Title Page

  • Site conducted

  • Conducted on

  • Prepared by

  • Location

SEC

1 Management and Control

1.1 Management System Overview

  • SEC 1.1.1<br>The Operator shall have a security management system (SeMS) that includes, as a minimum, the following key elements:<br>(i) Senior management and corporate commitment;<br>(ii) Resource management;<br>(iii) Threat assessment and risk management;<br>(iv) Management of emergencies and incidence (resilience);<br>(v) Quality control and quality assurance;<br>(vi) Air Operator Security Program (AOSP).

  • SEC 1.1.2<br>The Operator shall have a senior management official designated as the head of security with direct access to the highest level of management within the organization. Such senior management official, regardless of other functions and reporting structure, shall have the responsibility, and thus be accountable, for ensuring the implementation and maintenance of the AOSP, as well as being in compliance with applicable security requirements of the Operator.

  • SEC 1.1.3 The Operator shall have a corporate security policy that states the commitment of the organization to a culture that has security as a fundamental operational priority. Such policy shall be communicated throughout the organization and commit the organization to:<br>(i) The provision of resources necessary for the successful implementation of the policy;<br>(ii) Compliance with applicable regulations and standards of the Operator;<br>(iii) The promotion of security awareness and the establishment of a security culture;<br>(iv) The establishment of security objectives and security performance standards;<br>(v) Continual improvement of the security management system;<br>(vi) Periodic review of the policy to ensure continuing relevance to the organization.

1.2 Air Operator Security Program (AOSP)

  • SEC 1.2.1<br>The Operator shall have a formal Air Operator Security Program (AOSP) that includes:<br>(i) The requirements of the civil aviation security program of the State of the Operator (hereinafter, the State);<br>(ii) Applicable requirements of other states where operations are conducted;<br>(iii) The security standards of the Operator

1.3 Authorities and Responsibilities

  • SEC 1.3.1<br>The Operator shall ensure the security management system defines the authorities and responsibilities of management personnel, as well as a general description of security responsibilities for categories of non-management personnel as defined under the AOSP. The security management system shall specify:<br>(i) The levels of management with the authority to make decisions that affect the operational security;<br>(ii) Responsibilities for ensuring security functions are performed and procedures are implemented in accordance with applicable regulations and standards of the Operator;<br>(iii) Lines of accountability throughout the organization, including direct accountability for security on the part of senior management; (iv) Responsibilities of members of management, irrespective of other functions, as well as of non-management personnel, with respect to the security performance of the organization.

  • SEC 1.3.2<br>The Operator shall have a process or procedure for delegation of duties and assignment of responsibilities within the security management system that ensures managerial continuity is maintained when managers with operational security responsibilities are unable to carry out work duties.

  • SEC 1.3.3<br>The Operator shall ensure a delegation of duties and assignment of responsibility for liaison with applicable aviation security authorities and other relevant external entities.

1.4 Communciation

  • SEC 1.4.1<br>The Operator shall have a communication system that enables an exchange of operational security information throughout the management system and all areas where operations are conducted.

1.5 Provision of Resources

  • SEC 1.5.1 (Intentionally open)

  • SEC 1.5.2<br>The Operator shall ensure management and non-management positions that require the performance of functions within the scope of the AOSP, to include positions within the organization of the Operator and, if applicable, service providers selected by the Operator to conduct operational security functions, are filled by personnel on the basis of knowledge, skills, training and experience appropriate for the position

  • SEC 1.5.3<br>If permitted by the State, the Operator shall ensure a process has been established that requires operational security personnel in the organization of the Operator and, if applicable, service providers selected by the Operator to conduct operational security functions, to be subjected to preemployment and recurring background checks in accordance with requirements of applicable aviation security authorities. The requirement for a background check shall be applicable to personnel who:<br>(i) Engage in the implementation of security controls;<br>(ii) Have unescorted access to the security restricted area of an airport;<br>(iii) Have unescorted access to screened passengers, baggage and cargo, as well as to<br>catering supplies and searched aircraft.

1.6 Documentation System

  • SEC 1.6.1<br>The Operator shall have a system for the management and control of documentation and/or data used directly in the conduct or support of operations under the AOSP. Such system shall include processes as specified in ORG Table 1.1.

  • SEC 1.6.2 (Intentionally open)

  • SEC 1.6.3<br>The Operator shall have processes to ensure documentation used in the implementation of the AOSP:<br>(i) Is readily identifiable and accessible to applicable operational personnel;<br>(ii) Contains legible and accurate information;<br>(iii) Is presented in a format appropriate for use by operational personnel

  • SEC 1.6.4<br>If the Operator has external service providers conduct outsourced operational security functions, the Operator shall have a process to ensure such external service providers receive information regarding security directives and instructions in a timely manner that meets requirements of the AOSP.

1.7 (Intentionally open)

1.8 Records System

  • SEC 1.8.1<br>The Operator shall have a system for the management and control of operational security records to ensure the content and retention of such records is in accordance with requirements of the aviation security authority of the State, as applicable, and to ensure security records are subjected to standardized processes for:<br>(i) Identification;<br>(ii) Legibility;<br>(iii) Maintenance;<br>(iv) Retrieval;<br>(v) Protection and security;<br>(vi) Disposal, deletion (electronic records) and archiving

  • SEC 1.8.2<br>If the Operator utilizes an electronic system for the management and control of records, the Operator shall ensure the system provides for a scheduled generation of backup record files

1.9 Management Review

  • SEC 1.9.1<br>The Operator should have a security review committee for the purpose of ensuring:<br>(i) Senior management oversight of security in operations;<br>(ii) Continual improvement of the SeMS;<br>(iii) Security threats are being identified and controlled;<br>(iv) The promotion of security awareness

  • SEC 1.9.2<br>The Operator shall have processes to monitor and assess its SeMS processes in order to maintain or continually improve the overall effectiveness of the SeMS

1.10 Quality Assurance/Quality Control Programs

  • Quality Assurance<br>SEC 1.10.1<br>The Operator shall have a quality assurance program that provides for the auditing and evaluation of the management system and operational security functions at a determined frequency following a regularly performed risk assessment to ensure the organization is:<br>(i) Complying with the AOSP and other applicable regulations and standards;<br>(ii) Satisfying stated operational needs;<br>(iii) Identifying areas requiring improvement;<br>(iv) Identifying threats to operations;<br>(v) Assessing the effectiveness of security risk management and controls

  • SEC 1.10.2<br>The Operator shall have a process for addressing findings resulting from audits of operational security functions that ensures:<br>(i) Identification of root cause(s);<br>(ii) Development of corrective action, as appropriate, to address findings;<br>(iii) Implementation of corrective action in appropriate operational security area(s);<br>(iv) Evaluation of corrective action to determine effectiveness

  • SEC 1.10.3A<br>The Operator shall have a process to ensure significant issues arising from quality assurance audits of operational security functions are subject to a regular review by senior security management.

  • SEC 1.10.3B<br>The Operator shall have an audit planning process and sufficient resources, including auditors as specified in ORG 3.4.12, to ensure audits are:<br>(i) Scheduled in accordance with a security risk assessment at intervals to meet regulatory and management system requirements;<br>(ii) Completed in accordance with scheduled intervals (subject to a change in risk).

  • Quality Control<br>SEC 1.10.4<br>The Operator shall have a process for conducting regular risk-based or event-driven security surveys that identify needs and weaknesses of the AOSP, including operational security procedures and infrastructure.

  • SEC 1.10.5<br>If required and/or authorized by the aviation security authority, the Operator shall have a process for conducting security tests that assess the effectiveness and proper implementation of security controls of which the Operator is in direct control

  • SEC 1.10.6<br>If required and/or authorized by the aviation security authority, the Operator shall have a process to perform or participate in periodic operational security exercises in order to:<br>(i) Evaluate the effectiveness of procedures designed for response to security incidents;<br>(ii) Practice implementation of security procedures by applicable personnel

1.11 Quality Control of Outsourced Operations and Products

  • SEC 1.11.1<br>If the Operator has external service providers conduct outsourced operational security functions, the Operator shall have a process to ensure a contract or agreement is executed with such external service providers. Such contract or agreement shall identify measurable specifications that can be monitored by the Operator to ensure requirements that affect the security of its operations are being<br>fulfilled by the service provider.

  • SEC 1.11.2<br>If the Operator has external service providers conducting outsourced operational security functions, the Operator shall have processes to monitor such external service providers to ensure requirements that affect the security of operations are being fulfilled.

  • SEC 1.11.3 (Intentionally open)

  • SEC 1.11.4<br>If the Operator has operational security functions conducted by external organizations not under the control of the Operator, the Operator should have methods, as permitted by the applicable civil aviation security authority, for the monitoring of such functions to ensure security controls are implemented to prevent acts of unlawful interference

1.12 Operational Reporting

  • SEC 1.12.1<br>The Operator shall have an operational reporting system that is implemented throughout the organization in a manner that:<br>(i) Encourages and facilitates personnel to report security incidents and threats, identify security deficiencies, and raise security concerns pertaining to the Operator;<br>(ii) Includes analysis and management action as necessary to address security issues identified through the reporting system.

