560 likes | 666 Views
SAFETY REGULATION COMMISSION. EUROCONTROL. ESARR 1 IMPLEMENTATION WORKSHOP. The agenda…. Tuesday afternoon: ESARR 1 and SES working together and some basic things (e.g. definitions) Wednesday morning: Safety Regulatory Audit Process Wednesday afternoon: Safety Oversight of Changes
E N D
SAFETY REGULATION COMMISSION EUROCONTROL ESARR 1 IMPLEMENTATION WORKSHOP
The agenda… Tuesday afternoon: • ESARR 1 and SES working together • and some basic things (e.g. definitions) Wednesday morning: • Safety Regulatory Audit Process Wednesday afternoon: • Safety Oversight of Changes • Safety Directives Thursday morning: • A national perspective (France) • Certification Process
a very quick recap … • ESARR 1 is intended to: • Work together with SES • Complement SES by dealing with the “HOW” • Cover various potential scenarios • Soft/tough certification + soft/tough designation • Inside/outside the SES/EU framework • Elaborate further the agreements on supervision of FABs • Don’t underestimate the importance of the ESARR 1 definitions (notably, the definition of “applicable safety regulatory requirements”) • ESARR 1 is about processes… • ESARR 1 will be transposed into Community law… • Probably this year. • If there are “orphans” the need to implement them will stand
SAFETY REGULATION COMMISSION EUROCONTROL ESARR 1 IMPLEMENTATION WORKSHOP ESARR 1 IMPLEMENTATION WORKSHOP Safety Audit Process
CE-1 Primary Aviation Legislation CE-3 CE-2 Organisation Regulations ESTABLISH Technical Guidance Qualification and Training CE-5 CE-4 IMPLEMENT Authorization and Approval Obligations Surveillance Obligations Resolution of Safety Issues CE-6 CE-7 CE-8
verification SAFETY AUDITING SAFETY OVERSIGHT OF CHANGES SAFETY REGULATORY CAPABILITIES (Section 9) MONITORING OF SAFETY PERFORMANCE (Section 4) VERIFY SAFETY REGULATORY RECORDS (Section 11) SAFETY OVERSIGHT ANNUAL REPORT (Section 12) SAF. OVERSIGHT OF NEW SYS & CHANGES HOW Use of Recognised Organisations (Section 8) SAF. REG.AUDITING SAFETY DIRECTIVES (Section 10)
verification SAFETY AUDITING SAFETY OVERSIGHT OF CHANGES VERIFY SAF. OVERSIGHT OF NEW SYS & CHANGES HOW SAF. REG.AUDITING
VERIFY (Section 5.1) • Compliance before issuing/renewing a Certificate • Compliance before issuing/renewing a Designation • Continuous compliance • Implementation of safety argument of new systems and changes SAFETY OVERSIGHT OF NEW SYSTEMS AND CHANGES REVIEW SAFETY ARGUMENT (Sections 7.3, 7.5, 7.6) HOW DO YOU VERIFY (Section 5.2) Major Minor ACCEPTANCE Additional Safety conditions CLASSIFY CHANGES (Sections 7.1, 7.2) Accepted through ATM provider procedures (Section 7.4) SAFETY REGULATORY AUDITING (Section 6)
Audit? … …What’s an audit? • Independence from area been audited • Systematic and documented • Looking for objective evidence • Checking against a reference • ISO definition: • Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled • Some important ideas not explicitly mention in the official definitions: • AUDITING IS ABOUT SAMPLING… • THE SELECTION OF SAMPLES IS ESSENTIAL • PEOPLE ARE INNOCENT UNLESS YOU CAN DEMONSTRATE THEY ARE GUILTY • AN AUDITOR ONLY RAISES A NONCONFORMITY IF HE HAS OBJECTIVE EVIDENCE • AN AUDIT IS ALWAYS AN SNAPSHOT (situation found at the time of the audit)
Audit? … …What’s an audit? • Some important ideas not explicitly mentioned in the official definitions: • AN AUDIT IS NOT CONFINED TO THE “ONSITE AUDIT VISIT”: • Preparation is essential • A rough estimate: one auditor-man/day one/two auditor-man/days on-site of preparation • AUDITING NEEDS: • A SIGNIFICANT AMOUNT OF QUALIFIED RESOURCES • GOOD PLANNING AND MANAGEMENT MANAGEMENT IS ESSENTIAL…
Audit? … …What’s an audit? • Some important ideas not explicitly mention in the official definitions: ON-SITE AUDIT / VISIT(s) PREPARATION INCLUDING A REVIEW OF DOCUMENTATION CORRECTIVE ACTION PROCESS Audit report The approach changes after the audit report…
Yesterday I told you we would try to focus on issues and “tricks”… So this is my list of proposed topics … • NSA roles and • functions • Corrective Action Process • Categorisation of non-conform. • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing and managing a programme of audits • NSA roles/functions in relation to auditing • Determination, follow up and closure of corrective actions • Categorisation of non-conformities • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing / Managing a Programme of Audits
Yesterday I told you we would try to focus on issues and “tricks”… So this is my list of proposed topics … • NSA roles and • functions • Corrective Action Process • Categorisation of non-conform. • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing and managing a programme of audits • NSA roles/functions in relation to auditing • Determination, follow up and closure of corrective actions • Categorisation of non-conformities • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing / Managing a Programme of Audits
NSA roles and • functions • Corrective Action Process • Categorisation of non-conform. • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing and managing a programme of audits 1. NSA ROLES / FUNCTIONS IN RELATION TO THE AUDIT PROCESS • The role of the NSA Top Management • The “Designated Point of Responsibility” in the NSA • The Management of the Audit Programme • … and the auditors!
NSA Top Management Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors RECOGNISED ORGANISATION (wherever used) Basic functions to be organised / arranged /managed… … as appropriate • Different arrangements are possible • Nothing prevents an NSA from • combining roles/functions: • Top management • Audit management • ‘Designated point of responsibility’ • The execution of audits • There are things which must stay • within the NSA: • The programme of audits • The ‘designated point of responsibility’ • (request / follow up of corrective actions) • Top management functions
Basic functions to be organised / arranged /managed… … as appropriate TOP MANAGEMENT: NSA • Overall responsibility for the safety oversight activity • Responsible for resourcing the various functions • Responsible for meeting the requirements established in ESARR 1 and the rest of the regulatory framework • Normally, it is the one deciding on enforcement actions to be taken in the light of documented findings Top Management Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors RECOGNISED ORGANISATION (wherever used)
Basic functions to be organised / arranged /managed… … as appropriate AUDIT MANAGEMENT: NSA • Determines, implements and follows up the Annual Programme of Safety Regulatory Audits • Manages the arrangements with recognised organisations (wherever they are used) Top Management Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors • AUDITORS: • Plan and conduct the audits • Produce the audit report • Identify areas of non-compliance (no corrective actions!) • They can be NSAs auditors or ROs auditors Recognised Organisation’s auditors RECOGNISED ORGANISATION (wherever used)
Basic functions to be organised / arranged /managed… … as appropriate DESIGNATED POINT OF RESPONSIBILITY REQUIRED IN ESARR 1: NSA Top Management Why did we invent that ? Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors RECOGNISED ORGANISATION (wherever used)
Proposes corrective actions that are accepted by the client if they fix the findings The “client” Forward report of the audit Requests corrective action conducts audit auditee auditor(s) Basic functions to be organised / arranged /managed… … as appropriate DESIGNATED POINT OF RESPONSIBILITY REQUIRED IN ESARR 1: NSA Top Management Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors RECOGNISED ORGANISATION (wherever used)
Basic functions to be organised / arranged /managed… … as appropriate DESIGNATED POINT OF RESPONSIBILITY REQUIRED IN ESARR 1: NSA Top Management • Receives the audit report produced by the auditors • Ensures that the audit findings are communicated to the senior management of the organisation audited • Requests corrective action • Assesses the corrective actions determined by the auditee, and accepts them (or not) • Undertakes additional actions regulatory actions if required. Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors RECOGNISED ORGANISATION (wherever used)
PREPARATION INCLUDING A REVIEW OF DOCUMENTATION PREPARATION INCLUDING A REVIEW OF DOCUMENTATION ON-SITE AUDIT / VISIT(s) ON-SITE AUDIT / VISIT(s) Audit report Audit report Basic functions to be organised / arranged /managed… … as appropriate NSA Top Management PREPARATION INCLUDING A REVIEW OF DOCUMENTATION CORRECTIVE ACTION PROCESS Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors RECOGNISED ORGANISATION (wherever used)
