EUROPEAN ORGANISATION FOR THE SAFETY OF AIR NAVIGATION
EUROCONTROL
SAFETY REGULATION COMMISSION
ESARR ADVISORY MATERIAL/GUIDANCE MATERIAL (EAM/GUI)
EAM 3 / GUI 4
MAPPING BETWEEN ISO 9001:2000 AND ESARR 3
Edition : 1.0Edition Date : 18 May 2004Status : Released IssueDistribution : General PublicCategory : ESARR Advisory Material
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 2 of 46
F.2 DOCUMENT CHARACTERISTICS
TITLE
EAM 3 / GUI 4 Mapping between ISO 9001:2000 and ESARR 3
Document Identifier : Reference : EAM 3 / GUI 4
eam3gui4_e10_ri Edition Number : 1.0
Edition Date : 18-05-2004
Abstract :
This document includes a detailed comparison between the provisions of ISO 9001:2000 and the safety regulatory requirements established in ESARR 3. It also provides ATM safety regulators with harmonised guidance to deal with situations where ISO-based approaches are proposed by ATM service providers as possible means of compliance to meet ESARR 3 requirements.
Keywords :
ISO ISO 9001:2000 ISO 10011
ESARR 3 Mapping of Requirements Quality
Quality Management System Means of Compliance Safety Management System
Contact Person(s) : Tel : Unit :
Juan Vazquez Sanz +32 2 729 46 81 DG/SRU
DOCUMENT STATUS AND TYPE
Status : Distribution : Category : Working Draft General Public Safety Regulatory Requirement
Draft Issue Restricted EUROCONTROL Requirement Application Document
Proposed Issue Restricted SRC ESARR Advisory Material
Released Issue Restricted SRU Comment / Response Document
Policy Document
Document
SOFTCOPIES OF SRC DELIVERABLES CAN BE DOWNLOADED FROM : www.eurocontrol.int/src
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 3 of 45
F.3 DOCUMENT APPROVAL
The following table identifies all management authorities who have approved this document.
AUTHORITY NAME AND SIGNATURE DATE
Quality Control (SRU)
(Daniel HARTIN)
24-Jun-04
Head Safety Regulation Unit
(SRU)
(Peter STASTNY)
24-Jun-04
Chairman Safety Regulation
Commission (SRC)
(Martin RADUSCH)
24-Jun-04
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 4 of 45
F.4 DOCUMENT CHANGE RECORD
The following table records the complete history of this document.
EDITION NUMBER
EDITION DATE REASON FOR CHANGE PAGES
AFFECTED
0.01 25-Oct-03 Creation of document by SRU. Working draft submitted to RTF for review and comment.
All
0.1 21-Jan-04 Draft produced after RTF consultation. Submitted to SRC for review and comment
Section 2 (insertion in
5th para)
1.0 18-May-04
Final released issue produced after SRC consultation. Modifications included to address comments received.
Appendices A and C (various
insertions)
Section 4.10 (references
to ISO updated)
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 5 of 45
F.5 CONTENTS
Section Title Page
F.1 Title Page ……………………………………………………………. 1
F.2 Document Characteristics ……………………………………….. 2
F.3 Document Approval ……………………………………………….. 3
F.4 Document Change Record ………………………………………. 4
F.5 Contents …………………………………………………………….. 5
F.6 Executive Summary ……………………………………………….. 6
1. Introduction ………………………………………………………… 7
2. Purpose of Document …………………………………………….. 7
3. Comparison Conducted ……..…..…………………………..…… 3.1 Methodology .....……………………………………………………………….. 3.2 Terminology …...……………………………………………………………….. 3.3 References for Interpretation …………..……….…………………………….
8 8 9 9
4. Summary of Comparison – ESARR 3 with ISO 9001:2000 …. 4.1 General Aspects ……………………………………………………………….. 4.2 Systematic Safety Management ....…………………………………………... 4.3 Safety Policy and Safety Objectives .…..……….…………………………… 4.4 Top Management Commitment ….…………………………………………… 4.5 Safety Responsibilities …….………………………………………………….. 4.6 Safety Managerial Function …………………………………………………... 4.7 SMS Documentation…….………………..……….…………………………… 4.8 Internal Communication ..……………………………………………………... 4.9 Safety Occurrences ………………..……….…………………………………. 4.10 Internal Auditing ……….…………….………………………………………… 4.11 Risk Assessment and Mitigation ..………….………………………………… 4.12 External Services …………………….…..……….……………………………
10 10 10 11 11 12 12 13 13 13 14 14 15
5. Significant Issues Regarding Inter-Relationship between SMS and QMS ………………………………….………………….... 5.1 Verification of Compliance with ESARR 3 ………………………………….. 5.2 Explicitness of the SMS ..………………..……….…………………………… 5.3 Integration of SMS and QMS ……...…………………………………………. 5.4 ISO Certification ….………..……….………………………………..………… 5.5 Small Organisations ………..….………………………………………………
16 16 16 17 18 18
Appendix A …………………………………………………………………......... Summary of Mapping – Table of ISO 9001:2000 Provisions that can Support the Implementation of Specific ESARR 3 Requirements
19
Appendix B …………………………………………………………………......... Summary of Mapping – Table of Conditions to Note Wherever ISO 9001:2000 Provisions are Considered to Implement Specific ESARR 3 Requirements
21
Appendix C …………………………………………………………………......... Detailed Comparison Between ISO 9001:2000 and ESARR 3
23
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 6 of 45
F.6 EXECUTIVE SUMMARY
The EUROCONTROL Safety Regulatory Requirement 3 (ESARR 3) ‘Use of Safety Management Systems by ATM Service Providers’, requires the implementation and operation of a safety management system (SMS) as an integral part of the management of ATM services. ESARR 3 also identifies the mandatory elements of any SMS implemented in the provision of ATM services within the EUROCONTROL Member States.
The ISO 9000 family of standards has been developed by the International Organisation for Standardisation (ISO) to assist organisations to implement and operate quality management systems (QMS). ISO 9001:2000 specifies requirements for QMS where an organisation needs to demonstrate its ability to provide products or services that fulfil applicable requirements.
Although the SMS approach involves various aspects not specifically addressed in the most common quality management standards, it has been recognised that quality management standards, notably ISO 9001:2000, can be used to support a successful implementation of ESARR 3. In fact, the use of integrated management systems encompassing safety and quality has been considered in some countries as a possible approach to address the implementation of ESARR 3 in an efficient manner.
As a result, there is a need to compare ESARR 3 and ISO 9001:2000 and provide ATM safety regulators with guidance to deal with situations where ISO-based approaches are proposed by ATM service providers as possible means of compliance to meet ESARR 3 provisions.
This document includes a detailed comparison between the provisions of ISO 9001:2000 and the safety regulatory requirements established in ESARR 3. It also provides ATM safety regulators with harmonised guidance that can be brought into play wherever there is a need for developing national regulatory material on the use of ISO 9001:2000 by ATM service providers to implement SMS.
Appendix C presents the detailed comparison between ISO 9001:2000 and ESARR 3 Section 5. The comparison is shown in form of table. Two additional tables have been produced to summarise the findings and map ISO 9001:2000 and ESARR 3 in a briefer manner.
Generally speaking, the findings of the mapping show that ISO 9001:2000 may provide useful tools to support the implementation of most ESARR 3 requirements. However, some specific conditions have been identified in relation to various ISO provisions.
The issues and conditions identified in this document should be taken into consideration wherever ISO 9001:2000 is considered as a possible means to support the implementation of ESARR 3
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 7 of 45
1. INTRODUCTION
In its initial work on the harmonisation of safety regulatory requirements, the SRC identified and focussed on those safety areas which, in their view, needed most urgent attention. On this basis, the SRC Work Programme recognised the need to establish a number of EUROCONTROL Safety Regulatory Requirements (ESARRs), one of which was ESARR 3 “Use of Safety Management Systems by ATM Service Providers”.
ESARR 3 requires ATM service providers to implement and operate a safety management system (SMS) as an integral part of the management of ATM services. ESARR 3 also identifies the mandatory elements of any SMS implemented in the provision of ATM services within the EUROCONTROL Member States.
The ISO 9000 family of standards has been developed by the International Organisation for Standardisation (ISO) to assist organisations of all types and sizes to implement and operate quality management systems (QMS). ISO 9001:2000 specifies requirements for QMS where an organisation needs to demonstrate its ability to provide products or services that fulfil applicable requirements.
The SMS approach involves various aspects not specifically addressed in the most common quality management standards. However, it has been recognised that quality management standards, notably ISO 9001:2000, can be used to support a successful implementation of specific ESARR 3 provisions.
SMS and QMS are both management tools with proactive and reactive elements embedded in performance and capability oriented processes. Their links may offer a variety of possibilities when implementing ESARR 3 in those situations where SMS and QMS are operated simultaneously. In that context, the use of integrated management systems encompassing safety and quality has been considered in some countries as a possible approach to address the implementation of ESARR 3 in an efficient manner.
Consequently, there is a need to compare ESARR 3 and ISO 9001:2000 and provide ATM safety regulators with guidance to deal with situations where ISO-based approaches are proposed by ATM service providers as possible means of compliance to meet ESARR 3 provisions.
2. PURPOSE OF DOCUMENT
This document is part of a series of guidance deliverables developed by SRC for its use by ATM safety regulators when dealing with the implementation of ESARR 3 by ATM service providers.
It includes a detailed comparison between the provisions of ISO 9001:2000 and the safety regulatory requirements established in ESARR 3 Section 5. The document also intends to support ATM safety regulators in dealing with those cases where ISO-based approaches are proposed as means of compliance to implement SMS.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 8 of 45
It should be noted that this document does not represent a SRC recognition of ISO 9001:2000 as an acceptable means of compliance to meet ESARR 3 requirements.
As different approaches based on ISO 9001:2000 can be proposed depending upon local circumstances, specific proposals for possible means of compliance should normally be considered at national level. ATM safety regulators may therefore recognise ISO-based approaches as acceptable means of compliance to meet ESARR 3 requirements.
Any formal recognition of means of compliance should be based on an assessment demonstrating compliance with requirements. This document offers a systematic comparison that may be used as guidance where specific assessments are undertaken by ATM safety regulators. However, all QMS forming a basis for SMS needs to be specifically checked.
The document also provides ATM safety regulators with harmonised guidance that can be brought into play wherever there is a need for developing national regulatory material on the use of ISO 9001:2000 by ATM service providers to implement SMS.
3. COMPARISON CONDUCTED
3.1 Methodology
Appendix C presents the detailed comparison produced between ISO 9001:2000 and ESARR 3 Section 5. The comparison is shown in form of table. It takes each one of the provisions included in ISO 9001:2000 from Section 4 on, and identifies the ESARR 3 requirements related to the specific issue addressed in each ISO statement.
That table includes comments presenting the rationale for each correspondence established as well as conclusions on the possible use of each ISO statement to support the implementation of the ESARR 3 requirement related.
The main conclusions are shown in bold and normally identify two types of situations:
The use of the ISO statement can support the implementation of the ESARR 3 requirement related
Specific issues should be noted wherever the ISO provisions are considered as a possible means to support the implementation of ESARR 3.
Two additional tables have been produced to summarise those findings and map ISO 9001:2000 and ESARR 3 in a briefer manner:
Appendix A includes a table presenting the ISO provisions that could be used to support each ESARR 3 requirement. The comments indicate those cases where specific issues (conditions identified) have been identified;
The table on Appendix B summarises all the conditions identified for each ISO provision. Those conditions should be taken into account wherever ISO is considered as a means to support the implementation of ESARR 3.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 9 of 45
3.2 Terminology
Some terminological aspects have to be taken into account when considering the tables of this document. Definitions used by ISO and SRC may differ1.
In particular, it should be noted that:
ISO uses extensively the term “product” defined as “result of a process”. In other words, a product is an output of a set of interacting actions irrespective of its nature. Within the ISO approach there are four generic product categories: services, software, hardware and processed materials. The notion of “service” as a particular type of product is essential when considering the applicability of ISO 9001:2000 to ATM services.
The term “requirement” has a broad meaning in ISO 9001:2000. It is defined as a “need or expectation that is stated, generically implied or obligatory”. On the other hand the expression “safety requirement” is normally used2 by SRC to refer to the mitigation measures identified through a risk assessment and mitigation process. That difference should be taken into account when considering the mapping of ISO provisions related to risk assessment and mitigation.
No definition for “purchasing” is provided in ISO 9001:2000 or ISO 9000:2000 although the concept is implicitly defined in the provisions of Section 7.4 (Purchasing). The term purchasing needs to be compared with the “external services” concept that appears to be wider.
3.3. References for Interpretation
The comparison between each ISO provision and ESARR 3 requirements has been based on an assessment that considers primarily the exact text of ESARR 3 Section 5 and the set of definitions included in ESARR 3 Appendix A.
In some cases the assessment has made use of two additional sources of interpretation. Wherever that is the case, the comments included on the table of Appendix C make the issue clear. The two additional SRC references used are:
EAM 3 / GUI 1, Guidance Material for ATM Safety Regulators, Explanatory Material on ESARR 3 Requirements, Edition 1.0. June 2001.
ESARR 4, Risk Assessment and Mitigation in ATM, Edition 1.0, April 2001.
Nevertheless, the scope of this document is confined to considering the links between ISO 9001:2000 and ESARR 3. Compliance with ESARR 4 might imply additional aspects not necessarily addressed in this exercise. Wherever that possibility was clearly identified, the issue has been indicated explicitly on the tables.
1 Definitions applicable to ISO 9001:2000 are contained in ISO 9000:2000, Quality Management Systems – Fundamentals and Vocabulary. 2 As utilised in ESARR 4.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 10 of 45
4. SUMMARY OF COMPARISON – ESARR 3 WITH ISO 9001:2000
This section only summarises some of the main aspects identified. The tables of the appendices collect all the findings in a more comprehensive manner:
4.1 General Aspects
Generally speaking, the findings of the mapping show that ISO 9001:2000 may provide useful tools to support the implementation of most ESARR 3 requirements.
On balance, most of the differences identified appear to be caused by the fact that the SMS concept focuses on a very specific aspect –safety-, and is primarily applicable to safety-related industries, while QMS present a more generic approach applicable to any industry. In addition, ESARR 3 is clearly tailored to a service-oriented industry, the provision of ATM services, while ISO 9001:2000 gives a more generic approach applicable to any organisation producing any type of product (services, software, hardware or materials).
Those differences in approach have resulted in different levels of detail to address interconnected issues. In some cases ISO is much more detailed and provides useful means to support the implementation of ESARR 3 without raising specific issues. However, in other situations ESARR 3 gives the interpretation needed for generic concepts, such as the term “appropriate” which is widely used throughout ISO 9000:2001.
4.2 Systematic Safety Management
Several ISO 9001:2000 provisions can be useful to define possible means of compliance to implement the generic ESARR 3 principles3 requiring a “formalised approach” to “systematic” safety management. A case in point is the determination of processes that ISO 9001:2000 requires in Section 4.1 (General Requirements). A process approach based on ISO4 seems a proper means to implement the ESARR 3 requirement for a “systematic” and “formalised” approach.
(Space Left Intentionally Blank)
3 ESARR 3, 5.1.1 a, requires the ATM service provider to have in place a SMS which “ensures a formalised, explicit and pro-active approach to systematic safety management in meeting its safety responsibilities within the provision of ATM services.” 4 Within ISO, the systematic identification and management of the processes employed within an organisation and particularly the interactions between such processes is referred to as the “process approach”
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 11 of 45
4.3 Safety Policy and Safety Objectives
ISO requires defining quality objectives, but does not provide detailed guidance as to what is acceptable as an objective5. However, ESARR 3, 5.1.4, identifies an overall safety objective for all ATM service providers. Wherever the use of ISO is considered to support ESARR 3, any objective defined should be consistent with the minimum common safety objective defined for all ATM service providers.
ISO requires top management to ensure that the quality policy is “appropriate” to the purpose of the organisation. However, ISO does not provide guidance as to what constitutes, or is acceptable as, a policy statement. ESARR 3, Section 5.1, contains four high level principles6 that should normally7 be addressed by means of safety policy statements. The safety policy should normally include, as a minimum, statements to cover ESARR 3, 5.1.1, 5.1.2, 5.1.3 and 5.1.4.
ISO requires the quality manual to include the scope of the QMS, including details of and justification for any exclusion. No other ISO requirements exist as regards the minimum QMS scope. However, ESARR 3, 5.1.1 b, requires a specific scope. SMS should cover, necessarily, not only all the ATM services provided but also the supporting services8 which are under the managerial control of the organisation.
4.4. Top Management Commitment
ISO is much more specific and requires specific evidences to demonstrate top management commitment. In particular, ISO requires top management to ensure the availability of resources. The use of that approach may support practically the implementation of the generic statements included in ESARR 3, 5.2.2 d, regarding the “general role” to be played by the highest level of the service provider organisation.
Management reviews are not required explicitly in ESARR 3, although SMS management reviews are identified in EAM 3/GUI 1 as one of the usual elements of the implementation of ESARR 5.4.2 b (Safety Improvement). EAM 3/GUI 1 underlines that SMS management reviews should involve top management as a means to ensure the continuous improvement of safety. ISO provides a detailed framework for management reviews, consistent with EAM 3/GUI 1. The ISO provisions may support the definition of possible means of compliance to meet ESARR 5.4.2 b) in conjunction with 5.2.2 d).
5 Apart from requiring those objectives needed to meet requirements for product 6 5.1.1 Safety Management, 5.1.2 Safety Responsibility, 5.1.3 Safety Priority, 5.1.4 Safety Objective of the ATM Service 7 As pointed out in EAM 3/GUI 1. 8 ESARR 3 defines supporting services as the “systems, services and arrangements, including Communication, Navigation and Surveillance services, which support the provision of an ATM service.”
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 12 of 45
4.5 Safety Responsibilities
ISO requires top management to ensure that responsibilities and authorities are defined and communicated within the organisation. No other details are given. On the other hand, ESARR 3 is more specific and emphasises three key aspects:
a) The notion of individuality in the safety responsibility concept
b) The link between responsibility and own actions
c) The safety responsibility of managers is related to the safety performance of their organisations.
Wherever the use of ISO is considered to support ESARR 3, it should be ensured that safety responsibilities are defined for individuals and related to their own actions, and that the responsibilities of managers are related to the performance of the part of the organisation they manage.
4.6. Safety Managerial Function
ESARR 3 requires the safety manager to be independent of line management, while ISO only requires the appointment of a member of the management as quality manager9, irrespective of other responsibilities. Wherever the use of ISO is considered as a means to support ESARR 3, it should therefore be ensured that the safety managerial function is independent of line management (except perhaps in the case of some small organisations).
On the other hand, it should be noted that:
a) ISO explicitly requires the quality manager to be part of the management team. ESARR 3 does not include such explicit specification in regard to the safety manager. However, that notion is stressed in EAM 3/GUI 1 as a key aspect that stems from the requirement of SMS being an integral part of the overall management function (ESARR 3, 5.1).
b) In ISO, the term “authority”10 reinforces significantly the role of the quality manager. Within the context of ESARR 3, its use may provide a positive input to the definition of proper terms of reference for the safety management function.
Consequently, it should be noted that using the ISO expressions ‘member of the management’ and ‘authority’ within the terms of reference of the safety manager could be helpful to support the implementation of ESARR 3, 5.2.2.
9 Management representative is the exact expression used in ISO 9000:2001 10 ISO 9000:2001, Section 5.5.2 states that “top management shall appoint a member of management who, irrespective of other responsibilities, shall have responsibility and authority that includes:
a) ensuring that processes needed for the QMS are established, implemented and maintained, b) reporting to top management on the performance of the QMS and any need for improvement c) ensuring the promotion of awareness of customer requirements throughout the organisation.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 13 of 45
4.7 SMS Documentation
ISO establishes a detailed framework for the control of documents. ESARR 3 only states that the SMS has to be documented “systematically”. Therefore, most of the ISO provisions on documentation, control of documents, quality manual and records can support the implementation of ESARR 3, 5.2.5 by offering possible means of compliance to document the SMS in a systematic manner.
ISO 9001:2000 only requires those records explicitly identified throughout its provisions. ESARR 3, 5.3.3, requires maintaining safety records throughout the SMS operation, that is to say, in relation to all the arrangements required in the 17 requirements of ESARR 3. In addition, ESARR 3, 5.3.4 underlines explicitly the need for producing specific records for the results of risk assessment and mitigation. Therefore wherever the use of ISO is considered, it should be ensured that records are produced for all the ESARR 3 arrangements, and very particularly for the results of risk assessment and mitigation processes.
4.8. Internal Communication
ISO requires top management to ensure that “appropriate” communication processes are established within the organisation and that communication takes place regarding the effectiveness of the QMS. No further details are provided about the minimum processes needed. However, ESARR 3 defines at least two specific processes in this regard:
a) Dissemination of lessons learnt (ESARR 3, 5.4.1), and
b) The establishment of mechanisms to ensure that all staff are actively encourage to communicate (ESARR 3, 5.4.2 a)
Wherever the use of ISO is considered as a means to support ESARR 3, it should be ensured that specific internal communication actions are implemented to cover explicitly the requirements of ESARR 3, 5.4.1 and 5.4.2. a).
