TR120 | 1 day
In today's aviation environment, digital systems are central to nearly every operation, including design and production, flight planning, maintenance, CAMOs and air traffic control. That connectivity comes with a price: an increased exposure to cyber threats that can impact aviation safety. EASA Part‑IS (Information Security) aims to mitigate information security risks by requiring organisations to implement an Information Security Management System (ISMS) tailored to managing those risks.
This one‑day foundation course offers a practical, structured introduction to Part‑IS. Rather than overwhelming you with every technical detail, we focus on the essentials: What is Part‑IS, who it applies to, why it matters, and what you need to do. Through focused sessions and real-world examples, you'll explore key areas like governance, risk assessment, incident management, documentation, and reporting.
This is the implementation timeline for EASA Part-IS, which shows dates for compliance.
Delivered exclusively for your company
How will this course benefit me?
Tailored for aviation professionals across different departments, whether you're in operations, maintenance, compliance, IT, or oversight, this course gives you the clarity needed to begin your Part‑IS journey. By the end of the day, you’ll have:
Key areas of focus
This course equips participants with a clear understanding of the regulatory requirements under EASA Part-IS, focusing on:
Is this course right for me?
This foundation course is aimed at aviation professionals from across all environments who want to understand the Part-IS regulation, as well as anyone responsible for the implementation of an ISMS in an aviation organisation and contributing to their organisation’s safety.
It is applicable to:
This course can also be delivered in-company at your facilities and, if necessary, adapted so that it meets the needs of managers looking to induct their teams and larger workforce. Speak to a Baines Simmons learning advisor to find out more.
Prerequisites
There are no prerequisites for this course; however, a good understanding of safety management systems (SMS) would be advantageous.
Course details
Course format: This course is a balanced mix of group discussions, Q&A and PowerPoint presentations. Guided discussions give you the opportunity to consider the application and evaluation of new processes and techniques in your organisation.
Course level: Foundation Level Training (F) is suitable for those with little or no prior knowledge of the subject who are looking to develop a fundamental level of understanding, competency and knowledge.
Assessment process: A 25-minute, 30-question, open-book, multiple-choice exam is included with this course. A final score of 20/30 is required to pass (66%).
Course size: Maximum of 16 participants at our Aviation Safety Academy or on-site at your facility. This course can also be delivered virtually for up to 12 participants.
Yes: We look at the intent of the regulation and allow you to explore how to best apply the principles within your organisation, with proportionality to the size of risk exposure, rather than the size of the organisation.
Not everything, but it will help you gain clarity on Information Security responsibilities in your new role and help you to identify what else you may need to implement within your organisation.
Yes: Understanding your role and how it affects safety is crucial for any decision maker. This course will highlight how Information Security is important to all organisations and how it may be a critical component of operational safety.
This course will give you an overview of how Information Security has an intrinsic role within Aviation Safety; however, it will not give full in-depth training on how to set up and run information security within an organisation and does not replace cybersecurity training frameworks such as NIST CSF or ENISA ESCF. It will also explain the importance of compliance in a safety-critical environment, to your approval, as well as the risk of non-compliance.
Yes: Even though you may not be directly involved in the detection and response activities, this course will give you a good overview of how Information Security is a fundamental part of Aviation Safety.
If your organisation holds an EASA approval or declaration, or is a service provider to such an organisation, then it is most likely in scope for Part-IS. There are certain exceptions for those who solely work with light ELA 2/single single-engine VFR aircraft. Part-IS applies broadly to the following:
If your organisation doesn’t hold an EASA approval but does provide services to an approved entity, you're still in scope. Such organisations must be included in the information-security risk assessments and meet contractual requirements.
Here is the implementation timeline for EASA Part-IS, which shows dates for compliance:
