Our case studies provide insight into real client projects, for example audit-compliant session recording in aviation logistics, and show how our solutions perform in daily operations. We describe the initial situation, requirements and implementation, and make the added value visible through concrete results. In this way, you gain an authentic impression of how modern IT and security solutions are used in diverse organisations. We thank our clients for their trust and their willingness to share their experiences publicly.
With Simon Hegele Gesellschaft für Logistik und Service mbH, we show how an international logistics provider implements audit-compliant session recording in accordance with the Aviation Security Act (LuftSiG). The focus is on tamper-proof evidence and the four-eyes principle. Moreover, we present how these measures map to NIS2 and ISO/IEC 27001. The emphasis is on verifiable proof for audits, reviews and official inspections, because simple logs are insufficient for robust reconstruction.
About Simon Hegele
Simon Hegele Gesellschaft für Logistik und Service mbH is an international provider of logistics and services, active in industry, healthcare and contract logistics. The company handles sensitive customer and order data and operates cross-site IT systems for warehouse management, transport and customer-specific value-added services. At sites close to aviation, the requirements of the Aviation Security Act (LuftSiG) take on particular significance: consequently, the company must ensure audit-compliant session recording that is traceable, verifiable and documented in a tamper-proof manner. At the same time, the implemented measures map consistently to NIS2 and ISO/IEC 27001.
Initial Situation & Motivation
In aviation-adjacent processes, notably in the air cargo environment, secure supply chains and IT systems with restricted access, Simon Hegele is subject to the provisions of the Aviation Security Act (LuftSiG). These demand comprehensive traceability of sensitive access, clear responsibilities and the ability for ex post review by internal bodies or authorities. However, classic system logs were not sufficient for this purpose. First, the specific user activities could not be reconstructed in an evidential manner. Second, a suitable technical solution for the four-eyes principle was lacking. The goal was therefore to establish audit-compliant session recording that produces tamper-proof evidence, valid for audits and external inspections. In parallel, the measures had to be designed to deliberately support the requirements of NIS2 and ISO/IEC 27001.
Sebastian Frank
Head of IT Operations
Challenge
Three key requirements were paramount:
- Audit-compliant session recording: complete and immutable capture of privileged sessions for subsequent reconstruction, especially on aviation-related IT systems.
- Four-eyes principle & organisational control: separation between operations and oversight, with traceable approval and review processes.
- Regulatory evidence (LuftSiG with mapping to NIS2 & ISO 27001): technical artefacts attesting to access, identity verification and system use, aligned to the needs of internal audit, external auditors and authorities.
The logging and monitoring mechanisms used to date provided only fragmentary information. As a result, conclusive evidence in the sense of the LuftSiG was not achievable with these tools.
Objectives
Solution
To address these requirements, Simon Hegele deployed the Syteca platform as a solution for audit-compliant session recording, audit trail and control mechanisms. In particular, the deliberate focus was on the complete and tamper-proof recording of privileged sessions. Syteca thus makes it possible to demonstrate who accessed which sensitive systems, when, from where and in what context. This represents a core requirement of the LuftSiG. Furthermore, the evidence generated maps directly to the requirements of NIS2 and ISO/IEC 27001.