IOSA Workshop Session 2 - IOSA Program and Audit … Standards Manual (ISM): Contains all ISARPs...

IAT Course V6

IOSA WorkshopSession 2

IOSA Program and Audit

IOSA CAA Workshop

Session 2 - IOSA Program and Audit

IOSA Organization & interfaces

IOSA Certifications & Accreditations

Audit Process

Assessing ISARPs “Documented” and “Implemented”

IOSA Organization

and Interfaces

IOSA Structure

Airline

IOC

IOSA Program

Management

AO ETO

AccreditationAccreditation

Training

IOSA Oversight Council

Audit Organization

+ IOSA Auditors

Endorsed

Training

Organization

IOSA Communication - Regular meetings

IOC bi-annual meetings

ETO annual meetings

AO bi-annual meetings

IOSA Management Chart

IOSA Oversight Council

Represents industry interests

Composition:

15 IATA member airlines

10 Authorities.Currently participating: ICAO, FAA, EU, DGAC France

Operators are encouraged to attend IOC meetings as observers

IOC

IOSA Oversight Council

Role:

Independent monitoring of IOSA Management of

Program and Standards, by means of industry

feedback on program content and functionality

Develop strategy and recommendations on how to

address objectives set by IATA Operations

Committee and IATA Senior Management

Ensure IOSA quality is maintained

IOC

Specific AO role, responsibilities and rules published in the IOSA Program Manual (IPM)

Select, employ train and administer IOSA auditors (only IOSA auditors are authorized to conduct IOSA audits)

AOs and IOSA Auditors are subject to strict conflict-of-interest restrictions

Audit Organizations (AOs) and IOSA Auditors

IOSA Standards Manual (ISM): Contains all ISARPs What will be audited?

IOSA Program Manual (IPM):

program rules applicable to IATA, AOs, operators How is the audit done?

IOSA Audit Handbook (IAH): guidance, processes,

procedures for AOs & Auditors How does an auditor work?

IOSA Reference Manual (IRM): abbreviations and terms

associated with the ISARPs.

The IOSA documents are published online at www.iata.org/iosa

IOSA Documentation System - Manuals

IOSA Program Manual (IPM) - Content

0 - Introduction

1 - IOSA Program management

2 - AO Accreditation

3 - Auditor Qualification

4 - Auditor Training

5 - ETO Accreditation

6 - Airline responsibilities for

IOSA registration

7 - IOSA registration

8 - Audit Program

9 - IOSA Audit Report (IAR)

10 - Audit sharing

11 - Dispute Resolution

12

IOSA Manuals

Annual revision (April), an option for Temporary Revisions

IOSA Task Forces

Managed by IATA

Members: 10 to 15 experts in airline operational safety and security

Build, update and improve the ISARPs.

Monitor ICAO, FAR, EU OPS evolutions

Integrate IATA Safety Group conclusions

Follow and incorporate industry evolutions and developments.

IOSA Documentation System - Revisions

Review by FLT/DSP Task Force:

Industry/Regulatory Developments that Require TF Action

Circling approaches and stabilization criteria

Potential impact of EASA “Basic” and “TCO” regulation on

ISM;

ICAO Annex 6, Amendment 36 changes:

Alternate Selection and Fuel Planning;

Extended Diversion Time Operations (EDTO);

Fatigue Risk Management Systems (FRMS)

FDRs and ELTs

IOSA Documentation System - Revisions

Example of ICAO - IOSA coordination

FLT 4.3.14 - Automatic Emergency Locator

Transmitter (ELT):

ICAO Standard specifies all aircraft with more than 19

passenger seats to have an automatic ELT on board.

Certain States did not mandate this norm.

Co-ordinated effort by IOSA mandated ICAO standard for all

IOSA carriers using a phased implementation plan

Example of present ICAO-IOSA coordination

Introduction of SMS ICAO SARPs into IOSA

Action Plan by IATA and monitoring ICAO SARPs to ensure consistent alignment between IATA SMS material and ICAO SMS.

