ATM/ANS.AR.B.001 Management system
Regulation (EU) 2021/1338 (EU) 2021/1338
(a) The competent authority shall establish and maintain a management system, including, as a minimum, the following elements:
(1) documented policies and procedures to describe its organisation, means and methods to achieve compliance with Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof, as necessary, for the exercise of its certification, oversight and enforcement tasks. The procedures shall be kept up to date and serve as the basic working documents within that competent authority for all related tasks;
(2) a sufficient number of personnel, including inspectors, to perform its tasks and discharge its responsibilities under this Regulation. Such personnel shall be qualified to perform their allocated tasks and have the necessary knowledge, experience, initial, on-the-job and recurrent training to ensure continuing competence. A system shall be in place to plan the availability of personnel, in order to ensure the proper completion of all related tasks;
(3) adequate facilities and office accommodation to perform those allocated tasks;
(4) a process to monitor compliance of the management system with the relevant requirements and adequacy of the procedures, including the establishment of an internal audit process and a safety risk management process. Compliance monitoring shall include a feedback system of audit findings to the senior management of the competent authority to ensure implementation of corrective actions as necessary;
(5) a person or group of persons ultimately responsible to the senior management of the competent authority for the compliance monitoring function.
(b) The competent authority shall, for each field of activity included in the management system, appoint one or more persons with the overall responsibility for the management of the relevant task(s).
(c) The competent authority shall establish procedures for the participation in a mutual exchange of all necessary information and assistance with other competent authorities concerned, whether from within the Member State or in other Member States, including the following information:
(1) the relevant findings raised and follow-up actions taken as a result of oversight of ATM/ANS providers exercising activities in the territory of a Member State, but certified by the competent authority of another Member State or the Agency; and
(2) stemming from mandatory and voluntary occurrence reporting as required by point ATM/ANS.OR.A.065.
(d) A copy of the procedures related to the management system and their amendments shall be made available to the Agency for the purpose of standardisation.
AMC1 ATM/ANS.AR.B.001(a)(2) Management system
ED Decision 2017/001/R
The competent authority should:
(a) define and document the education, training, technical and operational knowledge, experience and qualifications relevant to the duties of each position involved in oversight activities within their structure;
(b) ensure specific training for those involved in oversight activities within their structure; and
(c) ensure that personnel designated to conduct safety regulatory audits, including auditing personnel from qualified entities, meet specific qualification criteria defined by the competent authority. The criteria should address:
(1) the knowledge and understanding of the requirements related to the services provision in ATM/ANS and other ATM network functions against which safety regulatory audits may be performed;
(2) the use of assessment techniques;
(3) the skills required for managing an audit; and
(4) the demonstration of competence of auditors through evaluation or other acceptable means.
AMC2 ATM/ANS.AR.B.001(a)(2) Management system
ED Decision 2017/001/R
TRAINING PROGRAMME AND RECURRENT TRAINING
(a) The competent authority should establish a training programme for its personnel, including its inspectors for the oversight of services provision in ATM/ANS and other ATM network functions, and a plan for its implementation. The training programme should include, as appropriate to the role, current knowledge, experience and skills of the personnel, at least the following:
(1) organisation and structure of the aviation legislation;
(2) the Chicago Convention, relevant ICAO annexes and documents, the applicable requirements of Regulation (EC) No 216/200819 Regulation (EC) No 216/2008 of the European Parliament and the Council of 20 February 2008 on common rules in the field of civil aviation and establishing a European Aviation Safety Agency, and repealing Council Directive 91/670/EEC, Regulation (EC) No 1592/2002 and Directive 2004/36/EC (OJ L 79, 19.3.2008, p. 1)., its IRs, as well as Regulations (EC) Nos 549/200420 Regulation (EC) No 549/2004 of the European Parliament and of the Council of 10 March 2004 laying down the framework for the creation of the single European sky (the framework Regulation) - Statement by the Member States on military issues related to the single European sky (OJ L 96, 31.3.2004, p. 1)., 550/200421 Regulation (EC) No 550/2004 of the European Parliament and of the Council of 10 March 2004 on the provision of air navigation services in the single European sky (the service provision Regulation) (OJ L 96, 31.3.2004, p. 10)., 551/200422 Regulation (EC) No 551/2004 of the European Parliament and of the Council of 10 March 2004 on the organisation and use of the airspace in the single European sky (the airspace Regulation) - Commission statement (OJ L 96, 31.3.2004, p. 20)., and 552/200423 Regulation (EC) No 552/2004 of the European Parliament and of the Council of 10 March 2004 on the interoperability of the European Air Traffic Management network (the interoperability Regulation) (OJ L 96, 31.3.2004, p. 26). and their IRs and related acceptable means of compliance (AMC), certification specifications (CSs) and guidance material (GM), as well as assessment methodology of the alternative means of compliance and the applicable national legislation;
(3) the applicable requirements and procedures; and
(4) areas of particular interest.
