ER-040 is a report providing guidance in addressing a management system for Information Security that supplements the current Safety Management System. It responds to the need for consistent information security solutions across the supply chain. This report is intended to establish the best practices for securing aviation, ensuring consistency and minimum levels of information security throughout the supply chain, and establishing a common understanding to ease audit overhead on all stakeholders. This document is intended to supplement and provide additional guidance in support of the European Union Aviation Safety Agency (EASA) Part-IS Acceptable Means of Compliance (AMC) & Guidance Materials (GM).