Regulation (EU) 2019/1383
This Section establishes the administrative and management system requirements to be followed by the competent authority in charge of the implementation and enforcement of Section A of this Annex.
CAMO.B.115 Oversight documentation
Regulation (EU) 2019/1383
The competent authority shall provide all legislative acts, standards, rules, technical publications, and related documents to relevant personnel in order to allow them to perform their tasks and to discharge their responsibilities.
CAMO.B.120 Means of compliance
Regulation (EU) 2019/1383
(a) The Agency shall develop Acceptable Means of Compliance (‘AMC’) that may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts.
(b) Alternative means of compliance may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts
(c) The competent authority shall establish a system to consistently evaluate that all alternative means of compliance used by itself or by organisations under its oversight allow for the establishment of compliance with Regulation (EU) No 2018/1139 and its delegated and implementing acts.
(d) The competent authority shall evaluate all alternative means of compliance proposed by an organisation in accordance with point CAMO.A.120 by analysing the documentation provided and, if considered necessary, conducting an inspection of the organisation.
When the competent authority finds that the alternative means of compliance are in accordance with Regulation (EU) 2018/1139 and its delegated and implementing acts, it shall without undue delay:
(1) notify the applicant that the alternative means of compliance may be implemented and, if applicable, amend the approval or certificate of the applicant accordingly;
(2) notify the Agency of their content, including copies of all relevant documentation.
(e) When the competent authority itself uses alternative means of compliance to achieve compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts it shall:
(1) make them available to all organisations and persons under its oversight;
(2) without undue delay notify the Agency.
The competent authority shall provide the Agency with a full description of the alternative means of compliance, including any revisions to procedures that may be relevant, as well as an assessment demonstrating that they comply with Regulation (EU) 2018/1139 and its delegated and implementing acts.
GM1 CAMO.B.120 Means of compliance
ED Decision 2020/002/R
ALTERNATIVE MEANS OF COMPLIANCE
Alternative means of compliance that are used by a competent authority, or by a CAMO under its oversight, may be used by other competent authorities or another CAMO only if they are processed again in accordance with points CAMO.B.120(d) and (e).
CAMO.B.125 Information to the Agency
Regulation (EU) 2019/1383
(a) The competent authority shall, without undue delay, notify the Agency in case of any significant problems with the application of Regulation (EU) 2018/1139 and its delegated and implementing acts.
(b) The competent authority shall provide the Agency with safety-significant information stemming from the occurrence reports it has received pursuant to point CAMO.A.160.
AMC1 CAMO.B.125(b) Information to the Agency
ED Decision 2020/002/R
EXCHANGE OF SAFETY-SIGNIFICANT INFORMATION WITH THE AGENCY
Each competent authority should appoint a coordinator to act as the contact point for the exchange of safety-significant information between the competent authority and the Agency.
GM1 CAMO.B.125(b) Information to the Agency
ED Decision 2020/002/R
MEANING OF ‘SAFETY-SIGNIFICANT INFORMATION STEMMING FROM OCCURRENCE REPORTS’
‘Safety-significant information stemming from occurrence reports’ means:
(a) a conclusive safety analysis which summarises individual occurrence data and provides an in-depth analysis of a safety issue, and which may be relevant for the Agency’s safety action planning; and
(b) individual occurrence data for the cases where the Agency is the competent authority and which fulfils the reporting criteria of GM3 CAMO.B.125(b).
GM2 CAMO.B.125(b) Information to the Agency
ED Decision 2020/002/R
RECOMMENDED CONTENT FOR CONCLUSIVE SAFETY ANALYSES
A conclusive safety analysis should contain the following:
(a) a detailed description of the safety issue, including the scenario in which the safety issue takes place; and
(b) an indication of the stakeholders affected by the safety issue, including types of operations and organisations;
and, as appropriate:
(c) a risk assessment establishing the severity and probability of all the possible consequences of the safety issue;
(d) information about the existing safety barriers that the aviation system has in place to prevent the likely safety issue consequences from occurring;
(e) any mitigating actions already in place or developed to deal with the safety issue;
(f) recommendations for future actions to control the risk; and
(g) any other element the competent authority considers essential for the Agency to properly assess the safety issue.
GM3 CAMO.B.125(b) Information to the Agency
ED Decision 2020/002/R
OCCURRENCES WHERE THE AGENCY IS THE COMPETENT AUTHORITY
Occurrences related to organisations or products, certified by the Agency, should be notified to the Agency if:
(a) the occurrence is defined as a reportable occurrence in accordance with the applicable regulation;
(b) the organisation responsible for addressing the occurrence is certified by the Agency; and
(c) the Member State competent authority has come to the conclusion that:
(1) the organisation certified by the Agency to which the occurrence relates has not been informed of the occurrence; or
(2) the occurrence has not been properly addressed or has been left unattended by the organisation certified by the Agency.
Such occurrence data should be reported in a format compatible with the European Coordination Centre for Accident and Incident Reporting Systems (ECCAIRS) and should provide all relevant information for its assessment and analysis, including necessary additional files in the form of attachments.
CAMO.B.135 Immediate reaction to a safety problem
Regulation (EU) 2019/1383
(a) Without prejudice to Regulation (EU) No 376/2014 and Implementing Regulation (EU) 2015/101844 Regulation (EU) 2015/1018 of 29 June 2015 laying down a list classifying occurrences in civil aviation to be mandatorily reported according to Regulation (EU) No 376/2014 of the European Parliament and of the Council (OJ L 163, 30.6.2015, p. 1)., the competent authority shall implement a system to appropriately collect, analyse, and disseminate safety information.
(b) The Agency shall implement a system to appropriately analyse any relevant safety information received, and without undue delay provide to Member States and the Commission any information, including recommendations or corrective actions to be taken, necessary for them to react in a timely manner to a safety problem involving products, parts, appliances, persons or organisations subject to Regulation (EU) 2018/1139 and its delegated and implementing acts.
(c) Upon receiving the information referred to in points (a) and (b), the competent authority shall take adequate measures to address the safety problem.
(d) Measures taken under point (c) shall immediately be notified to all persons or organisations which need to comply with them under Regulation (EU) 2018/1139 and its delegated and implementing acts. The competent authority shall also notify those measures to the Agency and, when combined action is required, the other Member States concerned.
Regulation (EU) 2019/1383
(a) The competent authority shall establish and maintain a management system, including as a minimum:
(1) documented policies and procedures to describe its organisation, means and methods to comply with Regulation (EU) 2018/1139 and its delegated and implementing acts. The procedures shall be kept up to date, and serve as the basic working documents within that competent authority for all related tasks;
(2) a sufficient number of personnel to perform its tasks and discharge its responsibilities. A system shall be in place to plan the availability of personnel, in order to ensure the proper completion of all tasks;
(3) personnel qualified to perform their allocated tasks and have the necessary knowledge, experience, initial and recurrent training to ensure continuing competency;
(4) adequate facilities and office accommodation to perform the allocated tasks;
(5) a function to monitor compliance of the management system with the relevant requirements and adequacy of the procedures including the establishment of an internal audit process and a safety risk management process. Compliance monitoring shall include a feedback system of audit findings to the senior management of the competent authority to ensure implementation of corrective actions as necessary;
(6) a person or group of persons ultimately responsible to the senior management of the competent authority for the compliance monitoring function.
(b) The competent authority shall, for each field of activity, including management system, appoint one or more persons with the overall responsibility for the management of the relevant task(s).
(c) The competent authority shall establish procedures for participation in a mutual exchange of all necessary information and assistance with other competent authorities concerned, including all findings raised and follow-up actions taken as a result of oversight of persons and organisations exercising activities in the territory of a Member State, but certified by the competent authority of another Member State or the Agency.
(d) A copy of the procedures related to the management system and their amendments shall be made available to the Agency for the purpose of standardisation and to the organisations subject to this Regulation, if so requested.
