Training Login

Corporate Aviation Security Training for Part 91 Flight Departments

corporate-aviation-security-training-part-91-flight-departments-featured

Corporate Aviation Security Training: What Part 91 Flight Departments Should Cover

Why Part 91 Flight Departments Can’t Afford to Ignore Security Training

Only 35% of Part 91 corporate flight departments have a formal security training program in place — yet 70% of aviation security incidents stem from insider threats that awareness training could prevent. For operations carrying C-suite executives, proprietary information, and multi-million-dollar aircraft, that gap isn’t a policy shortfall. It’s an operational liability.

Structured corporate aviation security training has never been more critical for Part 91 operators. These flight departments operate without a mandated Aviation Security Program under 14 CFR Part 108, but the threat environment — from drone incursions and cyber attacks to insider risks — doesn’t recognize regulatory exemptions. The absence of a mandate is not the absence of a threat.

According to the NBAA’s 2025 survey, roughly two-thirds of Part 91 operators lack a formal voluntary security program. The ICAO 2025 AVSEC Report found that 70% of aviation security incidents involve insider threats — the very category that aviation security awareness training is designed to address. As Doug E. Harris, NBAA Director of Security, emphasized at the 2025 NBAA Convention, Part 91 flight departments must treat security as a core safety function rather than waiting for regulations to catch up.

This article provides the actionable roadmap. Below, you’ll find the core security training topics every Part 91 flight department security program should cover — grounded in NBAA guidelines, ICAO standards, and current threat data.

Understanding the Regulatory Landscape: What Part 91 Requires — and What It Doesn’t

The regulatory reality for Part 91 operators is more nuanced than many assume. Under 14 CFR Part 108, air carriers and commercial operators (Parts 121 and 135) must implement formal Aviation Security Programs. Part 91 private operators are exempt from this requirement. But exemption from Part 108 does not mean exemption from all security obligations.

Part 91 operators remain subject to TSA rules under 49 CFR Part 1540, which govern secure area access, passenger prescreening, and facility credentials. FAA Advisory Circular 107-1B serves as the key voluntary guidance document, recommending that business aviation operators conduct risk assessments and implement security training — even without a formal mandate. Operators who ignore these recommendations still face TSA enforcement exposure for negligent security practices, such as unsecured ramp access or failure to comply with Secure Flight data requirements.

The distinction between Part 91, Part 135, and Part 121 obligations is critical for aviation security compliance training. Part 121 carriers face the most prescriptive requirements: full security programs, TSA-approved training curricula, and regular audits. Part 135 operators must maintain security programs scaled to their operations. Part 91 operators carry the fewest mandates — but face the same threats, often with less infrastructure to counter them.

For operators conducting international flights, ICAO Annex 17 Standards and Recommended Practices (SARPs) and ICAO Doc 10207 (Aviation Security Training Manual) provide globally recognized frameworks that non-mandated operators can adopt voluntarily. European operations may also trigger obligations under EASA Regulation (EU) 2015/1998, which mirrors ICAO standards for personnel operating in secure areas. These frameworks give corporate flight department security programs a credible, internationally aligned foundation.

What TSA Rules Still Apply to Part 91 Operators

Despite the Part 108 exemption, the following TSA obligations apply to Part 91 operations:

  • Secure Flight Program: Passenger data (full name, date of birth, gender) must be submitted for prescreening on applicable flights. TSA’s Enhanced Secure Flight Rules, expanded in February 2026, broadened data requirements for Part 91 flights with more than 60 seats.
  • 49 CFR Part 1540 — Secure Area Access: All personnel accessing airport secure areas must comply with TSA access control requirements, including proper credentialing and challenge procedures.
  • TWIC Requirements: At certain maritime and intermodal facilities, Transportation Worker Identification Credential requirements may apply to Part 91 personnel.

Non-compliance with these rules is not voluntary. TSA enforcement is real, and ignorance of these obligations is not a defensible position.

8 Core Corporate Aviation Security Training Topics Every Part 91 Flight Department Should Cover

What follows is a structured training roadmap — the eight topics that form the backbone of a credible corporate aviation security training program. Each topic includes who needs it, what it covers, and why it matters. A Director of Aviation can hand this outline to leadership and say: this is what a professional standard looks like.

1. Threat Recognition and Suspicious Activity Reporting

Every person in the flight department — pilots, crew, maintenance technicians, schedulers — needs the foundational skill of recognizing pre-attack indicators and suspicious behaviors at FBOs, ramps, and hangars. ICAO Doc 10207 provides a competency framework for threat recognition that Part 91 operators can adopt directly. The reporting chain must be clear, rehearsed, and accessible to all personnel. Aviation security awareness training for corporate pilots starts here, but it must extend to every role that touches the operation.

