Key to safety oversight* and surveillance** in order to grant and hold an approval/certificate is auditing by both the holder and ASSI. On behalf of the Governor ASSI must be satisfied that a Service Provider meets the requirements at all times.
Compliance based auditing checks that a Service Provider is doing this. These check against:
Oversight can be done by observation, audits and surveys. These may be conducted with visits or remotely. Sometimes these will occur without any warning sampling the operation at that point in time. Here records could be sampled, tasks demonstrated, and procedures tested.
Steps to closing a finding
Where an audit raises a finding against one of these it is expected that the Service Provider considers the safety/security risk in a timely manner by completing the following points:
- Correcting what was found
- Find what the root cause was
- Correcting the root cause so it cannot happen again
- Ensure other things related to that root cause are checked, and where required corrected
Where ASSI has raised a finding, it is expected that evidence is sent to show that this has been carried out within the agreed timescales. If this cannot be done ASSI should be contacted before the agreed timescale to complete this. It should be explained why this could not be completed, when they will be, and the mitigation actions taken against any risks. (For further details see 'to close a finding' on the Findings and Observations page.)
Performance/Risk Based Oversight***
Performance/risk-based oversight looks at the safety/security performance and the risks that the Service Provider’s operation faces. The areas to be audited and level of oversight is then adjusted’. This means the period between audits can be increased or decreased. In most cases an ASSI audit is conducted around every 12 months.
Information and data are an important part to this, so it is important to respond to any formal requests from ASSI. In the cases of no, or poor responses ASSI must look to increase levels of oversight in some cases, failure to respond to a formal request can result in a finding.
Following an ASSI audit the Regulatory Team review the results and look at the following points to decide on the future audit areas to be looked at and time between audits:
- ASSI level 1 findings
- Large number of ASSI level 2 findings
- Repeat ASSI findings
- ASSI findings that are not closed within the original timescale agreed
- ASSI Auditors have low levels of confidence in the Safety/ Quality Management System to manage risks
- Evidence of ineffective management systems
- Reduction in safety performance since last ASSI audit
- Lack of prioritisation of safety matters
- Poor reaction and follow up to incidents
- Poor response to ASSI communications
- Any enforcement action conducted
- Low number of ASSI findings/ observations
- Good ASSI finding responses that close the finding well within the agreed timescale are normal (good responses reference the ASSI audit/ finding, describe in detail the steps done with evidence)
- ASSI Auditors have confidence in the Safety/ Quality Management System in managing risks
- Evidence of effective management systems
- Safety performance is stable or improving
- Good reaction and follow up to incidents
- Just culture is evident through reporting and the handling of reports
- Good responses to ASSI communications
* Safety oversight is defined by ICAO as a function performed by a State to ensure that individuals and organisations performing an aviation activity comply with safety-related national laws and regulations.
** ICAO defines surveillance as State activities through which the State proactively verifies through the inspections and audits that aviation licence, certificate, authorisation or approval holders continue to meet the established requirements and function at the level of competency and safety required by the State.
***ICAO term this as risk-based oversight that includes consideration the safety performance of a service provider.