ATM/ANS.OR.B.001 Technical and operational competence and capability
Regulation (EU) 2017/373
A service provider shall ensure that it is able to provide its services in a safe, efficient, continuous and sustainable manner, consistent with any foreseen level of overall demand for a given airspace. To this end, it shall maintain adequate technical and operational capacity and expertise.
GM1 ATM/ANS.OR.B.001 Technical and operational competence and capability
ED Decision 2017/001/R
TECHNICAL AND OPERATIONAL CAPACITY
Technical and operational capacity should include a sufficient number of personnel to perform its tasks and discharge its responsibilities.
ATM/ANS.OR.B.005 Management system
Regulation (EU) 2017/373
(a) A service provider shall implement and maintain a management system that includes:
(1) clearly defined lines of responsibility and accountability throughout its organisation, including a direct accountability of the accountable manager;
(2) a description of the overall philosophies and principles of the service provider with regard to safety, quality, and security of its services, collectively constituting a policy, signed by the accountable manager;
(3) the means to verify the performance of the service provider's organisation in light of the performance indicators and performance targets of the management system;
(4) a process to identify changes within the service provider's organisation and the context in which it operates, which may affect established processes, procedures and services and, where necessary, change the management system and/or the functional system to accommodate those changes;
(5) a process to review the management system, identify the causes of substandard performance of the management system, determine the implications of such substandard performance, and eliminate or mitigate such causes;
(6) a process to ensure that the personnel of the service provider are trained and competent to perform their duties in a safe, efficient, continuous and sustainable manner. In this context, the service provider shall establish policies for the recruitments and training of its personnel;
(7) a formal means for communication that ensures that all personnel of the service provider are fully aware of the management system that allows critical information to be conveyed and that makes it possible to explain why particular actions are taken and why procedures are introduced or changed.
(b) A service provider shall document all management system key processes, including a process for making personnel aware of their responsibilities, and the procedure for the amendment of those processes.
(c) A service provider shall establish a function to monitor compliance of its organisation with the applicable requirements and the adequacy of the procedures. Compliance monitoring shall include a feedback system of findings to the accountable manager to ensure effective implementation of corrective actions as necessary.
(d) A service provider shall monitor the behaviour of its functional system and, where underperformance is identified, it shall establish its causes and eliminate them or, after having determined the implication of the underperformance, mitigate its effects.
(e) The management system shall be proportionate to the size of the service provider and the complexity of its activities, taking into account the hazards and associated risks inherent in those activities.
(f) Within its management system, the service provider shall establish formal interfaces with the relevant service providers and aviation undertakings in order to:
(1) ensure that the aviation safety hazards entailed by its activities are identified and evaluated, and the associated risks are managed and mitigated as appropriate;
(2) ensure that it provides its services in accordance with the requirements of this Regulation.
(g) In the case that the service provider holds also an aerodrome operator certificate, it shall ensure that the management system covers all activities in the scope of its certificates.
GM1 ATM/ANS.OR.B.005 Management system
ED Decision 2020/008/R
DEFINITIONS AND CONCEPT OF MANAGEMENT SYSTEM
(a) ISO 9000 series of standards define a management system as a 'set of interrelated or interacting elements to establish policy and objectives and to achieve those objectives'.
(b) Another available definition of management system is the following: ‘The structure, processes and resources needed to establish an organisation's policy and objectives and to achieve those objectives.'
(c) Traditionally, separate management systems were developed to address issues such as safety, quality, environment, health and safety, finance, human resources, information technology and data protection. However, it is foreseen that more and more the services providers will establish integrated management systems following the harmonised set of requirements in this Regulation.
(d) The Regulation does not require that the different management systems are integrated but it facilitates their integration.
GM2 ATM/ANS.OR.B.005 Management system
ED Decision 2017/001/R
RELATIONSHIP BETWEEN THE TYPE OF SERVICE AND SAFETY MANAGEMENT — QUALITY MANAGEMENT
(a) All service providers are required to establish and maintain a management system. However, only an air traffic services provider can have managerial control over functions directly affecting the safety of the flight (e.g. the ATCO to separate aircraft from each other). Hence, the management system requirements in Annex III, which apply to all service providers, are more broadly associated with the quality of the service rather than the safety of the service. Annex IV (Part-ATS) has specific safety management requirements for the provision of air traffic services. Therefore, only the air traffic services provider (that providing air traffic control, alerting service, air traffic advisory service or flight information service) is required to have a safety management system and undertake safety assessment of changes to the functional system.
(b) Service providers other than the air traffic services provider can still affect the safety of the flight through functions or services they provide, but this will always be influenced by the way in which the air traffic services provider or airspace user are using those functions or services. Therefore, service providers other than air traffic services providers have a management system which manages the performance of service (rather than the safe use of their services for flight navigation and the control which is beyond the managerial control of the service provider). This performance of the service refers to such properties of the service provided such as accuracy, reliability, integrity, availability, timeliness, etc.
(c) It is quite likely that air traffic services providers have contractual arrangements in place with other service providers, whose services they use, specifying the required performance and requiring the service provider to inform, in a timely manner, the air traffic services provider of any impact on the performance of services supplied.
(d) When the service provider other than an air traffic services provider provides services or functions directly to a flight (e.g. MET) without involving air traffic services, then the safe use of those services is the responsibility of the users of those services.
(e) When the air traffic services provider also provides other services, it may choose to combine the necessary performance and safety management activities into an integrated management system covering all services.
AMC1 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
An ISO 9001 certificate, issued by an appropriately accredited organisation, addressing the quality management elements required in this Subpart should be considered a sufficient means of compliance for the service provider. In this case, the service provider should accept the disclosure of the documentation related to the certification to the competent authority upon the latter’s request.
GM1 to AMC1 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
GENERAL
ISO 9001 Certificate(s) covers (cover) the quality management elements of the management system. Other elements required by this Regulation in reference to the management system that are not covered by the ISO 9001 certificate issued by an appropriately accredited organisation should be subject to oversight by the competent authority.
GM2 to AMC1 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
GENERAL — FOR ATS PROVIDERS
An ISO 9001 certificate may not give the presumption of compliance with the provisions of ATS.OR.200 ‘Safety management system’.
