Aviation Security Operations – Oversight Program Description and Delivery - Fiscal Year 2018-2019

Table of Contents

• Executive summary
• Operating context
• Introduction
  • Program overview: direct oversight activities
• Other oversight activities
  • Regulatory authorizations
  • Quality control
• Risks and Planning
• Considerations
• Initiatives to strengthen oversight
  • Modernization efforts: Changes to the Transportation Security Information System ( TSIS )
  • Multi-year planning
  • Evaluating our oversight strategies
  • Risk analysis and risk-based decision making
• Oversight delivery in 2018 to 2019
• Aviation Security Contact Information
• Annex A: Definitions

Executive summary

This report documents Transport Canada’s planned oversight activities in Aviation Security, for the upcoming fiscal year (2018 to 2019). It is divided by quarter and by region. The report includes other activities such as issuing regulatory authorizations and doing quality control.

Key areas in oversight planning:

• aerodromes
• air carriers
• air cargo-air carriers
• primary security line partners ( PSLPs )
• secure supply chain participants
• Canadian Air Transport Security Authority ( CATSA )

Each region works with headquarters to forecast the number of inspections in their area. The regions obtain cost figures from the Integrated Planning and Reporting document.

The aviation system continues to be an attractive target for acts of unlawful interference. Although we have seen the threat picture evolve over the past few years, overall, there have not been considerable changes in the risk environment. We continue to monitor threats and risks to aviation, and adapt accordingly.

The Non-Passenger and Vehicle Screening Program has been in effect since May 1, 2016. Regions must ensure they set aside resources to continue overseeing the full implementation of this program, particularly for aerodromes that have submitted corrective action plans until permanent facilities are in place. This work will impact the National Oversight Plan ( NOP ).

The Air Cargo Security Program also continues to expand due to regulatory changes to this program. Regions are asked to cross-train and dedicate more resources to air cargo oversight, to better support air cargo security and particularly to oversee known consignors new to the program.

Operating context

Canada has approximately 1,600 aerodromes and thousands of additional airstrips in both urban and rural areas. Of these aerodromes, 207 are certified for commercial purposes. Every year almost 80 million passengers travel in Canada. Each day there are about 2,500 flights between Canada and international destinations, including the United States.

The aviation industry employs over 91,000 people in Canada. It is critical to the operations of countless other industries that rely on aviation to transport over $110 billion worth of goods in international trade each year.

The aviation sector is heavily regulated for security. The Canadian Aviation Security Regulations, 2012 establishes the majority of these security requirements. Operators are further regulated by measures such as the Aerodrome Security Measures and the Security Measures Respecting Air Cargo.

Introduction

Program overview: direct oversight activities

Transport Canada’s Aviation Security oversight program ensures regulated entities (for example, aerodromes and air carriers) comply with regulatory requirements.

The program involves these industry stakeholders:

• designated aerodromes
• primary security line partners
• commercial air carriers
• secure cargo supply chain participants
• Canadian Air Transport Security Authority ( CATSA )

Aerodromes

At aerodromes, Transportation Security Inspectors conduct inspections to:

• ensure the aerodrome has proper procedures to prevent prohibited items from entering restricted areas, or being used as weapons
• confirm the aerodrome can assess and respond to threats and incidents
• confirm aerodrome personnel are properly trained to deal with security matters
• challenge access control systems
• review documents of entitlement, such as Restricted Area Identity Cards or other documents the aerodrome issues or approves, to validate their competence
• verify that the aerodrome has an Airport Security Program and its related components

Primary security line partners

Transport Canada inspects primary security line partners ( PSLPs ) to ensure they have done the following:

• designated a security official
• documented and communicated security-related roles and responsibilities
• developed a security awareness program
• protected restricted areas and prevented security breaches

In addition, PSLPs must:

• clearly document the primary security line they occupy and related restricted area access points
• maintain access control
• have proper measures in place to handle security-sensitive information

Air carriers

Transport Canada inspectors observe and test air carrier personnel and equipment to confirm that:

• the carrier’s handling of passengers and baggage is robust and effective
• the carrier maintains aircraft security at all times (this includes checking catering provisions to ensure they have not been tampered with)

Inspectors also:

• interview air carrier personnel to verify that their training and current level of knowledge meet regulatory requirements
• as part of the Passenger Protect Program, verify that air carriers have procedures to prevent people on the Secure Air Travel Act List from boarding an aircraft
• examine screening methods appropriate for the equipment used to transport air cargo
• visit and assess air cargo facility security, personnel security and all relevant training to ensure they meet Transport Canada standards

Screening Authority

Aviation Security Operations inspect the screening authority at designated aerodromes across the country. Security companies contracted by CATSA carry out the screening function at these aerodromes. Inspectors assess screening authority personnel through interviews and observations. They carry out a variety of screening checks, like designated passenger screening and non-passenger screening, at both terminal and vehicle entry points. In addition, throughout the year, inspectors carry out covert testing of screening checkpoints at aerodromes.

