iosa programme manual

"NOTE: This document does not include revision service. Be aware that the IOSA Programme Manual will change over time, and it behooves each operator to ensure the availability of the most current version of the IPM when preparing for an audit. For important information regarding the revision status of the IPM, contact any IOSA Audit Organisation or the IOSA Programme Office at +01.514.874.0202 x3246."

OPERATIONAL SAFETY AUDIT Programme Manual

1st Edition V.2 Effective October 2003

International Air Transport Association Montreal – Geneva

NOTICE

DISCLAIMER. The information contained in this publication is subject to constant review in the light of changing government requirements and regulations. No subscriber or other reader should act on the basis of any such information without referring to applicable laws and regulations and/or without taking appropriate professional advice. Although every effort has been made to ensure accuracy, the International Air Transport Association shall not be held responsible for loss or damage caused by errors, omissions, misprints or misinterpretation of the contents hereof. Furthermore, the International Air Transport Association expressly disclaims all and any liability to any person, whether a purchaser of this publication or not, in respect of anything done or omitted, and the consequences of anything done or omitted, by any such person in reliance on the contents of this publication. No part of the IOSA Programme Manual may be reproduced, recast, reformatted or transmitted in any form by any means, electronic or mechanical, including photocopying, recording or any information storage and retrieval system, without the prior written permission from:

Senior Vice President Marketing and Commercial Services

International Air Transport Association 800 Place Victoria

P.O. Box 113 Montreal, Quebec

CANADA H4Z 1M1

Operational Safety Audit – Programme Manual Ref. No: 6363-01 ISBN 92-9195-184-6 © 2003 International Air Transport Association. All rights reserved. Montreal — Geneva

October 2003 iii

TABLE OF CONTENTS

Foreword ........................................................................................................................................................v Applicability ...................................................................................................................................................vii List of Effective Pages ..................................................................................................................................ix Introduction....................................................................................................................................................xi

1 Purpose..............................................................................................................................................xi 2 Structure ............................................................................................................................................xi 3 Documentation System....................................................................................................................xi 4 Authority ............................................................................................................................................xi 5 Revision .............................................................................................................................................xi

Definitions ......................................................................................................................................................xiii Section 1 - AO Accreditation ........................................................................................................................1-1

Figure 1.1: Accreditation Process Flow ............................................................................................1-3 Appendix 1: Auditor Data File ...........................................................................................................1-9 Appendix 2: Application Form...........................................................................................................1-17

Section 2 - IOSA Registration.......................................................................................................................2-1

Figure 2.1: Timeline for Initial Registration.......................................................................................2-3 Figure 2.2: Timeline for Registration Renewal ................................................................................2-3 Figure 2.3: Steps in the IOSA Registration Process (Initial Registration) ....................................2-5 Figure 2.4: Steps in the IOSA Registration Process (Registration Renewal) ...............................2-6 Figure 2.5: Steps in the Consideration of Extenuating Circumstances........................................2-7

Section 3 - Auditor Qualification..................................................................................................................3-1

Table 3.1: Experience Requirements for Flight Operations Auditors ...........................................3-4 Table 3.2: Experience Requirements for Engineering and Maintenance Auditors......................3-5 Figure 3.1: Qualification Process Flow for IOSA Auditor (Established AO)..................................3-9

Section 4 - Auditor Training .........................................................................................................................4-1

IOSA Programme Manual

iv October 2003

Section 5 - Audit Programme....................................................................................................................... 5-1 Table 5.1: IOSA Operational Assessments...................................................................................... 5-9 Table 5.2: IOSA Operational Assessments (Notes) ........................................................................ 5-10

Section 6 - Data Management ...................................................................................................................... 6-1

Figure 6.1: Steps in the IAR Submission Process .......................................................................... 6-5 Figure 6.2: Steps in the IAR Access Process................................................................................. 6-6

Section 7 - Audit Sharing ............................................................................................................................. 7-1

Figure 7.1: Steps in the IOSA Audit Sharing Process .................................................................... 7-2 Section 8 - IATA Programme Administration ............................................................................................. 8-1 Section 9 - Dispute Resolution .................................................................................................................... 9-1

Figure 9.1: IOSA Dispute Resolution Process Flow ....................................................................... 9-2 Section 10 - Endorsed Training Organization ............................................................................................ 10-1

October 2003 v

FOREWORD

The IATA Operational Safety Audit (IOSA) Programme is an internationally recognized and accepted evaluation system designed to assess the operational management and control systems of an Operator. IOSA is based on industry-proven quality audit principles, and is designed to ensure that each audit is conducted in a standardized manner to achieve consistent results. Standards contained in this manual were initially developed during the years 2002-2003 by task forces as part of the IOSA developmental project. When establishing the membership of the IOSA task forces, IATA selected industry safety and quality experts from organizations around the world, including airlines, regulatory agencies, and various other entities possessing operational audit expertise. Special care was taken to ensure equal participation from all areas of the world such that no single region, alliance or organization would predominate. IATA will continue to update IOSA Programme standards based on practical experience and the latest consensus in operational quality management principles.


vi October 2003

INTENTIONALLY LEFT BLANK

October 2003 vii

APPLICABILITY

The IOSA Programme Manual (IPM) contains standards that govern all aspects of the IATA Operational Safety Audit (IOSA) Programme for the purpose of achieving a standardized and consistent audit product. Standards in this manual are applicable primarily to: (1) accredited audit organizations (AOs) that will conduct audits under IOSA, (2) operators that will be audited under IOSA and (3) IATA as steward of the IOSA Programme.


viii October 2003


October 2003 ix

LIST OF EFFECTIVE PAGES

Foreword Page vi October 2003 Applicability Page viii October 2003 Introduction Page xii October 2003 Definitions Pages xiv to xvii October 2003 Section 1 – AO Accreditation Pages 1-1 to 1-19 October 2003 Section 2 – IOSA Registration Pages 2-1 to 2-8 October 2003 Section 3 – Auditor Qualification Pages 3-1 to 3-12 October 2003 Section 4 – Auditor Training Pages 4-1 to 4-4 October 2003 Section 5 – Audit Programme Pages 5-1 to 5-14 October 2003 Section 6 – Data Management Pages 6-1 to 6-6 October 2003 Section 7 – Audit Sharing Pages 7-1 to 7-2 October 2003 Section 8 – IATA Programme Administration Pages 8-1 to 8-2 October 2003 Section 9 – Dispute Resolution Pages 9-1 to 9-2 October 2003 Section 10 – Endorsed Training Organisation Pages 10-1 to 10-2 October 2003


x October 2003


October 2003 xi

INTRODUCTION

Purpose The IOSA Programme Manual (IPM) is published in order to make the complete body of standards that govern all aspects of the IOSA Programme available in a single source. Standards in the IPM provide the basis for programme standardization, which ensures that each audit is conducted in a consistent manner. Audits under IOSA will only be conducted by audit organizations (AOs) that have been accredited by IATA. To successfully complete the accreditation process, an AO shall be required to structure its organization, management systems and operational processes, including administration of its audit and auditor programmes to conform with standards in this manual. Additionally, standards contained in the IPM shall be the basis for the system used by IATA in providing quality oversight and management of the IOSA Programme.

Structure The sections in the IPM are organized as follows: • Section 1, AO Accreditation • Section 2, IOSA Registration • Section 3, Auditor Qualification • Section 4, Auditor Training • Section 5, Audit Programme • Section 6, Data Management • Section 7, Audit Sharing • Section 8, IATA Programme Administration • Section 9, Dispute Resolution • Section 10, Endorsed Training Organization

Documentation System The IPM is used in association with the following related manuals: • IOSA Standards Manual (ISM); and • IOSA Auditor Handbook (IAH). Taken together, the IPM, ISM, and IAH make up the IOSA documentation system.

Authority The IOSA Programme operates under the authority of the Board of Governors of IATA.

Revision Revisions to this manual are the responsibility of IATA.

Symbol The symbol found throughout this manual is meant for the internal process of tracking changes.


xii October 2003


October 2003 xiii

IOSA DEFINITIONS The terminology used in the IPM is consistent with that in the other manuals that comprise the IOSA documentation system. The following list defines terms as they are used in the context of the IOSA Programme and in IOSA Programme documents. Words or terms in bold type have their own definition herein.

Audit: The structured and objective assessment used to determine the level of conformity with ISARPs.

Audit Closure: An IOSA administrative action performed by the AO at the point in the audit process when all Findings have been closed by the Auditee and verified by the AO.

Audit Objective: The determination of the level of fulfilment of ISARPs for the purpose of IOSA Registration.

Audit Organization (AO): An entity that has been accredited by IATA as a provider of auditing services under IOSA.

Audit Plan: The documented requirements for a successful implementation of an Audit.

audit process: The entire course of proceedings and activities associated with an audit.

Audit Programme: The documented management, organization, strategy, policies, and procedures used by an AO for providing audit services under IOSA.

audit results: The final determination of the outcome of an Audit based on the success of the Auditee to close Findings in a manner acceptable to the AO.

audit scope: The operational disciplines and/or operational areas that are assessed during the conduct of an audit.

Audit Sharing: The process under IOSA whereby an Interested Party utilizes the Audit of an Operator conducted by a third party to satisfy its own need for an Audit of that same Operator.

Audit Team: A group of IOSA Auditors that coordinates and works together to conduct an Audit.

Auditee: The Operator that is audited under IOSA.

Auditor: An individual who has satisfied defined acceptance prerequisites, and who has successfully qualified under the IOSA Programme to conduct Audits.

best practice: A strategy, process, approach, method, tool or technique that is generally recognised as being effective in helping an operator to achieve operational objectives.

Closing Meeting: The formal meeting at the conclusion of the on-site phase of an Audit that permits the Audit Team to discuss with the Auditee information relative to Findings and Observations, the Corrective Action Plan (CAP)and other subjects relevant to the Audit Process.

conformity: Fulfilment of specifications contained in ISARPs as determined by an Audit in terms of having been documented and/or implemented by the Operator.

corrective action: The action(s) taken by the Auditee to address and eliminate recurrence of non-conformity to an IOSA Standard.

Corrective Action Plan (CAP): The total plan of an Auditee to close all Findings through implementation of comprehensive and permanent corrective action.

Corrective Action Record (CAR): A document that identifies the need for Corrective Action based on a Finding, and provides a history of implementation and verification of the Corrective Action.


xiv October 2003

documented: The state of a specification as being published and accurately represented in an operational manual, handbook or other official company medium.

Endorsed Training Organization (ETO): A company or other entity that has been accredited by IATA as a provider of training services under IOSA.

Evaluator: An experienced Lead Auditor who has demonstrated requisite qualities, and has been designated by the AO to assess Audit activities and Auditor performance.

evidence: Data or information discovered during an Audit that is analysed by the Auditor to determine fulfilment of ISARPs. Family Member: A parent, sibling, child, spouse, grandparent, or grandchild.

Finding: The documented statement based on factual evidence that indicates an Operator is not in conformity with an IOSA Standard.

Group Company: Any Subsidiary or Holding Company of an AO, or any Subsidiary of any such Holding Company. For the purposes of IOSA documents, Holding Company shall include the controlling company of the group in which the AO is part, and subsidiary shall include any company in or over which the AO or such Holding Company has a direct or indirect controlling interest.

IATA: An abbreviation and acronym for the International Air Transport Association.

implemented: The state of a specification as being activated, integrated, incorporated, deployed, installed, or made available as part of the operational system, and monitored and evaluated as necessary for continued effectiveness.

interim corrective action: Action that provides satisfactory resolution of non-conformity on a temporary basis until comprehensive and permanent corrective action in accordance with the accepted CAP can be fully implemented by the Auditee.

Interim IOSA Audit Report (IIAR): The official report of Findings and Observations that is presented to the Auditee after completion of the on-site phase of the Audit.

Interested Party: An organization that has a direct interest in or is sharing the current Audit of an IOSA Operator, and has been provided official access to the IOSA Audit Report (IAR) through the IOSA system.

IOSA: An abbreviation and acronym for IATA Operational Safety Audit, which is an internationally recognized evaluation system designed to assess the operational management and control systems of an Operator.

IOSA Accreditation: The formal and official recognition by IATA of an organization to perform a specified function or service in accordance with an applicable legal agreement and the IOSA Programme Manual (IPM)

IOSA Accreditation Agreement: The agreement between IATA and the AO that specifies the provisions and conditions applicable to the accreditation of the AO.

IOSA Audit Agreement: The agreement among IATA, the AO and the Auditee that specifies the provisions and conditions applicable to the conduct of an Audit.

IOSA Audit Feedback Programme: A programme that provides a means for the Auditee to provide critique on the conduct of an Audit.

IOSA Audit Report (IAR): The document that is the official record of an Audit, and that contains information regarding the conduct and results of the Audit, including closure of all Findings.

IOSA Auditor: An Auditor that has satisfied IOSA qualification and competence standards, and has been formally approved to conduct audits under IOSA in at least one operational discipline.

IOSA Definitions

October 2003 xv

IOSA Auditor Handbook (IAH): The published document that contains audit guidance, checklists, and other information intended specifically for use by the IOSA Auditor.

IOSA Auditor Personal Data File: An IOSA document that provides a record of personal data, background and qualifications of an IOSA Auditor.

IOSA Checklist: The document used by an IOSA Auditor when conducting an Audit to document factual evidence.

IOSA Database: The IATA repository of IOSA Audit Reports (IARs) for the purpose of retaining, accessing, reviewing, and analysing the audit data.

IOSA Guidance Material (GM): Interpretive or explanatory text in Part Two of the IOSA Standards Manual (ISM) that serves to clarify the meaning and intent of standards and recommended practices. Guidance Material may also specify examples or acceptable alternate means of achieving conformity.

IOSA Auditor Training (IAT): An element of the qualification process for the IOSA Auditor designed to familiarize an experienced aviation operational auditor with the most important aspects of IOSA.

IOSA Operator: An airline or other organization that engages in all or some of the airline operational disciplines under the scope of IOSA and has met the requirements for IOSA Registration. The organization will be listed on the IOSA Registry consistent with the type of business in which it is engaged (e.g. IOSA Airline or IOSA MRO).

IOSA Oversight Committee (IOC): The body within the IATA governance structure that ensures adequate oversight and influence upon the entire IOSA Programme by IATA members.

IOSA Programme: The total of all aspects of the system that is IOSA.

IOSA Programme Management Office (PMO): The group under IATA that manages the day-to-day matters associated with the IOSA Programme.

IOSA Programme Manual (IPM): The published document that contains the standards upon which the IOSA Programme is based.

IOSA Recommended Practice: A specified programme, system, policy, process, procedure, plan, set of measures, facility, component, type of equipment, or any other aspect of operations under the Audit Scope of IOSA, the fulfilment of which is considered optional, but desirable, by the Operator.

