E-IOSA Project Closure Report 2015

7/25/2019 E-IOSA Project Closure Report 2015

1/40

Enhanced IOSA Project Closure Report

Date: 04-Sep-

Page 1of 40

Enhanced IOSA

Project Closure Report

1 September 2015


2/40


IATA Audit Programs

1 September 2015

Page 2of 40


3/40


IATA Audit Programs

1 September 2015

Page 3of 40

Table of Contents

Foreword .................................................................................................................................... 51. Introduction ......................................................................................................................... 6

1.1 Inception ..................................................................................................................... 61.2 Board of Governors Decision ..................................................................................... 61.3 Pre-Project Activities .................................................................................................. 6

2. Project Organization ........................................................................................................... 72.1 Meeting Structure ....................................................................................................... 82.2 Stakeholder Management .......................................................................................... 8

2.2.1 Industry ................................................................................................................... 92.2.2 Audit Organizations .............................................................................................. 102.2.3 IOC ........................................................................................................................ 102.2.4 OPC ...................................................................................................................... 102.2.5 ICAO ..................................................................................................................... 10

2.2.6 EASA .................................................................................................................... 112.2.7 US FAA ................................................................................................................. 112.2.8 ANAC Brazil .......................................................................................................... 122.2.9 US DoD ................................................................................................................. 122.2.10 ECAC ................................................................................................................ 122.2.11 IATA Regional Offices ...................................................................................... 13

2.3 Project Resources .................................................................................................... 132.4 Work Breakdown Structure ...................................................................................... 14

3. Project Deliverables ......................................................................................................... 143.1 EI 1Airline Quality Assurance Staff Training ........................................................ 15

3.1.1 Online Information Sessions ................................................................................. 153.1.2 Dispatch Auditor Training ..................................................................................... 153.1.3 Regional E-IOSA Workshops ............................................................................... 16

3.1.3.1 E-IOSA Workshop Feedback............................................................................ 173.2 EI 2Audit Procedures ........................................................................................... 18

3.2.1 Selective Standards Application ........................................................................... 193.2.2 IOSA Audit Handbook For Airlines ....................................................................... 193.2.2.1 Auditor Actions for Airlines ................................................................................ 203.2.2.2 Repeated and Interlinked ISARPs .................................................................... 213.2.3 AO Procedures and Guidance (IAH Part 1) ......................................................... 223.2.5 IOSA Auditor Training Updates ............................................................................ 223.2.6 IOSA Auditor Recurrent Training .......................................................................... 223.2.7 Mandatory Observations ...................................................................................... 223.2.8 E-IOSA Observations ........................................................................................... 233.2.9 Auditor Webinars .................................................................................................. 24

3.3 EI 3Conformance Report ...................................................................................... 243.3.1 Conformance Report Format and Content ........................................................... 243.3.2 Conformance Report Acceptance Criteria............................................................ 25

3.4 EI 4Q5 Systems and Infrastructure ...................................................................... 263.5 EI 5Partnership for Quality ................................................................................... 263.6 EI 6Communication Plan ...................................................................................... 26

3.6.1 External Communication ...................................................................................... 263.6.2 Internal Communication ........................................................................................ 273.6.3 2012 Survey .......................................................................................................... 28


4/40


IATA Audit Programs

1 September 2015

Page 4of 40

3.6.4 2013 Market Research ......................................................................................... 283.7 EI 7Other Items .................................................................................................... 28

3.7.1 Regulatory Cross-Reference Lists ....................................................................... 29

4. Proof-of-Concept Workshops and Voluntary E-IOSA Audits ........................................... 304.1 Proof-of-Concept Workshops ................................................................................... 304.2 E-IOSA Trial Audits .................................................................................................. 304.3 E-IOSA Audits in 2013 ............................................................................................. 314.4 E-IOSA Audits in 2014/2015 .................................................................................... 334.5 E-IOSA Conformance Rates .................................................................................... 33

5. Conclusions and Recommendations ................................................................................ 365.1 Audit Organizations and Audit Teams ...................................................................... 365.2 IOSA and the Operators ........................................................................................... 365.3 E-IOSA Standards and Audit Procedures ................................................................ 375.4 Data Analysis and Digitalization ............................................................................... 385.5 Quality Assurance .................................................................................................... 38

5.1 Overall Conclusion ................................................................................................... 39


5/40


IATA Audit Programs

1 September 2015

Page 5of 40

Foreword

Since the implementation of the IOSA in 2003, the original goals of the IOSA programlaying a

foundation for improved operational safety and security, eliminating redundant industry audits

have been reached. The IATA members agreed to move the IOSA program to a next level that

will result in a more effective evaluation of operational safety and security practices. The

Enhanced IOSA (E-IOSA) concept was transitioned into the Program and therefore required

continuous input from and coordination with the IOSA registered operators and all other

stakeholders.

The transition plan was rolled out as planned. With 16 E-IOSA Audits performed in 2013 (Board

target: 10 E-IOSA Audits), 50 performed in 2014 (Board target: 39 E-IOSA Audits) and 41performed in 2015 (Board target: 21 E-IOSA Audits), the Board targets were achieved and

exceeded in each year.

This project closure report summarizes the deliverables, lessons learned and conclusions.

IATA thanks all involved parties including and not limited to all participating IATA member

Airlines, the Enhanced IOSA Implementation Task Force, the Audit Organizations, the IATA

Operations Committee, the IOSA Oversight Council, the ICAO, the EASA, the FAA, the ANAC

and all other stakeholders for their dedication and support, and for striving to continually improve

airline safety performance.

With the hope of a continued cooperation

With Best Wishes

The IOSA Management


6/40


IATA Audit Programs

1 September 2015

Page 6of 40

1. Introduction

This project closure report provides an overview over the project tasks andsummarizes the deliverables under E-IOSA.

This report is structured in alignment with the project work breakdown structure

which is in Figure 3 later on.

1.1 Inception

The concept of E-IOSA was initiated in December 2010.

Since then, the concept evolved continuously and important milestones were

reached.

Necessary updates were provided to the industry from the IATA top management

level (Board of Governors, BoG) on a regular basis.

1.2 Board of Governors Decision

During the Annual General Meeting in June 2013, the IATA Board of Governors

mandated the planned E-IOSA process for all IOSA-registered operators as of

September 2015. As of this date, all Registration Renewal Audits are conducted

in accordance with the E-IOSA process:

At the recommendation of IATAs Operations Committee, the Board approved

the final implementation date of September 2015 for all IOSA registered airlines to

conform with the Enhanced IOSA requirements.

1.3 Pre-Project Activities

Before the continuation of the E-IOSA transition plan as a project as described in

the following chapters, IATA performed a series of activities to sharpen the

concept and to determine the boundaries of E-IOSA.

IATA conducted proof-of-concept workshops with volunteering operators with the

aim to gain knowledge about the operators preparation process and potential

challenges during the internal implementation of E-IOSA related activities.

The workshops led into the trial audit phase in which AOs tested E-IOSA on pre-

determined operators during live IOSA Registration Renewal Audits (see chapter

4).

IATA Board of Govern

mandated E-IOSA

requirements for all

registered operators a

of September 2015.


7/40


IATA Audit Programs

1 September 2015

Page 7of 40

2. Project Organization

E-IOSA was introduced and implemented as a special project. The AuditPrograms Department established a project organization to maximize

effectiveness of all resources including the involved Task Forces. The Project

Plan depicted the project objectives as the following.

The E-IOSA Project had the objective to transition the current IOSA Program into

the E-IOSA model. Between 2012 and 2015, all necessary processes were

designed. In addition, necessary infrastructure was set up and relevant

communication was accomplished.

