Regulation (EU) 2020/2193
(a) The organisation shall establish, implement and maintain a management system that includes:
(1) clearly defined lines of responsibility and accountability throughout the organisation, including a direct safety accountability of the accountable manager;
(2) a description of the overall philosophies and principles of the organisation with regard to safety, referred to as the safety policy;
(3) the identification of aviation safety hazards entailed by the activities of the organisation, their evaluation and the management of associated risks, including taking actions to mitigate the risk and verify their effectiveness;
(4) maintaining personnel trained and competent to perform their tasks;
(5) documentation of all management system key processes, including a process for making personnel aware of their responsibilities and the procedure for amending this documentation;
(6) a function to monitor compliance of the organisation with the relevant requirements. Compliance monitoring shall include a feedback system of findings to the accountable manager to ensure effective implementation of corrective actions as necessary; and
(7) any additional relevant requirements prescribed in Regulation (EU) 2018/1139 and in Regulation (EU) No 376/2014 as well as in the delegated and implementing acts adopted on the basis thereof.
(b) The management system shall correspond to the size of the organisation and the nature and complexity of its activities,taking into account the hazards and associated risks inherent in these activities.
(c) Notwithstanding point (a), in an organisation providing training only for the LAPL, PPL, SPL or BPL and the associated ratings or certificates, safety risk management and compliance monitoring defined in points (a)(3) and (a)(6) may be accomplished by an organisational review, to be performed at least once every calendar year. The competent authority shall be notified about the results of this review by the organisation without undue delay.
AMC1 ORA.GEN.200(a)(1);(2);(3);(5) Management system
ED Decision 2012/007/R
NON-COMPLEX ORGANISATIONS - GENERAL
(a) Safety risk management may be performed using hazard checklists or similar risk management tools or processes, which are integrated into the activities of the organisation.
(b) The organisation should manage safety risks related to a change. The management of change should be a documented process to identify external and internal change that may have an adverse effect on safety. It should make use of the organisation’s existing hazard identification, risk assessment and mitigation processes.
(c) The organisation should identify a person who fulfils the role of safety manager and who is responsible for coordinating the safety management system. This person may be the accountable manager or a person with an operational role in the organisation.
(d) Within the organisation, responsibilities should be identified for hazard identification, risk assessment and mitigation.
(e) The safety policy should include a commitment to improve towards the highest safety standards, comply with all applicable legal requirements, meet all applicable standards, consider best practices and provide appropriate resources.
(f) The organisation should, in cooperation with other stakeholders, develop, coordinate and maintain an emergency response plan (ERP) that ensures orderly and safe transition from normal to emergency operations and return to normal operations. The ERP should provide the actions to be taken by the organisation or specified individuals in an emergency and reflect the size, nature and complexity of the activities performed by the organisation.
AMC1 ORA.GEN.200(a)(1) Management system
ED Decision 2012/007/R
COMPLEX ORGANISATIONS - ORGANISATION AND ACCOUNTABILITIES
The management system of an organisation should encompass safety by including a safety manager and a safety review board in the organisational structure.
(a) Safety manager
(1) The safety manager should act as the focal point and be responsible for the development, administration and maintenance of an effective safety management system.
(2) The functions of the safety manager should be to:
(i) facilitate hazard identification, risk analysis and management;
(ii) monitor the implementation of actions taken to mitigate risks, as listed in the safety action plan;
(iii) provide periodic reports on safety performance;
(iv) ensure maintenance of safety management documentation;
(v) ensure that there is safety management training available and that it meets acceptable standards;
(vi) provide advice on safety matters; and
(vii) ensure initiation and follow-up of internal occurrence / accident investigations.
(b) Safety review board
(1) The Safety review board should be a high level committee that considers matters of strategic safety in support of the accountable manager’s safety accountability.
(2) The board should be chaired by the accountable manager and be composed of heads of functional areas.
(3) The safety review board should monitor:
(i) safety performance against the safety policy and objectives;
(ii) that any safety action is taken in a timely manner; and
(iii) the effectiveness of the organisation’s safety management processes.
(c) The safety review board should ensure that appropriate resources are allocated to achieve the established safety performance.
(d) The safety manager or any other relevant person may attend, as appropriate, safety review board meetings. He/she may communicate to the accountable manager all information, as necessary, to allow decision making based on safety data.
GM1 ORA.GEN.200(a)(1) Management system
ED Decision 2012/007/R
SAFETY MANAGER
(a) Depending on the size of the organisation and the nature and complexity of its activities, the safety manager may be assisted by additional safety personnel for the performance of all safety management related tasks.
(b) Regardless of the organisational set-up it is important that the safety manager remains the unique focal point as regards the development, administration and maintenance of the organisation’s safety management system.
GM2 ORA.GEN.200(a)(1) Management system
ED Decision 2012/007/R
COMPLEX ORGANISATIONS - SAFETY ACTION GROUP
(a) A safety action group may be established as a standing group or as an ad-hoc group to assist or act on behalf of the safety review board.
(b) More than one safety action group may be established depending on the scope of the task and specific expertise required.
(c) The safety action group should report to and take strategic direction from the safety review board and should be comprised of managers, supervisors and personnel from operational areas.
(d) The safety action group should:
(1) monitor operational safety;
(2) resolve identified risks;
(3) assess the impact on safety of operational changes; and
(4) ensure that safety actions are implemented within agreed timescales.
(e) The safety action group should review the effectiveness of previous safety recommendations and safety promotion.
AMC1 ORA.GEN.200(a)(2) Management system
ED Decision 2012/007/R
COMPLEX ORGANISATIONS - SAFETY POLICY
(a) The safety policy should:
(1) be endorsed by the accountable manager;
(2) reflect organisational commitments regarding safety and its proactive and systematic management;
(3) be communicated, with visible endorsement, throughout the organisation; and
(4) include safety reporting principles.
(b) The safety policy should include a commitment:
(1) to improve towards the highest safety standards;
(2) to comply with all applicable legislation, meet all applicable standards and consider best practices;
(3) to provide appropriate resources;
(4) to enforce safety as one primary responsibility of all managers; and
(5) not to blame someone for reporting something which would not have been otherwise detected.
(c) Senior management should:
(1) continually promote the safety policy to all personnel and demonstrate their commitment to it;
(2) provide necessary human and financial resources for its implementation; and
(3) establish safety objectives and performance standards.
