EASA Qualified Entity Accreditation for Part-IS Audits Awarded to Cyber Audit Company
We are proud to announce that Cyber Audit Company is the first organization accredited by EASA to perform Part-IS information security audits in aviation. This landmark achievement underscores not only our leadership in the field but also the exceptional depth of expertise within our team.
Our professionals include Aviation cybersecurity pioneers Hugo Teso and Benjamin Nagel, Finland’s highly respected IT and cybersecurity authority Heikki Paananen, and seasoned information security executive Jarkko Rautula, supported by a broader team of experts with deep experience in compliance, risk, and cybersecurity.
Together, we conduct Part-IS audits with care and expertise, meeting the aviation industry’s strict standards and setting a new standard for information security and safety.
What are EASA and Part-IS?
The European Union Aviation Safety Agency (EASA) is the EU’s aviation safety authority, headquartered in Cologne with representation in Brussels. Its mission is to safeguard aviation safety across Europe—which now explicitly includes strengthening cybersecurity.
Part-IS (Information Security) is EASA’s regulatory framework addressing the rise of cyber threats in aviation. It requires most approved organisations to implement an Information Security Management System (ISMS) framework and integrate it with the existing Safety Management System (SMS). The goal is to identify information security risks that potentially could impact aviation safety. The framework includes elements of event detection, as well as responding and recovering from incidents.
Who must comply with Part-IS?
Part-IS applies broadly across the aviation sector: obligations extend to airlines and helicopter operators, airport operators, aviation maintenance and overhaul organisations, and aviation training organisations. The regulation does not apply only to IT—it covers the whole organisation and its safety-critical processes. There are exceptions and scope limitations. For example, smaller operators with a limited risk profile may, in certain circumstances, be subject to proportionate (lighter) requirements or exemptions based on a risk-based assessment by the competent authority. Practical examples include local operators flying light single-engine aircraft, and organisations providing only theoretical training without practical flight operations.
We at Cyber Audit Company are ready to support your organisation
Our accreditation means we are officially recognised to perform Part-IS audits, and our capabilities go well beyond. We can help if your organisation needs:
- ISO 27001 certification (robust information security management),
- NIS2 compliance (meeting EU network and information security directive requirements), or
- SOC 2 attestation (demonstrating trust and transparency to customers and partners).
Our team combines extensive experience in cybersecurity and risk management. We help clients achieve compliance while strengthening overall cybersecurity. We don’t deliver checklists—we deliver comprehensive, practical solutions. Get in touch today, and let’s design the right approach for you.