AMC2 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
GENERAL — TYPE 1 DAT PROVIDERS
An ISO 9001 or EN 9100 certificate issued by an appropriately accredited organisation addressing the quality management elements required in the respective Subparts should be considered a sufficient means of compliance for the Type 1 DAT provider. In this case, the Type 1 DAT provider should accept the disclosure of the documentation related to the certification to the competent authority upon its request.
GM1 to AMC2 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
GENERAL — TYPE 1 DAT PROVIDERS
ISO 9001/EN 9100 Certificate(s) covers (cover) the quality management elements of the management system. Other elements required by this Regulation in reference to the management system that are not covered by the ISO 9001/EN 9100 certificate issued by an appropriately accredited organisation should be subject to oversight by the competent authority.
AMC3 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
GENERAL — TYPE 2 DAT PROVIDERS
An EN 9100 certificate issued by an appropriately accredited organisation addressing the quality management elements required in the respective Subparts should be considered as a sufficient means of compliance for the Type 2 DAT provider. In this case, the Type 2 DAT provider should accept the disclosure of the documentation related to the certification to the competent authority upon its request.
GM1 to AMC3 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
EN 9100 CERTIFICATE — TYPE 2 DAT PROVIDERS
EN 9100 Certificate(s) covers (cover) the quality management elements of the management system. Other elements required by this Regulation in reference to the management system that are not covered by EN 9100 certificate issued by an appropriately accredited organisation should be subject to oversight by the competent authority.
AMC4 ATM/ANS.OR.B.005(a) Management system
ED Decision 2017/001/R
GENERAL — NON-COMPLEX SERVICE PROVIDERS
(a) The policy should include a commitment to improve towards the highest standards, comply with all the applicable legal requirements, meet all the applicable standards, consider the best practices, and provide the appropriate resources.
(b) The compliance monitoring task may be exercised by the accountable manager, provided that he or she has demonstrated having the related competence as defined in point (b)(4) of GM1 ATM/ANS.OR.B.005(c).
(c) Risk management may be performed using hazard checklists or similar risk management tools or processes, which are integrated into the activities of the service provider.
(d) A service provider should manage associated risks related to changes, as applicable. Management of changes should be a documented process to identify external and internal changes.
(e) A service provider should identify persons who fulfil the role of managers and who are responsible with regard to safety, quality and security of its services, as applicable. These persons may be accountable managers or individuals with an operational role in the service provider.
GM1 ATM/ANS.OR.B.005(a)(1) Management system
ED Decision 2017/001/R
RESPONSIBILITIES AND ACCOUNTABILITIES
(a) Senior management should ensure that responsibilities and accountabilities are defined and communicated within the service provider and documented within the management system. In the context of this rule, ‘responsibilities’ refers to obligations that can be delegated and ‘accountabilities’ refers to obligations that cannot be delegated.
(b) The appointment of an accountable manager who is given the required authorities and responsibilities, requires that the individual has the necessary attributes to fulfil the role. The accountable manager may have more than one function in the organisation. Nonetheless, the accountable manager’s role is to ensure that the management system is properly implemented and maintained through the allocation of resources and tasks.
AMC1 ATM/ANS.OR.B.005(a)(2) Management system
ED Decision 2017/001/R
(a) The policy should:
(1) be signed by the accountable manager;
(2) reflect organisational commitments regarding performance of its services and safety, where applicable, and its proactive and systematic management;
(3) include reporting principles; and
(4) include a commitment to:
(i) improve towards the highest performance standards so as to support the achievement of the highest level of safety;
(ii) comply with all applicable legislation and requirements, meet all applicable standards and consider best practices;
(iii) continually improve the effectiveness of the management system;
(iv) provide appropriate resources;
(v) enforce the performance of the service required to support the achievement of the highest level of safety in the airspace where the service is provided as one primary responsibility of all managers; and
(vi) that the purpose of reporting is improvement and not to apportion blame to individuals.
(b) Senior management should:
(1) ensure that the policy:
(i) is appropriate to the purpose of service providers;
(ii) provides a framework for establishing and reviewing objectives in relation to the provision of the service;
(iii) is communicated and understood within the service provider; and
(iv) is reviewed for continuing suitability;
(2) continually promote the policy to all personnel and demonstrate their commitment to it;
(3) provide necessary and appropriate human and financial resources for its implementation; and
(4) establish objectives in relation to the provision of the services and performance standards.
GM1 ATM/ANS.OR.B.005(a)(2) Management system
ED Decision 2017/001/R
POLICY FOR AIR TRAFFIC SERVICES PROVIDERS VS POLICY FOR ALL OTHER SERVICE PROVIDERS
If a service provider does not undertake the provision of air traffic services, then the policy will be recognisable more as a quality policy that is concerned with the performance of the service and conformance to the service provision requirements supporting the achievement of the highest level of safety in the airspace where the service is provided. Should the service provider undertake the provision of air traffic services, then ATS.OR.200 also applies and the policy will need to be expanded to include both the safety and the quality of the service.
GM2 ATM/ANS.OR.B.005(a)(2) Management system
ED Decision 2017/001/R
POLICY — NON-COMPLEX SERVICE PROVIDERS
The policy is the means whereby the service provider states its intention to maintain and, where practicable, improve performance levels in all their activities and to minimise their contribution to the risk of an aircraft accident as far as is reasonably practicable.
GM3 ATM/ANS.OR.B.005(a)(2) Management system
ED Decision 2017/001/R
The policy should actively encourage effective safety reporting and, by defining the line between acceptable performance (often unintended errors) and unacceptable performance (such as negligence, recklessness, violations or sabotage), provide fair protection to reporters. A safety or just culture may not, however, preclude the ‘criminalisation of error’, which is legally, ethically and morally within the sovereign rights of any Member State, provided that European Union law and established international agreements are observed. A judicial investigation, and consequences of some form, may be expected following an accident or serious incident especially if a system failure resulted in lives lost or property damaged, even if no negligence or ill intent existed. A potential issue could, therefore, exist if voluntary hazard reports, which relate to latent deficiencies of a system or its performance, are treated in the same way as those concerning accident and serious incident investigations. The intent of protecting hazard reports should not challenge the legitimacy of a judicial investigation or demand undue immunity.
