Documente Academic
Documente Profesional
Documente Cultură
Be
aware that the IOSA Programme Manual will change over time,
and it behooves each operator to ensure the availability of the
most current version of the IPM when preparing for an audit.
For important information regarding the revision status of the
IPM, contact any IOSA Audit Organisation or the IOSA
Programme Office at +01.514.874.0202 x3246."
OPERATIONAL SAFETY AUDIT
Programme Manual
Foreword ........................................................................................................................................................v
Applicability ...................................................................................................................................................vii
Introduction....................................................................................................................................................xi
1 Purpose..............................................................................................................................................xi
2 Structure ............................................................................................................................................xi
3 Documentation System....................................................................................................................xi
4 Authority ............................................................................................................................................xi
5 Revision .............................................................................................................................................xi
Definitions ......................................................................................................................................................xiii
Figure 7.1: Steps in the IOSA Audit Sharing Process .................................................................... 7-2
iv October 2003
FOREWORD
The IATA Operational Safety Audit (IOSA) Programme is an internationally recognized and accepted
evaluation system designed to assess the operational management and control systems of an Operator. IOSA
is based on industry-proven quality audit principles, and is designed to ensure that each audit is conducted in
a standardized manner to achieve consistent results.
Standards contained in this manual were initially developed during the years 2002-2003 by task forces as part
of the IOSA developmental project. When establishing the membership of the IOSA task forces, IATA selected
industry safety and quality experts from organizations around the world, including airlines, regulatory agencies,
and various other entities possessing operational audit expertise. Special care was taken to ensure equal
participation from all areas of the world such that no single region, alliance or organization would predominate.
IATA will continue to update IOSA Programme standards based on practical experience and the latest
consensus in operational quality management principles.
October 2003 v
IOSA Programme Manual
vi October 2003
APPLICABILITY
The IOSA Programme Manual (IPM) contains standards that govern all aspects of the IATA Operational
Safety Audit (IOSA) Programme for the purpose of achieving a standardized and consistent audit product.
Standards in this manual are applicable primarily to: (1) accredited audit organizations (AOs) that will conduct
audits under IOSA, (2) operators that will be audited under IOSA and (3) IATA as steward of the IOSA
Programme.
October 2003 ix
IOSA Programme Manual
x October 2003
INTRODUCTION
Purpose
The IOSA Programme Manual (IPM) is published in order to make the complete body of standards that
govern all aspects of the IOSA Programme available in a single source. Standards in the IPM provide the
basis for programme standardization, which ensures that each audit is conducted in a consistent manner.
Audits under IOSA will only be conducted by audit organizations (AOs) that have been accredited by IATA.
To successfully complete the accreditation process, an AO shall be required to structure its organization,
management systems and operational processes, including administration of its audit and auditor
programmes to conform with standards in this manual.
Additionally, standards contained in the IPM shall be the basis for the system used by IATA in providing
quality oversight and management of the IOSA Programme.
Structure
The sections in the IPM are organized as follows:
• Section 1, AO Accreditation
• Section 2, IOSA Registration
• Section 3, Auditor Qualification
• Section 4, Auditor Training
• Section 5, Audit Programme
• Section 6, Data Management
• Section 7, Audit Sharing
• Section 8, IATA Programme Administration
• Section 9, Dispute Resolution
• Section 10, Endorsed Training Organization
Documentation System
The IPM is used in association with the following related manuals:
• IOSA Standards Manual (ISM); and
• IOSA Auditor Handbook (IAH).
Taken together, the IPM, ISM, and IAH make up the IOSA documentation system.
Authority
The IOSA Programme operates under the authority of the Board of Governors of IATA.
Revision
Revisions to this manual are the responsibility of IATA.
Symbol
The symbol found throughout this manual is meant for the internal process of tracking changes.
October 2003 xi
IOSA Programme Manual
The terminology used in the IPM is consistent with that in the other manuals that comprise the IOSA
documentation system. The following list defines terms as they are used in the context of the IOSA Programme
and in IOSA Programme documents. Words or terms in bold type have their own definition herein.
Audit: The structured and objective assessment used to determine the level of conformity with ISARPs.
Audit Closure: An IOSA administrative action performed by the AO at the point in the audit process when all
Findings have been closed by the Auditee and verified by the AO.
Audit Objective: The determination of the level of fulfilment of ISARPs for the purpose of IOSA Registration.
Audit Organization (AO): An entity that has been accredited by IATA as a provider of auditing services under
IOSA.
Audit Plan: The documented requirements for a successful implementation of an Audit.
audit process: The entire course of proceedings and activities associated with an audit.
Audit Programme: The documented management, organization, strategy, policies, and procedures used by an
AO for providing audit services under IOSA.
audit results: The final determination of the outcome of an Audit based on the success of the Auditee to close
Findings in a manner acceptable to the AO.
audit scope: The operational disciplines and/or operational areas that are assessed during the conduct of an
audit.
Audit Sharing: The process under IOSA whereby an Interested Party utilizes the Audit of an Operator
conducted by a third party to satisfy its own need for an Audit of that same Operator.
Audit Team: A group of IOSA Auditors that coordinates and works together to conduct an Audit.
Auditee: The Operator that is audited under IOSA.
Auditor: An individual who has satisfied defined acceptance prerequisites, and who has successfully qualified
under the IOSA Programme to conduct Audits.
best practice: A strategy, process, approach, method, tool or technique that is generally recognised as being
effective in helping an operator to achieve operational objectives.
Closing Meeting: The formal meeting at the conclusion of the on-site phase of an Audit that permits the Audit
Team to discuss with the Auditee information relative to Findings and Observations, the Corrective Action
Plan (CAP)and other subjects relevant to the Audit Process.
conformity: Fulfilment of specifications contained in ISARPs as determined by an Audit in terms of having
been documented and/or implemented by the Operator.
corrective action: The action(s) taken by the Auditee to address and eliminate recurrence of non-conformity
to an IOSA Standard.
