What activity can be logged by the system? How is access to the log files and audit trails restricted?

Logs are implemented in accordance with EPO security policies. User transactions and uploaded information are scrutinised from a security perspective (including DDoS, malware, etc.), but the logs do not store any user data. Access to the logs is restricted to accredited employees from the EPO’s information security department, under the authority of the Chief Information Security Officer, and subject to the recommendations and advice of the Data Protection Officer.