Loading...
ICT Readiness for Business Continuity Coordinator
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • ICT Resilience Design – create strategies and architectures ensuring ICT continuity under disruption.
  • Requirements Translation – translate business continuity metrics (RTO, RPO, MBCO) into ICT system specifications.
  • Continuity Planning – develop and document an ICT continuity plan
  • Validation & Testing – carry out tests, exercises, and audits, and interpret results to enhance ICT readiness.
  • Governance & Leadership – guide leadership in evaluating IRBC performance, resource allocation, and ongoing alignment.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Basic understanding of business continuity principles and ICT dependency;
  • Familiarity with ISO/IEC 27001 and ISO 22301 concepts;
  • Awareness of ICT incident and disruption scenarios and related response mechanisms.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – Strong knowledge of ISO/IEC 27031:2025 and ISO 22301, with specific experience in integrating ICT resilience into business continuity management systems.
  • Certifications – Recommended certifications include ISO/IEC 27001 Lead Auditor or Implementer; familiarity with ICT continuity or resilience frameworks is desirable.
  • Training & Practical Experience – At least 2–3 years of hands‑on experience in managing ICT readiness and resilience, and delivering engaging, practical training in ICT continuity.
Objectives to achieve: The course aims to achieve the following objectives:
  • Understand the role and scope of ISO/IEC 27031:2025 in supporting ICT readiness within a BCMS.
  • Convert business continuity requirements (RTO, RPO, MBCO) into ICT‑specific conditions and resilience criteria.
  • Design ICT continuity strategies (e.g., backups, replication, redundancy, cloud solutions) aligned with business objectives.
  • Develop a structured ICT continuity plan with defined triggers, roles, and technical measures.
  • Implement testing, exercises, audits, and define MBCO thresholds to validate ICT readiness.
  • Clarify leadership responsibilities for IRBC governance and continuous improvement.
ISMS Performance Evaluator
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Analytical Assessment – analyze and evaluate the effectiveness of existing ISMS controls.
  • Measurement and Interpretation – define and use indicators to ensure compliance with requirements.
  • Continuous Improvement – systematically introduce improvements based on measurement results, including proposing action plans.
  • Strategic Alignment – ability to connect ISMS measurement results with the organization’s goals.
  • Advisory Capability – competence in preparing reports and recommendations that support decision-making at the management level.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Basic understanding of information security principles (confidentiality, integrity, availability),
  • Familiarity with ISO/IEC 27001 structure and key requirements (especially clause 9.1),
  • Ability to interpret simple statistical indicators and percentages in business contexts.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – In-depth knowledge and practical experience with the ISO 27036 series (Parts 1–4), covering supplier relationships and information security throughout the supplier lifecycle.
  • Certifications – Recommended certifications include ISO/IEC 27001 Lead Auditor or Implementer, with familiarity with ISO 27036:2021–2023.
  • Training & Practical Experience – At least 2–3 years in managing information security in supplier relationships and delivering interactive workshops.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand and apply the requirements of ISO/IEC 27001:2022 and ISO/IEC 27004:2016 for ISMS monitoring and measurement.
  • Develop a structured approach to evaluating ISMS performance and interpreting results.
  • Apply techniques for continuous improvement based on performance indicators.
  • Learn to identify ineffective controls and propose alternative measures based on measurement results.
  • Develop the ability to link performance metrics with the organization’s strategic objectives and reporting to top management.
ISMS Document Compliance Consultant
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Structure and write ISMS documents that meet compliance and operational usability requirements.
  • Create and maintain policies, procedures, records, and registers aligned with ISO/IEC 27001 and ISO 10013.
  • Support audit preparation by organizing and presenting documented information effectively.
  • Evaluate the consistency, completeness, and traceability of ISMS documentation.
  • Apply documentation management techniques including version control, review cycles, and archival rules.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Participants are expected to have the following basic knowledge.
  • Basic understanding of ISMS principles and ISO/IEC 27001:2022 structure,
  • Familiarity with the concepts of documentation, policies, and procedures in management systems,
  • General knowledge of internal audits and compliance requirements.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – Solid expertise in ISO/IEC 27001:2022, ISO 10013:2021, and related documentation standards within information security management.
  • Certifications – Recommended certifications include ISO/IEC 27001 Lead Auditor or Implementer; additional qualifications in documentation or quality management are an advantage.
  • Training & Practical Experience – Minimum of 2–3 years of experience in designing, maintaining, and auditing ISMS documentation, with proven training delivery in this domain.
Objectives to achieve: The course aims to achieve the following objectives:
  • Develop the ability to create, maintain, and evaluate ISMS documentation in compliance with ISO/IEC 27001:2022.
  • Understand the role of documented information in internal and external audits and certification readiness.
  • Learn to distinguish between policies, procedures, records, and plans, and apply the appropriate structure and format.
  • Improve skills for aligning documentation with real business processes and risk management requirements.
  • Gain competence in preparing complete documentation sets to demonstrate operational and audit compliance.
Supplier Information Security Manager
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Standards Application – apply ISO 27036-1 to 4 guidelines in managing supplier relationships,
  • Risk Assessment – identify, assess, and prioritize supplier-related information security risks,
  • Control Implementation – select and apply appropriate security controls throughout supplier engagement,
  • Supply Chain Security – manage visibility, traceability, and security across hardware and software supply chains,
  • Cloud Security Management – manage information security risks in cloud-based services.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:

