This training delivers a comprehensive and practical understanding of how to apply Bowtie Risk Assessment to meet IS.I.OR.205 requirements, in particular where cyber-related top events may trigger significant aviation safety consequences. Delegates will learn how to build, validate, and apply Interacting Bowties to support the required “handshake” between the Safety Manager and Information Security Manager - the core mechanism demanded by the revised AMC & GM supporting Part IS.

The course addresses the dual-methodology approach now mandated under EASA Part IS, where Bowtie analysis becomes compulsory for risks capable of affecting aviation safety. Delegates will be equipped to translate threat intelligence, system architecture, and operational realities into barrier-based visual models capable of meeting auditor expectations for barrier effectiveness, independence, and traceability.

This course is intended for personnel required to demonstrate aligned understanding of Information Security and Aviation Safety interactions under the EASA framework, including:

• Information Security Managers (ISM) and Cybersecurity Specialists
• Safety Managers, SMS Coordinators and Safety Investigators
• Compliance Monitoring Auditors and Quality Professionals
• CAMO, Part-145, Ground Handling and Flight Operations leadership
• Digital systems owners and data custodians responsible for critical operational data
• Accountable Managers seeking assurance of regulatory conformity

By completing this course, participants will:

• Gain a structured competency in Bowtie methodology applied to Information Security
• Understand how to construct Interacting Bowties to satisfy IS.I.OR.205 risk analysis expectations
• Learn to identify Hazard / Top Event / Consequence distinctions to prevent misclassification during audits
• Develop the capability to evaluate barrier performance, not just presence, including escalation factors
• Recognise when Bowtie analysis is mandatory versus when standard risk matrices remain sufficient
• Build the skillset needed to support quantitative comparison between “Achieved Security Likelihood” and “Safety Target Likelihood” required under the new Part-IS model
• Increase organisational readiness for oversight by demonstrating measurable integration of cyber-risk into SMS processes

1. Why Bowties? The Strategic Value
2. Bowtie Definitions and Nomenclature
3. Risk Management Principles
4. History and Current Use
5. The Principles of the Bowtie Methodology
6. Bowtie Concepts used for Hazard Identification
7. Bow Tie Construction Step by Step
8. Barrier-Based Theory
9. Case Studies using Company Data
10. Summary
11. Exercises

Upon completion of this course, participants will be able to:

• Construct defensible Bowtie diagrams aligned with EASA ED Decisions 2025/013/R–015/R expectations
• Apply the dual-methodology requirement to correctly select when Bowtie analysis is obligatory
• Perform the interacting risk-assessment process (“the translation handshake”) between security and safety
• Identify and define barriers, escalation factors, and barrier effectiveness ratings to support auditability
• Integrate Bowtie outputs into SMS, ISMS and Compliance Monitoring activities
• Support decision-makers in closing risk gaps where Achieved Likelihood > Target Likelihood, as required under Part IS

Course type: Presentation without voice over
Duration equivalent to half-day classroom training
Category: Core Competency Accelerator
Price: 69.00 EUR

•      For Individuals: SOL Plus
This program is designed for individual clients aiming to save significantly while accessing free courses throughout their online training journey.

•       For Corporate Clients: Privileged Training Program (PTP)
Empower your team with consistent training discounts and special features like Enrol Now - Pay Later and Prepay Bonus Plan.

For multiple courses/users discount please contact us at team@sassofia.com