Regulations Regarding the Quality Control Programme of Civil Aviation Security

Issued pursuant to
Section 57, Paragraph four of the Law On Aviation

1. This Regulation prescribes the quality control programme of civil aviation security within the meaning of Article 11 of Regulation (EC) No 300/2008 of the European Parliament and of the Council of 11 March 2008 on common rules in the field of civil aviation security and repealing Regulation (EC) No 2320/2002 (hereinafter - Regulation No 300/2008).

2. The terms used in this Regulation shall conform to the terms used in Regulation No 300/2008.

3. This Regulation shall apply to the range of persons and objects referred to in Article 2(1) of Regulation No 300/2008.

4. Monitoring of the implementation of the measures specified in legal acts of the European Union and in national legal acts regarding quality control programmes of national civil aviation security in the field of civil aviation security (hereinafter - monitoring compliance) shall be ensured by the State Agency "Civil Aviation Agency" (hereinafter - Civil Aviation Agency).

5. The Civil Aviation Agency shall approve the persons which are entitled to monitor the compliance (hereinafter - auditors), determining the necessary qualifications and the duties to be performed thereby, if they:

5.1. conform to the requirements referred to in Paragraph 15 of Annex II to Regulation No 300/2008; or

5.2. have received the third category special permit for access to an official secret or a certificate of an appropriate level has been issued thereto for access to classified information of the European Union.

6. Inspectors of the Civil Aviation Agency conforming to the criteria referred to in Paragraph 5 of this Regulation shall be regarded as auditors.

7. The Civil Aviation Agency may invite auditors of the relevant authorities of the European Economic Area states to which the certificate referred to in Sub-paragraph 5.2 of this Regulation has been issued, to perform individual measures of the monitoring compliance.

8. Within the scope of the monitoring compliance, the Civil Aviation Agency may invite representatives of the State institutions referred to in the National Civil Aviation Security Programme as experts, which conform to the criteria referred to in Paragraph 5 of this Regulation.

9. If the Civil Aviation Agency has invited the persons referred to in Paragraphs 7 and 8 of this Regulation within the scope of the monitoring compliance, it shall issue an authorisation to the respective persons, confirming that the person performs a security audit, an inspection or a test on behalf of the Civil Aviation Agency.

10. The Civil Aviation Agency shall perform the monitoring compliance of airports, operators and entities (hereinafter - aviation organisations), inspecting and evaluating:

10.1. organisation of the security structure;

10.2. the duties, rights and liability of the persons responsible for the implementation and maintenance of civil aviation security measures;

10.3. the ability to monitor the security procedures implemented;

10.4. the sufficiency of employees involved in the implementation of measures, the conformity of their qualification with the duties to be performed and the training process of employees; and

10.5. the sufficiency and conformity of the security equipment, systems and infrastructure to be used with the requirements referred to in the Annex to Regulation No 300/2008.

11. Each year by 30 December the Civil Aviation Agency shall prepare a plan for monitoring compliance for the following year. The following shall be indicated in the plan:

11.1. the planned number of security audits, inspections or tests and the dates of performance thereof;

11.2. the aviation organisation in which the implementation of the measures of the monitoring compliance referred to in Sub-paragraph 11.1 of this Regulation is planned;

11.3. the number of auditors required for the implementation of the measures referred to in Sub-paragraph 11.1 of this Regulation; and

11.4. the security measures to be inspected in the security audit and inspection.

12. In addition to the measures of monitoring compliance referred to in Sub-paragraph 11.1 of this Regulation, the Civil Aviation Agency, taking into account the security risk assessment, may perform unplanned security audits, inspections or tests.

13. The Civil Aviation Agency may perform unplanned security audits, inspections or tests of aviation organisations, if:

13.1. during a security test it has been established that the security measures of the aviation organisation do not conform with the requirements of the security programme of the aviation organisation approved by the Civil Aviation Agency;

13.2. information has been received that the security measures performed in the aviation organisation do not conform with the requirements of the security programme approved by the Civil Aviation Agency;

13.3. information has been received regarding a threat to the civil aviation security, upon evaluation of which a decision regarding the necessity to change he security measure procedures has been taken; or

13.4. an incident has occurred which is related to unlawful activities or attempts thereof and affects or may affect the civil aviation security.

14. Each year by 15 January the Civil Aviation Agency shall inform the aviation organisation regarding the security audits planned in the calendar year, indicating the anticipated dates for the performance thereof.

15. The Civil Aviation Agency shall not inform the aviation organisation regarding the planned inspections or tests, except the cases referred to in Sub-paragraph 7.3 of Annex II to Regulation No 300/2008.

16. Within ten days after receipt of a notification regarding the planned security audit, the aviation organisation may inform the Civil Aviation Agency in writing regarding the need to specify other dates for the performance of the security audit, with justification thereof.

17. In accordance with the requirements referred to in Paragraph 6 of Annex II to Regulation No 300/2008, the Civil Aviation Agency shall perform:

17.1. planned security audits of airport, operator and aeronautical service providers not less than once every 24 months; or

17.2. planned security audits of other aviation organisations not less than once every five years.

