21.B.215 Means of compliance

Regulation (EU) 2022/203

(a) The Agency shall develop acceptable means of compliance (‘AMC’) that may be used to establish compliance with Regulation (EU) 2018/1139 and its delegated and implementing acts.

(b) Alternative means of compliance may be used to establish compliance with this Regulation.

(c) Competent authorities shall inform the Agency of any alternative means of compliance used by organisations under their oversight or by themselves for establishing compliance with this Regulation.

ALTERNATIVE MEANS OF COMPLIANCE — GENERAL

(a) A competent authority may establish means to comply with the regulation, which are different from the AMC that are established by EASA.

In that case, the competent authority is responsible for demonstrating how those alternative means of compliance (AltMoC) establish compliance with the regulation.

(b) AltMoC that are used by a competent authority, or by an organisation under its oversight, may be used by other competent authorities, or another organisation, only if they are processed by those authorities in accordance with point 21.B.115 or 21.B.215, and by that organisation in accordance with point 21.A.124A or 21.A.134A.

(c) AltMoC that are issued by the competent authority may cover the following cases:

(1) AltMoC to be used by organisations under the oversight of the competent authority and which are made available to those organisations; and

(2) AltMoC to be used by the authority itself to discharge its responsibilities.

PROCESSING THE ALTERNATIVE MEANS OF COMPLIANCE

To meet the objective of points (b) and (c) of points 21.B.115 and 21.B.215:

(a) the competent authority should establish the means to consistently evaluate over time that all the AltMoC that are used by itself or by organisations under its oversight allow for the establishment of compliance with the regulation;

(b) if the competent authority issues AltMoC for itself or for the organisations under its oversight, it should:

(1) make them available to all relevant organisations; and

(2) notify EASA of the AltMoC as soon as it is issued, including the information that is described in point (d) of this AMC;

(c) the competent authority should evaluate the AltMoC that is proposed by an organisation by analysing the documentation provided and, if considered necessary, by inspecting the organisation; when the competent authority finds that the AltMoC is in accordance with the Regulation, it should:

(1) notify the applicant that the AltMoC is approved;

(2) indicate that this AltMoC may be implemented, and agree when the production organisation exposition (POE) is to be amended accordingly; and

(3) notify EASA of the AltMoC approval as soon as it is approved, including the information that is described in point (d) of this AMC; and

(d) the competent authority should provide EASA with the following information:

(1) a summary of the AltMoC;

(2) the content of the AltMoC;

(3) a statement that compliance with the regulation is achieved; and

(4) in support of that statement, an assessment that demonstrates that the AltMoC reaches an acceptable level of safety, taking into account the level of safety that is achieved by the corresponding EASA AMC.

(e) All these elements that describe the AltMoC are an integral part of the records to be kept, which are managed in accordance with point 21.B.55.

CASES IN WHICH THERE IS NO CORRESPONDING EASA AMC

When there is no EASA AMC to a certain requirement in the regulation, the competent authority may choose to develop national guides or other types of documents to assist the organisations under its oversight in compliance demonstration. The competent authority may inform EASA so that such guides or other documents may be later considered for incorporation into an AMC that is published by EASA using the EASA rulemaking process.

21.B.220 Initial certification procedure

Regulation (EU) 2022/203

(a) Upon receiving an application for the initial issue of a production organisation approval certificate, the competent authority shall verify the applicant’s compliance with the applicable requirements.

(b) A meeting with the accountable manager of the applicant shall be convened at least once during the investigation for initial certification to ensure that this person understands his or her role and accountability.

(c) The competent authority shall record all the findings issued, closure actions as well as the recommendations for the issue of the production organisation approval certificate.

(d) The competent authority shall confirm to the applicant in writing all the findings raised during the verification. For initial certification, all findings must be corrected to the satisfaction of the competent authority before the certificate can be issued.

(e) When satisfied that the applicant complies with the applicable requirements, the competent authority shall issue the production organisation approval certificate (EASA Form 55, see Appendix X).

(f) The certificate reference number shall be included on the EASA Form 55 in a manner specified by the Agency.

(g) The certificate shall be issued for an unlimited duration. The privileges and the scope of the activities that the organisation is approved to conduct, including any limitations as applicable, shall be specified in the terms of approval attached to the certificate.

GM1 21.A.139, 21.A.239, 21.B.120, 21.B.140, 21.B.220, and 21.B.240 The use of information and communication technologies (ICT) for performing remote audits

ED Decision 2022/021/R

This GM provides technical guidance on the use of remote information and communication technologies (ICT) to support:

      competent authorities when overseeing regulated organisations;

      regulated organisations when conducting internal audits / monitoring compliance of their organisation with the relevant requirements, and when evaluating vendors, suppliers and subcontractors.

In the context of this GM:

      ‘remote audit’ means an audit that is performed with the use of any real-time video and audio communication tools in lieu of the physical presence of the auditor on-site; the specificities of each type of approval / letter of agreement (LoA) need to be considered in addition to the general overview (described below) when applying the ‘remote audit’ concept;

      ‘auditing entity’ means the competent authority or organisation that performs the remote audit;

      ‘auditee’ means the entity being audited/inspected (or the entity audited/inspected by the auditing entity via a remote audit);

It is the responsibility of the auditing entity to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of an auditor on-site in accordance with the applicable requirements.

The conduct of a remote audit

The auditing entity that decides to conduct a remote audit should describe the remote audit process in its documented procedures and should consider at least the following elements:

      The methodology for the use of remote ICT is sufficiently flexible and non-prescriptive in nature to optimise the conventional audit process.

      Adequate controls are defined and are in place to avoid abuses that could compromise the integrity of the audit process.

      Measures to ensure that the security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisation also need to be safeguarded).

Examples of the use of remote ICT during audits may include but are not limited to:

      meetings by means of teleconference facilities, including audio, video and data sharing;

      assessment of documents and records by means of remote access, in real time;

      recording, in real time during the process, of evidence to document the results of the audit, including non-conformities, by means of exchange of emails or documents, instant pictures, video or/and audio recordings;

      visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc.

An agreement between the auditing entity and the auditee should be established when planning a remote audit, which should include the following:

      determining the platform for hosting the audit;

      granting security and/or profile access to the auditor(s);

      testing platform compatibility between the auditing entity and the auditee prior to the audit;

      considering the use of webcams, cameras, drones, etc., when the physical evaluation of an event (product, part, process, etc.) is desired or is necessary;

      establishing an audit plan which will identify how remote ICT will be used and the extent of their use for the audit purposes to optimise their effectiveness and efficiency while maintaining the integrity of the audit process;

      if necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;

      a documented statement of the auditee that they shall ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and

      data protection aspects.

The following equipment and set-up elements should be considered:

      the suitability of video resolution, fidelity, and field of view for the verification being conducted;

      the need for multiple cameras, imaging systems, or microphones, and whether the person that performs the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move the equipment, etc.;

      the controllability of viewing direction, zoom, and lighting;

      the appropriateness of audio fidelity for the evaluation being conducted; and

      real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations (on-site and remotely).

When using remote ICT, the auditing entity and the other persons involved (e.g. drone pilots, technical experts) should have the competence and ability to understand and utilise the remote ICT tools employed to achieve the desired results of the audit(s)/assessment(s). The auditing entity should also be aware of the risks and opportunities of the remote ICT used and the impacts they may have on the validity and objectivity of the information gathered.

Audit reports and related records should indicate the extent to which remote ICT have been used in conducting remote audits and the effectiveness of remote ICT in achieving the audit objectives, including any item that it has not been able to be completely reviewed.

GM-ELA No 1 to 21.B.220  Investigation

ED Decision 2019/003/R

The AMC indicated with ‘AMC-ELA’ and the GM related to them (as indicated with ‘GM-ELA’), provide an alternative set of AMC and GM to the other available AMC and GM.

The AMC-ELA provide acceptable means to meet the requirements for small, non-complex organisations that produce aircraft as specified in AMC ELA No 1 to 21.A.131.

[This GM will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

GM-ELA No 1 to 21.B.220(a) Investigation team

ED Decision 2019/003/R

1. Type of team

When appointing a production organisation approval team (POAT), it is important for the member(s) of that team to have a very good understanding of the organisational processes, as well as of the nature and the established manufacturing practices for products that are within the scope of work of the applicant.

The AMC-ELA of Section A of Subpart G for production organisations substantially relies on product conformity and uses, if possible, existing quality management systems. The team should, therefore, be familiar with:

(a) conducting product conformity audits;

(b) alternative quality management systems that are typically applied by companies that produce light aeroplanes, such as ISO 9001, EN 9100, ASTM F2972, or similar standards;

(c) the typical practices used for the production of light aeroplanes and the related products and parts.

If the team is not able to cover all the aspects of the product that are considered to be within the scope of work of the applicant, the production organisation approval team leader (POATL) should coordinate with both the competent authority and the production organisation on identifying suitable subject-matter expert(s) who may provide support during the investigation. The overall size of the team should be adequate for the size of the company to be investigated.

