Deliver better Quality, gain higher revenue
We are your number one partner for those leading MRO Shops that want to leave the competition far behind.
Read more
Home Blog The Role of Part-IS in Part-145

The Role of Part-IS in Part-145

Securing Maintenance and Continuing Airworthiness

In an era where cyber threats are increasingly sophisticated, organizations in the aviation maintenance and continuing airworthiness domain must prioritize information security to ensure safety and operational continuity. Recognizing this need, the European Union introduced Part-IS, a regulatory framework mandating the implementation of an Information Security Management System (ISMS).

This article explores how maintenance organizations can adopt Part-IS to safeguard their operations while maintaining compliance with industry standards.

What is Part-IS?

Part-IS, formalized under Commission Implementing Regulation (EU) 2023/203 and Commission Delegated Regulation 2022/1645, extends the principles of traditional Safety Management Systems (SMS) to encompass cybersecurity risks.

By implementing an ISMS, organizations can:

  • Prevent unauthorized access, data breaches, and cyber-attacks.
  • Protect critical aviation systems, networks, and data.
  • Ensure safe and secure operations even amid evolving cyber threats.
  • Prepare for effective responses to cybersecurity incidents.
  • Continuously improve security measures to adapt to emerging challenges.

Who Needs to Comply with Part-IS?

The regulation applies to several organizations, including:

  • Part-145 Maintenance Organizations (excluding certain smaller entities).
  • Continuing Airworthiness Management Organizations (CAMOs).
  • Approved Training Organizations (ATOs) and Air Navigation Service Providers (ANSPs), among others.

Organizations that consider Part-IS is not applocable/outside its scope can request derogations under specific provisions. If you consider Part-IS is deemed inapplicable, HACE can assist organizations in obtaining a derogation from the competent authority.

Why Part-IS Matters for Maintenance and Airworthiness

Cyber threats in the maintenance domain can severely impact safety and operations. Examples include ransomware attacks on maintenance records, phishing schemes targeting staff, and exploitation of IT vulnerabilities in aircraft systems. Addressing these risks through a structured ISMS not only ensures compliance but also fortifies operational resilience.

How to Implement ISMS in Maintenance Organizations

To comply with Part-IS, organizations can adopt a phased approach:

  1. Assessment and Planning:
    • Review regulatory requirements, particularly IS.I.OR.200 and IS.I.OR.205.
    • Conduct a gap analysis against current practices and define roles and responsibilities.
  2. Design and Development:
    • Establish robust risk management frameworks.
    • Develop policies for incident detection, response, and recovery.
    • Train staff on cybersecurity best practices tailored to their roles.
  3. Execution:
    • Implement ISMS governance structures.
    • Operationalize risk assessments and response procedures.
    • Integrate ISMS into daily operations and align with SMS.

The Way Forward towards compliance with Part-IS and implementing ISMS

The deadline for compliance with Part-IS and implemening ISMS is set to be 22nd of February 2026. By embracing Part-IS, organizations in the maintenance and continuing airworthiness domain can elevate their cybersecurity posture while aligning with regulatory expectations. For those unsure about its applicability, expert guidance from our experts at HACE provide a pathway to secure derogations or tailored compliance solutions.

Cybersecurity is not just a technical necessity—it’s an operational imperative. Implementing ISMS under Part-IS ensures that your maintenance and airworthiness operations remain secure, compliant, and resilient against evolving threats. Please contact us (info@hace.aero) if you are interested in our support in succesfully introducing Part-IS in your companies Part-145A.200 Management System.

 

Some of our clients

 
 

Quick Scan

Do you want to beat the competition, but are you unsure how to get there? And you often experience a gap between your your desired and actual performance? Are you eager to know which improvements would yield actual results? That is where HACE comes in! Let our experts get to work to get the answers you have been looking for, with a Quick Scan. Within a day, with our innovative and data-driven methods, we will determine which elements of your organisation to tackle to get those desired results! Read more about the Quick Scan

Open chat
Powered by Joinchat
Hello, how may we help you? Send us a message (in English or Dutch) and initiate a chat with us. Click on the "Open chat" button to start the conversation.