International Federation of Airworthiness. Promoting AirworthinessInternationalImpartial
My Account
0
Items : 0
Subtotal : £0.00
View CartCheck Out
International Federation of Airworthiness. Promoting AirworthinessInternationalImpartial
My Account
0
Items : 0
Subtotal : £0.00
View CartCheck Out
Join The IFA
17
Sep
2025

Building a Cyber-Resilient Aviation System —A Training Guide to EASA Part-IS

Home Articles Building a Cyber-Resilient Aviation System —A Training Guide to EASA Part-IS

Building a Cyber-Resilient Aviation System —A Training Guide to EASA Part-IS

The aviation industry is increasingly reliant on interconnected systems, sensitive data, and coordinated processes. This makes information security a critical pillar of aviation safety. To address evolving risks from both digital and analogue threats, the European Union Aviation Safety Agency (EASA) introduced EASA Part-Information Security (IS), a regulatory framework designed to help aviation organisations and competent authorities manage information security and cyber risks effectively.

This regulation is part of Europe’s effort to ensure that aviation operations remain resilient against potential disruptions, whether caused by cyberattacks, physical breaches, or failures in information-handling processes.

The guide below provides insights into EASA Part-IS, the applicable regulations, who should participate in EASA Part-IS training, and the courses offered by JAA TO to help professionals navigate this essential framework.

As Rebekah Tanti-Dougall, JAA TO-qualified Part-IS instructor and cybersecurity expert, explains:

The aviation ecosystem is increasingly dependent on secure information flows. Protecting these systems is no longer optional—it is a core component of aviation safety. Through this training, we provide participants with a clear understanding of how to implement and oversee information security measures in alignment with EASA Part-IS.”

What is EASA Part-IS?

EASA Part-IS forms part of the European regulatory framework that focuses on the identification, management, and mitigation of information security risks in aviation. Its purpose is to safeguard both ICT systems and information processes, ensuring that data and communications fundamental to aviation safety remain protected against potential disruptions.

The regulation requires organisations and authorities in the aviation sector to establish, implement, and continuously improve an Information Security Management System (ISMS). This structured approach ensures that sensitive information is protected against threats ranging from cyber intrusions to analogue compromises such as unauthorised physical access or manipulation of data.

Part-IS also applies to competent authorities, requiring oversight bodies to monitor the implementation of ISMS within their remit.

Article content
Source: EASA

Key Provisions of the Part-IS Regulation

The EASA Part-ISregulation focuses on three core areas to help organisations protect their digital infrastructure:

1.) Identification and Management of Information Security Risks

Organisations must systematically identify, assess, and manage risks that could impact the ICT systems and aviation data used for operational purposes. This includes developing risk management strategies to mitigate potential cyber threats and ensuring the continued integrity of aviation systems.

2.) Detection and Response to Security Events

The regulation requires organisations to establish systems for early detection of information security events, which could indicate potential threats to aviation operations. Once an event is detected, organisations are required to take appropriate steps to respond and mitigate the risk, with procedures in place for recovery to ensure aviation safety.

3.) Incident Management and Recovery

Organisations must have procedures for responding to and recovering from information security incidents. The regulation ensures that recovery efforts are aligned with the severity of the impact, safeguarding the aviation system from extended disruptions that could compromise safety and operational efficiency.

Who Should Be Trained on EASA Part-IS?

The EASA Part-IS Training Portfolio is essential for a wide range of professionals in the aviation sector. JAA TO’s courses are designed to equip participants with the knowledge and skills to navigate and implement the Part-IS regulatory framework, whether they are responsible for operational compliance, oversight, or technical implementation.

The following groups should consider enrolling in EASA Part-IS training:

  • Civil Aviation Authorities (CAA)
  • Maintenance Organisations
  • CAMOs (Continuing Airworthiness Management Organisations)
  • Air Operators
  • ATCO Training Organisations
  • U-space Service Providers
  • Approved Training Organisations (ATOs)
  • Aircrew and Aeromedical Centres
  • FSTD Operators
  • IT Experts within Organisations

Importantly, Part-IS is not an IT-only project. Implementation requires collaboration across departments, with IT experts working alongside safety managers and operational staff to ensure an integrated and effective approach.

Article content

Available Course Formats and Structure

JAA TO offers a range of training formats to accommodate participants at different stages of their compliance journey with EASA Part-IS. These courses are designed to suit organisations, authorities, and individuals based on their needs and knowledge level.

