Guidance on Reporting System Compliance with Regulation (EU) 376/2014
Key Points: Many questions are received about what compliance with Regulation (EU) 376/2014 actually means. This article provides some basic information on some of the key areas where questions are received. This covers subjects such as the definitions of mandatory and voluntary reporting, the responsibilities for handling occurrences, reporting timescales, ECCAIRS/ ADREP compatibility and Just Culture.
Why is this important? Occurrence reporting underpins safety management principles and is an important source of information to feed the European Plan for Aviation Safety (EPAS). It is easy to get confused by the legal requirements for reporting and lose sight of its true purpose. This articles provides some simple information to help organisations to better understand Regulation (EU) 376/2014.
What Does a Compatible Occurrence Reporting System Look Like?
Many people ask what they have to do to have a compliant occurrence reporting system. This is what this article is all about. We have included the relevant references to the specific Articles of Regulation (EU) No 376/2014 are included to help understanding. In some cases there will be additional articles to provide more detailed information, go to the Occurrence Reporting home page to find the menu of all the articles available. If something is missing that you would like the answer to, let us know by sending an email to the EASA Safety Promotion Team (safetypromotion [at] easa.europa.eu) or give us feedback through our social media channels.
Covering Mandatory and Voluntary Reporting
Articles 4 and 5 of Regulation (EU) No 376/2014 requires that a reporting system caters for both mandatory and voluntary reporting. The simplest definition of these are:
- The mandatory reporting system covers occurrences listed in Implementing Regulation (EU) 2015/1018 and also the reporting of additional items qualifying for mandatory reporting that are defined in the EASA Implementing Rules.
- The voluntary reporting system facilitates the collection of occurrences not captured by the mandatory system but that represent an actual or potential hazard to aviation safety.
The Responsible Person for Independently Handling Occurrences
Organisations should designate one or more people to independently handle the collection, evaluation, processing, analysis and storage of details of occurrences with regard to data collection and hazard identification. In most cases this will be the safety or quality department of your organisation. It is worth noting that:
- In agreement with their competent authority, small organisations can use simplified mechanisms to ensure the collection, evaluation, processing, analysis and storage of details of occurrences. This could include sharing those tasks with other similar organisations.
- The occurrence reporting system should collect safety-relevant data, proposals and information that covers both mandatory and voluntary reporting. From this pool of safety relevant information and data collected the organisation should then determine whether a mandatory report is required or whether a voluntary report may be adequate
Reporting Timescales – What Does 72 Hours Mean?
Mandatory occurrences should be provided to the competent authority no later than 72 hours after becoming aware of the occurrence. Practically, this means that:
- The reference to “becoming aware of” an occurrence means that someone in the organisation identifies the occurrence as falling into the category of a mandatory occurrence report.
- In the case of design or production organisations the 72-hour period starts at the point when the unsafe condition is identified.
- In the case of automated data collection systems the 72-hour period starts when the person responsible for the analysis of the data detected the reportable occurrence.
- The 72-hour timeline does not apply to voluntary occurrences, which are to be reported in a timely manner (cf. Article 5 (5) & (6)).
Data Quality Checking Processes
Data quality checking processes should ensure that the information collected and the data stored in the database(s) are consistent and processes should be in place to check the following:
- Data entry errors should be identified and resolved.
- Checking completeness of data and mandatory data fields.
- The ECCAIRS/ ADREP taxonomy is used correctly to code occurrences.
- Checking consistency between initial reports and any follow up reports about an occurrence.
ECCAIRS/ ADREP Compatible Databases
The storage of occurrence should use formats that are compatible with ECCAIRS software and ADREP taxonomy (cf. Article 7(4)), please contact your competent authority directly for advice and assistance.
Organisations that are able to report through an ECCAIRS software compatible reporting system provided by their competent authority are deemed to be automatically compliant with the reporting system requirements in Article 7(4) and do not need to have their own ECCAIRS software compatible reporting system. The purpose of this is to minimise manual data entry.
The Application of the Safety Risk Management Process
The Safety Risk Management process should perform the following functions. (A dedicated article will be provided to cover this subject in more detail)
- Identify safety hazards/ issues associated with occurrences or groups of occurrences reported to the competent authority (cf. Article 13(1)).
- Analyse the related risks in terms of probability and severity of the outcome, as well as assess risks in terms of tolerability to the organisations activities.
- Based on the result of the risk assessment the process should determine the need for mitigation action/s required to improve aviation safety (cf. Article 13(2)).
- Monitor the timely implementation and effectiveness of any mitigation action required (cf. Article 13(2)).
What Happens When an Actual or Potential Risk is Identified?
Where an actual or potential aviation safety risk is identified as a result of their analysis of occurrences or group of occurrences the following actions should take place:
- Inform the competent authority about the preliminary results of the risk assessment and any associated mitigations within 30 days from being made aware of the occurrence.
- Once the final results of the risk analysis is known, inform the competent authority no later than 3 months from the date of notification of the occurrence to the authority (cf. Article 13(4)).
Just Culture and Protection of Information
Organisations should have clear processes in place within their safety policies for Just Culture and to ensure occurrence report information is adequately protected. These policies should involve consultation with staff representatives to ensure mutual agreement on their contents. A further article specifically on Just Culture and how this can be practically implemented will also be provided shortly.
- Just Culture rules are intended to ensure that employees and contracted personnel that report (or are mentioned in occurrence reports) are not subject to any prejudice based on the information in the report, unless an exception applies (c. Article 16(10)).
- Staff representatives may be nominated either by the union(s) or by the staff themselves.
- The names of those involved in the report should be protected.