r support to caa-nsa - eurocontrol | - driving excellence in … · 2014-08-14 · a particular...

EUROCONTROL

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Sticky Note

Marked set by korfiatp

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

Guidelines for NSAs for the Development of the ANSP Oversight Process

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

Directorate Single Sky (DSS) Support to CAA-NSA

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

korfiatp

Typewritten Text

EUROCONTROL

EUROCONTROL

Guidelines for NSAs for the Development of

the ANSP Oversight Process

Edition: 3.0

June 2013

DIRECTORATE SINGLE SKY (DSS) SUPPORT TO CAA-NSA

DSS/Support to CAA-NSA ii Guidelines for NSAs for the Development of the ANSP Oversight Process

Edition 3.0 June 2013

TABLE OF CONTENTS

TABLE OF CONTENTS.......................................................................................................................................... II

1. INTRODUCTION ............................................................................................................................................. 1

1.1 PURPOSE .................................................................................................................................................. 1 1.2 INTENDED AUDIENCE ................................................................................................................................... 1

2. SCOPE............................................................................................................................................................ 1

2.1 THE REGULATORY BASELINE ........................................................................................................................ 1 2.2 THE SUBJECT-MATTER OF OVERSIGHT........................................................................................................... 2 2.3 COMPLIANCE CRITERIA................................................................................................................................ 3

3. CONTEXT ....................................................................................................................................................... 3

3.1 THE OBJECTIVE OF OVERSIGHT .................................................................................................................... 3 3.2 OVERALL VIEW ........................................................................................................................................... 3 3.4 HOW TO USE THIS DOCUMENT ...................................................................................................................... 4 3.5 CLOSING THE LOOP..................................................................................................................................... 5

4. GENERIC PROCESS STEPS ......................................................................................................................... 5

4.1 GENERAL................................................................................................................................................... 5 4.2 PROCEDURAL GUIDANCE FOR STEPS............................................................................................................. 7 5.2 OVERSIGHT RECORDS ARCHIVE...................................................................................................................13 5.3 RESOLUTION OF NON-CONFORMITIES, FOLLOW-UP AND CONCLUSION OF OVERSIGHT.........................................13 5.4 ISSUE DOCUMENTED CONCLUSIONS OF CONFORMITIES ..................................................................................14 5.5 ISSUE DOCUMENTED CONCLUSIONS OF NON CONFORMITIES ...........................................................................14 5.6 MONITORING ON GOING COMPLIANCE/IMPROVE.............................................................................................16

ANNEX 1 - ABBREVIATIONS ................................................................................................................................ 1

ANNEX 2- LIST OF REFRENCE DOCUMENTS .................................................................................................... 1

ANNEX 3 - TERMINOLOGY ................................................................................................................................... 1

ANNEX 4 – ON GOING SAFETY OVERSIGHT...................................................................................................... 1

ANNEX 5 - QUALITY OVERSIGHT ........................................................................................................................ 1

ANNEX 6 - ATM SECURITY OVERSIGHT............................................................................................................. 1

ANNEX 7 - ECONOMICS AND FINANCIAL STRENGTH OVERSIGHT ................................................................ 1

ANNEX 8 - ATM HUMAN RESOURCES OVERSIGHT .......................................................................................... 1

ANNEX 9 - AIRSPACE AND FLOW MANAGEMENT OVERSIGHT ...................................................................... 1

DSS/Support to CAA-NSA 1 Guidelines for NSAs for the Development of the ANSP Oversight Process


1. INTRODUCTION

1.1 Purpose

This document provides guidelines to CAAs/NSAs to set up a generic oversight process for the provision of ATM/ANS in accordance with the SES legislation.

Oversight is the core business of an NSA. It covers the major part of its supervisory responsibilities and tasks under the SES legislation. The outcome of an oversight activity may be very specific under a particular legal requirement and its results could be granting or extending a certificate, a regulatory approval, accepting safety related changes to functional system notified or proposed by an ANSP, applying safeguards, issuing a safety directive, certifying training providers, issuing licenses, etc.

This process cover all domains for ANSP oversight: Safety (SAF), Quality (QTY), ATM Security (ATM SEC), Human Resources (HR), Economics and Financial Strength (FIN) and Airspace and Air Traffic Flow Management (ASM, ATFM). Regardless of the specific nature of different oversight activities, NSAs are encouraged to adopt a holistic and integrated approach in setting up their arrangements for oversight. These should rely on verification processes mainly involving audits and inspections, etc procedures and techniques.

It is important that NSAs develop a systematic approach to auditing/inspections. This will also help NSAs to optimise their existing oversight activities and ensure more efficient use of resources.

Apart from the SES implementing rules for safety regulatory auditing, several ISO International Standards provide consistent procedural guidance for audits and should therefore be considered by NSAs within the oversight processes as well. In particular, the ISO 9000 and 14000 series emphasize the importance of audits as a management tool for monitoring and verifying the effective implementation by an organisation of various standards, i.e. a defined set of policies, requirements and procedures. Moreover, ISO 19011:2002 provides guidance for management systems auditing as regards, inter-alia, the principles of auditing, the management of audit programmes, the conduct of an audit, the competency and evaluation of auditors etc.

1.2 Intended audience

This document is mainly intended for the NSA staff who have responsibilities within the oversight processes or have been delegated by the State various legal obligations to their NSAs in

accordance with accordance with SES and also national legislation.

From this perspective, the guidelines identify:

1. specific regulatory measures that an NSA must take, based on its own legal obligations; and

2. other cases in which an NSA may take measures or propose measures to another competent authority in accordance with national law.

The document may also be useful to other entities:

1. the ATM/ANS providers subject to oversight; 2. Qualified Entities as per Art 3 SP-R, system

manufacturers, airspace users etc, who (may) interact with an NSA’s oversight activities;

3. military authorities exercising oversight of ATM/ANS providers on the basis of national law (outside the applicability of SES legislation);

4. regional (e.g. FAB) entities having agreements to exercise the role of the NSA under the SES legislation; ;

It is assumed that users of this document have sufficient knowledge and understanding of the SES legislation, to avoid detailed explanatory material that would only duplicate SES regulatory provisions or other existing advisory material (e.g. ESARR-related).

It is recommended that this document is used in conjunction with ISO 19011:2002 standard that will complement the present guidelines when adapting them to the local needs of an NSA. While the oversight process described in this document and the terminology used are mainly dictated by the SES legislation, they may be further interpreted and elaborated by NSAs along the ISO 19011:2002 guidelines for audits, which have been only marginally duplicated in this document.

2. SCOPE

2.1 The regulatory baseline

The oversight sub-processes and tasks identified in this document are mainly based on the SES legislation and other related international standards (e.g. ICAO SARPs and EUROCONTROL ESARRs). The scope and applicability of these guidelines is primarily determined by the SES. In the EU Member States this legislation is binding and of direct application (it automatically is part of national law), while in many non-EU countries it applies through national transpositions in accordance with specific bilateral or multilateral agreements with the European Union (e.g. EAA and ECAA).

This document mentions but does not detail tasks and work-flows which are mainly subject to national law and NSA internal implementing arrangements.



2.2 The subject-matter of oversight

The NSA decides which arrangements, elements, services, products, physical locations and activities of an ATM/ANS provider will be made subject to safety oversight within a specified timeframe (Art 7.5 SO-IR). This, however, may be extrapolated to non-safety oversight as well according to the best practice.

It is expected that an NSA’s oversight process will gradually develop from a more general and wide approach initially to more specific and rigorous verifications as the NSA gradually acquires better knowledge of the ATM/ANS provider and builds up confidence that specific areas are well managed and compliant.

The NSA must assess the risks associated with ATM/ANS and establish in which areas verification of compliance is necessary as a matter of priority (Art 8 CR-IR and Art 5.2 SO-IR). The NSA will thus gradually focus on areas of ATM/ANS where shortcomings and deficiencies will most likely occur. The NSA will use the outcome from previous oversight activities to further refine the implementation of corrective actions1.

Oversight may also be necessary in relation to 3rd party organisations and 3rd party deliverables or products used in the provision of ATM/ANS (e.g. Military units providing ATM/ANS services, telecom suppliers, etc.). The generic process may be adapted in relation to any of the following entities in the provision and oversight of ATM/ANS:

1. An ANS provider organisation, focusing on the organisational requirements, not on the services;

2. An ATS/ CNS/ MET/ AIS service provider, in relation to individual or bundled services, or as an organisation or individual service;

In both cases 1 and 2, the prime objective of oversight is to verify that the respective service provider and its implementing arrangements comply on a continuous basis with the relevant legal obligations, CR-IR, SR-R and other safety conditions, in accordance with the regulatory baseline for the respective oversight;

3. An organisation providing ASM/ ATFM, either individually or bundled (possibly bundled with ATS), as an organisation/ ATM function.

Training providers and ATCO personnel to verify that (certified) ATCO training provider organisations, ATCOs and their related implementing arrangements comply with the ATCO Directive (or new EASA/EC ATCO-IR once adopted), applicable CRs, SRRs and other related safety conditions.

1 See Annex 1 for additional guidelines regarding the areas subject to NSA oversight.

4. Engineering/ technical ATM personnel: the legal basis and compliance criteria lies in the specific CRs for ATS/CNS providers and national regulations on the basis of Art 9 CR-IR; and, possibly, in regulatory provisions and specifications for system maintenance in relation to IOR, laid down in IOP-IRs and relevant voluntary MoCs (CS and other specifications).

5. Specific EATMN systems - verify that the respective service provider and its implementing arrangements comply on a continuous basis with the interoperability requirements for EATMN systems, their constituents and associated procedures in accordance with IOR and the IOP-IRs2;

6. Entities other than ATM/ANS providers, ANSP arrangements with 3rd parties in relation to the provision of ATM/ANS, including documentary evidences produced by 3rd party entities;

Entities other than ATM/ANS providers and their products in relation to the provision of ATM/ANS may also be subject to oversight by an NSA in accordance with specific SES requirements:

1. Qualified entities (QE) employed by an NSA as per Art 3 SP-R and Art 11 SO-IR, and their deliverables,

2. ANSP arrangements with notified bodies as per Art 8 IOR; and other related regulatory requirements in the IOP-IRs; the deliverables (e.g. certificates) from notified bodies in the frame of Art 6 IOR and IOP-IRs;

3. Documentary evidences from manufacturers of EATMN systems/ constituents used to provide ATM/ANS;

4. Other arrangements and documentary evidences in relation to safety relevant formal interfaces established by ATM/ANS providers with 3rd entities for the provision of ATM/ANS (CR #3.1 paragraph 1 of Annex I to CR-IR);

5. Documentary evidences reviewed as part of benchmarking activities or identification of best practices;

6. The NSAs internal oversight of its own arrangements and deliverables

Important note: The above is only an indicative list of areas of ATM/ANS that are or may become subject to oversight by an NSA under specific SES and national regulations. Considering the extent and great diversity of the areas for which an NSA must provide oversight , it becomes all the more important that step 1.1 of the proposed generic process (risks/ priorities) is effectively applied by NSAs and that oversight activities are organised and prioritised accordingly.