The aim was to prepare the IOSA Program, its resources, the operators, the Audit

Organizations, Endorsed Training Organizations and other stakeholders for the

implementation in September 2015.

The project organization supported the successful planning, execution and

closure of the project by ensuring clear assignment of tasks, reasonable

allocation of resources and seamless completion.

The organizational structure is described in the organizational chart below.


8/40


IATA Audit Programs

1 September 2015

Page 8of 40

Figure 1 Project Organization

Enhanced IOSA

Project

Manager, Audit

Standards

Executive Sponsor

SVP, SFO

Project Sponsor

Director, Audit

Programs

Project Manager

Head, IOSA

Senior Program

Advisor

Assistant

Manager, Registry

EI Implementation

Task Force*

External Resources

Internal Resources

Manager, Training

Vendors and

consultants

EI Implementation TF

Chairman*

Project

Office

* The E-IOSA Implementation TF was disbanded after its mandate and was transitioned into the IOSA

ORG Task Force under the IOSA Oversight Council (IOC).

2.1 Meeting Structure

The Project Office met bi-weekly and the E-IOSA Implementation Task Force met

monthly through conference calls. The Task Force held bi-annual face-to-face

meetings. Any other meetings took place individually, depending on the task and

the participants. Monthly updates are given to the Executive Sponsor, and upon

request.

2.2 Stakeholder Management

All groups or individuals who had an interest in the project regarding its functions,

performance or results were considered to be stakeholders.

The stakeholder management for E-IOSA followed the ultimate aim to manage all

stakeholders in an approach which ensured a successful project execution while

ensuring that the integrity of the IOSA program is kept.

E-IOSA Implementatio

Task Force transitione

into IOSA ORG Task

Force.


9/40


IATA Audit Programs

1 September 2015

Page 9of 40

Enhanced IOSA was supported and monitored by external, internal, industry and

regulatory stakeholders.

Figure 2 IOSA Stakeholder Map

2.2.1 Industry

The IATA member airlines and all other IOSA registered operators are the most

important customers to be affected by the changes under E-IOSA. IATAexercised steady consultation within and outside of the Task Forces to ensure the

industrys perspective is reflected when developing E-IOSA. Processes and

requirements were designed to ensure the industrys needs are met.


10/40


IATA Audit Programs

1 September 2015

Page 10of 40

2.2.2 Audit Organizations

The accredited Audit Organizations perform the audit work in the field andtherefore carry vital importance in the current IOSA Program set-up. With their

feedback on the E-IOSA processes, the AOs as well as the individual IOSA

Auditors contributed to the development of E-IOSA.

The AOs will have the responsibility to ensure consistent application of E-IOSA

protocols in future registration renewal audits by ensuring appropriate training of

IOSA Auditors.

2.2.3 BOG

The IATA Board of Governors prioritized the E-IOSA initiative and monitored it.

The E-IOSA was mandated through the following decision in 2013:

At the recommendation of IATAs Operations Committee, the Board approved

the final implementation date of September 2015 for all IOSA registered airlines to

conform with the Enhanced IOSA requirements.

Without the right vision and prioritization of the BOG, the E-IOSA project would

not have gained the traction that led to a successful implementation.

2.2.4 IOC

The IOSA Oversight Council (IOC) as the governing body of the IOSA Program

was regularly updated on and actively contributed to the E-IOSA project. Duringthe years 2013 and 2014, a majority of the IOC members were also part of the E-

IOSA Implementation Task Force which facilitated the IOCs understanding of,

and commitment to the E-IOSA.

2.2.5 OPC

The Operations Committee (OPC) as the Safety and Flight Operations Industry

Committee and advisor of the BoG, received regular updates on the E-IOSA

project.

At OPC 25 the members noted that this change to IOSA was a big and positivestep, and that it was important to keep in mind the safety benefit at a time whenits becoming harder and harder to gain global safety performance improvement.

2.2.6 ICAO

The ICAO has been a supporter of the IOSA Program since its beginning. The

38th ICAO Assembly was another milestone in the history of IOSA. The Assembly

recognized the global safety benefits of the IOSA Program and its elements that


11/40


IATA Audit Programs

1 September 2015

Page 11of 40

are being introduced with E-IOSA. The Technical Commission expressed its

support for the IOSA program and recommended that ICAO continue its support

of IOSA and the additional elements under Enhanced IOSA as a complementarysource of information for State safety oversight activities (see Report of the

Technical Commission on the General Section of its Report and on Agenda Items

26, 27, 28 and 29).

2.2.7 EASA

The EASA, as a regular observer to the IOC, has been witnessing the

development of the E-IOSA project since the early stages.

During these, IATA had the opportunity to visit the EASA as well as the European

Commission and to present the IOSA program and the E-IOSA concept, which

were well received. In the spirit of an open and continuously interactiverelationship with the main stakeholders, the EASA was invited to observe an E-

IOSA Trial Audit.

The summary provided by the EASA observer states:

With the introduction of the Enhanced IOSA concept, IATA has taken asystemic approach to effectively overcome weaknesses identified in the IOSA

programme to make it a more powerful tool.

The shift of focus towards the implementation of ISARPs, the continuousinvolvement of the operator in the IOSA process and the standardisation of IOSAauditors are considered by EASA to be an appropriate answer to the past

criticism of IOSA being largely paper-oriented...

2.2.8 US FAA

IOSA program officials met with the FAA twice a year during the IOC meetings

(the FAA is a regular observer to the IOC). Yearly individual meetings are held to

keep the FAA abreast of the developments under the IOSA Program.

The FAA described Enhanced IOSA as a revealing process and the right wayto go.

Also the FAA accepted IATAsinvitation to observe a Trial Audit in 2011 in order

to familiarize with the concept and gain confidence in the process.

The meetings and the onsite observation were followed by several official position

papers in which the FAA proactively contributed to the shaping of the IOSA

requirements.

The FAA continues to remain an important and supportive stakeholder in the

IOSA Program.

ICAO 38thAssembly

recognized IOSA and

IOSA elements for glosafety benefits.


12/40


IATA Audit Programs

1 September 2015

Page 12of 40

2.2.9 ANAC Brazil

ANAC Brazil is one of the largest aviation markets in which the IOSA Program iseffectively used by the regulator to complement national civil aviation oversight. In

the light of this, the IOSA Program representatives visited the ANAC in 2014 to

present the IOSA Program functionalities. The ANAC Brazil attended the bi-

annual IOC meetings to stay abreast of the developments in the IOSA Program.

2.2.10 US DoD

IATA also had the chance to present the Enhanced IOSA concept to other high

level representatives in 2012, which was well received. During the IOC 18 the

DoD expressed their continued impression with the IOSA program and its

development. The DoD utilizes IOSA results for the oversight of codeshareoperations, to select operators for the transport of DoD personnel on scheduled

flights and to select operators in emergency cases, e.g. humanitarian relief.

The authority expressed its support for the Enhanced IOSA, as putting the stresson implementation is the right way to go.

2.2.11 ECAC

In July 2012, IATA and the European Civil Aviation Conference (ECAC)

concluded a Memorandum of Understanding (MOU) for the cooperation in the

fields of safety and security. As part of the annex on aviation safety, IATA

delivered four workshops to the ECAC presenting IOSA and ISAGO.

In 2013 and 2014, four workshops were delivered in Kiev, Warsaw, Helsinki and

Paris. In total 64 individuals participated, 43 from different European Civil Aviation

Authorities attended.

The workshops led to positive feedback from the participants who indicated that

they clearly see a benefit in the IOSA Program and would like to utilize it to

complement their national oversight activities:

Five possible answers could be given, from strongly disagree to strongly agree.