4.9. Safety Occurrences
Useful provisions have been found in ISO 9001:2000 to support the implementation of ESARR 3, 5.2.7, Safety Occurrences. In particular, Section 8.5.2 (corrective action) states that the organisation shall take action to eliminate the cause of non-conformities in order to prevent recurrence. That generic principle may certainly provide a framework to deal with safety occurrences. However, ESARR 3 is much more specific and requires the immediate investigation of safety occurrences. That notion does not appear in ISO. Therefore, wherever the use of ISO is considered as a means to support ESARR 3, it should be ensured that safety occurrences are immediately investigated.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 14 of 45
4.10 Internal Auditing
EAM 3 / GUI 1 explicitly recognises that internal auditing based on ISO 9001:2000 can be used for designing safety survey processes. EAM 3 / GUI 1 also points out that, in dealing with the implementation of safety surveys, service providers should normally establish processes in a manner which:
a) Ensures independence of the area being surveyed; and
b) Ensures systematic planning, assessment of all factors affecting safety, identification of corrective actions, recording of results, initiation and follow up of corrective actions.
Those aspects are in line with the ISO approach. Therefore the use of internal ISO audits can support the implementation of ESARR 3 Section 5.3.1 by providing possible means of compliance to meet the requirement
ISO 9001:2000 refers to other complementary guidance material on auditing techniques. The use of ISO 19011:2002 provides further detailed guidelines which could be used to support the definition of means of compliance to meet ESARR 3, Section 5.3.1.
4.11 Risk Assessment and Mitigation
ESARR 3 necessarily implies the adoption of a risk-based approach and the use of risk management techniques. SMS cannot be conceived without these features. However, ISO 9001:2000 can be implemented without adopting such approach. Quality management is conceivable without risk management.
In spite of those differences, various ISO provisions could effectively support the risk assessment and mitigation process required in ESARR 3. More particularly, this applies to most of the provisions included in Section 7 (Product Realisation). However, a common condition has been identified in regard to the possible use of most of the provisions of ISO 9001:2000 Section 7 to support the implementation of ESARR 3, 5.2.4 (Risk Assessment and Mitigation). Generally speaking, there is a need to ensure that risk assessment and mitigation is addressed explicitly and differentially throughout the product realisation processes outlined by ISO11.
11 Let us consider, for example, the use of ISO 9001:2000 Section 7.1 (Planning of Product Realisation). ISO requires the organisation to determine, as “appropriate”, the processes needed to produce the product. Wherever those provisions are used to implement ESARR 3, the requirements contained in ESARR 3, 5.2.4 (Risk Assessment and Mitigation) give an interpretation of the term “appropriate”. Explicit risk assessment and mitigation processes are needed to deal with the changes to the ATM system associated to the realisation of that product.
To take another example: ISO 9001:2000 Section 7.2.1 (Determination of Requirements Related to the Product) requires the organisation to determine the various types of requirements in relation to the product. That includes “any additional requirements determined by the organisation”. The requirements of ESARR 3, 5.2.4 c) may give an interpretation for that expression. Normally, mitigation measures (safety requirements in ESARR 4) should be identified explicitly in the light of the results of risk assessment and mitigation processes conducted by the organisation as part of the realisation of the product.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 15 of 45
The scope of this document is confined to considering the links between ISO 9001:2000 and ESARR 3. Therefore it should be noted that compliance with ESARR 4 might imply additional aspects12 not necessarily addressed in this exercise.
4.12 External Services13
The ISO approach proposed in Section 7.4 (Purchasing) appears effective as a means to deal with those situations in which external suppliers can be selected. However, the use of external services in ATM may involve situations14 where there are no options and external inputs need to be used as the only possible ones.
As explained in EAM 3 / GUI 1 (ESARR 3 Guidance Material), even in those situations any external input (product, service, information, etc) can be managed through a risk assessment and mitigation approach. A process can identify the hazards associated with the input and ensure that their risk is mitigated to a tolerable level. Appropriate mitigation measures could include techniques such as monitoring, redundancy, operational or contingency procedures, etc, etc
The use of the ISO provisions on purchasing (Section 7.4) can support the implementation of ESARR 3, 5.2.6, provided that complementary arrangements are put in place to deal with those situations in which external suppliers can not be selected. Those additional arrangements should normally be based on a risk-based approach.
(Space Left Intentionally Blank)
12 For example, when considering ISO 9001:2000 Sections 7.3.4, 7.3.5, 7.3.6, (Design and Development Review, Verification and Validation) it should be noted that, although ESARR 3 is not specific about equivalent activities within risk assessment and mitigation, ESARR 4 contains detailed requirements on equivalent actions. 13 External services are defined in ESARR 3 as “all material and non-material supplies and services, which are delivered by any organisation not covered by the ATM service-provider’s safety management system.” 14 The ESARR 3 definition of “External Services” is wide and may include several categories of external inputs. Some possible examples: services provided by external organisations (e.g. CNS, MET, AIS, telecom, power supply, fire-fighting, etc), procurement of equipment, operational inputs from adjacent sectors, radar data from other organisations, etc, etc.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 16 of 45
5. SIGNIFICANT ISSUES REGARDING INTER-RELATIONSHIP BETWEEN SMS AND QMS
5.1 Verification of Compliance with ESARR 3
The findings of the comparison confirm that ISO 9001:2000 can be used to support the implementation of ESARR 3 in the provision of ATM services.
ATM safety regulators could therefore recognise the use of ISO 9001:2000 as an acceptable means of compliance to meet specific ESARR 3 requirements, provided that the approach proposed demonstrates that it meets all the specific requirements under consideration.
ESARR 3 Section 5 includes 17 requirements. Full compliance with ESARR 3 is only achieved when those 17 requirements are met. Consequently, wherever the use of an ISO-based approach is proposed as a means to meet, totally or partially, those requirements, the practical steps to verify compliance with ESARR 3 would normally involve:
The identification of the specific ESARR 3 requirements that the approach proposed intends to cover;
The identification of the specific ISO 9001:2000 provisions intended to meet those ESARR 3 requirements; and
An assessment that could consider, without excluding any additional input, the issues raised in this document, and notably the “conditions identified” in the table included in Appendix B.
5.2 Explicitness of the SMS
ESARR 3, 5.1.1.a, requires15 the implementation of a SMS which ensures an explicit approach to safety management. In that regard, EAM 3/GUI 1 points out that an intuitive or ad hoc approach is not enough. Safety issues must be dealt with and managed explicitly.
SMS is specifically intended to deal with safety. Safety is its recognised and explicit subject. On the other hand, QMS aims to achieve customer satisfaction by meeting its requirements: this involves the identification of customer requirements, their satisfactory implementation by the prevention and correction of non-conformities, and measurement of achieved quality. Although safety is normally considered as an essential attribute of quality, QMS have a wider scope that might obscure the effective recognition of safety as prime objective.
15 ESARR 3, 5.1.1 a) states that the ATM service provider shall have in place a SMS which “ensures a formalised, explicit and pro-active approach to systematic safety management in meeting its safety responsibilities within the provision of ATM services”.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 17 of 45
Throughout the mapping, it has been useful to compare equivalent statements by replacing the term ”quality”, normally used by ISO, with the term “safety”. In other cases generic actions mentioned in ISO have been compared with ESARR 3 by assuming a scope specifically focused on safety (e.g. monitoring vs. safety monitoring). Therefore the comparison and its results made the assumption that the actions proposed by ISO would be used to deal with safety in a differentiated manner. The need to deal with safety explicitly and specifically is indeed one of the main principles embedded in ESARR 3 and that fact has been reflected in the issues identified in the comparison.
From the comparison, it stems that, wherever ISO 9001:2000 provisions are used to support the implementation of ESARR 3, a way to provide appropriate explicitness is to ensure that safety is addressed as a specific and differentiated subject in the ISO-based processes and arrangements used to implement ESARR 3.
5.3 Integration of SMS and QMS
ESARR 3 does not require any specific level of integration or separation between both management systems (SMS and QMS) when they are simultaneously operated within the same organisation.
Therefore ATM safety regulators may recognise any proposed level of integration between SMS and QMS as an acceptable means of compliance, provided that:
The approach proposed meets the requirements contained in ESARR 3 and,
In particular, safety is addressed as a specific subject in the processes and arrangements proposed16.
Different approaches and arrangements could be acceptable to combine or differentiate the two functions and a mixed Safety and Quality Management System is conceivable although a clear separation between QMS and SMS might ensure a more transparent SMS explicitness when implementing ESARR 3 Section 5.1.1.
Without presenting an exhaustive list, three basic levels of integration may be suggested:
Complete separation and establishment of two different systems, QMS and SMS;
Intermediate approaches in which common subjects would be partially implemented in a shared manner;
Full integration to propose either SMS to be implemented within QMS or quality management elements to be added to SMS.
Any proposed approach, associated with a particular level of integration, should demonstrate that ESARR 3 requirements are met before being recognised as an acceptable means of compliance.
16 As a possible way to ensure appropriate explicitness as required in ESARR 3, 5.1.1 a).
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 18 of 45
5.4 ISO Certification
Organisations operating QMS may obtain accreditation of compliance with ISO 9001:2000. Accreditation is normally documented by a certificate issued by a certification body which itself needs to be accredited by a national accreditation body signatory to the European Co-operation for Accreditation (EA) Multilateral Agreement (MLA) for Certification for Quality Systems.
Such accreditation does not imply necessarily compliance with ESARR 3 in those cases where the QMS is used to support the implementation of ESARR 3.
However, when verifying compliance with ESARR 3 safety regulators could make use of accreditation processes comprising ISO 9001:2000 and augmented for ATM service providers by means of ESARR 3. Without excluding any additional input, the issues raised in this document, and notably the “conditions identified” in the table included in Appendix B, could be considered to design such processes.
5.5 Small Organisations
ISO 9001:2000 is applicable to all types of organisations irrespective of their size. No specific provisions exist in ISO 9001:2000 with regard to small organisations.
ESARR 3 includes some specific provisions as regards small organisations. According to ESARR 3, 5.2.2 c) and d), the independence of line management normally required for the safety manager could not be needed under certain conditions in the case of some small organisations17.
It should be noted that ISO 9001:2000 does not require independence of line management for the quality manager.
(Space Left Intentioanlly Blank)
17 EAM 3/GUI 2, Safety Regulatory Aspects of the Implementation of ESARR 3 in Small Organisations, Edition 1.0, provides specific guidance on this matter.
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 19 of 46
APPENDIX A – Summary of Mapping
Table of ISO 9001:2000 provisions that can support the implementation of specific ESARR 3 requirements
ESARR 3 requirements ISO 9001:2000 provisions whose
use can support the implementation of ESARR 3 requirements
COMMENTS
5.1. General Requirement 4.1 General Requirement - 5.1 Management Commitment - 5.4.2 QMS Planning Related to bullet a) in ESARR 3
5.1.1. Safety Management
6.1 Provision of resources Related to bullet 5.1 as a whole
5.1.2. Safety Responsibility 5.5.1 Responsibility, authority and communication CONDITIONS IDENTIFIED
5.1.3. Safety Priority - -
5.1.4. Safety Objective ATM Service 5.4.1 Quality Objectives CONDITIONS IDENTIFIED
5.2. Requirements for Safety Achievement 5.2.1. Competency 6.2 Human Resources -
5.1 Management Commitment Related to bullet d) in ESARR 3
5.5.2 Management Representative CONDITIONS IDENTIFIED 5.6 Management Review Related to bullet d) in ESARR 3
5.2.2. Safety. Management Responsibility
6.1 Provision of Resources Related to bullet d) in ESARR 3
5.2.3 Quantitative Safety Levels 5.4.1 Quality Objectives CONDITIONS IDENTIFIED 7.1 Planning of Product Realisation CONDITIONS IDENTIFIED 7.2.1 Determination of Requirements related to the product CONDITIONS IDENTIFIED
7.2.2 Review of Requirements related to the product CONDITIONS IDENTIFIED
7.3.1 Design and Development CONDITIONS IDENTIFIED
7.3.2 Design and Development Inputs CONDITIONS IDENTIFIED
7.3.3 Design and Development Outputs CONDITIONS IDENTIFIED 7.3.4 Design and Development Review 7.3.5 Design and Development Verification 7.3.6 Design and Development Validation
Full compliance with ESARR 4 might involve additional conditions
7.3.7 Control of Design & Development Changes CONDITIONS IDENTIFIED
7.5.1 and 7.5.2 Control and Validation of Processes for Production and Service Provision
CONDITIONS IDENTIFIED
5.2.4. Risk Assessment and Mitigation
8.3 Control of Non-Conforming Product -
4.2.2 Quality Manual - 4.2.3 Control of Documents - 5.2.5. SMS Documentation
4.2.4 Control of Records -
4.1 General Requirement (last paragraph) CONDITIONS IDENTIFIED 5.2.6. External Services
7.4 Purchasing CONDITIONS IDENTIFIED
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 20 of 45
ESARR 3 requirements ISO 9001:2000 provisions whose
use can support the implementation of ESARR 3 requirements
COMMENTS
8.3 Control of Non-Conforming Product (last paragraph) CONDITIONS IDENTIFIED 5.2.7. Safety Occurrences 8.5.2 Corrective Action CONDITIONS IDENTIFIED
5.3. Requirements for Safety Assurance
8.2.2 Internal Audit ISO-19011 can also support the implementation of ESARR 3, 5.3.1
8.2.3 Monitoring and Measurement of Processes -
8.2.4 Monitoring and Measurement of Product -
8.4 Analysis of Data - 8.5.2 Corrective Action -
5.3.1. Safety Surveys
8.5.3 Preventive Action - 8.2.4 Monitoring and Measurement of Product -
5.4.2 Analysis of Data - 8.3 Control of Non-Conforming Product - 8.5.2 Corrective Action -
5.3.2. Safety Monitoring
8.5.3 Preventive Action - 4.2.4 Control of Records -
5.3.3. Safety Records 7.5.3 Identification and Traceability - 4.2.4 Control of Records - 7.3.7 Control of Design & Development Changes CONDITIONS IDENTIFIED 5.3.4. Risk Assessment & Mitigation
Documentation
7.5.3 Identification and Traceability -
5.4. Requirements for Safety Promotion
5.4.1. Lesson Dissemination 5.5.3 Internal Communication CONDITIONS IDENTIFIED 5.1 Management Commitment Related to bullet b) in ESARR 3 5.4.2 QMS Planning -
5.5.3 Internal Communication CONDITIONS IDENTIFIED 5.6 Management Review Related to bullet b) in ESARR 3 8.4 Analysis of Data Related to bullet b) in ESARR 3
5.4.2. Safety Improvement
8.5.1 Continual Improvement Related to bullet b) in ESARR 3
(Space Left Intentionally Blank)
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 21 of 45
APPENDIX B – Summary of Mapping
Table of conditions to note wherever ISO 9001:2000 provisions are considered to implement specific ESARR 3 requirements1
ISO 9001:2000 provisions whose use to implement
ESARR 3 should be subject to certain conditions
CONDITIONS IDENTIFIED ESARR 3 related
requirements
4. Quality Management System
4.1. General Requirement (last paragraph)
The paragraph can support the implementation of ESARR 3, 5.2.6 (External Services) but only as regards a very particular type of externally provided services
5.2.6
Any safety objective defined by ATM service providers must be consistent with the minimum common objective defined for all ATM providers in ESARR 3, 5.1.4.
5.1.4 4.2.1. General (Documentation) (bullet a)
The Safety Policy should normally include policy statements to address ESARR 3, 5.1.1, 5.1.2, 5.1.3 and 5.1.4 5.1, 5.1.1 c)
4.2.1. General (Documentation) (bullet e)
Records have to be produced and maintained for all the actions (processes) intended to meet ESARR 3, and in particular for the results of risk assessment and mitigation
5.3.3, 5.3.4
4.2.2. Quality Manual (bullet a) The scope of the SMS must be the one specified in ESARR 3 5.1.1 b)
5. Management Responsibility Any safety objective defined by ATM service providers must be consistent with the minimum common objective defined for all ATM providers in ESARR 3, 5.1.4. 5.3. Quality Policy The Safety Policy should normally include policy statements to address ESARR 3, 5.1.1, 5.1.2, 5.1.3 and 5.1.4
5.1, 5.1.1 c)
5.4.1. Quality Objectives Any safety objective defined by ATM service providers must be consistent with the minimum common objective defined for all ATM providers in ESARR 3, 5.1.4.
5.1.4, 5.2.3
5.5.1. Responsibility and Authority
ISO is more generic than ESARR 3. Safety responsibilities must be defined for individuals in relation to their own actions, and responsibilities of managers must be related to the safety performance of the part of the organisation they manage
5.1.2
5.5.2. Management Representative The safety managerial function should be independent of line management (except perhaps in the case of some small organisations)
5.2.2 a), b)
5.5.3. Internal Communication ISO is more generic than ESARR 3. There are very specific internal communication actions required in ESARR 3 (lessons dissemination, feedback from staff in safety improvement)
5.4.1, 5.4.2 a)
7. Product Realisation
7.1. Planning of Product Realisation Planning of processes should include, explicitly, those processes needed for risk assessment and mitigation in accordance with ESARR 3
5.2.4
7.2.1. Determination of Requirements Related to the Product 7.2.2. Review of Requirements Related to the Product
The requirements determined should include, explicitly, the safety requirements (mitigation measures) derived from risk assessment and mitigation processes
5.2.4
7.3.1. Design and Development Planning
Design and development planning should include, explicitly, the planning of risk assessment and mitigation as regards any associated changes to the ATM system.
5.2.4
EAM 3 / GUI 4 – Mapping between ISO 9001:2000 and ESARR 3
Edition 1.0 Released Issue Page 22 of 45
ISO 9001:2000 provisions whose use to implement
ESARR 3 should be subject to certain conditions
CONDITIONS IDENTIFIED ESARR 3 related
requirements
7.3.2. Design and Development Inputs
Design and development inputs should identify, explicitly, the inputs needed to conduct risk assessment and mitigation with regard to any associated changes to the ATM system
5.2.4
7.3.3. Design and Development Outputs
Design and development outputs should identify, explicitly, the outputs from risk assessment and mitigation undertaken in regard to any associated changes to the ATM system (notably the safety requirements, also known as mitigation measures)
5.2.4
7.3.7. Control of Design and Development Changes
The control of design and development should include specific documentation to present the results and conclusions of risk assessment and mitigation related to associated changes to the ATM system.
5.2.4, 5.3.4
7.4. Purchasing
Complementary arrangements are needed to deal with those situations in which external suppliers cannot be selected. Those additional arrangements should normally be based on a risk-based approach
5.2.6
7.5.1. Control of production and service provision
7.5.2. Validation of processes for production and service provisions
These provisions can support the implementation of ESARR 3, 5.2.4, with regard to ATM operational procedures. However, the control and validation of processes for service provision should explicitly include appropriate risk assessment and mitigation activities.
5.2.4
8. Measurement, Analysis and Improvement 8.3. Control of Non-Conforming Product (last paragraph)
8.5.2. Corrective Action
Wherever these ISO statements are considered as possible means to implement ESARR 3, Section 5.2..7 (Safety Occurrences), the actions mentioned in ISO should necessarily include an immediate investigation of occurrences and the implementation of corrective actions resulting from such investigation
5.2.7
Additionally, wherever ISO 9001:2000 provisions are used to support the implementation of ESARR 3, safety should normally be addressed as a specific and differentiated subject in the ISO-based processes and arrangements used to implement ESARR 3.
(Space Left Intentionally Blank)
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 23
of 4
5 A
PPEN
DIX
C –
Det
aile
d C
ompa
rison
bet
wee
n IS
O 9
001:
2000
and
ESA
RR
3
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 4.
1. G
ener
al R
equi
rem
ents
The
orga
nisa
tion
shal
l est
ablis
h, d
ocum
ent a
nd m
aint
ain
a qu
ality
man
agem
ent s
yste
m a
nd c
ontin
ually
impr
ove
its
effe
ctiv
enes
s in
acc
orda
nce
with
the
requ
irem
ents
if th
is
Inte
rnat
iona
l Sta
ndar
d. T
he o
rgan
isat
ion
shal
l:
5.1.
Gen
eral
Req
uire
men
t – A
n A
TM s
ervi
ce p
rovi
der s
hall,
as
an
inte
gral
par
t of t
he m
anag
emen
t of t
he A
TM s
ervi
ce h
ave
in p
lace
a
safe
ty m
anag
emen
t sys
tem
whi
ch:
(als
o re
late
d to
5.4
.2 S
afet
y Im
prov
emen
t)
The
inte
nt o
f the
se s
tate
men
ts is
equ
ival
ent.
