IAT Course V6
IOSA WorkshopSession 2
IOSA Program and Audit
IOSA CAA Workshop
Session 2 - IOSA Program and Audit
IOSA Organization & interfaces
IOSA Certifications & Accreditations
Audit Process
Assessing ISARPs “Documented” and “Implemented”
IOSA Organization
and Interfaces
IOSA Structure
Airline
IOC
IOSA Program
Management
AO ETO
AccreditationAccreditation
Training
IOSA Oversight Council
Audit Organization
+ IOSA Auditors
Endorsed
Training
Organization
IOSA Communication - Regular meetings
IOC bi-annual meetings
ETO annual meetings
AO bi-annual meetings
IOSA Management Chart
IOSA Oversight Council
Represents industry interests
Composition:
15 IATA member airlines
10 Authorities.Currently participating: ICAO, FAA, EU, DGAC France
Operators are encouraged to attend IOC meetings as observers
IOC
IOSA Oversight Council
Role:
Independent monitoring of IOSA Management of
Program and Standards, by means of industry
feedback on program content and functionality
Develop strategy and recommendations on how to
address objectives set by IATA Operations
Committee and IATA Senior Management
Ensure IOSA quality is maintained
IOC
Specific AO role, responsibilities and rules published in the IOSA Program Manual (IPM)
Select, employ train and administer IOSA auditors (only IOSA auditors are authorized to conduct IOSA audits)
AOs and IOSA Auditors are subject to strict conflict-of-interest restrictions
Audit Organizations (AOs) and IOSA Auditors
IOSA Standards Manual (ISM): Contains all ISARPs What will be audited?
IOSA Program Manual (IPM):
program rules applicable to IATA, AOs, operators How is the audit done?
IOSA Audit Handbook (IAH): guidance, processes,
procedures for AOs & Auditors How does an auditor work?
IOSA Reference Manual (IRM): abbreviations and terms
associated with the ISARPs.
The IOSA documents are published online at www.iata.org/iosa
IOSA Documentation System - Manuals
IOSA Program Manual (IPM) - Content
0 - Introduction
1 - IOSA Program management
2 - AO Accreditation
3 - Auditor Qualification
4 - Auditor Training
5 - ETO Accreditation
6 - Airline responsibilities for
IOSA registration
7 - IOSA registration
8 - Audit Program
9 - IOSA Audit Report (IAR)
10 - Audit sharing
11 - Dispute Resolution
12
IOSA Manuals
Annual revision (April), an option for Temporary Revisions
IOSA Task Forces
Managed by IATA
Members: 10 to 15 experts in airline operational safety and security
Build, update and improve the ISARPs.
Monitor ICAO, FAR, EU OPS evolutions
Integrate IATA Safety Group conclusions
Follow and incorporate industry evolutions and developments.
IOSA Documentation System - Revisions
Review by FLT/DSP Task Force:
Industry/Regulatory Developments that Require TF Action
Circling approaches and stabilization criteria
Potential impact of EASA “Basic” and “TCO” regulation on
ISM;
ICAO Annex 6, Amendment 36 changes:
Alternate Selection and Fuel Planning;
Extended Diversion Time Operations (EDTO);
Fatigue Risk Management Systems (FRMS)
FDRs and ELTs
IOSA Documentation System - Revisions
Example of ICAO - IOSA coordination
FLT 4.3.14 - Automatic Emergency Locator
Transmitter (ELT):
ICAO Standard specifies all aircraft with more than 19
passenger seats to have an automatic ELT on board.
Certain States did not mandate this norm.
Co-ordinated effort by IOSA mandated ICAO standard for all
IOSA carriers using a phased implementation plan
Example of present ICAO-IOSA coordination
Introduction of SMS ICAO SARPs into IOSA
Action Plan by IATA and monitoring ICAO SARPs to ensure consistent alignment between IATA SMS material and ICAO SMS.
Using the IRM. Exercise
Auditor Comments: “The operator does not transport cargo at all. They only transport the obvious and necessary company mail for internal company communication”.