GM1 ORA.GEN.200(a)(2) Management system
ED Decision 2012/007/R
SAFETY POLICY
The safety policy is the means whereby the organisation states its intention to maintain and, where practicable, improve safety levels in all its activities and to minimise its contribution to the risk of an aircraft accident as far as is reasonably practicable.
The safety policy should state that the purpose of safety reporting and internal investigations is to improve safety, not to apportion blame to individuals.
AMC1 ORA.GEN.200(a)(3) Management system
ED Decision 2012/007/R
COMPLEX ORGANISATIONS - SAFETY RISK MANAGEMENT
(a) Hazard identification processes
(1) Reactive and proactive schemes for hazard identification should be the formal means of collecting, recording, analysing, acting on and generating feedback about hazards and the associated risks that affect the safety of the operational activities of the organisation.
(2) All reporting systems, including confidential reporting schemes, should include an effective feedback process.
(b) Risk assessment and mitigation processes
(1) A formal risk management process should be developed and maintained that ensures analysis (in terms of likelihood and severity of occurrence), assessment (in terms of tolerability) and control (in terms of mitigation) of risks to an acceptable level.
(2) The levels of management who have the authority to make decisions regarding the tolerability of safety risks, in accordance with (b)(1), should be specified.
(c) Internal safety investigation
(1) The scope of internal safety investigations should extend beyond the scope of occurrences required to be reported to the competent authority.
(d) Safety performance monitoring and measurement
(1) Safety performance monitoring and measurement should be the process by which the safety performance of the organisation is verified in comparison to the safety policy and objectives.
(2) This process should include:
(i) safety reporting;
(ii) safety studies, that is, rather large analyses encompassing broad safety concerns;
(iii) safety reviews including trends reviews, which would be conducted during introduction and deployment of new technologies, change or implementation of procedures, or in situations of structural change in operations;
(iv) safety audits focussing on the integrity of the organisation’s management system, and periodically assessing the status of safety risk controls; and
(v) safety surveys, examining particular elements or procedures of a specific operation, such as problem areas or bottlenecks in daily operations, perceptions and opinions of operational personnel and areas of dissent or confusion.
(e) The management of change
The organisation should manage safety risks related to a change. The management of change should be a documented process to identify external and internal change that may have an adverse effect on safety. It should make use of the organisation’s existing hazard identification, risk assessment and mitigation processes.
(f) Continuous improvement
The organisation should continuously seek to improve its safety performance. Continuous improvement should be achieved through:
(1) proactive and reactive evaluations of facilities, equipment, documentation and procedures through safety audits and surveys;
(2) proactive evaluation of individuals’ performance to verify the fulfilment of their safety responsibilities; and
(3) reactive evaluations in order to verify the effectiveness of the system for control and mitigation of risk.
(g) The emergency response plan (ERP)
(1) An ERP should be established that provides the actions to be taken by the organisation or specified individuals in an emergency. The ERP should reflect the size, nature and complexity of the activities performed by the organisation.
(2) The ERP should ensure:
(i) an orderly and safe transition from normal to emergency operations;
(ii) safe continuation of operations or return to normal operations as soon as practicable; and
(iii) coordination with the emergency response plans of other organisations, where appropriate.
GM1 ORA.GEN.200(a)(3) Management system
ED Decision 2012/007/R
INTERNAL OCCURRENCE REPORTING SCHEME
(a) The overall purpose of the scheme is to use reported information to improve the level of safety performance of the organisation and not to attribute blame.
(b) The objectives of the scheme are to:
(1) enable an assessment to be made of the safety implications of each relevant incident and accident, including previous similar occurrences, so that any necessary action can be initiated; and
(2) ensure that knowledge of relevant incidents and accidents is disseminated, so that other persons and organisations may learn from them.
(c) The scheme is an essential part of the overall monitoring function and it is complementary to the normal day-to-day procedures and ‘control’ systems and is not intended to duplicate or supersede any of them. The scheme is a tool to identify those instances where routine procedures have failed.
(d) All occurrence reports judged reportable by the person submitting the report should be retained as the significance of such reports may only become obvious at a later date.
GM3 ORA.GEN.200(a)(3) Management system
ED Decision 2013/008/R
APPROVED TRAINING ORGANISATIONS - RISK MANAGEMENT OF FLIGHT OPERATIONS WITH KNOWN OR FORECAST VOLCANIC ASH CONTAMINATION
(a) Responsibilities
The ATO is responsible for the safety of its operations, including within an area with known or forecast volcanic ash contamination.
The ATO should complete this assessment of safety risks related to known or forecast volcanic ash contamination as part of its management system before initiating operations into airspace forecast to be or aerodromes/operating sites known to be contaminated with volcanic ash.
This process is intended to ensure the ATO takes into account the likely accuracy and quality of the information sources it uses in its management system and to demonstrate its own competence and capability to interpret data from different sources in order to achieve the necessary level of data integrity reliably and correctly resolve any conflicts among data sources that may arise.
In order to decide whether or not to operate into airspace forecast to be or aerodromes/operating sites known to be contaminated with volcanic ash, the ATO should make use of the safety risk assessment within its management system as required by ORA.GEN.200.
The ATO’s safety risk assessment should take into account all relevant data including data from the type certificate holders (TCHs) regarding the susceptibility of the aircraft they operate to volcanic cloud-related airworthiness effects, the nature and severity of these effects and the related pre-flight, in-flight and post-flight precautions to be observed by the ATO.
The ATO should ensure that personnel required to be familiar with the details of the safety risk assessments receives all relevant information (both pre-flight and in-flight) in order to be in a position to apply appropriate mitigation measures as specified by the safety risk assessments.
(b) Procedures
The ATO should have documented procedures for the management of operations into airspace forecast to be or aerodromes/operating sites known to be contaminated with volcanic ash.
These procedures should ensure that, at all times, flight operations remain within the accepted safety boundaries as established through the management system allowing for any variations in information sources, equipment, operational experience or organisation. Procedures should include those for flight crew and any other relevant personnel such that they are in a position to evaluate correctly the risk of flights into airspace forecast to be contaminated by volcanic ash and to plan accordingly.
Continuing airworthiness personnel should be provided with procedures allowing them to correctly assess the need for and to execute relevant maintenance or continuing airworthiness interventions.
The ATO should retain sufficient qualified and competent staff to generate well supported operational risk management decisions and ensure that its staff are appropriately trained and current. It is recommended that the ATO make the necessary arrangements for its relevant staff to take up opportunities to be involved in volcanic ash exercises conducted in their areas of operation.