To n
ote
that
ES
AR
R 3
em
phas
ises
the
need
to im
plem
ent S
MS
as
a p
art o
f the
ove
rall
man
agem
ent f
unct
ion.
a) id
entif
y th
e pr
oces
ses
need
ed fo
r the
QM
S a
nd th
eir
appl
icat
ion
thro
ugho
ut th
e or
gani
satio
n
b) d
eter
min
e th
e se
quen
ce a
nd in
tera
ctio
n of
thes
e pr
oces
ses
c) d
eter
min
e cr
iteria
and
met
hods
nee
ded
to e
nsur
e th
at
both
the
oper
atio
n an
d co
ntro
l of t
hese
s pr
oces
ses
are
effe
ctiv
e
d) e
nsur
e av
aila
bilit
y of
reso
urce
s an
d in
form
atio
n ne
cess
ary
to s
uppo
rt th
e op
erat
ion
and
mon
itorin
g of
th
eses
pro
cess
es
e) m
onito
r, m
easu
re a
nd a
naly
se th
ese
proc
esse
s, a
nd
5.1.
1 Sa
fety
Man
agem
ent
(hav
e in
pla
ce a
SM
S w
hich
) a)
ens
ures
a fo
rmal
ised
, exp
licit
and
pro-
activ
e ap
proa
ch to
sy
stem
atic
saf
ety
man
agem
ent i
n m
eetin
g its
saf
ety
resp
onsi
bilit
ies
with
in th
e pr
ovis
ions
of A
TM s
ervi
ces
b) o
pera
tes
in re
spec
t to
all A
TM a
nd s
uppo
rting
ser
vice
s w
hich
are
un
der i
ts m
anag
eria
l con
trol
ES
AR
R 3
requ
ires
a fo
rmal
ised
and
exp
licit
appr
oach
to
syst
emat
ic s
afet
y m
anag
emen
t. H
owev
er, E
SA
RR
3 d
oes
not i
nclu
de e
xplic
itly
the
bulle
ts
deve
lope
d in
ISO
. In
parti
cula
r, E
SA
RR
3 d
oes
not i
nclu
de
expl
icit
requ
irem
ents
on
the
iden
tific
atio
n of
pro
cess
es a
nd th
eir
subs
eque
nt m
anag
emen
t as
an e
xplic
it re
quire
men
t.
A p
roce
ss a
ppro
ach,
as
prop
osed
in IS
O, s
eem
s a
prop
er
mea
ns to
impl
emen
t the
ES
AR
R 3
requ
irem
ent f
or a
“s
yste
mat
ic” a
nd “f
orm
alis
ed” a
ppro
ach.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.1.1
. f)
impl
emen
t act
ions
nec
essa
ry to
ach
ieve
pla
nned
resu
lts
and
cont
inua
l im
prov
emen
t of t
hese
pro
cess
es.
5.4.
2. S
afet
y Im
prov
emen
t (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce-p
rovi
der)
…
b) s
hall
ensu
re th
at c
hang
es a
re m
ade
to im
prov
e sa
fety
whe
re th
ey
appe
ar n
eede
d.
The
inte
nt o
f the
se s
tate
men
ts is
equ
ival
ent
Thes
e pr
oces
ses
shal
l be
man
aged
by
the
orga
nisa
tion
in
acco
rdan
ce w
ith th
e re
quire
men
ts o
f thi
s In
tern
atio
nal
Sta
ndar
d
- N
/A
Whe
re a
n or
gani
satio
n ch
oose
s to
out
sour
ce a
ny p
roce
ss
that
affe
cts
prod
uct c
onfo
rmity
with
requ
irem
ents
, the
or
gani
satio
n sh
all e
nsur
e co
ntro
l ove
r suc
h pr
oces
ses.
C
ontro
l of s
uch
outs
ourc
ed p
roce
sses
sha
ll be
iden
tifie
d w
ithin
the
qual
ity m
anag
emen
t sys
tem
.
5.2.
6 Ex
tern
al S
ervi
ces
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
adeq
uate
and
sat
isfa
ctor
y ju
stifi
catio
n of
the
safe
ty o
f th
e ex
tern
ally
pro
vide
d se
rvic
es, h
avin
g re
gard
to th
eir s
afet
y si
gnifi
canc
e w
ithin
the
prov
isio
n of
the
ATM
ser
vice
. (E
xter
nal S
ervi
ces
are
defin
ed in
ES
AR
R 3
, App
endi
x A
)
The
ISO
sta
tem
ent c
over
s a
parti
cula
r situ
atio
n in
clud
ed in
the
Ext
erna
l Ser
vice
s co
ncep
t. It
shou
ld b
e no
ted
that
ES
AR
R 3
def
ines
Ext
erna
l Ser
vice
s in
a
very
bro
ad m
anne
r (“a
ll m
ater
ial a
nd n
on-m
ater
ial s
uppl
ies
and
serv
ices
whi
ch a
re d
eliv
ered
by
any
orga
nisa
tion
not c
over
ed
by th
e A
TM s
ervi
ce p
rovi
der’s
SM
S”)
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.6
(but
onl
y w
ith re
gard
to a
pa
rtic
ular
type
of e
xter
nal s
ervi
ces)
.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 24
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 4.
2. D
ocum
enta
tion
4.2.
1. G
ener
al
The
qual
ity m
anag
emen
t sys
tem
sha
ll in
clud
e:
a) d
ocum
ente
d st
atem
ents
of a
qua
lity
polic
y an
d qu
ality
ob
ject
ives
5.
1.1.
Saf
ety
Man
agem
ent
(hav
e in
pla
ce a
SM
S w
hich
) …
c)
incl
udes
, as
its fo
unda
tion,
a s
tate
men
t of s
afet
y po
licy
defin
ing
the
fund
amen
tal a
ppro
ach
to m
anag
ing
safe
ty
5.1.
4. S
afet
y O
bjec
tive
of th
e A
TM s
ervi
ce
(hav
e in
pla
ce a
SM
S w
hich
) en
sure
s th
at w
hile
pro
vidi
ng a
n A
TM s
ervi
ce,
the
prin
cipa
l sa
fety
ob
ject
ive
is to
min
imis
e th
e A
TM c
ontri
butio
n to
the
risk
of a
n ai
rcra
ft ac
cide
nt a
s fa
r as
reas
onab
ly p
ract
icab
le
(Als
o 5.
1.2.
(Saf
ety
Res
pons
ibili
ty) a
nd 5
.1.3
. (S
afet
y P
riorit
y) in
clud
e hi
gh le
vel s
tate
men
ts o
f pol
icy
natu
re)
Bot
h do
cum
ents
con
side
r the
nee
d fo
r pol
icy
and
obje
ctiv
es.
ES
AR
R 3
con
tain
s so
me
high
leve
l sta
tem
ents
that
sho
uld
norm
ally
be
addr
esse
d in
the
Saf
ety
Pol
icy
(e.g
. Saf
ety
Prio
rity)
as
poi
nted
out
in E
AM
3/G
UI1
(ES
AR
R 3
Gui
danc
e M
ater
ial).
O
n th
e ot
her h
and
ISO
is v
ery
gene
ric o
n th
e co
nten
ts o
f the
qu
ality
pol
icy.
ISO
Sec
tion
5.3
(see
bel
ow) r
equi
res
the
polic
y to
be
“app
ropr
iate
” for
the
purp
ose
of th
e or
gani
satio
n.
ES
AR
R 3
als
o id
entif
ies
a m
inim
um s
afet
y ob
ject
ive
for a
ll se
rvic
e pr
ovid
ers,
whi
le IS
O o
nly
requ
ires
defin
ing
appr
opria
te
obje
ctiv
es (s
ee 5
.4.1
bel
ow).
Whe
neve
r the
use
of I
SO is
con
side
red,
it s
houl
d be
not
ed
that
any
obj
ectiv
e de
fined
by
ATM
ser
vice
pro
vide
rs m
ust
be c
onsi
sten
t with
the
min
imum
com
mon
obj
ectiv
e de
fined
fo
r all
ATM
pro
vide
rs in
ESA
RR
3, S
ectio
n 5.
1.4.
W
here
ver t
he u
se o
f ISO
is c
onsi
dere
d, it
sho
uld
be n
oted
th
at th
e Sa
fety
Pol
icy
shou
ld n
orm
ally
incl
ude
stat
emen
ts
to a
ddre
ss E
SAR
R 3
Sec
tions
5.1
.1, 5
.1.2
, 5.1
.3 a
nd 5
.1.4
.
b) a
qua
lity
man
ual
c) d
ocum
ente
d pr
oced
ures
requ
ired
by th
is In
tern
atio
nal
Sta
ndar
d
d) d
ocum
ents
nee
ded
by th
e or
gani
satio
n to
ens
ure
the
effe
ctiv
e pl
anni
ng, o
pera
tion
and
cont
rol o
f its
pro
cess
es
5.2.
5. S
MS
Doc
umen
tatio
n (w
ithin
the
oper
atio
n of
the
SM
S, t
he s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at th
e S
MS
is s
yste
mat
ical
ly d
ocum
ente
d in
a m
anne
r, w
hich
pro
vide
s a
clea
r lin
kage
to th
e or
gani
satio
n’s
safe
ty p
olic
y;
ES
AR
R 3
is le
ss p
resc
riptiv
e. T
he S
MS
mus
t be
syst
emat
ical
ly
docu
men
ted
but n
o pa
rticu
lar f
orm
at is
requ
ired.
O
n th
e ot
her h
and
ES
AR
R 3
insi
sts
on th
e ne
ed to
ens
ure
a cl
ear l
ink
betw
een
Saf
ety
Pol
icy
and
SM
S.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.5
.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 25
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t e)
reco
rds
requ
ired
by th
is In
tern
atio
nal S
tand
ard
5.3.
3. S
afet
y R
ecor
ds
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
that
saf
ety
reco
rds
are
mai
ntai
ned
thro
ugho
ut th
e S
MS
op
erat
ion
as a
bas
is fo
r pro
vidi
ng s
afet
y as
sura
nce
to a
ll as
soci
ated
w
ith, r
espo
nsib
le fo
r or d
epen
dent
upo
n th
e se
rvic
es p
rovi
ded,
and
to
the
safe
ty re
gula
tory
aut
horit
y;
5.3.
4. R
isk
Ass
essm
ent a
nd M
itiga
tion
Doc
umen
tatio
n (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at th
e re
sults
and
con
clus
ions
of t
he ri
sk a
sses
smen
t an
d m
itiga
tion
proc
ess
of a
new
or c
hang
ed s
afet
y si
gnifi
cant
sys
tem
ar
e sp
ecifi
cally
doc
umen
ted,
and
that
this
doc
umen
tatio
n is
m
aint
aine
d th
roug
hout
the
life
of th
e sy
stem
.
Thro
ugho
ut it
s te
xt, I
SO
iden
tify
seve
ral r
ecor
ds to
be
mai
ntai
ned
and
in th
ose
case
s a
refe
renc
e to
sec
tion
4.2.
4 (c
ontro
l of r
ecor
ds) i
s do
ne.
ES
AR
R 3
onl
y m
entio
ns a
par
ticul
ar ty
pe o
f saf
ety
reco
rd: t
he
risk
asse
ssm
ent a
nd m
itiga
tion
docu
men
tatio
n. N
ever
thel
ess,
E
SA
RR
3 re
quire
s re
cord
s “th
roug
hout
the
SM
S o
pera
tion”
. Th
at im
plie
s re
cord
s fo
r all
the
actio
ns (p
roce
sses
) tha
t im
plem
ent t
he S
MS
.
Whe
reve
r the
use
of I
SO is
con
side
red,
it s
houl
d be
not
ed
that
reco
rds
have
to b
e pr
oduc
ed a
nd m
aint
aine
d fo
r all
the
actio
ns (p
roce
sses
) inc
lude
d in
ESA
RR
3, a
nd p
artic
ular
ly
for t
he re
sults
of r
isk
asse
ssm
ent &
miti
gatio
n
4.2.
2. Q
ualit
y M
anua
l Th
e or
gani
satio
n sh
all e
stab
lish
and
mai
ntai
n a
qual
ity
man
ual t
hat i
nclu
des:
5.2.
5. S
MS
Doc
umen
tatio
n (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at th
e S
MS
is s
yste
mat
ical
ly d
ocum
ente
d in
a m
anne
r, w
hich
pro
vide
s a
clea
r lin
kage
to th
e or
gani
satio
n’s
safe
ty p
olic
y;
ES
AR
R 3
is le
ss p
resc
riptiv
e. T
he S
MS
mus
t be
syst
emat
ical
ly
docu
men
ted
but n
o pa
rticu
lar f
orm
at is
requ
ired.
O
n th
e ot
her h
and
ES
AR
R 3
insi
sts
on th
e ne
ed to
ens
ure
a cl
ear l
ink
betw
een
safe
ty p
olic
y an
d S
MS
.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.5
. a)
The
sco
pe o
f the
QM
S, i
nclu
ding
det
ails
of a
nd
just
ifica
tion
for a
ny e
xclu
sion
s 5.
1.1
Safe
ty M
anag
emen
t (h
ave
in p
lace
a S
MS
whi
ch)
…
b) o
pera
tes
in re
spec
t to
all A
TM a
nd s
uppo
rting
ser
vice
s w
hich
are
un
der i
ts m
anag
eria
l con
trol
(Sup
porti
ng s
ervi
ces
are
defin
ed in
ES
AR
R 3
, App
endi
x A
)
The
inte
nt o
f the
se s
tate
men
ts is
equ
ival
ent.
ES
AR
R 3
is m
uch
mor
e sp
ecifi
c an
d re
quire
s a
parti
cula
r sco
pe.
Whe
reve
r the
use
of I
SO is
con
side
red,
it s
houl
d be
not
ed
that
the
scop
e of
the
SMS
mus
t be
the
one
spec
ified
in
ESAR
R 3
, 5.1
.1 b
)
b) th
e do
cum
ente
d pr
oced
ures
est
ablis
hed
for t
he Q
MS
, or
refe
renc
e to
them
, and
c) a
des
crip
tion
of th
e in
tera
ctio
n be
twee
n pr
oces
ses
of
the
QM
S
5.2.
5. S
MS
Doc
umen
tatio
n (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at th
e S
MS
is s
yste
mat
ical
ly d
ocum
ente
d in
a m
anne
r, w
hich
pro
vide
s a
clea
r lin
kage
to th
e or
gani
satio
n’s
safe
ty p
olic
y;
ES
AR
R 3
is le
ss p
resc
riptiv
e. T
he S
MS
mus
t be
syst
emat
ical
ly
docu
men
ted
but n
o pa
rticu
lar f
orm
at is
requ
ired.
O
n th
e ot
her h
and
ES
AR
R 3
insi
sts
on th
e ne
ed to
ens
ure
a cl
ear l
ink
betw
een
Saf
ety
Pol
icy
and
SM
S.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.5
.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 26
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 4.
2.3
Con
trol
of d
ocum
ents
D
ocum
ents
requ
ired
by th
e qu
ality
man
agem
ent s
yste
m
shal
l be
cont
rolle
d. R
ecor
ds a
re a
spe
cial
type
of
docu
men
t and
sha
ll be
con
trolle
d ac
cord
ing
to th
e re
quire
men
ts g
iven
in 4
.2.4
.
A d
ocum
ente
d pr
oced
ure
shal
l be
esta
blis
hed
to d
efin
e th
e co
ntro
ls n
eede
d:
a) to
app
rove
doc
umen
ts fo
r ade
quac
y pr
ior t
o is
sue
b) to
revi
ew a
nd u
pdat
e as
nec
essa
ry a
nd re
-app
rove
do
cum
ents
c) to
ens
ure
that
cha
nges
and
the
curr
ent r
evis
ion
stat
us
of d
ocum
ents
are
iden
tifie
d
d) to
ens
ure
that
rele
vant
ver
sion
s of
app
licab
le
docu
men
ts a
re a
vaila
ble
at p
oint
s of
use
e) to
ens
ure
that
doc
umen
ts a
re le
gibl
e an
d re
adily
id
entif
iabl
e
f) to
ens
ure
that
doc
umen
ts o
f ext
erna
l orig
in a
re id
entif
ied
and
thei
r dis
tribu
tion
cont
rolle
d, a
nd
g) to
pre
vent
the
unin
tend
ed u
se o
f obs
olet
e do
cum
ents
, an
d to
app
ly s
uita
ble
iden
tific
atio
n to
them
if th
ey a
re
reta
ined
for a
ny p
urpo
se.
5.2.
5. S
MS
Doc
umen
tatio
n (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at th
e S
MS
is s
yste
mat
ical
ly d
ocum
ente
d in
a m
anne
r, w
hich
pro
vide
s a
clea
r lin
kage
to th
e or
gani
satio
n’s
safe
ty p
olic
y;
ES
AR
R 3
is le
ss p
resc
riptiv
e. T
he S
MS
mus
t be
syst
emat
ical
ly
docu
men
ted
but n
o pa
rticu
lar d
ocum
enta
tion
cont
rol
proc
edur
es a
re re
quire
d.
Som
e re
fere
nces
to d
ocum
enta
tion
cont
rol a
re in
clud
ed in
EA
M
3/G
UI 1
(Gui
danc
e M
ater
ial)
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.5
.
4.2.
4 C
ontr
ol o
f Rec
ords
R
ecor
ds s
hall
be e
stab
lishe
d an
d m
aint
aine
d to
pro
vide
ev
iden
ce o
f con
form
ity to
requ
irem
ents
and
of t
he
effe
ctiv
e op
erat
ion
of th
e qu
ality
man
agem
ent s
yste
m.
Rec
ords
sha
ll re
mai
n le
gibl
e, re
adily
iden
tifia
ble
and
retri
evab
le. A
doc
umen
ted
proc
edur
e sh
all b
e es
tabl
ishe
d to
def
ine
the
cont
rols
nee
ded
for t
he id
entif
icat
ion,
st
orag
e, p
rote
ctio
n, re
triev
al, r
eten
tion
time
and
disp
ositi
on o
f rec
ords
.
5.3.
3. S
afet
y R
ecor
ds
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
that
saf
ety
reco
rds
are
mai
ntai
ned
thro
ugho
ut th
e S
MS
op
erat
ion
as a
bas
is fo
r pro
vidi
ng s
afet
y as
sura
nce
to a
ll as
soci
ated
w
ith, r
espo
nsib
le fo
r or d
epen
dent
upo
n th
e se
rvic
es p
rovi
ded,
and
to
the
safe
ty re
gula
tory
aut
horit
y;
Equ
ival
ent s
tate
men
ts e
xcep
t with
rega
rd to
the
need
of a
do
cum
ente
d pr
oced
ure
requ
ired
by IS
O a
nd n
ot d
eman
ded
expl
icitl
y in
ES
AR
R 3
.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.3.3
, 5.2
.5 a
nd 5
.3.4
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 27
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 5.
1 M
anag
emen
t Com
mitm
ent
Top
man
agem
ent s
hall
prov
ide
evid
ence
of i
ts
com
mitm
ent t
o th
e de
velo
pmen
t and
impl
emen
tatio
n of
th
e Q
MS
and
con
tinua
lly im
prov
e its
effe
ctiv
enes
s by
a) C
omm
unic
atin
g to
the
orga
nisa
tion
the
impo
rtanc
e of
m
eetin
g cu
stom
er a
s w
ell a
s st
atut
ory
and
regu
lato
ry
requ
irem
ents
b) e
stab
lishi
ng th
e qu
ality
pol
icy
c) e
nsur
ing
that
qua
lity
obje
ctiv
es a
re e
stab
lishe
d
d) c
ondu
ctin
g m
anag
emen
t rev
iew
s, a
nd
e) e
nsur
ing
the
avai
labi
lity
of re
sour
ces
5.2.
2. S
afet
y M
anag
emen
t Res
pons
ibili
ty
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
-pro
vide
r)
d) s
hall
ensu
re th
at th
e hi
ghes
t lev
el o
f the
ser
vice
pro
vide
r or
gani
satio
n pl
ays
a ge
nera
l rol
e in
ens
urin
g sa
fety
man
agem
ent;
5.1.
Gen
eral
Req
uire
men
t A
n A
TM s
ervi
ce p
rovi
der s
hall,
as
an in
tegr
al p
art o
f the
m
anag
emen
t of t
he A
TM s
ervi
ce h
ave
in p
lace
a S
MS
whi
ch:
5.1.
1 a)
(Saf
ety
Man
agem
ent)
ensu
res
a fo
rmal
ised
, exp
licit
and
pro-
activ
e ap
proa
ch to
sys
tem
atic
saf
ety
man
agem
ent i
n m
eetin
g its
sa
fety
resp
onsi
bilit
ies
with
in th
e pr
ovis
ion
of A
TM s
ervi
ces.
5.
4.2.
Saf
ety
Impr
ovem
ent
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
-pro
vide
r)
…
b) s
hall
ensu
re th
at c
hang
es a
re m
ade
to im
prov
e sa
fety
whe
re th
ey
appe
ar n
eede
d.