The IOSA Program has a clear benefit to global aviation safety.91% agreed.

The Enhanced IOSA supports the improvement the airlines operational safety

management.

93% agreed.


13/40


IATA Audit Programs

1 September 2015

Page 13of 40

The IOSA Program supports safety monitoring on air carriers.

97% agreed.

97% of the CAA representatives also agreed that:

regulators should make more use of programs like IOSA to complement

their oversight activities;

with the necessary framework, they would consider IOSA results when

conducting oversight on the relevant air carriers in their country;

they would ask for an IOSA Audit Report of an air carrier of interest.

2.2.12 IATA Regional Offices

The IATA Regional Offices assumed the pivotal role of engaging operators to

undergo the voluntary E-IOSA audits, with the commitment of the IATA Regional

Offices the IATA Board targets were exceeded each year.

The IATA representatives in the Regional Offices provided continuous feedback

to the IOSA Program and played a very important part in acting as the interface

between the project office and the operators. Furthermore, logistical support was

provided during the E-IOSA workshops that were conducted in all regions.

2.3 Project Resources

The project resources varied throughout the project duration. The positions of the

Managers, Audit Standards, the Audit Training Manager as well as the Assistant

Director, IOSA were initially vacant. The remaining Audit Programs staff

temporarily assumed responsibility for all tasks and deliverables, which were then

re-allocated when the positions were re-filled.

The Project Sponsor (SVP, Safety and Flight Operations) changed twice during

the project duration.

The project resources were impacted by resource fluctuations, organizational

changes, additional projects that required execution and financial re-prioritizationtasks which were performed.

The project was delivered in accordance with the budget and the projected project

time lines and the E-IOSA Transition Plan.

97% of surveyed

regulatory

representatives in

Europe: Regulators

should make more use

programs like IOSA..


14/40


IATA Audit Programs

1 September 2015

Page 14of 40

2.4 Work Breakdown Structure

All project tasks are illustrated in the work breakdown structure. The tasks wereassigned to individuals or groups as task owners and were administered through

work packages.

Figure 3 Work Breakdown Structure

E-IOSA Program

Airline QA Staff

TrainingEI 1

Online InformationSessions

EI 1.1

Conduct RegionalEI Workshops

EI 1.3

EI Audit

ProceduresEI 2

SelectiveStandards

Application

EI 2.1

Develop SSACriteria

EI 2.1.1

Develop SSAProcess based on

SSA Criteria

EI 2.1.2

Airline Proceduresand Guidance

EI 2.2

Internal AuditProcedures and

Guidance

EI 2.2.1

Auditor Actions forAirlinesEI 2.2.2

Repeated andInterlinked ISARPs

EI 2.2.3

Principles ofAuditing ORG

EI 2.2.4

AO Procedures

and Guidance

EI 2.3

Conformance

Report ProceduresEI 2.3.1

Repeated and

Interlinked ISARPsin IAR

EI 2.3.3

EI Update on IATEI 2.5

MandatoryObservations

EI 2.7

Conformance

ReportEI 3

Conformance

Report Format andContents

EI 3.1

Conformance

ReportAcceptance

CriteriaEI 3.2

Partnership for

QualityEI 5

Communication

PlanEI 6

Other ItemsEI 7

Use of ExternalResources forAssurance

ActivitiesEI 7.1

Language Barriers

EI 7.2

InformationSourcesEI 7.7

ISM Applicability

EI 7.6

CR Release to 3rd

PartiesEI 7.5

CR Results intoIAR

EI 7.4

CR SubmissionDeadline

EI 7.3

Audit AgreementsEI 7.8

IATA QCEI 7.9

Document

ReferenceChangesEI 7.10

Auditing ORGEI 7.11

Upgrade QARecommended

PracticesEI 7.12

IOSA AuditorRecurrent Update

onEI 2.6

Update to

Registered AirlinesEI 6.1

Press ReleasesEI 6.2

Linked-in GroupEI 6.4

DGs WeeklyMessage

EI 6.3

Q5 Systems andInfrastructure

EI 4

CR Data FlowEI 4.1

Complete AuditorActionsEI 7.13

High Priority

Medium Priority

Develop

Workshop/ToolkitDesign

EI 5.1

ConductWorkshops/t

EI 5.2

Completed

Dispatch AuditorTraining

EI 1.2

Q5 DataManagement

EI 4.2

Cross-ReferenceLists

EI 7.14E-IOSA

Observations

EI 2.8

New

Auditor WebinarsEI 2.9

3. Project Deliverables

This chapter provides a summary on each of the seven main deliverables of the

project (see work breakdown structure in Figure 3). The updates are provided


15/40


IATA Audit Programs

1 September 2015

Page 15of 40

either on the main deliverable or on sub-deliverables, dependent on the

complexity of the task.

All project tasks were completed by August 30, 2015.

3.1 EI 1 Airline Quality Assurance Staff Training

3.1.1 Online Information Sessions

IATA developed two online information sessions to provide an initial, introductory

level of familiarization with the E-IOSA and quality assurance principles. Both

modules are available free of charge to all operators. The first module introduces

the changes under E-IOSA whereas the second module provides content over

quality assurance principles.

The online information sessions were published in March 2013. Due to planned

modifications, the modules were made available to airlines which committed to

undergo E-IOSA in 2013 and 2014. The sessions were made publicly available in

quarter one of 2014.

Due to the delayed finalization of the Conformance Report (CR) content, the E-

IOSA Information Session had to undergo substantial revisions. This was mainly

caused by the fact that the CR content (which was defined in the ISM and for

which no further changes were planned) was reviewed again by the E-IOSA

Implementation Task Force and which was revised in August 2013.

The modules were continuously modified and converted to allow offline usage.The possibility to share the file among different individuals made it impossible to

track the users of the information sessions, however, several hundreds of

individuals have access to the modules today.

3.1.2 Dispatch Auditor Training

The Operational Control and Flight Dispatch (DSP) section of the IOSA Standards

Manual (ISM) Edition 7 underwent significant additions and modifications as a

result of the publication of the ICAO Annex 6, Amendment 36.

Given the scope of the changes to the ICAO Annex 6, it became apparent that the

Dispatch section would require a significant re-write. Additionally, the FLT sectionwould be impacted but to a lesser extent than the DSP section. The ISM revision

had to respect the current structure and allow for a phased implementation of

the many new requirements.

To achieve a consistent understanding and standardized application of the

revised DSP standards, IATA developed a web-based training for IOSA Auditors

of the DSP Section. The first training was provided in August 2013 to a group of

The IOSA Operational

Control and FlightDispatch Section

changed significantly d

to new ICAO

requirements in

Amendment 36 to Ann

6.


16/40


IATA Audit Programs

1 September 2015

Page 16of 40

around 30 approved DSP Auditors. The second training was delivered in October

and reached 47 approved DSP auditors.

3.1.3 Regional E-IOSA Workshops

As part of the support elements provided to the operators, IATA performed ten

regional workshops for airlines to familiarize those with the principles of the E-

IOSA.

IATA conducted a workshop in each region: Asia Pacific, Africa, North America

and the Caribbean, Latin America, China and North Asia, Middle East and North

Africa, Russia and CIS, as well as Europe. Although eight workshops were

planned in the project, due to high demand, two additional workshops were

provided (in Montreal and in Istanbul during the 2015 IATA Ground Handling

Conference, IGHC).