Basic functions to be organised / arranged /managed… … as appropriate DESIGNATED POINT OF RESPONSIBILITY REQUIRED IN ESARR 1: NSA Top Management • Receives the audit report produced by the auditors • Ensures that the audit findings are communicated to the senior management of the organisation audited • Requests corrective action • Assesses the corrective actions determined by the auditee, and accepts them (or not) • Undertakes additional actions regulatory actions if required. Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors What does this means? RECOGNISED ORGANISATION (wherever used)
Basic functions to be organised / arranged /managed… … as appropriate • This is intended to establish a focal point to trigger the internal coordination needed within the NSA: • If enforcement is needed • If a safety directive is needed • If an intervention from the NSA is needed… • If someone needs to know the findings of the audit inside the NSA for any purpose… • If… • But this does not mean that all these things are on the shoulder of the ‘designated point of responsibility’ DESIGNATED POINT OF RESPONSIBILITY REQUIRED IN ESARR 1: NSA Top Management • Receives the audit report produced by the auditors • Ensures that the audit findings are communicated to the senior management of the organisation audited • Requests corrective action • Assesses the corrective actions determined by the auditee, and accepts them (or not) • Undertakes additional actions regulatory actions if required. Audit Management Designated point of Responsibility required in ESARR 1 Auditors NSA’s auditors Recognised Organisation’s auditors What does this means? RECOGNISED ORGANISATION (wherever used)
NSA roles and • functions • Corrective Action Process • Categorisation of non-conform. • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing and managing a programme of audits 2. Determination, follow up and closure of corrective actions 3. Categorisation of non-conformities
Do you remember this diagram? ON-SITE AUDIT / VISIT(s) PREPARATION INCLUDING A REVIEW OF DOCUMENTATION CORRECTIVE ACTION PROCESS Audit report The approach changes after the audit report…
Communicates findings & Requests corrective action Accepts the proposed Corrective actions (or not) Follows up implementation of corrective action and their effectiveness Proposes corrrective action NSA Evaluates effectiveness of corrective actions proposed AUDIT REPORT Finding (Non-conformity or Observation) CLOSURE Implements corrective actions agreed Determination of corrective action ANSP
NSA NSA might need to determine actions to be implemented by the ANSP AUDIT REPORT WHAT HAPPENS IF THE FINDING IS TOO “SERIOUS”? Finding (Non-conformity or Observation) IN SOME CASES A DIRECT INTERVENTION FROM THE NSA MAY BE NECESSARY IN RELATION TO A FINDING ANSP
NSA NSA might need to determine actions to be implemented by the ANSP THIS SHOULD NORMALLY BE EXCEPTIONAL ONLY IF THERE IS A JUSTIFIED REASON RELATED TO SAFETY AUDIT REPORT Finding (Non-conformity or Observation) IN SOME CASES A DIRECT INTERVENTION FROM THE NSA MAY BE NECESSARY IN RELATION TO A FINDING ANSP
CATEGORISATION OF NON-CONFORMITIES • NSAs need to define clear criteria to support the identification of situations where an NSA intervention is needed to correct a finding • Wherever an audit reveals an unsafe situation • Wherever immediate reaction needed • The existence of objective evidence is even more critical in this case • Practical arrangements are needed: • Auditors should communicate the finding to the NSA management • NSA auditors might be in a position to determine a corrective action on-site in very serious situations • But auditors from recognised organisations’ auditors don’t • These procedures should only apply to ongoing oversight audits • The use of these procedures should be exceptional
CATEGORISATION OF NON-CONFORMITIES EAM 1 GUI 3 GUIDANCE: NON-CONFORMITIES LEVEL 1 Any non-compliance which significantly hazards the safety of aircraft NSA ACTION REQUIRED LEVEL 2 Any non-compliance which significantly hazards the safety of aircraft NORMAL CORRECTIVE ACTION PROCESS APPLIED ??
