Case study: Introduction of an ISMS at an airline
Case study: Introduction of an ISMS at an airline
A renowned airline was faced with the challenge of introducing an information security management system (ISMS) that met both the Group’s specifications and the legal requirements of the European Union for the aviation industry (Part-IS). As the company did not previously have its own ISMS, an ISMS implementation was required that built the system from scratch, taking into account both internal and external requirements and Group specifications.
A fundamental task was to analyze and document the existing processes. Secondary assets then had to be assigned to these processes in order to obtain a complete overview of the information assets to be protected.
It was necessary to develop a special risk management methodology that would make it possible to identify information security risks that could have a potential impact on flight safety. Detailed risk assessments had to be carried out and documented for critical applications.
Another important aspect was the review of supplier relationships with regard to their relevance for aviation security. Contracts with relevant suppliers had to be analyzed and adjusted where necessary to ensure compliance with the Part-IS requirements.
The Group’s existing ISMS was to be taken over and converted into an independent ISMS that could be certified in accordance with ISO 27001. This required the creation of new guidelines and directives as well as preparation for successful certification.
To ensure the effectiveness of the new ISMS, a comprehensive training concept had to be developed and implemented. A particular focus was placed on training the airline’s management level.
To cope with these complex tasks, an experienced team of experts from handz.on from handz.on was brought in to support the airline in the following areas:
Although the project has not yet been fully completed, significant progress has already been made. The majority of the planned measures have been successfully implemented, including the process analysis, the development of the risk management methodology and the training courses.
The remaining tasks include the finalization of the guidelines and the final preparation for ISMS certification. Once these steps have been successfully completed, the airline will have a robust ISMS that complies with Group guidelines and legal requirements and takes equal account of information security and flight safety.
This case study demonstrates the comprehensive expertise of handz.on in the implementation of complex ISMS solutions in the aviation industry, taking into account specific regulatory requirements and industry-specific security aspects.
Unsere Kooperationen