Using the IRM. Exercise

Auditor Comments: “The operator does not transport cargo at all. They only transport the obvious and necessary company mail for internal company communication”.

Is this standard Applicable or Not ?

Exercise (outcome)IRM Definition:

IOSA Certifications &

Accreditations

IATA applies strict Accreditation Standards and

Processes for AOs and ETOs

There are currently six (6) AOs and five ETOs

accredited

Accreditation of AOs and ETOs

20

Accreditation Standards

Company organization, management system

Quality Assurance and Quality Control programs

Independence of organisation. Conflict-of-interest

Human and physical resources, Audit and auditor administration

AO Operations Manual (published processes and procedures)

Accreditation Processes

Initial

Continuing accreditation

Periodic review

Performance evaluation and measurement

ETO accreditations follow a similar process

AO Accreditation

21

Auditor selected by an AO under IOSA program

Basic prerequisites: education, training, experience as auditor, experience in the field

ORG, FLT, DSP, MNT auditors must meet special prerequisites

Global and individual performance continuously evaluated under quality assurance program

IOSA Auditor Selection and Approval

22

Auditor Training and Qualification process

IOSA course : “IOSA Auditor Training” conducted by an Endorsed Training Organization (5 days)

Auditor under supervision during first audit;

Full evaluation on second audit

Auditor Continuing Qualification and monitoring

Annual recurrent training (one day)

Biennial audit performance evaluations

Minimum 2 audits per year per discipline

IOSA Auditor Qualification

Categories of IOSA Auditors

IOSA Auditor: May audit a maximum of 4 disciplines.

Mandatory qualification for SMS

Lead Auditor:

leads an IOSA Audit Team.

Mandatory qualification for ORG and SMS

Evaluator:

evaluates Auditors and Lead Auditors

IOSA Registration & Audit SharingIATA

Share

IOSA

Registry

IATA

IOSA

Database

IOSA Audit Report (IAR)

AO

Audit

Airline Y

Share

Airlines Regulators

Process whereby an interested party utilizes the audit

of an operator to satisfy its need for an audit of that

operator

IOSA Audit Report (IAR) is the exclusive property of

the Operator. IATA is the custodian of the IAR

Access to an IAR only after authorization from the

Operator.

Audit Sharing

Initial IOSA audit: all findings must be closed within 12

months of IOSA audit completion

Renewal audit: registration is maintained if operator closes

any new findings before its IOSA expiry date.

IOSA Registry: IATA Website listing operators with current,

complete IOSA audits

IOSA Registration

Maintaining IOSA registration

During the 2 year registration period, the Operator shall:

Continuously monitor conformity with IOSA standards

Inform IATA and the AO of any significant changes such

as re-organization, mergers acquisitions, changes to

fleets, incidents/accidents, etc.

IOSA Quality Assurance

Monitors, assesses, measures performance of IOSA Program in all areas of AO and ETO output, for continual improvement in program:

QC of IOSA Reports

QA of IOSA Audit Teams onsite

QA of Standard of ETO instruction and training

Audit Process

Audit Process Overview

IOSA audit

incl. preparation and

processingIATA

Quality Assurance

Airline

AO

IOSA

Lead Auditor

Audit Team

AO

Quality Assurance

Audit Process and Standardization

Audit program follows IPM rules, which include:Audit preparation: scope, objectives, preparation meeting

Audit planning/scheduling (minimum 30 auditor days onsite)

Provision of resources and logistical support

Audit conduct:

Opening and closing meeting

On site audit

Mandatory assessments

Follow – up of corrective actions plan and Audit Report

Quality Check by AO and IATA of all these elements.

Definition: Evidence

Data or information discovered during an

audit that is analysed and used to determine

conformity.

Definition: Conformity

Standard is documented and implemented

by the Operator

Gathering Evidence

Reviewing documentation (reading)

Interviewing personnel (hearing). Caution with this type of evidence

Assessing conditions, facilities and equipment (observing) depends on sample observed

Assessing operational activities and processes (observing)

Corroborating Evidence

Additional interviews/assessments

Technical records (maintenance, training)

Activity records (agendas, minutes)

Reports (accidents, incidents, anomalies)

Statistical summaries (failure rates, performance measurement).

Definition

IOSA Standards & Recommended Practices (ISARP)

Specified systems, policies, programs, processes, procedures, plans, sets of measures, facilities, components, types of equipment or any other aspect of operations under the scope of IOSA.

Standards: « SHALL » Must - Mandatory

Example: ORG 1.2.1 - The Operator shall have a corporate policy that commits the organisation to continualimprovment of the management system

Recommended Practices:

« SHOULD » Optional – Recommended

Example: ORG 3.1.1 - The Operator should have a corporate policy that supports implementation of a non-punitive reporting system .....

(Note: the should is always in italics )

Finding:

The documented statement based on factual evidence that

indicates an Operator is not in conformity with an

IOSA Standard.

Observation:

The documented statement based on factual evidence that

indicates an Operator has not fulfilled an

IOSA Recommended Practice.

Definition

IAT Course V5

Goal:

Collect evidence to

complement on site Audit

Audit conduct - Mandatory Assessments

Audit conduct - Mandatory Assessments

Operational DisciplineMinimum observed Activities and/or

Processes

Flight Operations 1 Line flight – flight deck operations

1 Simulator session or Training flight

Operational Control & Flight

Dispatch

1 Flight planning

1 Flight monitoring

Aircraft Engineering &

Maintenance

1 AD/ASB process

2 Maintenance activities

1 Maintenance process

Audit conduct - Mandatory Assessments

Operational DisciplineMinimum observed Activities and/or

Processes

Cabin & Cargo Compartment

Operations

1 Line flight - passenger cabin

operations only

Ground Handling 1 Weight and balance calculation

1 Ground handling activity

Cargo Operations 1 Aircraft loading or unloading

Operational Security 1 Baggage reconciliation

1 Pre-Board/hold room screening

1 Aircraft access control

1 Preflight crew security briefing

Closure of Findings

To close a Finding, the operator initiates a Corrective Action

Plan (CAP).

A Root Cause must be completed by Operator, providing the

reason why the provision had not been incorporated

(good analysis of Root Cause is essential for effective SMS)

The AO verifies consistency of all elements and effective

implementation of the corrective actions.

IATA cross-checks all data.

Exercise: root cause

Proposed root causes by an Operator:

1. the process to ensure products acquired from external suppliers meet

technical specifications was not documented nor implemented

2. the external suppliers did not have any technical specifications available

3. The departments responsible for technical specifications for external suppliers

thought the specifications were part of the business contract and that they

were monitored by the commercial department.

Assessing ISARPs

as “Documented”

and “Implemented”

The Core IOSA Principle of

“Documented” and “Implemented”

Documents must be “controlled” by the Operator.

Implementation is assessed based on processes,

procedures, etc, in controlled documents

This ensures conformity based on standard

operating procedures, not on undocumented

practices, for which standardization is not assured.

Definition: Documented

The specification is published and

accurately represented in a controlled

document by the Operator.

Definition: Controlled document

A Document subject to

processes that provide for

positive control of content,

revision, publication,

distribution, availability and

retention.

Why evaluate “Documented”?

Documented standards are necessary to:

ensure systems, programs, policies, processes, procedures and plans are implemented in a standardized manner and sustained on an on-going basis

Provide continuity in the information to personnel;

Ensure personnel are properly trained;

Conduct evaluations (e.g. audits, inspections) against documented specifications.

How to assess “Documented”

The specification must be contained in an official company document : manual, handbook, permanent publication

The style and format must clearly and accurately represent the meaning and intent of the specification and can be understood by operational personnel.

Documents assessed can be in paper or electronic form, but letters, emails, memos, bulletins, flyers or posters are generally not acceptable

IOSA philosophy

The ISARPs must be consistently

“documented” and “implemented” by an

Operator to ensure standardized application

Definition: Implemented

Specification is established, activated,

integrated, incorporated, deployed, installed,

maintained and/or made available, as part of the

operational system, and is monitored and

evaluated, as necessary, for continued

effectiveness.

