An IS auditor has been asked to perform a post-implementation assessment of a new corporate human resources (HR) system. Which of the following control areas would be MOST important to review for the protection of employee information?

A. Logging capabilities
B. Authentication mechanisms
C. Data retention practices
D. System architecture