Because "documented" isn't a mitigation strategy