Split Airport (SPU/LDSP)

Split Airport (SPU/LDSP) is the second busiest airport in Croatia. Located approximately 24 kilometers west of Split's city center, it serves as the primary international gateway to the central Dalmatian coast.
The airport experienced a record-breaking year in 2024, handling approximately 3.6 million passengers and connecting the region to over 100 destinations, primarily on a seasonal basis. It is a key seasonal hub for major carriers including easyJet, KLM, Croatia Airlines, Ryanair, and Eurowings, accommodating the high demand for tourism.
To manage this significant passenger volume, the modern terminal, expanded by 35,000 square meters, boosted the airport's annual capacity to five million passengers and features an advanced automated baggage sorting system.

GALIOT ISMS - Information Security Management System

The introduction of the mandatory EASA Part-IS framework represents a significant shift for the aviation industry, requiring organizations to manage information security risks with the same rigor as aviation safety.
Recognizing that safety and security are deeply interconnected, GALIOT Aero has developed GALIOT ISMS to be fully integrated with its trusted GALIOT SMS - Safety Management System, creating a single, unified platform for holistic risk management.
Our clients have been clear: the EASA Part-IS mandate is a top priority, but they are concerned about managing another siloed system. Therefore, we didn't just build a new tool; we built a truly integrated solution. By linking safety and security at the core level, we empower our partners to break down departmental barriers, achieve a comprehensive view of their risk landscape, and ensure compliance with confidence."

A Unified Approach to Safety and Security!

GALIOT ISMS eliminates redundant processes and data fragmentation. By integrating directly with the existing safety management framework, it provides unprecedented benefits:

Unified Reporting Stream:
Seamlessly manage both safety and security reports in one ecosystem.
The system allows for the intelligent forwarding or redirecting of reports between safety and security departments, ensuring every issue is handled by the right team without delay.

Holistic Risk Management:
For the first time, organizations can share threats and consequences between Safety and Security Bow-Tie risk assessments. This provides a 360-degree view of operational risks, recognizing that a security threat can have direct safety implications and vice versa.
The risk assessment methodology is based on the proven U.S. National Institute of Standards and Technology (NIST 800-30) framework.

Built for Compliance:
GALIOT ISMS is engineered to meet multiple international standards out-of-the-box, including EASA Part-IS, ISO/IEC 27001:2022 standards, ensuring your organization is prepared for any audit.

Seamless Integration, Secure Separation:
While the user management and database are fully integrated, the system maintains strict access control.
Separate permissions for safety and security personnel ensure that sensitive data is only visible to authorized users, guaranteeing confidentiality and integrity.

EASA Part-IS: Information Security Regulations

EASA Part-IS is the new European Union Aviation Safety Agency (EASA) regulation for the management of information security risks with a potential impact on aviation safety.
It applies to a wide range of aviation entities, including aircraft operators, maintenance organisation, CAMO organisation, aerodrome operators, design and production organizations, and competent authorities to protect civil aviation from security threats by requiring organizations to implement an Information Security Management System (ISMS).

Scope: Part-IS extends existing safety regulations to cover all digital systems, from traditional IT to operational technologies crucial for aviation safety.
Objective: The primary goal is to establish a structured approach for identifying and managing information security risks, with a focus on detecting, responding to, and recovering from information security incidents.
Requirements: Organizations must establish, implement, and maintain an ISMS to protect the confidentiality, integrity, and availability of their systems and data.
Timeline: Compliance deadline for aerodrome operators and production organisation is October 2025, and for all other organisations, including aircraft operators is February 2026.