Enhanced IOSA Project Closure Report

Date: 04-Sep-2015

Enhanced IOSA
Project Closure Report
1 September 2015

Page 1 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Page 2 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Table of Contents
Foreword ....................................................................................................................................5
1. Introduction .........................................................................................................................6
1.1
Inception .....................................................................................................................6
1.2
Board of Governors Decision .....................................................................................6
1.3
Pre-Project Activities ..................................................................................................6
2. Project Organization ...........................................................................................................7
2.1
Meeting Structure .......................................................................................................8
2.2
Stakeholder Management ..........................................................................................8
2.2.1 Industry ...................................................................................................................9
2.2.2 Audit Organizations ..............................................................................................10
2.2.3 IOC ........................................................................................................................10
2.2.4 OPC ......................................................................................................................10
2.2.5 ICAO .....................................................................................................................10
2.2.6 EASA ....................................................................................................................11
2.2.7 US FAA .................................................................................................................11
2.2.8 ANAC Brazil ..........................................................................................................12
2.2.9 US DoD .................................................................................................................12
2.2.10 ECAC ................................................................................................................12
2.2.11 IATA Regional Offices ......................................................................................13
2.3
Project Resources ....................................................................................................13
2.4
Work Breakdown Structure ......................................................................................14
3. Project Deliverables.........................................................................................................14
3.1
EI 1 Airline Quality Assurance Staff Training ........................................................15
3.1.1 Online Information Sessions.................................................................................15
3.1.2 Dispatch Auditor Training .....................................................................................15
3.1.3 Regional E-IOSA Workshops ...............................................................................16
3.1.3.1 E-IOSA Workshop Feedback............................................................................17
3.2
EI 2 Audit Procedures ...........................................................................................18
3.2.1 Selective Standards Application ...........................................................................19
3.2.2 IOSA Audit Handbook For Airlines .......................................................................19
3.2.2.1 Auditor Actions for Airlines ................................................................................20
3.2.2.2 Repeated and Interlinked ISARPs ....................................................................21
3.2.3 AO Procedures and Guidance (IAH Part 1) .........................................................22
3.2.5 IOSA Auditor Training Updates ............................................................................22
3.2.6 IOSA Auditor Recurrent Training ..........................................................................22
3.2.7 Mandatory Observations ......................................................................................22
3.2.8 E-IOSA Observations ...........................................................................................23
3.2.9 Auditor Webinars ..................................................................................................24
3.3
EI 3 Conformance Report......................................................................................24
3.3.1 Conformance Report Format and Content ...........................................................24
3.3.2 Conformance Report Acceptance Criteria............................................................25
3.4
EI 4 Q5 Systems and Infrastructure ......................................................................26
3.5
EI 5 Partnership for Quality ...................................................................................26
3.6
EI 6 Communication Plan ......................................................................................26
3.6.1 External Communication ......................................................................................26
3.6.2 Internal Communication ........................................................................................27
3.6.3 2012 Survey ..........................................................................................................28

Page 3 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015
3.6.4 2013 Market Research .........................................................................................28
3.7
EI 7 Other Items ....................................................................................................28
3.7.1 Regulatory Cross-Reference Lists .......................................................................29
4. Proof-of-Concept Workshops and Voluntary E-IOSA Audits ...........................................30
4.1
Proof-of-Concept Workshops ...................................................................................30
4.2
E-IOSA Trial Audits ..................................................................................................30
4.3
E-IOSA Audits in 2013 .............................................................................................31
4.4
E-IOSA Audits in 2014/2015 ....................................................................................33
4.5
E-IOSA Conformance Rates ....................................................................................33
5. Conclusions and Recommendations................................................................................36
5.1
Audit Organizations and Audit Teams......................................................................36
5.2
IOSA and the Operators ...........................................................................................36
5.3
E-IOSA Standards and Audit Procedures ................................................................37
5.4
Data Analysis and Digitalization ...............................................................................38
5.5
Quality Assurance ....................................................................................................38
5.1
Overall Conclusion ...................................................................................................39

Page 4 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Foreword
Since the implementation of the IOSA in 2003, the original goals of the IOSA program laying a
foundation for improved operational safety and security, eliminating redundant industry audits
have been reached. The IATA members agreed to move the IOSA program to a next level that
will result in a more effective evaluation of operational safety and security practices. The
Enhanced IOSA (E-IOSA) concept was transitioned into the Program and therefore required
continuous input from and coordination with the IOSA registered operators and all other
stakeholders.
The transition plan was rolled out as planned. With 16 E-IOSA Audits performed in 2013 (Board
target: 10 E-IOSA Audits), 50 performed in 2014 (Board target: 39 E-IOSA Audits) and 41
performed in 2015 (Board target: 21 E-IOSA Audits), the Board targets were achieved and
exceeded in each year.
This project closure report summarizes the deliverables, lessons learned and conclusions.
IATA thanks all involved parties including and not limited to all participating IATA member
Airlines, the Enhanced IOSA Implementation Task Force, the Audit Organizations, the IATA
Operations Committee, the IOSA Oversight Council, the ICAO, the EASA, the FAA, the ANAC
and all other stakeholders for their dedication and support, and for striving to continually improve
airline safety performance.

With the hope of a continued cooperation

With Best Wishes

The IOSA Management

Page 5 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

1. Introduction
This project closure report provides an overview over the project tasks and
summarizes the deliverables under E-IOSA.
This report is structured in alignment with the project work breakdown structure
which is in Figure 3 later on.
1.1 Inception
The concept of E-IOSA was initiated in December 2010.
Since then, the concept evolved continuously and important milestones were
reached.
Necessary updates were provided to the industry from the IATA top management
level (Board of Governors, BoG) on a regular basis.
1.2 Board of Governors Decision
During the Annual General Meeting in June 2013, the IATA Board of Governors
mandated the planned E-IOSA process for all IOSA-registered operators as of
September 2015. As of this date, all Registration Renewal Audits are conducted
in accordance with the E-IOSA process:
At the recommendation of IATAs Operations Committee, the Board approved
the final implementation date of September 2015 for all IOSA registered airlines to
conform with the Enhanced IOSA requirements.
1.3 Pre-Project Activities
Before the continuation of the E-IOSA transition plan as a project as described in
the following chapters, IATA performed a series of activities to sharpen the
concept and to determine the boundaries of E-IOSA.
IATA conducted proof-of-concept workshops with volunteering operators with the
aim to gain knowledge about the operators preparation process and potential
challenges during the internal implementation of E-IOSA related activities.
The workshops led into the trial audit phase in which AOs tested E-IOSA on predetermined operators during live IOSA Registration Renewal Audits (see chapter
4).

Page 6 of 40

IATA Board of Governors

mandated E-IOSA
requirements for all
registered operators as
of September 2015.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

2. Project Organization
E-IOSA was introduced and implemented as a special project. The Audit
Programs Department established a project organization to maximize
effectiveness of all resources including the involved Task Forces. The Project
Plan depicted the project objectives as the following.
The E-IOSA Project had the objective to transition the current IOSA Program into
the E-IOSA model. Between 2012 and 2015, all necessary processes were
designed. In addition, necessary infrastructure was set up and relevant
communication was accomplished.
The aim was to prepare the IOSA Program, its resources, the operators, the Audit
Organizations, Endorsed Training Organizations and other stakeholders for the
implementation in September 2015.
The project organization supported the successful planning, execution and
closure of the project by ensuring clear assignment of tasks, reasonable
allocation of resources and seamless completion.
The organizational structure is described in the organizational chart below.

