Regulation (EU) 2023/203
(a) The competent authority shall establish and maintain a management system, including as a minimum:
(1) documented policies and procedures to describe its organisation, means and methods to achieve compliance with Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof. The procedures shall be kept up to date and serve as the basic working documents within that competent authority for all related tasks;
(2) a sufficient number of personnel to perform its tasks and discharge its responsibilities. Such personnel shall be qualified to perform their allocated tasks and have the necessary knowledge, experience, initial and recurrent training to ensure continuing competence. A system shall be in place to plan the availability of personnel, in order to ensure the proper completion of all tasks;
(3) adequate facilities and office accommodation to perform the allocated tasks;
(4) a function to monitor compliance of the management system with the relevant requirements and adequacy of the procedures including the establishment of an internal audit process and a safety risk management process. Compliance monitoring shall include a feedback system of audit findings to the senior management of the competent authority to ensure implementation of corrective actions as necessary; and
(5) a person or group of persons, ultimately responsible to the senior management of the competent authority for the compliance monitoring function.
(b) The competent authority shall, for each field of activity including management system, appoint one or more persons with the overall responsibility for the management of the relevant task(s).
(c) The competent authority shall establish procedures for participation in a mutual exchange of all necessary information and assistance with other competent authorities concerned, whether from within the Member State or in other Member States, including the following information:
(1) on all findings raised, corrective follow-up actions taken pursuant to such findings and enforcement measures taken as a result of oversight of persons and organisations exercising activities in the territory of a Member State but certified by or having made declarations to the competent authority of another Member State or the Agency;
(2) stemming from mandatory and voluntary occurrence reporting as required by point ORA.GEN.160 of Annex VII.
(d) A copy of the procedures related to the management system and their amendments shall be made available to the Agency for the purpose of standardisation.
(e) In addition to the requirements contained in point (a), the management system established and maintained by the competent authority shall comply with Annex I (Part-IS.AR) to Implementing Regulation (EU) 2023/203 in order to ensure the proper management of information security risks which may have an impact on aviation safety.
[applicable from 22 February 2026 — Implementing Regulation (EU) 2023/203]
AMC1 ARA.GEN.200(a) Management system
ED Decision 2018/009/R
GENERAL
(a) All of the following should be considered when deciding upon the required organisational structure:
(1) the number of certificates, attestations, authorisations and approvals to be issued;
(2) the number of declared training organisations;
(3) the number of certified persons and organisations exercising an activity within that Member State, including persons or organisations certified by, or having made a declaration to, other competent authorities;
(4) the possible use of qualified entities and of resources of other competent authorities to fulfil the continuing oversight obligations;
(5) the level of civil aviation activity in terms of:
(i) number and complexity of aircraft operated;
(ii) size and complexity of the Member State’s aviation industry;
(6) the potential growth of activities in the field of civil aviation.
(b) The set-up of the organisational structure should ensure that the various tasks and obligations of the competent authority do not rely solely on individuals. A continuous and undisturbed fulfilment of these tasks and obligations of the competent authority should also be guaranteed in case of illness, accident or leave of individual employees.
GM1 ARA.GEN.200(a) Management system
ED Decision 2012/006/R
GENERAL
(a) The competent authority designated by each Member State should be organised in such a way that:
(1) there is specific and effective management authority in the conduct of all relevant activities;
(2) the functions and processes described in the applicable requirements of Regulation (EC) No 216/200820 Regulation (EC) No 216/2008 of the European Parliament and of the Council of 20 February 2008 on common rules in the field of civil aviation and establishing a European Aviation Safety Agency, and repealing Council Directive 91/670/EEC, Regulation (EC) No 1592/2002 and Directive 2004/36/EC. OJ L 79, 19.3.2008, p. 1. and its Implementing Rules and AMCs, Certification Specifications (CSs) and Guidance Material (GM) may be properly implemented;
(3) the competent authority’s organisation and operating procedures for the implementation of the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules are properly documented and applied;
(4) all competent authority personnel involved in the related activities are provided with training where necessary;
(5) specific and effective provision is made for the communication and interface as necessary with the Agency and the competent authorities of other Member States; and
(6) all functions related to implementing the applicable requirements are adequately described.