2. Insider Threat Awareness and Mitigation

According to the ICAO 2025 AVSEC Report, 70% of aviation security incidents involve insider threats. In a corporate flight department, that means disgruntled employees, social engineering attempts, and unauthorized access by personnel who already hold credentials. Business aviation insider threat awareness training must cover personnel vetting best practices, access control discipline, behavioral indicators of compromise, and the cultural imperative of reporting concerns without stigma. NBAA guidelines on insider threat mitigation emphasize that a “see something, say something” culture is the single most effective countermeasure.

3. Executive Protection and VIP Handling Procedures

Corporate aviation exists, in large part, to move high-value executives securely and efficiently. Executive aviation security procedures for flight crew must extend beyond the aircraft to the full travel chain: ground transport coordination, itinerary compartmentalization, arrival and departure security at FBOs, and information security around travel schedules. Flight crews serve as the last line of defense in a protection detail, and their training should reflect that responsibility. This is not a law enforcement function — it is an awareness and coordination discipline.

4. FBO and Ramp Security Protocols

FBO environments present unique vulnerabilities that generic airport security courses miss entirely. Open ramps, transient personnel, minimal screening infrastructure, and shared-use facilities create access control challenges that Part 91 operators must address proactively. Training should cover vehicle screening coordination, visitor management protocols, ramp security awareness during aircraft loading and unloading, and effective communication with FBO security staff. These are the scenarios where business aviation security training must be specific, not generic.

5. Aircraft Hardening and Physical Security

Securing the aircraft itself is a non-negotiable element of operational security. Training should cover cockpit security measures, tamper detection techniques (seals, inspections), overnight security protocols at outstation airports where the aircraft may sit unattended, and pre-flight security sweeps. NBAA security guidelines outline aircraft hardening procedures that are practical, scalable, and designed for the realities of corporate operations — particularly when operating at unfamiliar or uncontrolled fields.

6. Cyber-Physical Security for Aviation Systems

This is the training gap most legacy programs fail to address for Part 91 operations. The convergence of cyber and physical threats is accelerating: post-2025 cyber attacks on business aviation communication systems exposed vulnerabilities that many operators hadn’t considered. Training must cover electronic flight bag (EFB) security, aircraft Wi-Fi network exploitation risks, GPS spoofing awareness, and the integrity of onboard communication systems. The NBAA 2025 Security Summit emphasized AI-driven threats as an emerging vector. Cyber-physical aviation security training is no longer forward-looking — it’s a current operational need.

7. Counter-UAS and Drone Incursion Awareness

FAA 2025 data documented a 25% rise in drone incursions in U.S. business aviation airspace. More alarming, an estimated 40% of drone encounters go unreported — largely due to inadequate training on recognition and reporting procedures, according to NBAA 2025 Security Summit findings. Counter-UAS training for aviation personnel should cover identification of drone threats during critical flight phases, immediate reporting protocols, and coordination with ATC and airport authorities. The NBAA Summit specifically recommended counter-UAS e-learning as a priority for Part 91 departments. This is an underserved and rapidly growing training need.

8. Security Incident Response and Reporting

Prevention is the priority, but response planning is equally critical. Training must cover immediate incident response procedures, the chain of communication (internal, TSA, law enforcement), documentation requirements for post-incident review, and integration of security events into the operator’s Safety Management System. FAA AC 120-92B provides the framework for SMS integration, and security incident response fits directly within it. Post-incident debriefs should feed back into recurrent training — closing the loop between response and prevention.

Who Needs Training: Beyond the Flight Crew

A credible corporate flight department security program requires whole-department participation. Security culture cannot exist when training is limited to the cockpit. IATA recommends that 70% of security training content focus on practical scenarios over theory — and those scenarios must be tailored to each role:

  • Pilots and co-pilots: Threat recognition in flight and on the ground, cockpit security protocols, cyber-physical awareness, counter-UAS response.
  • Cabin crew: Passenger behavior monitoring, VIP handling coordination, in-flight incident response, suspicious item identification.
  • Maintenance technicians and line service personnel: Aircraft hardening verification, tamper detection, ramp access control, overnight security protocols.
  • Flight schedulers and trip coordinators: Itinerary security, Secure Flight data compliance, information compartmentalization for high-profile trips.
  • Executive assistants and corporate security directors: Interface coordination between corporate security and flight operations, executive protection planning, threat intelligence dissemination.

Both NBAA and ICAO emphasize that security culture is built through shared responsibility, not siloed expertise. When every team member understands their role in the security chain, the entire operation becomes more resilient.

How to Deliver Corporate Aviation Security Training Effectively

Part 91 flight departments face unique delivery constraints: lean staffing, distributed schedules, pilots on the road, and no dedicated training facilities. These realities make e-learning the ideal delivery method for business aviation security training — flexible enough to fit around operational schedules, trackable for audit and recurrent training documentation, and structured enough to meet ICAO competency benchmarks.

