EASA-IS (Information Security) White Collar

This Information Security Training Program provides aviation professionals with a comprehensive, regulatory-aligned understanding of how information security underpins safety, compliance, and operational continuity. Designed for white-collar personnel working in maintenance, operations, engineering, and administrative functions, the course explains the principles of secure information handling in a clear and practical way. Learners begin by exploring the foundations of aviation information security, including the CIA triad, human factors, and the direct connection between secure data and airworthiness.

The program then examines the wide range of digital, physical, and human-factor threats that commonly affect aviation environments. Through interactive activities and real-world examples, participants learn to recognize phishing, malware, ransomware, social engineering, and data-integrity risks that can compromise both safety and business operations. Additional modules provide step-by-step guidance on protecting work devices, managing software and firmware correctly, applying authentication best practices, and safeguarding confidential and operational information under GDPR and company policy.

Moving beyond frontline awareness, the course includes several management-specific modules that address the responsibilities of supervisors, team leaders, and technical managers. This includes regulatory duties under Part-IS.A.25 and 145.A.355, oversight of staff training and performance, supplier-related information-security requirements, and effective documentation and record-keeping practices. Managers also learn how to prepare their departments for audits, authority oversight, and internal compliance monitoring.

The training further develops leadership capabilities by teaching participants how to conduct basic information-security risk assessments aligned with SMS processes. This includes identifying vulnerabilities in maintenance activities, supply-chain operations, and IT systems; evaluating existing controls; and supporting the continuous improvement of departmental risk registers. Additional modules focus on incident response, business-continuity responsibilities, and the managerial role during cyber events, including containment, coordination, evidence preservation, post-incident reviews, and communication with internal and external stakeholders.

Finally, the course emphasizes the importance of leadership in shaping an effective security culture. Participants learn how to model secure behaviors, reinforce expectations through daily oversight, support open reporting, and apply Just Culture principles across their teams. Two downloadable case studies provide practical insight into major aviation cyber incidents, offering real-world context that strengthens understanding. Upon completing all modules and passing the required assessments, learners receive a certificate demonstrating compliance with EASA and organizational information-security expectations.