(b) A general policy in respect of activities related to the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules should be developed, promoted and implemented by the manager at the highest appropriate level; for example the manager at the top of the functional area of the competent authority that is responsible for such activities.
(c) Appropriate steps should be taken to ensure that the policy is known and understood by all personnel involved, and all necessary steps should be taken to implement and maintain the policy.
(d) The general policy, whilst also satisfying additional national regulatory responsibilities, should in particular take into account:
(1) the provisions of Regulation (EC) No 216/2008;
(2) the provisions of the applicable Implementing Rules and their AMCs, CSs and GM;
(3) the needs of industry; and
(4) the needs of the Agency and of the competent authority.
(e) The policy should define specific objectives for key elements of the organisation and processes for implementing related activities, including the corresponding control procedures and the measurement of the achieved standard.
AMC1 ARA.GEN.200(a)(1) Management system
ED Decision 2012/006/R
DOCUMENTED POLICIES AND PROCEDURES
(a) The various elements of the organisation involved with the activities related to Regulation (EC) No 216/2008 and its Implementing Rules should be documented in order to establish a reference source for the establishment and maintenance of this organisation.
(b) The documented procedures should be established in a way that facilitates their use. They should be clearly identified, kept up-to-date and made readily available to all personnel involved in the related activities.
(c) The documented procedures should cover, as a minimum, all of the following aspects:
(1) policy and objectives;
(2) organisational structure;
(3) responsibilities and associated authority;
(4) procedures and processes;
(5) internal and external interfaces;
(6) internal control procedures;
(7) training of personnel;
(8) cross-references to associated documents;
(9) assistance from other competent authorities or the Agency (where required).
(d) It is likely that the information is held in more than one document or series of documents, and suitable cross-referencing should be provided. For example, organisational structure and job descriptions are not usually in the same documentation as the detailed working procedures. In such cases it is recommended that the documented procedures include an index of cross-references to all such other related information, and the related documentation should be readily available when required.
AMC1 ARA.GEN.200(a)(2) Management system
ED Decision 2012/006/R
QUALIFICATION AND TRAINING - GENERAL
(a) The competent authority should ensure appropriate and adequate training of its personnel to meet the standard that is considered necessary to perform the work. To ensure personnel remain qualified, arrangements should be made for initial and recurrent training as required.
(b) The basic capability of the competent authority’s personnel is a matter of recruitment and normal management functions in selection of personnel for particular duties. Moreover, the competent authority should provide training in the basic skills as required for those duties. However, to avoid differences in understanding and interpretation, all personnel should be provided with further training specifically related to Regulation (EC) No 216/2008, its Implementing Rules and related AMCs, CSs and GM, as well as related to the assessment of alternative means of compliance.
(c) The competent authority may provide training through its own training organisation with qualified trainers or through another qualified training source.
(d) When training is not provided through an internal training organisation, adequately experienced and qualified persons may act as trainers, provided their training skills have been assessed. If required, an individual training plan should be established covering specific training skills. Records should be kept of such training and of the assessment, as appropriate.
AMC2 ARA.GEN.200(a)(2) Management system
ED Decision 2017/022/R
QUALIFICATION AND TRAINING - INSPECTORS
(a) Qualification
(1) All inspectors should receive, as appropriate to their role, training in the following areas:
(i) auditing techniques, as relevant to the particular duties and responsibilities of the inspector;
(ii) safety management systems (SMSs);
(iii) compliance monitoring system (CMSs);
(iv) the requirements of Regulation (EU) No 1178/2011 related to their duties, in particular of Annex VII (Part-ORA) and Annex VI (Part ARA) thereto; and
(v) ICAO Annexes and guidance material relevant to their duties.
(2) Additional qualification criteria:
(i) inspectors conducting sampling of training flights in aircraft or FSTD sessions should hold or have held a pilot licence and relevant ratings and certificates appropriate to the level of the training conducted;
(ii) inspectors conducting sampling of training flights in aircraft as a member of the flight crew should hold a pilot licence and relevant ratings and certificates appropriate to the level of the training conducted;
(iii) inspectors conducting sampling of theoretical-knowledge instruction should have a practical background in aviation in the areas relevant to the training provided as well as practical experience in instructional techniques;
(iv) inspectors approving training programmes should have relevant experience in the same area; and
(v) inspectors not involved in activities referred to in (i)-(iv) above should have a relevant background in aviation related to their duties.