Corrective Action Plan (CAP): The total plan of an Auditee to close all Findings through implementation of
comprehensive and permanent corrective action.
Corrective Action Record (CAR): A document that identifies the need for Corrective Action based on a
Finding, and provides a history of implementation and verification of the Corrective Action.
documented: The state of a specification as being published and accurately represented in an operational
manual, handbook or other official company medium.
Endorsed Training Organization (ETO): A company or other entity that has been accredited by IATA as a
provider of training services under IOSA.
Evaluator: An experienced Lead Auditor who has demonstrated requisite qualities, and has been designated
by the AO to assess Audit activities and Auditor performance.
evidence: Data or information discovered during an Audit that is analysed by the Auditor to determine
fulfilment of ISARPs.
Family Member: A parent, sibling, child, spouse, grandparent, or grandchild.
Finding: The documented statement based on factual evidence that indicates an Operator is not in conformity
with an IOSA Standard.
Group Company: Any Subsidiary or Holding Company of an AO, or any Subsidiary of any such Holding
Company. For the purposes of IOSA documents, Holding Company shall include the controlling company of the
group in which the AO is part, and subsidiary shall include any company in or over which the AO or such Holding
Company has a direct or indirect controlling interest.
IATA: An abbreviation and acronym for the International Air Transport Association.
implemented: The state of a specification as being activated, integrated, incorporated, deployed, installed, or
made available as part of the operational system, and monitored and evaluated as necessary for continued
effectiveness.
interim corrective action: Action that provides satisfactory resolution of non-conformity on a temporary basis
until comprehensive and permanent corrective action in accordance with the accepted CAP can be fully
implemented by the Auditee.
Interim IOSA Audit Report (IIAR): The official report of Findings and Observations that is presented to the
Auditee after completion of the on-site phase of the Audit.
Interested Party: An organization that has a direct interest in or is sharing the current Audit of an IOSA
Operator, and has been provided official access to the IOSA Audit Report (IAR) through the IOSA system.
IOSA: An abbreviation and acronym for IATA Operational Safety Audit, which is an internationally recognized
evaluation system designed to assess the operational management and control systems of an Operator.
IOSA Accreditation: The formal and official recognition by IATA of an organization to perform a specified
function or service in accordance with an applicable legal agreement and the IOSA Programme Manual (IPM)
IOSA Accreditation Agreement: The agreement between IATA and the AO that specifies the provisions and
conditions applicable to the accreditation of the AO.
IOSA Audit Agreement: The agreement among IATA, the AO and the Auditee that specifies the provisions
and conditions applicable to the conduct of an Audit.
IOSA Audit Feedback Programme: A programme that provides a means for the Auditee to provide critique on
the conduct of an Audit.
IOSA Audit Report (IAR): The document that is the official record of an Audit, and that contains information
regarding the conduct and results of the Audit, including closure of all Findings.
IOSA Auditor: An Auditor that has satisfied IOSA qualification and competence standards, and has been
formally approved to conduct audits under IOSA in at least one operational discipline.
IOSA Auditor Handbook (IAH): The published document that contains audit guidance, checklists, and other
information intended specifically for use by the IOSA Auditor.
IOSA Auditor Personal Data File: An IOSA document that provides a record of personal data, background and
qualifications of an IOSA Auditor.
IOSA Checklist: The document used by an IOSA Auditor when conducting an Audit to document factual
evidence.
IOSA Database: The IATA repository of IOSA Audit Reports (IARs) for the purpose of retaining, accessing,
reviewing, and analysing the audit data.
IOSA Guidance Material (GM): Interpretive or explanatory text in Part Two of the IOSA Standards Manual
(ISM) that serves to clarify the meaning and intent of standards and recommended practices. Guidance Material
may also specify examples or acceptable alternate means of achieving conformity.
IOSA Auditor Training (IAT): An element of the qualification process for the IOSA Auditor designed to
familiarize an experienced aviation operational auditor with the most important aspects of IOSA.
IOSA Operator: An airline or other organization that engages in all or some of the airline operational disciplines
under the scope of IOSA and has met the requirements for IOSA Registration. The organization will be listed on
the IOSA Registry consistent with the type of business in which it is engaged (e.g. IOSA Airline or IOSA MRO).
IOSA Oversight Committee (IOC): The body within the IATA governance structure that ensures adequate
oversight and influence upon the entire IOSA Programme by IATA members.
IOSA Programme: The total of all aspects of the system that is IOSA.
IOSA Programme Management Office (PMO): The group under IATA that manages the day-to-day matters
associated with the IOSA Programme.
IOSA Programme Manual (IPM): The published document that contains the standards upon which the IOSA
Programme is based.
IOSA Recommended Practice: A specified programme, system, policy, process, procedure, plan, set of
measures, facility, component, type of equipment, or any other aspect of operations under the Audit Scope of
IOSA, the fulfilment of which is considered optional, but desirable, by the Operator.
IOSA Registration: The formal method used by IATA to determine the operational suitability of and list a
qualified organization on the IOSA Registry as an IOSA Operator.
IOSA Registry: The official listing of eligible organizations that have achieved and are currently
maintaining a status of IOSA Operator.
IOSA Standard: A specified programme, system, policy, process, procedure, plan, set of measures, facility,
component, type of equipment, or any other aspect of operations under the Audit Scope of IOSA, that is
considered an operational necessity, and with which an Operator will be expected to be in conformity at the
conclusion of the Audit.
IOSA Standardization Conference: An annual conference organized by IATA and attended by AOs and other
invited parties for the purpose of standardizing the IOSA Programme.
IOSA Standards Manual (ISM): The published document that contains the ISARPs, IGM, and other supporting
information.
IOSA System: All of the elements of the IOSA Programme working together to produce desired results.
IOSA Training Agreement: The agreement between IATA and an ETO that specifies the provisions and
conditions applicable to the accreditation of the ETO.
October 2003 xv
IOSA Programme Manual
ISARPs: An abbreviation and acronym for IOSA Standards and Recommended Practices, which are contained
in Part One of the IOSA Standards Manual (ISM).
Lead Auditor: An experienced Auditor who has acquired the requisite knowledge and skill, demonstrated the
competence, and has successfully qualified and been approved under the IOSA Programme to lead an Audit
Team.
library: An organized system for documentation retention and control.
non-conformity: Non-fulfilment of specifications contained in ISARPs as determined by the Auditor in terms of
having been documented and/or implemented by the Operator.
Observation: The documented statement by the IOSA Auditor based on factual evidence gathered during an
Audit that indicates an Operator has not fulfilled an IOSA Recommended Practice.
Opening Meeting: The meeting at the beginning of the on-site phase of the Audit that permits the Audit Team
to discuss with the Auditee the Audit Plan and other arrangements, activities and information relevant to the
conduct of the Audit.
Operator: An airline or other organization that engages in all or some of the airline operational disciplines under
the audit scope of IOSA.
quality: The degree to which a system consistently meets specified requirements, satisfies stated needs, or
produces desired outcomes.
requirement: A specification in an IOSA Standard that is considered an operational necessity.
safety: A condition in which the risk of harm or damage is limited to an acceptable level.
senior management: The highest level of management within an organization that has the authority and
responsibility for setting policy, demonstrating commitment, meeting requirements, approving resources, setting
objectives, implementing processes and achieving desired outcomes.
AO Accreditation
October 2003 1-1
IOSA Programme Manual
1.1.11 An AO shall be subject to the IATA quality assurance review and monitoring programme on a
continuing basis during a term of accreditation.
1.1.12 A review of accreditation status may be initiated by IATA should an AO, without limitation:
i) experience financial difficulties, significant management turnover, or transfer of
company ownership;
ii) be the subject of sustained industry reports of unprofessional practices or performance
deficiencies;
iii) fail to comply with any applicable laws in any jurisdictions in which the AO conducts
business;
iv) breach the Accreditation Agreement;
v) fail to pay accreditation or other related fees;
vi) experience other circumstances or situations deemed by IATA to be potentially
detrimental to or jeopardise the reputation of IOSA.
1.1.13 Notwithstanding IPM 1.1.12, the Accreditation Agreement made between IATA and an AO
may be terminated, and the accreditation status of the relevant AO thereby lost, in certain
circumstances as set out in the Accreditation Agreement.
1.1.14 Accreditation of an AO shall be terminated should an AO cease providing aviation audit
services.
1.1.15 The provisions of this IPM are, together with the provisions of the ISM, and unless otherwise
provided, incorporated by reference in the Accreditation Agreement and, in the event of any
inconsistency between the terms of this IPM and the Accreditation Agreement, the Accreditation
Agreement shall prevail to the extent of the inconsistency.
1.1.16 An AO shall also enter into an “Audit Agreement”, such agreement to be made between
IATA, the AO and the relevant candidate organization for IOSA Registration (Auditee). The
provisions of this IPM are, together with the provisions of the ISM, and unless otherwise provided,
incorporated by reference in the Audit Agreement and, in the event of any inconsistency between
the terms of this IPM and the Audit Agreement, the Audit Agreement shall prevail to the extent of
the inconsistency.
AO Accreditation
1-2 October 2003
AO Accreditation
Basic
IAT A reviews Application and
requirem ents
docum entation.
m et?
Yes
IAT A and Candidate discuss and agree
on plan to accom plish accreditation
process.
Yes
No
Accreditation No
Candidate notified.
recom m ended?
Yes
C andidate is accredited as an AO
AO Accreditation
October 2003 1-3
IOSA Programme Manual
AO Accreditation
1-4 October 2003
AO Accreditation
1.4.4 An auditor shall not be allowed to conduct an audit under IOSA of the operations of an
organization for which such auditor is an employee, provides services and/or is on the list of
approved IOSA Auditors.
1.4.5 An auditor on the list of an AO shall not be allowed to participate in the audit of an Operator
for whom he or she has provided consulting services related to operations within the operational
scope of IOSA within the past two years.
1.4.6 An auditor on the list of an AO shall not be allowed to participate in an audit if either or both of
the following circumstances exist:
i) the auditor has direct or indirect financial interest in the audited Operator;
ii) the auditor has family members affiliated with the audited Operator, with such family
members defined as parent, sibling, child, spouse, grandparent, or grandchild.
1.4.7 When there is or might appear to be a conflict of interest for any reason, an AO shall disclose
to and resolve actual or potential conflict with IATA prior to conducting an audit under IOSA.
1.5 General
1.5.1 A candidate for initial accreditation shall, if requested by IATA for the purpose of a personal
interview, make available each auditor who is proposed to conduct audits under the IOSA
Programme at a mutually agreeable time and location.
1.5.2 An AO shall have at least one principal manager attend the IOSA Standardization
Conference, which shall be arranged by IATA and shall normally convene once each calendar year.
Should more than one conference be scheduled in any given year, an AO shall have a principal
representative in attendance for a least one conference during that year.
1.5.3 Prior to the conduct of an audit under IOSA, an AO shall enter into an Audit Agreement with
IATA and the relevant Auditee. The Audit Agreement shall set out the commercial arrangements
and all other terms, conditions and restrictions associated with the relevant Audit.
1.6 Management
1.6.1 An AO shall have a management system that supports effective operations associated with
the IOSA Programme, including:
i) clearly defined lines of managerial authority and responsibilities;
ii) documented administrative and operational policies, processes and procedures;
iii) provision of resources including employees, equipment, and facilities;
iv) managerial control, including oversight and quality assurance.
1.6.2 An AO shall have processes in accordance with applicable provisions in IPM Section 6 for the
management of data derived from audits conducted under IOSA to ensure confidentiality and
security.
1.8 Documentation
1.8.1 An AO shall have a documentation system that contains the published policies, processes,
procedures and other applicable guidance that govern and ensure effective implementation and
control of the managerial, administrative and operational functions associated with the IOSA
Programme.