Is this standard Applicable or Not ?
Exercise (outcome)IRM Definition:
IOSA Certifications &
Accreditations
IATA applies strict Accreditation Standards and
Processes for AOs and ETOs
There are currently six (6) AOs and five ETOs
accredited
Accreditation of AOs and ETOs
20
Accreditation Standards
Company organization, management system
Quality Assurance and Quality Control programs
Independence of organisation. Conflict-of-interest
Human and physical resources, Audit and auditor administration
AO Operations Manual (published processes and procedures)
Accreditation Processes
Initial
Continuing accreditation
Periodic review
Performance evaluation and measurement
ETO accreditations follow a similar process
AO Accreditation
21
Auditor selected by an AO under IOSA program
Basic prerequisites: education, training, experience as auditor, experience in the field
ORG, FLT, DSP, MNT auditors must meet special prerequisites
Global and individual performance continuously evaluated under quality assurance program
IOSA Auditor Selection and Approval
22
Auditor Training and Qualification process
IOSA course : “IOSA Auditor Training” conducted by an Endorsed Training Organization (5 days)
Auditor under supervision during first audit;
Full evaluation on second audit
Auditor Continuing Qualification and monitoring
Annual recurrent training (one day)
Biennial audit performance evaluations
Minimum 2 audits per year per discipline
IOSA Auditor Qualification
Categories of IOSA Auditors
IOSA Auditor: May audit a maximum of 4 disciplines.
Mandatory qualification for SMS
Lead Auditor:
leads an IOSA Audit Team.
Mandatory qualification for ORG and SMS
Evaluator:
evaluates Auditors and Lead Auditors
IOSA Registration & Audit SharingIATA
Share
IOSA
Registry
IATA
IOSA
Database
IOSA Audit Report (IAR)
AO
Audit
Airline Y
Share
Airlines Regulators
Process whereby an interested party utilizes the audit
of an operator to satisfy its need for an audit of that
operator
IOSA Audit Report (IAR) is the exclusive property of
the Operator. IATA is the custodian of the IAR
Access to an IAR only after authorization from the
Operator.
Audit Sharing
Initial IOSA audit: all findings must be closed within 12
months of IOSA audit completion
Renewal audit: registration is maintained if operator closes
any new findings before its IOSA expiry date.
IOSA Registry: IATA Website listing operators with current,
complete IOSA audits
IOSA Registration
Maintaining IOSA registration
During the 2 year registration period, the Operator shall:
Continuously monitor conformity with IOSA standards
Inform IATA and the AO of any significant changes such
as re-organization, mergers acquisitions, changes to
fleets, incidents/accidents, etc.
IOSA Quality Assurance
Monitors, assesses, measures performance of IOSA Program in all areas of AO and ETO output, for continual improvement in program:
QC of IOSA Reports
QA of IOSA Audit Teams onsite
QA of Standard of ETO instruction and training
Audit Process
Audit Process Overview
IOSA audit
incl. preparation and
processingIATA
Quality Assurance
Airline
AO
IOSA
Lead Auditor
Audit Team
AO
Quality Assurance
Audit Process and Standardization
Audit program follows IPM rules, which include:Audit preparation: scope, objectives, preparation meeting
Audit planning/scheduling (minimum 30 auditor days onsite)
Provision of resources and logistical support
Audit conduct:
Opening and closing meeting
On site audit
Mandatory assessments
Follow – up of corrective actions plan and Audit Report
Quality Check by AO and IATA of all these elements.
Definition: Evidence
Data or information discovered during an
audit that is analysed and used to determine
conformity.
Definition: Conformity
Standard is documented and implemented
by the Operator
Gathering Evidence
Reviewing documentation (reading)
Interviewing personnel (hearing). Caution with this type of evidence
Assessing conditions, facilities and equipment (observing) depends on sample observed
Assessing operational activities and processes (observing)
Corroborating Evidence
Additional interviews/assessments
Technical records (maintenance, training)
Activity records (agendas, minutes)
Reports (accidents, incidents, anomalies)
Statistical summaries (failure rates, performance measurement).