AMC1 CAMO.B.200 Management system
ED Decision 2020/002/R
(a) In deciding upon the required organisational structure, the competent authority should review:
(1) the number of certificates to be issued, and the number and size of the potential CAMOs within that Member State;
(2) the possible use of qualified entities and of the resources of the competent authorities of other Member States to fulfil the continuing oversight obligations;
(3) the level of civil aviation activity, number and complexity of aircraft and the size of the Member State’s aviation industry; and
(4) the potential growth of activities in the field of civil aviation.
(b) The competent authority should retain effective control of important surveillance functions and should not delegate them in such a way that CAMOs, in effect, regulate themselves in airworthiness matters.
(c) The set-up of the organisational structure should ensure that the various tasks and obligations of the competent authority do not solely rely on individuals. The continuous and undisturbed fulfilment of these tasks and obligations of the competent authority should also be guaranteed in case of illness, accident or leave of individual employees.
AMC2 CAMO.B.200 Management system
ED Decision 2020/002/R
(a) The competent authority designated by each Member State should be organised in such a way that:
(1) there is specific and effective management authority in the conduct of all the relevant activities;
(2) the functions and processes described in the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, AMC, Certification Specifications (CSs), and Guidance Material (GM) may be properly implemented;
(3) the competent authority’s organisation and operating procedures for the implementation of the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts are properly documented and applied;
(4) all the competent authority’s personnel who are involved in the related activities are provided with training where necessary;
(5) specific and effective provision is made for communicating and interfacing as necessary with EASA and the competent authorities of other Member States; and
(6) all the functions related to implementing the applicable requirements are adequately described.
(b) A general policy in respect of the activities related to the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts should be developed, promoted, and implemented by the manager at the highest appropriate level; for example, the manager at the top of the functional area of the competent authority that is responsible for such activities.
(c) Appropriate steps should be taken to ensure that the policy is known and understood by all the personnel involved, and all the necessary steps should be taken to implement and maintain the policy.
(d) The general policy, whilst also satisfying the additional national regulatory responsibilities, should, in particular, take into account:
(1) the provisions of Regulation (EU) 2018/1139;
(2) the provisions of the applicable implementing rules and their AMC, CSs, and GM;
(3) the needs of industry; and
(4) the needs of EASA and of the competent authority.
(e) The policy should define specific objectives for the key elements of the organisation and processes for implementing the related activities, including the corresponding control procedures and the measurement of the achieved standard.
AMC1 CAMO.B.200(a)(1) Management system
ED Decision 2020/002/R
DOCUMENTED POLICIES AND PROCEDURES
(a) The various elements of the organisation involved with the activities related to Regulation (EU) 2018/1139 and its delegated and implementing acts should be documented in order to establish a reference source for the establishment and maintenance of this organisation.
(b) The documented procedures should be established in a way that facilitates their use. They should be clearly identified, kept up to date, and made readily available to all the personnel who are involved in the related activities.
(c) The documented procedures should cover, as a minimum, all of the following aspects:
(1) policy and objectives;
(2) organisational structure;
(3) responsibilities and associated authority;
(4) procedures and processes;
(5) internal and external interfaces;
(6) internal control procedures;
(7) the training of personnel;
(8) cross-references to associated documents;
(9) assistance from other competent authorities or EASA (where required).
(d) It is likely that the information may be held in more than one document or series of documents, and suitable cross-referencing should be provided. For example, the organisational structure and job descriptions are not usually in the same documentation as the detailed working procedures. In such cases, it is recommended that the documented procedures should include an index of cross references to all such other related information, and the related documentation should be readily available when required.
GM1 CAMO.B.200(a)(2) Management system
ED Decision 2020/002/R
(a) This GM on the determination of the required personnel is limited to the performance of certification and oversight tasks, excluding any personnel who are required to perform tasks that are subject to any national regulatory requirements.
(b) The elements to be considered when determining who are the required personnel and planning their availability may be divided into quantitative and qualitative elements:
(1) Quantitative elements:
(i) the estimated number of initial certificates to be issued;
(ii) the number of organisations to be certified by the competent authority; and
(iii) the estimated number of subcontracted organisations used by certified organisations.
(2) Qualitative elements:
(i) the size, nature, and complexity of the activities of certified organisations, taking into account:
(A) the privileges of each organisation;
(B) the types of approval and the scope of approval;
(C) possible certification to industry standards;
(D) the number of personnel; and
(E) the organisational structure and the existence of subsidiaries;
(ii) the safety priorities identified;
(iii) the results of past oversight activities, including audits, inspections and reviews, in terms of risks and regulatory compliance, taking into account:
(A) the number and the level of findings;
(B) the time frame for implementation of corrective actions; and
(C) the maturity of the management systems implemented by organisations, and their ability to effectively manage safety risks; and
(iv) the size and complexity of the Member State’s aviation industry, and the potential growth of activities in the field of civil aviation, which may be an indication of the number of new applications and changes to existing certificates to be expected.
(c) Based on the existing data from previous oversight planning cycles, and taking into account the situation within the Member State’s aviation industry, the competent authority may estimate:
(1) the standard working time required for processing applications for new certificates;
(2) the number of new certificates to be issued for each planning period; and
(3) the number of changes to existing certificates to be processed for each planning period.
(d) In line with the competent authority’s oversight policy, the following planning data should be determined:
(1) the standard number of audits to be performed per oversight planning cycle;
(2) the standard duration of each audit;
(3) the standard working time for audit preparation, on-site audit, reporting, and follow-up, per inspector;
(4) the standard number of unannounced inspections to be performed;
(5) the standard duration of inspections, including preparation, reporting, and follow-up, per inspector; and
(6) the minimum number and the required qualification of the inspectors for each audit/inspection.
(e) The standard working time could be expressed either in working hours per inspector, or in working days per inspector. All planning calculations should then be based on the same unit (hours or working days).
(f) It is recommended that the competent authority use a spreadsheet application to process the data defined under (c) and (d), to assist in determining the total number of working hours/days per oversight planning cycle required for certification, oversight and enforcement activities. This application could also serve as a basis for implementing a system for planning the availability of personnel.
(g) The number of working hours/days per planning period for each qualified inspector that may be allocated for certification, oversight and enforcement activities should be determined, taking into account:
(1) purely administrative tasks that are not directly related to certification and oversight;
(2) training;
(3) participation in other projects;
(4) planned absence; and
(5) the need to include a reserve for unplanned tasks or unforeseeable events.
(h) The determination of the working time available for certification, oversight and enforcement activities should also consider, as applicable:
(1) the use of qualified entities;
(2) cooperation with other competent authorities for approvals that involve more than one Member State; and
(3) oversight activities under a bilateral aviation safety agreement.
(i) Based on the elements listed above, the competent authority should be able to:
(1) monitor the dates when audits and inspections are due, and when they were carried out;
(2) implement a system to plan the availability of personnel; and
(3) identify possible gaps between the number and qualification of personnel and the required volume of certification and oversight.
Care should be taken to keep planning data up to date in line with changes in the underlying planning assumptions, with particular focus on risk-based oversight principles.
AMC1 CAMO.B.200(a)(3) Management system
ED Decision 2020/002/R
QUALIFICATION AND TRAINING — GENERAL
(a) It is essential for the competent authority to have the full capability to adequately assess the compliance and performance of an organisation by ensuring that the whole range of activities is assessed by appropriately qualified personnel.
(b) For each inspector, the competent authority should:
(1) define the competencies required to perform the allocated certification and oversight tasks;
(2) define the associated minimum qualifications that are required;
(3) establish initial and recurrent training programmes in order to maintain and to enhance the competency of inspectors at the level that is necessary to perform the allocated tasks; and
(4) ensure that the training provided meets the established standards, and is regularly reviewed and updated whenever necessary.
(c) The competent authority may provide training through its own training organisation with qualified trainers, or through another qualified training source.
(d) If training is not provided through an internal training organisation, adequately experienced and qualified persons may act as trainers, provided that their training skills have been assessed. If required, an individual training plan should be established that covers specific training skills. Records should be kept of such training, and of the assessment, as appropriate.