The workshops took place in the following locations and sequence:

Figure 4 E-IOSA Workshop Schedule

Location Date Comments

Beijing October 2013 Hosted by IATA

Bucharest November 2013 Sponsored by TAROM

Montreal December 2013 Hosted by IATA

Johannesburg February 2014 Sponsored by South AfricanAirways

Dubai April 2014 Sponsored by Emirates

Singapore April 2014 Sponsored by the SingaporeAviation Academy

Moscow April 2014 Hosted by IATA

Bogota May 2014 Sponsored by Copa AirlinesColombia

Montreal October 2014 Hosted by IATA

Istanbul April 2015 Sponsored by Turkish Airlines

All workshops were well attended by over 500 individuals from over 200

operators.

The two-day workshops covered the following areas:

IOSA Program History and Facts

IOSA Program Functionalities

IATA conducted 10

regional E-IOSA

workshops for register

operators, addressing

over 500 individuals fro

over 200 operators.


17/40


IATA Audit Programs

1 September 2015

Page 17of 40

E-IOSA Introduction

E-IOSA Process

Interpretation of E-IOSA Provisions

Conformance Report

Auditor Actions

3.1.3.1 E-IOSA Workshop Feedback

The feedback from the operators on the workshops was very positive. The

workshops provided an effective means to exchange information and experience

with and among the operators.

Below is a summary of the quantitative analysis of the feedback gathered during

the workshops.

Figure 5 E-IOSA Workshop Feedback

YES NO N/A

General

1. The workshop improved my understanding of the basicprinciples and concepts of E-IOSA 394 8 2

2. The presentation contained relevant information tofamiliarize with E-IOSA (if not, please specify) 395 5 4

3. I had sufficient opportunities to ask any question 397 5 2

4.The facilitators answered all questions and presented in aclear manner (If not, please specify) 376 15 13

Enhanced IOSA

8. Is there any Part in the IOSA Procedures and GuidanceManual for Airlines that is unclear? (If yes, Please explain). 48 293 63

10. Would your organization be willing to undergo a voluntaryE-IOSA Audit? 246 69 89

11. Does your company use electronic software to manageinternal safety and/or quality management activities and data? 316 51 37

Quality Assurance Program

12. Does your organization have a quality assurance programin place that allows conducting self-assessments against all

IOSA Standards and Recommended Practices (ISARPs)during the IOSA registration period? 332 43 29

13. Do internal audits against ISARPs have a positive effect onyour company's operational safety? 337 21 46

14. Does your organization need IATA's support to improve itscurrent quality assurance program? (If you, please specify) 179 163 62


18/40


IATA Audit Programs

1 September 2015

Page 18of 40

The results above clearly show that the workshops were of great value to

the operators.

Over 83% of all respondents recognized the safety benefit of internal

assessments.

44% of the participants see their organization in need for further support

from IATA to improve their quality assurance programs.

The operators in the different regions have different profiles and face different

challenges in regards to E-IOSA:

In the region of China and North Asia, there is a notable need for training

the auditing personnel in the E-IOSA process and the interpretation of

relevant ISARPs.

In Europe, some operators expressed concerns regarding the scarcity of

internal resources to perform the internal assessments against the

ISARPs.

Operators from Africa expressed the need for further assistance from

IATA.

3.2 EI 2

Audit Procedures

IATA defined the core audit procedures of E-IOSA in the IOSA Audit Handbook

(IAH). These are divided into the IAH Part 1 for the Audit Organizations (AOs), the

IAH for Airlines (IAH-A) and the revised mandatory observations performed by the

Audit Organizations.

Figure 6 IOSA Audit Handbook

Numerous participants

requested further direc

interaction with IATA in

regards to IOSA.


19/40


IATA Audit Programs

1 September 2015

Page 19of 40

3.2.1 Selective Standards Application

Early stages of the E-IOSA involved the development of a Selective StandardsApplication - a risk-based sampling process of the ISARPs over several

consecutive IOSA audit events.

In the IOSA Oversight Council Meeting 22 (March 2014), it was decided that the

Selective Standards Application will not be implemented due to the following

reasons:

i) The IOSA program represents a third party audit program which performs

independent audits on operators. Offsetting third party audit results with

airline-internal assurance data will undermine the IOSAs status as an

objective and independent third-party audit and will diminish the value that

a third party audit offers.

ii) With E-IOSA being introduced, IATA does not have a robust set of data

that confirms the integrity of the operators internal assurance results.

iii) Various regulatory frameworks make use of IOSA results to complement

oversight activities. The IOSA standards are derived from applicable ICAO

requirements that carry vital relevance in national requirements. A

selective application of the IOSA standards would reduce the two-yearly

frequency in which IOSA verifies the operators conformity applicable

requirements. A two-yearly assessment of the operators operational

safety performance would not be ensured and in turn, regulatory support

would be lost.

3.2.2 IOSA Audit Handbook For Airlines

The IOSA Audit Handbook for Airlines (IAH-A) founds the main source of

information for operators. The document was published on the IOSA web page in

August 2013 and is currently in its third Edition.

The document is oriented at the IAH Part 1 (for AOs) in its purpose and layout,

however it addresses airline internal auditors.

For the development of this document, three assigned operators, TAROM, British

Airways and Delta Airlines created a working group under the coordination of

IATA and the E-IOSA Implementation Task Force.

Although the IAH for Airlines is mentioned in the Guidance Material of the ISM

and therefore carries recommending character, majority of the content in the

manual is essential to an adequate assessment of the operational safety against

the IOSA standards.

The first IOSA Audit

Handbook for Airlines

was published in Augu

2013 and is now in its

third Edition.


20/40


IATA Audit Programs

1 September 2015

Page 20of 40

The overall structure of the document contains the following:

IOSA Overview

Internal Audit Program Management

Audit Methodology

Conformance Report (CR)

Audit Procedures

The document explains the completion process of the CR in the context of revised

and new provisions in the ORG section, but also outlines IOSA-specific auditing

techniques and procedures.

3.2.2.1 Auditor Actions for Airlines

Auditor Actions (AAs) are pre-determined and customized action steps that an

auditor will typically take to gather sufficient evidence to determine conformity or

nonconformity with an IOSA Standard or Recommended Practice (see below

figure).

Auditor Actions were initially developed to enhance the audit focus on

implementation of the ISARPs and to increase standardization among IOSA

Auditors, but have also proven to be valuable to airline-internal auditors.

It was therefore decided to provide the AAs to the operators (available under

www.iata.org/iosa). The ISM Edition 9 contains over 3600 individual AAs, as listed

in the below example of FLT 3.4.4.

The operators can choose to develop and follow their own set of AAs or to use

the AAs published by IATA. The recording of the AAs in the CR will demonstrate

worldwide standardization among internal auditors.

Auditor Actions were

developed for IOSA

Auditors but proofed

useful to airline-interna

auditors.
http://www.iata.org/iosahttp://www.iata.org/iosahttp://www.iata.org/iosa


21/40


IATA Audit Programs

1 September 2015

Page 21of 40

Figure 7 Example Auditor Actions

3.2.2.2 Repeated and Interlinked ISARPs

The repeated and interlinked ISARPs form an important and central part of the

IOSA auditing methodology. The repeated provisions in the ISM ensure a

consistent implementation of organization-wide systems, programs and

processes. Interlinked provisions ensure that requirements addressing the same

subject matter (e.g. transportation of dangerous goods) are assessed consistently

throughout the checklist.

Repeated and interlinked ISARPs also form part of the assessment of an

operators SMS. All ISARPs with a [SMS] designator are assessed following the

hard-linked and other relevant auditing methodologies.


22/40


IATA Audit Programs

1 September 2015

Page 22of 40

The interlinked and repeated provisions which form the third part of the IOSA

Audit Handbook for Airlines (IAH-A) have been made available online for the use

by operators during their internal audits.The principles and methodologies of assessing repeated and interlinked ISARPs,

as well as hard-linked SMS provisions during the internal assessments were

incorporated into the IAH-A.

