Professional Documents
Culture Documents
E-IOSA Project Closure Report 2015
E-IOSA Project Closure Report 2015
Date: 04-Sep-2015
Enhanced IOSA
Project Closure Report
1 September 2015
Page 1 of 40
Page 2 of 40
Table of Contents
Foreword ....................................................................................................................................5
1. Introduction .........................................................................................................................6
1.1
Inception .....................................................................................................................6
1.2
Board of Governors Decision .....................................................................................6
1.3
Pre-Project Activities ..................................................................................................6
2. Project Organization ...........................................................................................................7
2.1
Meeting Structure .......................................................................................................8
2.2
Stakeholder Management ..........................................................................................8
2.2.1 Industry ...................................................................................................................9
2.2.2 Audit Organizations ..............................................................................................10
2.2.3 IOC ........................................................................................................................10
2.2.4 OPC ......................................................................................................................10
2.2.5 ICAO .....................................................................................................................10
2.2.6 EASA ....................................................................................................................11
2.2.7 US FAA .................................................................................................................11
2.2.8 ANAC Brazil ..........................................................................................................12
2.2.9 US DoD .................................................................................................................12
2.2.10 ECAC ................................................................................................................12
2.2.11 IATA Regional Offices ......................................................................................13
2.3
Project Resources ....................................................................................................13
2.4
Work Breakdown Structure ......................................................................................14
3. Project Deliverables.........................................................................................................14
3.1
EI 1 Airline Quality Assurance Staff Training ........................................................15
3.1.1 Online Information Sessions.................................................................................15
3.1.2 Dispatch Auditor Training .....................................................................................15
3.1.3 Regional E-IOSA Workshops ...............................................................................16
3.1.3.1 E-IOSA Workshop Feedback............................................................................17
3.2
EI 2 Audit Procedures ...........................................................................................18
3.2.1 Selective Standards Application ...........................................................................19
3.2.2 IOSA Audit Handbook For Airlines .......................................................................19
3.2.2.1 Auditor Actions for Airlines ................................................................................20
3.2.2.2 Repeated and Interlinked ISARPs ....................................................................21
3.2.3 AO Procedures and Guidance (IAH Part 1) .........................................................22
3.2.5 IOSA Auditor Training Updates ............................................................................22
3.2.6 IOSA Auditor Recurrent Training ..........................................................................22
3.2.7 Mandatory Observations ......................................................................................22
3.2.8 E-IOSA Observations ...........................................................................................23
3.2.9 Auditor Webinars ..................................................................................................24
3.3
EI 3 Conformance Report......................................................................................24
3.3.1 Conformance Report Format and Content ...........................................................24
3.3.2 Conformance Report Acceptance Criteria............................................................25
3.4
EI 4 Q5 Systems and Infrastructure ......................................................................26
3.5
EI 5 Partnership for Quality ...................................................................................26
3.6
EI 6 Communication Plan ......................................................................................26
3.6.1 External Communication ......................................................................................26
3.6.2 Internal Communication ........................................................................................27
3.6.3 2012 Survey ..........................................................................................................28
Page 3 of 40
Page 4 of 40
Foreword
Since the implementation of the IOSA in 2003, the original goals of the IOSA program laying a
foundation for improved operational safety and security, eliminating redundant industry audits
have been reached. The IATA members agreed to move the IOSA program to a next level that
will result in a more effective evaluation of operational safety and security practices. The
Enhanced IOSA (E-IOSA) concept was transitioned into the Program and therefore required
continuous input from and coordination with the IOSA registered operators and all other
stakeholders.
The transition plan was rolled out as planned. With 16 E-IOSA Audits performed in 2013 (Board
target: 10 E-IOSA Audits), 50 performed in 2014 (Board target: 39 E-IOSA Audits) and 41
performed in 2015 (Board target: 21 E-IOSA Audits), the Board targets were achieved and
exceeded in each year.
This project closure report summarizes the deliverables, lessons learned and conclusions.
IATA thanks all involved parties including and not limited to all participating IATA member
Airlines, the Enhanced IOSA Implementation Task Force, the Audit Organizations, the IATA
Operations Committee, the IOSA Oversight Council, the ICAO, the EASA, the FAA, the ANAC
and all other stakeholders for their dedication and support, and for striving to continually improve
airline safety performance.
Page 5 of 40
1. Introduction
This project closure report provides an overview over the project tasks and
summarizes the deliverables under E-IOSA.
This report is structured in alignment with the project work breakdown structure
which is in Figure 3 later on.
1.1 Inception
The concept of E-IOSA was initiated in December 2010.
Since then, the concept evolved continuously and important milestones were
reached.
Necessary updates were provided to the industry from the IATA top management
level (Board of Governors, BoG) on a regular basis.