The Aviation Security Technology Division has a mandate to set performance standards for screening the security equipment that aerodromes use to check passengers and their belongings. They conduct equipment testing and reviews to verify compliance with the standards set out in the Screening Security Measures.

Secure air cargo supply chain participants

Goods destined to become air cargo shipments begin their journey in the secure supply chain. Each entity of the chain, regulated agent, certified agent and known consignor, receive:

• a full assessment of the basic pillars of their operations (personnel security, training, facility security and chain of custody)
• a review of their screening and packing methods, as appropriate

International Program

Finally, Transport Canada Aviation Security inspects foreign air carriers travelling to Canada. At foreign aerodromes, Transportation Security Inspectors do on-site assessments of air carriers flying directly into Canada, to ensure they comply with Canadian regulatory requirements. These assessments include meetings with airline representatives to review and discuss security programs. Inspectors also examine security procedures at the airport, and meet with representatives of the Civil Aviation Authority to review and discuss that country’s civil aviation security framework.

Other oversight activities

Regulatory authorizations

In addition to inspections, Aviation Security does other activities that support or are related to oversight. For example, we issue regulatory authorizations. Stakeholders who join the Air Cargo Security program are issued a Canadian Aviation Document after meeting certain requirements. This document regulates their activities under the Canadian Aviation Security Regulations, 2012 and the Security Measures Respecting Air Cargo. All applicants to the Air Cargo Security Program must go through an application process that includes a desktop review of their Cargo Security Plan ( CSP ). The CSP is an online tool that helps applicants detail how they will comply with the program’s requirements. The desktop review is conducted by Aviation Security personnel.

Aviation Security issues other types of regulatory authorizations, such as Screening Officer Designations ( SODs ), another type of Canadian Aviation Document. We provide SODs to newly trained screening officers employed by the Canadian Air Transport Security Authority.

Transport Canada also issues security exemptions. Headquarters develops exemptions to security requirements based on requests submitted by industry.

Quality control

Regional managers do quality control checks on inspection reports recorded in the Transportation Security Information System.

An inspection activity is selected for quality control based on:

• whether it relates to a new program
• whether it was identified by non-compliance
• if it was identified as having a higher risk

Once all regions have completed quarterly QC checks, they are submitted to Headquarters for a national QC review. The Quality and Risk Management Team then conducts a review of each Regional Managers QC submission, and will follow up with Regional Managers on any remaining issues requiring corrective action.

Risks and Planning

For the 2018-2019 fiscal year we decided to use the risk methodology created for Airport Security Programs, which assesses the risk of aviation security incidents based on different scenarios. The method weighs different types of threats, from which the aviation security scenarios are developed. The threat, criticality, vulnerability and impact of each scenario is evaluated to determine the risks relative to one another.

An important part of this approach is the mapping of oversight activities to threat scenarios. The key to this is the concept that regulations and oversight activities can be seen as safeguards intended to prevent, detect, deter, respond to, or recover from acts or attempts of illegal interference. Once the scenarios were assessed, oversight activities were mapped to scenarios and weighed. This exercise prioritized oversight activities by risk, which helped us decide on the frequency of these activities over the 3 year planning cycle. It also allowed us to create the Baseline Inspection Schedule ( BIS ).

We also recognize that national risk ratings can vary. As such, regions can adjust the BIS frequency based on site-specific risk ratings from the Security Operations Risk Assessment Model ( SORAM ), which considers both compliance history as well as operational context.

This new risk-based approach was put in place for the 3 year planning cycle that began in 2018-19.

Considerations

The aviation industry goes through changes in operations throughout the year. For example, air carriers will increase or decrease service at an aerodrome. Meanwhile, new air carriers will begin operations, and some operations will stop. We normally know these changes in advance, so we can incorporate them in regional planning and account for quarterly variations. Sometimes, when a change has not been anticipated, an oversight activity will be performed as an Unplanned (or Reactive) activity.

All regions follow a standardized process for creating annual inspection plans. Policy Directive 103 lays out the steps for a manager developing a plan, from calculating available hours for an inspector, to determining when inspections will happen during the year.

An important step in the planning process is assessing time per inspection activity. We provided the regions a historic set of time per inspection activity ( TPIA ) metrics for each year’s planning, but they were able to adjust these times based on their needs. Regions were also required to calculate the total time available for an inspector to conduct oversight in the year. Differences between regions’ time calculations means the amount of oversight they conduct will vary.

