European Union Aviation Safety Agency (EASA) Part-IS

What you need to know to ensure you are compliant

EASA Part-IS is a regulation specifically designed to address Information Security within the Aviation industry. Its goal is to ensure that aviation organizations implement effective security controls as part of an Information Security Management System (ISMS) to protect data and assets that may impact safety in aviation operations. The regulation provides a systematic approach to securing critical information and systems.

Who needs to comply with the regulation?

The regulation applies to organizations involved in aviation-related activities, particularly those that manage information systems and data critical to aviation safety. This includes organizations such as: Aircraft Operators; Maintenance; Air Traffic Management; and other aviation service providers that provide critical data and information systems.

What security controls are in scope for compliance?

The regulation closely aligns with other international security standards such as ISO 27001 and directs organisations to establish a formal ISMS as well as regular risk management practices.

Core security controls include:

Access controls
Data encryption
Network security
Incident management
Business continuity planning
Backup and recovery procedures

Additionally, continued compliance with aviation safety regulations such as EASA Part-145 and Part-66 is required along with Incident Reporting and Monitoring, Training and Awareness and Continuous Improvement.

Achieving compliance

EASA Part-IS does not require a formal external certification audit to be completed. However, achieving and maintaining compliance through a defined methodological approach will ensure your organization is compliant and can demonstrate pro activeness to compliance which is expected by regulatory bodies. Having a valid ISO 27001 certificate will go a long way to helping meet the requirements of EASA Part-IS as the regulation is strongly aligned with ISO 27001 requirements.

Why Conduct EASA Part-IS Compliance?

What We Do

Dionach have been partnering with clients for over 25 years to help them achieve Information Security compliance across a wide range of security certifications and regulations including one of our core focus areas, ISO 27001. Some key steps we can work with you on include:

Understanding Your Compliance Position

We will review your current security compliance position looking at any current security certifications you may have already and articulate what additional controls are required to meet Part-IS requirements.

EASA Part-IS Gap Assessment

A full gap assessment against the Part-IS regulation. We will conduct walkthrough meetings with your teams to understand what security controls you have in place and document your current compliance position highlighting where you meet requirements and where gaps exist.

EASA Part-IS Compliance Roadmap

Once we have established your compliance position, we will articulate a roadmap that will detail the next steps you need to take to achieve full compliance, and the timelines and costs associated.

EASA Part-IS Advisory Support

While on your journey towards compliance we can assist you with the formalization of security controls and provide technical solutions via our parent company, Nomios, to help you achieve compliance.

Let's Connect Speak to us about how we can help you through your journey to EASA Part-IS compliance.

Head: Bil Bragg

Tel: +44 (0) 7714 428550

Email: bil.bragg@www.dionach.com

Head: Joanne Morley (GRC Client Relationship Manager)

Tel: +44 (0) 7710 796377

Email: joanne.morley@www.dionach.com

How We Work

We deliver the whole spectrum of cybersecurity services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.

Our team works with you to identify and assess your organization’s vulnerabilities, deﬁne enterprise-wide goals, and advise how best to achieve them.

Our recommendations are clear, concise, pragmatic and tailored to your organization.

Independent, unbiased, personalized – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Our recommendations are clear, concise, pragmatic and tailored to your organization.

Independent, unbiased, personalized – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Discover Our Latest Research

AdobeStock_1363585468

Swift CSCF v2026: What You Need to Know (and Why It Matters)

The Swift Customer Security Controls Framework (CSCF) v2026 introduces some of the most impactful changes Swift users have seen in recent years. Unlike CSCF v2025, which focused on clarification and preparation, CSCF v2026 makes several previously advisory requirements mandatory. This has potential implications for scope, architecture, and audit effort. If you haven’t already started preparing, now is the time. What’s new in CSCF v2026? Control 2.4A (Back Office Data […]

AdobeStock_1859304205

Cybersecurity Is a Business Risk: What NIST CSF 2.0 Changes for Leaders

If you are a CEO, board member or business leader, cybersecurity hardly presents itself as a standalone issue. It shows up in revenue discussions, hiring decisions, supply-chain risks and regulatory pressure. It sounds like: These are not technical questions; they are leadership questions. Yet many executives still manage cybersecurity as if it were a problem best left to technical teams; that […]

AdobeStock_1499266834

AI Security: The Operational Reality

A technical deep dive into real-world vulnerabilities exposed by AI. The biggest risk to your AI deployment is not superintelligence; it is a logic error. While the security industry can sometimes fixate on theoretical debates about the future of Generative AI, for those of us working in defensive security and AI assurance, the current reality […]

Contact Us Reach out to one of our cyber experts and we will arrange a call