team@sassofia.com
team@sassofia.com

Implementing an Information Cyber Security Program in an EASA Part 145 Organization – 2 Days

Introduction

This 2-day comprehensive training program is designed to provide aviation professionals with a thorough understanding of information security concepts and their critical role in aviation safety. Participants will gain both foundational knowledge and role-specific expertise in managing information security risks and ensuring compliance with relevant regulations.

The program focuses on empowering staff to implement effective reporting and incident management practices, in alignment with Part IS.I.OR.215 and IS.I.OR.230. It also aims to equip attendees with specialized skills tailored to their roles, while establishing a framework for continuous improvement in information security management within an EASA Part 145 organization.

Who is the course for?

This training is tailored for aviation professionals within EASA Part 145 organizations, including Accountable Managers and Nominated Persons (NP), IT and Maintenance Personnel, Compliance Monitoring Managers and Auditors, Safety and Security Managers, and Administrative Staff involved in information handling. Each participant will gain the knowledge and skills necessary to effectively manage information security within their respective roles.

What is the Benefit of this Training – What will I learn?

a) Essential Knowledge: Understand the core principles of information security and its crucial role in aviation safety.
b) Compliance Expertise: Gain a clear understanding of EASA Part IS regulations to ensure your organization meets all regulatory requirements.
c) Risk Management Skills: Learn how to identify, manage, and mitigate information security risks effectively.
d) Incident Response Strategies: Develop effective incident response plans and risk mitigation strategies to address security challenges.
e) Tailored Insights: Participate in role-specific workshops and case studies to enhance readiness for both cyber and physical security challenges.

Detailed Content / Topics – The following Subjects will be addressed

Day 1: Information Security Foundations
Cyber Threat Landscape: Understanding phishing, ransomware, data breaches, and insider threats (both intentional and accidental).
Physical Security Threats: Addressing risks like unauthorized access and device loss.
Employee Roles and Responsibilities:
-Safeguarding sensitive data and identifying unusual system activity.
-Recognizing phishing indicators and physical breaches.
Information Security Management System (ISMS):
-Daily tasks and responsibilities for staff at all levels.
-Introduction to reporting tools, escalation processes, and documentation requirements.
Incident Awareness and Response:
-Identifying security events and understanding the notification hierarchy.
-Reviewing real-world aviation-related incidents to highlight risks and consequences.
Interactive Role-Specific Workshops:
-Tailored activities for IT staff, maintenance personnel, and administrative staff.
-Simulated phishing scenarios and mock incident reporting exercises.

Day 2: Reporting and Incident Management Procedures
Incident Escalation and Reporting:
-Understanding the chain of command and internal ticketing systems.
-Criteria for reportable incidents and documentation of immediate actions.
Regulatory Compliance:
-Requirements for notifying EASA or competent authorities.
-Detailed timelines and procedures for external reporting.
Incident Response Plan (IRP):
-Key roles and responsibilities during containment, mitigation, and recovery.
-Post-incident reviews, lessons learned, and process improvement.
Advanced Risk Management:
-Identifying and addressing cyber and physical threats to IT systems and sensitive data.
-Root cause analysis and secure data handling practices.
Strategic Insights:
-Integrating Part-IS compliance with business continuity planning.
-Exploring the long-term impacts of effective information security management on organizational resilience.

Learning Objectives

  • Build foundational knowledge of information security concepts and their aviation-specific relevance.
  • Ensure compliance with Part IS.I.OR.215 and IS.I.OR.230 through robust reporting and incident management practices.
  • Equip staff with role-specific expertise for proactive risk management and ongoing improvement.

Target Groups

The target groups for this training include Accountable Managers, Nominated Persons (NP), IT and Maintenance Personnel, Compliance Monitoring Managers and Auditors, Safety and Security Managers, and Administrative Staff involved in information handling within EASA Part 145 organizations.

Pre-requisites

The pre-requisites for this training include role-specific knowledge within an EASA Part 145 organization, and familiarity with regulatory requirements and internal security procedures.

What do People Say about Sofema Aviation Services Training?

“The course content was highly relevant and well-presented.”

“Interactive sessions helped clarify key concepts.”

The instructor’s practical examples brought the material to life.”

Duration

2 days – Start at 09.00 and finish at 17.00, with appropriate refreshment breaks.

To register for this training, please email team@sassofia.com or Call +359 28210806

Download PDF Enquire

Based in Sofia, Bulgaria, SAS is a Global, Professional, Airline, MRO and Ground Operations, Support, Consulting and Training Company. We offer qualified and experienced Industry professionals and subject matter experts.

How to find us

Please see our contact page for details and location map

sofema aviation services

Subscribe

Please provide your email to subscribe for our newsletters.

  • This field is for validation purposes and should be left unchanged.

Copyrights © 2025 Sofema Aviation Services