For Internal audit or another supervisor entity, Have you ever been in the obligation of demostrate that your risks associated to infrastructure vulnerabilities have not been materialized? How have you done it? Which logs or documental supports May I use?