Communications services have scope to be misused, for example by spreading malware, or launching phishing attacks. Alternatively, insiders could leak privileged information, or commit financial fraud.
The communications service should provide audit functionality, so that organisations can provide improved security monitoring and also fulfil regulatory/legal requirements (such as investigating fraud or unlawful activities).
Misuse of a service's audit functionality could allow unauthorised access to communications content. Only an authorised administrator, with appropriate permission and remit when access conditions are met, should be able to access communications content and associated metadata. Access to the audit functionality should be logged with a record of the activity performed, and the corresponding justification. The audit functionality provides access to sensitive data and so should meet principle 2 (protect network nodes with access to sensitive data).