(c) Volcanic activity information and the ATO’s potential response
Before and during operations, information valuable to the ATO is generated by various volcano agencies worldwide. The ATO’s risk assessment and mitigating actions need to take account of and respond appropriately to the information likely to be available during each phase of the eruptive sequence from pre-eruption through to end of eruptive activity. It is nevertheless noted that eruptions rarely follow a deterministic pattern of behaviour. A typical ATO’s response may consist of the following:
(1) Pre-eruption
The ATO should have in place a robust mechanism for ensuring that it is constantly vigilant for any alerts of pre-eruption volcanic activity relevant to its operations. The staff involved need to understand the threat to safe operations that such alerts represent.
An ATO whose areas of activity include large, active volcanic areas for which immediate International Airways Volcano Watch (IAVW) alerts may not be available, should define its strategy for capturing information about increased volcanic activity before pre-eruption alerts are generated. For example, an ATO may combine elevated activity information with information concerning the profile and history of the volcano to determine an operating policy, which could include re-routing or restrictions at night. This would be useful when dealing with the 60% of volcanoes which are unmonitored.
Such an ATO should also ensure that its crews are aware that they may be the first to observe an eruption and so need to be vigilant and ready to ensure that this information is made available for wider dissemination as quickly as possible.
(2) Start of an eruption
Given the likely uncertainty regarding the status of the eruption during the early stages of an event and regarding the associated volcanic cloud, the ATO’s procedures should include a requirement for crews to initiate re-routes to avoid the affected airspace.
The ATO should ensure that flights are planned to remain clear of the affected areas and that consideration is given to available aerodromes/operating sites and fuel requirements.
It is expected that the following initial actions will be taken by the ATO:
(i) determine if any aircraft in flight could be affected, alert the crew and provide advice on re-routing as required;
(ii) alert management;
(iii) for flight departures, brief flight crew and revise flight and fuel planning in accordance with the safety risk assessment;
(iv) alert flight crew to the need for increased monitoring of information (e.g. special air report (AIREP), volcanic activity report (VAR), significant weather information (SIGMET), NOTAMs and company messages);
(v) initiate the gathering of all data relevant to determining the risk; and
(vi) apply mitigations identified in the safety risk assessment.
(3) On-going eruption
As the eruptive event develops, the ATO can expect the responsible Volcanic Ash Advisory Centre (VAAC) to provide volcanic ash advisory messages (VAA/VAGs) defining, as accurately as possible, the vertical and horizontal extent of areas and layers of volcanic clouds. As a minimum, the ATO should monitor, and take account of, this VAAC information as well as of relevant SIGMETs and NOTAMs.
Other sources of information are likely to be available such as VAR/AIREPs, satellite imagery and a range of other information from State and commercial organisations. The ATO should plan its operations in accordance with its safety risk assessment taking into account the information that it considers accurate and relevant from these additional sources.
The ATO should carefully consider and resolve differences or conflicts among the information sources, notably between published information and observations (pilot reports, airborne measurements, etc.).
Given the dynamic nature of the volcanic hazards, the ATO should ensure that the situation is monitored closely and operations adjusted to suit changing conditions.
The ATO should be aware that, depending on the State concerned the affected or danger areas may be established and presented in a different way than the one currently used in Europe as described in EUR Doc 019-NAT Doc 006.
The ATO should require reports from its crews concerning any encounters with volcanic emissions. These reports should be passed immediately to the appropriate air traffic services (ATS) unit and to the ATO’s competent authority.
For the purpose of flight planning, the ATO should treat the horizontal and vertical limits of the temporary danger area (TDA) or airspace forecast to be contaminated by volcanic ash as applicable, to be over-flown as it would mountainous terrain, modified in accordance with its safety risk assessment. The ATO should take account of the risk of cabin depressurisation or engine failure resulting in the inability to maintain level flight above a volcanic cloud. Additional minimum Equipment List (MEL) provisions, if applicable, should be considered in consultation with the TCHs.
Flying below a volcanic ash contaminated airspace should be considered on a case by case basis. It should only be planned to reach or leave an aerodrome/operating site close to the boundary of this airspace or where the ash contamination is very high and stable. The establishment of Minimum Sector Altitude (MSA) and the availability of aerodromes/operating sites should be considered.
(d) Safety risk assessment
When directed specifically at the issue of intended flight into airspace forecast to be or aerodromes/operating sites known to be contaminated with volcanic ash, the process should involve the following:
(1) Identifying the hazards
The generic hazard, in the context of this document, is airspace forecast to beor aerodromes/operating sites known to be contaminated with volcanic ash, and whose characteristics are harmful to the airworthiness and operation of the aircraft.
This GM is referring to volcanic ash contamination since it is the most significant hazard for flight operations in the context of a volcanic eruption. Nevertheless, it might not be the only hazard and therefore the operator should consider additional hazards which could have an adverse effect on aircraft structure or passengers safety such as gases.
Within this generic hazard, the ATO should develop its own list of specific hazards taking into account its specific aircraft, experience, knowledge and type of operation, and any other relevant data stemming from previous eruptions.
(2) Considering the severity and consequences of the hazard occurring (i.e. the nature and actual level of damage expected to be inflicted on the particular aircraft from exposure to that volcanic ash cloud).
(3) Evaluating the likelihood of encountering volcanic ash clouds with characteristics harmful to the safe operation of the aircraft.
For each specific hazard within the generic hazard, the likelihood of adverse consequences should be assessed, either qualitatively or quantitatively.
(4) Determining whether the consequent risk is acceptable and within the ATO’s risk performance criteria.
At this stage of the process, the safety risks should be classified as acceptable or unacceptable. The assessment of tolerability will be subjective, based on qualitative data and expert judgement, until specific quantitative data are available in respect of a range of parameters.
(5) Taking action to reduce the safety risk to a level that is acceptable to the ATO’s management.
Appropriate mitigation for each unacceptable risk identified should then be considered in order to reduce the risk to a level acceptable to the ATO’s management.
(e) Procedures to be considered when identifying possible mitigations actions
When conducting a volcanic ash safety risk assessment, the ATO should consider the following non-exhaustive list of procedures and processes as mitigation:
(1) Type certificate holders
Obtaining advice from the TCHs and other engineering sources concerning operations in potentially contaminated airspace and/or aerodromes/operating sites contaminated by volcanic ash.
