DVO (EU) 2019/1583 examination

Your goal

You are an airport and looking for a competent examiner for the DVO (EU) 2019/1583 audit.

Our service

As a The Federal Office for Information Security (BSI) is Germany’s national cybersecurity authority, responsible for shaping secure digitalization across the country. It supports organizations on matters of IT and information security and is tasked with protecting critical information infrastructures.BSI-approved service provider, we perform the examination in accordance with DVO (EU) 2019/1583 at your company.

The result

We prepare an examination report including a list of deficiencies, which you can submit to the responsible aviation security authority.

DVO Assessment: Why is it necessary?

Airport operators are required,

within the scope of passenger and baggage screening (§ 5 LuftSiG), insofar as it falls within their area of responsibility,
and as part of their own security measures (§ 8 LuftSiG),

to identify the critical information and communication technology systems (KIKS) used for their purposes.
This obligation is based on Section 1.7.1 of the Annex to Regulation (EU) 2015/1998 in its current version (as amended by Regulation (EU) 2019/1583).

According to Section 1.7.1 of the Annex to Regulation (EU) 2015/1998, KIKS refers to any systems and data whose loss of confidentiality, integrity, or availability could reduce the level of civil aviation security, including in particular:

Electronic communication networks as defined in Article 2(a) of Directive 2002/21/EC (now replaced by Directive (EU) 2018/1972)
A system or a component of interconnected or related systems that—individually or collectively—automatically process digital data based on their programming (as defined in Annex I of the German National Civil Aviation Security Program, version 09/2022)
Digital or analog data that are stored, processed, retrieved, or transmitted by the above-mentioned components for the purpose of their operation, use, protection, or maintenance—provided that the systems, individually or in combination, have an impact on aviation security

The identification and assessment of such KIKS is mandatory and forms the basis for a comprehensive audit report, including a list of findings, for submission to the competent aviation security authority.

The process in detail

Plan and review

Before we start the examination, we establish the framework conditions in an initial meeting in order to provide you with the best possible added value. When can the examination take place? What are your identified KIKS? By when can you provide us with your security documents?

We then create an examination plan so you can start coordinating dates. The examination plan contains all important information about the examination. At what time which meetings will take place, when and to what extent the examination will take place, which KIKS have been selected as samples and who your auditors will be.

Before conducting the interviews, we review your security documents.

The review of them as well as the preparation of the necessary documents will take about 2 - 3 days.

The examination

The inspection is conducted based on the requirements of Regulation (EU) 2019/1583 as currently applicable.
During the inspection, we combine structured interviews with the responsible departments and a technical on-site review including sampling.
The goal is to assess the current implementation status of your organizational and technical security measures, as well as the protection of the KIKS defined in Annex 1.7.
Any deviations or weaknesses will be documented. In addition, you will receive a thorough evaluation of the effectiveness of the measures you have implemented.

The inspection typically takes approximately 3 days (2 x 3 person-days).

Examination report

After the examination has been completed, an examination report including a list of deficiencies is prepared. These documents must be submitted by you to the competent authority.

The examination report contains the following chapters:

Management Summary: Brief summary of the examination results.
Subject of the examination: Brief description of the KIKS
Examination details
Examination plan
Examination body
Examination team
Classification of findings & procedure
- The findings are classified according to DVO (EU) 2019/1583:
  - Serious or significant safety deficiencies.
  - Minor deviations or safety deficiencies.
  - Recommendations
Result of the external examination according to DVO (EU) 2019/1583.
- Assessment of your ISMS and BCMS maturity level as well as a brief justification.
- Final evaluation including conclusion according to the chapters of DVO (EU) 2019/1583.
  - 4 - Investigations
  - 5 - Risk assessment
  - 6.1 - Safety program according to No. 1.7.2 of the Annex of the DVO (EU) 2015/1998
  - 6.2 - Prevention
  - 6.3 - Detection
  - 6.4 - Reaction
  - 7 - Approval / Testing
  - 8 - Incident handling
  - 9 - Reliability checks
  - 10 - Training
  - 11 - Monitoring
Findings: Detailed description of findings
Records of the examination

You want to hire us to perform the assessment according to DVO (EU) 2019/1583?

Let us find out in a web meeting if your expectations harmonize with our services.

Yes, I would like to learn more!

Ja ich möchte mehr erfahren

Other services you might be interested in

Meet the requirements of DVO (EU) 2019/1583 with our tailor-made training courses on cyber security in aviation. Certificates upon completion!

Our ISMM meets all the requirements of EASA Part-IS — ideal for aviation companies. Customizable, ready to deploy, with optional implementation support.

Protect your sensitive business information according to best practices.

Assessment under Regulation (EU) 2019/1583