Part-IS Audit: usd Receives Accreditation from the European Aviation Safety Agency (EASA)

10. February 2026

The European Aviation Safety Agency (EASA) accredited us as an auditor for Part-IS (Information Security). This accreditation authorizes us to conduct audits in accordance with the information security requirements of the EU regulation.

What Is Part-IS?

Part-IS is a binding EU regulation, based on the "Delegated Regulation (EU) 2022/1645" and the "Implementing Regulation (EU) 2023/203". It addresses information security risks that could compromise aviation safety. The requirements apply to a wide range of aviation organizations, including airports, airlines, maintenance organizations, air traffic control organizations, and training organizations. These organizations are required to establish an information security management system (ISMS) that systematically identifies, assesses, and reduces risks. The EASA and national aviation authorities are responsible for oversight of implementation.

Details on the requirements and affected organizations can be found in our article: Part-IS: The 7 most important questions

Regular Part-IS Audits Are Mandatory for Aviation Organizations

Affected organizations such as airlines, airports, CAMOs (Continuing Airworthiness Management Organizations), and maintenance companies must regularly review the effectiveness of their ISMS. This is mandatory in an annual internal audit and is also reviewed as part of external audits conducted by the competent supervisory authority. For the latter, the supervisory authority selects accredited auditors who act on its behalf.

"This accreditation is a strong sign of EASA's trust in our professional competence. For us, this step was obvious and logical, as it combines our many years of experience in conducting complex audits with our deep understanding of the specific requirements of the aviation industry. I am glad that we can continue to make an important contribution to strengthening security throughout the industry.“

Christopher Kristes, Member of the Executive Board, usd Security Audits & PCI
E-Ladesäulen usd AG

usd as Your Part-IS Partner

Whether you are preparing for an external audit, reviewing your internal processes, or want to set up an ISMS: we are your reliable partner in all scenarios relating to Part-IS and information security.

  1. External audits on behalf of EASA
    EASA may assign us as auditors to conduct external audits of aviation companies for compliance with the information security requirements according to Part‑IS.
  2. Internal audits for compliance monitoring and audit preparation
    In our role as internal auditors, we provide targeted support for the annual compliance monitoring required (Compliance Monitoring Manager). We review your ISMS and the associated processes to ensure that your company meets the applicable regulatory requirements and achieves the best possible level of security.
  3. Consulting and support for Part-IS compliance
    In their role as advisors, our security consultants support you on your path to Part-IS compliance – from analyzing your existing processes to developing an ISMS and preparing for audits.

Important: The EU regulation requires a strict separation of consulting and auditing functions. This ensures neutrality and the highest security standards. The clear distinction between our Security Audits and Security Consulting business areas is part of our everyday practice, ensuring that we always adhere to this principle.


Would you like to learn more about information security according to Part-IS or do you have questions about audits and compliance? We will be happy to talk to you. Contact us here.

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories