Advisory Circular (AC) No. SUR-004

Civil Aviation Surveillance Program

Issuing Office: Civil Aviation, Standards Document No.: AC SUR-004
File Classification No.: Z 5000-34 Issue No: 01
RDIMS No.: 11175414-V7 Effective Date: 2015-11-19

Table of Contents

List of Figure

1.0 INTRODUCTION

(1) This Advisory Circular (AC) is provided for information and guidance purposes. It may describe an example of an acceptable means of demonstrating compliance with regulations and standards. This AC on its own does not change, create, amend or permit deviations from regulatory requirements, nor does it establish minimum standards.

1.1 Purpose

(1) The purpose of this AC is to describe the Transport Canada Civil Aviation (TCCA) surveillance program based on Staff Instruction (SI) SUR-001. The program verifies that enterprises holding a certificate issued by TCCA are compliant with regulatory requirements.

1.2 Applicability

(1) This document is applicable to enterprises that hold a certificate issued by TCCA.

2.0 REFERENCES AND REQUIREMENTS

2.1 Reference Documents

(1) It is intended that the most recent versions of the following reference materials be used in conjunction with this document:

  1. (a) Aeronautics Act (R.S., 1985, c. A-2)

  2. (b) Canadian Aviation Regulations (CARs)

  3. (c) Advisory Circular (AC) 107-001 Guidance on Safety Management Systems Development

  4. (d) AC 107-002 – Safety Management Systems Development Guide for Small Operators/Organizations

2.2 Cancelled Documents

(1) Not applicable.

(2) By default, it is understood that the publication of a new issue of a document automatically renders any earlier issues of the same document null and void.

2.3 Definitions and Abbreviations

(1) The following definitions are used in this document:

  1. (a) Administrative follow-up: the review of a corrective action plan that does not require a site visit (e.g. the corrective action plan only required a minor revision to documentation).

  2. (b) Approved: approved by the Minister.

  3. (c) Assessment: the surveillance activity conducted to evaluate effectiveness and level of compliance with the CARs.

  4. (d) Compliance: the state of meeting regulatory requirements.

  5. (e) Continuous Improvement Finding (CIF): means a finding against best practices (BP). CIFs do not have regulatory authority.

  6. (f) Convening Authority (CA): the individual that oversees and is accountable for the conduct of a surveillance activity.

  7. (g) Corrective Action Plan (CAP): a plan submitted in response to findings. The CAP outlines how the enterprise proposes to address identified regulatory non-compliances and ensure on-going compliance.

  8. (h) Days: calendar days. When a due date falls on a weekend, TCCA shall treat the due date as the next business day.

  9. (i) Determine or making a determination: use of discretion and judgement (i.e. forming conclusions based on facts, knowledge and experiences as related to the conditions of the event, or similar events) when making a decision as to the required course of regulatory action.

  10. (j) Document: certificates, manuals, publications incorporated by reference, procedural instructions, uncompleted checklists and any other papers or equivalent electronic publications that detail company organization, policies or procedures, training curricula, personnel authorizations, etc., and that are required to hold a Canadian Aviation Document. Documents exclude records.

  11. (k) Duration: the time period of enterprise operation to be covered as part of the surveillance activity.

  12. (l) Effective: completely documented, implemented and consistently accomplishing its designed intent.

  13. (m) Enterprise: the holder of one or more TCCA issued CAD under a single Accountable Executive. For example, a company holds an Approved Maintenance Organization Certificate, an Air Operator Certificate, an Approved Training Organization Certificate and a Design Organization Authority. The term Enterprise is intended to denote that surveillance is conducted on the whole enterprise rather than on an individual Canadian Aviation Document.

  14. (n) Event: an action, incident, accident, occurrence, hazard or regulatory contravention (singular or repetitive in nature) relating to the operations conducted by an enterprise.

  15. (o) Expectations: define the intent of regulatory requirements.

  16. (p) Finding: a factual account, supported by evidence, of how an enterprise is not in compliance with regulatory requirements. A finding can be at a systems level (during a PVI or Assessment) or process level (during a Process Inspection).

  17. (q) Functional area database: a database used by TCCA to provide information or assist in the surveillance process. (e.g. the National Aviation Company Information System (NACIS), the National Aerodromes Safety Database (NASD), the National Aviation Safety Information Management System (NASIMS)).

  18. (r) Hazard: a condition that could cause or contribute to an aircraft incident or accident.

  19. (s) Input: the people, products, services and materials obtained from suppliers (internal and external) to produce the outputs delivered to customers.

  20. (t) Lot: a group of units (persons, records, process outputs, etc.) from which a sample is drawn.

  21. (u) Non-compliance: the failure to meet regulatory requirements.

  22. (v) Observation: all outcomes obtained during a surveillance activity. They are used to confirm both compliance and non-compliance.

  23. (w) On-site follow-up: the review of a corrective action plan that can only be confirmed through a site visit (e.g. verification that a change to a process is documented, in use and effective).

  24. (x) Output: products, materials, services or information provided to a customer (internal or external), from a process.

  25. (y) Principal Inspector (PI): This includes Principal Maintenance Inspectors (PMI), Principal Airworthiness Inspectors (PAI), Principal Operations Inspectors (POI), Principal Dangerous Goods Inspectors (PDGI) and Principal Cabin Safety Inspectors (PCSI) where applicable.

  26. (z) Policy: the set of basic principles and associated guidelines, formulated and enforced by the governing body of an organization, to direct and limit its actions in pursuit of long-term goals.

  27. (aa) Procedure: a fixed, step-by-step sequence of activities or course of action (with definite start and end points) that must be followed in the same order to correctly perform a task.

  28. (ab) Process: a group of interrelated or interacting activities that convert inputs into outputs.

  29. (ac) Process Inspection: an in depth review of an enterprise process utilised to produce an output to verify whether it functions or not.

  30. (ad) Process Step: one of several steps identified in a process map.

  31. (ae) Program Validation Inspection (PVI): a process comprised of research and an on-site review of one or more components of a SMS or other regulated areas of an enterprise.

  32. (af) Quality Assurance (QA): a planned and systematic set of activities implemented in a quality system so that quality requirements are clearly established and defined processes are continually evaluated to verify compliance to these requirements.

  33. (ag) Record: the specific details of events that have occurred during the performance of activities authorized by a Canadian Aviation Document. Records include, but are not limited to, journey log books and other aircraft technical records, maintenance releases, completed checklists, x-rays, incident reports, equipment-servicing records, training records, QA findings, and submissions made under internal safety reporting systems, that is, under SMS.

  34. (ah) Regulatory Requirements: the Canadian Aviation Regulations (CARs) and standards as well as any documentation required by reference.

  35. (ai) Review: the basic activity of an assessment or program validation inspection involving the systematic assessment of a component, element or system of an enterprise to verify compliance to regulatory requirements.

  36. (aj) Risk: the assessed predicted likelihood and severity of the consequence(s) or outcome(s) of a hazard.

  37. (ak) Risk Indicator: one of the risk indicators used by NASIMS, which provides a numerical representation of conditions or changes within an enterprise that have an impact on TCCA's surveillance decision making process.

  38. (al) Safety: the condition to which risks are managed to an acceptable level; where acceptable level from a TCCA perspective is on-going compliance with regulatory requirements.

  39. (am) Safety Management System (SMS): a documented system for managing risks that integrates operations and technical processes with the management of financial and human resources to ensure aviation safety or the safety of the public.

  40. (an) Sample: a subset of a lot, randomly selected for review or questioning.

  41. (ao) Sampling: A process through which a portion of a larger population is reviewed to determine the degree of compliance of said population.

  42. (ap) Sampling Plan: A documented plan that delineates what is to be sampled (e.g. documents, records, people, products, etc.) and why (i.e. regulatory requirement).

  43. (aq) Service: all oversight activities, other than surveillance activities, conducted at the request, or for the optional use, of the recipients, and includes the issuance of certificates, licenses, approvals or other authorizations by the Minister to enable activities regulated by the CARs.

  44. (ar) Scope: the areas of the enterprise's operations that will be subject to a surveillance activity.

  45. (as) Surveillance: all activities directly related to TCCA evaluating an enterprise's compliance with applicable regulatory requirements including assessments, program validation inspections and process inspections.

  46. (at) Surveillance Manager: a person appointed by the CA responsible for the planning and conduct of a surveillance activity.

  47. (au) Surveillance Plan: the description of all the activities and arrangements for a surveillance activity. Includes a Sampling Plan.

  48. (av) System: a group of inter-dependent processes and people working together to achieve a defined result. A system comprises policies, processes and procedures. It is through systems that enterprises should achieve a state of compliance to their regulatory requirements on an on-going basis.

  49. (aw) Team Leader: an individual appointed to lead a team of inspectors in the conduct a surveillance activity.

  50. (ax) Team Member: an individual participating in a surveillance activity.

  51. (ay) Technical personnel: anyone employed or contracted by the enterprise to perform functions required by regulatory requirements or approved documentation, including those incorporated by reference.

  52. (az) Tracing: to follow the progress of one item as it flows through a process.

(2) The following abbreviations are used in this document:

  1. (a) ADO: Associate Director Operations;

  2. (b) ATIP: Access to Information and Privacy;

  3. (c) BP: Best Practice;

  4. (d) CAD: Canadian Aviation Document;

  5. (e) CADORS: Civil Aviation Daily Occurrence Reporting System;

  6. (f) CARs: Canadian Aviation Regulation;

  7. (g) EM: Enhanced Monitoring;

  8. (h) NASIMS: National Aviation Safety Information Management System;

  9. (i) NCAMX: National Civil Aviation Management Executive;

  10. (j) NoS: Notice of Suspension;

  11. (k) OPI: Office of Primary Interest;

  12. (l) RDIMS: Records, Documents and Information Management System;

  13. (m) TTL: Technical Team Lead;

  14. (n) TCCA: Transport Canada Civil Aviation; and

  15. (o) TMX: Transport Management Executive Committee.

3.0 BACKGROUND

(1) TCCA's surveillance program includes assessments, program validation inspections (PVIs) and process inspections. The program verifies that enterprises are complying with regulatory requirements and that they have effective systems in place to ensure they comply with regulatory requirements on an on-going basis.

4.0 SURVEILLANCE ACTIVITIES

4.1 Systems Level versus Process Level Surveillance

(1) Surveillance activities fall into two broad levels: systems and process level.

(2) Systems level surveillance is conducted using assessments and/or PVIs. During these activities, a surveillance team reviews an enterprise's systems to develop an understanding of how they comply with regulatory requirements. Based on this understanding, a sampling plan is developed and executed to determine whether an enterprise is in compliance with its regulatory requirements and the degree to which they can effectively continue to remain in compliance. The output of a systems level surveillance activity is findings of either compliance or non-compliance. Findings of non-compliance are at the systems level and are meant to have enterprises correct their systems in such a way that they return to compliance and maintain that state.

(3) Process level surveillance is conducted using process inspections. During these activities, TCCA inspectors review an enterprise process to develop an understanding of the process. Inspectors can then trace an output from the process to determine if it functions yes or no (i.e. does the process achieve what it is intended to achieve). The output of a process level surveillance activity can be findings of compliance (and termination of the process inspection) or non-compliance or the initiation of a systems level surveillance activity.

(4) This document will cover systems level surveillance procedures first (sections 6 to 15) followed by process level surveillance procedures (sections 16 and 17).

4.2 Reactionary event

(1) It should be noted that this AC covers the more common forms of surveillance activities. In the case of a serious event (e.g. accident), TCCA may alter the process described in this AC to facilitate an immediate reaction to the event. Examples of alterations include, but are not limited to:

  1. (a) Foregoing the notification step;

  2. (b) Reducing the scope or depth of the surveillance activity;

  3. (c) Reducing the time allotted to conduct research or having the research performed on-site; and

  4. (d) Having the surveillance team develop the sampling plan while on-site

4.3 Obligations of enterprises

(1) Under the Aeronautics Act, the Minister has the authority to conduct surveillance on TCCA CAD holders. Furthermore, the enterprise undergoing surveillance must give the Minister all reasonable assistance to enable the Minister to carry out the surveillance activity as well as provide the Minister with any information relevant to the surveillance activity.

(2) The ultimate aim of surveillance is to verify compliance to regulatory requirements. All enterprises have an obligation to comply with their regulatory requirements on an on-going basis from the point of certification. Should a surveillance activity uncover any non-compliance with regulatory requirements, the Minister has the obligation to take appropriate action to motivate the CAD holder to return to a state of compliance or to cancel their operating privilege. Regardless of the form of the action, the onus is on the enterprise to maintain compliance with regulatory requirements.

5.0 RESPONSIBILITIES AND QUALIFICATIONS

(1) Regardless of the type of surveillance activity, team sizes vary according to the size and complexity of the enterprise undergoing surveillance.

(2) To participate as a surveillance team member, team leader, surveillance manager or CA, the individual must have completed all mandatory training required to be authorized to act on behalf of the Minister (i.e. delegation of authority). Administrative support, specialists, inspectors undergoing on-the-job training, and observers can be added. Non-delegated team members can be used for administrative support during a surveillance activity but shall not be used where a delegation is required to perform the functions (for example, performing duties as per section 8.7(1) of the Aeronautics Act).

(3) To the extent possible, surveillance teams should not include principal inspectors in any role for any enterprise for which they are responsible.

(4) The remainder of this section outlines the responsibilities of the CA, surveillance manager, team leader(s), team member(s), TCCA Enforcement and principal inspectors. It is recognised that a surveillance team may not require all the positions listed below and that various duties and responsibilities may be combined when assumed by a single person.

5.1 Convening Authority (CA)

(1) The position of CA can be filled by any TCCA staff designated by their director.

(2) Generally, the role of CA shall be filled by TCCA management personnel.

(3) The CA shall:

  1. (a) Manage all budgetary and travel/logistical arrangements.

  2. (b) Determine the objective, scope and duration of the surveillance activity.

  3. (c) Review and approve the surveillance plan including the sampling plan.

  4. (d) Review, approve and sign the notification letter.

  5. (e) Attend the entry and/or exit meetings, when required.

  6. (f) Ensure that action is taken in an appropriate and timely manner for any immediate threat to safety identified by the surveillance manager.

  7. (g) Select membership, initiate, chair and ensure the proper conduct of the surveillance review committee.

  8. (h) Approve the surveillance report, sign the report cover letter and ensure that the enterprise receives the report within the required time-frame.

  9. (i) Ensure that appropriate follow-up action is completed after the surveillance activity.

  10. (j) Send a letter to the enterprise confirming that all findings and follow-up activities are complete and that the surveillance activity has been closed.

5.2 Surveillance Manager

(1) The surveillance manager shall:

  1. (a) Report directly to the CA until released from his/her surveillance duties.

  2. (b) Develop and submit any budgetary and travel/logistical arrangement for approval by the CA. Where required, the surveillance manager shall report progress of and deviations from approved arrangements to the CA.

  3. (c) Conduct all surveillance-related activities in accordance with the specified procedures and other associated guidance material.

  4. (d) Exercise direct authority and responsibility for the actions of surveillance team members and observers.

  5. (e) Maintain surveillance documentation including, but not limited to, all working notes, copies of surveillance related documents and a copy of the surveillance report.

  6. (f) Develop surveillance activity notification letters for approval by the CA.

  7. (g) Ensure that the pre-site research is completed. This includes the apportionment of work amongst team members such that the research is completed effectively and efficiently.

  8. (h) Perform research duties, as required, which includes becoming familiar with:

    1. (i) The enterprise's policies, processes and procedures (i.e. systems);

    2. (ii) TCCA expectations and regulatory requirements associated with the enterprise and surveillance activity; and

    3. (iii) The enterprise's history.

  9. (i) Develop a surveillance plan for approval by the CA. This surveillance plan shall include a sampling plan that covers all applicable areas of the surveillance activity.

  10. (j) Convene a pre-site team meeting prior to going on-site.

  11. (k) Establish contact while on-site with the CA and regional surveillance OPIs to relay fieldwork progress, potential problems, changes in the objectives or scope of the surveillance activity, and other significant matters;

  12. (l) Co-ordinate and chair the entry meeting with the enterprise as required.

  13. (m) Oversee the proper execution of the sampling plan, including:

    1. (i) Ensuring staff are assigned to and complete each sampling task;

    2. (ii) Ensuring observations are being made and appropriately documented;

    3. (iii) Ensuring all observations undergo preliminary analysis; and

    4. (iv) Performing all necessary revisions to the sampling plan and communicating those changes to team members and the CA.

  14. (n) During on-site activities, advise the CA without delay of any immediate threat to aviation safety and ensure that the CA is aware of any safety issues identified during on-site activities.

  15. (o) Appropriate Delegation of Authority must be exercised in situations where aviation safety is, or may be, compromised.

  16. (p) Ensure that any decisions to be made by or approvals required from the CA during the surveillance activity are received in a timely manner.

  17. (q) Maintain communications with the organization's senior management via enterprise briefings as required.

  18. (r) Ensure on-site team briefings are held and include preliminary analysis activities.

  19. (s) Co-ordinate and chair the exit meeting with the enterprise's senior management as required.

  20. (t) Perform and document the analysis of surveillance outputs in accordance with Section 10.1.

  21. (u) Coordinate and finalize the development of all necessary findings and ensure that they are tied to the applicable regulatory requirement, supported by specific examples and evidence and classified appropriately.

  22. (v) Perform and document the follow-up action decision making and provide a recommendation for TCCA follow-up action in the surveillance report.

  23. (w) Develop and submit for review by the surveillance review committee:

    1. (i) The surveillance report;

    2. (ii) The findings and their supporting evidence;

    3. (iii) Post-site analysis documentation; and

    4. (iv) TCCA follow-up decision making documentation.

5.3 Team Leader

(1) The appointment of team leaders shall be left to the discretion of the CA. However, generally team leaders would be assigned for surveillance activities of larger, more complex enterprises that require a larger surveillance team.

(2) Team leaders shall:

  1. (a) Report directly to the surveillance manager, or where applicable, through their team leader, until released from his/her surveillance duties.

  2. (b) Conduct all surveillance-related matters in accordance with the specified procedures and other associated guidance material.

  3. (c) Direct and control his or her team's activities as assigned by the surveillance manager and keep the surveillance manager informed of progress.

  4. (d) Where directed by the surveillance manager, submit a team surveillance plan, including a sampling plan to the surveillance manager for approval and keep the surveillance manager advised of deviations from plan.

  5. (e) Prepare a summary of their team's surveillance tasks including, but not limited to, results of sampling, observations and supporting evidence and findings.

  6. (f) Perform research duties, as assigned, for their assigned area(s), which includes becoming familiar with:

    1. (i) The enterprise's policies, processes and procedures (i.e. systems);

    2. (ii) TCCA expectations and regulatory requirements associated with the enterprise and surveillance activity; and

    3. (iii) The enterprise's history.

  7. (g) Where directed by the surveillance manager, provide remarks at the entry, enterprise of exit briefings.

  8. (h) During on-site activities, immediately contact the surveillance manager, or where applicable, their team leader, with a recommendation for action in the event of an immediate threat to aviation safety. Appropriate Delegation of Authority must be exercised in situations where aviation safety is, or may be, compromised.

  9. (i) Assist, as required, in the analysis of surveillance outputs as well as development of:

    1. (i) Findings;
    2. (ii) Decision with respect to TCCA follow-up activities; and
    3. (iii) The surveillance report.

5.4 Team Member

(1) Team members shall:

  1. (a) Report directly to the surveillance manager, or where applicable, through their team leader, until released from his/her surveillance duties.

  2. (b) Conduct all surveillance-related matters in accordance with the specified procedures and other associated guidance material.

  3. (c) Become familiar with the surveillance plan and their duties as assigned.

  4. (d) Perform research duties, as assigned, for their assigned area(s), which includes becoming familiar with:

    1. (i) The enterprise's policies, processes and procedures (i.e. systems);
    2. (ii) TCCA expectations and regulatory requirements associated with the enterprise and surveillance activity; and
    3. (iii) The enterprise's history.
  5. (e) Conduct surveillance tasks as directed, including the documentation of all observations and the collection of appropriate evidence.

  6. (f) Communicate with the surveillance manager or, where applicable, team leader to ensure that surveillance progress is reported, analyzed and potential problems are addressed.

  7. (g) During on-site activities, immediately contact the surveillance manager, or where applicable, their team leader, with a recommendation for action in the event of an immediate threat to aviation safety. Appropriate Delegation of Authority must be exercised in situations where aviation safety is, or may be, compromised.

  8. (h) Assist, as required, in the analysis of surveillance outputs as well as development of:

    1. (i) Findings;
    2. (ii) Decision with respect to TCCA follow-up activities; and
    3. (iii) The surveillance report.

5.5 Transport Canada Civil Aviation Enforcement

(1) TCCA Enforcement shall:

  1. (a) When requested, provide advice to surveillance teams on the viability of enforcement action based on a review of surveillance outputs.

  2. (b) Participate as part of the surveillance review committee when requested by the CA

5.6 Inspectors associated with Follow-Up Activities

(1) Inspectors associated with Follow-Up Activities shall:

  1. (a) Coordinate with the CA for hand-over of surveillance tasks from post-surveillance activities to follow-up;

  2. (b) Conduct all surveillance follow-up activities in accordance with specified procedures;

  3. (c) Coordinate with TCCA enforcement for follow-up activities where required;

  4. (d) Immediately contact the CA with a recommendation for action in the event of an immediate threat to aviation safety. Delegation of Authority must be exercised in situations where aviation safety is, or may be, compromised;

  5. (e) Communicate with the CA to ensure that follow-up progress is reported and assist with the analysis of follow-up observations such that appropriate action can be taken; and

  6. (f) Inform the CA when follow-up activities indicate that the surveillance activity can be closed.

6.0 SYSTEMS APPROACH TO SURVEILLANCE

6.1 General

(1) TCCA oversees the safety of the civil aviation system within Canada through monitoring the compliance of civil aviation enterprises to regulatory requirements. It is necessary that enterprises establish systems to comply with their regulatory requirements and TCCA shall, through its surveillance program, verify that the systems enterprises have in place are adequate to ensure effective on-going compliance to their regulatory requirements.

(2) Through this systems approach to surveillance, TCCA can obtain a degree of confidence that its regulated enterprises are capable of maintaining compliance to regulatory requirements on an on-going basis.

Note: Examples of systems which an enterprise may establish include, but are not limited to: Safety Management System, Quality Assurance Program or System, Training System, Task Control System, Maintenance Control System, Operational Control System, Weight and Balance System, Safety Oversight System, Documentation Control System, Emergency Preparedness System, etc.

6.2 Expectations

(1) The basis for the TCCA surveillance program is regulatory requirements and the Minister has the authority to oversee compliance with those regulatory requirements. To assist in the task, the Minister has provided systems based guidance regarding the intent behind the regulatory requirements and what is expected in complying with the regulatory requirements. Therefore, TCCA has created a series of expectations that provide an explanation of what would constitute an effective system for regulated enterprises to achieve and maintain compliance with regulatory requirements.

(2) These expectations are provided in two ways:

  1. (a) For enterprises required to have an SMS or QAP by regulation, expectations are provided for each component and element of the SMS framework (QAP is one such component).
  2. (a) For enterprises not required to have an SMS or QAP by regulation, expectations are provided for their specific type of organization (e.g. 406, 703/704, etc.).

(3) It should be noted that expectations define the intent of regulatory requirements. Therefore, there may be several ways for an enterprise to meet an expectation in an effective manner. As such, the expectations are meant to be used by surveillance teams as guidance for understanding an acceptable means of complying with regulatory requirements when developing sampling plans.

6.3 Approach

(1) The systems level approach to surveillance is depicted in Figure 1. It is important to understand this model as it serves as the underlying philosophy of the procedures for systems level surveillance described in the following sections.

Figure 1- (Civil Aviation Surveillance Program)

Figure 1 is a process flow chart that depicts the Approach to Systems Level Surveillance. The first step is to understand the enterprise’s system, which is conducted prior to the on-site. The second and third steps are iterative, and team members may loop back to the second step to confirm compliance. The second step is reviewing system outputs, which is done on-site. The third step is conducted on-site, as well as following the on-site activities; the third step is to validate that the systems demonstrate compliance with the CARs. The fourth step is making findings against system compliance, which takes place following the on-site. The fifth and final step is where TCCA takes final action following the surveillance.

(2) During systems based surveillance, the surveillance team must first develop an understanding of the enterprise’s systems. This understanding is derived from a review of:

  1. (a) Enterprise documentation (e.g. manuals);
  2. (b) Historical data from surveillance; and
  3. (c) TCCA reference materials which delineate regulatory requirements and expectations to the enterprise (e.g. CARs).

(3) Based on this understanding, a detailed surveillance plan is developed. Key to this surveillance plan is a sampling plan which outlines what enterprise records, people, products, etc. are to be sampled and why (i.e. the regulatory requirement to be verified through sampling). The surveillance team can then review the outputs of the enterprise’s systems through the execution of the sampling plan.

(4) Based on the review of the systems outputs, the surveillance team can validate whether the systems the enterprise has in place are compliant and effective in continually complying with regulatory requirements. Following this, the surveillance team can make findings against systems compliance (i.e. findings of compliance or non-compliance) and report them to both TCCA and the enterprise.

(5) Based on the findings made against system compliance, TCCA can take steps to ensure the enterprise mitigates any non-compliances (should any have been found).

7.0 SYSTEMS LEVEL SURVEILLANCE PROCEDURES

7.1 Assessment Versus PVI

(1) The overall procedure described above is valid for both assessments and PVIs. The only differences are:

  1. (a) Timelines; and
  2. (b) Point of entry.

7.1.1 Timelines

(1) Any differences with respect to timelines will be identified as required in the appropriate section of this AC.

7.1.2 Point of Entry

(1) Point of entry refers to the scope of the surveillance activity.

(2) In the case of an assessment:

  1. (a) The point of entry is the enterprise’s SMS in all cases. In this regard, an assessment is said to be verifying the ability of an enterprise’s SMS to maintain effective compliance with regulatory requirements.

(3) In the case of a PVI:

  1. (a) A smaller, more focused, point of entry needs to be selected that still provides sufficient information to be able to comment on whether the enterprise has the systems in place to comply with regulatory requirements.
  2. (b) For those enterprises that are required to have a Quality Assurance Program (QAP) (e.g. 573, 302, 801, etc.), that system will usually be used as the point of entry.
  3. (c) For those enterprises that do not have a regulatory requirement for a QAP, the point of entry will usually be the following:
    1. (i) Part III, Subpart 5 Heliport Operator’s Obligations.
    2. (ii) Part IV enterprise – chief flight instructor responsibilities and operational control.
    3. (iii) Delegate authorized under Chapter 505 of the Airworthiness Manual – the delegate’s obligations.
    4. (iv) CAR 521 - Design Approval Document Holder Responsibilities.
    5. (v) Part VII, Subpart 3 or 4 enterprises – company operational control.
    6. (vi) Part VII, Subpart 5 enterprise – Safety Oversight component. A CA may, at their discretion, select a point of entry other than those than those specified in a paragraph (b) and (c) for a PVI. In addition, they may choose to conduct a PVI that involves multiple points of entry.

7.2 Structure of the Systems Level Surveillance Procedures

(1) The overall procedure for systems level surveillance is broken into four (4) high-level steps:

  1. (a) Pre-Site Activities;
  2. (b) On-Site Activities;
  3. (c) Post-Site Activities; and
  4. (d) Follow-Up.

(2) The procedures for systems level surveillance are broken into these four (4) steps in the following sections.

8.0 PRE-SITE ACTIVITIES

8.1 Notification

(1) An enterprise shall be contacted in writing prior to the on-site portion of an announced surveillance activity.

Note: It is preferable to address the notification letter to the Accountable Executive.

(2) In the case of an assessment, the enterprise shall be contacted, at a minimum, 10 weeks prior to the on-site activities, whereas for a PVI it shall be, at a minimum, 6 weeks. The notification period for surveillance activities planned on shorter notice will be at the discretion of the CA. The notification period must allow sufficient time for the enterprise to supply requested information and for TCCA personnel to conduct all research and planning tasks prior to the on-site portion of the surveillance activity.

(3) The letter of notification shall:

  1. (a) Confirm all scheduled arrangements.
  2. (b) Advise the enterprise to provide copies of documentation applicable to the surveillance activity no later than 14 days following the receipt of the notification letter. This documentation may include approved company manuals, information incorporated by reference and any other documents essential to the surveillance activity that provides information relating to the enterprise systems. Where TCCA holds current copies of the documentation listed above, the request for documentation shall specify which documentation is needed.

    Note: Documentation requested from an enterprise will be limited to those publications that provide process, policy and procedures. Company generated records, such as reports or other data, pertaining to the outcome of individual programs will be reviewed on-site as part of the sampling plan.
    1. (i) Should an enterprise be unwilling or unable to comply with the request to provide documentation, the surveillance manager shall inform the CA who shall decide upon appropriate action. Appropriate action may include:
      1. (A) Provision of additional time to submit documents;
      2. (B) Enforcement action (e.g. the submission of a detection notice to TCCA Enforcement for their processing); or

        Note: Such enforcement action may use CAR 103.2(2) as its basis.

        Further detail concerning the enforcement action process is provided in Section 14.
    2. (ii) Action(s) taken following the failure of an enterprise to submit documents upon request will be determined on a case by case basis. The CA shall document the decision to take action and the process used to arrive at the action.
  3. (c) Request any Occupational Safety and Health (OSH) information that may be applicable to TCCA personnel during their on-site activities.
  4. (d) Request that the enterprise make arrangements for TCCA being on-site. Such arrangements may include access to a private working space, a phone or fax, access to the internet or a printer, etc.
  5. (e) Request confirmation from the enterprise whether or not they want best practices to be identified during the surveillance activity. Such a letter shall also contain a brief description of what constitutes a best practice.

(4) The letter of notification may also include a copy of a documentation review guide to be completed by the enterprise along with the due date for its return to TCCA.

(5) The surveillance manager shall prepare the letter of notification shall ensure it is signed by the CA prior to its release to the enterprise.

8.2 Confirm Team Membership

(1) Membership of a surveillance team is selected during the development of the annual surveillance plan. However, at the commencement of a surveillance activity, the surveillance manager shall confirm team membership and availability.

(2) Should any of the surveillance team members no longer be available as scheduled, the surveillance manager shall consult with the CA to determine necessary remedial action such as, but not limited to:

  1. (a) Conduct of the surveillance activity without that team member;
  2. (b) Find a suitable replacement; or
  3. (c) Delay, re-schedule or cancellation of the surveillance activity

8.3 Research

(1) At the outset of a surveillance activity, the CA must clearly define the scope of the surveillance activity. With respect to an assessment, it is the enterprise’s SMS and how it controls all aspects of regulatory compliance. With respect to a PVI, it is the point of entry as defined in Section 7.1.2.

(2) It is through research that the conceptual step of “Understand Enterprise Systems”, as identified in the conceptual model to systems based surveillance (Section 6.3, Figure 1), is achieved.

(3) During research, the surveillance team develops an understanding of:

  1. (a) The TCCA regulatory requirements with which the enterprise must comply and their supporting expectations.
    1. (i) The key question to be answered is “what is the enterprise expected to do?”
  2. (b) The systems the enterprise uses to comply with regulatory requirements.
    1. (i) This may come from a review of the enterprise’s approved documents and company manuals to which TCCA has access or has requested as part of notification.
    2. (ii) The key question to be answered is “what systems does the enterprise have in place to comply with their requirements and how do they work?”
  3. (c) The enterprise’s operational and compliance history.
    1. (i) This may come from a review of information sources including CADORS, previous surveillance reports, and principal inspectors.
    2. (ii) The key question to be answered is “how have their systems historically performed with respect to maintaining compliance?”
  4. (4) Prior to the commencement of the surveillance team’s research, the surveillance manager shall review the information available associated with the enterprise to ensure it is accurate, up to date and sufficient to proceed (this is mainly with respect to paragraph (3) (b)). Should deficiencies be identified, the surveillance manager shall contact the enterprise and request any missing information. Should the deficiency persist, the surveillance manager shall consult with the CA to determine necessary remedial action. Appropriate action may include:
    1. (i) Provision of additional time to submit documents;
    2. (ii) Enforcement action (e.g. the submission of a detection notice to TCCA Enforcement for their processing); or

      Note: Such enforcement action may use CAR 103.2(2) as its basis.

      Further detail concerning the enforcement action process is provided in Section 14.
    3. (iii) Certificate action (e.g. the issuance of a notice of suspension).

Note: Further detail concerning the certificate action process is provided in Section 15.

(5) Action(s) taken following the failure of an enterprise to submit documents upon request will be determined on a case by case basis. The CA shall document the decision to take action and the process used to arrive at the action.

(6) Following the confirmation of necessary research materials, the surveillance manager shall distribute research tasks amongst surveillance team members. Research tasks shall take place:

  1. (a) In the case of an assessment, 4 to 6 weeks prior to on-site activities;
  2. (b) In the case of a PVI for a low complexity organization, some time prior to on-site activities.
  3. (c) In the case of all other PVIs, 2 weeks prior to on-site activities.

(7) Research activities shall take place in these timeframes in order to ensure that:

  1. (a) Inspectors have the necessary time to conduct a complete review of the materials;
  2. (b) The enterprise has sufficient time to supply additional requested materials; and
  3. (c) Inspectors have the necessary time to conduct a follow-up on any questions prior to the on-site review.

(8) Team members shall perform their research in order to develop an understanding of the enterprise systems and how they relate to TCCA expectations and regulatory requirements (i.e. answer the key questions given in paragraphs (3) (a)(ii), (3) (b)(ii) and (3) (c)(ii)). As part of this research and based on the scope of the surveillance activity, team members may:

  1. (a) Review the enterprise’s approved manuals to:
    1. (i) Verify they have the documented processes and procedures in place to ensure compliance with the appropriate CAR and/or any standard referenced therein; and
    2. (ii) Understand how they conduct their work (i.e. understand their systems).
  2. (b) Review other relevant surveillance information collected to develop an understanding of the intent of the regulations placed on the enterprise.
  3. (c) Review the regulatory requirements associated with the surveillance activity
  4. (d) Review all other related information relevant to the enterprise and the scope of the surveillance activity, which may include:
    1. (i) Previous assessments, validation inspections, process inspections or audits including corrective actions and follow-up where applicable;
    2. (ii) Accident or incident data, including CADORS reports;
    3. (iii) Previous compliance history including any enforcement actions; and
    4. (iv) Exemptions, waivers, approvals, limitations and authorizations.
  5. (e) Identify areas that require further review during the on-site portion of the surveillance activity.

(9) The results of all research activities shall be documented and saved.

8.4 Surveillance Plan

(1) Based on research activities, the surveillance manager shall develop a surveillance plan for approval by the CA. This plan ensures that the surveillance activity will be conducted in an organized manner and in accordance with predetermined criteria.

(2) Appropriate sections of the plan may be distributed to each member of the surveillance team to provide guidance and direction throughout the surveillance activity. In addition to this, the surveillance manager may wish to provide the enterprise with portions of the plan.

(3) A key component of the surveillance plan is the sampling plan as it details what is to be looked at within the enterprise to determine if they are in regulatory compliance. As such, instructions with respect to the development of a sampling plan are covered in a specific section (8.4.1).

Note: The development of a surveillance plan, in particular the sampling plan, is based on the understanding of the enterprises systems. As such, during the development of the surveillance plan the results of research activities will serve as the foundation. In addition, certain gaps in understanding may be uncovered. Therefore, further research may need to be completed (i.e. it is an iterative process).

8.4.1 Sampling Plan

(1) A sampling plan provides a defined structure for the on-site activities by identifying key personnel to be interviewed as well as technical personnel, records, products, process outputs and procedures to be sampled in order to make observations such that TCCA can confirm whether or not an enterprise is complying with its regulatory requirements.

(2) Based on research outputs (particularly as it relates to the enterprise history), the surveillance manager may decide to conduct:

  1. (a) Focused sampling in one or several areas of a surveillance activity where an enterprise has historically been weak (e.g. has had findings before, number of events, etc.).
  2. (b) Routine sampling in area(s) where the enterprise has not had any issue.

(3) Each expectation must have a sampling task. These sampling tasks may take the form of:

  1. (a) Interviews with enterprise personnel. In selecting interviews as a sampling task, the surveillance manager shall consider the following:
    1. (i) During certain surveillance activities, there may be key personnel that must be interviewed. This may include the accountable executive, any person assigned responsibilities in accordance with the CARs (Director of Flight Operations, Person Responsible for Maintenance, QA manager, etc.), or any other person assigned key responsibilities as part of the enterprise’s SMS (SMS implementation manager, event investigator, safety officer, etc.).
    2. (ii) Interviews shall normally apply to technical personnel. However, TCCA may request to interview anyone whose duties could impact aviation safety.
    3. (iii) Questions to be asked during interviews should be carefully prepared. Each surveillance worksheet contains a list of example questions, which are provided as guidance only. Surveillance team members may select from those questions or prepare their own based on the required sampling tasks and results of research activities.
  2. (b) Review of records; or
  3. (c) Review of products, aircraft, facilities, airside, process outputs, etc.

(4) The surveillance manager shall use the chart below to determine the number of items to be sampled based on lot size.

Lot Size 1-13 14-150 151-280 281-500 501-1200 501-1200
Sample Size All 13 20 29 34 55

Note: In cases where lot sizes are not readily or easily available, the surveillance team should communicate with the enterprise to obtain them.

(5) The surveillance manager shall select a random sampling of the overall population or a stratified random sampling where the lot size is divided into different areas and each area is designated an amount of sampling in proportion to its size.

Example: an Air Operator Certificate (AOC) holder could be divided into 3 areas - flight operations, cabin safety and dispatch. If flight operations make up approximately 60% of the overall number of technical personnel, it is allocated 60% of the interviews.

Note: A tool that can be used to assist in the development of sampling plans has been developed by Measurement Canada and can be found at http://strategis.ic.gc.ca/app/mc/rndm/RndmMn?lang=eng

(6) Where population sizes are unknown, the surveillance manager shall either:

  1. (a) Choose to contact the enterprise to confirm lot sizes; or
  2. (b) Leave the lot and sample size blank to be confirmed once on-site.

(7) Finally, the surveillance manager shall schedule all surveillance tasks. This means that the surveillance manager shall assign:

  1. (a) Surveillance team members to each sampling task; and
  2. (b) An on-site date when the sampling is expected to occur.

8.5 Team Meeting prior to the On-site Review

(1) Prior to going on-site, the surveillance manager shall convene a surveillance team meeting. The purpose of the team meeting is to:

  1. (a) Understand the administrative and logistical needs for the surveillance activity; and
  2. (b) Gain a common understanding, prior to going on-site, of how the different processes function together.

(2) This meeting shall include the following agenda items as applicable for the surveillance activity:

  1. (a) Administrative details;
  2. (b) Surveillance plan review and amendment, ensuring that all team members have received appropriate portions of the plan;
  3. (c) Overview of the sampling plan to ensure:
    1. (i) Work is apportioned appropriately; and
    2. (ii) That team members clearly understand what is to be sampled and why.
  4. (d) Budget information, including tracking of overtime and travel expenses;
  5. (e) Conflict of interest and confidentiality;
  6. (f) Forms administration and documentation requirements;
  7. (g) Review of occupational health and safety requirements to be followed on-site;
  8. (h) Communication arrangements
    1. (i) Within the team;
    2. (ii) With the enterprise; and
    3. (iii) With outside stakeholders (e.g. 3rd parties).
  9. (i) Discussion on the result of research activities, including the interaction between company specific systems; and
  10. (j) Where possible, a briefing by all principal inspectors on the enterprise’s current activities, trends, performance and previous surveillance history including corrective action and follow-up. Where the principal inspectors are not available for the team meeting, alternate means shall be used to ensure the surveillance team receives their input. This can include teleconferences, memos and briefing summaries.

9.0 ON-SITE ACTIVITIES

9.1 Entry Meeting

(1) The entry meeting is an opportunity for the surveillance team to address enterprise management, to outline the surveillance process and answer any questions from the enterprise relating to surveillance activities.

(2) The meeting shall:

  1. (a) Outline administrative requirements so that the surveillance activity may be conducted both effectively and efficiently, and minimize any disruption.

    Note: A briefing on the Access to Information and Privacy (ATIP) Act is not normally required. If an ATIP request is received during surveillance activity, the ATIP office will provide the necessary information to comply with the request including information to advise the enterprise under review.
  2. (b) Confirm communication arrangements and single points of contact;
  3. (c) Confirm logistical arrangements such as the location for the surveillance team to work as well as location of all key enterprise personnel.

(3) The entry meeting is also an opportunity for the surveillance manager to confirm the details of the sampling plan with the enterprise. This may include:

  1. (a) Confirming the sampling activities;
  2. (b) Requesting/confirming lot sizes;
  3. (c) Requesting/confirming logistical details for personnel to be interviewed;
  4. (d) Confirming the schedule associated with the sampling activities.

(4) The entry meeting will be led by the surveillance manager, as directed by the CA, and members of the surveillance team will attend as directed. Additional TC personnel may attend as directed by the CA.

(5) Following the entry meeting, the surveillance manager shall hold a briefing for the surveillance team that shall include, but not be limited to, a discussion regarding the following items:

  1. (a) Facility familiarization;
  2. (b) Protocol for the use of company resources;
  3. (c) Identification of key company contacts; and
  4. (d) Briefing on OSH requirements.

9.2 Execute Sampling Plan

(1) It is at this stage that the surveillance team shall review the outputs of the enterprise’s systems by carrying out the sampling plan. More specifically, the surveillance team shall:

  1. (a) Sample people (i.e. interviews), records, products, aircraft, processes etc. in accordance with the sampling plan;
  2. (b) During sampling, the entire sample size must be reviewed to ensure the statistical validity of the sample. Should non-compliance be discovered, an inspector shall continue sampling. The entire sample size must be reviewed to determine the severity of the issue (i.e. 4 non-compliances are more severe than 1) and as multiple instances of non-compliance may provide a more robust evidence package for action following the surveillance activity.
  3. (c) Record results of sampling (e.g. interview notes, records, etc.) and gather evidence to support the observations.

    Note: Observations are all outcomes obtained during a surveillance activity. They are used to confirm both compliance and non-compliance.
  4. (d) All observations shall be documented. This includes, but is not limited to:
    1. (i) Taking notes (notes shall be factual and specific e.g. date, time, conditions, details of observations
    2. (ii) Gathering evidence in accordance with CAR 103.09
    3. (iii) All observations of non-compliance must be supported by evidence

9.3 On-site Communication

(1) On-site communication is comprised of 2 main activities that occur at regularly scheduled intervals, as specified in the surveillance plan. They are:

  1. (a) Enterprise briefings; and
  2. (b) Surveillance team briefings.

(2) Details concerning both types of briefings are provided in the following sub-sections.

9.3.1 Enterprise Briefings

(1) The surveillance manager shall provide the enterprise regular briefings while on-site. Whenever possible, the briefings shall be provided to the enterprise management that is accountable for the area of operations undergoing surveillance.

(2) Enterprise briefings shall be led by the surveillance manager and other TCCA staff (including surveillance team members) can participate in enterprise briefings as requested.

(3) During enterprise briefings, the surveillance manager shall:

  1. (a) Provide the enterprise with a status report of all surveillance activities performed in relation to the surveillance plan;
  2. (b) Seek clarification concerning any questions, concerns, ambiguities, etc. discovered while sampling or during the preliminary analysis of sampling results (Section 9.4);
  3. (c) Allow the enterprise to provide any feedback concerning surveillance activities that have taken place;
  4. (d) Submit any Confirmation Request Forms to the enterprise; and
  5. (e) Follow-up on any Confirmation Request Forms submitted to the enterprise.

(4) The primary objective of enterprise briefings is to ensure:

  1. (a) Transparency with respect to the surveillance process; and
  2. (b) All observations made during the surveillance activity are accurate.

(5) Ultimately, through enterprise briefings, the surveillance team ensures that the enterprise is not presented with new information at the exit briefing.

9.3.2 Team Briefings

(1) While on-site, the surveillance manager shall hold regular team briefings with the entire surveillance team in order to:

  1. (a) Ensure adherence to the surveillance plan;
  2. (b) Resolve issues or problems arising from the day’s activities;
  3. (c) Validate confirmation requests (if used);
  4. (d) Review sampling results; and
  5. (e) Share information related to common or interrelated enterprise systems.

9.4 Preliminary Analysis of Sampling Results

(1) During on-site team briefings, the surveillance team shall begin a preliminary analysis of the results of sampling with the aim of:

  1. (a) Ensuring the validity of observations; and
  2. (b) Determining if the sampling plan needs to be revised (i.e. more or less sampling for any particular expectation).

(2) It is at this stage that the surveillance team begins validating that the enterprise’s systems achieve compliance with regulatory requirements.

(3) The results of the preliminary analysis should be shared with the enterprise during their regular briefings (Section 9.3.1). This will provide the enterprise with the opportunity to provide feedback with respect to analysis results and clarify questions, concerns, ambiguities, etc. that may have arisen as part of preliminary analysis activities. It is important to remind the enterprise that any analysis results are preliminary and may change as a result of post-site activities.

(4) An analysis framework to use during this preliminary analysis is provided in the following subsections.

9.4.1 Perform a Factual Review of the Observations

(1) The surveillance team shall review their observations made during sampling. Focus on the results of the sampling plan to determine:

  1. (a) What observations have been made as part of sampling;
  2. (b) Against what expectations or regulatory requirements have these observations been made; and
  3. (c) How do those observations link to the performance of the enterprise’s systems and their ability to comply with regulatory requirements.

(2) In addition, as there may be surveillance team members performing different sampling tasks for the same expectation, the team shall compare results and objectively analyze them in order to ensure observations of a particular expectation are an accurate reflection of the enterprise’s overall performance in that area.

(3) Another point to consider when reviewing observations made is any enterprise feedback received concerning the observations. This feedback may have been informal or as part of their regular briefings (Section 9.3.1). Enterprise feedback may apply context to an observation that may change its interpretation.

(4) Finally, the team should review any non-compliance findings that have been detected as part of sampling activities.

9.4.2 Determine if On-Site Action is Warranted

(1) TCCA must act immediately should the surveillance team observe any;

  1. (a) Immediate threats to aviation safety; or
  2. (b) Knowing, wilful or blatant disregard of a regulatory requirement.

(2) Actions to be taken upon making such observations may include one or any combination of:

  1. (a) The issuance of a finding on-site;
  2. (b) Enforcement action; or
  3. (c) Certificate action.

(3) Action will only be contemplated on-site when the CA and surveillance manager are in agreement with such action.

(4) An on-site finding shall be issued during the surveillance activity where corrective action is required immediately or at the very least, prior to completion of the surveillance activity. The corrective action section of the Finding Form includes a checkbox and a line to specify the date/time by which corrective action is required.

(5) The enterprise must respond to the finding by the date/time specified in the corrective action section of the Finding Form using a Corrective Action Plan form (available in the Transport Canada Forms Catalogue as form number 26-0675). For the purposes of follow-up to corrective actions taken during the surveillance activity, the surveillance manager shall accept or reject submitted corrective actions by signing the applicable Corrective Action form.

(6) Enforcement action may be taken where it is determined that the observation(s) should result in a TCCA Enforcement investigation.

(7) Certificate action may be taken where it is determined that the observation(s) warrant it.

9.4.3 Determine if any Trends are Apparent Within the Observations

(1) The surveillance team should begin grouping those observations to determine if any trends are beginning to develop. In doing this, the team should consider the enterprise systems and how they interact to ensure compliance to determine if there are any common observations being made across various sampling tasks.

(2) At this point during the analysis that the surveillance team should begin forming preliminary conclusions with respect to the state of compliance or non-compliance of the enterprise. Findings are at the systems level and may represent a series of non-compliances as detected during sampling.

9.4.4 Determine if There is Sufficient Evidence to Support the Analysis

(1) The surveillance team shall verify that they have sufficient evidence to support their observations and any findings of non-compliance. While the analysis, at this stage, is preliminary, it is important to realize that it will become the foundation of the post-site analysis which will lead to findings and follow-up action.

(2) A finding must be supported by sufficient specific and factual evidence to clearly describe the state of the enterprise’s systems and how that state resulted in non-compliance to regulatory requirements. Therefore, the surveillance team shall ensure they have sufficient evidence to convince themselves, TCCA and the enterprise that a systemic finding exists. Should the determination be made that there is not sufficient evidence to support a finding, further sampling must be conducted.

9.4.5 Review/Revise the Sampling Plan

(1) The surveillance team shall review the sampling plan against the results of preliminary analysis activities to determine if:

  1. (a) All sampling tasks have been completed; or
  2. (b) There is a need for revision.

(2) The analysis to this point may indicate that:

  1. (a) There is sufficient evidence to confirm compliance or non-compliance for an aspect of a sampling plan that has been completed. In such cases, sampling for these areas of the surveillance activity should be considered complete.
  2. (b) There is sufficient evidence to confirm compliance or non-compliance for an aspect of a sampling plan that has duplicate sampling tasks. In such cases, the surveillance manager should consider cancelling the duplicate task if resources are needed in other areas.
  3. (c) There is a need for more sampling to confirm compliance or non-compliance for an aspect of a sampling plan that has yet to be completed. In such cases, the surveillance manager should continue with the planned sampling tasks.
  4. (d) There is a need for more sampling to confirm compliance or non-compliance for an aspect of a sampling plan that has been completed. In such cases, the surveillance manager shall assign additional sampling tasks to the areas such that compliance can be appropriately determined.

(3) It is important to remember that all expectations associated with the surveillance activity must be sampled.

(4) At this point, the surveillance manager, in consultation with the CA, must decide whether a revision of the sampling plan is required. This revision may include, but is not limited to:

  1. (a) Re-assigning resources to different sampling tasks;
  2. (b) Adding additional sampling tasks for a particular expectation; and/or
  3. (c) Removing sampling tasks from a particular expectation.

(5) All revisions to the sampling plan shall be made by the surveillance manager and they shall inform the CA as soon as reasonably practical.

9.5 Exit Meeting

(1) Upon completion of the surveillance activity, the surveillance manager shall convene an exit meeting with the enterprise’s senior management to brief them on the results.

(2) The exit meeting shall be led by the surveillance manager, as directed by the CA, and members of the surveillance team will attend as directed. Additional TC personnel may attend as directed by the CA.

(3) During the exit meeting, the surveillance manager shall inform enterprise management that the on-site portion of the surveillance activity is closed. The surveillance manager can then provide a summary of observations made during the activity and any potential areas of concern. As the surveillance team will have briefed enterprise management on the results of preliminary analysis of observations, potential findings and areas of concern during the regular briefings, debate between the team and the enterprise should not occur. However, it is important to remind the enterprise that a full analysis of surveillance results will take place post-site and that this may change preliminary analysis results.

(4) The surveillance manager shall advise the enterprise that the surveillance report will be forwarded to them and that, if applicable, they will have an opportunity to respond formally to the surveillance report in their submission of a Corrective Action Plan (CAP). Details of the corrective action process shall also be discussed.

10.0 POST-SITE ACTIVITIES

10.1 Determine Systemic Findings

(1) The surveillance team shall analyze all observations made to this point.

(2) The purpose of this analysis is to determine if there are any findings of non-compliance and, if so, to develop an understanding of the exact extent and nature of the findings. This understanding will allow the surveillance team to group non-compliances by expectation and regulatory requirement and bring it forward to complete finding forms at the system level.

10.1.1 Determine the number of non-compliances observed

(1) The surveillance team shall systematically go through the observations made for all expectations through their corresponding sampling tasks within the sampling plan. This will allow the surveillance team to see which expectations the enterprise did not meet and also reveal against which regulatory requirement there may be non-compliance.

(2) Should the surveillance activity reveal no observations of non-compliance, the surveillance team will proceed to the decision-making in section 10.4.

10.1.2 Group non-compliances by offence creating provision

(1) The surveillance team shall group the observations of non-compliance by offence creating provision, which were identified in the sampling plan.

Note: Expectations within a sampling plan often share offence creating provisions.

(2) Offence creating provisions will serve, whenever possible, as the basis of the finding forms.

10.1.3 Consider the enterprise’s systems

(1) The surveillance team shall consider the grouped observations in light of the enterprise’s systems.

(2) Questions to ask when grouping observations by enterprise systems are:

  1. (a) Which enterprise system, or portion thereof, allowed the non-compliance to occur and why?
  2. (b) How did the non-compliance occur?
  3. (c) What is the extent of the system failure (i.e. number of non-compliances within a given time period)?
  4. (d) What is the severity of the non-compliances (i.e. impact on aviation safety)?

10.1.4 Consider the enterprise’s history

(1) The surveillance team shall consider the enterprise’s safety, compliance and surveillance history (as identified during the pre-site research). The purpose of this is to put the observations of non-compliance and systems review in context of the enterprise.

(2) Questions to ask when considering the enterprise’s history are:

  1. (a) Have any of the identified non-compliances occurred before?
  2. (b) Have any of the identified non-compliances been part of findings in past surveillance activities?
  3. (c) Does TCCA intelligence indicate a weakness in any of the systems?
  4. (d) Have any of the identified non-compliances been used in past enforcement or certificate action against the enterprise?

10.2 Findings

(1) This section explains the process for developing findings related to non-compliance to regulatory requirements (10.2.1 to 10.2.4) and continuous improvement findings (10.2.5).

(2) Using the results of the analysis of surveillance outputs, the surveillance team shall perform the step “Make Findings Against System Compliance” within the conceptual model of systems based surveillance (Figure 1).

(3) The surveillance team shall find each expectation included in the sampling plan as being either met or not met.

(4) Those expectations which are met shall be documented as such.

(5) Those expectations that were found to have not been met shall be documented in the appropriate finding form according to the procedures given in the following sub-sections.

10.2.1 Number of Findings

(1) There is no defined minimum or maximum number of findings for a surveillance activity. Rather, what is important is that the findings:

  1. (a) Are at the systems level and that the observations used as examples are linked to appropriate regulatory requirements (preferably offence creating provisions) and backed up by evidence;
  2. (b) Provide sufficient narrative information such that the enterprises can clearly understand the nature of the systemic failure which led to the finding and its associated non-compliances and develop adequate CAP;

(2) The surveillance manager shall ensure findings are presented to the enterprise using the number of finding forms necessary to meet the principles given above.

10.2.2 Finding Numbering

(1) Findings shall be numbered using the subpart of the CAR related to the non-compliance, followed by a dash and a sequential number (e.g. 703-01, 406-11, 573-06, 107-02, etc.).

10.2.3 Completing a Finding Form

(1) The purpose of the finding forms is to communicate any systemic failures that have resulted in non-compliances to regulatory requirements discovered during the surveillance activity.

(2) The finding forms shall be developed and documented in such a manner that they are clear and easily understood by the enterprise so that they can effectively correct the identified systemic failures and ensure compliance moving forward. To this end, findings forms shall be prepared in such a manner that it is clear to the enterprise which of their systems failed leading to the non-compliance(s). The surveillance team shall develop finding forms such that they provide an over-arching narrative that:

  1. (a) Except as described in (b), demonstrates non-compliance(s) to a regulation
  2. (b) Where the non compliance cannot be linked to a regulation (i.e. there is no CAR enabling that particular provision), demonstrate non compliance(s) to a Standard or Airworthiness Manual requirement.
  3. (c) Whenever possible, represent non-compliance to an offence creating provision.
  4. (d) Quotes the regulatory requirements that were observed to be non-compliant and the expectation(s) that were not achieved; and
  5. (e) Cites all examples of non-compliance observed during the surveillance activity that support the argument that the enterprise system has failed.

(3) Developing findings in this manner serves three purposes:

  1. (a) It provides a link from the regulatory requirements to the expectations such that the enterprise understands how their system(s) failed, resulting in a state of non-compliance;
  2. (b) It focuses the enterprise to correct their system(s) in dealing with the finding; and
  3. (c) By demonstrating non-compliance to offence creating provisions whenever possible, ensures that, should enforcement action be necessary, it can be pursued.

(4) Surveillance finding forms shall be completed in the following manner:

  1. (a) At the top of the finding form:
    1. (i) Enterprise’s name, preferably, as found on the Canadian Aviation Document
    2. (ii) Location of the base or sub-base where the finding applies
    3. (iii) Enterprise’s TCCA file number
    4. (iv) System against which the finding is being made (e.g. QA, operational control, winter operations plan, training program)
  2. (b) In the “Non-Conformance with” section:
    1. (i) Regulatory requirement to which the systems failure applies shall be identified
      1. (A) Whenever possible, this shall be an offence creating provision such that, should follow-up to the surveillance activity require the use of enforcement or certificate action, there will be an appropriate link

        Note: In the case of assessments, this offence creating provision will generally be Section 107.02 of the CARs.

      2. (B) Where an offence creating provision cannot be found to support the systems level failure, non-compliances to specific offence creating provision(s) shall be used in the examples section
      3. (C) Where an offence creating provision cannot be found to support a finding in any way, the finding shall be completed using the appropriate regulatory requirements
  3. (c) In the “Examples” section a narrative which supports the argument of the systemic failure shall be provided that includes:
    1. (i) Relevant expectation which was not achieved by the enterprise
    2. (ii) All examples of non-compliance observed during sampling that related to the expectation
    3. (iii) Appropriate CAR, number of non-compliances observed, details of the non-compliance(s) (e.g. date, time, circumstance, conditions) and a reference to the evidence that confirms the validity of the non-compliance
      The evidence will not be included in the surveillance report, but will be retained in the applicable company file.
    4. (iv) Reference may be made to any other materials (e.g. approved manuals, standards, etc.). However, all such references shall be tied back to a regulatory requirement.
  4. (d) In the “Corrective Action required by” section, the surveillance team will:
    1. (i) Check the appropriate box
    2. (ii) Indicate the date/time that corrective action is required by, if applicable
    3. (iii) Specify the name of the surveillance team member writing the finding and the date the finding was written

10.2.4 Classifying Findings

(1) Findings shall be classified using the following criteria;

  1. (a) Minor
    A finding is considered minor where a surveillance activity has identified that the area under surveillance has been maintained and demonstrated to be effective, however requires administrative enhancement
  2. (b) Moderate
    A finding is considered moderate where a surveillance activity has identified that the area under surveillance has not been fully maintained and examples of non-compliance indicate that it is not fully effective, however the enterprise has clearly demonstrated the ability to carry out the activity and a simple modification to their process is likely to correct the issue.
  3. (c) Major
    A finding is considered major where a surveillance activity has identified that the area under surveillance has not been established, maintained and adhered to or is not effective, and a system-wide failure is evident. A major finding will typically require more rigorous and lengthy corrective action than a minor or moderate finding.

(2) Finding classification shall be identified in the surveillance report (Section 10.6).

10.2.5 Continuous Improvement Finding

(1) The purpose of a continuous improvement finding (CIF) is to communicate any best practice expectation that was discovered to be not met during the surveillance activity.

(2) CIFs shall only be developed when an enterprise requests to undergo surveillance against best practices. In addition, response to them, in the form of a CAP, shall be at the discretion of the enterprise.

(3) A CIF shall be developed and documented in such a manner that it is clear and easily understood by the enterprise so that they can effectively correct system associated with the best practice that was not met.

(4) CIFs shall be completed in the following manner:

  1. (a) At the top of the CIF form, the surveillance team will document:
    1. (i) Enterprise; where applicable, using the enterprise’s name as found on the Canadian Aviation Document;
    2. (ii) Location of the base or sub-base where the finding applies;
    3. (iii) Enterprise’s TCCA file number; and
    4. (iv) System against which the CIF is being made
  2. (b) In the “Non-Regulatory Best Practice not implemented” section, the surveillance team will:
    1. (i) Quote the best practice expectation that was not met by the enterprise;
    2. (ii) Indicate all observations made during sampling that relates to the expectation not being met. Describe the details of the observations(s) (e.g. date, time, circumstance, conditions, etc.) and make reference to the evidence that confirms the validity of the observation.
    3. (iii) Repeat this process for all expectations that relate to the CIF.

      Note: This section of the CIF must contain sufficient narrative information to indicate the extent of the best practice expectation(s) not being met.
  3. (c) In the “Corrective Action required by” section, the surveillance team will:
    1. (i) Specify the date/time that corrective action is required by.
      Note: The enterprise is not required to submit a CAP.
    2. (ii) Specify the name of the surveillance team member writing the CIF and the date the finding was written.

10.3 Post-Site Decision Making Framework

(1) Upon detecting non-compliances, TCCA must take some form of action to mitigate any safety risk. In this regard, a decision must be made on the “TCCA Follow-up Action” in the conceptual model.

(2) In deciding what follow-up action to take, the surveillance team shall consider as applicable:

  1. (a) The number of findings. The greater number of finding forms, non-compliances, expectations not being met, failing enterprise system(s) or portion thereof, etc. the more severe the follow-up action.
    1. (i) Key questions to consider include: how many finding were completed? How many examples of non-compliance were observed? How many enterprise system(s), or portions thereof, demonstrate non-compliance?
  2. (b) The classification of findings. The more significant the classification (from minor to major) of the findings or the more significant the most common classification, the more severe the follow-up action.
    1. (i) Key questions to consider include: how many findings of each classification are there? What is the most common classification?
  3. (c) The enterprise’s compliance history. The more an enterprise has historically demonstrated a lack of compliance with regulatory requirements, the more severe the follow-up action.
    1. (i) Key questions to consider include: has the enterprise demonstrated a lack of compliance with its regulatory requirements in the past? Have they had significant findings during previous surveillance activities? Are any of the current findings a repeat of previous findings?
  4. (d) The enterprise’s ability to produce a CAP. The more an enterprise has historically demonstrated a lack of ability to produce an acceptable CAP and follow through with its corrective actions, the more severe the follow-up action.
    1. (i) Key questions to consider include: has the enterprise provided TCCA with an acceptable CAP in the past? Does the enterprise have a robust internal CAP process?
  5. (e) The enterprise’s safety record. The more an enterprise has historically demonstrated a poor safety record, the more severe the follow-up action.
    1. (i) Key questions to consider include: has the enterprise historically effectively managed its safety risks? Does the enterprise put safety as a priority? Does TCCA have safety intelligence that would indicate that enterprise does not have safety as a priority?

(3) Based on the considerations above, the surveillance team shall recommend one or any combination of the following actions. The follow-up actions below are presented in increasing order of severity (i.e. the CAP process should be considered first, followed by Enforcement Action, then Enhanced Monitoring, and finally Certificate Action).

  1. (a) Submission of a CAP by the enterprise.
    1. (i) The CAP process is used for every systems based surveillance activity that results in findings as it encourages the enterprise to take ownership of the finding(s) and correct their systems even if it is used in conjunction with another follow-up process.
    2. (ii) The CAP process is used on its own when findings are not severe in nature and the enterprise has demonstrated an ability to comply with regulatory requirements in the past.

      Note: The CAP process is described in greater detail in Section 12.
  2. (b) Enforcement Action against the enterprise.
    1. (i) Enforcement Action is used when:
      1. (A) Findings are severe in nature and enterprise history would suggest that enforcement action should be taken to encourage future compliance.
      2. (B) Surveillance activities and TCCA intelligence indicate that the enterprise is developing a problem with maintaining compliance on an on-going basis.

        Note: The Enforcement Action process is described in greater detail in Section 13.
  3. (c) Placement of the enterprise in Enhanced Monitoring.
    1. (i) Enhanced Monitoring is used when surveillance activity findings and enterprise history would suggest that an increased TCCA presence is needed to oversee and ensure the enterprise’s return to compliance.

      Note: The Enhanced Monitoring process is described in greater detail in Section 14.
  4. (d) Certificate Action against the enterprise.
    1. (i) Certificate Action is used when surveillance activity findings are severe and enterprise history demonstrates a poor compliance and safety record.

      Note: The Certificate Action process is described in greater detail in Section 15.

(4) The determination of which follow-up action(s) are taken will depend on the results of the considerations provided above. However, it should be noted that the surveillance team recommends a follow-up action. Every recommended follow-up action shall be reviewed and approved by the Surveillance Review Committee (Section 10.7).

10.4 Document Analysis and Decision

(1) The surveillance manager shall record the framework, considerations, and outputs of all analysis and decision making performed.

(2) The analysis and decision making document shall be presented to the Surveillance Review Committee (Section 10.7) such that they can develop an understanding of the process used to arrive at the Findings and Surveillance Report.

10.5 Internal Scoring

(1) Internal scoring is a TCCA process used as a performance indicator of the level of compliance of an enterprise.

(2) Each area of surveillance for a surveillance activity shall be assigned a narrative score (defined in 10.5 (4)) from “not documented/implemented” to “best practices” based on the number of expectations the enterprise met during the surveillance activity.

(3) There are two categories of expectations within each surveillance worksheet: compliance and best practices. Compliance expectations are those expectations which must be met by the enterprise and are the basis for a score of compliant. Best practice expectations shall only be evaluated during a surveillance activity when requested by the enterprise and serve as the basis for a score of best practices.

(4) Scoring awards are assessed in the following manner:

  1. (a) A score of not documented/implemented
    The expectations of the surveillance worksheet are not documented and not implemented.
  2. (b) A score of partially documented/implemented
    The expectations of the surveillance worksheet are partially documented and/or implemented.
  3. (c) A score of compliant
    All expectations within the surveillance worksheet meet regulatory requirements.
  4. (d) A score of exceeds compliance
    The enterprise exceeds the regulatory requirements. To receive this award level, the enterprise must meet all of the expectations of compliant plus some aspects of best practices.

    Note: Some aspects means equal to or greater than 50% of the best practice expectations. In the case where there are an odd number of best practice expectations, the proportion must be above 50 % (e.g. 3 expectations out of a total of 5)
  5. (e) A score of best practices
    The enterprise meets all the expectations for an award level of compliant plus all of the additional requirements for that element. To achieve an award level of best practices, an enterprise would have to meet the regulatory requirements as well as demonstrate industry best practices at a very high level.

    Note: A score of ‘exceeds compliance or best practices’ shall only be assigned when an enterprise requests that best practices be considered during the surveillance activity.

(5) Scores shall be documented by the surveillance manager.

10.6 Surveillance Report

(1) The surveillance report is a document that summarises the results of the surveillance activity. The report is a factual account of the surveillance activity and shall not include subjective statements, suggestions or recommendations.

(2) The report is to be prepared by the surveillance manager and approved by the CA.

(3) The surveillance report shall state whether the enterprise is in compliance or non-compliance with its regulatory requirements.

(4) As determined by the CA, the report shall be written in the enterprise’s preferred language as indicated by the record of communication between TCCA and the enterprise. The surveillance manager shall determine the language to be used in the preparation of surveillance documentation based on the language of work requirements. If necessary, the surveillance manager shall have material translated.

(5) The surveillance report shall be presented to the enterprise within 30 days calculated from the last day of the on-site portion of the surveillance activity. Up to seven additional days may be granted at the discretion of the CA, should reports require additional review by the Surveillance Review Committee (Section 10.7).

(6) The CA shall sign the report and ensure that the original copy is received by the enterprise. Confirmation of receipt, in the form of a signed copy, postal receipt or other acceptable means, is essential as this establishes the date for receipt of the CAP.

(7) The report shall outline the procedure for responding to findings (if any) and specify the required response time of 30 days from the time the enterprise receives the report.

(8) It should be noted that, in the case of a PVI, the surveillance report can be condensed to a letter depending on the size and complexity of the enterprise, the scope of the PVI and/or the results of the PVI. If a letter format is chosen, it shall clearly state the results of the PVI similar to an executive summary and include any other applicable information such as compliance and non-compliance statements, findings, continuous improvement findings and requirement for corrective, enforcement or certificate action.

10.7 Surveillance Review Committee

(1) Before the surveillance report is issued, the Surveillance Review Committee (SRC) shall be convened at the direction of the CA to review the final outputs of the surveillance activity.

(2) The membership of the SRC shall be left to the discretion of the CA, with a minimum membership of the CA and surveillance manager. Should the CA decide to have a larger membership for the SRC, they may consider the following as members:

  1. (a) Associate Director(s) of Operations;
  2. (b) Technical Team Lead(s);
  3. (c) Aviation Enforcement point-of-contact; or
  4. (d) Principal Inspector(s).

(3) Based on the results or nature of the surveillance activity, the CA may invite additional TCCA personnel to participate in the SRC. This may include surveillance team members, TCCA management personnel, TCCA legal advisors or other stakeholders who could impart valuable knowledge to the SRC.

(4) To facilitate an effective review, the surveillance manager shall provide the SRC with copies of the following in advance of their meeting:

  1. (a) The analysis and decision record produced;
  2. (b) All finding forms generated as part of the surveillance activity, including supporting evidence; and
  3. (c) The surveillance report.

(5) The SRC shall:

  1. (a) Review the results of the analysis of surveillance outputs for the validity of the analysis framework and considerations as well as the accuracy of the conclusions.
    (b) Review all findings generated as part of the surveillance activity to ensure:
    1. (i) They are clear, concise and easily understood;
    2. (ii) They are at the systems level;
    3. (iii) The appropriate systems level CAR(s) (offence creating provisions and otherwise) have been referenced;
    4. (iv) They cite the appropriate expectations; and
    5. (v) All non-compliances are supported by evidence.
  2. (c) Review the recommended follow-up action(s) to determine if they are appropriate based on analysis conclusions and the findings generated.
    (d) Review the surveillance report to:
    1. (i) Confirm its technical accuracy;
    2. (ii) Ensure that it is an objective account of the surveillance activity and that no subjective statements have been made;
    3. (iii) Ensure that all statements made in the surveillance report are supported by appropriate findings and evidence.

(6) Based on their review, the SRC will recommend either:

  1. (a) The analysis of surveillance outputs and follow-up action decisions be accepted and the findings and surveillance report be issued; or
  2. (b) Re-consideration or revision of the analysis of surveillance outputs, findings, follow-up action or surveillance report.

(7) Recommendations resulting from the SRC review will be considered advisory by the CA, as the CA will retain responsibility for the final findings and surveillance report.

(8) The meeting of the SRC must be held shortly after the development of the surveillance report to provide time to make any changes to the analysis, findings, follow-up actions or report, produce the final copies and forward the report to the enterprise within the specified time periods.

(9) The CA shall ensure the results of the SRC review are documented.

11.0 TCCA ACTION FOLLOWING A SURVEILLANCE ACTIVITY

(1) TCCA must act on all non-compliances of which they become aware. As such, it is at this stage of the surveillance activity that TCCA begins the step of “TCCA Follow-Up Action” in the conceptual model of surveillance (section 6.3, Figure 1).

(2) As detailed in Section 10.3, there are four (4) primary processes that can be used to follow-up on non-compliances detected during surveillance activities. The processes, in increasing order of severity, are:

  1. (a) Corrective Action Plan (CAP);

  2. (b) Enforcement Action;

  3. (c) Enhanced Monitoring; and

  4. (d) Certificate Action.

(3) Each of the follow-up processes can be used as stand alone or in conjunction with each other.

(4) It is desirable for TCCA to seek voluntary compliance from an enterprise's using the CAP process. Therefore, a CAP shall be used in all cases. However, circumstances may dictate that more severe actions need to be taken. What is important is that, through follow-up, TCCA obtains the confidence that the enterprise has the systems in place to maintain compliance with regulatory requirements.

(5) The conduct of each follow-up process are described in the following sections.

12.0 CORRECTIVE ACTION PLAN

(1) The process described in this section applies to CAPs in response to both conventional and continuous improvement findings.

(2) The sole caveat to consider is that CAPs submitted in response to a continuous improvement finding are not in response to a violation of regulatory requirements and are therefore not considered mandatory. As such, timelines for submission and review do not need to be strictly adhered to and no action need be taken when not receiving or rejecting a CAP.

12.1 Corrective Action Plan Submission

(1) The surveillance report shall advise the enterprise that it must:

  1. (a) Submit corrective action forms (form # 26-0675) for each finding by the date specified in the corrective action section of the Finding Form.

  2. (b) Include, as part of the CAP, a root cause analysis of the conditions which led to each finding. In Advisory Circular No. SUR-002, TC explains a root cause analysis and corrective action process to address TCCA findings of non-compliance.

    Note: This is intended to mean that an enterprise submits one CAP with a root cause analysis for each Finding.

(2) CAPs shall be required to be submitted within 30 days of receipt of the report unless extenuating circumstances are identified and an extension is approved by the CA.

(3) The CA will include the name(s) of the person(s) to whom the CAP shall be sent in the report covering letter.

(4) Where the enterprise fails to submit a CAP within the required timeframe, action shall be taken. To determine the nature of such action, TCCA must decide on what action to take. Appropriate action may include:

  1. (a) Provision of additional time to submit a CAP.

  2. (b) Enforcement action

    1. (i) For example: the submission of a detection notice to TCCA Enforcement for their processing.

      Note: The Enforcement Action process is described in greater detail in Section 13.

  3. (c) Certificate action

    1. (i) For example: the issuance of a notice of suspension.

      Note: The Certificate Action process is described in greater detail in Section 15.

(5) Action(s) taken following the failure of an enterprise to submit a CAP will be determined on a case by case basis. The CA shall document the decision to take action and the process used to arrive at the action.

12.2 CAP Evaluation

(1) Enterprises submitting CAPs must include completed corrective action forms (form #26-0675) and where applicable, supporting documentation that may take the form of technical record entries, purchase orders, memoranda, revised procedure cards, manual amendments, etc.

(2) Upon receiving the CAP, the CA (or individual responsible for CAP receipt) shall acknowledge receipt of the CAP to the enterprise, record the date of the receipt and assign the CAP for review, acceptance/rejection and verification to the appropriate inspector.

(3) As a finding may cross various disciplines, so may its CAP. As such, the CA (or individual responsible for CAP receipt) may need to assign:

  1. (a) A multi-disciplinary team to evaluate the CAP; or

  2. (b) Parts of the CAP to different inspectors for evaluation.

(4) The inspector responsible for the acceptance of the CAP shall evaluate it in order to determine that it adequately addresses the non-compliances. Inspectors shall evaluate whether the processes used to develop the CAP are appropriate given the size and complexity of the enterprise.

(5) The CAP shall, at a minimum, include the following as described in the proceeding subsections.

12.2.1 A Factual Review of the Finding

(1) The enterprise shall complete a review of the finding and clearly identify what happened, how widespread it was, where it occurred in the enterprise's system and what type of problem it was (e.g.: policy, process, procedure or culture).

(2) It is not the intent of this section of the CAP form for the enterprise to reiterate the finding. Rather, a factual review of the finding should include:

  1. (a) A description of the relevant factual information related to the finding;

  2. (b) Identification of the enterprise system(s), or portion thereof, that led to the finding and its corresponding non-compliance(s)

  3. (c) Identification of the process(es), procedure(s), practice(s) or culture(s) involved.

12.2.2 A Root Cause Analysis

(1) Within its CAP, the enterprise shall provide the root cause analysis as well as any causal factors that may have contributed to the finding.

(2) In Advisory Circular No. SUR-002, TC explains a root cause analysis and corrective action process to address TCCA findings of non-compliance.

Note 1: An enterprise may provide a summary to the root cause analysis within the CAP form and refer to an attached document, provided with the completed CAP form, which contains the full root cause analysis.

Note 2: An enterprise may identify multiple root causes, each with multiple corrective actions, within a single CAP.

(3) In evaluating the root cause analysis process used by the enterprise, the inspector shall consider:

  1. (a) The process used for the root cause analysis. Even if the enterprise uses a causal analysis method that is not familiar to the inspector (e.g.: MEDA process, “5 Why's”, etc.), the enterprise must demonstrate how they arrived at the root cause. The inspector should be able to clearly understand the logic used by the enterprise to determine what caused the finding to occur and the associated corrective actions.

  2. (b) The considerations used in the conduct of the root cause analysis. Regardless of the process used to conduct the root cause analysis, the enterprise must demonstrate what factors they considered in determining the root cause(s) of the finding and the corrective actions proposed to correct those root causes.

  3. (c) In their root cause analysis, the enterprise should consider such things as:

    1. (i) The system(s), or portion thereof, involved in the finding and its corresponding non-compliance(s).
    2. (ii) The input of the people involved with the system(s), or portion thereof, identified in (i).
    3. (iii) The processes, procedures, forms, templates, training, etc. associated with the system(s), or portion thereof, identified in (i).
    4. (iv) Performance data/history associated with the system(s), or portion thereof, identified in (i).

12.2.3 Proposed Corrective Actions

(1) The enterprise shall provide proposed corrective actions to mitigate the identified root causes, which will usually include both short and long term corrective actions.

(2) A short-term corrective action is intended to correct non-compliance quickly, thus ensuring that compliance is established until long-term action is completed to prevent recurrence of the problem. Short-term corrective actions should be prioritized according to safety risk.

(3) Findings cite all examples of non-compliance observed during a surveillance activity. However, further similar non-compliances may exist that will require the company to conduct a more in-depth review to determine the full extent of the non-compliances prior to implementing short-term corrective action to mitigate them.

(4) Long-term corrective actions may take a more extended time period to fix the system that caused the finding. Long-term corrective actions are taken to prevent recurrence of the causes of the finding, thus addressing the system(s) that caused the finding.

(5) Therefore, a review of corrective actions shall verify that the enterprise has provided:

  1. (a) A detailed description of the short-term action(s) taken (or to be taken) to address the specific examples identified in the finding as well as the review to determine if other examples exist.

  2. (b) A detailed description of the long-term action(s) to be taken to address the root causes determined using the analysis process and correct the system(s) associated with the finding.

    Note: It is not sufficient for the enterprise to merely correct the non-compliance(s); they must address the systems involved in creating the finding in the first place. Therefore, it is expected that an enterprise provide corrective actions for both the specific non-compliance(s) AND the root cause that led to the finding, thus preventing recurrence.

  3. (c) The person(s), within the enterprise, responsible for implementation of the actions.

    Note: The person(s) assigned such responsibility must have the necessary authority and access to resources to effectively complete the identified action(s).

  4. (d) An assessment of any induced hazards or risks associated to the implementation of the corrective action(s) including action(s) to mitigate or eliminate them.

(6) Finally, the order of the proposed corrective actions shall be considered to ensure their proposed sequence of completion is logical. For example, corrective actions of revising training should be followed by delivering the training. Not the other way round.

12.2.4 Implementation Timeline

(1) The CAP shall include timelines for the implementation of each proposed corrective action. The timeline should be aimed at implementing effective corrective actions in the shortest reasonable time period, which should be prioritized according to safety risk.

(2) Inspectors shall confirm that there are due dates, targets and planned follow-up to ensure effectiveness of the proposed corrective actions.

Note: Timelines for CAP completion and surveillance closure are provided in Section 12.5.

12.2.5 Managerial Approval

(1) The CAP shall be approved by an individual within the enterprise's management structure who has the authority to commit the necessary resources required to fulfill the plan.

12.3 CAP Acceptance or Rejection

(1) The role of the inspector responsible for the acceptance of the CAP shall be limited to the evaluation of the process used by the enterprise in reaching conclusions regarding the findings. It is not TCCA's role to provide an enterprise with solutions, but rather to evaluate the process used in developing those solutions to ensure it is clear, logical, addresses all non-compliances with regulatory requirements and makes the necessary corrections to the system deficiencies that led to the finding.

(2) In accepting the CAP, inspectors are confirming that, based on processes used to develop the CAP, the enterprise appears to have provided a reasonable CAP to fix the non-compliances. Such fixes will be verified in accordance with Section 12.4.

(3) The inspector responsible for the evaluation shall have 14 days to accept or reject the proposed CAP.

12.3.1 CAP Accepted

(1) Where evaluation of the CAP finds that it is acceptable, the enterprise shall be advised and the appropriate information (e.g. administrative/on-site verification, proposed completion date) shall be entered on the Corrective Action Form, for the purpose of follow-up. The person responsible for reviewing the CAP may also use functional area databases to track the progress of surveillance follow up.

12.3.2 CAP Rejected

(1) Where evaluation of the CAP finds that it is unacceptable, the inspector shall reject the CAP and return it to the enterprise with a description of the CAP deficiencies. The enterprise shall be required to revise the CAP and return it to TCCA in seven days.

(2) The inspector responsible for the evaluation shall have seven days to accept or reject a CAP amended as described in paragraph (1).

12.3.3 Revised CAP Accepted

(1) Where evaluation of the amended CAP finds that it is acceptable, the process given in Section 12.3.1 shall be followed.

12.3.4 Revised CAP Rejected

(1) Where evaluation of the amended CAP finds that it is unacceptable, the inspector shall inform the CA for appropriate action. To determine the nature of such action, the CA shall collaborate with TCCA regional/HQ management and enforcement personnel. Appropriate action may include any one or combination of the following, which are provided in no particular order:

  1. (a) Provision of another opportunity for the enterprise to revise the CAP.

  2. (b) Enforcement action

    1. (i) For example: the submission of a detection notice to TCCA Enforcement for their processing.

      Note: The Enforcement Action process is described in greater detail in Section 13.

  3. (c) Certificate action

    1. (i) For example: the issuance of a notice of suspension.

      Note: The Certification Action process is described in greater detail in Section 15.

(2) Where the enforcement process is already underway, any information provided by the enterprise for the CAP review phase will not be evaluated by enforcement personnel.

(3) Action(s) taken following the rejection of a CAP more than once will be determined on a case by case basis. The CA shall document the decision to take action and the process used to arrive at said action.

12.4 CAP Verification

(1) Upon acceptance of the CAP, the inspector responsible for verification shall verify that:

  1. (a) Action(s), as stated in the corrective action form, are implemented;

  2. (b) Timelines, as stated in the corrective action form, are adhered to; and

  3. (c) Implemented action(s) are effective in correcting identified root causes.

(2) Progress will be monitored by the inspector as the enterprise completes the specified corrective action(s). This will be accomplished by using the follow-up section on the Corrective Action Form (or applicable functional area database). The form identifies the finding number, the type of follow-up (administrative or on-site) and the date upon which the corrective action was completed.

(3) The determination of whether CAPs shall have administrative or on-site follow-up and the timeframe for the completion of the follow-up shall be made by the CA in collaboration with the inspector. The decision will be indicated on the Corrective Action Form or applicable functional area database.

(4) Where the findings are minor in nature (according to the definition provided in Section 10.2.4) and the enterprise has a proven history of safety and compliance (refer to Section 10.3 (2) (c) and (e)), administrative verification may be approved by the CA. In this case, the inspector shall simply review documentation remotely to ensure all modifications have been made and found acceptable. All other findings require on-site verification to ensure that non-compliances have been rectified and that corrective actions have been implemented and are effective.

(5) Personnel assigned on-site verification responsibilities shall:

  1. (a) Verify that changes required by both short and long term corrective actions are completed.

    1. (i) For example: documents are revised, physical/engineered changes/repairs to equipment, aircraft, structure, etc. are completed.
  2. (b) Review enterprise system information to determine if the long-term corrective action(s) have resulted in updates.

  3. (c) Sample affected system outputs to determine if the long-term action(s) are effective at preventing recurrence (i.e. no new non-compliances similar to those identified in the finding are identified).

    Note: Further detail concerning the development and execution of sampling plans is provided in Sections 8.4.1 and 9.2 respectively.

    Evidence shall be collected to record the completion of sub-paragraphs (a) through (c).

    Where non-compliances not identified in the finding are detected during verification, the inspector shall advise the CA who shall decide upon appropriate action in accordance with the Follow-Up Action Decision Making Framework (Section 10.3).

    Inspectors may use a process inspection to develop a greater understanding of a particular enterprise process that forms part of the system being sampled.

  4. (d) Maintain the follow-up section of the Corrective Action Form and applicable functional area database.

  5. (e) Ensure that all completed Corrective Action forms, together with any supporting evidence, are placed in the applicable enterprise file.

(6) Verification is completed when:

  1. (a) Administrative or on-site follow up has confirmed that all corrective actions:

    1. (i) Have been completed; and

    2. (ii) Are effective at preventing recurrence.

  2. (b) Corrective action status has been recorded in the applicable enterprise file.

(7) Upon completion of verification activities, the inspector shall advise the CA.

(8) Where verification activities find that the corrective actions have been implemented and are effective, the CA shall proceed to close the surveillance activity (Section 12.5).

(9) Where verification activities find that the corrective actions are not being implemented or are not effective, the inspector shall inform the CA for appropriate action. Appropriate action may include:

  1. (a) Request that the enterprise produce another CAP or revise the current one.

  2. (b) Provision of further time for the enterprise to implement corrective action.

  3. (c) Enforcement action

    1. (i) For example: the submission of a detection notice to TCCA Enforcement for their processing.

      Note: The Enforcement Action process is described in greater detail in Section 13.

  4. (d) Certificate action

    1. (i) For example: the issuance of a notice of suspension.

      Note: The Certification Action process is described in greater detail in Section 15.

(10) Action(s) taken following the discovery of incomplete or ineffective corrective actions will be determined on a case by case basis. The CA shall document the decision to take action and the process used to arrive at said action.

12.5 Surveillance Closure

(1) System based surveillance activities (both PVI and assessments) shall be formally closed within 12 months of CAP acceptance.

(2) To enable the CA to close the surveillance activity within the required timeframe, the CAP shall aim at having all corrective action in place within 90 days of acceptance by the applicable inspector.

(3) The CA may elect to require the enterprise to have corrective action(s) in place within less than 90 days in those cases where the finding(s) affect enterprise systems, processes, procedures, etc. such that it may result in a threat to aviation safety.

(4) It is not always possible to meet the deadline of 90 days (e.g. more time is required to implement a corrective action or is required to allow the corrective action to operate such that it can be determined to be effective). As such, special consideration may be required to ensure the surveillance activity is closed in a timely fashion. Therefore, the CA may allow a longer timeframe for completion of corrective action(s) in accordance with the following:

  1. (a) In cases where it is anticipated that the corrective action(s) will take more than 90 days but less than 12 months to complete, the decision to allow such a timeframe with its corresponding logic shall be documented by the CA. A risk assessment should be considered prior to accepting such a CAP.

  2. (b) In cases where it is not possible or reasonable to complete the corrective action(s) within 12 months of acceptance of the CAP, the CA shall escalate the matter to an appropriate executive committee for review.

(5) System based surveillance activities shall be closed by the CA no later than 12 months after CAP acceptance, since the corrective action has either been completed or an appropriate executive committee has provided a decision for moving forward.

(6) Upon meeting all conditions specified above, the CA shall confirm that all follow-up actions have been completed and ensure that the enterprise's file and the functional area database are updated. The CA shall ensure that a letter is forwarded to the enterprise informing it that the surveillance activity is closed.

13.0 ENFORCEMENT ACTION

13.1 General

(1) Enforcement action involves the submission of a detection notice to TCCA Enforcement for their processing in accordance with applicable policies and procedures.

13.2 Submission of Detection Notice to TCCA Enforcement

(1) Where enforcement action is selected as a follow-up process, the appropriate person (e.g. CA, surveillance manager, inspector responsible for follow-up, etc.) shall complete a detection notice for each finding that has been deemed to warrant enforcement action. Wherever possible, the text contained in the finding form shall be used in the detection notice.

(2) CARs cited within the detection notice shall be offence creating provisions, whether they serve as the basis of the finding or quoted within the examples of the finding.

(3) The detection notice, associated finding(s) and supporting evidence shall be forwarded to TCCA Enforcement for action. The person that completed the detection notice shall liaise with TCCA Enforcement to ensure the detection notice is clear, concise and complete.

(4) TCCA Enforcement shall action the detection notice.

(5) The covering letter of the surveillance report shall advise the enterprise that enforcement action is being considered for certain findings (which should be identified in the report) and detection notice(s) have been forwarded to TCCA Enforcement. Providing copies of the detection notice(s) to the enterprise shall be left to the discretion of the CA.

13.3 Verification and Closure

(1) Following the submission of a detection notice to TCCA Enforcement for their processing, TCCA shall ensure that the condition which led to enforcement action no longer exists within the enterprise such that the surveillance activity can be closed. As a CAP is required in all cases where a systems based surveillance activity uncovers non-compliance(s) to regulatory requirements, this shall be performed via the CAP process.

14.0 ENHANCED MONITORING

(1) Enhanced Monitoring (EM) shall be used when an enterprise's compliance and/or safety record would indicate that an increased TCCA presence is needed to:

  1. (a) Oversee an enterprise's return to a state of compliance with regulatory requirements; and

  2. (b) Gain the confidence that the enterprise can adequately maintain compliance with those regulatory requirements.

15.0 CERTIFICATE ACTION

(1) The Aeronautics Act provides the legislative authority for certificate action as specified in sections 6.6 to 7.21 of the Act. It may sometimes be appropriate to take certificate action in respect of a CAD issued to an enterprise, individual, or for an aircraft, airport or other facility, in order to address an unsafe condition. Certificate action in respect of a safety issue may be carried out under the authority conferred on the Minister under:

  1. (a) section 7 of the Act (suspension only for an immediate threat to aviation safety);

  2. (b) section 7.1 of the Act (suspension or cancellation for other reasons);

(2) The mandate of the Minister of Transport and officials in the Department of Transport is to enforce the law and regulations in the interest of public safety (Swanson v. Canada (Minister of Transport), [1992] 1 F.C. 408 (C.A.), at paragraph 27). The Minister “bears a heavy responsibility towards the public to ensure that aircraft and air carrier operations are conducted safely. This is especially so for TCCA inspectors who are in practice charged with the duty of maintaining safety” (Sierra Fox Inc. v. Canada (Minister of Transport), [2007] FC 129, at paragraph 6).

(3) During oversight activities, circumstances that reflect the criteria specified in section 7.1 of the Act may be identified. Through oversight, TCCA inspectors may find that a certificate holder is incompetent, that the CAD holder or aircraft, airport or other facility no longer meets the qualifications or fulfils the conditions of issuance for the CAD, or that the public interest is best served by taking certificate action. Consultation with appropriate Transport Canada management may be required, or prudent, before taking certificate action for the above reasons.

(4) When other less restrictive oversight procedures are inadequate at promoting compliance, certificate action may be necessary and appropriate.

16.0 PROCESS LEVEL SURVEILLANCE

  1. (1) Process level surveillance is far more focused than systems level surveillance. It concentrates on a single process of an enterprise (e.g. technical or operational dispatch, airfield construction control) to determine that the process is achieving its purpose and complying with regulations.

  2. (2) Process level surveillance is intended to determine if the selected enterprise process functions or not. It provides information for TCCA to make decisions about the level of risk associated with an enterprise and potentially to determine whether additional systems level surveillance is required.

  3. (3) Process level surveillance can be used as an unscheduled surveillance activity to gather intelligence on an enterprise or in response to an unforeseen event or issue. It can also be used in support of scheduled surveillance activities both as part of a PVI or assessment or as its own scheduled activity. It should be noted that process level surveillance cannot take the place of systems level surveillance. All enterprises undergo regular systems level surveillance; process level surveillance is merely a tool that can be used in support of this endeavour.

  4. (4) The tool to be used for the conduct of process level surveillance shall be the process inspection.

17.0 PROCESS INSPECTION

17.1 General

  1. (1) A process inspection is a surveillance method that may not require the appointment of a CA, official notification, opening or closing meetings or reports to the enterprise. The enterprise subject to the process inspection shall be briefed on the results and may be issued documentation in the form of a letter, detection notice or finding.

  2. (2) While a process inspection does not always require a CA or team for its conduct, it shall be directed by TCCA management that have the authority to assign tasks to TCCA inspectors. Any TCCA inspector may request to conduct a process inspection. However, it shall be approved by their supervisor prior to its conduct. Where a process inspection is conducted in support of a systems level surveillance activity, the surveillance manager shall approve its conduct.

  3. (3) Approval for the conduct of a process inspection shall be documented. Informal communication, such as an e-mail, is an acceptable way to receive such an approval.

17.2 Initiation

  1. (1) A process inspection shall only be conducted for cause. The initiating cause shall be documented by appropriate TCCA management.

  2. (2) A process inspection may be initiated for a number of reasons, which include, but are not limited to:

    1. (a) In response to an event or change in risk indicator within an enterprise (e.g. a number of CADORS).

    2. (b) In support of a systems level surveillance activity.

    3. (c) To gather safety intelligence (e.g. in support of enforcement/certificate action).

    4. (d) As an unscheduled surveillance activity (e.g. to supplement planned surveillance of an enterprise which has a planned 4-year or 5-year surveillance interval).

17.3 Process Selection

  1. (1) The purpose of a process inspection is to validate if the initiating cause is really a cause for concern to TCCA. To that end, the inspector performing the process inspection shall select a process related to the initiating cause to determine if the process contains any weaknesses which could have led to the event, regulatory non-compliances or safety issues.

  2. (2) In certain cases, the selection of the process which initiated the process inspection will be readily evident. However, in other cases, a certain amount of analysis (Section 17.4) will be required prior to being able to clearly identify the process on which to do the process inspection. In those cases, analysis should focus on the enterprise process(es) associated with the initiating cause. Based on the analysis, the processes involved can be identified and reviewed against the enterprise history to determine which process most likely contributed to the initiating cause.

    Note: There may be more than one process identified as being linked to the initiation of the process inspection. In those cases, a process inspection may need to be conducted on some or all of the processes identified. Where this is the case, management shall be consulted such that they can approve the conduct of multiple process inspections.

17.4 Process Analysis

  1. (1) This includes a thorough review of all information that is relevant to the selected process to develop an understanding of the process. In this regard, it is similar in concept to the conduct of research during systems based surveillance (Section 8.3).

  2. (2) To perform the process analysis, the inspector performing the process inspection shall:

    1. (a) Ensure that all of the enterprise’s documents, such as manuals, to be used during the process inspection are readily available and include the latest approved process related information.

    2. (b) Review the process information in the enterprise’s approved manuals in order to:

      1. (i) Understand how the process works; and

      2. (ii) Verify compliance to the appropriate regulatory requirement(s).

        Note: process information may come from enterprise documentation, records or personnel.

    3. (c) Review the sources of available information relevant to the selected process to include:

      1. (i) Previous assessments, program validation inspections, process inspections or audits including corrective actions and follow-up where applicable;

      2. (ii) Any enterprise documentation TCCA has on file;

      3. (iii) Accident or incident data, including CADORS;

      4. (iv) Previous enforcement or certificate action; and

      5. (v) Exemptions, waivers, approvals, limitations and authorizations.

  3. (3) During the analysis, TCCA materials such as regulatory requirements may also be considered.

17.5 Process Mapping

  1. (1) Based on the analysis completed in 17.4, the inspector performing the process inspection shall develop a process map. The map is a method to show the key process steps in a pictorial format. This format will aid in the process inspection ensuring that all key steps are identified and reviewed.

  2. (2) In developing a process map, the inspector reviews the process documentation and determines the key process steps. Process steps are those which turn inputs into outputs, sometimes called decision points. The process map should make reference by paragraph number to where all the process steps are located.

  3. (3) The number of steps or the degree of detail of the process map is not important, what is important is that the map provides a clear depiction of the process undergoing inspection such that it can be used to determine if the process functions.

  4. (4) Following the development of the process map, the inspector answers the questions who, what, where, when, why and how as well as the people, equipment, environment and materials associated with each process step via making note of:

    1. (a) All action statements as these will become the sources of data.

    2. (b) Personnel associated with or who have responsibilities for the process step.

    3. (c) Specific records, forms or reports that are used along with the identification of the person or place where the records should be available.

    4. (d) Any regulatory requirements associated with the process step.

17.6 On-site Review

  1. (1) Using the process map, inspectors shall proceed on-site to verify if the process functions and complies with regulatory requirements. This shall be achieved through tracing.

  2. (2) Tracing is the method commonly used to follow a process from step to step. It begins with one output (report, meeting minutes, license, etc.) and follows it backwards through the process, essentially using a “reverse engineering” approach. The purpose is to connect each output with the applicable input(s) that created it. This allows the inspector to see how the process was actually used in comparison to how it should be used.

    Note: It is suggested that tracing be done backwards through the process such that the person tracing not make the same type of errors that someone following the process would make. However, should it be easier or more intuitive to trace the process forwards through the process, tracers may do so.

    A process inspection follows a single example of an output of a process. If the process has several outputs, it follows a single example of each. The reason for this is that a process inspection is a tool to verify the functionality of a process and the degree to which it complies with any applicable regulatory requirements. Therefore, sampling is not required.

  3. (3) To begin tracing, the inspector selects a final output and follows its progression through the chosen process.

  4. (4) At each process step, the inspector focuses on validating the answers to the questions answered during the process analysis. The inspector will document (as applicable):

    1. (a) What is observed (e.g. people, equipment, environment and materials associated with each process step)

    2. (b) The source from which the information is gathered (e.g. record reviewed, person interviewed, etc.); and

    3. (c) When, how and by whom process steps are being done.

  5. It is critical to see if all outputs stated are being produced, and are being used as inputs in the following process step. If an output is not being produced or not being used as an input for the next step in the process, the inspector will document the specific example.

17.7 Outcomes

  1. (1) Upon return from the on-site review, the inspector shall consider the following:

    1. (a) Were there any examples of non-compliance(s) observed?

    2. (b) Did the process function as documented?

    3. (c) Did personnel follow the process as documented?

    4. (d) Did the process function in achieving its intended outcomes (i.e. did the process take its inputs and convert them to outputs in the manner intended by the enterprise as described in its documentation)?

  2. (2) Based on this review, a process inspection may result in one of the actions described in the following subsections.

17.7.1 The Process is Functional

  1. (1) In this case, this may lead to the end of the process inspection.

  2. (2) To determine whether the process inspection is complete, the inspector will review the initiating cause of the process inspection. TCCA will terminate the process inspection if the process inspection indicates that:

    1. (a) The process functions;

    2. (b) No non-compliance were observed on-site; and

    3. (c) The initiating cause would appear to be a “one off” type of scenario.

  3. (3) Where the process is found functional and no non-compliances were observed on-site, but a review of the initiating cause indicates that an underlying issue still exists, the inspector may select another, but related, process.

  4. (4) Where it is decided that continuing with the process inspection is warranted, the inspector shall recommend such action to TCCA management for approval.

    Note: This is not to say that process inspections should be conducted until such time that issues are found but rather that process inspections may be an iterative process.

17.7.2 Process-Based Finding

  1. (1) In this case, non-compliance(s) were found. However, they are not severe enough in nature to warrant further surveillance.

  2. (2) The purpose of the finding forms is to communicate to the enterprise that a process within their organization does not function and that it has resulted in non-compliances to regulatory requirements discovered through the process inspection. Finding forms shall be developed and documented in such a manner that they are clear and easily understood by the enterprise so that they can correct the identified process and ensure compliance moving forward.

  3. (3) Finding forms resulting from a process inspection shall be completed in the following manner:

    1. (a) At the top of the Finding Form, the inspector:

      1. (i) Identifies the enterprise; where applicable, the enterprise’s name as found on the Canadian Aviation Document will be used.

      2. (ii) Enters the location of the base or sub-base where the finding applies.

      3. (iii) Enters the enterprise’s TCCA file number.

      4. (iv) Identifies the process against which the finding is being made.

    2. (b) In the “Non-Conformance with” section, the inspector:

      1. (i) Identifies the regulatory requirement to which the process applies.

      2. (ii) If possible, this should be an offence creating provision such that, should follow-up to the process inspection require the use of enforcement action, there will be an appropriate link.

      3. (iii) Where an offence creating provision cannot be found to support the process failure, whichever regulatory requirement applies shall be used.

      4. (iv) The check box, “which states in part”, will be checked when a partial quotation will be used (segmenting), then quote the regulatory requirement word for word, separating segments as necessary with the notation “...” and ensuring that the quotation is relevant.

    3. (c) In the “Examples” section the inspector will provide:

      1. (i) Relevant expectation which was not achieved by the enterprise, if applicable.

      2. (ii) Examples of non-compliance observed during the process inspection. Cite the appropriate CAR and describe the details of the non-compliance(s) (e.g. date, time, circumstance, conditions) and make reference to the evidence that confirms the validity of the non-compliance (all supporting evidence must be appended to the Finding Form).

    4. (d) In the “Corrective Action required by” section, the inspector will:

      1. (i) Check the appropriate box.

      2. (ii) Specify the date/time that corrective action is required by, if applicable.

      3. (iii) Specify the name of the surveillance team member writing the finding and the date the finding was written.

  4. (4) Findings resulting from a process inspection shall not be classified according to the process given in Section 10.2.4.

  5. (5) Follow up to a process-based finding shall take the form of a CAP in accordance with the guidance provided in Section 12, with the differences that:

    1. (a) In reviewing and accepting/rejecting a process-based finding CAP, the inspector shall consider if the proposed CAP corrects the process (not system); and

    2. (b) In verifying that the CAP has been implemented, the inspector shall verify if the corrected process functions via process inspection (i.e. no sampling required).

17.7.3 Recommendation of Systems-Based Surveillance

  1. (1) Where severe non-compliance(s) were found and/or the process inspected was determined to be completely non-functional, TCCA will consider conducting a systems based surveillance activity. This activity will generally take the form of a PVI on the system(s) related to the process inspected.

18.0 INCIDENTAL FINDINGS

  1. (1) During the conduct of a surveillance activity, an inspector or surveillance team may observe non-compliance(s) within an enterprise that do not relate to the scope of the surveillance activity being conducted. Should this situation arise, the inspector or surveillance team may choose to:

    1. (a) In the case of a systems based surveillance activity, revise the sampling plan in consultation with the surveillance manager such that the observed non-compliance(s) becomes part of the scope of the surveillance activity; or

    2. (b) Inform the appropriate principal inspector(s) associated with the enterprise of the observed non-compliance(s) for their action and follow-up.

  2. (2) Should the observed non-compliance(s) become part of a systems based surveillance activity sampling plan, it shall be dealt with using the procedures for a systems based surveillance activity given in this document.

  3. (3) Should the observed non-compliance(s) be given to principal inspector(s), they shall, in consultation with appropriate TCCA management, take the necessary action to mitigate the non-compliance(s).

19.0 PARALLEL FINDINGS

  1. (1) A parallel finding is a finding raised against TCCA by TCCA personnel. Such a finding involves a deficiency in, or the misapplication of, Civil Aviation regulatory requirements or non-regulatory policies, procedures or guidelines.

  2. (2) Should surveillance team members become aware of a parallel finding through the conduct of a surveillance activity, they shall report it to the surveillance manager, who will in turn inform the CA.

  3. (3) Parallel findings shall be documented using a Parallel Finding Form, which shall include:

    1. (a) A description of the deficiency or misapplication that resulted in the finding; and

    2. (b) Examples that support the finding.

  4. (4) The CA shall forward the parallel finding to the appropriate responsible office:

    1. (a) Where the parallel finding represents an issue within an operational group, the CA shall forward the parallel finding to the appropriate TCCA Director, along with a copy to Standards Branch; and

    2. (b) Where the parallel finding represents a national issue, the CA shall forward the parallel finding to the Standards Branch.

  5. (5) The responsible office shall assign an appropriate OPI for coordination and follow-up of the parallel finding.

20.0 INFORMATION MANGEMENT

  1. (1) Not applicable.

21.0 DOCUMENT HISTORY

  1. (1) Not applicable as this is issue 01.

22.0 CONTACT OFFICE

For more information, please contact the:

Chief, Technical Program Evaluation & Coordination (AARTT)

Phone: 613-952-7974
Fax: 613-952-3298
E-mail: services@tc.gc.ca

David White
Acting Director, Standards
Civil Aviation
Transport Canada

Appendix A—Safety management system framework

  1. (1) The following table outlines the SMS framework and follows the same structure as the TC SMS model, which is outlined in AC 107-001 - Guidance on Safety Management Systems Development. It has six components and corresponding elements.

SMS Framework

Component Element

1. Safety Management Plan

1.1. Safety Policy

1.2 Non-Punitive Safety Reporting Policy

1.3 Roles, Responsibilities

1.4 Communication

1.5 Safety Planning

1.6 Performance Measurement

1.7 Management Review

2. Documentation

2.1 Identification and Maintenance of Applicable Regulations

2.2 SMS Documentation

2.3 Records Management

3. Safety Oversight

3.1 Reactive Processes - Reporting

3.2 Proactive Processes – Hazard Identification

3.3 Investigation and Analysis

3.4 Risk Management

4. Training

4.1 Training, Awareness and Competence

5. Quality Assurance

5.1 Quality Assurance

6. Emergency Preparedness

6.1 Emergency Preparedness and Response

Appendix B—Expectations

  1. (1) Expectations define the intent of regulatory requirements. Expectations are not regulations and cannot be treated as such.

  2. (2) The acronyms used for scoring level are as follows:

    Not documented/implemented = NDI
    Partially documented/implemented = PDI
    Compliant = C
    Exceeds compliance = EC
    Best practices = BP

C.1. SMS surveillance worksheets

Score Expectations

1. Safety Management Plan – 1.1 Safety Policy

Not in Compliance

NDI

Senior Management does not demonstrate commitment to an SMS. Safety policies are not well developed and most personnel are not involved in SMS.

PDI (C) less some aspects

In Compliance

C
  1. A. A safety policy is in existence, followed and understood.

  2. B. The organization has based its safety management system on the safety policy and there is a clear commitment to safety.

  3. C. The safety policy is agreed to and approved by the accountable executive.

  4. D. The safety policy is promoted by the accountable executive.

  5. E. The safety policy is reviewed periodically for continuing applicability.

  6. F. The safety policy is communicated to all employees with the result that they are made aware of their safety obligations.

  7. G. The policy is implemented at all levels of the organization.

EC All of (C) plus some aspects of (BP)
BP

All of (C), plus all of the following:

  • The Safety policy clearly describes the organization’s safety objectives, management principles and commitment to continuous improvement in the safety level.

  • The policy is included in key documentation and communication media.

  • All levels of management clearly articulate the importance of safety when addressing company personnel.

  • Management has a clear commitment to safety and demonstrates it through active and visible participation in the safety management system.

  • Management makes the policy clearly visible to all personnel and particularly throughout the safety critical areas of the organization.

  • The safety policy contains a commitment by the organization’s management to the development and ongoing improvement of the safety management system.

  • Safety policy objectives drive the organization’s mission statements.

  • The organization’s goals are linked to the safety policy objectives.

Score Expectations

1. Safety Management Plan – 1.2 Non-Punitive Safety Reporting Policy

Not in Compliance

NDI Safety-related reports or inadvertent errors result in punitive action being taken against individuals.
PDI (C) less some aspects
In Compliance
C
  1. A. There is a policy in place that provides immunity from disciplinary action for employees that report, hazards, incidents or accidents.

  2. B. Conditions under which punitive disciplinary action would be considered (e.g. illegal activity, negligence or wilful misconduct) are clearly defined and documented.

  3. C. The policy is widely understood within the organization.

  4. D. There is evidence that the organization is applying the policy.

EC All of (C) plus some aspects of (BP)
BP

All of (C), plus all of the following:

  • Personnel express confidence and trust in the policy.

  • The Policy is applied throughout certificated and non-certificated areas of the organization.

  • The organization has letters/Memoranda of Understanding (MOU) between employees and/or third party contractors and management. The purpose of these letters is to document the disciplinary policy, and the manner in which it will be implemented.

Score Expectations

1. Safety Management Plan – 1.3 Roles and Responsibilities

Not in Compliance
NDI

No formal designation of authorities, responsibilities and accountabilities for the safety management system exists. A management representative has not been appointed to ensure the SMS is implemented. Safety mandates are not widely disseminated and personnel’s awareness of their role in the SMS is limited.

PDI (C) less some aspects
In Compliance
C
  1. A. There are documented roles and responsibilities and accountabilities for the accountable executive and evidence that the SMS is established, maintained and adhered to.

  2. B. The accountable executive demonstrates control of the financial and human resources required for the proper execution of his/her SMS responsibilities.

  3. C. A qualified person has been appointed, in accordance with the regulation, and has demonstrated control of the SMS.

  4. D. The person managing the operation of the SMS fulfils the required job functions and responsibilities.

  5. E. Safety authorities, responsibilities and accountabilities are transmitted to all personnel.

  6. F. All key personnel understand their authorities, responsibilities and accountabilities in regards to all applicable processes, decisions and actions.

EC All of (C) plus some aspects of (BP)
BP

All of (C), plus all of the following:

  • Safety authorities, responsibilities and accountabilities are reviewed prior to any significant organizational change.

  • Safety authorities, responsibilities and accountabilities of all personnel and third parties are defined and documented in job descriptions.

  • There is clear evidence that the accountable executive not only understands that he or she has ultimate responsibility for safety within the organization, but that he or she demonstrates this commitment on a daily basis.

  • There are documented organizational diagrams, where applicable, and job descriptions for all personnel including non-certificated personnel.

  • Key safety activities are clearly described in senior management duties and responsibilities and incorporated into performance agreements.

  • There is evidence that senior management recognizes the significance of contributions from all levels of the organization and has a mechanism for acknowledging those contributions.

  • Employee involvement and consultation arrangements are documented.

Score

Expectations

1. Safety Management Plan – 1.4 Communication

Not in Compliance

NDI

The general exchange of information throughout the organization does not permit the system to function effectively. The organizational communication network does not include all personnel, out-stations and outsource functions.

PDI

(C) less some aspects

In Compliance

C

  • There are communication processes in place within the organization that permit the safety management system to function effectively.

  • Communication processes (written, meetings, electronic, etc.) are commensurate with the size and complexity of the organization.

  • Information is established and maintained in a suitable medium.

  • There is a process for the dissemination of safety information throughout the organization and a means of monitoring the effectiveness of this process.

EC

All of (C) plus some aspects of (BP)

BP

All of (C), plus all of the following:

  • Communications related to safety and quality issues are two way and applied across certificated, non-certificated and third parties.

  • There exists a formal means of communicating with experts in SMS so that personnel can easily and quickly obtain advice. The documentation should indicate where these experts could be located.

  • All personnel are informed as to who is their primary contact for safety related matters.

  • There is a communication strategy that might include electronic or web-based communications, frequent meetings, SMS bulletins, communication frequencies, audience targeting and status updates.

  • There is a documented process to review the effectiveness of communications.

  • There is a process for sharing safety-related information with outside sources that might be impacted by this information.

Expectations
1. Safety Management Plan – 1.5 Safety Planning
Not in Compliance
NDI Safety objectives are poorly defined and/or not communicated. Resources are not allocated for achieving objectives.
PDI (C) less some aspects
In Compliance
C A. Safety objectives have been established utilizing a safety risk profile that considers hazards and risks.
B. Objectives and goals are consistent with the safety policy and their attainment is measurable.
C. Safety objectives and goals are reviewed and updated periodically.
D. There is a documented process to develop a set of safety goals to achieve overall safety objectives.
E. Safety objectives and goals are documented and publicized.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • Safety objectives are based on a safety risk profile that includes all areas of the organization (certificated, non-certificated and third parties).
  • The organization has a process for analyzing and allocating resources for achieving their objectives and goals.
  • Safety objectives have been established utilizing a safety risk profile that considers:
    • hazards and risks;
    • financial, operational and business requirements;
    • views of interested parties; and
    • industry-wide safety risk profile.
  • Objectives and goals are documented and publicized throughout non-certificated parts of the organization and to third parties.

 

Score Expectations
1. Safety Management Plan – 1.6 Performance Measurement
Not in Compliance
NDI Safety performance measures have not been established.
PDI (C) less some aspects
In Compliance
C A. There is a documented process to develop and maintain a set of performance parameters that are linked to the organization’s goals and objectives.
B. Procedures have been established and maintained to monitor and measure safety performance on a regular basis.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • Performance measurements have been defined for serious safety risks identified on the safety risk profile.
  • Performance measurements have been defined for each and every critical operational process and procedure such as Flight Data Monitoring Program (FDMP).
  • The analysis and allocation of resources are based on outputs from the performance measurement.
  • Personnel at all levels are aware of the safety performance measures in their areas of responsibility and the results of performance measures are transmitted to them.

 

Score Expectations
1. Safety Management Plan – 1.7 Management Review
Not in Compliance
NDI The process for conducting reviews of the safety management system is based on event response rather than on a periodic, scheduled basis.
PDI (C) less some aspects
In Compliance
C

A. There are periodic, planned reviews and reviews for cause of the company’s safety management system to ensure its continuing adequacy and effectiveness as well as a review of company safety performance and achievement.
B. The safety management system review includes:

  • Internal audit results;
  • Activities to verify that employees understand the SMS and their role and responsibilities in it;
  • Safety objective achievement results;
  • Hazards and occurrence investigation and analysis results;
  • Internal/external feedback analysis and results;
  • Status of corrective and preventive action(s);
  • Follow-up actions from previous management reviews;
  • Changes that could affect the SMS;
  • Recommendations for improvement; and
  • Sharing of best practices across the organization.

C. There is a documented procedure defining responsibilities and requirements for planning and conducting internal audits of:

  • management policies, controls and procedures concerning all safety critical activities; and
  • the implementation and maintenance of SMS requirements established by the organization.

D. There is a process to evaluate the effectiveness of corrective actions resulting from management review.

EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The organization has established a structured committee or board, appropriate for the size and complexity of the organization, consisting of a full range of senior management representatives including certificated, non-certificated and third parties that review the management review report.
  • The organization compares its SMS against other organizations and is an active proponent of SMS within the aviation industry.
  • The management review committee makes recommendations to the accountable executive related to:
    • the improvement and effectiveness of the SMS;
    • the initiation and implementation of safety policy and actions across the organization; and
    • allocation of resources needed to achieve objectives.
  • Management review decisions are explained to employees to demonstrate how the review process leads to new objectives that will benefit the organization.
  • Management review results are used by the accountable executive as input to the improvement processes.

 

Score Expectations
2. Documentation – 2.1 Identification and Maintenance of Applicable Regulations
Not in Compliance
NDI There is no system for the identification and maintenance of applicable regulations.
PDI (C) less some aspects
In Compliance
C

A. The organization has established, maintained and adhered to documentation requirements applicable to the certificate(s) held, as required by the CARs.
B. A documented procedure has been established and maintained for identifying applicable regulatory requirements.
C. Regulations, Standards and exemptions are periodically reviewed to ensure that the most current information is available.

EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • All pertinent technical and regulatory information is readily accessible by personnel.
  • The organization has defined specific triggers that would lead to a review of the company documentation.
  • The organization actively participates in regulatory development activities and anticipates the introduction of new requirements (Notice of Proposed Amendments, CARAC Technical Committee Meetings, etc.).

 

Score Expectations
2. Documentation – 2.2 SMS Documentation
Not in Compliance
NDI SMS documentation is incomplete and maintenance procedures are not well established.
PDI (C) less some aspects
In Compliance
C A. There is controlled documentation that describes the SMS and the interrelationship between all of its elements.
B. Documentation is readily accessible to all personnel.
C. There is a process to periodically review SMS documentation to ensure its continuing suitability, adequacy and effectiveness, and that changes to company documentation have been implemented.
D. There are acceptable means of documentation, including but not limited to, organizational charts, job descriptions and other descriptive written material that defines and clearly delineates the system of authority and responsibility within the organization for ensuring safe operation.
E. The organization has a process to identify changes within the organization that could affect company documentation.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The consolidated documentation is readily accessible by all, including third parties.
  • There is evidence that the company has analyzed the most appropriate medium for the delivery of documentation at both the corporate and operational levels.
  • There is evidence that the company has analyzed all areas of the company including non-certificated areas and provided documentation that is integrated and appropriate for the company as a whole.

 

Score Expectations
2. Documentation – 2.3 Records Management
Not in Compliance
NDI There are no processes in place for managing SMS output.
PDI (C) less some aspects
In Compliance
C A. The organization has a records system that ensures the generation and retention of all records necessary to document and support the regulatory requirements.
B. The system shall provide the control processes necessary to ensure appropriate identification, legibility, storage, protection, archiving, retrieval, retention time, and disposition of records.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The organization has a policy that defines how long records that are not specifically required by regulations are kept.

 

Score Expectations
3. Safety Oversight – 3.1 Reactive Processes – Reporting
Not in Compliance
NDI The reporting processes do not ensure the capture of internal information, nor do they promote voluntary reporting of observed occurrences or deficiencies. Reports are not reviewed at the appropriate level of management.
PDI (C) less some aspects
In Compliance
C A. The organization has a process or system that provides for the capture of internal information including hazards, incidents and accidents and other data relevant to SMS.
B. The reactive reporting system is simple, accessible and commensurate with the size and complexity of the organization.
C. Reactive reports are reviewed at the appropriate level of management.
D. There is a feedback process to notify contributors that their reports have been received and to share the end results of the analysis.
E. There is a process in place to monitor and analyze trends.
F. Corrective actions are generated and implemented to respond to event analysis.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The organization has a process in place to ensure confidentiality when requested.
  • The range and scope of safety-related occurrences or deficiencies that must be reported by employees are explained and defined.
  • There is evidence that personnel are encouraged and supported to suggest corrective actions when submitting a report.
  • There is a process to ensure that information is received from all areas of the organization including certificated, non-certificated and third parties.
  • There is a process to share safety reports and other analyses with report submitters.
  • The feedback process provides an opportunity for report submitters to indicate whether they are satisfied with the response.

 

Score Expectations
3. Safety Oversight – 3.2 Proactive Process – Hazard Identification
Not in Compliance
NDI The existing procedures do not promote the generation of safety data other than on a reactive basis.
PDI (C) less some aspects
In Compliance
C

A. The organization has a proactive process or system that provides for the capture of information identified as hazards and other data relevant to SMS and develops a hazard register.
B. The proactive reporting process is simple, accessible and commensurate with the size and complexity of the organization.
C. Proactive reports are reviewed at the appropriate level of management.
D. There is a feedback process to notify contributors that their proactive reports have been received and to share the end result of the analysis.
E. There is a process in place to monitor and analyze trends.
F. Corrective actions are generated and implemented in response to hazard analysis.
G. The organization has planned self-evaluation processes, such as regularly scheduled reviews, evaluations, surveys, operational audits, assessments, etc.
H. The organization conducts hazard analyses and builds a safety case for changes that may impact their operations for example:

  • introduction of new aircraft type;
  • change in route structures;
  • change in key personnel;
  • mergers; and
  • management/bargaining agent agreements.

I. The organization has a clearly defined interval between hazard analyses.
J. The organization will develop a safety risk profile that prioritizes hazards listed on the hazard register.

EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The organization has a process in place to ensure confidentiality when required.
  • The range and scope of safety-related hazards that must be reported are explained and defined.
  • All proactive reports are subjected to a risk analysis process to determine their level of priority on the safety risk profile and the extent of further action.
  • The organization has identified multiple sources of information for hazard identification that includes all areas of the organization, such as line management judgment, workplace opinions, minutes of safety meetings, audit reports, flight data monitoring programs (FDMP), Line Operations Safety Audits (LOSA).
  • There is evidence that industry data such as a generic industry wide safety risk profile (from sources such as the Aviation Safety Reporting System, the Securitas TSB reporting system) is considered in the hazard identification process.
  • There is evidence that the organization actively seeks information related to safety from outside sources and utilizes that information in its normal business practices.
  • There is a process to ensure that data is received from all areas of the organization including certificated, non-certificated and third parties.

 

Score Expectations
3. Safety Oversight – 3.3 Investigation and Analysis
Not in Compliance
NDI The organization does not routinely conduct investigation and analysis of safety-related occurrences and deficiencies.
PDI (C) less some aspects
In Compliance
C A. There are procedures in place for the conduct of investigations.
B. Measures exist to ensure that all reported hazards, incidents and accidents are reviewed and, where required, investigated.
C. There is a process to ensure that hazards, incidents and accidents are analyzed to identify contributing and root causes.
D. When identifying contributing and root causes, the organization considers individual human factors, the environment, supervision and organizational elements.
E. The organization has a staff of competent investigators commensurate with its size and complexity.
F. Results of the analysis are communicated to the responsible manager for corrective action and to other relevant managers for their information.
G. There is a process to capture information from an investigation that can be used to monitor and analyze trends.
H. There is evidence that the organization has made every effort to complete the investigation and analysis process in the established timeframe.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • There is evidence that the organization analyses other types of safety reports received from sources such as the environment, occupational health and safety and third party contractors that may have an impact on aviation safety.
  • There is evidence that third party stakeholders have been consulted during the root cause analysis process for example, manufacturers, suppliers and distributors.
  • The organization provides support to third party stakeholders in the conduct of investigation and analyses of hazards, incidents and accidents outside of the scope of the operating certificate held.