2 For the purpose of oversight, EATMN systems are further broken down into eight generic systems as per Annex I IOR (more details in Annex 5).



2.3 Compliance criteria

For the purpose of this document, the generic NSA oversight process aims to verify that the ATM/ANS provider fulfils or complies with three documented groups of requirements:

1. the common requirements (CRs), in accordance with CR-IR;

2. the safety and other regulatory requirements (SRRs), safety objectives, conditions, attached to a certificate, an EC declaration of verification including any relevant EC declaration of conformity or suitability for use of constituents of systems (Art 6 SO-IR); and

3. specific processes, deliverables and other implementing arrangements set-up including risk assessment and migration measures identified by an ATM/ANS provider, inter-alia to meet or fulfil the CRs and SRRs .

Some of the CRs and duties of an ANSP can be considered as completely denuded of any safety relevance. Where a regulation is not prescriptive in this sense, it is the NSA who must interpret and decide on this aspect. However, in line with best practice, the verification of compliance against any oversight criteria should be carried out in accordance with all or part of the requirements for safety regulatory auditing.

When possible, compliance can be verified through a simplified procedure such as a desk-top review of documentary evidences from the ANSP. The scale to which oversight is exercised in accordance with the full safety auditing procedure may be commensurate with the safety relevance and risks induced by the concerned area. This, once again, is a decision for the NSA to make, if not otherwise provided for by regulations.

These guidelines facilitate the oversight exercise in an more harmonised way. The NSA may easily adapt and customise the generic process to local circumstances and allocate resources and effort commensurate with the specific objectives and needs of local oversight. The generic process can also be adapted for those cases when the scope and subject matter of oversight go beyond an ATM/ANS provider like service providers to .ANSP (ANSP’s external suppliers, outsourcing assistance), if it is applicable according to local rules..

3. CONTEXT

3.1 The objective of oversight

The principles on which any oversight activity should rely are similar to the principles of auditing (see Clause 4 of ISO 19011:2002).

The objective of any oversight activity is to verify that the entity placed under oversight, and its arrangements, elements, services, products, activities etc meet a defined set of criteria, ‘in particular with regard to the safe and efficient operation of air navigation service providers […] in relation to the airspace falling under the responsibility of the Member State which nominated or established the relevant authority’ (Art 2.1 SP-R).

The objective is to verify that the ATM/ANS provider meets the binding regulatory requirements, conditions, legal obligations etc (i.e. the three main categories of compliance criteria identified in 2.3) as well as other non-binding arrangements established by that provider or by a 3rd party (e.g. a system manufacturer) for the safe and efficient provision of its services, functions and operation of its systems.

3.2 Overall view

In application of Article 28 of the Chicago Convention on international civil aviation, States are responsible for the provision of air navigation facilities and services, and to exercise due diligence in particular with regard to the safety aspects.

ATM/ANS provision is subject to regulation under EU law. The establishment of NSAs aimed inter-alia to provide more effective oversight in this domain, while Member States remain responsible for the correct implementation of EU legislation. NSAs must verify that ATM/ANS services and functions are delivered to the highest standards in accordance with the legal requirements.

With EC (No) 1108/2009 (amending regulation EC (No) 216/2008) the Commission has extended task of EASA to air navigation services (ANS) and air traffic management (ATM).

With EU Regulation 1034/2011, there is a new term introduced for the authority for oversight, the competent authority, where:

1. NSA is defined as competent authority for certification for organisations having their principal place of operation and, if any, their registered office located in Member State if nominated or established by that Member State (Art. 3(a) (EU) No 1034/2011);

2. For organizations for which under the agreements concluded among Member States in accordance with Article 2 of SP-R, the responsibilities for safety oversight have been allocated differently from Article 3(a) (EU) No 1034/2011, the competent authorities are the ones nominated or established under those agreements (Art. 3(b) (EU) No 1034/2011);



3. EASA is competent authority when organisations are providing ANS services in airspace of the territory to which the Treaty on the Functioning of the European Union (hereafter: Treaty) applies and having their registered office outside the territory subject to the provisions of the Treaty (Art. 3(c) (EU) No 1034/2011) or for organizations providing pan-European air navigation services in the airspace of the territory to which the Treaty applies (Art. 3(d) (EU) No 1034/2011).

However, these guidelines are intended for the state NSA associated role and not for other competent authorities.

NSAs may pool resources together, cooperate, as part of their oversight programmes, to conduct joint oversight activities; and divide their supervisory tasks or call upon "qualified entities" (QE) in order to have sufficient competence.

Further to the initial responsibilities and tasks laid down on NSAs in the FR, SP-R and CR-IR, the rapidly evolving SES legislation has added various NSA tasks and legal obligations, some of a very complex nature such as the implementation of the performance scheme in accordance with Art 11 FR and PS-IR.

The complexity of this rapidly changing environment requires that NSAs organise and exercise oversight in an effective and efficient manner, adapting it to new regulatory developments.

In particular, States and NSAs should follow closely the on-going regulatory developments as a result of EASA’s new role within the SES II framework.

Other international and national norms must also be duly regarded in the allocation of responsibilities and duties for oversight. For the purpose of this document, it is noted that the majority of ESARRs are already transposed into EU law; and a large proportion of the ICAO SARPs in the area of ATM/ANS are already included as legal requirements in the SES legislation.

3.4 How to use this document

This document describes the generic oversight process, its inputs, triggers and its outcome at a high level. Oversight work flows that are subject to national law and local implementing arrangements are not detailed.

The generic oversight process is broken down into a sequence of five basic steps:

1. Risk assessment (assess risks and identify priorities for oversight);

2. Inspection programme (establish or maintain an inspection oversight plan, other triggers, consultation with the ANSP and preparation);

3. Verification of compliance desk-top (perform a desk-top verification and documentation review);

4. Oversight compliance on site (exercise oversight based on on-site auditing/ inspection, findings);

5. Resulting actions (deliver regulatory action/ measures on the basis of oversight. corrective actions by the ANSP and issue conformity or enforcement reports).

NSAs may easily adapt the generic process per specific compliance criteria and areas of oversight, setting-up several notable oversight sub-processes (e.g. for safety, quality, security, interoperability etc). NSAs must particularly develop a robust and effective approach to initial and ongoing safety oversight in operations/ engineering and SMS. The regulatory actions on the basis of oversight are referred to by their SES legal basis and, where necessary, in relation to ICAO. The Annexes to this document provide additional details and reference material for several notable oversight sub-processes.

At any moment in a specific oversight activity or task, its outcome/ deliverable may become an input or trigger to another oversight activity or task. There is no limit as regards the repeatability of a particular step until that oversight activity is completed/ closed.

For example, an oversight activity can comprise several successive desk-top verifications and on-site audits prior to its satisfactory completion, and follow-up verifications of the implementation of corrective actions. Its outcome may determine the identification of new risk areas or priorities (step 1.1) and this may trigger an update to the oversight programme (step 1.2). A specific measure (e.g. the issuance of a safety directive) may trigger new or additional measures in result of a new iteration of steps 1.2 and 2.1 (e.g. the application of safeguards as a result to the ANSP’s failure to implement the safety directive).

The generic process is aimed to be non-prescriptive to the extent possible. It offers wide flexibility for adaptation and for further customisation of the work-flows to the local ATM/ANS environment and oversight needs, which may vary on a case by case.

The guidelines recommend that specific oversight activities are identified against the various SES requirements, thus facilitating compliance by an NSA with this legislation. The NSA may also use the numbering of steps/ activities/ deliverables proposed in this document for establishing a coding procedure for its oversight deliverables, in order to facilitate their tracing and further use as inputs in follow-ups as well as in other different oversight activities.



3.5 Closing the loop

The regulatory framework and oversight function must be periodically reviewed and amended with the aim of continuous improvement. The oversight function should be measured for its effectiveness. A formalised process should be established by the NSA to adopt and implement industry best practices.

Furthermore, NSAs and the State regulators should develop a systemic view of ATM and correlate the oversight of ATM/ANS with the oversight of airports, airspace users and, as appropriate, the corresponding military entities.

Oversight results/ deliverables should be further used not just as inputs to subsequent oversight or monitoring/ reporting purposes but also for

1. sharing information with other NSAs and among the ATM community,

2. systematic improvement of safety culture within the NSA,

3. addressing and improving any identified weaknesses of the oversight function.

The NSA should establish a system for collecting stakeholder feedback in order to verify the quality of its oversight function. The results of this feedback should be used for upgrading the quality of the NSA’s operations (in fact services provided to the ATM/ANS organisations, ATM community and to the public) and the motivation of NSA staff. The oversight function should be measured in terms of quality of service to the stakeholders.

4. GENERIC PROCESS STEPS

4.1 General

As already mentioned in para. 3.4, five major steps make up the whole oversight process.

Each of the major steps is analysed in more detail in diagram 4.1.2... The tables in para 4.2 include guidance material for better understanding of the associated steps (GUI).

Figure 4.1.1: the five major steps of the ANSP’s oversight process

The oversight process is certainly repetitive by nature, but some ends have been also identified to indicate the close of an oversight cycle.

The oversight process also includes the audit process, which consists of the steps from 2.4 (preparation of the oversight) up to 5.1 (Audit/inspection report on findings).



Assess risksin ATM/ANS

(1.1)

Develop/Maintain the

annual inspection

programme (2.1)

NSA defines an oversight case

(2.2)

Consultation ANSP

& other entities (2.3)

Preparation for the

inspection(2.4)

Desk-top verification and documentation

review(3.1)

Proceed to on site visit?

Oversight visits(4.1)

Audit/inspectionreport onfindings

(5.1)

Non conformities?

Resolution actions of

non conformities by the ANSP

(5.3)

Steps in the

particular field(3.2)

Documented conclusions

(e.g. a conformity report (5.4)

Documented conclusions

(e.g. an enforcement

Report)(5.5)

Resolved? END

Monitoring on going

compliance/improve

(5.6)

Oversight Records

(5.2)

1. Risk Assessment

2. Inspection programme

3. Verification of compliance

desk-top

4. Oversight of compliance

on-site

5. Resulting actions

Yes

No

No

Yes

Yes

No

Figure 4.1.2: The generic NSA oversight process



4.2 Procedural guidance for steps

Note: Blue marks generic tasks; Yellow indicates explanatory material and additional guidelines.

Tasks Description and Comments

1. Risk assessment

1.1 Assess risks in ATM/ANS

1.1.1 Assess the risks associated with the provision of ANS/ATM and establish areas in which verification of compliance with SRRs, CRs and other legal obligations is necessary as a matter of priority (Art 8 CR-IR, Art 5.2 SO-IR)

GUI

The main reason of such as assessment is to properly develop an annual inspection programme, which is the main trigger to start the oversight process.