  • SEC 1.12.2 The Operator should have a process to ensure security incidents and acts of unlawful interference that have been reported by personnel in accordance with SEC 1.12.1 are reviewed by operational and security management to ensure:<br>(i) Root cause is identified;<br>(ii) Corrective action is determined;<br>(iii) When applicable, corrective action is implemented and monitored to ensure effectiveness in preventing future incidents

2 Training and Qualification

2.1 Training Program

  • SEC 2.1.1<br>The Operator shall have a security training program that is approved or accepted by the State and meets applicable requirements of other states. Such program shall consist of initial and recurrent training, and include, as appropriate, theoretical and practical training to ensure:<br>(i) Personnel, employed by or under the control of the Operator who implement security controls, have the competence to perform their duties;<br>(ii) Flight and cabin crew members, as well as frontline aircraft ground handling and cargo handling personnel, are able to act in the most appropriate manner to minimize the consequences of acts of unlawful interference and disruptive passenger behavior. <br>Note: Applicable personnel shall complete initial security training prior to being assigned to operational duties.

  • SEC 2.1.2 If the Operator has operational security functions conducted by external service providers selected by the Operator (outsourcing), the Operator shall have a process to ensure such external service providers have a security training program that:<br>(i) Is acceptable to the Operator;<br>(ii) Consists of initial and recurrent training; and<br>(iii) Includes, as appropriate, theoretical and practical training.

  • SEC 2.1.3 (Intentionally open)

  • SEC 2.1.4<br>The Operator shall ensure personnel who perform security functions, crew members and appropriate operational personnel, as specified in SEC 2.1.1, complete recurrent security training on a frequency in accordance with requirements of the security program of the State and, if applicable, other states where operations are conducted or, if there is no regulatory mandate, not less than once every 36 months.

  • SEC 2.1.5<br>If the Operator manages a security screening system, the Operator shall ensure personnel who manage or operate the screening system:<br>(i) Are approved and/or certified in accordance with requirements of the applicable aviation security authority;<br>(ii) Complete initial and recurrent training that includes training in the identification of<br>explosives, weapons or other dangerous items or devices

  • SEC 2.1.6<br>The security training program of the Operator shall include a process for reviewing and updating or revising security training courses to ensure:<br>(i) Continual improvement of curriculum, including content and applicability to the operational environment;<br>(ii) Incorporation of regulatory amendments or operational changes.

  • SEC 2.1.7<br>The Operator shall ensure the completion of required security training by operational personnel is documented and retained in a records system in accordance with SEC 1.8.1.

  • SEC 2.1.8<br>The Operator shall ensure operational personnel complete security awareness training that focuses on preventative measures and techniques in relation to passengers, baggage, cargo, mail, equipment, stores and supplies, as applicable, and permits such personnel to contribute to the prevention of acts of sabotage and other forms of unlawful interference

3 Security Operations

3.1 Access Control

  • SEC 3.1.1 If the Operator has exclusive control over airport airside areas and/or security restricted areas, the Operator shall ensure an identification verification system is in place that prevents personnel and vehicles from unauthorized access. Such identification system shall include:<br>(i) Designated checkpoints where identification is verified before access is permitted;<br>(ii) A requirement for authorized personnel to prominently display an identification badge.

  • SEC 3.1.2<br>The Operator shall ensure measures are in place to control and supervise personnel and vehicles moving to and from the aircraft in security restricted areas to prevent unauthorized access to the aircraft.

  • SEC 3.1.3<br>The Operator shall ensure access control measures are in place to prevent the introduction of unauthorized weapons, explosives or other dangerous devices or items on board an aircraft by persons other than passengers

3.2 (Intentionally open)

3.3 Carriage of Weapons

  • SEC 3.3.1<br>If the carriage of weapons on board an aircraft for a passenger flight by law enforcement officers and/or other authorized persons acting in the performance of their duties is approved by the Operator, the State and/or other applicable authorities, the Operator shall have a policy and procedures, in accordance with the laws of the state(s) involved, for such carriage of weapons on board an aircraft.

  • SEC 3.3.2<br>If the carriage of weapons on board an aircraft for a passenger flight is approved as specified in SEC 3.3.1, the Operator shall have a procedure to ensure the pilot-in-command (PIC) is notified prior to the commencement of a flight. If permitted by the states involved, such notification shall include the number and seat locations of authorized armed persons on board the aircraft.

