Internal Audit of Information Security in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
- Plan and perform ISMS internal audits aligned with ISO 19011 and aviation-specific requirements,
- Evaluate the adequacy and effectiveness of ISMS controls and documentation,
- Conduct objective interviews, collect audit evidence, and record audit findings,
- Communicate results clearly to stakeholders and support corrective actions,
- Contribute to ISMS maturity through structured internal oversight and feedback.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
- Basic knowledge of ISO/IEC 27001 and internal audit processes,
- Familiarity with documentation and control implementation in ISMS,
- General awareness of the aviation regulatory environment and PART-IS expectations.
Authorized Partners:
Teaching requirements: Trainers should meet the following requirements:
- Subject Matter Expertise: Strong understanding of ISO/IEC 27001:2022, ISO 19011:2018, and EASA PART‑IS internal audit requirements.
- Certifications: ISO/IEC 27001 Lead Auditor or Internal Auditor certification is required; experience with ISMS audits in aviation is preferred.
- Training & Practical Experience: Minimum 2–3 years of experience conducting ISMS audits, including planning, execution, reporting, and follow-up in regulated sectors.
Objectives to achieve: The course aims to achieve the following objectives:
- Understand the principles of internal auditing based on ISO 19011 and PART‑IS requirements,
- Learn how to plan, conduct, report, and follow up on ISMS internal audits in civil aviation,
- Develop skills for evaluating conformity, effectiveness, and risks within the ISMS,
- Gain competence in gathering audit evidence, documenting findings, and presenting conclusions,
- Enable participants to support continuous improvement and prepare for external oversight audits.
