Contacts Customer login
ENG
Search
ENG
Back
Back to the list of services

Academy of Information Security in Civil Aviation – PART-IS Manager

30.06.2025-07.08.2025
30. 06. 2025
Online course: The Role of Management in Implementing Information Security Requirements in Civil Aviation
01. 07. 2025
Online course: EASA Part-IS Regulation and Implementation Manager
15. 07. 2025
Online course: ISMS Documentation Management in Civil Aviation
21. 07. 2025
Online Course: Information Security Risk Assessment in Civil Aviation
29. 07. 2025
Online Course: Internal Audit of Information Security in Civil Aviation
05. 08. 2025
Online Course: Information Security Incident Management in Civil Aviation
07. 08. 2025
Online Course: Management of Changes and Improvements of the Information Security Management System in Civil Aviation

*Only the start dates of the workshops are listed, for the exact dates of the workshops, please click on the links above.

 The civil aviation sector is increasingly exposed to sophisticated threats that can compromise the information environment, operational continuity, and flight safety. Regulation (EU) 2023/203 – PART-IS.I.OR mandates organizations to establish, maintain, and improve an Information Security Management System (ISMS) based on principles of governance, risk management, and resilience.
Education through the Academy of Information Security in Civil Aviation – PART-IS Manager program offers a practical framework for understanding and implementing the requirements of PART-IS.I.OR. Through seven specialized modules, participants master the managerial, technical, and operational aspects of ISMS, including management responsibility, documentation, risk assessment, internal audits, incidents, and changes. The program responds to the lack of internal capacity to implement regulatory requirements and helps organizations strengthen compliance, safety, and resilience.

Educational Objective

The objective of the Academy of Information Security in Civil Aviation – PART-IS Manager program is to equip participants to understand, implement, and improve ISMS in the highly regulated aviation environment. The program provides knowledge and practical skills for applying the requirements of PART-IS.I.OR in accordance with ISO/IEC 27001, 27005, 27035, ISO 31000, and ISO 19011 standards.
Through theoretical and practical work, participants learn to plan and establish an ISMS, manage documentation, conduct risk assessments, organize internal audits, coordinate incidents, and implement changes. Emphasis is placed on connecting security requirements with the operational reality of aviation.
The program strengthens competencies in decision-making, risk management, and communication with regulators, creating a foundation for compliance, efficiency, and resilience. In addition to technical knowledge, strategic understanding of information security as a key part of aviation safety is developed.

Target Group of Participants

This educational program is intended for professionals and responsible individuals in organizations operating in the civil aviation sector that are subject to the requirements of Regulation (EU) 2023/203 – PART-IS.I.OR. The target group includes all those who have or will assume key roles in planning, implementing, supervising, and improving the Information Security Management System (ISMS) in the aviation environment.

The program is specifically tailored for:

  • information security managers responsible for establishing, maintaining, and supervising the ISMS within the organization,
  • ISMS team leaders and members involved in the implementation and technical-operational support of security measures,
  • organizational leadership (accountable manager, quality manager, safety manager, compliance manager) who make strategic decisions and must understand regulatory obligations and security risks,
  • risk management team members and auditors involved in assessing effectiveness, identifying nonconformities, and continuously improving the system,
  • individuals responsible for incident and change management, including those coordinating with supervisory authorities,
  • advisors and consultants supporting organizations in compliance with PART-IS.I.OR and information security standards.     

The thematic units that make up the Academy of Information Security in Civil Aviation – PART-IS Manager program are designed to cover all key aspects of information security management in the aviation environment. Each unit provides focused theoretical knowledge and practical guidance aligned with regulatory requirements and international standards, giving participants a foundation for effective and responsible ISMS implementation in their organizations.
The program consists of the following units:

The program consists of the following units:

➤ PART-IS Management
Introduction to the strategic requirements of information security in civil aviation, with emphasis on the role of management, regulatory obligations, and responsibilities in establishing and maintaining the ISMS.
➤ PART-IS.I.OR Lead Implementer

Detailed analysis of the requirements from PART-IS.I.OR and related standards, with practical guidelines for planning, implementing, and managing the ISMS in aviation organizations.