ISO
is m
uch
mor
e sp
ecifi
c as
it re
quire
s sp
ecifi
c ev
iden
ces
to
dem
onst
rate
top
man
agem
ent c
omm
itmen
t. M
anag
emen
t rev
iew
s ar
e no
t req
uire
d ex
plic
itly
in E
SA
RR
3
alth
ough
the
SM
S m
anag
emen
t rev
iew
is id
entif
ied
in
EA
M3/
GU
I 1 (E
SA
RR
3 G
uida
nce
Mat
eria
l) as
one
of t
he u
sual
el
emen
ts o
f the
impl
emen
tatio
n of
ES
AR
R 5
.4.2
(saf
ety
impr
ovem
ent)
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.2
d, 5
.4.2
b a
nd 5
.1.
5.2
Cus
tom
er F
ocus
To
p m
anag
emen
t sha
ll en
sure
that
cus
tom
er
requ
irem
ents
are
met
with
the
aim
of e
nhan
cing
cus
tom
er
satis
fact
ion
No
sim
ilar r
equi
rem
ent i
n E
SA
RR
3
N/A
5.3
Qua
lity
Polic
y
Top
man
agem
ent s
hall
ensu
re th
at th
e qu
ality
pol
icy:
5.
1.1.
Saf
ety
Man
agem
ent
(hav
e in
pla
ce a
SM
S w
hich
) …
c)
incl
udes
, as
its fo
unda
tion,
a s
tate
men
t of s
afet
y po
licy
defin
ing
the
fund
amen
tal a
ppro
ach
to m
anag
ing
safe
ty
Equ
ival
ent s
tate
men
ts
(how
ever
, see
bul
lets
in IS
O o
n th
e ne
xt p
age)
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 28
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t a)
is a
ppro
pria
te to
the
purp
ose
of th
e or
gani
satio
n
b) in
clud
es a
com
mitm
ent t
o co
mpl
y w
ith re
quire
men
ts
and
cont
inua
lly im
prov
e th
e ef
fect
iven
ess
of th
e qu
ality
m
anag
emen
t sys
tem
c) p
rovi
des
a fra
mew
ork
for e
stab
lishi
ng a
nd re
view
ing
qual
ity o
bjec
tives
d) is
com
mun
icat
ed a
nd u
nder
stoo
d w
ithin
the
orga
nisa
tion,
and
e) is
revi
ewed
for c
ontin
uing
sui
tabi
lity
5.1.
Gen
eral
Req
uire
men
t (T
he G
ener
al R
equi
rem
ent i
nclu
des
high
leve
l sta
tem
ents
that
will
be
norm
ally
con
side
red
at p
olic
y le
vel d
ue to
thei
r pol
icy
natu
re. T
his
conc
erns
5.1
.1 S
afet
y M
anag
emen
t, 5.
1.2
Saf
ety
Res
pons
ibili
ty,
5.1.
3 S
afet
y P
riorit
y, a
nd 5
.1.4
Saf
ety
Obj
ectiv
e of
the
ATM
ser
vice
)
ISO
requ
ires
addr
essi
ng s
ome
spec
ific
aspe
cts
in th
e qu
ality
po
licy.
Alth
ough
the
incl
usio
n of
thos
e as
pect
s at
pol
icy
leve
l is
not e
xplic
itly
requ
ired
in E
SA
RR
3, s
uch
ISO
pol
icy
prin
cipl
es
may
pro
vide
the
SM
S w
ith a
pos
itive
inpu
t. S
econ
dly,
ES
AR
R 3
con
tain
s so
me
high
leve
l sta
tem
ents
that
sh
ould
nor
mal
ly b
e ad
dres
sed
in th
e S
afet
y P
olic
y (e
.g. S
afet
y P
riorit
y) a
s po
inte
d ou
t in
EA
M3/
GU
I1 (E
SA
RR
3 G
uida
nce
Mat
eria
l). H
owev
er, I
SO
is v
ery
gene
ric o
n th
e ac
tual
con
tent
s of
the
qual
ity p
olic
y. IS
O S
ectio
n 5.
3 (s
ee b
elow
) req
uire
s th
e po
licy
to b
e “a
ppro
pria
te” f
or th
e pu
rpos
e of
the
orga
nisa
tion.
Whe
reve
r the
use
of I
SO is
con
side
red,
it s
houl
d be
not
ed
that
any
obj
ectiv
e de
fined
by
ATM
ser
vice
pro
vide
rs m
ust
be c
onsi
sten
t with
the
min
imum
com
mon
obj
ectiv
e de
fined
fo
r all
ATM
pro
vide
rs in
ESA
RR
3, S
ectio
n 5.
1.4.
W
here
ver t
he u
se o
f ISO
is c
onsi
dere
d, it
sho
uld
be n
oted
th
at th
e Sa
fety
Pol
icy
shou
ld n
orm
ally
incl
ude
stat
emen
ts
to a
ddre
ss E
SAR
R 3
Sec
tions
5.1
.1, 5
.1.2
, 5.1
.3 a
nd 5
.1.4
.
5.4
Plan
ning
5.4.
1. Q
ualit
y O
bjec
tives
– T
op m
anag
emen
t ens
ure
that
qu
ality
obj
ectiv
es, i
nclu
ding
thos
e ne
eded
to m
eet
requ
irem
ents
for p
rodu
ct a
re e
stab
lishe
d at
rele
vant
fu
nctio
ns a
nd le
vels
with
in th
e or
gani
satio
n. T
he q
ualit
y ob
ject
ives
sha
ll be
mea
sura
ble
and
cons
iste
nt w
ith th
e qu
ality
pol
icy.
(IS
O d
efin
ition
for q
ualit
y ob
ject
ive:
som
ethi
ng s
ough
t, or
ai
med
for,
rela
ted
to q
ualit
y)
5.1.
4. S
afet
y O
bjec
tive
of th
e A
TM s
ervi
ce
(hav
e in
pla
ce a
SM
S w
hich
) en
sure
s th
at w
hile
pro
vidi
ng a
n A
TM s
ervi
ce, t
he p
rinci
pal s
afet
y ob
ject
ive
is to
min
imis
e th
e A
TM c
ontri
butio
n to
the
risk
of a
n ai
rcra
ft as
far a
s re
ason
ably
pra
ctic
able
5.
2.3.
Qua
ntita
tive
Safe
ty L
evel
s (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at, w
here
ver p
ract
icab
le, q
uant
itativ
e sa
fety
leve
ls a
re
deriv
ed a
nd a
re m
aint
aine
d fo
r all
syst
ems
ES
AR
R 3
is m
uch
mor
e sp
ecifi
c as
it id
entif
ies
a m
inim
um
safe
ty o
bjec
tive
for a
ll se
rvic
e pr
ovid
ers
whi
le IS
O o
nly
requ
ires
defin
ing
appr
opria
te o
bjec
tives
In
the
light
of t
he IS
O d
efin
ition
for ‘
qual
ity o
bjec
tive’
, the
ISO
st
atem
ent c
an a
lso
be a
pplic
able
to th
e im
plem
enta
tion
of
ES
AR
R 3
, 5.2
.3 (Q
uant
itativ
e S
afet
y Le
vels
)
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.1.4
and
5.2
.3, p
rovi
ded
that
: W
here
ver t
he u
se o
f ISO
is c
onsi
dere
d, it
sho
uld
be n
oted
th
at a
ny o
bjec
tive
defin
ed b
y AT
M s
ervi
ce p
rovi
ders
mus
t be
con
sist
ent w
ith th
e m
inim
um c
omm
on o
bjec
tive
defin
ed
for a
ll AT
M p
rovi
ders
in E
SAR
R 3
, Sec
tion
5.1.
4.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 29
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 5.
4.2.
QM
S pl
anni
ng
Top
man
agem
ent s
hall
ensu
re th
at:
a) th
e pl
anni
ng o
f the
QM
S is
car
ried
out i
n or
der t
o m
eet
the
requ
irem
ents
giv
en in
4.1
,as
wel
l as
the
qual
ity
obje
ctiv
es, a
nd
b) th
e in
tegr
ity o
f the
QM
S is
mai
ntai
ned
whe
n ch
ange
s to
th
e Q
MS
are
pla
nned
and
impl
emen
ted
5.1.
Gen
eral
Req
uire
men
t A
n A
TM s
ervi
ce p
rovi
der s
hall,
as
an in
tegr
al p
art o
f the
m
anag
emen
t of t
he A
TM s
ervi
ce h
ave
in p
lace
a S
MS
whi
ch:
5.1.
1 a)
(Saf
ety
Man
agem
ent)
ensu
res
a fo
rmal
ised
, exp
licit
and
pro-
activ
e ap
proa
ch to
sys
tem
atic
saf
ety
man
agem
ent i
n m
eetin
g its
sa
fety
resp
onsi
bilit
ies
with
in th
e pr
ovis
ion
of A
TM s
ervi
ces.
No
expl
icit
requ
irem
ents
exi
st in
ES
AR
R 3
rega
rdin
g pl
anni
ng,
alth
ough
this
issu
e co
uld
be c
onsi
dere
d as
em
bedd
ed in
the
need
for ‘
syst
emat
ic s
afet
y m
anag
emen
t’.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.1 a
nd 5
.1.1
a)
5.5.
Res
pons
ibili
ty, a
utho
rity
and
com
mun
icat
ion
5.5.
1. R
espo
nsib
ility
and
aut
horit
y To
p m
anag
emen
t sha
ll en
sure
that
resp
onsi
bilit
ies
and
auth
oriti
es a
re d
efin
ed a
nd c
omm
unic
ated
with
in th
e or
gani
satio
n
5.1.
2 Sa
fety
Res
pons
ibili
ty
(hav
e in
pla
ce a
SM
S w
hich
) en
sure
s th
at e
very
one
invo
lved
in th
e sa
fety
asp
ects
of A
TM s
ervi
ce-
prov
isio
n ha
s an
indi
vidu
al s
afet
y re
spon
sibi
lity
for t
heir
own
actio
ns,
and
that
man
ager
s ar
e re
spon
sibl
e fo
r the
saf
ety
perfo
rman
ce o
f the
ir ow
n or
gani
satio
ns;
ES
AR
R 3
is m
uch
mor
e sp
ecifi
c th
an IS
O. E
SA
RR
3
emph
asis
es th
ree
key
aspe
cts:
a)
th
e no
tion
of in
divi
dual
ity in
the
safe
ty re
spon
sibi
lity
conc
ept
b)
the
link
betw
een
resp
onsi
bilit
y an
d ow
n ac
tions
c)
th
e re
spon
sibi
lity
of m
anag
ers
for t
he p
erfo
rman
ce o
f the
ir or
gani
satio
n.
Whe
reve
r the
use
of I
SO is
con
side
red,
it s
houl
d be
not
ed
that
saf
ety
resp
onsi
bilit
ies
mus
t be
defin
ed fo
r ind
ivid
uals
in
rela
tion
to th
eir o
wn
actio
ns, a
nd th
at th
e re
spon
sibi
litie
s of
man
ager
s m
ust b
e re
late
d to
the
safe
ty
perf
orm
ance
of t
he p
art o
f the
org
anis
atio
n th
ey m
anag
e.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 30
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 5.
5.2
Man
agem
ent r
epre
sent
ativ
e To
p m
anag
emen
t sha
ll ap
poin
t a m
embe
r of t
he
man
agem
ent w
ho, i
rres
pect
ive
of o
ther
resp
onsi
bilit
ies,
sh
all h
ave
resp
onsi
bilit
y an
d au
thor
ity th
at in
clud
es:
5.2.
2 Sa
fety
Man
agem
ent R
espo
nsib
ility
(w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
a)
sha
ll en
sure
that
a s
afet
y m
anag
emen
t fun
ctio
n is
iden
tifie
d w
ith
orga
nisa
tiona
l res
pons
ibili
ty fo
r dev
elop
men
t and
mai
nten
ance
of t
he
safe
ty m
anag
emen
t sys
tem
; b)
sha
ll en
sure
that
this
poi
nt o
f res
pons
ibili
ty is
, whe
reve
r pos
sibl
e,
inde
pend
ent o
f lin
e m
anag
emen
t, an
d ac
coun
tabl
e di
rect
ly to
the
high
est o
rgan
isat
iona
l lev
el
…
d) s
hall
ensu
re th
at th
e hi
ghes
t lev
el o
f ser
vice
pro
vide
r org
anis
atio
n pl
ays
a ge
nera
l rol
e in
ens
urin
g sa
fety
man
agem
ent
ES
AR
R 3
requ
ires
inde
pend
ence
of l
ine
man
agem
ent w
hile
IS
O o
nly
requ
ires
the
appo
intm
ent o
f a m
embe
r of t
he
man
agem
ent i
rres
pect
ive
of o
ther
resp
onsi
bilit
ies.
O
n th
e ot
her h
and,
it s
houl
d be
not
ed th
at IS
O e
xplic
itly
requ
ires
the
qual
ity m
anag
er to
be
part
of th
e m
anag
emen
t te
am. E
SA
RR
3 d
oes
not i
nclu
de e
xplic
it m
anda
tory
pro
visi
ons
in th
at re
gard
. How
ever
, tha
t not
ion
is s
tress
ed in
EA
M3/
GU
I1
(ES
AR
R 3
Gui
danc
e M
ater
ial)
as a
key
asp
ect t
hat s
tem
s fro
m
the
requ
irem
ent f
or a
SM
S a
s pa
rt of
the
over
all m
anag
emen
t fu
nctio
n (E
SA
RR
3, 5
.1).
Bes
ides
, the
use
of t
he te
rm “a
utho
rity”
in IS
O s
eem
s to
re
info
rce
sign
ifica
ntly
the
role
of t
he q
ualit
y m
anag
er. I
ts u
se
with
in th
e co
ntex
t of E
SA
RR
3 m
ay p
rovi
de a
pos
itive
inpu
t to
the
impl
emen
tatio
n of
the
safe
ty m
anag
emen
t fun
ctio
n.
The
use
of th
e IS
O e
xpre
ssio
ns ‘m
embe
r of t
he m
anag
emen
t’ an
d ‘a
utho
rity’
can
sup
port
the
impl
emen
tatio
n of
ES
AR
R 3
, 5.
2.2,
pro
vide
d th
at:
Whe
reve
r the
use
of I
SO is
con
side
red,
it s
houl
d be
not
ed
that
the
safe
ty m
anag
eria
l fun
ctio
n sh
ould
be
inde
pend
ent
of li
ne m
anag
emen
t (ex
cept
in th
e ca
se o
f som
e sm
all
orga
nisa
tions
) N
OTE
: ind
epen
denc
e of
line
man
agem
ent c
ould
not
be
requ
ired
in th
e ca
se o
f sm
all o
rgan
isat
ions
in a
ccor
danc
e to
E
SA
RR
3, 5
.2.2
c (F
or fu
rther
det
ails
see
EA
M3/
GU
I2 S
afet
y R
egul
ator
y A
spec
ts o
f the
Impl
emen
tatio
n of
ES
AR
R 3
in S
mal
l O
rgan
isat
ions
, Edi
tion
1.0)
a) e
nsur
ing
that
pro
cess
es n
eede
d fo
r the
QM
S a
re
esta
blis
hed,
impl
emen
ted
and
mai
ntai
ned
b) re
porti
ng to
top
man
agem
ent o
n th
e pe
rform
ance
of t
he
QM
S a
nd a
ny n
eed
for i
mpr
ovem
ent,
and
c) e
nsur
ing
the
prom
otio
n of
aw
aren
ess
of c
usto
mer
sa
tisfa
ctio
n th
roug
hout
the
orga
nisa
tion
5.2.
2 Sa
fety
Man
agem
ent R
espo
nsib
ility
(w
ithin
the
oper
atio
n of
the
SM
S th
e A
TM s
ervi
ce p
rovi
der)
a)
sha
ll en
sure
that
a s
afet
y m
anag
emen
t fun
ctio
n is
iden
tifie
d w
ith
orga
nisa
tiona
l res
pons
ibili
ty fo
r dev
elop
men
t and
mai
nten
ance
of t
he
safe
ty m
anag
emen
t sys
tem
; b)
sha
ll en
sure
that
this
poi
nt o
f res
pons
ibili
ty is
, whe
reve
r pos
sibl
e,
inde
pend
ent o
f lin
e m
anag
emen
t, an
d ac
coun
tabl
e di
rect
ly to
the
high
est o
rgan
isat
iona
l lev
el
The
ISO
sta
tem
ents
are
muc
h m
ore
spec
ific
that
the
expr
essi
on
“dev
elop
men
t and
mai
nten
ance
of t
he S
MS
”. Th
eir u
se m
ay
add
clar
ity to
the
role
of t
he s
afet
y m
anag
emen
t fun
ctio
n an
d ar
e in
line
with
EA
M3/
GU
I1(E
SA
RR
3 G
uida
nce
Mat
eria
l)
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.2
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 31
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 5.
5.3
Inte
rnal
Com
mun
icat
ion
Top
man
agem
ent s
hall
ensu
re th
at a
ppro
pria
te
com
mun
icat
ion
proc
esse
s ar
e es
tabl
ishe
d w
ithin
the
orga
nisa
tion
and
that
com
mun
icat
ion
take
s pl
ace
rega
rdin
g th
e ef
fect
iven
ess
of th
e Q
MS
5.4.
1.Le
sson
Dis
sem
inat
ion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
that
the
less
ons
aris
ing
from
saf
ety
occu
rren
ce
inve
stig
atio
ns a
nd o
ther
saf
ety
activ
ities
are
dis
sem
inat
ed w
idel
y w
ithin
the
orga
nisa
tion
at m
anag
emen
t and
ope
ratio
nal l
evel
s.
5.4.
2 Sa
fety
Impr
ovem
ent
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
a) s
hall
ensu
re th
at a
ll st
aff a
re a
ctiv
ely
enco
urag
ed to
pro
pose
so
lutio
ns to
iden
tifie
d ha
zard
s, a
nd
b) s
hall
ensu
re th
at c
hang
es a
re m
ade
to im
prov
e sa
fety
whe
re th
ey
appe
ar n
eede
d.
ISO
add
ress
es th
e is
sue
from
a g
ener
ic p
ersp
ectiv
e, w
hile
E
SA
RR
3 h
as d
efin
ed s
ome
very
spe
cific
act
ions
suc
h as
the
diss
emin
atio
n of
less
ons
lear
nt a
nd th
e es
tabl
ishm
ent o
f m
echa
nism
s to
ens
ure
that
all
staf
f are
act
ivel
y en
cour
age
to
com
mun
icat
e.
In th
at c
onte
xt, E
SA
RR
3 g
ives
the
inte
rpre
tatio
n of
the
expr
essi
on “a
ppro
pria
te” t
hat a
ppea
rs o
n IS
O, a
nd d
efin
es
spec
ific
feat
ures
to b
e im
plem
ente
d.
Whe
reve
r the
use
of I
SO is
con
side
red,
it s
houl
d be
not
ed
that
ther
e ar
e sp
ecifi
c in
tern
al c
omm
unic
atio
n ac
tions
that
m
ust b
e im
plem
ente
d in
acc
orda
nce
to E
SAR
R 3
, 5.4
.1 a
nd
5.4.
2 a)
.
5.6
Man
agem
ent R
evie
w
5.6.
1 G
ener
al
Top
man
agem
ent s
hall
revi
ew th
e or
gani
satio
n’s
QM
S, a
t pl
anne
d in
terv
als,
to e
nsur
e co
ntin
uing
sui
tabi
lity,
ad
equa
cy a
nd e
ffect
iven
ess.
Thi
s re
view
sha
ll in
clud
e as
sess
ing
oppo
rtuni
ties
for i
mpr
ovem
ent a
nd th
e ne
ed fo
r ch
ange
s to
the
qual
ity m
anag
emen
t sys
tem
, inc
ludi
ng th
e qu
ality
pol
icy
and
qual
ity o
bjec
tives
.
Rec
ords
for m
anag
emen
t rev
iew
s sh
all b
e m
aint
aine
d
5.6.
2 R
evie
w in
put
The
inpu
t to
the
man
agem
ent r
evie
w s
hall
incl
ude
info
rmat
ion
on:
a) re
sults
of a
udits
b) c
usto
mer
feed
back
c) p
roce
ss p
erfo
rman
ce a
nd p
rodu
ct c
onfo
rmity
d) s
tatu
s of
pre
vent
ive
and
corr
ectiv
e ac
tions
e) fo
llow
-up
actio
ns fr
om p
revi
ous
man
agem
ent r
evie
ws
f) ch
ange
s th
at c
ould
affe
ct th
e Q
MS
g) re
com
men
datio
ns fo
r im
prov
emen
t
5.6.
3 R
evie
w o
utpu
t Th
e ou
tput
of t
he m
anag
emen
t rev
iew
sha
ll in
clud
e an
y de
cisi
ons
and
actio
ns re
late
d to
:
a) im
prov
emen
t of t
he e
ffect
iven
ess
of th
e Q
MS
and
its
proc
esse
s
5.1.
