Are you ready for the February 2026 EASA Part-IS deadline? The EASA aviation landscape is changing. Information Security & Cyber threats are no longer just IT issues. They are critical safety hazards. EASA’s new Part-IS (Information Security) regulations mandate a sophisticated approach to risk management, specifically recommending the Bowtie Methodology to bridge the gap between…

Specific Exposures and Threat Scenarios Malware/Ransomware Initial Access (Exploitation via device) General Ransomware Campaigns: Ransomware actors often gain initial access through phishing campaigns targeting aviation employees or by exploiting exposed VPN/RDP servers. Mobile devices are the primary target for phishing/social engineering attempts. Ransomware group LockBit demanded $200 million from Boeing in 2023. Attacks on airport…

Sofema Aviation Services (SAS) Considers both Desktop & On-Site Evaluation in the context of EASA MSAT Application for Initial Certification, Continuing Oversight, and Performance-Based Evaluation. Introduction This document establishes a structured approach for desktop review and on-site evaluation of an organisation’s Management System (MS), ensuring alignment with EASA MSAT methodology and ICAO Annex 19 principles….

Introduction While regulated entities (operators, CAMOs, AMOs, aerodromes, ANSPs, design and production organisations) are responsible for developing, implementing, and maintaining these elements, CAs carry the parallel responsibility to ensure each element is present, appropriate to the organisation’s scope, demonstrably operating, and producing effective safety outcomes. Through MSAT, CAs move beyond compliance monitoring into performance-based oversight,…