2025 Agenda

Integrated Risk Management (IRM) offers a structured and coordinated approach to identifying, assessing, and mitigating risks across diverse domains—most notably safety and information security in Egis’ recent encounters with global clients in the aviation industry. In the aviation sector, where operations depend heavily on complex, interconnected digital automation systems, the functional separation approach between safety and security is no longer viable, yet it can still be found in many organisations. Threats stemming from cybersecurity incidents can directly impact the safety of operations, while safety mitigations can expose vulnerabilities exploitable by malicious actors in the process of prevention and recovery of risks. Recognising this convergence, the European Union has introduced Implementing Regulation (EU) 2023/203, commonly referred to as Part-IS, which establishes mandatory requirements for the management of information security risks by aviation stakeholders, including Air Navigation Service Providers (ANSPs), airports, air operators, and many others.

Adopting Part-IS or IRM requires organisations to adopt a risk-based approach to information security, integrated with existing established safety management processes. This includes establishing a governance structure for information security, conducting risk assessments that account for both unintentional failures and intentional threats, and implementing controls proportionate to the risks identified. By aligning safety and information security objectives (or many other domains) under a unified IRM framework, organisations can more effectively prioritise actions, allocate resources, and ensure operational resilience. Egis would discuss through examples how this integrated approach not only facilitates compliance with regulatory requirements but also supports a proactive safety and security posture, where cross-domain collaboration, shared situational awareness, and continuous monitoring—such as integration with real-time data interfaces and visualisation in functional dashboards—enable timely responses to evolving risks with coherent efforts across the organisation.