(b) Initial training programme
The initial training programme for inspectors should include, as appropriate to their role, current knowledge of, as well as experience and skills in, at least the following:
(1) air law – organisation and structure;
(2) Regulation (EC) No 216/2008, as well as its implementing regulations and related AMC/GM;
(3) the Chicago Convention, as well as relevant ICAO Annexes and guidance;
(4) relevant national aviation and administrative legislation;
(5) the applicable requirements and procedures (including the correct formulation of findings);
(6) management systems, including assessment of SMSs and CMSs, as well as auditing, risk assessment, and reporting techniques;
(7) competency-based training, including approval of training organisations;
(8) criteria for the qualification of FSTDs;
(9) evidence-based training;
(10) HF training (including ‘just culture’ in aviation and conflict management);
(11) performance-based oversight;
(12) rights and obligations of the competent authority’s inspecting personnel;
(13) ‘on-the-job training’;
(14) the relevant Annexes to Regulation (EU) No 965/2012; and
(15) suitable technical training appropriate to the role and tasks of the inspector, in particular for those areas requiring approvals.
(c) Recurrent training programme
The recurrent training programme should reflect, at least, changes in aviation legislation and industry. It should also cover the specific needs of the inspectors and of the competent authority, and include at least the following:
(1) an inspection on behalf of the competent authority, supervised by another inspector;
(2) licence proficiency check(LPC)/OPC on an appropriate aircraft type/class (if applicable);
(3) instructor refresher seminar (if applicable);
(4) audit techniques course for regulators (refresher course); and
(5) SMS refresher course.
GM1 ARA.GEN.200(a)(2) Management system
ED Decision 2018/009/R
SUFFICIENT PERSONNEL
(a) This GM on the determination of the required personnel is limited to the performance of certification and oversight tasks, excluding personnel required to perform tasks subject to any national regulatory requirements.
(b) The elements to be considered when determining required personnel and planning their availability may be divided into quantitative and qualitative elements:
(1) Quantitative elements:
(i) the estimated number of initial certificates to be issued and declarations to be received;
(ii) the number of:
(A) organisations certified by the competent authority; and
(B) organisations having declared their activity to the competent authority;
(iii) the number of persons to whom the competent authority has issued a licence, certificate, rating, authorisation or attestation;
(iv) the estimated number of persons and organisations exercising their activity within the territory of the Member State and established or residing in another Member State.
(2) Qualitative elements:
(i) the size, nature and complexity of activities of certified and declared organisations as well as FSTD qualification certificate holders (cf. AMC1 ORA.GEN.200(b)), taking into account:
(A) privileges of the organisation;
(B) type and scope of approval or declared activities, multiple certification or declaration;
(C) possible certification or declaration to industry standards;
(D) types of aircraft / flight simulation training devices (FSTDs) operated;
(E) number of personnel; and
(F) organisational structure, existence of subsidiaries;
(ii) the safety priorities identified;
(iii) the results of past oversight activities, including audits, inspections and reviews, in terms of risks and regulatory compliance, taking into account:
(A) number and level of findings;
(B) timeframe for implementation of corrective actions; and
(C) maturity of management systems implemented by organisations and their ability to effectively manage safety risks, taking into account also information provided by other competent authorities related to activities in the territory of the Member States concerned; and
(iv) the size and complexity of the Member State’s aviation industry and the potential growth of activities in the field of civil aviation, which may be an indication of the number of new applications and declarations as well as changes to existing certificates and declarations to be expected.
(c) Based on existing data from previous oversight planning cycles and taking into account the situation within the Member State’s aviation industry, the competent authority may estimate:
(1) the standard working time required for processing:
(i) applications for new certificates (for persons, organisations and FSTD qualification);
(ii) new declarations;
(2) for each planning period, the number of:
(i) new certificates to be issued;
(ii) declarations to be received; and
(iii) changes to existing certificates and declarations to be processed;
(3) the number of changes to existing certificates to be processed for each planning period.
