Crisis Management Days

EASA part-IS implementing regulation in base maintenance organisations (EASA part 145 certified) - Challenges in protecting data integrity and aircraft digital infrastructure

Roman Babić

Kristijana Malić

Anita Domitrović

Keywords: EASA Part-IS, EASA Part-145, base maintenance, data integrity, software loading, aviation cybersecurity, ISMS integration

---

Abstract

With the introduction of the EASA Part-IS Implementing Regulation, the European aviation sector is moving towards mandatory management of information security risks that directly impact flight safety.

For Base Maintenance Organisations (EASA Part-145 certified), this regulatory shift represents a significant challenge due to the increasing reliance on digital tools, wireless diagnostics and connected Maintenance Management Systems (MIS).

This paper explores the specific requirements of Part-IS applied to base maintenance processes, with a focus on the identification of critical information assets within the hangar environment.

Special attention is paid to the risks arising from software loading, the use of networked smart tools and the integrity of digital maintenance records, applying Risk Assessment approach. Paper analyses methodologies for establishing an Information Security Management System (ISMS) that should be integrated into the organisation’s existing Safety Management System as natural extension (SMS already existing through Part-145 Implementing Regulation certification).

The paper also examines vulnerabilities in the supply chain and interaction with external IT service providers. In conclusion, the paper offers a practical framework for compliance with Part-IS requirements, highlighting the importance of continuous personnel training and cyber resilience in maintaining aircraft airworthiness.

---

References

EASA Part-IS Implementing Regulation

ISMS Manual