CATEGORISATION OF NON-CONFORMITIES EAM 1 GUI 5 GUIDANCE: NON-CONFORMITIES LEVEL 1 Any non-compliance which significantly hazards the safety of aircraft NSA ACTION REQUIRED LEVEL 1 Any non-compliance which significantly hazards the safety of aircraft NORMAL CORRECTIVE ACTION PROCESS APPLIED GUI 5 recommends that at least four types of possible situations are identified as level 1 non-compliances They are called “A, B, C and D” CRITERIA TO BE DEFINED BY NSA GUI 5 proposes some recommended criteria & gives examples
CATEGORISATION OF NON-CONFORMITIES EAM 1 GUI 5 GUIDANCE: • It is recommended that criteria identify at least the following types of possible situations as level 1 non-conformities: • Case A - Evidence demonstrates that a service provided is not compliant with safety-related specifications although it is obtained through the systematic application of the relevant processes. • Case B - Evidence demonstrates a lack of systematic implementation of • arrangements intended to identify or eliminate a potential or actual unsafe • situation. • Case C - Evidence demonstrates a lack of systematic implementation of a safety-related operational arrangement • Case D - Evidence demonstrates a lack of implementation of corrective • actions within the agreed timescale granted by the NSA in relation to the • findings of a safety regulatory audit.
CATEGORISATION OF NON-CONFORMITIES EAM 1 GUI 5 GUIDANCE: • It is recommended that criteria identify at least the following types of possible situations as level 1 non-conformities: • Case B - Evidence demonstrates a lack of systematic implementation of • arrangements intended to identify or eliminate a potential or actual unsafe • situation. • SOME EXAMPLES • See 1 and 2 on the table of EAM 1 GUI 5 • Evidences are found showing that corrective actions resulting from the internal investigation of safety occurrences are (systematically) not implemented
CATEGORISATION OF NON-CONFORMITIES EAM 1 GUI 5 GUIDANCE: • It is recommended that criteria identify at least the following types of possible situations as level 1 non-conformities: • Case C - Evidence demonstrates a lack of systematic implementation of a safety-related operational arrangement • SOME EXAMPLES • See 15 and 16 on the table of EAM 1 GUI 5 • Evidences are found showing that non essential maintenance works in relation to the runway are (systematically) authorised by the TWR in an area close to the ILS localizer at a time at which low visibility procedures applied.
CATEGORISATION OF NON-CONFORMITIES EAM 1 GUI 5 GUIDANCE: • It is recommended that criteria identify at least the following types of possible situations as level 1 non-conformities: • Case A - Evidence demonstrates that a service provided is not compliant with safety-related specifications although it is obtained through the systematic application of the relevant processes. • SOME EXAMPLES • See 6 and 7 on the table of EAM 1 GUI 5 • Evidences are found showing that the declared capacity was exceeded in a number of situations. • However, no evidences are found to demonstrate the existence of an issue related to the relevant procedures
CATEGORISATION OF NON-CONFORMITIES EAM 1 GUI 5 GUIDANCE: • It is recommended that criteria identify at least the following types of possible situations as level 1 non-conformities: • Case D - Evidence demonstrates a lack of implementation of corrective • actions within the agreed timescale granted by the NSA in relation to the • findings of a safety regulatory audit. SOME EXAMPLES See 17 on the table of EAM 1 GUI 5 The ANSP does not implement a corrective action in relation to a level 2 nonconformity within the timescales agreed by the NSA Article 5(4) Common Requirements requires the NSA to take enforcement action
CE-1 Primary Aviation Legislation CE-3 CE-2 Organisation Regulations ESTABLISH Technical Guidance Qualification and Training CE-5 CE-4 IMPLEMENT Authorization and Approval Obligations Surveillance Obligations Resolution of Safety Issues CE-6 CE-7 CE-8