Page 7 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015
Figure 1 Project Organization

E-IOSA Implementation
Task Force transitioned

Enhanced IOSA
Project

into IOSA ORG Task

Force.

Executive Sponsor
SVP, SFO

Project Sponsor
Director, Audit
Programs

EI Implementation TF
Chairman*

Project Manager
Head, IOSA

Assistant
Manager, Registry

Manager, Training

Manager, Audit
Standards

Senior Program
Advisor

Project
Office
External Resources
Internal Resources

EI Implementation
Task Force*

Vendors and
consultants

* The E-IOSA Implementation TF was disbanded after its mandate and was transitioned into the IOSA
ORG Task Force under the IOSA Oversight Council (IOC).

2.1 Meeting Structure

The Project Office met bi-weekly and the E-IOSA Implementation Task Force met
monthly through conference calls. The Task Force held bi-annual face-to-face
meetings. Any other meetings took place individually, depending on the task and
the participants. Monthly updates are given to the Executive Sponsor, and upon
request.
2.2 Stakeholder Management
All groups or individuals who had an interest in the project regarding its functions,
performance or results were considered to be stakeholders.
The stakeholder management for E-IOSA followed the ultimate aim to manage all
stakeholders in an approach which ensured a successful project execution while
ensuring that the integrity of the IOSA program is kept.

Page 8 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Enhanced IOSA was supported and monitored by external, internal, industry and
regulatory stakeholders.
Figure 2 IOSA Stakeholder Map

2.2.1

Industry

The IATA member airlines and all other IOSA registered operators are the most
important customers to be affected by the changes under E-IOSA. IATA
exercised steady consultation within and outside of the Task Forces to ensure the
industrys perspective is reflected when developing E-IOSA. Processes and
requirements were designed to ensure the industrys needs are met.

Page 9 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

2.2.2

Audit Organizations

The accredited Audit Organizations perform the audit work in the field and
therefore carry vital importance in the current IOSA Program set-up. With their
feedback on the E-IOSA processes, the AOs as well as the individual IOSA
Auditors contributed to the development of E-IOSA.
The AOs will have the responsibility to ensure consistent application of E-IOSA
protocols in future registration renewal audits by ensuring appropriate training of
IOSA Auditors.
2.2.3

BOG

The IATA Board of Governors prioritized the E-IOSA initiative and monitored it.
The E-IOSA was mandated through the following decision in 2013:
At the recommendation of IATAs Operations Committee, the Board approved
the final implementation date of September 2015 for all IOSA registered airlines to
conform with the Enhanced IOSA requirements.
Without the right vision and prioritization of the BOG, the E-IOSA project would
not have gained the traction that led to a successful implementation.
2.2.4

IOC

The IOSA Oversight Council (IOC) as the governing body of the IOSA Program
was regularly updated on and actively contributed to the E-IOSA project. During
the years 2013 and 2014, a majority of the IOC members were also part of the EIOSA Implementation Task Force which facilitated the IOCs understanding of,
and commitment to the E-IOSA.
2.2.5

OPC

The Operations Committee (OPC) as the Safety and Flight Operations Industry
Committee and advisor of the BoG, received regular updates on the E-IOSA
project.
At OPC 25 the members noted that this change to IOSA was a big and positive
step, and that it was important to keep in mind the safety benefit at a time when
its becoming harder and harder to gain global safety performance improvement.
2.2.6

ICAO

The ICAO has been a supporter of the IOSA Program since its beginning. The
38th ICAO Assembly was another milestone in the history of IOSA. The Assembly
recognized the global safety benefits of the IOSA Program and its elements that
Page 10 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

are being introduced with E-IOSA. The Technical Commission expressed its
support for the IOSA program and recommended that ICAO continue its support
of IOSA and the additional elements under Enhanced IOSA as a complementary
source of information for State safety oversight activities (see Report of the
Technical Commission on the General Section of its Report and on Agenda Items
26, 27, 28 and 29).
2.2.7

EASA

The EASA, as a regular observer to the IOC, has been witnessing the
development of the E-IOSA project since the early stages.
During these, IATA had the opportunity to visit the EASA as well as the European
Commission and to present the IOSA program and the E-IOSA concept, which
were well received. In the spirit of an open and continuously interactive
relationship with the main stakeholders, the EASA was invited to observe an EIOSA Trial Audit.
The summary provided by the EASA observer states:
With the introduction of the Enhanced IOSA concept, IATA has taken a
systemic approach to effectively overcome weaknesses identified in the IOSA
programme to make it a more powerful tool.
The shift of focus towards the implementation of ISARPs, the continuous
involvement of the operator in the IOSA process and the standardisation of IOSA
auditors are considered by EASA to be an appropriate answer to the past
criticism of IOSA being largely paper-oriented...
2.2.8

US FAA

IOSA program officials met with the FAA twice a year during the IOC meetings
(the FAA is a regular observer to the IOC). Yearly individual meetings are held to
keep the FAA abreast of the developments under the IOSA Program.
The FAA described Enhanced IOSA as a revealing process and the right way
to go.
Also the FAA accepted IATAs invitation to observe a Trial Audit in 2011 in order
to familiarize with the concept and gain confidence in the process.
The meetings and the onsite observation were followed by several official position
papers in which the FAA proactively contributed to the shaping of the IOSA
requirements.
The FAA continues to remain an important and supportive stakeholder in the
IOSA Program.

Page 11 of 40

ICAO 38th Assembly

recognized IOSA and EIOSA elements for global
safety benefits.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

2.2.9

ANAC Brazil

ANAC Brazil is one of the largest aviation markets in which the IOSA Program is
effectively used by the regulator to complement national civil aviation oversight. In
the light of this, the IOSA Program representatives visited the ANAC in 2014 to
present the IOSA Program functionalities. The ANAC Brazil attended the biannual IOC meetings to stay abreast of the developments in the IOSA Program.
2.2.10

US DoD

IATA also had the chance to present the Enhanced IOSA concept to other high
level representatives in 2012, which was well received. During the IOC 18 the
DoD expressed their continued impression with the IOSA program and its
development. The DoD utilizes IOSA results for the oversight of codeshare
operations, to select operators for the transport of DoD personnel on scheduled
flights and to select operators in emergency cases, e.g. humanitarian relief.
The authority expressed its support for the Enhanced IOSA, as putting the stress
on implementation is the right way to go.
2.2.11

ECAC

In July 2012, IATA and the European Civil Aviation Conference (ECAC)
concluded a Memorandum of Understanding (MOU) for the cooperation in the
fields of safety and security. As part of the annex on aviation safety, IATA
delivered four workshops to the ECAC presenting IOSA and ISAGO.
In 2013 and 2014, four workshops were delivered in Kiev, Warsaw, Helsinki and
Paris. In total 64 individuals participated, 43 from different European Civil Aviation
Authorities attended.
The workshops led to positive feedback from the participants who indicated that
they clearly see a benefit in the IOSA Program and would like to utilize it to
complement their national oversight activities:
Five possible answers could be given, from strongly disagree to strongly agree.

The IOSA Program has a clear benefit to global aviation safety.

91% agreed.
The Enhanced IOSA supports the improvement the airlines operational safety
management.
93% agreed.

Page 12 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

The IOSA Program supports safety monitoring on air carriers.

97% agreed.
97% of the CAA representatives also agreed that:

regulators should make more use of programs like IOSA to complement

their oversight activities;

with the necessary framework, they would consider IOSA results when
conducting oversight on the relevant air carriers in their country;

they would ask for an IOSA Audit Report of an air carrier of interest.
2.2.12

IATA Regional Offices

The IATA Regional Offices assumed the pivotal role of engaging operators to
undergo the voluntary E-IOSA audits, with the commitment of the IATA Regional
Offices the IATA Board targets were exceeded each year.
The IATA representatives in the Regional Offices provided continuous feedback
to the IOSA Program and played a very important part in acting as the interface
between the project office and the operators. Furthermore, logistical support was
provided during the E-IOSA workshops that were conducted in all regions.
2.3 Project Resources
The project resources varied throughout the project duration. The positions of the
Managers, Audit Standards, the Audit Training Manager as well as the Assistant
Director, IOSA were initially vacant. The remaining Audit Programs staff
temporarily assumed responsibility for all tasks and deliverables, which were then
re-allocated when the positions were re-filled.
The Project Sponsor (SVP, Safety and Flight Operations) changed twice during
the project duration.
The project resources were impacted by resource fluctuations, organizational
changes, additional projects that required execution and financial re-prioritization
tasks which were performed.
The project was delivered in accordance with the budget and the projected project
time lines and the E-IOSA Transition Plan.

Page 13 of 40

97% of surveyed
regulatory
representatives in
Europe: Regulators
should make more use of
programs like IOSA..

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

2.4 Work Breakdown Structure

All project tasks are illustrated in the work breakdown structure. The tasks were
assigned to individuals or groups as task owners and were administered through
work packages.
Figure 3 Work Breakdown Structure
E-IOSA Program

Airline QA Staff
Training
EI 1

Online Information
Sessions
EI 1.1

EI Audit
Procedures
EI 2

Conformance
Report
EI 3
Selective
Standards
Application
EI 2.1

Dispatch Auditor
Training
EI 1.2

Develop SSA
Criteria
EI 2.1.1

Conduct Regional
EI Workshops
EI 1.3

Develop SSA
Process based on
SSA Criteria
EI 2.1.2

Conformance
Report Format and
Contents
EI 3.1
Conformance
Report
Acceptance
Criteria
EI 3.2

Q5 Systems and
Infrastructure
EI 4

CR Data Flow
EI 4.1

Partnership for
Quality
EI 5

Communication
Plan
EI 6

Develop
Workshop/Toolkit
Design
EI 5.1

Update to
Registered Airlines
EI 6.1

Conduct
Workshops/t
EI 5.2

Press Releases
EI 6.2

Q5 Data
Management
EI 4.2

Other Items
EI 7

Use of External
Resources for
Assurance
Activities
EI 7.1

Language Barriers
EI 7.2
DGs Weekly
Message
EI 6.3

Linked-in Group
EI 6.4

Airline Procedures
and Guidance
EI 2.2
Internal Audit
Procedures and
Guidance
EI 2.2.1

CR Submission
Deadline
EI 7.3
CR Results into
IAR
EI 7.4
CR Release to 3rd
Parties
EI 7.5

Auditor Actions for

Airlines
EI 2.2.2

ISM Applicability
EI 7.6

Repeated and
Interlinked ISARPs
EI 2.2.3

Information
Sources
EI 7.7

Principles of
Auditing ORG
EI 2.2.4

Audit Agreements
EI 7.8

AO Procedures
and Guidance
EI 2.3

IATA QC
EI 7.9

Conformance
Report Procedures
EI 2.3.1

Document
Reference
Changes
EI 7.10

Repeated and
Interlinked ISARPs
in IAR
EI 2.3.3

Auditing ORG
EI 7.11

EI Update on IAT
EI 2.5

Upgrade QA
Recommended
Practices
EI 7.12

IOSA Auditor
Recurrent Update
on
EI 2.6

Complete Auditor
Actions
EI 7.13

Mandatory
Observations
EI 2.7

New
E-IOSA
Observations
EI 2.8

Cross-Reference
Lists
EI 7.14

Completed
High Priority

Auditor Webinars
EI 2.9

Medium Priority

3. Project Deliverables
This chapter provides a summary on each of the seven main deliverables of the
project (see work breakdown structure in Figure 3). The updates are provided

Page 14 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

either on the main deliverable or on sub-deliverables, dependent on the

complexity of the task.
All project tasks were completed by August 30, 2015.
3.1 EI 1 Airline Quality Assurance Staff Training
3.1.1

Online Information Sessions

IATA developed two online information sessions to provide an initial, introductory

level of familiarization with the E-IOSA and quality assurance principles. Both
modules are available free of charge to all operators. The first module introduces
the changes under E-IOSA whereas the second module provides content over
quality assurance principles.
The online information sessions were published in March 2013. Due to planned
modifications, the modules were made available to airlines which committed to
undergo E-IOSA in 2013 and 2014. The sessions were made publicly available in
quarter one of 2014.
Due to the delayed finalization of the Conformance Report (CR) content, the EIOSA Information Session had to undergo substantial revisions. This was mainly
caused by the fact that the CR content (which was defined in the ISM and for
which no further changes were planned) was reviewed again by the E-IOSA
Implementation Task Force and which was revised in August 2013.
The modules were continuously modified and converted to allow offline usage.
The possibility to share the file among different individuals made it impossible to
track the users of the information sessions, however, several hundreds of
individuals have access to the modules today.
3.1.2

Dispatch Auditor Training

The Operational Control and Flight Dispatch (DSP) section of the IOSA Standards
Manual (ISM) Edition 7 underwent significant additions and modifications as a
result of the publication of the ICAO Annex 6, Amendment 36.
Given the scope of the changes to the ICAO Annex 6, it became apparent that the
Dispatch section would require a significant re-write. Additionally, the FLT section
would be impacted but to a lesser extent than the DSP section. The ISM revision
had to respect the current structure and allow for a phased implementation of
the many new requirements.
To achieve a consistent understanding and standardized application of the
revised DSP standards, IATA developed a web-based training for IOSA Auditors
of the DSP Section. The first training was provided in August 2013 to a group of
Page 15 of 40

The IOSA Operational

Control and Flight
Dispatch Section
changed significantly due
to new ICAO
requirements in
Amendment 36 to Annex
6.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

around 30 approved DSP Auditors. The second training was delivered in October
and reached 47 approved DSP auditors.
3.1.3

Regional E-IOSA Workshops

As part of the support elements provided to the operators, IATA performed ten
regional workshops for airlines to familiarize those with the principles of the EIOSA.
IATA conducted a workshop in each region: Asia Pacific, Africa, North America
and the Caribbean, Latin America, China and North Asia, Middle East and North
Africa, Russia and CIS, as well as Europe. Although eight workshops were
planned in the project, due to high demand, two additional workshops were
provided (in Montreal and in Istanbul during the 2015 IATA Ground Handling
Conference, IGHC).
The workshops took place in the following locations and sequence:
Figure 4 E-IOSA Workshop Schedule