This step, in particular, is mandatory for all ATM/ANS safety-relevant areas and elements.

Steps 1.1, together with Step 2.1 below may be referred to as ‘planning for oversight’.

The NSA should have internal procedures to review/ update such assessment on a periodic basis and, specifically, in direct relation to safety concerns and the results of safety monitoring. There should be a strong interface with the personnel responsible for collection, investigation, evaluation and dissemination of occurrence data. Safety monitoring should be effected by:

1. monitoring the achieved levels of safety against set acceptable levels of safety (or target levels of safety) as per Art 5.1 SO-IR, ICAO Annex 11 section 2.27 and Attachment D, and ICAO Doc 9859 – Safety Management Manual; and

2. monitoring the achievement of safety performance against the set performance targets in the safety KPA, consistent with the adopted EU-wide performance targets (PS-IR). This issue is to be followed up as the implementation of the performance scheme unfolds.

NSAs should establish and carry out their oversight programme mainly through dedicated audits of the critical areas/ elements of an ATM/ANS provider, on the basis of risk assessment and the identification of priority areas, rather than on periodic scheduling of large scale audits at random physical locations.

Other triggers for a specific oversight activity may be:

1. the need to follow-up/ verify effective implementation or compliance with a specific regulatory action or measure taken by the NSA as a result of previous oversight;

2. an unforeseen event (e.g. an accident) which calls for an ad-hoc verification by the NSA; 3. a request by the ANSP that the NSA approves or accepts proposed new arrangements (e.g. a

change to the certificate) or 4. the introduction of a change to a functional ATM system based on the verification or review of

specific documented evidence (e.g. safety arguments).

2. Annual inspection programme

2.1 Develop the annual inspections programme

2.1.1 Establish/ maintain an inspection programme based on assessment of risks and identified priorities (Art 2.2 SP-R, Art 8 CR-IR, Art 7.3 to 7.5 SO-IR)

GUI

It is important that NSAs have a good understanding of what is mandatory and what is only optional, including what should be seen as good practice. Certainly, NSAs can not force ANSPs to implement optional requirements.

Article 8 CR-IR requires that an NSA ‘monitors annually the ongoing compliance of the ANSPs which it has certified.’

To this end, the NSA shall establish and update annually an indicative inspection programme covering all the providers it has certified and based on an assessment of the risks associated with the different operations constituting the services’.

Furthermore, Article 7 SO-IR requires that the verification of compliance with the SRRs and other




safety conditions is done in accordance with the requirements for safety regulatory auditing. Within the inspection programme as per Article 8 CR-IR, ‘NSAs must establish and update at least annually a programme of safety regulatory audits in order to:

(a) cover all the areas of potential safety concern, with a focus on those areas where problems have been identified;

(b) cover all the organisations and services operating under the supervision of the NSA;

(d) ensure that sufficient audits are conducted over a period of two years to check the compliance of all these organisations with applicable SRRs in all the relevant areas of the functional system.’

This means that all certified ANSPs, but not necessarily all their services, units, systems, staff etc. have to be monitored on an annual basis for on-going compliance with the CRs for all the functional areas. Also, compliance does not have to be monitored annually against all CRs. Compliance with the SRRs and other safety-related conditions must be monitored on the basis of annual, possibly bi-annual safety regulatory audits.

It should be noted that an ‘inspection’ in the sense of SP-R and CR-IR is not defined in EU law but may be subject to national law.

In practice, an NSA may differentiate ‘inspections’ from ‘audits’ (safety audits being defined by Articles 7 and 8 SO-IR). ISO standards may also be used for this purpose. Some NSAs have deemed it useful to make the following differentiation: audits focus on processes (in particular the safety-relevant ones) and are carried out in full conformity with Articles 7 and 8 SO-IR; while ‘inspections’ will focus on systems and on their more technical aspects. NSAs may thus make better use of inspectors having solid ATM experience but not qualified as safety auditors.

Besides audits and inspections, the overall annual oversight programme may in addition provide for surveys (Art. 2.2 SP-R and Art 7 CR-IR), reviews and other forms of verification which may also be conducted within a desk-top procedure (i.e. not accompanied by on-site visits, unless necessary). The NSA may opt for such ‘simpler’ verifications in the case of oversight activities which do not pose the level of risks perceived in the areas/ elements verified for compliance by means of audits and inspections. Nonetheless, even if ‘simpler’ than a full-fledged safety regulatory audit, desk-top oversight as per step 2.1 should also be carried out in accordance with audit procedures/ techniques.

Before it is formally adopted, the audit/ inspections programme must be notified to and, if necessary, discussed with the ANSPs concerned and, possibly, with other NSAs concerned (Art 8 paragraph 2 CR-IR). The audit/ inspections programme must be implemented and managed effectively and efficiently, on authority granted by the NSA’s top management. The programme should also include all activities necessary for planning and organising the types and numbers of audits/ inspections, and for providing resources to conduct them effectively and efficiently within specified timeframes.

Finally, the oversight programme should provide for verifications required in the frame of specific IRs where the NSA or the State has to ensure that specific regulatory measures are implemented or deployed by the ANSPs or other stakeholders subject to the authority of that NSA or State. These verifications are mandated on the basis of specific target dates rather than on a periodic basis. Alternatively, such verifications may be effected through step 3.1 and step 3.2 of the oversight activities.

Further guidance material on annual audit planning is included in the EAM 1/GUI 1/Para 3.11 and EAM 1/GUI 3/Para. 5.1.3 and 6.3.1.

2.2 Define an oversight case

GUI It is emphasised that the following steps 2.2., 2.3. and 2.4 are not related to the development of the inspection programme. These steps are actions for the inspection preparation covered by steps 3 and 4.

2.2.1 Examine the oversight case based on any trigger received and inform/consult ANSP accordingly.

2.2.2 Conduct initial oversight investigations to gain objective information to enable an NSA decision regarding further oversight activities..




GUI

As a result of the initial oversight investigations, the NSA may terminate the oversight process if it appears that it cannot be completed due to the lack of resources within the applicant’s structure or its lack of commitment to comply with the applicable requirements. Such a decision to be notified to the applicant together with the reasons.

2.3 Consultation with ANSP and other entities

2.3.1 The NSA should consult the ANSPs concerned as well as any other national supervisory authority concerned, if appropriate, before establishing such a programme.

2.3.2 The NSA is to communicate the initial plan of to the ANSP and get their comments and proposals.

GUI Previous provisions do not mean that all CRs should be checked annually. Different areas of CRs may have different oversight cycles. Nonetheless, all CRs should be checked at least once during the validity period of the certificate.

2.4 Preparation of the inspection

2.4.1 Identify the legal basis - regulatory requirements – which determine the oversight activity, the relevant voluntary means of compliance – MoC – e.g. CS, AMC etc; and other advisory material.

GUI The annexes to this document provide lists and web sources for relevant reference material, of both binding and voluntary nature, in relation to several notable oversight activities and their deliverables.

2.4.2

Assign clear responsibilities/ accountabilities. Evaluate the effort needed and allocate adequate resources for the oversight activity depending on its objectives, nature, scope, complexity and extent.

Allocated auditors/ inspectors must be properly qualified (Art 7.2(c) and Art 12 SO-IR) and empowered (Art 7 CR-IR). Conflict of interest with the respective oversight activity must be avoided.

GUI

Allocation of staff/ resources should be on the basis of a preliminary review of the documents under investigation and an evaluation of effort needed. Proactive internal NSA reporting/ review should allow for corrections to the initial allocation, should this need arise before completion.

It should be emphasised that according to Art 7(4) SO-IR: national supervisory authorities may decide to modify the scope of pre-planned audits, and to include additional audits, wherever that need arises.

Depending on the overall NSA capabilities as well as the scope/ subject-matter of oversight, a dedicated team may be established for more complex activities (e.g. involving on-site audits) or in relation to a large provider or complex subject-matter. The NSA should assign properly qualified staff for specific oversight tasks on a longer or permanent basis such as for the airspace and military ATM/ ATS interface, performance, EATMN systems interoperability, specific categories of CRs etc.

Panels of experts may be established by the NSA in order to provide advice/ opinions to NSA management and the oversight experts. Such panels should encompass all safety related internal interfaces of an NSA. Their opinions, however, should be only advisory, not binding.

Associated material can be found in the EAM1/GUI3, Item 6.3.1.

2.4.3 In case of insufficient capabilities, the NSA should commission a qualified entity as per Art 3 SP-R and Art 12 SO-IR, to conduct part or all of the oversight tasks, acting on the NSA’s behalf.

In such a case, the NSA must exercise oversight of the qualified entity and its deliverables.

2.4.4

The NSA should establish clear point(s) of contact/ interfaces with the ATM/ANS provider, inter-alia to facilitate communication, compliance monitoring (Art 7 CR-IR) and other formalities (e.g. arrange with the concerned ANSP for the assessment of documentation and for investigations at relevant locations).

Where the NSA is tasked by the State regulator to carry out oversight tasks having civil/ military




implications or requiring interfaces with external entities, clear point(s) of contact/ interfaces must be established with the respective civil and/or military authorities or other entities concerned.

2.4.5 Verify that all documentary evidences submitted by an ATM/ANS provider for the purpose of a specific verification or review are approved/ endorsed at the competent level of authority in that organisation (preferably the Chief Executive Officer or equivalent position).

GUI

The NSA should set-up formal administrative processes/ procedures, including the use of standardised forms, to facilitate working relationships with ANSPs, in accordance with their safety categories. Inter-alia, ATM/ANS organisations should be required to regularly update their documentary evidences submitted to the NSA e.g. as regards established arrangements to comply with the CRs, SRRs and other relevant legal requirements (more details in the associated Annex ).

GUI

By the end of the preparatory phase, the NSA must have built a clear oversight case, meaning:

1. clarification of the relevant legal basis (‘audit criteria’ in ISO terms, binding as well as non-binding regulatory material such as MoC);

2. provision of clearly defined responsibilities, objectives, tasks breakdown and schedule (audit plan); and proper understanding of what should be the outcome and/or deliverables from that activity;

3. identification of evidential material (‘audit evidence’ in ISO terms) required for review/ verification (already in the NSA’s possession or pending to be received);

4. allocation of staff who are competent for their oversight tasks (and certified, where required); 5. establishment of formalised and effective communication/ consultation with the concerned

provider and/or other authorities.

3. Verification of compliance - desk-top

3.1 Desk-top verification and review of the documentation

GUI

This is a stand-alone audit activity and does not preclude an oversight activity based on fully-fledged auditing as per step 3.2 below.

It is best practice to carry out desk-top review in line with audit procedures.