Initiatives to strengthen oversight

The Aviation Security program has several strategic initiatives in place to strengthen our oversight planning, delivery and reporting. They include:

• Modernization efforts: Changes to the Transportation Security Information System ( TSIS )
• Multi-year planning
• Evaluating our oversight strategies
• Risk analysis and risk-based decision-making

Modernization efforts: Changes to the Transportation Security Information System ( TSIS )

TSIS is the central depository of inspection results for Aviation Security. This system has a new component that streamlines planning and reporting. As of April 18, 2017, the Planning, Assigning and Reporting Module ( PARM ) automates planning and reporting processes that were mostly manual. The module also allows the regions to assign inspection records to inspectors.

In addition to PARM , the program has submitted a proposal for capital funding to migrate TSIS from an application platform to an online version. This will help regional inspectors connect to TSIS , particularly when doing inspections offsite. The migration will also position us to introduce tablets inspectors can use to record their findings. Currently inspectors must record oversight observations on paper and transfer the details to TSIS when they return to the office.

Multi-year planning

Aviation Security currently follows a 3-year planning cycle for our oversight activities. We bring regional managers together at the beginning of each year 3-year cycle to assess risk, prioritize the work and determine its frequency. This analysis sets the parameters by which regions will plan oversight in the future.

Regions plan for each year following this assessment, for a total of 3 years.

Evaluating our oversight strategies

We recently put in place a national quality assurance program to evaluate the systems and processes on which we base the Aviation Security oversight program. The quality assurance team is currently doing an environmental scan of the program’s components, to determine which documentation we have.

Quality control is an important part of quality assurance, and was established by Aviation Security in 2015 to 2016. Regional managers do quality control reviews on inspection records entered into the Transportation Security Information System ( TSIS ) by the inspectors who report to them. This will ensure the oversight data in TSIS , upon which we base our planning, will continue to improve.

Risk analysis and risk-based decision making

Aviation Security has an extensive risk analysis process to support our oversight planning. This process ensures we allocate resources based on risk. The process is reset every 3 years. We actively involve our regional expertise to ensure we include on-site experience and knowledge. 2018-2019 will be the first year of the 3 year planning cycle.

Oversight delivery in 2018 to 2019

As per the Oversight Transparency Integration Plan we will report on how we deliver planned risk-based inspections, reactive inspections and regulatory authorizations through the Canadian Center on Transportation Data ( CCTD ).

Aviation Security Contact Information

Aviation Security welcomes your comments and thanks you for your interest.

Email: aviationsecurity-sureteaerienne@tc.gc.ca

Annex A: Definitions

Required field	Description
Oversight	How we promote, monitor or enforce compliance with our safety and security requirements.
Regulatory authorizations	A regulatory authorization is given when a regulated party (like a railway company or vehicle manufacturer) applies for permission to do a regulated activity, or be exempt from it. We can give permission in different ways including a permit, licence or certification. We don’t control the number of regulatory authorizations for each planning cycle.
Inspection	A documented, formal examination of industry compliance with Canadian transportation safety and security rules, regulations and requirements. Authorized Transport Canada officials record the results of each inspection. For the purposes of this document, audits are a type of inspection. An inspection includes pre-site, onsite, and post-site inspection and oversight activities. The inspection is finished when the inspector submits an approved inspection or oversight activities report. An inspection does not include follow-up action, quality control checks or outreach activities.
Planned, risk-based inspections	All inspections that we initially commit to doing in a given planning cycle. The SO 3 Management Board may authorize updates as needed. These include inspections that are announced (and expected), and those that are unannounced. These do not include: estimations of demand-driven activities, like regulatory authorizations “reactive” or “opportunity” inspections that happen because of a change in oversight
Follow-up activities	These arise from findings of an initial inspection. Could include an on-site inspection, requests for more information, or enhanced monitoring. Follow-up activities don’t include enforcement.
Other activities	Oversight activities that we did not initially commit to in a planning cycle, and are not a follow-up to an inspection or audit.
Enforcement	Ways that we can enforce requirements and compel compliance. For example: letters of non-compliance directions or orders ticketing notices of violation administrative monetary penalties prosecutions suspensions or cancellations of certificates or authorizations
Education, outreach and awareness	How we educate the public, and encourage people and companies to follow the law (for example: industry conferences, air shows, training, web portal)
Quality control	How we make sure inspectors follow policies and procedures, and complete the required documentation. Applies to an entire oversight activity, from inspection, to follow-up, to resolving non-compliance. Supervisors and managers are responsible for quality control. Each program must have: a documented, nationally consistent way of doing quality control a procedure or set of procedures to ensure inspections follow approved standard operating procedures