Location

Date

Comments

Beijing

October 2013

Hosted by IATA

Bucharest
Montreal

November 2013
December 2013

Sponsored by TAROM
Hosted by IATA

Johannesburg

February 2014

Dubai

April 2014

Sponsored by South African

Airways
Sponsored by Emirates

Singapore

April 2014

Sponsored by the Singapore

Aviation Academy

Moscow

April 2014

Hosted by IATA

Bogota

May 2014

Sponsored by Copa Airlines

Colombia

Montreal

October 2014

Hosted by IATA

Istanbul

April 2015

Sponsored by Turkish Airlines

All workshops were well attended by over 500 individuals from over 200
operators.
The two-day workshops covered the following areas:

IOSA Program History and Facts

IOSA Program Functionalities
Page 16 of 40

IATA conducted 10
regional E-IOSA
workshops for registered
operators, addressing
over 500 individuals from
over 200 operators.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

E-IOSA Introduction
E-IOSA Process
Interpretation of E-IOSA Provisions
Conformance Report
Auditor Actions

3.1.3.1

E-IOSA Workshop Feedback

The feedback from the operators on the workshops was very positive. The
workshops provided an effective means to exchange information and experience
with and among the operators.
Below is a summary of the quantitative analysis of the feedback gathered during
the workshops.
Figure 5 E-IOSA Workshop Feedback

YES

NO

N/A

1. The workshop improved my understanding of the basic

principles and concepts of E-IOSA

394

2. The presentation contained relevant information to

familiarize with E-IOSA (if not, please specify)

395

3. I had sufficient opportunities to ask any question

397

4.The facilitators answered all questions and presented in a

clear manner (If not, please specify)

376

15

13

48

293

63

246

69

89

11. Does your company use electronic software to manage

internal safety and/or quality management activities and data?

316

51

37

Quality Assurance Program

12. Does your organization have a quality assurance program
in place that allows conducting self-assessments against all
IOSA Standards and Recommended Practices (ISARPs)
during the IOSA registration period?

332

43

29

13. Do internal audits against ISARPs have a positive effect on

your company's operational safety?

337

21

46

14. Does your organization need IATA's support to improve its

current quality assurance program? (If you, please specify)

179

163

62

General

Enhanced IOSA
8. Is there any Part in the IOSA Procedures and Guidance
Manual for Airlines that is unclear? (If yes, Please explain).
10. Would your organization be willing to undergo a voluntary
E-IOSA Audit?

Page 17 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

The results above clearly show that the workshops were of great value to
the operators.

Over 83% of all respondents recognized the safety benefit of internal

assessments.

44% of the participants see their organization in need for further support
from IATA to improve their quality assurance programs.
The operators in the different regions have different profiles and face different
challenges in regards to E-IOSA:

In the region of China and North Asia, there is a notable need for training
the auditing personnel in the E-IOSA process and the interpretation of
relevant ISARPs.

In Europe, some operators expressed concerns regarding the scarcity of

internal resources to perform the internal assessments against the
ISARPs.

Operators from Africa expressed the need for further assistance from
IATA.
3.2 EI 2 Audit Procedures
IATA defined the core audit procedures of E-IOSA in the IOSA Audit Handbook
(IAH). These are divided into the IAH Part 1 for the Audit Organizations (AOs), the
IAH for Airlines (IAH-A) and the revised mandatory observations performed by the
Audit Organizations.
Figure 6 IOSA Audit Handbook

Page 18 of 40

Numerous participants
requested further direct
interaction with IATA in
regards to IOSA.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

3.2.1

Selective Standards Application

Early stages of the E-IOSA involved the development of a Selective Standards

Application - a risk-based sampling process of the ISARPs over several
consecutive IOSA audit events.
In the IOSA Oversight Council Meeting 22 (March 2014), it was decided that the
Selective Standards Application will not be implemented due to the following
reasons:
i) The IOSA program represents a third party audit program which performs
independent audits on operators. Offsetting third party audit results with
airline-internal assurance data will undermine the IOSAs status as an
objective and independent third-party audit and will diminish the value that
a third party audit offers.
ii) With E-IOSA being introduced, IATA does not have a robust set of data
that confirms the integrity of the operators internal assurance results.
iii) Various regulatory frameworks make use of IOSA results to complement
oversight activities. The IOSA standards are derived from applicable ICAO
requirements that carry vital relevance in national requirements. A
selective application of the IOSA standards would reduce the two-yearly
frequency in which IOSA verifies the operators conformity applicable
requirements. A two-yearly assessment of the operators operational
safety performance would not be ensured and in turn, regulatory support
would be lost.
3.2.2

IOSA Audit Handbook For Airlines

The IOSA Audit Handbook for Airlines (IAH-A) founds the main source of
information for operators. The document was published on the IOSA web page in
August 2013 and is currently in its third Edition.
The document is oriented at the IAH Part 1 (for AOs) in its purpose and layout,
however it addresses airline internal auditors.
For the development of this document, three assigned operators, TAROM, British
Airways and Delta Airlines created a working group under the coordination of
IATA and the E-IOSA Implementation Task Force.
Although the IAH for Airlines is mentioned in the Guidance Material of the ISM
and therefore carries recommending character, majority of the content in the
manual is essential to an adequate assessment of the operational safety against
the IOSA standards.

Page 19 of 40

The first IOSA Audit

Handbook for Airlines
was published in August
2013 and is now in its
third Edition.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

The overall structure of the document contains the following:

IOSA Overview
Internal Audit Program Management
Audit Methodology
Conformance Report (CR)
Audit Procedures
The document explains the completion process of the CR in the context of revised
and new provisions in the ORG section, but also outlines IOSA-specific auditing
techniques and procedures.
3.2.2.1

Auditor Actions for Airlines

Auditor Actions (AAs) are pre-determined and customized action steps that an
auditor will typically take to gather sufficient evidence to determine conformity or
nonconformity with an IOSA Standard or Recommended Practice (see below
figure).
Auditor Actions were initially developed to enhance the audit focus on
implementation of the ISARPs and to increase standardization among IOSA
Auditors, but have also proven to be valuable to airline-internal auditors.
It was therefore decided to provide the AAs to the operators (available under
www.iata.org/iosa). The ISM Edition 9 contains over 3600 individual AAs, as listed
in the below example of FLT 3.4.4.
The operators can choose to develop and follow their own set of AAs or to use
the AAs published by IATA. The recording of the AAs in the CR will demonstrate
worldwide standardization among internal auditors.

Page 20 of 40

Auditor Actions were

developed for IOSA
Auditors but proofed
useful to airline-internal
auditors.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015
Figure 7 Example Auditor Actions

3.2.2.2

Repeated and Interlinked ISARPs

The repeated and interlinked ISARPs form an important and central part of the
IOSA auditing methodology. The repeated provisions in the ISM ensure a
consistent implementation of organization-wide systems, programs and
processes. Interlinked provisions ensure that requirements addressing the same
subject matter (e.g. transportation of dangerous goods) are assessed consistently
throughout the checklist.
Repeated and interlinked ISARPs also form part of the assessment of an
operators SMS. All ISARPs with a [SMS] designator are assessed following the
hard-linked and other relevant auditing methodologies.