A desk-top verification or review can be carried out in relation to any of the following notable oversight areas or criteria (mandatory):

1. Compliance with specific CR(s) or a category of CRs (Annexes I to V CR-IR, including amendments);

2. Compliance with specific SRRs and safety conditions, including compliance of their implementing arrangements (Art 6 SO-IR):

1. SRRs for ATCOs (ATCO Directive, CR-IR);

2. SRRs for technical & engineering personnel (Art 9 and Annex II, item 3.3 of CR-IR);

3. SRRs for the functional systems (Art 6 SO-IR, IOP-IRs), including specific SRRs for SW assurance (Art 3.3 & 5 of (EU) 482/2008)

3. Proposed changes to ATM, in particular the safety arguments of the ATM/ANS provider (Art 9 & 10 SO-IR, Annex II Section 3.2 CR-IR);

4. The interoperability requirements for EATMN systems, constituents and associated procedures (IOR and IOP-IRs);

5. Ongoing monitoring and reporting of the achievement of performance (Art 17, 19, Annex II par.,. 6 of PS-IR), including the monitoring and publishing of the key performance indicators (Annex I Section 2 par. 1 (a), (b), (c), of PS-IR). Inter-alia:

1. Monitor and assess the achieved levels of safety against the established acceptable levels and/or safety targets (Art 5.1 SO-IR, PS-IR, ICAO Annex 11 section 2.27 and Attachment D, ICAO Doc 9859 – Safety Management Manual)

3.1.1 Perform an initial review of the concerned documentation; determine if any relevant information or evidential material is missing (in particular if the documentation was submitted by an ATM/ANS provider).




Determine how to proceed in such cases and take action. For example, inform the concerned party and ask for reasons for the omissions and request corrective measures.

GUI

This may be addressed in the administrative procedures, depending on the nature and context of the oversight activity, The NSA may:

1. request that the other party completes the documentation; or do this through arrangements for the assessment of additional documentation and investigations at the relevant location(s);

2. proceed with the oversight case without waiting for additional info/ evidence; 3. temporarily stop or definitively terminate the activity. The other party should be informed accordingly of the NSA’s decision and of its reasons.

3.1.2 Maintain records of all relevant documents generated and received during the oversight investigations. This is a legal obligation in the case of safety oversight (Art 14 SO-IR).

GUI This task should be addressed procedurally in the NSA’s document management system.

3.1.3

Review/ assess the collected documentary evidence (‘audit evidence’) in respect of the related criteria and document the findings (‘audit findings’ in ISO terms):

1. Look for evidence that the applicable requirements have been understood and for clear indications that processes have been developed or adapted to meet/ fulfil them.

2. Identify needs for corrective and preventive actions; and opportunities for improvement.

3.1.4 Decide if further investigation, such as an on-site visit (an audit or inspection), is necessary. This may be the case e.g. if the documentation review indicates possible areas of weakness or concern regarding the service provider’s implementing arrangements to meet associated requirements.

GUI

The documentation review should be linked with the particularities of the concerned area or element under scrutiny (safety, quality, security, financial interoperability, human resources etc).

The review is not necessarily to be confined to the documents referenced by the applicant in its exposition (e.g. the organisational exposition in a certification process). It may also cover:

1. operational documentation (e.g. operational, technical manuals/ procedures, etc.); 2. technical systems documentation (e.g. implementing arrangements or specifications related to

the installation and maintenance of equipment, etc.); 3. various documentation in the areas of quality, human resources, staffing plans, security and

quality of services etc. depending upon the case; 4. the outcome/ deliverables from previous oversight activities which might be relevant in the

context of this particular oversight activity; If the documentation review reveals serious concerns about the ATM/ANS organisation’s level of understanding of the applicable CRs, SRRs or safety conditions or of the processes that should be put in place to meet them, the person responsible for the oversight activity may opt to stop it (e.g. not proceed with an on-site audit) and refer the matter to NSA management for further decision/ action.

3.2 Steps in the particular field

3.2.1 Follow associated steps or use related check lists for the particular field assessment as per the respective Annex of this oversight process

4. Oversight compliance on site

4.1 On-site visit

GUI

The term ‘inspection’ is to be interpreted in accordance with specific national law and/or ISO standards (see also the guidelines for step 1.2).

Safety regulatory audits must be organised and carried out in strict accordance with the requirements and procedure laid down n Articles 7 and 8 SO-IR. See also the additional guidelines in Annex 2.




Take into consideration the same breakdown per notable oversight areas or criteria applies as for items 1 to 5 of step 3.1.

See GUI/2 step 3.1 for additional procedural guidance

4.1.1 Verify that the arrangements described in the documentation are effectively implemented and indeed applied by the organisation.

GUI

Depending on the objectives and complexity of the oversight activity, the review of documentation may be deferred until the on-site visit commences; or review may be preceded by a preliminary site visit in order to obtain a suitable overview of available information.

This step may involve one or several on-site visits to the relevant site(s) of the organisation, based on an oversight visit schedule/ plan and, possibly, sampling techniques based on prior assessment of risks and the identification of priority areas for oversight (see step 1.1). Sampling should be applied according to risk relevance and the level of confidence gained from previous oversight.

At least one on-site audit visit should be conducted, even in the case of a small organisation applying to provide services.

4.1.2 On-site visits to verify compliance with safety-relevant CRs, SRRs and other relevant safety conditions must be carried out in full conformity with the requirements for safety regulatory audits set out in Art 7 and 8 SO-IR (or ESARR 1 edition 2.0, December 2009).

GUI

Depending on the safety criticality of an ATM/ANS organisation’s services, functions, products, operations, systems, procedures etc, the NSA may verify compliance in several possible ways:

1. Review of documentation = Minimum approach for addressing non-safety areas; 2. Review of documentation and on-site audit/ inspection = Regular approach for addressing areas

where review of documentation does not provide sufficient evidence of compliance with applicable requirements or where possible areas of weakness or concern are identified;

3. Review of documentation & on site safety regulatory audit(s) in accordance with SO-IR: The required approach is to verify compliance with the applicable SRRs.

See additional guidelines in Annexes (Safety oversight) and (Certification/ on-going compliance).

4.1.3 Evaluate audit evidential material against the audit criteria to generate the audit findings. Record the non-conformities and their supporting audit evidence. Record any non-resolved points (i.e. divergent opinions).

GUI

Non-conformities may be graded. They should be reviewed with the auditee to ensure that the audit evidence is accurate and that the non-conformities are understood. Efforts should be made to resolve any divergent opinions concerning the audit evidences and/or findings – any unresolved points should be recorded.

4.1.4 Prepare the on-site visit conclusions. Depending on objectives, prepare recommendations and discuss audit follow-up, if included in the audit plan.

4.1.5

Conclude the on-site visit with a formal closing meeting or (e.g. for small organisations) by communicating the audit findings and conclusions.

Present the results first in a summarised form, and then in more detail by the individual team members for their respective assessment areas, clearly showing management the facts which led to the conclusions.

GUI The audit team should not force the audited organisation to decide during the closing meeting what corrective actions are to be taken.

5. Resulting actions

5.1 Audit/inspection report on findings

5.1.1 Upon conclusion of the investigations of an oversight activity involving one or several step activities (3.1 and/or step 3.2., 4.1), draw up a report of the findings and conclusions.




GUI An NSA should not make recommendations how to resolve potential non-conformities or propose specific corrective actions.

GUI The conclusion of a safety oversight activity should be done only after proper consultation and coordination within all safety-related internal interfaces.

5.1.2

Draw up an audit/inspection report, including the details of the non-conformities and conclusions, documenting all audit observations. The observations must be supported by evidence and identified in terms of the applicable SRRs and their implementing arrangements against which the audit has been conducted (Art 7.6 SO-IR for safety regulatory audits; this should be regarded as best practice in the case of inspections as well).

5.2 Oversight records archive

5.2.1 The NSA shall keep appropriate records related to their oversight processes (Art 14 SO-IR). These records should be properly used as main input to the ongoing compliance monitoring.

GUI

In order to effectively conduct follow-up audits and to monitor implementation of corrective actions, NSA should establish good record keeping procedure.

NSAs should formalise:

1. keeping important records related to particular field oversight processes including all the reports of safety regulatory audits, other safety or other domain records related to certificates and designations, the safety oversight of changes, safety directives, use of recognised organisations.

2. how these records will be used to ensure that the oversight is done properly and transparently, to provide confidence about ANSP performance and compliance and to share with other authorised parties.

3. issues regarding record keeping (accessibility, software, media…) 4. confidentiality policy (Art. 18. of SP-R).

5.3 Resolution of non-conformities, follow-up and conclusion of oversight

5.3.1

Communicate the findings to the concerned organisation, including details of the identified non-conformities, their perceived significance, the responses received at the time of the visit and the conclusions. Depending on the objectives, this may also address identified needs of preventive measures and opportunities for improvement.

Simultaneously request that the concerned organisation proposes corrective actions to address each non-conformity (Art 8.1 SO-IR), and a timeframe for implementation that pays due regard to the significance and impact.

All tasks mentioned above apply for audits/inspections as well as for desk-top verifications/ reviews.

In particular it is important (mandatory) that the NSA follows closely the resolution of all identified safety deficiencies and concerns.

5.3..2

Assess the corrective actions proposed and the implementation determined by the audited organisation and accept them if the assessment concludes that they are sufficient to address the nonconformities (Art 8.3 SO-IR; best practice for non-safety oversight as well).

Issue a final oversight report only after all non-conformities have been implemented and this has been verified (very important in the specific case of initial oversight, before a certificate is issued).

5.3..3

Where a certified ANSP does not, or no longer comply with the applicable CRs or with the conditions attached to the certificate, the competent NSA must take a decision within a time period not exceeding one month. Through this decision, the NSA must require the ANSP to take corrective action.

The decision must be immediately notified to the relevant ANSP (Art 6.3 CR-IR). Similar measures should be taken in application of Art 8 SO-IR, Corrective actions.




GUI

The organisation placed under oversight is required to:

1. determine the corrective actions deemed necessary to correct every non-conformity and the time frame for their implementation (Art 8.2 SO-IR; best practice for non-safety as well);

2. initiate the corrective actions accepted by the NSA and complete the process within the time period accepted by the NSA (Art 8.4 SO-IR; best practice for non-safety as well);

3. update/ modify accordingly the relevant documentation submitted to the NSA. 4. follow-up actions resulting from safety recommendations/ directives must be monitored to

ensure that corrective and mitigation actions are implemented by the audited organisation.

GUI More detailed guidance material can be found in the EAM1/GUI3, Ch. 10

5.4 Issue documented conclusions of conformities

5.4.1 Should no non-conformities be identified, or when non-conformities have been satisfactorily rectified, the NSA will issue proper documented conclusions and regulatory actions (e.g. a conformity report).

GUI Associated guidance material can be found in the EAM1/GUI3, Ch 9.