IOSA Registration: The formal method used by IATA to determine the operational suitability of and list a qualified organization on the IOSA Registry as an IOSA Operator.

IOSA Registry: The official listing of eligible organizations that have achieved and are currently maintaining a status of IOSA Operator.

IOSA Standard: A specified programme, system, policy, process, procedure, plan, set of measures, facility, component, type of equipment, or any other aspect of operations under the Audit Scope of IOSA, that is considered an operational necessity, and with which an Operator will be expected to be in conformity at the conclusion of the Audit.

IOSA Standardization Conference: An annual conference organized by IATA and attended by AOs and other invited parties for the purpose of standardizing the IOSA Programme.

IOSA Standards Manual (ISM): The published document that contains the ISARPs, IGM, and other supporting information.

IOSA System: All of the elements of the IOSA Programme working together to produce desired results.

IOSA Training Agreement: The agreement between IATA and an ETO that specifies the provisions and conditions applicable to the accreditation of the ETO.


xvi October 2003

ISARPs: An abbreviation and acronym for IOSA Standards and Recommended Practices, which are contained in Part One of the IOSA Standards Manual (ISM).

Lead Auditor: An experienced Auditor who has acquired the requisite knowledge and skill, demonstrated the competence, and has successfully qualified and been approved under the IOSA Programme to lead an Audit Team.

library: An organized system for documentation retention and control.

non-conformity: Non-fulfilment of specifications contained in ISARPs as determined by the Auditor in terms of having been documented and/or implemented by the Operator.

Observation: The documented statement by the IOSA Auditor based on factual evidence gathered during an Audit that indicates an Operator has not fulfilled an IOSA Recommended Practice.

Opening Meeting: The meeting at the beginning of the on-site phase of the Audit that permits the Audit Team to discuss with the Auditee the Audit Plan and other arrangements, activities and information relevant to the conduct of the Audit.

Operator: An airline or other organization that engages in all or some of the airline operational disciplines under the audit scope of IOSA.

quality: The degree to which a system consistently meets specified requirements, satisfies stated needs, or produces desired outcomes.

requirement: A specification in an IOSA Standard that is considered an operational necessity.

safety: A condition in which the risk of harm or damage is limited to an acceptable level.

senior management: The highest level of management within an organization that has the authority and responsibility for setting policy, demonstrating commitment, meeting requirements, approving resources, setting objectives, implementing processes and achieving desired outcomes.

AO Accreditation October 2003 1-1

SECTION 1 – AO ACCREDITATION

1.0 Purpose 1.0.1 Accreditation of an Audit Organization (AO) is the process used by IATA to ensure the competence and integrity of the organizations that conduct operational audits under the IOSA Programme. The purpose of this section of the IPM is to provide the standards applied by IATA initially and on a continuing basis to ensure that each AO conducts business in a manner that ensures achievement of IOSA objectives and produces overall IOSA Programme standardization and consistency.

1.1 Accreditation General 1.1.1 In order to begin the initial approval process, a candidate for accreditation as an IOSA Audit Organization (AO) shall submit the IOSA Accreditation Application Form (Appendix 1-1) to IATA, accompanied by a non-refundable application fee of US $7500. The steps in the IOSA accreditation process are depicted in Figure 1.1. 1.1.2 A candidate for initial AO accreditation shall be required to provide a certificate of incorporation or similar documentation evidencing its status as a legal entity in good standing. A candidate shall also provide documentation as requested in the IOSA Accreditation Application Form and in this IPM Section 1. 1.1.3 A candidate shall be in total conformity with applicable requirements in this IPM in order to receive approval for accreditation as an AO. 1.1.4 A stated requirement in this IPM for either a candidate for accreditation or for an established AO to have a programme, system, policy, process, or procedure shall mean that the stated requirement has been documented, and responsibility for implementation has been clearly assigned. 1.1.5 A candidate for accreditation shall provide for IATA review and approval all administrative and operational documentation pertaining to IOSA, including manuals, handbooks, checklists, curricula, syllabi and any other documents that make reference to programmes, systems, policies, processes and procedures. 1.1.6 The IATA accreditation process shall include a review and evaluation of the administration, operations and facilities of a candidate for accreditation. 1.1.7 The IATA accreditation process, for initial accreditation only, shall include, at the discretion of IATA, a personal interview of selected auditors from the proposed initial cadre of IOSA Auditors submitted by the candidate for accreditation. 1.1.8 Formal and final approval for accreditation of an AO shall be carried out by IATA, and such approval shall be noted and recorded by the IATA Oversight Committee (IOC). 1.1.9 The culmination of the accreditation process shall result in the following:

i) execution of an agreement (the “Accreditation Agreement”) made between the candidate for accreditation and IATA;

ii) payment of an accreditation fee by the AO to IATA; iii) accreditation of the candidate as an AO.

1.1.10 The standard term of accreditation of an AO shall be three years, and: i) consideration for renewal of IOSA accreditation shall be contingent on a mutual desire

by IATA and an AO; ii) an AO seeking renewal of IOSA accreditation shall demonstrate continued total

conformity with applicable requirements in this IPM; iii) renewal of accreditation shall only be effective upon execution by IATA and the AO of

an agreement amending the Accreditation Agreement in this regard.


AO Accreditation 1-2 October 2003

1.1.11 An AO shall be subject to the IATA quality assurance review and monitoring programme on a continuing basis during a term of accreditation. 1.1.12 A review of accreditation status may be initiated by IATA should an AO, without limitation:

i) experience financial difficulties, significant management turnover, or transfer of company ownership;

ii) be the subject of sustained industry reports of unprofessional practices or performance deficiencies;

iii) fail to comply with any applicable laws in any jurisdictions in which the AO conducts business;

iv) breach the Accreditation Agreement; v) fail to pay accreditation or other related fees; vi) experience other circumstances or situations deemed by IATA to be potentially

detrimental to or jeopardise the reputation of IOSA. 1.1.13 Notwithstanding IPM 1.1.12, the Accreditation Agreement made between IATA and an AO may be terminated, and the accreditation status of the relevant AO thereby lost, in certain circumstances as set out in the Accreditation Agreement. 1.1.14 Accreditation of an AO shall be terminated should an AO cease providing aviation audit services. 1.1.15 The provisions of this IPM are, together with the provisions of the ISM, and unless otherwise provided, incorporated by reference in the Accreditation Agreement and, in the event of any inconsistency between the terms of this IPM and the Accreditation Agreement, the Accreditation Agreement shall prevail to the extent of the inconsistency. 1.1.16 An AO shall also enter into an “Audit Agreement”, such agreement to be made between IATA, the AO and the relevant candidate organization for IOSA Registration (Auditee). The provisions of this IPM are, together with the provisions of the ISM, and unless otherwise provided, incorporated by reference in the Audit Agreement and, in the event of any inconsistency between the terms of this IPM and the Audit Agreement, the Audit Agreement shall prevail to the extent of the inconsistency.

AO Accreditation


Figure 1.1: IATA Accreditation Process Flow

Candidate for AO requests ApplicationPackage from IATA.

IATA forwards Application Package,including Application Form , AccreditationReview Checklist and IOSA Agreem ents,

to Candidate.

Candidate subm its Application to IATA,along with all other required

docum entation and non-refundableapplication fee.

IATA reviews Application anddocum entation.

IATA and Candidate discuss and agreeon plan to accom plish accreditation

process.

IATA conducts accreditation "duediligence" process; com pletesAccreditation Review Reports.

Requirem entsm et?

IATA Accreditation Com m ittee m eetsand reviews Reports to determ ine ifCandidate is in conform ity with IPM

provisions.

Candidate m akes adjustm ents andrevisions as necessary

IATA Accreditation Com m ittee m akesrecom m endation as to accreditation of

Candidate.

IATA and Candidate execute theAccreditation Agreem ent; Candidate pays

Accreditation Fee to IATA.

Basicrequirem ents

m et?

Conform itydeterm ined?

Accreditationrecom m ended?

Yes

No

No

Yes

Yes

No

Yes

No

Candidate notified.

Candidate notified.

Candidate is accredited as an AO



1.2 Organizational Prerequisites 1.2.1 A candidate for accreditation shall provide, in addition to the documentation specified in IPM 1.1.2, the following without limitation:

i) other relevant incorporation documents (if any); ii) documents evidencing company shareholders, ownership and governance structure(s); iii) annual reports (if any) for the preceding five (5) years; iv) audited financial statements and accounts for the preceding two years; v) corporate organization chart, including a list of employees and reporting structure; vi) documents related to any actual or potential legal proceedings; vii) statement of corporate values and mission statement (if any); viii) other information and documentation as set out in the Accreditation Agreement.

1.2.2 A candidate for accreditation shall provide certificates of its insurance evidencing all current policies of insurance, and evidencing its ability to meet the insurance and indemnity requirements as set out in the Accreditation Agreement. 1.2.3 A candidate for accreditation shall provide evidence that the management and staff have the appropriate background and knowledge to perform operational audits under IOSA. 1.2.4 A candidate for accreditation shall provide a completed IOSA Auditor Personal Data File (Appendix 1-2) that reflects personal information and satisfaction of all qualification prerequisites in accordance with IPM 3.3 for the proposed initial cadre of IOSA Auditors. 1.2.5 A candidate for accreditation shall provide a list of business references, including audit clients and customers. 1.2.6 A candidate for accreditation shall make those representations and warranties as set out in the Accreditation Agreement.

1.3 Observation and Monitoring 1.3.1 An AO and a candidate for accreditation, with appropriate coordination, shall agree to periodic observation/evaluation by IATA of audits being conducted as part of the ongoing quality assurance review and monitoring programme. 1.3.2 An AO shall agree to periodic reviews by IATA of all documentation and records associated with the conduct of operational audits under IOSA. 1.3.3 An AO shall agree to periodic access by IATA, with prior notice, to all facilities, equipment, and other areas associated with the organizational administration and conduct of operational audits under IOSA. 1.3.4 An AO shall agree to periodic reviews by IATA of its IOSA auditor training programme, to include all training records and observation of training classes.

1.4 Conflict of Interest 1.4.1 An AO shall not be allowed to conduct an audit under IOSA on an Operator for whom the AO or an affiliated entity has provided consulting services related to operations within the operational scope of IOSA within the previous two years. 1.4.2 An AO shall not be allowed to conduct an audit under IOSA of the operations of its own organization, or those operations of any Group Company. 1.4.3 An AO shall not be allowed to conduct an audit under IOSA on an Operator if, in the opinion of IATA, that AO has an interest in the outcome of that audit, the existence of such an interest to be determined by IATA at its complete and unfettered discretion.

AO Accreditation


1.4.4 An auditor shall not be allowed to conduct an audit under IOSA of the operations of an organization for which such auditor is an employee, provides services and/or is on the list of approved IOSA Auditors. 1.4.5 An auditor on the list of an AO shall not be allowed to participate in the audit of an Operator for whom he or she has provided consulting services related to operations within the operational scope of IOSA within the past two years. 1.4.6 An auditor on the list of an AO shall not be allowed to participate in an audit if either or both of the following circumstances exist:

i) the auditor has direct or indirect financial interest in the audited Operator; ii) the auditor has family members affiliated with the audited Operator, with such family

members defined as parent, sibling, child, spouse, grandparent, or grandchild. 1.4.7 When there is or might appear to be a conflict of interest for any reason, an AO shall disclose to and resolve actual or potential conflict with IATA prior to conducting an audit under IOSA.

1.5 General 1.5.1 A candidate for initial accreditation shall, if requested by IATA for the purpose of a personal interview, make available each auditor who is proposed to conduct audits under the IOSA Programme at a mutually agreeable time and location. 1.5.2 An AO shall have at least one principal manager attend the IOSA Standardization Conference, which shall be arranged by IATA and shall normally convene once each calendar year. Should more than one conference be scheduled in any given year, an AO shall have a principal representative in attendance for a least one conference during that year. 1.5.3 Prior to the conduct of an audit under IOSA, an AO shall enter into an Audit Agreement with IATA and the relevant Auditee. The Audit Agreement shall set out the commercial arrangements and all other terms, conditions and restrictions associated with the relevant Audit.

1.6 Management 1.6.1 An AO shall have a management system that supports effective operations associated with the IOSA Programme, including:

i) clearly defined lines of managerial authority and responsibilities; ii) documented administrative and operational policies, processes and procedures; iii) provision of resources including employees, equipment, and facilities; iv) managerial control, including oversight and quality assurance.

1.6.2 An AO shall have processes in accordance with applicable provisions in IPM Section 6 for the management of data derived from audits conducted under IOSA to ensure confidentiality and security.

1.7 Quality Assurance 1.7.1 An AO shall have a quality assurance programme that includes internal auditing to ensure that all standards associated with its IOSA Programme are being properly and effectively implemented within the organization, including the areas of administration, documentation, and operations.

1.8 Documentation 1.8.1 An AO shall have a documentation system that contains the published policies, processes, procedures and other applicable guidance that govern and ensure effective implementation and control of the managerial, administrative and operational functions associated with the IOSA Programme. 1.8.2 An AO shall have procedures for revising, updating, maintaining, and distributing manuals relevant to IOSA in a timely manner.



1.8.3 An AO shall have a procedure that ensures all auditors and other employees associated with the IOSA Programme have ready access to the relevant and current versions of company manuals. 1.8.4 An AO shall have a system that ensures all IOSA Auditors are always supplied with and have at their disposal IOSA documents for use during audits, to include relevant ISARPs, Guidance Material and IOSA Checklists in accordance with IPM 5.5.4.

1.9 Records System 1.9.1 An AO shall have a records system that defines the controls and procedures needed for identification, storage, protection, retrieval, retention, and disposition of records. 1.9.2 An AO shall maintain records pertaining to its listed IOSA Auditors that provide evidence of conformity with requirements for auditors in this IPM, including at least the following:

i) prerequisite qualifications for auditor candidates; ii) competence, knowledge, and skills of auditors; iii) required auditor training, including initial and recurrent; iv) selection and initial qualification of auditors; v) training and qualification of auditors to conduct audits in an additional operational

discipline. 1.9.3 An AO shall have a means to ensure separate back up files of electronic records.

1.10 Auditor Administration 1.10.1 An AO shall have a system of administration of its IOSA Auditor Programme in accordance with provisions in IPM Section 3, including processes for auditor selection, qualification, surveillance, communication and records retention. 1.10.2 An AO shall have a process that ensures an Audit Team consists only of approved IOSA Auditors for conducting an Audit under IOSA. 1.10.3 An AO shall have a process for maintaining an up-to-date list of approved IOSA Auditors that participate in Audits conducted under IOSA. 1.10.4 An AO shall have a process for forwarding its latest list of approved IOSA Auditors to IATA on a timely basis. 1.10.5 An AO shall have a process to advise IATA immediately whenever the qualification status of an IOSA Auditor changes. 1.10.6 An AO shall have a process to exercise due diligence in verifying the accuracy of and then maintaining on file an up-to-date IOSA Auditor Personal Data File for each IOSA Auditor. The Data File shall contain a curriculum vitae and other evidence of prerequisite education, aviation work experience, auditor training, and audit experience in accordance with applicable requirements in IPM Section 3. 1.10.7 An AO shall have a process for communicating with and distributing current information to its IOSA Auditors in a timely manner.

