The auditor has accessed logs to the server room. What source of information was collected?

The correct answer is rooted in the nature of the information collected by the auditor when they access logs to the server room. When accessing these logs, the auditor is examining a collection of data that has been generated and recorded by the system over time. This form of documentation provides measurable evidence of system activity, user access, and other operational parameters.

In the context of ISO/IEC 27001, records are defined as information created, received, and maintained as evidence of an organization's activities. Logs showcasing access to the server room fit this definition as they serve as a formal record of actions that have occurred, allowing for retrospective analysis and auditing.

While the other options like documents, observations, and interviews have their own significance in the auditing process, they do not capture the essence of logs accessed in this scenario. Documents can refer to various written records but don't specifically denote logs or tangible evidence of activities, observations pertain to what the auditor might see in real-time or physical checks, and interviews involve direct communication with personnel, which provides insights but lacks the objective nature of logs. Collectively, the logs represent an important category of information that falls under records, supporting the auditing of access control and ensuring compliance with security policies.