I-001

Name: I-001
SKU: 3525
Price: 1350.00 CHF
Availability: InStock

CHF 1,350.00

Management of Information Security Risks according to (EU) 2022/1645 and (EU) 2023/203 Part-IS

By the end of this two-day course, personnel involved in the safety of civil aviation activities at their organization shall be able to efficiently contribute to the protection of the aviation system from Information Security (IS) risks, event, incidents and their consequences.

Part-IS introduces requirements for the identification and management of IS risks that could affect information and communication technology systems and data used for civil aviation purposes: the detection of IS events, identifying those which are considered IS incidents, the response and recovery from those IS incidents to a level commensurate with their impact on aviation safety.

To organize an in-house or distance training at your chosen date/location, please submit an enquiry or contact us at train@qcm.ch.

Date / Location:

Duration:

2 days

Status:

Standard Q.C.M. training or organised on request

Target Group:

Nominated Personnel, Compliance and Safety Managers, and End Users working within Initial Airworthiness Organisation and Continuing Airworthiness Organisation.

Pre-requisites:

None

Exam:

Certificate:

Outline:

This course provides an overview of Part-IS requirements to identify and manage information security risks with potential impact on aviation safety, which may affect information and communication technology (ICT) systems and data used for civil aviation purposes.
It addresses risk assessment and treatment, detection and management of IS events and incidents, and response and recovery measures to ensure the continued protection and resilience of aviation safety.

Objectives of the course:

Enable participants to understand and apply EASA Part‑IS information security requirements within their organization’s management system, from scoping and risk assessment through implementation, operation, and continual improvement.

Key Topics of the course:

Day 1

Familiarization with EASA Framework, applicability and scope to get familiar with Information Security risks
Allocation of information security requirements into organization existing management system
Summary of key organizational requirements to integrate into organization’s existing management system
Risks, threats, and vulnerabilities
ISMS and Personnel requirements
Inventory & mapping the dependencies

Day 2

Fundamentals of IS implementation
Comprehensive asset inventory and classification of company assets (practical examples)
Explanation how to assess physical and digital assets
Segmentation and user access control (MFA)
Incident Detection, Response and Recovery Plan
Explanation how to demonstrate trustworthiness
Training & Promotion to strengthen organization resilience
Record keeping, ISMS changes & Cont. improvement

Regulatory Basis of the course:

Delegated Regulation (EU) 2022/1645 and Implementing Regulation (EU) 2023/203 Commission Regulation (EU)

Course documentation:

English

Course language available:

English

Book this Training

Please add number of attendees

SKU: N/A Categories: Continuing airworthiness, General Training

Request an Inhouse Training

Request now