Protective measures must be implemented to restrict access to critical and/or sensitive data to key staff only. This includes both digital and physical access. Licensees must have processes and procedures to track and monitor access to all network resources. Logging mechanisms and the ability to track user activities are critical in preventing, detecting, or minimising the impact of a data compromise. The maintenance of logs allows thorough tracking, alerting, and analysis when issues occur.