Committee of the Board.