1.11 Auditor Qualification 1.11.1 An AO shall have auditor selection and qualification processes in accordance with IPM Section 3 applicable to all IOSA Auditors.

1.12 Auditor Training 1.12.1 An AO shall have a programme that ensures each candidate seeking approval as an IOSA Auditor successfully completes IOSA Initial Auditor Training (IAT) in accordance with IPM 3.9 and IPM 4.1.

AO Accreditation


1.12.2 An AO shall have an annual recurrent training programme in accordance with IPM 4.5. On a bi-annual basis, an AO shall purchase and include in the annual recurrent training curriculum, mandatory training modules developed and supplied by IATA. 1.12.3 An AO shall have a process for restoring the qualification of an IOSA Auditor who has become unqualified in accordance with applicable provisions in IPM Section 3.14.

1.13 Audit Programme 1.13.1 An AO shall have a system for management of its Audit Programme in accordance with provisions in IPM Section 5. 1.13.2 An AO shall have a system for providing control and surveillance of its Audit Programme, including auditor performance, to ensure objectivity, impartiality, standardization and overall adherence to its own requirements and IOSA Standards in this IPM. 1.13.3 An AO shall not declare an airline eligible for registration as an IOSA Operator until all Findings and the Audit have been closed in accordance with provisions in IPM 5.11 and 5.12. Audit closure shall always include verification by the AO of corrective action.

1.14 Data Management 1.14.1 The AO shall have a programme for the management of all data associated with or derived from Audits conducted under IOSA. The programme shall include, but not be limited to, policies, processes and procedures for data retention, preparation and distribution of the IIAR and IAR . The programme of the AO shall also specify facilities, equipment and systems associated with the management of IOSA data.

AO Accreditation


APPENDIX 1 – IOSA AUDITOR FILE (IOSA IPM FORM – 001) To the Candidate for IOSA Auditor:In order to verify eligibility for your appointment as IOSA Auditor, you are requested to fill in the following information as requested. For reference, the correlating IOSA requirement is stated in light gray.

This questionnaire reflects Qualification Prerequisites for IOSA Auditor Acceptance as stated in the IOSA Programme Manual (IPM), Section 3 (Auditor Qualification).

Important Notes:

• Your application can only be processed based on complete documentary proof of all qualifications. Please prove your qualifications by enclosure of unauthenticated copies of relevant certificates, reports, letters of recommendation, testimonials, licenses, etc.

• In submitting this document, you explicitly agree that the information contained herein will be reviewed and/or the document stored for the sole purpose of the IOSA Programme.

Applicant's Declaration: I hereby assure that all statements and information provided hereafter and in the enclosures are true and were made in all conscience. I am aware that false statements could result in revocation of my IOSA Auditor status.

Applicant’s Name

Date Signature

Index of Enclosures List below all enclosures/attachments, including your Curriculum Vitae/Resume.

No. Description No. Description 1 Curriculum Vitae (CV, Resume) 12 2 13 3 14 4 15 5 16 6 17 7 18 8 19 9 20

10 21 11 22



1. Personal Data Personal Data: Family Name:

First Name: Date of Birth: Nationality:

Home Address: Street: City: ZIP-Code: Country: Contacts: Telephone 1: Telephone 2: Fax: Cell Phone: E-Mail 1: E-Mail 2: 2. Current Employer Name of Organization: Location: Current Position / Since: /

AO Accreditation


3. Education IPM 3.3.3 i) A candidate for IOSA Auditor shall have completed at least secondary

education. Secondary education is typically 12 years of full time schooling under the national educational system that comes after the primary or elementary stages, and is completed prior to entrance to a university or similar educational institution.

Please begin with the most recent one.

Duration Institution Location Graduation as Graduation Date

Remarks: Accuracy of educational requirements verified: For the AO: Signature: Name: Date:



4. Operational Experience 4.1 Professional aviation qualifications and licenses achieved: IPM 3.3.4 The following constitute acceptable aviation operational disciplines that satisfy the general operational

experience requirements for an IOSA Auditor.

Tick Qualification Proof of ability (Enclosure)

Issue Date / Since

Licensed by / Employer

Military or civilian air carrier pilot licenced by the regulatory authority of a state

Licence No.:

Military or civilian aircraft maintenance engineer/technician licensed or approved by a regulatory authority

License / Approval No.:

Air carrier flight operations or airworthiness inspector for a national authority

Proof by means of:

Flight Dispatcher or Flight Operations Officer certified by the State

License / Certificate No.:

Aviation industry instructor in the areas of flight operations, aircraft systems, flight dispatch, cabin safety, security, or dangerous goods

Proof by means of:

Ramp operations supervisor or weight and balance specialist

Proof by means of:

Cargo, and dangerous goods specialist

Proof by means of:

Flight attendant supervisor Proof by means of:

Aviation operational security specialist

Proof by means of:

Aviation safety or quality management professional

Proof by means of:

AO Accreditation


4.2 Special Provisions for Flight Operations Auditors: IPM 3.3.8 Special Provisions for Flight Operations Auditors

i) Auditors who will conduct auditing in the operational discipline of Flight Operations shall meet all

requirements contained in IPM Clauses 3.3.3 (Education) and 3.3.5 (Auditor Certification and Training) in addition to special experience requirements contained in Table 3.1.

Tick Qualification Proof of ability (Enclosure) From-To Employer

Special Provisions for Flight Operations Auditors in accordance with IPM 3.3.8

Proof by means of:

Operational and Audit Experience in accordance with IPM Table 3.1

Proof by means of:

Core Aviation Experience in accordance with IPM Table 3.1

Proof by means of:

Airline Flight Operations Experience in accordance with IPM Table 3.1

Proof by means of:

4.3 Special Provisions for Engineering and Maintenance Auditors: IPM 3.3.9 Special Provisions for Engineering and Maintenance Auditors

i) Auditors who will conduct auditing in the operational discipline of Engineering and Maintenance

shall meet all requirements contained in IPM Clauses 3.3.3 (Education) and 3.3.5 (Auditor Certification and Training) in addition to special experience requirements contained in Table 3.2.

Tick Qualification Proof of ability (Enclosure) From-To Employer

Special Provisions for Engineering and Maintenance Auditors in accordance with IPM 3.3.9.

Proof by means of:

Aviation Experience in accordance with IPM Table 3.2

Proof by means of:

Quality Experience in accordance with IPM Table 3.2

Proof by means of:

Audit Experience in accordance with IPM Table 3.2

Proof by means of:



4.4 Aviation work experience IPM 3.3.4 i) A candidate for IOSA Auditor shall have civilian or military work experience of at least

five years in any of the aviation operational disciplines listed in IPM 3.3.4.2, with at least two full years in a single discipline. Six months of the aviation experience must have occurred within the 24 months prior to application as a candidate for IOSA Auditor.

Begin with the most recent appointment. Leave the last column empty.

Job Title, Function Organization Period from / until Experience (months)

IOSA Operational Discipline

/ Please leave empty!










Remarks: Accuracy of operational experience requirements verified: For the AO: Signature: Name: Date:

AO Accreditation


5. Auditor Training / Certification IPM 3.3.5 i) A candidate for IOSA Auditor shall satisfy one of the following prerequisites.

a) Possesses and furnishes proof of current certification by a recognized national or international auditor certification authority either as a quality auditor, quality management system auditor or lead auditor, or as an aerospace experience auditor. Auditor certification shall be based on internationally recognized auditor certification standards. Such certification shall be maintained.

b) If not currently a certified auditor as described above, furnished documented and

verifiable evidence of completion of a formal quality auditor or lead quality auditor training course. The minimum curriculum for such training is specified in IPM 4.3. Acceptable evidence of training shall include the course curriculum and a certificate of completion, indicating the candidate successfully completed all aspects of the course including the examination. A certificate of attendance is not acceptable.

c) Effective 1 January 2006, a candidate for IOSA Auditor must satisfy IPM 3.3.5 a);

provision IPM 3.3.5 b) is no longer valid Please begin with the highest qualification.

Graduation as Registration Scheme Training Institute Graduation Date Valid until

Please chose!

Please chose!

Please chose!

Please chose!

Please chose!

Remarks: Accuracy of auditor certification / training requirements verified: For the AO: Signature: Name: Date:



6. Audit Experience IPM 3.3.6 i) Prerequisite Audit Experience.

A candidate for IOSA Auditor shall furnish to the AO documented and verifiable evidence of having conducted at least four (4) aviation operational, quality management system or safety audits. Such audits shall have been conducted in the aviation operational disciplines included in the scope of IOSA, and at least one of the audits shall have been conducted within the 12 months prior to application.

Month / Year JAN/ 1999 Month / Year JAN/ 1999

Audit Days On-site 1 Audit Days On-site 1

Organization Organization

Contact Person Name Contact Person Name

Contact Person Tel. Contact Person Tel.

Location Location

Audit Scope Audit Scope

Audit Type Internal Audit (1st Party) Audit Type Internal Audit (1st Party)

Audit Category Product Audit Audit Category Product Audit

Audit Standard ICAO Audit Standard ICAO

Capacity Lead Auditor Capacity Lead Auditor

Month / Year JAN/ 1999 Month / Year JAN/ 1999

Audit Days On-site 1 Audit Days On-site 1

Organization Organization

Contact Person Name Contact Person Name

Contact Person Tel. Contact Person Tel.

Location Location

Audit Scope Audit Scope

Audit Type Internal Audit (1st Party) Audit Type Internal Audit (1st Party)

Audit Category Product Audit Audit Category Product Audit

Audit Standard ICAO Audit Standard ICAO

Capacity Lead Auditor Capacity Lead Auditor

Audit 2 Audit 1

Audit 4 Audit 3

AO Accreditation


APPENDIX 2 – AUDIT ORGANISATION APPLICATION FORM (IOSA IPM FORM – 002)

Audit Organisation Application Form NOTE: Please label all Attachments as per instructions in text, all attachments should be provided in English. Completed form and all attachments should be sent to: Attn: Rick Lee International Air Transport Association 800 Place Victoria, P.O. Box 113 Montreal, Quebec, CANADA H4Z 1M1 +1.514.874.0202 GENERAL INFORMATION Operational headquarters: Street: City: State/Prov.: ZIP-Code: Country: Telephone: Fax: E-mail : Website: Preliminary contact person: Name: Title: Telephone 1: Telephone 2: Fax: Cell Phone: E-Mail 1: E-Mail 2: Geographical regions served by AO (check all that apply) North America Central/South America Europe Russia/CIS Middle East Africa Asia/Australasia/Pacific



PRELIMINARY INFORMATION (reference Section 1.2 of IPM) Certificate of incorporation <ATTACHMENT A> Included? If no, please explain Annual reports for the past 5 years <ATTACHMENT B> Included? If no, please explain Audited financial results for the past 2 years <ATTACHMENT C> Included? If no, please explain Organisation chart showing management structure <ATTACHMENT D> Included? Insurance requirements as set out in the <ATTACHMENT E> Included? Accreditation Agreement AUDIT PROGRAMME BACKGROUND (reference IPM 1.2 and Section 5) Demonstrate ability to work under the IOSA Audit Programme

Similar audit programme experience Quality credentials (i.e.: ISO registration or other Quality Management System) <ATTACHMENT G> Included? If no, please explain Organisational structure (including logistical and administrative support, records management) <ATTACHMENT H> Included? If no, please explain Past business references including audit clients <ATTACHMENT I> Included? If no, please explain AUDITORS List of proposed IOSA auditors and a completed IOSA Personal Data File and CV for each proposed auditor (reference IPM Section 3, provisions 3.3 to 3.8). <ATTACHMENT F>

NON-REFUNDABLE ONE TIME APPLICATION FEE $7,500 US payable to IATA

IOSA Registration October 2003 2-1

SECTION 2 – IOSA REGISTRATION

2.0 Purpose 2.0.1 The IOSA registration process is the formal method used by IATA to determine the operational fitness of an organization to be an IOSA Operator, and recognize and record such accomplishments on the IOSA Registry. This section of the IPM provides the standards for the IOSA Registration process. (See Figures 2.3 and 2.4.)

2.1 The IOSA Registry 2.1.1 The IOSA Registry is established and maintained by IATA for the purpose of providing the official listing of organizations that have achieved and are currently maintaining status as an IOSA Operator. 2.1.2 To qualify as a potential IOSA Operator, an organization shall engage in or provide services in all or some of the airline operational disciplines under the scope of IOSA. Membership in IATA is not a prerequisite for IOSA Registration. 2.1.3 To be registered as an IOSA Operator, an organization shall have been audited by an accredited AO and shall have demonstrated operational fitness through conformity to IOSA standards in accordance with applicable provisions in IPM Section 5. 2.1.4 It shall be possible for an IOSA Operator to have a limited registration, applicable to only that portion of its operations that has met the requirements for IOSA registration (e.g. specific routes, fleet types, or operational disciplines). 2.1.5 An Interested Party that desires access to the IOSA Registry shall submit a written request for such access to IATA. 2.1.6 Access to the IOSA Registry shall be provided by IATA only to those parties that have submitted a request, and access shall be limited to the following:

i) Member airlines; ii) Regulatory Authorities; iii) AOs; iv) Other entities determined, at the discretion of IATA, to have a legitimate need for access.

2.1.7 IATA shall have a process to provide limited access to the IOSA Registry in accordance with IPM 2.1.6.

2.2 Registration General 2.2.1 An organization that is not currently an IOSA Operator, but is ascertained by an AO to be operationally fit for registration through successful completion of an Audit, shall be added to the IOSA Registry. 2.2.2 An organization that is currently an IOSA Operator, and subsequently maintains operational fitness through successful completion of an Audit, shall remain on the IOSA Registry.

2.3 Audit Expiration 2.3.1 An Audit shall have a limited period of validity and shall expire as an instrument for IOSA Registration on the date exactly twelve (12) consecutive months following the date of the Closing Meeting. Should comprehensive and permanent corrective action in accordance with the accepted Corrective Action Plan (CAP) not be implemented by the Auditee and verified by the AO prior to such expiration date, the Audit becomes invalid as a means for the Auditee to either be added to or remain on the IOSA Registry.


IOSA Registration 2-2 October 2003

2.4 Registration Period 2.4.1 The IOSA registration period shall be twenty four (24) months, except for initial registration as provided in IPM 2.5.2.