  • Basic understanding of information security management and supplier risk concepts,
  • Familiarity with ISO/IEC 27001 terminology and principles,
  • Awareness of the role and importance of third-party/vendor security.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – In-depth knowledge and practical experience with the ISO 27036 series (Parts 1–4), covering supplier relationships and information security throughout the supplier lifecycle.
  • Certifications – Recommended certifications include ISO/IEC 27001 Lead Auditor or Implementer, with familiarity with ISO 27036:2021–2023.
  • Training & Practical Experience – At least 2–3 years in managing information security in supplier relationships and delivering interactive workshops.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand key requirements and guidelines of ISO 27036‑1 to 4 for supplier relationship security,
  • Identify and assess information security risks associated with different types of supplier relationships,
  • Implement suitable controls throughout the supplier lifecycle,
  • Address hardware, software, and cloud service supply chain guidance per ISO 27036‑3 and ISO 27036‑4,
  • Develop strategies for secure communications, visibility, and risk management with suppliers.
Information Security Controls Coordinator according to ISO/IEC 27002
Description: After completing the course, participants will be able to demonstrate the following competences:

  • Analytical Assessment – analyze the structure and purpose of ISMS controls,
  • Risk Integration – connect controls to the results of risk assessments,
  • Implementation Coordination – coordinate the selection and adaptation of controls within the ISMS,
  • Performance Evaluation – assess control effectiveness through practical evaluations,
  • Strategic Advisory – provide recommendations to management for aligning controls with ISO/IEC 27001 requirements.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of information risk and ISMS principles,
  • Familiarity with the context and terminology of ISO/IEC 27001 and ISO/IEC 27002,
  • Ability to understand the classification and function of ISMS controls.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
 
  • Subject Matter Expertise – In-depth knowledge and practical experience with controls defined in ISO/IEC 27002:2022 and their application within ISMS frameworks.
  • Certifications – Recommended certifications include ISO/IEC 27001 Lead Auditor/Implementer, along with familiarity with ISO/IEC 27002.
  • Training & Practical Experience – At least 2–3 years of experience in implementing and coordinating information security controls within organizations, as well as delivering hands-on training.
Objectives to achieve: The course aims to achieve the following objectives:
  • Gain an overview of all 93 controls defined in ISO/IEC 27002:2022, understand their purpose, structure, and classification, and learn how they support the overall objectives of an effective ISMS.
  • Master the principles of aligning controls with risk management results,
  • Learn how to identify, adapt, and coordinate the implementation of controls within the organization,
  • Develop the ability to evaluate control effectiveness through practical exercises,
  • Connect the implementation of controls with the strategic requirements of ISO/IEC 27001 through the role of a controls coordinator.