1.2 Board of Governors Decision
During the Annual General Meeting in June 2013, the IATA Board of Governors
mandated the planned E-IOSA process for all IOSA-registered operators as of
September 2015. As of this date, all Registration Renewal Audits are conducted
in accordance with the E-IOSA process:
At the recommendation of IATAs Operations Committee, the Board approved
the final implementation date of September 2015 for all IOSA registered airlines to
conform with the Enhanced IOSA requirements.
1.3 Pre-Project Activities
Before the continuation of the E-IOSA transition plan as a project as described in
the following chapters, IATA performed a series of activities to sharpen the
concept and to determine the boundaries of E-IOSA.
IATA conducted proof-of-concept workshops with volunteering operators with the
aim to gain knowledge about the operators preparation process and potential
challenges during the internal implementation of E-IOSA related activities.
The workshops led into the trial audit phase in which AOs tested E-IOSA on predetermined operators during live IOSA Registration Renewal Audits (see chapter
4).
Page 6 of 40
2. Project Organization
E-IOSA was introduced and implemented as a special project. The Audit
Programs Department established a project organization to maximize
effectiveness of all resources including the involved Task Forces. The Project
Plan depicted the project objectives as the following.
The E-IOSA Project had the objective to transition the current IOSA Program into
the E-IOSA model. Between 2012 and 2015, all necessary processes were
designed. In addition, necessary infrastructure was set up and relevant
communication was accomplished.
The aim was to prepare the IOSA Program, its resources, the operators, the Audit
Organizations, Endorsed Training Organizations and other stakeholders for the
implementation in September 2015.
The project organization supported the successful planning, execution and
closure of the project by ensuring clear assignment of tasks, reasonable
allocation of resources and seamless completion.
The organizational structure is described in the organizational chart below.
Page 7 of 40
E-IOSA Implementation
Task Force transitioned
Enhanced IOSA
Project
Executive Sponsor
SVP, SFO
Project Sponsor
Director, Audit
Programs
EI Implementation TF
Chairman*
Project Manager
Head, IOSA
Assistant
Manager, Registry
Manager, Training
Manager, Audit
Standards
Senior Program
Advisor
Project
Office
External Resources
Internal Resources
EI Implementation
Task Force*
Vendors and
consultants
* The E-IOSA Implementation TF was disbanded after its mandate and was transitioned into the IOSA
ORG Task Force under the IOSA Oversight Council (IOC).
Page 8 of 40
Enhanced IOSA was supported and monitored by external, internal, industry and
regulatory stakeholders.
Figure 2 IOSA Stakeholder Map
2.2.1
Industry
The IATA member airlines and all other IOSA registered operators are the most
important customers to be affected by the changes under E-IOSA. IATA
exercised steady consultation within and outside of the Task Forces to ensure the
industrys perspective is reflected when developing E-IOSA. Processes and
requirements were designed to ensure the industrys needs are met.
Page 9 of 40
2.2.2
Audit Organizations
The accredited Audit Organizations perform the audit work in the field and
therefore carry vital importance in the current IOSA Program set-up. With their
feedback on the E-IOSA processes, the AOs as well as the individual IOSA
Auditors contributed to the development of E-IOSA.
The AOs will have the responsibility to ensure consistent application of E-IOSA
protocols in future registration renewal audits by ensuring appropriate training of
IOSA Auditors.
2.2.3
BOG
The IATA Board of Governors prioritized the E-IOSA initiative and monitored it.
The E-IOSA was mandated through the following decision in 2013:
At the recommendation of IATAs Operations Committee, the Board approved
the final implementation date of September 2015 for all IOSA registered airlines to
conform with the Enhanced IOSA requirements.
Without the right vision and prioritization of the BOG, the E-IOSA project would
not have gained the traction that led to a successful implementation.
2.2.4
IOC
The IOSA Oversight Council (IOC) as the governing body of the IOSA Program
was regularly updated on and actively contributed to the E-IOSA project. During
the years 2013 and 2014, a majority of the IOC members were also part of the EIOSA Implementation Task Force which facilitated the IOCs understanding of,
and commitment to the E-IOSA.
2.2.5
OPC
The Operations Committee (OPC) as the Safety and Flight Operations Industry
Committee and advisor of the BoG, received regular updates on the E-IOSA
project.
At OPC 25 the members noted that this change to IOSA was a big and positive
step, and that it was important to keep in mind the safety benefit at a time when
its becoming harder and harder to gain global safety performance improvement.
