The European Aviation Safety Agency (EASA) accredited us as an auditor for Part-IS (Information Security). This accreditation authorizes us to conduct audits in accordance with the information security requirements of the EU regulation.
What Is Part-IS?
Part-IS is a binding EU regulation, based on the "Delegated Regulation (EU) 2022/1645" and the "Implementing Regulation (EU) 2023/203". It addresses information security risks that could compromise aviation safety. The requirements apply to a wide range of aviation organizations, including airports, airlines, maintenance organizations, air traffic control organizations, and training organizations. These organizations are required to establish an information security management system (ISMS) that systematically identifies, assesses, and reduces risks. The EASA and national aviation authorities are responsible for oversight of implementation.
Details on the requirements and affected organizations can be found in our article: Part-IS: The 7 most important questions
Regular Part-IS Audits Are Mandatory for Aviation Organizations
Affected organizations such as airlines, airports, CAMOs (Continuing Airworthiness Management Organizations), and maintenance companies must regularly review the effectiveness of their ISMS. This is mandatory in an annual internal audit and is also reviewed as part of external audits conducted by the competent supervisory authority. For the latter, the supervisory authority selects accredited auditors who act on its behalf.
"This accreditation is a strong sign of EASA's trust in our professional competence. For us, this step was obvious and logical, as it combines our many years of experience in conducting complex audits with our deep understanding of the specific requirements of the aviation industry. I am glad that we can continue to make an important contribution to strengthening security throughout the industry.“
Christopher Kristes, Member of the Executive Board, usd Security Audits & PCI
usd as Your Part-IS Partner
Whether you are preparing for an external audit, reviewing your internal processes, or want to set up an ISMS: we are your reliable partner in all scenarios relating to Part-IS and information security.
- External audits on behalf of EASA
EASA may assign us as auditors to conduct external audits of aviation companies for compliance with the information security requirements according to Part‑IS. - Internal audits for compliance monitoring and audit preparation
In our role as internal auditors, we provide targeted support for the annual compliance monitoring required (Compliance Monitoring Manager). We review your ISMS and the associated processes to ensure that your company meets the applicable regulatory requirements and achieves the best possible level of security. - Consulting and support for Part-IS compliance
In their role as advisors, our security consultants support you on your path to Part-IS compliance – from analyzing your existing processes to developing an ISMS and preparing for audits.
Important: The EU regulation requires a strict separation of consulting and auditing functions. This ensures neutrality and the highest security standards. The clear distinction between our Security Audits and Security Consulting business areas is part of our everyday practice, ensuring that we always adhere to this principle.
Would you like to learn more about information security according to Part-IS or do you have questions about audits and compliance? We will be happy to talk to you. Contact us here.