2.5 Initial Registration 2.5.1 An Auditee that is not currently registered as an IOSA Operator shall be added to the IOSA Registry when all Findings, if any, have been closed through full implementation of comprehensive and permanent corrective action in accordance with the accepted CAP (Audit Closure), and such implementation has been verified by the AO as provided in IPM 5.11, 5.12 and 5.13. 2.5.2 For initial registration of an IOSA Operator, the period of registration shall begin on the date that the AO declares Audit Closure and shall expire exactly twenty four (24) consecutive months following the date of the Closing Meeting. (See Figure 2.1.)

2.6 Registration Renewal 2.6.1 An Operator that is currently registered as an IOSA Operator shall remain on the Registry and have such registration renewed when all Findings, if any, have been closed in accordance with applicable provisions in IPM 5.12 prior to the expiration date of the current registration. 2.6.2 The period of renewed registration for a current IOSA Operator shall become effective on the date that the current IOSA registration expires, and such renewed registration shall expire exactly twenty four (24) consecutive months following the current expiration date. (See Figure 2.2.) 2.6.3 For registration renewal, the on-site portion of the Audit process shall not commence more than four (4) months prior to the expiration date of the Operator’s current registration. An Audit begun more than four months prior to an existing expiration date shall, if the Operator meets IOSA Standards, result in a new registration to begin on the date of the Closing Meeting at the completion of the on-site portion of the audit process. 2.6.4 IATA shall have a process to provide notification of registration renewal to a registered IOSA Operator at a point approximately six months prior to the expiration date of the current registration. 2.6.5 The Operator shall be removed from the IOSA Registry if Audit Closure has not been achieved prior to the expiration date of the current registration, unless it is determined that there are extenuating circumstances beyond the control of the Operator. 2.6.6 IATA shall have an audit review process in place to confer with the Operator and the AO to evaluate a claim of extenuating circumstances should the Audit not be closed prior to the expiration date of the current registration. A decision by IATA as to the validity of such extenuating circumstances shall be based on the history of the particular audit process, uncompleted audit activities, status of open Findings and the prospects for Audit closure. 2.6.7 Mandatory operational assessments of line flights and simulator sessions in accordance with IPM 5.7.8 that have been scheduled in conjunction with the on-site portion of an Audit, but subsequently do not occur, shall be eligible for consideration under a claim of extenuating circumstances in accordance with applicable provisions in this IPM 2.6. 2.6.8 In the event a claim of extenuating circumstances during the registration renewal process, the Operator shall remain on the IOSA Registry until such claim can be evaluated by IATA. Should a claim of extenuating circumstances be validated by IATA, a deadline date shall be communicated by IATA to the Operator and the AO that specifies when all Findings shall be closed. Such a deadline date shall not exceed one hundred twenty (120) days from the expiration date of the existing registration of the Operator. 2.6.9 A decision by IATA that a claim of extenuating circumstances is not valid shall result in the Operator being removed from the IOSA Registry concurrent with the expiration date of the existing registration, subject to the possible implementation of the IOSA Dispute Resolution process in accordance with IPM 2.8.2.

IOSA Registration


Figure 2.1: Timeline for Initial Registration

Figure 2.2: Timeline for Registration Renewal

Closing Meeting

Initial IOSARegistration

Effective

Audit Expires

(12 Months) (12 Months)

IOSA Registration

Expires

Registration Period (24 Months)

(Findings Closed)(On-site Audit)

Existing Registration

Expires

Renewed IOSARegistration

Effective

Audit Expires

(12 Months) (12 Months)

IOSA Registration

Expires

(Findings Closed)

(120 Days prior to Expiration)

Registration Period (24 Months)

(On-site Audit)

Closing Meeting



2.7 Reporting Responsibility 2.7.1 A registered IOSA Operator shall report to IATA any circumstances or conditions that significantly affect, or have the potential to significantly affect, the operations of the Operator. Such a report shall provide all details of a particular circumstance or condition, and shall be forwarded to IATA immediately, but in no case less than seven (7) days after the circumstance or condition becomes known. Reportable circumstances or conditions, applicable to the IOSA Operator, shall include, but not be limited to, the following:

i) revocation of or restrictions placed on the Air Operator Certificate; ii) sanctions imposed by an applicable regulatory authority; iii) an event involving the operation of an aircraft that meets the criteria of an Accident as

defined in ICAO Annex 13, Chapter 1; iv) financial difficulties, bankruptcy, significant management turnover, or transfer of company

ownership; v) industry reports of unprofessional practices or performance deficiencies; vi) failure to comply with all applicable laws in all jurisdictions where business is conducted; vii) a breach of the Audit Agreement; viii) other circumstances or conditions that might be deemed relevant to the IOSA audit

sharing process as described in IPM Section 7.

2.8 Registration Removal 2.8.1 In the event of a claim that Findings could not be closed prior to expiration of a current registration due to extenuating circumstances, IATA shall not take any action regarding removal of an Operator from the IOSA Registry until the IOSA Audit Review process has been completed in accordance with provisions in IPM 2.6. 2.8.2 Should there be disagreement between an AO and Auditee regarding audit results, IATA shall not take any action regarding removal of an Operator from the IOSA Registry until the appropriate IOSA Dispute Resolution process as described in IPM Section 9 has been completed (see Figure 2.5). 2.8.3 IATA shall have a process to notify Interested Parties when a registered IOSA Operator is involved in review or dispute resolution, and when an Operator is removed from the IOSA Registry.

2.9 Notification Requirements 2.9.1 An AO shall have processes to provide required notifications to IATA in writing in accordance with this IPM 2.9. The method of such notifications shall be specified as either email or fax. 2.9.2 An AO shall have a process to provide IATA with a calendar of scheduled IOSA activities, including, but not limited to, planned audits and auditor training sessions, for a period of twelve (12) months in advance. Updates to such a calendar of IOSA activities shall be provided to IATA on a monthly basis. If there are no changes during a month, the AO shall notify IATA that the calendar remains unchanged. 2.9.3 In the case of a scheduled Audit for renewal of an IOSA Registration, once the audit process has begun, an AO shall notify IATA immediately should there be any changes to the scheduled activities associated with that Audit. 2.9.4 When Audit Closure has been declared by an AO, the AO shall have a process to submit the IOSA Audit Report (IAR) to IATA within fifteen (15) business days of Audit Closure in accordance with IPM 6.2. 2.9.5 An AO shall notify IATA immediately when it has been determined that a current IOSA Operator will not or can not meet IOSA Standards within a timeframe necessary to maintain IOSA Registration.

IOSA Registration


Figure 2.3: Steps in the IOSA Registration Process (Initial Registration)

Audit Closuredeclared by AO?

Operator is notified inwriting by AO

IATA assumescustodianship of IAR;

IAR is entered intoIOSA Database for

Audit Sharing

Yes

AO conducts an Audit of a candidateorganization for IOSA registration

AO submits the IAR to IATA within 15 days ofAudit Closure

IATA establishes registration; name oforganization is entered on IOSA Registry

No

IOSA Registry displays organization as an IOSAOperator (Registration is effective on the date of

the Closing Meeting)



Figure 2.4: Steps in the IOSA Registration Process (Registration Renewal)

AO conducts an Audit of an IOSAOperator for renewal of IOSA

registration

Audit Closure isdeclared prior to

expiration?

Acceptableinterim corrective

action?

AO submits the IAR to IATAwithin 15 days of Audit Closure

IATA renews registration; nameof organization remains on

IOSA Registry

Organizationremains on IOSA

Registry

Audit Closure isdeclared by AO within 1

year?

Results indispute?

Organization isremoved from IOSA

Registry

IATA notifies interestedparties

NoYes

Yes

See Figure 2.5 forconsideration of

extenuatingcircumstances

No

Yes

No No

YesDispute Resolution

procedures areimplemented (IPM

Section 9)

IOSA Registry continues todisplay organization as anIOSA Operator (Effective

on expiration date ofprevious registration)

IOSA Registration


Figure 2.5: Steps in the Consideration of Extenuating Circumstances

AO conducts an Audit of an IOSA Operator for renewalof IOSA registration

Findings are closed priorto expiration date?

AO notifies IATA of failure of organization toclose Findings

Operator isnotified in

writing by AO

Extenuatingcircumstances

claimed?

IATA completes AuditReview process

IATA completes Audit ReviewProcess

Extenuatingcircumstances

verfied?

Results in dispute?

Organization isremoved from IOSA

Registry

Organization remains onRegistry; Findings shall be closedwithin 120 days from expiration of

existing registration

IATA notifies InterestedParties

NoYes

No Yes

YesNo

No

Yes

See Figure 2.4for consideration ofacceptable interimcorrective action

IOSA Registrycontinues to

displayorganization as an

IOSA Operator

Dispute Resolutionprocedures areimplemented

(IPM Section 9)

Auditor Qualification October 2003 3-1

SECTION 3 - AUDITOR QUALIFICATION

3.0 Purpose 3.0.1 The quality of the IOSA Auditor is a critical factor in ensuring that each audit is conducted in a standardized and consistent manner. The purpose of this section of the IPM is to provide qualification standards and guidance to ensure that every IOSA Auditor possesses the requisite level of competence to achieve overall programme standardization.

3.1 Categories of IOSA Auditors 3.1.1 Only approved IOSA Auditors shall be permitted to function as an auditor during the conduct of an Audit under IOSA. 3.1.2 There are three categories of approved IOSA Auditors, each based on experience, knowledge, and demonstrated skill.

i) Auditor: An experienced aviation auditor that has completed the process for qualification as an Auditor in accordance with IPM 3.9, and has been formally approved to conduct Audits under IOSA in at least one operational discipline.

ii) Lead Auditor: An experienced Auditor that has demonstrated the competence to successfully lead an IOSA Audit Team, and has completed the process for qualification as a Lead Auditor in accordance with IPM 3.10.

iii) Evaluator: An experienced Lead Auditor that has completed the process for qualification as an Evaluator in accordance with IPM 3.11, and has been designated by the AO to assess audit activities and evaluate auditor performance.

3.2 Competence of IOSA Auditors 3.2.1 Confidence in and reliance on the audit process depends on the competence of personnel conducting the Audit. Under IOSA, it is the AO that has the responsibility for determining that each IOSA Auditor has been selected and approved based on the following criteria:

i) meets qualification prerequisites; ii) possesses the appropriate personal attributes; iii) demonstrates the ability to apply knowledge and skills that are necessary to effectively

conduct Audits under the IOSA Programme, and iv) successfully completes all steps in the process for qualification to the appropriate

category of IOSA Auditor.

3.3 Qualification Prerequisites for IOSA Auditor Acceptance 3.3.1 The AO shall verify that a candidate for IOSA Auditor has met the appropriate qualification prerequisites in terms of education, operational experience, auditor certification and training and audit experience before the candidate can be approved as an IOSA Auditor. Such prerequisites ensure that an auditor has acquired the necessary knowledge and skills to become an IOSA Auditor, and are also indicators of auditor competence. 3.3.2 The AO shall require a candidate for IOSA Auditor to submit evidence, including a curriculum vitae and a completed IOSA Auditor Personal Data File, which documents the auditor’s professional background in terms of education, operational experience, auditor certification and/or training and audit experience.

i) The AO shall have a process to exercise due diligence in verifying and determining the accuracy of documented evidence submitted by the candidate.


Auditor Qualification 3-2 October 2003

3.3.3 Prerequisite Education i) A candidate for IOSA Auditor shall have completed at least secondary education.

Secondary education is typically 12-13 years of full time schooling under the national educational system that comes after the primary or elementary stages, and is completed prior to entrance to a university or similar educational institution.

3.3.4 Prerequisite Operational Experience i) A candidate for IOSA Auditor shall have at least five years of civilian or military work

experience in any of the aviation operational disciplines listed in IPM 3.3.4.ii), with at least two full years in a single discipline. Six months of the aviation experience must have occurred within the 24 months prior to application as a candidate for IOSA Auditor.

ii) The following constitute acceptable aviation operational disciplines that satisfy the general operational experience requirements for an IOSA Auditor. a) military or civilian air carrier pilot licensed by a national regulatory authority; b) military or civilian aircraft maintenance engineer/technician licensed or approved by a

national regulatory authority; c) air carrier flight operations or airworthiness inspector for a national regulatory

authority; d) flight dispatcher or flight operations officer certified by a national regulatory authority; e) aviation industry instructor in the areas of flight operations, aircraft systems, flight

dispatch, cabin safety, security, or dangerous goods; f) ramp operations supervisor or weight and balance specialist; g) cargo, and dangerous goods specialist; h) flight attendant supervisor; i) aviation operational security specialist; j) aviation safety or quality management professional.

iii) Flight Operations Auditors shall meet special provisions for experience in accordance with IPM 3.3.8.

iv) Engineering and Maintenance Auditors shall meet special provisions in accordance with IPM 3.3.9.

3.3.5 Prerequisite Auditor Certification and Training i) A candidate for IOSA Auditor shall satisfy one of the following prerequisites.

a) Possess and furnish proof of current certification by a recognized national or international auditor certification authority either as a quality auditor, quality management system auditor or lead auditor, or as an aerospace experience auditor. Auditor certification shall be based on internationally recognized auditor certification standards. Such certification shall be maintained.

b) If not currently a certified auditor as described above, furnish documented and verifiable evidence of completion of a formal quality auditor or lead quality auditor training course. Acceptable evidence of training shall consist of a certificate of completion, confirming that the candidate has successfully completed all aspects of the course including the examination. A certificate of attendance is not acceptable.

c) Effective 1 January 2006, a candidate for IOSA Auditor shall satisfy IPM 3.3.5 a); provision IPM 3.3.5 b) is no longer valid.

Auditor Qualification


3.3.6 Prerequisite Audit Experience

i) A candidate for IOSA Auditor shall furnish to the AO documented and verifiable evidence of having conducted at least four (4) aviation operational, quality management system, regulatory compliance or safety audits. Such audits shall have been conducted in the aviation operational disciplines included in the scope of IOSA, and at least one of the audits shall have been conducted within the 12 months prior to application.

3.3.7 “Grandfather” Provisions i) Notwithstanding any requirements contained in the accreditation process specified in IPM

Section 1, during the initial accreditation of an AO, at the discretion of IATA, certain auditors that exceed Prerequisite Audit Experience requirements contained in IPM 3.3.6 may be declared exempt from other acceptance requirements contained in this IPM Section 3.

3.3.8 Special Provisions for Flight Operations Auditors i) Auditors who will conduct auditing in the operational discipline of Flight Operations shall

meet all requirements contained in IPM Clauses 3.3.3 (Education) and 3.3.5 (Auditor Certification and Training) in addition to special experience requirements contained in Table 3.1.

