Training courses

Advanced EASA Part-IS - Implementation

Introduction

This course aims to assist aviation professionals with the implementation of an Information Security Management System (ISMS) within their organizations, in order to ensure that they are prepared for the latest information security requirements.

This course provides participants with the knowledge, skills, and attitude to implement the ISMS. It delivers a holistic understanding of ISMS objectives, regulatory requirements, and implementation strategies, ensuring compliance with the relevant regulatory frameworks. Participants will explore each requirement in detail, and will engage in interactive exercises, discussions, and breakout sessions to apply the learning to their respective entity.

Show all Show less

Course Content

Module 1 - Introduction

An introduction to the course providing participants with an overview of the Modules

Module 2 – PART IS Overview

- Information Security Management Systems overview and what is sets out to achieve,

- The rationale behind  PART IS ,

- The relationhsip between safety, security and Information security and why this is important for PART IS, including from a personnel point of view.

- Brief reference to the requirements, and the difference between implementation and operation

- Elements to consider to implement PART IS including  proportionality and integration.

Module 3  – Regulatory Requirements

- Overview of th PART IS regulatory framework

- Relationship between   security regulations, NIS 2 and PART IS due to the possible overlap and reference to compliance

Module 4 – Requirements

- This module will focus on each requirement topic, the AMC and GM, relative to Part IS AR / Part IS OR, and the way forward for implementation.

- More specifically, it will deal with the following:

  1. Policy
  2. Awareness and training
  3. Information security risk assessment
  4. Information security risk treatment
  5. Information security internal reporting scheme
  6. Information security incidents – detection, response, and recovery
  7. Response to findings notified by the competent authority
  8. Information security external reporting scheme
  9. Contracting of information security management activities
  10. Personnel requirements
  11. Record-keeping
  12. Information security management manual (ISMM)
  13. Changes to the information security management system
  14. Continuous improvement

Module 5 – Way forward

- Take aways

- Gaps

- Synergies

- Conclusion

Show all Show less

Learning Objectives

Upon completing this course, you will be able to:

  • Develop a comprehensive understanding of PART IS, with a focus on its practical implementation.
  • Identify what synergies could be created between the existing elements in your organization with the requirements under PART IS.
  • Analyze other regulatory frameworks requirements to determine possible  pre existing compliance obligations.
  • Identify and address gaps between existing practices and regulatory expectations in alignment with EASA PART IS.
Show all Show less

Who should take this course

Personnel engaged in the implementation of the PART IS within organisations (as specified within the regulatory framework) and competent authorities.

This would would include the Accountable Manager, the Common Responsbile Person, as well as the person or group of persons appointed to implement the requirements of the PART IS, as well as the person or group of persons responsbile for compliance monitoring

Pre-requisites

Essential:

  • Familiarity with their organization’s information security framework, if applicable, including applicable legal and regulatory requirements, to facilitate meaningful comparisons and implementation planning.

Desirable:

  • Prior completion of the PART IS 3-day course or equivalent training.
  • Working knowledge on the PART IS Framework and its key principles.

Duration

4 Days: 09:00 – 17:00 hrs.