Contacts Customer login
ENG
Search
ENG
Back
Back to the list of services

Online Course: Management of Changes and Improvements of the Information Security Management System in Civil Aviation

07. 08. 2025
💡 This course is part of the Academy of Information Security in Civil Aviation - PART-IS Manager training.

The course consists of seven thematically connected modules that guide participants through the key phases of effective information security incident management in the aviation sector. The program begins with an introduction to essential concepts, regulatory requirements, and standards, followed by planning and preparation of the incident management system, detection and reporting of information security events and incidents, assessment, and decision-making on further actions. It continues with the execution of response activities and analysis of lessons learned, and concludes with a comprehensive practical workshop in which participants apply their acquired knowledge in a simulated environment. The course is based on the requirements of Part-IS.I.OR and aligned with the standards ISO/IEC 27001:2022, ISO/IEC 27035-1:2023, and ISO/IEC 27031:2025. Special value is added through structured exercises that support the development of practical competencies essential for effective incident management in the aviation environment.

Target Audience

This course is intended for professionals involved in the management of information security and operational safety in the aviation sector. It is particularly beneficial for individuals responsible for security processes, members of incident response teams, IT administrators, ISMS managers, CAMO representatives, aviation operators, providers of aviation infrastructure services, and other personnel whose activities may affect aviation safety through the use of information systems.

Course Content

➤ Change Management – Fundamental Concepts 

The basic principles of change management within the ISMS framework are explained through requirement IS.I.OR.255, which prescribes the need for formal approval and monitoring of all significant changes. Special emphasis is placed on the connection between changes and security policies, organizational structure, and regulatory obligations towards competent authorities.

Exercise 1: Change Analysis and Management Plan Creation
Participants are given a scenario in which a significant change is being planned within an organization. Their task is to identify all elements that must be included in the change management process according to IS.I.OR.255, create a simple implementation plan, and propose mandatory documents and steps.

➤ Practical Implementation and Supervision of Changes in the System

The way changes are implemented in practice is presented through activities that include recording, monitoring impacts, and reporting to competent authorities. The roles of responsible individuals, communication flows, and technical aspects that ensure changes are carried out in a controlled manner and in accordance with the ISMS are explained in detail.

Exercise 2: Preparing a Change Notification Form
Participants work on a task that requires them to complete a draft form for notifying the regulatory authority of a change. Based on the provided input data, they prepare an impact assessment, define responsible persons, expected dates, and validation methods.

➤ Fundamental Principles of Continuous ISMS Improvement

The logic of continuous improvement is presented through a systematic approach to identifying and implementing corrective measures based on the analysis of ISMS effectiveness. Concepts such as PDCA and DMAIC are introduced as methodological tools that help the organization maintain a high level of maturity and compliance of the security system.
Exercise 3: Identifying and Evaluating Improvement Opportunities
Participants analyze a simulated internal audit report containing several observations and non-conformities. Based on the report, they propose improvement measures, prioritize them, and link them to appropriate departments within the organization.

➤ Implementation of the Improvement Cycle and Evaluation of Results

The logic of continuous improvement is presented through a systematic approach to identifying and implementing corrective measures based on the analysis of ISMS effectiveness. Concepts such as PDCA and DMAIC are introduced as methodological tools that help the organization maintain a high level of maturity and compliance of the security system.
Exercise 3: Identifying and Evaluating Improvement Opportunities
Participants analyze a simulated internal audit report containing several observations and non-conformities. Based on the report, they propose improvement measures, prioritize them, and link them to appropriate departments within the organization.

Working Methods

The course is based on a combination of interactive lectures, real-world scenario analysis, and practical workshops that allow participants to apply acquired knowledge in simulated situations. Structured worksheets are used throughout the course to support each exercise and enable clear documentation of tasks. In addition to individual work, team collaboration is encouraged through group activities that reflect challenges in implementing changes and improvements in the ISMS. Participants engage in guided discussions that allow for the exchange of experiences and best practices, while various tools are used to assess ISMS effectiveness and illustrate improvement results.

Learning Outcomes

Upon completion of the course, participants will be able to:

  • understand the requirements of IS.I.OR.255 and IS.I.OR.260 in the context of ISMS,
  • identify types of changes requiring supervision and approval,
  • develop a change management plan in line with regulatory requirements,
  • apply the PDCA approach in continuous improvement,
  • evaluate the effectiveness of corrective actions and recommend adjustments,
  • connect internal audits, incidents, and feedback with ISMS development,
  • ensure documentation and communication of changes to competent authorities.

Literature

  • PART-IS.I.OR Easy Access Rules for Information Security, EASA
  • ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection — Information security management systems

Discounts

We offer attractive discounts for group registrations. The applicable rates are as follows:

  • 5 % discount for 2 participants,
  • 10 % for 3 participants,
  • 15 % for 4 participants,
  • and a generous 20% discount for groups of more than 5 participants

Additional information: Bojan Varga, e-mail: bojan.varga@siq.si

Enquiry for closed groups
Pay the registration fee no later than three days before the training, unless otherwise stated, to the account of SIQ Ljubljana SI56 02922-0012897988 opened with NLB, d.d. Reference: 18742.

We value and reward your loyalty

That is why we are introducing the Loyalty Bonus to reward our loyal participants.

More about loyalty bonus