AMC2 CAMO.B.200(a)(3) Management system
ED Decision 2020/002/R
QUALIFICATION AND TRAINING — INSPECTORS
(a) Competent authority inspectors should have:
(1) practical experience and expertise in the application of aviation safety standards and safe operating practices;
(2) comprehensive knowledge of:
(a) the relevant parts of the implementing rules, certification specifications and guidance material;
(b) the competent authority’s procedures;
(c) the rights and obligations of an inspector;
(d) safety management systems based on the EU management system requirements (including compliance monitoring) and ICAO Annex 19;
(e) continuing airworthiness management including maintenance programme development and control;
(f) operational procedures that affect the continuing airworthiness management of the aircraft or its maintenance; and
(g) maintenance-related HF and human performance principles;
(3) training on auditing techniques and assessing and evaluating management systems and safety risk management processes.
(4) 5 years of relevant work experience for them to be allowed to work independently as inspectors. This may include experience gained during training to obtain the qualification mentioned below in point (a)(5);
(5) a relevant engineering degree or an aircraft maintenance technician qualification with additional education. ‘Relevant engineering degree’ refers to an engineering degree from aeronautical, mechanical, electrical, electronic, avionic or other studies that are relevant to the maintenance and continuing airworthiness of aircraft/aircraft components;
(6) knowledge of a relevant sample of the type(s) of aircraft gained through a formalised training course. These courses should be at least at a level equivalent to Part-66 Appendix III Level 1 General Familiarisation.
‘Relevant sample’ means that these courses should cover typical aircraft and aircraft systems that are within the scope of work; and
(7) knowledge of maintenance standards, including fuel tank safety (FTS) training as described in Appendix III to AMC4 CAMO.A.305(g).
(b) In addition to technical competency, inspectors should have a high degree of integrity, be impartial in carrying out their tasks, be tactful, and have a good understanding of human nature.
(c) A programme for recurrent training should be developed that ensures that the inspectors remain competent to perform their allocated tasks. As a general policy, it is not desirable for the inspectors to obtain technical qualifications from those entities that are under their direct regulatory oversight.
AMC3 CAMO.B.200(a)(3) Management system
ED Decision 2020/002/R
INITIAL AND RECURRENT TRAINING — INSPECTORS
(a) Initial training programme:
The initial training programme for inspectors should include, as appropriate to their role, current knowledge, experience and skills in at least all of the following:
(1) aviation legislation, organisation, and structure;
(2) the Chicago Convention, the relevant ICAO Annexes and Documents;
(3) Regulation (EU) No 376/2014 on the reporting, analysis and follow-up of occurrences in civil aviation;
(4) overview of Regulation (EU) 2018/1139, its delegated and implementing acts and the related AMC, CS, and GM;
(5) Regulation (EU) No 1321/2014 as well as any other applicable requirements;
(6) management systems, including the assessment of the effectiveness of a management system, in particular hazard identification and risk assessment, and non-punitive reporting techniques in the context of the implementation of a ‘just culture’;
(7) auditing techniques;
(8) procedures of the competent authority that are relevant to the inspectors’ tasks;
(9) HF principles;
(10) the rights and obligations of inspecting personnel of the competent authority;
(11) on-the-job training that is relevant to the inspector’s tasks; and
(12) technical training, including training on aircraft-specific subjects, that is appropriate to the role and tasks of the inspector, in particular for those areas that require approvals.
NOTE: The duration of the on-the-job training should take into account the scope and complexity of the inspector’s tasks. The competent authority should assess whether the required competency has been achieved before an inspector is authorised to perform a task without supervision.
(b) Recurrent training programme
Once qualified, the inspector should undergo training periodically, as well as whenever deemed necessary by the competent authority, in order to remain competent to perform the allocated tasks. The recurrent training programme for inspectors should include, as appropriate to their role, at least the following topics:
(1) changes in aviation legislation, the operational environment and technologies;
(2) procedures of the competent authority that are relevant to the inspector’s tasks;
(3) technical training, including training on aircraft-specific subjects, that is appropriate to the role and tasks of the inspector; and
(4) results from past oversight.
(c) An assessment of an inspector’s competency should take place at regular intervals that do not exceed 3 years. The results of these assessments, as well as any actions taken following the assessments, should be recorded.
AMC1 CAMO.B.200(a)(5) Management system
ED Decision 2020/002/R
SAFETY RISK MANAGEMENT PROCESS
(a) The safety risk management process required by point CAMO.B.200 should be documented. The following should be defined in the related documentation:
(1) means for hazard identification, and the related data sources, taking into account data that comes from other competent authorities with which the competent authority interfaces in the State, or from the competent authorities of other Member States;
(2) risk management steps including:
(i) analysis (in terms of the probability and the severity of the consequences of hazards and occurrences);
(ii) assessment (in terms of tolerability); and
(iii) control (in terms of mitigation) of risks to an acceptable level;
(3) who holds the responsibilities for hazard identification and risk management;
(4) who holds the responsibilities for the follow-up of risk mitigation actions;
(5) the levels of management who have the authority to make decisions regarding the tolerability of risks;
(6) means to assess the effectiveness of risk mitigation actions; and
(7) the link with the compliance monitoring function.
(b) To demonstrate that the safety risk management process is operational, competent authorities should be able to provide evidence that:
(1) the persons involved in internal safety risk management activities are properly trained;
(2) hazards that could impact the authority’s capabilities to perform its tasks and discharge its responsibilities have been identified and the related risk assessment is documented;
(3) regular meetings take place at appropriate levels of management of the competent authority to discuss the risks identified, and to decide on the tolerability of risks and possible risk mitigations;
(4) in addition to the initial hazard identification exercise, the risk management process is triggered as a minimum whenever changes occur that may affect the competent authority’s capability to perform any of the tasks required by Part-CAMO;
(5) a record of the actions taken to mitigate risks is maintained, showing the status of each action and the owner of the action;
(6) there is a follow-up on the implementation of all risk mitigation actions;
(7) risk mitigation actions are assessed for their effectiveness; and
(8) the results of risk assessments are periodically reviewed to check whether they remain relevant. (Are the assumptions still valid? Is there new information?).
GM1 CAMO.B.200(a)(5) Management system
ED Decision 2020/002/R
SAFETY RISK MANAGEMENT PROCESS
The purpose of safety risk management as part of the management system framework for competent authorities is to ensure the effectiveness of the management system. As for any organisation, hazard identification and risk management is expected to contribute to effective decision-making, to guide the allocation of resources and contribute to organisational success.
The safety risk management process required by point CAMO.B.200 is intended to address the safety risks that are directly related to the competent authority’s organisation and processes, and which may affect its capability to perform its tasks and discharge its responsibilities. This process is not intended to be a substitute for the State safety risk management SARPs defined in ICAO Annex 19, Chapter 3, component 3.3. This does not mean, however, that the competent authority may not use information and data that is obtained through its State Safety Programme (SSP), including oversight data and information, for the purpose of safety risk management as part of its management system.
The safety risk management process is also to be applied to the management of changes (CAMO.B.210), which is intended to ensure that the management system remains effective whenever changes occur.
AMC1 CAMO.B.200(d) Management system
ED Decision 2020/002/R
PROCEDURES TO BE MADE AVAILABLE TO THE AGENCY
(a) Copies of the procedures related to the competent authority’s management system, and their amendments, that should be made available to the Agency for the purpose of standardisation, should provide at least the following information:
(1) the competent authority’s organisational structure for the continuing oversight functions that it undertakes, with a description of the main processes. This information should demonstrate the allocation of responsibilities within the competent authority, and that the competent authority is capable of carrying out the full range of tasks for the size and complexity of the Member State’s aviation industry. It should also consider the overall proficiency and the scope of authorisation of the competent authority’s personnel;
(2) for personnel who are involved in oversight activities, the minimum required professional qualification and amount of experience, and the principles that are used to guide their appointment (e.g. assessment);
(3) how the following are carried out: assessments of applications and evaluations of compliance, the issuing of certificates, continuing oversight activities, the follow-up of findings, enforcement measures and the resolution of safety concerns;
(4) the principles used for the management of exemptions and derogations;
(5) the processes that are in place to distribute the applicable safety information to enable a timely reaction to a safety problem;
(6) the criteria for planning continuing oversight activities (i.e. oversight programme), including the management of interfaces when conducting continuing oversight activities (of air operations and of continuing airworthiness management, for example); and
(7) an outline of the initial training of newly recruited oversight personnel (taking future activities into account), and the basic framework for the recurrent training of oversight personnel.
