Skip to main content
EASA Certified Cybersecurity, Aviation

Part-IS Familiarisation Training for Cybersecurity

EASA-certified course, an 8-hour self-paced eLearning program for Part-IS compliance (Regulations (EU) 2022/1645 and 2023/203) and audit readiness

eLearning · 8 hours Level: Intermediate Nominal certificate of completion English

About this Course

This EASA-approved course delivers structured foundation training on the information security risks that may affect aviation safety under the European Part-IS framework. It is designed for aviation organisations and the personnel required to understand, recognise and respond to these risks.

Content is aligned with Commission Delegated Regulation (EU) 2022/1645 and Commission Implementing Regulation (EU) 2023/203, and is structured to support documented training evidence and competent-authority oversight readiness. Delivered as self-paced eLearning, it is suitable for both technical and non-technical roles, with practical aviation scenarios and plain-language delivery.

What You Will Learn

  • The cybersecurity risk landscape in civil aviation and the increasing digital dependencies of aviation operations
  • The EASA Part-IS regulatory framework: scope, applicability and its link to Regulations (EU) 2022/1645 and (EU) 2023/203
  • The role of an Information Security Management System (ISMS) and its coordination with the Safety Management System (SMS)
  • Identification of safety-relevant assets, risk assessment, the concept of unacceptable risk and security controls
  • The principles of cybersecurity event and incident reporting, escalation and competent authority involvement
  • Third-party risks, personnel trustworthiness and competence, and human factors in aviation cybersecurity

Course Structure 5 modules

Cybersecurity in Civil Aviation, Operational Context
  • Digital transformation of aviation systems and the cyber threat landscape
  • Interdependency between cybersecurity and aviation safety
  • Safety impact vs. operational impact
  • Case study: ransomware impacting airport operations
Regulatory Framework of Part-IS
  • Commission Delegated Regulation (EU) 2022/1645
  • Commission Implementing Regulation (EU) 2023/203
  • Scope and applicability of Part-IS
  • International cybersecurity frameworks and competent authority oversight
Information Security Management System (ISMS) under Part-IS
  • Definition, purpose, structure and governance of ISMS in aviation
  • Management accountability and the relationship between ISMS and SMS
  • Identification of safety-relevant assets and risk assessment principles
  • The concept of unacceptable risk and risk prioritisation
Security Controls and Incident Management
  • Risk treatment, security controls, monitoring and continuous improvement
  • Incident reporting and the difference between event and incident
  • Reporting flow and escalation principles
  • External providers, personnel trustworthiness and competence
Practical Application and Terminology
  • Key Part-IS terminology explained in plain language
  • Communicating cyber risk to non-technical management
  • Practical scenario: compromised flight planning system
  • Lessons learned, organisational resilience and consolidation

Who It Is For

The course is intended for civil aviation organisations and their personnel under Part-IS: air operators, ANSP/ATM providers, aerodromes and airport operators, CAMO and MRO/Part-145 organisations. It addresses management and accountable managers, technical staff and compliance, safety, security and IT personnel alike, and is suitable for both technical and non-technical roles.

Explore our other courses

Programs in emerging technologies, certified and built by industry professionals.

See all courses