ORA.GEN.105 Competent authority

Regulation (EU) No 1178/2011

(a) For the purpose of this Part, the competent authority exercising oversight over:

(1) organisations subject to a certification obligation shall be:

(i) for organisations having their principal place of business in a Member State, the authority designated by that Member State;

(ii) for organisations having their principal place of business located in a third country, the Agency;

(2) FSTDs shall be:

(i) the Agency, for FSTDs:

             located outside the territory of the Member States, or,

             located within the territory of the Member States and operated by organisations having their principal place of business located in a third country,

(ii) for FSTDs located within the territory of the Member States and operated by organisations having their principal place of business in a Member State, the authority designated by the Member State where the organisation operating it has its principle place of business, or the Agency, ifso requested by the Member State concerned.

(b) When the FSTD located outside the territory of the Member States is operated by an organisation certified by a Member State, the Agency shall qualify this FSTD in coordination with the Member State that has certified the organisation that operates such FSTD.

ORA.GEN.115 Application for an organisation certificate

Regulation (EU) No 1178/2011

(a) The application for an organisation certificate or an amendment to an existing certificate shall be made in a form and manner established by the competent authority,taking into account the applicable requirements of Regulation (EC) No 216/2008 and its Implementing Rules.

(b) Applicants for an initial certificate shall provide the competent authority with documentation demonstrating how they will comply with the requirements established in Regulation (EC) No 216/2008 and its Implementing Rules. Such documentation shall include a procedure describing how changes not requiring prior approval will be managed and notified to the competent authority.

ORA.GEN.120 Means of compliance

Regulation (EU) No 290/2012

(a) Alternative means of compliance to the AMC adopted by the Agency may be used by an organisation to establish compliance with Regulation (EC) No 216/2008 and its Implementing Rules.

(b) When an organisation wishes to use an alternative means of compliance, it shall, prior to implementing it, provide the competent authority with a full description of the alternative means of compliance. The description shall include any revisions to manuals or procedures that may be relevant, as well as an assessment demonstrating that Regulation (EC) No 216/2008 and its Implementing Rules are met.

The organisation may implement these alternative means of compliance subject to prior approval by the competent authority and upon receipt of the notification as prescribed in ARA.GEN.120(d).

DEMONSTRATION OF COMPLIANCE

In order to demonstrate that the Implementing Rules are met, a risk assessment should be completed and documented. The result of this risk assessment should demonstrate that an equivalent level of safety to that established by the Acceptable Means of Compliance (AMC) adopted by the Agency is reached.

ORA.GEN.125 Terms of approval and privileges of an organisation

Regulation (EU) No 1178/2011

A certified organisation shall comply with the scope and privileges defined in the terms of approval attached to the organisation’s certificate.

MANAGEMENT SYSTEM DOCUMENTATION

The management system documentation should contain the privileges and detailed scope of activities for which the organisation is certified, as relevant to the applicable requirements. The scope of activities defined in the management system documentation should be consistent with the terms of approval.

ORA.GEN.130 Changes to organisations

Regulation (EU) No 1178/2011

(a) Any change affecting:

(1) the scope of the certificate or the terms of approval of an organisation; or

(2) any of the elements of the organisation’s management system as required in ORA.GEN.200(a)(1) and (a)(2),

shall require prior approval by the competent authority.

(b) For any changes requiring prior approval in accordance with Regulation (EC) No 216/2008 and its Implementing Rules, the organisation shall apply for and obtain an approval issued by the competent authority. The application shall be submitted before any such change takes place, in order to enable the competent authority to determine continued compliance with Regulation (EC) No 216/2008 and its Implementing Rules and to amend, if necessary, the organisation certificate and related terms of approval attached to it.

The organisation shall provide the competent authority with any relevant documentation.

The change shall only be implemented upon receipt of formal approval by the competent authority in accordance with ARA.GEN.330.

The organisation shall operate under the conditions prescribed by the competent authority during such changes, as applicable.

(c) All changes not requiring prior approval shall be managed and notified to the competent authority as defined in the procedure approved by the competent authority in accordance with ARA.GEN.310(c).

APPLICATION TIME FRAMES

(a) The application for the amendment of an organisation certificate should be submitted at least 30 days before the date of the intended changes.

(b) In the case of a planned change of a nominated person, the organisation should inform the competent authority at least 10 days before the date of the proposed change.

(c) Unforeseen changes should be notified at the earliest opportunity, in order to enable the competent authority to determine continued compliance with the applicable requirements and to amend, if necessary, the organisation certificate and related terms of approval.

GENERAL

(a) Typical examples of changes requiring prior approval which may affect the certificate or the terms of approval are listed below:

(1) the name of the organisation;

(2) the organisation’s principal place of business;

(3) the organisation’s scope of activities;

(4) additional locations of the organisation;

(5) the accountable manager;

(6) any of the persons referred to in ORA.GEN.210(a) and (b);

(7) the organisation’s documentation as required by this Part, safety policy and procedures; 

(8) the facilities.

(b) Prior approval by the competent authority is required for any changes to the organisation’s procedure describing how changes not requiring prior approval will be managed and notified to the competent authority.

(c) Changes requiring prior approval may only be implemented upon receipt of formal approval by the competent authority.

CHANGE OF NAME OF THE ORGANISATION

A change of name requires the organisation to submit a new application as a matter of urgency.

Where this is the only change to report, the new application can be accompanied by a copy of the documentation previously submitted to the competent authority under the previous name, as a means of demonstrating how the organisation complies with the applicable requirements.