Compliance Manager for Common security requirements for radio equipment Internet connected radio equipment according to EN 18031-1
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Security Mechanism Implementation – apply EN 18031‑1 security mechanisms (ACM, AUM, SUM, SCM, etc.) in device design and deployment.
  • Risk & Compliance Assessment – evaluate device compliance through defined evaluation criteria and threat analysis.
  • Regulatory Integration – integrate standard implementation into RED compliance and regulatory documentation.
  • Incident & Update Management – develop strategies for secure updates, incident handling, and resilience aligned with the standard.
  • Audit Readiness – prepare devices for conformity assessment, ensuring traceability and evidence for each mechanism.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of information security principles and cyber risk management,
  • Familiarity with standards implementation approaches and regulatory compliance,
  • Awareness of cybersecurity challenges in networked or connected devices.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise – Deep knowledge of EN 18031‑1:2024, including its role in ensuring cybersecurity of internet-connected radio equipment
  • Certifications – Suggested credentials include ISO/IEC 27001 Lead Auditor or Implementer, with additional qualifications in cybersecurity or radio equipment standards.
  • Training & Practical Experience – Minimum of 2–3 years working with cybersecurity regulatory compliance, and experience delivering interactive practical sessions.
Objectives to achieve: The course aims to achieve the following objectives:
  • Understand the scope, key terms, and overarching goals of EN 18031‑1:2024, including its alignment with RED cybersecurity obligations,
  • Interpret specific security mechanisms such as access control, authentication, secure updates, data protection, network monitoring, and assess their role in device cybersecurity,
  • Apply risk assessment techniques and evaluation criteria for compliance with the standard.
  • Develop skills in planning and coordinating implementation of required mechanisms in connected radio devices.
  • Enable participants to manage regulatory compliance and readiness for audits or certification under the RED framework for devices.
Academy of Information Security in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Implement and manage ISMS documentation and processes in civil aviation.
  • Conduct risk analysis and compliance assessments based on PART-IS requirements.
  • Plan and perform internal audits for aviation-specific information security systems.
  • Prepare and manage response to information security incidents and business continuity scenarios.
  • Coordinate with aviation authorities and demonstrate regulatory compliance.
  • Lead information security initiatives within aviation organizations.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • General understanding of information and cybersecurity principles.
  • Familiarity with aviation processes and operational structure.
  • Basic knowledge of risk and compliance concepts in regulated sectors.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Advanced knowledge of ISO/IEC 27001:2022 and ISO 19011, with experience in change control, nonconformity management, and continual improvement processes.
  • Certifications – Recommended credentials include ISO/IEC 27001 Lead Auditor or Implementer, with practical experience in ISMS improvement cycles and corrective action systems.
  • Training & Practical Experience: At least 2–3 years of hands-on experience managing ISMS changes, internal audits, and improvement planning in civil aviation or other regulated industries.
Objectives to achieve: This program is intended to train professionals in the implementation and evaluation of information security in civil aviation according to PART-IS and ISO standards:
 
  • Develop a comprehensive understanding of PART-IS information security obligations and ISO/IEC 27001, ISO/IEC 27005 and ISO/IEC 27035 standards,
  • Enable structured implementation of ISMS controls, audits, risk assessments, and incident response procedures in civil aviation,
  • Build the ability to manage ISMS documentation lifecycle, regulatory communication, and organizational improvement,
  • Strengthen operational readiness for audits, inspections, and post-incident recovery,
  • Train professionals to lead information security coordination roles aligned with PART-IS and EU regulatory requirements.