Page 21 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

The interlinked and repeated provisions which form the third part of the IOSA
Audit Handbook for Airlines (IAH-A) have been made available online for the use
by operators during their internal audits.
The principles and methodologies of assessing repeated and interlinked ISARPs,
as well as hard-linked SMS provisions during the internal assessments were
incorporated into the IAH-A.
3.2.3

AO Procedures and Guidance (IAH Part 1)

The procedures and guidance for Audit Organizations (AOs) outline all E-IOSA
related processes to the IOSA Auditors and describe the AOs role in the E-IOSA.
The document was released to the Audit Organizations in June 2013 and was
consequently embedded within the IOSA Audit Handbook Part 1.
3.2.5

IOSA Auditor Training Updates

The IOSA Auditor Training (IAT) as the sole program to qualify as IOSA Auditor
was modified to include the E-IOSA specifications. Continuous improvements
were developed as the program evolved.
E-IOSA elements were introduced in the IAT in Jan 2014. The last revision of the
IAT is planned for Sep 2015 when the E-IOSA module will be removed and
replaced with a module aimed at identifying key characteristics of renewal audits
(the term E-IOSA will disappear).
3.2.6

IOSA Auditor Recurrent Training

All IOSA Auditors must undergo a recurrent training by the Audit Organizations on
a yearly basis. The E-IOSA module was introduced in the IOSA Auditor recurrent
trainings in 2015. The module has the aim of increasing E-IOSA awareness
amongst all IOSA and to train them in pertinent auditing procedures and
protocols.
3.2.7

Mandatory Observations

Mandatory observations are operational assessment activities that must be

observed by the IOSA Audit Team during the onsite part of an IOSA Audit. The
prescribed observations had remained unchanged since their introduction in the
IOSA. The revision and improvement of the mandatory observations formed a
main part of the E-IOSA pillars Focus on Implementation and Standardization.
To date, the IOSA Auditors utilized privately developed lists to record their
observations.

Page 22 of 40

Mandatory observations
formed a part of the EIOSA pillar Focus on
Implementation.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

The mandatory observations were revised, and for each mandatory observation,
a checklist was developed for the use by IOSA Auditors. Each checklist includes
links with the set of ISARPs that relate to the respective operational activity that is
observed.
The usage of the checklists will allow increased consistency and standardization
in reflecting an observation in the assessment of ISARPs. Additionally, the
observation activities will be further standardized among the IOSA Audits. The
checklists are available on the IOSA website for public use, as well.
Figure 8 Mandatory Observation Checklist (extract)

3.2.8

E-IOSA Observations

In addition to the observations conducted during the E-IOSA Trial Audits in 2011
and 2012 (see chapter 4.1), IATA observed five E-IOSA audits prior to the
effective date of the IOSA Standards Manual (ISM) Edition 9, in 2015.
The observations were performed on five operators that volunteered to undergo
an E-IOSA Audit and took place in North America, China, Europe and Africa,
spanning four different regions, operators and Audit Organizations.
The observations revealed that on one hand operators get increasingly familiar
with the E-IOSA requirements, however the IOSA Auditors still require additional
sensitization. Many IOSA Auditors still come to the audits unprepared and do not
follow the E-IOSA procedures that are described in the IOSA Audit Handbook.
The main conclusions from the observations are described in chapter 5.
Page 23 of 40

Main conclusions of the

E-IOSA Observations
can be found in chapter
5.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

3.2.9

Auditor Webinars

The IOSA Auditors play a vital role in the successful conduct of each IOSA Audit
and the new E-IOSA requirements. IATA developed and held webinars
addressing all IOSA Auditors worldwide. The purpose of the webinars was to
familiarize the IOSA Auditors with the Enhanced IOSA concept, processes and
procedures. In addition to the recurrent trainings performed by the AOs, in May
and June 2014, IATA performed the first series of five webinars.
The E-IOSA webinars for the IOSA Auditors represented the first time in the
history of the IOSA program when IATA established a direct communication
channel to the IOSA Auditor community.
To ensure the latest conclusions from the project are conveyed to the IOSA
Auditors firsthand, another series of webinars was held shortly before the ending
of the project in 2015.
The continuous education of the IOSA Auditors is one of the main work items on
further emphasis must be given (see chapter 5).
The webinars provided IOSA Auditors with guidance and information about
relevant E-IOSA provisions, procedures and exercises. The topics included:

Background and history of E-IOSA

Pillars of E-IOSA
Working Tools
Airlines responsibilities
AOs responsibilities
E-IOSA provisions and their assessment methodologies

The webinars also included exercises and offered the IOSA Auditors the option to
ask questions and to share their experience.
3.3 EI 3 Conformance Report
3.3.1

Conformance Report Format and Content

The Conformance Report (CR) concept was introduced in IOSA with ISM Edition
3 which became effective in June 2010. The CR is a compilation of the
information that is recorded as a result of ongoing, two-yearly airline-internal audit
and evaluation activities against the IOSA Standards and Recommended
Practices.

Page 24 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Subsequently, during the project, the E-IOSA Implementation Task Force

determined the necessary elements and format of a CR, that the operators will
need to produce to conform to the respective IOSA requirement.
According to this, the CR must include, for each ISARP, detailed assessment
information as listed in ORG 3.4.8 and must be maintained in electronic format in
accordance with ORG 3.4.14.
The documents which must be submitted to the Audit Organization in accordance
with ORG 3.4.6, 3.4.7, 3.4.8 and ORG 3.4.14 include:

Completed and signed declaration of internal assessment of completion;

Record of internal auditors;
Operational Profile;
List of Document References;
Completed Conformance Report in accordance with ORG 3.4.8.
IATA developed a CR template in MS Excel format that is provided to the public
through the IOSA website (www.iata.org/iosa). The template offers operators a
means to record their internal assessments against the ISARPs and operators will
have the option of submitting the complete CR by using the CR template provided
by IATA.
3.3.2

Conformance Report Acceptance Criteria

Although the production of a Conformance Report (CR) has been part of the ISM
since Edition 3 in 2010, the Audit Organizations asked for more specific guidance
on the assessment of the CR.
The E-IOSA Implementation Task Force developed the procedures for the
assessment of the CR. The procedures require the AO to perform a two-step
assessment of the CR: The first step is prior to the onsite Audit when the AO
reviews the CR for completeness (all documents submitted and all information
complete). The actual assessment of the CR is in the second step, which is made
onsite:
With the information from the previously conducted completeness review, the
ORG Auditor assesses the CR in terms of documentation and implementation.
The ORG Auditor can reflect qualitative discrepancies in the CR in any quality
assurance related ISARP (e.g. poor audit planning, lack of auditor training, etc.).
This allows the operator to be in conformance with the CR requirements although
deficiencies were detected in other areas of the operators Quality Assurance

Page 25 of 40

A Conformance Report
template is made
available at
www.iata.org/iosa.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

program. The details of the CR assessment procedure are documented in the

IOSA Audit Handbook (IAH) Part 1.
3.4 EI 4 Q5 Systems and Infrastructure
The requirement to submit a Conformance Report to the AO prior to the onsite
phase of the Audit had the potential to impact the digital processes of the IOSA
Audit, namely the transfer of the CR to the AO utilizing the audit software.
The fact that operators are free to choose their audit software and the medium in
which they produce the CR limited the options of transfer CRs through the IOSA
audit software.
Enhancements to the audit software were made by modifying the Audit Summary
section of the IOSA Audit Reports. The Audit Summary contains fields regarding
the mandatory observations that are performed. The information has been
updated to reflect the modified observations as described in chapter 3.2.7.
Further enhancements were made to increase the data analysis capabilities of the
IOSA Program. Different data views are under development and will be released
after the implementation of necessary internal infrastructure (See more in chapter
5).
3.5 EI 5 Partnership for Quality
The Partnership for Quality (PFQ) project was initiated and executed by the SFO
Quality Department, originally to support the operators in the implementation of EIOSA.
Under PFQ, IATA delivered several workshops addressing 307 individuals from
approx. 190 airlines.
3.6 EI 6 Communication Plan
Under the E-IOSA project a focus has been given to exercise appropriate
communication to the industry. Measured at the reactions, the feedback and the
reach, the communication plan is regarded as one of the elements, contributing to
the success of the E-IOSA project.
3.6.1

External Communication

A major achievement of the extensive communication efforts is the endorsement

of IOSA and its elements under E-IOSA by the 38th Assembly of the ICAO (see
chapter 2.2.4).

