21.A.139A Information security management system

Navigate / EASA

Ask question Discover more Add to collection

Regulation (EU) 2022/1645

In addition to the production management system required by point 21.A.139, the production organisation shall establish, implement and maintain an information security management system in accordance with Commission Delegated Regulation (EU) 2022/1645 [30] in order to ensure the proper management of information security risks which may have an impact on aviation safety.

[applicable from 16 October 2025 – Regulation (EU) 2022/1645]

[30] Commission Delegated Regulation (EU) 2022/1645 of 14 July 2022 laying down rules for the application of Regulation (EU) 2018/1139 of the European Parliament and of the Council, as regards requirements for the management of information security risks with a potential impact on aviation safety for organisations covered by Commission Regulations (EU) No 748/2012 and (EU) No 139/2014 and amending Commission Regulations (EU) No 748/2012 and (EU) No 139/2014 (OJ L 248, 26.9.2022, p. 18).

Details

Source-Title: 21.A.139A Information security management system

Erulesid: ERULES-1963177438-21949 Compare versions

Domain: Initial airworthiness

Applicabilitydate: 16 October, 2025

Entryintoforcedate: 16 October, 2022

Regulatorysource: Regulation (EU) 2022/1645 Navigate

Regulatorysubject: Part-21

Typeofcontent: IR (Implementing rule)

Origin: EASA

Category: EAR