Certification
- Home
- Certification
Cyber Security Airport Certification Offerings
We offer a wide range of certification, and standards to suit airports of all sizes.
What is the CAA ASSURE scheme?
The ASSURE program is the Civil Aviation Authority’s (CAA) accredited cyber security audit scheme for the aviation sector.
The ASSURE Cyber Audit is one of six steps that make up the Cyber Security Oversight Process for Aviation. Aviation entities that are in scope will be asked by the CAA to assess their relevant systems against the Cyber Assessment Framework for Aviation (CAF for Aviation). The self-assessment is then audited by an accredited third-party ASSURE Cyber Supplier. The ASSURE scheme sets out a structure for how audits should be conducted. It also utilises commercial suppliers, many of whom are well known to the aviation sector, bringing current knowledge and a wealth of experience to deliver independent validation.
ASSURE applies to:
- UK Airlines
- Airport Operating Businesses
- Air Navigation Service Providers
Why was it developed?
In 2018 the NCSC published the first release of the Cyber Assessment Framework, now commonly referred to as the CAF. The framework was intended for the use of organisations that play a vital role in the day-to-day life of the UK; organisations that formed part of the Critical National Infrastructure (CNI), or subject to certain types of cyber regulation, including the Security of Networks & Information Systems (NIS) regulations.
The best-known regulator to adopt the CAF to strengthen security and gain over-sight, has been the Civil Aviation Authority. The CAA created their ASSURE scheme for the aviation sector by utilising the CAF to carry out cyber resilience assessments. The scheme is designed to allow the aviation industry to manage cybersecurity risks without compromising aviation safety, security, or operational resilience whilst ensuring compliance with applicable regulations.
APEX IN CYBERSECURITY ASSESSMENT PROGRAM
ACI’s flagship Airport Excellence (APEX) program supports airports to optimize operations and elevate aviation standards through collaborative peer assessment. The program consists of onsite reviews led by industry peers and experts, and is based on ICAO standards, international regulations, and ACI best practices globally.
The APEX in Cybersecurity Assessment program is designed to assist airports of all sizes in undertaking a comprehensive evaluation of their cybersecurity landscape. By leveraging international standards and renowned frameworks, the program offers a proactive and rounded perspective on the cyber challenges faced by airports today.
Program Highlights
Standards & Frameworks Alignment
Our structured program harmonizes with established standards and frameworks, including ISO 27001, NIS 2 Directives, NIST, and ICAO guidance, ensuring relevance and depth.
Holistic Assessment
Beginning with a detailed questionnaire, the program delves into all aspects of airport operations, management, and passenger services. It focuses on highlighting existing cybersecurity measures and identifying areas poised for improvement.
Risk Assessment & Vulnerability Identification Review
A comprehensive assessment reveals how airports currently address risks and vulnerabilities, providing insights into methodologies and approaches.
Functional Framework & Policy Review
We evaluate existing security policies and procedures to ensure they are up-to-date, comprehensive, and aligned with industry standards. Identifying gaps, we recommend enhancements to strengthen overall security posture.
In-depth Analysis & Control Evaluation
APEX’s dedicated team undertakes exhaustive assessments, including interviews, document analysis, and a review of past incidents, ensuring a comprehensive understanding of an airport’s cyber ecosystem.
Program Structure
ACI will organize and dispatch the APEX Review Team to member airports seeking assistance. The APEX in Cybersecurity review lasts four days, with the exact duration and team composition varying based on assessment complexity. At the review’s conclusion, a presentation of observations is delivered to airport senior staff, concluding the on-site phase.
Following the on-site review, assessors create a report with short, medium, and long-term improvement recommendations for the Host Airport. This confidential report is delivered within 45 days, providing airports with a clearer picture of their cybersecurity landscape and high-level recommendations for greater alignment with industry standards.
Looking for more INFORMATION
Get in touch with us
Let us know how we can help you! It will only take a minute
Subscribe for the latest discounts and courses news
About Us
Based on its 20 years’ experience of delivering cyber security services to the Transport and Critical National Infrastructure services in the UK and Europe, Oxford Systems has developed a number of services to assist your airport in defending itself against the modern world of cyber and IT attacks, and complying with the increasing regulatory environment.
We understand that each airport is different and will help find ways to handle security that work for you, not against you.