5.5 Issue documented conclusions of non conformities

5.5.1

Where the NSA considers that corrective actions have not been properly implemented by an ATM/ANS organisation concerned, the NSA has the legal obligation (Art 6.3 CR-IR) to take appropriate enforcement measures in accordance with Art 7.7 SP-R and Art 9 FR while taking into account the need to ensure the continuity of services on condition that safety is not compromised. Such measures/actions may include the revocation of the certificate (Art 7.7 SP-R).

Documented conclusions of non-conformities should be issued as appropriate for further regulatory measures/actions by the State (e.g. a non-conformity report).

GUI

Notwithstanding the fact that such a report is subject to local/ internal arrangements and may vary significantly depending on the nature and scope of an oversight activity, the report should include:

1. relevant information regarding the objectives, applicable requirements and scope of the respective activity/ investigations conducted,

2. a description of the relevant tasks, the methods employed and their outputs/ deliverables, 3. name(s) of the individuals and team members having carried out specific tasks, 4. references of the documentary evidence subject to review/ verification, including copies of the

most significant, 5. findings, including difficulties encountered, details of the identified non-conformities and/or other

shortcomings/ deficiencies; where applicable, details of the non-conformities and other concerns that could be resolved during the oversight activity, prior to drafting the report;

6. conclusions and recommendations, on a case by case basis (see section 4.6 for an indicative, non-exhaustive list of actions/ measures by an NSA in result of an oversight activity).

The final decision on the outcome of an oversight activity should be made by a different NSA official than originally appointed as responsible for the respective activity or on the oversight team.

The release of enforcement measures decided or proposed by the NSA in accordance with Art 7.7 SP-R and Art 9 FR, and other measures of greater relevance such as issuing certificate, a safety directive, measures in application of safeguards, or decisions rejecting proposed changes to ATM/ANS should bear the signature of the NSA’s most senior manager (e.g. Head of the NSA).

Appeal procedures should be in place, in accordance with national law. Confidentiality requirements apply in accordance with Art 18 SP-R and national law.

GUI

Generic NSA actions/ measures resulting from various oversight sub-processes and NSA or State obligations under the SES legislation are detailed in the list below..

Regarding the supervisory tasks of the State, the involvement of NSAs may vary on a case-by-case basis, depending on national law and delegation of competences to the NSA by the State. For such




situations, the syntax used is “Take/ propose measures in relation to…”.

The list can be further elaborated once the generic oversight process is adapted into specific oversight sub-processes and activities. This, however, is not within the aims of a document of a generic nature and is therefore left at the discretion of each NSA.

1. Delegate (tasks to) a QE (Art 3 SP-R, Art 11 SO-IR) 2. Grant derogations for certification based on verification/ monitoring of whether the ANSP

qualifies for such derogations (Art 5 CR-IR) 3. Issue a certificate with conditions attached, or modified conditions, or revoke, suspend or limit

the certificate (Art 2.15 FR, Art 7 & Annex II SP-R, CR-IR, SO-IR) 4. Take appropriate measures based on monitoring/ verification of compliance (Art 2.4 & 7.7 SP-R,

CR-IR) 5. Update the outcome of 1.1 with new risk areas and priorities for oversight (Art 7.3 (e) SO-IR) 6. Accept the procedures of ATM/ANS organisations for introducing safety-related changes to their

functional systems (Art 9.1 SO-IR) 7. Accept the introduction into service of safety-related changes on the basis of the review of

safety arguments (Art 10 SO-IR) 8. Agree/ approve specific safety-related arrangements and/or means proposed by ANSP, as

appropriate (e.g. in the frame of Regulation EU 482/2008, Annex II Part B, in relation to Art 4.3 (b))

9. Issue safety directives (Art 13 SO-IR) 10. Apply follow-up oversight of corrective actions and safety directives (Art 7.3(e) and 13.4 SO-IR) 11. Propose/ issue regulatory approvals in relation to Art 10 SP-R arrangements between ANSPs,

or designated METPs (Art 10 SP-R, CR-IR) 12. Issue regulatory approvals re the conditions of access to relevant operational data (Art 13 SP-

R) 13. Propose/ take measures in relation to the application of SP-R (Art 2.1 SP-R), inter-alia as

regards:

1. ANSP exempted from certification (Art 7.5 SP-R),

2. the designation of ANSP and METP (Art 8, 9 SP-R),

3. supervision in a FAB (Art 2.3 - 2.6 SP-R) all text highlighted are not enforcement measures on one hand with two exceptions, and on the other hand these are tasks of the NSA which are part of the oversight process. How it is described there it may give the feeling that this are enforcement measures (no penalties regarding fees or taxes are mentioned here).

14. Take measures in relation to IOP (IOR, IOP-IRs), including the application of safeguards (Art 7 IOR)

15. Propose/ take measures in relation to State legal obligations (civil and military relevance), as appropriate under national law & institutional arrangements, in relation to:

1. Airspace organisation and utilisation and the interface with military (possible delegation by State to the NSA as per Art 11 SP-R, ASR, FUA-IR, NF-IR, (EU) 730/2006, national law & institutional arrangements)

2. DL-IR: the general obligations for DL communications (Art 7, 12.4, 12.7, 12.8 DL-IR); DL equipage of transport-type State (Art 3.5 for a/c into service from 1 Jan

2014; and Art 8); granting exemptions (Art 14.1 DL-IR);

3. COTR-IR: compliance of COTR systems (Art 3.4 & 3.5), the requirements for quality of service (Art 4.2), the safety requirements (Art 6), the verification of systems (Art 8.3); and




overall compliance with COTR-IR (Art 9 COTR-IR) 4. Mode S -IR (all State obligations for which the NSA may be tasked under national law)

5. ADQ-IR: the State obligations in respect of the quality and transitional requirements for aeronautical data (Art 6.1 & 14 ADQ-IR)

6. ATFM-IR (all State obligations in Art 4, 5, 9-15 for which the NSA may be tasked under national law;)

7. FAB-IR (FAB-IR, all articles laying down State obligations which are NSA-relevant)

8. Propose safeguards in relation to State-related matters (Art 13 FR)

9. Take/ propose measures in relation to the financial/ charging issues (Art 12-16 SP-R, the amended CCS-IR)

10. Take/ propose measures in relation to the monitoring and reporting of the achievement of performance (Art 17-19 PS-IR)

5.6 Monitoring on going compliance/improve

5.5.1 Soon after the completion and close-out of the oversight process, the NSA should start monitoring the on going compliance on the particular subject or in general according to Art 5 SO-IR.

GUI The NSA should develop a procedure for monitoring ongoing compliance.

DSS/Support to CAA-NSA A1-1 Guidelines for NSAs for the Development of the ANSP Oversight Process


ANNEX 1 - ABBREVIATIONS

a/c : Aircraft ADQ-IR : European Commission Regulation (EU) No

73/2010 laying down requirements on the quality of aeronautical data and aeronautical information for the single European sky

AIS : Aeronautical Information Services AMC : Acceptable means of compliance (voluntary

material such as CS) ANS : Air Navigation Service ANSP : Air Navigation Service Provider APP : Approach ASM : Airspace Management ATCO : air traffic controllers ATCO-IR : EASA/ EU Regulation (EU) No XXX/2011

repealing the ATCO Directive 2006/23/EC of the European Parliament and Council

ATFM : Air Traffic Flow Management ATFM-IR : European Commission Regulation (EU) No

255/2010 laying down common rules on air traffic flow management

ATM : Air Traffic Management ATC : Air Traffic Control ATS : Air Traffic Services AOM : Airspace Organisation and Management AOP : Airports Operations CAA : Civil Aviation Authority CBP : Core Business Processes CFMU : Central Flow Management Unit CNS : Communications, Navigation,

Surveillance, COM : Communications COTR-IR : European Commission Regulation (EU) No

1032/2006 laying down requirements for automatic systems for the exchange of flight data for the purpose of notification, coordination and transfer of flights between air traffic control units

CR : Common requirements for the provision of ANS

CR-IR : European Commission Implementing Regulation (EU) No 1035/2011 laying down the common requirements for the provision of ANS and amending Regulations (EC) No 482/2008 and (EU) No 691/2010

CS : Community Specification CRCO : Central Route Charges Office DL-IR : European Commission Regulation (EU) No

29/2009 laying down requirements on data link services for the single European sky

EAM : ESARR Advisory Material EASA : European Aviation Safety Agency EATMN : The European air traffic management network EC : European Communities ECAC : European Civil Aviation Conference EEA : European Economic Area (agreement) ESARR(s) : EUROCONTROL Safety Regulatory

Requirement(s) EU : European Union ESSIP : European Single Sky ImPlementation

EXC : Excellence, QMS Domain ENV : Environment FIN : Financial FIR : Flight Information Region FUA : Flexible Use of Airspace HUM : Human Resources Domain IANS : Institution Air Navigation Services ICAO : International Civil Aviation Organisation INF : Information; AIS Domain ECAA :

European Civil Aviation Area (multilateral agreement)

FAB : Functional Airspace Block (defined in Art 2.25 FR)

FAB-IR : European Commission Regulation (EU) No 176/2011 on the information to be provided before the establishment and modification of a functional airspace block

FR : Regulation (EU) No 549/2004 (the framework Regulation, Ref. [1])

FUA : Flexible use of airspace FUA-IR : European Commission Regulation (EU) No

2150/2005 laying down common rules for the flexible use of airspace

GAT : General Air Traffic (defined in Art 2.26 FR) HR : Human resources iaw : in accordance with ICAO : International Civil Aviation Organization IEC : International Electro technical Commission,

one of three global sister organizations (IEC, ISO, ITU) that develop International Standards for the world

IFP-IR : European Commission Regulation (EU) No 1033/2006 laying down the requirements on procedures for flight plans in the pre-flight phase for the SES

IFRS : International Financial Reporting Standards IOP : Interoperability (defined in Art 2.28 FR) IOP-IRs : European Commission regulations adopting

implementing rules for interoperability in the frame of IOR

IOR : Regulation (EU) No 552/2004 (the interoperability Regulation, Ref. [4])

ISO : International Organisation for Standardisation KPA : ey Performance Area (in relation to PS-IR) JAA : Joint Aviation Authorities LAW : Legal Framework, Law Domain LSSIP : Local Single Sky ImPlementation LSSIPD : LSSIP Document MET : Meteorological service, an air navigation

service (defined in Art 2.29 FR) METP : Meteorological service provider MIL : abbreviation used to refer in general to the

military authorities for ATM/ANS MoC : Means of compliance (voluntary material) MLO : Medium Level Objective NAV : Navigation NF-IR : Regulation (EU) No 677/2011 on the network

management and design functions NSA : National Supervisory Authority QA : Quality Assurance QM : Quality Management PM : Project Manager



