team@sassofia.com
team@sassofia.com

Part 145 Cyber Security Implementation – 2 Days

Introduction

As the aviation industry becomes increasingly digitalized, cybersecurity and information security have emerged as critical regulatory priorities. Regulation (EU) 2023/203 mandates that EASA Part 145 organizations establish an Information Security Management System (ISMS) to ensure compliance by February 2026.

This 2-day intensive training focuses on the implementation of cybersecurity measures, covering risk assessment, compliance strategies, structured risk mitigation, and cyber incident response. Participants will gain practical skills to integrate cybersecurity within their EASA Part 145 maintenance organizations, ensuring regulatory compliance and operational resilience.

Who is the course for?

This training is suitable for Accountable Managers & Nominated Post Holders, Safety, Compliance & Quality Managers, IT & Cybersecurity Specialists in MROs, Maintenance, Repair & Overhaul (MRO) Engineers & Managers, Procurement, Supply Chain & Vendor Management Professionals, and Regulatory Compliance Officers & Auditors.

What is the Benefit of this Training – What will I learn?

a) Understand EASA Cybersecurity Regulations – including Regulation (EU) 2023/203, NIS2 Directive (EU) 2022/2555, and relevant aviation cybersecurity requirements.
b) Identify & Assess Cyber Risks – Recognize threats, vulnerabilities, and compliance challenges within Part 145 maintenance environments.
c) Implement Cybersecurity Risk Management – Conduct structured risk assessments aligned with EASA IS.I.OR requirements.
d) Develop an Information Security Management System (ISMS) – Establish an effective security framework in compliance with EASA Part 145.
e) Understand External & Internal Cyber Incident Reporting – Ensure compliance with EASA-mandated reporting requirements (IS.I.OR.230).
f) Navigate Cultural & Operational Challenges – Manage staff awareness and resistance to cybersecurity implementation.
g) Work Through Practical Scenarios & Gap Analysis – Identify compliance shortfalls and corrective actions through real-world case studies.

Detailed Content / Topics – The following Subjects will be addressed

Why Are We Seeing EASA Mandated Regulations Related to Information Security and Cyber Security?

What Will This Mean for European Aviation?
General Introduction – Part 145 Information Security
Regulatory Drivers for Information Security – EASA Part 145
Summary of Directive (EU) 2022/2555 (NIS2 Directive)
Reference Listing of Relevant Documentation – EASA Aviation Cyber Security
EASA Part 145 Information Security Duties, Accountabilities, Responsibilities (IS.I.OR.240)
Part 145 – Gap Analysis – Information Security & Cybersecurity
The Potential for Information Security / Cyber Exposure in Aircraft Maintenance
Identifying and Assessing Cyber Risks within EASA Part 145 Organizations
Information Security Reporting Criteria – External & Internal (IS.I.OR.230)
Information & Cyber Security – Structured Risk Assessment Considerations
Guidance for EASA Part 145 Compliant Information Security Manual
Considering Cultural Resistance & Staff Awareness in EASA Part 145 Cybersecurity Implementation
Cyber Security & Information Security Training for EASA Part 145 Organizations
Debrief & Close

Pre-requisites

The pre-requisites for this training include a basic understanding of EASA Part 145 regulations, foundational cybersecurity concepts, and experience in aviation maintenance or regulatory compliance.

Target group

The target groups for this training include Accountable Managers, Safety and Compliance Managers, IT and Cybersecurity Specialists in MROs, MRO Engineers and Managers, Procurement and Vendor Management Professionals, and Regulatory Compliance Officers.

Learning Objectives

a)Understand EASA cybersecurity regulations, including Regulation (EU) 2023/203 and the NIS2 Directive.
b)Identify and assess cyber risks within EASA Part 145 maintenance environments.
c)Develop and implement an Information Security Management System (ISMS) in compliance with EASA requirements.
d)Gain practical skills in cyber incident response, reporting, and managing compliance challenges.

What do People Say about Sofema Aviation Services Training?

β€œI found satisfying answers to all my questions.”
β€œThe instructor demonstrated a very deep knowledge of the subject.”
β€œThe length of the course fits my needs and expectations.”
β€œThe content was really effective, I gained a lot of new knowledge.”
β€œThe practical examples were perfectly delivered.”

Duration

Delivery Mode: Available onsite or virtual via Sofema Online

Duration: 2 Days – 09:00 to 17:00 (with refreshment breaks)

πŸ“§ Register Now: team@sassofia.com

πŸ“ž Call: +359 28210806

Ensure Compliance Before the February 2026 EASA Deadline – Secure Your Spot Today!

Download PDF Enquire

Based in Sofia, Bulgaria, SAS is a Global, Professional, Airline, MRO and Ground Operations, Support, Consulting and Training Company. We offer qualified and experienced Industry professionals and subject matter experts.

How to find us

Please see our contact page for details and location map

sofema aviation services

Subscribe

Please provide your email to subscribe for our newsletters.

  • This field is for validation purposes and should be left unchanged.

Copyrights Β© 2025 Sofema Aviation Services