3.3.9 Special Provisions for Engineering and Maintenance Auditors i) Auditors who will conduct auditing in the operational discipline of Engineering and

Maintenance shall meet all requirements contained in IPM Clauses 3.3.3 (Education) and 3.3.5 (Auditor Certification and Training) in addition to special experience requirements contained in Table 3.2.



Table 3.1 Experience Requirements for Flight Operations Auditors

Operational and Audit Experience Core Aviation Experience Airline Flight Operations

Experience (see Note 1)

Operational Experience in accordance with IPM 3.3.4 (six months of the aviation experience must have occurred within the 24 months prior to application as a candidate for IOSA Auditor)

or

Audit Experience in accordance with IPM 3.3.6 (at least four aviation operational quality or safety audits conducted in the aviation operational disciplines included in the scope of IOSA, and at least one of the audits shall have been conducted within the 12 months prior to application)

Three years as an airline pilot (line experience)

or

Three years of transport category or military flight crew experience

Two years in Flight Operations Management

or

Two years as a training instructor

or

Two years as a check airman

or

Two years as a quality or safety auditor

or

Two years as a flight operations inspector for a national regulatory authority

Note 1: In order to be qualified to conduct assessments of flight simulator sessions, a Flight Operations Auditor shall meet one (1) of the following requirements: have simulator operation experience as a flight simulator instructor or evaluator, or provide documented evidence of having completed a formal training course on simulator operation, or complete an approved simulator observation training course in accordance with IPM 4.5. (This training course curriculum is under development.)



Table 3.2 Experience Requirements for Engineering and Maintenance Auditors

Aviation Experience Quality Experience Audit Experience

A minimum of five (5) years combined experience in support of airline or airline related maintenance, engineering or quality functions.

All experience described above shall have occurred within the ten (10) years prior to application as an IOSA Auditor.

Note: Requirements in the Quality Experience column shall be included as part of the combined requirements in this Airline Experience column.

A minimum of two (2) years performing quality assurance audits in support of airline or airline related engineering and maintenance functions.

or

A minimum of two (2) years performing quality systems evaluations of airline or airline related maintenance programmes.

or

A minimum of two (2) years experience performing operational quality audits of foreign air carriers in the area of engineering and maintenance.

or

A minimum of two (2) years as an airworthiness inspector for a national regulatory authority.

A minimum of four (4) audits in support of airline or airline related engineering and maintenance functions as described under the Quality Experience column.

All audit experience described above shall have occurred within the twenty four (24) months prior to application as an IOSA Auditor.

A minimum of one (1) of the audits described above shall have been conducted within the twelve (12) months prior to application as an IOSA Auditor.



3.4 Personal Attributes of IOSA Auditors 3.4.1 The IOSA Auditor must possess certain personal attributes that contribute to the successful performance of an audit. Such personal attributes include the following:

i) ethical in conduct; ii) objective, fair and impartial in applying judgement; iii) self confident in knowledge and ability; iv) honest and firm in convictions; v) focused on achieving objectives; vi) observant of physical surroundings and activities; vii) dedicated to operating in a teamwork environment; viii) open to alternative ideas or methods; ix) tactful in dealing with people; x) discreet in managing information; xi) insightful of and adaptable to different situations; xii) analytical and logical in reaching conclusions; xiii) well groomed, with good personal habits and hygiene.

3.5 Ethical Standards for IOSA Auditors 3.5.1 The IOSA Auditor shall always be cognizant of the potential for conflict of interest when conducting an audit. Specifically, an IOSA Auditor shall ensure the following provisions are always met when participating in an audit:

i) the auditor shall not have provided consulting services to the audited Operator within the operational scope of IOSA within the past two years;

ii) the auditor shall have no direct or indirect financial interest in the audited Operator; iii) there shall be no family members of the auditor affiliated with the audited Operator, with

such family members defined as parent, sibling, child, spouse, grandparent, or grand child.

3.6 Knowledge and Skills for IOSA Auditors 3.6.1 IOSA Auditors shall have a thorough knowledge of the following:

i) quality and safety audit principles, procedures and techniques; ii) manuals that comprise the IOSA documentation system, including the IOSA Standards

Manual (ISM), the IOSA Programme Manual (IPM) and the IOSA Auditor Handbook (IAH); iii) typical organizational structure of airlines, including size, functions and relationships; iv) relevant technical areas of airline operations.

3.6.2 IOSA Auditors shall have a general knowledge of the following: i) applicable laws, ICAO Annexes and regulatory requirements, such as Federal Aviation

Regulations (FARs), Joint Aviation Requirements for Operations (JAR-OPS 1) or similar and comparable regional aviation regulations;

ii) airline business processes and related terminology; iii) cultural and social customs.



3.6.3 IOSA Auditors shall have effective skills in the following areas:

i) speaking, reading and writing English; ii) writing reports; iii) communicating; iv) working with people.

3.7 Additional Skills for Lead Auditors 3.7.1 Lead Auditors require additional skills in leadership that enhance the performance of the Audit Team. Skills in this area include:

i) planning the audit and making effective use of resources during the audit; ii) representing the audit team in communications with the client and auditee; iii) organizing and directing audit team members; iv) leading the audit team to reach audit conclusions; v) preventing and resolving problems and conflicts; vi) preparing and completing the audit reports.

3.8 Special Qualities for Evaluators 3.8.1 Evaluators are designated by the AO to maintain the quality and integrity of the Audit Programme through observation and evaluation of all aspects of audit operations. The AO shall base the selection of the evaluator on a history of reliability and superior performance in the following areas:

i) leadership and respect; ii) overall technical and business knowledge; iii) adherence to standards; iv) ability to exercise objective judgment; v) multi-task capabilities; vi) dedication to operational quality.

3.9 Qualification Process for Auditors 3.9.1 As part of the initial accreditation process, the candidate for accreditation as an AO shall propose a group of initial auditors. Proposed auditors shall accomplish each of the following qualification steps in order to establish an initial cadre of approved IOSA Auditors for the new AO:

i) submit a completed IOSA Auditor Personal Data File, which includes a curriculum vitae, to the AO;

ii) complete a personal interview (auditors selected at the discretion of IATA only) by IATA to verify that auditor prerequisite qualifications are in accordance with applicable provisions in IPM 3.3;

iii) complete the IOSA Auditor Training (IAT) course conducted by a training organization endorsed by IATA (ETO).

3.9.2 Only the initial cadre of IOSA Auditors approved in accordance with IPM 3.9.1 shall be permitted to conduct Audits for a newly accredited AO. All candidates for IOSA Auditor subsequently selected by the new AO shall be required to complete the full auditor qualification process of the AO in accordance with IPM 3.9.3.



3.9.3 A candidate for IOSA Auditor shall successfully accomplish each of the following steps in the auditor qualification process (see Figure 3.1) in order to attain the status of an approved Auditor:

i) complete the IOSA Auditor Training (IAT) course conducted by an ETO; ii) observe at least one Audit or portion of an Audit consisting of at least one full day; iii) conduct at least one Audit, or portion of an Audit, under the supervision of an approved

Auditor; iv) if required, receive additional training-to-proficiency during the qualification process; v) conduct at least one full Audit, including auditing in each operational discipline for which

the candidate seeks qualification, while being evaluated by an Evaluator; vi) be recommended to the AO for approval as an Auditor by the Evaluator.

3.9.4 When a candidate for IOSA Auditor has successfully completed all applicable steps in the auditor qualification process, the AO shall accomplish the following:

i) enter the name of the auditor on the list of approved IOSA Auditors for the AO; ii) submit the name and qualification records of the auditor to IATA for entry on the master

registry of IOSA Auditors.



Figure 3.1 Qualification Process Flow for IOSA Auditor (Established AO)

The AO recruits and selects a candidate for IOSAAuditor based on personal attributes, knowledgeand skills criteria specified in the IPM Section 3.

The AO enrolls the candidate in an IOSA AuditorTraining (IAT) course offered by an IATAEndorsed Training Organization (ETO).

The candidate observes an Audit, or portion of anAudit, consisting of at least one full day.

The candidate successfully completes IAT.

The candidate conducts at least one full Audit,including auditing in each operational discipline

for which the candidate seeks qualification, whilebeing evaluated by an Evaluator.

The candidate conducts at least one Audit, orportion of an Audit, under the supervision of an

approved Auditor.

Acceptableperformance?

The candidate receivestraining-to-proficiencyconducted by the AO.

Acceptableprogress?

The qualificationprocess is terminated.

Satisfactoryperformance?

The candidate is recommended to the AO by theEvaluator for approval as an Auditor.

The AO adds the Auditor to its list of approvedIOSA Auditors. AO also forwards the name andnew qualification to IATA for entry on the master

IOSA Auditor Registry.

Yes

No

Yes

No

Yes

No



3.10 Qualification Process for Lead Auditors 3.10.1 After the AO has completed the selection process based on criteria contained in IPM 3.7, an auditor shall successfully accomplish each of the following steps in the auditor qualification process in order to attain the status of a Lead Auditor:

i) as a prerequisite, have conducted at least two complete audits as an Auditor; ii) as a prerequisite, have successfully completed a formal lead auditor training course in

accordance with IPM 4.4; iii) be recommended to the AO by a Lead Auditor(s) based on demonstration of

competencies; iv) conduct at least one full Audit acting as lead auditor under supervision of an Evaluator;

Note 1: the Evaluator may function on the team as a productive auditor Note 2: the Evaluator is the official lead auditor for the team and must sign the audit report

v) be recommended to the AO for approval as a Lead Auditor by the Evaluator. 3.10.2 When an auditor has successfully completed all steps in the Lead Auditor qualification process, the AO shall accomplish the following:

i) enter the name of the auditor on the list of approved Lead Auditors for the AO; ii) submit the name and qualification records of the auditor to IATA for entry on the master

registry of IOSA Auditors. 3.10.3 Exceptions to the above Lead Auditor qualification requirements may be permitted, at the discretion of IATA, during the initial accreditation of an AO. The AO shall ensure any exceptions are requested from, coordinated with and approved by IATA.

3.11 Qualification Process for Evaluators 3.11.1 After the AO has completed the selection process based on criteria contained in IPM 3.8, the AO shall ensure that the auditor has conducted at least three complete Audits as a Lead Auditor. 3.11.2 When the AO has determined that the auditor has met all qualification requirements for an Evaluator, the AO shall accomplish the following:

i) enter the name of the auditor on the list of approved Evaluators for the AO; ii) submit the name and qualification records of the auditor to IATA for entry on the master

registry of IOSA Auditors. 3.11.3 Exceptions to the above Evaluator qualification requirements may be permitted, at the discretion of IATA, during the initial accreditation of an AO. The AO shall ensure any exceptions are requested from, coordinated with and approved by IATA.



3.12 Qualification Process for Auditing an Additional Operational Discipline 3.12.1 An Auditor is initially approved to audit only those operational disciplines in which proficiency has been demonstrated during the initial qualification and approval process. The AO shall have a documented process for qualifying an auditor to audit in an additional operational discipline, and the AO shall ensure that an auditor accomplishes all steps in the documented process as follows:

i) as a prerequisite, demonstrate knowledge in the new operational discipline consistent with documented standards by the AO;

ii) for an auditor seeking approval to audit in the operational discipline of Flight Operations, meet all requirements of IPM 3.3.8, Special Provisions for Flight Operations Auditors;

iii) for an auditor seeking approval to audit in the operational discipline of Engineering and Maintenance, meet all requirements of IPM 3.3.9, Special Provisions for Engineering and Maintenance Auditors;

iv) observe auditing in the new operational discipline during at least one Audit; v) observe auditing in the new operational discipline during at least one Audit or partial Audit

by an Auditor. The observer shall be an auditor qualified in the operational discipline; vi) be recommended to the AO for audit approval in the new operational discipline by the

Auditor. 3.12.2 When the AO has determined that the auditor has met all qualification requirements for auditing in a new operational discipline, the AO shall accomplish the following:

i) add the new operational discipline to the qualifications of the auditor on the list of approved Evaluators for the AO;

ii) submit the name and additional qualification records of the auditor to IATA for entry on the master registry of IOSA Auditors.

3.13 IOSA Auditor Training 3.13.1 Each candidate for IOSA Auditor shall successfully complete the IOSA Auditor Training (IAT) course in accordance with IPM 3.9 and applicable provisions in IPM Section 4. 3.13.2 Each IOSA Auditor shall complete an annual recurrent training programme in accordance with applicable provisions in IPM Section 4.

3.14 IOSA Auditor Currency 3.14.1 Each Auditor, Lead Auditor, and Evaluator shall complete annual recurrent training and conduct two full audits, at least one under IOSA, per year in order to maintain currency of qualification. For the determination of non-currency, the following apply:

i) after completion of the qualification process in accordance with IPM 3.9, one year shall be defined as the 365 consecutive days following the effective date of initial approval as an IOSA Auditor;

ii) for an existing approved IOSA Auditor, one year shall be defined as the 365 consecutive days following the date of the first day of the last Audit conducted under IOSA by the auditor.

3.14.2 An IOSA Auditor that fails to maintain currency due to lack of conducting the minimum number of audits may re-qualify by successfully accomplishing the following steps within one year (365 consecutive days) following the date the auditor became non-current:

i) complete the current version of the annual recurrent training programme of the AO: ii) conduct at least one Audit under IOSA, or portion of an Audit, under the supervision of an

IOSA Auditor.



3.14.3 An IOSA Auditor that fails to re-qualify within one year (365 consecutive days) following the date of becoming non-current shall be considered unqualified, and shall only be able to regain qualification through completion of the Process for Qualification as an IOSA Auditor in accordance with IPM 3.9.1. 3.14.4 In addition to currency requirements specified in IPM 3.14.1, in order to maintain qualification, during every two consecutive calendar years, each auditor shall conduct a full or partial Audit under IOSA while being evaluated by an Evaluator. 3.14.5 An IOSA Auditor that meets currency requirements specified in IPM 3.14.1, but has become non-qualified due to lack of an evaluation within two consecutive years, shall be evaluated, with satisfactory results, by an Evaluator while conducting a full Audit under IOSA in order to regain qualification.

Auditor Training October 2003 4-1

SECTION 4 - AUDITOR TRAINING

4.0 Purpose 4.0.1 A high level of competency among IOSA Auditors is essential in ensuring a credible and meaningful Audit under IOSA. It is therefore necessary to establish an IOSA Auditor training programme that ensures each IOSA Auditor attains and maintains a requisite level of standardization and competency. The purpose of this section of the IPM is to support achievement of IOSA Programme goals by providing standards and guidance for the content and presentation of IOSA training activities.