(b) As part of the continuous monitoring of a competent authority, the Agency may request details of the working methods used, in addition to a copy of the procedures of the competent authority’s management system (and any amendments). These additional details are the procedures and the related guidance material that describe the working methods for the personnel of the competent authority who conduct oversight activities.
(c) Information related to the competent authority’s management system may be submitted in an electronic format.
CAMO.B.205 Allocation of tasks to qualified entities
Regulation (EU) 2019/1383
(a) Tasks related to the initial certification, or continuing oversight of persons, or organisations subject to Regulation (EU) 2018/1139 and its delegated and implementing acts may be allocated by Member States only to qualified entities. When allocating tasks, the competent authority shall ensure that it has:
(1) put a system in place to initially and continuously assess that the qualified entity complies with Annex VI ‘Essential requirements for qualified entities’ to Regulation (EU) 2018/1139. This system and the results of the assessments shall be documented;
(2) established a documented agreement with the qualified entity, approved by both parties at the appropriate management level, which clearly defines:
(i) the tasks to be performed;
(ii) the declarations, reports, and records to be provided;
(iii) the technical conditions to be met in performing such tasks;
(iv) the related liability coverage;
(v) the protection given to information acquired in carrying out such tasks.
(b) The competent authority shall ensure that the internal audit process and safety risk management process required by point (a)(5) of point CAMO.B.200 covers all certification, or continuing oversight tasks performed on its behalf.
GM1 CAMO.B.205 Allocation of tasks to qualified entities
ED Decision 2020/002/R
The tasks that may be performed by a qualified entity on behalf of the competent authority include those that are related to the initial certification and to the continuing oversight of persons and organisations as defined in Regulation (EU) No 1321/2014.
CAMO.B.210 Changes in the management system
Regulation (EU) 2019/1383
(a) The competent authority shall have a system in place to identify changes that affect its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139 and its delegated and implementing acts. This system shall enable it to take action as appropriate to ensure that its management system remains adequate and effective.
(b) The competent authority shall update its management system to reflect any change to Regulation (EU) 2018/1139 and its delegated and implementing acts in a timely manner, so as to ensure effective implementation.
(c) The competent authority shall notify the Agency of changes affecting its capability to perform its tasks and discharge its responsibilities as defined in Regulation (EU) 2018/1139 and its delegated and implementing acts.
Regulation (EU) 2019/1383
(a) The competent authority shall establish a system of record-keeping that allows adequate storage, accessibility, and reliable traceability of:
(1) the management system’s documented policies and procedures;
(2) training, qualification, and authorisation of its personnel;
(3) the allocation of tasks, covering the elements required by point CAMO.B.205, as well as the details of tasks allocated;
(4) certification processes and continuing oversight of certified organisations, including:
(i) the application for an organisation certificate;
(ii) the competent authority’s continuing oversight programme, including all assessment, audit and inspection records;
(iii) the organisation certificate, including any changes thereto;
(iv) a copy of the oversight programme listing the dates when audits are due and when audits were carried out;
(v) copies of all formal correspondence;
(vi) details of findings, corrective actions, date of action closure, any exemption and enforcement actions;
(vii) any assessment, audit and inspection reports issued by another competent authority pursuant to point (d) of point CAMO.B.300;
(viii) copies of all organisation CAMEs or manuals and amendments thereto;
(ix) copies of any other document approved by the competent authority;
(5) the evaluation and notification to the Agency of alternative means of compliance proposed by organisations, and the assessment of alternative means of compliance used by the competent authority itself;
(6) safety information and follow-up measures in accordance with point CAMO.B.125;
(7) the use of flexibility provisions in accordance with Regulation (EU) 2018/1139 and its delegated and implementing acts.
(b) The competent authority shall maintain a list of all organisation certificates it issued.
(c) All records referred to in points (a) and (b) shall be kept for a minimum period of 5 years subject to applicable data protection law.
(d) All records referred to in points (a) and (b) shall be made available upon request to a competent authority of another Member State or the Agency.
AMC1 CAMO.B.220(a) Record-keeping
ED Decision 2020/002/R
(a) The record-keeping system should ensure that all records are accessible within a reasonable time whenever they are needed. These records should be organised in a manner that ensures their traceability and retrievability throughout the required retention period.
(b) All records that contain sensitive data regarding applicants or organisations should be stored in a secure manner with controlled access to ensure confidentiality.
(c) Records should be kept in paper form or in electronic format or a combination of the two. Records that are stored on microfilm or optical discs are also acceptable. The records should remain legible and accessible throughout the required retention period. The retention period starts when the record is created.
(d) Paper systems should use robust material which can withstand normal handling and filing. Computer record systems should have at least one backup system, which should be updated within 24 hours of any new entry. Computer record systems should include safeguards against any unauthorised personnel from altering the data.
(e) All computer hardware that is used to ensure the backup of data should be stored in a different location from the one that contains the working data, and in an environment that ensures that the data remains in a good condition. When hardware or software changes take place, special care should be taken to ensure that all the necessary data continues to be accessible throughout at least the full period specified in point CAMO.B.220(c).
AMC1 CAMO.B.220(a)(1) Record-keeping
ED Decision 2020/002/R
COMPETENT AUTHORITY MANAGEMENT SYSTEM
Records that are related to the competent authority’s management system should include, as a minimum, and as applicable:
(a) the documented policies and procedures;
(b) the personnel files of the competent authority’s personnel, with the supporting documents related to their training and qualifications;
(c) the results of the competent authority’s internal audit and safety risk management processes, including audit findings, and corrective, preventive and risk mitigation actions; and
(d) the contract(s) established with any qualified entities that perform certification or oversight tasks on behalf of the competent authority.
AMC1 CAMO.B.220(d) Record-keeping
ED Decision 2020/002/R
REQUEST BY A COMPETENT AUTHORITY OF ANOTHER MEMBER STATE OR THE AGENCY
The cases, when records shall be made available should be limited to:
incidents or accidents;
findings through the aircraft continuing airworthiness monitoring (ACAM) programme where organisations approved by another competent authority are involved, to determine the root cause;
aircraft mainly operated in another Member State;
aircraft previously operated in another Member State;
organisations having approvals in several Member States.
When records are requested from another Member State, the reason for the request should be clearly stated. The records can be made available by sending a copy or by allowing their consultation.
CAMO.B.300 Oversight principles
Regulation (EU) 2022/410
(a) The competent authority shall verify:
(1) compliance with the requirements applicable to organisations prior to the issue of an organisation certificate, as applicable;
(2) continued compliance with the applicable requirements of organisations it has certified;
(3) implementation of appropriate safety measures mandated by the competent authority as defined in points (c) and (d) of point CAMO.B.135.
(b) This verification shall:
(1) be supported by documentation specifically intended to provide personnel responsible for safety oversight with guidance to perform their functions;
(2) provide the organisations concerned with the results of safety oversight activity;
(3) be based on assessments, audits and inspections, including unannounced inspections;
(4) provide the competent authority with the evidence needed in case further action is required, including the measures provided for in point CAMO.B.350 ‘Findings and corrective actions’.
(c) The scope of oversight defined in points (a) and (b) shall take into account the results of past oversight activities and the safety priorities.
(d) Where organisation facilities are located in more than one State, the competent authority as defined in point CAMO.A.105 may agree to have oversight tasks performed by the competent authority(ies) of the Member State(s) where facilities are located, or by the Agency for facilities located in a third country. Any organisation subject to such agreement shall be informed of its existence and of its scope.
(e) For oversight performed at facilities located in another State, the competent authority as defined in point CAMO.A.105 shall inform the competent authority of such State, or the Agency for facilities of organisations having their principal place of business in a third country, before performing any on-site audit or inspection of such facilities.
(f) The competent authority shall collect and process any information deemed useful for oversight, including for unannounced inspections.