Page 26 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Additionally, numerous press releases, articles and publications made aware of

E-IOSA. Below is an extract of the communication activities under E-IOSA:

IATA CEO Briefs

Mass e-mails to all IOSA Registered Airlines
Creation and maintenance of a LinkedIn Group for IOSA
Contribution to SO&I Promotion Brochure
Article in Airlines International Magazine
IATA Annual Review
Contribution to IATA WATS (World Air Transport Statistics) 57
Aviation Day Addis Ababa
Press Releases
Article in IATA Flight Bag Safety, Security and Infrastructure News
Presentation to A4A (Airlines for America) Safety Council
Workshops for all ECAC Member States (three out of four conducted)
Working Paper for ICAO Technical Commission of 38th Assembly
E-IOSA workshops
Panel Discussion on Ops Conference
Material at IATA Annual General Meeting
3.6.2

Internal Communication

The following internal communication activities were performed during the E-IOSA
project.

Monthly reporting to senior management on project status

Monthly reporting to senior management on industry priority (E-IOSA)
Quarterly reporting to senior management
Monthly project status report to IATA Controlling Department
Regular Reporting to Operations Committee (OPC)
Delivery of IATA@Noon Presentation
Contribution to Director Generals Internal Weekly Messages

Page 27 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

3.6.3

2012 Survey

In 2012, IATA performed a survey on members airlines needs and priorities.

Some relevant facts about the survey are below.

The survey was deployed with 150 member airlines, representing

approximately 60% of the total 240 IATA members.

The sample was put together based on the following criteria: IATA Board

IATA member airlines

survey in 2012: E-IOSA
most appreciated IATA
project amongst all VPs

membership, geographical region, size expressed in revenue ton

Operations and across

kilometer (RTK), business model, and cargo vs. mixed activity.

surveyed profiles.

The questionnaire was sent anonymously to 523 Vice Presidents and

IATA market research in

senior contacts.

IATAs record on safety was perceived as IATAs most valuable activity

2013: E-IOSA most

(87%). Enhanced IOSA was the project with the highest demand and level

valued IATA initiative

of appreciation (94% by Vice President Operations, 80% across profiles).

amongst industry
stakeholders.

3.6.4

2013 Market Research

In 2013, IATA performed a global market research in the industry. The research
spanned over 2100 companies including airlines, airports, civil aviation
authorities, IATA staff, governments and regulators, industry associations, media,
IATA strategic partners, travel agencies and others.
Enhanced IOSA was seen as one of IATAs activities/services with the highest
awareness rates amongst the stakeholders. In the same research, E-IOSA was
the most valued IATA activity/service among all listed items.
3.7 EI 7 Other Items
In this section, all miscellaneous deliverables are recorded that did not belong to
any of the previously mentioned deliverables in the work breakdown structure. All
14 tasks have been completed as listed below. The diversity of the various
deliverables required different actions, such as development of necessary
guidance and procedures for operators and/or AOs; modifications and clarification
of ISARPs; development of cross-reference lists, review of quality control
procedures, etc. At times, the Task Forces only needed action was to take a
policy decision on a specific item - for example, if the CR can be shared with third
parties, or not.

Page 28 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

User of external resources for assurance activities.

Language barriers
CR submission deadline
CR results into the IOSA Audit Report
CR release to 3rd parties
ISM applicability during internal audits
Information sources in the IOSA Audit Report
Audit Agreements
IATA Quality Control
Document Reference Changes in the CR
Auditing ORG internally
Upgrade QA Recommended Practices
Complete Auditor Actions
3.7.1

Regulatory Cross-Reference Lists

The requirement under E-IOSA to audit the ISARPs internally during the
operators IOSA registration period correspond with many operators internal audit
criteria or regulatory requirements.
To enable operators in using synergies between the audits against the ISARPs
and other safety requirements, IATA developed regulatory cross-reference list
and made them available online.
The cross-reference lists reference each individual IOSA Standard or
Recommended Practice to a corresponding provision in the following suite of
regulatory requirements (extract):

Applicable ICAO Annexes to the Chicago Convention (Annexes 1, 6, 8,

17, 18, 19)

Applicable FAA FARs, Advisory Circulars and Guides

Applicable EASA Implementing Rules

Page 29 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

4. Proof-of-Concept Workshops and Voluntary E-IOSA Audits

4.1 Proof-of-Concept Workshops
In the planning phase of the Trial Audits, the IOC requested to conduct so-called
proof-of-concept workshops prior to the start of the Trial Audit period.
IATA conducted two proof-of-concept workshops with participating member
airlines. The workshops served the purpose of anticipating critical constraints
before the Trial Audits and of exchanging information on the applicability and
usability of particular E-IOSA elements with the operator.
Before the workshops, the operators conducted internal audits against a limited
amount of ISARPs and presented the outcome during the workshop. The
workshops took one to two days. After a detailed review of ORG QA Standards,
the Conformance Report was discussed with respect to assessments and
difficulties faced.
The outcome of the workshops was utilized to gain more insight on certain issues
during the Trial Audits and was included in the project in the form of various
deliverables.
4.2 E-IOSA Trial Audits
The E-IOSA Trial Audits were designed to test and simulate the viability of the
Enhanced IOSA elements in real-life environments. The tested elements
included:
The AO

Audit planning
Audit preparation
Audit resource allocation (auditors and time)
Technical aspects of the audit conduct
The Operator

Audit Planning and resource allocation

Organizational and internal challenges in auditing ISARPs
Technical challenges

Page 30 of 40

Proof-of concept
workshops performed
with two operators in
2011/12.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Audit methodology and techniques

Although the participation in the Trial Audits was voluntary, the ten participating
airlines represented a wide range of the operators on the registry. The operators
participated from North and South America, East-, West- and Central Europe,
Asia Pacific and Russia and CIS countries.

Ten operators underwent

E-IOSA Trial Audits in
2011 and 2012.