➤ ISMS Document Management in Civil Aviation

Understanding the complete ISMS documentation, including its structure, importance, and roles and responsibilities for creation and maintenance.

➤ Information Security Risk Assessment in Civil Aviation

A methodological framework for conducting risk assessments in accordance with ISO 27005 and PART-IS.I.OR, including risk identification, analysis, evaluation, and treatment.

➤ Information Security Internal Audit in Civil Aviation

Planning and conducting internal ISMS audits according to ISO 19011 and PART-IS.I.OR, with skill development for preparing plans, reports, and classifying findings.

➤ Information Security Incident Management in Civil Aviation

Procedures for detection, reporting, response, and recovery from information security incidents in line with ISO 27035 and regulatory obligations.

➤ Changes and Improvements of the ISMS in Civil Aviation

Managing changes and continuously improving the ISMS through self-assessments, oversight, reporting, and application of the PDCA cycle.

Duration of the Educational Program

The educational program Academy of Information Security in Civil Aviation – PART-IS Manager is a specialized multi-day training cycle for professionals responsible for establishing, maintaining, and improving the ISMS in accordance with Regulation (EU) 2023/203.
The program consists of seven modules, with a total duration of 13.5 days or 108 school hours. Each module integrates regulatory requirements, international standards, and practical workshops, ensuring a balance between theory and application. This approach enables the development of key competencies for managing information security in aviation organizations.
The table below presents all modules with their titles, duration, and number of hours. Module 1 lasts half a day, Modules 2 and 3 last three days each, while the remaining modules are delivered in one- or two-day blocks. The program offers comprehensive preparation for professionals to manage ISMS effectively.

No. Title of Educational Module Duration (days) School Hours
1 PART-IS Management 1 4
2 PART-IS.I.OR Lead Implementer 3 24
3 ISMS Document Management in Civil Aviation 3 24
4 Information Security Internal Audit in Civil Aviation 2 16
5 Information Security Risk Assessment in Civil Aviation 2 16
6 Information Security Incident Management in Civil Aviation 2 16
7 Changes and Improvements of the ISMS in Civil Aviation 1 8
  TOTAL 14 108

Structure of the Educational Program

The educational program Academy of Information Security in Civil Aviation – PART-IS Manager is structured into two interconnected parts: theoretical and practical. This dual concept ensures that participants not only understand the PART-IS.I.OR requirements but also develop the capabilities to effectively apply them in real organizational environments.

Theoretical Part: Understanding the Requirements

The theoretical part of the training is based on a detailed alignment of the requirements from Regulation (EU) 2023/203 – PART-IS.I.OR with international information security standards such as ISO/IEC 27001, ISO/IEC 27005, ISO/IEC 27035, ISO 31000, and ISO 19011. Each module systematically addresses one aspect of ISMS management: from planning and implementation, through documentation and risk assessment, to internal audits, incident management, and continual system improvement.

Practical Part: Application through Simulations and Tools

The practical part of the training consists of a series of structured exercises within each module that simulate real-world situations organizations face during the establishment, maintenance, and supervision of the ISMS. These exercises directly contribute to strengthening organizational resilience, ensuring compliance, and improving information security management. Together, these two segments provide comprehensive understanding and training necessary for the effective application of the information security management system in accordance with the requirements arising from PART-IS.I.OR, the regulatory framework, and international best practices.
Special focus is placed on understanding the interconnections between requirements and processes, the role of documentation, the responsibilities of leadership, and the importance of continual improvement through the PDCA cycle. Participants gain knowledge that enables them to identify, structure, and effectively implement information security measures in accordance with regulations.

Below is an overview of the seven thematic areas covered by the program.

