Chapter 8 Quality attributes and sizing of the dXp Archival and Retention Requirements Due to legal obligations or business needs, content and data need to be archived and retained for a specified time period. The main archival and retention requirements are as follows: • The system should archive and retain all data and content to comply with legal regulations. • The system should store the data in separate storage. • The system should be capable of archiving data for a specified time duration. • The archival system should provide data redundancy to prevent data loss and to provide high availability. Logging and Auditing Requirements Logging is necessary to understand and debug the system actions. Auditing is necessary to log security events such as login, login failures, login attempts, password change, etc. The main logging and auditing requirements are as follows: • The system should log the application events (with appropriate categories such as info, debug, or error) and security events. • The log entry should consist of timestamp, event source, error details (if any), source IP address, and user ID so that it helps the administrators to use the information. • Security events such as login failures, login attempts, elevation of privileges, account registration, workflow approvals, etc. should be logged with corresponding user IDs. • Sensitive information such as private information and session ID should not be logged. 221