Loading...
Information Security Incident Management in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Identify, classify, and record information security incidents within an ISMS,
  • Apply escalation procedures and coordinate containment, response, and recovery,
  • Communicate with relevant stakeholders and regulatory bodies during and after incidents,
  • Document incidents using structured formats for traceability and audit readiness,
  • Evaluate incident trends and apply corrective and preventive actions for continual improvement.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of ISMS concepts and information security incidents,
  • Familiarity with ISO/IEC 27001 and incident-related terminology,
  • Awareness of aviation operational context and PART-IS regulatory requirements
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Proven expertise in ISO/IEC 27035‑1:2023 and ISO/IEC 27001:2022 with specific application in aviation environments.
  • Certifications: Recommended certifications include ISO/IEC 27001 Lead Implementer or Incident Manager; experience with aviation security incidents is a strong advantage.
  • Training & Practical Experience: Minimum 2–3 years of experience in leading or coordinating information security incident handling processes, preferably in civil aviation or regulated sectors.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand incident management principles based on ISO/IEC 27035‑1:2023 and EASA PART‑IS,
  • Identify, report, assess, and respond to information security incidents effectively,
  • Learn to manage incident workflows, escalation, containment, and post-incident analysis,
  • Document incidents, corrective actions, and lessons learned for ISMS improvement,
  • Support compliance with regulatory expectations and readiness for oversight inspections.
Internal Audit of Information Security in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Plan and perform ISMS internal audits aligned with ISO 19011 and aviation-specific requirements,
  • Evaluate the adequacy and effectiveness of ISMS controls and documentation,
  • Conduct objective interviews, collect audit evidence, and record audit findings,
  • Communicate results clearly to stakeholders and support corrective actions,
  • Contribute to ISMS maturity through structured internal oversight and feedback.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Basic knowledge of ISO/IEC 27001 and internal audit processes,
  • Familiarity with documentation and control implementation in ISMS,
  • General awareness of the aviation regulatory environment and PART-IS expectations.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Strong understanding of ISO/IEC 27001:2022, ISO 19011:2018, and EASA PART‑IS internal audit requirements.
  • Certifications: ISO/IEC 27001 Lead Auditor or Internal Auditor certification is required; experience with ISMS audits in aviation is preferred.
  • Training & Practical Experience: Minimum 2–3 years of experience conducting ISMS audits, including planning, execution, reporting, and follow-up in regulated sectors.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles of internal auditing based on ISO 19011 and PART‑IS requirements,
  • Learn how to plan, conduct, report, and follow up on ISMS internal audits in civil aviation,
  • Develop skills for evaluating conformity, effectiveness, and risks within the ISMS,
  • Gain competence in gathering audit evidence, documenting findings, and presenting conclusions,
  • Enable participants to support continuous improvement and prepare for external oversight audits.

Information Security Risk Assessment in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Ability to plan and perform risk assessments aligned with ISO/IEC 27005 and ISO 31000,
  • Competence in identifying information assets, threats, vulnerabilities, and impacts,
  • Skill in evaluating likelihood and consequences to determine risk levels,
  • Capability to select and justify appropriate risk treatment measures,
  • Proficiency in documenting and presenting risk analysis outcomes to management and regulators.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of ISO/IEC 27001 and risk-related terminology,
  • Familiarity with aviation safety, ISMS structure, and typical ICT threats,
  • Awareness of regulatory and operational environments in civil aviation.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Expertise in ISO/IEC 27005, ISO/IEC 27001, ISO 31000, and familiarity with EASA PART-IS requirements for risk analysis in aviation.
  • Certifications: Recommended credentials include ISO/IEC 27001 Lead Implementer or Lead Risk Manager, and practical experience with risk assessments in the aviation sector.