This advice should set out:
(i) the features of the aircraft that are susceptible to airworthiness effects related to volcanic ash;
(ii) the nature and severity of these effects;
(iii) the effect of volcanic ash on operations to/from contaminated aerodromes/ operating sites, including the effect on take-off and landing aircraft performance;
(iv) the related pre-flight, in-flight and post-flight precautions to be observed by the ATO including any necessary amendments to aircraft operating manuals, aircraft maintenance manuals, master minimum equipment list/dispatch deviation or equivalents required to support the ATO; and
(v) the recommended inspections associated with inadvertent operations in volcanic ash contaminated airspace and operations to/from volcanic ash contaminated aerodromes/operating sites; this may take the form of instructions for continuing airworthiness or other advice.
(2) ATO/contracted organisations’ personnel
Definition of procedures for flight planning and operations ensuring that:
(i) flight crews are in a position to evaluate correctly the risk of encountering volcanic ash contaminated airspace, or aerodromes/operating sites, and can plan accordingly;
(ii) flight planning and operational procedures enable crews to avoid areas and aerodromes/operating sites with unacceptable volcanic ash contamination;
(iii) flight crew are aware of the possible signs of entry into a volcanic ash cloud and execute the associated procedures;
(iv) continuing airworthiness personnel are able to assess the need for, and to execute, any necessary maintenance or other required interventions; and
(v) crews are provided with appropriate aircraft performance data when operating to/from aerodromes/operating sites contaminated with volcanic ash.
(3) Provision of enhanced flight watch
This should ensure:
(i) close and continuous monitoring of VAA, VAR/AIREP, SIGMET, NOTAM and ASHTAM and other relevant information, and information from crews, concerning the volcanic ash cloud hazard;
(ii) access to plots of the affected areas from SIGMETs, NOTAMs and other relevant information for crews; and
(iii) communication of the latest information to crews in a timely fashion.
(4) Flight planning
Flexibility of the process to allow re-planning at short notice should conditions change.
(5) Departure, destination and alternate aerodromes
For the airspace to be traversed, or the aerodromes/operating sites in use, parameters to evaluate and take account of:
(i) the probability of contamination;
(ii) any additional aircraft performance requirements;
(iii) required maintenance considerations;
(iv) fuel requirements for re-routeing and extended holding.
(6) Routing policy
Parameters to evaluate and take account of:
(i) the shortest period in and over the forecast contaminated area;
(ii) the hazards associated with flying over the contaminated area;
(iii) drift down and emergency descent considerations;
(iv) the policy for flying below the contaminated airspace and the associated hazards.
(7) Diversion policy
Parameters to evaluate and take account of:
(i) maximum allowed distance from a suitable aerodrome/operating site;
(ii) availability of aerodromes/operating sites outside the forecast contaminated area;
(iii) diversion policy after an volcanic ash encounter.
(8) Minimum equipment list
Additional provisions in the MEL, if applicable, for dispatching aircraft with unserviceabilities that might affect the following non-exhaustive list of systems:
(i) air conditioning packs;
(ii) engine bleeds;
(iii) pressurisation system;
(iv) electrical power distribution system;
(v) air data system;
(vi) standby instruments;
(vii) navigation systems;
(viii) de-icing systems;
(ix) engine driven generators;
(x) auxiliary power unit (APU);
(xi) airborne collision avoidance system (ACAS);
(xii) terrain awareness warning system (TAWS);
(xiii) autoland systems;
(xiv) provision of crew oxygen;
(xv) supplemental oxygen for passengers.
(9) Standard operating procedures
Crew training to ensure they are familiar with normal and abnormal operating procedures and particularly any changes regarding but not limited to:
(i) pre-flight planning;
(ii) in-flight monitoring of volcanic ash cloud affected areas and avoidance procedures;
(iii) diversion;
(iv) communications with ATC;
(v) in-flight monitoring of engine and systems potentially affected by volcanic ash cloud contamination;
(vi) recognition and detection of volcanic ash clouds and reporting procedures;
(vii) in-flight indications of a volcanic ash cloud encounter;
(viii) procedures to be followed if a volcanic ash cloud is encountered;
(ix) unreliable or erroneous airspeed;
(x) non-normal procedures for engines and systems potentially affected by volcanic ash cloud contamination;
(xi) engine-out and engine relight;
(xii) escape routes; and
(xiii) operations to/from aerodromes/operating sites contaminated with volcanic ash.
(10) Provision for aircraft technical log
This should ensure:
(i) Systematic entry in the aircraft continuing airworthiness records or aircraft log if available related to any actual or suspected volcanic ash encounter whether in-flight or at an aerodrome/operating site; and
(ii) Checking, prior to flight, of the completion of maintenance actions related to an entry in the continuing airworthiness records or aircraft log if available for a volcanic ash cloud encounter on a previous flight.
(11) Incident reporting
Crew requirements for:
(i) reporting an airborne volcanic ash cloud encounter (VAR);
(ii) post-flight volcanic ash cloud reporting (VAR);
(iii) reporting non encounters in airspace forecast to be contaminated; and
(iv) filing a mandatory occurrence report in accordance with ORA.GEN.160.
(12) Continuing airworthiness procedures
Procedures when operating in or near areas of volcanic ash cloud contamination:
(i) enhancement of vigilance during inspections and regular maintenance and appropriate adjustments to maintenance practices;
(ii) definition of a follow-up procedure when a volcanic ash cloud encounter has been reported or suspected;
(iii) thorough investigation for any sign of unusual or accelerated abrasions or corrosion or of volcanic ash accumulation;
(iv) reporting to TCHs and the relevant authorities observations and experiences from operations in areas of volcanic ash cloud contamination;
(v) completion of any additional maintenance recommended by the TCH or by the competent authority.
(f) Reporting
The ATO should ensure that reports are immediately submitted to the nearest ATS unit using the VAR/AIREP procedures followed up by a more detailed VAR on landing together with, as applicable, a report as defined in Regulation (EU) No 996/2010 and Directive 2003/42/EC, and an aircraft technical log entry for:
(1) any incident related to volcanic clouds;
(2) any observation of volcanic ash activity and
(3) anytime that volcanic ash is not encountered in an area where it was forecast to be.
(g) Additional guidance
Further guidance on volcanic ash safety risk assessment is given in ICAO Doc. 9974 (Flight safety and volcanic ash – Risk management of flight operations with known or forecast volcanic ash contamination).
