Commission Regulation (EC) No 1217/2003
of 4 July 2003
laying down common specifications for national civil aviation security quality control programmes
(Text with EEA relevance)
THE COMMISSION OF THE EUROPEAN COMMUNITIES,
Having regard to the Treaty establishing the European Community,
Having regard to Regulation (EC) No 2320/2002 of the European Parliament and of the Council of 16 December 2002 establishing common rules in the field of civil aviation security(1), and in particular Article 7(1) thereof,
(1) The development and implementation of a national civil aviation security quality control programme by each Member State is essential to ensure the effectiveness of its national civil aviation security programme in accordance with Article 5(3) of Regulation (EC) No 2320/2002.
(2) Specifications for the national civil aviation security quality control programme to be implemented by the Member States should ensure a harmonised approach in this respect. Therefore a Regulation is the most suitable instrument for this purpose.
(3) The monitoring of national civil aviation security quality control programmes at Community level requires a harmonised approach to the assessment of compliance at national level.
(4) To be effective, audits to be undertaken under the responsibility of the appropriate authority should be carried out regularly. They should not be restricted as to the subject, stage or moment at which they are carried out. They should take the most suitable forms to ensure their effectiveness.
(5) Priority should be given to the development of a detailed common methodology for audits.
(6) It is necessary to develop a harmonised way of reporting on the measures taken to fulfil the obligations under this Regulation and on the aviation security situation at the airports in the territories of the Member States.
(7) National civil aviation security quality control programmes should be based on best practices. Such best practices should be shared between Member States.
(8) The measures provided for in this Regulation are in accordance with the opinion of the Committee for Civil Aviation Security,
HAS ADOPTED THIS REGULATION:
CHAPTER I OBJECTIVE AND DEFINITIONS
This Regulation lays down the common specifications for the national civil aviation security quality control programme to be implemented by each Member State. This includes establishing common requirements for quality control programmes, a common methodology for the audits to be undertaken and common requirements for auditors.
For the purpose of this Regulation the following definitions shall apply:
1. "appropriate authority" shall mean the national authority designated by a Member State pursuant to Article 5(2) of Regulation (EC) No 2320/2002 to be responsible for the coordination and monitoring of the implementation of its national civil aviation security programme;
2. "audit" shall mean any procedure or process used for compliance monitoring undertaken at national level. It covers security audits, inspections, surveys, tests and investigations;
3. "auditor" shall mean any person conducting audits at national level;
4. "deficiency" shall mean failure to comply with aviation security requirements;
5. "inspection" shall mean an examination of the implementation of one or more aspects of security measures and procedures in order to determine how effectively they are being carried out;
6. "investigation" shall mean an examination of a security incident and an explanation of its cause in order to avoid recurrence and to consider legal action;
7. "quality control programme" shall mean the national civil aviation security quality control programme;
8. "security audit" shall mean an in-depth examination of all aspects of security measures and procedures in order to determine if they are being implemented on a continual basis and to a constant standard;
9. "security incident" shall mean an occurrence with negative implications for the security and safety of persons and property;
10. "survey" shall mean an evaluation of operations in order to determine security needs. This includes the identification of vulnerabilities which could be exploited to carry out an act of unlawful interference, despite the implementation of security measures and procedures, and the recommendation of compensatory protective measures commensurate with the threat to address any identified risk;
11. "test" shall mean a trial of aviation security measures, where the appropriate authority introduces or simulates intent to commit an unlawful act for the purpose of examining the efficiency and implementation of existing security measures.
CHAPTER II COMMON REQUIREMENTS FOR QUALITY CONTROL PROGRAMMES
Powers of the appropriate authority
In order to ensure the effectiveness of its national civil aviation security programme, Member States shall provide the appropriate authority with necessary enforcement powers.
Content of the quality control programme
1. The quality control programme shall contain all necessary quality control monitoring measures taken to assess on a regular basis the implementation of the national civil aviation security programme, including the policies on which they are based.
2. The quality control programme shall include and address the following elements:
(a) organisational structure, responsibilities and resources;
(b) job descriptions and qualifications of all auditors responsible for carrying out the quality control programme;
(c) operational monitoring activities, including types, aim, content, frequency and focus of security audits, inspections, surveys and tests as well as classification of compliance and the scope and responsibilities of investigations whenever applicable;
(d) deficiency rectification activities providing details concerning deficiency reporting, follow-up and rectification in order to effectively ensure aviation security requirements compliance;
(e) enforcement measures; and
(f) communications and reporting of undertaken activities and the level of aviation security requirements compliance.
1. The implementation of the national civil aviation security programme shall be monitored.
2. Monitoring shall be undertaken in accordance with the quality control programme, taking into consideration the threat level, type and nature of the operations, standard of implementation, and other factors and assessments which will demand for more frequent monitoring.
3. The management, setting of priorities and organisation of the quality control programme shall be undertaken independently from the operational implementation of the measures taken under the national civil aviation security programme.
1. Member States shall annually submit a report to the Commission on the measures taken to fulfil their obligations under this Regulation and on the aviation security situation at the airports located in their territory. Guidelines for reporting are set out in Annex I.
2. The reference period for the report shall be 1 January - 31 December. The report shall be due two months after completion of the reference period. Exceptionally, a report shall be submitted by the end of February 2004 for the period 19 July 2003 to 31 December 2003.
CHAPTER III COMMON METHODOLOGY FOR AUDITS
Conduct of audits
Compliance monitoring activities shall include both announced and unannounced activities.
Classification of compliance
Security audits, inspections and tests shall assess the implementation of the national civil aviation security programme using the harmonised classification system of compliance set out in Annex II.
CHAPTER IV COMMON REQUIREMENTS FOR AUDITORS
Availability of auditors
Each Member State shall take the appropriate steps to ensure that a sufficient number of auditors are available for performing all compliance monitoring activities.
Qualification criteria for auditors
1. Each Member State shall ensure that auditors performing functions on behalf of the appropriate authority shall have appropriate qualifications, which shall include sufficient theoretical and practical experience in the relevant field.
2. The auditors shall have:
(a) a good understanding of the national civil aviation security programme and how it is applied to the operations being examined;
(b) where appropriate, knowledge of the more stringent measures as applicable in the Member State concerned and the location being examined;
(c) a good working knowledge of security technologies and techniques;
(d) a knowledge of audit principles, procedures and techniques;
(e) a working knowledge of the operations being examined.
CHAPTER V COMMON PROVISIONS
Sharing of best practices
Member States shall inform the Commission of best practices with regard to quality control programmes, audit methodologies and auditors. The Commission shall share this information with the Member States.
This Regulation shall enter into force on the 20th day following that of its publication in the Official Journal of the European Communities.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 4 July 2003.
For the Commission
Loyola De Palacio
(1) OJ L 355, 30.12.2002, p. 1.
GUIDELINES FOR REPORTING TO THE COMMISSION
Organisational structure, responsibilities and resources
- Modalities of the quality control organisation, responsibilities and resources, including planned future amendments (see Article 4(2)(a))
- Number of auditors - present and planned (see Article 9)
- Qualification of auditors - training facilities used and resources (see Articles 4(2)(b) and 10)
- Explanation if the quality control programme for this part is not being applied in full.
Operational monitoring activities
- Status of the implementation of the operational activities: types, aim, content, frequency and focus of all monitoring activities (see Article 4(2)(c)), including number of audits per airport and per area of security measure requirements (e.g. access control, aircraft protection, hold baggage screening) where appropriate and possible
- Proportionality of operational monitoring activities in relation to field activities (see Article 5(2))
- Level of compliance per area of aviation security requirements (e.g. access control, aircraft protection, hold baggage screening) (see Article 8)
- Explanation if the operational activities are not being applied in full.
Deficiency rectification activities
- Status of the implementation of the deficiency rectification activities (see Article 4(2)(d))
- Main areas of concern with regard to the implementation of aviation security requirements (e.g. access control, aircraft protection, hold baggage screening)
- Main activities undertaken or planned aimed at rectification (e.g. security awareness trainings, workshops, incentive programmes)
- Enforcement measures used (see Article 4(2)(e)).
Aviation security situation at airports
- General context of the aviation security situation at the airports in the Member State.
Harmonised classification system of compliance
The following classification of compliance shall apply to assess the implementation of the national civil aviation security programme.
>PIC FILE= "L_2003169EN.004802.TIF">