3.2.3 AO Procedures and Guidance (IAH Part 1)

The procedures and guidance for Audit Organizations (AOs) outline all E-IOSA

related processes to the IOSA Auditors and describe the AOs role in the E-IOSA.

The document was released to the Audit Organizations in June 2013 and was

consequently embedded within the IOSA Audit Handbook Part 1.

3.2.5 IOSA Auditor Training Updates

The IOSA Auditor Training (IAT) as the sole program to qualify as IOSA Auditor

was modified to include the E-IOSA specifications. Continuous improvements

were developed as the program evolved.

E-IOSA elements were introduced in the IAT in Jan 2014. The last revision of the

IAT is planned for Sep 2015 when the E-IOSA module will be removed and

replaced with a module aimed at identifying key characteristics of renewal audits

(the term E-IOSA will disappear).

3.2.6 IOSA Auditor Recurrent Training

All IOSA Auditors must undergo a recurrent training by the Audit Organizations on

a yearly basis. The E-IOSA module was introduced in the IOSA Auditor recurrent

trainings in 2015. The module has the aim of increasing E-IOSA awareness

amongst all IOSA and to train them in pertinent auditing procedures and

protocols.

3.2.7 Mandatory Observations

Mandatory observations are operational assessment activities that must be

observed by the IOSA Audit Team during the onsite part of an IOSA Audit. Theprescribed observations had remained unchanged since their introduction in the

IOSA. The revision and improvement of the mandatory observations formed a

main part of the E-IOSA pillars Focus on Implementation and Standardization.

To date, the IOSA Auditors utilized privately developed lists to record their

observations.

Mandatory observation

formed a part of the E-

IOSA pillar Focus on

Implementation.


23/40


IATA Audit Programs

1 September 2015

Page 23of 40

The mandatory observations were revised, and for each mandatory observation,

a checklist was developed for the use by IOSA Auditors. Each checklist includes

links with the set of ISARPs that relate to the respective operational activity that isobserved.

The usage of the checklists will allow increased consistency and standardization

in reflecting an observation in the assessment of ISARPs. Additionally, the

observation activities will be further standardized among the IOSA Audits. The

checklists are available on the IOSA website for public use, as well.

Figure 8 Mandatory Observation Checklist (extract)

3.2.8 E-IOSA Observations

In addition to the observations conducted during the E-IOSA Trial Audits in 2011

and 2012 (see chapter 4.1), IATA observed five E-IOSA audits prior to the

effective date of the IOSA Standards Manual (ISM) Edition 9, in 2015.

The observations were performed on five operators that volunteered to undergo

an E-IOSA Audit and took place in North America, China, Europe and Africa,spanning four different regions, operators and Audit Organizations.

The observations revealed that on one hand operators get increasingly familiar

with the E-IOSA requirements, however the IOSA Auditors still require additional

sensitization. Many IOSA Auditors still come to the audits unprepared and do not

follow the E-IOSA procedures that are described in the IOSA Audit Handbook.

The main conclusions from the observations are described in chapter 5.

Main conclusions of th

E-IOSA Observations

can be found in chapte

5.


24/40


IATA Audit Programs

1 September 2015

Page 24of 40

3.2.9 Auditor Webinars

The IOSA Auditors play a vital role in the successful conduct of each IOSA Auditand the new E-IOSA requirements. IATA developed and held webinars

addressing all IOSA Auditors worldwide. The purpose of the webinars was to

familiarize the IOSA Auditors with the Enhanced IOSA concept, processes and

procedures. In addition to the recurrent trainings performed by the AOs, in May

and June 2014, IATA performed the first series of five webinars.

The E-IOSA webinars for the IOSA Auditors represented the first time in the

history of the IOSA program when IATA established a direct communication

channel to the IOSA Auditor community.

To ensure the latest conclusions from the project are conveyed to the IOSA

Auditors firsthand, another series of webinars was held shortly before the endingof the project in 2015.

The continuous education of the IOSA Auditors is one of the main work items on

further emphasis must be given (see chapter 5).

The webinars provided IOSA Auditors with guidance and information about

relevant E-IOSA provisions, procedures and exercises. The topics included:

Background and history of E-IOSA

Pillars of E-IOSA

Working Tools

Airlines responsibilities AOs responsibilities

E-IOSA provisions and their assessment methodologies

The webinars also included exercises and offered the IOSA Auditors the option to

ask questions and to share their experience.

3.3 EI 3 Conformance Report

3.3.1 Conformance Report Format and Content

The Conformance Report (CR) concept was introduced in IOSA with ISM Edition3 which became effective in June 2010. The CR is a compilation of the

information that is recorded as a result of ongoing, two-yearly airline-internal audit

and evaluation activities against the IOSA Standards and Recommended

Practices.


25/40


IATA Audit Programs

1 September 2015

Page 25of 40

Subsequently, during the project, the E-IOSA Implementation Task Force

determined the necessary elements and format of a CR, that the operators will

need to produce to conform to the respective IOSA requirement.According to this, the CR must include, for each ISARP, detailed assessment

information as listed in ORG 3.4.8 and must be maintained in electronic format in

accordance with ORG 3.4.14.

The documents which must be submitted to the Audit Organization in accordance

with ORG 3.4.6, 3.4.7, 3.4.8 and ORG 3.4.14 include:

Completed and signed declaration of internal assessment of completion;

Record of internal auditors;

Operational Profile;

List of Document References;

Completed Conformance Report in accordance with ORG 3.4.8.

IATA developed a CR template in MS Excel format that is provided to the public

through the IOSA website (www.iata.org/iosa). The template offers operators a

means to record their internal assessments against the ISARPs and operators will

have the option of submitting the complete CR by using the CR template provided

by IATA.

3.3.2 Conformance Report Acceptance Criteria

Although the production of a Conformance Report (CR) has been part of the ISM

since Edition 3 in 2010, the Audit Organizations asked for more specific guidance

on the assessment of the CR.

The E-IOSA Implementation Task Force developed the procedures for the

assessment of the CR. The procedures require the AO to perform a two-step

assessment of the CR: The first step is prior to the onsite Audit when the AO

reviews the CR for completeness (all documents submitted and all information

complete). The actual assessment of the CR is in the second step, which is made

onsite:

With the information from the previously conducted completeness review, theORG Auditor assesses the CR in terms of documentation and implementation.

The ORG Auditor can reflect qualitative discrepancies in the CR in any quality

assurance related ISARP (e.g. poor audit planning, lack of auditor training, etc.).

This allows the operator to be in conformance with the CR requirements although

deficiencies were detected in other areas of the operatorsQuality Assurance

A Conformance Repor

template is made

available at

www.iata.org/iosa.
http://www.iata.org/iosahttp://www.iata.org/iosahttp://www.iata.org/iosahttp://www.iata.org/iosahttp://www.iata.org/iosahttp://www.iata.org/iosa


26/40


IATA Audit Programs

1 September 2015

Page 26of 40

program. The details of the CR assessment procedure are documented in the

IOSA Audit Handbook (IAH) Part 1.

3.4 EI 4 Q5 Systems and Infrastructure

The requirement to submit a Conformance Report to the AO prior to the onsite

phase of the Audit had the potential to impact the digital processes of the IOSA

Audit, namely the transfer of the CR to the AO utilizing the audit software.

The fact that operators are free to choose their audit software and the medium in

which they produce the CR limited the options of transfer CRs through the IOSA

audit software.

