4.1.1 The Aeronautics Act
4.1.2 Regulations
4.1.3 Emergency Directions and Interim Orders
4.1.4 Exemptions

4.1.1 The Aeronautics Act

The Aeronautics Act is the principal legislative instrument through which the Government of Canada regulates the aviation industry in Canada. The Act, as amended in 2004, establishes the framework under which aviation security regulations, security measures, restricted area access clearance measures, security screening orders, emergency directions and interim orders are developed and adopted. Illustration 4.1 provides a schematic overview of the regulatory framework. Compliance monitoring and enforcement of the rules are the responsibility of Transport Canada and apply equally to CATSA and to airport operators, air carriers, service providers and their workers. Although the structure separates the roles of the regulator from the screening service delivery organization, in reality, the Minister of Transport is ultimately responsible and accountable to Parliament and the people of Canada for both the department and CATSA.

4.1.2 Regulations

The Aeronautics Act permits the Governor in Council to pass regulations. Before regulations are passed, Transport Canada must follow a process that includes considering alternative regulatory solutions, a benefit-cost analysis and timely and thorough consultations with interested parties. The Canadian Aviation Security Regulations contain requirements of general application to CATSA, aerodrome operators, air carriers, other aircraft operators, passengers and the general public. The Regulations do not contain confidential or sensitive information and are thus publicly available.

The Regulations deal with the screening of persons, goods, things and vehicles, the escort of persons (e.g. prisoners) on aircraft, restricted areas at airports and the control of access to these areas, response to threats against aircraft or a flight, reporting of security incidents and establishment of aerodrome security committees. An important provision in the regulations allows the Minister of Transport to make further rules prescribing security measures applicable to CATSA, screening officers, aerodrome operators, air carriers and persons who provide services to or carry on a commercial activity for air carriers and airport operators. These rules may be referred to as “measures” or “orders” and essentially provide another more detailed set of rules that each entity must follow.

 4.1 Overview of the Regulatory Framework

The security measures and orders are issued by the Minister of Transport and, in urgent situations, by the Deputy Minister of Transport. Due to the sensitive matters they cover, they are not public documents and are distributed on a need-to-know basis to stakeholders responsible for their implementation. Transport Canada routinely conducts prior consultations with those directly affected by these rules, but not with the general public. Current security measures and orders include the Aerodrome Security Measures, Air Carrier Security Measures, Airport Restricted Area Access Clearance Security Measures and the Security Screening Order. These instruments constitute the minimum security standards to be implemented by airport operators at airports in Canada, by air carriers with respect to flights from airports in Canada, and in the case of the Security Screening Order, by CATSA.

The Aerodrome Security Measures impose specific obligations on airport operators and set out detailed security measures with respect to designating, signing and securing restricted areas, establishing and controlling access control points to each restricted area, instituting and maintaining a restricted area pass system and developing, maintaining and exercising airport emergency plans and procedures. Under these measures, the Aerodrome Operator and Tenant Alert Condition and Response System sets out further detailed security measures that apply when enhanced threat levels exist.

The Airport Restricted Area Access Clearance Security Measures outline the procedures to be followed by airport operators in the issuance and control of Restricted Area Passes (RAPs). A restricted area at an airport is the designated area that only authorized persons are allowed to enter due to the proximity to aircraft and other sensitive operations that occur in the airport terminal and airside. The issuance of a RAP is subject to the person being granted clearance by the Minister of Transport. These Measures also give authority to the airport operator to grant temporary access to an airport restricted area under certain conditions of escort or surveillance by a person in possession of a RAP. Within the Measures, the Minister of Transport has the authority to exempt members of police forces, CSIS and any other person that the Minister considers does not pose a threat to the security of civil aviation from the requirement to possess a RAP clearance.

For airlines, the Air Carrier Security Measures impose security obligations on air carrier operators with respect to their aircraft, passengers and carry-on baggage, checked baggage, air cargo and mail, and catering and commissary provisions. In addition, procedures for the handling of threats to an aircraft or to a flight, aviation security training programs for crew members, and the provision of seats without charge to members of the Canadian Air Carrier Protective Program on an as-requested basis are provided for in the Measures. The Air Carrier Alert Condition and Response System, flowing from the Air Carrier Security Measures, sets out detailed security measures that apply when enhanced threat levels exist.

