Regulations Regarding the Civil Aviation Security Quality Control Programme

Issued pursuant to
Section 57, Paragraph four of the law On Aviation

1. The Regulation prescribes the Civil Aviation Security Quality Control Programme within the meaning of Article 11 of Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 (hereinafter - Regulation No 300/2008).

2. The terms used in this Regulation correspond to the terms used in Regulation No 300/2008.

3. The Regulation shall apply to the range of persons and objects referred to in Article 2(1) of Regulation No 300/2008.

4. Monitoring of the implementation of the activities specified in the legal acts of the European Union and the national legal acts regarding the national civil aviation security quality control programme in the field of civil aviation security (hereinafter - the compliance monitoring) shall be ensured by valsts aģentūra "Civilās aviācijas aģentūra" (State agency Civil Aviation Agency) (hereinafter - the Civil Aviation Agency).

5. The compliance monitoring shall be implemented by employees of the unit Aviation Security Division of the Civil Aviation Agency (hereinafter - the auditors). The Civil Aviation Agency shall approve the job description of the auditor, determining the necessary qualifications and the duties to be fulfilled if the auditor:

5.1. meets the requirements referred to in Paragraph 15 of Annex II to Regulation No 300/2008;

5.2. has received a third level personnel security clearance for access to an official secret or he or she has been issued a certificate of the corresponding level for access to the classified information of the European Union.

[3 September 2013]

6. [3 September 2013]

7. The Civil Aviation Agency may invite the auditors of the appropriate authority of the countries of the European Economic Area who have been issued the certificate referred to in Sub-paragraph 5.2 of this Regulation for performing individual compliance monitoring activities.

8. The Civil Aviation Agency may invite representatives of the State authorities referred to in the National Civil Aviation Security Programme who meet the criteria referred to in Paragraph 5 of this Regulation as experts within the scope of the compliance monitoring.

9. If, within the scope of the compliance monitoring, the Civil Aviation Agency has invited the persons referred to in Paragraphs 7 and 8 of this Regulation, it shall issue an authorisation to the relevant persons attesting that the person is conducting a security audit, inspection, survey, or test upon assignment of the Civil Aviation Agency.

[3 September 2013]

10. The Civil Aviation Agency shall perform the compliance monitoring of airports, operators, and entities (hereinafter - the aviation organisations), inspecting and assessing:

10.1. the organisation of the security structure;

10.2. the obligations, rights, and responsibility of the responsible persons in the introduction and maintenance of the civil aviation security measures;

10.3. the conformity of the security procedures introduced with the requirements of the national legal acts, the directly applicable legal acts of the European Union, and the international legal acts in the field of civil aviation security;

10.4. the sufficiency of the staff involved in the implementation of measures, the conformity of the qualifications with the duties to be performed, and the training process of the staff;

10.5. the sufficiency and conformity of the security control equipment, systems, and infrastructure to be used with the requirements referred to in Annex I to Regulation No 300/2008;

10.6. the procedures for the implementation of internal quality control procedures in the field of aviation security.

[3 September 2013]

11. The Civil Aviation Agency shall, each year by 30 December, prepare a compliance monitoring plan for the next year. The following shall be indicated in the plan:

11.1. the number of the planned security audits, inspections, or tests and the dates of conducting them;

11.2. the aviation organisations which will be subjected to compliance monitoring activities referred to in Sub-paragraph 11.1 of this Regulation;

11.3. the number of the auditors necessary for the implementation of the measures referred to in Sub-paragraph 11.1 of this Regulation;

11.4. the security measures to be checked in the security audit and the inspection.

11.¹ When preparing the compliance monitoring plan referred to in Paragraph 11 of this Regulation, the Civil Aviation Agency shall take into account the results of the security audits, inspections, surveys, and tests conducted in the aviation organisations in the previous years and the actions taken by the aviation organisations for the correction of the deficiencies identified.

[6 March 2012; 3 September 2013]

12. In addition to the compliance monitoring activities referred to in Sub-paragraph 11.1 of this Regulation, the Civil Aviation Agency may conduct unplanned security audits, inspections, or tests, taking into account the security risk assessment.

13. The Civil Aviation Agency may conduct unplanned security audits, inspections, or tests of the aviation organisations if:

13.1. it has been established during a security test that the security measures of the aviation organisation do not meet the requirements of the security programme of the aviation organisation approved by the Civil Aviation Agency;

13.2. information has been received that the security measures implemented by the aviation organisation do not meet the requirements of the security programme approved by the Civil Aviation Agency;

13.3. information on increased threat to civil aviation security has been received after the assessment of which the decision on the need to change the procedures of the security measures has been taken;

13.4. an incident related to an unlawful activity or an attempt thereof has occurred and it affects or may affect civil aviation security;

13.5. the aviation organisation commences operation after approval of the compliance monitoring plan of the relevant year.