1 Sa
fety
Man
agem
ent
(hav
e in
pla
ce a
SM
S w
hich
) a)
ens
ures
a fo
rmal
ised
, exp
licit
and
pro-
activ
e ap
proa
ch to
sy
stem
atic
saf
ety
man
agem
ent i
n m
eetin
g its
saf
ety
resp
onsi
bilit
ies
with
in th
e pr
ovis
ion
of A
TM s
ervi
ces
5.2.
2 Sa
fety
Man
agem
ent F
unct
ion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
d) s
hall
ensu
re th
at th
e hi
ghes
t lev
el o
f the
ser
vice
pro
vide
r or
gani
satio
n pl
ays
a ge
nera
l rol
e in
ens
urin
g sa
fety
man
agem
ent;
5.4.
2 Sa
fety
Impr
ovem
ent
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
…
b) s
hall
ensu
re th
at c
hang
es a
re m
ade
to im
prov
e sa
fety
whe
re th
ey
appe
ar n
eede
d
ISO
is m
uch
mor
e sp
ecifi
c ab
out h
e m
inim
um m
echa
nism
s ne
eded
to im
plem
ent c
ontin
uous
impr
ovem
ent w
ithin
the
orga
nisa
tion
and
invo
lve
the
high
est l
evel
of t
he o
rgan
isat
ion.
N
o sp
ecifi
c re
quire
men
ts e
xist
in E
SA
RR
3 to
exp
licitl
y m
anda
te m
anag
emen
t rev
iew
s.
How
ever
, som
e so
rt of
man
agem
ent r
evie
w m
ay b
e ne
eded
to
impl
emen
t ES
AR
R 3
, 5.2
.2 a
nd 5
.4.4
. Con
sequ
ently
, SM
S
man
agem
ent r
evie
ws
have
bee
n id
entif
ied
in E
AM
3/G
UI1
(E
SA
RR
3 G
uida
nce
Mat
eria
l) as
one
of t
he e
lem
ents
to b
e no
rmal
ly fo
und
in th
e im
plem
enta
tion
of E
SA
RR
3.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, S
ectio
ns 5
.2.2
d) a
nd 5
.4.4
b).
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 32
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t b)
impr
ovem
ent o
f the
pro
duct
rela
ted
to c
usto
mer
re
quire
men
ts, a
nd
c) re
sour
ce n
eeds
(see
pre
viou
s pa
ge)
(see
pre
viou
s pa
ge)
6.1
Prov
isio
n of
Res
ourc
es
The
orga
nisa
tion
shal
l det
erm
ine
and
prov
ide
the
reso
urce
s ne
eded
a) to
impl
emen
t and
mai
ntai
n th
e Q
MS
and
con
tinua
lly
impr
ove
its e
ffect
iven
ess,
and
No
sim
ilar r
equi
rem
ent i
n E
SA
RR
3
No
expl
icit
requ
irem
ents
exi
st in
ES
AR
R 3
requ
iring
the
prov
isio
n of
reso
urce
s, a
lthou
gh th
is n
otio
n co
uld
be c
onsi
dere
d as
em
bedd
ed in
som
e re
quire
men
ts (n
otab
ly E
SA
RR
3, 5
.1 a
nd
5.1.
1a)
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, p
artic
ular
ly in
rega
rd to
ES
ARR
3, 5
.1, 5
.1.1
a) a
nd 5
.2.2
d).
b)
to e
nhan
ce c
usto
mer
sat
isfa
ctio
n by
mee
ting
cust
omer
re
quire
men
ts
No
sim
ilar r
equi
rem
ent i
n E
SA
RR
3
N/A
6.2.
Hum
an R
esou
rces
6.2.
1 G
ener
al
Per
sonn
el p
erfo
rmin
g w
ork
affe
ctin
g pr
oduc
t qua
lity
shal
l be
com
pete
nt o
n th
e ba
sis
of a
ppro
pria
te e
duca
tion,
tra
inin
g, s
kills
and
exp
erie
nce
Equ
ival
ent s
tate
men
ts, a
lthou
gh E
SA
RR
3 e
xplic
itly
mak
es
refe
renc
e to
the
licen
sing
issu
e.
6.2.
2 C
ompe
tenc
e, a
war
enes
s an
d tr
aini
ng
The
orga
nisa
tion
shal
l:
a) d
eter
min
e th
e ne
cess
ary
com
pete
nce
for p
erso
nnel
pe
rform
ing
wor
k af
fect
ing
prod
uct q
ualit
y
b) p
rovi
de tr
aini
ng to
m ta
ke o
ther
act
ions
to s
atis
fy th
ese
need
s
c) e
valu
ate
the
effe
ctiv
enes
s of
the
actio
ns ta
ken
d) e
nsur
e th
at it
s pe
rson
nel a
re a
war
e of
the
rele
vanc
e an
d im
porta
nce
of th
eir a
ctiv
ities
and
how
they
con
tribu
te
to th
e ac
hiev
emen
t of t
he q
ualit
y ob
ject
ives
, and
e) m
aint
ain
appr
opria
te re
cord
s of
edu
catio
n, tr
aini
ng,
skill
s an
d ex
perie
nce
5.2.
1 C
ompe
tenc
y (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at s
taff
are
adeq
uate
ly tr
aine
d, m
otiv
ated
and
co
mpe
tent
for t
he jo
b th
ey a
re re
quire
d to
do,
in a
dditi
on to
bei
ng
prop
erly
lice
nsed
if s
o re
quire
d;
ISO
is m
uch
mor
e de
taile
d th
an E
SA
RR
3. H
owev
er,
EA
M3/
GU
I1 (E
SA
RR
3 G
uida
nce
Mat
eria
l) id
entif
ies
a ve
ry
sim
ilar s
erie
s of
act
ions
as
one
of th
e el
emen
ts to
be
norm
ally
fo
und
in th
e im
plem
enta
tion
of E
SA
RR
3.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.1
N
OTE
: ES
AR
R 5
incl
udes
furth
er d
etai
ls a
bout
pro
cess
es to
be
cond
ucte
d by
the
serv
ice-
prov
ider
to e
nsur
e co
mpe
tenc
y.
6.3.
Infr
astr
uctu
re
The
orga
nisa
tion
shal
l det
erm
ine,
pro
vide
and
mai
ntai
n th
e in
frast
ruct
ure
need
ed to
ach
ieve
con
form
ity to
pro
duct
re
quire
men
ts. I
nfra
stru
ctur
e in
clud
es, a
s ap
plic
able
:
a) b
uild
ings
, wor
kspa
ce a
nd a
ssoc
iate
d ut
ilitie
s
b) p
roce
ss e
quip
men
t (bo
th h
ardw
are
and
softw
are)
No
sim
ilar r
equi
rem
ent i
n E
SA
RR
3
The
use
of th
ese
ISO
pro
visi
on m
ay a
ddre
ss c
ompl
emen
tary
as
pect
s no
t tac
kled
in E
SA
RR
3.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 33
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t c)
sup
porti
ng s
ervi
ces
(suc
h as
tran
spor
t or
com
mun
icat
ion)
(s
ee p
revi
ous
page
) (s
ee p
revi
ous
page
)
6.4
Wor
k en
viro
nmen
t Th
e or
gani
satio
n sh
all d
eter
min
e an
d m
anag
e th
e w
ork
envi
ronm
ent n
eede
d to
ach
ieve
con
form
ity to
pro
duct
re
quire
men
ts
No
sim
ilar r
equi
rem
ent i
n E
SA
RR
3
The
use
of th
ese
ISO
pro
visi
ons
may
add
ress
com
plem
enta
ry
aspe
cts
not t
ackl
ed in
ES
AR
R 3
.
7.1
Plan
ning
of p
rodu
ct re
alis
atio
n Th
e or
gani
satio
n sh
all p
lan
and
deve
lop
the
proc
esse
s ne
eded
for p
rodu
ct re
alis
atio
n. P
lann
ing
of p
rodu
ct
real
isat
ion
shal
l be
cons
iste
nt w
ith th
e re
quire
men
ts o
f the
ot
her p
roce
sses
of t
he Q
MS
. In
plan
ning
pro
duct
re
alis
atio
n, th
e or
gani
satio
n sh
all d
eter
min
e th
e fo
llow
ing,
as
app
ropr
iate
:
a) q
ualit
y ob
ject
ives
and
requ
irem
ents
for t
he p
rodu
ct
b) th
e ne
ed to
est
ablis
h pr
oces
ses,
doc
umen
ts a
nd
prov
ide
reso
urce
s sp
ecifi
c to
the
prod
uct
c) re
quire
d ve
rific
atio
n, v
alid
atio
n, m
onito
ring,
insp
ectio
n an
d te
st a
ctiv
ities
spe
cific
to th
e pr
oduc
t crit
eria
for
prod
uct a
ccep
tanc
e
d) re
cord
s ne
eded
to p
rovi
de e
vide
nce
that
the
real
isat
ion
proc
esse
s an
d re
sulti
ng p
rodu
ct m
eet r
equi
rem
ents
The
outp
ut o
f thi
s pl
anni
ng s
hall
be in
a fo
rm s
uita
ble
for
the
orga
nisa
tion’
s m
etho
d of
ope
ratio
ns
(NO
TE: I
SO
def
initi
on fo
r pro
duct
: res
ult o
f a p
roce
ss)
No
spec
ific
ES
AR
R 3
requ
irem
ents
add
ress
the
plan
ning
of t
he
proc
esse
s ne
eded
for s
ervi
ce-p
rovi
sion
real
isat
ion.
H
owev
er, t
o no
te th
at:
5.2.
4 R
isk
Ass
essm
ent a
nd M
itiga
tion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
a) s
hall
ensu
re th
at ri
sk a
sses
smen
t and
miti
gatio
n is
con
duct
ed to
an
app
ropr
iate
leve
l to
ensu
re th
at d
ue c
onsi
dera
tion
is g
iven
to a
ll as
pect
s of
ATM
; b)
sha
ll en
sure
that
cha
nges
to th
e A
TM s
yste
m a
re a
sses
sed
for
thei
r saf
ety
sign
ifica
nce,
and
ATM
sys
tem
func
tions
are
cla
ssifi
ed
acco
rdin
g to
thei
r saf
ety
seve
rity;
c)
sha
ll en
sure
app
ropr
iate
miti
gatio
n of
risk
s w
here
ass
essm
ent h
as
show
n th
is to
be
nece
ssar
y du
e to
the
safe
ty s
igni
fican
ce o
f the
ch
ange
;
ES
AR
R 3
doe
s no
t req
uire
pla
nnin
g, b
ut re
quire
s ris
k as
sess
men
t and
miti
gatio
n in
the
prov
isio
n of
ATM
ser
vice
s.
Ther
efor
e w
hen
an IS
O-b
ased
app
roac
h is
impl
emen
ted,
any
pl
anni
ng o
f the
pro
cess
es n
eede
d fo
r ATM
ser
vice
pro
visi
on
shou
ld d
eter
min
e th
e ris
k as
sess
men
t and
miti
gatio
n ac
tions
in
tend
ed to
mee
t ES
AR
R 3
, 5.2
.4 (n
otab
ly 5
.2.4
a).
Ther
efor
e, th
e “n
eed
to e
stab
lish
proc
esse
s” a
s re
ferr
ed to
in
ISO
sho
uld
incl
ude
the
need
for r
isk
asse
ssm
ent a
nd m
itiga
tion
proc
esse
s in
tend
ed to
mee
t ES
AR
R 3
, 5.2
.4.
Add
ition
ally
, the
det
erm
inat
ion
of th
e ot
her r
elat
ed e
lem
ents
m
entio
ned
in IS
O (r
ecor
ds, v
erifi
catio
n, re
quire
men
ts, e
tc)
shou
ld a
lso
be c
onsi
dere
d as
rega
rds
risk
asse
ssm
ent a
nd
miti
gatio
n pr
oces
ses
in a
ny IS
O-b
ased
pla
nnin
g of
the
proc
esse
s ne
eded
for A
TM s
ervi
ce p
rovi
sion
.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.4
, pro
vide
d th
at:
Whe
reve
r the
use
of I
SO is
con
side
red,
any
ISO
-bas
ed
plan
ning
of t
he p
roce
sses
nee
ded
for A
TM s
ervi
ce
prov
isio
n sh
ould
pla
n (e
xplic
itly)
the
proc
esse
s ne
eded
for
risk
asse
ssm
ent a
nd m
itiga
tion
in a
ccor
danc
e to
ESA
RR
3,
5.2.
4.
(NO
TE: E
SA
RR
4 p
rovi
des
mor
e de
taile
d re
quire
men
ts w
ith
rega
rd to
risk
ass
essm
ent a
nd m
itiga
tion
proc
esse
s)
(NO
TE: i
n th
e lig
ht o
f the
ISO
def
initi
on fo
r qua
lity
obje
ctiv
es,
the
ISO
bul
let a
) is
also
rela
ted
to th
e im
plem
enta
tion
of
ES
AR
R 3
, 5.2
,3.)
(See
als
o 5.
4.1
in IS
O)
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 34
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 7.
2 C
usto
mer
rela
ted
proc
esse
s 7.
2.1
Det
erm
inat
ion
of re
quire
men
ts re
late
d to
the
prod
uct
the
orga
nisa
tion
shal
l det
erm
ine:
a) re
quire
men
ts s
peci
fied
by th
e cu
stom
er, i
nclu
ding
the
requ
irem
ents
for d
eliv
ery
and
post
-del
iver
y ac
tiviti
es
b) re
quire
men
ts n
ot s
tate
d by
the
cust
omer
but
nec
essa
ry
for s
peci
fied
or in
tend
ed u
se, w
here
kno
wn
c) s
tatu
tory
and
regu
lato
ry re
quire
men
ts re
late
d to
the
prod
uct,
and
d) a
ny a
dditi
onal
requ
irem
ents
det
erm
ined
by
the
orga
nisa
tion
7.2.
2 R
evie
w o
f req
uire
men
ts re
late
d to
the
prod
uct
The
orga
nisa
tion
shal
l rev
iew
the
requ
irem
ents
rela
ted
to
the
prod
uct.
This
revi
ew s
hall
be c
ondu
cted
prio
r to
the
orga
nisa
tion’
s co
mm
itmen
t to
supp
ly a
pro
duct
to th
e cu
stom
er (e
.g. s
ubm
issi
on o
f ten
ders
, acc
epta
nce
of
cont
ract
s or
ord
ers)
and
sha
ll en
sure
that
:
a) p
rodu
ct re
quire
men
ts a
re d
efin
ed
b) c
ontra
ct o
r ord
er re
quire
men
ts d
iffer
ing
from
thos
e pr
evio
usly
exp
ress
ed a
re re
solv
ed, a
nd
c) th
e or
gani
satio
n ha
s th
e ab
ility
to m
eet t
he d
efin
ed
requ
irem
ents
Rec
ords
of t
he re
sults
of t
he re
view
and
act
ions
aris
ing
from
the
revi
ew s
hall
be m
aint
aine
d
Whe
re th
e cu
stom
er p
rovi
des
no d
ocum
ente
d st
atem
ent
of re
quire
men
t, th
e cu
stom
er re
quire
men
ts s
hall
be
conf
irmed
by
the
orga
nisa
tion
befo
re a
ccep
tanc
e
Whe
re p
rodu
ct re
quire
men
ts a
re c
hang
ed, t
he
orga
nisa
tion
shal
l ens
ure
that
rele
vant
doc
umen
ts a
re
amen
ded
and
that
rele
vant
per
sonn
el a
re m
ade
awar
e of
th
e ch
ange
d re
quire
men
ts
5.2.
4 R
isk
Ass
essm
ent a
nd M
itiga
tion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
…
c) s
hall
ensu
re a
ppro
pria
te m
itiga
tion
of ri
sks
whe
re a
sses
smen
t has
sh
own
this
to b
e ne
cess
ary
due
to th
e sa
fety
sig
nific
ance
of t
he
chan
ge;
With
in ri
sk a
sses
smen
t and
miti
gatio
n, E
SA
RR
3 re
quire
s ap
prop
riate
miti
gatio
n of
risk
s.
ES
AR
R 4
has
dev
elop
ed th
at id
ea fu
rther
and
mad
e cl
ear t
hat
risk
miti
gatio
n sh
ould
be
base
d on
the
dete
rmin
atio
n of
a s
et o
f sa
fety
requ
irem
ents
. The
se s
afet
y re
quire
men
ts (s
omet
imes
kn
own
as “m
itiga
tion
mea
sure
s” to
o) a
re d
efen
ces
inte
nded
to
mee
t saf
ety
obje
ctiv
es a
nd re
duce
or e
limin
ate
risks
indu
ced
by
haza
rds.
Th
ose
are
addi
tiona
l req
uire
men
ts to
be
dete
rmin
ed b
y th
e or
gani
satio
n in
the
light
of t
he re
sults
of i
ts ri
sk a
sses
smen
t and
m
itiga
tion
proc
esse
s (in
line
with
bul
let d
. in
ISO
)
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, p
rovi
ded
that
: W
here
ver t
he u
se o
f ISO
is c
onsi
dere
d, a
ny IS
O-b
ased
de
term
inat
ion
(and
revi
ew) o
f req
uire
men
ts s
houl
d in
clud
e (e
xplic
itly)
the
dete
rmin
atio
n of
saf
ety
requ
irem
ents
(als
o kn
own
as m
itiga
tion
mea
sure
s) d
eriv
ed fr
om ri
sk
asse
ssm
ent a
nd m
itiga
tion
proc
esse
s.
7.2.
3 C
usto
mer
com
mun
icat
ion
The
orga
nisa
tion
shal
l det
erm
ine
and
impl
emen
t effe
ctiv
e ar
rang
emen
ts fo
r com
mun
icat
ing
with
cus
tom
ers
in
rela
tion
to:
No
sim
ilar r
equi
rem
ent i
n E
SA
RR
3
The
use
of th
ese
ISO
pro
visi
ons
may
add
ress
com
plem
enta
ry
aspe
cts
not t
ackl
ed in
ES
AR
R 3
.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 35
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t a)
pro
duct
info
rmat
ion
b) e
nqui
ries,
con
tract
s or
han
dlin
g, in
clud
ing
amen
dmen
ts,
and
c) c
usto
mer
feed
back
, inc
ludi
ng c
usto
mer
com
plai
nts
(see
pre
viou
s pa
ge)
(see
pre
viou
s pa
ge)
7.3
Des
ign
and
deve
lopm
ent
7.3.
1 D
esig
n an
d de
velo
pmen
t pla
nnin
g th
e or
gani
satio
n sh
all p
lan
and
cont
rol t
he d
esig
n an
d de
velo
pmen
t of p
rodu
ct.
Dur
ing
the
desi
gn a
nd d
evel
opm
ent p
lann
ing,
the
orga
nisa
tion
shal
l det
erm
ine:
a) th
e de
sign
and
dev
elop
men
t sta
ges
b) th
e re
view
, ver
ifica
tion
and
valid
atio
n th
at a
re
appr
opria
te to
eac
h de
sign
and
dev
elop
men
t sta
ge, a
nd
c) th
e re
spon
sibi
litie
s an
d au
thor
ities
for d
esig
n an
d de
velo
pmen
t
The
orga
nisa
tion
shal
l man
age
the
inte
rface
s be
twee
n di
ffere
nt g
roup
s in
volv
ed in
des
ign
and
deve
lopm
ent t
o en
sure
effe
ctiv
e co
mm
unic
atio
n an
d cl
ear a
ssig
nmen
t of
resp
onsi
bilit
y.
Pla
nnin
g ou
tput
sha
ll be
upd
ated
, as
appr
opria
te, a
s th
e de
sign
and
dev
elop
men
t pro
gres
ses.
5.2.
4. R
isk
Ass
essm
ent a
nd M
itiga
tion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
a) s
hall
ensu
re th
at ri
sk a
sses
smen
t and
miti
gatio
n is
con
duct
ed to
an
app
ropr
iate
leve
l to
ensu
re th
at d
ue c
onsi
dera
tion
is g
iven
to a
ll as
pect
s of
ATM
; b)
sha
ll en
sure
that
cha
nges
to th
e A
TM s
yste
m a
re a
sses
sed
for
thei
r saf
ety
sign
ifica
nce,
and
ATM
sys
tem
func
tions
are
cla
ssifi
ed
acco
rdin
g to
thei
r saf
ety
seve
rity;
c)
sha
ll en
sure
app
ropr
iate
miti
gatio
n of
risk
s w
here
ass
essm
ent h
as
show
n th
is to
be
nece
ssar
y du
e to
the
safe
ty s
igni
fican
ce o
f the
ch
ange
;
ES
AR
R 3
requ
ires
risk
asse
ssm
ent a
nd m
itiga
tion
and
refe
rs to
th
e ch
ange
s to
the
ATM
sys
tem
as
the
subj
ect f
or a
sses
smen
t (E
SA
RR
3, 5
.2.4
b).
