Sorry, you need to enable JavaScript to visit this website.

EASA PART-IS: First steps for organizations to strengthen their cybersecurity

EASA PART-IS: First steps for organizations to strengthen their cybersecurity
Monday, February 03, 2025
Suscribirse a canal de noticias Noticias Aesa

 

AESA offers you key aspects for the implementation phase of the EASA PART-IS Regulation.

Madrid, 03 February 2025 (AESA)

Delegated Regulations 2022/1645 and Implementing Regulations 2023/203 incorporate essential requirements for the deployment of an information security management system (ISMS) addressing information security risks and their impact on aviation security, based on a continuous improvement approach. The dates of application of these Regulations are 16 October 2025 and 22 February 2026, respectively. 

To ensure a successful implementation of this ISMS management system, it is crucial that organizations establish, as a starting point, the ISMS framework by ensuring that the key and main processes of the management system are operational by the dates of entry into force of the aforementioned Regulations. 

The following are the key milestones to be developed in the current phase of implementation of the Regulations, with the aim of ensuring regulatory compliance and strengthening information security: 

  1. Define the Scope of ISMS: Identify critical assets, processes and systems that need to be protected.
     
  2. Appoint those responsible: Assign clear roles and responsibilities in managing information security.
     
  3. Define the ISMS Policy: Clearly establish the principles, objectives and commitments in information security aligned with the regulations.
     
  4. Adopt a Risk Management Framework: Implement a methodology and its associated processes for the identification, evaluation and mitigation of risks in information security.
     
  5. Managing Incidents: Establish procedures for the detection, notification and resolution of security incidents.
     
  6. Implement Reporting Mechanisms:
  • Internal: For efficient communication between the different levels of the organization.
     
  • External:To comply with regulatory requirements and coordinate with competent authorities.

Implementing these phases will not only ensure compliance with applicable regulations, but will also strengthen the organisation's position against cybersecurity risks, protecting its critical assets, operational security and operational continuity in an increasingly digitalised, interconnected environment with a rapidly changing cyber threat landscape.