2.2.6
ICAO
The ICAO has been a supporter of the IOSA Program since its beginning. The
38th ICAO Assembly was another milestone in the history of IOSA. The Assembly
recognized the global safety benefits of the IOSA Program and its elements that
Page 10 of 40
are being introduced with E-IOSA. The Technical Commission expressed its
support for the IOSA program and recommended that ICAO continue its support
of IOSA and the additional elements under Enhanced IOSA as a complementary
source of information for State safety oversight activities (see Report of the
Technical Commission on the General Section of its Report and on Agenda Items
26, 27, 28 and 29).
2.2.7
EASA
The EASA, as a regular observer to the IOC, has been witnessing the
development of the E-IOSA project since the early stages.
During these, IATA had the opportunity to visit the EASA as well as the European
Commission and to present the IOSA program and the E-IOSA concept, which
were well received. In the spirit of an open and continuously interactive
relationship with the main stakeholders, the EASA was invited to observe an EIOSA Trial Audit.
The summary provided by the EASA observer states:
With the introduction of the Enhanced IOSA concept, IATA has taken a
systemic approach to effectively overcome weaknesses identified in the IOSA
programme to make it a more powerful tool.
The shift of focus towards the implementation of ISARPs, the continuous
involvement of the operator in the IOSA process and the standardisation of IOSA
auditors are considered by EASA to be an appropriate answer to the past
criticism of IOSA being largely paper-oriented...
2.2.8
US FAA
IOSA program officials met with the FAA twice a year during the IOC meetings
(the FAA is a regular observer to the IOC). Yearly individual meetings are held to
keep the FAA abreast of the developments under the IOSA Program.
The FAA described Enhanced IOSA as a revealing process and the right way
to go.
Also the FAA accepted IATAs invitation to observe a Trial Audit in 2011 in order
to familiarize with the concept and gain confidence in the process.
The meetings and the onsite observation were followed by several official position
papers in which the FAA proactively contributed to the shaping of the IOSA
requirements.
The FAA continues to remain an important and supportive stakeholder in the
IOSA Program.
Page 11 of 40
2.2.9
ANAC Brazil
ANAC Brazil is one of the largest aviation markets in which the IOSA Program is
effectively used by the regulator to complement national civil aviation oversight. In
the light of this, the IOSA Program representatives visited the ANAC in 2014 to
present the IOSA Program functionalities. The ANAC Brazil attended the biannual IOC meetings to stay abreast of the developments in the IOSA Program.
2.2.10
US DoD
IATA also had the chance to present the Enhanced IOSA concept to other high
level representatives in 2012, which was well received. During the IOC 18 the
DoD expressed their continued impression with the IOSA program and its
development. The DoD utilizes IOSA results for the oversight of codeshare
operations, to select operators for the transport of DoD personnel on scheduled
flights and to select operators in emergency cases, e.g. humanitarian relief.
The authority expressed its support for the Enhanced IOSA, as putting the stress
on implementation is the right way to go.
2.2.11
ECAC
In July 2012, IATA and the European Civil Aviation Conference (ECAC)
concluded a Memorandum of Understanding (MOU) for the cooperation in the
fields of safety and security. As part of the annex on aviation safety, IATA
delivered four workshops to the ECAC presenting IOSA and ISAGO.
In 2013 and 2014, four workshops were delivered in Kiev, Warsaw, Helsinki and
Paris. In total 64 individuals participated, 43 from different European Civil Aviation
Authorities attended.
The workshops led to positive feedback from the participants who indicated that
they clearly see a benefit in the IOSA Program and would like to utilize it to
complement their national oversight activities:
Five possible answers could be given, from strongly disagree to strongly agree.
Page 12 of 40
with the necessary framework, they would consider IOSA results when
conducting oversight on the relevant air carriers in their country;
they would ask for an IOSA Audit Report of an air carrier of interest.
2.2.12
The IATA Regional Offices assumed the pivotal role of engaging operators to
undergo the voluntary E-IOSA audits, with the commitment of the IATA Regional
Offices the IATA Board targets were exceeded each year.
The IATA representatives in the Regional Offices provided continuous feedback
to the IOSA Program and played a very important part in acting as the interface
between the project office and the operators. Furthermore, logistical support was
provided during the E-IOSA workshops that were conducted in all regions.
2.3 Project Resources
The project resources varied throughout the project duration. The positions of the
Managers, Audit Standards, the Audit Training Manager as well as the Assistant
Director, IOSA were initially vacant. The remaining Audit Programs staff
temporarily assumed responsibility for all tasks and deliverables, which were then
re-allocated when the positions were re-filled.
The Project Sponsor (SVP, Safety and Flight Operations) changed twice during
the project duration.
The project resources were impacted by resource fluctuations, organizational
changes, additional projects that required execution and financial re-prioritization
tasks which were performed.
The project was delivered in accordance with the budget and the projected project
time lines and the E-IOSA Transition Plan.