ES
AR
R 4
has
dev
elop
ed th
at id
ea fu
rther
and
mad
e cl
ear t
hat
the
orga
nisa
tion
shou
ld c
ondu
ct ri
sk a
sses
smen
t and
miti
gatio
n fo
r any
cha
nges
to th
ose
parts
of t
he A
TM s
yste
m a
nd
supp
ortin
g se
rvic
es w
ithin
the
man
ager
ial c
ontro
l of t
he
orga
nisa
tion.
O
n th
e ot
her h
and,
ISO
incl
udes
pro
visi
ons
with
rega
rd to
“d
esig
n an
d de
velo
pmen
t” w
hich
is d
efin
ed a
s “a
set
of
proc
esse
s th
at tr
ansf
orm
s re
quire
men
ts in
to s
peci
fied
char
acte
ristic
s or
into
the
spec
ifica
tion
of a
pro
duct
, pro
cess
or
syst
em”.
The
outc
ome
of d
esig
n an
d de
velo
pmen
t will
nor
mal
ly in
volv
e pr
opos
als
for c
hang
es to
the
ATM
sys
tem
. The
refo
re, p
aral
lel
risk
asse
ssm
ent a
nd m
itiga
tion
will
nee
d to
be
cond
ucte
d in
as
soci
atio
n w
ith d
esig
n an
d de
velo
pmen
t.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.4
, pro
vide
d th
at:
Whe
neve
r the
use
of I
SO is
con
side
red,
the
ISO
-bas
ed
desi
gn a
nd d
evel
opm
ent p
lann
ing
shou
ld in
clud
e (e
xplic
itly)
the
plan
ning
of r
isk
asse
ssm
ent a
nd m
itiga
tion
in re
gard
to a
ny a
ssoc
iate
d ch
ange
s to
the
ATM
sys
tem
.
(N
OTE
: ES
AR
R 4
pro
vide
s m
ore
deta
iled
requ
irem
ents
with
re
gard
to ri
sk a
sses
smen
t and
miti
gatio
n. F
ull c
ompl
ianc
e w
ith
ES
AR
R 4
may
invo
lve
addi
tiona
l asp
ects
whe
n us
ing
ISO
)
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 36
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 7.
3.2
Des
ign
and
deve
lopm
ent i
nput
s In
puts
rela
ted
to p
rodu
ct re
quire
men
ts s
hall
be d
eter
min
ed
and
reco
rds
mai
ntai
ned.
The
se in
puts
sha
ll in
clud
e:
a) fu
nctio
nal a
nd p
erfo
rman
ce re
quire
men
ts
b) a
pplic
able
sta
tuto
ry a
nd re
gula
tory
requ
irem
ents
c) w
here
app
licab
le, i
nfor
mat
ion
deriv
ed fr
om p
revi
ous
sim
ilar d
esig
ns, a
nd
d) o
ther
requ
irem
ents
ess
entia
l for
des
ign
and
deve
lopm
ent
Thes
e in
puts
sha
ll be
revi
ewed
for a
dequ
acy.
R
equi
rem
ents
sha
ll be
com
plet
e, u
nam
bigu
ous
and
not i
n co
nflic
t with
eac
h ot
her.
5.2.
4. R
isk
Ass
essm
ent a
nd M
itiga
tion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
a) s
hall
ensu
re th
at ri
sk a
sses
smen
t and
miti
gatio
n is
con
duct
ed to
an
app
ropr
iate
leve
l to
ensu
re th
at d
ue c
onsi
dera
tion
is g
iven
to a
ll as
pect
s of
ATM
;
ES
AR
R 3
requ
ires
risk
asse
ssm
ent a
nd m
itiga
tion
and
refe
rs to
th
e ne
ed to
ens
ure
that
due
con
side
ratio
n is
giv
en to
all
aspe
cts
of A
TM (E
SA
RR
3, 5
.2.4
a)
ES
AR
R 4
has
dev
elop
ed th
at id
ea fu
rther
and
mad
e cl
ear t
hat
risk
asse
ssm
ent a
nd m
itiga
tion
shou
ld in
volv
e a
dete
rmin
atio
n of
the
scop
e, b
ound
arie
s an
d in
terfa
ces,
as
wel
l as
an
iden
tific
atio
n of
func
tions
to b
e pe
rform
ed a
nd th
e en
viro
nmen
t of
ope
ratio
ns. T
hose
are
inpu
ts to
be
norm
ally
con
side
red
in
any
risk
asse
ssm
ent a
nd m
itiga
tion
proc
ess.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.4
, pro
vide
d th
at:
Whe
neve
r the
use
of I
SO is
con
side
red,
the
ISO
-bas
ed
desi
gn a
nd d
evel
opm
ent i
nput
s sh
ould
iden
tify
(exp
licitl
y)
the
inpu
ts n
eede
d to
con
duct
risk
ass
essm
ent a
nd
miti
gatio
n w
ith re
gard
to a
ny a
ssoc
iate
d ch
ange
s to
the
ATM
sys
tem
.
(N
OTE
: Ful
l com
plia
nce
with
ES
AR
R 4
may
invo
lve
addi
tiona
l as
pect
s w
hen
usin
g IS
O)
7.3.
3 D
esig
n an
d de
velo
pmen
t out
puts
Th
e ou
tput
s of
des
ign
and
deve
lopm
ent s
hall
be p
rovi
ded
in a
form
that
ena
bles
ver
ifica
tion
agai
nst t
he d
esig
n an
d de
velo
pmen
t inp
ut a
nd s
hall
be a
ppro
ved
prio
r to
rele
ase.
D
esig
n an
d de
velo
pmen
t out
puts
sha
ll:
a) m
eet t
he in
put r
equi
rem
ents
for d
esig
n an
d de
velo
pmen
t
b) p
rovi
de a
ppro
pria
te in
form
atio
n fo
r pur
chas
ing,
pr
oduc
tion
and
for s
ervi
ce p
rovi
sion
c) c
onta
in o
r ref
eren
ce p
rodu
ct a
ccep
tanc
e cr
iteria
d) s
peci
fy th
e ch
arac
teris
tics
of th
e pr
oduc
t tha
t are
es
sent
ial f
or it
s sa
fe a
nd p
rope
r use
.
5.2.
4. R
isk
Ass
essm
ent a
nd M
itiga
tion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
…
c) s
hall
ensu
re a
ppro
pria
te m
itiga
tion
of ri
sks
whe
re a
sses
smen
t has
sh
own
this
to b
e ne
cess
ary
due
to th
e sa
fety
sig
nific
ance
of t
he
chan
ge;
With
in ri
sk a
sses
smen
t and
miti
gatio
n, E
SA
RR
3 re
quire
s ap
prop
riate
miti
gatio
n of
risk
s.
ES
AR
R 4
mak
es c
lear
that
risk
miti
gatio
n sh
ould
be
base
d on
th
e de
term
inat
ion
of s
afet
y re
quire
men
ts (m
itiga
tion
mea
sure
s).
Thos
e ou
tput
s ob
tain
ed fr
om th
e ris
k as
sess
men
t and
m
itiga
tion
proc
ess
shou
ld n
orm
ally
be
rela
ted
to th
e ou
tput
s id
entif
ied
by IS
O (t
he fo
ur b
ulle
ts li
sted
) if a
n IS
O-b
ased
ap
proa
ch is
use
d.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.4
, pro
vide
d th
at:
Whe
reve
r the
use
of I
SO is
con
side
red,
the
ISO
-bas
ed
desi
gn a
nd d
evel
opm
ent o
utpu
ts s
houl
d id
entif
y (e
xplic
itly)
th
e ou
tput
s fr
om ri
sk a
sses
smen
t and
miti
gatio
n un
dert
aken
in re
gard
to a
ny a
ssoc
iate
d ch
ange
s to
the
ATM
sys
tem
(not
ably
the
safe
ty re
quire
men
ts).
(NO
TE: F
ull c
ompl
ianc
e w
ith E
SA
RR
4 m
ay in
volv
e ad
ditio
nal
aspe
cts
whe
n us
ing
ISO
)
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 37
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 7.
3.4
Des
ign
and
deve
lopm
ent r
evie
w
At s
uita
ble
stag
es, s
yste
mat
ic re
view
s of
des
ign
and
deve
lopm
ent s
hall
be p
erfo
rmed
in a
ccor
danc
e w
ith
plan
ned
arra
ngem
ents
a) to
eva
luat
e th
e ab
ility
of t
he re
sults
of d
esig
n, a
nd
b) to
iden
tify
any
prob
lem
s an
d pr
opos
e ne
cess
ary
actio
ns
Par
ticip
ants
in s
uch
revi
ews
shal
l inc
lude
repr
esen
tativ
es
of fu
nctio
ns c
once
rned
with
the
desi
gn a
nd d
evel
opm
ent
stag
e(s)
bei
ng re
view
ed. R
ecor
ds o
f the
resu
lts o
f the
re
view
s an
d an
y ne
cess
ary
actio
ns s
hall
be m
aint
aine
d
7.3.
5 D
esig
n an
d de
velo
pmen
t ver
ifica
tion
Ver
ifica
tion
shal
l be
perfo
rmed
in a
ccor
danc
e w
ith p
lann
ed
arra
ngem
ents
to e
nsur
e th
at th
e de
sign
and
dev
elop
men
t ou
tput
s ha
ve m
et th
e de
sign
and
dev
elop
men
t inp
ut
requ
irem
ents
. Rec
ords
of t
he re
sults
of t
he v
erifi
catio
n an
d an
y ne
cess
ary
actio
ns s
hall
be m
aint
aine
d.
7.3.
6 D
esig
n an
d de
velo
pmen
t val
idat
ion
Des
ign
and
deve
lopm
ent v
alid
atio
n sh
all b
e pe
rform
ed in
ac
cord
ance
with
pla
nned
arr
ange
men
ts to
ens
ure
that
the
resu
lting
pro
duct
is c
apab
le o
f mee
ting
the
requ
irem
ents
fo
r the
spe
cifie
d ap
plic
atio
n or
inte
nded
use
, whe
re
know
n. W
here
ver p
ract
icab
le, v
alid
atio
n sh
all b
e co
mpl
eted
prio
r to
the
deliv
ery
or im
plem
enta
tion
of th
e pr
oduc
t. R
ecor
ds o
f the
resu
lts o
f val
idat
ion
and
any
nece
ssar
y ac
tions
sha
ll be
mai
ntai
ned.
No
spec
ific
ES
AR
R 3
requ
irem
ents
add
ress
the
revi
ew, v
erifi
catio
n an
d va
lidat
ion
step
s sp
ecifi
cally
rela
ted
to ri
sk a
sses
smen
t and
m
itiga
tion
or d
esig
n an
d de
velo
pmen
t pro
cess
es.
The
use
of
thes
e IS
O
prov
isio
ns
can
supp
ort
the
impl
emen
tatio
n of
ES
AR
R 3
, 5.2
.4.
(NO
TE: E
SA
RR
4 p
rovi
des
mor
e de
taile
d re
quire
men
ts w
ith
rega
rd to
risk
ass
essm
ent a
nd m
itiga
tion.
Ful
l com
plia
nce
with
E
SA
RR
4 m
ay in
volv
e ad
ditio
nal a
spec
ts w
hen
usin
g IS
O.
(e.g
. ES
AR
R 4
requ
ires
risk
asse
ssm
ent a
nd m
itiga
tion
proc
esse
s to
incl
ude
verif
icat
ion
that
all
iden
tifie
d sa
fety
ob
ject
ives
and
requ
irem
ents
hav
e be
en m
et. W
here
ver t
he u
se
of IS
O is
con
side
red,
ISO
bas
ed re
view
, ver
ifica
tion
and
valid
atio
n sh
ould
con
side
r thi
s E
SA
RR
4 re
quire
men
t)
7.3.
7 C
ontr
ol o
f des
ign
and
deve
lopm
ent c
hang
es
Des
ign
and
deve
lopm
ent c
hang
es s
hall
be id
entif
ied
and
reco
rds
mai
ntai
ned.
The
cha
nges
sha
ll be
revi
ewed
, ve
rifie
d an
d va
lidat
ed, a
s ap
prop
riate
, and
app
rove
d be
fore
impl
emen
tatio
n. T
he re
view
of d
esig
n an
d de
velo
pmen
t cha
nges
sha
ll in
clud
e ev
alua
tion
of th
e ef
fect
of
the
chan
ges
on c
onst
ituen
t par
ts a
nd p
rodu
cts
alre
ady
deliv
ered
Rec
ords
of t
he re
sults
of t
he re
view
of c
hang
es a
nd a
ny
nece
ssar
y ac
tions
sha
ll be
mai
ntai
ned
5.3.
4. R
isk
Ass
essm
ent a
nd M
itiga
tion
Doc
umen
tatio
n (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at th
e re
sults
and
con
clus
ions
of t
he ri
sk a
sses
smen
t an
d m
itiga
tion
proc
ess
of a
new
or c
hang
ed s
afet
y si
gnifi
cant
sys
tem
ar
e sp
ecifi
cally
doc
umen
ted,
and
that
this
doc
umen
tatio
n is
m
aint
aine
d th
roug
hout
the
life
of th
e sy
stem
.
ES
AR
R 3
req
uire
s sp
ecifi
c do
cum
enta
tion
of t
he r
esul
ts f
rom
ris
k as
sess
men
t and
miti
gatio
n pr
oces
ses.
Th
e co
mpa
rison
co
nduc
ted
abov
e co
nclu
ded
that
ris
k as
sess
men
t an
d m
itiga
tion
need
s to
be
spec
ifica
lly a
ddre
ssed
w
ithin
the
use
of
ISO
-bas
ed d
esig
n an
d de
velo
pmen
t. Th
e do
cum
enta
tion
rela
ted
need
s to
be
addr
esse
d sp
ecifi
cally
too.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.4
, 5.3
.4, p
rovi
ded
that
: W
here
ver t
he u
se o
f ISO
is c
onsi
dere
d, th
e co
ntro
l of
desi
gn a
nd d
evel
opm
ent s
houl
d in
clud
e sp
ecifi
c do
cum
enta
tion
to p
rese
nt th
e re
sults
and
con
clus
ions
of
the
risk
asse
ssm
ent a
nd m
itiga
tion
rela
ted
to a
ssoc
iate
d ch
ange
s to
the
ATM
sys
tem
7.4
Purc
hasi
ng
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 38
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 7.
4.1
Purc
hasi
ng p
roce
ss
The
orga
nisa
tion
shal
l ens
ure
that
pur
chas
ed p
rodu
ct
conf
orm
s to
spe
cifie
d pu
rcha
se re
quire
men
ts. T
he ty
pe
and
exte
nt o
f con
trol a
pplie
d to
the
supp
lier a
nd th
e pu
rcha
sed
prod
uct s
hall
be d
epen
dent
upo
n th
e ef
fect
of
the
purc
hase
d pr
oduc
t on
subs
eque
nt p
rodu
ct re
alis
atio
n or
the
final
pro
duct
The
orga
nisa
tion
shal
l eva
luat
e an
d se
lect
sup
plie
rs
base
d on
thei
r abi
lity
to s
uppl
y pr
oduc
t in
acco
rdan
ce w
ith
the
orga
nisa
tion’
s re
quire
men
ts. C
riter
ia fo
r sel
ectio
n,
eval
uatio
n an
d re
-eva
luat
ion
shal
l be
esta
blis
hed.
Rec
ords
of
the
resu
lts o
f eva
luat
ions
and
any
nec
essa
ry a
ctio
ns
aris
ing
from
the
eval
uatio
n sh
all b
e m
aint
aine
d
7.4.
2 Pu
rcha
sing
info
rmat
ion
Pur
chas
ing
info
rmat
ion
shal
l des
crib
e th
e pr
oduc
t to
be
purc
hase
d in
clud
ing
whe
re a
ppro
pria
te:
a) re
quire
men
ts fo
r app
rova
l of p
rodu
ct, p
roce
dure
s,
proc
esse
s an
d eq
uipm
ent
b) re
quire
men
ts fo
r qua
lific
atio
n of
per
sonn
el, a
nd
c) Q
MS
requ
irem
ents
The
orga
nisa
tion
shal
l ens
ure
the
adeq
uacy
of s
peci
fied
purc
hase
requ
irem
ents
prio
r to
thei
r com
mun
icat
ion
to th
e su
pplie
r.
7.4.
3 Ve
rific
atio
n of
pur
chas
ed p
rodu
ct
The
orga
nisa
tion
shal
l est
ablis
h an
d im
plem
ent t
he
insp
ectio
n or
oth
er a
ctiv
ities
nee
ded
for e
nsur
ing
that
pu
rcha
sed
prod
uct m
eets
spe
cifie
d pu
rcha
se
requ
irem
ents
Whe
re th
e or
gani
satio
n or
its
cust
omer
inte
nds
to p
erfo
rm
verif
icat
ion
at th
e su
pplie
r’s p
rem
ises
, the
org
anis
atio
n sh
all s
tate
the
inte
nded
ver
ifica
tion
arra
ngem
ents
and
m
etho
d of
pro
duct
rele
ase
in th
e pu
rcha
sing
info
rmat
ion.
5.2.
6 Ex
tern
al S
ervi
ces
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
adeq
uate
and
sat
isfa
ctor
y ju
stifi
catio
n of
the
safe
ty o
f th
e ex
tern
ally
pro
vide
d se
rvic
es, h
avin
g re
gard
to th
eir s
afet
y si
gnifi
canc
e w
ithin
the
prov
isio
n of
the
ATM
ser
vice
. To
not
e th
e de
finiti
on o
f Ext
erna
l Ser
vice
s in
clud
ed in
ES
AR
R 3
, A
ppen
dix
A:
Ext
erna
l Ser
vice
s –
All
mat
eria
l and
non
-mat
eria
l sup
plie
s an
d se
rvic
es, w
hich
are
del
iver
ed b
y an
y or
gani
satio
n no
t cov
ered
by
the
ATM
ser
vice
pro
vide
r’s S
MS
.
The
ES
AR
R 3
def
initi
on o
f “E
xter
nal
Ser
vice
s” i
s w
ide
and
may
incl
ude
vario
us t
ypes
of
exte
rnal
inpu
ts.
Som
e po
ssib
le
exam
ples
: -
Ser
vice
s pr
ovid
ed b
y ex
tern
al o
rgan
isat
ions
(e.g
. CN
S,
ME
T, A
IS, t
elec
om, p
ower
sup
ply,
fire
-figh
ting,
etc
), -
Pro
cure
men
t of e
quip
men
t, -
Ope
ratio
nal i
nput
s fro
m a
djac
ent s
ecto
rs, r
adar
da
ta fr
om o
ther
org
anis
atio
ns, e
tc, e
tc.
Th
e IS
O a
ppro
ach,
bas
ed o
n go
od p
rocu
rem
ent p
ract
ices
, ap
pear
s ef
fect
ive
as a
mea
ns to
dea
l with
thos
e si
tuat
ions
in
whi
ch e
xter
nal s
uppl
iers
can
be
sele
cted
. H
owev
er, t
he u
se o
f ext
erna
l ser
vice
s in
ATM
may
invo
lve
som
e si
tuat
ions
whe
re th
ere
are
no o
ptio
ns a
nd e
xter
nal i
nput
s ne
ed to
be
used
as
the
only
pos
sibl
e on
es.
As
expl
aine
d in
EA
M3/
GU
I1 (E
SA
RR
3 G
uida
nce
Mat
eria
l), in
th
ose
situ
atio
ns a
ny e
xter
nal i
nput
(pro
duct
, ser
vice
, in
form
atio
n, e
tc) c
an b
e m
anag
ed th
roug
h a
risk
asse
ssm
ent
and
miti
gatio
n ap
proa
ch. A
pro
cess
sho
uld
iden
tify
the
haza
rds
asso
ciat
ed w
ith th
e in
put a
nd e
nsur
e th
at th
eir r
isk
is m
itiga
ted
to a
tole
rabl
e le
vel.
App
ropr
iate
miti
gatio
n m
easu
res
coul
d in
clud
e te
chni
ques
suc
h as
mon
itorin
g, re
dund
ancy
, ope
ratio
nal
or c
ontin
genc
y pr
oced
ures
, etc
, etc
.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.6
, pro
vide
d th
at:
Whe
reve
r the
use
of I
SO is
con
side
red,
com
plem
enta
ry
arra
ngem
ents
are
put
in p
lace
to d
eal w
ith th
ose
situ
atio
ns
in w
hich
ext
erna
l sup
plie
rs c
an n
ot b
e se
lect
ed. T
hose
ad
ditio
nal a
rran
gem
ents
sho
uld
norm
ally
be
base
d on
a
risk-
base
d ap
proa
ch.
7.5
Prod
uctio
n an
d se
rvic
es p
rovi
sion
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 39
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 7.
