European Union Aviation Safety Agency (EASA) Part-IS

What you need to know to ensure you are compliant

GET A QUOTE

EASA Part-IS is a regulation specifically designed to address Information Security within the Aviation industry. Its goal is to ensure that aviation organisations implement effective security controls as part of an Information Security Management System (ISMS) to protect data and assets that may impact safety in aviation operations. The regulation provides a systematic approach to securing critical information and systems.

Who needs to comply with the regulation?

The regulation applies to organisations involved in aviation-related activities, particularly those that manage information systems and data critical to aviation safety. This includes organisations such as: Aircraft Operators; Maintenance; Air Traffic Management; and other aviation service providers that provide critical data and information systems.

What security controls are in scope for compliance?

The regulation closely aligns with other international security standards such as ISO 27001 and directs organisations to establish a formal ISMS as well as regular risk management practises.

Core security controls include:

  • Access controls
  • Data encryption
  • Network security
  • Incident management
  • Business continuity planning
  • Backup and recovery procedures

Additionally, continued compliance with aviation safety regulations such as EASA Part-145 and Part-66 is required along with Incident Reporting and Monitoring, Training and Awareness and Continuous Improvement.

Achieving compliance

EASA Part-IS does not require a formal external certification audit to be completed. However, achieving and maintaining compliance through a defined methodological approach will ensure your organisation is compliant and can demonstrate proactiveness to compliance which is expected by regulatory bodies. Having a valid ISO 27001 certificate will go a long way to helping meet the requirements of EASA Part-IS as the regulation is strongly aligned with ISO 27001 requirements.

Why Conduct EASA Part-IS Compliance?

  • Protect critical aviation information systems from cyber threats.
  • Ensure adherence to EASA requirements and avoid penalties.
  • Reduce risks of security incidents disrupting aviation operations.
  • Integrate with ISO 27001 and other global security frameworks.
  • Improve incident management and response capabilities.
  • Demonstrate commitment to security, gaining stakeholder confidence.

What We Do

Dionach have been partnering with clients for over 25 years to help them achieve Information Security compliance across a wide range of security certifications and regulations including one of our core focus areas, ISO 27001. Some key steps we can work with you on include:

We will review your current security compliance position looking at any current security certifications you may have already and articulate what additional controls are required to meet Part-IS requirements.

A full gap assessment against the Part-IS regulation. We will conduct walkthrough meetings with your teams to understand what security controls you have in place and document your current compliance position highlighting where you meet requirements and where gaps exist.

Once we have established your compliance position, we will articulate a roadmap that will detail the next steps you need to take to achieve full compliance, and the timelines and costs associated.

While on your journey towards compliance we can assist you with the formalisation of security controls and provide technical solutions via our parent company, Nomios, to help you achieve compliance.

Let's Connect Speak to us about how we can help you through your journey to EASA Part-IS compliance.

Head: Bil Bragg

Tel:    +44 (0) 7714 428550

Email: [email protected]

Head: Joanne Morley (GRC Client Relationship Manager)

Tel:     +44 (0) 7710 796377

Email: [email protected]

How We Work

We deliver the whole spectrum of cyber security services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.

Our team works with you to identify and assess your organisation’s vulnerabilities, define enterprise-wide goals, and advise how best to achieve them.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Follow us

Facebook-f X-twitter Instagram Linkedin-in

Find out how we can help with your cyber challenge

Discover Our Latest Research

ISO27001

How to Get Certified to ISO 27001?

ISO 27001 is an international standard that provides a framework for Information Security Management Systems (ISMS) to provide continued confidentiality, integrity, and availability of information as well as legal compliance. The standard defines requirements an ISMS must meet, and a well-implemented ISMS provides risk management, cyber-resilience, and operational excellence.   Achieving ISO 27001 certification involves […]
Read More
AdobeStock_543101209

How to Get Certified to ISO 27701?

The ISO 27701 – Privacy Information Management Systems (PIMS) belongs to the ISO 27000 series, which is a set of standards focused on Information Security Management Systems (ISMS).   It is not possible to talk about the ISO 27701 without referencing two other standards: ISO 27001 and ISO 27002, as they are very closely related, […]
Read More
DSPT

Data Security and Protection Toolkit (DSPT) 2024/2025 CAF

The new DSPT for 2024/2025 is now aligned to the NCSC Cyber Assessment Framework (CAF). This version 7 of the DSPT.   Organisations are required to have an independent audit assessment to the agreed CAF-aligned DSPT audit framework.   Dionach can provide these independent assessments for organisations, which are required to validate self-assessment outcomes. There […]
Read More
Contact Us

Contact Us Reach out to one of our cyber experts and we will arrange a call

We've launched Solas

Explore Now