(d) In line with the competent authority’s oversight policy, the following planning data should be determined specifically for each type of organisation certified by the competent authority ining the AMC & GM to the implementing rules of Commission Regulation (EU) (approved training organisations (ATOs) and aero-medical centres (AeMCs)) and for FSTD qualification certificate holders as well as for declared training organisations:
(1) standard number of audits to be performed per oversight planning cycle;
(2) standard duration of each audit;
(3) standard working time for audit preparation, on-site audit, reporting and follow-up, per inspector;
(4) standard number of ramp and unannounced inspections to be performed;
(5) standard duration of inspections, including preparation, reporting and follow-up, per inspector;
(6) minimum number and required qualification of inspectors for each audit/inspection.
(e) Standard working time could be expressed either in working hours per inspector or in working days per inspector. All planning calculations should then be based on the same unit (hours or working days).
(f) It is recommended to use a spreadsheet application to process data defined under (c) and (d), to assist in determining the total number of working hours / days per oversight planning cycle required for certification, oversight and enforcement activities. This application could also serve as a basis for implementing a system for planning the availability of personnel.
(g) For each type of organisation certified by the competent authority, FSTD qualification certificate holders and declared training organisations, the number of working hours/days per planning period for each qualified inspector that may be allocated for certification, oversight and enforcement activities should be determined, taking into account:
(1) purely administrative tasks not directly related to oversight and certification;
(2) training;
(3) participation in other projects;
(4) planned absence; and
(5) the need to include a reserve for unplanned tasks or unforeseeable events.
(h) The determination of working time available for certification, oversight and enforcement activities should also consider:
(1) the possible use of qualified entities; and
(2) possible cooperation with other competent authorities for approvals and declarations involving more than one Member State.
(i) Based on the elements listed above, the competent authority should be able to:
(1) monitor dates when audits and inspections are due and when they have been carried out;
(2) implement a system to plan the availability of personnel; and
(3) identify possible gaps between the number and qualification of personnel and the required volume of certification and oversight.
Care should be taken to keep planning data up-to-date in line with changes in the underlying planning assumptions, with particular focus on risk-based oversight principles.
GM2 ARA.GEN.200(a)(2) Management system
ED Decision 2017/022/R
(a) The content of the initial training programme for inspectors referred to in AMC2 ARA.GEN.200(a)(2) may be selected from the following documents, as relevant to the particular duties and responsibilities of the inspector:
(1) ICAO Annex 1 ‘Personnel Licensing’;
(2) ICAO Annex 19 ‘Safety Management’;
(3) ICAO Doc 9841 ‘Manual on the Approval of Flight Crew Training Organisations’;
(4) ICAO Doc 9868 ‘Procedures for Air Navigation Services – Training’;
(5) ICAO Doc 9859 ‘Safety Management Manual’;
(6) ICAO Doc 9379 ‘Manual of Procedures for Establishment and Management of a States Personnel Licensing System’;
(7) ICAO Doc 9625 ‘Manual of Criteria for the Qualification of Flight Simulation Training Devices’;
(8) ICAO Doc 9995 ‘Manual of Evidence-based Training’;
(9) ICAO Doc 10011 ‘Manual on Aeroplane Upset Prevention and Recovery Training’;
(10) ‘Airplane Upset Prevention and Recovery Training Aid’ (AUPRTA), Revision 3.
(b) A minimum of activities should be performed according to the initial training programme:
(1) observations; and
(2) inspections as a team member.
GM3 ARA.GEN.200(a)(2) Management system
ED Decision 2017/022/R
The meaning of ‘relevant ratings and certificates appropriate to the level of the training conducted’, as used in AMC2 ARA.GEN.200(a)(2), is explained below:
— the range of activities in an ATO may vary from instructions for the simple single-engined aircraft to type training for CS-25-certified multi-pilot aircraft;
— in the context of the general approval of the ATO, experience in similar types or classes of aircraft is acceptable;
— the inspector has the instructional experience in the same or similar types or the same class of aircraft intended to be flown within the ATO (e.g. a type rating to assess the type training programmes); and
— the experience in CS-25-certified multi-pilot aircraft will not, for example, equip the inspector to assess the training programme in an ATO operating only single-engine piston (SEP) (land) aircraft; similarly, experience as a PPL instructor will not necessarily equip the inspector to assess a type training course for a CS-25 aircraft; in both cases, additional appropriate training in the applicable environment is necessary.
