Used when the business or regulators require tracking of who changed what data and when. Appropriate for any entity with financial, medical, or personally identifiable information. Implemented via a centralized AUDIT_LOG, shadow tables, or both.