4.1 IOSA Auditor Training (IAT) 4.1.1 Each candidate for IOSA Auditor training shall successfully complete the IOSA Auditor Training course in accordance with applicable provisions in IPM 3.9. 4.1.2 IAT shall be arranged and scheduled by the AO, and shall be conducted by an IATA Endorsed Training Organization (ETO). 4.1.3 IAT is the first step in the IOSA Auditor qualification process. The course is designed to familiarize an experienced aviation operational auditor with the most important aspects of the IOSA Programme, and to provide knowledge in additional subjects that are closely associated with IOSA. IAT includes active training sessions that offer trainees sufficient opportunities to practice the standardized IOSA auditing process. The IAT course curriculum shall include, but not be limited to, the following subject areas:

i) introduction to the IOSA Programme; ii) IOSA terminology; iii) legal aspects; iv) IOSA manuals; v) IOSA Audit process and logistics; vi) auditor competence; vii) intercultural awareness; viii) IOSA Standards and Recommended Practices (ISARPs); ix) determination of conformity with ISARPs; x) checklist usage.

4.1.4 A written exam shall be administered at the completion of the training course to measure the knowledge gained by each trainee. To successfully pass the exam, the candidate for IOSA Auditor shall achieve a grade of 70% or higher. 4.1.5 At the conclusion of IAT, a candidate for IOSA Auditor shall have a complete understanding of the IOSA Programme, including the following:

i) programme objectives, terminology, principles, methodology and techniques; ii) IOSA documents, including ISM, IPM, and IAH; iii) ISARPs and application during an Audit; iv) determination of conformity to ISARPs; v) use of the IOSA Checklist; vi) documentation requirements.

4.1.6 The AO shall record the successful completion of IAT by each listed IOSA Auditor; these records shall be retained by the AO in each auditor’s qualification file.


Auditor Training 4-2 October 2003

4.2 Prerequisite Auditor Training 4.2.1 Each candidate for IOSA Auditor training that is not currently a certified auditor shall have successfully completed a formal quality auditor training course in accordance with IPM 3.3.5. 4.2.2 An acceptable prerequisite quality auditor training course curriculum shall include, but not be limited to, instruction and evaluation in at least the following areas:

i) auditor professional conduct and responsibilities; ii) planning and preparation for an audit; iii) audit principles, procedures and techniques that an auditor may select and apply as

appropriate to ensure audits are conducted in a consistent and systematic manner; iii) management system and reference documents that enable an auditor to comprehend the

scope of an audit and apply audit standards; iv) methods and techniques used by an auditor for effectively gathering evidence and other

data necessary in determining conformance with standards; v) determination of corrective action and preparation of the audit report.

4.2.3 The AO shall record and retain acceptable evidence of prerequisite quality auditor training, which shall include a certificate of completion indicating that the candidate has successfully completed all aspects of the course including the examination. A certificate of attendance is not acceptable. These records shall be retained by the AO in each auditor’s qualification file.

4.3 Prerequisite Lead Auditor Training 4.3.1 Each candidate for IOSA Lead Auditor shall have successfully completed a formal lead auditor training course. 4.3.2 An acceptable prerequisite lead auditor course curriculum shall include, but not be limited to, the following or similar subject areas:

i) role of the lead auditor; ii) audit ethics and conduct; iii) audit planning, including logistics and personnel management; iv) team building; v) methods of effective communication; vi) conducting effective meetings; vii) audit report preparation; viii) audit follow-up.

4.3.3 The AO shall record and retain acceptable documented evidence of successful completion of formal lead auditor training, including specific course identification, date and location, by each listed IOSA Lead Auditor. These records shall be retained by the AO in each auditor’s qualification file.

4.4 Auditor Recurrent Training 4.4.1 Each IOSA Auditor, Lead Auditor and Evaluator shall successfully complete recurrent training on an annual basis in order to maintain qualification under IOSA. 4.4.2 The AO shall be responsible for providing recurrent training to its listed IOSA auditors on an annual basis, and shall have a programme that states training objectives and details the process for course development and presentation. 4.4.3 The AO shall develop the curriculum for IOSA annual recurrent training, and on a bi-annual basis the AO shall include a mandatory training module obtained from IATA.

Auditor Training

Auditor Training October 2003 4-3

4.4.4 In general, the IOSA annual recurrent training curriculum shall be designed to update the auditor with regard to local and system IOSA issues and developments associated with standards and regulations. Recurrent training shall also provide a refresher on auditing principles and operational subjects. 4.4.5 Typical course content for IOSA annual recurrent training developed by the AO shall focus on the following areas:

i) administration; ii) IOSA standards; iii) documentation; iv) regulatory requirements; v) audit operations; vi) standarisation; vii) problems; viii) other appropriate local issues.

4.4.6 Typical course content for IOSA annual recurrent training obtained from IATAon a bi-annual basis shall focus on the following areas:

i) operational, quality and safety audit principles; ii) IOSA system operational or administrative subjects; iii) IOSA system audit issues and problems; iv) IOSA system statistical results; v) other appropriate system issues.

4.4.7 The AO shall record the successful completion of IOSA annual recurrent training by each Auditor listed under IOSA; these records shall be retained by the AO in each Auditor’s qualification file for a period of five (5) years.

4.5 Flight Simulator Operation Training 4.5.1 An AO shall have a training course to qualify certain Flight Operations Auditors to conduct assessments of flight simulator sessions as specified in IPM Section 3, Table 3.1. (This training course curriculum is under development.)


Auditor Training 4-4 October 2003


Audit Programme October 2003 5-1

SECTION 5 – AUDIT PROGRAMME

5.0 Purpose 5.0.1 The objective of the operational Audit under IOSA is to determine the level of fulfilment of IOSA Standards and Recommended Practices (ISARPs) for the purpose of registering the Auditee as an IOSA Operator. The Audit Programme is the documented system, including policies, processes and procedures for implementation of an Audit under IOSA. The purpose of this section of the IPM is to provide the guidance necessary for an AO to establish and maintain an effective Audit Programme. The standards in this section also provide the basis for standardized procedures used by IOSA Auditors to conduct an Audit.

5.1 Organization and Management 5.1.1 The AO shall have an organization and management system that clearly delineates authorities and responsibilities for all aspects of the Audit Programme. 5.1.2 The AO shall have policies, processes and procedures to ensure effective implementation, control and standardization of the IOSA Audit Programme, including:

i) scheduling and planning; ii) selecting and assembling audit teams; iii) preparing for audits; iv) providing resources and logistical support; v) utilizing the audit checklist vi) conducting audits; vii) completing an IOSA Interim Audit Report (IIAR); viii) accepting a Corrective Action Plan (CAP) ix) conducting audit follow-up; x) closing Findings; xi) completing and distributing the IOSA Audit Report (IAR); xii) maintaining audit records; xiii) control and surveillance of audit activities and auditor performance; xiv) achieving continuous improvement.


Audit Programme 5-2 October 2003

5.2 Scheduling and Planning 5.2.1 The AO shall have an audit scheduling process designed to ensure that audit objectives will be met and that the Audit will be conducted in an efficient and standardized manner. The audit scheduling and planning process shall include, but not be limited to, consideration of the following:

i) audit scope and objectives; ii) execution of the IOSA Audit Agreement; iii) status of the IOSA registration of the Auditee; iv) AO and auditor conflict of interest; v) the organization to be audited; vi) audit location(s); vii) activities to be audited; viii) availability of resources; ix) logistical requirements; x) cultural issues; xi) language issues.

5.2.2 The AO shall communicate and coordinate with the Auditee sufficiently in advance of the Audit to ensure the availability of designated operational activities that are listed in IPM Table 5.1, and are mandatory for assessment by the Audit Team during the Audit. 5.2.3 The AO shall provide the Auditee with the names of the members of the Audit Team that has been selected in accordance with provisions in IPM 5.3. 5.2.4 The Auditee shall have the option to appeal without a stated reason the nomination of an Auditor that has been selected by the AO. In such case, the AO shall replace the disputed Auditor prior to the start of the Audit. This right of refusal by the Auditee shall apply to only one member of the Audit Team, and the AO shall not be obligated to replace any other members of the team.

5.3 Selecting and Assembling Audit Teams 5.3.1 The AO shall have a process to ensure that an Audit Team comprises only fully qualified auditors that are on its list of approved IOSA Auditors. 5.3.2 The AO shall have a programme for auditor training, evaluation and qualification during an Audit, and such programme shall permit a trainee or non-qualified auditor to participate in the conduct of an Audit only when under the direct supervision or observation of a fully qualified and approved IOSA Auditor, Lead Auditor or Evaluator. The responsibility for development of Findings and Observations shall always be with the qualified IOSA Auditor. 5.3.3 The AO shall have a process to permit an observer to be a member of an Audit Team; however, the presence of such an observer shall be coordinated in advance with the Auditee and other relevant parties, as applicable. 5.3.4 The AO shall have a process for selection of an Audit Team that takes into account the following considerations:

i) audit scope and objectives; ii) auditor conflict of interest; iii) size of the organization to be audited; iv) location(s) and activities to be audited; v) previous audit history of the organization to be audited, if known; vi) cultural environment(s) and language(s) spoken; vii) requirements for specialized operational and/or audit skills.

Audit Programme


5.3.5 The AO shall have a process for designating a Lead Auditor that takes into account considerations in IPM 5.3.4, and also considers the total experience and competency of Audit Team members.

5.4 Preparing for Audits 5.4.1 Once an audit is planned, the AO shall have a process for establishing communication with the Auditee to identify and coordinate logistical and operational needs associated with implementation of the Audit. 5.4.2 When preparing to audit an organization that is currently a registered IOSA Operator, the AO shall have a process to request access to previous IOSA Audit Reports (IARs) in accordance with IPM 6.8.5. 5.4.3 The AO shall have a process for preparing an Audit Plan that details all requirements necessary for successful implementation of the Audit. The Audit Plan shall address the following:

i) audit scope and objective; ii) general audit methodology, including audit report and follow-up; iii) identification of ISARPs as the basis of the Audit; iv) identification of ISM as source reference for ISARPs; v) dates and locations for the Audit and associated activities; vi) roles and responsibilities of the Audit Team; vii) identification of others that may accompany the Audit Team; viii) key points of contact of AO and Auditee; ix) working arrangements with representatives of Auditee; x) resource and location requirements; xi) logistical requirements and arrangements; xii) cultural issues; xiii) any need for translators or interpreters; xiv) other requirements as necessary.

5.4.4 To enhance preparation for an Audit, the AO shall have a process to obtain and review relevant information and documentation from the Auditee as far in advance of the Audit as possible. 5.4.5 To assist the Audit Team in assessing IOSA documentation requirements, and thus enhance audit efficiency and reduce audit time, the AO shall have a process to attempt to coordinate with the Auditee for provision of a detailed list of references from its own documentation system that correspond to ISARPs. 5.4.6 The AO shall have a process to assemble the full Audit Team prior to commencement of the on-site portion of the Audit for the purpose of preparing team members to conduct the Audit in a coordinated and efficient manner. Such a programme shall include a preparatory meeting of the full Audit Team to:

i) review the Audit Plan; ii) discuss roles and responsibilities; iii) coordinate a strategy and procedures for effective teamwork during the Audit.

5.5 Providing Resources and Logistical Support 5.5.1 In addition to having the capability for provision of its own resources to support the Audit Team, the AO shall have a process that ensures communication with the Auditee in sufficient time prior to an Audit to identify and coordinate the availability of all on-site resources and facilities necessary for implementation of the Audit.



5.5.2 The AO shall have a process to provide necessary logistical support for the Audit Team, including arrangements for scheduling, communication, travel, lodging, financial, medical and any other support necessary to ensure efficient and successful audit implementation. 5.5.3 The AO shall have a process to prepare an official identification badge for use by approved IOSA Auditors. The process of the AO shall ensure that, in preparation for an Audit:

i) each Audit Team member is in possession of an IOSA Auditor identification badge; ii) each Auditor displays such an identification badge at all times when conducting the on-

site phase of the Audit. 5.5.4 The AO shall have a process to ensure that each member of the Audit Team is supplied with and always has the required IOSA documents at his or her immediate disposal during the conduct of an Audit. Each member of the Audit Team shall have:

i) ISM Section 1, Part 1 and 2; ii) ISM Sections 2-8, Part 1 and 2, relevant to the specific area(s) of the operation to be

audited; iii) current IOSA Checklists relevant to the specific area(s) of the operation to be audited.

5.6 Utilizing the Audit Checklist 5.6.1 The AO shall have a programme that ensures Auditors understand usage of the IOSA Checklist and are proficient in completing the Checklist in a standardized manner in accordance with applicable guidance in the IOSA Auditor’s Handbook (IAH).

Audit Programme


5.7 Conducting Audits 5.7.1 The AO shall have a programme that ensures a formal Opening Meeting with the management of the Auditee is conducted at the beginning of the on-site phase of the Audit. The spokesperson for the Audit Team shall be the designated Lead Auditor, and attendance shall be recorded. The Opening Meeting shall be conducted using a formal presentation format, either projected or on paper, and shall address the following:

i) introduction of members of the Audit Team and representatives of the Auditee; ii) roles and responsibilities of the Audit Team and the Auditee; iii) exchange of contact information and lines of communication during the Audit; iv) audit objective: establishment of the level of conformity to ISARPs; v) scope of ISARPs and application to the Audit; vi) schedule of all activities during the Audit, including the Closing Meeting; vii) methods and procedures used to conduct the audit; viii) criteria for establishing conformity to ISARPs: “documented” and “implemented”; ix) administrative arrangements and facilities to be used during the Audit; x) arrangements for travel to various audit venues; xi) arrangements for observations of operational activities; xii) language to be used during the Audit; xiii) method of keeping the Auditee informed of Audit progress; xiv) method of reporting IOSA Findings or Observations to the Auditee; xv) post audit follow-up, and an overview of the process for closing Findings; xvi) confidentiality of the IOSA Programme; xvii) safety, security or emergency procedures applicable to the Audit Team; xviii)availability and roles of guides or escorts during the audit; xix) conditions that may lead to termination of the audit; xx) IOSA dispute resolution process.

5.7.2 The AO shall have a programme that identifies and ensures effective application of methods for gathering of objective evidence during an Audit, and shall ensure that Auditors understand and are proficient in interviewing, reviewing documentation, observing activities and noting operational conditions. 5.7.3 The AO shall have a programme that ensures Auditors are competent in being able to establish conformity based on the degree to which the Auditee has documented and implemented stated requirements in IOSA Standards. 5.7.4 The AO shall have a process to ensure that there are regularly scheduled and frequent meetings of the Audit Team during an Audit to exchange information and assess progress. Such meetings shall focus on the development of Findings and Observations, including assessment of real or potential non-conformities identified to date and the need to gather additional objective evidence to substantiate the development of Findings and/or Observations. 5.7.5 The AO shall have a process for ensuring establishment of formal lines of communication, and further ensuring that there is effective communication between the Audit Team and the Auditee during an Audit.



5.7.6 The AO shall have a process to ensure that the Auditee is appropriately informed when any of the following exist:

i) a Finding or Observation is verified; ii) there is objective evidence indicating a potential Finding or Observation; iii) audit objectives are not attainable.

