Part-IS Evidence Is Moving Beyond Templates and One-Off Assessments
According to the latest EASA Easy Access Rules:
Our reading is that this latest release further reinforces a shift away from templates, static documents, and one-off assessments, and toward demonstrating how information security risk is managed in live operational environments.
In particular, the guidance places increasing emphasis on:
- Ongoing understanding of risk, rather than point-in-time assessments
- Evidence based on how systems, assets, and interfaces actually operate
- Demonstrable oversight, not just documentation.
This raises a practical challenge for many organisations:
If Part-IS oversight began today, how much of your evidence would reflect real operational conditions versus assumption?
Aero Compliance Solutions has developed AeroScan to address this gap.
AeroScan analyses live operational environments and produces Part-IS–aligned evidence, including vulnerability findings, clear risk scores across key Part-IS areas, regulator-ready documentation, and prioritised action lists based on real operational data.
These topics (and real, anonymised AeroScan outputs) will be explored in an upcoming Part-IS workshop, on Jan 29th including:
- The implications of the latest EASA guidance
- Why template-led approaches often fall short in practice
- What operational, authority-ready Part-IS evidence looks like
If this is relevant to your Part-IS responsibilities, you can find further details and register for the workshop here:
Contact Aero Compliance Solutions to discuss your business requirements.