Page 13 of 40
97% of surveyed
regulatory
representatives in
Europe: Regulators
should make more use of
programs like IOSA..
Airline QA Staff
Training
EI 1
Online Information
Sessions
EI 1.1
EI Audit
Procedures
EI 2
Conformance
Report
EI 3
Selective
Standards
Application
EI 2.1
Dispatch Auditor
Training
EI 1.2
Develop SSA
Criteria
EI 2.1.1
Conduct Regional
EI Workshops
EI 1.3
Develop SSA
Process based on
SSA Criteria
EI 2.1.2
Conformance
Report Format and
Contents
EI 3.1
Conformance
Report
Acceptance
Criteria
EI 3.2
Q5 Systems and
Infrastructure
EI 4
CR Data Flow
EI 4.1
Partnership for
Quality
EI 5
Communication
Plan
EI 6
Develop
Workshop/Toolkit
Design
EI 5.1
Update to
Registered Airlines
EI 6.1
Conduct
Workshops/t
EI 5.2
Press Releases
EI 6.2
Q5 Data
Management
EI 4.2
Other Items
EI 7
Use of External
Resources for
Assurance
Activities
EI 7.1
Language Barriers
EI 7.2
DGs Weekly
Message
EI 6.3
Linked-in Group
EI 6.4
Airline Procedures
and Guidance
EI 2.2
Internal Audit
Procedures and
Guidance
EI 2.2.1
CR Submission
Deadline
EI 7.3
CR Results into
IAR
EI 7.4
CR Release to 3rd
Parties
EI 7.5
ISM Applicability
EI 7.6
Repeated and
Interlinked ISARPs
EI 2.2.3
Information
Sources
EI 7.7
Principles of
Auditing ORG
EI 2.2.4
Audit Agreements
EI 7.8
AO Procedures
and Guidance
EI 2.3
IATA QC
EI 7.9
Conformance
Report Procedures
EI 2.3.1
Document
Reference
Changes
EI 7.10
Repeated and
Interlinked ISARPs
in IAR
EI 2.3.3
Auditing ORG
EI 7.11
EI Update on IAT
EI 2.5
Upgrade QA
Recommended
Practices
EI 7.12
IOSA Auditor
Recurrent Update
on
EI 2.6
Complete Auditor
Actions
EI 7.13
Mandatory
Observations
EI 2.7
New
E-IOSA
Observations
EI 2.8
Cross-Reference
Lists
EI 7.14
Completed
High Priority
Auditor Webinars
EI 2.9
Medium Priority
3. Project Deliverables
This chapter provides a summary on each of the seven main deliverables of the
project (see work breakdown structure in Figure 3). The updates are provided
Page 14 of 40
The Operational Control and Flight Dispatch (DSP) section of the IOSA Standards
Manual (ISM) Edition 7 underwent significant additions and modifications as a
result of the publication of the ICAO Annex 6, Amendment 36.
Given the scope of the changes to the ICAO Annex 6, it became apparent that the
Dispatch section would require a significant re-write. Additionally, the FLT section
would be impacted but to a lesser extent than the DSP section. The ISM revision
had to respect the current structure and allow for a phased implementation of
the many new requirements.
To achieve a consistent understanding and standardized application of the
revised DSP standards, IATA developed a web-based training for IOSA Auditors
of the DSP Section. The first training was provided in August 2013 to a group of
Page 15 of 40
around 30 approved DSP Auditors. The second training was delivered in October
and reached 47 approved DSP auditors.
3.1.3
As part of the support elements provided to the operators, IATA performed ten
regional workshops for airlines to familiarize those with the principles of the EIOSA.
IATA conducted a workshop in each region: Asia Pacific, Africa, North America
and the Caribbean, Latin America, China and North Asia, Middle East and North
Africa, Russia and CIS, as well as Europe. Although eight workshops were
planned in the project, due to high demand, two additional workshops were
provided (in Montreal and in Istanbul during the 2015 IATA Ground Handling
Conference, IGHC).
The workshops took place in the following locations and sequence:
Figure 4 E-IOSA Workshop Schedule
Location
Date
Comments
Beijing
October 2013
Hosted by IATA
Bucharest
Montreal
November 2013
December 2013
Sponsored by TAROM
Hosted by IATA
Johannesburg
February 2014
Dubai
April 2014
Singapore
April 2014
Moscow
April 2014
Hosted by IATA
Bogota
May 2014
Montreal
October 2014
Hosted by IATA
Istanbul
April 2015
All workshops were well attended by over 500 individuals from over 200
operators.
The two-day workshops covered the following areas:
IATA conducted 10
regional E-IOSA
workshops for registered
operators, addressing
over 500 individuals from
over 200 operators.