[6 March 2012]

13.¹ In addition to the compliance monitoring activities referred to in Sub-paragraph 11.1 and Paragraph 12 of this Regulation, the Civil Aviation Agency shall conduct surveys in accordance with Paragraph 9 of Annex II to Regulation No 300/2008. The Civil Aviation Agency does not provide advance information to the aviation organisation of the planned surveys.

[3 September 2013]

14. The Civil Aviation Agency shall, each year by 15 January, inform the aviation organisation of the security audits planned in the calendar year, indicating the foreseeable dates for conducting them.

15. The Civil Aviation Agency shall not inform the aviation organisation of the planned inspections or tests, except for the cases referred to in Sub-paragraph 7.3 of Annex II to Regulation No 300/2008.

16. The aviation organisation may, within 10 days after receipt of the notification on the planned security audit, inform the Civil Aviation Agency in writing of the need to determine other dates for conducting the security audit, providing a justification for it.

17. The Civil Aviation Agency shall conduct, in accordance with the requirements of Paragraph 6 of Annex II to Regulation No 300/2008:

17.1. a planned security audit of the airport, the operator, and the air navigation service provider at least once every 24 months;

17.2. planned security audit of other aviation organisations at least once every five years.

18. The Civil Aviation Agency shall, not later than 20 working days before commencement of the security audit, send a pre-audit questionnaire to the aviation organisation.

19. The aviation security manager of the aviation organisation shall complete the pre-audit questionnaire and, not later than five working days before the first day of the security audit, submit it to the Civil Aviation Agency.

[3 September 2013]

20. In accordance with the requirements referred to in Paragraph 7 of Annex II to Regulation No 300/2008, the Civil Aviation Agency shall, at least once every 12 months, conduct the planned inspections of the aviation organisation.

21. In accordance with the requirements referred to in Paragraph 8 of Annex II to Regulation No 300/2008, the Civil Aviation Agency shall, at least once every 12 months, conduct the planned tests in order to verify the efficiency of the security measures specified in Annex I to Regulation No 300/2008.

22. If necessary due to security considerations, the Civil Aviation Agency shall, in a timely manner, inform the State authorities referred to in the National Civil Aviation Security Programme of conducting the security tests.

23. The State authorities referred to in the national legal acts regarding the national civil aviation security programme may conduct a security test of the aviation organisation if the test plan has been agreed upon with the Civil Aviation Agency. The authorities referred to in this Paragraph may appoint such persons for performing the security test who have not been approved as auditors but who meet the requirements referred to in Paragraph 5 of this Regulation.

24. The test plan referred to in Paragraph 23 of this Regulation shall be submitted to the Civil Aviation Agency at least 10 working days before the planned day of conducting the test. The following information shall be indicated in the test plan:

24.1. the objective of conducting the test;

24.2. the date and time of conducting the test;

24.3. the name of the aviation organisation in which the test will be conducted (indicate the units in which the test will be conducted);

24.4. a description of activities which are intended to be carried out during the test;

24.5. the given name, surname, and position of the persons who will participate in the conducting of the test and a description of the obligations to be fulfilled during the test;

24.6. a list of the objects and materials to be used during the test;

24.7. other information which is deemed important by the person preparing the test plan.

25. The aviation organisation has an obligation to provide the auditor with all the necessary information and documentation, access to the infrastructure, equipment, and security systems of the organisation, a possibility to meet the staff, and also access to the territory of the aviation organisation while carrying the prohibited articles or articles similar to prohibited articles referred to in Commission Regulation (EU) No 185/2010 of 4 March 2010 laying down detailed measures for the implementation of the common basic standards on aviation security if they are used as test items during the inspection or test and they bear a mark "inspection article" or "test article".

[6 March 2012]

26. The auditor shall complete a protocol during the security audit, inspection, survey, or test in accordance with the requirements referred to in Sub-paragraph 10.2 and Paragraph 11 of Annex II to Regulation No 300/2008. The protocol shall be signed by the auditor and the aviation security manager of the aviation organisation.

[3 September 2013]

27. If the security test of the aviation organisation is conducted by the authorities referred to in Paragraph 23 of this Regulation, they shall, within a working day, complete the protocol in accordance with the procedures laid down in Paragraph 26 of this Regulation and submit a copy of the protocol to the Civil Aviation Agency.

28. If, during the security audit, inspection, survey, or test, such deficiencies are identified which require immediate correction, the auditor has the right to issue an order to the aviation organisation to correct the identified deficiency without delay or to take immediate compensatory measures which are temporary actions and guarantee civil aviation security until complete correction of the identified deficiencies.