  • Training & Practical Experience: Minimum 2–3 years of practical experience in performing and guiding information security risk assessments, particularly in aviation or regulated industries.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles and regulatory requirements for conducting risk assessments in accordance with ISO/IEC 27005 and EASA PART-IS,
  • Develop the ability to define risk criteria and context relevant to aviation organizations,
  • Learn to identify, analyze, evaluate, and treat risks using structured and repeatable approaches,
  • Gain skills to document risk registers, communicate results, and support decision-making,
  • Enable participants to align risk analysis results with ISMS objectives, business goals, and regulatory expectations.

ISMS Documentation Management in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Ability to design ISMS documentation tailored to aviation requirements and aligned with ISO/IEC 27001,
  • Competence to develop policies, procedures, and templates that are both compliant and operationally useful,
  • Capability to manage and maintain versioning, approval, and accessibility of documented information,
  • Proficiency in preparing documentation for internal and external audits, including oversight body inspections,
  • Skills to assess the usability and improvement needs of ISMS documentation through practical application.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of ISMS principles and ISO/IEC 27001 structure,
  • Familiarity with document types used in management systems (e.g. policies, procedures),
  • General awareness of documentation responsibilities in audits and inspections.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: In-depth knowledge of ISO/IEC 27001:2022, ISO 10013:2021, and regulatory documentation practices in the context of aviation ISMS.
  • Certifications: Recommended certifications include ISO/IEC 27001 Lead Auditor or Implementer; experience in ISO 10013 or PART-IS documentation systems is preferred.
  • Training & Practical Experience: Minimum of 2–3 years of experience in creating, reviewing, and maintaining ISMS documentation in regulated environments, with proven experience in practical training delivery.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand how to design, manage, and evaluate documented information required by ISO/IEC 27001,
  • Gain insight into the role of ISMS documentation in ensuring compliance, audit readiness, and operational functionality,
  • Learn how to structure, control, and interlink different types of ISMS documentation such as policies, procedures, plans, and records,
  • Acquire skills to develop templates, manage document versions, and maintain documentation integrity across the ISMS lifecycle,
  • Enable participants to demonstrate documentation effectiveness during regulatory or third-party audits.

ISMS Implementation and Regulatory Compliance in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Standards Integration: align aviation ISMS with PART‑IS.I.OR and international security standards,
  • Risk & Incident Management: effectively conduct risk assessments, audits, incident response, and corrective actions within aviation context,
  • Documentation Governance: produce, verify, and maintain ISMS documentation and records according to regulatory and audit requirements,
  • Change & Improvement Leadership: drive continuous ISMS changes and improvement cycles in response to evolving threats and organizational needs,
  • Regulatory Liaison: engage with aviation authorities and external auditors to demonstrate compliance, report incidents, and support oversight.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of information security management systems and risk frameworks in aviation
  • Familiarity with ISO/IEC 27001 fundamentals, risk assessment, incident handling, and documentation
  • Awareness of regulatory obligations under EASA and responsibility roles in aviation governance
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – Comprehensive knowledge of Regulation (EU) 2023/203 – EASA Part‑IS.I.OR and its alignment with ISO/IEC 27001, ISO/IEC 27005, ISO/IEC 27035, and ISO 19011 standards
  • Certifications – Preferred credentials include ISO/IEC 27001 Lead Auditor or Implementer and demonstrated competency in aviation ISMS compliance frameworks
  • Training & Practical Experience – At least 2–3 years of experience working with ISMS implementation 
Objectives to achieve: The course aims to achieve the following objectives:
  • Provide participants with comprehensive understanding of EASA Part‑IS.I.OR scope, structure, and managerial requirements,
  • Equip leaders with the ability to implement ISMS in compliance with PART‑IS.I.OR integrated with ISO/IEC standards,
  • Enable participants to conduct risk assessments, audits, incident management, and continuous improvement actions aligned with aviation safety imperatives
  • Strengthen skills to communicate compliance status and security posture with aviation regulators
  • Support decision-makers in aligning ISMS objectives with organizational goals, regulatory expectations, and operational resilience.