GENERAL

Typical examples of changes not requiring prior approval are to the following items:

(a) medical equipment (e.g. electrocardiograph (ECG), ophthalmoscope);

(b) flight simulation training device (FSTD) operator’s technical personnel;

(c) change in schedule of preventive maintenance; and

(d) list of instructors.

It is recommended that all information on changes not requiring prior approval be included as annexes to the approved training organisation (ATO)’s, FSTD operator’s, as well as aeromedical centre’s documentation

ORA.GEN.135 Continued validity

Regulation (EU) No 1178/2011

(a) The organisation’s certificate shall remain valid subject to:

(1) the organisation remaining in compliance with the relevant requirements of Regulation (EC) No 216/2008 and its Implementing Rules,taking into account the provisions related to the handling of findings as specified under ORA.GEN.150;

(2) the competent authority being granted access to the organisation as defined in ORA.GEN.140 to determine continued compliance with the relevant requirements of Regulation (EC) No 216/2008 and its Implementing Rules; and

(3) the certificate not being surrendered or revoked.

(b) Upon revocation or surrender the certificate shall be returned to the competent authority without delay.

ORA.GEN.140 Access

Regulation (EU) No 290/2012

For the purpose of determining compliance with the relevant requirements of Regulation (EC) No 216/2008 and its Implementing Rules, the organisation shall grant access to any facility, aircraft, document, records, data, procedures or any other material relevant to its activity subject to certification, whether it is contracted or not, to any person authorised by:

(a) the competent authority defined in ORA.GEN.105; or

(b) the authority acting under the provisions of ARA.GEN.300(d), ARA.GEN.300(e) or ARO.RAMP.

ORA.GEN.150 Findings

Regulation (EU) No 1178/2011

After receipt of notification of findings, the organisation shall:

(a) identify the root cause of the non-compliance;

(b) define a corrective action plan; and

(c) demonstrate corrective action implementation to the satisfaction of the competent authority within a period agreed with that authority as defined in ARA.GEN.350(d).

AMC1 ORA.GEN.150(b) Findings

ED Decision 2012/007/R

GENERAL

The corrective action plan defined by the organisation should address the effects of the non-conformity, as well as its root-cause.

GM1 ORA.GEN.150 Findings

ED Decision 2012/007/R

GENERAL

(a) Corrective action is the action to eliminate or mitigate the root cause(s) and prevent recurrence of an existing detected non-compliance or other undesirable condition or situation.

(b) Proper determination of the root cause is crucial for defining effective corrective actions.

ORA.GEN.155 Immediate reaction to a safety problem

Regulation (EU) No 1178/2011

The organisation shall implement:

(a) any safety measures mandated by the competent authority in accordance with ARA.GEN.135(c); and

(b) any relevant mandatory safety information issued by the Agency, including airworthiness directives.

ORA.GEN.160 Occurrence reporting

Regulation (EU) No 70/2014

(a) As part of its management system, the organisation shall establish and maintain an occurrence‑reporting system, including mandatory and voluntary reporting. For organisations having their principal place of business in a Member State, that system shall meet the requirements of Regulation (EU) No 376/2014 and Regulation (EU) 2018/1139 as well as the delegated and implementing acts adopted on the basis of those Regulations.

(b) The organisation shall report to the competent authority and, in case of aircraft not registered in a Member State, the State of Registry any safety-related event or condition that endangers or, if not corrected or addressed, could endanger an aircraft, its occupants or any other person, and in particular any accident or serious incident.

(c) Without prejudice to point (b), the organisation shall report to the competent authority and the design approval holder of the aircraft any incident, malfunction, technical defect, exceeding of technical limitations, occurrence that would highlight inaccurate, incomplete or ambiguous information, contained in data established in accordance with Regulation (EU) No 748/2012, or other irregular circumstance that has or may have endangered an aircraft, its occupants or any other person and has not resulted in an accident or serious incident.

(d) Without prejudice to Regulation (EU) No 376/2014 and the delegated and implementing acts adopted on the basis thereof, reports in accordance with point (c) shall:

(1) be made as soon as practicable, but in any case no later than 72 hours after the organisation has identified the event or condition to which the report relates unless exceptional circumstances prevent this;

(2) be made in a form and manner established by the competent authority, as defined in point ORA.GEN.105;

(3) contain all pertinent information about the condition known to the organisation.

(e) For organisations not having their principal place of business in a Member State:

(1) initial mandatory reports shall:

(i) appropriately safeguard the confidentiality of the identity of the reporter and of the persons mentioned in the report;

(ii) be made as soon as practicable, but in any case, no later than 72 hours after the organisation has become aware of the occurrence unless exceptional circumstances prevent this;

(iii) be made in a form and manner established by the Agency;

(iv) contain all pertinent information about the condition known to the organisation;

(2) where relevant, a follow-up report providing details of actions the organisation intends to take to prevent similar occurrences in the future shall be made as soon as those actions have been identified; those follow-up reports shall:

(i) be sent to relevant entities initially reported to in accordance with points (b) and (c);

(ii) be made in a form and manner established by the Agency.

AMC1 ORA.GEN.160 Occurrence reporting

ED Decision 2012/007/R

GENERAL

(a) The organisation should report all occurrences defined in AMC 20-8, and as required by the applicable national rules implementing Directive 2003/43/EC29 Directive 2003/42/EC of the European Parliament and of the Council of 13 June 2003 on occurrence reporting in civil aviation OJ L 167, 4.7.2003, p. 23-36. on occurrence reporting in civil aviation. 

(b) In addition to the reports required by AMC 20-8 and Directive 2003/43/EC, the organisation should report volcanic ash clouds encountered during flight.