5.1
Con
trol
of p
rodu
ctio
n an
d se
rvic
e pr
ovis
ion
The
orga
nisa
tion
shal
l pla
n an
d ca
rry
out p
rodu
ctio
n an
d se
rvic
e pr
ovis
ion
unde
r con
trolle
d co
nditi
ons.
Con
trolle
d co
nditi
ons
shal
l inc
lude
as
appl
icab
le:
a) th
e av
aila
bilit
y of
info
rmat
ion
that
des
crib
es th
e ch
arac
teris
tics
of th
e pr
oduc
t
b) th
e av
aila
bilit
y of
wor
k in
stru
ctio
ns a
s ne
cess
ary
c) th
e us
e of
sui
tabl
e eq
uipm
ent
d) th
e av
aila
bilit
y an
d us
e of
mon
itorin
g an
d m
easu
ring
devi
ces
e) th
e im
plem
enta
tion
of m
onito
ring
and
mea
sure
men
t, an
d
f) th
e im
plem
enta
tion
of re
leas
e, d
eliv
ery
and
post
-del
iver
y ac
tiviti
es
7.5.
2 Va
lidat
ion
of p
roce
sses
for p
rodu
ctio
n an
d se
rvic
e pr
ovis
ion
The
orga
nisa
tion
shal
l val
idat
e an
y pr
oces
ses
and
serv
ice
prov
isio
n w
here
the
resu
lting
out
put c
anno
t be
verif
ied
by
subs
eque
nt m
onito
ring
or m
easu
rem
ent.
This
incl
udes
an
y pr
oces
ses
whe
re d
efic
ienc
ies
beco
me
appa
rent
onl
y af
ter t
he p
rodu
ct is
in u
se o
r the
ser
vice
has
bee
n de
liver
ed
Val
idat
ion
shal
l dem
onst
rate
the
abili
ty o
f the
se p
roce
sses
to
ach
ieve
pla
nned
resu
lts
The
orga
nisa
tion
shal
l est
ablis
h ar
rang
emen
ts fo
r the
se
proc
esse
s in
clud
ing,
as
appl
icab
le:
a) d
efin
ed c
riter
ia fo
r rev
iew
and
app
rova
l of t
he
proc
esse
s
b) a
ppro
val o
f equ
ipm
ent a
nd q
ualif
icat
ion
of p
erso
nnel
c) u
se o
f spe
cific
met
hods
and
pro
cedu
res
d) re
quire
men
ts fo
r rec
ords
and
e) re
valid
atio
n
No
spec
ific
ES
AR
R 3
requ
irem
ents
add
ress
exp
licitl
y th
e m
eans
to
cont
rol o
r val
idat
e th
e pr
oces
ses
for s
ervi
ce p
rovi
sion
(tha
t is
to s
ay,
the
mea
ns to
con
trol o
r val
idat
e th
e A
TM o
pera
tiona
l pro
cedu
res)
H
owev
er, t
o no
te th
at:
5.2.
4 R
isk
Ass
essm
ent a
nd M
itiga
tion
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
a) s
hall
ensu
re th
at ri
sk a
sses
smen
t and
miti
gatio
n is
con
duct
ed to
an
app
ropr
iate
leve
l to
ensu
re th
at d
ue c
onsi
dera
tion
is g
iven
to a
ll as
pect
s of
ATM
; …
c)
sha
ll en
sure
app
ropr
iate
miti
gatio
n of
risk
s w
here
ass
essm
ent h
as
show
n th
is to
be
nece
ssar
y du
e to
the
safe
ty s
igni
fican
ce o
f the
ch
ange
;.
The
appr
oach
pro
pose
d by
IS
O c
ould
be
used
in
the
risk
asse
ssm
ent
and
miti
gatio
n pr
oces
ses
cond
ucte
d as
reg
ards
A
TM o
pera
tiona
l pro
cedu
res.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.2.4
, with
rega
rd to
ATM
op
erat
iona
l pro
cedu
res,
pro
vide
d th
at:
Whe
reve
r the
use
of I
SO is
con
side
red,
the
valid
atio
n of
pr
oces
ses
for s
ervi
ce p
rovi
sion
sho
uld
(exp
licitl
y) in
clud
e ap
prop
riate
risk
ass
essm
ent a
nd m
itiga
tion
activ
ities
.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 40
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 7.
5.3
Iden
tific
atio
n an
d tr
acea
bilit
y W
here
app
ropr
iate
the
orga
nisa
tion
shal
l ide
ntify
the
prod
uct b
y su
itabl
e m
eans
thro
ugho
ut p
rodu
ct re
alis
atio
n
The
orga
nisa
tion
shal
l ide
ntify
the
prod
uct s
tatu
s w
ith
resp
ect t
o m
onito
ring
and
mea
sure
men
t req
uire
men
ts
Whe
re tr
acea
bilit
y is
a re
quire
men
t, th
e or
gani
satio
n sh
all
cont
rol a
nd re
cord
the
uniq
ue id
entif
icat
ion
of th
e pr
oduc
t
5.3.
3. S
afet
y R
ecor
ds
(with
in th
e op
erat
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
that
saf
ety
reco
rds
are
mai
ntai
ned
thro
ugho
ut th
e S
MS
op
erat
ion
as a
bas
is fo
r pro
vidi
ng s
afet
y as
sura
nce
to a
ll as
soci
ated
w
ith, r
espo
nsib
le fo
r or d
epen
dent
upo
n th
e se
rvic
es p
rovi
ded,
and
to
the
safe
ty re
gula
tory
aut
horit
y;
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, 5
.3.3
, 5.3
.4.
7.5.
4 C
usto
mer
pro
pert
y Th
e or
gani
satio
n sh
all e
xerc
ise
care
with
cus
tom
er
prop
erty
whi
le it
is u
nder
the
orga
nisa
tion’
s co
ntro
l or
bein
g us
ed b
y th
e or
gani
satio
n. T
he o
rgan
isat
ion
shal
l id
entif
y, v
erify
, pro
tect
and
saf
egua
rd c
usto
mer
pro
perty
pr
ovid
ed fo
r use
or i
ncor
pora
tion
into
the
prod
uct.
If an
y cu
stom
er p
rope
rty is
lost
, dam
aged
or o
ther
wis
e fo
und
to
be u
nsui
tabl
e fo
r use
, thi
s sh
all b
e re
porte
d to
the
cust
omer
and
reco
rds
mai
ntai
ned.
No
spec
ific
ES
AR
R 3
requ
irem
ents
add
ress
exp
licitl
y th
is is
sue
The
use
of th
ese
ISO
pro
visi
ons
may
add
ress
com
plem
enta
ry
aspe
cts
not t
ackl
ed in
ES
AR
R 3
.
7.5.
5 Pr
eser
vatio
n of
pro
duct
Th
e or
gani
satio
n sh
all p
rese
rve
the
conf
orm
ity o
f pro
duct
du
ring
inte
rnal
pro
cess
ing
and
deliv
ery
to th
e in
tend
ed
dest
inat
ion.
Thi
s pr
eser
vatio
n sh
all i
nclu
de id
entif
icat
ion,
ha
ndlin
g, p
acka
ging
, sto
rage
and
pro
tect
ion.
Pre
serv
atio
n sh
all a
lso
appl
y to
the
cons
titue
nt p
arts
of t
he p
rodu
ct.
No
spec
ific
ES
AR
R 3
requ
irem
ents
add
ress
exp
licitl
y th
is is
sue
The
use
of th
ese
ISO
pro
visi
ons
may
add
ress
com
plem
enta
ry
aspe
cts
not t
ackl
ed in
ES
AR
R 3
.
7.6
Con
trol
of m
onito
ring
and
mea
surin
g de
vice
s Th
e or
gani
satio
n sh
all d
eter
min
e th
e m
onito
ring
and
mea
sure
men
t und
erta
ken
and
the
mon
itorin
g an
d m
easu
ring
devi
ces
need
ed to
pro
vide
evi
denc
e of
co
nfor
mity
of p
rodu
ct to
det
erm
ined
requ
irem
ents
.
The
orga
nisa
tion
shal
l est
ablis
h pr
oces
ses
to e
nsur
e th
at
mon
itorin
g an
d m
easu
rem
ent c
an b
e ca
rrie
d ou
t and
are
ca
rrie
d ou
t in
a m
anne
r tha
t is
cons
iste
nt w
ith th
e m
onito
ring
and
mea
sure
men
t req
uire
men
ts
5.3.
2 Sa
fety
Mon
itorin
g (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at m
etho
ds a
re in
pla
ce to
det
ect c
hang
es in
sys
tem
s or
ope
ratio
ns w
hich
may
sug
gest
any
ele
men
t is
appr
oach
ing
a po
int
at w
hich
acc
epta
ble
stan
dard
s of
saf
ety
can
no lo
nger
be
met
, and
th
at c
orre
ctiv
e ac
tion
is ta
ken.
Equ
ival
ent s
tate
men
ts
To n
ote
the
need
for a
n ex
plic
it m
onito
ring
of s
afet
y.
Whe
re n
eces
sary
to e
nsur
e va
lid re
sults
, mea
surin
g eq
uipm
ent s
hall:
a) b
e ca
libra
ted
or v
erifi
ed a
t spe
cial
inte
rval
s, o
r prio
r to
use,
aga
inst
mea
sure
men
t sta
ndar
ds tr
acea
ble
to
inte
rnat
iona
l or n
atio
nal m
easu
rem
ent s
tand
ards
; whe
re
no s
uch
stan
dard
s ex
ist,
the
basi
s us
ed fo
r cal
ibra
tion
or
verif
icat
ion
shal
l be
reco
rded
.
b) b
e ad
just
ed o
r re-
adju
sted
as
nece
ssar
y
5.3.
2 Sa
fety
Mon
itorin
g (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at m
etho
ds a
re in
pla
ce to
det
ect c
hang
es in
sys
tem
s or
ope
ratio
ns w
hich
may
sug
gest
any
ele
men
t is
appr
oach
ing
a po
int
at w
hich
acc
epta
ble
stan
dard
s of
saf
ety
can
no lo
nger
be
met
, and
th
at c
orre
ctiv
e ac
tion
is ta
ken.
To n
ote
that
the
expr
essi
on “m
etho
ds” i
n E
SA
RR
3 c
ould
em
bed
the
actio
ns li
sted
by
ISO
in re
gard
to m
easu
ring
equi
pmen
t.
The
use
of th
ese
ISO
pro
visi
ons
may
add
ress
com
plem
enta
ry
aspe
cts
not t
ackl
ed in
ES
AR
R 3
.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 41
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t c)
be
iden
tifie
d to
ena
ble
the
calib
ratio
n st
atus
to b
e de
term
ined
d) b
e sa
fegu
arde
d fro
m a
djus
tmen
ts th
at w
ould
inva
lidat
e th
e m
easu
rem
ent r
esul
t
e) b
e pr
otec
ted
from
dam
age
and
dete
riora
tion
durin
g ha
ndlin
g, m
aint
enan
ce a
nd s
tora
ge
In a
dditi
on th
e or
gani
satio
n sh
all a
sses
s an
d re
cord
the
valid
ity o
f the
pre
viou
s m
easu
ring
resu
lts w
hen
the
equi
pmen
t is
foun
d no
t to
conf
orm
to re
quire
men
ts. T
he
orga
nisa
tion
shal
l tak
e ap
prop
riate
act
ion
on th
e eq
uipm
ent a
nd a
ny p
rodu
ct a
ffect
ed. R
ecor
ds o
f the
re
sults
of c
alib
ratio
n sh
all b
e m
aint
aine
d
Whe
n us
ed in
the
mon
itorin
g an
d m
easu
rem
ent o
f sp
ecifi
ed re
quire
men
ts, t
he a
bilit
y of
com
pute
r sof
twar
e to
sa
tisfy
the
inte
nded
app
licat
ion
shal
l be
conf
irmed
. Thi
s sh
all b
e un
derta
ken
prio
r to
initi
al u
se a
nd re
conf
irmed
as
nece
ssar
y
(see
pre
viou
s pa
ge)
(see
pre
viou
s pa
ge)
8.1
Mea
sure
men
t, A
naly
sis
and
Impr
ovem
ent (
Gen
eral
) Th
e or
gani
satio
n sh
all p
lan
and
impl
emen
t the
mon
itorin
g,
mea
sure
men
t, an
alys
is a
nd im
prov
emen
t pro
cess
es
need
ed
a) to
dem
onst
rate
con
form
ity o
f the
pro
duct
b) to
ens
ure
conf
orm
ity o
f the
QM
S
c) T
o co
ntin
ually
impr
ove
the
effe
ctiv
enes
s of
the
QM
S
This
sha
ll in
clud
e de
term
inat
ion
of a
pplic
able
met
hods
, in
clud
ing
stat
istic
al te
chni
ques
, and
the
exte
nt o
f the
ir us
e.
5.3.
1. S
afet
y Su
rvey
s (w
ithin
the
prov
isio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at s
afet
y su
rvey
s ar
e ca
rrie
d ou
t as
a m
atte
r of r
outin
e,
to re
com
men
d im
prov
emen
ts w
here
nee
ded,
to p
rovi
de a
ssur
ance
to
man
ager
s of
the
safe
ty o
f act
iviti
es w
ithin
thei
r are
as a
nd to
con
firm
co
nfor
man
ce w
ith a
pplic
able
par
ts o
f the
ir S
afet
y M
anag
emen
t S
yste
ms.
5.
3.2.
Saf
ety
Mon
itorin
g (w
ithin
the
prov
isio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at m
etho
ds a
re in
pla
ce to
det
ect c
hang
es in
sys
tem
s or
ope
ratio
ns w
hich
may
sug
gest
any
ele
men
t is
appr
oach
ing
a po
int
at w
hich
acc
epta
ble
stan
dard
s of
saf
ety
can
no lo
nger
be
met
, and
th
at c
orre
ctiv
e ac
tion
is ta
ken.
5.
4.2.
Saf
ety
Impr
ovem
ent
(with
in th
e pr
ovis
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
…
b) s
hall
ensu
re th
at c
hang
es a
re m
ade
to im
prov
e sa
fety
whe
re th
ey
appe
ar n
eede
d.
Equ
ival
ent s
tate
men
ts
To n
ote
the
need
for e
xplic
it m
onito
ring,
ana
lysi
s an
d im
prov
emen
t with
rega
rd to
saf
ety.
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 42
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 8.
2 M
onito
ring
and
mea
sure
men
t
8.2.
1 C
usto
mer
sat
isfa
ctio
n A
s on
e of
the
mea
sure
men
ts o
f per
form
ance
of t
he Q
MS
, th
e or
gani
satio
n sh
all m
onito
r inf
orm
atio
n re
latin
g to
cu
stom
er p
erce
ptio
n as
to w
heth
er th
e or
gani
satio
n ha
s m
et c
usto
mer
requ
irem
ents
. The
met
hods
for o
btai
ning
an
d us
ing
this
info
rmat
ion
shal
l be
dete
rmin
ed
No
spec
ific
ES
AR
R 3
requ
irem
ents
add
ress
exp
licitl
y th
is is
sue
The
use
of th
ese
ISO
pro
visi
ons
may
add
ress
com
plem
enta
ry
aspe
cts
not t
ackl
ed in
ES
AR
R 3
.
8.2.
2 In
tern
al a
udit
The
orga
nisa
tion
shal
l con
duct
inte
rnal
aud
its a
t pla
nned
in
terv
als
to d
eter
min
e w
heth
er th
e Q
MS
sys
tem
:
a) c
onfo
rms
to th
e pl
anne
d ar
rang
emen
ts (s
ee 7
.1),
to th
e re
quire
men
ts o
f thi
s In
tern
atio
nal S
tand
ard
and
to th
e Q
MS
requ
irem
ents
est
ablis
hed
by th
e or
gani
satio
n, a
nd
b) is
effe
ctiv
ely
impl
emen
ted
and
mai
ntai
ned
An
audi
t pro
gram
me
shal
l be
plan
ned,
taki
ng in
to
cons
ider
atio
n th
e st
atus
and
impo
rtanc
e of
the
proc
esse
s an
d ar
eas
to b
e au
dite
d, a
s w
ell a
s th
e re
sults
of p
revi
ous
audi
ts. T
he a
udit
crite
ria, s
cope
, fre
quen
cy a
nd m
etho
ds
shal
l be
defin
ed. S
elec
tion
of a
udito
rs a
nd c
ondu
ct o
f au
dits
sha
ll en
sure
obj
ectiv
ity a
nd im
parti
ality
of t
he a
udit
proc
ess.
Aud
itors
sha
ll no
t aud
it th
eir o
wn
wor
k.
The
resp
onsi
bilit
ies
and
requ
irem
ents
for p
lann
ing
and
cond
uctin
g au
dits
, and
for r
epor
ting
resu
lts a
nd
mai
ntai
ning
reco
rds
shal
l be
defin
ed in
a d
ocum
ente
d pr
oced
ure.
The
man
agem
ent r
espo
nsib
le fo
r the
are
a be
ing
audi
ted
shal
l ens
ure
that
act
ions
are
take
n w
ithou
t und
ue d
elay
to
elim
inat
e de
tect
ed n
on-c
onfo
rmiti
es a
nd th
eir c
ause
s.
Follo
w-u
p ac
tiviti
es s
hall
incl
ude
the
verif
icat
ion
of th
e ac
tions
take
n an
d th
e re
porti
ng o
f ver
ifica
tion
resu
lts (s
ee
8.5.
2)
5.3.
1. S
afet
y Su
rvey
s (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at s
afet
y su
rvey
s ar
e ca
rrie
d ou
t as
a m
atte
r of r
outin
e,
to re
com
men
d im
prov
emen
ts w
here
nee
ded,
to p
rovi
de a
ssur
ance
to
man
ager
s of
the
safe
ty o
f act
iviti
es w
ithin
thei
r are
as a
nd to
con
firm
co
nfor
man
ce w
ith a
pplic
able
par
ts o
f the
ir S
afet
y M
anag
emen
t S
yste
ms.
EA
M3/
GU
I1 (E
SA
RR
3 G
uida
nce
Mat
eria
l) ex
plic
itly
reco
gnis
es
that
inte
rnal
aud
iting
bas
ed o
n IS
O-9
001:
2000
can
be
used
for
desi
gnin
g sa
fety
sur
vey
proc
esse
s.
EA
M3/
GU
I1 a
lso
poin
ts o
ut th
at in
dea
ling
with
the
impl
emen
tatio
n of
saf
ety
surv
eys,
ser
vice
pro
vide
rs s
houl
d no
rmal
ly e
stab
lish
proc
esse
s in
a m
anne
r whi
ch:
- E
nsur
es in
depe
nden
ce o
f the
are
a be
ing
surv
eyed
; and
-
Ens
ures
sys
tem
atic
pla
nnin
g, a
sses
smen
t of a
ll fa
ctor
s af
fect
ing
safe
ty, i
dent
ifica
tion
of c
orre
ctiv
e ac
tions
, rec
ord
of
resu
lts, i
nitia
tion
and
follo
w u
p of
cor
rect
ive
actio
ns, a
s th
e ke
y el
emen
ts o
f saf
ety
surv
eys.
Th
ose
aspe
cts
are
in li
ne w
ith th
e IS
O a
ppro
ach.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3 S
ectio
n 5.
3.1
The
use
of IS
O-1
9011
:200
2 ca
n al
so s
uppo
rt th
e im
plem
enta
tion
of E
SAR
R 3
, Sec
tion
5.3.
1, a
s it
prov
ides
de
taile
d gu
idan
ce to
sup
port
the
impl
emen
tatio
n of
thos
e IS
O p
rovi
sion
s.
(NO
TE: I
SO
-900
1:20
00 re
fers
to g
uida
nce
mat
eria
l on
audi
ting
tech
niqu
es. A
t the
tim
e of
dev
elop
ing
this
doc
umen
t, IS
O-
1900
1:20
02 in
clud
ed th
e la
test
ISO
mat
eria
l ava
ilabl
e on
that
m
atte
r)
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 43
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 8.
2.3
Mon
itorin
g an
d m
easu
rem
ent o
f pro
cess
es
The
orga
nisa
tion
shal
l app
ly s
uita
ble
met
hods
for
mon
itorin
g an
d, w
here
app
licab
le, m
easu
rem
ent o
f the
Q
MS
pro
cess
es. T
hese
met
hods
sha
ll de
mon
stra
te th
e ab
ility
of t
he p
roce
sses
to a
chie
ve p
lann
ed re
sults
. Whe
n pl
anne
d re
sults
are
not
ach
ieve
d, c
orre
ctio
n an
d co
rrec
tive
actio
n sh
all b
e ta
ken,
as
appr
opria
te, t
o en
sure
co
nfor
mity
of t
he p
rodu
ct
The
Saf
ety
Sur
veys
can
be
cons
ider
ed a
s a
“sui
tabl
e m
etho
d”
to a
chie
ve th
e ob
ject
ives
sta
ted
in IS
O a
s re
gard
s S
MS
pr
oces
ses.