5.7.7 For the purpose of verifying implementation of IOSA Standards by the Auditee, the AO shall have a process to ensure that the Audit Team conducts specified assessments of the Auditee’s operations as specified in IPM Table 5.1. 5.7.8 The AO shall have a programme for assessment of line flights and simulator sessions as part of the Audit. The programme of the AO shall ensure that such assessments:

i) are conducted as part of every Audit; ii) are coordinated and scheduled in accordance with IPM 5.2.2; iii) take place in conjunction with the on-site portion of the Audit, if possible; iv) are accomplished only by qualified Flight Operations IOSA Auditors in accordance with IPM

3.3.8 and applicable guidance in the IAH; v) are conducted by Auditors who can communicate in the language of the Auditee, or if not

possible, have the availability of an interpreter. Note: The line flight assessment may be excluded if prohibited by the applicable regulatory authority 5.7.9 The AO shall have a process that ensures Findings and Observations are:

i) generated against a specific IOSA Standard or Recommended Practice; ii) based on objective evidence discovered during the audit; iii) discussed with the Auditee during the Audit in an attempt to achieve agreement; iv) discussed with and agreed to among the Audit Team members; v) documented along with supporting objective evidence.

5.7.10 The AO shall have a programme that ensures the on-site phase of the Audit is completed with a formal Closing Meeting with the management of the Auditee. The spokesperson for the Audit Team shall be the designated IOSA Lead Auditor and attendance shall be recorded. The Closing Meeting shall be conducted using a formal presentation format, either projected or on paper, and the following areas shall be presented or addressed:

i) an overview of the Audit; ii) IOSA Findings and Observations; iii) supporting objective evidence (may be presented by individual auditors); iv) the IOSA Interim Audit Report (IIAR); v) the IOSA Corrective Action Record (CAR); vi) follow-up process, including timelines for corrective action; vii) process for verification of corrective action implementation; viii) closure of Findings; ix) the IOSA Audit Report (IAR); x) requirements for IOSA Registration; xi) confidentiality of the IOSA Programme; xii) the IOSA Audit Feedback Programme.

Audit Programme


5.7.11 The AO shall have a process to ensure that the designated Lead Auditor provides the Auditee with all Findings and Observations resulting from the Audit by leaving a draft of relevant parts from the IOSA Interim Audit Report (IIAR) template. These documents shall clearly be labelled “DRAFT” across the page. 5.7.12 If the Auditee attempts to address Findings or Observations through implementation of immediate corrective action during the on-site portion of the Audit, the AO shall have a process to exclude any such Finding and Observation from the requirement in IPM 5.7.11 only if the Audit Team is able to verify full implementation of comprehensive and permanent corrective action prior to the Closing Meeting. 5.7.13 The AO shall have a process to ensure that the designated Lead Auditor informs the Auditee of Findings and Observations provided to the Auditee at the Closing Meeting:

i) although unofficial and presented on a draft document, shall not be further revised; ii) are to be used by the Auditee to begin development of the Corrective Action Plan (CAP); iii) will subsequently be incorporated into an IIAR, which constitutes official notification of

Findings and Observations, and which will be forwarded to the Auditee within fifteen (15) business days following the date of the Closing Meeting.

5.7.14 If the AO has a process, including provisions for on-site quality control, to fully prepare an IIAR prior to the Closing Meeting, the Lead Auditor shall be permitted to provide the Auditee with the official IIAR in lieu of a draft document at the Closing Meeting. The on-site quality control process shall provide for a thorough review of the IIAR by the full Audit Team to ensure that all information is correct, and that Findings are supported by documented factual evidence in accordance with IPM 5.7.9. 5.7.15 The AO shall have a process to ensure that, through communication by the designated Lead Auditor, the Auditee fully understands that the Auditee and the AO shall conclude a process to reach agreement on a CAP acceptable to the AO within thirty (30) days following the Closing Meeting, and that Audit Closure shall not be declared until corrective action in accordance with the accepted CAP has been implemented by the Auditee and verified by the AO. 5.7.16 The AO shall have a process to ensure that, through communication by the designated Lead Auditor, the Auditee has an understanding of the importance and objectives of the IOSA Audit Feedback Programme, and that programme documents are given to the Auditee.

5.8 Termination of an Audit 5.8.1 The AO shall have a process, including provisions for notifying the Auditee, to terminate an Audit if the Audit Team makes an objective determination that any one of the following conditions exist:

i) the Auditee is attempting to exert obvious and undue influence on the Audit Team; ii) the Auditee is raising unacceptable barriers that significantly limit or inhibit the ability of the

Audit Team to discover factual evidence; iii) a conflict of interest as specified in IPM 1.4 becomes evident; iv) there is a significant breach of the Audit Agreement.

5.9 Completing an Interim IOSA Audit Report (IIAR) 5.9.1 The AO shall have a process to prepare and forward to the Auditee an IIAR accompanied by applicable Corrective Action Record (CARs). A copy of the completed IOSA checklists shall not accompany the IIAR.



5.9.2 The AO shall have a quality control process to review and approve all information contained in the IIAR, and to ensure that Findings in the IIAR are consistent with those presented to the Auditee at the Closing Meeting in accordance with ISM 5.7.13. Once approved, the AO shall then forward the IIAR to the Auditee within fifteen (15) business days following the Closing Meeting. The AO shall have a verification process to ensure the Auditee has received the IIAR.

Audit Programme


Table 5.1: IOSA Operational Assessments

Operational Discipline Activities and Processes Remarks

Flight Operations Line flight cockpit operations * See IPM 5.7.8 Simulator session * See IPM 5.7.8

Operational Control Flight Dispatch

Flight planning * Flight monitoring *

Engineering & Maintenance

AD/ASB process * Maintenance activities (2) Maintenance processes * (1)

See Table 5.2, Note 1 below See Table 5.2, Note 2 below See Table 5.2, Note 3 below

Cabin Operations Line flight cabin operations *

Ground Handling Weight and balance calculation * Ground handling activities *

See Table 5.2, Note 4 below

Cargo Operations Aircraft loading or unloading *

Operational Security Baggage reconciliation * Pre-Board/hold room screening Aircraft access control * Preflight crew security briefing

* Indicates mandatory assessment



Table 5.2: IOSA Operational Assessments (Notes)

Note 1: An Engineering and Maintenance Auditor shall assess the entire process of the Operator for assessing and implementing an Airworthiness Directive (AD) and/or Alert Service Bulletin (ASB), including a review of the Task Card used to certify the incorporation of an AD or ASB.

Note 2: An Engineering and Maintenance Auditor should assess a minimum of two (2) maintenance activities, including, but not limited to, any of the following: engine change; APU change; primary or secondary flight control change; wheel or brake change; door (cabin or cargo) change; landing gear (main, body, wing or nose) change; radar antenna change; pilot or static component change; angle of attack transducer change; engine trim check; any component change that requires rigging, calibration or testing; or any structural repair to metal or composite material.

Note 3: An Engineering and Maintenance Auditor shall assess at least one (1) of the following maintenance processes: procedures used to ensure currency and correctness of calibrated equipment tooling and equipment used to ensure correctness and currency of calibrated equipment manpower utilization (correct complement, authorizations and qualifications); environment in which maintenance is performed (lighting, noise, temperature, humidity, etc.); certification of work (progressive/final certification, dual/independent inspections, etc.).

Note 4: An Engineering and Maintenance or Ground Handling Auditor shall assess at least one (1) ground handling activity to ensure aircraft airworthiness is not compromised. Such activities shall include, but are not limited to, any of the following: aircraft pushback/tow operations; aircraft fuelling; de/anti-icing; minor servicing (tire inflation, oil checks, oxygen replenishment, toilet servicing, potable water

servicing, catering, etc.).

Audit Programme


5.10 Accepting a Corrective Action Plan (CAP) 5.10.1 The AO shall have a process to review and reach agreement with the Auditee on an acceptable CAP within thirty (30) days following the date of the Closing Meeting. An acceptable CAP:

i) shall include the plan of the Auditee to close all Findings through implementation of comprehensive and permanent corrective action that will eliminate recurrence of all identified non-conformity with IOSA Standards;

ii) shall, for initial IOSA Registration, project closure of all Findings on a date no later than twelve consecutive (12) months following the date of the Closing Meeting;

iii) shall, for renewal of an existing IOSA Registration, project closure of all Findings on a date no later than the expiration date of the current registration;

iv) may, for renewal of an existing IOSA Registration only, include implementation of interim corrective action that provides satisfactory resolution of non-conformity on a temporary basis until comprehensive and permanent corrective action in accordance with the accepted CAP can be fully implemented by the Auditee.

5.11 Conducting Audit Follow-up 5.11.1 For a period of twelve (12) consecutive months following the date of the Closing Meeting, and as provided in the Audit Agreement, the AO shall be responsible for applicable audit follow-up activity, including verification that the Auditee has implemented all corrective action in accordance with the accepted CAP. 5.11.2 The AO shall have a programme to meet its responsibility for verification of corrective action implementation in accordance with the accepted CAP. The exact method of verification shall be at the discretion of the AO based on the nature of individual Findings and associated corrective action.

5.12 Closing Findings 5.12.1 The AO shall have a programme for the closure of all Findings resulting from an Audit in accordance with provisions in this IPM 5.12. 5.12.2 For the purpose of closure of Findings, the AO shall apply the following provisions, as applicable:

i) a Finding shall be declared closed after corrective action in accordance with the accepted CAP has been implemented by the Auditee and verified by the AO;

ii) for the renewal of an existing IOSA Registration only, if a CAP is accepted by the AO that includes interim corrective action in accordance IPM 5.10.1, at the discretion of the AO, a Finding may be declared closed after such interim corrective action has been implemented by the Auditee and verified by the AO;

iii) if a Finding has been declared closed based on the implementation and verification of interim corrective action, the AO shall also be required to continue audit follow-up to verify implementation of comprehensive and permanent corrective action in accordance with the accepted CAP.



5.12.3 Closure of Findings by an AO in accordance with this IPM 5.12 shall affect the IOSA Registration process as follows:

i) should all Findings not be closed by the AO in accordance with the accepted CAP within twelve (12) consecutive months following the date of the Closing Meeting, the Audit shall become invalid as a means for the Auditee to be added to the IOSA Registry or renew an existing IOSA Registration;

ii) an Operator shall not be added to the IOSA Registry until all Findings have been closed through full implementation of comprehensive and permanent corrective action in accordance with the accepted CAP, and such implementation has been verified by the AO;

iii) an Operator shall be removed from the IOSA Registry if all Findings have not been closed prior to the expiration date of the current IOSA Registration, unless extenuating circumstances beyond the control of the Auditee are determined to exist in accordance with IPM 2.6 and 2.8.

5.13 Closing the Audit 5.13.1 The AO shall have a process to declare Audit Closure and to implement applicable administrative action once all Findings have been closed through full implementation of comprehensive and permanent corrective action in accordance with the accepted CAP by the Auditee, and such implementation has been verified by the AO. 5.13.2 The AO shall have a process to notify IATA in writing within five (5) business days following achievement of Audit Closure.

5.14 Completing and Distributing the IOSA Audit Report (IAR) 5.14.1 The AO shall have a programme, including a quality control process in accordance with IPM 6.2.3, for preparation and distribution of the IAR once the Audit Closure has been declared. 5.14.2 The following provisions shall apply to distribution of the IAR:

i) the IAR is the exclusive property of the Auditee and the Auditee receives a signed original paper version, as well as an electronic version, of the IAR;

ii) IATA is the official custodian of all IARs, and receives an electronic version of the IAR in accordance with applicable provisions in IPM Section 6;

iii) the AO retains a copy of the IAR for two (2) years in accordance with IPM 6.6.

5.15 Maintaining Audit Records 5.15.1 The AO shall have a programme for retention of the IAR and destruction of other audit documents not directly associated with the IAR in accordance with IPM 6.6. 5.15.2 In addition to record retention provisions contained in IPM 6.6, the AO shall have a programme for retention of other records associated with the Audit Programme in accordance with IPM 1.9.

5.16 Control and Surveillance of Audit Activities and Auditor Performance 5.16.1 The AO shall have a system of control and surveillance of the Audit Programme, including auditor performance, in accordance with IPM 1.13.2. Such a system shall include defined processes and procedures, applicable to both programme activities and auditors, that provide for:

i) identification of non-conformities and programme weaknesses; ii) development of measures that address non-conformities and eliminate recurrence; iii) implementation of corrective action; iv) measurement of the effectiveness of corrective action; v) analysis and evaluation of further action, as appropriate.

Audit Programme


5.17 Achieving Continuous Improvement 5.17.1 The AO shall have a programme that strives to achieve continuous improvement of the Audit Programme through implementation of action determined from analysis and evaluation of information from a combination of the following sources, as applicable:

i) internal control and surveillance system; ii) IOSA Audit Feedback Programme; iii) IOSA Standardization Conference; iv) complaints and testimonials; v) questionnaires and surveys; vi) communication with outside entities, including IATA, Auditees and other AOs.

Data Management October 2003 6-1

SECTION 6 - DATA MANAGEMENT

6.0 Purpose 6.0.1 Sharing of audits is a fundamental element of IOSA, and effective data management is essential for achieving successful audit sharing. The purpose of the IOSA data management system is to support and facilitate audit sharing, and to ensure the security and confidentiality of the information that results from audits conducted under IOSA.

6.1 IOSA Audit Report (IAR) 6.1.1 The IAR is the official record of an Audit, documents details of the conduct and results, and can be utilized by an Interested Party for the purpose of Audit Sharing in lieu of conducting its own audit of an Operator. 6.1.2 The IAR is segmented into three (3) parts as follows:

i) Part 1 contains the following information applicable to the conduct of the Audit: a) name of the AO, address, point of contact, telephone/fax numbers and e-mail

address; b) name of the audited organization (Auditee), address, point of contact, telephone/fax

numbers, email address and a listing of all locations included in the audit; c) dates of start and completion of on-site audit; date of Closing Meeting; d) members of the audit team, including the IOSA Lead Auditor and individual auditors,

to include name and audit discipline of each individual team member; e) regulatory certificates/authorizations/approvals held by the Auditee, including type,

date and number; f) objective(s) of the audit; g) scope of the audit, including, if applicable, specific routes, fleet type or operational

disciplines; h) normative standards utilized as the basis for the audit and if applicable, the specific

section(s) of the ISM; i) narrative summary of the audit activity and results; j) summary of Audit Findings that include reference to an applicable IOSA Standard; k) summary of Audit Observations that include reference to an applicable IOSA

Recommended Practice; l) confirmation that the audit objectives were accomplished within the audit scope in

accordance with the audit plan; m) any operational areas not covered, although within the scope of the audit; n) statement of the confidential nature of the Audit; o) report distribution list.

ii) Part 2 consists of all completed IOSA checklists. iii) Part 3 consists of a completed Corrective Action Record (CAR) for each Finding

generated as a result of the Audit.

