Introduction 
The EASA Part-IS training course is developed to enhance participants’ comprehension of the regulatory landscape surrounding the EASA Regulatory Framework on Information Security Management Systems (ISMS). In fact, this training course provides organisations and the competent authorities with a detailed overview of the requirements. 
 Course Content 
Module 1: Introduction
- Participants & Instructor’s Introduction
- Course Overview
- Timetable
- Course information
Module 2: Setting the scene
- Introduction to Safety, Security and Information Security
- Interdependencies between safety and security in relation to information security events with a potential impact on safety
- Cyber-attacks carried out against the industry
- Importance of Training and Awareness, as well as reference to just culture, security culture and cyber security culture
- Reference to Information Sharing
Module 3: EASA Framework Decoded
- Understanding the European Aviation Regulatory Framework
- Rationale of EASA behind PART IS
- Introduction to ISMS
Module 4: Regulatory Framework
- Overview of the current regulatory framework including the security regulations and NIS 2 and their relation to PART IS
- EASA Opinion 3/2021 on the Management of Information Security Risks
- Commission Implementing Regulation (EU) 2023/203
- Commission Delegated Regulation (EU) 2022/1645]
Module 5: Part IS OR
- Part IS Organisation Requirements
- Guidance Material and Acceptable Means of Compliance
Module 6: Part IS AR
- Part IS Authority Requirements
- Guidance Material and Acceptable Means of Compliance
Module 7: Assessment Questionnaire
- Organisations: Review of 70 self-assessment questions to provide reflection on various aspects in the regulatory framework in relation to one’s entity, and with regard to where they are currently, and the gaps identified to achieve compliance.
- Competent Authority:
- Utilise the organisation list to assess their own compliance with PART IS (majority of questions apply) or
- Assessment questions to be able to discuss the elements to consider for oversight (separate document)
 
Learning Objectives 
Upon completion of this course participants will be able to:
- Recognise the objective of the EASA regulatory framework and the importance thereof in relation to aviation safety.
- Explain the EASA Regulatory framework and the requirements relating to the Management of Information Security Risks.
- Describe what implementation requirements one is to apply in their authority or organisation, as well as with regard to oversight with regard to the competent authority.
- Understand the relationship between PART IS and other regulatory frameworks (Security Regulation and NIS 2) in order to avoid duplication and over-lapping where possible, and if such other frameworks apply to the organisation
- Gain a good understanding of the regulatory framework, including the AMC and Guidance Material.
Who should take this course 
- Regulatory Authorities (CAA)
- Organisations (as specified within the regulatory framework, such as maintenance organisation, CAMO’s, Air Operators, ATCO TO’s, U-Space Service Providers, ATO’s, Aircrew Aero-medical centres, FSTD operators)
Pre-requisites 
Essential: strong interest in achieving increased knowledge in the application of the new EASA Regulatory Framework on Information Security Management Systems (ISMS).  
Participants are kindly requested to bring a laptop to the course to access course material which will only be provided in electronic format
 Duration 
3 Days: 09:00 – 17:00 hrs