Modul 1: PART-IS Management

The PART-IS Management module serves as an introduction to information security management in civil aviation under the EASA PART-IS.I.OR requirements. It is intended for individuals in managerial or supervisory roles within organizations subject to this framework, with the aim of acquiring foundational knowledge of the management’s role in addressing security requirements.
Special emphasis is placed on the strategic responsibility of management in establishing an effective ISMS by defining objectives, policies, responsibilities, and resources aligned with regulatory and business goals. The module covers organizational obligations under Regulation (EU) 2023/203, with a focus on identifying processes and systems that impact flight safety and integrating them into the risk management system.
Participants analyze examples of managerial decisions that shape the ISMS, distinguishing between formal compliance and operational effectiveness. The final part of the module addresses oversight, self-assessments, and reporting, highlighting the importance of a closed feedback loop. This module serves as a foundation for the program’s further specialized content.
 Module 2: PART-IS.I.OR Lead Implementer

The PART-IS.I.OR Lead Implementer module is designed to provide participants with a thorough understanding of the requirements of Regulation (EU) 2023/203 and prepare them for the effective implementation of an ISMS in civil aviation. It is intended for professionals responsible for security measures, oversight, and strategic risk management related to aviation safety.
The content of the module covers requirements IS.I.OR.200–260, including the establishment of an ISMS, information security policy, risk assessment and treatment, incident management, internal audits, changes, and continual improvement. All elements are linked to ISO/IEC 27001:2022.
Participants are guided through the phases of ISMS implementation, learn how to develop key documents (policy, SoA, risk register), and manage documented information to ensure compliance. The module also addresses regulatory obligations and internal monitoring mechanisms (audits, self-assessments).
Practical exercises are based on real-life scenarios, encouraging analytical thinking and linking theory with practice. The final emphasis is on the sustainability of the ISMS and its development throughout the lifecycle, with continuous evaluation and adaptation to changes. This module develops the technical and strategic competencies needed for compliance with PART-IS.I.OR.

▶ Module 3: ISMS Document Management in Civil Aviation

The ISMS Document Management in Civil Aviation module focuses on the effective management of documentation within the ISMS in accordance with Regulation (EU) 2023/203 and the ISO/IEC 27001:2022 standard. It is intended for professionals who must ensure compliance and operational effectiveness through proper handling of documented information.
Participants receive an overview of key ISMS documents, including policies, methodologies, registers, plans, and records, with emphasis on their role in demonstrating compliance during oversight. All phases of the documentation lifecycle are covered – from creation to withdrawal – with clearly defined roles, procedures, and rules. In practical exercises, participants create documents such as a security policy, risk register, and incident response plans. They practice version control, tracking changes, and communication with interested parties. Special attention is given to recordkeeping, including requirements for format, structure, data retention, and the use of DMS systems.
The final part of the module highlights the integration of ISMS documentation with other management systems within the organization, enhancing transparency and compliance. This module develops essential competencies for structured and sustainable documentation management in the aviation industry.

▶ Module 4: Information Security Internal Audit in Civil Aviation

The Information Security Internal Audit in Civil Aviation module is intended for professionals conducting internal ISMS audits within civil aviation organizations. It is based on requirement IS.I.OR.250 of Regulation (EU) 2023/203, as well as ISO/IEC 27001:2022 and ISO 19011 standards.
Participants gain knowledge of the purpose, objectives, and obligations of the audit, with a focus on independently verifying the effectiveness of information security measures and identifying areas for improvement. The module covers all stages of the audit: from planning, defining scope and criteria, through execution and evidence collection, to reporting and communication. Emphasis is placed on a risk-based, contextual, and sampling-based approach. In practical exercises, participants prepare an audit plan, conduct simulated interviews, identify nonconformities, and write findings, developing analytical and communication skills.
The module also explores the relationship between auditing and risk, incident, and change management, and the integration of results into decision-making systems. The final section focuses on monitoring corrective actions and reporting. The module equips participants with the competence to take on the professional role of an internal auditor in aviation safety.

