500+ customers place their trust in us – from startups to large companies
EU Regulation for aviation-related companies
What is EASA Part-IS?
The European Union Aviation Safety Agency (EASA) is responsible for the safety of civil aviation in Europe. With the so-called Easy Access Rules - Part-IS, EASA has introduced, for the first time, binding cybersecurity requirements for aviation-related organizations. The goal is to significantly enhance the industry’s resilience against cyberattacks.
Starting in 2025/2026, affected companies will be required to implement these regulations. At its core, the rules mandate the establishment of an Information Security Management System (ISMS) and its documentation in an Information Security Management Manual (ISMM). This makes cybersecurity a mandatory part of regulatory compliance in the aviation sector.
Regulation (EU) 2022/1645 and (EU) 2023/203
Who’s affected and when?
From October 16, 2025
- Manufacturing and design organizations
- Airport operators
- Apron control services
in accordance with Regulation (EU) 2022/1645
From February 22, 2026
- Air carriers
- Maintenance organizations
- Approved training organisation (ATO)
- Air navigation service providers
- Competent authorities including EASA
in accordance with Regulation (EU) 2023/203
Our service
We support aviation-related companies in implementing the requirements of EASA Part-IS, particularly in establishing an Information Security Management System in accordance with the Easy Access Rules - Part-IS.
Our focus is on the structured development of an Information Security Management Manual that clearly documents all required processes, responsibilities, and security measures - tailored to your specific EASA approval (e.g., AOC, CAMO, ATO, airport operator).
Your benefits at a glance
The result
An auditable ISMM that you can submit to the relevant aviation authority after individual customization.
If desired, we go beyond simply creating the document. We provide structured support throughout the entire implementation process.
Creating an ISMM usually takes several months. With our template, you save time, money, and personnel resources.
These challenges we solve for you:
Why choose HvS:
Time pressure & resource shortage
Part-IS must be implemented by 2026 at the latest - but internal expertise or capacity is often lacking.
Uncertainty in approach
Many organizations don’t know how to implement the complex Part-IS requirements in a structured way - we provide clarity with a practical, easy-to-follow roadmap.
Complexity of requirements
EASA requires a resilient ISMS, clearly documented in the ISMM - including all roles, processes, and measures.
Industry-specific requirements
Aviation specifics like AOC or CAMO must be reflected in the ISMM - we know these requirements well from years of collaboration with companies in the sector.
Audit readiness
Authorities demand clear, consistent documentation - our ISMMs are precisely designed to meet these expectations.
Proven templates
You save valuable time and receive a structured template that already covers all regulatory requirements.
Practical consulting
We bring IT security expertise and a deep understanding of aviation regulations directly into your projects.
Efficient project workflow
From the initial gap assessment to the final ISMM documentation, we guide you purposefully and resource-efficiently.
Future-proofing
We ensure that your ISMM remains valid not only today but also for future audits, inspections, and regulatory changes.
Added value through training
Upon request, we offer complementary awareness trainings and courses according to Regulation (EU) 2019/1583 - for sustainable security within your organization.
Provision of the ISMM template
You receive a structured, proven template for an ISMM that covers all requirements of EASA Part-IS. It forms the basis for a swift, compliant implementation and saves valuable time at the project start.
Kick-off and requirements gathering
Based on your information, we develop a customized ISMM that reflects your processes and is specifically tailored to your EASA approval - clearly documented and ready for submission.
Individual
customization
Based on your information, we develop a customized ISMM that reflects your processes and is specifically tailored to your EASA approval - clearly documented and ready for submission.
Need an ISMM? We deliver it.
Together, we create the foundation for an ISMS according to EASA Part-IS.
Our service is aimed at all organizations with an EASA approval – in particular:
- Airports and airlines
- Maintenance and repair organizations
- CAMOs and ATOs
- Aircraft manufacturers and training organizations
- Air traffic control services
Companies without approval that provide services to aviation operators are often indirectly affected and also benefit from a compliant ISMS.
The contents of the ISMM can of course be incorporated into a suitable manual. However, it is important that all requirements (e.g., IS risk management) are fully covered.
We combine deep cyber security expertise with genuine aviation know-how: our team consists not only of ISMS specialists - we are a BSI-recognized audit body for Regulation (EU) 2019/1583, offer certified awareness training, and have practical experience in aviation.
Our managing director is a pilot and flight instructor himself - this helps us understand the requirements and processes in aviation organizations not only theoretically but also from real-life experience.
And: with us, you don’t get a generic template but a proven ISMM manual that we developed together with customers who faced the exact challenge of EASA Part-IS. This results in a tailor-made solution with real added value.
Yes, absolutely. Our ISMM template is modular in design and can be flexibly adapted to the size and complexity of your company.
If there is sufficient interest, we offer an interactive workshop where you will work with our experts to develop a concrete roadmap for implementing the EASA Part‑IS requirements – based on our audit-ready ISMM template.
You will receive a solid introduction in our free webinar on July 9, 2025, where we will present the key requirements of EASA Part‑IS and walk you through our ISMM approach.
Yes, we accompany you not only in creating the ISMM but also support you with practical implementation and the necessary documentation. Whether risk analysis, action planning, or awareness training - we assist you with experience, practical templates, and individualized consulting.
For an effective ISMM according to EASA Part-IS, we recommend a combination of basic awareness training for all employees and advanced training for specific target groups, such as administrators.
Meet the requirements of DVO (EU) 2019/1583 with our tailor-made training courses on cyber security in aviation. Certificates upon completion!
We are a competent auditor for DVO (EU) 2019/1583. As a BSI-recognized testing body, we carry out the test in your company. Contact us for an examination!
Protect your sensitive business information according to best practices.
Externer ISB – erfahren, praxisbewährt, sofort verfügbar. Effiziente ISMS-Unterstützung für IT-Sicherheit & Datenschutz. Jetzt beraten lassen!