When users must log on to a system, logon should be a separate procedure that is completed before a user may select any operational options.