PMP : Project Management Plan PRC : Performance Review Committee PS : The SES II Performance Scheme, as per

Article 11 FR and PS-IR PS-IR : European Commission Regulation (EU) No

691/2010 laying down a performance scheme for air navigation services and network functions and amending Regulation (EU) No 2096/2005

QE : Qualified Entity QMS : Quality Management System (e.g. ISO9001) REG : abbreviation used to refer in general to other

regulatory authorities than the NSA SAF : Safety Domain SAR : Search and Rescue SARPs : Standards and Recommended Practices

(ICAO) SEC : Security domain SES : Single European Sky SES I : The first legislative package of the single

European sky (2004) comprising EU Regulations Ref. [1], [2], [3] and [4]

SES II : The second legislative package of the single European sky (EC 691/2010)

SESAR : Single European Sky ATM Research SecS : Security System SIS : Stakeholder Implementation Support SMS : Safety Management System SBP : Strategic Business Plan SBPD : Strategic Business Plan Document SO-IR : European Commission Implementing

Regulation (EU) No. 1034/2011 on safety oversight in ATM and ANS and amending Regulation (EU) No 691/2010

SP-R : Regulation (EU) No 550/2004 (the service provision Regulation, Ref. [2])

STO : Strategic Objective SRRs : Safety Regulatory Requirements SUR : Surveillance SW : Software (in relation to software assurance and

(EU) Regulation 482/2008) TMA : Terminal Control Area Note: All terms used in this document should be

interpreted with their meanings as defined (where the case) or used in the SES legislation



ANNEX 2- LIST OF REFRENCE DOCUMENTS

Nr LIST OF REFERENCE DOCUMENTS

EC REGULATIONS AND ASSOCIATED LEGISLATION

[1] Regulation (EC) No 549/2004 of the European Parliament and of the Council of 10 March 2004 “laying down the framework for the creation of the single European sky (the framework Regulation)”

[2] Regulation (EC) No 550/2004 of the European Parliament and of the Council of 10 March 2004 “on the provision of air navigation services in the single European sky (the service provision Regulation)”

[3] Regulation (EC) No 551/2004 of the European Parliament and of the Council of 10 March 2004 “on the organisation and use of the airspace in the single European sky (the airspace Regulation) “

[4] Regulation (EC) No 552/2004 of the European Parliament and of the Council of 10 March 2004 “on the interoperability of the European Air Traffic Management network (the interoperability Regulation)”.

[5] Commission Regulation (EC) No 1070/2009 of 21.08.2009 - amending Regulations (EC) No 549/2004, (EC) No 550/2004, (EC) No 551/2004 and (EC) No 552/2004 in order to improve the performance and sustainability of the European aviation system

[6] Commission Implementing Regulation (EU) No 1035/2011 of 17 October 2011 “laying down common requirements for the provision of air navigation services and amending Regulations (EC) No 482/2008 and (EU) No 691/2010”

[7] Commission Implementing Regulation (EU) No 1034/2011 of 17 October 2011 “on safety oversight in air traffic management and air navigation services and amending Regulation (EU) No 691/2010”

[8] Commission Regulation (EC) No 482/2008 of 30 May 2008 establishing a software safety assurance system to be implemented by air navigation service providers and amending Annex II to Regulation (EC) No 2096/2005

[9] Commission Regulation (EU) No 691/2010 of 29 July 2010 laying down a performance scheme for air navigation services and network functions and amending Regulation (EC) No 2096/2005 laying down common requirements for the provision of air navigation services

[10] Commission Regulation (EC) No 2150/2005 of 23 December 2005 laying down common rules for the flexible use of airspace

[11] Commission Regulation (EC) No 730/2006 of 11 May 2006 on airspace classification and access of flights operated under visual flight rules above flight level 195

[12] Commission Regulation (EC) No 1032/2006 of 6 July 2006 laying down requirements for automatic systems for the exchange of flight data for the purpose of notification, coordination and transfer of flights between air traffic control units

[13] Commission Regulation (EC) No 1033/2006 of 4 July 2006 laying down the requirements on procedures for flight plans in the pre-flight phase for the single European sky

[14] Commission Regulation (EC) No 1794/2006 of 6 December 2006 laying down a common charging scheme for air navigation services

[15] Commission Regulation (EC) No 633/2007 of 7 June 2007 laying down requirements for the application of a flight message transfer protocol used for the purpose of notification, coordination and transfer of flights between air traffic control units

[16] Commission Regulation (EC) No 1265/2007 of 26 October 2007 laying down requirements on air-ground voice channel spacing for the single European sky

[17] Commission Regulation (EC) No 29/2009 of 16 January 2009 laying down requirements on data link services for the single European sky

[18] Commission Regulation (EC) No 30/2009 of 16 January 2009 amending Regulation (EC) No 1032/2006 as far as the requirements for automatic systems for the exchange of flight data supporting data link services are concerned

[19] Commission Regulation (EC) No 262/2009 of 30 March 2009 laying down requirements for the coordinated allocation and use of Mode S interrogator codes for the single European sky

[20] Commission Regulation (EC) No 255/2010 of 25 March 2010 laying down common rules on air traffic flow management

[21] Commission Regulation (EC) No 73/2010 of 26 January 2010 laying down requirements on the quality of aeronautical data and aeronautical information for the single European sky.

[22] Council Directive 94/56/EC of 21 November 1994 establishing the fundamental principles governing the investigation of civil aviation accidents and incidents

[23] Directive 2003/421EC of the European Parliament and the Council of 13 June 2003 “on occurrence reporting in civil aviation”.

[24] Directive 56-94 of the European Parliament and the Council establishing the fundamental principles governing the investigation of civil aviation accidents and incidents.




[25] Commission Regulation (EC) No 1321/2007 of 12 November 2007 laying down implementing rules for the integration into a central repository of information on civil aviation occurrences exchanged in accordance with Directive 2003/42/EC of the European Parliament and of the Council

[26] Directive 2003/42/EC of the European Parliament and of the Council of 13 June 2003 on occurrence reporting in civil aviation

[27] Commission Regulation (EC) No 1330/2007 of 24 September 2007 laying down implementing rules for the dissemination to interested parties of information on civil aviation occurrences referred to in Article 7(2) of Directive 2003/42/EC of the European Parliament and of the Council

[28] Directive 2006/23/EC of the European Parliament and of the Council of 5 April 2006 on a Community air traffic controller licence

[29] Commission Regulation EC) No 1108/2009 of the European Parliament and of the Council of 21 October 2009 amending Regulation (EC) No 216/2008 in the field of aerodromes, air traffic management and air navigation services and repealing Directive 2006/23/EC

[30] Commission Regulation (EU) N° 677/2011 of 7 July 2011 laying down detailed rules for the implementation of air traffic management (ATM) network functions and amending Regulation (EU) N° 691/2010.

EUROCONTROL DOCUMENTATION

[31] ESARR 1, Safety Oversight in ATM, 05-Nov-2007

[32] ESARR 2, Reporting and Assessment of Safety Occurrences in ATM, 01-Jan-2000 (Phase 1), 01-Jan-2001 (Phase 2), 01-Jan-2002 (Phase 3)

[33] ESARR 3, Use of Safety Management Systems by ATM Service Providers, 13-Jul-2003

[34] ESARR 4, Risk Assessment and Mitigation in ATM, 05-Apr-2004

[35] ESARR 5, ATM Services' Personnel, 10-Nov-2003 (ATCO & General), 11-Apr-2005 (ATSEP)

[36] ESARR 6, Software in ATM systems, 06-Nov-2006

[37] EAM 1 / GUI 1, Explanatory Material ON, ESARR 1 Requirements, Ed. 2.0, 13 December 2010

[38] EAM 1 / GUI 3, Guidelines for safety Regulatory auditing, Ed. 2.0, 13 December 2010

[39] EAM 1 / GUI 5, ESARR 1 in the certification and designation of service providers, Ed. 2.0, 06 April 2006

[40] EAM 1 / GUI 7, Guidance on the criteria for the assessment of compliance with the standards of ICAO Annex 11, Ed. 1.0, 06 April 2006

[41] EAM 2/GUI 1, ESARR 2 Guidance to ATM safety regulators, Severity Classification Scheme for Safety Occurrences in ATM, Ed. 1.0, 12-11-1999

[42] EAM 2/GUI 2, ESARR 2 Guidance to ATM Safety Regulators, Publication and Confidentiality Policy Edition, Ed. 1.0, 12-11-1999

[43] EAM 2 / GUI 3, Mapping between the EUROCONTROL severity classification scheme & the ICAO AIRPROX severity scheme, Ed. 1.0, 07 November 2002

[44] EAM 2 / GUI 4, Explanatory material on ESARR 2 requirements, Ed. 1, 09 August 2004

[45] EAM 2 / GUI 5, Harmonisation of safety occurrence severity and risk assessment, Ed.1, 31 May 2005

[46] EAM 2/GUI 6, Establishment of ‘Just Culture’ principles in ATM Safety data reporting and assessment, Ed.1, 31 March 2006

[47] EAM 2 / GUI 7, ESARR 2 and related Safety Oversight, Ed.1, 21 March 2006

[48] EAM 2 / GUI 8, Guidelines on the Systemic Occurrence Analysis Methodology (SOAM), Ed.1, 17 November 2005

[49] EAM 2 / GUI 9, Annual summary template, Ed.1, 25 July 2005

[50] EAM 3/GUI 1, ESARR 3 Guidance to ATM Safety Regulators, Explanatory Material on ESARR 3 Requirements Edition 1.0, 01-06-2001

[51] EAM 3 / GUI 2, Safety Regulatory aspects of the ESARR 3 implementation in small organisations, Edition 1.0, 18 February 2003

[52] EAM 3 / GUI 3, ESARR 3 and related safety oversight, Edition 1.0, 21 March 2006

[53] EAM 3 / GUI 4, mapping between ISO 9001:2000 and ESARR 3, Ed. 1.0, 18 May 2004

[54] EAM 3 / GUI 5, mapping between ESARR 3 and ICAO provisions on safety management systems at aerodromes, Ed. 1.0, 18 March 2004

[55] Acceptable means of compliance with ESARR 3, Ed. 1.0, 26.02.2002

[56] EAM 3 / ICAO, Consistency between ESARR 3 and ICAO standards and recommended practices, Ed. 2.0, 23 June 2005




[57] SRC DOC 11, Assessment of the EATMP Safety Policy as a Means of Compliance with ESARR 3, Ed. 1.0, 01-02-2002

[58] EAM 4 / AMC, Acceptable means of compliance with ESARR 4, Ed. 4.0, 26 October 2009


[60] EAM 4 / GUI 1, Explanatory material on ESARR 4 requirements, Ed. 2.0, 01 March 2005

[61] EAM 4 / GUI 2, ESARR 4 and related safety oversight, Ed. 4.0, 21 March 2006

[62] EAM 4 / GUI 4, A method for states to determine national ATM Safety Minima, Ed. 1.0, 17 February 2004