18. Not later than 20 working days prior to the commencement of the security audit, the Civil Aviation Agency shall send a pre-audit questionnaire to the aviation organisation.

19. The responsible person of the aviation organisation shall complete the pre-audit questionnaire and submit it to the Civil Aviation Agency not later than five working days before the first day of the security audit.

20. In accordance with the requirements referred to in Paragraph 7 of Annex II to Regulation No 300/2008, the Civil Aviation Agency shall perform the planned inspections of aviation organisations not less than once every 12 months.

21. In accordance with the requirements referred to in Paragraph 8 of Annex II to Regulation No 300/2008, the Civil Aviation Agency shall perform the planned tests in order to inspect the efficiency of the security measures specified in Annex I to Regulation No 300/2008 not less than once every 12 months.

22. If necessary for safety reasons, the Civil Aviation Agency shall, in timely manner, inform the State institutions referred to in the National Civil Aviation Security Programme regarding of the performance of security tests.

23. The State institutions referred to in the national legal acts regarding the National Civil Aviation Security Programme may perform the security tests of the aviation organisation, if the test plan has been co-ordinated with the Civil Aviation Agency. The institutions referred to in this Paragraph may designate such persons for the performance of the security tests, which have not been approved as auditors, but which conform with the requirements referred to in Paragraph 5 of this Regulation.

24. The test plan referred to in Paragraph 23 of this Regulation shall be submitted to the Civil Aviation Agency not later than 10 working days prior to the planned day of the performance of the test. The following information shall be indicated in the test plan:

24.1. the purpose of performing the test;

24.2. the date and time of performance of the test;

24.3. the name of the aviation organisation in which the test will be performed (specify structural units in which inspections will be performed);

24.4. a description of activities intended to be performed during the test;

24.5. the given name, surname and position of the persons who will participate in the performance of the test, and a description of the duties to be performed during the test;

24.6. a list of the items and materials to be used during the test; and

24.7. other information which the preparer of the test plan considers to be important.

25. The aviation organisation has a duty to provide an auditor with all the information and documentation necessary to him or her, access to the infrastructure, equipment and security systems of the organisation, as well as accessibility to employees.

26. During an audit, inspection or test, the auditor shall complete a report in accordance with the requirements specified in Sub-paragraph 10.2 and Paragraph 11 of Annex II to Regulation No 300/2008. The report shall be signed by the auditor and the person of the aviation organisation responsible for security.

27. If the institutions referred to in Paragraph 23 of this Regulation perform the security tests of the aviation organisation, they shall, within one working day, complete the report in accordance with the procedures specified in Paragraph 26 of this Regulation and submit a copy of the report to the Civil Aviation Agency.

28. If non-compliances are established during a security audit, inspection or test, rectification of which requires immediate action, the auditor is entitled to give the aviation organisation an order to rectify the non-compliance established without delay or to perform immediate compensatory measures, which are temporary activities and guarantee aviation security until the complete rectification of the non-compliances established.

29. The auditor who has used the rights referred to in Paragraph 28 of this Regulation shall, without delay, inform the director of the Civil Aviation Agency thereof.

30. The Civil Aviation Agency shall, within 10 working days after the security audit, inspection or test, prepare a report in accordance with the requirements specified in Paragraphs 10 and 11 of Annex II to Regulation No 300/2008 and send it to the aviation organisation in which the security audit, inspection or test was performed. The report shall be signed by the director of the Civil Aviation Agency or an authorised person thereof.

31. In accordance with the procedures specified in Paragraph 30 of this Regulation, the Civil Aviation Agency shall prepare a report and send it to the respective aviation organisation, if non-compliances are indicated in the report referred to in Paragraph 27 of this Regulation, which were established during the performance of the test.

32. Within 20 working days after receipt of the report referred to in Paragraph 30 or 31 of this Regulation, if non-compliances are indicated therein, the aviation organisation shall submit a plan for the rectification of non-compliances to the Civil Aviation Agency. Corrective measures for the rectification of non-compliances established during a security audit, inspection or test, and the time periods for the implementation thereof shall be indicated in the plan for the rectification of non-compliances.

33. If the corrective measures indicated in the plan for the rectification of non-compliances or the time periods for the implementation thereof do not ensure conformity with the requirements specified in Regulation No 300/2008, the Civil Aviation Agency shall, within five working days after receipt of the plan for the rectification of non-compliances, inform the submitter thereof regarding the necessity to make changes in the plan for the rectification of non-compliances.

34. The Civil Aviation Agency shall check the fulfilment of the plan for the rectification of non-compliances of the aviation organisation within the specified time periods, as well as perform an inspection in accordance with Paragraph 9 of Annex II to Regulation No 300/2008.

35. The Civil Aviation Agency shall provide an opinion to the aviation organisation, if all the necessary corrective measures have been fulfilled within the time periods specified in the plan for the rectification of non-compliances.

36. The aviation organisation may extend the time periods for the implementation specified in the plan for the rectification of non-compliances, co-ordinating it with the Civil Aviation Agency.

Prime Minister V. Dombrovskis

Minister for Transport K. Gerhards

Translation © 2010 Valsts valodas centrs (State Language Centre)