Loading...
Information Security Risk Assessment in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Ability to plan and perform risk assessments aligned with ISO/IEC 27005 and ISO 31000,
  • Competence in identifying information assets, threats, vulnerabilities, and impacts,
  • Skill in evaluating likelihood and consequences to determine risk levels,
  • Capability to select and justify appropriate risk treatment measures,
  • Proficiency in documenting and presenting risk analysis outcomes to management and regulators.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of ISO/IEC 27001 and risk-related terminology,
  • Familiarity with aviation safety, ISMS structure, and typical ICT threats,
  • Awareness of regulatory and operational environments in civil aviation.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Expertise in ISO/IEC 27005, ISO/IEC 27001, ISO 31000, and familiarity with EASA PART-IS requirements for risk analysis in aviation.
  • Certifications: Recommended credentials include ISO/IEC 27001 Lead Implementer or Lead Risk Manager, and practical experience with risk assessments in the aviation sector.
  • Training & Practical Experience: Minimum 2–3 years of practical experience in performing and guiding information security risk assessments, particularly in aviation or regulated industries.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles and regulatory requirements for conducting risk assessments in accordance with ISO/IEC 27005 and EASA PART-IS,
  • Develop the ability to define risk criteria and context relevant to aviation organizations,
  • Learn to identify, analyze, evaluate, and treat risks using structured and repeatable approaches,
  • Gain skills to document risk registers, communicate results, and support decision-making,
  • Enable participants to align risk analysis results with ISMS objectives, business goals, and regulatory expectations.

ISMS Documentation Management in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Ability to design ISMS documentation tailored to aviation requirements and aligned with ISO/IEC 27001,
  • Competence to develop policies, procedures, and templates that are both compliant and operationally useful,
  • Capability to manage and maintain versioning, approval, and accessibility of documented information,
  • Proficiency in preparing documentation for internal and external audits, including oversight body inspections,
  • Skills to assess the usability and improvement needs of ISMS documentation through practical application.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of ISMS principles and ISO/IEC 27001 structure,
  • Familiarity with document types used in management systems (e.g. policies, procedures),
  • General awareness of documentation responsibilities in audits and inspections.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: In-depth knowledge of ISO/IEC 27001:2022, ISO 10013:2021, and regulatory documentation practices in the context of aviation ISMS.
  • Certifications: Recommended certifications include ISO/IEC 27001 Lead Auditor or Implementer; experience in ISO 10013 or PART-IS documentation systems is preferred.
  • Training & Practical Experience: Minimum of 2–3 years of experience in creating, reviewing, and maintaining ISMS documentation in regulated environments, with proven experience in practical training delivery.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand how to design, manage, and evaluate documented information required by ISO/IEC 27001,
  • Gain insight into the role of ISMS documentation in ensuring compliance, audit readiness, and operational functionality,
  • Learn how to structure, control, and interlink different types of ISMS documentation such as policies, procedures, plans, and records,
  • Acquire skills to develop templates, manage document versions, and maintain documentation integrity across the ISMS lifecycle,
  • Enable participants to demonstrate documentation effectiveness during regulatory or third-party audits.

