Powers and recital
Source document: Easy Access Rules for Information Security_download
Powers and recital
Summary
The regulation emphasizes the need for various aviation organizations to implement management systems for safety risk management, including information security threats. As interconnected information systems in civil aviation face increasing risks, specific requirements for managing these security risks are necessary to ensure aviation safety, beyond existing international standards.
Related Questions
The document highlights that information security risks are increasing due to the interconnectedness of current information systems in civil aviation, making them more vulnerable to malicious actors. It stresses the need for management systems to account for these risks, which can affect not only cyberspace but also processes, procedures, and human performance.
* Aviation.Bot's Suggestion - Always consult the original regulation for confirmation
The document mentions that a significant number of organizations already use international standards such as ISO 27001 to address the security of digital information and data. However, it notes that these standards may not fully address all specificities of civil aviation, indicating a need for tailored requirements for managing information security risks that could impact aviation safety.
* Aviation.Bot's Suggestion - Always consult the original regulation for confirmation
The document mentions that safety risks may derive from various sources, including design and maintenance flaws, human performance aspects, environmental threats, and information security threats. It emphasizes that management systems should consider both random events and risks stemming from malicious exploitation of existing flaws.
* Aviation.Bot's Suggestion - Always consult the original regulation for confirmation
The primary focus of Regulation (EU) 2023/203 is to establish requirements for the management of safety risks in the civil aviation sector, particularly in relation to information security risks that may impact aviation safety.
* Aviation.Bot's Suggestion - Always consult the original regulation for confirmation
According to Regulation (EU) 2018/1139, continuing airworthiness management organizations, maintenance organizations, pilot training organizations, cabin crew training organizations, aero-medical centers for aircrew, operators of flight simulation training devices, air operators, air traffic management and air navigation service providers, U-space service providers, and training organizations for air traffic controllers are all required to implement and maintain a management system to manage safety risks.
* Aviation.Bot's Suggestion - Always consult the original regulation for confirmation
EASA Regulation
AI for Aviation Professionals
Aviation.Bot is an AI tool that assists you with EASA aviation compliance.