Enhancements to the audit software were made by modifying the Audit Summary

section of the IOSA Audit Reports. The Audit Summary contains fields regarding

the mandatory observations that are performed. The information has been

updated to reflect the modified observations as described in chapter 3.2.7.

Further enhancements were made to increase the data analysis capabilities of the

IOSA Program. Different data views are under development and will be released

after the implementation of necessary internal infrastructure (See more in chapter

5).

3.5 EI 5 Partnership for Quality

The Partnership for Quality (PFQ) project was initiated and executed by the SFO

Quality Department, originally to support the operators in the implementation of E-IOSA.

Under PFQ, IATA delivered several workshops addressing 307 individuals from

approx. 190 airlines.

3.6 EI 6 Communication Plan

Under the E-IOSA project a focus has been given to exercise appropriate

communication to the industry. Measured at the reactions, the feedback and the

reach, the communication plan is regarded as one of the elements, contributing to

the success of the E-IOSA project.

3.6.1 External Communication

A major achievement of the extensive communication efforts is the endorsement

of IOSA and its elements under E-IOSA by the 38th Assembly of the ICAO (see

chapter 2.2.4).


27/40


IATA Audit Programs

1 September 2015

Page 27of 40

Additionally, numerous press releases, articles and publications made aware of

E-IOSA. Below is an extract of the communication activities under E-IOSA:

IATA CEO Briefs

Mass e-mails to all IOSA Registered Airlines

Creation and maintenance of a LinkedIn Group for IOSA

Contribution to SO&I Promotion Brochure

Article in Airlines International Magazine

IATA Annual Review

Contribution to IATA WATS (World Air Transport Statistics) 57

Aviation Day Addis Ababa

Press Releases

Article in IATA Flight Bag Safety, Security and Infrastructure News

Presentation to A4A (Airlines for America) Safety Council

Workshops for all ECAC Member States (three out of four conducted)

Working Paper for ICAO Technical Commission of 38thAssembly

E-IOSA workshops

Panel Discussion on Ops Conference

Material at IATA Annual General Meeting

3.6.2 Internal Communication

The following internal communication activities were performed during the E-IOSA

project.

Monthly reporting to senior management on project status

Monthly reporting to senior management on industry priority (E-IOSA)

Quarterly reporting to senior management

Monthly project status report to IATA Controlling Department

Regular Reporting to Operations Committee (OPC)

Delivery of IATA@Noon Presentation

Contribution to Director Generals Internal Weekly Messages


28/40


IATA Audit Programs

1 September 2015

Page 28of 40

3.6.3 2012 Survey

In 2012, IATA performed a survey on members airlinesneeds and priorities.

Some relevant facts about the survey are below.

The survey was deployed with 150 member airlines, representing

approximately 60% of the total 240 IATA members.

The sample was put together based on the following criteria: IATA Board

membership, geographical region, size expressed in revenue ton

kilometer (RTK), business model, and cargo vs. mixed activity.

The questionnaire was sent anonymously to 523 Vice Presidents and

senior contacts.

IATAs record on safety was perceived as IATAs most valuable activity

(87%). Enhanced IOSA was the project with the highest demand and level

of appreciation (94% by Vice President Operations, 80% across profiles).

3.6.4 2013 Market Research

In 2013, IATA performed a global market research in the industry. The research

spanned over 2100 companies including airlines, airports, civil aviation

authorities, IATA staff, governments and regulators, industry associations, media,

IATA strategic partners, travel agencies and others.

Enhanced IOSA was seen as one of IATAs activities/services with the highest

awareness rates amongst the stakeholders. In the same research, E-IOSA was

the most valued IATA activity/service among all listed items.

3.7 EI 7 Other Items

In this section, all miscellaneous deliverables are recorded that did not belong to

any of the previously mentioned deliverables in the work breakdown structure. All

14 tasks have been completed as listed below. The diversity of the various

deliverables required different actions, such as development of necessary

guidance and procedures for operators and/or AOs; modifications and clarificationof ISARPs; development of cross-reference lists, review of quality control

procedures, etc. At times, the Task Forces only needed action was to take a

policy decision on a specific item - for example, if the CR can be shared with third

parties, or not.

IATA member airlines

survey in 2012: E-IOSA

most appreciated IATA

project amongst all VP

Operations and across

surveyed profiles.

IATA market research

2013: E-IOSA most

valued IATA initiative

amongst industry

stakeholders.


29/40


IATA Audit Programs

1 September 2015

Page 29of 40

User of external resources for assurance activities.

Language barriers

CR submission deadline

CR results into the IOSA Audit Report

CR release to 3rdparties

ISM applicability during internal audits

Information sources in the IOSA Audit Report

Audit Agreements

IATA Quality Control

Document Reference Changes in the CR

Auditing ORG internally

Upgrade QA Recommended Practices

Complete Auditor Actions

3.7.1 Regulatory Cross-Reference Lists

The requirement under E-IOSA to audit the ISARPs internally during the

operators IOSA registration period correspond with many operators internal audit

criteria or regulatory requirements.

To enable operators in using synergies between the audits against the ISARPsand other safety requirements, IATA developed regulatory cross-reference list

and made them available online.

The cross-reference lists reference each individual IOSA Standard or

Recommended Practice to a corresponding provision in the following suite of

regulatory requirements (extract):

Applicable ICAO Annexes to the Chicago Convention (Annexes 1, 6, 8,

17, 18, 19)

Applicable FAA FARs, Advisory Circulars and Guides Applicable EASA Implementing Rules


30/40


IATA Audit Programs

1 September 2015

Page 30of 40

4. Proof-of-Concept Workshops and Voluntary E-IOSA Audits

4.1 Proof-of-Concept Workshops

In the planning phase of the Trial Audits, the IOC requested to conduct so-called

proof-of-concept workshops prior to the start of the Trial Audit period.

IATA conducted two proof-of-concept workshops with participating member

airlines. The workshops served the purpose of anticipating critical constraints

before the Trial Audits and of exchanging information on the applicability and

usability of particularE-IOSA elements with the operator.

Before the workshops, the operators conducted internal audits against a limited

amount of ISARPs and presented the outcome during the workshop. Theworkshops took one to two days. After a detailed review of ORG QA Standards,

the Conformance Report was discussed with respect to assessments and

difficulties faced.

The outcome of the workshops was utilized to gain more insight on certain issues

during the Trial Audits and was included in the project in the form of various

deliverables.

4.2 E-IOSA Trial Audits

The E-IOSA Trial Audits were designed to test and simulate the viability of theEnhanced IOSA elements in real-life environments. The tested elementsincluded:

The AO

Audit planning

Audit preparation

Audit resource allocation (auditors and time)

Technical aspects of the audit conduct

The Operator

Audit Planning and resource allocation

Organizational and internal challenges in auditing ISARPs

Technical challenges

Proof-of concept

workshops performed

with two operators in

2011/12.


31/40


IATA Audit Programs

1 September 2015

Page 31of 40

Audit methodology and techniques

Although the participation in the Trial Audits was voluntary, the ten participatingairlines represented a wide range of the operators on the registry. The operators

participated from North and South America, East-, West- and Central Europe,

Asia Pacific and Russia and CIS countries.

The participating airlines differed in their business models, organizational size and

structure, their operational scope and profile, as well as their cultural and

operational environment which supported the testing under realistic

circumstances.

The Audits were conducted to simulate the E-IOSA elements, however the Trial

Audits were official IOSA Audits in which the E-IOSA elements were tested inparallel. The Trial Audits had no influence on the actual Audit results.

