On Thursday evening, Alaska Airlines announced a major IT outage that forced a temporary ground stop of all flights, including those of its regional carrier Horizon Air. The disruption, which affected booking, check‑in and flight operations, is yet another illustration of how vulnerable airlines are when information‑technology systems fail.

The introduction of EASA Part‑IS will make IT systems more robust to internal and external disruptions by requiring a formal Information Security Management System (ISMS) integrated into organisations’ existing Safety Management System. Read more about the Alaska Airlines outage here:

Understanding EASA Part‑IS and Its Impact on Aviation IT Security

Why This Is a Wake‑Up Call for Aviation Operators

• The incident highlights how a failure in a data centre or key IT system can quickly escalate into a large‑scale operational disruption.
• It proves that even for well‑resourced airlines, system resilience and cyber/IT risk management cannot be left to chance.
• For aviation organisations subject to regulation, the shift towards formalising IT security via Part‑IS reflects the growing regulatory expectation that IT = safety.
• In a world of increasing digital interdependence (booking, dispatch, maintenance, crew planning), a fault in one part can ripple across the entire chain.

What Is EASA Part‑IS?

EASA Part‑IS is a regulation mandating aviation organisations (AOCs, CAMOs, ANSPs, ATOs, maintenance organisations, aerodromes etc.) to establish, implement and maintain an ISMS to manage information‑security risks.

Key deadlines include:
16 October 2025: Airports, design organisations and production organisations must have a fully implemented ISMS.
22 February 2026: AOC holders, CAMOs, ANSPs, ATOs and other aviation organisations must be fully compliant.

Compliance means more than a tick‑box: it involves risk assessments, incident response, supplier and functional‑chain security, training and continuous improvement.

Steps to Achieve EASA Part-IS Compliance for Your Aviation Organisation

How Aero Compliance Solutions (ACS) Helps You Comply with Part‑IS

At ACS, we make Part‑IS compliance manageable and tailored to aviation‑specific contexts. Our approach focuses on integrating your IT/information security framework with your existing safety and operational systems.

Our services include:

• Gap Analysis & Documentation – Assess where you stand against Part‑IS requirements, identify gaps and update your ISMS documentation.
• Risk Management & Incident Response – Define risk matrices relevant to aviation, map your functional chain, and integrate incident‑response mechanisms.
• IT Infrastructure Scanning & Monitoring – Our proprietary ACS AeroScan tool scans IT systems, identifies vulnerabilities and delivers actionable reports.
• Training & Competence – Provide tailored training ensuring personnel understand and apply ISMS requirements.
• Continuous Compliance & Audit Readiness – Support beyond implementation to stay audit‑ready and improve continuously.

Next Steps for Aviation Organisations

• Assess your readiness now: deadlines are approaching fast.
• Engage expert support: work with ACS who understands aviation compliance.
• Align ISMS with safety and operations: don’t treat information security in isolation.
• Build resilience into systems and culture: outages can happen anytime.
• Communicate to stakeholders: show commitment to security and reliability.

If you’d like to discuss how ACS can support your organisation with EASA Part‑IS compliance, contact us today!