6.2 Process for IAR Submission 6.2.1 The AO shall have a process for the preparation of the IAR in an electronic format, and submission of the report to IATA within fifteen (15) business days following Audit Closure. (See Figure 6.1).


Data Management 6-2 October 2003

6.2.2 The AO shall have a quality control process, implemented prior to submitting the report to IATA, to ensure correctness and adequacy of technical content, language, completeness, and format of the IAR. The process shall include a review of all Auditor comments.

6.3 Process for IAR Receiving 6.3.1 IATA and the AO shall have an agreed process that ensures:

i) the safe and secure transmittal of the IAR from AO to IATA, and ii) the IAR is received by IATA in a format that is compatible with IOSA Database

requirements. 6.3.2 IATA shall have a process to perform a quality check of the IAR to ensure proper formatting and completeness prior to importing the report into the IOSA Database. 6.3.3 IATA shall have a process to provide confirmation of receipt of the IAR to the AO and the Auditee.

6.4 Data Ownership 6.4.1 Once completed and entered into the IOSA Database, the IAR becomes the sole and exclusive property of the Auditee in accordance with provisions in the IOSA Audit Agreement. 6.4.2 The Auditee shall maintain the confidentiality of the IAR and its contents, and shall not permit the IAR, or a copy of the IAR, to be provided to or released to any other entity or party, except as follows:

i) a copy of the IAR may be provided to relevant Regulatory authorities in compliance with applicable law(s) of the State of the Auditee;

ii) a copy of the IAR may be relinquished as part of legal proceedings in compliance with applicable laws.

6.4.3 At the option of the Auditee, the IAR, or information contained therein, may be viewed by or verbally shared with another party on an informal basis under the following conditions:

i) such viewing or sharing shall not be used for the purpose of audit sharing under IOSA, nor shall such viewing or sharing be used as a mechanism for bypassing the provisions of the official IAR access process contained in IPM 6.8;

ii) neither the IAR, nor a copy of the IAR, shall be furnished to any other party, and the IAR and any copies shall remain on the property of and/or in the physical possession of the Auditee.

6.5 Custodianship 6.5.1 IATA shall be the official custodian of all IARs, and shall have a database (IOSA Database) that shall be the system repository for the IARs from every Audit conducted under IOSA. 6.5.2 The Auditee shall be the sole determiner and provider of authorization for access to an IAR from the IOSA Database.

6.6 IAR Retention 6.6.1 It is recommended that the AO retain a copy of the IAR in its own records for two years after the completion of an audit. The AO shall have a process that ensures the confidence and security of the report and, except as provided in IPM 6.2.1, shall never provide or release the IAR, or a copy of the IAR, to any other entity or party except the Auditee. 6.6.2 The AO shall have a process to ensure that all documents not directly associated with the IAR (working checklists, field notes, manuals, electronic working files, etc.) are destroyed as soon as the IAR has been entered into the IOSA Database. 6.6.3 The AO shall have a process to certify to both IATA and the Auditee that destruction of such non-associated documents has been completed in conformity with provisions in IPM Section 5.

Data Management


6.6.4 In cases when an Auditee has not been able to successfully close Findings within the specified maximum timeframe provided in IPM Section 5, the AO shall retain the audit data for at least 30 days beyond the nominal closure deadline. 6.6.5 Once received by IATA, a new IAR shall replace the existing report in the IOSA Database. The last two IARs shall be retained in the database archive file.

6.7 The IOSA Database 6.7.1 IATA shall establish the IOSA Database for the purpose of retaining, analyzing, and accessing all IARs resulting from audits under IOSA. 6.7.2 The IOSA Database shall be the sole source of official access to an IAR in conformity with provisions in IPM 6.4 and 6.8, and the Auditee shall be the sole determiner and provider of authorization for official access to an IAR. 6.7.3 IATA shall have a documented process for management of the IOSA Database, including rules and procedures that ensure the security, confidentiality and integrity of audit data contained in the IOSA Database. 6.7.4 Any analysis of IOSA data by IATA shall always be accomplished in conformity with provisions in IPM 6.9.

6.8 IAR Access 6.8.1 An Interested Party seeking access to an IAR shall submit a written request to IATA. Such request shall include the specific reason for requesting access to the IAR. 6.8.2 IATA shall not grant IAR access to an Interested Party or provide access to the IAR in a manner that would put the report at risk of public release or disclosure. 6.8.3 IATA shall provide access to an Interested Party only after the Auditee has granted authorization for such access. 6.8.4 Prior to having access to an IAR, IATA shall require an Interested Party to enter into an agreement that specifies the binding conditions associated with having access to an IAR. 6.8.5 Predicated on authorization from the Auditee, an AO shall have access to previous IARs when preparing to conduct an audit of an organization that is currently a registered IOSA Operator. 6.8.6 IATA shall have a published process for handling any request for access to an IAR, including archived reports, that ensures the security and confidentiality of the report (see Figure 6.2). Such process shall include at least the following:

i) obtaining authentication that verifies the identity of the requesting Interested Party; ii) ensuring that the Interested Party will not be subject to freedom of information or a similar

type of provision that could result in the public release of the IAR; iii) procuring authorization from the Auditee for providing IAR access to the Interested Party; iv) granting the Interested Party actual access to the IAR from the IOSA Database.



6.9 IOSA Data Analysis 6.9.1 IATA shall conduct analysis of IAR information contained in the IOSA Database as a function of its responsibility for programme management, standardization and quality oversight. Analysis of the IOSA Database shall be accomplished for the following purposes:

i) monitoring of industry conformity to IOSA standards and recommended practices (ISARPs) for statistical safety reporting;

ii) monitoring of industry conformity to recommended practices in determining consideration for upgrade to a standard;

iii) monitoring of IAR content to evaluate auditor standardization; iv) other monitoring as necessary for quality assurance.

6.9.2 The following restrictions shall always apply to all data derived from IAR analyses conducted by IATA:

i) data shall be quantitative and results shall be of a statistical nature only; ii) analytical results shall always be de-identified; the name of a specific Operator shall never

be included or revealed; and iii) analytical data shall never be structured, arrayed or arranged in a manner such that a

specific IAR or Operator could be identified. 6.9.3 Any proposed future use of the information in the IOSA Database for purposes other than those contained in IPM 6.9.2, such as analysis as part of the Safety Trend Evaluation Analysis and Data Exchange System (STEADES), shall be in conformity with IPM 6.9.2 and subject to review and approval by the IOSA Oversight Committee (IOC). 6.9.4 IATA shall have a process to provide effective management and control of the analysis of information contained in the IOSA Database in conformity with provisions in this IPM 6.9.

Data Management


Figure 6.1: Steps in the IAR Submission Process

IO SA Audit T eam evaluates auditeecorrective action (if any), determ ines

audit c losure (standards m et)

AO reviews and approves audit results ;prepares IO SA Audit R eport (IAR )

AO perform s thorough quality check ofIAR (technica l content, language,

com pleteness, form at)

R eport acceptable?

AO certifies IAR quality check ; forwardsreport to IAT A in vers ion com patib lew ith IO SA D atabase requirem ents

IAT A receives and processes IAR ;quality check is perform ed by IAT A

(form at and com pleteness on ly)

IAT A enters IO SA Audit R eport in to theIO SA Database

IAT A provides m anagem ent o f IARdata in conform ity w ith IPM standards

IAT A coord inatesrevis ions

R eport acceptable?

N o

Yes

N o

Yes



Figure 6.2: Steps in the IAR Access Process

Interested party submits a writtenrequest to IATA for access to an IAR

from the IOSA Database

IATA authenticates the identity of theInterested Party and confirms there isno risk of public release or disclosure

IATA seeks the permission of theAuditee to grant access to the Auditee's

IAR from the IOSA Database

Access granted?

IATA and Interested Party enter into anon-disclosure agreement associated

with having access to the IAR

IATA provides the IAR in a mannerwhich ensures the security and

confidentiality of the report

IATA informsInterested Party

No

Yes

Audit Sharing October 2003 7-1

SECTION 7 – AUDIT SHARING

7.0 Purpose 7.0.1 The goal of IOSA is to eliminate the redundancy of operational audits within the airline industry, and concurrently to provide an effectively managed and controlled system for the sharing of audits. The IOSA Audit Report (IAR), which is retained in a central IOSA Database that is managed by IATA, provides the comprehensive audit information necessary to allow Interested Parties to participate in Audit Sharing. Descriptions of the IAR, the IOSA Database and the process used to gain access to the IAR are contained in IPM Section 6. This section of the IPM provides the guidance directly associated with the sharing of audits, including processes and responsibilities.

7.1 Description 7.1.1 Audit Sharing is a process whereby an Interested Party utilizes the Audit of an Operator conducted by a third party under IOSA to satisfy its own need for an Audit of that same Operator. (See Figure 7.1)

7.2 The Interested Party 7.2.1 An Interested Party that seeks to share an Audit under IOSA shall gain access to the IAR in accordance with provisions in IPM 6.8. 7.2.2 An Interested Party utilizes the Audit Sharing process to achieve its own unique objective(s); therefore any operational or business decisions based on Audit Sharing shall always be the full responsibility of the Interested Party (e.g. a decision to enter into a code share agreement with an audited IOSA Operator). 7.2.3 An Interested Party shall understand that, when it shares an Audit of an Operator under IOSA, it retains all responsibilities as if the Interested Party had conducted its own audit of that Operator. 7.2.4 An Interested Party shall understand that, when it shares an Audit of an Operator under IOSA, it has the responsibility to provide its own ongoing monitoring of the operations of the audited Operator. 7.2.5 An Interested Party shall understand that the IAR, while designed to provide comprehensive information about an Audit, may not always resolve all operational issues. If unresolved issues remain after analysis of the IAR, an Interested Party may be required to seek clarification or resolution to such issues through direct communication with the IOSA Operator.

7.3 IATA 7.3.1 IATA manages the IOSA Registry, and shall provide restricted access to an Interested Party in accordance with provisions in IPM 2.1. 7.3.2 IATA is the official custodian of IARs in the IOSA Database, and shall provide controlled IAR access to an Interested Party in accordance with provisions in IPM 6.8.

7.4 The Auditee 7.4.1 The IAR is the sole and exclusive property of the Auditee, and access to a report shall be granted to an Interested Party by IATA only after the Auditee has specifically authorized such access in accordance with applicable provisions in IPM Section 6.


Audit Sharing 7-2 October 2003

Figure 7.1: Steps in the IOSA Audit Sharing Process

In te res ted P arty iden tif ies arequ irem ent fo r an opera tiona l aud it

o f an opera to r

In te res ted P arty ga ins access tothe IO S A R eg is try to de te rm ine

IO S A s ta tus o f opera to r (IP M 2 .1 )

R eg is te red IO S AO perato r?

In te res ted P arty ga ins access tothe IA R fo r the opera tor (IP M 6 .8 )

In te res ted P arty conducts IA Rana lys is

In te res ted P arty u tilizes aud it underIO S A ; sa tis fies opera tiona l aud it

requ irem ent th rough A ud it S haring

In teres ted P arty m a in ta ins con tinuousopera tiona l m on ito ring o f opera to r

U nreso lved aud itissues?

O pera to r advised to a tta inreg is tra tion as an IO S A

O pera to r

In te res ted P arty reso lvesaud it issues w ith opera to r

N o

N o

Y es

Y es

IATA Programme Administration October 2003 8-1

UNDER DEVELOPMENT

SECTION 8 – IATA PROGRAMME ADMINISTRATION


IATA Programme Administration 8-2 October 2003


Dispute Resolution October 2003 9-1

SECTION 9 – DISPUTE RESOLUTION

9.0 Purpose 9.0.1 This section of the IPM provides resolution procedures to be followed whenever a dispute arises between IATA, an AO, a candidate for accreditation or an Operator (both referred to as a “party” for the purposes of this IPM Section 9) under the IOSA Programme. (See Figure 9.1.)

9.1 Other IPM Provisions 9.1.1 Other provisions of the IPM provide for specific dispute resolution mechanisms and consultative procedures to be used in particular circumstances. The dispute resolution procedures provided for in this IPM Section 9 may be applied when those specific mechanisms and procedures have been exhausted.

9.2 Accreditation Agreement and Audit Agreement 9.2.1 The dispute resolution procedures provided for in this IPM Section 9 are set out in the Accreditation Agreement and the Audit Agreement.

9.3 Dispute Resolution 9.3.1 Before a party seeks any external dispute resolution in relation to a dispute, it shall follow the escalation procedure as set out below:

i) the notifying party’s representative shall notify the other party’s representative or representatives, setting out the reasons for its dissatisfaction or any dispute (the “Issue”);

ii) the representatives of all parties involved shall meet and discuss the Issue; iii) if the representatives cannot resolve the Issue within thirty (30) days of original notification

in writing of the Issue, each representative shall notify their respective superiors; iv) the superiors of all parties shall then meet and attempt to resolve the Issue.

9.3.2 For the purposes of IPM 9.3, the representatives will be the persons named in the notice provisions of the Accreditation Agreement and/or the Audit Agreement, as the case may be. 9.3.3 Any dispute which is not resolved under IPM 9.3.1 iv) within sixty (60) days of original notification of the Issue in writing will be exclusively and finally settled by arbitration under the Rules of Conciliation and Arbitration of the International Chamber of Commerce.


Dispute Resolution 9-2 October 2003

Figure 9.1: IOSA Dispute Resolution Process Flow

A dispute is identified between/am ong IOSA partieswhen one party notifies other party/parties (IPM 9.0.1)

The parties attem pt resolution using a process inthe IPM designed to address the specific situation

Escalation procedure is im plem ented in accordancewith IPM 9.3.1

Dispute resolved?

Notifying party's representative notifies therepresentative(s) of the other party/parties in writing

to define the Issue in dispute

Representatives from all parties m eet in order todiscuss resolution to the dispute; resolution m ustbe achieved within 30 days of written notification

Each party's representative notifies their respectivesuperior(s)

Superiors from all parties m eet in order to discussresolution to the dispute; resolution m ust be

achieved within 60 days of written notification

Notifying party notifies IATA of failure to resolve thedispute; declares that the issue m ust be resolved

under the IATA Rules of Arbitration

IATA Rules of Arbitration are im plem ented byparties; dispute is resolved through arbitration

Dispute resolved?

Dispute resolved?

Yes

Yes

Yes

No

No

No

Closing action betweenparties as agreed



Endorsed Training Organization October 2003 10-1

UNDER DEVELOPMENT

SECTION 10 – ENDORSED TRAINING ORGANIZATION


Endorsed Training Organization 10-2 October 2003


iosa programme manual

Documents