1.8.2 An AO shall have procedures for revising, updating, maintaining, and distributing manuals
relevant to IOSA in a timely manner.
AO Accreditation
October 2003 1-5
IOSA Programme Manual
1.8.3 An AO shall have a procedure that ensures all auditors and other employees associated with
the IOSA Programme have ready access to the relevant and current versions of company manuals.
1.8.4 An AO shall have a system that ensures all IOSA Auditors are always supplied with and have
at their disposal IOSA documents for use during audits, to include relevant ISARPs, Guidance
Material and IOSA Checklists in accordance with IPM 5.5.4.
AO Accreditation
1-6 October 2003
AO Accreditation
1.12.2 An AO shall have an annual recurrent training programme in accordance with IPM 4.5. On a
bi-annual basis, an AO shall purchase and include in the annual recurrent training curriculum,
mandatory training modules developed and supplied by IATA.
1.12.3 An AO shall have a process for restoring the qualification of an IOSA Auditor who has
become unqualified in accordance with applicable provisions in IPM Section 3.14.
AO Accreditation
October 2003 1-7
INTENTIONALLY LEFT BLANK
AO Accreditation
1-8 October 2003
AO Accreditation
Applicant’s Name
Date Signature
Index of Enclosures
List below all enclosures/attachments, including your Curriculum Vitae/Resume.
No. Description No. Description
1 Curriculum Vitae (CV, Resume) 12
2 13
3 14
4 15
5 16
6 17
7 18
8 19
9 20
10 21
11 22
AO Accreditation
October 2003 1-9
IOSA Programme Manual
1. Personal Data
Personal Data: Family Name:
First Name:
Date of Birth:
Nationality:
Contacts: Telephone 1:
Telephone 2:
Fax:
Cell Phone:
E-Mail 1:
E-Mail 2:
2. Current Employer
Name of Organization:
Location:
Current Position / Since: /
AO Accreditation
1-10 October 2003
AO Accreditation
3. Education
IPM 3.3.3 i) A candidate for IOSA Auditor shall have completed at least secondary
education. Secondary education is typically 12 years of full time schooling
under the national educational system that comes after the primary or
elementary stages, and is completed prior to entrance to a university or
similar educational institution.
Remarks:
Signature:
Name:
Date:
AO Accreditation
October 2003 1-11
IOSA Programme Manual
4. Operational Experience
4.1 Professional aviation qualifications and licenses achieved:
IPM 3.3.4 The following constitute acceptable aviation operational disciplines that satisfy the general operational
experience requirements for an IOSA Auditor.
AO Accreditation
1-12 October 2003
AO Accreditation
i) Auditors who will conduct auditing in the operational discipline of Flight Operations shall meet all
requirements contained in IPM Clauses 3.3.3 (Education) and 3.3.5 (Auditor Certification and
Training) in addition to special experience requirements contained in Table 3.1.
Proof of ability
Tick Qualification From-To Employer
(Enclosure)
i) Auditors who will conduct auditing in the operational discipline of Engineering and Maintenance
shall meet all requirements contained in IPM Clauses 3.3.3 (Education) and 3.3.5 (Auditor
Certification and Training) in addition to special experience requirements contained in
Table 3.2.
Proof of ability
Tick Qualification From-To Employer
(Enclosure)
AO Accreditation
October 2003 1-13
IOSA Programme Manual
IPM 3.3.4 i) A candidate for IOSA Auditor shall have civilian or military work experience of at least
five years in any of the aviation operational disciplines listed in IPM 3.3.4.2, with at least
two full years in a single discipline. Six months of the aviation experience must have
occurred within the 24 months prior to application as a candidate for IOSA Auditor.
Begin with the most recent appointment. Leave the last column empty.
Remarks:
Signature:
Name:
Date:
AO Accreditation
1-14 October 2003
AO Accreditation
c) Effective 1 January 2006, a candidate for IOSA Auditor must satisfy IPM 3.3.5 a);
provision IPM 3.3.5 b) is no longer valid
Registration
Graduation as Training Institute Graduation Date Valid until
Scheme
Please chose!
Please chose!
Please chose!
Please chose!
Please chose!
Remarks:
Signature:
Name:
Date:
AO Accreditation
October 2003 1-15
IOSA Programme Manual
6. Audit Experience
IPM 3.3.6 i) Prerequisite Audit Experience.
A candidate for IOSA Auditor shall furnish to the AO documented and verifiable evidence of having
conducted at least four (4) aviation operational, quality management system or safety audits. Such
audits shall have been conducted in the aviation operational disciplines included in the scope of
IOSA, and at least one of the audits shall have been conducted within the 12 months prior to
application.
Audit 1 Audit 2
Organization Organization
Location Location
Audit Type Internal Audit (1st Party) Audit Type Internal Audit (1st Party)
Audit 3 Audit 4
Organization Organization
Location Location
Audit Type Internal Audit (1st Party) Audit Type Internal Audit (1st Party)
AO Accreditation
1-16 October 2003
AO Accreditation
NOTE: Please label all Attachments as per instructions in text, all attachments should be provided in English.
GENERAL INFORMATION
Operational headquarters:
Street:
City:
State/Prov.:
ZIP-Code:
Country:
Telephone:
Fax:
E-mail :
Website:
AO Accreditation
October 2003 1-17
IOSA Programme Manual
Audited financial results for the past 2 years <ATTACHMENT C> Included?
If no, please explain
Organisational structure (including logistical and administrative support, records management) <ATTACHMENT H>
Included? If no, please explain
AUDITORS
List of proposed IOSA auditors and a completed IOSA Personal Data File and CV for each proposed auditor (reference
IPM Section 3, provisions 3.3 to 3.8).
