Cybersecurity requirements affect the whole aviation industry
from operators and ground operations to national aviation authorities (NAA), aeronautical telecommunication networks (ATN) and air navigation services (ANS), and other organisations working in maintenance, training, design and production. Changes to these requirements can represent significant cost drivers if they are not handled correctly.
SecureIT, along with Aptoz our DOA partner, provides full spectrum cybersecurity services in aviation. We will perform a gap analysis and security assessment for you to determine your immediate needs, consult on implementation and then help you develop best practices and adopt cybersecurity industry standards and methods. We also conduct technical verifications on cybersecurity posture of environments, setups and products.
- Collaboration with DOA (Aptoz EASA.21J.679) privileged for Supplemental Type Certificates, Major and Minor changes
- Consultation on implementing security best practices and meeting cybersecurity requirements
- Airworthiness information security risk assessment (AISRA)
- Product information security risk assessment (PISRA)
- Equipment, systems and network information security protection
- Information Security Management Manual (ISMM)
- Guidance and training material
- Establish and implement a compliant Security Framework
- Technical verifications using multiple types of pentests
- Qualified Entity on behalf of National Aviation Authorities
The upcoming changes in cybersecurity requirements will require organisations to inform and train their staff on cybersecurity risks. These risks must be properly managed, incidents tracked, analysed and responded to just like any other aviation occurrences. Organisations must show that they have the necessary trained manpower to handle cybersecurity such as Cybersecurity Officers. Procedures and handbooks must be updated to meet cybersecurity requirements.
Aptoz and SecureIT can affordably provide consultation, verifications, training and certification services to all organisations.
Cybersecurity Compliance Verification Engineers (CVE)
Our Strategic Partner
partner feedback
Range of Services
- Upcoming changes in Part-21 and EASA Basic Regulation adding cybersecurity requirements
- Performing gap analysis and security assessments of where organisation is and where it needs to be
- Setting up of cybersecurity procedures and information security management manual (ISMM)
- Airworthiness information security risk assessment (AISRA)
- Product information security risk assessment (PISRA)
- Temporary or full time postholders as Cybersecurity Officers in Part-21, Part-145, Part-M, Part-147, Part-OPS, ANS/ATM etc.
- Procedures for classification of changes in accordance with Part-21.A.91 for changes related to cybersecurity
- Coaching in best practices and cybersecurity industry standards and method
- Pentesting of equipment, systems, networks and product
- Segmentation pentests for networks
- Network segmentation testing
- Firewalls testing
- Configuration tests
- Wireless testing
- Technical security design and architecture reviews
- Communication systems e.g. VHF, UHF, CWLU, TWLU, Radio and WiFi
Our aviation cybersecurity training and assistance services include:
- Self-service training portal that tracks staff initial and recurring training in cybersecurity meeting EASA AMC20-42 requirements
- General Information security awareness training
- Writing of handbooks and procedures
- Onsite training in cybersecurity in aviation for design engineers, compliance verification engineers or cybersecurity officers and other aviation staff
- Certification of installations that that cross domains such as passenger information entertainment services domain (PIESD) to aircraft control domain (ACD) or aircraft information domain (AID)
- Fully privileged EASA DOA services qualified to offer minor changes up to Supplemental Type Certifications (STC) related to Cybersecurity
- Qualified Compliance Verification Engineers (CVE) in CS-23.1319, CS-25.1319, CS-27.1319, CS-E.1319, CS-ETSO and Part-21 Cybersecurity requirements
- Product information security risk assessment (PISRA)
Cybersecurity officers
New requirements in cybersecurity will require you to inform and train your staff on cybersecurity risks and these risks will need to be tracked, analysed, and responded to, just like any other aviation occurrence. You will need to show that you have the necessary trained manpower to handle cybersecurity. Your procedures and handbooks will need to be written to meet cybersecurity requirements
Qualified Entity
As Compliance Verification Engineers in Cybersecurity and multiple other qualifications for knowledge and experience in the field, we can act as a Qualified Entity on behalf of National Aviation Authorities (NAA)
Trusted by