Definition
IOSA Standards & Recommended Practices (ISARP)
Specified systems, policies, programs, processes, procedures, plans, sets of measures, facilities, components, types of equipment or any other aspect of operations under the scope of IOSA.
Standards: « SHALL » Must - Mandatory
Example: ORG 1.2.1 - The Operator shall have a corporate policy that commits the organisation to continualimprovment of the management system
Recommended Practices:
« SHOULD » Optional – Recommended
Example: ORG 3.1.1 - The Operator should have a corporate policy that supports implementation of a non-punitive reporting system .....
(Note: the should is always in italics )
Finding:
The documented statement based on factual evidence that
indicates an Operator is not in conformity with an
IOSA Standard.
Observation:
The documented statement based on factual evidence that
indicates an Operator has not fulfilled an
IOSA Recommended Practice.
Definition
IAT Course V5
Goal:
Collect evidence to
complement on site Audit
Audit conduct - Mandatory Assessments
Audit conduct - Mandatory Assessments
Operational DisciplineMinimum observed Activities and/or
Processes
Flight Operations 1 Line flight – flight deck operations
1 Simulator session or Training flight
Operational Control & Flight
Dispatch
1 Flight planning
1 Flight monitoring
Aircraft Engineering &
Maintenance
1 AD/ASB process
2 Maintenance activities
1 Maintenance process
Audit conduct - Mandatory Assessments
Operational DisciplineMinimum observed Activities and/or
Processes
Cabin & Cargo Compartment
Operations
1 Line flight - passenger cabin
operations only
Ground Handling 1 Weight and balance calculation
1 Ground handling activity
Cargo Operations 1 Aircraft loading or unloading
Operational Security 1 Baggage reconciliation
1 Pre-Board/hold room screening
1 Aircraft access control
1 Preflight crew security briefing
Closure of Findings
To close a Finding, the operator initiates a Corrective Action
Plan (CAP).
A Root Cause must be completed by Operator, providing the
reason why the provision had not been incorporated
(good analysis of Root Cause is essential for effective SMS)
The AO verifies consistency of all elements and effective
implementation of the corrective actions.
IATA cross-checks all data.
Exercise: root cause
Proposed root causes by an Operator:
1. the process to ensure products acquired from external suppliers meet
technical specifications was not documented nor implemented
2. the external suppliers did not have any technical specifications available
3. The departments responsible for technical specifications for external suppliers
thought the specifications were part of the business contract and that they
were monitored by the commercial department.
Assessing ISARPs
as “Documented”
and “Implemented”
The Core IOSA Principle of
“Documented” and “Implemented”
Documents must be “controlled” by the Operator.
Implementation is assessed based on processes,
procedures, etc, in controlled documents
This ensures conformity based on standard
operating procedures, not on undocumented
practices, for which standardization is not assured.
Definition: Documented
The specification is published and
accurately represented in a controlled
document by the Operator.
Definition: Controlled document
A Document subject to
processes that provide for
positive control of content,
revision, publication,
distribution, availability and
retention.
Why evaluate “Documented”?
Documented standards are necessary to:
ensure systems, programs, policies, processes, procedures and plans are implemented in a standardized manner and sustained on an on-going basis
Provide continuity in the information to personnel;
Ensure personnel are properly trained;
Conduct evaluations (e.g. audits, inspections) against documented specifications.
How to assess “Documented”
The specification must be contained in an official company document : manual, handbook, permanent publication
The style and format must clearly and accurately represent the meaning and intent of the specification and can be understood by operational personnel.
Documents assessed can be in paper or electronic form, but letters, emails, memos, bulletins, flyers or posters are generally not acceptable
IOSA philosophy
The ISARPs must be consistently
“documented” and “implemented” by an
Operator to ensure standardized application
Definition: Implemented
Specification is established, activated,
integrated, incorporated, deployed, installed,
maintained and/or made available, as part of the
operational system, and is monitored and
evaluated, as necessary, for continued
effectiveness.
