Contacts Customer login
ENG
Search
ENG
Back
Back to the list of services

Online course: The Role of Management in Implementing Information Security Requirements in Civil Aviation

30. 06. 2025
💡 This course is part of the Academy of Information Security in Civil Aviation - PART-IS Manager training.
The training is intended for the management of organizations in the aviation sector that are obliged to implement requirements in accordance with the EASA PART-IS regulation. The program provides an overview of the requirements from IS.I.OR.100 to IS.I.OR.260, which directly relate to the responsibilities of management in establishing, implementing, monitoring, and improving the Information Security Management System (ISMS).
Through two structured blocks, participants will gain a clear understanding of the strategic, managerial, and supervisory obligations imposed on management by the regulations. Special emphasis is placed on topics such as establishing the ISMS, defining policies and responsibilities, risk management, contractual implementation of the ISMS, and continuous improvement. The program also addresses the role of management in handling incidents and cooperating with competent authorities and external providers.

Lecture Content

The training is divided into two learning blocks, each lasting 90 minutes:

  • Strategic Responsibility and ISMS Establishment
  • Operational Oversight, Compliance, and ISMS Improvements

➤ Strategic Responsibility and ISMS Establishment

This topic addresses the fundamental role of management in establishing and developing the Information Security Management System (ISMS) within civil aviation organizations. The requirements from IS.I.OR.100 to IS.I.OR.200 are explained in detail, with emphasis on the strategic obligations of top management.
The content includes management activities related to understanding the organization's context, defining the expectations of interested parties, adopting an information security policy, and setting ISMS objectives and priorities. The stated requirements clearly emphasize that it is the management’s responsibility to establish the foundations enabling compliance with legal and security obligations.
The topic also explains how management ensures necessary resources, assigns responsibilities, makes key decisions, and creates conditions for the effective functioning of the system. Particular emphasis is placed on the formal adoption and regular review of the ISMS policy, as well as aligning all activities with the strategic direction of the organization.
By analyzing regulatory requirements and expected procedures, this section enables understanding of how management's strategic decisions affect the security culture, resilience level, and overall effectiveness of information security management in accordance with PART-IS.I.OR.

➤ Operational Oversight, Compliance, and ISMS Improvements

This topic provides a detailed overview of the key responsibilities of management in implementing, overseeing, and continuously improving the Information Security Management System (ISMS), in accordance with the requirements from IS.I.OR.205 to IS.I.OR.260. The focus is on management’s operational activities to ensure the system is not only formally established but functions effectively and meets regulatory expectations.
The content covers risk management, decision-making based on internal reports, oversight of incidents and their reporting, and timely implementation of corrective actions. Management's responsibility is particularly emphasized in cases where appropriate action must be taken regarding security events that may affect aviation safety.
The topic also addresses oversight of external providers and contractual partners, monitoring their reliability and capability to meet security requirements, and the need for formal evidence of assumed responsibility. Additionally, it covers management’s obligation to regularly assess the maturity of the ISMS and define measures for its further improvement.
Taken as a whole, this section helps understand how management ensures the operational functioning of the ISMS through systematic oversight, compliance monitoring, and promoting continuous improvements in accordance with the obligations of PART-IS.I.OR.

Who Should Attend This Training?

The training is intended for members of top management, heads of safety and compliance departments, heads of organizational units responsible for information security, and those ensuring compliance with EASA PART-IS requirements. It is also recommended for members of supervisory boards and internal auditors who oversee ISMS operations within the organization.

Learning Outcomes

Upon completion of the training, participants will be able to:

  • understand the strategic role of management in establishing the ISMS,
  • connect regulatory requirements with the organization’s business objectives,
  • identify management responsibilities in incident handling and risk management,
  • understand the importance of cooperation with competent authorities and contractual partners,
  • supervise continuous ISMS improvements based on feedback and monitoring results.      

Literature

  • EASA Easy Access Rules for Information Security (PART-IS) – Edition 2024
  • ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection — Information security management systems — Requirements

Discounts

We offer attractive discounts for group registrations. The applicable rates are as follows:

  • 5 % discount for 2 participants,
  • 10 % for 3 participants,
  • 15 % for 4 participants,
  • and a generous 20% discount for groups of more than 5 participants

Additional information: Bojan Varga, e-mail: bojan.varga@siq.si

Enquiry for closed groups
Pay the registration fee no later than three days before the training, unless otherwise stated, to the account of SIQ Ljubljana SI56 02922-0012897988 opened with NLB, d.d. Reference: 18736.

We value and reward your loyalty

That is why we are introducing the Loyalty Bonus to reward our loyal participants.

More about loyalty bonus