AMC1 ARA.GEN.200(d) Management system
ED Decision 2018/009/R
PROCEDURES AVAILABLE TO THE AGENCY
(a) Copies of the procedures related to the competent authority’s management system and their amendments to be made available to the Agency for the purpose of standardisation should provide at least the following information:
(1) Regarding continuing oversight functions undertaken by the competent authority, the competent authority’s organisational structure with description of the main processes. This information should demonstrate the allocation of responsibilities within the competent authority, and that the competent authority is capable of carrying out the full range of tasks regarding the size and complexity of the Member State’s aviation industry. It should also consider overall proficiency and authorisation scope of competent authority personnel.
(2) For personnel involved in oversight activities, the minimum professional qualification requirements and experience and principles guiding appointment (e.g. assessment).
(3) How the following are carried out: assessing applications and evaluating compliance of applications and declarations, issue of certificates, performance of continuing oversight, follow-up of findings, enforcement measures and resolution of safety concerns.
(4) Principles of managing exemptions and derogations.
(5) Processes in place to disseminate applicable safety information for timely reaction to a safety problem.
(6) Criteria for planning continuing oversight (oversight programme), including adequate management of interfaces when conducting continuing oversight (air operations, flight crew licensing, continuing airworthiness management for example).
(7) Outline of the initial training of newly recruited oversight personnel (taking future activities into account), and the basic framework for continuation training of oversight personnel.
(b) As part of the continuous monitoring of a competent authority, the Agency may request details of the working methods used, in addition to the copy of the procedures of the competent authority’s management system (and amendments). These additional details are the procedures and related guidance material describing working methods for competent authority personnel conducting oversight.
(c) Information related to the competent authority’s management system may be submitted in electronic format.
ARA.GEN.205 Allocation of tasks to qualified entities
Regulation (EU) 2023/203
[applicable until 21 February 2026 — Regulation (EU) No 290/2012]
ARA.GEN.205 Allocation of tasks
[applicable from 22 February 2026 — Implementing Regulation (EU) 2023/203]
(a) Tasks related to the initial certification or continuing oversight of persons or organisations subject to Regulation (EC) No 216/2008 and its Implementing Rules shall be allocated by Member States only to qualified entities. When allocating tasks, the competent authority shall ensure that it has:
(1) a system in place to initially and continuously assess that the qualified entity complies with Annex V to Regulation (EC) No 216/2008.
This system and the results of the assessments shall be documented;
(2) established a documented agreement with a the qualified entity, approved by both parties at the appropriate management level, which clearly defines:
(i) the tasks to be performed;)
(ii) the declarations, reports and records to be provided;
(iii) the technical conditions to be met in performing such tasks;
(iv) the related liability coverage; and
(v) the protection given to information acquired in carrying out such tasks.
(b) The competent authority shall ensure that the internal audit process and a safety risk management process required by ARA.GEN.200(a)(4) cover all certification or continuing oversight tasks performed on its behalf.
(c) With regard to the certification and oversight of the organisation’s compliance with point ORA.GEN.200A, the competent authority may allocate tasks to qualified entities in accordance with point (a), or to any relevant authority responsible for information security or cybersecurity within the Member State. When allocating tasks, the competent authority shall ensure that:
(1) all aspects related to aviation safety are coordinated and taken into account by the qualified entity or relevant authority;
(2) the results of the certification and oversight activities performed by the qualified entity or relevant authority are integrated in the overall certification and oversight files of the organisation;
(3) its own information security management system established in accordance with point ARA.GEN.200(e) covers all the certification and continuing oversight tasks performed on its behalf.