▶ Module 5: Information Security Risk Assessment in Civil Aviation
The Information Security Risk Assessment in Civil Aviation module provides participants with comprehensive knowledge and practical skills for conducting information security risk assessments in civil aviation. It is based on Regulation (EU) 2023/203 (IS.I.OR.205) and the ISO/IEC 27005 and ISO 31000 standards.
The focus is on developing the ability to identify, analyze, and evaluate risks that may impact the safety of flight operations. Emphasis is placed on defining context, scope, and risk acceptance criteria. Participants learn how to identify information assets, threats, vulnerabilities, and controls, as well as how to use various data collection methods.
The analysis includes assessing likelihood and consequences, and determining the level of risk using qualitative or quantitative methods. Evaluation supports decisions on which risks require treatment and which can be accepted. The module includes development of risk treatment plans, assignment of ownership, and monitoring the effectiveness of controls. Practical exercises include a full simulation of the risk assessment process. The final section focuses on documentation, risk register maintenance, and reporting to management. The module equips participants to perform risk assessments in line with regulatory and operational aviation requirements.
▶ Module 6: Information Security Incident Management in Civil Aviation
The Information Security Incident Management in Civil Aviation module offers a practical approach to managing information security incidents in aviation, based on IS.I.OR.220 and IS.I.OR.230 of Regulation (EU) 2023/203 and the ISO/IEC 27035-1:2023 standard.
Participants learn how to identify security events, distinguish them from incidents, assess risks, and manage the response in accordance with regulatory requirements. The link to flight operations and the importance of a swift, coordinated response is emphasized. The module covers planning and preparation: defining roles, communication protocols, response plans, and training. This is followed by detection and reporting, use of security tools, metrics, and whistleblower protection. During the assessment phase, participants analyze reports, classify incidents, determine priorities, and initiate responses.
The response includes impact mitigation, crisis communication, and continuity preservation. Finally, the module covers learning from incidents through root cause analysis, control review, and improvement proposals. Exercises simulate real-world scenarios, developing teamwork and crisis decision-making. This module prepares participants for professional incident management in a security-sensitive aviation environment.
▶ Module 7: Changes and Improvements of the ISMS in Civil Aviation

The Changes and Improvements of the ISMS in Civil Aviation module focuses on planning and implementing changes and continual improvement of the ISMS in accordance with Regulation (EU) 2023/203, particularly articles IS.I.OR.255 and IS.I.OR.260.
Participants adopt a methodological framework for managing changes that affect the ISMS – such as changes in structure, technology, or suppliers – with emphasis on risk analysis, planning, communication, and monitoring impact. They learn how to classify changes, assess their impact on safety, maintain documentation, and communicate with competent authorities.
The module also covers the evaluation of ISMS effectiveness through KPIs, self-assessments, audits, and result analysis. Participants learn how to use data from incidents, monitoring, and feedback to continuously improve policies and procedures, and how to engage personnel in the improvement process.
Exercises include change scenario analysis, development of change plans, and use of tools to monitor effectiveness and prevent regression. The module concludes with the application of the PDCA cycle, turning the ISMS into a dynamic tool for risk management and resilience building in aviation organizations.

Module Plans and Training Program with Exercise Overview

For each educational module within the Academy of Information Security in Civil Aviation – PART-IS Manager program, a detailed Plan and Program has been developed. It includes learning objectives, lecture content, teaching methodology, a list of practical exercises, and requirements for passing the final exam. These documents form an integral part of the Academy’s training program and are provided to participants as part of the educational materials.
Each module’s Plan and Program ensures alignment of the training content with the regulatory requirements of Regulation (EU) 2023/203 – PART-IS.I.OR, as well as international information security standards. This enables participants to follow a structured, consistent, and goal-oriented training flow with clearly defined learning outcomes and practical applications.
Such a level of preparation and documentation allows both participants and their organizations to plan, implement, and measure investments in competency development and the improvement of information management in accordance with the highest professional standards.