GM4 ORA.GEN.200(a)(3) Management system
ED Decision 2013/008/R
SAFETY RISK ASSESSMENT – RISK REGISTER
The results of the assessment of the potential adverse consequences or outcome of each hazard may be recorded by the ATO in a risk register, an example of which is provided below.
|
Hazard |
Incident Sequence Description |
Existing Controls |
Outcome |
Additional Mitigation required |
Outcome |
Actions and Owners |
Monitoring and Review Requirements |
|||||
|
No |
Description |
Severity |
Likelihood |
Risk |
Severity |
Likelihood |
Risk |
|||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AMC1 ORA.GEN.200(a)(4) Management system
ED Decision 2012/007/R
TRAINING AND COMMUNICATION ON SAFETY
(a) Training
(1) All personnel should receive safety training as appropriate for their safety responsibilities.
(2) Adequate records of all safety training provided should be kept.
(b) Communication
(1) The organisation should establish communication about safety matters that:
(i) ensures that all personnel are aware of the safety management activities as appropriate for their safety responsibilities;
(ii) conveys safety critical information, especially relating to assessed risks and analysed hazards;
(iii) explains why particular actions are taken; and
(iv) explains why safety procedures are introduced or changed.
(2) Regular meetings with personnel where information, actions and procedures are discussed may be used to communicate safety matters.
GM1 ORA.GEN.200(a)(4) Management system
ED Decision 2012/007/R
TRAINING AND COMMUNICATION ON SAFETY
The safety training programme may consist of self-instruction via a media (newsletters, flight safety magazines), class-room training, e-learning or similar training provided by training service providers.
AMC1 ORA.GEN.200(a)(5) Management system
ED Decision 2012/007/R
ORGANISATION’S MANAGEMENT SYSTEM DOCUMENTATION
(a) The organisation’s management system documentation should at least include the following information:
(1) a statement signed by the accountable manager to confirm that the organisation will continuously work in accordance with the applicable requirements and the organisation’s documentation as required by this Part;
(2) the organisation's scope of activities;
(3) the titles and names of persons referred to in ORA.GEN.210(a) and (b);
(4) an organisation chart showing the lines of responsibility between the persons referred to in ORA.GEN.210;
(5) a general description and location of the facilities referred to in ORA.GEN.215;
(6) procedures specifying how the organisation ensures compliance with the applicable requirements;
(7) the amendment procedure for the organisation’s management system documentation.
(b) The organisation’s management system documentation may be included in a separate manual or in (one of) the manual(s) as required by the applicable Subpart(s). A cross reference should be included.
GM1 ORA.GEN.200(a)(5) Management system
ED Decision 2012/007/R
ORGANISATION’S MANAGEMENT SYSTEM DOCUMENTATION
(a) It is not required to duplicate information in several manuals. The information may be contained in any of the organisation manuals (e.g. operations manual, training manual), which may also be combined.
(b) The organisation may also choose to document some of the information required to be documented in separate documents (e.g. procedures). In this case, it should ensure that manuals contain adequate references to any document kept separately. Any such documents are then to be considered an integral part of the organisation’s management system documentation.
AMC1 ORA.GEN.200(a)(5) Management system
ED Decision 2012/007/R
COMPLEX ORGANISATIONS – ORGANISATION’S SAFETY MANAGEMENT MANUAL
(a) The safety management manual (SMM) should be the key instrument for communicating the approach to safety for the whole of the organisation. The SMM should document all aspects of safety management, including the safety policy, objectives, procedures and individual safety responsibilities.
(b) The contents of the safety management manual should include all of the following:
(1) scope of the safety management system;
(2) safety policy and objectives;
(3) safety accountability of the accountable manager;
(4) safety responsibilities of key safety personnel;
(5) documentation control procedures;
(6) hazard identification and risk management schemes;
(7) safety action planning;
(8) safety performance monitoring;
(9) incident investigation and reporting;
(10) emergency response planning;
(11) management of change (including organisational changes with regard to safety responsibilities);
(12) safety promotion.
(c) The SMM may be contained in (one of) the manual(s) of the organisation.
AMC1 ORA.GEN.200(a)(6) Management system
ED Decision 2012/007/R
COMPLIANCE MONITORING - GENERAL
(1) Compliance monitoring
The implementation and use of a compliance monitoring function should enable the organisation to monitor compliance with the relevant requirements of this Part and other applicable Parts.
(1) The organisation should specify the basic structure of the compliance monitoring function applicable to the activities conducted.
(2) The compliance monitoring function should be structured according to the size of the organisation and the complexity of the activities to be monitored.
(2) Organisations should monitor compliance with the procedures they have designed to ensure safe activities. In doing so, they should as a minimum, and where appropriate, monitor:
(1) privileges of the organisation;
(2) manuals, logs, and records;
(3) training standards;
(4) management system procedures and manuals.
(3) Organisational set up
(1) To ensure that the organisation continues to meet the requirements of this Part and other applicable Parts, the accountable manager should designate a compliance monitoring manager. The role of the compliance monitoring manager is to ensure that the activities of the organisation are monitored for compliance with the applicable regulatory requirements , and any additional requirements as established by the organisation, and that these activities are being carried out properly under the supervision of the relevant head of functional area.
(2) The compliance monitoring manager should be responsible for ensuring that the compliance monitoring programme is properly implemented, maintained and continually reviewed and improved.
(3) The compliance monitoring manager should:
(i) have direct access to the accountable manager;
(ii) not be one of the other persons referred to in ORA.GEN.210(b);
(iii) be able to demonstrate relevant knowledge, background and appropriate experience related to the activities of the organisation; including knowledge and experience in compliance monitoring; and
(iv) have access to all parts of the organisation, and as necessary, any contracted organisation.
(4) In the case of a non-complex organisation, this task may be exercised by the accountable manager provided he/she has demonstrated having the related competence as defined in (c)(3)(iii).
(5) In the case the same person acts as compliance monitoring manager and as safety manager, the accountable manager, with regards to his/her direct accountability for safety, should ensure that sufficient resources are allocated to both functions, taking into account the size of the organisation and the nature and complexity of its activities.
(6) The independence of the compliance monitoring function should be established by ensuring that audits and inspections are carried out by personnel not responsible for the function, procedure or products being audited.
(4) Compliance monitoring documentation
(1) Relevant documentation should include the relevant part(s) of the organisation’s management system documentation.