E-IOSA Introduction
E-IOSA Process
Interpretation of E-IOSA Provisions
Conformance Report
Auditor Actions
3.1.3.1
The feedback from the operators on the workshops was very positive. The
workshops provided an effective means to exchange information and experience
with and among the operators.
Below is a summary of the quantitative analysis of the feedback gathered during
the workshops.
Figure 5 E-IOSA Workshop Feedback
YES
NO
N/A
394
395
397
376
15
13
48
293
63
246
69
89
316
51
37
332
43
29
337
21
46
179
163
62
General
Enhanced IOSA
8. Is there any Part in the IOSA Procedures and Guidance
Manual for Airlines that is unclear? (If yes, Please explain).
10. Would your organization be willing to undergo a voluntary
E-IOSA Audit?
Page 17 of 40
The results above clearly show that the workshops were of great value to
the operators.
44% of the participants see their organization in need for further support
from IATA to improve their quality assurance programs.
The operators in the different regions have different profiles and face different
challenges in regards to E-IOSA:
In the region of China and North Asia, there is a notable need for training
the auditing personnel in the E-IOSA process and the interpretation of
relevant ISARPs.
Operators from Africa expressed the need for further assistance from
IATA.
3.2 EI 2 Audit Procedures
IATA defined the core audit procedures of E-IOSA in the IOSA Audit Handbook
(IAH). These are divided into the IAH Part 1 for the Audit Organizations (AOs), the
IAH for Airlines (IAH-A) and the revised mandatory observations performed by the
Audit Organizations.
Figure 6 IOSA Audit Handbook
Page 18 of 40
Numerous participants
requested further direct
interaction with IATA in
regards to IOSA.
3.2.1
The IOSA Audit Handbook for Airlines (IAH-A) founds the main source of
information for operators. The document was published on the IOSA web page in
August 2013 and is currently in its third Edition.
The document is oriented at the IAH Part 1 (for AOs) in its purpose and layout,
however it addresses airline internal auditors.
For the development of this document, three assigned operators, TAROM, British
Airways and Delta Airlines created a working group under the coordination of
IATA and the E-IOSA Implementation Task Force.
Although the IAH for Airlines is mentioned in the Guidance Material of the ISM
and therefore carries recommending character, majority of the content in the
manual is essential to an adequate assessment of the operational safety against
the IOSA standards.
Page 19 of 40
IOSA Overview
Internal Audit Program Management
Audit Methodology
Conformance Report (CR)
Audit Procedures
The document explains the completion process of the CR in the context of revised
and new provisions in the ORG section, but also outlines IOSA-specific auditing
techniques and procedures.
3.2.2.1
Auditor Actions (AAs) are pre-determined and customized action steps that an
auditor will typically take to gather sufficient evidence to determine conformity or
nonconformity with an IOSA Standard or Recommended Practice (see below
figure).
Auditor Actions were initially developed to enhance the audit focus on
implementation of the ISARPs and to increase standardization among IOSA
Auditors, but have also proven to be valuable to airline-internal auditors.
It was therefore decided to provide the AAs to the operators (available under
www.iata.org/iosa). The ISM Edition 9 contains over 3600 individual AAs, as listed
in the below example of FLT 3.4.4.
The operators can choose to develop and follow their own set of AAs or to use
the AAs published by IATA. The recording of the AAs in the CR will demonstrate
worldwide standardization among internal auditors.
Page 20 of 40
3.2.2.2
The repeated and interlinked ISARPs form an important and central part of the
IOSA auditing methodology. The repeated provisions in the ISM ensure a
consistent implementation of organization-wide systems, programs and
processes. Interlinked provisions ensure that requirements addressing the same
subject matter (e.g. transportation of dangerous goods) are assessed consistently
throughout the checklist.
Repeated and interlinked ISARPs also form part of the assessment of an
operators SMS. All ISARPs with a [SMS] designator are assessed following the
hard-linked and other relevant auditing methodologies.
Page 21 of 40
The interlinked and repeated provisions which form the third part of the IOSA
Audit Handbook for Airlines (IAH-A) have been made available online for the use
by operators during their internal audits.
The principles and methodologies of assessing repeated and interlinked ISARPs,
as well as hard-linked SMS provisions during the internal assessments were
incorporated into the IAH-A.
3.2.3
The procedures and guidance for Audit Organizations (AOs) outline all E-IOSA
related processes to the IOSA Auditors and describe the AOs role in the E-IOSA.
The document was released to the Audit Organizations in June 2013 and was
consequently embedded within the IOSA Audit Handbook Part 1.
3.2.5
The IOSA Auditor Training (IAT) as the sole program to qualify as IOSA Auditor
was modified to include the E-IOSA specifications. Continuous improvements
were developed as the program evolved.