Most important to CATSA is the Security Screening Order, which taken together with the Canadian Aviation Security Regulations define CATSA’s role regarding:

• The qualifications and deployment of screening officers, including official language requirements;

 
• The screening of passengers and their carry-on baggage;
   
• The screening of checked baggage;

 
• The random screening of non-passengers who enter the restricted area at airports and the things in their possession or control;

 
• The random screening of persons taking flights destined to the United States;

 
• Responding to incidents and threats; and,

 
• Information reporting and record-keeping.

The Order specifies at which aerodromes and on which flights screening must be conducted, how screening passengers and non-passengers must be performed, and how staff is to be deployed to screening points. It prescribes what CATSA must screen for, what equipment to use, and the procedures to be employed. In addition, CATSA must ensure that any person passing beyond a screening point into a restricted area is in possession of a boarding pass, ticket or other document such as a valid RAP. The Panel observes that the level of regulation applied to CATSA is very detailed and prescriptive, perhaps more so than other parts of the aviation industry that are largely private sector entities.

4.1.3 Emergency Directions and Interim Orders

For urgent matters, Emergency Directions and Interim Orders are used to address immediate risks and threats to aviation security. This was the administrative tool, used on August 10, 2006 after discovery of the alleged U.K. plot to use liquid explosives on aircraft, that directed CATSA not to allow liquids beyond the screening area. Emergency Directions may be made by the Minister of Transport or by an officer of Transport Canada authorized by the Minister. In practice, they are approved by the Director General of Security and Emergency Preparedness. These directions automatically cease to have force 72 hours after they are made, but can be renewed if necessary.

The Aeronautics Act also authorizes the Minister and the Deputy Minister to issue Interim Orders. Such orders are used to address significant risks and threats, and give immediate effect to recommendations of persons and organizations, such as the Transportation Safety Board of Canada, that are authorized to investigate aviation accidents and incidents. Interim Orders are to be approved by the Governor in Council within 14 days of being made and expire after one year, unless replaced by a regulation.

The Aeronautics Act (s. 5.9(2)) allows the Minister of Transport, or an officer of the Department authorized by the Minister, to make exemptions from the application of a regulation, order or security measure. Many exemptions from the regulations, measures and orders have been issued. Of particular interest to this Review are five exemptions to the Security Screening Order that direct CATSA to deviate from the regulations and orders. Two allow CATSA to exclude from screening members of the military police and Transport Canada aviation security inspectors who enter the restricted area at non-passenger screening checkpoints. Another exemption removes certain items from the prohibited items list that may now be taken beyond the screening checkpoint: for example, knitting needles and sports racquets.

Two other exemptions have more far-reaching implications for CATSA and Transport Canada. One pertains to pre-board screening and has the effect of compelling CATSA to comply with its own screening procedures, known as its Standard Operating Procedures (SOPs). As the screening authority, CATSA produces its SOPs based on Transport Canada’s Security Screening Order. The SOPs provide precise guidance to screening officers on how to do their jobs. The exemption pertaining to hold bag screening prescribes the screening equipment systems and processes that CATSA employs to screen checked baggage on flights to the U.S., in lieu of those set out in the Security Screening Order and in the absence of new regulations currently being prepared by Transport Canada covering hold bag screening.

These latter two exemptions require CATSA to advise Transport Canada in advance of any changes to its SOPs. CATSA must also demonstrate to Transport Canada, upon request, that the level of security provided through its SOPs meets or exceeds the level of security provided for by the provisions of the Security Screening Order from which CATSA is exempted.

We understand that one of the reasons these exemptions were issued by Transport Canada was the time needed to amend the Security Screening Order, which would normally include consultations with CATSA and other affected stakeholders, and the time involved in drafting and processing changes to the Security Screening Order. We have thus observed that parts of the Security Screening Order are considerably out of date. For example, it mandates the use of explosives detection trace (EDT) equipment for pre-board screening at only 58 airports, whereas EDT equipment has been deployed by CATSA at all 89 airports where it has the mandate and obligation to conduct screening.

The cumulative effect of the pre-board screening and hold bag screening exemptions issued by Transport Canada and the deployment by CATSA of EDT at all airports has been to make a significant portion of the Security Screening Order inapplicable. The exemptions may also be considered, in some respects, to constitute a “transfer” of some of Transport Canada’s rulemaking functions to CATSA. Such exemptions add to the complexity of the regulatory framework and call into question the philosophy of prescribing detailed rules through the regulatory process when they can be adopted in a more flexible and efficient manner by the operating authority, CATSA. This is especially applicable to this government organization that delivers this important screening program and needs to be responsive and adaptable to changing circumstances in the field of aviation security.

4.4.1 Results-based regulation

The regulatory framework applying to CATSA, including the Aeronautics Act, regulations, measures and orders, appears to the Panel to be overly detailed and prescriptive: it spells out in the most minute fashion specifically what has to be done, and by whom, in a certain set of circumstances, as well as the manner in which to do it. In large part, Transport Canada moved from a planning and performance-based regulatory framework to more prescriptive regulations following the Air India Flight 182 bombing in 1985. In reaction to this event, new detailed regulations were adopted for such procedures as reconciliation of baggage. This regulatory approach was reinforced in the immediate aftermath of September 11, 2001, when authorities further tightened the rules as a means to prevent future attacks.

The Security Screening Order is very detailed and directs CATSA to follow very specific procedures, specifying the number of staff required and equipment to be employed in performing security screening services. This approach leaves little room for CATSA to make operational decisions, deploy resources efficiently or develop innovative means to achieve its objectives. At times, customer service and cost effectiveness suffer from the organization’s lack of flexibility to deviate from the prescriptiveness of the regulations and security orders. Many of the provisions in the Security Screening Order are more procedural than regulatory, thus leaving little discretion for CATSA management. For example, the imposed requirements that screening officers be continuously busy, be rotated from the X-ray machine every 15 minutes, and that there be at least three screening officers per line in every location regardless of traffic, should be questions that CATSA management can address through risk analysis and effective management practices. This can lead to better use of resources. We observed that the organization has matured to the extent that it now possesses the experience and knowledge that would enable it to make such operational decisions and be held accountable for them.

A regulatory framework that is too prescriptive can create other problems. For example, having standardized and mandatory security procedures can easily become predictable and therefore be less effective since the system could be circumvented by someone who observes it for a long-enough period. This rigidity may provide, in certain circumstances, a reduced level of security by not allowing new equipment and methods to be adopted quickly. In other circumstances, it may be more costly and less efficient to operate according to a fixed recipe when flexibility is required. For example, we were advised that at some small airports, the number of screening personnel outnumbered all other airport employees combined. Ultimately, regulations that are too prescriptive can prevent the operating authority from making adjustments, which through experience can result in a better outcome for all involved.

The regulatory process is, by nature, both complex and cumbersome in responding to changing circumstances and needs, which arise from time to time in the dynamic aviation security environment. We believe that CATSA should have the managerial discretion and be held accountable for operational decisions, provided that security remains the main focus. Transport Canada should therefore develop an approach to regulation and compliance monitoring of CATSA that is more in line with a performance-based, results-oriented system. At the same time, other aviation industry partners in security may also benefit from a similar approach.

Prescriptive regulation may come in the form of ‘command and control’ regulations, design standards, specifications or, more generically, means-based standards. They specify in detail what must be done by the regulated entity to achieve compliance. They leave little or no room for discretion in their application and implementation. A federal department regulating another arm of the government in this manner is quite unusual. On the other hand, performance-based or results-based regulations set out objectives and leave it to the regulated entity to determine the best means of achieving them.

We recognize that the prescriptive regulatory framework was initiated following the terrible tragedy of Air India Flight 182 in 1985, and in response to the Seaborn Report ^{[ 2 ]} recommendations. However, we note that during the period, there was no formal national aviation security program in Canada, and that screening was the responsibility of the airlines, which were more focused on customer service aspects during these early days of deregulation. Within this environment, a prescriptive regulatory framework was developed to respond to immediate needs.

Regulation, ranging from prescriptive to results-based, has to be seen as a continuum rather than a dichotomy. The Panel has come to the conclusion that the current regime imposed on CATSA tips too far towards the prescriptive end of the continuum. In the case of aviation security, the weight should be readjusted in favour of a results-based approach. CATSA, as a Crown corporation, has matured and gained enough experience since its creation to become accountable for delivering results and should no longer be subject to the level of detailed rules imposed upon it through prescriptive regulations. Similarly, the private sector could benefit from a performance-based approach to regulation, something the government has recognized through its commitment towards regulatory reform. In the case of CATSA, which has in place its Standard Operating Procedures, we feel that Transport Canada can immediately suspend the application of its Security Screening Order. We believe that Transport Canada should examine the aviation security regulatory framework through a performance lens and adopt a performance-based approach so that airlines, airports and especially CATSA are able to deliver against a more results-oriented regulatory regime.

Recommendation 4.4

It is recommended that, as a high priority, Transport Canada develop a more results-based regulatory framework for aviation security.

One such methodology that can be used as a model is referred to as the Security Management Systems (SeMS) approach. The SeMS is a management approach to human and organizational risk management that is applied throughout an entire organization, including the non-regulated aspects. To be effective, SeMS must become an element of corporate management that sets out the organization’s security policies and its intent to embrace security as an integral part of its overall business. Thus, security becomes a culture that percolates throughout the entire organization rather than simply being an obligation. There are various basic elements associated with SeMS, including adopting a policy statement and assigning accountabilities, establishing a security management plan, implementing a training program, tracking quality assurance and oversight, as well as developing an emergency response plan.

A partnership approach between the regulator and the operator is one of the key elements of implementing SeMS. Implementation also implies regulating at the system level where the end result is more important than detailed, day-to-day compliance. A safety management system approach has been successfully applied to safety programs in the air and other modes of transportation and is considered transferable to transportation security. On the safety side, expected results include a reduced accident rate through more proactive management of risk, reduced industry costs and more efficient use of government resources – elements that would also benefit CATSA, industry and Transport Canada on the security side.

Generally speaking, a SeMS approach may include at minimum the following elements:

• a security policy on which the system is based and documentation containing all processes and responsibilities;

 
• an analytical process for setting goals for the improvement of security and for measuring the attainment of those goals;

 
• a process for identifying security risks and evaluating and managing the associated responses;

 
• a process for ensuring that personnel are trained and continuously competent and informed to perform their duties;

 
• a process for the internal reporting and analysis of threats, incidents and breaches and for taking corrective actions to prevent any similar incident reoccurring; and

 
• a process for conducting internal reviews and external audits of the security management system.

Results-based regulations, supported by SeMS, can be “loosely” or “tightly” specified. For example, for industry, a somewhat tighter approach may be appropriate in part because of its profit motive and tendency toward containing costs. For a governmental agency such as CATSA, whose whole purpose is security, a looser approach should apply. For example, Transport Canada could simply specify that the screening equipment used by CATSA must be capable of detecting explosive substances instead of specifying details related to the kinds of explosive substances, their mass, volume or concentration. Results-based regulations may reflect the ultimate objective sought and/or intermediate objectives leading to the ultimate objective. For example, Transport Canada would establish basic elements while CATSA would have full responsibility for operational policy, including operational design, screening officer and service provider qualifications, equipment decisions and management of the list of prohibited items.

The results-based approach presents advantages for the regulated entity, permitting it to achieve compliance in the most efficient and cost-effective way. This approach also enables innovation and the adoption of a culture of continuous improvement, identified as a characteristic of a “high reliability organization.” ^{[ 3 ]} A disadvantage is that it is not always easy to determine how to meet the performance requirement. Also, the regulated entity may have to initially invest added time and resources to implement and verify for its own purposes that it is in compliance with the performance requirements.

From the regulator’s point of view, results-based requirements are simpler and less detailed to prepare in the first instance, reduce the need for issuing regulatory exemptions and reduce the time and effort needed for producing regulatory amendments. This would mean that Transport Canada resources could be redeployed to pressing priority projects, such as developing a regime for air cargo security. Among the disadvantages, compliance monitoring is more complex than with the prescriptive approach and requires a culture shift by inspectors to an audit approach to compliance monitoring as envisaged by SeMS. Developing this new audit-type approach to monitoring and enforcement should allow for more efficient use of inspectors. Finally, it may be more difficult for the regulator to demonstrate that it is meeting its international or bilateral obligations; however, it should be noted that SeMS is not unfamiliar to international bodies such as ICAO and many of its member states and is actively being discussed in these venues.

It would seem that some progress towards less prescriptive aviation security regulations is being made. Current drafts of the regulatory measures envisaged for hold baggage screening, developed jointly by Transport Canada and CATSA, have been described to the Panel as being a step in the right direction since they are more performance-oriented. The Panel notes that the current Advisory Group on Aviation Security (AGAS) plays an important consultative role at the national level by bringing together government and aviation industry participants to exchange views on issues of mutual concern and that the Group should be used as a conduit to speedy action.

Along with this results-focused approach, Transport Canada should more fully reflect risk assessment in its screening regulations. Currently, small airports with little traffic, and demonstrably lower risk, are subject to the same high level of security screening requirements as Class 1 airports. This inflexibility can be costly for CATSA and small airports, especially when a full roster of screening personnel is required for small passenger loads and few flights per day. If, based on risk assessment, it is determined that security could be maintained in a more flexible manner, this should be a goal of CATSA’s operational policy. For example, more stringent requirements at Class 1 airports could be warranted, while permitting alternative cost-effective solutions for small airports. The Panel notes that this has been the case for airport security in areas other than screening. For example, requirements for perimeter fencing and surveillance differ between classes of airports.

Transport Canada established the criteria for designation of airports where screening is performed by CATSA. Actual designation is achieved when, upon recommendation by the Minister of Transport, the Governor in Council, pursuant to section 34(a) of the CATSA Act, passes the CATSA Aerodrome Designation Regulations listing the airports. The current list of 89 designated airports covers approximately 99 per cent of total passenger traffic in Canada. Captured under this designation are the large Class 1 airports that handle thousands of passengers a day, as well as the smallest airports that may have just a few dozen passengers a day. Allowing CATSA to have greater flexibility on how it provides screening at some of the smaller airports could reduce costs and enable the Authority to redeploy resources to higher-volume airports and thus improve service for the travelling public without any reduction in security. We understand that Transport Canada is reviewing the designation of airports and the Panel supports this effort. The results of the review, together with operational flexibility for CATSA, could mean removing some of the 89 airports from the designated list or rationalizing, through risk analysis, the screening requirements for each airport. CATSA should also be encouraged to design, test and implement more cost-effective operational policies offering screening solutions in smaller airports, such as fewer screening officers per line. This type of risk analysis will ensure that Canadians receive the greatest benefit from limited aviation security resources.

Adopting a more results- and performance-based approach to regulations will also be consistent with federal government policy, as contained in the 1999 Government of Canada Regulatory Policy and the new Government Directive on Regulating, which are key elements of the Government’s Smart Regulation initiative. We understand that Transport Canada is moving in this direction, but perhaps not fast enough and not far enough in the aviation security sector. The Aeronautics Act was amended in 2004 to provide new regulatory authority in respect of SeMS. The regulatory framework for aviation security should move more quickly towards a results-based approach as a general rule and employ prescriptive regulations only by exception. This would mean that operators and entities such as CATSA would dedicate themselves to deliver results rather than devote themselves to measurement against a checklist of specified activities and procedures. Establishing a results-based framework begins with strategic plans and programs.

The underlying foundation of a results-based regulatory framework is an integrated set of plans covering the national, local and sectoral operators in the aviation industry. Annex 17 of ICAO^{[ 4 ]} requires each member state to establish and implement a written civil aviation security program. It also provides that member states shall require each airport to establish, implement and maintain a written airport security program that meets the requirements of the national program. Canada has taken the position that it complies with ICAO requirements through its body of legislation, regulations and security orders that offer the equivalent of a national civil aviation security program. Still, it does not currently have a specific national program. While Canada complies with the spirit of Annex 17, we are convinced that a formal planning system, beginning with Transport Canada, would greatly benefit the aviation security sector. At present, Transport Canada does not require airport operators, CATSA, air carriers and other airport stakeholders and tenants to develop and maintain security plans. We note that the United Kingdom requires all key aviation players (airports, airlines, cargo shippers and caterers) to produce comprehensive and effective security plans that are in compliance with a national plan. This security planning system approach should be incorporated into the Canadian context, particularly as Transport Canada moves towards a more results-based regulatory regime.

As a starting point, a National Civil Aviation Security Plan (NCASP) produced by Transport Canada would outline the national policy, strategy and objectives to be met through a series of integrated industry plans. As depicted in illustration 4.2, the NCASP would be established taking into account and conforming to Transport Canada’s National Transportation Policy, National Transportation Security Plan and the Government of Canada’s National Security Plan.

4.2: Canada’s Civil Aviation Security Program

Security and risk assessments would include such things as the identification of important assets and infrastructure and possible threats to them, plus the likelihood of an occurrence. The plan would also address weaknesses in infrastructure, policies and procedures, as well as possible counter-measures and changes needed to reduce vulnerability. The security plan, based on the assessment, at minimum, would cover elements designed to prevent unauthorized access of persons and things into the facility, assignment of duties and responsibilities related to security, procedures for responding to threats or breaches of security, and procedures for periodically reviewing and updating the plan. Assessments and plans for smaller airports would naturally be less complicated and onerous than for large airports but no less important in maintaining a security posture.