Management of Information Security Implementation in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Ability to develop and endorse ISMS policies, objectives, and resource plans at leadership level,
  • Capability to align regulatory obligations with enterprise risk management and performance indicators,
  • Skill in overseeing incidents, third-party compliance, and change management from a governance perspective
  • Capacity to initiate and evaluate continuous improvement in ISMS maturity and effectiveness,
  • Competence in liaising with regulators and external auditors, and reporting on governance activities.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of management system principles and ISMS foundations,
  • Familiarity with executive responsibilities in organizational governance,
  • Awareness of regulatory compliance and operational accountability in aviation environments.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – strong understanding of EASA PART‑IS.I.OR regulatory requirements (IS.I.OR.100–260) and their practical application within ISMS for the aviation sector
  • Certifications – recommended qualifications include ISO/IEC 27001 Lead Auditor/Implementer or formal training in aviation or ISMS governance standards
  • Training & Practical Experience – at least 2–3 years’ experience advising or overseeing top-management roles in ISMS establishment, risk management, compliance, incident handling, and continuous improvement
Objectives to achieve: The course aims to achieve the following objectives:
  • Understand strategic ISMS obligations of top management under EASA PART‑IS regulations,  
  • Recognize the leadership role in defining context, setting policies, allocating resources, and  establishing operational governance,
  • Learn top-management responsibilities in operational oversight, incident handling, third-party supervision, and continuous improvement,
  • Link regulatory requirements with business objectives and information security outcomes,
  • Enable strategic decisions and proactive engagement in ISMS monitoring, compliance, and  governance processes
Integrated Specialist Program in Information Security Incident Management, Business Continuity, and Disaster Recovery Manager
Description: After completing the course, participants will be able to demonstrate the following competences:
  • Plan and manage a full incident response lifecycle in accordance with ISO/IEC 27035.
  • Detect, classify, report, and resolve information security incidents using structured processes.
  • Define and maintain a Business Continuity Management System (BCMS) in line with ISO 22301.
  • Conduct BIA, assign continuity objectives, and plan effective emergency procedures.
  • Develop and execute disaster recovery strategies aligned with ISO/IEC 27031.
  • Identify critical systems and resources, define RTOs, and assign DR roles and responsibilities.
  • Evaluate incidents and recovery exercises, extract lessons learned, and process improvement.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Familiarity with ISO/IEC 27001 and basic information security principles.
  • Understanding of risk management, organizational resilience, and digital infrastructure.
  • Basic awareness of management systems (PDCA) and their role in maintaining operations.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: deep and broad knowledge of ISO/IEC 27035-1/2/3/4, ISO 22301, ISO/IEC 27031, and proven experience in implementing ISMS, BCMS, and DR frameworks.
  • Certifications: recommended credentials include ISO/IEC 27001, ISO/IEC 27031, and ISO 22301 Lead Implementer or Auditor, and specialized qualifications in incident handling, continuity coordination, and disaster recovery.
  • Training & Practical Experience: minimum of 3 years in the field, covering incident response, BIA and risk analysis, business continuity planning, DR testing and coordination of crisis or recovery teams.
Objectives to achieve: The course aims to achieve the following objectives:
  • Understand the purpose, structure, and interrelation of ISO/IEC 27035, ISO 22301, and ISO/IEC 27031.
  • Gain practical skills in detecting, reporting, analyzing, and responding to information security incidents.
  • Conduct Business Impact Analyses and risk assessments to define continuity priorities.
  • Develop and document business continuity strategies, plans, and communication protocols.
  • Design, implement, and test disaster recovery plans aligned with ICT system dependencies.
  • Lead and coordinate multidisciplinary teams across incident, continuity, and recovery domains.
  • Integrate the outcomes of incident response, continuity operations, and recovery learning into management reviews and improvement processes.

Incident Response and Disaster Recovery (ISO/IEC 27035)
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Develop and document ICT disaster recovery plans based on international standards.
