Cybersecurity ISMS Training for EASA Part 145

SOL PRs Image Templates. revisedHere we consider which course is right for your needs. Sofema Online – Part 145 Cybersecurity: Essentials (1 Day) or Foundation (Half‑Day).

Why this discussion? - To give a clear, detailed, evidence‑based distinction so you can position, package, and roll out both courses inside a Part‑145 organisation.

Quick Decision Guide

  • • Want a common baseline for everyone before you start the gap analysis and planning?
    Choose Foundation.
  • • Need behaviour change on the hangar floor and immediate risk reduction?
    Choose Essentials.
  • • Briefing for Accountable Manager / Nominated Persons / Compliance / IT-OT before an internal review?  Run Foundation first, then deploy Essentials to operational and supervisory staff.

Role and Intent

  • • Essentials is designed to achieve behaviour change and immediate risk reduction among operational and supervisory staff while reinforcing managers’ understanding of how to engage with controls (reporting, risk checks, supplier/parts/data integrity, media/device hygiene).
  • • Foundation is designed to establish a common baseline for frontline & associated staff, coordinators and technical leads so they can engage with Part‑IS/EU 2023/203

At-a-Glance Snapshot Essentials - 1 Day (online)

  • • Purpose: Practical, do‑now orientation to meet Regulation (EU) 2023/203 obligations in a Part‑145 context and drive safe behaviours on the hangar floor.
  • • Audience: AM & Nominated Post Holders; Safety/Compliance/Quality; IT/OT/Cyber leads; MRO engineers & managers; Procurement/Supply Chain/Vendor Mgmt; Regulatory compliance officers & auditors.
  • • Assessment: 15 MCQs, 70% to pass. Certificate issued.
  • • Indicative topics: Regulatory drivers & mandated requirements; Part‑145 duties under IS.I.OR.240; cyber exposure risks in aircraft maintenance; internal/external reporting criteria; structured risk assessment; implementing an ISMS in a Part‑145 organisation.

At-a-Glance Snapshot Foundation - Half-Day (online)

  • • Purpose: Baseline orientation to the regulatory context and minimum structure of an ISMS for Part‑145; sets shared language before gap analysis and planning.
  • • Audience: Maintenance professionals, cybersecurity specialists, compliance officers, and risk managers in Part‑145.
  • • Assessment: 10 MCQs70% to pass. Certificate issued.
  • • Indicative topics: EASA cybersecurity mandates (incl. NIS2 2022/2555 reference); Part‑145 duties under IS.I.OR.240; regulatory drivers; cyber‑risk awareness in maintenance; information security overview for Part‑145.

Guest Access Without Cost - Note the Sofemaonline.com offer to Training Co-Ordinators, Managers and Assessors – To check out the SOL online training as a Guest without cost to assess suitability for your workforce.

Email team@sassofia.com and request guest access now.

Where Each Course Fits in the Compliance Journey

  1. Foundation → create shared understanding of obligations, roles, and 2026 timeline; agree ownership for ISMS/ISMM and risk register.
  2. Essentials → reach all shifts and functions quickly to reduce exposure (safe behaviours, task‑level checks, escalation/reporting clarity).

Assessment & Evidencing

  • • Essentials: 15‑question MCQ at 70% → Use the certificate as a training record for operational personnel.
  • • Foundation: 10‑question MCQ at 70% → Use the certificate as evidence of management/coordination awareness.
    • >> Limited time (half‑day), but need regulatory context for a cross‑functional audience? Foundation.
    • >> Briefing for AM/Nominated Persons/Compliance/IT/OT before a gap analysis? Use Foundation first.

Important Note Regarding the Course Content & Purpose

  • • These courses do not replace an ISMS implementation, a risk register build-out, a supplier assurance programme, or a technical hardening plan. Use SOL implementation courses to cover these in more depth.