  • SEC 3.3.3<br>If the carriage of weapons in hold baggage on board an aircraft for a passenger flight is approved by the Operator, the Operator shall have procedures for the carriage of such weapons to ensure:<br>(i) If the weapon is a firearm or capable of discharging a projectile, an authorized and duly qualified person has declared the weapon to be not loaded;<br>(ii) The weapon is stowed in a place that is inaccessible to any unauthorized person during flight;<br>(iii) The carriage of a weapon is legally permitted by all state(s) involved, including the State and state(s) of flight departure, transit and arrival

3.4 Passengers, Supernumeraries and Cabin Baggage

  • SEC 3.4.1<br>If the Operator conducts passenger flights, the Operator shall have a process to ensure originating passengers and their cabin baggage are subjected to screening prior to boarding a passenger aircraft for;<br>(i) An international flight;<br>(ii) As required by the applicable aviation security authority, a domestic flight

  • SEC 3.4.2<br>If the Operator transports supernumeraries, the Operator shall have a process to ensure such personnel and their personal belongings are subjected to screening or other appropriate security controls prior to boarding an aircraft for an international flight.

  • SEC 3.4.3<br>If the Operator conducts passenger flights, the Operator shall have a process to ensure transfer and transit passengers and their cabin baggage either:<br>(i) Are subjected to screening prior to boarding a passenger aircraft, or<br>(ii) Have been screened to an appropriate level at the point of origin and subsequently protected from unauthorized interference from the point of screening at the originating airport to the departing aircraft at the transfer or transit airport.

  • SEC 3.4.4<br>If the Operator conducts passenger flights, the Operator shall have a process to ensure passengers and their cabin baggage are subjected to additional security controls in accordance with requirements of the applicable aviation security authority when flights are under an increased security threat.

  • SEC 3.4.5<br>If the Operator conducts passenger flights, the Operator shall have a process to ensure passengers and their cabin baggage, which have already been subjected to screening, are:<br>(i) Protected from unauthorized interference from the point of screening until they board a passenger aircraft;<br>(ii) Subjected to re-screening if the potential for unauthorized interference has been determined to exist.

  • SEC 3.4.6<br>The Operator should ensure security practices and/or procedures for operational security personnel that have contact with passengers include behavior detection methods designed to identify persons who may pose a threat to civil aviation and require additional security measures. <br>Auditor Actions<br> Identified/Assessed practices/procedures for behavior detection (focus: recognition of characteristics that indicate anomalous behavior, criteria for resolution and application of additional security measures).<br> Interviewed responsible manager(s).<br> Observed implementation of appropriate behavior detection practices/procedures.<br> Other Actions (Specify)

  • SEC 3.4.7<br>The Operator shall have a policy and procedures to refuse transportation to any person that does not consent to a search of his or her person or property in accordance with the AOSP

3.5 Special Category Passengers

  • SEC 3.5.1<br>If the Operator conducts passenger flights, the Operator shall have a policy and a process that incorporates risk assessment measures to ensure procedures are in place for the transport of potentially disruptive passengers who are obliged to travel because they have been the subject of judicial or administrative proceedings. Such procedures shall be designed to take into consideration the assurance of the safety of the aircraft during the flight

  • SEC 3.5.2 (Intentionally open)

  • SEC 3.5.3<br>If the Operator conducts passenger flights, the Operator shall have a process to ensure procedures are in place for the notification of the PIC, prior to the commencement of a flight, when passengers are to be transported who are obliged to travel because they have been the subject of judicial or administrative proceedings.

3.6 Hold Baggage

  • SEC 3.6.1<br>If the Operator conducts international passenger flights, the Operator shall have a process to ensure originating hold baggage, including courier baggage, is subjected to screening prior to being loaded into an aircraft for an international passenger flight.

  • SEC 3.6.2<br>If the Operator conducts domestic passenger flights, the Operator should have a process to ensure originating hold baggage is subjected to screening prior to being loaded into an aircraft for a domestic passenger flight.

  • SEC 3.6.3<br>If the Operator conducts international passenger flights, the Operator shall have a process to ensure hold baggage is protected from unauthorized interference from the point it is screened or accepted into the care of the Operator until departure of the international flight transporting the baggage

  • SEC 3.6.4–3.6.5 (Intentionally open)

  • SEC 3.6.6 If the Operator conducts international passenger flights, the Operator shall have a process to ensure procedures are in place to prevent items of hold baggage from being transported on such flights unless such items have been:<br>(i) Individually identified as either accompanied or unaccompanied baggage;<br>(ii) Subjected to appropriate security controls based on risk assessment

  • SEC 3.6.7<br>If the Operator conducts international passenger flights, the Operator shall have a process to ensure procedures are in place to record information associated with international hold baggage that has met criteria in accordance with SEC 3.6.1 and 3.6.6.

  • SEC 3.6.8<br>If the Operator conducts passenger flights, the Operator shall have a process to ensure secure storage areas have been established where mishandled passenger baggage may be held until forwarded, claimed or disposed of in accordance with local laws

  • SEC 3.6.9 (Intentionally open)

  • SEC 3.6.10<br>If the Operator conducts International passenger flights, the Operator shall have a process to ensure transfer hold baggage for such flights either:<br>(i) Is subjected to screening prior being loaded onto the aircraft, or<br>(ii) Has been screened at the point of origin and subsequently protected from unauthorized interference from the point of screening at the originating airport to the departing flight at the transfer airport.

  • SEC 3.6.11<br>If the Operator conducts domestic passenger flights, the Operator should have a process to ensure transfer hold baggage for a domestic passenger flight either:<br>(i) Is subjected to screening prior being loaded into an aircraft, or<br>(ii) Has been screened at the point of origin and subsequently protected from unauthorized interference from the point of screening at the originating airport to the departing aircraft at the transfer airport.

3.7 Cargo Shipments

  • SEC 3.7.1<br>If the Operator transports revenue or non-revenue cargo, the Operator shall have a process to ensure cargo shipments for transport on all flights have been subjected to the appropriate security controls, including screening where required, as established by the applicable state(s) prior to being loaded onto an aircraft.

3.8 In-Flight, Catering and Other Supplies

  • SEC 3.8.1<br>If the Operator conducts passenger flights, the Operator shall have a process to ensure in-flight, catering and/or other supplies intended for transport on a passenger flight are subjected to appropriate security controls as established by the appropriate state and are thereafter protected from unauthorized interference until loaded onto the aircraft.

3.9 General Protection

  • SEC 3.9.1 (Intentionally open)

  • SEC 3.9.2<br>If the Operator controls security sterile areas, the Operator shall have processes to ensure merchandise and supplies introduced into such areas are subject to appropriate security controls, which may include screening or a supply chain security process.

4 Security Threat and Contingency Management

4.1 Threat Management

  • SEC 4.1.1<br>The Operator shall have processes for maintaining a constant review of the level and nature of security threats to civil aviation, and for identifying direct or potential threats against the Operator. For threats that have been identified, such processes shall include:<br>(i) an assessment of associated risks and vulnerabilities;<br>(ii) Development of appropriate response measures

  • SEC 4.1.2<br>The Operator shall have a process to ensure the implementation of appropriate security measures in response to:<br>(i) Security threats directed against the Operator;<br>(ii) Threat levels issued by applicable aviation security authorities

  • SEC 4.1.3<br>The Operator shall have procedures for sharing, as appropriate, with the State, relevant operators, airport authority, air traffic service and external service providers, in a practical and timely manner, relevant information to assist in the implementation of an effective security risk assessment process. <br>Note: <br>This provision is applicable to the Operator only if procedures for sharing the specified relevant information are approved by the State. <br>

4.2 Contingency Planning

  • SEC 4.2.1<br>The Operator shall have a contingency plan that provides for a comprehensive and managed response to aviation security incidents. <br>

4.3 Investigation and Notification

  • SEC 4.3.1<br>The Operator shall have a process to ensure an investigation is conducted for incidents involving:<br>(i) Threats or acts of unlawful interference;<br>(ii) Failure of implementation of security controls under the responsibility of the OperatorSEC 4.3.1<br>The Operator shall have a process to ensure an investigation is conducted for any of the following: <br>i. Threats or acts of unlawful interference;<br>ii. Failure of implementation of security controls under the responsibility of the Operator;<br>iii. Security incidents, security occurrences or security threats. (GM)<br>

  • SEC 4.3.2<br>The Operator shall have a process that ensures notification to the applicable aviation security authorities when an act of unlawful interference and/or a preparatory act against the Operator has occurred.SEC 4.3.3<br>The Operator should have a process to ensure security incidents and/or security occurrences are reported to IATA for inclusion in the Incident Data Exchange (IDX) Security Dashboard. Such reports should be submitted in accordance with the formal IDX reporting process.<br>

  • SEC 4.3.3<br>The Operator should have a process to ensure security incidents and/or security occurrences are reported to IATA for inclusion in the Incident Data Exchange (IDX) Security Dashboard. Such reports should be submitted in accordance with the formal IDX reporting process. <br>

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.