Uninterrupted connectivity is a foremost consideration across the aviation industry where more digitised, data, AI, and ML- driven networks, with IT systems, cloud, and platforms require the highest cyber and information security. This is especially relevant between aircraft, helicopters and airlines and other operator’s Integrated Operations Control Centres (IOCCs), MROs, airports, and ATMs where information security is of the utmost importance.
Part-IS (Commission Implementing Regulation (EU) 2023/203 and Commission Delegated Regulation 2022/1645) is the latest EASA regulation to identify and manage information security (IS) risks with potential impact on Aviation Safety.
This regulation will provide a comprehensive framework for governance, risk and event management, continuous improvement, and reporting. This will enable the aviation ecosystem to mitigate and respond to cyber threats with the overall goal of collaboratively enhancing cyber resilience to secure Aviation Safety.
One big challenge will be the efficient and lean Safety Management System (SMS) and Civil Aviation Information Security Management System (ca-ISMS) integration into quality and business resilience management.
Part-IS compliance requires the establishment of the following framework to identify, manage, and mitigate cyber and information security risk with an impact on aviation safety:
Part-IS will be obligatory from October 2025 for EASA approved organisations, within the scope of Delegated Regulation (EU) 2022/1645, and by February 2026 for other organisations. Exceptions and derogations apply.
For over three decades we have been working in cyber, information security, and safety.
Since the A380 / A350 programme, Airbus Protect has been engaged in aircraft safety & security assurance for Airbus contributing and shaping the building blocks of a sustainable and resilient security for safety risk management.
We have been part of shaping this standard
We have extensive experience in safety and cybersecurity auditing, governance and compliance as well as, risk management in aerospace and aviation. We further contribute to the enhancement of standards and risk mitigation in different internal and external working groups.
We know the gaps you have to close
Part-IS incorporates different cybersecurity standards / directives like NIST, ISO27k, NIS2 therefore some requirements of the new EASA framework like the establishment of an information security management system (ISMS) may sound familiar, however, this may not be the case as Part-IS introduces provisions that are specific to the context of Aviation Safety.
Our safety and security experts work hand in hand with you to implement Part-IS and assist you in achieving this milestone.
Prepare your teams for Part-IS with a dedicated training and awareness programme, as well as engagement with serious games to establish a security for safety culture.
Identify the gaps you need to close and develop a gap closure action plan to achieve Part-IS compliance.
Ensure you have a lean, efficient, and empowered ca-ISMS setup with the necessary Safety Management System (SMS) integration.
Advise and support you on implementing the necessary Part-IS compliance requirements according to your maturity.
Perform a compliance trial run in accordance with Part-IS. Provide a report that outlines our findings, conclusions, and recommendations.
Mature your risk mitigation abilities by establishing a high-performance risk management plan scaled to your specific business environment and needs.
Ensure you have a lean, efficient, and empowered ISMS integrated into your SMS, quality and business resilience management.
Ensure a suitable Security Operations Centre setup. Support and prepare a make or buy decision.
Integrate IDR, Pentest, and Red-teaming capabilities
Support in the specification of requirements and selection of compliance and risk management tools.
Integrating human factors management into your culture.
Strengthen crisis management and attack mitigation.
Discover Fence, our security risk management software
Our software, Fence, supports businesses with their compliance assessments. It enables you to follow up identified risks and their best suited treatment plans, providing graphics and indicators.
Get in touch to discover how we can support you
SAS Scandinavian Airlines has chosen Airbus Protect as trusted partner for cybersecurity consulting services related to the new Part-IS regulation of the EASA. For SAS, the largest airline in Scandinavia, safety and security are top priorities, especially now with digitised operations and an increasingly connected fleet. The cybersecurity strategy of the airline already follows leading [...]
Take advantage of the quieter summer period to prepare your development plan. Have a look at our training catalogue to identify courses that will get your organisation ready to comply with new regulations and enable your staff to acquire new competencies. Check out our 4 new trainings: PART-IS security for safety in civil aviation The [...]
Airbus Protect SOC teams win Bulletproof competition Previously crowned as Global ‘Boss of the SOC’ Champions, two transnational Airbus Protect SOC Teams competed in an invitational ‘Bulletproof’ competition in the same format. Once again an Airbus Protect team was declared champion, with a second Airbus Protect team managing a very creditable 5th of the 31 [...]
