Part-IS
Advisory
Information security compliance for aviation organisations, navigating Part-IS requirements with practical, operationally grounded guidance.
Book a consultation →
EASA Part-IS is in force. The UK is evolving its own ISMS regulation.
Part-IS (Information Security) regulation requires aviation organisations to establish, implement, and maintain an information security management system. EASA Part-IS is being enforced across EASA jurisdictions today. The UK CAA is instead developing a UK-equivalent ISMS regulation. Organisations operating under EASA face active enforcement now; those regulated by the UK CAA should anticipate similar obligations as the UK rule takes shape.
Information security, aviation-grounded
Part-IS introduces mandatory information security requirements covering airlines, ATOs, maintenance organisations, and airports. The regulation requires a risk-based approach to identifying and managing threats that could affect aviation safety.
Establish and maintain an ISMS proportionate to the size and complexity of your organisation, covering policies, procedures, roles, and responsibilities for information security.
Identify information security risks with potential impact on aviation safety, assess their severity, and implement proportionate treatment measures. Document your risk register and review cycle.
Implement procedures for detecting, reporting, and responding to information security events. Establish internal and external reporting channels aligned with regulatory requirements.
Assess and manage information security risks arising from contracted activities and supply chain relationships. Ensure your partners and suppliers meet your security baseline.
Practical advisory,
not shelf-ware
SIMFX® builds what is practical and maintainable, not generic compliance matrices. We work with your organisation to meet these obligations without unnecessary complexity.
Gap Analysis
We assess your current information security posture against Part-IS requirements, identifying gaps and prioritising remediation. A clear, actionable report, not a generic matrix.
ISMS Development
For organisations building an ISMS from the ground up, a structured implementation framework tailored to your operational scale, practical and maintainable from day one.
Ongoing Assurance
Risk register reviews, incident response readiness, and audit preparation as the regulatory environment matures. Compliance is not a one-time exercise.
Book a consultation →