...
Depending on business risk it may be adequate to store the originating computer's Internet Protocol address and time stamps in database tables. Higher levels of business risk might require Secure Socket Layer (SSL) sessions, trusted time stamps, and comprehensive audit trails on the database tables involved. It should be noted that while the policy directive stipulates that audit trails "identify the sending location", in practice it is not possible to identify the sending location of an all Internet transaction transactions with a high degree of confidence (see http://www.itaa.org/taxfinance/docs/geolocationpaper.pdf. In particular if the transacting party has motivation and technical competence there are widely available mechanisms to defeat any attempt at location.
To some extent extra emphasis on database integrity might counterbalance an emphasis on audit trails. For example, if an Electronic Postmark were used as the guarantor of document integrity, audit trails on local database tables might be considered irrelevant.