AMC1 ATM/ANS.OR.B.005(a)(3) Management system
ED Decision 2017/001/R
MANAGEMENT OF METEOROLOGICAL SERVICES PERFORMANCE
(a) The management system of the meteorological service provider should provide users with assurance that the meteorological information supplied complies with the stated requirements in terms of geographical and spatial coverage, format and content, time and frequency of issuance and period of validity, as well as the accuracy of measurements, observations and forecasts.
(b) When the management system indicates that the meteorological information to be supplied to users does not comply with the stated requirements, and automatic error correction procedures are not appropriate, such information should not be supplied to users unless it is validated with the originator.
(c) In regard to the exchange of meteorological information for operational purposes, the management system should include verification and validation procedures and resources for monitoring adherence to the prescribed transmission schedules for individual messages and/or bulletins required to be exchanged as well as the times of their filing for transmission. The management system should be capable of detecting excessive transit times of messages and bulletins received.
AMC2 ATM/ANS.OR.B.005(a)(3) Management system
ED Decision 2017/001/R
SAFETY PERFORMANCE MONITORING AND MEASUREMENT — ATS PROVIDER
(a) Safety performance monitoring and measurement should be the process by which the safety performance of the air traffic services providers is verified in comparison to the safety policy and the safety objectives established by the air traffic services provider.
(b) This process should include:
(1) safety reporting;
(2) safety studies encompassing broad safety concerns;
(3) safety reviews including trends reviews, which would be conducted during introduction and deployment of new technologies, change or implementation of procedures, or in situations of structural change in operations;
(4) safety audits focusing on the integrity of the air traffic services provider’s management system, and periodically assessing the status of safety risk controls; and
(5) safety surveys, examining particular elements or procedures of a specific operation, such as problem areas or bottlenecks in daily operations, perceptions and opinions of operational personnel, and areas of dissent or confusion.
GM1 to AMC2 ATM/ANS.OR.B.005(a)(3) Management system
ED Decision 2017/001/R
SAFETY SURVEYS — COMPLEX AIR TRAFFIC SERVICES PROVIDER
(a) An air traffic services provider should:
(1) initiate safety surveys and ensure that all safety-related activities within its scope are addressed periodically;
(2) appoint an appropriate survey leader and survey team whose expertise is in accordance with the particular requirements of the intended survey, taking due account of the desirability of including staff from outside areas where relevant, and being mindful of the opportunity such an activity provides for staff development and engagement;
(3) define an annual safety survey plan;
(4) take immediate remedial action as soon as any safety-related shortcomings are identified;
(5) ensure that the actions identified in the action plans are carried out within the specified timescales; and
(6) ensure that examples of lesson learning and good practice arising from safety surveys are disseminated and acted upon.
(b) The survey leader should:
(1) carry out the survey;
(2) record the results;
(3) make recommendations; and
(4) agree actions with the relevant operational management.
(c) The survey team should assist the survey leader in fulfilling their responsibilities as determined by the survey leader.
(d) Safety surveys may be initiated by a number of means such as occurrence reports, safety performance, suggestions from members of staff, etc.
(e) Safety surveys may be documented in a safety survey report which should also contain the specific actions that will be taken to address the recommendations. The actions should specify those responsible for completion and the target dates. The actions should be tracked to closure through an action plan. This action plan may be implemented as part of an existing locally or centrally managed action tracker.
(f) A typical safety survey report would require the following content:
(1) Front sheet:
(i) reference number;
(ii) title;
(iii) survey period;
(iv) team members and team leader; and
(v) survey initiator;
(2) Survey description:
(i) introduction;
(ii) objective;
(iii) scope;
(iv) record of results;
(v) conclusions; and
(vi) recommendations and actions.
(g) Survey leader
The survey leader should be adequately trained and competent for the subject of the survey. Where this is not possible, at least one member of the survey team should be competent in the subject of the survey.
(h) Survey team
It is advantageous for the survey team to be multi-disciplined and, where possible, be drawn from differing parts of the air traffic services provider’s organisation.
GM1 ATM/ANS.OR.B.005(a)(3) Management system
ED Decision 2017/001/R
SAFETY PERFORMANCE MONITORING AND MEASUREMENT — ATS PROVIDER
(a) The means to monitor performance is often through one or more leading or lagging indicators.
(b) Indicators and performance measures provide feedback on what is happening so that the air traffic services provider can take appropriate actions to respond to changing circumstances. The indicators provide information on:
(1) what is happening around the air traffic services provider;
(2) how well the air traffic services provider is doing;
(3) what has happened so far; and
(4) warning of impending problems or dangers that the air traffic services provider may need to take action to avoid.
(c) Although ‘lagging’ performance indicators that measure the final outcomes resulting from the air traffic services provider’s activities are often considered as the most interesting, lagging indicators themselves may not provide enough information to guide the air traffic services provider’s actions and ensure success.
(d) By measuring the inputs to a process, leading performance indicators can complement the use of lagging indicators and compensate for some of their shortcomings. Leading indicators can be used to monitor the effectiveness of control systems and give advance warning of any developing weaknesses before problems occur. One purpose of leading performance indicators is, therefore, to show the condition of systems before accidents, incidents, harm, damage or failure occurs. In this way, they can help to control risks and prevent mishaps.
(e) There is good evidence that when leading performance indicators are used correctly, they are effective in improving performance. However, there is also good evidence that they can be misused.
(f) For leading performance indicators to play an effective role in the improvement process, there should be an association between the inputs that the leading performance indicators measure and the desired lagging outputs. There needs to be a reasonable belief that the actions taken to improve leading performance indicators will be followed by an improvement in the associated lagging output indicators.
(g) The process for effective use of leading performance indicators can be summarised as:
(1) Identify where there are potential weaknesses or opportunities for improvement;
(2) Identify what can be done to counter weaknesses or deliver improvement;
(3) Set performance standards for the actions identified;
(4) Monitor performance against the standards;
(5) Take corrective actions to improve performance; and
(6) Repeat the process by using the following continuous improvement model:
(h) For any performance indicator to be effective, it is important that it is:
(1) objective and easy to measure and collect;
(2) relevant to the air traffic services provider whose performance is being measured;
(3) capable of providing immediate and reliable indications of the level of performance;
(4) cost-efficient in terms of the equipment, personnel and additional technology required to gather the information;
(5) understood and owned by the air traffic services provider whose performance is being measured;
(6) related to activities considered to be important for future performance;
(7) amenable to intervention/influence by the air traffic services provider whose performance is being measured;
(8) related to something where there is scope to improve; and
(9) a clear indication of a means to improve performance.
