Meeting TISAX Standards with PKWARE, Part 6: Event Logging

Automotive suppliers must meet TISAX data security standards in order to do business with any major German automobile company. PKWARE helps companies simplify TISAX compliance by providing a wide range of capabilities to address multiple requirements. In our TISAX blog series, we're examining the requirements auto industry suppliers and service providers must meet, and how PKWARE is helping organizations meet those requirements.

Today's topic: event logging.

In order to meet German automotive industry standards for data security, companies must have the ability to record and trace events that affect data security. TISAX standards also call for organizations to protect event records against modification, so that in the event of a security incident, administrators are able to determine the cause and take the appropriate actions to remediate and protect against future incidents.

In addition to being a requirement in its own right, detailed event logging also aids compliance efforts in general. Security logs are an effective way for organizations to demonstrate that they have implemented measures to satisfy other TISAX requirements, such as those calling for data protection, classification, or access control.

PKWARE Data Security Intelligence

PKWARE’s Data Security Intelligence reporting feature allows security teams and audit personnel to monitor data discovery, classification, and protection activity across the organization. PKWARE provides activity logs—that cannot be altered—to indicate which files are protected, where the files are stored, and which users have accessed them. To make tracing events easy in the event of security incidents, administrators can filter reporting data by time and event type, and search for specific terms within event logs.

Reporting Screenshot

PKWARE captures extensive information on administrative actions, user actions, and file activity, enabling organizations to maintain full audit trails on their sensitive data and meet TISAX standards. Administrators can report and search on a wide variety of events:

  • User account creation and user logins
  • Policy creation and deletion
  • Encryption key creation and deletion
  • File encryption and decryption
  • Key access requests and responses

Data Security Intelligence output can be viewed directly through the "Reporting" tab of the PKWARE Enterprise Manager console, picked up via SIEM agent, or retrieved via API for transformation and integration with the organization's other event logging data.

Up next: protecting personally identifiable information, and maintaining security while exchanging sensitive data.