(g) When a contract is concluded in accordance with point M.A.201(ea) of Annex I (Part-M), the competent authority responsible for the oversight of the CAMO and the competent authorities responsible for the oversight of the operators concerned shall cooperate to ensure the exchange of information which is relevant for the performance of their tasks. This cooperation shall include the exchange of information on results of the oversight activities performed by those competent authorities and may include the performance of oversight tasks on the CAMO by the competent authorities responsible for the operators.
AMC1 CAMO.B.300(a);(b);(c) Oversight principles
ED Decision 2020/002/R
As part of the initial certification of an organisation, the competent authority should assess the organisation’s management system and processes to make sure that all the required enablers of a functioning management system are present and suitable.
As part of its continuing oversight activities, the competent authority should verify that the required enablers remain present and operational, and assess the effectiveness of the organisation’s management system and processes.
When significant changes take place in the organisation, the competent authority should determine whether there is a need to review the existing assessment to ensure that it is still appropriate.
GM1 CAMO.B.300(a);(b);(c) Oversight principles
ED Decision 2022/017/R
MANAGEMENT SYSTEM MATURITY LEVELS
Regarding the evaluation of the maturity of the management systems, the following definitions apply:
‘present’: there is evidence that the process/feature is documented in the organisation’s management system/safety management system (SMS) documentation;
‘suitable’: the process/feature is suitable based on the size, nature, and complexity of the organisation, and the inherent risk in the activity;
‘operating’: there is evidence that the process/feature is in use and an output is being produced;
‘effective’: there is evidence that the process/feature is achieving the desired outcome and has a positive safety impact.
AMC1 CAMO.B.300(f) Oversight principles
ED Decision 2020/002/R
INFORMATION DEEMED USEFUL FOR OVERSIGHT
This information should include, as a minimum:
(a) any occurrence reports received by the competent authority;
(b) the results of the following types of inspections and surveys if they indicate an issue that originates from a Part-CAMO organisation:
(i) ramp inspections performed in accordance with Subpart RAMP of Annex II (Part-ARO) of Commission Regulation (EU) No 965/2012 ‘Air Operations’;
(ii) product surveys of aircraft pursuant to points M.B.303 or ML.B.303;
(iii) results of aircraft sample surveys conducted pursuant to point CAMO.B.305(b)(1); and
(iv) results of physical surveys or partial airworthiness reviews performed by the competent authority in line with point M.B.901.
GM1 CAMO.B.300(g) Oversight principles
ED Decision 2022/017/R
COOPERATION BETWEEN COMPETENT AUTHORITIES
When a contract is concluded between a CAMO and an operator in accordance with point M.A.201(ea), which may occur during an initial CAMO application or an application for a change (requiring prior approval), the competent authorities of the CAMO and of the operator need to cooperate.
This cooperation between the different competent authorities may be established through a cooperative oversight agreement. That agreement will focus on the information that is relevant for performing the competent authority’s tasks, and be proportional to the nature and complexity of the organisations’ activities. It will cover at least the following aspects:
(a) General information
(1) Scope of the cooperation and identification of the operator (or operators if the competent authorities agree to include in a single agreement several operators that use the same CAMO) and the CAMO.
(2) Nomination of focal points in each competent authority; changing the focal points does not imply a full revision of the cooperation agreement.
(3) Meetings held between the competent authorities to ensure that all remain informed of significant issues.
(4) Provisions for the resolution of conflicts or disagreements.
(b) Oversight
(1) Sharing of the oversight programme that is implemented by each competent authority (e.g. audit plan and audit programme especially regarding the oversight of the management system), including the competent authorities’ assessment of the complexity of the organisations’ activities.
(2) Sharing of the management system assessment approach that is used by each competent authority (refer also to GM2 CAMO.B.300(g)).
(3) Sharing of the results of the management system assessments.
(4) Performance of oversight tasks on the CAMO by the competent authorities responsible for the operator, on behalf of the competent authority of the CAMO, if such arrangement exists.
(5) Participation of inspectors from one competent authority as observers during the performance of oversight tasks by another competent authority, or joint audits/assessments by different competent authorities.
(6) Specific support, if needed, to assist in the inclusion of an aircraft into the AOC, when transferred from one AOC holder to another within the group.
(7) Sharing of information on how the CAMO and operator manage their tasks, to adapt oversight accordingly, such as, but not limited to, the following:
(i) the selection of aircraft subject to product audits as part of the oversight of the CAMO may consider information that comes from the competent authorities of the operator(s), which is provided to the competent authority of the CAMO;
(ii) information on the use and completion of the aircraft technical log system or on the use of the minimum equipment list (MEL) by the operator, which is reported by the competent authority of the CAMO to the competent authority of the relevant operator, may be considered in the operator’s oversight programme;
(iii) sharing of information on the interfaces between the operator(s) and the CAMO regarding the assessment of non-mandatory modifications and/or inspections and the decision on their application as per point CAMO.A.315(b)(4); and
(iv) sharing of information on the system in place between the operator(s) and the CAMO to ensure that pre-flight inspections are properly accomplished.
(c) Additional cooperation provisions
(1) Sharing of information between competent authorities, as well as methods and timing for that sharing, e.g. the result of the assessment of the management system is shared every time the assessment is conducted by one of the competent authorities.
(2) A cooperation mechanism to ensure prompt reaction if one of the competent authorities shares serious concerns about the organisation with another competent authority.
(3) Information to be provided to the competent authority of the operator before integrating an aircraft to the AOC.
(4) Sharing of information between competent authorities before granting any specific approval (e.g. Part-SPA, AMC 20-6, etc.).
(5) Sharing of the relevant operator’s and CAMO’s occurrence reports as well as of the procedures in place between relevant competent authorities to ensure coordinated follow-up and resolution, where applicable.
(6) Sharing of changes in the exposition and manuals when those changes impact harmonised procedures.
GM2 CAMO.B.300(g) Oversight principles
ED Decision 2022/017/R
ASSESSMENT OF HARMONISED MANAGEMENT SYSTEMS
(a) One of the core capabilities that are required for supporting the effective implementation of safety management is the ability to monitor the effectiveness of an organisation’s management system. Competent authorities assess that effectiveness as part of their oversight activities. Cooperation between several competent authorities on that assessment is necessary, especially when different organisations have harmonised management systems as required by point M.A.201(ea).
(b) To ensure cooperative oversight and sound decision-making regarding oversight across a single air carrier business grouping, the competent authorities involved are expected to provide for the following:
(1) Use a common approach to the assessment of the management system, including the continuous improvement of the management systems across the operator(s) and the CAMO involved. Different competent authorities may not necessarily use the same tool to assess the maturity of the harmonised management systems. However, they will coordinate on this matter and share with one another to which extent their assessment approach follows the principles that are set out in GM1 CAMO.B.300(a);(b);(c). This way, all competent authorities involved will have an overall understanding of how each competent authority evaluates compliance and effectiveness of the management system(s).
(2) When a finding is raised on a harmonised procedure or, if used, on a group standard, the other competent authority(ies) is/are informed, and the related root cause analysis and corrective action plan that are developed by the operator(s) and CAMO concerned are shared with all competent authorities involved. In addition, the informed competent authority(ies) will assess if such a finding is relevant for the organisation under its/their oversight and, depending on the conclusion of such an assessment, will take appropriate action (e.g. take no action, communicate with the organisation or with the competent authority that raised the finding, or raise a finding itself/themselves).
(c) Regarding the duration of the oversight planning cycle of the organisations whose management systems are harmonised:
(1) even if the management systems of organisations are harmonised with each other, the maturity levels of those management systems may differ; as the oversight planning cycle is mainly driven by the management system’s maturity and the organisation’s compliance records, some organisations may have an oversight planning cycle of 24 months (or less) and others a 36- or 48-month cycle;
(2) the competent authorities involved will inform each other when the duration of the oversight planning cycle of the organisation(s) under their oversight is to be increased or reduced.
CAMO.B.305 Oversight programme
Regulation (EU) 2019/1383
(a) The competent authority shall establish and maintain an oversight programme covering the oversight activities required by point CAMO.B.300.