ISMS Implementation and Regulatory Compliance in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Standards Integration: align aviation ISMS with PART‑IS.I.OR and international security standards,
  • Risk & Incident Management: effectively conduct risk assessments, audits, incident response, and corrective actions within aviation context,
  • Documentation Governance: produce, verify, and maintain ISMS documentation and records according to regulatory and audit requirements,
  • Change & Improvement Leadership: drive continuous ISMS changes and improvement cycles in response to evolving threats and organizational needs,
  • Regulatory Liaison: engage with aviation authorities and external auditors to demonstrate compliance, report incidents, and support oversight.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of information security management systems and risk frameworks in aviation
  • Familiarity with ISO/IEC 27001 fundamentals, risk assessment, incident handling, and documentation
  • Awareness of regulatory obligations under EASA and responsibility roles in aviation governance
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – Comprehensive knowledge of Regulation (EU) 2023/203 – EASA Part‑IS.I.OR and its alignment with ISO/IEC 27001, ISO/IEC 27005, ISO/IEC 27035, and ISO 19011 standards
  • Certifications – Preferred credentials include ISO/IEC 27001 Lead Auditor or Implementer and demonstrated competency in aviation ISMS compliance frameworks
  • Training & Practical Experience – At least 2–3 years of experience working with ISMS implementation 
Objectives to achieve: The course aims to achieve the following objectives:
  • Provide participants with comprehensive understanding of EASA Part‑IS.I.OR scope, structure, and managerial requirements,
  • Equip leaders with the ability to implement ISMS in compliance with PART‑IS.I.OR integrated with ISO/IEC standards,
  • Enable participants to conduct risk assessments, audits, incident management, and continuous improvement actions aligned with aviation safety imperatives
  • Strengthen skills to communicate compliance status and security posture with aviation regulators
  • Support decision-makers in aligning ISMS objectives with organizational goals, regulatory expectations, and operational resilience.
Management of Information Security Implementation in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Ability to develop and endorse ISMS policies, objectives, and resource plans at leadership level,
  • Capability to align regulatory obligations with enterprise risk management and performance indicators,
  • Skill in overseeing incidents, third-party compliance, and change management from a governance perspective
  • Capacity to initiate and evaluate continuous improvement in ISMS maturity and effectiveness,
  • Competence in liaising with regulators and external auditors, and reporting on governance activities.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of management system principles and ISMS foundations,
  • Familiarity with executive responsibilities in organizational governance,
  • Awareness of regulatory compliance and operational accountability in aviation environments.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – strong understanding of EASA PART‑IS.I.OR regulatory requirements (IS.I.OR.100–260) and their practical application within ISMS for the aviation sector
  • Certifications – recommended qualifications include ISO/IEC 27001 Lead Auditor/Implementer or formal training in aviation or ISMS governance standards
  • Training & Practical Experience – at least 2–3 years’ experience advising or overseeing top-management roles in ISMS establishment, risk management, compliance, incident handling, and continuous improvement
Objectives to achieve: The course aims to achieve the following objectives:
  • Understand strategic ISMS obligations of top management under EASA PART‑IS regulations,  
  • Recognize the leadership role in defining context, setting policies, allocating resources, and  establishing operational governance,
  • Learn top-management responsibilities in operational oversight, incident handling, third-party supervision, and continuous improvement,
  • Link regulatory requirements with business objectives and information security outcomes,
  • Enable strategic decisions and proactive engagement in ISMS monitoring, compliance, and  governance processes
Integrated Specialist Program in Information Security Incident Management, Business Continuity, and Disaster Recovery Manager
Description: After completing the course, participants will be able to demonstrate the following competences:
  • Plan and manage a full incident response lifecycle in accordance with ISO/IEC 27035.
  • Detect, classify, report, and resolve information security incidents using structured processes.
  • Define and maintain a Business Continuity Management System (BCMS) in line with ISO 22301.
  • Conduct BIA, assign continuity objectives, and plan effective emergency procedures.
  • Develop and execute disaster recovery strategies aligned with ISO/IEC 27031.
  • Identify critical systems and resources, define RTOs, and assign DR roles and responsibilities.
  • Evaluate incidents and recovery exercises, extract lessons learned, and process improvement.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Familiarity with ISO/IEC 27001 and basic information security principles.
  • Understanding of risk management, organizational resilience, and digital infrastructure.
  • Basic awareness of management systems (PDCA) and their role in maintaining operations.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: deep and broad knowledge of ISO/IEC 27035-1/2/3/4, ISO 22301, ISO/IEC 27031, and proven experience in implementing ISMS, BCMS, and DR frameworks.
  • Certifications: recommended credentials include ISO/IEC 27001, ISO/IEC 27031, and ISO 22301 Lead Implementer or Auditor, and specialized qualifications in incident handling, continuity coordination, and disaster recovery.
  • Training & Practical Experience: minimum of 3 years in the field, covering incident response, BIA and risk analysis, business continuity planning, DR testing and coordination of crisis or recovery teams.
Objectives to achieve: The course aims to achieve the following objectives:
  • Understand the purpose, structure, and interrelation of ISO/IEC 27035, ISO 22301, and ISO/IEC 27031.
  • Gain practical skills in detecting, reporting, analyzing, and responding to information security incidents.
  • Conduct Business Impact Analyses and risk assessments to define continuity priorities.
  • Develop and document business continuity strategies, plans, and communication protocols.
  • Design, implement, and test disaster recovery plans aligned with ICT system dependencies.
  • Lead and coordinate multidisciplinary teams across incident, continuity, and recovery domains.
  • Integrate the outcomes of incident response, continuity operations, and recovery learning into management reviews and improvement processes.