(2) In addition, relevant documentation should also include the following:
(i) terminology;
(ii) specified activity standards;
(iii) a description of the organisation;
(iv) the allocation of duties and responsibilities;
(v) procedures to ensure regulatory compliance;
(vi) the compliance monitoring programme, reflecting:
(A) schedule of the monitoring programme;
(B) audit procedures;
(C) reporting procedures;
(D) follow-up and corrective action procedures; and
(E) recording system.
(vii) the training syllabus referred to in (e)(2);
(viii) document control.
(5) Training
(1) Correct and thorough training is essential to optimise compliance in every organisation. In order to achieve significant outcomes of such training, the organisation should ensure that all personnel understand the objectives as laid down in the organisation’s management system documentation.
(2) Those responsible for managing the compliance monitoring function should receive training on this task. Such training should cover the requirements of compliance monitoring, manuals and procedures related to the task, audit techniques, reporting and recording.
(3) Time should be provided to train all personnel involved in compliance management and for briefing the remainder of the personnel.
(4) The allocation of time and resources should be governed by the volume and complexity of the activities concerned.
GM1 ORA.GEN.200(a)(6) Management system
ED Decision 2012/007/R
COMPLIANCE MONITORING - GENERAL
(a) The organisational set-up of the compliance monitoring function should reflect the size of the organisation and the nature and complexity of its activities. The compliance monitoring manager may perform all audits and inspections himself/herself or appoint one or more auditors by choosing personnel having the related competence as defined in AMC1 ORA.GEN.200(a)(6) point (c)(3)(iii), either from within or outside the organisation.
(b) Regardless of the option chosen it must be ensured that the independence of the audit function is not affected, in particular in cases where those performing the audit or inspection are also responsible for other functions within the organisation.
(c) In case external personnel are used to perform compliance audits or inspections:
(1) any such audits or inspections are performed under the responsibility of the compliance monitoring manager; and
(2) the organisation remains responsible to ensure that the external personnel has relevant knowledge, background and experience as appropriate to the activities being audited or inspected; including knowledge and experience in compliance monitoring.
(d) The organisation retains the ultimate responsibility for the effectiveness of the compliance monitoring function in particular for the effective implementation and follow-up of all corrective actions.
GM2 ORA.GEN.200(a)(6) Management system
ED Decision 2012/007/R
COMPLEX ORGANISATIONS - COMPLIANCE MONITORING PROGRAMME FOR ATOs
(a) Typical subject areas for compliance monitoring audits and inspections for approved training organisations (ATOs) should be the following:
(1) facilities;
(2) actual flight and ground training;
(3) technical standards.
(b) ATOs should monitor compliance with the training and operations manuals they have designed to ensure safe and efficient training. In doing so, they should, where appropriate, additionally monitor the following:
(1) training procedures;
(2) flight safety;
(3) flight and duty time limitations, rest requirements and scheduling;
(4) aircraft maintenance/operations interface.
GM3 ORA.GEN.200(a)(6) Management system
ED Decision 2012/007/R
AUDIT AND INSPECTION
(a) ‘Audit’ means a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which requirements are complied with.
(b) ‘Inspection’ means an independent documented conformity evaluation by observation and judgement accompanied as appropriate by measurement, testing or gauging, in order to verify compliance with applicable requirements.
AMC1 ORA.GEN.200(b) Management system
ED Decision 2020/005/R
SIZE, NATURE AND COMPLEXITY OF THE ACTIVITY
(a) An organisation should be considered as complex when it has a workforce of more than 20 full time equivalents (FTEs) involved in the activity subject to Regulation (EC) No 216/200830 Regulation (EC) No 216/2008 of the European Parliament and of the Council of 20 February 2008 on common rules in the field of civil aviation and establishing a European Aviation Safety Agency, and repealing Council Directive 91/670/EEC, Regulation (EC) No 1592/2002 and Directive 2004/36/EC. OJ L 79, 19.3.2008, p. 1. and its Implementing Rules.
(b) Organisations with up to 20 full time equivalents (FTEs) involved in the activity subject to Regulation (EC) No 216/2008 and its Implementing Rules, may also be considered complex based on an assessment of the following factors:
(1) in terms of complexity, the extent and scope of contracted activities subject to the approval;
(2) in terms of risk criteria, whether any of the following are present:
(i) operations requiring the following specific approvals: performance based navigation (PBN), low visibility operation (LVO), extended range operations with two-engined aeroplanes (ETOPS), helicopter hoist operation (HHO), helicopter emergency medical service (HEMS), night vision imaging system (NVIS) and dangerous goods (DG);
(ii) different types of aircraft used;
(iii) the environment (offshore, mountainous area etc.);
(c) Regardless of the criteria mentioned in (a) and (b), the following organisations should always be considered as non-complex:
(1) Approved Training Organisations (ATOs) only providing training for the light aircraft pilot licence (LAPL), private pilot licence (PPL), sailplane pilot licence (SPL) or balloon pilot licence (BPL) and the associated ratings and certificates;
(2) Aero-Medical Centres (AeMCs).
(d) Regardless of the criteria mentioned in (a) and (b), the organisations that provide training in the following areas should always be considered as complex:
(1) full flight simulators (FFSs); or
(2) multi-pilot (MP) type rating; or
(3) zero-flight-time training (ZFTT); or
(4) complex aircraft; or
(5) different categories of aircraft; or
(6) instructor certificates for point (2) and (4) aircraft; or
(7) two or more aerodromes/operating sites.
AMC1 ORA.GEN.200(c) Management system
ED Decision 2015/011/R
ATOs PROVIDING TRAINING ONLY FOR THE LAPL, PPL, SPL AND BPL AND THE ASSOCIATED RATINGS OR CERTIFICATES – ORGANISATIONAL REVIEW
(a) The primary objective of the organisational review is to enable the organisation to ensure that its management system remains effective by verifying that it:
(1) has continually identified its aviation safety hazards;
(2) has effectively mitigated the associated risks; and
(3) monitors compliance with the applicable requirements.
(b) Safety risk management should:
(1) be performed using internal safety or occurrence reports, hazard checklists, risk registers or similar risk management tools or processes, integrated into the activities of the organisation;
(2) in particular address safety risks related to a change; making use of the existing hazard identification, risk assessment and mitigation tools or processes; and
(3) include provisions for emergency response or a formal Emergency Response Plan (ERP).
(c) As part of the management system documentation required by ORA.GEN.200(a)(5), the organisation should describe the organisational review programme and related responsibilities. Persons responsible for the organisational review should have a thorough knowledge of the applicable requirements and of the organisation’s procedures.