[This GM will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

GM 21.B.220(a) Investigation team

ED Decision 2012/020/R

1. Type of Team

Where the applicant is located in a Member State, the competent authority should appoint a production organisation approval team (POAT) leader and members appropriate to the nature and scope of the applicant’s organisation.

Where the facilities of the applicant are located in more than one Member State, the competent authority of the country of manufacture should liaise with the other involved competent authorities to agree and appoint a POAT leader and members appropriate to the nature and scope of the applicant’s organisation.

2. Team leader selection

The team leader should satisfy all of the criteria for a team member and will be selected by considering the following additional criteria:

a) the capability to lead and manage a team

b) the capability to prepare reports and be diplomatic

c) experience in approval team investigations (not necessarily only Part 21 Section A Subpart G)

d) a knowledge of production and quality systems for aircraft and related products and parts

3. Team member selection

The team leader should agree with the competent authority on the size of the POA team and the specialisations to be covered taking into account the scope of work and the characteristics of the applicant. Team members should be selected by considering the following criteria:

      training, which is mandatory, for Part 21 Section A, Subpart G and Section B, Subpart G

       education and experience, to cover appropriate aviation knowledge, audit practices and approval procedures

       the ability to verify that an applicant’s organisation conforms to its own POA procedures, and that its key personnel are competent.

[This GM will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

AMC-ELA No 1 to 21.B.220(b)  Extent of the investigation

ED Decision 2019/003/R

The initial and the continued investigations of a company should primarily be conducted by investigating the conformity of products on which work is in progress, or following their completion, and by direct product assessment, or the assessment of product-related production records.

When conducting investigations on companies that apply either a production organisation exposition (POE) and/or a company manual that is based on a template[1] provided in accordance with the GM-ELA to Subpart G of Section A, the competent authority should verify whether the documentation has been adequately adapted to the specific details of the company.

Note [1]: A POE template, published by EASA, is provided as additional informative material. This material should not be considered as an AMC.

In order to avoid any duplication of oversight, the competent authority may use systems that implement ISO 9001 or AS/EN 9100 (including audit records) as evidence for compliance investigations.

When the company is capable of manufacturing products that are within the scope of work in a repeatable way, so that they conform to the type design, the competent authority should consider this to be sufficient evidence for the issuance, maintenance or amendment of the approval.

If non-conformities are encountered that reveal a lack of consistent production control, further investigations should be conducted by the company to establish the root cause and the appropriate corrective actions.

[This AMC will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

AMC 21.B.220(c) Procedures for investigation – Evaluation of applications

ED Decision 2012/020/R

The competent authority must receive an application for POA on an EASA Form 50 (see below) completed by the applicant. The eligibility and appropriateness of the application must be evaluated in accordance with 21.A.133 at that time and the applicant must be advised about acceptance or rejection of its application in writing accordingly.

EASA Form 50

Application for Part 21 production organisation approval

Competent authority

of an EU Member State or

EASA

1. Registered name and address of the organisation:

 

 

 

2. Trade name (if different):

 

3. Locations for which the approval is applied for:

 

4. Brief summary of proposed activities at the item 3 addresses

 a) General:

 

 b) Scope of approval:

 

 c) Nature of privileges:

 

5. Description of organisation:

 

6. Links/arrangements with design approval holder(s)/design organisation(s) where different from 1.:

 

7. Approximate number of staff engaged or intended to be engaged in the activities:

 

8.  Position and name of the accountable manager:

 

 

 

 

 

_____________________________________

Date

 

 

 

 

___________________________________

Signature of the accountable manager

EASA Form 50

Block 1: The name of the organisation must be entered as stated in the register of the National Companies Registration Office. For the initial application a copy of the entry in the register of the National Companies Registration Office must be provided to the competent authority.

Block 2: State the trade name by which the organisation is known to the public if different from the information given in Block 1. The use of a logo may be indicated in this Block.

Block 3: State all locations for which the approval is applied for. Only those locations must be stated that are directly under the control of the legal entity stated in Block 1.

Block 4: This Block must include further details of the activities under the approval for the addresses indicated in Block 4. The Block ‘General’ must include overall information, while the Block ‘Scope of approval’ must address the scope of work and products/categories following the principles laid down in the GM 21.A.151. The Block ‘nature of privileges’ must indicate the requested privileges as defined in 21.A.163(b)-(e). For an application for renewal state ‘not applicable’.

Block 5: This Block must state a summary of the organisation with reference to the outline of the production organisation exposition, including the organisational structure, functions and responsibilities. The nomination of the responsible managers in accordance with 21.A.145(c)(2) must be included as far as possible, accompanied by the corresponding EASA Forms 4.

For an application for renewal state ‘not applicable’.

Block 6: The information entered here is essential for the evaluation of eligibility of the application. Therefore special attention must be given concerning the completion of this Block either directly or by reference to supporting documentation in relation to the requirements of 21.A.133(b) and (c) and the AMC to 21.A.133(b) and (c).

Block 7: The information to be entered here must reflect the number of staff, or in case of an initial approval the intended number of staff, for the complete activities to be covered by the approval and therefore must include also any associated administrative staff.

Block 8: State the position and name of the accountable manager.

[This AMC will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

AMC-ELA No 1 to 21.B.220(c) Procedures for investigation – Evaluation of applications

ED Decision 2019/003/R

EASA Form 50 from AMC 21.B.220(c) applies, with the following instructions for its completion:

Block 1: The name of the organisation must be entered as stated in the register of the National Companies Registration Office. For the initial application, a copy of the entry in the register of the National Companies Registration Office must be provided to the competent authority.

Block 2: state the trade name by which the organisation is known to the public if different from the information given in Block 1. The use of a logo may be indicated in this Block.

Block 3: State the major place of activity as per definition in GM-ELA No 2 to 21.A.131 and where the products are completed and checked out, and for which the approval is applied for.

Block 4: This Block must include further details of the activities under the approval for the addresses indicated in Block 4. ‘General’ shall include the relevant part of the Scope definition provided by AMC-ELA No 1 to 21.A.131. ‘Scope of approval’ shall name the applicable scope (refer to GM-ELA No 1 to 21.B.230). A reference to the product type(s) may be provided for further clarification, even when this information will not be part of the terms of approval of the approved production organisation. ‘Nature of privileges’ shall list what is applicable of ‘21.A.163(a), (b), (c), (d), (e)’.

Block 5: If existing at the time of application, make reference to the draft version of the POE as per AMC-ELA No 1 to 21.A.143. Otherwise state: ‘Will be provided when the POE draft is available.’ For an application for renewal, state: ‘Not applicable.’

Block 6: Depending on the case, either of ‘Production and holder of the type certificate/design approval operate within one consolidated entity and under one management’; or ‘Satisfactory coordination between production and type certificate/design approval holder is ensured by implementation of adequate responsibilities for the coordination in both directions.’

Block 7: The information to be entered here must reflect the approximate number of staff, or in case of an initial approval, the intended number of staff, for the complete activities to be covered by the approval and therefore must include also any associated administrative staff.

Block 8: State the position and name of the accountable manager.

[This AMC will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

AMC-ELA No 2 to 21.B.220(c) Procedures for investigation – General

ED Decision 2019/003/R

1. General

The competent authority needs to investigate the applicant’s production organisation for its ability to produce products within the scope of work and that conform to the type in a repeatable way, so that they conform to the type design. It should establish procedures that include the following aspects:

2. Preparation and planning for an investigation

2.1. The POA team leader (POATL) should initiate the investigation of a new applicant by arranging a meeting with the applicant, in which the applicant should provide a general presentation of its organisation and products, parts or appliances, and in which the POATL should describe the investigation process to the applicant.

2.2. The POA team (POAT) should study the information gathered in the initiation phase, including information from other teams of the competent authority of the Member State or EASA on the functioning of the applicant’s organisation, especially when the production organisation and the design organisation form one consolidated team.

2.3. The POAT should establish an investigation plan that:

      takes account of the location of the POA applicant’s facilities;

      defines the subject matter that will be covered by the team members;

      identifies any areas of expertise that the team may be lacking in, and how to seek external advice;

      includes a comprehensive plan for auditing a representative set of products while work is in progress or following its completion, and by direct product assessment, or assessment of product-related production records; and

      includes liaison with the applicant in order to plan mutually suitable dates and times for visits, to determine the necessary size of the investigation team on both sides, and to agree on the investigation plan and the approximate timescales.

3. Investigation

3.1. Evaluation of the documentation (production organisation exposition (POE), procedures, etc.)

The POAT should:

      assess the POE for compliance with point 21.A.143, e.g. by using AMC-ELA No 1 to 21.A.143;

      evaluate (as applicable) the use of ISO 9001 or AS/EN 9100 in accordance with AMC-ELA No 1 to 21.B.220(b).

