Commission Regulation (EU) No 18/2010Show full title

“ANNEX II

Common specifications for the national quality control programme to be implemented by each Member State in the field of civil aviation security

1.DEFINITIONS

1.1.For the purposes of this Annex, the following definitions shall apply:

2.POWERS OF THE APPROPRIATE AUTHORITY

2.1.Member States shall provide the appropriate authority with the necessary powers for monitoring and enforcing all requirements of this Regulation and its implementing acts, including the power to impose penalties in accordance with Article 21.

2.2.The appropriate authority shall perform compliance monitoring activities and have the powers necessary to require any identified deficiency to be rectified within set timeframes.

2.3.A graduated and proportionate approach shall be established regarding deficiency correction activities and enforcement measures. This approach shall consist of progressive steps to be followed until correction is achieved, including:

The appropriate authority may omit one or more of these steps, especially where the deficiency is serious or recurring.

3.OBJECTIVES AND CONTENT OF THE NATIONAL QUALITY CONTROL PROGRAMME

3.1.The objectives of the national quality control programme are to verify that aviation security measures are effectively and properly implemented and to determine the level of compliance with the provisions of this Regulation and the national civil aviation security programme, by means of compliance monitoring activities.

3.2.The national quality control programme shall include the following elements:

4.COMPLIANCE MONITORING

4.1.All airports, operators and other entities with aviation security responsibilities shall be regularly monitored to ensure the swift detection and correction of failures.

4.2.Monitoring shall be undertaken in accordance with the national quality control programme, taking into consideration the threat level, type and nature of the operations, standard of implementation, results of internal quality control of airports, operators and entities and other factors and assessments which will affect the frequency of monitoring.

4.3.Monitoring shall include the implementation and effectiveness of the internal quality control measures of airports, operators and other entities.

4.4.Monitoring at each individual airport shall be made up of a suitable mixture of compliance monitoring activities and provide a comprehensive overview of the implementation of security measures in the field.

4.5.The management, setting of priorities and organisation of the quality control programme shall be undertaken independently from the operational implementation of the measures taken under the national civil aviation security programme.

4.6.Compliance monitoring activities shall include security audits, inspections and tests.

5.METHODOLOGY

5.1.The methodology for conducting monitoring activities shall conform to a standardised approach, which includes tasking, planning, preparation, on-site activity, the classification of findings, the completion of the report and the correction process.

5.2.Compliance monitoring activities shall be based on the systematic gathering of information by means of observations, interviews, examination of documents and verifications.

5.3.Compliance monitoring shall include both announced and unannounced activities.

6.SECURITY AUDITS

6.1.A security audit shall cover:

6.2.The methodology for conducting a security audit shall take into consideration the following elements:

6.3.In order to confirm that security measures are implemented, the conduct of a security audit shall be based on a systematic gathering of information by one or more of the following techniques:

6.4.Airports with an annual traffic volume of more than 10 million passengers shall be subject to a security audit covering all aviation security standards at least every 4 years. The examination shall include a representative sample of information.

7.INSPECTIONS

7.1.The scope of an inspection shall cover at least one set of directly linked security measures of Annex I to this Regulation and the corresponding implementing acts monitored as a single activity or within a reasonable time frame, not normally exceeding three months. The examination shall include a representative sample of information.

7.2.A set of directly linked security measures is a set of two or more requirements as referred to in Annex I to this Regulation and the corresponding implementing acts which impact on each other so closely that achievement of the objective cannot be adequately assessed unless they are considered together. These sets shall include those listed in Appendix I to this Annex.

7.3.Inspections shall be unannounced. Where the appropriate authority considers that this is not practicable, inspections may be announced. The methodology for conducting an inspection shall take into consideration the following elements:

7.4.In order to confirm that security measures are effective, the conduct of the inspection shall be based on the systematic gathering of information by one or more of the following techniques:

7.5.At airports with an annual traffic volume of more than 2 million passengers the minimum frequency for inspecting all sets of directly linked security measures set out in chapters 1 to 6 of Annex I to this Regulation shall be at least every 12 months, unless an audit has been carried out at the airport during that time. The frequency for inspecting all security measures covered by chapters 7 to 12 of Annex I shall be determined by the appropriate authority based on a risk assessment.

7.6.Where a Member State has no airport with an annual traffic volume exceeding 2 million passengers, the requirements of point 7.5 shall apply to the airport on its territory with the greatest annual traffic volume.

8.TESTS

8.1.Tests shall be carried out to examine the effectiveness of the implementation of at least the following security measures:

8.2.A test protocol including the methodology shall be developed taking into consideration the legal, safety and operational requirements. The methodology shall address the following elements:

9.SURVEYS

9.1.Surveys shall be carried out whenever the appropriate authority recognises a need to re-evaluate operations in order to identify and address any vulnerabilities. Where a vulnerability is identified, the appropriate authority shall require the implementation of protective measures commensurate with the threat.