GM2 ATM/ANS.OR.B.005(a)(3) Management system
ED Decision 2017/001/R
PERFORMANCE MONITORING AND MEASUREMENT — SERVICE PROVIDER OTHER THAN AIR TRAFFIC SERVICES PROVIDER
A performance indicator (PI) is a type of performance measurement. An organisation may use PIs to evaluate its success, or to evaluate the success of a particular activity in which it is engaged. Sometimes success is defined in terms of making progress towards strategic goals, but often success is simply the repeated, periodic achievement of some level of operational goal (e.g. zero defects). Accordingly, choosing the right PIs relies upon a good understanding of what is important to the organisation. Since there is a need to understand well what is important, various techniques to assess the present state of the business, and its key activities, are associated with the selection of PIs. These assessments often lead to the identification of potential improvements, so performance indicators are routinely associated with 'performance improvement' initiatives. When PIs have performance targets associated with them, they are known as key performance indicators (KPIs).
GM1 ATM/ANS.OR.B.005(a)(4) Management system
ED Decision 2017/001/R
IDENTIFICATION OF CHANGES TO FUNCTIONAL SYSTEMS
This process is used by the service provider to correctly identify proposed changes. The changes dealt with in this GM are the proposed changes to the functional system. These can be triggered internally by changing circumstances that are related to the service provider of concern or externally by changing circumstances that are related to others or to the context in which the service operates, i.e. in situations where the service provider does not have managerial control over them. The triggers are called ‘change drivers’.
(a) Identification of internal circumstances
(1) The procedure to identify changes needs to be embedded in all parts of the organisation that can modify the functional system, i.e. the operational system used to support the services provided. Examples of proposed changes to the functional system as a response to changing circumstances under the control of the organisation, therefore, include:
(i) changes to the way the components of the functional system are used;
(ii) changes to equipment, either hardware or software;
(iii) changes to roles and responsibilities of operational personnel;
(iv) changes to operating procedures;
(v) changes to system configuration, excluding changes during maintenance, repair and alternative operations that are already part of the accepted operational envelope;
(vi) changes that are necessary as a result of changing circumstances to the operational context under the managerial control of the provider that can impact the service, e.g. provision of service under new conditions;
(vii) changes that are necessary as a result of changing circumstances to the local physical (operational) environment of the functional system; and
(viii) changes to the working hours and/or shift patterns of key personnel which could impact on the safe delivery of services.
(2) These changes are often identified by the service provider using business processes, which will be used to identify changes planned for the medium and long term. Such processes can include:
(i) annual business plans;
(ii) strategic safety boards;
(iii) equipment replacement projects;
(iv) airspace reorganisation plans;
(v) introduction of new operational concepts, e.g. Free Flight;
(vi) accident and incident investigation reports; and
(vii) safety monitoring and safety surveys.
(b) Identification of external circumstances
The service provider should have processes in place to react appropriately to notifications received from those service providers that supply services to them. In addition, changes to the context that can impact on the service provided and are not under the managerial control of the service provider should be identified and treated as potential triggers. Furthermore, the service provider should negotiate contracts with unregulated service providers in accordance with ATM/ANS.OR.B.015 ‘Contracted activities’ that place a responsibility on such organisations to inform them of planned changes to their services.
AMC1 ATM/ANS.OR.B.005(a)(5) Management system
ED Decision 2017/001/R
ASSESSMENT OF THE MANAGEMENT SYSTEM
(a) Senior management should assess the service provider’s management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness.
(b) The review should include assessing opportunities for improvement and the need for changes to the management system, including the policy and objectives.
(c) Records from management assessments should be maintained.
AMC1 ATM/ANS.OR.B.005(a)(6) Management system
ED Decision 2017/001/R
A service provider should:
(a) determine the necessary competence for personnel performing activities supporting services provision;
(b) where applicable, provide training or take other actions to achieve the necessary competence;
(c) evaluate the effectiveness of the actions taken;
(d) ensure that personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the objectives; and
(e) maintain appropriate records of education, training, skills and experience.
GM1 ATM/ANS.OR.B.005(a)(6) Management system
ED Decision 2022/004/R
TRAINING AND COMPETENCIES— MET PROVIDERS
Information and guidance concerning the qualifications, competencies, education and training of meteorological personnel in aeronautical meteorology are given in the Technical Regulations (WMO No 49), Volume I General Meteorological Standards and Recommended Practices, Part V Qualifications and Competencies of Personnel Involved in the Provision of Meteorological (Weather and Climate) and Hydrological Services; Part VI Education and Training of Meteorological Personnel, Appendix A Basic Instruction Packages, WMO 1083 Guide to the Implementation of Education and Training Standards in Meteorology and Hydrology, Volume I, and WMO 1205 Guide to Competency.
AMC1 ATM/ANS.OR.B.005(a)(7) Management system
ED Decision 2017/001/R
COMMUNICATION RESPONSIBILITIES
The senior management should ensure that appropriate communication processes are established within the service provider and that communication takes place regarding the effectiveness of the management system.
AMC1 ATM/ANS.OR.B.005(b) Management system
ED Decision 2017/001/R
SERVICE PROVIDER’S MANAGEMENT SYSTEM DOCUMENTATION
A service provider’s management system documentation should at least include the following information:
(a) a statement signed by the accountable manager to confirm that the service provider will continuously work in accordance with the applicable requirements and the service provider’s documentation as required by this Part and other applicable Parts;
(b) the service provider’s scope of activities;
(c) the titles and names of nominated postholders referred to in ATM/ANS.OR.B.020(b);
(d) the service provider’s chart showing the lines of responsibility between the persons referred to in ATM/ANS.OR.B.020(b);
(e) a general description and location of the facilities referred to in ATM/ANS.OR.B.025;
(f) procedures describing the function and specifying how the service provider monitors and ensures compliance with the applicable requirements referred to in ATM/ANS.OR.B.005(c); and
(g) the amendment procedure for the service provider’s management system documentation.