E-IOSA elements were introduced in the IAT in Jan 2014. The last revision of the
IAT is planned for Sep 2015 when the E-IOSA module will be removed and
replaced with a module aimed at identifying key characteristics of renewal audits
(the term E-IOSA will disappear).
3.2.6
All IOSA Auditors must undergo a recurrent training by the Audit Organizations on
a yearly basis. The E-IOSA module was introduced in the IOSA Auditor recurrent
trainings in 2015. The module has the aim of increasing E-IOSA awareness
amongst all IOSA and to train them in pertinent auditing procedures and
protocols.
3.2.7
Mandatory Observations
Page 22 of 40
Mandatory observations
formed a part of the EIOSA pillar Focus on
Implementation.
The mandatory observations were revised, and for each mandatory observation,
a checklist was developed for the use by IOSA Auditors. Each checklist includes
links with the set of ISARPs that relate to the respective operational activity that is
observed.
The usage of the checklists will allow increased consistency and standardization
in reflecting an observation in the assessment of ISARPs. Additionally, the
observation activities will be further standardized among the IOSA Audits. The
checklists are available on the IOSA website for public use, as well.
Figure 8 Mandatory Observation Checklist (extract)
3.2.8
E-IOSA Observations
In addition to the observations conducted during the E-IOSA Trial Audits in 2011
and 2012 (see chapter 4.1), IATA observed five E-IOSA audits prior to the
effective date of the IOSA Standards Manual (ISM) Edition 9, in 2015.
The observations were performed on five operators that volunteered to undergo
an E-IOSA Audit and took place in North America, China, Europe and Africa,
spanning four different regions, operators and Audit Organizations.
The observations revealed that on one hand operators get increasingly familiar
with the E-IOSA requirements, however the IOSA Auditors still require additional
sensitization. Many IOSA Auditors still come to the audits unprepared and do not
follow the E-IOSA procedures that are described in the IOSA Audit Handbook.
The main conclusions from the observations are described in chapter 5.
Page 23 of 40
3.2.9
Auditor Webinars
The IOSA Auditors play a vital role in the successful conduct of each IOSA Audit
and the new E-IOSA requirements. IATA developed and held webinars
addressing all IOSA Auditors worldwide. The purpose of the webinars was to
familiarize the IOSA Auditors with the Enhanced IOSA concept, processes and
procedures. In addition to the recurrent trainings performed by the AOs, in May
and June 2014, IATA performed the first series of five webinars.
The E-IOSA webinars for the IOSA Auditors represented the first time in the
history of the IOSA program when IATA established a direct communication
channel to the IOSA Auditor community.
To ensure the latest conclusions from the project are conveyed to the IOSA
Auditors firsthand, another series of webinars was held shortly before the ending
of the project in 2015.
The continuous education of the IOSA Auditors is one of the main work items on
further emphasis must be given (see chapter 5).
The webinars provided IOSA Auditors with guidance and information about
relevant E-IOSA provisions, procedures and exercises. The topics included:
The webinars also included exercises and offered the IOSA Auditors the option to
ask questions and to share their experience.
3.3 EI 3 Conformance Report
3.3.1
The Conformance Report (CR) concept was introduced in IOSA with ISM Edition
3 which became effective in June 2010. The CR is a compilation of the
information that is recorded as a result of ongoing, two-yearly airline-internal audit
and evaluation activities against the IOSA Standards and Recommended
Practices.
Page 24 of 40
Although the production of a Conformance Report (CR) has been part of the ISM
since Edition 3 in 2010, the Audit Organizations asked for more specific guidance
on the assessment of the CR.
The E-IOSA Implementation Task Force developed the procedures for the
assessment of the CR. The procedures require the AO to perform a two-step
assessment of the CR: The first step is prior to the onsite Audit when the AO
reviews the CR for completeness (all documents submitted and all information
complete). The actual assessment of the CR is in the second step, which is made
onsite:
With the information from the previously conducted completeness review, the
ORG Auditor assesses the CR in terms of documentation and implementation.
The ORG Auditor can reflect qualitative discrepancies in the CR in any quality
assurance related ISARP (e.g. poor audit planning, lack of auditor training, etc.).
This allows the operator to be in conformance with the CR requirements although
deficiencies were detected in other areas of the operators Quality Assurance
Page 25 of 40
A Conformance Report
template is made
available at
www.iata.org/iosa.
External Communication
Page 26 of 40
Internal Communication
The following internal communication activities were performed during the E-IOSA
project.
Page 27 of 40
3.6.3
2012 Survey
The sample was put together based on the following criteria: IATA Board
surveyed profiles.
senior contacts.
