ClassroomOnline

EASA Part-IS – Information Security Management Systems (ISMS)

Language: English, French, Portuguese
Duration:
3 Days
Download brochure
Full name *
Fill out this field
Email *
Fill out this field

Description

This course provides participants with a thorough understanding of the EASA Regulatory Framework on Information Security Management Systems (ISMS), focusing on both implementation and oversight. It is designed to help regulatory authorities and aviation organisations comprehend the purpose, scope, and practical application of Part-IS and its supporting material, including AMC and guidance documents.

Through a structured exploration of safety-security interdependencies, cyber risk awareness, and current European regulations, participants will develop the necessary insight to establish effective ISMS practices within their organisation or authority. The course also includes a practical self-assessment exercise to identify existing compliance gaps and prioritise future action.

Key Topics

Key Topics

Module 1: Introduction

  • Welcome and course overview

  • Expectations and course objectives

  • Introduction of instructor and participants

Module 2: Setting the Scene

  • The role of information security in aviation

  • Interdependency between safety, security, and information security

  • Real-life cyber incidents affecting aviation

  • Building a just, security, and cyber security culture

  • Importance of information sharing and awareness training

Module 3: EASA Framework Decoded

  • Understanding the European aviation regulatory environment

  • The rationale behind EASA Part-IS

  • Introduction to Information Security Management Systems (ISMS)

Module 4: Regulatory Framework

  • Overview of relevant EU regulations (e.g., NIS 2, security regulations)

  • EASA Opinion 3/2021 on information security risk management

  • Review of key regulations:

    • Commission Implementing Regulation (EU) 2023/203

    • Commission Delegated Regulation (EU) 2022/1645

Module 5: Part IS-OR – Organisation Requirements

  • Specific organisational requirements under Part-IS

  • Understanding the Acceptable Means of Compliance (AMC) and Guidance Material

Module 6: Part IS-AR – Authority Requirements

  • Oversight obligations of competent authorities

  • AMC and guidance relevant to national authorities

Module 7: Self-Assessment Questionnaire

  • Review and discussion of 70+ regulatory self-assessment questions

  • Gap analysis exercise for organisational or authority readiness

  • Identification of improvement areas to ensure compliance

Objectives

By the end of this course, participants will be able to:

  • Understand the objectives and scope of the EASA regulatory framework on information security

  • Explain the structure and content of Part-IS and how it relates to other EU regulatory frameworks (e.g., NIS 2)

  • Identify implementation requirements for both organisations and authorities

  • Gain practical insights into compliance expectations, including AMCs and Guidance Material

  • Conduct a self-assessment to evaluate current ISMS practices and detect areas for improvement

  • Promote an integrated information security culture within aviation organisations

Targe Audience

This course is intended for professionals working in:

  • Civil Aviation Authorities (CAAs)

  • Approved Organisations, including:

    • Maintenance organisations

    • CAMOs

    • Air Operators

    • U-Space Service Providers

    • Air Traffic Control and Aircrew Training Organisations

    • Aeromedical Centres and FSTD Operators

Certificate

Upon completion, participants receive
a certificate of achievement.

Contact us

Fill out this field
Please enter a valid email address.

Other trainings

ClassroomOnline

Aviation Security for Mail and Cargo

This comprehensive course provides in-depth training on the principles, regulatory requirements, and best practices for ensuring the security of mail…
AirlineAirportCivil Aviation AuthoritiesSecurity