ICAO Aviation Security Training Packages (ASTPs) offer modular frameworks that Part 91 operators can adapt, providing a credible foundation for aviation security compliance training without requiring a five-day classroom commitment. Effective programs can be completed in one to four hours, fitting seamlessly into existing recurrent training cycles. Research has reported an 80% reduction in security-related threat incidents among organizations using scenario-based AVSEC e-learning — a figure that underscores the effectiveness of well-designed digital delivery.

Training should include scenario-based modules (ramp incursion response, executive protection decision-making, cyber intrusion recognition), post-training competency assessments aligned with ICAO Doc 10207 benchmarks, and VR simulations where available for threat identification practice. Critically, security training must integrate with the operator’s Safety Management System under FAA AC 120-92B — security events tracked, analyzed, and fed back into training content.

The financial case reinforces the operational one. Industry reports suggest that operators with NBAA-aligned security training programs have achieved 10–15% reductions in aviation insurance premiums. Proactive training pays for itself.

For Part 91 flight departments ready to formalize their security training program, purpose-built aviation security e-learning for business aviation personnel offers the structure and flexibility to make it happen. Explore CTS’s Corporate Aviation Security Training course — built for Part 91 flight departments, aligned with ICAO and NBAA frameworks, and designed to fit your operational schedule through flexible e-learning delivery.

Building a Security Culture That Outlasts Any Single Course

A training checklist is a starting point. A security culture is the destination. As ICAO Secretary General Juan Carlos Salazar emphasized in the context of Doc 10207’s release, even non-regulated entities in corporate aviation benefit from structured training that builds a global security culture against evolving threats. By 2026, 47 States had adopted Doc 10207 frameworks, covering 85% of global flights — proof that the professional standard is moving toward proactive security regardless of mandate.

The statistic that opened this article bears repeating: only 35% of Part 91 operators maintain a formal security program. Experts estimate that 90% of security incidents are preventable through awareness alone. The gap between those two numbers represents both risk and opportunity. Corporate aviation security training is what separates professional flight departments from operators hoping that exemption equals protection.

Voluntary does not mean optional. It means self-directed excellence — the decision to meet a professional standard because the mission demands it, not because a regulation compels it. Threats will continue to evolve: AI-driven social engineering, increasingly sophisticated drone operations, and cyber-physical attack vectors that didn’t exist five years ago. Your corporate aviation security training program must evolve with them.

CTS also offers comprehensive IS-BAO/Part 91 Training packages that integrate security awareness into your broader operational standards — a practical next step for departments building a complete training program.

Frequently Asked Questions

Does Part 91 require a formal aviation security training program?

No. Part 91 operators are exempt from formal Aviation Security Programs required under 14 CFR Part 108. However, TSA obligations under 49 CFR Part 1540 still apply, and FAA AC 107-1B recommends voluntary security training. NBAA strongly urges all Part 91 flight departments to adopt a Part 91 flight department security training program as a professional best practice.

What security training should a corporate flight department provide?

A comprehensive program should cover threat recognition, insider threat awareness, executive protection procedures, FBO and ramp security, aircraft hardening, cyber-physical security, counter-UAS awareness, and incident response. These eight topics, aligned with NBAA security guidelines and ICAO Doc 10207, form the foundation of credible corporate aviation security training.

How do NBAA security guidelines apply to Part 91 operators?

NBAA security guidelines are voluntary best practices specifically designed for business aviation operators, including Part 91 departments. They cover threat assessment, personnel screening, aircraft hardening, and insider threat mitigation. While not regulatory mandates, they represent the industry’s recognized professional standard and are increasingly referenced by insurers and auditors.

What is the difference between Part 91 and Part 135 aviation security requirements?

Part 135 commercial operators must implement formal Aviation Security Programs under 14 CFR Part 108, with TSA-approved training curricula and regular audits. Part 91 private operators are exempt from Part 108 but must still comply with TSA rules under 49 CFR Part 1540. The threat exposure is comparable; the regulatory burden is not.

How can corporate flight departments protect against insider threats and drone incursions?

Insider threats, which account for 70% of aviation security incidents according to ICAO, are mitigated through personnel vetting, access control discipline, and a reporting culture reinforced by recurrent training. Drone incursions — up 25% in 2025 per FAA data — require recognition training, standardized reporting procedures, and ATC coordination protocols. Both topics should be core elements of any voluntary security program.

Related Posts

Looking For Something?
Search
Recent Posts
Categories
Archives

2026

2025

2024

2023

2022

2021

2020

2019

2018

Want to learn more about CTS Training

CONNECT NOW!

Need a quote for your operation?  click here

Computer Training Systems