Cyber Security & Information Security Training for EASA Part 145 Organizations

Sofema Online (SOL) considers the training requirements to support EASA Part 145 Organizations in respect of Information and Cyber Security

Introduction to the Primary Objective – Ensure all levels of staff understand their roles and responsibilities in managing cyber security risks in compliance with Regulation (EU) 2023/203.

Accountable Executive & Leadership Team (C-Level)

Duration: 1 Day (Executive Briefing) Target Audience: Accountable Managers, Directors, C-Suite Executives

Key Learning Objectives:

1. Strategic Understanding of Regulation (EU) 2023/203
   • Overview of compliance requirements for EASA Part 145 organizations.
   • Deadline for implementation (February 2026) and strategic planning.
2. Cyber Security Risk Management at the Executive Level
   • Risk-based decision-making aligned with safety and operational priorities.
   • Integration of cyber security into the Safety Management System (SMS).
3. Incident Response and Leadership Roles
   • Executive responsibilities in a cyber incident.
   • Internal and external reporting obligations.
4. Resource Allocation & Compliance Oversight
   • Ensuring adequate funding and personnel for cyber security.
   • Role of the leadership team in governance and policy enforcement.

Delivery Method: Executive Workshop with case studies & strategic discussions.

Senior Managers (Department Heads, Compliance, Quality & Safety Managers)

Duration: 2 Days Target Audience: Quality Managers, Compliance Managers, CAMO Managers, IT Managers

Key Learning Objectives:

1. Regulatory Deep Dive: Compliance with (EU) 2023/203
   • Requirements for Information Security Management System (ISMS).
   • EASA expectations and oversight mechanisms.
2. Risk Assessment & Cyber Security Strategy
   • Identifying, assessing, and mitigating risks.
   • Supply chain risk management and vendor assessment.
3. Developing an Information Security Management System (ISMS)
   • Implementing policies and procedures.
   • Role of management in monitoring and continuous improvement.
4. Cyber Incident Response Planning
   • Internal & external reporting (IS.I.OR.230).
   • Crisis communication & business continuity planning.
5. Audits & Continuous Improvement
   • Compliance monitoring and internal audits.
   • Oversight responsibilities of senior management.

Delivery Method: Combination of lectures, workshops, and interactive case studies.

Supervisory Staff (Line Managers, Maintenance Leads, IT Security Coordinators)

Duration: 1.5 Days Target Audience: Maintenance Supervisors, IT Coordinators, Operational Team Leads

Key Learning Objectives:

1. Practical Implementation of Cyber Security Measures
   • Understanding cyber threats in maintenance environments.
   • Compliance with IS.I.OR.240 (Personnel awareness & responsibility).
2. Identifying and Responding to Cyber Threats
   • Recognizing potential threats (ransomware, phishing, insider risks).
   • Immediate actions required when a threat is detected.
3. Safe Handling of Digital Maintenance Records
   • Protecting maintenance software from cyber threats.
   • Ensuring system integrity & unauthorized access prevention.
4. Supply Chain & Third-Party Risk Awareness
   • Managing supplier risks & compliance with security requirements.
   • Verifying third-party cyber security measures.
5. Role in Incident Response & Reporting
   • Escalation procedures and communication with senior management.
   • Contributing to post-incident analysis and corrective actions.

Delivery Method: Hands-on workshops, role-playing exercises, scenario-based training.

Frontline Staff (Technicians, Engineers, Admin, General Employees)

Duration: 1 Day Target Audience: Engineers, Maintenance Technicians, Admin & Support Staff

Key Learning Objectives:

1. Cyber Security Awareness & Best Practices
   • Understanding common cyber threats in the aviation maintenance industry.
   • Recognizing phishing emails, malware, and social engineering.
2. Secure Work Practices
   • Handling sensitive maintenance data safely.
   • Importance of password security and access control.
3. Incident Identification & Reporting
   • What to do in case of suspected cyber threats.
   • Reporting procedures and escalation channels.
4. Compliance with Organizational Cyber Policies
   • Understanding internal security policies and personal responsibilities.
   • The role of individuals in ensuring compliance with (EU) 2023/203.
5. Basic Cyber Hygiene in Daily Operations
   • Using secure networks, avoiding unauthorized software, and recognizing suspicious activities.

Delivery Method: E-learning modules, practical demonstrations, awareness campaigns.

Next Steps

• Follow this link to our Library to find & download related documents for Free.
• See the following 2 day course-Implementing an Information Cyber Security Program in an EASA Part 145 Organization – 2 Days
  for comments or questions please email team@sassofia.com

Tags:

Cyber Incident Response Planning, Frontline Staff, secure networks, Cyber Policies, Secure Work Practices, Cyber Security Awareness, Maintenance Technicians, security requirements, Managing supplier risks, IT Security Coordinators, EASA Part 145, C-Suite Executives, Leadership Roles, Cyber Security Risk Management, Regulation (EU) 2023/203, BlogSeries, SAS blogs, Cyber Security, Accountable Managers