Incident Response and Disaster Recovery (ISO/IEC 27035)
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Develop and document ICT disaster recovery plans based on international standards.
  • Identify critical assets, set recovery time objectives (RTO), and define DR strategies.
  • Coordinate recovery teams and ensure system restoration after disruption.
  • Implement and test disaster recovery procedures.
  • Evaluate DR results and support continuous improvement of recovery readiness.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • General understanding of IT infrastructure and system dependencies.
  • Basic knowledge of business continuity and incident response concepts.
  • Familiarity with risk analysis and the importance of organizational resilience.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: proven knowledge of disaster recovery (DR) strategies, ICT resilience, and alignment with ISO 22301 and ISO/IEC 27031.
  • Certifications: relevant qualifications such as ISO/IEC 27031 Lead Implementer, ISO 22301, or professional certification in disaster recovery or continuity planning.
  • Training & Practical Experience: minimum of 3 years of experience in planning, implementing, and testing DR plans, ICT recovery solutions, and coordination of recovery teams.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles and structure of disaster recovery planning.
  • Gain practical knowledge on how to develop, implement, and test disaster recovery plans.
  • Learn how to align ICT recovery activities with ISO/IEC 27031 and ISO 22301 standards.
  • Identify critical systems and define priorities and recovery objectives.
  • Support the integration of disaster recovery into the wider business continuity strategy.

Incident Management for Business Continuity (ISO/IEC 27035)
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Establish and document a BCMS in accordance with ISO 22301.
  • Perform BIA and define continuity strategies and recovery priorities.
  • Prepare and test recovery plans and procedures.
  • Coordinate crisis response actions and ensure role clarity in emergency teams.
  • Support organizational resilience and compliance with continuity requirements.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Understanding of risk management principles and organizational resilience.
  • Familiarity with core elements of management systems (PDCA, policies, planning).
  • Basic knowledge of ICT infrastructure and its role in operational continuity.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: comprehensive knowledge of business continuity management systems (BCMS), ISO 22301, and integration with ISMS or risk management.
  • Certifications: recommended credentials include ISO 22301 Lead Implementer or Auditor, with experience in BCM planning and exercises.
  • Training & Practical Experience: at least 3 years of practical work in business continuity strategy, BIA, recovery planning, and crisis response coordination.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles and structure of ISO 22301 for business continuity management.
  • Learn how to plan, implement, and maintain a business continuity management system.
  • Gain the ability to conduct business impact analysis (BIA) and risk assessments for continuity.
  • Develop strategies and procedures for response, recovery, and communication.
  • Support continual improvement and ensure organizational resilience in crisis situations.

