ORO.GEN.110 (a): “The operator is responsible for the operation of the aircraft in accordance with Annex IV to Regulation (EC) No 216/2008”. Is this requirement met when an Operator follows the Implementing Rules (965/2012)?
Reference: Regulation (EU) No 965/2012 on Air Operations, Annex III (Part-ORO)
The Essential Requirements (ER) are as applicable as the implementing rules.
The operators are responsible for checking that they comply with all the Essential Requirements contained in Annex IV of the Basic Regulation (EC 216/2008).
Some implementing rules make a direct reference to the Essential Requirements. This is the case when an ER is not further developed in the implementing rules.
What are the responsibilities of the AOC holder required to implement a management system in accordance with ORO.GEN.200 in regards to continuing airworthiness management and contracted maintenance?
Reference: Regulation (EU) No 965/2012 on Air Operations, Annex III (Part-ORO); Regulation (EC) No 2042/2003 on continuing airworthiness, Part-M
1. Continuing airworthiness management
The EU licensed air carrier hereafter referred to as ‘the operator’, needs to consider both the relevant Part-ORO rules that will become fully applicable on 29 October 2014 and the applicable Part-M requirements. For these operators, the Part-M Subpart-G approval is an integral part of the AOC (as defined in Part-M, M.A.201(h)).
The Part-M requirements have not yet been amended to align with the management system framework adopted for air operations. However the operator should ‘scrutinise’ all its activities under its hazard identification and risk management processes, including the continuing airworthiness activities. It is the operator’s responsibility to ensure that hazards entailed by any continuing airworthiness management task are subject to the applicable hazard identification procedures and that related risks are managed as part of the operator’s management system procedures.
If the operator’s continuing airworthiness activities do not comply with the new management system requirements adopted with Part-ORO the competent authority may not raise any finding in reference to Part-M Subpart G, but may do so under Part-ORO should it consider that the operator’s safety risk management process does not sufficiently capture those risks stemming from the continuing airworthiness management activities that may impact the safety of operations. The integration of safety management across all activities will lead to increased efficiency and effectiveness in hazard identification and risk management as compared to a system where activities are being dealt with in isolation through separate management systems. This will improve the assessment of risks identified and ensure better allocation of resources to address these risks, by eliminating conflicting or duplicating procedures and objectives.
When it comes to assessing compliance with Part-ORO competent authorities should acknowledge that implementing effective safety risk management capabilities for all activities subject to the approval will take time and therefore a balanced approach for checking compliance is needed to enable a smooth transition towards the new management system requirements.
Considering the benefits of taking a holistic, integrated approach to management system for effective safety management, competent authorities should also not mandate the implementation of separate management systems for the different approvals of the same organisation. Competent authorities should instead focus on assessing whether the management system implemented is adequate as regards the size, nature and complexity of the activities it is deemed to cover.
The issue is slightly different in the area of contracted maintenance: As the Part-145 requirements have not yet been amended to align with the management system framework adopted for air operations, the maintenance organisation may not have established a management system to effectively identify maintenance specific hazards and manage related risks. However, the operator would still need to consider such hazards and risks entailed by contracted maintenance, as it would do for any other contracted activity that has an impact on aviation safety, under its own management system. Once Part-145 organisations will have implemented the new management system requirements including safety risk management, the operator will be able to establish an interface with the hazard identification and risk management processes of the maintenance organisation and consider the contracted organisation’s capability to properly address maintenance specific hazards and risks for their own safety risk management.
This FAQ addresses the case of EU licenced air carriers, meaning operators holding both and AOC in accordance with Regulation (EU) No. 965/2013 and an operating licence in accordance with Regulation (EC) No 1008/2008
Is there a difference between safety risk management (SRM) and SMS?
Reference: Regulation (EU) No 965/2012 on Air Operations, ICAO Annex 19
ICAO defines SMS as “a systematic approach to managing safety, including the necessary organisational structures, accountabilities, policies and procedures.”
While SRM is an essential element within a management system for safety, it is not the only element required. To be effective, SRM needs a structured approach and an organisational framework with clearly defined policies, safety responsibilities and accountabilities. Such framework is essential to facilitate and encourage hazard identification, ensure a structured & consistent approach to risk assessment, as well as for allowing informed decisions to be made at the right organisational level, e.g. in relation to risk acceptability or different risk mitigation options. For example, the organisation needs to put in place policies, procedures and mechanisms for internal safety reporting and then maintain the conditions for allowing such reporting to take place.
Also, in order to ensure that the organisation is continually managing its risks it needs to monitor how well it performs, both in terms of effectiveness of risk controls implemented and effective compliance with applicable requirements. This is part of safety assurance, which is another component of an SMS as per ICAO Annex 19.
Additionally the organisation has to train their staff to fulfil their duties, including those related to any safety management task and to properly communicate on any safety relevant issue.
All this should lead to ensuring a systematic approach to SRM and help fostering the necessary ‘culture’ within the organisation to enable careful management and sound understanding of risk, including in day-to-day activities.
In conclusion, SRM, while being a core element of any management system for safety, should not be singled out as the only element required to implement such system.
See also the FAQ on SMS versus management system above.
Why do the EASA Air Operations rules use the term ‘management system’ (ORO.GEN.200) and not ‘safety management system’ (SMS), like in ICAO Annex 19? Is there a difference between the two concepts?
Reference: Regulation (EU) No 965/2012 on Air Operations, Annex III (Part ORO)
In the area of SMS the Agency promotes consolidated general requirements for an organisation’s management system. The starting point for drafting the ‘first extension’ rules are the essential requirements attached in the annexes to the EASA Basic Regulation (Regulation (EC) No 216/2008) and these refer to ‘management system’, cf. the essential requirements for Operations (Annex IV):
“the operator must implement and maintain a management system to ensure compliance with these essential requirements for operations and aim for continuous improvement of this system; and” ….
The underlying concept is that for managing safety it is essential to take a holistic approach and to implement the new safety risk management (SRM) related processes while making use of and integrating these into the already existing management system (e.g. quality system as per JAR-OPS/ EU-OPS). For example, the internal audit process (compliance monitoring) is kept as an essential element of the management system, while ICAO Annex 19 is not that clear about it.
Hence, organisations should be encouraged to integrate the new SRM elements into their existing system and articulate these with the way the organisation is managed, addressing every facet of management, as any organisational change and any decision (even in areas such as Finance, Human Resources) will need to be assessed for their impact on safety. Such integrated approach to management is much more efficient for monitoring compliance, managing risks and maximising opportunities.
Finally, it is not required that organisations adapt their terminology to that used in Part-ORO: Should they wish to refer to SMS, QMS or SQMS etc., this is possible as long as they can demonstrate that all requirements are met. In the same vein, they can still use the title ‘quality manager’, although the rules refer to compliance monitoring manager.
If an operator is considered complex , may a person hold the position as a Safety Manager and at the same time be one (or more) of the nominated persons as described in ORO.GEN.210(b), taken into account the size and complexity of the operator?
There is no guidance indicating that the safety manager may not be a nominated person in the organisational set up of a complex operator.
However, when assessing the organisational set-up of a complex operator, please consider also GM1 ORO.GEN.200(a)(1) point (b): “Regardless of the organisational set-up it is important that the safety manager remains the unique focal point as regards the development, administration and maintenance of the operator’s safety management system”.
In summary, the role of the safety manager is not addressed at the level of implementing rules. The acceptable means of compliance describe the functions of the safety manager in complex operators. The guidance material emphasises on the importance of having a unique focal point for the operator’s safety management system.
It is for the operator to determine if the combination of the safety manager function with that of a nominated person allows to fulfil the management functions of the nominated persons post associated with the scale and scope of the operation. It is then for the competent authority to assess if such organisational set-up corresponds to the size of the operator and the nature and complexity of its activities, taking into account the hazards and associated risks inherent in these activities.
For the assessment of the appropriateness of the organisational set-up, the competent authority should also be satisfied that the operator complies with ORO.GEN.210(c) “The operator shall have sufficient qualified personnel for the planned tasks and activities to be performed in accordance with the applicable requirements.”
I am looking for the acceptance of post holders, particularly the Safety manager. In the AMC we agreed on the functions of the Safety manager, but did we agree on his or her acceptance?