Initial certification CLOSURE OF NON-CONFORMITIES THERE IS A BIG ISSUE IN THE CURRENT CERTIFICATION PROCESS 172 days left to complete the current certification process!!! Article 3 Common Requirements 1. In order to obtain the certificate necessary to provide air navigation services, and without prejudice to Article 7(5) of Regulation (EC) No 550/2004, air navigation service providers shall comply with the general common requirements set out in Annex I as well as with the specific additional requirements set out in Annexes II to V to this Regulation according to the type of service they provide, subject to the derogations under Article 4. … 3. An air navigation service provider shall comply with the common requirements no later than the time at which the certificate is issued pursuant to Article 7 of Regulation (EC) No 550/2004. Any non-conformity should be corrected (closed) Before the certificate is issued
QUESTIONS ? • COMMENTS ? • VIEWS ? • … on anything said (or not said)
NSA roles and • functions • Corrective Action Process • Categorisation of non-conform. • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing and managing a programme of audits • 4. RESOURCES NEEDED • HOW MANY AUDITOR-DAYS • DO YOU NEED ?
The resources needed depend on: • Number of units, services, employees • Complexity of systems and services provided • Stage of development of the management of safety in the service provider organisation, • Observed strengths and weaknesses in the documented management of safety, • Level of service provider management maturity to safety management, • Level of service provider staff maturity to safety management processes and techniques, • Level of NSA maturity to safety management processes and techniques, • Level of NSA maturity / experience in respect of auditing, • Overall safety performance of the service provider • etc, etc… ???
There are some references which have NOT been validated in the context of ATM BE VERY CAREFUL ABOUT USING THEM…
There are some references which have NOT been validated in the context of ATM BE VERY CAREFUL ABOUT USING THEM…
Auditor-days in initial oversight Auditor-days in ongoing oversight = 3 There are some references which have NOT been validated in the context of ATM BE VERY CAREFUL ABOUT USING THEM…
There are some references which have NOT been validated in the context of ATM BE VERY CAREFUL ABOUT USING THEM… • For the time being we don’t have that type of (validated) guidance to support the implementation of ATM safety oversight • Maybe in the future… based on the experienced of the NSAs • Each NSA needs to consider this problem locally and ENSURE that enough resources are put in place with • NSA auditorsOR/AND • Recognised Organisation auditors • To do all the audits needed, meeting at least the minimum established in ESARR 1
NSA roles and • functions • Corrective Action Process • Categorisation of non-conform. • Determination of resources needed • Possible use of recognised organisations • Implementing the 24-month review cycle • Producing and managing a programme of audits • 5. POSSIBLE USE OF RECOGNISED • ORGANISATIONS
According to SES: • NSAs “organise”proper inspections and surveys to verify compliance with CRs • NSAs “may decide” to delegate in full or in part the inspections and surveys to recognised organisations • To become a recognised organisations, a set of requirements has to be met (they are in the SP Regulation) • A recognition granted by a NSA shall be valid within the EC. Any NSAs can use any recognised organisation. “Organise” “May decide” MANAGEMENT OF ROs THE REQUIREMENTS APPLICABLE TO ROs ARE CRITICAL
Significant Issue: • We thought (think) that the SES requirements applicable to ROs were (are) too generic • More details were needed to deal with safety...
NSA Management of arrangements with Recognised Organisations • Approach in ESARR 1: • Avoid interfering in the SES scheme: The “right” to become a recognised organisation is regulated by SES • An organisation is only be eligible to be recognised if it meets the SES requirements • There will be a “list” of organisations recognised. If you are on the list, you have the right to be eligible • Focus on the “may decide” • which implies that someone adopts certain criteria to decide... The “may decide” implies a need for “decisions”; that is to say, a need to manage these decisions. • The ESARR 1 requirements are formulated around what a NSA has to do wherever such a decision has to be made to deal with the supervision of safety