(87%). Enhanced IOSA was the project with the highest demand and level
amongst industry
stakeholders.
3.6.4
In 2013, IATA performed a global market research in the industry. The research
spanned over 2100 companies including airlines, airports, civil aviation
authorities, IATA staff, governments and regulators, industry associations, media,
IATA strategic partners, travel agencies and others.
Enhanced IOSA was seen as one of IATAs activities/services with the highest
awareness rates amongst the stakeholders. In the same research, E-IOSA was
the most valued IATA activity/service among all listed items.
3.7 EI 7 Other Items
In this section, all miscellaneous deliverables are recorded that did not belong to
any of the previously mentioned deliverables in the work breakdown structure. All
14 tasks have been completed as listed below. The diversity of the various
deliverables required different actions, such as development of necessary
guidance and procedures for operators and/or AOs; modifications and clarification
of ISARPs; development of cross-reference lists, review of quality control
procedures, etc. At times, the Task Forces only needed action was to take a
policy decision on a specific item - for example, if the CR can be shared with third
parties, or not.
Page 28 of 40
The requirement under E-IOSA to audit the ISARPs internally during the
operators IOSA registration period correspond with many operators internal audit
criteria or regulatory requirements.
To enable operators in using synergies between the audits against the ISARPs
and other safety requirements, IATA developed regulatory cross-reference list
and made them available online.
The cross-reference lists reference each individual IOSA Standard or
Recommended Practice to a corresponding provision in the following suite of
regulatory requirements (extract):
Page 29 of 40
Audit planning
Audit preparation
Audit resource allocation (auditors and time)
Technical aspects of the audit conduct
The Operator
Page 30 of 40
Proof-of concept
workshops performed
with two operators in
2011/12.
The participating airlines differed in their business models, organizational size and
structure, their operational scope and profile, as well as their cultural and
operational environment which supported the testing under realistic
circumstances.
The Audits were conducted to simulate the E-IOSA elements, however the Trial
Audits were official IOSA Audits in which the E-IOSA elements were tested in
parallel. The Trial Audits had no influence on the actual Audit results.
The volunteering operators performed internal auditing against at least a subset
of Standards from pre-selected disciplines. The scope of the disciplines audited
for the E-IOSA Trial Audits varied, dependent on the available time and choice of
the operator. The Conformance Report was then submitted together with a
registration form of auditors who have been utilized to conduct the internal audit
and a declaration of internal audit completion. During the actual IOSA Audit the
AO used the CR to validate the operators assessments for a certain amount of
pre-selected ISARPs. Selective Standards Application was not used during the
Trial Audits.
The detailed results and conclusions from the Trial Audits were recorded and
reported in the Trial Audit Summary Report, dated August 2012.
4.3 E-IOSA Audits in 2013
Part of the 2013 Industry Priorities was to conduct at least ten Enhanced IOSA
Audits. In 2013, in total 16 E-IOSA Audits were performed and the Board target
was exceeded by 6 Audits.
The Audits revealed the learning curve that will improve the operators auditing
activities against the IOSA Standards and Recommended Practices (ISARPs). As
already shown in the Trial Audits conducted in 2011 and 2012, the capabilities,
resources and skills for internally assessing the IOSA provisions varied from
operator to operator. Consequently, the quality of the internal audits under EIOSA in 2013 varied, as well.
Page 31 of 40
2013, 16 operators
underwent a voluntary EIOSA Audit against a
Board target of minimum
10 voluntary audits.
Some of the operators already assessed the ISARPs internally in the past. The
Conformance Reports (CR) of these operators indicated familiarity with the
ISARPs. On the other hand, in some cases, the Conformance Report was not
received on time, assessments were missing or were completed rudimentarily.
The first official E-IOSA Audits confirmed the observations from previous Trial
Audits that many operators will have to make significant efforts to improve their
internal oversight functions, whereas other operators already have the capability
in this matter.
The feedback from the IOSA Auditors was collected for E-IOSA Audits performed
in 2013. The dataset consists of 67 feedback forms from 16 E-IOSA Audits
conducted. The below is a summary of the trends which were observed by the
IOSA Auditors.
Was the CR completed in a clearly understandable way?
67% answered with yes.
Were the documentary references in the CR accurate?
62% answered with no.
Were the descriptions of evidence of implementation in the CR sufficient?
57% answered with no.
Although the above questions are rather broad, the indication was clear. With 16
E-IOSA Audits, the feedback was in alignment with the results from the Trial
Audits. The majority of the operators can produce an accurate CR. However, a
clear majority of the operators are not able to indicate the evidence of
documentation or implementation in a satisfying manner (feedback from the Trial
Audits confirming this was at 86% of the responses). This emphasizes the need
for familiarizing airline auditors with techniques to assess implementation.
Simultaneously, the observations show that other auditing principles in IOSA have
been adapted by the airline-internal auditors:
Did the auditors understand the IOSA principle of assessing documentation
and implementation separately?
79% answered with yes.
Did the auditors understand how to assess that the monitoring of outsourced
functions was effective?
76% answered with yes.
Page 32 of 40
Did you review the CR in your team briefing prior to the Audit?
29% answered with no.
4.4 E-IOSA Audits in 2014/2015
Continuing to facilitate familiarization with the processes and to enforce the
implementation of the concept, as many operators as possible were urged to
undergo E-IOSA Audits before the mandatory date in September 2015.
As the E-IOSA audits in 2013, all E-IOSA audits before September 2015 were
conducted on a voluntary basis. The operators committed to an E-IOSA with a
commitment letter to IATA. The need was reflected in a Board of Governors target
that was given to IATA.
The 2014 and 2015 Board of Governors targets to conduct voluntary E-IOSA
Audits were achieved as follows:
Figure 9 E-IOSA Commitment Targets
2014
2015
Region
Target
Actual
Target Actual
Americas
12
14
AFI/MENA
4/4
5/4
2/3
5/4
ASPAC
Europe/CIS
12
21
16
Total
39
50
22
41
Since ISM Ed. 3 (effective June 2010) to August, 2015 with ISM Ed.8
(effective June 2014), 814 audits were performed in which the CR was
included as a Recommended Practice.
Page 33 of 40
First major changes to the requirements in ORG 3.4.6 and ORG 3.4.7
were made in ISM Ed. 5, effective September 2012. Further modifications
and additions were made in ISM Editions 6, 7, 8 and 9 in the following
years.
The following can be concluded in relation to Figure 10 below (contains data from
814 registration renewal audits):
ORG 3.4.6
60%
ORG 3.4.7
50%
ORG 3.4.8
40%
ORG 3.4.13
30%
ORG 3.4.14
20%
10%
0%
2010
2011
3, 4
2012
2013
4, 5, 6
6, 7
Year and ISM Edition
2014
2015
7, 8
Page 34 of 40
Overall conformance
rates with E-IOSA
provisions increased
over the past years.
100%
80%
60%
40%
20%
0%
ORG 3.4.6 ORG 3.4.7 ORG 3.4.8 ORG 3.4.13 ORG 3.4.14
E-IOSA Recommended Practice
The overall results of the E-IOSA audits conducted until September 2015 show
that many operators and the AOs will need time to adopt the E-IOSA process.
The development of the necessary knowledge and resources requires
commitment, practice and experience.
The above results show that more and more operators are performing internal
assessments against the ISARPs, but still many operators opted to wait until the
E-IOSA provisions will be upgraded to Standards, before they conform to them.
Page 35 of 40
requirements, and IATA, that better understood the concerns, needs and
reactions of the operators.
In all E-IOSA workshops, without exception, operators expressed the need for
direct interaction through further workshops, seminars and trainings provided by
IATA.
Recommendation 3: To improve the operators familiarity with the IOSA
Program, to ensure IATA continues to develop standards that meet the industrys
needs and to establish an overdue dialogue with the program stakeholders
worldwide, a regular conduct of IOSA-related seminars, workshops and sessions
is needed. Seminars and other face-to-face events need to be supported by
established and sound services and infrastructure through which IATA shares the
knowledge that the IOSA Program produces with the operators. This can be
achieved through series of trainings, education programs for airline internal
auditors and other solutions such as electronic platforms.
Audit procedures in
relation to the
assessment of the
Conformance Report
need to be further refined
as the processes mature.
Major advancements
need to be implemented
through a digitalization
initiative.
Further digitalization must be undergone in the conduct of the IOSA Audits. Tablet
enabled procedures need to replace laptop based audits and data flows must
allow seamless audit and recording experience. This will free up additional time to
allow the auditors to focus on the implementation.
5.5 Quality Assurance
Under E-IOSA, IATA observed Audits, measured processes and collected
feedback from operators, AOs, regulators and IOSA Auditors. All the input
exposed certain areas in the IOSA program that require additional oversight
focus.
Recommendation 8: The Audit Programs Department provided the checklists
from the E-IOSA observations to the SFO Quality Department for their
incorporation of the checklists in the quality assurance activities. The onsite
observations of IOSA Audit Teams need to measure the Audit Teams adherence
to E-IOSA procedures.
Recommendation 9: Further assurance activities need to be implemented and
strengthened in the areas of monitoring of AOs and individual auditors regarding
E-IOSA. Nonconformities in the oversight need to lead to adequate corrective
Page 38 of 40
Page 39 of 40
End of Report
Page 40 of 40