Blog

Sofema Aviation Services (SAS) Considers the Elements to be considered related to Information & Cyber Security Auditing within an EASA Part 145 Organisation As cybersecurity becomes a regulatory focus, EASA Part 145 audits will incorporate cyber resilience checks within maintenance organizations. National Aviation Authorities (NAAs) and internal compliance managers will be responsible for assessing the security of maintenance data, IT systems,…

Sofema Aviation Services (SAS) examines financial impacts of contractual clauses in aviation agreements. Introduction The financial consequences of contractual clauses within aviation agreements, such as Standard Ground Handling Agreements (SGHAs) and Maintenance Contracts, are significant and can directly impact operational costs and financial stability. Ambiguities in key terms, particularly in liability, indemnification, and service scope…

Sofema Aviation Services (SAS) considers a number of core documents used in support of EASA compliant cyber security initiatives. AMC 20-42 Airworthiness Information Security Risk Assessment Date: June 2023Description: Guidance for assessing airworthiness information security risks, including threats and mitigations. COMMISSION DELEGATED REGULATION (EU) 2022/1645 Date: July 2022Description: Rules for managing aviation information security risks impacting safety. COMMISSION IMPLEMENTING REGULATION (EU) 2023/203 Date: October 2022Description:…

Sofema Aviation Services (SAS) is considering the development of an EASA Part 145 Information Security Management (Cyber) System to ensure compliance while maintaining the existing headcount. Introduction In an EASA Part 145 organization, where recruitment is constrained, cyber security responsibilities must be managed effectively by leveraging existing resources, optimizing processes, and implementing automation. A typical EASA Part 145 organization with 100 employees can meet cyber security responsibilities under IS.I.OR.240 without additional recruitment by…