[63] EAM 4 / GUI 6, Explanatory material on ground based safety nets, Ed. 1.0, 15 April 2010

[64] SRC DOC 1, Safety Minima Study Review of Existing Standards and Practices, Ed. 1.0, 20.12.2000

[65] SRC DOC 2, ATM contribution to aircraft accidents / incidents, Review and Analysis of Historical Data, Ed. 4.0, 31 May 2005

[66] SRC DOC 12, Assessment of the EATM ‘Air Navigation System Safety Assessment Methodology’ as a means of compliance with ESARR 4, Ed. 2.0, 26 October 2009

[67] SRC DOC 20, Assessment of EUROCAE ED78A as a means of compliance with ESARR 4, Ed. 1.0, 12 December 2002

[68] SRC DOC 33, Assessment of the ‘LVNL Safety Criteria’ as a means of compliance with ESARR 4, Ed. 1.0, 10 August 2004

[69] SRC DOC 39, Assessment of the DEUTSCHE FLUGSICHERUNG GMBH (DFS) ‘Corporate Directive Safety Assessment’ as a means of compliance with ESARR 4, Ed. 1.0, 26 October 2009

[70] EAM 5 / GUI 1, Explanatory Material on ESARR 5 requirements for Air Traffic Control Officers, Part A, Ed. 1.0, 05 March 2004

[71] EAM 5 / GUI 2, ESARR 5 and related safety oversight for Air Traffic Control Officers, Part A – licensing oversight, Ed. 2.0, 21 March 2006

[72] EAM 5 / GUI 3, Explanatory Material on ESARR 5 requirements for engineers and technical personnel undertaking operational safety-related tasks, Ed. 2.0, 17 February 2006

[73] EAM 5 / GUI 4, ESARR 5 and related safety oversight for engineering and technical personnel undertaking operational safety-related tasks, Ed. 2.0, 21 March 2006


[75] EAM 5 / AMC, Acceptable means of compliance with ESARR 5, Ed. 2.0, 01 August 2007

[76] SRC DOC 13, Assessment of the EATM ‘European Manual Of Personnel Licensing – Air Traffic Controllers’ as an acceptable means of compliance with ESARR 5, Ed. 2.0, 01 August 2007

[77] SRC DOC 6, SRC Review Process – Co-ordination of NSA views on the Safety of ATM Programmes, Ed. 3.0, 14 April 2009

[78] RAD – RVSM SRC harmonised regulatory criteria for the introduction of RVSM within the ECAC region, Ed. 1.0, 30.05.2001

[79] RAD – LINK 2000+SRC Harmonised Criteria for the introduction of LINK 2000+, Ed. 1.0, 18 February 2003

[80] SRC DOC 4, Glossary of Terms and Definitions & List of Acronyms, Ed. 2.0, 27.02.2002

[81] SRC DOC 8 ECAC States’ ATM Safety Regulatory Systems Overview, Ed. 1.0, 14.02.2001

[82] SRC DOC 9 Process for establishing acceptable means of compliance with ESARRS, Ed. 4.0, 07 November 2002

[83] RAD – 8.33 SRC Harmonised Regulatory Criteria for 8.33 HEP, Ed.1.0, 18 February 2003

EASA DOCUMENTATION

[84] EASA Organisations Certification Procedure, adopted on 3 February 2004 by means of the EASA Management Board Decision 3-2004 concerning the general principles related to certification procedures to be applied by the EASA Agency for issuing certificates for organisations.

[85] EASA Internal Working Procedure for Maintenance Organisation Approval (MOAP), Issue 1, 20 December 2004

[86] EASA Internal Working Procedure for Type Certification (TCP), issue 1, 20 December 2004

[87] EASA Internal Working Procedure for Certification support for Validation of EASA Certificates in third countries (CSV) and test witnessing /conformity inspections, Issue 1, 23 August 2005.




ISO DOCUMENTATION

[88] ISO/IEC Guide 62:1996, General requirements for bodies operating assessment and certification/registration of quality systems. First Edition, 1996

[89] ISO/IEC Guide 66:1999, General requirements for bodies operating assessment and certification/registration of environmental management systems. First Edition, 1999

[90] IAF Guidance on the Application of ISO/IEC Guide 66, Issue 2, December 2001



ANNEX 3 - TERMINOLOGY

Aerial work: An aircraft operation in which an aircraft is used for specialised services such as agriculture, construction, photography, surveying, observation and patrol, earch and rescue or aerial advertisement. (Def. EU Reg. 1035/2011)

Aeronautical information service:

A service established within the defined area of coverage responsible for the provision of aeronautical information and data necessary for the safety, regularity, and efficiency of air navigation. (Def. EC Reg. 549/2004)

Airspace management:

A planning function with the primary objective of maximising the utilisation of available airspace by dynamic time-sharing and, at times, the segregation of airspace among various categories of airspace users on the basis of short-term needs. (Def. EC Reg. 549/2004)

Airspace users: Operators of aircraft operated as general air traffic. (Def. EC Reg. 549/2004)

Air traffic control (ATC):

A service provided for the purpose of:

(a) preventing collisions:

-between aircraft, and

- in the manoeuvring area between aircraft and obstructions; and

(b) expediting and maintaining an orderly flow of air traffic. (Def. EC Reg. 549/2004)

Air traffic flow management:

A function established with the objective of contributing to a safe, orderly and expeditious flow of air traffic by ensuring that ATC capacity is utilised to the maximum extent possible, and that the traffic volume is compatible with the capacities declared by the appropriate air traffic service providers (Def. EC Reg. 549/2004).

Air traffic management:

The aggregation of the airborne and ground-based functions (air traffic services, airspace management and air traffic flow management) required to ensure the safe and efficient movement of

aircraft during all phases of operations. (Def. EC Reg. 549/2004)

Area control service: An ATC service for controlled flights in a block of airspace. (Def. EC Reg. 549/2004)

Air traffic services: The various flight information services, alerting services, air traffic advisory services and ATC services (area, approach and aerodrome control services). (Def. EC Reg. 549/2004)

Air navigation services:

Air traffic services; communication, navigation and surveillance services; meteorological services for air navigation; and aeronautical information services. (Def. EC Reg. 549/2004)

Air navigation service providers (ANSPs):

Any public or private entity providing air navigation services for general air traffic, including an organisation having applied for a certificate to provide such services. (Def. EU Reg. 1035/2011)

Airspace block: An airspace of defined dimensions, in space and time, within which air navigation services are provided. (Def. EC Reg. 549/2004)

Air traffic control (ATC):

A service provided for the purpose of:

(a) preventing collisions:

-between aircraft, and

- in the manoeuvring area between aircraft and obstructions; and

(b) expediting and maintaining an orderly flow of air traffic. (Def. EC Reg. 549/2004)

Asset: They are economic resources owned by business or company. Anything tangible or intangible that one possesses, usually considered as applicable to the payment of one's debts is considered an asset. Simplistically stated, assets are things of value that can be readily converted into cash (although cash itself is also considered an asset). The balance sheet of a firm records the monetary value of the assets owned by the firm. It is money and other valuables belonging to an individual or business.

Attorney: In general, an agent authorized to act in legal capacity for a principal, such



as an attorney-in-fact. In specific, a lawyer properly called an attorney-at-law.

Audit: Systematic examination to determine whether activities and related results conform to planned arrangements and whether these arrangements are implemented effectively and are suitable for achieving the organization’s policy and objectives [BS EN ISO 9000:2005]

Balanced business scorecard:

A strategic performance management tool - a semi-standard structured report supported by proven design methods and automation tools can be used by managers to keep track of the execution of activities by staff within their control and monitor the consequences arising from these actions.

Balance sheet: A summary of the financial balances of a company. Assets, liabilities and ownership equity are listed as of a specific date, such as the end of its financial year. A balance sheet is often described as a "snapshot of a company's financial condition". Of the four basic financial statements, the balance sheet is the only statement which applies to a single point in time.

A standard company balance sheet has three parts: assets, liabilities and ownership equity.

Baseline:

The Baseline (BL) represents the situation of the year before the year of starting the Business Plan (e.g. 2009 for a plan 2010-14). It includes the Baseline Staff Cost, the Other Operating Cost, the Depreciation Cost which is the sum of the individual depreciation cost of BSOs, for investments made before the SBP start year and the Cost of Capital, which is the sum of the individual BSOs CoC.

Business plan:

A formal statement of a set of business goals, the reasons why they are believed attainable, and the plan for reaching those goals. It may also contain background information about the organization or team attempting to reach those goals.

Business process: Series of logically related activities or tasks (such as

planning, production, sales) performed together to produce a defined set of results. Also called business function.

Capabilities: It is defined as the ability to execute a specified course of action. A capability may or may not be accompanied by an intention. (e.g. SMART approach)

or

Are the tangible and intangible skills and assets that an organisation uses to generate outputs. Organisation’s capabilities represent what is needed to achieve its short-term (five-year) objectives.

Capital expenditure: A capital expenditure is incurred when a business spends money either to buy fixed assets or to add to the value of an existing fixed asset with a useful life that extends beyond the taxable year.

Capital cost: Capital costs are costs incurred on the purchase of land, buildings, construction and equipment to be used in the production of goods or the rendering of services. In other words, the total cost needed to bring a project to a commercially operable status.

Certificate: A document issued by a national supervisory authority in any form complying with national law, which confirms that an air navigation service provider meets the requirements for providing a specific service. (Def. EC Reg. 549/2004)

Community: A type of stakeholder. A group of interacting people living in a common location that can take benefit of the projects settled by an Organization.

Customer: A customer is usually used to refer to a current or potential buyer or user of the services of an organization. This is typically through purchasing or renting services.

Development The systematic use of the knowledge or understanding gained from research, directed toward the production of useful materials, devices, systems, or methods, including the design and development of prototypes and processes. It



excludes quality control, routine product testing, and production.

European improvement plan for the European network:

Plan developed before the end of 2014 by the body entrusted with the route design function in accordance with Article 6 of the airspace Regulation (EC No 551/2004), in collaboration with States/FAB.

Formal Review Process:

The SBP must therefore be regularly revised and monitored by the respective Stakeholder staff. It is recommended that a dedicated Strategic Planning function undertakes this activity.

Function: 1. General: Type of action performed by a device, department, or person.

2. Management: Task oriented block of related efforts (accounting, marketing, manufacturing, etc.) organized to produce intended outputs (financial reports, sales, products, etc.).

3. Statistics: Mathematical relationship in which a quantity (dependent variable) depends on or is determined by another quantity (independent variable) or quantities. The dependent variable is said to be a function of the independent variable(s). If something is done, or something happens, to the independent variable(s), it is reflected in the dependent variable. For example, expenditure is a function of income and, for a wage earner, income is a function of two variables-per hour wage rate and number of hours worked.