(b) The training programme and the training plan should be updated, as needed, to reflect at least changes in aviation legislation and industry. The training programme should also cover specific needs of the personnel and the competent authority.
(c) The competent authority should ensure that its personnel, including its inspectors for the oversight of services provision in ATM/ANS and other ATM network functions, undergo recurrent training at regular intervals as defined by the competent authority or whenever deemed necessary in order to keep being up to date.
GM1 ATM/ANS.AR.B.001(a)(2) Management system
ED Decision 2017/001/R
SUFFICIENT PERSONNEL
(a) This guidance material for the determination of the required personnel is limited to the performance of certification and oversight tasks, excluding personnel required to perform tasks subject to any national regulatory requirements.
(b) The elements to be considered when determining required personnel and planning their availability may be divided into quantitative and qualitative:
(1) Quantitative elements:
(i) number of initial certificates to be issued;
(ii) number of service providers certified by the competent authority; and
(iii) number of flight information services providers having declared their activity to the competent authority.
(2) Qualitative elements:
(i) size, nature, and complexity of activities of service providers (cf. AMC1 ATM/ANS.OR.B.005(e));
(ii) results of past oversight activities, including audits, inspections and reviews, in terms of risks and regulatory compliance:
(A) number and level of findings; and
(B) implementation of corrective actions; and
(iii) size of the Member State’s aviation industry and potential growth of activities in the field of civil aviation, which may be an indication of the number of new applications and changes to existing certificates to be expected.
(c) Based on existing data from previous oversight planning cycles and taking into account the situation within the Member State’s aviation industry, the competent authority may estimate:
(1) the standard working time required for processing applications for new certificates;
(2) the standard working time required for processing declarations;
(3) the number of new declarations or changed declarations;
(4) the number of new certificates to be issued for each planning period; and
(5) the number of changes to existing certificates and changes to functional systems to be processed for each planning period.
(d) In line with the competent authority’s oversight policy, the following planning data should be determined specifically for each service provider, certified or declared, as well as for the Network Manager:
(1) standard number of audits/inspections to be performed per oversight planning cycle;
(2) standard duration of each audit/inspection;
(3) standard working time for audit/inspection preparation, on-site audit/inspection, reporting and follow-up per inspector for the oversight of services provision and other ATM network functions; and
(4) minimum number and required qualification of inspectors for the oversight of services provision and other ATM network functions for each audit/inspection.
(e) Standard working time could be expressed either in working hours or in working days per inspector for the oversight of services provision and other ATM network functions. All planning calculations should then be based on the same unit (hours or working days).
(f) For each service provider, the number of working hours/days per planning period for each qualified inspector for the oversight of services provision and other ATM network functions that may be allocated for certification, oversight and enforcement activities should be determined taking into account:
(1) purely administrative tasks not directly related to oversight and certification;
(2) training;
(3) participation in other projects;
(4) planned absence; and
(5) the need to include a reserve for unplanned tasks or unforeseeable events.
(g) The determination of working time available for certification, oversight and enforcement activities should also take into account the possible use of third parties.
AMC1 ATM/ANS.AR.B.001(a)(4) Management system
ED Decision 2017/001/R
The formal process to monitor the compliance of the management system with the relevant requirements, and the adequacy of the procedures should:
(a) include a feedback system of audit findings to ensure implementation of corrective actions as necessary; and
(b) be the responsibility of a person or group of persons who should be responsible to the senior management of the competent authority and who perform(s) compliance monitoring activities with functional independence from the units/departments (s)he (they) oversees (oversee) and with direct access to the senior management of the competent authority and to appropriate management for safety matters.
ATM/ANS.AR.B.005 Allocation of tasks to qualified entities
Regulation (EU) 2017/373
(a) The competent authority may allocate its tasks related to the certification or oversight of service providers under this Regulation, other than the issuance of certificates themselves, to qualified entities. When allocating such tasks, the competent authority shall ensure that it has:
(1) a system in place to initially and continuously assess that the qualified entity complies with Annex V to Regulation (EC) No 216/2008. This system and the results of the assessments shall be documented; and
(2) established a documented agreement with the qualified entity, approved by both parties at the appropriate management level, which clearly defines:
(i) the tasks to be performed;
(ii) the declarations, reports and records to be provided;
(iii) the technical conditions to be met when performing such tasks;
(iv) the related liability coverage;
(v) the protection given to information acquired when carrying out such tasks.