3.2. Auditing

The POAT should:

      audit the product and its associated documentation for conformity with the provisions of the relevant type design. If discrepancies are found on the audited product, the POATL should assess whether the definitions of the quality system have been adhered to, and whether those definitions may have been misleading and may have contributed to the discrepancies, which may indicate a need for a modification;

      review the acceptance of the key nominated personnel, confirmed by the completed EASA Form 4 (refer to AMC-ELA No 1 to 21.A.145(c)), on the basis of a review of the skills of each nominee, used as the basis for the nomination; 

      conduct sample audits at appropriate stages of production to verify that:

(i) the products, parts, appliances and material produced by the organisation are in conformity with the applicable design data;

(ii) the level of product conformity achieved indicates that the facilities, working conditions, equipment and tools are appropriate to allow the work to be performed in a repeatable way;

(iii) the achieved production rate and the number of product non-conformities indicate that the number of personnel and their competences are sufficient to allow the work to be performed in a repeatable way; and

(iv) the identified responsibilities and examples show that there is satisfactory and effective coordination between the production entity and the design entity.

The investigation team should be accompanied during the sample audits by company representatives who are knowledgeable about the applicant’s organisation and procedures. This will ensure that the organisation is aware of the progress of the audit and of any problems as they arise. This will also make it easier for the investigation team to gain access to the information of the company;

      coordinate with the subject-matter experts who provide external advice for any areas of expertise that the team may be lacking in, and enable an efficient investigation to take place, which will provide consistent and effective investigations and reporting;

      meet the accountable manager at least once during the investigation process, and preferably twice. The accountable manager should be briefed on the investigation process and on the results of the investigation.

3.3. Follow-up of corrective actions

In order to draft the audit report, the POAT should hold a meeting with the applicant to review any findings and observations.

The POAT, upon completion of the investigation, should hold a meeting with the applicant to verbally present the report.

The POAT should present the findings, the corrective action plan, and the preliminary arrangements for any follow-up that may be necessary.

The POATL should transmit the final report, together with the minutes of the final meeting with the applicant, to the competent authority of the applicant. The report should include any recommendations for improvements and any significant findings, together with appropriate conclusions and a corrective action plan. In particular, it should indicate whether the POE is acceptable, or changes are required.

If the findings made during the investigation mean that a recommendation for approval will not or cannot be issued, then the related findings should be provided to the applicant in writing within 2 weeks’ time from the date of the visit.

3.4. Recommendation for the issuance, amendment, suspension or revocation of a production organisation approval

The POATL should track the feedback obtained from the applicant, taking into consideration the timelines specified in point 21.A.158(c). The POATL should consider the means provided by AMC No 1 to 21.B.230. The recommendation should be documented using EASA Form 56, Part 5.

3.5. Continued surveillance

Subsequent to an initial approval, the POATL should coordinate with the applicant on a mutually agreed surveillance plan that is appropriate for the size, product range and production rate of the company, taking into consideration the means provided by AMC-ELA No 1 to 21.B.235.

[This AMC will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

GM No 1 to 21.B.220(c) Procedures for investigation – Investigation preparation and planning

ED Decision 2012/020/R

Following the acceptance of the application and before commencing an investigation, the competent authority should, for the preparation and planning of the investigation:

      identify the site locations needing investigation taking into account the scope of any other POA issued by a Member State, which are valid in the circumstances

      liaise with the Agency for the appointment of any necessary observer(s) for standardisation purposes

      establish any necessary liaison arrangement with other competent authorities

      agree the size and composition of the POAT and any specialist tasks likely to be covered and to select suitable team members from all involved competent authorities

      seek any necessary advice and guidance from the Agency

      liaise with the competent authority of the other Member State where there is seen to be a need to visit a production approval holder facility in that Member State for one of the following reasons:

1) where a manufacturer has subcontracted production to another organisation and therefore a need arises to ensure that contract has the same meaning for all parties to the contract, and the competent authority of the Member State agrees

2) to inspect a product, part, appliance, or material under production for its own, Member States or non-EU register.

[This GM will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

GM No 2 to 21.B.220(c)  Procedures for investigation – General

ED Decision 2019/018/R/R

1. Purpose of the Procedures

The purpose is to investigate the applicant production organisation for compliance with Part 21 Subpart G in relation to the requested terms of approval. When appropriate, this procedure should also be used to investigate significant changes or applications for variation of scope of approval.

The following procedure assumes that the application has been accepted and that an investigation team has been selected.

2. Initiation

The POA Team Leader initiates the procedure by:

2.1 arranging a meeting with the POAT members to review the information provided in accordance with 21.A.134 and to take account of any knowledge that the POAT members have regarding the production standards of the applicant

2.2. obtaining information from other teams of a competent authority of the Member State or the Agency on the functioning applicant organisation (see GM No 1 to 21.B.45)

2.3 arranging a meeting with the applicant in order to:

      enable the applicant to make a general presentation of its organisation and products, parts or appliances

      enable the POAT to describe the proposed investigation process

      enable the POAT to confirm to the applicant the identity of those managers nominated in accordance with Part 21 Subpart G who need to complete an EASA Form 4 (See EASA Form 4 for Production Organisations on EASA website: http://easa.europa.eu/certification/application-forms.php). The applicant should provide a completed copy of EASA Form 4 for each of the key management staff identified by Part 21 Subpart G. The EASA Form 4 is a confidential document and will be treated as such.

3. Preparation

The POAT:

3.1 studies the information gathered in the initiation phase

3.2 establishes an investigation plan which:

       takes account of the location of the POA applicants facility as identified per GM No 3 to 21.B.220(c)

       defines areas of coverage and work-sharing between POAT members taking account of their individual expertise

       defines areas where more detailed investigation is considered necessary

       establishes the need for external advice to POAT members where expertise ay be lacking within the team

       includes completion of a comprehensive plan for the investigation in order to present it to the applicant

       recognises the need to:

       review the documentation and procedures

       verify compliance and implementation

       audit a sample of products, parts, and appliances

3.3 co-ordinates with the appropriate Part 21 Section A Subpart J design organisation approval Teams sufficiently for both parties to have confidence in the applicants co-ordination links with the holder of the approval of the design (as required by 21.A.133)

3.4 establishes liaison with the applicant to plan mutually suitable dates and times for visits at each location needing investigation, and also to agree the investigation plan and approximate time scales with the applicant

4. Investigation

The POAT:

4.1 makes a check of the POE for compliance with Part 21 Subpart G

4.2 audits the organisation, its organisational structure, and its procedures for compliance with Part 21 Subpart G, using EASA Form 56 as a guide during the investigation, and as a checklist at the end of it

4.3. generates compliance checklists for investigations of working processes and procedures on site as required

4.4 accepts or rejects each EASA Form 4 completed by the key nominated personnel in accordance with 21.A.145(c)(2)

4.5 checks that the production organisation exposition (POE) standard reflects the organisation, its procedures, practices and 21.A.143. Having checked and agreed a POE issue or subsequent amendment, the competent authority should have a clear procedure to indicate its acceptance or rejection

4.6 makes sample audits at working level to verify that:-

(i) work is performed in accordance with the system described in the POE

(ii) products, parts, appliances or material produced by the organisation are in conformity with the applicable design data (see GM 21.B.235(b)(4)).

(iii) facilities, working conditions, equipment and tools are in accordance with the POE and appropriate for the work being performed

(iv) competence and numbers of personnel is appropriate for the work being performed

(v) co-ordination between production and design is satisfactory

4.7 at an advanced stage of the investigation, conducts an interim team review of audit results and matters arising, in order to determine any additional areas requiring investigation.

Each investigation team should be accompanied during the process by company representatives who are knowledgeable of the applicants organisation and procedures. This will ensure that the organisation is aware of audit progress and problems as they arise. Access to information will also be facilitated.

The POATL should co-ordinate the work of POAT members for an efficient investigation process, which will provide a consistent and effective investigation and reporting standards.

5. Conclusions

5.1 The POATL holds a team meeting to review findings and observations so as to produce a final agreed report of findings.

5.2 The POATL, on completion of the investigation, holds a meeting to verbally presents the report to the applicant.

The POATL should be the chairman of this meeting, but individual team members may present their own findings and observations.

5.3 The meeting should agree the findings, corrective action time scales, and preliminary arrangements for any follow up that may be necessary.

5.4 Some items may as a result of this meeting be withdrawn by the POATL but if the investigation has been correctly performed, at this stage there should be no disagreement over the facts presented.

5.5 Inevitably there will be occasions when the POAT member carrying out the audit may find situations in the applicant or POA holder where it is unsure about compliance. In this case, the organisation is informed about possible non-compliance at the time and advised that the situation will be reviewed within the competent authority before a decision is made. The organisation should be informed of the decision without undue delay. Only if the decision results in a confirmation of non-compliance this is recorded in Part 4 of EASA Form 56.

5.6 The POATL will transmit the final signed report on EASA Form 56 together with notes of the final meeting with the applicant to the competent authority where the applicant is located. The report will include recommendations and significant findings, together with appropriate conclusions and corrective actions. In particular, it should indicate if the POE is acceptable, or changes are required.

5.7 Completion of EASA Form 56 includes the need to record in Part 4 comments, criticisms, etc., and this must reflect any problems found during the visit and must be the same as the comments, criticisms made to the organisation during the debrief. Under no circumstances should additional comments, criticisms, etc., be included in Part 4 of the report unless the applicant or POA holder has previously been made aware of such comments.

 Many applicants may need to take corrective action and amend the proposed exposition before the competent authority is able to conclude its investigation. Such corrective actions should be summarised in Part 4 of the EASA Form 56 and a copy always given to the applicant, so that there is a common understanding of the actions necessary before approval can be granted.

 The intention of the EASA Form 56 Part 4 is to provide a summary report of findings and outstanding items during initial investigation and major changes. The competent authority will need to operate a supporting audit system to manage corrective action monitoring, closure etc. While the EASA Form 56 Part 4 format may be used for monitoring purposes, it is not adequate on its own to manage such system.

5.8 If the findings made during the investigation mean that approval recommendation will not or cannot be issued, then it is essential that such findings are confirmed in writing to the organisations within two weeks of the visit. The reason for confirmation in writing is that many organisations take a considerable time to establish compliance. As a result, it is too easy to establish a position of confusion where the organisation claims it was not aware of the findings that prevented issue of an approval.

6. Management Involvement

The accountable manager will be seen at least once during the investigation process and preferably twice, because he or she is ultimately responsible for ensuring compliance with the requirements for initial grant and subsequent maintenance of the production organisation approval. Twice is the preferred number of visits to the accountable manager, with one being conducted at the beginning of the audit to explain the investigation process and the second, at the end, to debrief on the results of the investigation.

 

Competent authority

of an EU Member State or

EASA

 

RECOMMENDATION REPORT IN SUPPORT OF Part 21  SUBPART G APPROVAL

ISSUE / CONTINUATION / VARIATION / SIGNIFICANT CHANGE

 

 

PART ONE OF FIVE PARTS:  BASIC DETAILS OF THE ASSESSMENT

 

 

Name of the organisation:

 

 

 

Approval reference: ___________

 

 

Address(es) of the facilities surveyed:

 

 

 

 

Main Part 21 Subpart G activities at facilities surveyed:

 

 

 

Date(s) of survey:

 

 

Names and positions of the organisation's senior management attended during survey:

 

 

 

Names of the competent authority staff:

 

 

 

 

Office:       EASA Form 56 completion date:

 

 

 

Note: If it is determined that recommendation for issue/continuation/variation/significant change of approval cannot be made because of non-compliance with  Part 21 Subpart G, the reasons for non-compliance need to be identified in PART 4 of the report. A copy of PART 1 and PART 4, or at least the information included in these parts, must be given to the organisation to ensure that the organisation, in failing to obtain Part 21 Subpart G approval, even if only temporarily, has the same information as is on the files of the competent authority.

EASA Form 56 Issue 3 – POAT Recommendation Audit Report - Part 1 of 5, Page 1 of 1   MONTH YEAR

 

Competent authority

of an EU Member State or

EASA

 

RECOMMENDATION REPORT IN SUPPORT OF Part 21 SUBPART G ISSUE /
CONTINUATION / VARIATION/SIGNIFICANT CHANGE

 

PART TWO OF FIVE PARTS:   Part 21  SUBPART G COMPLIANCE

 

Name of organisation:

 

Approval of organisation:

 

Approval reference:  ___________  Survey reference:

 

Note A: This form has been compiled according those points of Part 21 Subpart G which are relevant to an organisation trying to demonstrate compliance.

Note B: The right hand part of each box must be completed with one of three indicators:

1. a tick () which means compliance;

2. NR which means the requirement is Not Relevant to the activity at the address surveyed; (the reason for NR should be stated in Part 4 of the report, unless the reason is obvious)

3. a number relating to a comment which must be recorded in Part 4 of the report.

 The left hand part of each box is optional for use by the competent authority.

21.A.133 Eligibility

 

Any natural or legal person (‘organisation’) shall be eligible as an applicant for an approval under this Subpart. The applicant shall:

 

(a) justify that, for a defined scope of work, an approval under this Subpart is appropriate for the purpose of showing conformity with a specific design; and

 

(b) hold or have applied for an approval of that specific design; or

 

(c) have ensured, through an appropriate arrangement with the applicant for, or holder of,  an approval of that specific design, satisfactory co-ordination between production and design. 

 

21.A.134 Application

 

Each application for a production organisation approval shall be made to the competent authority in a form and manner established by that authority, and shall include an outline of the information required by point 21.A.143 and the terms of approval requested to be issued under point 21.A.151.

 

EASA Form 56 Issue 3 - POAT Recommendation Report POA Audit Report - Part 2 of 5, Page 1 of 5 MONTH YEAR

PART TWO OF FIVE (CONTINUED):    SURVEY REFERENCE:

21.A.139 Quality System

(a) The production organisation shall demonstrate that it has established and is able to maintain a quality system. The quality system shall be documented. This quality system shall be such as to enable the organisation to ensure that each product, part or appliance produced by the organisation or by its partners, or supplied from or subcontracted to outside parties, conforms to the applicable design data and is in condition for safe operation, and thus exercise the privileges set forth in point 21.A.163.

(b) The quality system shall contain:

 (1) as applicable within the scope of approval, control procedures for:

(i) document issue, approval, or change;

 

(ii) vendor and sub-contractor assessment audit and control;

 

(iii) verification that incoming products, parts, materials, and equipment, including items supplied new or used by buyers of products, are as specified in the applicable design data;

(iv) identification and traceability;

 

(v) manufacturing processes;

 

(vi) inspection and testing, including production flight tests;

 

(vii) calibration of tools, jigs, and test equipment;

 

(viii) non-conforming item control;

 

(ix) airworthiness co-ordination with the applicant for, or holder of, a design approval;

(x) records completion and retention;

 

(xi) personnel competence and qualification;

 

(xii) issue of airworthiness release documents;

 

(xiii) handling, storage and packing;

 

(xiv) internal quality audits and resulting corrective actions;

 

(xv) work within the terms of approval performed at any location other than the approved facilities;

(xvi) work carried out after completion of production but prior to delivery, to maintain the aircraft in a condition for safe operation;

(xvii) issue of permit to fly and approval of associated flight conditions.

 

 The control procedures need to include specific provisions for any critical parts.

(b) The quality system shall contain (cont’d) –

 (2) An independent quality assurance function to monitor compliance with, and adequacy of, the documented procedures of the quality system. This monitoring shall include a feedback system to the person or group of persons referred to in point 21.A.145(c)(2) and ultimately to the manager referred to in point 21.A.145(c)(1) to ensure, as necessary, corrective action.

EASA Form 56 Issue 3- POAT Recommendation Report POA Audit Report - Part 2 of 5, Page 2 of 5 MONTH YEAR

PART TWO OF FIVE (CONTINUED):    SURVEY REFERENCE:

21.A.143 Exposition

(a) The organisation shall submit to the competent authority a production organisation exposition providing the following information: (see Part 3 of this Form)

(b) The production organisation exposition shall be amended as necessary to remain an up-to-date description of the organisation, and copies of any amendments shall be supplied to the competent authority.

21.A.145 Approval requirements

The production organisation shall demonstrate, on the basis of the information submitted in accordance with point 21.A.143 that:

(a) with regard to general approval requirements,  facilities, working conditions, equipment and tools, processes and associated materials, number and competence of staff, and general organisation are adequate to discharge obligations under  21.A.165;

(b) with regard to all necessary airworthiness, noise, fuel venting and exhaust emissions data:

 (1) the production organisation is in receipt of such data from the Agency, and from the holder of, or applicant for, the type-certificate, restricted type-certificate or design approval to determine conformity with the applicable design data;

 (2) the production organisation has established a procedure to ensure that airworthiness, noise, fuel venting and exhaust emissions data are correctly incorporated in its production data;

 (3) such data are kept up to date and made available to all personnel who need access to such data to perform their duties;

(c) with regard to management and staff:

 (1) A manager has been nominated by the production organisation, and is accountable to the competent authority. His or her responsibility within the organisation shall consist of ensuring that all production is performed to the required standards and that the production organisation is continuously in compliance with the data and procedures identified in the exposition referred to in point 21.A.143.

 (2) a person or a group of persons have been nominated by the production organisation to ensure that the organisation is in compliance with the requirements of this Annex I (Part 21), and are identified, together with the extent of their authority. Such person(s) shall act under the direct authority of the accountable manager referred to in point (1). The knowledge, background and experience of the persons nominated shall be appropriate to discharge their responsibilities;

 (3) staff at all levels have been given appropriate authority to be able to discharge their allocated responsibilities and that there is full and effective co-ordination within the production organisation in respect of airworthiness, noise, fuel venting and exhaust emission data matters;

(d) with regard to certifying staff, authorised by the production organisation to sign the documents issued under point 21.A.163 under the scope or terms of approval:

 (1) the knowledge, background (including other functions in the organisation), and experience of the certifying staff are appropriate to discharge their allocated responsibilities;

 (2) the production organisation maintains a record of all certifying staff which shall include details of the scope of their authorisation;

 (3) certifying staff are provided with evidence of the scope of their authorisation.

