Audit and accountability policy
system security plan
privacy plan
privacy risk assessment
privacy risk assessment results
procedures addressing content of audit records
system design documentation
system configuration settings and associated documentation
list of organization-defined auditable events
system audit records
third party contracts
other relevant documents or records