Assessing “Implemented”
Specifications must be established so that they have become an active and integral part of the operation.
There must also be a measure of control of the activity to ensure that the desired outcomes are achieved.
Implementation shall be in accordance with
documented policies, processes, procedures, etc.
This ensures implementation is based on standard
operating procedures and not on undocumented
practices, for which standardization is not assured.
Linked assessment of documentation
and implementation
Exercise 1: does this auditor narrative
support the assessment of “Documented”?FLT 2.2.11 The Operator shall ensure flight crew members complete training and an
evaluation in aircraft systems and limitations, to include a demonstration of
competence in the operation of aircraft systems. Such training and evaluation shall be
completed during initial ground training and subsequently during recurrent training
once every three (3) calendar years. (GM)
Documented and Implemented
Training records for Aircraft systems & limitations training were reviewed.
Training completed in Beijing 12-16APR11
Exercise 1
FLT 2.2.11 The Operator shall ensure flight crew members complete training and an
evaluation in aircraft systems and limitations, to include a demonstration of
competence in the operation of aircraft systems. Such training and evaluation shall
be completed during initial ground training and subsequently during recurrent
training once every three (3) calendar years. (GM)
Documented and Implemented
Training records for Aircraft systems & limitations training were reviewed. Training
completed in Beijing 12-16APR11
Operations Manual - OM D 7.1.3 ii) This would be a possible
evidence of documentation
Exercise 2: does this auditor narrative
support the assessment of “Documented”?CAB 2.2.2 <PA> If the Operator conducts passenger flights with cabin crew, the
Operator shall ensure cabin crew members receive training that provides
knowledge of safety policies and procedures associated with the preflight, in-flight
and post-flight phases of cabin operations. Such training shall be included in the
cabin crew initial and re-qualification training courses, and in the recurrent training
course on a frequency in accordance with requirements of the Authority, but not
less than once during every 24-month period. (GM)
Documented and Implemented
PowerPoint presentation of Cabin Crew Safety pre/post flight procedures
Exercise 2CAB 2.2.2 <PA> If the Operator conducts passenger flights with cabin crew, the
Operator shall ensure cabin crew members receive training that provides
knowledge of safety policies and procedures associated with the preflight, in-flight
and post-flight phases of cabin operations. Such training shall be included in the
cabin crew initial and re-qualification training courses, and in the recurrent training
course on a frequency in accordance with requirements of the Authority, but not
less than once during every 24-month period. (GM)
Documented and Implemented
PowerPoint presentation of Cabin Crew Safety pre/post flight procedures
Cabin Crew Manual Ch 6.7.8 and Ch 7.6.7 This would be a possible
evidence of documentation
IOSA scope / ISARPs applicabilityAn airline is not eligible for IOSA if :
All aircraft operations are conducted by another operator, (wet lease in)
Or
The Airline does not operate a minimum of one aircraft on Commercial:
Passenger flights with or without cabin crew.
Cargo flights with or without carriage of pax or supernumeraries.
Or
Operations are conducted only with these types of aircraft:
Aircraft with maximum certificated takeoff mass of 5700kg or less;
Single engine aircraft;
Single pilot aircraft;
Helicopters;
Seaplanes.
IOSA scope / ISARPs applicability
In consequence:
ISARPs can only be applied to those aircraft authorized in the AOC and utilized in commercial passenger and/or cargo flights.
If certain aircraft/fleets are out of the IOSA scope, the airline can still undergo IOSA, the eligible fleets will be audited and non eligible fleets listed as “Out of Scope”.
Module summary
The IOSA is a well-structured program run by IATA,
with global recognition
The audits are conducted by trained auditors under
supervision of IATA
All planes on the AOC must be audited or exempted
under certain conditions
Auditing focuses on proper documentation and
implementation of the required standards
****
****
****
***
**
****
****
****
*
Questions ?