EASA Part-IS

Module 1: Introduction

• Participants & Instructor’s Introduction
• Course Overview
• Timetable
• Course information

Module 2: Setting the scene

• Introduction to Safety, Security and Information Security
• Interdependencies between safety and security in relation to information security events with a potential impact on safety
• Cyber-attacks carried out against the industry
• Importance of Training and Awareness, as well as reference to just culture, security culture and cyber security culture
• Reference to Information Sharing

Module 3: EASA Framework Decoded

• Understanding the European Aviation Regulatory Framework
• Rationale of EASA behind PART IS
• Introduction to ISMS

Module 4: Regulatory Framework

• Overview of the current regulatory framework including the security regulations and NIS 2 and their relation to PART IS
• EASA Opinion 3/2021 on the Management of Information Security Risks
• Commission Implementing Regulation (EU) 2023/203
• Commission Delegated Regulation (EU) 2022/1645]

Module 5: Part IS OR

• Part IS Organisation Requirements
• Guidance Material and Acceptable Means of Compliance

Module 6: Part IS AR

• Part IS Authority Requirements
• Guidance Material and Acceptable Means of Compliance

Module 7: Self-Assessment Questionnaire

• Review of 70 self-assessment questions to provide reflection on various aspects in the regulatory framework in relation to one’s entity, als with regard to where they are at currently, and the gaps identified to achieve compliance.

Upon completion of this course participants will be able to:

• Recognise the objective of the EASA regulatory framework and the importance thereof in relation to aviation safety.
• Explain the EASA Regulatory framework and the requirements relating to the Management of Information Security Risks.
• Describe what implementation requirements one is to apply in their authority or organisation, as well as with regard to oversight with regard to the competent authority.
• Understand the relationship between PART IS and other regulatory frameworks (Security Regulation and NIS 2) in order to avoid duplication and over-lapping where possible, and if such other frameworks apply to the organisation
• Gain a good understanding of the regulatory framework, including the AMC and Guidance Material.

Upon completion of this course participants will be able to:

• Recognise the objective of the EASA regulatory framework and the importance thereof in relation to aviation safety.
• Explain the EASA Regulatory framework and the requirements relating to the Management of Information Security Risks.
• Describe what implementation requirements one is to apply in their authority or organisation, as well as with regard to oversight with regard to the competent authority.
• Understand the relationship between PART IS and other regulatory frameworks (Security Regulation and NIS 2) in order to avoid duplication and over-lapping where possible, and if such other frameworks apply to the organisation
• Gain a good understanding of the regulatory framework, including the AMC and Guidance Material.

Essential: strong interest in achieving increased knowledge in the application of the new EASA Regulatory Framework on Information Security Management Systems (ISMS).  

Participants are kindly requested to bring a laptop to the course to access course material which will only be provided in electronic format