Sofema Aviation Services (SAS) Considers the Elements to be considered related to Information & Cyber Security Auditing within an EASA Part 145 Organisation As cybersecurity becomes a regulatory focus, EASA Part 145 audits will incorporate cyber resilience checks within maintenance organizations. National Aviation Authorities (NAAs) and internal compliance managers will be responsible for assessing the security of maintenance data, IT systems,…

Sofema Aviation Services (SAS) considers a number of core documents used in support of EASA compliant cyber security initiatives. AMC 20-42 Airworthiness Information Security Risk Assessment Date: June 2023Description: Guidance for assessing airworthiness information security risks, including threats and mitigations. COMMISSION DELEGATED REGULATION (EU) 2022/1645 Date: July 2022Description: Rules for managing aviation information security risks impacting safety. COMMISSION IMPLEMENTING REGULATION (EU) 2023/203 Date: October 2022Description:…

Sofema Aviation Services (SAS) takes a view on the role of the EASA Cyber Security Framework to address Stakeholder Needs, Legal Basis, and Policies for Collaboration and Information Sharing. Introduction – Stakeholder Needs Stakeholders in the aviation ecosystem include airlines, airports, air navigation service providers (ANSPs), manufacturers, maintenance organizations, and authorities. Their needs within the EASA Cyber Security focus on: Risk Management Identifying Threats: Stakeholders…

Sofema Aviation Services (SAS)  tackles the challenge of addressing cyber security threats within EASA-regulated organizations, focusing on EASA’s STORM (Shared Trans-Organisational Risk Management) Introduction EASA’s STORM initiative—Shared Trans-Organisational Risk Management addresses the interconnected risks within the aviation ecosystem, recognizing that risks cannot be managed in isolation due to the increasing digitization and interdependencies across stakeholders….