Audit software access

CIP Requirements:

(CIP 003-05 R3)
Maintain documented and auditable implementation program for access control with annual reviews.

(CIP-007-05 R5)
Establish, implement, and document technical and procedural controls that enforce access authentication of, and accountability for, all user activity and that minimize the risk of unauthorized system access.