The requirements of Regulations (EU) 2022/1645 and 2023/203 oblige approved organisations (DO, PO, CAMO, MO, SPO, ATO) to establish an Information Security Management System (ISMS) in accordance with EASA Part-IS. ACC Aviation Coaching Consulting supports your organisation throughout the entire implementation process – from the initial assessment to the full integration into existing management systems.

1.) OUR SERVICES

1.1 GAP ANALYSIS
Assessment of your organization’s current status against the requirements of EASA Part-IS and the associated Acceptable Means of Compliance (AMC) and Guidance Material (GM).

• Evaluation of existing processes and interfaces (e.g. IT, QMS, SMS)
• Identification of gaps and prioritization of action areas
• Recommendations for efficient implementation

Based on the gap analysis, we also support the preparation of derogations, including determination of the applicable scope, risk assessment, and formulation of the justification towards the competent authority.

1.2 SCOPE DEFINITION
Together with you, we define the relevant organizational and technical scope of applicability:

• Identification of affected organizational entities (DOA, MO/Part 145, CAMO, SPO, etc.)
• Allocation of responsibilities and roles (Information Security Manager, IS Officer/IS Agent, etc.)
• Definition of interfaces with existing systems (QMS, SMS, IT security frameworks)

1.3 RISK ASSESSMENT
Conduct of a risk-based assessment in accordance with Part-IS, tailored to the complexity of your organization:

• Identification of threats, vulnerabilities, and potential impacts
• Risk evaluation based on likelihood and severity
• Definition of mitigation measures and monitoring of their effectiveness

1.4 INFORMATION SECURITY MANAGEMENT MANUAL (ISMM)
Development or revision of the Information Security Management Manual (ISMM) in accordance with Part-IS.

• Harmonization of interfaces between Part-IS and ISO/IEC 27001
• Integration of existing processes (e.g. occurrence reporting, change management)
• Development of supporting checklists and audit evidence documentation

1.5 IMPLEMENTATION SUPPORT
Support during practical implementation within your existing management systems:

• Training of Information Security personnel and management staff
• Adaptation of procedures and working instructions
• Preparation for audits by EASA or National Aviation Authorities (NAAs)

1.6 ADDITIONAL SERVICES UNDER PART-IS

• Development of awareness programs and training concepts
• Creation of interface concepts between SMS, QMS, and ISMS
• Conduct of internal Information Security audits to verify effectiveness
• Support in authority communication (e.g. findings, change notifications)
• Long-term support as external Information Security advisor or compliance partner

2.) YOUR BENEFIT
Through our practice-oriented approach, we integrate information security seamlessly into your organization’s existing processes — efficient, audit-compliant, and fully aligned with regulatory requirements.

Contact us to strategically prepare your organization for compliance with EASA Part-IS.