Assessing “Implemented”

Specifications must be established so that they have become an active and integral part of the operation.

There must also be a measure of control of the activity to ensure that the desired outcomes are achieved.

Implementation shall be in accordance with

documented policies, processes, procedures, etc.

This ensures implementation is based on standard

operating procedures and not on undocumented

practices, for which standardization is not assured.

Linked assessment of documentation

and implementation

Exercise 1: does this auditor narrative

support the assessment of “Documented”?FLT 2.2.11 The Operator shall ensure flight crew members complete training and an

evaluation in aircraft systems and limitations, to include a demonstration of

competence in the operation of aircraft systems. Such training and evaluation shall be

completed during initial ground training and subsequently during recurrent training

once every three (3) calendar years. (GM)

Documented and Implemented

Training records for Aircraft systems & limitations training were reviewed.

Training completed in Beijing 12-16APR11

Exercise 1

FLT 2.2.11 The Operator shall ensure flight crew members complete training and an

evaluation in aircraft systems and limitations, to include a demonstration of

competence in the operation of aircraft systems. Such training and evaluation shall

be completed during initial ground training and subsequently during recurrent

training once every three (3) calendar years. (GM)

Documented and Implemented

Training records for Aircraft systems & limitations training were reviewed. Training

completed in Beijing 12-16APR11

Operations Manual - OM D 7.1.3 ii) This would be a possible

evidence of documentation

Exercise 2: does this auditor narrative

support the assessment of “Documented”?CAB 2.2.2 <PA> If the Operator conducts passenger flights with cabin crew, the

Operator shall ensure cabin crew members receive training that provides

knowledge of safety policies and procedures associated with the preflight, in-flight

and post-flight phases of cabin operations. Such training shall be included in the

cabin crew initial and re-qualification training courses, and in the recurrent training

course on a frequency in accordance with requirements of the Authority, but not

less than once during every 24-month period. (GM)

Documented and Implemented

PowerPoint presentation of Cabin Crew Safety pre/post flight procedures

Exercise 2CAB 2.2.2 <PA> If the Operator conducts passenger flights with cabin crew, the

Operator shall ensure cabin crew members receive training that provides

knowledge of safety policies and procedures associated with the preflight, in-flight

and post-flight phases of cabin operations. Such training shall be included in the

cabin crew initial and re-qualification training courses, and in the recurrent training

course on a frequency in accordance with requirements of the Authority, but not

less than once during every 24-month period. (GM)

Documented and Implemented

PowerPoint presentation of Cabin Crew Safety pre/post flight procedures

Cabin Crew Manual Ch 6.7.8 and Ch 7.6.7 This would be a possible

evidence of documentation

IOSA scope / ISARPs applicabilityAn airline is not eligible for IOSA if :

All aircraft operations are conducted by another operator, (wet lease in)

Or

The Airline does not operate a minimum of one aircraft on Commercial:

Passenger flights with or without cabin crew.

Cargo flights with or without carriage of pax or supernumeraries.

Or

Operations are conducted only with these types of aircraft:

Aircraft with maximum certificated takeoff mass of 5700kg or less;

Single engine aircraft;

Single pilot aircraft;

Helicopters;

Seaplanes.

IOSA scope / ISARPs applicability

In consequence:

ISARPs can only be applied to those aircraft authorized in the AOC and utilized in commercial passenger and/or cargo flights.

If certain aircraft/fleets are out of the IOSA scope, the airline can still undergo IOSA, the eligible fleets will be audited and non eligible fleets listed as “Out of Scope”.

Module summary

The IOSA is a well-structured program run by IATA,

with global recognition

The audits are conducted by trained auditors under

supervision of IATA

All planes on the AOC must be audited or exempted

under certain conditions

Auditing focuses on proper documentation and

implementation of the required standards

****

****

****

***

**

****

****

****

*

Questions ?