Site icon Graylog

Centralized Log Management for TISAX Compliance

What is the Trusted Information Security Assessment Exchange (TISAX)?

The Trusted Information Security Assessment Exchange (TISAX) is the certification process for engaging in the Verband der Automobilindustrie (VDA), the German Association of the Automotive Industry, Information Security Assessment (ISA). The ENX Association, a collection of automobile manufacturers, suppliers, and four national automotive associations, established TISAX to create an overarching industry standard and make reporting more efficient.


The ENX Association provides governance for TISAX by:


Aligned to the International Organization for Standardization (ISO) 27000-series and the General Data Protection Regulation (GDPR), the VDA ISA acts as the basis for:


The VDA ISA establishes five maturity levels for measuring an organization’s controls:


Who does TISAX apply to?

TISAX applies to any organization providing products and services across the automotive industry supply chain including Original Equipment Manufacturers (OEMs) and their business partners, including those who provide:


TISAX identifies the following assessment levels:


What are the key provisions of TISAX?

The VDA ISA consists of three sections:

Information security

The information security requirements include the following categories:


Prototype Protection

While many of the controls within this section focus on physical security, several also related to data and digital systems:

Data Protection

While the Data Protection category references the information security category, it focuses on personally identifiable information with additional questions for organizations that act as processors under GDPR Article 28. These protections include:


VDA ISA Event Log Requirements

The VDA ISA incorporates specific requirements for handling and managing event logs. ISA requirement 5.2.4 states:

Event logs support the traceability of events in case of a security incident. This requires that events necessary to determine the causes are recorded and stored. In addition, the logging and analysis of activities in accordance with applicable legislation (e.g. Data Protection or Works Constitution Act) is required to determine which user account has made changes to IT systems.


According to the ISA, the “must-haves” are:


Further, the ISA identifies the following “should-haves”:


Additional requirements for data that requires high protection needs include:


For data with very high protection needs, the ISA requires organizations to log any access to data of very high protection needs as far as technically feasible and legally permissible.


Centralized Log Management with Security Analytics for TISAX compliance

Implementing a centralized log management solution with security analytics streamlines your TISAX audit by providing visibility into:

Paired with user and entity behavior analytics (UEBA), you achieve further capabilities for:

Access Monitoring

Ingesting entity and access management (IAM) tool logs into your centralized log management solution and pairing that with UEBA enables you to manage:

Network Security

Your centralized log management solution aggregates, correlates, and analyzes data generated from various network security monitoring tools, enabling high-fidelity alerts indicating a potential security incident.


For example, you can combine firewall data with intrusion detection system (IDS)/Intrusion prevention system (IPS) for information about suspicious traffic and potential evasion techniques.

Integrating this with security analytics enables you to define baselines for normal traffic that enhance detections for abnormal activity.



Data Exfiltration

Building dashboards infused with security analytics enables you to create high-fidelity alerts that incorporate threat intelligence. With the ability to combine network monitoring, antivirus logs, and UEBA, you can create detection rules for anomalous data downloads that could mean a potential incident.

Incident Response and Automated Threat Hunting


To implement proactive monitoring, you can create queries using parameters rather than specific value, you can optimize your searches to gain real-time insights and answers. Automating these searches enables advanced threat hunting for visibility into:

Compliance reporting

You can build dashboards that collect the information an ISA audit requires, reducing the time it takes to respond to document requests. Further, you can build reports that enable your leadership team to evaluate a security incident.


For example, a dashboard can show:

Graylog Security: Security analytics for TISAX compliance

Graylog Security’s intuitive user interface enables you to create the high-fidelity detections that prove your information security and data protection processes achieve their objectives. With our analytics, anomaly detection, prebuilt search templates, dashboards, correlated alerts, and dynamic look-up tables, you gain all the value of a security incident and event management (SIEM) technology without the associated costs and complexity.


To see how Graylog Security can help you achieve your TISAX certification, contact us today.

Exit mobile version