  • Identify critical assets, set recovery time objectives (RTO), and define DR strategies.
  • Coordinate recovery teams and ensure system restoration after disruption.
  • Implement and test disaster recovery procedures.
  • Evaluate DR results and support continuous improvement of recovery readiness.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • General understanding of IT infrastructure and system dependencies.
  • Basic knowledge of business continuity and incident response concepts.
  • Familiarity with risk analysis and the importance of organizational resilience.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: proven knowledge of disaster recovery (DR) strategies, ICT resilience, and alignment with ISO 22301 and ISO/IEC 27031.
  • Certifications: relevant qualifications such as ISO/IEC 27031 Lead Implementer, ISO 22301, or professional certification in disaster recovery or continuity planning.
  • Training & Practical Experience: minimum of 3 years of experience in planning, implementing, and testing DR plans, ICT recovery solutions, and coordination of recovery teams.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles and structure of disaster recovery planning.
  • Gain practical knowledge on how to develop, implement, and test disaster recovery plans.
  • Learn how to align ICT recovery activities with ISO/IEC 27031 and ISO 22301 standards.
  • Identify critical systems and define priorities and recovery objectives.
  • Support the integration of disaster recovery into the wider business continuity strategy.

Incident Management for Business Continuity (ISO/IEC 27035)
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Establish and document a BCMS in accordance with ISO 22301.
  • Perform BIA and define continuity strategies and recovery priorities.
  • Prepare and test recovery plans and procedures.
  • Coordinate crisis response actions and ensure role clarity in emergency teams.
  • Support organizational resilience and compliance with continuity requirements.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Understanding of risk management principles and organizational resilience.
  • Familiarity with core elements of management systems (PDCA, policies, planning).
  • Basic knowledge of ICT infrastructure and its role in operational continuity.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: comprehensive knowledge of business continuity management systems (BCMS), ISO 22301, and integration with ISMS or risk management.
  • Certifications: recommended credentials include ISO 22301 Lead Implementer or Auditor, with experience in BCM planning and exercises.
  • Training & Practical Experience: at least 3 years of practical work in business continuity strategy, BIA, recovery planning, and crisis response coordination.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles and structure of ISO 22301 for business continuity management.
  • Learn how to plan, implement, and maintain a business continuity management system.
  • Gain the ability to conduct business impact analysis (BIA) and risk assessments for continuity.
  • Develop strategies and procedures for response, recovery, and communication.
  • Support continual improvement and ensure organizational resilience in crisis situations.

Information Security Incident Management (ISO/IEC 27035)
Description: After completing the course, participants will be able to demonstrate the following competences:
  • Plan and implement an effective incident response framework based on ISO/IEC 27035.
  • Detect, report, and respond to information security incidents using appropriate procedures.
  • Assign and coordinate roles within incident management and response teams.
  • Utilize digital forensics techniques and tools in incident investigation.
  • Evaluate incident outcomes and support continual improvement processes.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Familiarity with ISO/IEC 27001 and basic principles of information security.
  • Understanding of organizational roles and responsibilities in IT security.
  • General knowledge of digital systems and reporting processes.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: deep knowledge of ISO/IEC 27035-1, -2, -3, -4 and practical experience with incident response procedures.
  • Certifications: recommended certifications include ISO/IEC 27001 Lead Implementer/Auditor and specialized qualifications in incident handling or digital forensics.
  • Training & Practical Experience: minimum of 3 years in managing information security incidents, conducting simulations, and working with response teams and tools.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the structure and purpose of ISO/IEC 27035-1, -2, -3 and -4 standards.
  • Gain practical skills in planning, detecting, reporting, and responding to security incidents.
  • Learn how to structure and lead incident response teams and define their responsibilities.
  • Become familiar with operational procedures and tools used in incident analysis and response.
  • Apply incident learning techniques and support improvement of future response capabilities.