Reference: Regulation (EU) No 965/2012 on Air Operations, Annex II (Part ARO, ARO.GEN.310, ARO.GEN.330), Annex III (Part ORO, ORO.GEN.130)
Part ORO does not mention anymore the notion of acceptance/acceptability of nominated persons. This is now replaced by the notion of changes requiring prior approval or changes not requiring prior approval.
During the initial certification process, nominations of personnel in general are considered to be part of the verification of compliance performed by the competent authority and therefore covered by the issuance of the AOC.
Regarding changes to certified organisation, the notion of changes requiring prior approval/changes not requiring prior approval applies and therefore, a formal approval of certain change is required. Guidance is provided through GM1 ORO.GEN.130(a) and GM3 ORO.GEN.130(c). Likewise, upon initial certification, the competent authority may agree with the organisation on a more specific scope of changes that do not require prior approval, on the basis of ARO.GEN.310(c), and within the limits of the applicable requirements. Items not required to get a prior approval are managed by the organisation based on a procedure approved by the competent authority for the management of such changes. In any case, these changes have to be notified to the competent authority which will verify compliance with the applicable requirements (cf. ORO.GEN.130(c) and ARO.GEN.330(c)).
Regarding the specific case of the safety manager, it should be noted that there is no requirement for a safety manager at an implementing rule level. The nomination of a safety manager is one means to comply with the IR objective. Therefore, a change in safety manager is not listed in the GMs to ORO.GEN.130: A change in safety manager is not considered a change requiring a prior approval from the competent authority, unless, the accountable manager fulfils the role of safety manager, in which case a change would obviously require prior approval.
The above references are those to Regulation (EU) No 965/2012; the same provisions are included in Regulation (EU) No 290/2012 (ARA/ORA).
Regarding ORO.GEN.200, could a commercial operator of complex motor powered aircraft, such as the Cessna Citation Bravo that operates within Europe and with no SPAs, be considered non-complex?
Reference: Regulation (EU) No 965/2012 on Air Operations, Annex III (Part ORO)
As defined in AMC1 ORO.GEN.200(b) the criterion in terms of full-time equivalents (FTEs) is the first one to be checked. This relates not only to the required organisational capability to implement and maintain a management system in line with Part ORO, but also to the fact that the larger the organisation gets, the more complex its procedures, communication and feedback channels will be, hence the need for robust processes related to hazard identification, safety risk management, performance measurement etc. For an organisation up to 20 FTEs, it is important to assess the 'risk profile' of the organisation in relation to the way it operates and this may justify the need for robust management processes for safety. The AMC defines the most relevant ones. The extent of contracting, the number, complexity and diversity of aircraft operated and type of operations (CAT, commercial, local, standard routes, hostile environment etc.) are all to be considered. It is important to note that the complexity criteria are included in an AMC to Part ORO and this makes a strong point as to the responsibility of the operator to make the assessment and justify the option chosen (complex or non-complex management system) to the satisfaction of the competent authority. If the option is to implement the provisions applicable to complex organisations, having details of management system implementation included in the form of AMCs to ORO.GEN.200, the operator may apply for an alternative means of compliance should it consider any of the elements of these AMCs inadequate for its specific type of organisation and operations.
How should an operator use external material in relation with its operations manual (OM)?
Reference: Regulation (EU) No 965/2012 on Air Operations, Annex III (Part ORO)
AMC1 ORO.MLR.100 states that when the operator chooses to use material from other sources, either this material is copied or the OM should contain a reference to the appropriate section of this material.
In any case, this material from another source is considered to be part of the OM and therefore should meet all the general requirements applicable to the OM. It includes:
- (c) of ORO.MLR.100, which states that the OM shall be kept up-to-date;
- (d) of ORO.MLR.100, which states that the personnel shall have easy access to the portions of the OM relevant for their duties;
- (c)(3) of AMC1 ORO.MLR.100, which states that the content and amendment status of the manual is controlled and clearly indicated;
- (d)(3) of AMC1 ORO.MLR.100, which states that the OM should include a description of the amendment process which specifies the method by which the personnel are advised of the changes.
Regulation (EU) No 965/2012 does not define any specific way to achieve this; therefore it is left to the operator to identify the best way to achieve these objectives. It is then the responsibility of the operator’s competent authority during the initial certification process/evaluation of change process to determine if the solution chosen by the operator allows meeting these requirements.