1-Day Essentials Course

The 1-Day EASA Part-IS Essentials for Managers Course [LINK] provides an introductory overview of EASA Part-ISand is ideal for Directors, Policymakers, Oversight Managers, and anyone who needs a high-level understanding of the regulation. This training  offers a

3-Day General Course

The 3-Day EASA Part-IS [LINK] offers a more in-depth understanding of the Part-IS regulation, including detailed discussions on regulatory requirements, the role of authorities in oversight, and the practical steps institutions need to take to comply with Part-IS. This course is ideal for aviation organisations and authorities that need to understand the full scope of Part-ISand how to implement the regulation.

4-Day Implementation Course

The 4-Day Advanced EASA Part-IS – Implementation [LINK] is designed for those who are actively involved in the implementation of ISMSwithin their organisations or authorities, e.g. Tech Departments, IT Managers, Project Managers, etc. It covers:

  • Detailed interpretations of Part-ISrequirements
  • Case studies and practical examples to facilitate real-world application
  • Step-by-step guidance on implementation planning, prioritisation, and oversight responsibilities

This advanced course ensures that participants are fully equipped to manage the implementation process and oversee the application of Part-ISwithin their organisations or authorities.

Targeted Learning Objectives and Outcomes

By the end of the EASA Part-IS course, participants will be able to:

  • Recognise the importance of EASA Part-IS in enhancing aviation safety and ensuring cybersecurity
  • Explain the core requirements of EASA Part-IS, including risk management, detection, incident response, and recovery
  • Implement Part-IS requirements within their organisation or authority, and understand their oversight responsibilities
  • Navigate the relationship between EASA Part-IS, the EU Aviation Security Regulation, and the NIS2 Directive to create a unified compliance strategy
  • Identify how compliance with one framework (e.g., NIS2) can fulfil the requirements of another (e.g., Part-IS)
  • Understand how Part-IS relates to the EU Aviation Security Regulation and other EU directives without unnecessary overlap.

The Two Regulation’s Timelines: Delegated vs. Implementing

  • Regulation (EU) 2022/1645 (Delegated Regulation): This regulation applies to specific organisations such as production and design organisations, aerodrome operators, and ground handling organisations. The compliance deadline for these organisations is 16 October 2025. Ground handling organisations are required to comply within seven yearsfrom the regulation’s publication.
  • Regulation (EU) 2023/203 (Implementing Regulation): This regulation applies to maintenance organisations, CAMOs, air operators, ATCO training organisations, and several other entities within aviation. The compliance deadline for these organisations is 22 February 2026.
Article content
Source: JAA TO

Aligning Part-IS with Other Regulatory Frameworks

The EASA Part-IS regulation acknowledges that compliance with frameworks like NIS2 or the EU Aviation Security Regulation may fulfil certain Part-IS requirements, ensuring that organisations do not face redundant or overlapping compliance efforts. Through EASA Part-IS training [LINK], professionals will learn how to identify overlaps between these frameworks and develop a streamlined approach to compliance.

Cyberexpert Tanti-Dougall further elaborates:

“Our aim is not only to familiarise participants with the regulation, but also to bridge the gap between cybersecurity and aviation operations. By the end of the course, participants will be equipped to establish robust Information Security Management Systems that are aligned with regulatory expectations, international frameworks, and operational realities.”

JAA TO’s EASA Part-IS training is a critical resource for professionals tasked with implementing or overseeing information security systems in aviation. It provides a deep understanding of the Part-IS regulation and offers practical guidance on how to ensure compliance, manage information security risks, and build a secure digital infrastructure for aviation operations, and most importantly, safeguarding the aviation industry in an increasingly digital world.

For more information or to enrol in the EASA Part-IS training, click here [LINK]

My Cart

Latest Technical

Trump’s Transportation Secretary Sean P. Duffy & FAA Administrator Bryan Bedford Unveil New Agency Structure to Enhance Safety, Embrace Innovation, & Increase Transparency
3 February 2026
Montgomery Group advances its growth ambitions through the acquisition of Halldale Group and expands into the aviation and safety training sector
2 February 2026
UrbanLink Secures $200 Million Deal for Elfly’s NOEMI Electric Seaplanes to Transform Coastal Travel
30 January 2026

Newsletter

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings

  • Cookie Consent

Cookie Consent

We use cookies to help bring you the best viewing experience of our site. By clicking Accept, you agree to us doing so. Please see our full privacy policy here.

By entering data into any of our contact forms or signing in as a member you agree for IFA to store your credentials for use on the website and marketing.