(d) The status of all corrective and risk mitigation actions should be monitored by the person responsible for the organisational review programme and implemented within a specified time frame. Action closure should be recorded by the person responsible for the organisational review programme, along with a summary of the action taken.
(e) The results of the organisational review, including all non-compliance findings and new risks identified during the review, should be presented to the accountable manager and the person or group of persons nominated in accordance with ORA.GEN.210(b) prior to notification to the competent authority. All level 1 findings in the sense of ARA.GEN.350 should be immediately notified to the competent authority and all necessary actions immediately taken.
(f) Based on the results of the organisational review, the accountable manager should determine the need for and initiate, as appropriate, further actions to address deficiencies in or further improve the organisation’s management system.
GM1 ORA.GEN.200(c) Management system
ED Decision 2015/011/R
ATOs PROVIDING TRAINING ONLY FOR THE LAPL, PPL, SPL OR BPL AND THE ASSOCIATED RATINGS OR CERTIFICATES – ORGANISATIONAL REVIEW PROGRAMME
(a) The organisational review programme may consist of:
(1) checklist(s) covering all items necessary to be addressed in order to ensure that the organisation identified its aviation safety hazards, effectively mitigates the associated risks and ensures effective compliance with the applicable requirements. These should address all procedures described in the management system documentation and training manual; and
(2) a schedule for the accomplishment of the different checklist items, with each item being checked at least once within any 12-month period. The organisation may choose to conduct one full review annually or to conduct several partial reviews.
(b) Performance of organisational reviews:
Each review item may be addressed using an appropriate combination of:
(1) review of training records, training documentation;
(2) review of internal safety reports (e.g. notified difficulties in using current procedures and training material, etc.);
(3) review of the risk register and hazard checklists, as applicable;
(4) sample check of training courses;
(5) witnessing of examinations, as appropriate;
(6) interview of the personnel involved; and
(7) review of the feedback provided by students and customers.
(c) It is recommended that internal safety reports and occurrence reports be reviewed on a continual basis with the aim of identifying possible corrective and risk mitigation actions.
GM2 ORA.GEN.200(c) Management system
ED Decision 2015/011/R
ATOs PROVIDING TRAINING ONLY FOR THE LAPL, PPL, SPL OR BPL AND THE ASSOCIATED RATINGS OR CERTIFICATES – ORGANISATIONAL REVIEW ITEMS
The following provides a list of typical items for an organisational review checklist, to be adapted as necessary to cover all relevant procedures described in the management system documentation and training manual:
(a) Terms of approval
Check that:
(1) no training has been performed outside the terms of approval;
(2) changes not requiring prior approval have been properly managed.
(b) Training syllabi and course material
Check that:
(1) training syllabi and course materials are in compliance with the applicable requirements, as last amended;
(2) training practices are in compliance with the documentation; and
(3) instructor training practices are standardised.
(c) Training equipment and tools
Check that all equipment and tools other than aircraft and FSTDs are present and meet the criteria defined in the training manual.
(d) Facilities
Check that the facilities meet the criteria defined in the training manual.
(e) Training aircraft and FSTDs
Check that the training aircraft and FSTDs meet the criteria defined in the training manual.
(f) Personnel
Check that:
(1) the current accountable manager and other nominated persons are correctly identified;
(2) the organisation chart accurately indicates lines of responsibility and accountability throughout the organisation;
(3) the organisation remains in compliance with the applicable requirements, in case the number of personnel has decreased or if the activity has increased;
(4) the qualification of all new personnel (or personnel with new functions) has been appropriately assessed;
(5) staff involved in any safety management-related processes and tasks has been properly trained; and
(6) staff has been trained, as necessary, to cover changes in regulations, in competent authority publications, in the organisation, its management system documentation and in associated procedures, etc.
(g) Contracted activities (In case the organisation has contracted activities):
(1) Check that new providers have been assessed prior to the establishment of any contract;
(2) For existing providers approved for such activities: check the authorisation and approval status of the contracted organisation; and
(3) For existing providers not approved for such activities: check that the service provided conforms to the applicable requirements of this Part.
(h) Training and communication on safety
Check that:
(1) all personnel are aware of safety management policies, processes and tasks;
(2) safety-related documentations and publications are available; and
(3) safety-critical information derived from internal safety or occurrence reporting and hazard identification have been timely communicated to all staff concerned.
(i) Management system documentation
Check that:
(1) the documentation is adequate and updated;
(2) staff are aware of the safety policy; and
(3) staff can easily access such documentation when needed.
(j) Record-keeping
Check that:
(1) the records cover all the training activities and management system processes; and
(2) minimum record-keeping periods (random checks) are complied with.
(k) Emergency response provisions or ERP
Check that:
(1) emergency response information is up to date and readily available; and
(2) all staff are aware of emergency response information or the ERP, as applicable (random checks).
(l) Internal safety or occurrence reporting procedures
(1) Check the number of reports received since the last review;
(2) Check that:
(i) internal reporting and external occurrence reporting are performed in accordance with reporting procedures;
(ii) the safety or occurrence reports are analysed; and
(iii) feedback is provided to reporters.
(m) Other risk management tools or processes implemented
(1) As applicable, check that:
(i) records of hazards and risks are assessed; in particular following analysis of safety or occurrence reports and when significant changes occur (regulations, personnel, training aircraft, training courses, etc.);
(ii) the risks are assessed and the risk mitigation actions followed up and recorded;
(iii) any risk that has been found acceptable is duly justified; and
(iv) the assumptions made for the risk assessment remain valid;
(2) Verify the effectiveness of all risk mitigation actions initiated since the last organisational review.
ORA.GEN.200A Information security management system
Regulation (EU) 2023/203
In addition to the management system referred to in point ORA.GEN.200, the organisation shall establish, implement and maintain an information security management system in accordance with Implementing Regulation (EU) 2023/203 in order to ensure the proper management of information security risks which may have an impact on aviation safety.
[applicable from 22 February 2026 — Implementing Regulation (EU) 2023/203]
ORA.GEN.205 Contracted activities
Regulation (EU) No 290/2012
(a) Contracted activities include all activities within the organisation’s scope of approval that are performed by another organisation either itself certified to carry out such activity or if not certified, working under the contracting organisation’s approval. The organisation shall ensure that when contracting or purchasing any part of its activity, the contracted or purchased service or product conforms to the applicable requirements.
