Introduction
As aviation continues to embrace technological advancements, the need for robust cybersecurity measures has never been more critical.
The Cybersecurity PART- IS Implementation for EASA Approved Organizations (2-Day Training Program) is designed to provide professionals in the aviation industry with a comprehensive understanding of cybersecurity regulations and practices, specifically aligned with the European Union Aviation Safety Agency (EASA) requirements.
This course provides comprehensive guidance on risk management, compliance strategies, cyber incident response, structured risk mitigation, and ISMS development. Practical workshops and case studies will help participants integrate cybersecurity ensuring regulatory compliance and operational resilience.
This program will equip participants with the tools to assess and mitigate cyber risks in aviation systems, integrate cybersecurity into organizational safety management systems, and respond effectively to cyber incidents.
By the end of the training, participants will be prepared to implement a cybersecurity culture and ensure regulatory compliance within their organizations.
Who is the course for?
This training is designed for:
- Accountable Managers & Nominated Post Holders
- Safety, Compliance & Quality Managers
- IT & Cybersecurity Specialists in MROs
- Maintenance, Repair & Overhaul (MRO) Engineers & Managers
- Procurement, Supply Chain & Vendor Management Professionals
- Regulatory Compliance Officers & Auditors
What is the Benefit of this Training – What will I learn?
Enhanced Understanding of Regulatory Compliance and Requirements – Gain a deep understanding of EASA’s ISMS requirements under IS.I.OR.200, IS.I.OR.205, IS.I.OR.210, IS.I.OR.220, IS.I.OR.230, and IS.I.OR.235. Learn how to implement and maintain an ISMS that meets EASA standards and ensures operational compliance.
Improved Cyber Risk Management and Threat Mitigation Learn how to identify, assess, and mitigate cyber risks within your organization, including vulnerabilities in IT infrastructure and supply chains. Develop structured mitigation plans and incident prevention strategies tailored to aviation operations.
Strategic Integration of ISMS with Safety Management Systems (SMS) – Understand how to align and integrate your ISMS with existing safety management structures, ensuring a comprehensive approach to both operational and information security risks.
Enhanced Organizational Resilience Against Cyber Threats – Improve your organization’s ability to detect, respond to, and recover from cyber incidents. Develop a robust Cyber Incident Response Plan (CIRP) and understand the reporting requirements for internal and external stakeholders.
Practical Application of Industry-Recognized Frameworks – Gain hands-on knowledge of leading information security frameworks such as ISO 27001 and NIST CSF. Learn how to apply these frameworks to aviation-specific business areas to strengthen your security posture.
Supply Chain and Vendor Risk Management – Develop effective strategies to assess and manage cybersecurity risks associated with third-party vendors and supply chains, ensuring secure and resilient maintenance operations.
Actionable Insights from Real-World Case Studies – Analyze past aviation cybersecurity incidents to identify common vulnerabilities and effective responses. Apply lessons learned to improve your organization’s preparedness and resilience against future threats.
Detailed Content / Topics – The following Subjects will be addressed
Day 1:
– Reference Listing of Relevant Documentation EASA Aviation Cyber Security
– Role of ISMS in Aviation Safety
– Stakeholder Responsibilities: Management, Compliance, IT, Operations
– ISMS Requirements under IS.I.OR.200
– Developing an EASA-Compliant Information Security Management System (ISMS)
– Integration of ISMS with existing Safety Management Systems (SMS)
– Identifying ISMS Compliance Gaps within Organizational Business Areas
– Assessing Vulnerabilities in the Supply Chain and IT Infrastructure
Day 2:
– Risk assessment methodology (aligned with IS.I.OR.205)
– Cyber Risk Identification within your Organization – Workshop Task
– Cyber Risk Treatment & Mitigation Strategies – Developing Structured Mitigation Plans (aligned with IS.I.OR.210)
– Contracting Considerations for Cyber Risk Management (IS.I.OR.235)
– Conducting a Cybersecurity Risk Assessment
– Cybersecurity Incident Detection, Response – Cyber Incident Response Plan (CIRP)
– Cybersecurity Incident Classification and Response Levels
– Internal vs. External Incident Reporting Requirements (IS.I.OR.230)
– Case Studies: Aviation Cybersecurity Breaches – Examining Past Cyber Incidents In Aviation
– How Organizations Can Improve Cyber Resilience
Target groups
This course is designed for aviation professionals including Accountable Managers, Safety and Compliance Managers, IT and Cybersecurity specialists, MRO personnel, and regulatory auditors seeking to implement cybersecurity measures under EASA regulations.
Pre-requisites
Participants should have a foundational understanding of aviation operations and basic awareness of regulatory compliance, particularly within EASA-approved organizations.
Learning Objectives
- Understand and apply EASA cybersecurity regulations, including Regulation (EU) 2023/203 and NIS2 Directive, within aviation maintenance environments.
- Identify, assess, and mitigate cyber risks through the development of an Information Security Management System (ISMS) and conduct effective risk assessments.
- Prepare for and manage cyber incidents while fostering a cybersecurity-aware culture to ensure continuous compliance and operational resilience.
What do People Say about Sofema Aviation Services Training?
“I found satisfying answers to all my questions.”
“The instructor demonstrated very deep knowledge of the subject.”
“The content was really effective, I gained a lot of new knowledge.”
“The practical examples were perfectly delivered.”
Duration
2 days – Start at 09.00 and finish at 17.00, with appropriate refreshment breaks.
To register for this training, please email [email protected] or Call +359 28210806