[3 September 2013]

29. The auditor who has exercised the rights referred to in Paragraph 28 of this Regulation shall, without delay, inform the Director of the Civil Aviation Agency thereof.

30. The Civil Aviation Agency shall, within 10 working days after the security audit, inspection, survey, or test, prepare a report in accordance with the requirements referred to in Paragraphs 10 and 11 of Annex II to Regulation No 300/2008 and send it to the aviation organisation in which the security audit, inspection, survey, or test was conducted. The report shall be signed by the Director of the Civil Aviation Agency or his or her authorised person.

[3 September 2013]

31. The Civil Aviation Agency shall, in accordance with the procedures laid down in Paragraph 30 of this Regulation, prepare a report and send it to the relevant aviation organisation if deficiencies identified during the test are indicated in the protocol referred to in Paragraph 27 of this Regulation.

32. The aviation organisation shall, within 20 working days after receipt of the report referred to in Paragraph 30 or 31 of this Regulation if deficiencies are indicated therein, submit a plan for the correction of deficiencies to the Civil Aviation Agency. The remedial actions for the correction of deficiencies identified during the security audit, inspection, survey, or test and the deadlines for the implementation thereof shall be indicated in the plan for the correction of deficiencies.

[3 September 2013]

33. If the remedial actions indicated in the plan for the correction of deficiencies or the deadlines for the implementation thereof do not ensure compliance with the requirements laid down in Regulation No 300/2008, the Civil Aviation Agency shall, within five working days after receipt of the plan for the correction of deficiencies, inform its submitter of the need to make changes in the plan for the correction of deficiencies.

34. The Civil Aviation Agency shall verify the implementation of the plan for the correction of deficiencies of the aviation organisation within the specified deadlines.

[3 September 2013]

34.¹ If the remedial actions indicated in the plan for the correction of deficiencies are not implemented within the specified deadlines, the Civil Aviation Agency shall:

34.¹ 1. assess the activities carried out by the aviation organisation for the correction of deficiencies and the reason why the remedial actions have not been implemented within the specified deadline;

34.¹ 2. assess the conformity of the aviation security manager of the aviation organisation for the position and, if his or her qualifications do not meet the requirements referred to in Paragraph 39 of this Regulation, request the aviation organisation to replace the aviation security manager;

34.¹ 3. take the decision to impose sanctions in accordance with the procedures laid down in the law On Aviation.

[3 September 2013]

35. The Civil Aviation Agency shall provide an opinion to the aviation organisation if all the necessary remedial actions have been implemented within the deadlines specified in the plan for the correction of deficiencies.

36. The aviation organisation may extend the implementation deadlines specified in the plan for the correction of deficiencies, agreeing upon it with the Civil Aviation Agency.

37. The aviation organisations shall, in accordance with the requirements laid down in Articles 12, 13, and 14 of Regulation No 300/2008, develop an aviation security quality internal control (hereinafter - the internal control) programme, including the following information therein:

37.1. on the responsible unit for internal control of the aviation organisation, indicating the principles of its operation and the allocation of responsibilities of employees, or the responsible employee, indicating his or her work duties;

37.2. on the internal control procedures, including the procedures for informing the management of the aviation organisation of the results of internal control and the remedial actions for the correction of the deficiencies identified;

37.3. on the periodicity of the planned measures of internal control;

37.4. on the circumstances which determine the need to take unplanned measures of internal control.

[6 March 2012]

37.¹ The internal control programme of the aviation organisation shall be approved by the Civil Aviation Agency.

[3 September 2013]

38. When implementing the internal control, the aviation organisation shall check:

38.1. the implementation of the security measures specified in the aviation security programme;

38.2. the conformity of qualifications of employees for the duties to be performed;

38.3. the conformity of the operation of security control equipment with the specified performance requirements.

[6 March 2012]

39. The aviation organisations shall ensure that such person is appointed as the employee responsible for internal control of the aviation organisation who is certified in accordance with the laws and regulations regarding the certification of persons involved in the security screening of passengers, baggage, and cargo and the certifications of persons involved in the preparation and raising of qualifications of such persons.

[18 February 2014]

40. The aviation organisation shall, upon request of the Civil Aviation Agency, submit the annual plan of internal control, the results of the internal control measures taken (audit, test, inspection), and also information on the actions to be taken in order to correct deficiencies identified during the internal control measures.

[6 March 2012]

Prime Minister V. Dombrovskis

Minister for Transport K. Gerhards

Translation © 2024 Valsts valodas centrs (State Language Centre)