10.REPORTING

10.1.Compliance monitoring activities shall be reported or recorded in a standardised format which allows for an on-going analysis of trends.

10.2.The following elements shall be included:

10.3.Where deficiencies are identified, the appropriate authority shall report the relevant findings to the airport, operators or entities subjected to monitoring.

11.COMMON CLASSIFICATION OF COMPLIANCE

11.1.Compliance monitoring activities shall assess the implementation of the national civil aviation security programme using the harmonised classification system of compliance set out in Appendix II.

12.CORRECTION OF DEFICIENCIES

12.1.The correction of identified deficiencies shall be implemented promptly. Where the correction cannot take place promptly, compensatory measures shall be implemented.

12.2.The appropriate authority shall require airports, operators or entities subjected to compliance monitoring activities to submit for agreement an action plan addressing any deficiencies outlined in the reports together with a timeframe for implementation of the remedial actions and to provide confirmation when the correction process has been completed.

13.FOLLOW-UP ACTIVITIES RELATED TO THE VERIFICATION OF THE CORRECTION

13.1.Following confirmation by the airport, operator or entity subjected to monitoring that any required remedial actions have been taken, the appropriate authority shall verify the implementation of the remedial actions.

13.2.Follow-up activities shall use the most relevant monitoring method.

14.AVAILABILITY OF AUDITORS

14.1.Each Member State shall ensure that a sufficient number of auditors are available to the appropriate authority directly or under its supervision for performing all compliance monitoring activities.

15.QUALIFICATION CRITERIA FOR AUDITORS

15.1.Each Member State shall ensure that auditors performing functions on behalf of the appropriate authority:

Auditors shall be subject to certification or equivalent approval by the appropriate authority.

15.2.The auditors shall have the following competencies:

15.3.Auditors shall undergo recurrent training at a frequency sufficient to ensure that existing competencies are maintained and new competencies are acquired to take account of developments in the field of security.

16.POWERS OF AUDITORS

16.1.Auditors carrying out monitoring activities shall be provided with sufficient authority to obtain the information necessary to carry out their tasks.

16.2.Auditors shall carry a proof of identity authorising compliance monitoring activities on behalf of the appropriate authority and allowing access to all areas required.

16.3.Auditors shall be entitled to:

16.4.As a consequence of the powers conferred on auditors, the appropriate authority shall act in accordance with point 2.3 in the following cases:

17.BEST PRACTICES

17.1.Member States shall inform the Commission of best practices with regard to quality control programmes, audit methodologies and auditors. The Commission shall share this information with the Member States.

18.REPORTING TO THE COMMISSION

18.1.Member States shall annually submit a report to the Commission on the measures taken to fulfil their obligations under this Regulation and on the aviation security situation at the airports located in their territory. The reference period for the report shall be 1 January – 31 December. The report shall be due three months after completion of the reference period.

18.2.The content of the report shall be in accordance with Appendix III using a template provided by the Commission.

18.3.The Commission shall share the main conclusions drawn from these reports with Member States.

Appendix I Elements to be included in the set of directly linked security measures

The sets of directly linked security measures as referred to in point 7.1 of Annex II shall include the following elements of Annex I to this Regulation and the corresponding provisions in its implementing acts:

For point 1 — Airport security:

For point 2 — Demarcated areas of airports:

the whole point

For point 3 — Aircraft security:

For point 4 — Passengers and cabin baggage:

For point 5 — Hold baggage:

For point 6 — Cargo and mail:

For point 7 — Air carrier mail and air carrier materials:

the whole point

For point 8 — In-flight supplies:

the whole point

For point 9 — Airport supplies:

the whole point

For point 10 — In-flight security measures:

the whole point

For point 11— Staff recruitment and training:

Appendix II Harmonised classification system of compliance

The following classification of compliance shall apply to assess the implementation of the national civil aviation security programme.

Appendix III CONTENT OF REPORT TO THE COMMISSION

1. Organisational structure, responsibilities and resources

(a)Structure of the quality control organisation, responsibilities and resources, including planned future amendments (see point 3.2(a)).

(b)Number of auditors – present and planned (see point 14).

(c)Training completed by auditors (see point 15.2).

2. Operational monitoring activities

All monitoring activities carried out, specifying:

3. Deficiency correction activities

(a)Status of the implementation of the deficiency correction activities.

(b)Main activities undertaken or planned (e.g. new posts created, equipment purchased, construction work) and progress achieved towards correction.

(c)Enforcement measures used (see point 3.2(f)).

4. General data and trends

(a)Total national annual passenger and freight traffic and number of aircraft movements.

(b)List of airports by category.

(c)Number of air carriers operating from the territory by category (national, EU, third country).

(d)Number of regulated agents.

(e)Number of catering companies.

(f)Number of cleaning companies.

(g)Approximate number of other entities with aviation security responsibilities (known consignors, ground handling companies).

5. Aviation security situation at airports

General context of the aviation security situation in the Member State.