IS.D.OR.210 Information security risk treatment

Navigate / EASA

Ask question Discover more Add to collection

Regulation (EU) 2022/1645

(a) The organisation shall develop measures to address unacceptable risks identified in accordance with point IS.D.OR.205, implement them in a timely manner and check their continued effectiveness. Those measures shall enable the organisation to:

(1) control the circumstances that contribute to the effective occurrence of the threat scenario;

(2) reduce the consequences on aviation safety associated with the materialisation of the threat scenario;

(3) avoid the risks.

Those measures shall not introduce any new potential unacceptable risks to aviation safety.

(b) The person referred to in point IS.D.OR.240(a) and (b) and other affected personnel of the organisation shall be informed of the outcome of the risk assessment carried out in accordance with point IS.D.OR.205, the corresponding threat scenarios and the measures to be implemented.

The organisation shall also inform organisations with which it has an interface in accordance with point IS.D.OR.205(b) of any risk shared between both organisations.

Details

Source-Title: IS.D.OR.210 Information security risk treatment

Erulesid: ERULES-1963177438-19911 Compare versions

Domain: Information Security (IS)

Applicabilitydate: 16 October 2025

Entryintoforcedate: 16 October 2022

Regulatorysource: Regulation (EU) 2022/1645 Navigate

Regulatorysubject: Part-IS.D.OR

Typeofcontent: DR (Delegated rule)

Origin: EASA

Category: EAR

Details

Related sections: