Sofema Aviation Services (SAS) considers a number of core documents used in support of EASA compliant cyber security initiatives. AMC 20-42 Airworthiness Information Security Risk Assessment Date: June 2023Description: Guidance for assessing airworthiness information security risks, including threats and mitigations. COMMISSION DELEGATED REGULATION (EU) 2022/1645 Date: July 2022Description: Rules for managing aviation information security risks impacting safety. COMMISSION IMPLEMENTING REGULATION (EU) 2023/203 Date: October 2022Description:…

Sofema Aviation Services (SAS) is considering the development of an EASA Part 145 Information Security Management (Cyber) System to ensure compliance while maintaining the existing headcount. Introduction In an EASA Part 145 organization, where recruitment is constrained, cyber security responsibilities must be managed effectively by leveraging existing resources, optimizing processes, and implementing automation. A typical EASA Part 145 organization with 100 employees can meet cyber security responsibilities under IS.I.OR.240 without additional recruitment by…

Sofema Online (SOL) examines key aspects of Cultural Resistance in the implementation of cybersecurity within EASA Part 145 organizations. Introduction – Understanding Cultural Resistance in Cybersecurity One of the biggest challenges in implementing Information & Cyber Security within an EASA Part 145 organization is cultural resistance. Many aviation maintenance personnel, including engineers, technicians, and administrative…

Sofema Aviation Services (SAS) considers reporting methods and criteria within the EASA Part 145 Information Security Management (Cyber) System while maintaining the existing headcount. To establish a unified procedure for managing cybersecurity-related events, ensuring compliance with EU regulations, and safeguarding aviation safety in accordance with Commission Implementing Regulation (EU) 2023/203 and related EASA regulatory frameworks….