(b) The competent authority shall ensure that the internal audit process and the safety risk management process required by point ATM/ANS.AR.B.001(a)(4) cover all tasks performed on its behalf by the qualified entity.
AMC1 ATM/ANS.AR.B.005 Allocation of tasks to qualified entities
ED Decision 2017/001/R
ASSESSMENT OF THE QUALIFIED ENTITIES
(a) The competent authority should include in its system to initially and continuously assess the qualified entity’s (ies’) compliance with Annex V to Regulation (EC) No 216/2008, the possibility for the competent authority to perform audits of the qualified entity (ies).
(b) The competent authority should verify that all qualified entities’ personnel concerned with the conduct of audits or reviews should be adequately trained and qualified. The competent authority should verify how the qualified entities:
(1) define and document the education, training, technical and operational knowledge, experience and qualifications for those involved in oversight activities;
(2) ensure specific training for those involved in oversight activities; and
(3) ensure that personnel designated to conduct audits meet specific qualification criteria. The criteria should address:
(i) the knowledge and understanding of the requirements related to the services provision in ATM/ANS and other ATM network functions against which audits may be performed;
(ii) the use of assessment techniques;
(iii) the skills required for managing an audit; and
(iv) the demonstration of competence of auditors through evaluation or other acceptable means.
GM1 ATM/ANS.AR.B.005 Allocation of tasks to qualified entities
ED Decision 2019/022/R
The competent authority may decide to allocate to qualified entities certain or all of its tasks that are assigned to such authority under this Regulation.
ATM/ANS.AR.B.010 Changes in the management system
Regulation (EU) 2021/1338
(a) The competent authority shall have a system in place to identify changes that affect its capability to perform its tasks and discharge its responsibilities under Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof. This system shall enable it to take action, as appropriate, to ensure that the management system remains adequate and effective.
(b) The competent authority shall update its management system to reflect any changes to Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof, in a timely manner, so as to ensure the effective implementation of its management system.
(c) The competent authority shall notify the Agency of changes affecting its capability to perform its tasks and discharge its responsibilities under Regulation (EU) 2018/1139 and the delegated and implementing acts adopted on the basis thereof.
ATM/ANS.AR.B.015 Record-keeping
Regulation (EU) 2017/373
(a) The competent authority shall establish a system of record-keeping providing for adequate storage, accessibility, and reliable traceability of:
(1) the management system's documented policies and procedures;
(2) training, qualification, and authorisation of personnel as required by point ATM/ANS.AR.B.001(a)(2);
(3) the allocation of tasks, covering the elements required by point ATM/ANS.AR.B.005, as well as the details of tasks allocated;
(4) certification and/or declaration processes;
(5) designations of air traffic services and meteorological services providers, as appropriate;
(6) certification and oversight of service providers exercising activities within the territory of the Member State, but certified by the competent authority of another Member State or the Agency, as agreed between those authorities;
(7) the evaluation and notification to the Agency of AltMOC proposed by service providers and the assessment of AltMOC used by the competent authority itself;
(8) compliance of service providers with the applicable requirements of this Regulation after the issuance of the certificate or, where relevant, submission of a declaration, including the reports of all audits, covering findings, corrective actions, and date of action closure, and observations as well as other safety-related records;
(9) enforcement measures taken;
(10) safety information, safety directives and follow-up measures;
(11) the use of flexibility provisions in accordance with Article 14 of Regulation (EC) No 216/2008.
(b) The competent authority shall maintain a list of all service provider certificates issued and declarations received.
(c) All records shall be kept for a minimum period of 5 years after the certificate ceases to be valid or the declaration is withdrawn, subject to the applicable data protection law.
AMC1 ATM/ANS.AR.B.015(a)(2) Record-keeping
ED Decision 2017/001/R
AMC1 ATM/ANS.AR.B.015(a)(8) Record-keeping
ED Decision 2017/001/R
RECORD-KEEPING FOR FUNCTIONAL SYSTEMS CHANGE MANAGEMENT PROCEDURES
The competent authority should keep a record of all the change management procedures, modifications and deviations it has approved in accordance with ATM/ANS.AR.C.030(a) and those that have been rejected, together with a rationale. The competent authority should be able to cross-reference them to the requirement of the associated requirement in the Regulation that they intend to comply with.