EASA Form 56 Issue 3 - POAT Recommendation Report POA Audit Report - Part 2 of 5, Page 3 of 5 MONTH YEAR

PART TWO OF FIVE (CONTINUED):   SURVEY REFERENCE:

21.A.147 Changes to the approved production organisation

(a) After the issue of a production organisation approval, each change to the approved production organisation that is significant to the showing of conformity or to the airworthiness and characteristics of noise, fuel venting and exhaust emissions of the product, part or appliance, particularly changes to the quality system, shall be approved by the competent authority. An application for approval shall be submitted in writing to the competent authority and the organisation shall demonstrate to the competent authority before implementation of the change, that it will continue to comply with this Subpart.

(b) The competent authority shall establish the conditions under which a production organisation approved under this Subpart may operate during such changes unless the competent authority determines that the approval should be suspended.

21.A.148 Changes of location

A change of the location of the manufacturing facilities of the approved production organisation shall be deemed of significance and therefore shall comply with point 21.A.147.

 

21.A.149 Transferability

Except as a result of a change in ownership, which is deemed significant for the purposes of point 21.A.147, a production organisation approval is not transferable.

 

21.A.151 Terms of approval

The terms of approval shall identify the scope of work, the products or the categories of parts and appliances, or both, for which the holder is entitled to exercise the privileges under point 21.A.163.

Those terms shall be issued as part of a production organisation approval.

 

21.A.153 Changes to the terms of approval

Each change to the terms of approval shall be approved by the competent authority. An application for a change to the terms of approval shall be made in a form and manner established by the competent authority. The applicant shall comply with the applicable requirements of this Subpart.

 

21.A.157 Investigations

A production organisation shall make arrangements that allow the competent authority to make any investigations, including investigations of partners and sub-contractors, necessary to determine compliance and continued compliance with the applicable requirements of this Subpart.

 

21.A.163 Privileges

Pursuant to the terms of approval issued under point 21.A.135, the holder of a production organisation approval may:

(a) perform production activities under this Annex I (Part 21).

(b) in the case of complete aircraft and upon presentation of a statement of conformity (EASA Form 52) under point 21.A.174, obtain an aircraft certificate of airworthiness and a noise certificate without further showing;

(c) in the case of other products, parts or appliances, issue authorised release certificates (EASA Form 1) under 21.A.307 without further showing;

(d) maintain a new aircraft that it has produced and issue a certificate of release to service (EASA Form 53) in respect of that maintenance;

(e) under procedures agreed with its competent authority for production, for an aircraft it has produced, and when the production organisation itself is controlling under its POA the configuration of the aircraft and is attesting conformity with the design conditions approved for the flight, to issue a permit to fly in accordance with point 21.A.711(c) including approval of the flight conditions in accordance with point 21.A.710(b).

EASA Form 56 Issue 3- POAT Recommendation Report POA Audit Report - Part 2 of 5, Page 4 of 5 MONTH YEAR

PART TWO OF FIVE (CONTINUED):     SURVEY REFERENCE:

21.A.165 Obligations of the holder

The holder of a production organisation approval shall:

(a) ensure that the production organisation exposition furnished in accordance with point 21.A.143 and the documents to which it refers, are used as basic working documents within the organisation;

(b) maintain the production organisation in conformity with the data and procedures approved for the production organisation approval;

(c) (1) determine that each completed aircraft conforms to the type design and is in condition for safe operation prior to submitting statements of conformity to the competent authority; or

(2) determine that other products, parts or appliances are complete and conform to the approved design data and are in a condition for safe operation before issuing an EASA Form 1 to certify conformity to approved design data and in a condition for safe operation, and additionally in case of engines, determine according to data provided by the engine type-certificate holder that each completed engine is in compliance with the applicable emissions requirements as defined in point 21.B.85(b), current at the date of manufacture of the engine, to certify emissions compliance; or

(3) determine that other products, parts or appliances conform to the applicable data before issuing EASA Form 1 as a conformity certificate;

(d) record all details of work carried out;

(e) establish and maintain an internal occurrence reporting system in the interest of safety, to enable the collection and assessment of occurrence reports in order to identify adverse trends or to address deficiencies, and to extract reportable occurrences. This system shall include evaluation of relevant information relating to occurrences and the promulgation of related information;

(f) (1) report to the holder of the type-certificate or design approval, all cases where products, parts or appliances have been released by the production organisation and subsequently identified to have possible deviations from the applicable design data, and investigate with the holder of the type-certificate or design approval in order to identify those deviations which could lead to an unsafe condition;

 (2) report to the Agency and the competent authority of the Member State, or both, the deviations which could lead to an unsafe condition identified according to point (1). Such reports shall be made in a form and manner established by the Agency under point 21.A.3A(b)(2) or accepted by the competent authority of the Member State;

 (3) where the holder of the production organisation approval is acting as a supplier to another production organisation, report also to that other organisation all cases where it has released products, parts or appliances to that organisation and subsequently identified them to have possible deviations from the applicable design data;

(g) provide assistance to the holder of the type-certificate or design approval in dealing with any continuing airworthiness actions that are related to the products parts or appliances that have been produced;

(h) establish an archiving system incorporating requirements imposed on its partners, suppliers and sub-contractors, ensuring conservation of the data used to justify conformity of the products, parts or appliances. Such data shall be held at the disposal of the competent authority and be retained in order to provide the information necessary to ensure the continuing airworthiness of the products, parts or appliances;

(i) where, under its terms of approval, the holder issues a certificate of release to service, determine that each completed aircraft has been subjected to necessary maintenance and is in condition for safe operation, prior to issuing the certificate;

EASA Form 56 Issue 3- POAT Recommendation Report POA Audit Report - Part 2 of 5, Page 5 of 5 MONTH YEAR

(j) where applicable, under the privilege of point 21.A.163(e), determine the conditions under which a permit to fly can be issued;

(k) where applicable, under the privilege of point 21.A.163(e), establish compliance with point 21.A.711(c) and (e) before issuing a permit to fly to an aircraft.

Competent authority

of an EU Member State or

EASA

 

RECOMMENDATION REPORT IN SUPPORT OF Part 21 SUBPART G ISSUE / CONTINUATION / VARIATION/SIGNIFICANT CHANGE

 

PART THREE OF FIVE PARTS: Part 21 SUBPART G EXPOSITION COMPLIANCE

 

Name of organisation:

 

Approval of organisation:

 

Approval reference:  ___________  Survey reference:

 

Note A: Each box must be completed with one of three indicators:

 1. a tick () which means compliance;

 2. NR which means the requirement is NOT RELEVANT to the activity at the address surveyed; (The reason for NR should be stated in Part 4 of the report unless the reason is obvious.);

 3. a number relating to a comment which must be recorded in Part 4 of the report.

Note B: The exposition may be compiled in any subject order as long as all applicable subjects are covered.

Note C: If the organisation holds another Part approval requiring an exposition or handbook it is acceptable to use this index as a supplement to the existing exposition or handbook and to cross-refer each subject to the position in the existing exposition or handbook.

Production organisation exposition

Revision Status:

 

(Content as required by 21.A.143(a))

(1) A statement signed by the accountable manager confirming that the production organisation exposition and any associated manuals which define the approved organisation’s compliance with this Subpart will be complied with at all times;

(2) the title(s) and names of the managers accepted by the competent authority in accordance with point 21.A.145(c)(2);

(3) the duties and responsibilities of the manager(s) as required by point 21.A.145(c)(2) including matters on which they may deal directly with the competent authority on behalf of the organisation.

(4) an organisational chart showing associated chains of responsibility of the managers as required by point 21.A.145(c)(1) and (c)(2);

(5) a list of certifying staff as referred to in point 21.A.145(d)

 [Note : a separate document may be referenced]

(6) a general description of man-power resources;

EASA Form 56 Issue 3- POAT Recommendation Report POA Audit Report - Part 3 of 5, Page 1 of 2 MONTH YEAR

PART THREE OF FIVE (CONTINUED):     SURVEY REFERENCE:

 

(7) a general description of the facilities located at each address specified in the production organisation’s certificate of approval.

(8) a general description of the production organisation’s scope of work relevant to the terms of approval;

(9) the procedure for the notification of organisational changes to the competent authority;

(10) the amendment procedure for the production organisation exposition;

(11) a description of the quality system and the procedures as required by point 21.A.139(b)(1);

(12)  a list of those outside parties referred to in point 21.A.139(a).

 [Note : a separate document may be referenced]

EASA Form 56 Issue 3 - POAT Recommendation Report POA Audit Report - Part 3 of 5, Page 2 of 2 MONTH YEAR

 

Competent authority

of an EU Member State or

EASA

 

RECOMMENDATION REPORT IN SUPPORT OF  Part 21 SUBPART G APPROVAL ISSUE / CONTINUATION / VARIATION/SIGNIFICANT CHANGE

 

PART FOUR OF FIVE PARTS:  FINDINGS ON Part 21 SUBPART G COMPLIANCE STATUS

 

Name of organisation:

 

Approval reference: _______________ Survey reference: _______________

 

Note A: Each finding must be identified by number and the number must cross-refer to the same number in a box in Part 2 or 3 of the Part 21 Subpart G survey report.