How
ever
, IS
O is
mor
e de
taile
d an
d m
ay h
elp
to
defin
e th
e sc
ope
and
inte
nt o
f the
Saf
ety
Sur
veys
as
rega
rds
mon
itorin
g of
pro
cess
es
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3 S
ectio
n 5.
3.1
8.2.
4 M
onito
ring
and
mea
sure
men
t of p
rodu
ct
The
orga
nisa
tion
shal
l mon
itor a
nd m
easu
re th
e ch
arac
teris
tics
of th
e pr
oduc
t to
verif
y th
at p
rodu
ct
requ
irem
ents
hav
e be
en m
et. T
his
shal
l be
carr
ied
out a
t ap
prop
riate
sta
ges
of th
e pr
oduc
t rea
lisat
ion
proc
ess
in
acco
rdan
ce w
ith th
e pl
anne
d ar
rang
emen
ts (s
ee 7
.1)
Evi
denc
e of
con
form
ity w
ith th
e ac
cept
ance
crit
eria
sha
ll be
mai
ntai
ned.
Rec
ords
sha
ll in
dica
te th
e pe
rson
(s)
auth
oris
ing
rele
ase
of p
rodu
ct
Pro
duct
rele
ase
and
serv
ice
deliv
ery
shal
l not
pro
ceed
un
til th
e pl
anne
d ar
rang
emen
ts (s
ee 7
.1) h
ave
been
sa
tisfa
ctor
ily c
ompl
eted
, unl
ess
othe
rwis
e ap
prov
ed b
y a
rele
vant
aut
horit
y an
d, w
here
app
licab
le, b
y th
e cu
stom
er.
5.3.
1. S
afet
y Su
rvey
s (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at s
afet
y su
rvey
s ar
e ca
rrie
d ou
t as
a m
atte
r of r
outin
e,
to re
com
men
d im
prov
emen
ts w
here
nee
ded,
to p
rovi
de a
ssur
ance
to
man
ager
s of
the
safe
ty o
f act
iviti
es w
ithin
thei
r are
as a
nd to
con
firm
co
nfor
man
ce w
ith a
pplic
able
par
ts o
f the
ir S
afet
y M
anag
emen
t S
yste
ms.
5.
3.2.
Saf
ety
Mon
itorin
g (w
ithin
the
prov
isio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at m
etho
ds a
re in
pla
ce to
det
ect c
hang
es in
sys
tem
s or
ope
ratio
ns w
hich
may
sug
gest
any
ele
men
t is
appr
oach
ing
a po
int
at w
hich
acc
epta
ble
stan
dard
s of
saf
ety
can
no lo
nger
be
met
, and
th
at c
orre
ctiv
e ac
tion
is ta
ken.
ES
AR
R 3
Sec
tion
5.3.
2 co
vers
the
issu
e po
inte
d ou
t by
ISO
. H
owev
er, I
SO
is m
ore
deta
iled
and
may
pro
vide
use
ful c
riter
ia
to c
ondu
ct th
e sa
fety
mon
itorin
g of
sys
tem
s an
d op
erat
ions
. To
not
e th
at E
SA
RR
3 S
ectio
n 5.
3.1
may
com
plem
ent S
ectio
n 5.
3.2
in a
chie
ving
the
obje
ctiv
es o
utlin
ed b
y IS
O.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3 S
ectio
ns 5
.3.2
, 5.3
.1
8.3
Con
trol
of n
on-c
onfo
rmin
g pr
oduc
t Th
e or
gani
satio
n sh
all e
nsur
e th
at p
rodu
ct w
hich
doe
s no
t co
nfor
m to
pro
duct
requ
irem
ents
is id
entif
ied
and
cont
rolle
d to
pre
vent
its
unin
tend
ed u
se o
r del
iver
y. T
he
cont
rols
and
rela
ted
resp
onsi
bilit
ies
and
auth
oriti
es fo
r de
alin
g w
ith n
on-c
onfo
rmin
g pr
oduc
t sha
ll be
def
ined
in a
do
cum
ente
d pr
oced
ure.
The
orga
nisa
tion
shal
l dea
l with
non
-con
form
ing
prod
uct
by o
ne o
r mor
e of
the
follo
win
g w
ays:
a) b
y ta
king
act
ion
to e
limin
ate
the
dete
cted
non
-co
nfor
mity
b) b
y au
thor
isin
g its
use
, rel
ease
or a
ccep
tanc
e un
der
conc
essi
on b
y a
rele
vant
aut
horit
y an
d, w
here
app
licab
le,
by th
e cu
stom
er
c) b
y ta
king
act
ion
to p
recl
ude
its o
rigin
al in
tend
ed u
se o
r ap
plic
atio
n
Rec
ords
of t
he n
atur
e of
non
-con
form
ities
and
any
su
bseq
uent
act
ions
take
n, in
clud
ing
conc
essi
ons
obta
ined
, sha
ll be
mai
ntai
ned
No
equi
vale
nt re
quire
men
ts e
xplic
itly
incl
uded
in E
SA
RR
3
How
ever
, to
note
:
5.3.
2. S
afet
y M
onito
ring
(with
in th
e pr
ovis
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
that
met
hods
are
in p
lace
to d
etec
t cha
nges
in s
yste
ms
or o
pera
tions
whi
ch m
ay s
ugge
st a
ny e
lem
ent i
s ap
proa
chin
g a
poin
t at
whi
ch a
ccep
tabl
e st
anda
rds
of s
afet
y ca
n no
long
er b
e m
et, a
nd
that
cor
rect
ive
actio
n is
take
n.
It sh
ould
be
note
d th
at th
e A
TM s
ervi
ces
prov
ided
in re
al ti
me
can
not b
e ve
rifie
d be
fore
bei
ng d
eliv
ered
. Th
e A
TM s
ervi
ces
are
inde
ed th
e fin
al “p
rodu
ct” p
rodu
ced
by
the
ATM
ser
vice
pro
vide
rs.
How
ever
, “pr
oduc
t” is
def
ined
by
ISO
as
“res
ult o
f a p
roce
ss”.
Ther
efor
e th
ese
ISO
pro
visi
ons
may
als
o be
app
licab
le to
any
in
term
edia
te p
roce
ss w
hose
out
puts
are
use
d to
pro
duce
the
final
ATM
ser
vice
(e.g
. rad
ar d
ata
is a
n ou
tput
of a
par
ticul
ar
proc
ess,
and
is n
orm
ally
use
d to
pro
vide
the
final
ATC
ser
vice
s ou
tput
). Th
ese
ISO
pro
visi
ons
can
ther
efor
e pr
ovid
e us
eful
gui
danc
e w
hen
deal
ing
with
inte
rmed
iate
out
puts
, and
sup
port
the
safe
ty
mon
itorin
g ac
tions
requ
ired
in E
SA
RR
3.
The
use
of th
ese
ISO
pro
visi
ons
can
supp
ort t
he
impl
emen
tatio
n of
ESA
RR
3, p
artic
ular
ly a
s re
gard
s ES
ARR
3
Sect
ion
5.3.
2 (a
nd 5
.2.4
)
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 44
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t W
hen
non-
conf
orm
ing
prod
uct i
s co
rrec
ted
it sh
all b
e su
bjec
t to
re-v
erifi
catio
n to
dem
onst
rate
con
form
ity to
the
requ
irem
ents
. (s
ee p
revi
ous
page
) (s
ee p
revi
ous
page
)
Whe
n no
n-co
nfor
min
g pr
oduc
t is
dete
cted
afte
r del
iver
y or
us
e ha
s st
arte
d, th
e or
gani
satio
n sh
all t
ake
actio
n ap
prop
riate
to th
e ef
fect
s, o
r pot
entia
l effe
cts,
of t
he n
on-
conf
orm
ity.
5.2.
7. S
afet
y O
ccur
renc
es
(with
in th
e pr
ovis
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
that
ATM
ope
ratio
nal o
r tec
hnic
al o
ccur
renc
es w
hich
are
co
nsid
ered
to h
ave
sign
ifica
nt s
afet
y im
plic
atio
ns a
re in
vest
igat
ed
imm
edia
tely
, and
any
nec
essa
ry c
orre
ctiv
e ac
tion
is ta
ken.
Ther
e is
a c
orre
spon
denc
e be
twee
n th
is IS
O s
tate
men
t and
E
SA
RR
3 S
ectio
n 5.
2.7.
How
ever
, ES
AR
R 3
is m
ore
deta
iled
and
spec
ific.
Whe
neve
r thi
s IS
O s
tate
men
t is
cons
ider
ed a
s a
poss
ible
m
eans
to im
plem
ent E
SAR
R 3
, Sec
tion
5.2.
7, it
sho
uld
be
note
d th
at th
e ap
prop
riate
act
ions
men
tione
d in
ISO
sho
uld
nece
ssar
ily in
clud
e an
imm
edia
te in
vest
igat
ion
of
occu
rren
ces
and
the
impl
emen
tatio
n of
cor
rect
ive
actio
ns
resu
lting
from
suc
h in
vest
igat
ion.
8.4
Ana
lysi
s of
dat
a
The
orga
nisa
tion
shal
l det
erm
ine,
col
lect
and
ana
lyse
ap
prop
riate
dat
a to
dem
onst
rate
the
suita
bilit
y an
d ef
fect
iven
ess
of th
e Q
MS
and
to e
valu
ate
whe
re c
ontin
ual
impr
ovem
ent o
f the
effe
ctiv
enes
s of
the
QM
S c
an b
e m
ade.
Thi
s sh
all i
nclu
de d
ata
gene
rate
d as
a re
sult
of
mon
itorin
g an
d m
easu
rem
ent a
nd fr
om o
ther
rele
vant
so
urce
s.
The
anal
ysis
of d
ata
shal
l pro
vide
info
rmat
ion
rela
ting
to:
a) c
usto
mer
sat
isfa
ctio
n
b) c
onfo
rmity
to p
rodu
ct re
quire
men
ts
c) c
hara
cter
istic
s an
d tre
nds
of p
roce
sses
and
pro
duct
s in
clud
ing
oppo
rtuni
ties
for p
reve
ntiv
e ac
tion,
and
d) s
uppl
iers
No
equi
vale
nt re
quire
men
ts e
xplic
itly
incl
uded
in E
SA
RR
3
How
ever
, to
note
:
5.4.
2. S
afet
y Im
prov
emen
t (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce-p
rovi
der)
…
b) s
hall
ensu
re th
at c
hang
es a
re m
ade
to im
prov
e sa
fety
whe
re th
ey
appe
ar n
eede
d.
(in a
dditi
on, t
hese
ISO
sta
tem
ents
are
rela
ted
to a
ctio
ns re
quire
d in
5.
3.2
Saf
ety
Mon
itorin
g an
d 5.
3.1
Saf
ety
Sur
veys
)
ISO
is m
uch
mor
e sp
ecifi
c.
To n
ote
that
man
agem
ent r
evie
ws
are
not r
equi
red
expl
icitl
y in
E
SA
RR
3 a
lthou
gh E
AM
3/G
UI 1
(ES
AR
R 3
Gui
danc
e M
ater
ial)
iden
tifie
s S
MS
man
agem
ent r
evie
ws
as o
ne o
f the
usu
al
elem
ents
of t
he im
plem
enta
tion
of E
SA
RR
3 S
ectio
n 5.
4.2
(Saf
ety
Impr
ovem
ent).
In th
at c
onte
xt, E
AM
3/G
UI 1
poi
nts
out
that
ATM
ser
vice
pro
vide
rs s
houl
d no
rmal
ly u
se S
MS
m
anag
emen
t rev
iew
s:
- To
revi
ew th
e S
MS
-
To a
gree
and
aut
horis
e ch
ange
s in
the
SM
S.
The
colle
ctio
n an
d an
alys
is o
f dat
a ex
plic
itly
sugg
este
d by
ISO
ca
n su
ppor
t tha
t rev
iew
.
The
use
of th
ese
ISO
sta
tem
ents
can
sup
port
the
impl
emen
tatio
n of
ESA
RR
3, S
ectio
n 5.
4.2
(and
5.3
.1, 5
.3.2
)
8.5
Impr
ovem
ent
8.5.
1 C
ontin
ual i
mpr
ovem
ent
The
orga
nisa
tion
shal
l con
tinua
lly im
prov
e th
e ef
fect
iven
ess
of th
e Q
MS
thro
ugh
the
use
of th
e qu
ality
po
licy,
qua
lity
obje
ctiv
es, a
udit
resu
lts, a
naly
sis
of d
ata,
co
rrec
tive
and
prev
entiv
e ac
tions
and
man
agem
ent r
evie
w
5.4.
2. S
afet
y Im
prov
emen
t (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce-p
rovi
der)
…
b) s
hall
ensu
re th
at c
hang
es a
re m
ade
to im
prov
e sa
fety
whe
re th
ey
appe
ar n
eede
d.
ISO
is m
uch
mor
e sp
ecifi
c ab
out t
he m
eans
to u
se fo
r ac
hiev
ing
impr
ovem
ent.
The
use
of th
ese
ISO
sta
tem
ents
can
sup
port
the
impl
emen
tatio
n of
ESA
RR
3, S
ectio
n 5.
4.2
EA
M 3
/ G
UI 4
– M
appi
ng b
etw
een
ISO
900
1:20
00 a
nd E
SA
RR
3
Edi
tion
1.0
Rel
ease
d Is
sue
Pag
e 45
of 4
5
ISO
900
1:20
00 p
rovi
sion
s ES
AR
R 3
requ
irem
ents
rela
ted
Com
men
ts/A
sses
smen
t 8.
5.2
Cor
rect
ive
actio
n Th
e or
gani
satio
n sh
all t
ake
actio
n to
elim
inat
e th
e ca
use
of n
on-c
onfo
rmiti
es in
ord
er to
pre
vent
recu
rren
ce.
Cor
rect
ive
actio
ns s
hall
be a
ppro
pria
te to
the
effe
cts
of th
e no
n-co
nfor
miti
es e
ncou
nter
ed.
A d
ocum
ente
d pr
oced
ure
shal
l be
esta
blis
hed
to d
efin
e re
quire
men
ts fo
r:
a) re
view
ing
non-
conf
orm
ities
(inc
ludi
ng c
usto
mer
co
mpl
aint
s)
b) d
eter
min
ing
the
caus
es o
f non
-con
form
ities
c) e
valu
atin
g th
e ne
ed fo
r act
ion
to e
nsur
e th
at n
on-
conf
orm
ities
do
not r
ecur
d) d
eter
min
ing
and
impl
emen
ting
actio
n ne
eded
e) re
cord
s of
the
resu
lts o
f act
ion
take
n
f) re
view
ing
corr
ectiv
e ac
tion
take
n
5.2.
7. S
afet
y O
ccur
renc
es
(with
in th
e pr
ovis
ion
of th
e S
MS
, the
ATM
ser
vice
pro
vide
r)
shal
l ens
ure
that
ATM
ope
ratio
nal o
r tec
hnic
al o
ccur
renc
es w
hich
are
co
nsid
ered
to h
ave
sign
ifica
nt s
afet
y im
plic
atio
ns a
re in
vest
igat
ed
imm
edia
tely
, and
any
nec
essa
ry c
orre
ctiv
e ac
tion
is ta
ken.
(a
lso
rela
ted
to 5
.3.1
Saf
ety
Sur
veys
)
Ther
e is
a c
orre
spon
denc
e be
twee
n th
is IS
O s
tate
men
t and
E
SA
RR
3 S
ectio
n 5.
2.7.
How
ever
, ES
AR
R 3
is m
ore
deta
iled
and
spec
ific.
Whe
neve
r thi
s IS
O s
tate
men
t is
cons
ider
ed a
s a
poss
ible
m
eans
to im
plem
ent E
SAR
R 3
, Sec
tion
5.2.
7, it
sho
uld
be
note
d th
at th
e ac
tions
pro
pose
d by
ISO
sho
uld
nece
ssar
ily
incl
ude
an im
med
iate
inve
stig
atio
n of
occ
urre
nces
. To
not
e th
at th
e st
eps
prop
osed
in IS
O c
an a
lso
be u
sefu
l to
addr
ess
non-
conf
orm
ities
rais
ed b
y ot
her S
MS
mec
hani
sms
(e.g
. Saf
ety
Sur
veys
). In
fact
, tha
t app
roac
h de
velo
ps fu
rther
th
e ge
neric
indi
catio
ns p
rovi
ded
in E
AM
3/G
UI1
(ES
AR
R 3
G
uida
nce
Mat
eria
l) in
rela
tion
to th
e co
nduc
t of S
afet
y S
urve
ys.
8.5.
3 Pr
even
tive
actio
n Th
e or
gani
satio
n sh
all d
eter
min
e ac
tion
to e
limin
ate
the
caus
es o
f pot
entia
l non
-con
form
ities
in o
rder
to p
reve
nt
thei
r occ
urre
nce.
Pre
vent
ive
actio
ns s
hall
be a
ppro
pria
te
to th
e ef
fect
s of
the
pote
ntia
l pro
blem
s.
A d
ocum
ente
d pr
oced
ure
shal
l be
esta
blis
hed
to d
efin
e re
quire
men
ts fo
r:
a) d
eter
min
ing
pote
ntia
l non
-con
form
ities
and
thei
r cau
ses
b) e
valu
atin
g th
e ne
ed fo
r act
ion
to p
reve
nt o
ccur
renc
e of
no
n-co
nfor
miti
es
c) d
eter
min
ing
and
impl
emen
ting
actio
n ne
eded
d) re
cord
s of
resu
lts o
f act
ion
take
n, a
nd
e) re
view
ing
prev
entiv
e ac
tion
take
n
5.3.
1. S
afet
y Su
rvey
s (w
ithin
the
oper
atio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at s
afet
y su
rvey
s ar
e ca
rrie
d ou
t as
a m
atte
r of r
outin
e,
to re
com
men
d im
prov
emen
ts w
here
nee
ded,
to p
rovi
de a
ssur
ance
to
man
ager
s of
the
safe
ty o
f act
iviti
es w
ithin
thei
r are
as a
nd to
con
firm
co
nfor
man
ce w
ith a
pplic
able
par
ts o
f the
ir S
afet
y M
anag
emen
t S
yste
ms.
5.
3.2.
Saf
ety
Mon
itorin
g (w
ithin
the
prov
isio
n of
the
SM
S, t
he A
TM s
ervi
ce p
rovi
der)
sh
all e
nsur
e th
at m
etho
ds a
re in
pla
ce to
det
ect c
hang
es in
sys
tem
s or
ope
ratio
ns w
hich
may
sug
gest
any
ele
men
t is
appr
oach
ing
a po
int
at w
hich
acc
epta
ble
stan
dard
s of
saf
ety
can
no lo
nger
be
met
, and
th
at c
orre
ctiv
e ac
tion
is ta
ken.
(a
lso
rela
ted
to 5
.2.4
Ris
k A
sses
smen
t and
Miti
gatio
n, n
otab
ly a
s re
gard
s th
e m
itiga
tion
of ri
sks
requ
ired
in 5
.2.4
bul
let b
)
EA
M 3
/GU
I 1 (E
SA
RR
3 G
uida
nce
Mat
eria
l) po
ints
out
that
a
safe
ty s
urve
y is
a p
reve
ntiv
e ac
tivity
whi
ch m
ain
purp
ose
is to
co
nfirm
that
an
exis
ting
situ
atio
n is
sat
isfa
ctor
y. It
is th
eref
ore
a “r
outin
e” a
ctiv
ity to
iden
tify
prob
lem
s an
d fa
cilit
ate
the
defin
ition
of
rem
edia
l act
ions
whe
n pr
oble
ms
are
iden
tifie
d or
sus
pect
ed.
Acc
ordi
ng to
EA
M 3
/GU
I 1, s
urve
ys a
re c
ompl
emen
tary
to
inci
dent
inve
stig
atio
n, s
ince
they
exa
min
e sy
stem
s un
der
norm
al c
ondi
tions
to id
entif
y w
eakn
esse
s th
at h
ave
not y
et
been
see
n to
con
tribu
te d
irect
ly o
r ind
irect
ly to
an
occu
rren
ce.
The
step
s pr
opos
ed in
ISO
can
als
o be
use
ful t
o de
velo
p fu
rther
the
gene
ric in
dica
tions
pro
vide
d in
EA
M3/
GU
I1 (E
SA
RR
3
Gui
danc
e M
ater
ial)
in re
latio
n to
the
cond
uct o
f Saf
ety
Sur
veys
. To
not
e th
at th
e S
afet
y M
onito
ring
requ
ired
in E
SA
RR
3,
sect
ion
5.3.
2 is
als
o fo
cuse
d on
det
ectin
g pr
oble
ms
befo
re th
ey
appe
ar.
The
use
of th
ese
ISO
sta
tem
ents
can
sup
port
the
impl
emen
tatio
n of
ESA
RR
3 S
ectio
n 5.
3.1,
5.3
.2.
***
End
of D
ocum
ent *
**