GM1 ATM/ANS.OR.B.005(b) Management system
ED Decision 2017/001/R
SERVICE PROVIDER’S MANAGEMENT SYSTEM DOCUMENTATION
(a) It is not required to duplicate information in several manuals. The information may be contained in the service provider’s manuals (e.g. operations manual, training manual), which may also be combined.
(b) A service provider may also choose to document some of the information required to be documented in separate documents (e.g. procedures). In this case, it should ensure that manuals contain adequate references to any document kept separately. Any such documents are then to be considered an integral part of the service provider’s management system documentation.
(c) A service provider’s management system documentation may be included in a separate manual or in (one of) the manual(s) as required by the applicable subpart(s). A cross reference should be included.
AMC1 ATM/ANS.OR.B.005(c) Management system
ED Decision 2017/001/R
COMPLIANCE MONITORING — GENERAL FOR COMPLEX SERVICE PROVIDERS
(a) Compliance monitoring
The implementation and use of a compliance monitoring function should enable the service provider to monitor compliance with the relevant requirements of this Part and other applicable Parts.
(1) A service provider should specify the basic structure of the compliance monitoring function applicable to the activities conducted.
(2) The compliance monitoring function should be structured according to the size of the service provider and the complexity of the activities to be monitored, including those which have been subcontracted.
(b) A service provider should monitor compliance with the procedures they have designed to ensure that services are provided with the required safety levels and quality, as applicable. In doing so, they should as a minimum, and where appropriate, monitor:
(1) manuals, logs, and records;
(2) training standards; and
(3) management system procedures.
(c) Organisational set-up
(1) A person should be responsible for compliance monitoring to ensure that the service provider continues to meet the requirements of this Part and other applicable Parts. The accountable manager should ensure that sufficient resources are allocated for compliance monitoring.
(2) Personnel involved in the compliance monitoring should have access to all parts of service provider and, as necessary, any contracted organisation.
(3) In the case the person responsible for compliance monitoring acts also as safety manager, the accountable manager, with regard to his or her direct accountability for safety, should ensure that sufficient resources are allocated to both functions, taking into account the size of the service provider and the nature and complexity of its activities.
(4) The independence of the compliance monitoring function should be established by ensuring that audits and inspections are carried out by personnel not directly involved in the activity being audited.
(d) Compliance monitoring documentation
(1) Relevant documentation should include relevant part(s) of the service provider’s management system documentation.
(2) In addition, relevant documentation should also include:
(i) terminology;
(ii) specified activity standards;
(iii) a description of the service provider;
(iv) allocation of duties and responsibilities;
(v) procedures to ensure compliance;
(vi) the compliance monitoring programme, reflecting:
(A) the schedule of the monitoring programme;
(B) audit procedures;
(C) reporting procedures;
(D) follow-up and corrective action procedures; and
(E) the record-keeping system;
(vii) the training syllabus referred to in (e)(2); and
(viii) document control.
(e) Training
(1) Correct and thorough training is essential to optimise compliance in every service provider. In order to achieve significant outcomes of such training, the service provider should ensure that all personnel understand the objectives as laid down in the service provider’s management system documentation.
(2) Those responsible for managing the compliance monitoring function should receive training on this task. Such training should cover the requirements of compliance monitoring, manuals and procedures related to the task, audit techniques, reporting and recording.
(3) Time should be provided to train all personnel involved in compliance management and for briefing the remainder of the personnel.
(4) The allocation of time and resources should be governed by the volume and complexity of the activities concerned.
GM1 ATM/ANS.OR.B.005(c) Management system
ED Decision 2017/001/R
COMPLIANCE MONITORING ORGANISATIONAL SET-UP
(a) The role of the compliance monitoring may be performed by a compliance monitoring manager to ensure that the activities of the service provider are monitored for compliance with the applicable regulatory requirements and any additional requirements established by the service provider, and that these activities are being carried out properly under the supervision of other relevant nominated postholders and line managers.
(b) The compliance monitoring manager should:
(1) be responsible for ensuring that the compliance monitoring programme is properly implemented, maintained, and continually reviewed and improved;
(2) have direct access to the accountable manager;
(3) not be one of the line managers; and
(4) be able to demonstrate relevant knowledge, background and appropriate experience related to the activities of the service provider, including knowledge and experience in compliance monitoring.
(c) The compliance monitoring manager may perform all audits and inspections himself/herself or appoint one or more auditors by choosing personnel having the related competence as defined in point (b)(iii), either from within or outside the service provider.
(d) Regardless of the option chosen, it needs to be ensured that the independence of the audit function is not affected, in particular in cases where those performing the audit or inspection are also responsible for other activities within the service provider.
(e) In case external personnel are used to perform compliance audits or inspections:
(1) any such audits or inspections are performed under the responsibility of the compliance monitoring manager; and
(2) the compliance monitoring manager remains responsible for ensuring that the external personnel has relevant knowledge, background and experience as appropriate to the activities being audited or inspected, including knowledge and experience in compliance monitoring.
(f) A service provider retains the ultimate responsibility for the effectiveness of the compliance monitoring function, in particular for the effective implementation and follow-up of all corrective actions.
AMC1 ATM/ANS.OR.B.005(d) Management system
ED Decision 2017/001/R
REACTION TO UNDERPERFORMANCE OF FUNCTIONAL SYSTEMS
If the cause of the underperformance is found to be:
(a) a flaw in the functional system, the service provider should initiate a change to the functional system either to remove the flaw or mitigate its effects;
(b) a flawed argument associated with a change to that functional system, the service provider should either:
(1) provide a valid argument; or
(2) where the service provider considers it more feasible, initiate a change to the functional system.
AMC1 ATM/ANS.OR.B.005(e) Management system
ED Decision 2017/001/R
SIZE, NATURE AND COMPLEXITY OF THE ACTIVITY
(a) An air traffic services provider should be considered as complex unless it is eligible to apply for a limited certificate and fulfils the criteria set out in ATM/ANS.OR.A.010(a).
