EASA Part-IS – Information Security Management for Aviation Operations Image
Program

EASA Part-IS – Information Security Management for Aviation Operations

Self-paced

Sorry! The enrollment period is currently closed. Please check back soon.

Full program description

EASA Part-IS – Information Security Management for Aviation Operations

Course Overview

This course provides a structured and practical understanding of EASA Part-IS, focusing on information security management within aviation organisations. It covers regulatory requirements, risk management, incident response, and implementation strategies to ensure cybersecurity resilience in aviation operations.

Learning Objectives

  • Understand the fundamentals of safety, security, and cybersecurity in aviation.
  • Explain the EASA regulatory framework and Part-IS requirements.
  • Identify roles and responsibilities within an Information Security Management System (ISMS).
  • Perform information security risk assessment and treatment.
  • Understand incident detection, reporting, and response processes.
  • Integrate ISMS with existing Safety Management Systems (SMS).
  • Apply Part-IS requirements within organisational environments.
  • Analyse real-world aviation cybersecurity incidents.

Course Modules

Module 1: Safety, Security, and Cyber Risk in Aviation

  • 1.1 Introduction to Safety, Security, and Information Security
  • 1.2 Relationship Between Safety and Security in Aviation
  • 1.3 Cyber incidents and attacks affecting the aviation industry
  • 1.4 Cybersecurity Culture: Building a Security Mindset
  • 1.5 Importance of Training, Awareness, and Information sharing
  • 1.6 Information Security Management Systems in the Aviation Context

Module 2: EASA Regulatory Framework

  • 2.1 Overview of the European Aviation Regulatory Framework
  • 2.2 EASA’s Role in Information Security
  • 2.3 What Is EASA Part-IS?
  • 2.4 Objectives and Scope of Part-IS
  • 2.5 Organisations affected by Part-IS
  • 2.6 Compliance timelines and implementation milestones
  • 2.7 Commission Delegated Regulation (EU) 2022/1645
    • ANNEX - Organisation Requirements [PART-IS.D.OR]
  • 2.8 Commission Implementing Regulation (EU) 2023/203
    • ANNEX I - Authority Requirements [PART-IS.AR]
    • ANNEX II – Organisation Requirements [PART-IS.I.OR]
  • 2.9 Harmonisation with global cybersecurity initiatives

Module 3: Part-IS.AR (Annex I – Authority Requirements)

  • 3.1 IS.AR.100: Scope
  • 3.2 IS.AR.200: Information security management system (ISMS)
  • 3.3 IS.AR.205: Information security risk assessment
  • 3.4 IS.AR.210: Information security risk treatment
  • 3.5 IS.AR.215: Information security incidents – detection, response, and recovery
  • 3.6 IS.AR.220: Contracting of information security management activities
  • 3.7 IS.AR.225: Personnel requirements
  • 3.8 IS.AR.230: Record-keeping
  • 3.9 IS.AR.235: Continuous improvement

Module 4: Part-IS.I.OR (Annex II – Organisation Requirements)

  • 4.1 IS.I.OR.100: Scope
  • 4.2 IS.I.OR.200: Information security management system (ISMS)
  • 4.3 IS.I.OR.205: Information security risk assessment
  • 4.4 IS.I.OR.210: Information security risk treatment
  • 4.5 IS.I.OR.215: Information security internal reporting scheme
  • 4.6 IS.I.OR.220: Information security incidents – detection, response, and recovery
  • 4.7 IS.I.OR.225: Response to findings notified by the competent authority
  • 4.8 IS.I.OR.230: Information security external reporting scheme
  • 4.9 IS.I.OR.235: Contracting of information security management activities
  • 4.10 IS.I.OR.240: Personnel requirements
  • 4.11 IS.I.OR.245: Record-keeping
  • 4.12 IS.I.OR.250: Information security management manual (ISMM)
  • 4.13 IS.I.OR.255: Changes to the information security management system
  • 4.14 IS.I.OR.260: Continuous improvement

Module 5: Practical Application Part-IS within Organisation

  • 5.1 Introduction to Practical Application of Part-IS
  • 5.2 Roles, responsibilities, and governance
  • 5.3 Integrating ISMS with existing SMS
  • 5.4 Assets, suppliers, and infrastructure vulnerabilities and contracting and supplier controls
  • 5.5 Risk Assessment in Practice
  • 5.6 Risk Treatment & Mitigation Planning
  • 5.7 Incident detection and response planning (CIRP)
  • 5.8 Incident classification and response levels
  • 5.9 Reporting obligations and interfaces
  • 5.10 Continuous improvement and resilience
  • 5.11 Compliance Gap Analysis and Checklist

Module 6: Challenges, Best Practices, and Opportunities

  • 6.1 Challenges in Integrating Part-IS within Aviation Organisations
  • 6.2 Integration with Existing Management Systems
  • 6.3 Best Practices for Effective Part-IS Implementation
  • 6.4 Cybersecurity Maturity and Continuous Improvement Framework
  • 6.5 Organisational Resilience and Competitive Advantage

Module 7: Case Studies

  • 7.1 British Airways Data Breach (2018)
  • 7.2 Cathay Pacific Data Breach (2018)
  • 7.3 SITA Passenger Service System Breach (2021)

Who Should Attend

  • Information security and cybersecurity professionals in aviation
  • CAMO and Part-145 personnel
  • Quality and compliance managers
  • Airline operational and IT staff
  • Aviation students and regulatory professionals

Final Assessment & Certification

Upon completion, participants will take a final assessment to demonstrate their understanding. A Certificate of Completion will be awarded to those who meet the passing criteria.

  • Mode: Online
  • Course Duration: 240 Minutes
  • Validity: 365 Days
  • We carefully evaluate the candidates taking up this course. Email us at info@academyaviationonline.com and share your interest in taking up this course.