The network device must off-load audit records onto a different system or media than the system being audited.

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.