Collaborate with the vendor of the Agency’s information security weakness tracking system to determine whether audit logging to capture “all data changes” is an available security feature within the Agency’s information security weakness tracking system and, if so, activate the audit log settings to capture all data changes. If audit logging is not available, establish compensating controls within the Agency’s information security weakness tracking system that would record or describe what data has been changed.