The volunteering operators performed internal auditing against at least a subset

of Standards from pre-selected disciplines. The scope of the disciplines audited

for the E-IOSA Trial Audits varied, dependent on the available time and choice of

the operator. The Conformance Report was then submitted together with a

registration form of auditors who have been utilized to conduct the internal audit

and a declaration of internal audit completion. During the actual IOSA Audit the

AO used the CR to validate the operators assessments for a certain amount of

pre-selected ISARPs. Selective Standards Application was not used during the

Trial Audits.

The detailed results and conclusions from the Trial Audits were recorded and

reported in the Trial Audit Summary Report, dated August 2012.

4.3 E-IOSA Audits in 2013

Part of the 2013 Industry Priorities was to conduct at least ten Enhanced IOSA

Audits. In 2013, in total 16 E-IOSA Audits were performed and the Board target

was exceeded by 6 Audits.

The Audits revealed the learning curve that will improve the operators auditingactivities against the IOSA Standards and Recommended Practices (ISARPs). As

already shown in the Trial Audits conducted in 2011 and 2012, the capabilities,

resources and skills for internally assessing the IOSA provisions varied from

operator to operator. Consequently, the quality of the internal audits under E-

IOSA in 2013 varied, as well.

Ten operators underwE-IOSA Trial Audits in

2011 and 2012.

2013, 16 operators

underwent a voluntary

IOSA Audit against a

Board target of minimu

10 voluntary audits.


32/40


IATA Audit Programs

1 September 2015

Page 32of 40

Some of the operators already assessed the ISARPs internally in the past. The

Conformance Reports (CR) of these operators indicated familiarity with the

ISARPs. On the other hand, in some cases, the Conformance Report was notreceived on time, assessments were missing or were completed rudimentarily.

The first official E-IOSA Audits confirmed the observations from previous Trial

Audits that many operators will have to make significant efforts to improve their

internal oversight functions, whereas other operators already have the capability

in this matter.

The feedback from the IOSA Auditors was collected for E-IOSA Audits performed

in 2013. The dataset consists of 67 feedback forms from 16 E-IOSA Audits

conducted. The below is a summary of the trends which were observed by the

IOSA Auditors.

Was the CR completed in a clearly understandable way?

67% answered with yes.

Were the documentary references in the CR accurate?

62% answered with no.

Were the descriptions of evidence of implementation in the CR sufficient?


Although the above questions are rather broad, the indication was clear. With 16E-IOSA Audits, the feedback was in alignment with the results from the Trial

Audits. The majority of the operators can produce an accurate CR. However, a

clear majority of the operators are not able to indicate the evidence of

documentation or implementation in a satisfying manner (feedback from the Trial

Audits confirming this was at 86% of the responses). This emphasizes the need

for familiarizing airline auditors with techniques to assess implementation.

Simultaneously, the observations show that other auditing principles in IOSA have

been adapted by the airline-internal auditors:

Did the auditors understand the IOSA principle of assessing documentationand implementation separately?


Did the auditors understand how to assess that the monitoring of outsourced

functions was effective?



33/40


IATA Audit Programs

1 September 2015

Page 33of 40

Did you review the CR in your team briefing prior to the Audit?


4.4 E-IOSA Audits in 2014/2015

Continuing to facilitate familiarization with the processes and to enforce the

implementation of the concept, as many operators as possible were urged to

undergo E-IOSA Audits before the mandatory date in September 2015.

As the E-IOSA audits in 2013, all E-IOSA audits before September 2015 were

conducted on a voluntary basis. The operators committed to an E-IOSA with a

commitment letter to IATA. The need was reflected in a Board of Governors target

that was given to IATA.

The 2014 and 2015 Board of Governors targets to conduct voluntary E-IOSA

Audits were achieved as follows:

Figure 9 E-IOSA Commitment Targets

2014 2015

Region Target Actual Target Actual

Americas 12 14 4 7

AFI/MENA 4/4 5/4 2/3 5/4

ASPAC 3 3 3 5

China and North Asia 4 3 4 4

Europe/CIS 12 21 6 16

Total 39 50 22 41

4.5 E-IOSA Conformance Rates

The following provides a quantitative review of the history of assessing the CR

during IOSA Registration Renewal Audits (from ISM Ed. 3, in 2010 to ISM Ed. 9

by 15 June 2015).

Since ISM Ed. 3 (effective June 2010) to August, 2015 with ISM Ed.8

(effective June 2014), 814 audits were performed in which the CR was

included as a Recommended Practice.

E-IOSA Board targets

were exceeded in eac

project year.


34/40


IATA Audit Programs

1 September 2015

Page 34of 40

First major changes to the requirements in ORG 3.4.6 and ORG 3.4.7

were made in ISM Ed. 5, effective September 2012. Further modifications

and additions were made in ISM Editions 6, 7, 8 and 9 in the followingyears.

The following can be concluded in relation to Figure 10 below (contains data from

814 registration renewal audits):

Overall conformance rates with the E-IOSA related provisions increased

over the past years.

ORG 3.4.14 (requirement for electronic database for the management of

quality assurance data) was modified in ISM Ed.7 to indicate a future

upgrade to a standard. ISM Ed. 8 further changed the provision by

requiring the CR to be in electronic format.

Average conformance with ORG 3.4.6 (internal audits against ISARPs)

increased from 33% in 2010 to 44% in 2015 (note: all E-IOSA provisions

are still Recommended Practices and will become Standards as of

September 2015).

Figure 10 E-IOSA Conformance Rates

Figure 11 below compares the conformance rates between conventional

registration renewal audits and the average conformance rates of operators that

underwent a voluntary E-IOSA Audit in 2014 and before September 2015:

Overall conformance

rates with E-IOSA

provisions increased

over the past years.0%

10%

20%

30%

40%

50%

60%

70%

80%

2010 2011 2012 2013 2014 2015

3 3, 4 4, 5, 6 6, 7 7, 8 8

AverageConformanceRateperYear

Year and ISM Edition

E IOSA Conformance Rates

ORG 3.4.6

ORG 3.4.7

ORG 3.4.8

ORG 3.4.13

ORG 3.4.14


35/40


IATA Audit Programs

1 September 2015

Page 35of 40

The analysis includes 62 Audits under which the operator committed to

undergo a voluntary E-IOSA and 160 Audits without a commitment.

The majority of operators that committed to undergo a voluntary E-IOSAwere in conformity with the E-IOSA requirements.

In 2014 and 2015, the conformity with E-IOSA requirements was in

average 40% to 50% higher for operators that committed to a voluntary E-

IOSA than for all other operators.

Figure 11 E-IOSA Conformance Rates Committed vs. Rest

The overall results of the E-IOSA audits conducted until September 2015 show

that many operators and the AOs will need time to adopt the E-IOSA process.

The development of the necessary knowledge and resources requires

commitment, practice and experience.

The above results show that more and more operators are performing internal

assessments against the ISARPs, but still many operators opted to wait until the

E-IOSA provisions will be upgraded to Standards, before they conform to them.

Operators with prior

commitment to E-IOSA

had higher conformity

with E-IOSA

requirements that

operators without prior

commitment.

0%

20%

40%

60%

80%

100%

120%

ORG 3.4.6 ORG 3.4.7 ORG 3.4.8 ORG 3.4.13 ORG 3.4.14

AverageConformanceperAuditin%

E-IOSA Recommended Practice

E IOSA Conformance Rates Committed

Operators vs. Rest

Commitment

Operators 2014

Commitment

Operators 2015

All Other

Operators 2014

All Other

Operators 2015


36/40


IATA Audit Programs

1 September 2015

Page 36of 40

5. Conclusions and Recommendations

The following paragraphs summarize the conclusions drawn from the E-IOSA

project and the main recommendations for the IOSA program.

