team@sassofia.com
team@sassofia.com

Cybersecurity Part- IS Implementation for EASA Approved Organizations – 3 Days

Introduction

As aviation continues to embrace technological advancements, the need for robust cybersecurity measures has never been more critical.

The Cybersecurity PART- IS Implementation for EASA Approved Organizations (3-Day Training Program) is designed to provide professionals in the aviation industry with a comprehensive understanding of cybersecurity regulations and practices, specifically aligned with the European Union Aviation Safety Agency (EASA) requirements.

This course provides comprehensive guidance on risk management, compliance strategies, cyber incident response, structured risk mitigation, and ISMS development. Practical workshops and case studies will help participants integrate cybersecurity ensuring regulatory compliance and operational resilience.

This program will equip participants with the tools to assess and mitigate cyber risks in aviation systems, integrate cybersecurity into organizational safety management systems, and respond effectively to cyber incidents.

By the end of the training, participants will be prepared to implement a cybersecurity culture and ensure regulatory compliance within their organizations.

Who is the course for?

This training is designed for:

  • Accountable Managers & Nominated Post Holders
  • Safety, Compliance & Quality Managers
  • IT & Cybersecurity Specialists in MROs
  • Maintenance, Repair & Overhaul (MRO) Engineers & Managers
  • Procurement, Supply Chain & Vendor Management Professionals
  • Regulatory Compliance Officers & Auditors

What is the Benefit of this Training – What will I learn?

a) Understand EASA Cybersecurity Regulations, including Regulation (EU) 2023/203, NIS2 Directive (EU) 2022/2555, and aviation-specific cybersecurity requirements.
b) Identify & Assess Cyber Risks within Part 145 maintenance environments, recognizing threats, vulnerabilities, and compliance challenges.
c) Develop & Implement an Information Security Management System (ISMS) aligned with EASA Part 145 requirements.
d) Conduct Cybersecurity Risk Assessments in compliance with IS.I.OR requirements.
e) Ensure External & Internal Cyber Incident Reporting, meeting EASA-mandated reporting requirements (IS.I.OR.230).
f) Navigate Cultural & Operational Challenges, addressing staff awareness and resistance to cybersecurity initiatives.
g) Work Through Practical Scenarios & Gap Analysis to identify compliance shortfalls and corrective actions.

Detailed Content / Topics – The following Subjects will be addressed

Day 1:

 Why Are Cybersecurity & Information Security Regulations Needed?

  • Overview of aviation cybersecurity risks
  • Understanding cyber threats in aircraft maintenance
  • EASA Regulatory Framework for cybersecurity
  • Summary of Regulation (EU) 2023/203, Directive (EU) 2022/2555 (NIS2), and other relevant regulations
  • Responsibilities & Accountabilities for EASA organizations (IS.I.OR.240)

 Understanding the Impact on EASA Part 145 Organizations

  • Cybersecurity challenges in aviation maintenance
  • Role of ISMS in aviation safety
  • Stakeholder responsibilities: management, compliance, IT, operations

 Developing an EASA-Compliant Information Security Management System (ISMS)

  • ISMS Requirements under IS.I.OR.200
  • Frameworks for ISMS: ISO 27001, NIST CSF
  • Integration of ISMS with existing Safety Management Systems (SMS)

 Workshop: ISMS Gap Analysis

  • Identifying compliance gaps within  Organisational Business Areas
  • Assessing vulnerabilities in the supply chain and IT infrastructure

 Cyber Risk Identification within your Organization – Introduction

  • Risk assessment methodology (aligned with IS.I.OR.205)
  • Types of cyber threats in aviation business areas
  • Mapping cyber risks to operations
  • Practical risk assessment tools & techniques

Day 2:

 Cyber Risk Treatment & Mitigation Strategies

  • Developing structured mitigation plans (aligned with IS.I.OR.210)
  • Incident prevention strategies
  • Best practices for security controls in maintenance operations
  • Cybersecurity & IT Infrastructure Management

 Cybersecurity & Supply Chain Risk Management

  • Managing third-party/vendor cybersecurity risks
  • Contracting considerations for cyber risk management (IS.I.OR.235)
  • Assessing supply chain vulnerabilities in aircraft maintenance

 Workshop: Conducting a Cybersecurity Risk Assessment

  • Participants will conduct a mock cyber risk assessment based on real-world case studies.

 Cybersecurity Incident Detection, Response, & Recovery (IS.I.OR.220)

  • Developing a Cyber Incident Response Plan (CIRP)
  • Internal vs. External Incident Reporting requirements (IS.I.OR.230)
  • Cybersecurity incident classification and response levels
  • Coordination with regulatory authorities (e.g., EASA, national agencies)

Day 3:

 Case Studies: Aviation Cybersecurity Breaches

  • Examining past cyber incidents in aviation
  • Lessons learned from real-world cyber threats
  • How organizations can improve cyber resilience

 Workshop: Cyber Incident Response Tabletop Exercise

 Building a Cyber-Aware Organizational Culture

  • Challenges of implementing cybersecurity awareness
  • Overcoming cultural resistance to cybersecurity measures
  • Cybersecurity training for staff & maintenance personnel (IS.I.OR.240)

 Developing an Information Security Manual (ISMM) (IS.I.OR.250)

  • Key components of an effective ISMM
  • How to document cyber policies & procedures
  • Aligning ISMM with Part 145 compliance standards

 Continuous Improvement & Cybersecurity Audits

  • Monitoring and improving cybersecurity measures (IS.I.OR.260)
  • Conducting internal cybersecurity audits & assessments
  • Tracking compliance with EASA & NIS2 Directive requirements

 Final Case Study & Action Plan Development

  • Participants develop an implementation roadmap for their organizations.
  • Peer review & expert feedback on implementation plans.

 Debrief & Close

  • Q&A session
  • Final discussion on compliance roadmap

Target groups

This course is designed for aviation professionals including Accountable Managers, Safety and Compliance Managers, IT and Cybersecurity specialists, MRO personnel, and regulatory auditors seeking to implement cybersecurity measures under EASA regulations.

Pre-requisites

Participants should have a foundational understanding of aviation operations and basic awareness of regulatory compliance, particularly within EASA-approved organizations.

Learning Objectives

  • Understand and apply EASA cybersecurity regulations, including Regulation (EU) 2023/203 and NIS2 Directive, within aviation maintenance environments.
  • Identify, assess, and mitigate cyber risks through the development of an Information Security Management System (ISMS) and conduct effective risk assessments.
  • Prepare for and manage cyber incidents while fostering a cybersecurity-aware culture to ensure continuous compliance and operational resilience.

What do People Say about Sofema Aviation Services Training?

“I found satisfying answers to all my questions.”
“The instructor demonstrated very deep knowledge of the subject.”
“The content was really effective, I gained a lot of new knowledge.”
“The practical examples were perfectly delivered.”

Duration

3 days – Start at 09.00 and finish at 17.00, with appropriate refreshment breaks.

To register for this training, please email team@sassofia.com or Call +359 28210806

Download PDF Enquire

Based in Sofia, Bulgaria, SAS is a Global, Professional, Airline, MRO and Ground Operations, Support, Consulting and Training Company. We offer qualified and experienced Industry professionals and subject matter experts.

How to find us

Please see our contact page for details and location map

sofema aviation services

Subscribe

Please provide your email to subscribe for our newsletters.

  • This field is for validation purposes and should be left unchanged.

Copyrights © 2025 Sofema Aviation Services