Flexibility of Attendance and Certification

  • The Academy of Information Security in Civil Aviation – PART-IS Manager program is designed to allow two modes of participation: as a comprehensive program that includes all seven educational modules, or as individual modules that participants may choose based on their professional needs and interests. A participant who successfully completes all seven modules and passes the corresponding exams receives a certificate of completion and the title PART-IS Manager, demonstrating full competence in managing information security in accordance with Regulation (EU) 2023/203.

  • At the same time, each module can be attended independently, regardless of sequence or previous participation. A written final exam is foreseen for each individual module, and upon successful completion, participants receive a certificate for that specific module. No prior knowledge is required to attend any of the modules, ensuring broad accessibility for various professional profiles.

Conditions for Obtaining the Certificate

To obtain the final PART-IS Manager certificate, the participant must meet the following conditions:

  • Attend all seven educational modules included in the Academy program, ensuring comprehensive understanding of all key areas of information security in civil aviation. The program covers all requirements of Regulation (EU) 2023/203 – PART-IS.I.OR, including implementation, documentation, risks, internal audits, incidents, and improvements.

  • Actively participate in practical workshops and exercises that are an integral part of each module. These practical activities form the basis for applying theoretical knowledge and are essential for assessing comprehension.

  • Successfully pass the written exam at the end of each module. Each exam tests the knowledge and understanding of the respective module’s content, and assessments are conducted based on predefined criteria. The participant must pass all exams to be eligible for the final certificate. Participants who fulfill all these conditions are awarded the PART-IS Manager certificate, which confirms their competence to establish, manage, and improve an ISMS in accordance with regulatory and international standards.

Methodological Approach

The Academy of Information Security in Civil Aviation – PART-IS Manager program combines theory, practice, and interactive work to train participants in applying the requirements of Regulation (EU) 2023/203 and international information security standards.
The theoretical part of the modules covers regulatory requirements and the relationship between legislation, ISO standards, and aviation practices. Participants gain insight into ISMS and its impact on safety and compliance. The practical part includes exercises based on real-life scenarios – from drafting policies and plans, risk assessments, to incident and change management. Exercises have clearly defined objectives and are conducted both individually and in groups.
The training includes lectures, discussions, group work, practical assignments, and final exams. This approach encourages active participation and experience-sharing, ensuring applicable knowledge and skill development in the aviation environment.

Discounts

We offer attractive discounts for group registrations. The applicable rates are as follows: 

  • 5 % discount for 2 participants,
  • 10 % for 3 participants,
  • 15 % for 4 participants, 

  • and a generous 20% discount for groups of more than 5 participants. 

These discounts apply both to the full program and to individual modules.

Literature

The Academy of Information Security in Civil Aviation – PART-IS Manager program is based on official regulatory documents and international information security standards, as well as expert literature used to support instruction. All sources are carefully selected to ensure up-to-date, comprehensive, and relevant content in relation to the requirements of the civil aviation sector.

Core literature used in the training includes:

  • Regulation (EU) 2023/203 – Easy Access Rules for Information Security (PART-IS), European Union Aviation Safety Agency (EASA)
  • ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection – Information Security Management Systems – Requirements
  • ISO/IEC 27002:2022 – Code of Practice for Information Security Controls
  • ISO/IEC 27005:2022 – Information Security Risk Management
  • ISO/IEC 27035-1:2023 – Information Security Incident Management – Principles and Process
  • ISO 31000:2018 – Risk Management – Guidelines
  • ISO 19011:2018 – Guidelines for Auditing Management Systems

Additional literature and training materials:

  • Handbook for the implementation of PART-IS.I.OR requirements
  • Presentations and working materials.                         

Additional information: Bojan Varga, e-mail: bojan.varga@siq.si

Enquiry for closed groups
Pay the registration fee no later than three days before the training, unless otherwise stated, to the account of SIQ Ljubljana SI56 02922-0012897988 opened with NLB, d.d. Reference: 18735.

We value and reward your loyalty

That is why we are introducing the Loyalty Bonus to reward our loyal participants.

More about loyalty bonus