I would add two more tasks to the checklist

1. Remove Built-in admiinstrators

2. Disable or at least rename the sa account (in 2005 or higher).

About hte loging of succesful logins I would recommend to use a LOGIN TRIGGER which records the login and the last time it connected. This avoids filling up the SQL errorlog and it's much easier to search through in case you want to know when was the last time a login was used.