5.1 Audit Organizations and Audit Teams

The Audit Organizations as the front line performers of the IOSA Audits have

been involved in the development of E-IOSA since the very beginning. While

IOSA Auditors undergo their initial IOSA Auditor Training with IATA, recurrent

trainings and educational activities of existing IOSA Auditors are provided by the

AOs.

During the project, it became evident that many IOSA Auditors are not familiar

with the E-IOSA processes and procedures. It has been repeatedly observed that

IOSA Auditors do not follow E-IOSA procedures onsite.

The ORG Auditor as the individual that makes the final assessment of the

Conformance Report and the operators Quality Assurance program, must be

aware of all E-IOSA processes. He or she must have reviewed the CR prior to the

Audit and if the CR was reviewed by the AOs headquarter, he or she must

possess pertinent information related to the CR.

All auditors must review selected provisions in the CR when onsite and provide

feedback to the ORG auditor during the onsite, as per the AOs internal

procedures.

Recommendation 1: The recurrent training provided by AOs must further focuson E-IOSA and ensure that all IOSA Auditors are aware of the necessary

requirements and procedures. IOSA Auditors must use the Auditor Actions when

assessing all ISARPs, including the E-IOSA provisions.

Recommendation 2: The AOs and IOSA Auditors performance measurement

needs to be complemented with measurements of their adherence to E-IOSA

procedures and the usage of Auditor Actions. Clear escalation and/or corrective

measures need to be defined if defined, objective and clear performance criteria

are not met.

5.2 IOSA and the Operators

It became apparent very early that a direct interaction between the IOSA Program

and the operators is inevitable. With E-IOSA, IATA introduces an element in the

IOSA Program that requires a direct interface between the program and its main

stakeholders.

The E-IOSA workshops provided a great benefit for both the operators, enabling

them to ask questions and to improve their understanding of the IOSA

AOs and IOSA Auditor

performance

measurement needs to

be complemented with

measurements of their

adherence to E-IOSA

procedures.


37/40


IATA Audit Programs

1 September 2015

Page 37of 40

requirements, and IATA, that better understood the concerns, needs and

reactions of the operators.

In all E-IOSA workshops, without exception, operators expressed the need fordirect interaction through further workshops, seminars and trainings provided by

IATA.

Recommendation 3: To improve the operators familiarity with the IOSA

Program, to ensure IATA continues to develop standards that meet the industrys

needs and to establish an overdue dialogue with the program stakeholders

worldwide, a regular conduct of IOSA-related seminars, workshops and sessions

is needed. Seminars and other face-to-face events need to be supported by

established and sound services and infrastructure through which IATA shares the

knowledge that the IOSA Program produces with the operators. This can be

achieved through series of trainings, education programs for airline internalauditors and other solutions such as electronic platforms.

To further pursue the vision of improving global safety performance, and to

continue strengthening the operators internal oversight ability, IATA needs to

continue providing support to the operators. E-IOSA serves as an important

milestone on the progress towards the vision.

Recommendation 4:Undoubtedly, the most outstanding and clear request from

the operators was the one for more training in regards to assessing the ISARPs.

Therefore, in addition to general IOSA-related training for airline auditors, IATA

needs to develop discipline-specific training that can be offered to the airline

auditors worldwide. A subject-matter related training program will enhanced

worldwide auditing knowledge and will improve audit results. Such training

portfolio could then also be utilized for future IOSA Auditors.

5.3 E-IOSA Standards and Audit Procedures

Recommendation 5: The audit procedures in relation to the assessment of the

CR as described in IAH Part 1, Chapter 5 need to be further refined and

improved. While the wording of the ISARPs does not need major change and

should remain stable, the procedures for the IOSA Auditors could be further

simplified and improved to increase clarity on the selection of ISARPs from the

CR. IAH Part 1 and IAH-A need to be further aligned.

The procedures must remain simple and practical in order to maintain realistic

application by the IOSA Auditors. Complex and cumbersome procedures will not

be followed by IOSA Auditors and may lead to unrealistic audit results.

When designing audit procedures for IOSA Auditors, but also for airline internal

auditors (through the IOSA standards), the principle of user-friendliness must be

kept. The procedures must not be over-engineered and must not require

IATA needs to establis

an overdue dialogue w

the program

stakeholders worldwid

through seminars and

workshops.

Audit procedures in

relation to the

assessment of the

Conformance Report

need to be further refin

as the processes matu


38/40


IATA Audit Programs

1 September 2015

Page 38of 40

cumbersome, unfeasible activities by the IOSA Auditor or airline internal auditor.

After all, the overall objective of E-IOSA must be kept in mind and should remain

the focusoperators monitoring the conformance with the ISARPs during theirregistration period.

Recommendation 6: IOSA Program Manual 8.2.5 requires an IOSA onsite phase

to be conducted with 25 man-days. It also devotes five man-days for the

preparation and IAR quality control activities. Latest measurements under E-IOSA

show that AOs mostly do not perform any auditing activities on Fridays and rather

devote the day to quality control activities. This scheduling reduces net auditing

time drastically and impacts the auditors ability to adequately assess each ISARP

during the onsite phase. It is recommended to consider mandating auditing until

day five of the onsite phase of an IOSA Audit.

5.4 Data Analysis and Digitalization

With E-IOSA and the opening of the IOSA Audit to airline-internal assessments

strongly necessitates that IOSA undergoes a digital transformation.

Recommendation 7: The IOSA program has been operating since 2003 with

extremely basic data management and analysis capabilities. Major advancements

need to be implemented through a digitalization initiative: Only improved analytics

methodologies and tools will enable the program to evolve. The digitalization

represents the only way to develop standards in a state-of-the-art manner.

Further digitalization must be undergone in the conduct of the IOSA Audits. Tablet

enabled procedures need to replace laptop based audits and data flows mustallow seamless audit and recording experience. This will free up additional time to

allow the auditors to focus on the implementation.

5.5 Quality Assurance

Under E-IOSA, IATA observed Audits, measured processes and collected

feedback from operators, AOs, regulators and IOSA Auditors. All the input

exposed certain areas in the IOSA program that require additional oversight

focus.

Recommendation 8: The Audit Programs Department provided the checklists

from the E-IOSA observations to the SFO Quality Department for their

incorporation of the checklists in the quality assurance activities. The onsite

observations of IOSA Audit Teams need to measure the Audit Teams adherence

to E-IOSA procedures.

Recommendation 9: Further assurance activities need to be implemented and

strengthened in the areas of monitoring of AOs and individual auditors regarding

E-IOSA. Nonconformities in the oversight need to lead to adequate corrective

Major advancements

need to be implemente

through a digitalization

initiative.

IATA SFO Quality

Department needs to

embed the monitoring

the E-IOSA procedure

in the quality assuranc

activities.


39/40


IATA Audit Programs

1 September 2015

Page 39of 40

actions and ultimately to an escalation, if corrections are not made in accordance

with program requirements.

5.1 Overall Conclusion

E-IOSA was a successful project that introduced major changes for IOSA-

registered operators. Operators, the Audit Organizations as well as IATA have to

adapt to the new requirements. A consistent implementation of the E-IOSA

requirements among the approximately 400 operators on the IOSA registry will

take at least four years.

The long-term aim must remain to follow the vision of being the leader in

operational auditing in an accident-free world. This can only be achieved if IATA

remains able to deliver value through efficient and effective processes and a

state-of-the-art infrastructure. Following initiatives will need to focus on theseaspects. Only then, the standards will be able to be improved further.


40/40


Date: 04-Sep-2015

End of Report

Documents

E-IOSA Project Closure Report 2015