The participating airlines differed in their business models, organizational size and
structure, their operational scope and profile, as well as their cultural and
operational environment which supported the testing under realistic
circumstances.
The Audits were conducted to simulate the E-IOSA elements, however the Trial
Audits were official IOSA Audits in which the E-IOSA elements were tested in
parallel. The Trial Audits had no influence on the actual Audit results.
The volunteering operators performed internal auditing against at least a subset
of Standards from pre-selected disciplines. The scope of the disciplines audited
for the E-IOSA Trial Audits varied, dependent on the available time and choice of
the operator. The Conformance Report was then submitted together with a
registration form of auditors who have been utilized to conduct the internal audit
and a declaration of internal audit completion. During the actual IOSA Audit the
AO used the CR to validate the operators assessments for a certain amount of
pre-selected ISARPs. Selective Standards Application was not used during the
Trial Audits.
The detailed results and conclusions from the Trial Audits were recorded and
reported in the Trial Audit Summary Report, dated August 2012.
4.3 E-IOSA Audits in 2013
Part of the 2013 Industry Priorities was to conduct at least ten Enhanced IOSA
Audits. In 2013, in total 16 E-IOSA Audits were performed and the Board target
was exceeded by 6 Audits.
The Audits revealed the learning curve that will improve the operators auditing
activities against the IOSA Standards and Recommended Practices (ISARPs). As
already shown in the Trial Audits conducted in 2011 and 2012, the capabilities,
resources and skills for internally assessing the IOSA provisions varied from
operator to operator. Consequently, the quality of the internal audits under EIOSA in 2013 varied, as well.

Page 31 of 40

2013, 16 operators
underwent a voluntary EIOSA Audit against a
Board target of minimum
10 voluntary audits.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Some of the operators already assessed the ISARPs internally in the past. The
Conformance Reports (CR) of these operators indicated familiarity with the
ISARPs. On the other hand, in some cases, the Conformance Report was not
received on time, assessments were missing or were completed rudimentarily.
The first official E-IOSA Audits confirmed the observations from previous Trial
Audits that many operators will have to make significant efforts to improve their
internal oversight functions, whereas other operators already have the capability
in this matter.
The feedback from the IOSA Auditors was collected for E-IOSA Audits performed
in 2013. The dataset consists of 67 feedback forms from 16 E-IOSA Audits
conducted. The below is a summary of the trends which were observed by the
IOSA Auditors.
Was the CR completed in a clearly understandable way?
67% answered with yes.
Were the documentary references in the CR accurate?
62% answered with no.
Were the descriptions of evidence of implementation in the CR sufficient?
57% answered with no.
Although the above questions are rather broad, the indication was clear. With 16
E-IOSA Audits, the feedback was in alignment with the results from the Trial
Audits. The majority of the operators can produce an accurate CR. However, a
clear majority of the operators are not able to indicate the evidence of
documentation or implementation in a satisfying manner (feedback from the Trial
Audits confirming this was at 86% of the responses). This emphasizes the need
for familiarizing airline auditors with techniques to assess implementation.
Simultaneously, the observations show that other auditing principles in IOSA have
been adapted by the airline-internal auditors:
Did the auditors understand the IOSA principle of assessing documentation
and implementation separately?
79% answered with yes.
Did the auditors understand how to assess that the monitoring of outsourced
functions was effective?
76% answered with yes.
Page 32 of 40

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

Did you review the CR in your team briefing prior to the Audit?
29% answered with no.
4.4 E-IOSA Audits in 2014/2015
Continuing to facilitate familiarization with the processes and to enforce the
implementation of the concept, as many operators as possible were urged to
undergo E-IOSA Audits before the mandatory date in September 2015.
As the E-IOSA audits in 2013, all E-IOSA audits before September 2015 were
conducted on a voluntary basis. The operators committed to an E-IOSA with a
commitment letter to IATA. The need was reflected in a Board of Governors target
that was given to IATA.
The 2014 and 2015 Board of Governors targets to conduct voluntary E-IOSA
Audits were achieved as follows:
Figure 9 E-IOSA Commitment Targets

2014

2015

Region

Target

Actual

Target Actual

Americas

12

14

AFI/MENA

4/4

5/4

2/3

5/4

ASPAC

China and North Asia

Europe/CIS

12

21

16

Total

39

50

22

41

4.5 E-IOSA Conformance Rates

The following provides a quantitative review of the history of assessing the CR
during IOSA Registration Renewal Audits (from ISM Ed. 3, in 2010 to ISM Ed. 9
by 15 June 2015).

Since ISM Ed. 3 (effective June 2010) to August, 2015 with ISM Ed.8
(effective June 2014), 814 audits were performed in which the CR was
included as a Recommended Practice.

Page 33 of 40

E-IOSA Board targets

were exceeded in each
project year.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

First major changes to the requirements in ORG 3.4.6 and ORG 3.4.7
were made in ISM Ed. 5, effective September 2012. Further modifications
and additions were made in ISM Editions 6, 7, 8 and 9 in the following
years.
The following can be concluded in relation to Figure 10 below (contains data from
814 registration renewal audits):

Overall conformance rates with the E-IOSA related provisions increased

over the past years.

ORG 3.4.14 (requirement for electronic database for the management of

quality assurance data) was modified in ISM Ed.7 to indicate a future
upgrade to a standard. ISM Ed. 8 further changed the provision by
requiring the CR to be in electronic format.

Average conformance with ORG 3.4.6 (internal audits against ISARPs)

increased from 33% in 2010 to 44% in 2015 (note: all E-IOSA provisions
are still Recommended Practices and will become Standards as of
September 2015).
Figure 10 E-IOSA Conformance Rates

Average Conformance Rate per Year

E-IOSA Conformance Rates

80%
70%

ORG 3.4.6

60%

ORG 3.4.7

50%

ORG 3.4.8

40%

ORG 3.4.13

30%

ORG 3.4.14

20%
10%
0%
2010

2011

3, 4

2012

2013

4, 5, 6
6, 7
Year and ISM Edition

2014

2015

7, 8

Figure 11 below compares the conformance rates between conventional

registration renewal audits and the average conformance rates of operators that
underwent a voluntary E-IOSA Audit in 2014 and before September 2015:

Page 34 of 40

Overall conformance
rates with E-IOSA
provisions increased
over the past years.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

The analysis includes 62 Audits under which the operator committed to

undergo a voluntary E-IOSA and 160 Audits without a commitment.

The majority of operators that committed to undergo a voluntary E-IOSA

were in conformity with the E-IOSA requirements.

In 2014 and 2015, the conformity with E-IOSA requirements was in

average 40% to 50% higher for operators that committed to a voluntary EIOSA than for all other operators.
Figure 11 E-IOSA Conformance Rates Committed vs. Rest

Average Conformance per Audit in %

E-IOSA Conformance Rates Committed

Operators vs. Rest
120%
Commitment
Operators 2014
Commitment
Operators 2015
All Other
Operators 2014
All Other
Operators 2015

100%
80%
60%
40%
20%
0%
ORG 3.4.6 ORG 3.4.7 ORG 3.4.8 ORG 3.4.13 ORG 3.4.14
E-IOSA Recommended Practice

The overall results of the E-IOSA audits conducted until September 2015 show
that many operators and the AOs will need time to adopt the E-IOSA process.
The development of the necessary knowledge and resources requires
commitment, practice and experience.
The above results show that more and more operators are performing internal
assessments against the ISARPs, but still many operators opted to wait until the
E-IOSA provisions will be upgraded to Standards, before they conform to them.