(b) The oversight programme shall be developed taking into account the specific nature of the organisation, the complexity of its activities, the results of past certification and/or oversight activities, and shall be based on the assessment of associated risks. It shall include within each oversight planning cycle:
(1) assessments, audits and inspections, including unannounced inspections and, as applicable:
(i) management system assessments and process audits;
(ii) product audits of a relevant sample of aircraft managed by the organisation;
(iii) sampling of airworthiness reviews performed;
(iv) sampling of permits to fly issued;
(2) meetings convened between the accountable manager and the competent authority to ensure both remain informed of significant issues.
(c) For organisations certified by the competent authority, an oversight planning cycle not exceeding 24 months shall be applied.
(d) Notwithstanding point (c), the oversight planning cycle may be extended up to 36 months if the competent authority has established that during the previous 24 months:
(1) the organisation has demonstrated an effective identification of aviation safety hazards and management of associated risks;
(2) the organisation has continuously demonstrated under point CAMO.A.130 that it has full control over all changes;
(3) no level 1 findings have been issued;
(4) all corrective actions have been implemented within the time period accepted or extended by the competent authority as defined in point CAMO.B.350.
Notwithstanding point (c), the oversight planning cycle may be further extended to a maximum of 48 months if, in addition to the conditions provided in points (1) to (4) of the first subparagraph, the organisation has established, and the competent authority has approved, an effective continuous reporting system to the competent authority on the safety performance and regulatory compliance of the organisation itself.
(e) The oversight planning cycle may be reduced if there is any evidence that the safety performance of the organisation has decreased.
(f) The oversight programme shall include records of the dates when audits, inspections and meetings are due, and when such audits, inspections and meetings have been carried out.
(g) At the completion of each oversight planning cycle, the competent authority shall issue a recommendation report on the continuation of the approval reflecting the results of oversight.
AMC1 CAMO.B.305(a);(b) Oversight programme
ED Decision 2020/002/R
(a) The oversight planning cycle and the related oversight programme for each organisation should be reviewed annually to ensure that they remain adequate regarding any changes in the nature, complexity or the safety performance of the organisation.
(b) When reviewing the oversight planning cycle and the related oversight programme, the competent authority should also consider any relevant information collected in accordance with points CAMO.A.160 and CAMO.B.300(f).
AMC1 CAMO.B.305(b) Oversight programme
ED Decision 2020/002/R
SPECIFIC NATURE AND COMPLEXITY OF THE ORGANISATION — RESULTS OF PAST OVERSIGHT
When determining the oversight programme, including the product audits, the competent authority should consider in particular the following elements, as applicable:
(1) the effectiveness of the organisation’s management system in identifying and addressing non‑compliances and safety hazards;
(2) the implementation by the organisation of any industry standards that are directly relevant to the organisation’s activity subject to this Regulation;
(3) the procedure applied for and the scope of changes not requiring prior approval;
(4) any specific procedures implemented by the organisation that are related to any alternative means of compliance used;
(5) the number of approved locations and the activities performed at each location;
(6) the number and type of any subcontractors who perform continuing airworthiness management tasks; and
(7) the volume of activity for each aircraft type / series / group, as applicable.
AMC2 CAMO.B.305(b) Oversight programme
ED Decision 2020/002/R
When a CAMO subcontracts continuing airworthiness management tasks, all subcontracted organisations should also be audited by the competent authority at periods not exceeding the applicable oversight planning cycle (credits per AMC2 CAMO.B.305(c) point (d) are permitted) to ensure that the subcontracted continuing airworthiness management tasks are carried out in compliance with Part-CAMO, Part-M and Part-ML, as applicable.
For these audits, the competent authority inspector should ensure that he or she is accompanied throughout the audit by a senior technical member of the CAMO.
NOTE: When a CAMO subcontracts continuing airworthiness management tasks, the competent authority should also ensure that the CAMO has sufficient control over the subcontracted organisation (see AMC1 CAMO.A.125(d)(3)).
AMC1 CAMO.B.305(b)(1) Oversight programme
ED Decision 2020/002/R
(a) The oversight programme should indicate which aspects of the approval will be covered by each audit.
(b) Part of each audit should concentrate on the audit reports produced by the organisation’s compliance monitoring function, to determine whether the organisation has been identifying and correcting its problems.
(c) At the conclusion of the audit, the auditing inspector should complete an audit report that identifies the areas and processes that were audited, and includes all findings that were raised.
(d) At the completion of each oversight planning cycle, a new EASA Form 13-CAMO should be issued.
AMC1 CAMO.B.305(c) Oversight programme
ED Decision 2020/002/R
OVERSIGHT PLANNING CYCLE — AUDIT AND INSPECTION
(a) When determining the oversight planning cycle and defining the oversight programme, the competent authority should assess the risks related to the activity of each organisation, and adapt the oversight to the level of risk identified and to the effectiveness of the organisation’s management system, in particular its ability to effectively manage safety risks.
(b) The competent authority should establish a schedule of audits and inspections that is appropriate to each organisation. The planning of audits and inspections should take into account the results of the hazard identification and the risk assessment conducted and maintained by the organisation as part of the organisation’s management system. Inspectors should work in accordance with the schedule provided to them.
(c) When the competent authority, having regard to the level of risk identified and the effectiveness of the organisation’s management system, varies the frequency of an audit or inspection, it should ensure that all aspects of the organisation’s activity are audited and inspected within the applicable oversight planning cycle.
AMC2 CAMO.B.305(c) Oversight programme
ED Decision 2020/002/R
OVERSIGHT PLANNING CYCLE — AUDIT
(a) For each organisation certified by the competent authority, all processes should be completely audited at periods that do not exceed the applicable oversight planning cycle. The beginning of the first oversight planning cycle is normally determined by the date of issue of the first certificate. If the competent authority wishes to align the oversight planning cycle with the calendar year, it should shorten the first oversight planning cycle accordingly.
(b) The interval between two audits for a particular process should not exceed the interval of the applicable oversight planning cycle.
(c) Audits should include at least one on-site audit within each oversight planning cycle. For organisations who carry out their regular activity at more than one site, the determination of the sites to be audited should consider the results of past oversight activities and the volume of activities at each site, as well as main risk areas identified.
(d) For organisations holding more than one certificate, the competent authority may define an integrated oversight schedule to include all the applicable audit items. In order to avoid any duplication of audits, credit may be granted for specific audit items that have already been completed during the current oversight planning cycle, provided that:
(1) the specific audit item is the same for all the certificates under consideration;
(2) there is satisfactory evidence on record that those specific audit items were carried out, and that all the related corrective actions have been implemented to the satisfaction of the competent authority;
(3) the competent authority is satisfied that there is no evidence that standards have deteriorated regarding those specific audit items for which credit is granted;
(4) the interval between two audits for the specific item for which credit is granted does not exceed the applicable oversight planning cycle.
AMC1 CAMO.B.305(d) Oversight programme
ED Decision 2020/002/R
EXTENSION OF THE OVERSIGHT PLANNING CYCLE BEYOND 24 MONTHS
(a) If the competent authority applies an oversight planning cycle that exceeds 24 months, it should, at a minimum, perform one focused inspection of the organisation (inspection of a specific area, element or aspect of the organisation) within each 12-month segment of the cycle to support the extended oversight programme.
NOTE: Where another inspection can be linked to the oversight of the organisation (e.g. when an aircraft managed by the organisation is inspected through ACAM survey), then the competent authority may take credit of such inspection to maintain the extension beyond 24 months.
(b) If the results of this inspection indicate a decrease in the safety performance or regulatory compliance of the organisation, the competent authority should revert to a 24-month (or less) oversight planning cycle and review the oversight programme accordingly.
CAMO.B.310 Initial certification procedure
Regulation (EU) 2019/1383
(a) Upon receiving an application for the initial issue of a certificate for an organisation, the competent authority shall verify the organisation’s compliance with the applicable requirements.
(b) A meeting with the accountable manager of the organisation shall be convened at least once during the investigation for initial certification to ensure that he/she fully understands the significance of the certification process and the reason for signing the statement of the organisation to comply with the procedures specified in the CAME.
(c) The competent authority shall record all findings, closure actions (actions required to close a finding) and recommendations.
(d) The competent authority shall confirm in writing all the findings raised during the verification to the organisation. For initial certification, all findings must be corrected to the satisfaction of the competent authority before the certificate can be issued.
(e) When satisfied that the organisation complies with the applicable requirements, the competent authority shall:
(1) issue the certificate as established in Appendix I ‘EASA Form 14’ to this Annex;
(2) formally approve the CAME.
(f) The certificate reference number shall be included on the EASA Form 14 certificate in a manner specified by the Agency.
(g) The certificate shall be issued for an unlimited duration. The privileges, scope of the activities that the organisation is approved to conduct, including any limitations as applicable, shall be specified in the terms of approval attached to the certificate.
(h) To enable the organisation to implement changes without prior competent authority approval in accordance with point (c) of point CAMO.A.130, the competent authority shall approve the relevant CAME procedure defining the scope of such changes and describing how such changes will be managed and notified.
AMC1 CAMO.B.310 Initial certification procedure
ED Decision 2022/017/R
(a) In order to verify the organisation’s compliance with the applicable requirements, the competent authority should conduct an audit of the organisation, including interviews of the personnel, and inspections carried out at the organisation’s facilities.
(b) The competent authority should only conduct such an audit if it is satisfied that the application and the supporting documentation, including the results of the pre-audit performed by the organisation, are in compliance with the applicable requirements.
(c) The audit should focus on the following areas:
(1) the detailed management structure, including the names and qualifications of personnel required by points CAMO.A.305(a) and (b)(2), and the adequacy of the organisation and its management structure;
(2) the personnel:
(i) the adequacy of the number of staff, and of their qualifications and experience with regard to the intended terms of approval and the associated privileges;
(ii) the validity of licences and/or authorisations, as applicable;
(3) the processes for safety risk management and compliance monitoring;
(4) the facilities and their adequacy regarding the organisation’s scope of work;
(5) The documentation based on which the certificate should be granted (i.e. the documentation required by Part-CAMO), including the continuing airworthiness management contract when point M.A.201(ea) is applied:
(i) verification that the procedures specified in the CAME comply with the applicable requirements; and
(ii) verification that the accountable manager has signed the exposition statement.
(d) If an application for an organisation certificate is refused, the applicant should be informed of the right of appeal that exists under national law.
GM1 CAMO.B.310 and CAMO.B.330 Initial certification procedure and changes
ED Decision 2022/017/R
In relation to point M.A.201(ea), if an application, submission, receipt, certificate, or other document is submitted to a competent authority in a language different from the official language of the Member State of that authority, that authority may request a translation.
AMC1 CAMO.B.310(a) Initial certification procedure
ED Decision 2020/002/R
(a) The competent authority should determine how and by whom the audit shall be conducted. For example, it will be necessary to determine whether one large team audit, a short series of small team audits, or a long series of single inspector audits is most appropriate for the particular situation.
(b) The audit may be structured so as to verify the organisation’s processes related to a product line. For example, in the case of an organisation with Airbus A320 and Airbus A310 ratings, the audit should concentrate on the continuing airworthiness management processes of one type only for a full compliance check, and depending upon the result, the second type may only require a sample check against those aspects that were seen to be weak regarding compliance for the first type.
(c) In determining the scope of the audit and which activities of the organisation will be assessed during the audit, the privileges of the approved organisation should be taken into account, e.g. their approval to carry out airworthiness reviews.
(d) The competent authority auditing inspector should always ensure that he or she is accompanied throughout the audit by a senior member of the organisation, who is normally the compliance monitoring manager. The reason for being accompanied is to ensure that the organisation is fully aware of any findings raised during the audit.
(e) At the end of the audit, the auditing inspector should inform the senior member of the organisation of all the findings that were raised during the audit.
AMC1 CAMO.B.310(c) Initial certification procedure
ED Decision 2020/002/R
(a) There may be occasions when the competent authority inspector is unsure about the compliance of some aspects of the applicant's organisation. If this occurs, the inspector should inform the organisation about the possible non-compliance at the time, and about the fact that the situation will be reviewed within the competent authority before a decision is made. If the review concludes that there is no finding, then a verbal confirmation to the organisation should suffice.
(b) Findings should be recorded on the audit report form, each with a provisional categorisation as a level 1 or 2 finding. Subsequent to the on-site audit that identified the particular findings, the competent authority should review the provisional finding levels, adjusting them if necessary, and should change the categorisation from ‘provisional’ to ‘confirmed’.
AMC2 CAMO.B.310(c) Initial certification procedure
ED Decision 2020/002/R
(a) The audit should be recorded using the audit report EASA Form 13-CAMO (Appendix V to AMC2 CAMO.B.310(c)).
(b) A review of the EASA Form 13-CAMO audit report should be carried out by a competent independent person nominated by the competent authority. The review should take into account the relevant points of Part-CAMO, the categorisation of the finding levels and the closure action that was taken. A satisfactory review of the audit report should be indicated by a signature on EASA Form 13-CAMO.
(c) The audit reports should include the date when each finding was closed, together with a reference to the competent authority report or letter that confirmed the closure.
AMC1 CAMO.B.310(d) Initial certification procedure
ED Decision 2020/002/R
All findings should be confirmed in writing to the applicant organisation within 2 weeks of the on-site audit.
GM1 CAMO.B.310(e)(1); CAMO.B.330 Initial certification procedure and changes
ED Decision 2020/002/R
The table shown for the terms of approval in EASA Form 14 includes a field designated as ‘Aircraft type/series/group’.
The intention is to give maximum flexibility to the competent authority to customise the approval to a particular organisation.
Possible alternatives to be included in this field are the following:
A specific type designation that is part of a type certificate, such as Airbus 340-211 or Cessna 172R.
A type rating (or series) as listed in Part-66 Appendix I to AMC, which may be further subdivided, such as Boeing 737-600/700/800, Boeing 737-600, Cessna 172 Series.
An aircraft group such as, for example, ‘all sailplanes and powered sailplanes’ or ‘Cessna single piston engine aircraft’ or ‘Group 3 aircraft’ (as defined in 66.A.5) or ‘aircraft below 2 730 kg MTOM’.
Reference to the engine type installed in the aircraft may or may not be included, as necessary.
It is important to note that the terms of approval defined in EASA Form 14 is further limited to the scope of work defined in the CAME. It is this scope of work in the CAME which ultimately defines the approval of the organisation. As a consequence, it is possible for a competent authority to endorse in EASA Form 14, for example, a scope of work for Group 3 aircraft while the detailed scope of work defined in the CAME does not include all Group 3 aircraft.
Nevertheless, in all cases, the competent authority should be satisfied that the organisation has the capability of managing the types/groups/series endorsed in EASA Form 14.
Since the activities linked to continuing airworthiness management are mainly process-oriented rather than facility/tooling-oriented, changes to the detailed scope of work defined in the CAME (either directly or through a capability list), within the limits already included in EASA Form 14, may be considered as not affecting the approval and not subject to point CAMO.A.130(a). As a consequence, for these changes, the competent authority may allow the use by the CAMO of the procedure referred to in point CAMO.A.130(c) for changes not requiring prior approval.
Since, as mentioned above, the competent authority should make sure that the organisation is capable of managing the requested category as a whole, it is not reasonable to grant a full Group 3 approval based on an intended scope of work which is limited to, for example, a Cessna 172 aircraft. However, it may be reasonable to grant such full Group 3 approval, after showing appropriate capability, for an intended scope of work covering several aircraft types or series of different complexity and which are representative of the full Group 3. In such case, if later on changes need to be introduced in the detailed scope of work detailed in the CAME to include new aircraft types (within Group 3), this may be done by the procedure referred to in point CAMO.A.130(c).
Special case for ELA1 aircraft:
In order to promote standardisation, for this category of aircraft the following approach is recommended:
Possible ratings to be endorsed in EASA Form 14:
ELA1 sailplanes;
ELA1 powered sailplanes and ELA1 aeroplanes;
ELA1 balloons;
ELA1 airships.
