...
Depending on business risk it may be adequate to store the originating computer's Internet Protocol address and time stamps in database tables. Higher levels of business risk might require Secure Socket Layer (SSL) sessions, trusted time stamps, and comprehensive audit trails on the database tables involved. It should be noted that while the policy directive stipulates that audit trails "identify the sending location", in practice it is not possible to identify the sending location of an Internet transaction with a high degree of confidence (see http://www.itaa.org/taxfinance/docs/geolocationpaper.pdf
To some extent extra emphasis on database integrity might counterbalance an emphasis on audit trails. For example, if an Electronic Postmark were used as the guarantor of document integrity, audit trails on local database tables might be considered irrelevant.