It Depends Aero GmbH

Product Information Security (Cyber Security) is focussed on the individual project development and addressed by regulation such as AMC 20-42 from EASA.

Information Security (IS) addresses information security, including non-IT based security, at the organizational level. And is mandated by regulation such as EU regulation 2022/1645 (for design and production organizations and others) or 2023/203 (for maintenance organizations and others). The requirements defined in these regulations are commonly referred to as Part-IS.

The scope is on the organization itself and the handling of information security, supporting guidance is given by several accepted industry standards:

ED-201A/DO-391 for organizational aspects of the stakeholders involved (authorities, design organizations, suppliers),
Standards also referenced in Product Cyber Security (ED-202B, ED-203A, ED-204A, ED-206) for risk assessments, continued airworthiness aspects and event reporting.

Setting up the required Information Security Management Systems (ISMS) for your organisation can be a daunting task. Especially with Information Security, tailored solutions, that consider your company’s size, setup and history, are important. Otherwise, either inadequate means are implemented, or overburdened solutions are selected, which add a lot of unnecessary effort. IDA can support you with expertise in this endeavour, addressing the various aspects of Part-IS.

Process Support, Plan Creation, and Training

Defining the ISMS as part of your Design Organization (DO) Handbook (DOH) is one task, where we can support you.

However, apart from the DOH, which is limited to show compliance to Part-IS, one also needs to define company Policies, Guidelines and Instructions to support the implementation of Part-IS in your organization. IDA can support you by defining these tailored to your organizational situation and parameters.

Awareness and training for IS topics are an integral component of the Part-IS approach. IDA can provide trainings, tailored to your setup, that addresses the topic at the right level.

Consulting and Checking

IS Consulting Support

If you already have an IS setup and you only need “a second opinion” or need to address specific issues within the system, IDA can support you with our expertise as an independent party.

Review Support

If you need an independent review of policies, guidelines, instructions or the DOH for the Part-IS compliance aspect, IDA can support you to provide an independent review

Auditing Support

The ISMS also requires a regular audit of the organization to assess operational compliance with the defined activities and procedures. IDA can support you in performing this audit as an independent auditor.

IS Manager

Like the Safety Management System, the ISMS often defines the role of an Information Security Manager, which oversees the proper execution of the ISMS. As this specialized role is often difficult to fill for smaller organizations, IDA can support you by providing an experienced person that can execute this role for your organization.

Engineering, Development Support

IDA can support you with the ISMS activities of

Risk Assessment: assess the IS environment and the potential IS risks with a safety impact. Both for the initial assessment and for any re-assessment after changes to the infrastructure or other updates, IDA can support with both Security and Safety expertise.
Assessment of IS events for safety impact. IDA can support you with both IS experienced and Safety experienced personnel to perform such an assessment when needed.