Before endorsing any of those ratings (for example, ELA1 sailplanes) in EASA Form 14, the competent authority should audit that the organisation is capable of managing at least one aircraft type (for example, one type of sailplanes within the ELA1 category), including the availability of the necessary facilities, data, maintenance programmes, and staff.
AMC1 CAMO.B.310(e)(2) Initial certification procedure
ED Decision 2020/002/R
(a) The competent authority should indicate its approval of the CAME in writing.
(b) Contracts for subcontracting continuing airworthiness management tasks by CAMOs should be included in the continuing airworthiness organisation exposition. The competent authorities should verify that the standards set forth in AMC1 CAMO.A.125(d)(3) have been met when approving the exposition.
(c) The competent authority while investigating the acceptability of the proposed subcontracted continuing airworthiness management tasks arrangements should take into account, in the subcontracted organisation, all other such contracts that are in place irrespective of state of registry in terms of sufficiency of resources, expertise, management structure, facilities and liaison between the CAMO, the subcontracted organisation and, where applicable, the contracted maintenance organisation(s).
(d) Approval of the CAME constitutes formal acceptance of personnel specified in points CAMO.A.305(a), CAMO.A.305(b)(2), CAMO.A.305(e) and CAMO.A.305(f).
(e) The competent authority may reject an accountable manager if there is clear evidence that this person previously held a senior position in any organisation that was approved in accordance with Regulation (EU) 2018/1139 and its delegated and implementing acts, and that the person abused that position by not complying with the applicable requirements.
(e) For CAT, commercial specialised operations and commercial ATO or commercial DTO operations, the initial approval of the aircraft technical log system required by M.A.306(b) and M.B.305 may be done by approving the CAME in which this system should be described.
Regulation (EU) 2019/1383
(a) Upon receiving an application for a change that requires prior approval, the competent authority shall verify the organisation’s compliance with the applicable requirements before issuing the approval.
(b) The competent authority shall establish the conditions under which the organisation may operate during the change unless the competent authority determines that the organisation’s certificate needs to be suspended.
(c) When satisfied that the organisation complies with the applicable requirements, the competent authority shall approve the change.
(d) Without prejudice to any additional enforcement measures, when the organisation implements changes requiring prior approval without having received competent authority approval pursuant to point (c), the competent authority shall suspend, limit or revoke the organisation’s certificate.
(e) For changes not requiring prior approval, the competent authority shall assess the information provided in the notification sent by the organisation in accordance with point (c) of point CAMO.A.130 to verify compliance with the applicable requirements. In case of any non-compliance, the competent authority shall:
(1) notify the organisation about the non-compliance and request further changes;
(2) in case of level 1 or level 2 findings, act in accordance with point CAMO.B.350.
ED Decision 2020/002/R
(a) The competent authority should have adequate control over any changes to the personnel specified in points CAMO.A.305(a), (b)(2), (e) and (f). Such changes in personnel will require an amendment to the exposition.
(b) When an organisation submits the name of a new nominee for any of the personnel specified in points CAMO.A.305(a), (b)(2) and (e), the competent authority may require the organisation to produce a written résumé of the proposed person's qualifications. The competent authority should reserve the right to interview the nominee or call for additional evidence of his or her suitability before deciding upon him or her being acceptable.
(c) For changes requiring prior approval, in order to verify the organisation's compliance with the applicable requirements, the competent authority should conduct an audit of the organisation, limited to the extent of the changes, and determine whether a risk assessment needs to be provided by the organisation.
(d) If a risk assessment is deemed to be necessary, the competent authority should inform the organisation accordingly.
(e) If the competent authority considers that it is necessary to review the risk assessment performed by the organisation, it should request the organisation to provide it, and assess its result.
(f) If required, the audit may include interviews and inspections carried out at the organisation’s facilities.
(g) The applicable part(s) of EASA Form 13-CAMO should be used to document the assessment of any changes to the Part-CAMO approval.
ED Decision 2020/002/R
CHANGE OF THE NAME OF THE ORGANISATION
(a) On receipt of the application and the amendment to the relevant parts of the CAME, the competent authority should reissue the certificate.
(b) A change of only the name does not require the competent authority to audit the organisation unless there is evidence that other aspects of the organisation have changed.
CAMO.B.350 Findings and corrective actions
Regulation (EU) 2019/1383
(a) The competent authority shall have a system to analyse findings for their safety significance.
(b) A level 1 finding shall be issued by the competent authority when any significant non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the terms of an approval or certificate which lowers safety or seriously endangers flight safety.
The level 1 findings shall include:
(1) failure to give the competent authority access to the organisation's facilities as defined in point CAMO.A.140 during normal operating hours and after two written requests;
(2) obtaining or maintaining the validity of the organisation certificate by falsification of submitted documentary evidence;
(3) evidence of malpractice or fraudulent use of the organisation certificate;
(4) the lack of an accountable manager.
(c) A level 2 finding shall be issued by the competent authority when any non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the terms of an approval or certificate which may lower safety or endanger flight safety.
(d) When a finding is detected during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and its delegated and implementing acts, communicate the finding to the organisation in writing, and request corrective action to address the non-compliance(s) identified. Where a finding directly relates to an aircraft, the competent authority shall inform the State in which the aircraft is registered.
(1) In the case of level 1 findings, the competent authority shall take immediate and appropriate action to prohibit or limit activities and, if appropriate, it shall take action to revoke the certificate or to limit or suspend it in whole or in part, depending upon the extent of the level 1 finding until successful corrective action has been taken by the organisation.
(2) In the case of level 2 findings, the competent authority shall:
(i) grant the organisation a corrective action implementation period appropriate to the nature of the finding, that in any case initially shall not be more than 3 months. It shall commence from the date of the written communication of the finding to the organisation, requesting corrective action to address the non-compliance identified. At the end of this period, and subject to the nature of the finding and past safety performance of the organisation, the competent authority may extend the 3-month period subject to a satisfactory corrective action plan agreed by the competent authority;
(ii) assess the corrective action and implementation plan proposed by the organisation, and if the assessment concludes that they are sufficient to address the non-compliance(s), accept these.
(3) Where an organisation fails to submit an acceptable corrective action plan, or to perform the corrective action within the time period accepted or extended by the competent authority, the finding shall be raised to a level 1 finding and action taken as laid down in point (d)(1).
(4) The competent authority shall record all findings it has raised or that have been communicated to it in accordance with point (e) and, where applicable, the enforcement measures it has applied, as well as all corrective actions and date of action closure for findings.
(e) Without prejudice to any additional enforcement measures, when the authority of a Member State acting under the provisions of point (d) of point CAMO.B.300 identifies any non-compliance with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts by an organisation certified by the competent authority of another Member State or the Agency, it shall inform that competent authority and provide an indication of the level of finding.
CAMO.B.355 Suspension, limitation and revocation
Regulation (EU) 2019/1383
The competent authority shall:
(a) suspend a certificate on reasonable grounds in the case of potential safety threat;
(b) suspend, revoke or limit a certificate pursuant to point CAMO.B.350;
(c) suspend certificate in case the competent authority’s inspectors are unable over a period of 24 months to discharge their oversight responsibilities through on-site audit(s) due to the security situation in the State where the facilities are located.
AMC1 CAMO.B.355(c) Suspension, limitation and revocation
ED Decision 2020/002/R
INFORMATION ON THE SECURITY SITUATION
(a) The European Commission Security Directorate generally advises against any non-essential travel to a country where hostile conditions, or a combination of the following conditions, reduce the level of security, and pose a high level of threat to personnel, as follows:
(1) international or internal armed conflict with frequent armed confrontation taking place, numerous casualties, and/or serious damages to infrastructures;
(2) a situation that could lead to war, or characterised by high internal or external tension that could escalate into instability in the short term; very poorly functioning institutions;
(3) relatively frequent terrorist attacks due to the presence of active terrorist groups, either domestic or transnational, and state authorities that are unable to ensure a satisfactory level of security; and
(4) frequent criminal violence that also targets non-nationals. State authorities have a limited ability to counter criminal activities and ensure security.
(b) Countries where the above conditions apply should not be considered to be compatible with the performance of on-site audits by the competent authority.