Drone Operators Must Become ISO 27001 Certified to Access Crucial FAA Data

The FAA is now requiring that drone operators adhere to ISO 27001 to access crucial flight data.  The ISO 27001 certification will allow drone operators and civilian aircrafts to share airspace, provide flight data, and prove the effectiveness of their information security operations to the FAA.

Drones and unmanned aircraft systems (UAS) are rising in popularity — and changing the face of delivery logistics for e-commerce companies around the globe.

But as drones become a common sight in our skies, regulating drone flights to ensure they don’t interfere with other civilian aviation operations has become a priority. This requires a level of information sharing between the government and private industries, and stringent oversight. To manage these efforts, the Federal Aviation Administration (FAA) created the UAS Data Exchange.

Through the UAS Data Exchange, approved UAS Service providers (i.e. drone delivery companies) have access to a network called the Low Altitude Authorization and Notification Capability (LAANC). Information shared via the LAANC serves a few distinct purposes:

  • Provide drone pilots with access to controlled airspace at or below 400 feet.
  • Spread awareness about where pilots can and cannot fly.
  • Give Air Traffic Professionals visibility into where and when drones are operating.

Drone Companies Now Need ISO 27001 Certification

In order to be granted access to the UAS Data Exchange and LAANC — and review airspace information and flight data shared over the network — drone companies must demonstrate a certain level of maturity in their cybersecurity efforts. The FAA states that these companies must be able to secure systems and components that interact with the LAANC (Low Altitude Authorization and Notification Capability) AP (Automation Platform) API (Application Programming Interface) by adhering to the Federal Information Processing Standard (FIPS) 199 Moderate Impact Level, or by securing an equivalent or higher security level — such as the ISO 27000 certification.

What is ISO 27001?

ISO/IEC 27001:2013 is a certification for maintaining a solid Information Security Management System (ISMS) within your organization. Like many of the other ISO management system standards, ISO 27001 certification is beneficial but not required.  Becoming certified demonstrates conformity of your Information Security Management System (ISMS) with the documented standard and provides your customers with assurance regarding the security of your system.

The good news for drone companies?  A-LIGN can help.

How A-LIGN Can Help

With A-LIGN, the ISO 27001 certification is within reach. Our experts can provide a gap assessment to help your organization prepare for an audit, A-LIGN requires follow-up surveillance audits to ensure your organization remains in good standing to maintain ISO certification.

With the ISO 27001 certification, drone companies can supply the FAA with assurances regarding the security of internal systems and gain access to the LAANC data necessary to operate effectively and lawfully within the US.

Ready to partner with A-LIGN for ISO 27001? Contact our team of ISO experts today.