Sofema Aviation Services (SAS) considers areas of key exposure related to the implementation of ISMS As well as demonstrating compliance with Regulation (EU) 2023/203, Operators should focus on reducing exposure to cyber risks and operational disruptions, by improving business resilience and safety in line with EASA requirements. Finally, Operators should aim to strengthen stakeholder confidence…

The successful implementation and management of an Information Security Management System (ISMS) in aviation safety under EASA regulations requires a coordinated effort from multiple stakeholders. Each stakeholder group—Management, Compliance, IT, and Operations—has distinct responsibilities, competence requirements, and training needs Under Regulations (EU) 2023/203 and 2022/1645, EASA outlines specific requirements for competence, training, and performance evaluation…

Sofema Aviation Services (SAS) highlights ISMS in aviation safety, emphasizing EASA’s IS.I.OR.200 and its impact on European operations. An Information Security Management System (ISMS) under IS.I.OR.200 is a systematic framework for managing and securing information in aviation organisations. The ISMS aims to protect information assets, ensure operational and safety objectives are met, and manage risks…

Sofema Aviation Services (SAS) considers the challenges related to phishing, ransomware, data breaches, and insider threat exposures (both intentional and accidental) within the context of EASA Part 145 organizations, together with a high-level mitigation review. Introduction The European Union Aviation Safety Agency (EASA) mandates comprehensive management of information security risks in aviation to safeguard operations,…