Page 35 of 40

Operators with prior

commitment to E-IOSA
had higher conformity
with E-IOSA
requirements that
operators without prior
commitment.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

5. Conclusions and Recommendations

The following paragraphs summarize the conclusions drawn from the E-IOSA
project and the main recommendations for the IOSA program.
5.1 Audit Organizations and Audit Teams
The Audit Organizations as the front line performers of the IOSA Audits have
been involved in the development of E-IOSA since the very beginning. While
IOSA Auditors undergo their initial IOSA Auditor Training with IATA, recurrent
trainings and educational activities of existing IOSA Auditors are provided by the
AOs.
During the project, it became evident that many IOSA Auditors are not familiar
with the E-IOSA processes and procedures. It has been repeatedly observed that
IOSA Auditors do not follow E-IOSA procedures onsite.
The ORG Auditor as the individual that makes the final assessment of the
Conformance Report and the operators Quality Assurance program, must be
aware of all E-IOSA processes. He or she must have reviewed the CR prior to the
Audit and if the CR was reviewed by the AOs headquarter, he or she must
possess pertinent information related to the CR.
All auditors must review selected provisions in the CR when onsite and provide
feedback to the ORG auditor during the onsite, as per the AOs internal
procedures.
Recommendation 1: The recurrent training provided by AOs must further focus
on E-IOSA and ensure that all IOSA Auditors are aware of the necessary
requirements and procedures. IOSA Auditors must use the Auditor Actions when
assessing all ISARPs, including the E-IOSA provisions.
Recommendation 2: The AOs and IOSA Auditors performance measurement
needs to be complemented with measurements of their adherence to E-IOSA
procedures and the usage of Auditor Actions. Clear escalation and/or corrective
measures need to be defined if defined, objective and clear performance criteria
are not met.
5.2 IOSA and the Operators
It became apparent very early that a direct interaction between the IOSA Program
and the operators is inevitable. With E-IOSA, IATA introduces an element in the
IOSA Program that requires a direct interface between the program and its main
stakeholders.
The E-IOSA workshops provided a great benefit for both the operators, enabling
them to ask questions and to improve their understanding of the IOSA
Page 36 of 40

AOs and IOSA Auditors

performance
measurement needs to
be complemented with
measurements of their
adherence to E-IOSA
procedures.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

requirements, and IATA, that better understood the concerns, needs and
reactions of the operators.
In all E-IOSA workshops, without exception, operators expressed the need for
direct interaction through further workshops, seminars and trainings provided by
IATA.
Recommendation 3: To improve the operators familiarity with the IOSA
Program, to ensure IATA continues to develop standards that meet the industrys
needs and to establish an overdue dialogue with the program stakeholders
worldwide, a regular conduct of IOSA-related seminars, workshops and sessions
is needed. Seminars and other face-to-face events need to be supported by
established and sound services and infrastructure through which IATA shares the
knowledge that the IOSA Program produces with the operators. This can be
achieved through series of trainings, education programs for airline internal
auditors and other solutions such as electronic platforms.

IATA needs to establish

an overdue dialogue with
the program
stakeholders worldwide
through seminars and
workshops.

To further pursue the vision of improving global safety performance, and to

continue strengthening the operators internal oversight ability, IATA needs to
continue providing support to the operators. E-IOSA serves as an important
milestone on the progress towards the vision.
Recommendation 4: Undoubtedly, the most outstanding and clear request from
the operators was the one for more training in regards to assessing the ISARPs.
Therefore, in addition to general IOSA-related training for airline auditors, IATA
needs to develop discipline-specific training that can be offered to the airline
auditors worldwide. A subject-matter related training program will enhanced
worldwide auditing knowledge and will improve audit results. Such training
portfolio could then also be utilized for future IOSA Auditors.
5.3 E-IOSA Standards and Audit Procedures
Recommendation 5: The audit procedures in relation to the assessment of the
CR as described in IAH Part 1, Chapter 5 need to be further refined and
improved. While the wording of the ISARPs does not need major change and
should remain stable, the procedures for the IOSA Auditors could be further
simplified and improved to increase clarity on the selection of ISARPs from the
CR. IAH Part 1 and IAH-A need to be further aligned.
The procedures must remain simple and practical in order to maintain realistic
application by the IOSA Auditors. Complex and cumbersome procedures will not
be followed by IOSA Auditors and may lead to unrealistic audit results.
When designing audit procedures for IOSA Auditors, but also for airline internal
auditors (through the IOSA standards), the principle of user-friendliness must be
kept. The procedures must not be over-engineered and must not require
Page 37 of 40

Audit procedures in
relation to the
assessment of the
Conformance Report
need to be further refined
as the processes mature.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

cumbersome, unfeasible activities by the IOSA Auditor or airline internal auditor.

After all, the overall objective of E-IOSA must be kept in mind and should remain
the focus operators monitoring the conformance with the ISARPs during their
registration period.
Recommendation 6: IOSA Program Manual 8.2.5 requires an IOSA onsite phase
to be conducted with 25 man-days. It also devotes five man-days for the
preparation and IAR quality control activities. Latest measurements under E-IOSA
show that AOs mostly do not perform any auditing activities on Fridays and rather
devote the day to quality control activities. This scheduling reduces net auditing
time drastically and impacts the auditors ability to adequately assess each ISARP
during the onsite phase. It is recommended to consider mandating auditing until
day five of the onsite phase of an IOSA Audit.
5.4 Data Analysis and Digitalization
With E-IOSA and the opening of the IOSA Audit to airline-internal assessments
strongly necessitates that IOSA undergoes a digital transformation.
Recommendation 7: The IOSA program has been operating since 2003 with
extremely basic data management and analysis capabilities. Major advancements
need to be implemented through a digitalization initiative: Only improved analytics
methodologies and tools will enable the program to evolve. The digitalization
represents the only way to develop standards in a state-of-the-art manner.

Major advancements
need to be implemented
through a digitalization
initiative.

Further digitalization must be undergone in the conduct of the IOSA Audits. Tablet
enabled procedures need to replace laptop based audits and data flows must
allow seamless audit and recording experience. This will free up additional time to
allow the auditors to focus on the implementation.
5.5 Quality Assurance
Under E-IOSA, IATA observed Audits, measured processes and collected
feedback from operators, AOs, regulators and IOSA Auditors. All the input
exposed certain areas in the IOSA program that require additional oversight
focus.
Recommendation 8: The Audit Programs Department provided the checklists
from the E-IOSA observations to the SFO Quality Department for their
incorporation of the checklists in the quality assurance activities. The onsite
observations of IOSA Audit Teams need to measure the Audit Teams adherence
to E-IOSA procedures.
Recommendation 9: Further assurance activities need to be implemented and
strengthened in the areas of monitoring of AOs and individual auditors regarding
E-IOSA. Nonconformities in the oversight need to lead to adequate corrective
Page 38 of 40

IATA SFO Quality

Department needs to
embed the monitoring of
the E-IOSA procedures
in the quality assurance
activities.

IATA Audit Programs

Enhanced IOSA Project Closure Report

1 September 2015

actions and ultimately to an escalation, if corrections are not made in accordance

with program requirements.
5.1 Overall Conclusion
E-IOSA was a successful project that introduced major changes for IOSAregistered operators. Operators, the Audit Organizations as well as IATA have to
adapt to the new requirements. A consistent implementation of the E-IOSA
requirements among the approximately 400 operators on the IOSA registry will
take at least four years.
The long-term aim must remain to follow the vision of being the leader in
operational auditing in an accident-free world. This can only be achieved if IATA
remains able to deliver value through efficient and effective processes and a
state-of-the-art infrastructure. Following initiatives will need to focus on these
aspects. Only then, the standards will be able to be improved further.

Page 39 of 40

Enhanced IOSA Project Closure Report

Date: 04-Sep-2015

End of Report

Page 40 of 40