(b) When the certified organisation contracts any part of its activity to an organisation that is not itself certified in accordance with this Part to carry out such activity, the contracted organisation shall work under the approval of the contracting organisation. The contracting organisation shall ensure that the competent authority is given access to the contracted organisation, to determine continued compliance with the applicable requirements.
AMC1 ORA.GEN.205 Contracted activities
ED Decision 2012/007/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
(a) The organisation may decide to contract certain activities to external organisations.
(b) A written agreement should exist between the organisation and the contracted organisation clearly defining the contracted activities and the applicable requirements.
(c) The contracted safety related activities relevant to the agreement should be included in the organisation's safety management and compliance monitoring programmes.
(d) The organisation should ensure that the contracted organisation has the necessary authorisation or approval when required, and commands the resources and competence to undertake the task.
GM1 ORA.GEN.205 Contracted activities
ED Decision 2012/007/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
(a) Regardless of the approval status of the contracted organisation, the contracting organisation is responsible to ensure that all contracted activities are subject to hazard identification and risk management as required by ORA.GEN.200(a)(3) and to compliance monitoring as required by ORA.GEN.200(a)(6).
(b) When the contracted organisation is itself certified to carry out the contracted activities, the organisation’s compliance monitoring should at least check that the approval effectively covers the contracted activities and that it is still valid.
(c) If the organisation requires the contracted organisation to conduct an activity which exceeds the contracted organisation’s terms of approval, this will be considered as the contracted organisation working under the approval of the contracting organisation.
ORA.GEN.210 Personnel requirements
Regulation (EU) No 290/2012
(a) The organisation shall appoint an accountable manager, who has the authority for ensuring that all activities can be financed and carried out in accordance with the applicable requirements. The accountable manager shall be responsible for establishing and maintaining an effective management system.
(b) A person or group of persons shall be nominated by the organisation, with the responsibility of ensuring that the organisation remains in compliance with the applicable requirements. Such person(s) shall be ultimately responsible to the accountable manager.
(c) The organisation shall havesufficient qualified personnel for the planned tasks and activities to be performed in accordance with the applicable requirements.
(d) The organisation shall maintain appropriate experience, qualification and training records to show compliance with paragraph (c).
(e) The organisation shall ensure that all personnel are aware of the rules and procedures relevant to the exercise of their duties.
ORA.GEN.215 Facility requirements
Regulation (EU) No 1178/2011
The organisation shall have facilities allowing the performance and management of all planned tasks and activities in accordance with the applicable requirements.
AMC1 ORA.GEN.215 Facility requirements
ED Decision 2012/007/R
ATOs PROVIDING TRAINING FOR the CPL, MPL AND ATPL AND THE ASSOCIATED RATINGS AND CERTIFICATES
(a) For ATOs providing flight training, the following flight operations accommodation should be available:
(1) an operations room with facilities to control flying operations;
(2) a flight planning room with the following facilities:
(i) appropriate current maps and charts;
(ii) current aeronautical information service (AIS) information;
(iii) current meteorological information;
(iv) communications to air traffic control (ATC) and the operations room;
(v) any other flight safety related material.
(3) adequate briefing rooms/cubicles of sufficient size and number;
(4) suitable offices for the supervisory personnel and room(s) to allow flight instructors to write reports on students, complete records and other related documentation;
(5) furnished crew-room(s) for instructors and students.
(b) For ATOs providing theoretical knowledge training, the following facilities for theoretical knowledge instruction should be available:
(1) adequate classroom accommodation for the current student population;
(2) suitable demonstration equipment to support the theoretical knowledge instruction;
(3) a radiotelephony training and testing facility;
(4) a reference library containing publications giving coverage of the syllabus;
(5) offices for the instructional personnel.
AMC2 ORA.GEN.215 Facility requirements
ED Decision 2012/007/R
ATOs PROVIDING TRAINING FOR THE LAPL, PPL, SPL OR BPL AND THE ASSOCIATED RATINGS AND CERTIFICATES
(a) The following flight operations accommodation should be available:
(1) a flight planning room with the following facilities:
(i) appropriate current aviation maps and charts;
(ii) current AIS information;
(iii) current meteorological information;
(iv) communications to ATC (if applicable);
(v) any other flight safety related material.
(2) adequate briefing room(s)/cubicles of sufficient size and number;
(3) suitable office(s) to allow flight instructors to write reports on students, complete records and other related documentation;
(4) suitable rest areas for instructors and students, where appropriate to the training task;
(5) in the case of ATOs providing training for the BPL or LAPL(B) only, the flight operations accommodation listed in (a)(1) to (a)(4) may be replaced by other suitable facilities when operating outside aerodromes.
(b) The following facilities for theoretical knowledge instruction should be available:
(1) adequate classroom accommodation for the current student population;
(2) suitable demonstration equipment to support the theoretical knowledge instruction;
(3) suitable office(s) for the instructional personnel.
(c) A single room may be sufficient to provide the functions listed in (a) and (b).
Regulation (EU) No 1178/2011
(a) The organisation shall establish a system of record–keeping that allows adequate storage and reliable traceability of all activities developed, coveringin particular all the elements indicated in ORA.GEN.200.
(b) The format of the records shall be specified in the organisation’s procedures.
(c) Records shall be stored in a manner that ensures protection from damage, alteration and theft.
AMC1 ORA.GEN.220(b) Record-keeping
ED Decision 2012/007/R
GENERAL
(a) The record-keeping system should ensure that all records are accessible whenever needed within a reasonable time. These records should be organised in a way that ensures traceability and retrievability throughout the required retention period.
(b) Records should be kept in paper form or in electronic format or a combination of both. Records stored on microfilm or optical disc format are also acceptable. The records should remain legible throughout the required retention period. The retention period starts when the record has been created or last amended.
(c) Paper systems should use robust material which can withstand normal handling and filing. Computer systems should have at least one backup system which should be updated within 24 hours of any new entry. Computer systems should include safeguards against the ability of unauthorised personnel to alter the data.
(d) All computer hardware used to ensure data backup should be stored in a different location from that containing the working data and in an environment that ensures they remain in good condition. When hardware or software changes take place, special care should be taken that all necessary data continues to be accessible at least through the full period specified in the relevant Subpart. In the absence of such indication, all records should be kept for a minimum period of 5 years.
GM1 ORA.GEN.220(b) Record-keeping
ED Decision 2012/007/R
RECORDS
Microfilming or optical storage of records may be carried out at any time. The records should be as legible as the original record and remain so for the required retention period.