CATSA, in addition to its National Plan, would produce site-specific security plans for all airports at which it operates and these would tie into the airport’s security plan. Major airport tenants (i.e. air cargo, caterers, fixed base operators, etc.) would also be required to produce site-specific security plans that would be an integral piece of each airport security plan. Ideally, the airport, CATSA, and air carrier security plans would contribute to the fulfilment of the NCASP by clearly defining the responsibilities and authorities of each organization.

Plans should be developed on the basis of national policies and risk assessment according to existing risk analysis methodologies, where Risk (R) is a function of the likelihood and feasibility of the Threat (T), plus the Vulnerability (V) of and the Impact (I) on the target. For example, airport plans would require the sharing of intelligence and hence the Airport Security Committee referenced in Chapter 2 of this Report would be tasked to produce a Multi-Agency Threat and Risk Assessment (MATRA) in support of the plan. All plans should be regularly reviewed and updated to ensure they reflect current risk and assessment realities.

Security planning would not mean the abolition of regulation; rather, it would mean regulation directed towards results. Plans would need to include a description of how the entity would meet the regulated objectives. Periodic auditing of operations against the plans and the modifications to them would be performed by Transport Canada inspectors. If necessary, the department could issue letters of notification of non-compliance and if compliance is not achieved, take other measures. For example, ultimately the department could reserve the right to remove a specific authority and exercise it itself, or confer it upon another entity, and it could reserve the right to withdraw an operating certificate if non-compliance persists.

In terms of available action the Minister may take against CATSA as a Crown corporation, he could draw upon a range of available measures should the Authority exhibit problematic or chronic failures. Progressive measures include sending a letter to the Chair of the Board, installing someone within CATSA to oversee and report back to the Minister, working with the Prime Minister’s Office to replace the Board, or installing a caretaker Chair until a replacement is found. If CATSA were a departmental entity, the normal accountability accord established between the Minister and the corporation head would be the yardstick by which performance is judged.

Hence, the new regulatory framework would lead to a new relationship between Transport Canada and CATSA. CATSA would become responsible and accountable for:

• Developing national and local security plans for Transport Canada approval, in compliance with the National Civil Aviation Security Plan;

 
• Adopting a Security Management Systems (SeMS) approach;

 
• Operational policy and procedures for carrying out all assigned screening mandates (including pre-board, non-passenger and hold bag screening) through their Standard Operating Procedures in compliance with the CATSA National Security Plan;

 
• Defining the equipment, processes and resources needed for screening operations, deploying these resources appropriately and achieving results for Canadians;

 
• Managing their operations and delivering a security service within budget and attuned to government priorities in the areas of security policy and customer service;

 
• Contributing to information exchanges and security committee meetings with others in the aviation community; and

 
• Managing their financial and administrative affairs as well as communications with the public.

Transport Canada, being freed from the requirement to make detailed rules and enforce them, would be able to focus on:

• National transportation security policy and programs;

 
• Providing strategic direction to the entire aviation security community;

 
• Establishing a National Civil Aviation Security Plan and assisting CATSA and industry in developing an integrated planning framework;

 
• Ensuring that all players are aligned in their efforts;

 
• Undertaking priority projects such as developing an air cargo regime, security of general aviation and perimeter security;

 
• Periodic audit-style monitoring and system-wide analysis; and

 
• Taking enforcement action when necessary.

Private sector operators (airports, air carriers, shippers, etc.) would also be responsible for developing security plans for Transport Canada approval based on the National Civil Aviation Security Plan and implementing them in compliance with all regulations and measures. They would need to embrace a SeMS approach throughout their organizations and would contribute to information exchanges and participate on security committee meetings with others in the aviation community.

Recommendation 4.5

It is recommended that, in line with ICAO Annex 17, Transport Canada develop a National Civil Aviation Security Program and require CATSA, as well as airport operators, major tenants and air carriers, to develop security plans for their areas of responsibility, consistent with the National Program. Transport Canada should approve the plans and audit the organizations on a periodic basis for compliance with their plans.

Recommendation 4.6

In line with the results-based regulatory regime, it is recommended that CATSA assume full responsibility (and accountability) for operational policy, including operational design and screening solutions, qualifications of screening officers and service providers, equipment decisions and management of the list of prohibited items.

Chapter Four: Footnotes