[applicable from 22 February 2026 — Implementing Regulation (EU) 2023/203]
GM1 ARA.GEN.205 Allocation of tasks to qualified entities
ED Decision 2023/010/R
[applicable until 21 February 2026 — ED Decision 2012/006/R]
GM1 ARA.GEN.205 Allocation of tasks
[applicable from 22 February 2026 — ED Decision 2023/010/R]
CERTIFICATION TASKS
The tasks that may be performed by a qualified entity on behalf of the competent authority include those related to the initial certification and continuing oversight of persons and organisations as defined in this Regulation, with the exclusion of the issuance of certificates, licences, ratings or approvals.
ARA.GEN.210 Changes in the management system
Regulation (EU) No 1178/2011
(a) The competent authority shall have a system in place to identify changes that affect its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof. That system shall enable it to take action as appropriate to ensure that its management system remains adequate and effective.
(b) The competent authority shall update its management system to reflect any change to Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof in a timely manner, so as to ensure effective implementation.
(c) The competent authority shall notify the Agency of changes affecting its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof.
Regulation (EU) 2020/359
(a) The competent authority shall establish a system of record-keeping providing for adequate storage, accessibility and reliable traceability of:
(1) the management system’s documented policies and procedures;
(2) training, qualification and authorisation of its personnel;
(3) the allocation of tasks, covering the elements required by ARA.GEN.205 as well as the details of tasks allocated;
(4) certification and declaration processes as well as oversight of certified and declared organisations;
(5) processes for issuing personnel licences, ratings, certificates and attestations and for the continuing oversight of the holders of those licences, ratings, certificates and attestations;
(6) processes for issuing FSTD qualification certificates and for the continuing oversight of the FSTD and of the organisation operating it;
(7) oversight of persons and organisations exercising activities within the territory of the Member State, but overseen or certified by the competent authority of another Member State or the Agency, as agreed between these authorities;
(8) the evaluation and notification to the Agency of alternative means of compliance proposed by organisations and the assessment of alternative means of compliance used by the competent authority itself;
(9) findings, corrective actions and date of action closure;
(10) enforcement measures taken;
(11) safety information and follow-up measures;
(12) the use of flexibility provisions in accordance with Article 71 of Regulation (EU) 2018/1139; and
(13) the evaluation and authorisation process of aircraft laid down in points ORA.ATO.135 (a) and DTO.GEN.240 (a).
(b) The competent authority shall establish and keep up to date a list of all organisation certificates, FSTD qualification certificates and personnel licences, certificates and attestations it issued, DTO declarations it received, and the DTO training programmes it verified or approved for compliance with Annex I (Part-FCL), Annex III (Part-BFCL) to Commission Regulation (EU) 2018/395, or Annex III (Part-SFCL) to Commission Implementing Regulation (EU) 2018/1976.
(c) All records shall be kept for the minimum period specified in this Regulation. In the absence of such indication, records shall be kept for a minimum period of 5 years subject to applicable data protection law.
AMC1 ARA.GEN.220(a) Record-keeping
ED Decision 2012/006/R
GENERAL
(a) The record-keeping system should ensure that all records are accessible whenever needed within a reasonable time. These records should be organised in a way that ensures traceability and retrievability throughout the required retention period.
(b) Records should be kept in paper form or in electronic format or a combination of both media. Records stored on microfilm or optical disc form are also acceptable. The records should remain legible and accessible throughout the required retention period. The retention period starts when the record has been created.
(c) Paper systems should use robust material, which can withstand normal handling and filing. Computer systems should have at least one backup system, which should be updated within 24 hours of any new entry. Computer systems should include safeguards against unauthorised alteration of data.
(d) All computer hardware used to ensure data backup should be stored in a different location from that containing the working data and in an environment that ensures they remain in good condition. When hardware- or software-changes take place, special care should be taken that all necessary data continue to be accessible at least through the full period specified in the relevant Subpart or by default in ARA.GEN.220(c).
AMC1 ARA.GEN.220(a)(1);(2);(3) Record-keeping
ED Decision 2012/006/R
COMPETENT AUTHORITY MANAGEMENT SYSTEM
Records related to the competent authority’s management system should include, as a minimum and as applicable:
(a) the documented policies and procedures;
(b) the personnel files of competent authority personnel, with supporting documents related to training and qualifications;
(c) the results of the competent authority’s internal audit and safety risk management processes, including audit findings and corrective actions; and
(d) the contract(s) established with qualified entities performing certification or oversight tasks on behalf of the competent authority.
