Logging of patching is covered by Security Policy 3.2.3. "Patching" includes document change and in-service certificate change. Logging of hardware access is covered by Security Policy 2.3.3 Also see Security Policy 4.2.