Functional airspace block:

An airspace block based on operational requirements and established regardless of State boundaries, where the provision of air navigation services and related functions are performance-driven and optimised with a view to introducing, in each functional airspace block, enhanced cooperation among air navigation service providers or, where appropriate, an integrated provider. (Def. EC Reg. 549/2004)

Functional system: A combination of systems, procedures and human

resources organised to perform a function within the context of ATM (Def. EU Reg. 1035/2011)

General aviation: Any civil aircraft operation other than commercial air transport or aerial work (Def. EU Reg. 1035/2011)

Governance: Establishment of policies and continuous monitoring of their proper implementation, by the members of the governing body of an organization.

Governmental: Of or pertaining to the government. For example, courts are governmental entities that are an extension of the Department of Justice. (Business Dictionary)

Handbook: Comprehensive and detailed work on a particular topic for practitioners, structured for quick reference and often used as a supplement to a text book. The term is commonly used interchangeably with manual.

ICAO Te International Civil Aviation Organisation, as established by the 1944 Chicago Convention on International Civil Aviation. (Def. EC Reg. 549/2004)

Job: A combination, collection, assignment, of tasks as a whole. A job is normally allocated to a post within an organisation.

As a minimum the description of a job includes: the list of the tasks it covers together with the various stakeholders concerned with their needs and expectations. (EUROCONTROL)

International Airport Any airport designated by the Contracting State in whose territory it is situated as an airport of entry and departure for international air traffic, where the formalities incident to customs, immigration, public health, animal and plant quarantine and similar procedures are carried out. (ICAO)

Key performance indicators (KPIs):

Financial and non-financial metrics used to help an organization define and measure progress toward organizational goals (performance indicators used for the purpose of performance target setting)

Leadership: It is the ability to successfully integrate and maximize



available resources within the internal and external environment for the attainment of organizational or societal goals.

Manual: Comprehensive and step-by-step guide to a particular topic for both beginners and practitioners that also serves as a reference book. A manual details what is given and what is required, explains how to put the presented information into practice, and instructs how to solve problems as they occur. This term is commonly used interchangeably with handbook.

Medium dependency:

A relation between a BSO and an MLO where the BSO contributes to a medium level to the accomplishment of the respective STO. For measuring reasons is considered that a medium dependence contributes nominally 30% non-weighted (see about weighted contribution of many BSOs in the SPPAT User Manual).

Meteorological services:

Those facilities and services that provide aircraft with meteorological forecasts, briefs and observations as well as any other meteorological information and data provided by States for aeronautical use. (Def. EC Reg. 549/2004)

Mission statement: What and how has to be done in everyday work to progress towards the Vision.

National/FAB improvement plan on route design

Plan developed at national/FAB level before the end of the first reference period and consistent with the European Improvement Plan for the European Network.

National supervisory authority (NSA):

The body or bodies nominated or established by Member States as their national authority pursuant to Article 4 of Regulation (EC) No 549/2004 (Def. EU Reg. 1035/2011)

Operation: Series of functions and tasks that are involved in a single process. For example, a manufacturing operation

Organisation: Means an entity providing air navigation services. (Def. EU Reg. 1035/2011)

Group of people and facilities with an arrangement of responsibilities, authorities and relationships EXAMPLE

Company, corporation, firm, enterprise, institution, charity, sole trader or association, or parts or combinations thereof.

NOTE 1 The arrangement is generally orderly.

NOTE 2 An organization can be public or private.

[BS EN ISO 9000:2005]

It is the recurring expenses which are related to the operation of a business, or to the operation of a device, component, and piece of equipment or facility.

pan-European air navigation service

An air navigation service which is designed and established for users within most or all Member States and which may also extend beyond the airspace of the territory to which the Treaty applies. (Def. EU Reg. 1035/2011)

Performance indicators

Indicators used for the purpose of performance monitoring, benchmarking and reviewing.

Performance plan: The national supervisory authorities, at either national or functional airspace block level, shall draw up performance plans containing targets consistent with the European Union-wide performance targets and the assessment criteria set out in Annex III to the Commission Regulation EC laying down a performance scheme for air navigation services and network functions

Policy: 1. Governmental: (1) Basic principles by which a government is guided. (2) Declared objectives which a government seeks to achieve and preserve in the interest of national community. See also public policy.

2. Insurance: Formal contract issued by an insurer that contains terms and conditions of the insurance cover and serves as its legal evidence.

3. Organizational: Set of basic principles and associated guidelines, formulated and enforced by the governing body of an organisation, to direct and limit its actions in pursuit of long-term goals. See also corporate policy. (Business Dictionary)

Procedure: Specific way to carry out an



activity [ISO 9000:2000]

or

Fixed, step-by-step sequence of activities or course of action (with definite start and end points) that must be followed in the same order to correctly perform a task. Repetitive procedures are called routines.

Process: Set of interrelated or interacting activities which transforms inputs into outputs [BS EN ISO 9000:2005]

or

Sequence of interdependent and linked procedures which, at every stage, consume one or more resources (employee time, energy, machines, money) to convert inputs (data, material, parts, etc.) into outputs. These outputs then serve as inputs for the next stage until a known goal or end result is reached.

Project Management: Techniques for managing efficiently the process of business planning. It is the discipline of planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives.

Reference period for the performance scheme:

The first reference period for the performance scheme shall cover the calendar years 2012 to 2014 included. The following reference periods shall be of five calendar years, unless decided otherwise through amendment of the Commission Regulation EC 691/2010 laying down a performance scheme for air navigation services and network functions.

Regulator: Government body formed or mandated under the terms of a legislative act (statute) to ensure compliance with the provisions of the act, and in carrying out its purpose. Also called regulatory authority or regulatory body.

Resources: all assets, people, skills, information, technology (including plant and equipment), premises, and supplies and information (whether electronic or not) that an organization has to have available to use, when needed, in order to operate

and meet its objectives.

Regulatory authority: Regulatory authority is a public authority or government agency responsible for exercising autonomous authority over the State’s FIR in a regulatory or supervisory capacity.

Revenue: Income that a company receives from its normal business activities, usually from the sale of goods and services to customers.

Risk analysis: It is a technique to identify and assess factors that may jeopardize the success of a project or achieving a goal.

Roadmap:

It can be the resulting Gantt charts report but also any other depiction that shows the timely position of the completion of the BSO and the respective achievement of the Strategic Objectives in a time/domain two dimensional diagram.

Role: The part played by people in meeting their objectives by working competently and flexibly within the context of the organisation’s objectives, structure and processes. (EUROCONTROL)

En-route service units: Are related to over flights.

Terminal service units: Are related to terminal for departing flights.

Safety assurance: All planned and systematic actions necessary to provide adequate confidence that a product, a service, an organisation or a functional system achieves acceptable or tolerable safety (Def. EU Reg. 1035/2011)

Safety objective: A qualitative or quantitative statement that defines the maximum frequency or probability at which a hazard can be expected to occur (Def. EU Reg. 1035/2011)

Safety regulatory audit:

A systematic and independent examination conducted by, or on behalf of, a competent authority to determine whether complete safety-related arrangements or elements thereof, related to process and their results, products or services, comply with required safety-related arrangements and whether they are implemented effectively and are suitable to achieve expected results. (Def. EU Reg. 1034/2011)



Safety requirement: A risk-mitigation means, defined from the risk-mitigation strategy that achieves a particular safety objective, including organisational, operational, procedural, functional, performance, and interoperability requirements or environment characteristics (Def. EU Reg. 1035/2011)

Services: Either an air navigation service or a bundle of such services (Def. EU Reg. 1035/2011)

Service: According to ISO 9000, clause 3.4.2 Product: “Service is the result of at least one activity necessarily performed at the interface between the supplier and customer and is generally intangible. Provision of a service can involve, for example, the following:

an activity performed on a customer-supplied tangible product (e.g. automobile to be repaired);

an activity performed on a customer-supplied intangible product (e.g. the income statement needed to prepare a tax return);

the delivery of an intangible product (e.g. the delivery of information in the context of knowledge transmission);

the creation of a pleasant ambience for the customer (e.g. in hotels and restaurants).”

Stakeholders: Persons or groups having interest in the performance or success of an organisation [ISO/PAS 22399:2007]

or

Those with a vested interest in an organization’s achievements

NOTE This is a wide-ranging term that includes, but is not limited to, internal and “outsourced” employees, customers, suppliers, partners, employees, distributors, investors, insurers, shareholders, owners, government and regulators.

or

An individual or organization with a legitimate interest in a given situation, action or enterprise.

Strategy: It is a plan of action designed to achieve a particular goal.

Strategic objectives (STO):

To achieve the Vision a number of high level Strategic Objectives must be accomplished. These are related to the high-level goals of the European ATM Master Plan, the requirements of the Single European Sky and are normally supported by a number of BSOs. The number of STOs should range between five to a maximum of seven.

Strategic planning:

An organization's process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. Various business analysis techniques can be used in strategic planning, including SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats ), PEST analysis (Political, Economic, Social, and Technological), STEER analysis (Socio-cultural, Technological, Economic, Ecological, and Regulatory factors), and EPISTEL (Environment, Political, Informatic, Social, Technological, Economic and Legal).

System: set of interrelated or interacting elements [BS EN ISO 9000:2005]

SWOT: Strengths-Weaknesses-Opportunities-Threats.

Suppliers: anyone who provides goods or services to a company

Task: An element of work performed by an individual or individuals, during the course of a project or operation.

It is a temporary or repeated endeavour which, when undertaken, results to a product or a service. A task is performed by identified resources (most generally people). A task is planned, executed and controlled. (EUROCONTROL)

Top management: Person or group of people who direct and control an organization at the highest level [BS EN ISO 9000:2005]

NOTE Top management, especially in a large multinational organization, might not be directly involved;



however, top management accountability through the chain of command is manifest. In a small organization, top management might be the owner or sole proprietor.

Vision:

A succinct description of a future status of the organisation to become, containing an ambitious goal to achieve and able to motivate human resources to pursue its accomplishment.

DSS/Support to CAA-NSA Guidelines for NSAs for the Development of the ANSP Oversight Process


ANNEX 4 – ON GOING SAFETY OVERSIGHT

ANNEX 5 - QUALITY OVERSIGHT

ANNEX 6 - ATM SECURITY OVERSIGHT

ANNEX 7 - ECONOMICS AND FINANCIAL STRENGTH OVERSIGHT

ANNEX 8 - ATM HUMAN RESOURCES OVERSIGHT

ANNEX 9 - AIRSPACE AND FLOW MANAGEMENT OVERSIGHT

The above-mentioned Annexes are separate files-documents. They mainly represent compliance check lists.

r support to caa-nsa - eurocontrol | - driving excellence in … · 2014-08-14 · a particular...

Documents