Note B: As stated in Part 1 any comments recorded in this Part 4 should be copied to the organisation surveyed together with Part 1.

Note C: In case of a partial clearance of a finding with some outstanding action remaining, this action has to be identified.

NO:

FINDING

LEVEL

OUTSTANDING ACTION

CLEARANCE

DATE

REP.REF.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

NAME & SIGNATURE OF SURVEYOR:      Date:

 

EASA Form 56 Issue 3 - POAT Recommendation Report POA Audit Report - Part 4 of 5, Page 1 of 2 MONTH YEAR

PART FOUR OF FIVE (CONTINUED):    Sheet ___ of ___

SURVEY REFERENCE: 

NO:

FINDING

LEVEL

OUTSTANDING ACTION

CLEARANCE

DATE

REP.REF.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

NAME & SIGNATURE OF SURVEYOR:      Date:

 

EASA Form 56 Issue 3 - POAT Recommendation Report POA Audit Report - Part 4 of 5, Page 2 of 2 MONTH YEAR

 

Competent authority

of an EU Member State or

EASA

 

RECOMMENDATION REPORT IN SUPPORT OF Part 21 SUBPART G APPROVAL ISSUE / CONTINUATION / VARIATION/SIGNIFICANT CHANGE

 

PART FIVE OF FIVE PARTS: Part 21 SUBPART G APPROVAL RECOMMENDATION

 

Name of organisation:

 

 

Approval reference: _______________ Survey reference: _______________

 

 

 

Recommendation for issue / variation of approval/significant change:

 

The following Part 21 Subpart G Terms of approval are recommended for the above organisation at the address(es) specified in Part 1 of this report:

 

or

 

Recommendation for continuation of existing approval:

 

It is recommended that the Part 21 Subpart G Terms of approval identified in EASA Form 55 referenced

 

_______________ be continued.

 

 

 Reporting performed according to procedure for authority surveillance of suppliers of a POA holder located in other Member States, if applicable (Strict confidentiality to be observed)

 

 

Name of competent authority surveyor making recommendation:

 

 

Signature of the competent authority surveyor:

 

 

Competent authority office:     Date:

 

EASA Form 56 Issue 3 - POAT Recommendation Report POA Audit Report - Part 5 of 5, Page 1 of 1 MONTH YEAR

[This GM will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

GM No 3 to 21.B.220(c) Procedures for investigation – POA applications received from organisations with facilities/partners/ suppliers/sub-contractors located in a third country

ED Decision 2012/020/R

The obligations of the applicant are totally independent from the surveillance exercised by the competent authority. It is not acceptable that the applicant relies on surveillance activities of the competent authority to simplify its tasks.

Facilities located in a third country

When any part of the production facilities of an applicant for POA is located outside the Member States, then the location will be treated in all aspects as part of the applicant’s POA organisation.

Therefore the investigating competent authority will:

a) include the facilities outside the Member States fully in their investigation and surveillance activities for the applicant for, or holder of, the POA

b) include the facilities outside the Member States in the terms of approval of the EASA Form 55 (see Annex I Part 21 Appendix X) when issuing the POA.

Partners/suppliers/sub-contractors located in a third country

The competent authority should define on the basis of Part 21, its associated CS and GM, a clear procedure on supplier control. This procedure should include the control of partners/suppliers/sub-contractors of the applicant for, or holder of, a POA that are located outside the Member States.

In respect of the applicant for, or holder, of the POA, the competent authority should:

1) investigate, for the initial approval and consequent continued surveillance, the production organisation, and its partners/suppliers/sub-contractors at the necessary level to ensure the organisation can comply with the requirements of Part 21,

2) in accordance with the competent authority procedure, assess and accept the documented procedure for supplier control as part of the POA holder’s quality system, and changes to that procedure prior to implementation,

3) in accordance with competent authority procedure, assess the necessary level of surveillance to be exercised by the production organisation on partners / suppliers / sub-contractors and check the audit plan of the production organisation against this level.

The level of co-operation between the competent authority and the competent authority of the third country where a partner/supplier/sub-contractor of the production organisation is located may influence the authorities’ activities concerning this partner/supplier/sub-contractor. Co-operation with the competent authority of the third country should be based on the capability and goodwill of that authority, and a complete interchange of necessary information.

The involvement of this competent authority of the third country in the surveillance of the partner/supplier/sub-contractor will be based on the following principles:

      When a recognition agreement under Article 12 of Regulation (EC) No 216/2008 covering production subjects has been concluded:

a) The competent authority in accordance with GM No 2 to 21.A.139(a) may decide that direct surveillance of the POA holder activities at the foreign location may not be necessary.

b) In any other case, provisions of the recognition agreement on the subject apply (technical assistance, ...).

      If a recognition agreement has not been concluded, or it does not cover production subjects, it may be necessary that the competent authority of the Member State, the Agency, and the competent authority of a third country enter into a specific working arrangement addressing the following matters:

a) acceptance by the competent authority of the third country of conducting manufacturing surveillance of the relevant production activities on behalf of the competent authority, under the respective quality standards defined by the competent authority.

b) tasks to be performed

c) practical methods

These arrangements are between authorities and do not relieve the applicant of its obligations.

      In all cases, even though surveillance tasks are delegated to the competent authority of the third country, the competent authority remains the responsible authority and may consequently exercise direct surveillance if necessary.

      In case that it is not possible to delegate surveillance tasks to the competent authority of the third country, the competent authority will have to establish a direct surveillance program in accordance with its procedure concerning supplier control as part of the overall surveillance of the POA holder.

[This GM will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

GM No 4 to 21.B.220(c) Procedures for investigation – Competent authority surveillance of suppliers of a POA holder located in other Member States

ED Decision 2012/020/R

1. The aviation legislation identifies specific State obligations in relation to complete products:

State of manufacture, as used in ICAO Annex 8, normally identifies the country where the final assembly and the final determination of airworthiness is made. However, sub-assemblies and parts may be produced by POA holders in other countries and the EASA Form 1 - Authorised Release Certificate will identify those countries as the location for production.

Among Member States the obligations of the State of manufacture may be discharged through the use of the Part 21 POA system.

According to Part 21 Subpart G, each POA holder must have established and documented in its POE a system for its own control of suppliers/supplies. Surveillance of this system is part of the responsibility of the competent authority of the POA holder wherever the suppliers are located.

This surveillance may be exercised through the POA holder and/or at supplier level especially in the cases where the supplier would be eligible for its own POA.

The purpose of this procedure is to ensure the completeness of the responsibilities chain so that no separate technical agreement between these national authorities is necessary and when necessary to establish a means of communication between the involved competent authorities of the Member States.

2. Principle to organise competent authority supplier surveillance between Member States:

In order to avoid duplication and to take the best advantage of Regulation (EC) No 216/2008 that establishes under Article 11 mutual recognition of certificates issued by production organisations approved in accordance with Part 21 Section A Subpart G by an Member State, the principle for the competent authority surveillance of the suppliers of a POA holder located in other Member States is for the responsible competent authority to delegate surveillance activity to the other competent authority of the supplier.

This applies between Member States and for suppliers holding a Part 21 POA.

Delegation of surveillance tasks does not imply a delegation of the overall responsibility, therefore the competent authority of the contractor always retains the right of direct supervision at the supplier location especially when serious quality problems are encountered. In such a case, co-ordination will be organised between both competent authorities.

This delegation of surveillance is to be considered automatic as soon as the supplier holds a Part 21 POA provided that the intended supply is included in the approved scope of work. Evidence of that approval will normally be found through the release of the supplied parts with an EASA Form 1. In addition, the competent authority of the supplier should immediately inform the competent authority of the contractor in case of a serious quality problem.

In the cases where the competent authority of the contractor considers that it is necessary to establish closer ties with the competent authority of the supplier (i.e., critical or significant parts) exchange of information between the competent authorities should be organised as follows:

2.1 Tasks of the competent authority of the POA contractor

 The competent authority of the contractor should inform in writing the competent authority of the sub-contractor with the following:

a. Identification (and location) of the contractor

b. Identification (and location) of the sub-contractor

c. Identification of the subcontracting (parts, contract N°, etc.)

d. Reference to the quality requirements attached to the contract

e. Name and address of the competent authority office/person in charge of the POA

f. Whether Direct Delivery Authorisation (DDA) applies

g. Any specific action item/requirement from the competent authority

h. Request for a bi-annual reporting (both ways).

EASA Form 58A is provided for convenience of the competent authority for this purpose.

The competent authority of the contractor should require that the contract/order from the contractor to the sub-contractor should indicate that it is placed under the surveillance of its competent authority on behalf of the competent authority of the contractor and should address the subject to the payment of the possible surveillance fees.

2.2 Tasks of the competent authority of the supplier (sub-contractor)

 On receipt of the information from the competent authority of the contractor, the competent authority of the sub-contractor should:

       Verify that the scope of work of the POA of the supplier covers the intended supply (or envisage to extend it in liaison with the supplier).

       Verify that the specific quality requirements for the parts have been introduced in the quality system of the supplier.

       Confirm to the competent authority of the contractor that the procurement is included in the POA of the supplier and that their surveillance will cover this activity.

       Indicate the name and address of the competent authorities office/person in charge of the POA.

 If the supplier has no POA under Part 21, or does not want to extend it, and/or if its competent authority cannot conduct surveillance on behalf of the other competent authority, the competent authority of the supplier will inform the competent authority of the contractor in order for it to decide on appropriate actions.

2.3 Exchange of information between the competent authorities

This information should normally take two forms:

       Immediate exchange of information between both competent authorities in case of serious quality problems;

       A bi-annual exchange of information at a given date in order to guarantee proper on going control of the subcontract by both competent authorities.

This information should cover in a concise form:

a) For the competent authority of the contractor:

       A resume of the quality problems encountered by the contractor, on receipt inspection, on installation on aircraft or on in service aircraft;

       A status of the reference documents.

b) For the competent authority of the sub-contractor:

       A resume of at least the following subjects:

       Changes in organisation and qualification of the sub-contractor.(in case of impact on the procurement),

       Quality problems encountered during manufacture,

       Corrective actions following problems encountered earlier on the procurement,

       Findings from national authorities surveillance that may have an impact on the procurement,

       Quality problems related to the contractor procurement (materials, documentation, procedures, processes).

Exchange of information between national authorities according to this procedure is strictly confidential and should not be disclosed to other parties.

It is recommended to plan at least every 5 years a meeting between Industry and the two national authorities to review each major subcontract to verify proper management by the various parties involved.

3. Miscellaneous

a) Release documentation

Release of parts by the POA sub-contractor to the contractor will be accompanied by an «Authorised Release Certificate EASA Form 1» issued for «Airworthiness» or for «Conformity» as appropriate.

b) Sub-subcontracting

If the sub-contractor wants itself to subcontract, it is up to the competent authority of the sub-contractor to verify that this is done in accordance with the conditions of the contract, to organise as necessary the related authority surveillance and to inform the competent authority of the contractor.

c) Language

Except if agreed otherwise it is recommended to use the English language for exchange of information between the competent authorities.

 

Competent authority

of an EU Member State or

EASA

 

REQUEST FOR REPORTING ON SUB-CONTRACTOR SURVEILANCE

Document reference number:

<REQUEST REF. NO.>

As competent authority which issued a POA to: 

<CONTRACTOR COMPANY>

With approval reference:

<CONTRACTOR POA REF. NO..>

The <COMPETENT AUTHORITY> has determined that there is a need for direct authority supplier surveillance of:

<SUB-CONTRACTOR COMPANY>

With approval reference:

<SUB-CONTRACTOR POA REF.NO.>

Which is situated in:

<COUNTRY OF SUB-CONTRACTOR COMPANY>

As part of the surveillance as required for the Part 21 Section A Subpart G approved production organisation, according to GM No. 4 to 21.B.220(c) the competent authority of the sub-contractor is requested to perform authority surveillance on the specific sub assemblies and parts as details and requirements are defined below.

Identification of subcontracting (parts, contract No., …):

 

Reference to the quality requirements attached to the contract between contractor and sub-contractor:

 

Name and address of the requesting competent authority office/person in charge of the POA:

 

Direct Delivery Authorisation (DDA) applies:

   Yes   No

Specific action item/requirement from the competent authority of the contractor:

 

Request and details required for a bi-annual reporting (both ways) according to GM No. 4 to 21.B.220(c)

(Strict confidentiality to be observed):

 

Name and signature of competent authority person making the request:

 

Competent authority office:

Date:

EASA Form 58A – Request for reporting on sub-contractor surveillance, Page x of x

 

Competent authority

of an EU Member State or

EASA

 

REPORT ON SUB-CONTRACTOR SURVEILLANCE

Document reference number:

<REPORT REF. NO.>

Reporting request reference number:

< REQUEST REF. NO >

As responsible competent authority the <COMPETENT AUTHORITY> issued a POA to and is performing direct authority surveillance of:

<SUB-CONTRACTOR COMPANY>

With approval reference:

<SUB-CONTRACTOR POA REF. NO..>

Which is a subcontracted supplier of:

<CONTRACTOR COMPANY>

With approval reference :

<CONTRACTOR POA REF.NO.>

Which is situated in:

<COUNTRY OF CONTRACTOR COMPANY>

According to GM No. 4 to 21.B.220(c) and on request of the competent authority of the contractor company the <COMPETENT AUTHORITY> reports on the results of its authority surveillance on the specific parts and appliances defined below:

Identification of subcontracting (parts, contract No., …):

 

Identification of attachments to this report (if needed):

 

Date and identification of previous report:

 

Resume of surveillance results:

 

Changes in organisation and qualification of the sub-contractor. (in case of impact on the procurement):

 

Quality problems encountered during manufacture:

 

Corrective actions following problems encountered earlier on the procurement:

 

Findings from competent authority surveillance that may have an impact on the procurement:

 

Quality problems related with the contractor procurement (materials, documentation, procedures, processes):

 

Note: Exchange of information between national authorities according to this procedure is strictly confidential and should not be disclosed to other parties.

Name and signature of competent authority person reporting:

Competent authority office:

Date:

EASA Form 58B – Report on sub-contractor surveillance, Page x of x

[This GM will be updated with an upcoming ED Decision - 21.B.220 amended with Regulation (EU) 2022/203]

21.B.221 Oversight principles

Regulation (EU) 2022/203

(a) The competent authority shall verify:

1. compliance with the requirements that are applicable to organisations, prior to issuing the production organisation approval certificate;

2. continued compliance with the applicable requirements of the organisations it has certified;

3. the implementation of appropriate safety measures mandated by the competent authority according to points 21.B.20(c) and (d).

(b) This verification shall:

1. be supported by documentation specifically intended to provide personnel responsible for oversight with guidance to perform their functions;

2. provide the organisations concerned with the results of oversight activities;

3. be based on assessments, audits, inspections and, if needed, unannounced inspections;

4. provide the competent authority with the evidence needed in case further action is required, including the measures provided for in point 21.B.225.

(c) The competent authority shall establish the scope of the oversight defined in points (a) and (b) taking into account the results of past oversight activities and the safety priorities.

(d) If the facilities of an organisation are located in more than one State, the competent authority, as defined in point 21.1, may agree to have the oversight tasks performed by the competent authority(ies) of the Member State(s) where the facilities are located, or by the Agency for facilities that are located outside a territory for which Member States are responsible under the Chicago Convention. Any organisation that is subject to such an agreement shall be informed of its existence and of its scope.

(e) For any oversight activities that are performed at facilities located in a Member State other than where the organisation has its principal place of business, the competent authority, as defined in point 21.1, shall inform the competent authority of that Member State before performing any on-site audit or inspection of the facilities.

(f) The competent authority shall collect and process any information deemed necessary for performing oversight activities.

21.B.222 Oversight programme

Regulation (EU) 2022/203

(a) The competent authority shall establish and maintain an oversight programme covering the oversight activities required by point 21.B.221(a).

(b) The oversight programme shall take into account the specific nature of the organisation, the complexity of its activities, the results of past certification and/or oversight activities, and it shall be based on the assessment of the associated risks. It shall include, within each oversight planning cycle:

1. assessments, audits and inspections, including, as appropriate:

(i) management system assessments and process audits;

(ii) product audits of a relevant sample of the products, parts and appliances that are within the scope of the organisation;

(iii) sampling of the work performed; and

(iv) unannounced inspections;

2. meetings convened between the accountable manager and the competent authority to ensure that both parties remain informed of all significant issues.

(c) The oversight planning cycle shall not exceed 24 months.

(d) Notwithstanding point (c), the oversight planning cycle may be extended to 36 months if the competent authority has established that during the previous 24 months:

1. the organisation has demonstrated that it can effectively identify aviation safety hazards and manage the associated risks;

2. the organisation has continuously demonstrated compliance with points 21.A.147 and 21.A.148 and it has full control over all changes to the production management system;

3. no level 1 findings have been issued;

4. all corrective actions have been implemented within the time period that was accepted or extended by the competent authority as defined in point 21.B.225.

Notwithstanding point (c), the oversight planning cycle may be further extended to a maximum of 48 months if, in addition to the conditions provided in points (1) to (4) above, the organisation has established, and the competent authority has approved, an effective continuous system for reporting to the competent authority on the safety performance and regulatory compliance of the organisation itself.

(e) The oversight planning cycle may be reduced if there is evidence that the safety performance of the organisation has decreased.

(f) The oversight programme shall include records of the dates when assessments, audits, inspections and meetings are due, and when assessments, audits, inspections and meetings have been effectively carried out.

(g) At the completion of each oversight planning cycle, the competent authority shall issue a recommendation report on the continuation of the approval, reflecting the results of the oversight.

21.B.225 Findings and corrective actions; observations

Regulation (EU) 2022/203

(a) The competent authority shall have a system in place to analyse findings for their safety significance.

(b) A level 1 finding shall be issued by the competent authority when any significant non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the certificate including the terms of approval which lowers safety or seriously endangers flight safety.