Information Security Incident Management (ISO/IEC 27035)
Description: After completing the course, participants will be able to demonstrate the following competences:
  • Plan and implement an effective incident response framework based on ISO/IEC 27035.
  • Detect, report, and respond to information security incidents using appropriate procedures.
  • Assign and coordinate roles within incident management and response teams.
  • Utilize digital forensics techniques and tools in incident investigation.
  • Evaluate incident outcomes and support continual improvement processes.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Familiarity with ISO/IEC 27001 and basic principles of information security.
  • Understanding of organizational roles and responsibilities in IT security.
  • General knowledge of digital systems and reporting processes.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: deep knowledge of ISO/IEC 27035-1, -2, -3, -4 and practical experience with incident response procedures.
  • Certifications: recommended certifications include ISO/IEC 27001 Lead Implementer/Auditor and specialized qualifications in incident handling or digital forensics.
  • Training & Practical Experience: minimum of 3 years in managing information security incidents, conducting simulations, and working with response teams and tools.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the structure and purpose of ISO/IEC 27035-1, -2, -3 and -4 standards.
  • Gain practical skills in planning, detecting, reporting, and responding to security incidents.
  • Learn how to structure and lead incident response teams and define their responsibilities.
  • Become familiar with operational procedures and tools used in incident analysis and response.
  • Apply incident learning techniques and support improvement of future response capabilities.

Integrated Specialist Program in Artificial Intelligence Management Systems
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Define, implement, and improve AI management systems aligned with ISO/IEC 42001.
  • Assess, document, and apply AI-specific controls and objectives.
  • Conduct and report AI risk assessments based on ISO/IEC 23894.
  • Perform AI impact assessments considering ethical, technical, and legal impacts.
  • Apply lifecycle thinking in AI system planning, development, and governance.
  • Support inclusive and socially acceptable AI solutions.
  • Establish AI governance structures and ensure cross-functional coordination.

Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Familiarity with ISO/IEC 27001 and basic information security principles.
  • Understanding of risk management, organizational resilience, and digital infrastructure.
  • Basic awareness of management systems (PDCA) and their role in maintaining operations.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: deep and broad knowledge of ISO/IEC 27035-1/2/3/4, ISO 22301, ISO/IEC 27031, and proven experience in implementing ISMS, BCMS, and DR frameworks.
  • Certifications: recommended credentials include ISO/IEC 27001, ISO/IEC 27031, and ISO 22301 Lead Implementer or Auditor, and specialized qualifications in incident handling, continuity coordination, and disaster recovery.
  • Training & Practical Experience: minimum of 3 years in the field, covering incident response, BIA and risk analysis, business continuity planning, DR testing and coordination of crisis or recovery teams.
Objectives to achieve: This program aims to provide participants with comprehensive skills in AI system management, risk, compliance, ethics, and lifecycle implementation:
 
  • Understand and apply ISO/IEC 42001 and ISO/IEC 23894 principles in AI management.
  • Gain skills in designing, implementing, and evaluating AI-specific controls and risk treatments.
  • Identify ethical and legal risks in AI, and incorporate mitigation strategies.
  • Use AI terminology and lifecycle concepts to support governance, risk, and compliance activities.
  • Perform structured AI impact assessments and communicate findings effectively.
  • Align AI objectives with organizational goals and regulatory expectations.
  • Embed ethics and trustworthiness into AI system design and operation
Artificial Intelligence Impact Assessment (AIIA)
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Describe and justify the need for AIIA in different AI contexts.
  • Identify potential harms across legal, ethical, and technical domains.
  • Apply structured approaches for conducting and documenting AIIA.
  • Communicate findings and support mitigation planning.
  • Integrate AIIA results into the organization’s AI governance framework.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Basic understanding of AI functionalities and applications.
  • Familiarity with assessment processes in compliance, data protection, or risk domains.
  • Awareness of legal and ethical risks related to AI systems.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: comprehensive knowledge of AI impact assessment methodologies based on ISO/IEC 42001, ISO/IEC 42005, and regulatory frameworks such as the EU AI Act.
  • Certifications: relevant qualifications in risk assessment, AI governance, and compliance (e.g. ISO/IEC 23894, ISO/IEC 31000, or data protection impact assessment frameworks).
  • Training & Practical Experience: minimum 2–3 years of experience in conducting assessments of AI systems, including legal, ethical, and organizational dimensions.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the purpose and principles of AI impact assessment (AIIA).
  • Learn to identify and evaluate potential negative impacts of AI systems.
  • Become familiar with risk categories such as discrimination, security, and loss of control.
  • Gain skills for applying structured AIIA methodologies and documentation practices.
  • Support regulatory readiness and organizational responsibility in AI deployment.