AMC1 ARA.GEN.220(a)(4) Record-keeping
ED Decision 2018/009/R
ORGANISATIONS
Records related to an organisation certified by, or having declared its activity to, the competent authority should include, as appropriate to the type of organisation:
(a) the application for an organisation approval or the declaration received;
(b) the documentation based on which the approval has been granted and any amendments to that documentation or, in the case of declared training organisations, the documentation required to be submitted with the declaration and any amendments thereto;
(c) the organisation approval certificate or any approval, including any changes;
(d) a copy of the continuing oversight programme listing the dates when audits or inspections are due and when such audits or inspections were carried out;
(e) continuing oversight records including all audit and inspection records;
(f) copies of all relevant correspondence;
(g) details of any exemption and enforcement actions;
(h) any report from other competent authorities relating to the oversight of the organisation; and
(i) a copy of any other document approved by the competent authority.
GM1 ARA.GEN.220(a)(4) Record-keeping
ED Decision 2018/009/R
CERTIFIED ORGANISATIONS - DOCUMENTATION
Documentation to be kept as records in support of the approval include the management system documentation, including any technical manuals, such as the operations manual, and training manual, that have been submitted with the initial application, and any amendments to these documents.
GM2 ARA.GEN.220(a)(4) Record-keeping
ED Decision 2018/009/R
DECLARED TRAINING ORGANISATIONS - DOCUMENTATION
Documents to be kept as records in support of the declaration process include the declaration form and all required attachments to it (training programmes) as well as any amendments to these documents.
AMC1 ARA.GEN.220(a)(5) Record-keeping
ED Decision 2018/011/R
PERSONS
Records related to personnel licences, certificates, ratings, authorisations or attestations issued by the competent authority should include, as a minimum:
(a) the application for a licence, certificate, rating, authorisation or attestation or change to a licence, certificate, rating, authorisation or attestation;
(b) documentation in support of the application for a licence, certificate, rating, authorisation or attestation or change to a licence, certificate, rating, authorisation or attestation, covering as applicable:
(1) the course Area 100 KSA assessment;
(2) theoretical examination(s);
(3) skill test(s);
(4) proficiency check(s); and
(5) certificates attesting required experience;
(c) a copy of the licence or certificate including any changes;
(d) all relevant correspondence or copies thereof;
(e) details of any exemption;
(f) details of any enforcement action(s); and
(g) any report from other competent authorities relating to personnel licences, certificates, ratings, authorisations or attestations issued by the competent authority.
AMC1 ARA.GEN.220(a)(7) Record-keeping
ED Decision 2018/009/R
ACTIVITIES PERFORMED IN THE TERRITORY OF A MEMBER STATE BY PERSONS OR ORGANISATIONS ESTABLISHED OR RESIDING IN ANOTHER MEMBER STATE
(a) Records related to the oversight of activities performed in the territory of a Member State by persons or organisations established or residing in another Member State should include, as a minimum:
(1) oversight records including all audit and inspection records and related correspondence;
(2) copies of all relevant correspondence to exchange information with other competent authorities relating to the oversight of such persons/organisations;
(3) details of any enforcement measures and penalties; and
(4) any report from other competent authorities relating to the oversight of these persons/organisations, including any notification of evidence showing non-compliance with the applicable requirements.
(b) Records should be kept by the competent authority having performed the audit or inspection and should be made available to other competent authorities at least in the following cases:
(1) serious incidents or accidents;
(2) findings through the oversight programme where organisations certified by, or having declared its activities to, another competent authority are involved to determine the root cause;
(3) an organisation being certified by, having approvals issued by, or having declared its activities to, competent authorities in several Member States.
(c) When records are requested by another competent authority, the reason for the request should be clearly stated.
(d) The records can be made available by sending a copy or by allowing access to them for consultation.
GM1 ARA.GEN.220 Record-keeping
ED Decision 2012/006/R
GENERAL
Records are required to document results achieved or to provide evidence of activities performed. Records become factual when recorded. Therefore, they are not subject to version control. Even when a new record is produced covering the same issue, the previous record remains valid.