<ATTACHMENT F>
AO Accreditation
1-18 October 2003
SECTION 2 – IOSA REGISTRATION
2.0 Purpose
2.0.1 The IOSA registration process is the formal method used by IATA to determine the
operational fitness of an organization to be an IOSA Operator, and recognize and record such
accomplishments on the IOSA Registry. This section of the IPM provides the standards for the
IOSA Registration process. (See Figures 2.3 and 2.4.)
IOSA Registration
October 2003 2-1
IOSA Programme Manual
IOSA Registration
2-2 October 2003
IOSA Registration
Registration Period
(24 Months)
IOSA Registration
October 2003 2-3
IOSA Programme Manual
IOSA Registration
2-4 October 2003
IOSA Registration
Yes
IATA assumes
custodianship of IAR;
IAR is entered into
IOSA Database for
IATA establishes registration; name of Audit Sharing
organization is entered on IOSA Registry
IOSA Registration
October 2003 2-5
IOSA Programme Manual
Audit Closure is
declared prior to
expiration?
Yes No
Acceptable No
AO submits the IAR to IATA
interim corrective
within 15 days of Audit Closure
action?
See Figure 2.5 for
consideration of
Yes extenuating
circumstances
No Results in No
dispute?
Organization is
removed from IOSA Dispute Resolution
Registry Yes procedures are
implemented (IPM
Section 9)
IOSA Registration
2-6 October 2003
IOSA Registration
Extenuating
circumstances
No claimed? Yes
Extenuating
circumstances
No verfied? Yes
Results in dispute?
Organization remains on
Registry; Findings shall be closed
within 120 days from expiration of
Yes existing registration
No
Organization is
removed from IOSA
Registry Dispute Resolution
procedures are
implemented
(IPM Section 9)
IOSA Registration
October 2003 2-7
IOSA Programme Manual
IOSA Registration
2-8 October 2003
SECTION 3 - AUDITOR QUALIFICATION
3.0 Purpose
3.0.1 The quality of the IOSA Auditor is a critical factor in ensuring that each audit is conducted in a
standardized and consistent manner. The purpose of this section of the IPM is to provide
qualification standards and guidance to ensure that every IOSA Auditor possesses the requisite
level of competence to achieve overall programme standardization.
Auditor Qualification
October 2003 3-1
IOSA Programme Manual
Auditor Qualification
3-2 October 2003
Auditor Qualification
Auditor Qualification
October 2003 3-3
IOSA Programme Manual
Auditor Qualification
3-4 October 2003
Auditor Qualification
A minimum of five (5) years A minimum of two (2) years A minimum of four (4)
combined experience in performing quality audits in support of airline
support of airline or airline assurance audits in or airline related
related maintenance, support of airline or airline engineering and
engineering or quality related engineering and maintenance functions as
functions. maintenance functions. described under the Quality
Experience column.
All experience described or
above shall have occurred A minimum of two (2) years All audit experience
within the ten (10) years performing quality systems described above shall have
prior to application as an evaluations of airline or occurred within the twenty
IOSA Auditor. airline related maintenance four (24) months prior to
programmes. application as an IOSA
Auditor.
or
Note: Requirements in the A minimum of one (1) of the
Quality Experience column A minimum of two (2) years audits described above
shall be included as part of experience performing shall have been conducted
the combined requirements operational quality audits of within the twelve (12)
in this Airline Experience foreign air carriers in the months prior to application
column. area of engineering and as an IOSA Auditor.
maintenance.
or
A minimum of two (2) years
as an airworthiness
inspector for a national
regulatory authority.
Auditor Qualification
October 2003 3-5
IOSA Programme Manual
Auditor Qualification
3-6 October 2003
Auditor Qualification
3.6.3 IOSA Auditors shall have effective skills in the following areas:
i) speaking, reading and writing English;
ii) writing reports;
iii) communicating;
iv) working with people.
Auditor Qualification
October 2003 3-7
IOSA Programme Manual
3.9.3 A candidate for IOSA Auditor shall successfully accomplish each of the following steps in the
auditor qualification process (see Figure 3.1) in order to attain the status of an approved Auditor:
i) complete the IOSA Auditor Training (IAT) course conducted by an ETO;
ii) observe at least one Audit or portion of an Audit consisting of at least one full day;
iii) conduct at least one Audit, or portion of an Audit, under the supervision of an approved
Auditor;
iv) if required, receive additional training-to-proficiency during the qualification process;
v) conduct at least one full Audit, including auditing in each operational discipline for which
the candidate seeks qualification, while being evaluated by an Evaluator;
vi) be recommended to the AO for approval as an Auditor by the Evaluator.
3.9.4 When a candidate for IOSA Auditor has successfully completed all applicable steps in the
auditor qualification process, the AO shall accomplish the following:
i) enter the name of the auditor on the list of approved IOSA Auditors for the AO;
ii) submit the name and qualification records of the auditor to IATA for entry on the master
registry of IOSA Auditors.
Auditor Qualification
3-8 October 2003
Auditor Qualification
Figure 3.1 Qualification Process Flow for IOSA Auditor (Established AO)
No
The candidate conducts at least one Audit, or
portion of an Audit, under the supervision of an Yes Acceptable
approved Auditor. progress?
Satisfactory No
performance?
Yes
Auditor Qualification
October 2003 3-9
IOSA Programme Manual
Auditor Qualification
3-10 October 2003
Auditor Qualification
Auditor Qualification
October 2003 3-11
IOSA Programme Manual
3.14.3 An IOSA Auditor that fails to re-qualify within one year (365 consecutive days) following the
date of becoming non-current shall be considered unqualified, and shall only be able to regain
qualification through completion of the Process for Qualification as an IOSA Auditor in accordance
with IPM 3.9.1.
3.14.4 In addition to currency requirements specified in IPM 3.14.1, in order to maintain
qualification, during every two consecutive calendar years, each auditor shall conduct a full or
partial Audit under IOSA while being evaluated by an Evaluator.
3.14.5 An IOSA Auditor that meets currency requirements specified in IPM 3.14.1, but has become
non-qualified due to lack of an evaluation within two consecutive years, shall be evaluated, with
satisfactory results, by an Evaluator while conducting a full Audit under IOSA in order to regain
qualification.
Auditor Qualification
3-12 October 2003
SECTION 4 - AUDITOR TRAINING
4.0 Purpose
4.0.1 A high level of competency among IOSA Auditors is essential in ensuring a credible and
meaningful Audit under IOSA. It is therefore necessary to establish an IOSA Auditor training
programme that ensures each IOSA Auditor attains and maintains a requisite level of
standardization and competency. The purpose of this section of the IPM is to support achievement
of IOSA Programme goals by providing standards and guidance for the content and presentation of
IOSA training activities.
Auditor Training
October 2003 4-1
IOSA Programme Manual
Auditor Training
4-2 October 2003
Auditor Training
4.4.4 In general, the IOSA annual recurrent training curriculum shall be designed to update the
auditor with regard to local and system IOSA issues and developments associated with standards
and regulations. Recurrent training shall also provide a refresher on auditing principles and
operational subjects.
4.4.5 Typical course content for IOSA annual recurrent training developed by the AO shall focus on
the following areas:
i) administration;
ii) IOSA standards;
iii) documentation;
iv) regulatory requirements;
v) audit operations;
vi) standarisation;
vii) problems;
viii) other appropriate local issues.
4.4.6 Typical course content for IOSA annual recurrent training obtained from IATAon a bi-annual
basis shall focus on the following areas:
i) operational, quality and safety audit principles;
ii) IOSA system operational or administrative subjects;
iii) IOSA system audit issues and problems;
iv) IOSA system statistical results;
v) other appropriate system issues.
4.4.7 The AO shall record the successful completion of IOSA annual recurrent training by each
Auditor listed under IOSA; these records shall be retained by the AO in each Auditor’s qualification
file for a period of five (5) years.
Auditor Training
October 2003 4-3
IOSA Programme Manual
Auditor Training
4-4 October 2003
SECTION 5 – AUDIT PROGRAMME
5.0 Purpose
5.0.1 The objective of the operational Audit under IOSA is to determine the level of fulfilment of
IOSA Standards and Recommended Practices (ISARPs) for the purpose of registering the Auditee
as an IOSA Operator. The Audit Programme is the documented system, including policies,
processes and procedures for implementation of an Audit under IOSA.
The purpose of this section of the IPM is to provide the guidance necessary for an AO to establish
and maintain an effective Audit Programme. The standards in this section also provide the basis for
standardized procedures used by IOSA Auditors to conduct an Audit.
Audit Programme
October 2003 5-1
IOSA Programme Manual
Audit Programme
5-2 October 2003
Audit Programme
5.3.5 The AO shall have a process for designating a Lead Auditor that takes into account
considerations in IPM 5.3.4, and also considers the total experience and competency of Audit
Team members.
Audit Programme
October 2003 5-3
IOSA Programme Manual
5.5.2 The AO shall have a process to provide necessary logistical support for the Audit Team,
including arrangements for scheduling, communication, travel, lodging, financial, medical and any
other support necessary to ensure efficient and successful audit implementation.
5.5.3 The AO shall have a process to prepare an official identification badge for use by approved
IOSA Auditors. The process of the AO shall ensure that, in preparation for an Audit:
i) each Audit Team member is in possession of an IOSA Auditor identification badge;
ii) each Auditor displays such an identification badge at all times when conducting the on-
site phase of the Audit.
5.5.4 The AO shall have a process to ensure that each member of the Audit Team is supplied with
and always has the required IOSA documents at his or her immediate disposal during the conduct
of an Audit. Each member of the Audit Team shall have:
i) ISM Section 1, Part 1 and 2;
ii) ISM Sections 2-8, Part 1 and 2, relevant to the specific area(s) of the operation to be
audited;
iii) current IOSA Checklists relevant to the specific area(s) of the operation to be audited.
Audit Programme
5-4 October 2003
Audit Programme
Audit Programme
October 2003 5-5
IOSA Programme Manual
5.7.6 The AO shall have a process to ensure that the Auditee is appropriately informed when any of
the following exist:
i) a Finding or Observation is verified;
ii) there is objective evidence indicating a potential Finding or Observation;
iii) audit objectives are not attainable.
5.7.7 For the purpose of verifying implementation of IOSA Standards by the Auditee, the AO shall
have a process to ensure that the Audit Team conducts specified assessments of the Auditee’s
operations as specified in IPM Table 5.1.
5.7.8 The AO shall have a programme for assessment of line flights and simulator sessions as part
of the Audit. The programme of the AO shall ensure that such assessments:
i) are conducted as part of every Audit;
ii) are coordinated and scheduled in accordance with IPM 5.2.2;
iii) take place in conjunction with the on-site portion of the Audit, if possible;
iv) are accomplished only by qualified Flight Operations IOSA Auditors in accordance with IPM
3.3.8 and applicable guidance in the IAH;
v) are conducted by Auditors who can communicate in the language of the Auditee, or if not
possible, have the availability of an interpreter.
Note: The line flight assessment may be excluded if prohibited by the applicable
regulatory authority
5.7.9 The AO shall have a process that ensures Findings and Observations are:
i) generated against a specific IOSA Standard or Recommended Practice;
ii) based on objective evidence discovered during the audit;
iii) discussed with the Auditee during the Audit in an attempt to achieve agreement;
iv) discussed with and agreed to among the Audit Team members;
v) documented along with supporting objective evidence.
5.7.10 The AO shall have a programme that ensures the on-site phase of the Audit is completed
with a formal Closing Meeting with the management of the Auditee. The spokesperson for the Audit
Team shall be the designated IOSA Lead Auditor and attendance shall be recorded. The Closing
Meeting shall be conducted using a formal presentation format, either projected or on paper, and
the following areas shall be presented or addressed:
i) an overview of the Audit;
ii) IOSA Findings and Observations;
iii) supporting objective evidence (may be presented by individual auditors);
iv) the IOSA Interim Audit Report (IIAR);
v) the IOSA Corrective Action Record (CAR);
vi) follow-up process, including timelines for corrective action;
vii) process for verification of corrective action implementation;
viii) closure of Findings;
ix) the IOSA Audit Report (IAR);
x) requirements for IOSA Registration;
xi) confidentiality of the IOSA Programme;
xii) the IOSA Audit Feedback Programme.
Audit Programme
5-6 October 2003
Audit Programme
5.7.11 The AO shall have a process to ensure that the designated Lead Auditor provides the
Auditee with all Findings and Observations resulting from the Audit by leaving a draft of relevant
parts from the IOSA Interim Audit Report (IIAR) template. These documents shall clearly be
labelled “DRAFT” across the page.
5.7.12 If the Auditee attempts to address Findings or Observations through implementation of
immediate corrective action during the on-site portion of the Audit, the AO shall have a process to
exclude any such Finding and Observation from the requirement in IPM 5.7.11 only if the Audit
Team is able to verify full implementation of comprehensive and permanent corrective action prior
to the Closing Meeting.
5.7.13 The AO shall have a process to ensure that the designated Lead Auditor informs the Auditee
of Findings and Observations provided to the Auditee at the Closing Meeting:
i) although unofficial and presented on a draft document, shall not be further revised;
ii) are to be used by the Auditee to begin development of the Corrective Action Plan (CAP);
iii) will subsequently be incorporated into an IIAR, which constitutes official notification of
Findings and Observations, and which will be forwarded to the Auditee within fifteen (15)
business days following the date of the Closing Meeting.
5.7.14 If the AO has a process, including provisions for on-site quality control, to fully prepare an
IIAR prior to the Closing Meeting, the Lead Auditor shall be permitted to provide the Auditee with
the official IIAR in lieu of a draft document at the Closing Meeting. The on-site quality control
process shall provide for a thorough review of the IIAR by the full Audit Team to ensure that all
information is correct, and that Findings are supported by documented factual evidence in
accordance with IPM 5.7.9.
5.7.15 The AO shall have a process to ensure that, through communication by the designated Lead
Auditor, the Auditee fully understands that the Auditee and the AO shall conclude a process to
reach agreement on a CAP acceptable to the AO within thirty (30) days following the Closing
Meeting, and that Audit Closure shall not be declared until corrective action in accordance with the
accepted CAP has been implemented by the Auditee and verified by the AO.
5.7.16 The AO shall have a process to ensure that, through communication by the designated Lead
Auditor, the Auditee has an understanding of the importance and objectives of the IOSA Audit
Feedback Programme, and that programme documents are given to the Auditee.
Audit Programme
October 2003 5-7
IOSA Programme Manual
5.9.2 The AO shall have a quality control process to review and approve all information contained in
the IIAR, and to ensure that Findings in the IIAR are consistent with those presented to the Auditee
at the Closing Meeting in accordance with ISM 5.7.13. Once approved, the AO shall then forward
the IIAR to the Auditee within fifteen (15) business days following the Closing Meeting. The AO
shall have a verification process to ensure the Auditee has received the IIAR.
Audit Programme
5-8 October 2003
Audit Programme
Audit Programme
October 2003 5-9
IOSA Programme Manual
Note 1: An Engineering and Maintenance Auditor shall assess the entire process of the Operator for
assessing and implementing an Airworthiness Directive (AD) and/or Alert Service Bulletin (ASB),
including a review of the Task Card used to certify the incorporation of an AD or ASB.
Note 2: An Engineering and Maintenance Auditor should assess a minimum of two (2) maintenance
activities, including, but not limited to, any of the following:
engine change;
APU change;
primary or secondary flight control change;
wheel or brake change;
door (cabin or cargo) change;
landing gear (main, body, wing or nose) change;
radar antenna change;
pilot or static component change;
angle of attack transducer change;
engine trim check;
any component change that requires rigging, calibration or testing; or
any structural repair to metal or composite material.
Note 3: An Engineering and Maintenance Auditor shall assess at least one (1) of the following maintenance
processes:
procedures used to ensure currency and correctness of calibrated equipment
tooling and equipment used to ensure correctness and currency of calibrated equipment
manpower utilization (correct complement, authorizations and qualifications);
environment in which maintenance is performed (lighting, noise, temperature, humidity, etc.);
certification of work (progressive/final certification, dual/independent inspections, etc.).
Note 4: An Engineering and Maintenance or Ground Handling Auditor shall assess at least one (1) ground
handling activity to ensure aircraft airworthiness is not compromised. Such activities shall include,
but are not limited to, any of the following:
aircraft pushback/tow operations;
aircraft fuelling;
de/anti-icing;
minor servicing (tire inflation, oil checks, oxygen replenishment, toilet servicing, potable water
servicing, catering, etc.).
Audit Programme
5-10 October 2003
Audit Programme
Audit Programme
October 2003 5-11
IOSA Programme Manual
5.12.3 Closure of Findings by an AO in accordance with this IPM 5.12 shall affect the IOSA
Registration process as follows:
i) should all Findings not be closed by the AO in accordance with the accepted CAP within
twelve (12) consecutive months following the date of the Closing Meeting, the Audit shall
become invalid as a means for the Auditee to be added to the IOSA Registry or renew an
existing IOSA Registration;
ii) an Operator shall not be added to the IOSA Registry until all Findings have been closed
through full implementation of comprehensive and permanent corrective action in
accordance with the accepted CAP, and such implementation has been verified by the AO;
iii) an Operator shall be removed from the IOSA Registry if all Findings have not been closed
prior to the expiration date of the current IOSA Registration, unless extenuating
circumstances beyond the control of the Auditee are determined to exist in accordance with
IPM 2.6 and 2.8.
Audit Programme
5-12 October 2003
Audit Programme
Audit Programme
October 2003 5-13
IOSA Programme Manual
Audit Programme
5-14 October 2003
SECTION 6 - DATA MANAGEMENT
6.0 Purpose
6.0.1 Sharing of audits is a fundamental element of IOSA, and effective data management is
essential for achieving successful audit sharing. The purpose of the IOSA data management
system is to support and facilitate audit sharing, and to ensure the security and confidentiality of the
information that results from audits conducted under IOSA.
Data Management
October 2003 6-1
IOSA Programme Manual
6.2.2 The AO shall have a quality control process, implemented prior to submitting the report to
IATA, to ensure correctness and adequacy of technical content, language, completeness, and
format of the IAR. The process shall include a review of all Auditor comments.
6.5 Custodianship
6.5.1 IATA shall be the official custodian of all IARs, and shall have a database (IOSA Database)
that shall be the system repository for the IARs from every Audit conducted under IOSA.
6.5.2 The Auditee shall be the sole determiner and provider of authorization for access to an IAR
from the IOSA Database.
Data Management
6-2 October 2003
Data Management
6.6.4 In cases when an Auditee has not been able to successfully close Findings within the
specified maximum timeframe provided in IPM Section 5, the AO shall retain the audit data for at
least 30 days beyond the nominal closure deadline.
6.6.5 Once received by IATA, a new IAR shall replace the existing report in the IOSA Database.
The last two IARs shall be retained in the database archive file.
Data Management
October 2003 6-3
IOSA Programme Manual
Data Management
6-4 October 2003
Data Management
IO S A A u d it T e a m e va lu a te s a u d ite e
c o rre c tive a c tio n (if a n y), d e te rm in e s
a u d it c lo s u re (s ta n d a rd s m e t)
A O re vie w s a n d a p p ro ve s a u d it re s u lts ;
p re p a re s IO S A A u d it R e p o rt (IA R )
A O p e rfo rm s th o ro u g h q u a lity c h e c k o f
IA R (te c h n ic a l c o n te n t, la n g u a g e ,
c o m p le te n e s s , fo rm a t)
No IA T A c o o rd in a te s
R e p o rt a c c e p ta b le ?
re vis io n s
Yes
A O c e rtifie s IA R q u a lity c h e c k ; fo rw a rd s
re p o rt to IA T A in ve rs io n c o m p a tib le
w ith IO S A D a ta b a s e re q u ire m e n ts
IA T A re c e ive s a n d p ro c e s s e s IA R ;
q u a lity c h e c k is p e rfo rm e d b y IA T A
(fo rm a t a n d c o m p le te n e s s o n ly)
No
R e p o rt a c c e p ta b le ?
Yes
IA T A e n te rs IO S A A u d it R e p o rt in to th e
IO S A D a ta b a s e
IA T A p ro vid e s m a n a g e m e n t o f IA R
d a ta in c o n fo rm ity w ith IP M s ta n d a rd s
Data Management
October 2003 6-5
IOSA Programme Manual
No IATA informs
Access granted?
Interested Party
Yes
Data Management
6-6 October 2003
SECTION 7 – AUDIT SHARING
7.0 Purpose
7.0.1 The goal of IOSA is to eliminate the redundancy of operational audits within the airline
industry, and concurrently to provide an effectively managed and controlled system for the sharing
of audits. The IOSA Audit Report (IAR), which is retained in a central IOSA Database that is
managed by IATA, provides the comprehensive audit information necessary to allow Interested
Parties to participate in Audit Sharing.
Descriptions of the IAR, the IOSA Database and the process used to gain access to the IAR are
contained in IPM Section 6. This section of the IPM provides the guidance directly associated with
the sharing of audits, including processes and responsibilities.
7.1 Description
7.1.1 Audit Sharing is a process whereby an Interested Party utilizes the Audit of an Operator
conducted by a third party under IOSA to satisfy its own need for an Audit of that same Operator.
(See Figure 7.1)
7.3 IATA
7.3.1 IATA manages the IOSA Registry, and shall provide restricted access to an Interested Party in
accordance with provisions in IPM 2.1.
7.3.2 IATA is the official custodian of IARs in the IOSA Database, and shall provide controlled IAR
access to an Interested Party in accordance with provisions in IPM 6.8.
Audit Sharing
October 2003 7-1
IOSA Programme Manual
In te re s te d P a rty id e n tifie s a
re q u ire m e n t fo r a n o p e ra tio n a l a u d it
o f a n o p e ra to r
In te re s te d P a rty g a in s a c c e s s to
th e IO S A R e g is try to d e te rm in e
IO S A s ta tu s o f o p e ra to r (IP M 2 .1 )
No O p e ra to r a d v is e d to a tta in
R e g is te re d IO S A
re g is tra tio n a s a n IO S A
O p e ra to r?
O p e ra to r
Yes
In te re s te d P a rty g a in s a c c e s s to
th e IA R fo r th e o p e ra to r (IP M 6 .8 )
In te re s te d P a rty c o n d u c ts IA R
a n a lys is
U n re s o lv e d a u d it Yes In te re s te d P a rty re s o lv e s
is s u e s ? a u d it is s u e s w ith o p e ra to r
No
In te re s te d P a rty u tilize s a u d it u n d e r
IO S A ; s a tis fie s o p e ra tio n a l a u d it
re q u ire m e n t th ro u g h A u d it S h a rin g
In te re s te d P a rty m a in ta in s c o n tin u o u s
o p e ra tio n a l m o n ito rin g o f o p e ra to r
Audit Sharing
7-2 October 2003
SECTION 8 – IATA PROGRAMME ADMINISTRATION
UNDER DEVELOPMENT
Dispute Resolution
October 2003 9-1
IOSA Programme Manual
No
No
No
N otifying party notifies IATA of failure to resolve the
dispute; declares that the issue m ust be resolved
under the IATA Rules of Arbitration
Dispute Resolution
9-2 October 2003
SECTION 10 – ENDORSED TRAINING ORGANIZATION
UNDER DEVELOPMENT