(b) An air navigation services provider, other than an air traffic services provider, should be considered as complex unless it is eligible to apply for a limited certificate and fulfils the criteria set out in ATM/ANS.OR.A.010(b)(1).
(c) An aerodrome flight information services provider should be considered as complex unless it is eligible to apply for a limited certificate and fulfils the criteria set out in ATM/ANS.OR.A.010(b)(2).
(d) A service provider, other than an air navigation services provider, should be considered as complex when it has a workforce of more than 20 full-time equivalents (FTEs) involved in the activity subject to Regulation (EC) No 216/2008 and its implementing rules.
GM1 ATM/ANS.OR.B.005(e) Management system
ED Decision 2017/001/R
SIZE, NATURE AND COMPLEXITY OF THE ACTIVITY
(a) In consideration of the EUR 1 000 000 gross annual turnover referred to in ATM/ANS.OR.A.010(b)(1), this is assessed against the income the air navigation services provider generates in the provision of the services specified in Annex Vb to Regulation (EC) No 216/2008 and does not include any income generated by the air navigation services provider who undertakes other commercial activity that generates income.
(b) In consideration of operating regularly not more than one working position at any aerodrome referred to in ATM/ANS.OR.A.010(b)(2), this means that for the majority (i.e. greater than 50 %) of time an aerodrome is operational, only one working position is used.
(c) Table 3 below illustrates the circumstances under which the service provider could be considered as non-complex.
|
Type of service |
Criteria to be complied with |
|
Air traffic services |
Eligible for limited certificate and meets criteria in ATM/ANS.OR.A.010(a) |
|
CNS/MET/AIS |
Eligible for limited certificate and meets criteria in ATM/ANS.OR.A.010(b)(1) |
|
AFIS |
Eligible for limited certificate and meets criteria in ATM/ANS.OR.A.010(b)(2) |
|
ASM/ATFM/DAT |
Workforce of 20 or less FTEs per service |
Table 3: Non-complex service provider
GM1 ATM/ANS.OR.B.005(f) Management system
ED Decision 2017/001/R
Within the scope of this Regulation, only the air traffic services provider can identify hazards, assess the associated risks and mitigate or propose mitigating measures where necessary. This requirement implies that all service providers (air traffic services and non-air traffic services) establish formal interfaces (e.g. service level agreements, letters of understanding, memorandum of cooperation) between the relevant services providers themselves or between the service providers and other aviation undertakings (e.g. aerodrome operators) so as to ensure that hazards associated with the use of the services they provide are identified and the risks assessed and whenever needed mitigated. It does not imply that this has to be done by the service providers themselves (e.g. MET or AIS providers cannot do this by themselves) as only the air traffic services provider can, but they need to establish the interfaces with those service providers (ATS providers) or other aviation undertaking (e.g. aerodrome operators) who are able to do so. The formal interfaces could address the mitigation means put on the different providers (e.g. via requirements in a service level agreement).
GM2 ATM/ANS.OR.B.005(f) Management system
ED Decision 2017/001/R
The service provider should participate in the local runway safety team (LRST) established by the aerodrome operator in accordance with AMC1 ADR.OR.D.027 and GM2 ADR.OR.D.027.
ATM/ANS.OR.B.010 Change management procedures
Regulation (EU) 2017/373
(a) A service provider shall use procedures to manage, assess and, if necessary, mitigate the impact of changes to its functional systems in accordance with points ATM/ANS.OR.A.045, ATM/ANS.OR.C.005, ATS.OR.205 and ATS.OR.210, as applicable.
(b) The procedures referred to in point (a) or any material modifications to those procedures shall:
(1) be submitted, for approval, by the service provider to the competent authority;
(2) not be used until approved by the competent authority.
(c) When the approved procedures referred to in point (b) are not suitable for a particular change, the service provider shall:
(1) make a request to the competent authority for an exemption to deviate from the approved procedures;
(2) provide the details of the deviation and the justification for its use to the competent authority;
(3) not use the deviation before being approved by the competent authority.
AMC1 ATM/ANS.OR.B.010(a) Change management procedures
ED Decision 2017/001/R
(a) The procedures, and the change of the procedures, used by a service provider to manage changes should cover the complete lifecycle of a change.
(b) The service provider should show that the procedures address all the actions and all the evidence needed in order to comply with the requirements laid down in ATM/ANS.OR.A.045, ATS.OR.205, ATS.OR.210, and ATM/ANS.OR.C.005, as appropriate. For that purpose, the service provider should use a compliance matrix, which shows:
(1) which part of a procedure addresses which part of the Regulation (i.e. the requirement of the implementing rule); and
(2) the rationale explaining how the procedures demonstrate compliance with the Regulation.
(c) The service provider should ensure that the roles and responsibilities for the change management processes are identified in the procedures.
(d) Procedures should be submitted in a manner agreed between the service provider and the competent authority. Until an agreement is reached, the competent authority will prescribe the means of submission.
(e) The procedure that defines the notification process for changes includes:
(1) the point of contact in charge of the notification of changes, e.g. person, or part of the organisation and the role;
(2) the means used for notification, e.g. fax, email, mail, use of database or others.
(f) The management of change procedures should include a change identification procedure. This procedure, which is a precursor of the change notification process, should seek out potential changes, confirm that there is a real intent to implement them (propose the change) and, if so, initiate the notification process.
