3 day course
£1,350 GBP excl. VAT
Classroom & Online
London Gatwick
09:00-17:00 UK time
Course Overview
This 3-day course provides National Aviation Authority inspectors and industry delegates with the regulatory, technical and operational tools to conduct or support Part-IS implementation and oversight. It combines interactive case studies, scenarios, and real-world exercises to explore all aspects of ISMS evaluation, control and continuous improvement.
Participants will develop an understanding of Part-IS IS.AR and IS.OR provisions, and how to assess ISMS governance, risk mitigation strategies, supply chain resilience, and post-incident recovery planning. The course also addresses how oversight bodies conduct audits, assess competence, and ensure industry readiness. The training covers all key elements of Part-IS oversight, including asset identification, supply-chain risk management, incident reporting, staff competence, and ISMS maturity assessment, enabling inspectors to perform effective, consistent, and regulation-aligned inspections.
This course is ideal for both regulatory inspectors and aviation industry professionals responsible for cyber and information security.
- Gain practical competence in the regulatory oversight and internal management of information security in civil aviation
- Engage in enforcement scenarios, audit simulations, and cross-sector case studies
Choose Your Course Date
| Start Date | End Date | Venue | Price (Excl. VAT) | Availability | Book |
|---|---|---|---|---|---|
| 01/06/2026 | 03/06/2026 | Online | £1,350.00 | More than 5 places | Book |
What is Part-IS and why does it matter?
Part-IS establishes the regulatory framework for the oversight and implementation of Information Security Management Systems (ISMS) within aviation. It supports resilience to cyber threats, ensures continuity of aviation services, and aligns with the broader cybersecurity legal framework including NIS2, EU 2022/1645, and EU 2023/203. As of 2025, authorities and service providers must demonstrate compliance through robust governance, threat identification, incident response, and oversight capabilities.
- National Aviation Authority (NAA) inspectors, auditors, and safety/security officers
- Airline, ANSP, MRO, OEM and airport professionals involved in ISMS governance, risk, and compliance
- Cybersecurity managers and safety/compliance personnel involved in Part-IS implementation or readiness assessments
- Those responsible for supply chain oversight, staff vetting, or audit preparation under cyber regulations
By the end of this course, delegates will be able to:
- Understand why the regulation is needed, including the increasing threat of cyberattacks and the necessity for resilient information security frameworks within aviation operations.
- Interpret and apply the EASA regulatory framework, particularly Part-IS and its alignment with broader cyber legislation such as NIS2, EU 2022/1645, and EU 2023/203.
- Understand the structure and content of the EASA Framework, including how it relates to information security and safety oversight.
- Evaluate an organisation’s Information Security Management System (ISMS) against the requirements of IS.AR (Authority Requirements) and IS.OR (Organisation Requirements).
- Assess the governance structures, policies, and risk control measures required under Part IS Organisation Requirements (IS.OR), including asset identification, threat modelling, detection capability, and incident recovery planning.
- Apply the Authority Requirements (IS.AR) in conducting inspections, audits, and regulatory enforcement, ensuring compliance readiness across the aviation sector.
- Overview of the Part-IS framework and the link to NIS2 and safety regulation
- Governance: Accountable management, policies, and organisational readiness
- ISMS lifecycle: Asset scoping, threat modelling, and control assessment
- Operational resilience: Incident response, detection, and business continuity
- Supply chain and human factors: third-party assurance and staff trustworthiness
- Conducting regulatory inspections, reporting, and enforcement
- Scenario-based exercises: including a full ISMS audit simulation and breach recovery case study
A background in aviation safety, cyber or risk management is recommended.
Familiarity with Safety Management Systems (SMS) or compliance frameworks is an advantage.
Pre-course documentation includes:
- Summary of Part-IS regulation
- ISMS maturity checklist
- Case study brief
Meet your Instructors
Jonathan Haskoll
Aviation Cybersecurity Oversight
Jonathan joined the UK CAA in 2019 and spent 5 years delivering cybersecurity oversight of aviation. He primarily focused on aerodromes and Air Navigation Service Providers through the UK’s Cybersecurity Oversight Process for Aviation CAP1753, before joining the Cybersecurity Policy team in 2024, setting regulatory direction across the UK aviation industry and providing guidance and expertise to organisations across the range of applicable cyber regulations.
Before joining the UK CAA, Jonathan spent 15 years in the UK Civil Service, holding positions within the Department for Transport, DEFRA and the Cabinet Office, implementing oversight regimes and overseeing compliance with security and cybersecurity regulations across Critical National Infrastructure sectors.
Jonathan’s certifications include GIAC Strategic Planning, Policy, and Leadership (GSTRT) and ISMS Lead Auditor (CIS LA).
Additional Information
Course delivery methods
- Instructor-Led Virtual Course: Enjoy the flexibility of attending this training remotely from your home or office with our live virtual course. Engage in interactive learning from anywhere in the world. We deliver our virtual courses via Microsoft Teams, Zoom, and Webex. Once your booking is confirmed, we will notify you of the platform on which your selected course will be hosted. To attend this course virtually, look for the ‘online’ venue option in the booking table above.
- Face-to-Face Classroom Course: Embrace the traditional learning method by attending our physical training venue. Benefit from direct interaction with our instructors and fellow participants, creating an immersive and hands-on learning experience. To book a classroom course, please check the booking table at the top of this page and select your preferred training venue location.
If you can’t see an upcoming course date, we likely haven’t released the next set of dates. Please get in touch to find out when we’ll announce the new dates, and we’ll be sure to keep you informed once they are available or even add you to our waiting list.
In-company delivery
We can also tailor this training course to suit your organisation’s training requirements. These bespoke training packages can be delivered at your organisation’s location – almost anywhere, worldwide. Please Contact us for more information and to discuss your requirements.
VAT information
Please ensure you have your company VAT number available when booking. For additional information regarding VAT please click here.
FAQs
To help make your decision about booking training with CAAi, we have put together a list of frequently asked questions.
If your question isn’t answered, please get in touch and speak to a member of our training team.
Photo Gallery
Course photos coming soon.
Questions and Answers
Course Reviews
No reviews yet
Other courses you might be interested in
Cybersecurity Culture in Aviation
Better understand cybersecurity culture, outlines essential elements, and illustrates how implementing a positive cybersecurity culture will help maintain the integrity of aviation security within entities responsible for managing their own security risks.
EASA Part-IS Familiarisation
Gain a clear understanding of the basic elements of the EU Part-IS regulatory framework for aviation information security.
Let’s talk
If you’d like to speak with us about your training requirements,
our friendly team are here to help.
