EASA Part-IS – Information Security Management for Aviation Operations

HomeCoursesEASA Part-IS – Information Security Management for Aviation Operations

EASA Part-IS - Information Security Management for Aviation Operations

Course Overview

This course provides a structured and practical understanding of EASA Part-IS, focusing on information security management within aviation organisations. It covers regulatory requirements, risk management, incident response, and implementation strategies to ensure cybersecurity resilience in aviation operations.

EASA Part IS

Learning Objectives

  • Understand the fundamentals of safety, security, and cybersecurity in aviation.
  • Explain the EASA regulatory framework and Part-IS requirements.
  • Identify roles and responsibilities within an Information Security Management System (ISMS).
  • Perform information security risk assessment and treatment.
  • Understand incident detection, reporting, and response processes.
  • Integrate ISMS with existing Safety Management Systems (SMS).
  • Apply Part-IS requirements within organisational environments.
  • Analyse real-world aviation cybersecurity incidents.

Course Modules

Module 1: Safety, Security, and Cyber Risk in Aviation

  • 1.1 Introduction to Safety, Security, and Information Security
  • 1.2 Relationship Between Safety and Security in Aviation
  • 1.3 Cyber incidents and attacks affecting the aviation industry
  • 1.4 Cybersecurity Culture: Building a Security Mindset
  • 1.5 Importance of Training, Awareness, and Information sharing
  • 1.6 Information Security Management Systems in the Aviation Context

Module 2: EASA Regulatory Framework

  • 2.1 Overview of the European Aviation Regulatory Framework
  • 2.2 EASA’s Role in Information Security
  • 2.3 What Is EASA Part-IS?
  • 2.4 Objectives and Scope of Part-IS
  • 2.5 Organisations affected by Part-IS
  • 2.6 Compliance timelines and implementation milestones
  • 2.7 Commission Delegated Regulation (EU) 2022/1645
  • ANNEX - Organisation Requirements [PART-IS.D.OR]
  • 2.8 Commission Implementing Regulation (EU) 2023/203
  • ANNEX I - Authority Requirements [PART-IS.AR]
  • ANNEX II – Organisation Requirements [PART-IS.I.OR]
  • 2.9 Harmonisation with global cybersecurity initiatives

Module 3: Part-IS.AR (Annex I – Authority Requirements)

  • 3.1 IS.AR.100: Scope
  • 3.2 IS.AR.200: Information security management system (ISMS)
  • 3.3 IS.AR.205: Information security risk assessment
  • 3.4 IS.AR.210: Information security risk treatment
  • 3.5 IS.AR.215: Information security incidents – detection, response, and recovery
  • 3.6 IS.AR.220: Contracting of information security management activities
  • 3.7 IS.AR.225: Personnel requirements
  • 3.8 IS.AR.230: Record-keeping
  • 3.9 IS.AR.235: Continuous improvement

Module 4: Part-IS.I.OR (Annex II – Organisation Requirements)

  • 4.1 IS.I.OR.100: Scope
  • 4.2 IS.I.OR.200: Information security management system (ISMS)
  • 4.3 IS.I.OR.205: Information security risk assessment
  • 4.4 IS.I.OR.210: Information security risk treatment
  • 4.5 IS.I.OR.215: Information security internal reporting scheme
  • 4.6 IS.I.OR.220: Information security incidents – detection, response, and recovery
  • 4.7 IS.I.OR.225: Response to findings notified by the competent authority
  • 4.8 IS.I.OR.230: Information security external reporting scheme
  • 4.9 IS.I.OR.235: Contracting of information security management activities
  • 4.10 IS.I.OR.240: Personnel requirements
  • 4.11 IS.I.OR.245: Record-keeping
  • 4.12 IS.I.OR.250: Information security management manual (ISMM)
  • 4.13 IS.I.OR.255: Changes to the information security management system
  • 4.14 IS.I.OR.260: Continuous improvement

Module 5: Practical Application Part-IS within Organisation

  • 5.1 Introduction to Practical Application of Part-IS
  • 5.2 Roles, responsibilities, and governance
  • 5.3 Integrating ISMS with existing SMS
  • 5.4 Assets, suppliers, and infrastructure vulnerabilities and contracting and supplier controls
  • 5.5 Risk Assessment in Practice
  • 5.6 Risk Treatment & Mitigation Planning
  • 5.7 Incident detection and response planning (CIRP)
  • 5.8 Incident classification and response levels
  • 5.9 Reporting obligations and interfaces
  • 5.10 Continuous improvement and resilience
  • 5.11 Compliance Gap Analysis and Checklist

Module 6: Challenges, Best Practices, and Opportunities

  • 6.1 Challenges in Integrating Part-IS within Aviation Organisations
  • 6.2 Integration with Existing Management Systems
  • 6.3 Best Practices for Effective Part-IS Implementation
  • 6.4 Cybersecurity Maturity and Continuous Improvement Framework
  • 6.5 Organisational Resilience and Competitive Advantage

Module 7: Case Studies

  • 7.1 British Airways Data Breach (2018)
  • 7.2 Cathay Pacific Data Breach (2018)
  • 7.3 SITA Passenger Service System Breach (2021)

Who Should Attend?

  • Information security and cybersecurity professionals in aviation
  • CAMO and Part-145 personnel
  • Quality and compliance managers
  • Airline operational and IT staff
  • Aviation students and regulatory professionals

Final Assessment & Certification

Participants will complete an assessment to evaluate their understanding of human factors principles and their application in maintenance operations. Successful participants will receive a Certificate of Completion.

Have Any Queries?

    Contact Us
    Locate Us

    Ste 201, 551 S. Apollo Blvd, Melbourne, FL 32901, USA

    Call Us Today

    +1 (702) 292-3240

    Get In To Inbox
    info@academyaviationonline.com