GM1 to AMC1 ATM/ANS.OR.B.010(a) Change management procedures
ED Decision 2017/001/R
The following example of a matrix could be used by the service provider to document the compliance status of its change management procedures.
|
Service provider |
[Name of the provider] |
||||||||
|
Provided services |
ATS: |
C: |
N: |
S: |
MET: |
AIS: |
DAT: |
ASM: |
ATFCM: |
|
Date |
MM/DD/YYYY |
||||||||
|
Version of the form |
Vx.y |
||||||||
|
Submitted procedure(s) |
Procedure ‘ XYZ ‘ — version ‘ a.b ‘ of MM/DD/YYYY |
||||||||
|
Procedure ‘ JKL ‘ — version ‘ c.d ‘ of MM/DD/YYYY |
|||||||||
|
[…] |
|||||||||
|
Requirement in the Regulation |
AMC |
Procedure |
Rationale |
Status |
Competent authority comment |
|
None |
Procedure ‘ JKL ’ — version ‘ c.d ’ — Paragraph 4 |
Paragraph 4 states that the transition into operation of any functional change will occur following the completion of the activities required by the procedures XYZ, MNO, and ABC |
Non-approved |
To be assessed |
|
|
Procedure ‘ XYZ ’ — version ‘ a.b ’ — Paragraph 3 |
Paragraph 3 stresses that a change subject to competent authority review should not be allowed to be put into service before formal approval has been granted. |
Approved |
None |
AMC2 ATM/ANS.OR.B.010(a) Change management procedures
ED Decision 2017/001/R
GENERAL
(a) As part of the change management procedures, the service provider should keep a register of the records of all notified changes. The register should include:
(1) the status of the implementation of the change, i.e. planned, under review, under implementation, implemented, or cancelled;
(2) the notification;
(3) (a link to) the location of the actual record, including a reference to all information passed to the competent authority in accordance with ATM/ANS.OR.A.045(a)(2).
(b) In addition, when the changes are selected for review, the register should also include:
(1) the review decision from the competent authority; and
(2) a link to records of the change approval by the competent authority.
GM1 ATM/ANS.OR.B.010(a) Change management procedures
ED Decision 2017/001/R
(a) The change management procedures for changes to functional systems should include:
(1) the identification and notification of proposed changes;
(2) the identification of the scope of the change, i.e. the identification of what parts of the functional system are to be changed or are affected by the change;
(3) the assessment and assurance of the change;
(4) the approval of the change; and
(5) the establishment of the monitoring criteria to ensure that the change will remain acceptable as long as it is in operation (acceptably safe for air traffic service providers or acceptably trustworthy for other service providers). The monitoring of the changed system is part of the activities related to the management system of the service provider. It is not covered by the change management procedures themselves.
(b) The procedures that manage changes to functional systems do not include the processes to identify the circumstances that will trigger the change. These should be part of the management system(s) as laid down in ATM/ANS.OR.B.005 and/or ATS.OR.200, as applicable.
(c) The change management procedures should address the following:
(1) procedural-oriented content, which details:
(i) the roles and activities with regard to change management, safety assessment and safety support assessment;
(ii) the identification of the parts of the functional system affected by the proposed change;
(iii) the type of safety assessment or safety support assessment that has to be used for the identified type of changes;
(iv) the competence of the persons performing change management, safety assessments and safety support assessments;
(v) the identified triggers for performing a safety assessment and a safety support assessment;
(vi) the means of change notification; ‘means’ includes the form of notification;
(vii) the means of identifying any organisations or aviation undertakings using the service that are potentially affected by the change; and
(viii) the means of informing those identified in (vii).
(2) Method-oriented content, which details description of the safety assessments and safety support assessments methods and mitigation methods used by the service provider.
(d) For each change management procedure or part of a change management procedure approved, the agreement on notification of any change over them should be documented and formalised. In any case, the service provider should keep records of these changes.
ATM/ANS.OR.B.015 Contracted activities
Regulation (EU) 2017/373
(a) Contracted activities include all the activities within the scope of the service provider's operations, in accordance with the terms of the certificate, that are performed by other organisations either themselves certified to carry out such activity or if not certified, working under the service provider's oversight. A service provider shall ensure that when contracting or purchasing any part of its activities to external organisations, the contracted or purchased activity, system or constituent conforms to the applicable requirements.
(b) When a service provider contracts any part of its activities to an organisation that is not itself certified in accordance with this Regulation to carry out such activity, it shall ensure that the contracted organisation works under its oversight. The service provider shall ensure that the competent authority is given access to the contracted organisation to determine continued compliance with the applicable requirements under this Regulation.
AMC1 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
(a) A contract should exist between the service provider and the contracted organisation clearly defining the contracted activities and the applicable requirements, including training and competences requirements for air traffic safety electronics personnel (ATSEP) employed by the contracted organisation, where applicable.
(b) The contracted activities, performed by an organisation that is not itself certified in accordance with this Regulation to carry out such activity, should be included in the service provider’s oversight process. In this context, where the contracted activity requires the ATSEP employed by contracted organisation to undertake any aspect of this activity, the service provider should ensure that those ATSEP have received the applicable training and competences foreseen in Subpart A of Annex XIII.
(c) A service provider should ensure that the contracted organisation has the necessary authorisation, declaration or approval when required, and commands the resources and competence to undertake the task.
GM1 to AMC1 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
The applicable requirements may include the necessary elements from the training and competence assessment of ATSEP laid down in Annex XIII to this Regulation in accordance with ATSEP.OR.105 in order to ensure equivalent level of safety and level playing field for the maintenance of systems and equipment regardless of whether such services are provided internally in the service provider or outsourced.
AMC2 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
(a) When the contracted organisation is itself certified in accordance with this Regulation to carry out the contracted activities, the service providers’ compliance monitoring should at least check that the approval effectively covers the contracted activities and that it is still valid.
(b) When the service provider is not certified itself to provide the service, it should only contract or purchase services from a certified organisation when so required by this Regulation.
AMC3 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
SAFETY — ATS PROVIDER
An air traffic services provider should ensure adequate justification of the safety of the externally provided and supplied services, having regard to their safety significance within the provision of its services.
GM1 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
(a) A service provider may contract certain activities to external organisations. ‘Contracted activities’ means those activities within the service provision conditions attached to the service provider’s certificate that are performed by other organisations either themselves certified to carry out such an activity or if not certified, working under the service provider’s oversight. The scope of the service provider's oversight covers the contracted activities performed by the external organisation that is not itself certified in accordance with this Regulation.
(b) Activities contracted to external organisations for the provision of services may include areas such as:
(1) aeronautical information services;
(2) meteorological services, etc.
(c) In the case of activities contracted, the service provider should define relevant management responsibilities within its own organisation.
(d) The ultimate responsibility for the services provided by contracted organisations should always remain with the contracting service provider.
GM2 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
(a) A contract could take the form of a written agreement, letter of agreement, service letter agreement, memorandum of understanding, etc. as appropriate for the contracted activities.
(b) A service provider’s assurance process could be included into the service provider’s management system and compliance monitoring programmes.
(c) In order to ensure that the contracted organisation is able to perform the contracted activities, the service provider may conduct a prior audit of the contracted party.
GM3 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
(a) Regardless of the approval status of the contracted organisation, the service provider is responsible for ensuring that all contracted activities are subject to compliance monitoring as required by ATM/ANS.OR.B.005(c), and in the case of air traffic services provider, also to hazard identification and risk management as required by ATS.OR.200(2).
(b) If a service provider requires a contracted organisation to conduct an activity which exceeds the privileges of the contracted organisation’s certificate, this will be considered as the contracted organisation working under the approval and oversight of the contracting service provider.
GM4 ATM/ANS.OR.B.015 Contracted activities
ED Decision 2017/001/R
RESPONSIBILITY WHEN CONTRACTING ACTIVITIES
Table 4 below illustrates the responsibilities when contracting.
|
|
Contracted activity — subject to certification; and — the contracting service provider certified for that activity |
Contracted activity — subject to certification; and — contracting service provider NOT certified for that activity |
|
Contracted external organisation certified to provide the activity |
A contracting service provider undertakes compliance monitoring of the contracted external organisation and should at least check that the certificate effectively covers the contracted activities and that it is valid. |
A contracting service provider undertakes compliance monitoring of the contracted external organisation and should at least check that the certificate effectively covers the contracted activities and that it is valid. |
|
Contracted external organisation NOT certified to provide the activity |
The contracted external organisation works under the oversight of the contracting service provider. |
The activity cannot be contracted to the external organisation. |
Table 4: Responsibility when contracting activities
ATM/ANS.OR.B.020 Personnel requirements
Regulation (EU) 2017/373
(a) A service provider shall appoint an accountable manager, who has the authority over ensuring that all activities can be financed and carried out in accordance with the applicable requirements. The accountable manager shall be responsible for establishing and maintaining an effective management system.
(b) A service provider shall define the authority, duties and responsibilities of the nominated post holders, in particular of the management personnel in charge of safety, quality, security, finance and human resources-related functions as applicable.
GM1 ATM/ANS.OR.B.020(a) Personnel requirements
ED Decision 2017/001/R
Depending on the size, structure and complexity of the organisation, the accountable manager may be:
(a) the chief executive officer (CEO);
(b) the chief operating officer (COO);
(c) the chairperson of the board of directors;
(d) a partner; or
(e) the proprietor.
AMC1 ATM/ANS.OR.B.020(b) Personnel requirements
ED Decision 2017/001/R
Senior management should appoint a member of the service provider’s management who, irrespective of other responsibilities, should have responsibility and authority that includes:
(a) ensuring that processes needed for the management system are established, implemented and maintained;
(b) reporting to senior management on the performance of the management system and any need for improvement; and
(c) ensuring the promotion of awareness of performance and service requirements throughout the service provider and of the impact it has on safety.
GM1 ATM/ANS.OR.B.020(b) Personnel requirements
ED Decision 2017/001/R
COMBINATION OF NOMINATED POSTHOLDERS RESPONSIBILITIES
(a) The acceptability of a single person holding more than one post, possibly in combination with being the accountable manager, should depend upon the service provider’s organisation and the complexity of its activities. The two main areas of concern should be competence and an individual’s capacity to meet his or her responsibilities.
(b) As regards competence in different areas of responsibility, there should not be any difference from the requirements applicable to persons holding only one post.
The capacity of an individual to meet his or her responsibilities should primarily be dependent upon the complexity of the service provider’s organisation and its activities. However, the complexity of the service provider’s organisation or of its activities may prevent or limit the combination of posts
ATM/ANS.OR.B.025 Facilities requirements
Regulation (EU) 2017/373
A service provider shall ensure that there are adequate and appropriate facilities to perform and manage all tasks and activities in accordance with the applicable requirements.
ATM/ANS.OR.B.030 Record-keeping
Regulation (EU) 2017/373
(a) A service provider shall establish a system of record-keeping that allows adequate storage of the records and reliable traceability of all its activities, covering in particular all the elements indicated in point ATM/ANS.OR.B.005.
(b) The format and the retention period of the records referred to in point (a) shall be specified in the service provider's management system procedures.
(c) Records shall be stored in a manner that ensures protection against damage, alteration and theft.
AMC1 ATM/ANS.OR.B.030 Record-keeping
ED Decision 2017/001/R
(a) The record-keeping system should ensure that all the records required in ATM/ANS.OR.B.030(a) are accessible whenever needed. These records should be organised in a way that ensures traceability and retrieval throughout the retention period.
(b) Records should be kept in paper form or in electronic format or a combination of both. Records stored on microfilm or optical disc format are also acceptable. The records should remain legible throughout the required retention period. The retention period starts when a record has been created or last amended.
(c) Paper systems should use robust material which can withstand normal handling and filing.
(d) Computer systems should have at least one backup system which should be updated within 24 hours of any new entry. Computer systems should include safeguards against the probability of unauthorised personnel altering the data.
(e) All computer hardware used to ensure data backup should be stored in a different location from that containing the working data and in an environment that ensures they remain in good condition. When hardware or software changes take place, special care should be taken that all necessary data continues to be accessible at least through the full retention period.
GM1 ATM/ANS.OR.B.030 Record-keeping
ED Decision 2017/001/R
The record-keeping provision is intended to address the management system records rather than operational data which is covered by other record-keeping applicable requirements.
AMC1 ATM/ANS.OR.B.030(b) Record-keeping
ED Decision 2017/001/R
The records should be kept for a minimum period of at least 5 years unless otherwise specified by the competent authority.
ATM/ANS.OR.B.035 Operations manuals
Regulation (EU) 2017/373
(a) A service provider shall provide and keep up to date its operations manuals relating to the provision of its services for the use and guidance of operations personnel.
(b) It shall ensure that:
(1) operations manuals contain the instructions and information required by the operations personnel to perform their duties;
(2) relevant parts of the operations manuals are accessible to the personnel concerned;
(3) the operations personnel are informed of amendments to the operations manual applying to their duties in a manner that enables their application as of their entry into force.