Management of Changes and Improvements of the Information Security Management System in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Coordinate and manage ISMS change activities and corrective/preventive actions,
  • Evaluate audit findings and trigger improvement measures based on objective evidence,
  • Maintain structured documentation for tracking changes, nonconformities, and actions taken,
  • Facilitate communication of changes and ensure alignment with ISMS objectives,
  • Contribute to continual improvement and performance evaluation of the ISMS in civil aviation.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Basic understanding of ISMS structure and ISO/IEC 27001 clauses,
  • Familiarity with internal audit, nonconformity, and corrective/preventive action terminology,
  • Awareness of civil aviation oversight and documentation processes.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Advanced knowledge of ISO/IEC 27001:2022 and ISO 19011, with experience in change control, nonconformity management, and continual improvement processes.
  • Certifications – Recommended credentials include ISO/IEC 27001 Lead Auditor or Implementer, with practical experience in ISMS improvement cycles and corrective action systems.
  • Training & Practical Experience: At least 2–3 years of hands-on experience managing ISMS changes, internal audits, and improvement planning in civil aviation or other regulated industries.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand how to manage changes within the ISMS in accordance with ISO/IEC 27001 and EASA PART-IS expectations,
  • Learn methods for identifying nonconformities, planning corrective actions, and monitoring effectiveness,
  • Develop skills to initiate, control, and document improvement actions across ISMS components,
  • Enable participants to establish effective review cycles, improvement indicators, and change communication processes,
  • Support alignment between ISMS maturity development and aviation sector regulatory obligations.
 

Information Security Incident Management in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Identify, classify, and record information security incidents within an ISMS,
  • Apply escalation procedures and coordinate containment, response, and recovery,
  • Communicate with relevant stakeholders and regulatory bodies during and after incidents,
  • Document incidents using structured formats for traceability and audit readiness,
  • Evaluate incident trends and apply corrective and preventive actions for continual improvement.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
  • Basic understanding of ISMS concepts and information security incidents,
  • Familiarity with ISO/IEC 27001 and incident-related terminology,
  • Awareness of aviation operational context and PART-IS regulatory requirements
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Proven expertise in ISO/IEC 27035‑1:2023 and ISO/IEC 27001:2022 with specific application in aviation environments.
  • Certifications: Recommended certifications include ISO/IEC 27001 Lead Implementer or Incident Manager; experience with aviation security incidents is a strong advantage.
  • Training & Practical Experience: Minimum 2–3 years of experience in leading or coordinating information security incident handling processes, preferably in civil aviation or regulated sectors.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand incident management principles based on ISO/IEC 27035‑1:2023 and EASA PART‑IS,
  • Identify, report, assess, and respond to information security incidents effectively,
  • Learn to manage incident workflows, escalation, containment, and post-incident analysis,
  • Document incidents, corrective actions, and lessons learned for ISMS improvement,
  • Support compliance with regulatory expectations and readiness for oversight inspections.
Internal Audit of Information Security in Civil Aviation
Description: After completing the course, participants will be able to demonstrate the following competences:
 
  • Plan and perform ISMS internal audits aligned with ISO 19011 and aviation-specific requirements,
  • Evaluate the adequacy and effectiveness of ISMS controls and documentation,
  • Conduct objective interviews, collect audit evidence, and record audit findings,
  • Communicate results clearly to stakeholders and support corrective actions,
  • Contribute to ISMS maturity through structured internal oversight and feedback.
Previous skills/knowledge: Participants are expected to have the following basic knowledge:
 
  • Basic knowledge of ISO/IEC 27001 and internal audit processes,
  • Familiarity with documentation and control implementation in ISMS,
  • General awareness of the aviation regulatory environment and PART-IS expectations.
Authorized Partners:
TRAINING LINK
Teaching requirements: Trainers should meet the following requirements:
  • Subject Matter Expertise: Strong understanding of ISO/IEC 27001:2022, ISO 19011:2018, and EASA PART‑IS internal audit requirements.
  • Certifications: ISO/IEC 27001 Lead Auditor or Internal Auditor certification is required; experience with ISMS audits in aviation is preferred.
  • Training & Practical Experience: Minimum 2–3 years of experience conducting ISMS audits, including planning, execution, reporting, and follow-up in regulated sectors.
Objectives to achieve: The course aims to achieve the following objectives:
 
  • Understand the principles of internal auditing based on ISO 19011 and PART‑IS requirements,
  • Learn how to plan, conduct, report, and follow up on ISMS internal audits in civil aviation,
  • Develop skills for evaluating conformity, effectiveness, and risks within the ISMS,
  • Gain competence in gathering audit evidence, documenting findings, and presenting conclusions,
  • Enable participants to support continuous improvement and prepare for external oversight audits.