The level 1 findings shall also include:

1. any failure to grant the competent authority access to the organisation’s facilities referred to in point 21.A.9 during normal operating hours and after two written requests;

2. obtaining the production organisation approval certificate or maintaining its validity by falsification of the submitted documentary evidence;

3. any evidence of malpractice or fraudulent use of the production organisation approval certificate; and

4. failure to appoint an accountable manager pursuant to point 21.A.245(a)

(c) A level 2 finding shall be issued by the competent authority when any non-compliance is detected with the applicable requirements of Regulation (EU) 2018/1139 and its delegated and implementing acts, with the organisation’s procedures and manuals, or with the certificate including the terms of approval, which is not classified as a level 1 finding.

(d) When a finding is detected during oversight or by any other means, the competent authority shall, without prejudice to any additional action required by Regulation (EU) 2018/1139 and its delegated and implementing acts, communicate in writing the finding to the organisation and request corrective action to address the non-compliance(s) identified. Where a level 1 finding directly relates to an aircraft, the competent authority shall inform the competent authority of the Member State in which the aircraft is registered.

1. If there are any level 1 findings, the competent authority shall take immediate and appropriate action to prohibit or limit the activities of the organisation involved and, if appropriate, it shall take action to revoke the production organisation approval certificate or to limit or suspend it in whole or in part, depending upon the extent of the level 1 finding, until successful corrective action has been taken by the organisation.

2. If there are any level 2 findings, the competent authority shall:

(i) grant the organisation a corrective action implementation period that is appropriate to the nature of the finding, and that in any case shall initially not be more than 3 months. The period shall commence from the date of the written communication of the finding to the organisation requesting corrective action to address the non-compliance identified. At the end of this period, and subject to the nature of the finding, the competent authority may extend the 3‑month period provided that a corrective action plan has been agreed by the competent authority;

(ii) assess the corrective action and implementation plan proposed by the organisation, and if the assessment concludes that they are sufficient to address the non-compliance, accept them;

(iii) if the organisation fails to submit an acceptable corrective action plan, or fails to perform the corrective action within the time period accepted or extended by the competent authority, the finding shall be raised to level 1 and action shall be taken as laid down in point (d)(1).

(e) The competent authority may issue observations for any of the following cases not requiring level 1 or level 2 findings:

1. for any item whose performance has been assessed to be ineffective; or

2. when it has been identified that an item has the potential to cause a non-compliance under points (b) or (c); or

3. when suggestions or improvements are of interest for the overall safety performance of the organisation.

The observations issued under this point shall be communicated in writing to the organisation and recorded by the competent authority.

GM 21.B.225(a) Objective evidence

ED Decision 2012/020/R

Objective evidence is a fact which is, or can be documented, based on observations, measurements or tests that can be verified. Objective evidence generally comes from the following:

a) documents or manuals

b) examination of equipment/products

c) information from interview questions and observations of POA activities.

AMC 21.B.225(a) Notification of findings

ED Decision 2012/020/R

In case of a level one finding confirmation must be obtained in a timely manner that the accountable manager received the letter containing details of the level one finding and the approval suspension details.

A level two finding requires timely and effective handling by the competent authority to ensure completion of the corrective action. This includes intermediate communication, including reminding letters as necessary, with the POA holder to verify that the corrective action plan is followed.

21.B.240 Changes in production management system

Regulation (EU) 2022/203

(a) Upon receiving an application for a significant change to the production management system, the competent authority shall verify the organisation’s compliance with the applicable requirements of this Annex before issuing the approval.

(b) The competent authority shall establish the conditions under which the organisation may operate during the evaluation of a change unless the competent authority determines that the production organisation approval certificate needs to be suspended.

(c) When it is satisfied that the organisation complies with the applicable requirements, the competent authority shall approve the change.

(d) Without prejudice to any additional enforcement measures, if the organisation implements a significant change to the production management system without having received the approval of the competent authority pursuant to point (c), the competent authority shall consider the need to suspend, limit or revoke the organisation’s certificate.

(e) For non-significant changes to the production management system, the competent authority shall include the review of such changes in its continuing oversight in accordance with the principles set forth in point 21.B.221. If any non-compliance is found, the competent authority shall notify the organisation, request further changes and act in accordance with point 21.B.225.

AMC-ELA No 1 to 21.B.240  Amendment of a production organisation approval

ED Decision 2019/003/R

The competent authority should conduct adequate investigations in accordance with AMC-ELA No 1 to 21.B.220(c) prior to an amendment of the POA that is classified as a significant change. Refer to GM-ELA No 1 to 21.A.147.

Minor changes are monitored by the competent authority in the course of the regularly scheduled surveillance activities.

GM1 21.A.139, 21.A.239, 21.B.120, 21.B.140, 21.B.220, and 21.B.240 The use of information and communication technologies (ICT) for performing remote audits

ED Decision 2022/021/R

This GM provides technical guidance on the use of remote information and communication technologies (ICT) to support:

      competent authorities when overseeing regulated organisations;

      regulated organisations when conducting internal audits / monitoring compliance of their organisation with the relevant requirements, and when evaluating vendors, suppliers and subcontractors.

In the context of this GM:

      ‘remote audit’ means an audit that is performed with the use of any real-time video and audio communication tools in lieu of the physical presence of the auditor on-site; the specificities of each type of approval / letter of agreement (LoA) need to be considered in addition to the general overview (described below) when applying the ‘remote audit’ concept;

      ‘auditing entity’ means the competent authority or organisation that performs the remote audit;

      ‘auditee’ means the entity being audited/inspected (or the entity audited/inspected by the auditing entity via a remote audit);

It is the responsibility of the auditing entity to assess whether the use of remote ICT constitutes a suitable alternative to the physical presence of an auditor on-site in accordance with the applicable requirements.

The conduct of a remote audit

The auditing entity that decides to conduct a remote audit should describe the remote audit process in its documented procedures and should consider at least the following elements:

      The methodology for the use of remote ICT is sufficiently flexible and non-prescriptive in nature to optimise the conventional audit process.

      Adequate controls are defined and are in place to avoid abuses that could compromise the integrity of the audit process.

      Measures to ensure that the security and confidentiality are maintained throughout the audit activities (data protection and intellectual property of the organisation also need to be safeguarded).

Examples of the use of remote ICT during audits may include but are not limited to:

      meetings by means of teleconference facilities, including audio, video and data sharing;

      assessment of documents and records by means of remote access, in real time;

      recording, in real time during the process, of evidence to document the results of the audit, including non-conformities, by means of exchange of emails or documents, instant pictures, video or/and audio recordings;

      visual (livestream video) and audio access to facilities, stores, equipment, tools, processes, operations, etc.

An agreement between the auditing entity and the auditee should be established when planning a remote audit, which should include the following:

      determining the platform for hosting the audit;

      granting security and/or profile access to the auditor(s);

      testing platform compatibility between the auditing entity and the auditee prior to the audit;

      considering the use of webcams, cameras, drones, etc., when the physical evaluation of an event (product, part, process, etc.) is desired or is necessary;

      establishing an audit plan which will identify how remote ICT will be used and the extent of their use for the audit purposes to optimise their effectiveness and efficiency while maintaining the integrity of the audit process;

      if necessary, time zone acknowledgement and management to coordinate reasonable and mutually agreeable convening times;

      a documented statement of the auditee that they shall ensure full cooperation and provision of the actual and valid data as requested, including ensuring any supplier or subcontractor cooperation, if needed; and

      data protection aspects.

The following equipment and set-up elements should be considered:

      the suitability of video resolution, fidelity, and field of view for the verification being conducted;

      the need for multiple cameras, imaging systems, or microphones, and whether the person that performs the verification can switch between them, or direct them to be switched and has the possibility to stop the process, ask a question, move the equipment, etc.;

      the controllability of viewing direction, zoom, and lighting;

      the appropriateness of audio fidelity for the evaluation being conducted; and

      real-time and uninterrupted communication between the person(s) participating to the remote audit from both locations (on-site and remotely).

When using remote ICT, the auditing entity and the other persons involved (e.g. drone pilots, technical experts) should have the competence and ability to understand and utilise the remote ICT tools employed to achieve the desired results of the audit(s)/assessment(s). The auditing entity should also be aware of the risks and opportunities of the remote ICT used and the impacts they may have on the validity and objectivity of the information gathered.

Audit reports and related records should indicate the extent to which remote ICT have been used in conducting remote audits and the effectiveness of remote ICT in achieving the audit objectives, including any item that it has not been able to be completely reviewed.

AMC-ELA No 1 to 21.B.245  Suspension and revocation of a production organisation approval [not applicable from 7 March 2023]

ED Decision 2019/003/R

If there is a level 1 finding and the competent authority intends to limit the production organisation approval (POA), the competent authority should not limit the possibility for the manufacturer to issue or release conformity certificates unless it is absolutely necessary to do so. In that case, the competent authority may apply conditions for the issue or release of conformity certificates.

[not applicable from 7 March 2023 - will be deleted with an upcoming ED Decision - 21.B.245 deleted with Regulation (EU) 2022/203]