 

Score Expectations
3. Safety Oversight – 3.4 Risk Management
Not in Compliance
NDI The organization does not have a process for evaluating and managing risks.
PDI (C) less some aspects
In Compliance
C A. There is a structured process for the management of risk that includes the assessment of risk associated with identified hazards, expressed in terms of severity and probability of occurrence and, where applicable, the level of exposure.
B. There are criteria for evaluating the level of risk and the tolerable level of risk the organization is willing to accept.
C. The organization has risk control strategies that include risk control, risk acceptance, risk mitigation, risk elimination and where applicable a corrective action plan.
D. Corrective actions resulting from the risk assessment, including timelines, are documented.
E. The organization has a process for evaluating the effectiveness of the corrective actions.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The organization uses its risk management results to develop best practice guidelines that it shares with the industry.
  • The results of the risk management program are built into the organization’s methods and procedures.

 

Score Expectations
4. Training – 4.1 Training, Awareness and Competence
Not in Compliance
NDI Training requirements are not documented, nor does the organization incorporate SMS training into indoctrination training.
PDI (C) less some aspects
In Compliance
C A. There is a documented process to identify training requirements so that personnel are competent to perform their duties.
B. There is a validation process that measures the effectiveness of training.
C. Training includes initial, recurrent and update training, as applicable.
D. The organization’s safety management training is incorporated into indoctrination training upon employment.
E. Training includes human and organizational factors.
F. There is emergency preparedness and response training for affected personnel.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • Training requirements are documented for each area of activity within the organization, including non-certificated areas where training requirements are not defined by regulations. The attendance at symposia should also be considered.
  • Training is provided for all employees.
  • Training is provided for third party contractors working in activities related to the company’s operation.
  • A training file is developed for each employee, including management, to assist in identifying and tracking employee training requirements and verifying that personnel have received the planned training.
  • Employees have a mechanism to request additional SMS training in relation to their role in the SMS.
  • Management recognizes and uses informal opportunities to instruct employees on safety management.
  • Training exercises and methods for all employees is kept current to reflect new techniques, technologies, results of investigations, corrective actions and regulatory changes.

 

Score Expectations
5. Quality Assurance – 5.1 Quality Assurance
Not in Compliance
NDI The organization does not perform audits of its processes at the operational level.
PDI (C) less some aspects
In Compliance
C

A. A quality assurance program is established and maintained, and the program is under the management of an appropriate person.
B. There exists an operationally independent audit function with the authority required to carry out an effective internal evaluation program.
C. The organization conducts reviews and audits of its processes, its procedures, analyses, inspections and training.
D. * The organization has a system to monitor for completeness the internal reporting process and the corrective action completion.*
E. The quality assurance system covers all functions defined within the certificate(s).
F. There are defined audit scope, criteria, frequency and methods.
G. A selection/training process to ensure the objectivity and competence of auditors as well as the impartiality of the audit process.
H. There is a procedure to record verification of action(s) taken and the reporting of verification results.
I. * The organization performs a periodic Management review of safety critical functions and relevant safety or quality issues that arise from the internal evaluation program.*
J. There is a documented procedure for reporting audit results and maintaining records.
K. There is a documented procedure outlining requirements for timely corrective and preventive action in response to audit results.
L. There is evidence that the quality assurance program has itself been subjected to internal audits.
M. Competence to perform duties is evaluated.

* These expectations are only applicable to organizations with an SMS.*

EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • Audit scope, frequency and criteria are based on the status and importance of the processes and areas to be audited and results of previous audits.
  • Input from the area to be audited, as well as from other interested parties is considered in the development of internal audit plans.
  • The audit report recognizes excellence to provide opportunities for recognition by management and motivation of people.
  • Evidence exists that the organization encourages the development of a robust audit program and is committed to improving its performance based on the program’s outputs.
  • Where contracted functions exist, the organization performs a quality assurance review on those functions.

 

Score Expectations
6. Emergency Preparedness – 6.1 Emergency Preparedness and Response (EPR)
Not in Compliance
NDI The organization does not have a documented emergency preparedness policy. Roles and responsibilities in the event of an accident are poorly defined.
PDI (C) less some aspects
In Compliance
C A. The organization has an emergency preparedness procedure appropriate to the size, nature and complexity of the organization.
B. The emergency preparedness procedures have been documented, implemented and assigned to a responsible manager.
C. The emergency preparedness procedures have been periodically reviewed as a part of the management review and after key personnel or organizational changes.
D. The organization has a process to distribute the Emergency Response Plan (ERP) procedures and to communicate the content to affected personnel.
E. The organization has conducted drills and exercises with all key personnel at intervals defined in the approved control manual.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The organization has Memoranda of Understanding (MOU) or agreements with other agencies for mutual aid and the provision of emergency services.
  • The organization has a designated command post where the overall coordination and general direction of the response to an emergency takes place.
  • A procedure exists for recording activities during an emergency response.

C.2. Non-SMS surveillance worksheets

Flight Training Unit Control of Operations and Training (CAR 406)
Score Expectations
Not in Compliance
NDI The enterprise has not documented and not implemented flight training unit control of operations and training systems or the systems do not exist.
PDI (C) less some aspects
In Compliance
C

A. An Operational Control system is implemented.
B. The organization ensures the qualifications of training personnel.
C. The organization ensures the quality and content of all ground and flight training programs.
D. The organization controls all publications, documents and records for the flight training program.
E. * The organization ensures that information about its operational bases is current and accurate.*

*These expectations are only applicable to organizations with an integrated course or sub-bases.*

EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • A quality assurance program is applied to control operations and training.
  • The organization is proactive in the use of information to improve the quality of instruction, including flight test, written exam results and instructor monitoring.
  • There is a documented training program for all employees.
  • There is an operation manual and training manual for the entire flight school.
  • Safety standards exceed requirements and are disseminated throughout the organization.
  • Reporting system exceeds requirements and safety critical information shared across the organization in a timely manner.
  • Safety authorities, responsibilities and accountabilities are reviewed after any significant organizational change.

 

Control of Operations (CAR 703/704)
Score Expectations
Not in Compliance
NDI Control of operations is not documented and not implemented or the system does not exist.
PDI (C) less some aspects
In Compliance
C A. The Operations Manager exercises control of operations and operational standards of all aircraft operated, and over the contents of the air operator's Company Operations Manual.
B. The Operations Manager identifies and coordinates functions which impact on operational control, including maintenance, crew scheduling, load control, equipment scheduling.
C. The Air Operator has documented organizational diagrams and job descriptions illustrating a logical flow within organizational authorities, responsibilities and accountabilities.
D. The Operations Manager supervises and organizes the function and manning of flight operations, cabin safety, crew scheduling and rostering, training programs, and flight safety.
E. The Operations Manager ensures that crew scheduling complies with flight and duty time regulations, and that all crew members are kept informed of any changes to the regulations and standards.
F. The Operations Manager disseminates aircraft safety information, both internally and externally.
G. The Air Operator employs qualified crew members applicable to the area of operation and the type of operation, and the Operations Manager ensures that flight crew are qualified.
H. The Chief Pilot has developed standard operating procedures, as applicable.
I. The Chief Pilot ensures the operational suitability of all aerodromes and routes served by the air operator.
J. The air operator ensures that aircraft are properly equipped for the area of operation and the type of operation.
K. Chief Pilot has established and maintained a ground and flight training program, as well as records for each person who is required to receive training.
L. The flight following system monitors the flight's progress, including any intermediate stops, there is a procedure for dealing with missing or overdue aircraft, and the pilot-in-command is responsible for Flight Watch.
M. A qualified flight follower is on duty or available, when required (e.g. IFR and VFR at night), and that person is qualified and knowledgeable in the air operator's flight alerting procedures.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • Safety authorities, responsibilities and accountabilities are reviewed after any significant organizational change.
  • The organization’s operational control system is functioning at a higher level than required by the regulations (i.e. any element exceeding the minimum regulations).
  • The organization has the ability to communicate directly and continuously with their aircraft through the use of additional technology (e.g. ACARS, satellite phones, etc.).
  • The organization provides training additional to the required standards (e.g. dispatch training, SMS training).
  • The operator uses approved operational flight plan documentation regardless of flight stage lengths.
  • There are clear definitions of additional authorized activities.
  • The organization has established safety standards that exceed regulatory requirements and has disseminated them across the company (e.g. 703 / 704 established functional Ground Icing Program).
  • A reporting system has been established to ensure that safety critical information is shared across the organization.

 

Delegate’s Obligations (STD 505)
Score Expectations
Not in Compliance
NDI The delegate does not have the systems in place to meet the regulatory obligations.
PDI (C) less some aspects
In Compliance
C A. Delegates demonstrate that they remain knowledgeable in their specialty, and that they are actively exercising their delegated privileges.
B. The Delegate has a documented airworthiness control system that is being used and found to be effective in ensuring that all data that is approved or recommended for approval fully complies with the applicable standards of airworthiness.
C. The Delegate has Self Audit procedures in place to ensure the Design Approval Organization or Airworthiness Engineering Organization complies with regulatory and document requirements, in accordance with their approved Manuals.
D. Delegate’s approved manual is current and reflects published regulatory and guidance material.
E. Delegates exercise their privileges in accordance with their Approved Procedures Manual.
F. The Delegates fulfill their obligations by preparing data that shows compliance with applicable airworthiness standards.
G. The Delegate has adopted and adheres to LOI principles when planning and conducting certification activities.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • With regards to DAR, the delegate has adopted a quality assurance program that documents procedures for product and process control related to airworthiness and certification activities.
  • The delegated organization has a succession plan for authorized persons that includes active mentoring, and is reviewed regularly.
  • The Delegate has documented a training program that includes developmental and recurrent training.

 

European Aviation Safety Agency (EASA) Supplement
Score Expectations
Not in Compliance
NDI The Approved Maintenance Organization does not have the systems in place to meet the regulatory obligations.
PDI (C) less some aspects
In Compliance
C A. The EASA Supplement Statement is current, signed by the Accountable Manager and incorporated into the organization’s Maintenance Policy Manual;
B. The organization has a system in place to ensure that Airworthiness Directives and other notified mandatory instructions applicable to specific EASA-National Airworthiness Authorities (EASA-NAA) for components or aircraft covered by the supplement are identified by the client, accessible, addressed and documented;
C. Major repairs and alterations are carried out in accordance with the specific EASA-NAA requirements;
D. The organization has procedures for maintenance release of aircraft and components covered by the supplement, including TCCA Form One completion;
E. All parts used during maintenance & alteration meet EASA certification requirements;
F. The Quality Assurance System meets the requirements of the CAR and EASA special conditions, and includes independent internal audits, scheduled intervals, report and finding generation, corrective actions and follow up;
G. Serious defects are reported to EASA and to the European Customer;
H. EASA-approved line maintenance bases located in Canada are identified in the supplement along with their associated capabilities.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The organization regularly monitors EASA and member state upcoming regulatory changes e.g.: NPAs
  • The organization reviews EASA and member state Airworthiness Directive listings applicable to aviation products which they perform maintenance upon on a regularly scheduled basis, and;
  • The organization submits an application for renewal of its EASA approval in advance of the expiry date which takes into consideration processing time of the application.

 

Design Approval Document Holder responsibilities
Score Expectations
Not in Compliance
NDI The design approval document holder responsibilities and associated systems are not documented and not implemented or the responsibilities and systems do not exist.
PDI (C) less some aspects
In Compliance
C A. The holder has or has access to the Technical capability to conduct design analysis and tests in order to develop the data required to maintain the aeronautical product in an airworthy condition.
B. There is an established Service Difficulty Reporting System.
C. There are documented processes to address Mandatory Changes / Airworthiness Directives
D. There are documented processes to address Transfers.
E. There are clear procedures for the handling of Records.
F. There are processes for development, distribution and maintenance of Manuals, Instructions for Continued Airworthiness.
G. There are processes for development, distribution and maintenance of Supplemental Integrity Instructions of aeroplanes.
H. The holder has a methodology to determine the extent of a design change and the methodology to manage the change.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • There are criteria to determine competencies of staff or external vendors involved in design activities.
  • SDR System has an effective follow up process, well maintained, and timely that assure proactive approach of reporting defects being brought forward and addressed in the new design if systemic trends were found.
  • There is an effective voluntary and proactive CAP program to correct design deficiencies that goes beyond mandatory changes.
  • There are records of design data and manuals submitted to foreign owners, operators and maintainers of your products.
  • There is a safety assessment process resulted from continued airworthiness activities that is reflected on final design.
  • Holder has a system to receive service history and inspection reports related to CAW of aging aircraft to insure an acceptable level of safety.
  • Lessons learned from AD , SDR and design changes that may reveal systemic trend are addressed in product development or new design.

 

Heliport Operator’s Obligations
Score Expectations
Not in Compliance
NDI The Approved Heliport Operator does not have the systems in place to meet the regulatory obligations.
PDI (C) less some aspects
In Compliance
C A. The heliport operator ensures that information in aeronautical information publications is current and accurate;
B. The heliport operator has a system to ensure that changes in heliport conditions and level of service status are reported without delay to the Minister, aeronautical information services, air traffic services and flight service stations for arriving and departing aircraft;
C. The heliport operator has a system to identify, notify and control obstructions or hazardous conditions affecting aviation safety at or in the vicinity of the heliport;
D. A maintenance program including preventive maintenance where appropriate is established at the heliport to maintain facilities in a condition that does not impair the safety, regularity or efficiency of air navigation;
E. An emergency plan for heliport is developed in consultation with users such as air operators and community organizations that may be involved in such emergency operations, and;
F. The heliport operator ensures that the contents of its approved Operator Manual remains current, accurate, continues to meet regulatory requirements and the heliport is operated in accordance with the approved manual.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • The description of the heliport operational procedures include regularly scheduled inspections of the TLOF and FATO, which are supported by documentation.
  • The heliport operator has a system to assess and incorporate industry safety practice information obtained through attendance of training and information sessions, forums, congresses, symposia, seminars and meetings of any kind into their operation;
  • The heliport operator ensures that a documented and systematic review of Advisory Circulars, National Regulatory Exemptions, Guidelines and best practices of other organizations for applicability to their operation is completed and documented, and implements changes pertinent to that review, and;
  • The heliport operator ensures that the management of safety issues are addressed in leases and operational agreements of their suppliers for activities that could impact operational safety.

APPENDIX C—SCORING PROCEDURES

C.1. Score Assignment

(2) When assigning a score, the surveillance team shall consider whether the enterprise’s systems meet the established expectations. The surveillance team shall consider all of the expectations included as part of the sampling plan and apply the scoring criteria given in Section 10.5 to determine the appropriate score. The table combines all the expectations and separates them into compliance and best practices for scoring purposes.

Note

The acronyms used for scoring level are as follows:

  • Not documented/implemented = NDI
  • Partially documented/implemented = PDI
  • Compliant = C
  • Exceeds compliance = EC
  • Best practices = BP
Score Level Expectations
Not in Compliance
NDI Safety-related reports or inadvertent errors result in punitive action being taken against individuals.
PDI (C) less some aspects
In Compliance
C A. There is a policy in place that provides immunity from disciplinary action for employees that report hazards, incidents or accidents.
B. Conditions under which punitive disciplinary action would be considered (e.g. illegal activity, negligence or wilful misconduct) are clearly defined and documented.
C. The policy is widely understood within the organization.
D. There is evidence that the organization is applying the policy.
EC All of (C) plus some aspects of (BP)
BP All of (C), plus all of the following:
  • Personnel express confidence and trust in the policy. The policy is applied throughout certificated and non-certificated areas of the organization.
  • The organization has letters/Memoranda of Understanding (MOU) between employees and/or third party contractors and management. The purpose of these letters is to document the disciplinary policy, and the manner in which it will be implemented.

(3) To assign a component score of compliant, the surveillance team must verify that all the associated elements meet the regulatory requirement (i.e. score of compliant or more). If one or more elements of the component received a score of partially documented/implemented, the component score will be partially documented/implemented or lower.

(4) To assign a component score of exceeds compliance, the surveillance team must verify that all the associated elements meet the regulatory requirements and clearly demonstrate that the elements interact effectively between each other.

(5) A component can receive a score of best practices only if all of its elements have been assigned a score of best practices individually.

C.2. Failure to achieve a score of compliant

(1) Should an enterprise fail to achieve a score of compliant, findings shall be issued in accordance with the procedures provided in Section 10.2.

C.3. Failure to achieve a Score of exceeds compliance or best practices

(1) For those enterprises that have elected to use best practices during their surveillance activity and where TCCA has determined that the enterprise meets compliance expectations but has minor or moderate findings against best practices, a Continuous Improvement Finding (CIF) may be issued at the discretion of the CA.

(2) An enterprise may choose to either ignore the CIF or address it with a CAP. The surveillance manager shall communicate with the enterprise to determine if they wish to address the CIF. Acceptance of continuous improvement findings is not mandatory. An enterprise may designate at any time during a surveillance activity that they do not wish to be notified of CIFs. In that case, the surveillance team will confine its activities to compliance expectations and the surveillance report will reflect findings against regulatory requirements and not best practices.

(3) Where an enterprise chooses to address the CIF through a CAP, the finding shall be attached to the surveillance report.

(4) A CAP for a CIF shall be handled according to the process given in Section 12.

(5) Once the enterprise successfully closes the CAP, a letter of acknowledgement shall be issued by the CA stating that the enterprise is now considered to have exceeded the basic compliance level.

(6) A copy of the letter of acknowledgement issued in accordance with (5) shall be appended to the surveillance report. The original compliance status recorded in the surveillance report shall not be amended.

(7) In order to issue a letter of acknowledgement in accordance with (5), all CIFs described in (2) must be addressed simultaneously.

Date modified: