security & facilitationcfapp.icao.int/tools/38thassyikit/story_content/external...convention on...
TRANSCRIPT
SECURITY & FACILITATION
Analysis of Audit Results
Universal Security Audit Programme
November 2002 to June 2013
Fifth Edition — 2013
FOREWORD The threat to civil aviation from acts of unlawful interference is real and constantly evolving. ICAO’s Universal Security Audit Programme (USAP), established in 2002 after the 9/11 attacks, is recognized as one of the most effective instruments for enhancing aviation security worldwide. It helps Member States identify critical weaknesses in their aviation security and oversight systems, and it guides them in developing targeted action plans to correct the deficiencies. In the process, the USAP has proven to be a powerful catalyst for all stakeholders of the international community to collaborate in achieving our common goal of a globally secure aviation network. This fifth edition of the analysis of USAP results offers a comprehensive breakdown of statistical information on the first and second cycles of the Programme, covering the period from 2002 to 2013. It focuses on States’ compliance with security standards and oversight capabilities, and provides practical guidance for States to evaluate and improve their aviation security performance. With the completion of the second cycle of USAP audits, ICAO is transitioning the Programme to a continuous monitoring approach (CMA). The USAP-CMA features an innovative, dynamic, and tailor-made approach to security auditing, relying on international best practices. Development of the methodology for the new approach is well underway and I anticipate that testing of USAP-CMA activities will begin in 2014, with full-scale implementation in January 2015. I am confident that the introduction of the USAP-CMA will allow the Programme to further improve the overall security of the global air transport system. I believe it will prove to be even more responsive to the rapidly changing legal, administrative and operational pressures we all face in meeting national and international security regulations. ICAO has always been committed to working hand in hand with its Member States, in cooperation with international organizations and United Nations agencies concerned, to foster the full and consistent application of Annex 17 — Security Standards. The USAP-CMA is another major step in that direction. I take this opportunity to once again encourage Member States in their ongoing efforts to build on the findings and recommendations of the USAP audits. I would also like to express my gratitude to those States that have diligently supported the USAP by seconding experts, without whom our ability to successfully carry out the Programme would be seriously compromised.
———————————————
Mr. Raymond Benjamin ICAO Secretary General
iii
Acronyms
AA Audit Area AOSP Aircraft Operator Security Programme APAC Asia and Pacific ARRB Audit Results Review Board ASP Airport Security Programme AUI Acts of Unlawful Interference AVSECP Aviation Security Panel CAP Corrective Action Plan CE Critical Element CGO Cargo, Catering and Mail Security CMA Continuous Monitoring Approach EC European Community ESAF Eastern and Southern Africa EU European Union EUR/NAT Europe and North Atlantic FAL Security Aspects of Facilitation HLCAS High-Level Conference on Aviation Security ICAO International Civil Aviation Organization ICASS ICAO Comprehensive Aviation Security Strategy IFS Aircraft and In-flight Security ISD-SEC Implementation Support and Development – Security LC Lack of Compliance LEG Regulatory Framework and the National Civil Aviation Security System LEI Lack of Effective Implementation MARB Monitoring and Assistance Review Board MID Middle East MoC Memorandum of Cooperation MoU Memorandum of Understanding NACC North America, Central America and the Caribbean NATFP National Air Transport Facilitation Programme NCASP National Civil Aviation Security Programme NCASTP National Civil Aviation Security Training Programme NQCP National Civil Aviation Security Quality Control Programme OPS Airport Operations PAQ Pre-audit Questionnaire PAX Passenger and Baggage Security PQ Protocol Question QCF Quality Control Functions SAM South America SAR Special Administrative Region SARPs Standards and Recommended Practices SRA Security Restricted Area SSeC Significant Security Concern TRG Training of Aviation Security Personnel UNDSS United Nations Department of Safety and Security USAP Universal Security Audit Programme USOAP Universal Safety Oversight Audit Programme WACAF Western and Central Africa
———————————————
v
TABLE OF CONTENTS Introduction …………………………………………………………………………………………… 1 The Universal Security Audit Programme (USAP) ............................................................... 3 Evolution of the Programme .......................................................................................... 3 USAP Principles ............................................................................................................ 5 The Audit Process ......................................................................................................... 6 Training and Certification .............................................................................................. 6 Part I — USAP First Cycle ........................................................................................................ 9 Scope of the First-Cycle Audits ....................................................................................... 9 Subject Matter Modules ................................................................................................ 10 First-Cycle Audits and Follow-up Visits Completed ....................................................... 11 Analysis of First-Cycle Audit and Follow-up Visit Results .............................................. 18 Global Analysis ....................................................................................................... 19 Regional Analysis .................................................................................................... 20 Asia and Pacific (APAC) .................................................................................... 20 Eastern and Southern Africa (ESAF) ................................................................. 21 Europe and North Atlantic (EUR/NAT) ............................................................... 21 Middle East (MID) .............................................................................................. 22 North America, Central America and the Caribbean (NACC) ............................. 22 South America (SAM) ........................................................................................ 23 Western and Central Africa (WACAF) ................................................................ 23 Key Audit Findings ........................................................................................................ 24 National Level ......................................................................................................... 24 Airport Level ............................................................................................................ 25 Part II — USAP Second Cycle ................................................................................................ 27 Scope of the Second-Cycle Audits .............................................................................. 27 Critical Elements of a State’s Aviation Security Oversight System ………………………28 Second-Cycle Audits Completed as at 30 June 2013 ................................................... 31 Analysis of the Second-Cycle Audit Results ................................................................. 37 Global Analysis ...................................................................................................... 37 Regional Analysis ................................................................................................... 40 Asia and Pacific (APAC) ................................................................................... 40 Eastern and Southern Africa (ESAF) ................................................................ 41 Europe and North Atlantic (EUR/NAT) ............................................................. 42 Middle East (MID) ............................................................................................. 43 North America, Central America and the Caribbean (NACC) ............................ 44 South America (SAM) ....................................................................................... 45 Western and Central Africa (WACAF) ............................................................... 46 Analysis by Critical Element ................................................................................... 49 Critical Element - 1 ........................................................................................... 49 Critical Element - 2 ........................................................................................... 50 Critical Element - 3 ........................................................................................... 51 Critical Element - 4 ........................................................................................... 52 Critical Element - 5 ........................................................................................... 53
vi
Critical Element - 6 ........................................................................................... 55 Critical Element - 7 ........................................................................................... 56 Critical Element - 8 ........................................................................................... 57 Analysis by Audit Area ........................................................................................... 59
Top Ten Protocol Questions Not Satisfactorily Implemented ............................ .……. 65 Conclusion ............................................................................................................................ 67
———————————————
INTRODUCTION The ICAO Universal Security Audit Programme (USAP), launched in November 2002, represents an important initiative in the global strategy for strengthening aviation security and attaining the commitment of ICAO Member States in a collaborative effort to establish a robust global aviation security system. As a core programme of one of the strategic focus areas of the ICAO Comprehensive Aviation Security Strategy (ICASS), Strategic Plan of Action 2011 - 2016, the USAP provides for the conduct of regular, mandatory, systematic and harmonized audits of the aviation security and oversight system in each ICAO Member State. The objective of the Programme is to promote global aviation security by identifying any deficiencies in each State’s aviation security and oversight system and providing recommendations for their resolution. The analysis presented herein is based on the final results of the audits conducted in 181 States under the first cycle of the USAP from November 2002 to December 2007, of which 172 States were also subjected to a follow-up visit to assess the level of implementation of their corrective action plans (CAPs). This analysis also covers the final results of the audits conducted in 177 Member States and one Special Administrative Region (SAR) under the second cycle of the USAP from January 2008 to June 2013, focusing on the critical elements (CEs) of States’ aviation security oversight systems. The analysis of audit findings identified during the first and second cycles of USAP audits allows ICAO to be more effective in promoting global aviation security by determining the types of difficulties experienced by Member States in establishing effective aviation security and oversight systems. This analysis also identifies particular areas of concern and provides the basis for understanding trends at the regional and global levels, enabling ICAO to:
a) evaluate the impact of these concerns on global aviation security; b) prioritize actions required to resolve identified security concerns; and c) formulate remedial strategies and provide assistance to States in establishing
effective aviation security and oversight systems. Audit results are regularly shared within the Secretariat to assist in the development of Standards and Recommended Practices (SARPs) and guidance material, as well as in the provision of assistance to States. Similarly, information derived from USAP audits is considered by the relevant Aviation Security Panel (AVSECP) working groups for the amendment of the SARPs contained in Annex 17 — Security — Safeguarding International Civil Aviation Against Acts of Unlawful Interference to the Convention on International Civil Aviation, hereinafter referred to as the “Chicago Convention”, and the development of training and guidance material. This analysis supports the Organization’s Strategic Objective B: Security — Enhance Global Civil Aviation Security and has been prepared by the Aviation Security Audit Section of the Aviation Security Branch.
———————————————
- 3 -
The Universal Security Audit Programme (USAP) Evolution of the Programme The ICAO USAP comprises regular, mandatory, systematic and harmonized aviation security audits of all Member States, with such audits addressing both national and airport levels in order to evaluate the States’ aviation security oversight capabilities, as well as the actual security measures in place at selected key airports. Pursuant to Assembly Resolution A33-1, Declaration on misuse of civil aircraft as weapons of destruction and other terrorist acts involving civil aviation, from 2002 to 2007, 181 Member States and one SAR benefited from the ICAO security audits under the first cycle of the USAP (9 Member States could not be audited during the first cycle due to the United Nations security phase in effect). The objective of the Programme was to promote global aviation security through the auditing of Member States to determine the status of implementation of ICAO security Standards. The USAP first-cycle audits were designed to determine the degree of compliance of a State in implementing Annex 17 Standards, and the extent to which a State's implementation of its aviation security system was sustainable through the establishment of appropriate legislation, national policies and an aviation security authority provided with inspection and enforcement capabilities. A programme of follow-up visits with respect to the first cycle of audits was initiated in 2005 and completed in 2009. One hundred and seventy-two follow-up visits were conducted in order to validate the implementation of States’ CAPs to address the recommendations resulting from the audits, and to provide support to States in remedying identified deficiencies. Some States did not receive follow-up visits due either to the United Nations security phase in effect, the absence of a CAP, or the lack of progress in the implementation of the CAP. The follow-up visits demonstrated that, overall, States had made improvements in the rectification of the deficiencies that were identified during the initial audits and in fulfilling their obligations to meet Annex 17 Standards. However, a substantial amount of work remained to be done by some Member States in order to achieve full compliance with all Annex 17 Standards and to establish comprehensive security oversight systems to ensure the effective implementation of national aviation security requirements and the SARPs contained in Annex 17. The results of the follow-up visits also revealed that varying levels of improvement were identified between regions and, in many cases, between States within a region. States having difficulties in addressing deficiencies identified during an audit were offered the opportunity to request assistance from ICAO through the Implementation Support and Development – Security (ISD-SEC) Programme in coordination with the Technical Cooperation Programme. An in-depth global and regional analysis of the results of the USAP first-cycle audits and follow-up visits has been consolidated in the second edition (2010) of this document, which is available on the USAP secure website (https://portal.icao.int/usap). In recognizing that the USAP had proven to be instrumental in identifying aviation security concerns and providing recommendations for their resolution, the 36th Session of the Assembly, in Resolution A36-20, Consolidated statement of continuing ICAO policies related to the safeguarding of international civil aviation against acts of unlawful interference, since superseded by Assembly Resolution A37-17, requested the Council to ensure the continuation of the USAP following the initial cycle of audits at the end of 2007. The second cycle of audits was to focus, wherever possible, on a State’s capability to provide appropriate national oversight of its aviation security activities through the
- 4 -
effective implementation of the critical elements (CEs) of an aviation security oversight system as presented in ICAO Doc 9734 — Oversight Manual, Part C — The Establishment and Management of a State’s Aviation Security Oversight System. In addition, the Assembly requested that the scope of future audits be expanded to include relevant security-related provisions of Annex 9 — Facilitation. Aviation security audits under the ICAO USAP second cycle commenced in January 2008. The primary objectives of the second-cycle audits were to:
a) determine the State’s capability for aviation security oversight by assessing whether the CEs of an aviation security oversight system have been implemented effectively;
b) determine the State’s degree of compliance with Annex 17 Standards and the
security-related provisions of Annex 9; c) assess the State’s adherence to security procedures, guidance material and
security-related practices associated with the relevant ICAO SARPs; and
d) provide recommendations to the audited State on how to improve its aviation security system and security oversight capabilities.
In November 2006, the Secretary General established a high-level Secretariat Audit Results Review Board (ARRB) to examine the specific safety and security histories of individual States that were failing to respond effectively to the ICAO audit processes or that were experiencing difficulties in increasing their level of compliance with ICAO provisions and in meeting their safety and security oversight obligations. The objective of the ARRB was to encourage the States’ commitment in achieving the objectives of both ICAO’s Universal Safety Oversight Audit Programme (USOAP) and USAP by raising the profile of States referred to the Board. The work of the ARRB evolved over time to focus more on the development and implementation of assistance strategies for States. As a consequence of this evolution, the Secretary General decided to establish in December 2011 the Monitoring and Assistance Review Board (MARB) to replace the ARRB. The primary focus of the MARB is to evaluate the effectiveness and efficiency of monitoring activities and to identify, coordinate and validate assistance strategies. In addition, States that are referred to the MARB are reviewed on a case-by-case basis and the Board, in each case, decides on appropriate actions within its capacity. If all realistic options for resolving a situation have been exhausted, the MARB may refer a State to the Council of ICAO for special consideration and possible further action, as appropriate. The MARB provides the Council of ICAO a report on its activities every session. The MARB is chaired by the Secretary General and includes the Directors of the Air Navigation Bureau, the Air Transport Bureau and the Technical Co-operation Bureau, as well as the Deputy Director of Safety Management and Monitoring and the Chief of the Aviation Security Branch. The MARB plays an important role both in coordinating ICAO’s monitoring and assistance activities and by enabling the Organization to focus on those States whose difficulties cannot be addressed through existing mechanisms.
- 5 -
USAP Principles USAP audits, throughout the duration of the first and second cycles, were conducted based on the following nine principles: Sovereignty: Every State has complete and exclusive sovereignty over the airspace above its territory. Accordingly, ICAO fully respects a sovereign State's responsibility and authority for aviation security, including its decision-making powers with respect to implementing corrective actions related to audit findings. Universality: USAP audits are conducted in all Member States in accordance with an audit programme established by ICAO and agreed upon by the States. Transparency of methodology: The audit elements and process are made available to all Member States. Timeliness: Results of the audits are produced and submitted on a timely basis in accordance with a predetermined schedule for the preparation and submission of audit reports. All-inclusiveness: The scope of the USAP during the first cycle of audits was limited to Annex 17 Standards. This scope was expanded during the second cycle to include relevant security-related provisions of Annex 9 in order to ensure the implementation of all appropriate security-related SARPs in ICAO Member States' civil aviation systems. Consistency and objectivity: USAP audits are conducted in a consistent and objective manner. Standardization and uniformity in the scope, depth and quality of audits are assured through the training and certification of all auditors, the provision of guidance material and the implementation of an audit quality control system within the Aviation Security Audit Section. Fairness: USAP audits are conducted in a manner such that Member States are given the opportunity to monitor, comment upon and respond to the audit process, but must do so within an established time frame. Quality: USAP audits are conducted by appropriately trained and certified auditors in accordance with widely recognized auditing concepts. Confidentiality: Sensitive security information collected as part of the USAP is protected from unauthorized disclosure. In recognition of the special sensitivity of information related to aviation security, the USAP audit reports and all audit-related documentation are subjected to rigorous physical controls by ICAO and are strictly protected from release to any entity other than the appropriate authority for aviation security of the audited State. In order to promote mutual confidence in the level of aviation security between States, the past three sessions of the ICAO Assembly encouraged each State to share the results of the audit carried out by ICAO and the corrective actions taken by the audited State on a bilateral or multilateral basis. This has been reinforced with the inclusion of Recommended Practice 2.4.5 in Annex 17. Based on the direction of the 36th Session of the Assembly, the Council, during its 184th Session, approved the introduction of a limited level of transparency with respect to the USAP second-cycle aviation security audit results, balancing the need for States to be aware of unresolved security concerns, with the need to keep sensitive security information out of the public realm. As such, a
- 6 -
graphical representation depicting the level of effective implementation of the CEs of an aviation security oversight system for each audited State is posted on the USAP secure website. Under the USAP report production process, a final security audit report was forwarded to the audited State within 60 calendar days after the closing meeting of the audit. The State then had 60 calendar days to submit a CAP. However, USAP auditors sometimes encountered situations that revealed Significant Security Concerns (SSeCs) which may have posed an immediate security risk to civil aviation. To address these concerns in a timely manner in parallel with the established timeline for the production of audit reports, the Council, during its 189th Session in February 2010, approved the definition of an SSeC and the related mechanism for the identification, validation and notification of an SSeC, the details of which were provided in ICAO Electronic Bulletin EB 2010/31. The 37th Session of the Assembly endorsed the policy of transparency of security audit results for the second cycle of the USAP, particularly relating to the prompt notification of the existence of SSeCs. The Audit Process The second-cycle audit process started four to six months prior to the audit itself with the signing of the model bilateral Memorandum of Understanding (MoU) by ICAO and the State that was to be audited. The MoU defined each party’s role in the auditing process and set forth the means by which the audit was to be conducted. Each State was also requested to complete a detailed pre-audit questionnaire (PAQ) and compliance checklists (for Annex 17 Standards and security-related provisions of Annex 9, respectively) and to provide relevant associated documentation and programmes. The submission of this documentation was designed to:
a) gather relevant information required for the development of a State-specific audit
plan; b) assist States in ascertaining the status of implementation of ICAO security-related
SARPs and in identifying any differences that may exist between national regulations and the relevant ICAO Annex provisions; and
c) ensure an efficient and effective implementation of the USAP.
In order to ensure consistency and objectivity, all audits were carried out in accordance with the standardized and transparent auditing processes and procedures set forth in ICAO Doc 9807 — Security Audit Reference Manual (Restricted), which was made available in advance to all States. Training and Certification Auditor training and certification courses were conducted regularly throughout the first and second cycles of audits in order to maintain the USAP roster of certified auditors with as wide a geographical base as possible and in sufficient numbers to carry out the established schedules of audits. A programme of auditor recertification was initiated in December 2007 in order to provide training to all USAP auditors on the audit methodology for the second cycle. The training programme, which consisted of live interactive web-based briefings and an e-learning programme, concluded in 2008, with over 120 USAP auditors recertified. In addition to recertification activities,during the second audit cycle, six initial USAP auditor training and certification courses were conducted, namely in Nairobi, Casablanca, Hong Kong SAR, Lima and Montreal. As of June 2013, over 150 active auditors from all regions of the world were on the USAP roster.
- 7 -
Seminars designed to familiarize State officials with the tools and methodology used for the preparation, conduct and reporting of aviation security audits under the second cycle were also conducted in Singapore, Nairobi, Casablanca, Moscow and San José (Costa Rica), with the participation of over 180 State officials.
- 9 -
Part I - USAP First Cycle
Scope of the First-Cycle Audits The first cycle of the ICAO USAP was designed to determine each State’s degree of compliance in implementing the Standards of Annex 17, and to determine the extent to which a State's implementation of its security system was sustainable. To this end, and in order to evaluate a State’s aviation security oversight capabilities and the actual security measures in place at selected key airports, audits were conducted at both the national and airport levels. This approach provided a comprehensive picture of the overall aviation security posture of the States and resulted in recommendations for improvement that can be directed at all facets of the States' aviation security systems. At the national level, ICAO audit teams evaluated whether a State had an appropriate organization and administrative structure capable of overseeing activities at its airports. Cooperation with other States was also evaluated as a key subject during the course of the audits.
At the airport level, ICAO audit teams evaluated the implementation of Annex 17 Standards in subject matters that included the organization and administration of the airport, access control, passenger and baggage screening, hold baggage, in-flight security, cargo and catering and the management of response to acts of unlawful interference (AUI) and contingency plans.
- 10 -
Subject Matter Modules For the purpose of first-cycle audits, Annex 17 Standards were grouped into the following nine subject matter modules in order to address common areas at both the national and airport levels, as well as to facilitate and standardize the conduct of the audits:
1) Module I. National Level — Organization and Administration — The establishment of a national-level aviation security organization, legislation and programmes.
2) Module II. National Level — Cooperation with Other States — The
availability and implementation of policies concerning cooperation with other States on various aspects of aviation security and the management of response to AUI.
3) Module III. Airport Level — Organization and Administration — The
availability of an authority to coordinate the implementation of security controls at the airport, including the development of an airport security programme (ASP) and associated procedures for the implementation of security measures.
4) Module IV. Airport Level — Access Control — The implementation of
security measures to control access to the airside and security restricted areas (SRAs) of an airport.
5) Module V. Airport Level — Passenger and Cabin Baggage Security — The
implementation of written procedures to prevent the introduction of prohibited items on board aircraft.
6) Module VI. Airport Level — Hold Baggage Security — The implementation
of written procedures to prevent explosive devices from being introduced on board aircraft in the hold baggage.
7) Module VII. Airport Level — Aircraft and In-flight Security — The
implementation of written procedures to ensure security of aircraft prior to and during flight, including procedures for aircraft security checks and searches, access to the flight crew compartment and armed personnel.
8) Module VIII. Airport Level — Cargo Security and Catering — The
implementation of written procedures to ensure that cargo, mail and other goods, including catering supplies for carriage on an aircraft, are subjected to appropriate security controls.
9) Module IX. Response to AUI and Contingency Arrangements — The
implementation of written procedures for contingency arrangements and the management of response to AUI.
- 11 -
First-Cycle Audits and Follow-up Visits Completed No Member State Audited Dates of Audit Dates of Follow-up Visit
1. Albania November/December 2004 August 2006
2. Algeria December 2004 June 2006
3. Andorra October 2007 No follow-up
4. Angola May/June 2005 September 2009
5. Antigua and Barbuda November 2005 July 2007
6. Argentina January 2006 September 2008
7. Armenia February 2005 November 2007
8. Australia November/December 2005 December 2007
9. Austria October 2003 December 2005
10. Azerbaijan June 2007 March 2009
11. Bahamas October 2007 March 2009
12. Bahrain February 2006 February 2008
13. Bangladesh October/November 2003 April 2007
14. Barbados December 2006 October 2008
15. Belarus June 2005 September 2007
16. Belgium January 2006 January 2008
17. Belize November 2007 March 2009
18. Benin June 2005 September 2007
19. Bhutan October/November 2003 December 2005
20. Bolivia March/April 2003 December 2005
21. Bosnia and Herzegovina August/September 2004 August 2006
22. Botswana November 2003 September 2006
23. Brazil June/July 2005 October 2007
24. Brunei Darussalam November 2006 January 2008
25. Bulgaria February 2003 December 2005
26. Burkina Faso October/November 2006 March 2009
- 12 -
No Member State Audited Dates of Audit Dates of Follow-up Visit
27. Cambodia May 2003 June 2005
28. Cameroon February 2004 July 2006
29. Canada May 2005 May 2007
30. Cape Verde July 2004 April 2006
31. Central African Republic August/September 2007 December 2009
32. Chad August 2005 No follow-up
33. Chile May 2005 October 2007
34. China May 2004 June 2006
Hong Kong SAR, China January 2008 No follow-up
35. Colombia August/September 2005 March 2007
36. Comoros February 2005 March 2007
37. Congo June/July 2006 August 2008
38. Cook Islands October 2006 September 2008
39. Costa Rica February 2005 January 2007
40. Croatia September 2004 October 2006
41. Cuba March 2004 March 2006
42. Cyprus September 2003 February 2006
43. Czech Republic January 2007 May 2009
44. Democratic People’s Republic of Korea September 2005 December 2007
45. Democratic Republic of the Congo July 2006 August 2008
46. Denmark October 2006 May 2008
47. Djibouti August/September 2004 No follow-up
48. Dominican Republic March/April 2006 July 2008
49. Ecuador September 2005 March 2007
50. Egypt July 2004 November 2006
51. El Salvador August 2004 June 2006
52. Equatorial Guinea April/May 2007 No follow-up
- 13 -
No Member State Audited Dates of Audit Dates of Follow-up Visit
53. Eritrea November 2007 December 2009
54. Estonia August 2005 August 2007
55. Ethiopia January 2007 August 2009
56. Fiji February/March 2007 July 2009
57. Finland July 2007 June 2009
58. France February/March 2007 June 2009
59. Gabon January 2004 July 2006
60. Gambia November 2003 October 2005
61. Georgia June 2004 April 2006
62. Germany October 2006 June 2008
63. Ghana August/September 2004 July 2006
64. Greece June/July 2003 April 2006
65. Grenada May 2006 May 2008
66. Guatemala January/February 2005 January 2007
67. Guinea June 2003 November 2005
68. Guinea-Bissau November 2006 October 2008
69. Guyana November/December 2006 October 2008
70. Honduras March 2004 September 2006
71. Hungary February/March 2005 March 2007
72. Iceland March 2007 May 2009
73. India January 2005 January 2007
74. Indonesia July 2004 July 2006
75. Iran (Islamic Republic of) November 2007 November 2009
76. Ireland July 2007 December 2009
77. Israel March 2004 February 2006
78. Italy May/June 2005 November 2007
79. Jamaica September 2003 October 2005
- 14 -
No Member State Audited Dates of Audit Dates of Follow-up Visit
80. Japan September 2005 December 2007
81. Jordan July 2005 October 2007
82. Kazakhstan September 2004 November 2006
83. Kenya June 2004 October 2006
84. Kiribati August 2007 No follow-up
85. Kuwait April 2006 April 2008
86. Kyrgyzstan October 2004 November 2006
87. Lao People’s Democratic Republic January 2004 June 2007
88. Latvia July 2005 August 2007
89. Lebanon May 2003 March 2007
90. Lesotho August/September 2006 April 2008
91. Libya March 2004 February 2007
92. Lithuania May 2003 December 2005
93. Luxembourg May/June 2007 May 2009
94. Madagascar January/February 2005 August 2007
95. Malawi January 2006 April 2009
96. Malaysia January 2006 January 2008
97. Maldives June 2006 April 2008
98. Mali November/December 2004 May 2006
99. Malta August 2007 May 2009
100. Marshall Islands August 2007 September 2009
101. Mauritania April 2005 April 2007
102. Mauritius March 2006 February 2008
103. Mexico January 2004 May/June 2006
104. Micronesia (Federated States of) June/July 2004 No follow-up
105. Monaco June 2007 June 2009
106. Mongolia November 2004 April 2007
- 15 -
No Member State Audited Dates of Audit Dates of Follow-up Visit
107. Montenegro November 2007 No follow-up
108. Morocco March 2004 June 2006
109. Mozambique January 2007 No follow-up
110. Myanmar January/February 2004 February 2006
111. Namibia June 2005 August 2007
112. Nauru August 2007 September 2009
113. Nepal February 2006 October 2008
114. Netherlands November/December 2006 June 2008
115. New Zealand September 2006 September 2008
116. Nicaragua August/September 2004 September 2006
117. Niger August 2005 June 2007
118. Nigeria August 2004 July 2006
119. Norway June 2006 May 2008
120. Oman July 2006 June 2008
121. Pakistan August 2005 November 2007
122. Palau April 2005 June 2007
123. Panama March 2007 February 2009
124. Papua New Guinea October 2004 May 2006
125. Paraguay December 2003 December 2005
126. Peru May 2004 March 2006
127. Philippines June 2004 August 2006
128. Poland January 2004 October 2006
129. Portugal July/August 2006 October 2008
130. Qatar December 2005 October/November 2007
131. Republic of Korea November 2004 November 2006
132. Republic of Moldova March 2006 March 2008
133. Romania June 2006 April 2008
- 16 -
No Member State Audited Dates of Audit Dates of Follow-up Visit
134. Russian Federation August/September 2006 June 2008
135. Rwanda September 2004 October 2006
136. Saint Kitts and Nevis November/December 2005 July 2007
137. Saint Lucia April/May 2006 May 2008
138. Saint Vincent and the Grenadines April 2006 May 2008
139. Samoa October 2006 September 2008
140. San Marino July 2006 No follow-up
141. Sao Tome and Principe July 2006 September 2009
142. Saudi Arabia March/April 2006 February 2008
143. Senegal June 2003 September 2005
144. Serbia January 2005 February 2007
145. Seychelles April 2006 February 2008
146. Singapore October/November 2006 October 2008
147. Slovakia April/May 2006 April 2008
148. Slovenia May 2006 January 2008
149. Solomon Islands March 2007 July 2009
150. South Africa August 2006 April 2008
151. Spain April 2007 May 2009
152. Sri Lanka May 2006 April 2008
153. Sudan November 2005 November 2007
154. Suriname July 2003 October 2005
155. Swaziland November 2003 August 2006
156. Sweden September 2006 May 2008
157. Switzerland October 2007 May 2009
158. Syrian Arab Republic March 2004 November 2006
159. Tajikistan September 2006 March 2009
160. Thailand June 2007 August/September 2009
- 17 -
No Member State Audited Dates of Audit Dates of Follow-up Visit
161. The former Yugoslav Republic of Macedonia December 2004 March 2007
162. Togo June 2005 September 2007
163. Tonga December 2005 December 2007
164. Trinidad and Tobago June/July 2003 October 2005
165. Tunisia April 2004 June 2006
166. Turkey May/June 2004 October 2006
167. Turkmenistan October 2005 November 2007
168. Uganda November/December 2002 October 2005
169. Ukraine May 2007 March 2009
170. United Arab Emirates November 2005 October 2007
171. United Kingdom May 2007 December 2009
172. United Republic of Tanzania June/July 2004 October 2006
173. United States April 2005 August 2007
174. Uruguay January/February 2006 January 2008
175. Uzbekistan May 2004 November 2006
176. Vanuatu November 2004 April 2006
177. Venezuela November/December 2004 July 2006
178. Viet Nam March 2005 June 2007
179. Yemen July/August 2006 June 2008
180. Zambia September 2005 July 2007
181. Zimbabwe October 2005 March 2007
- 18 -
The following chart shows the geographical distribution, by ICAO region, of the ICAO 190* Member States and the 181 Member States audited as of 31 December 2007 under the first cycle of the USAP, of which 172 Member States have also received follow-up visits as of 31 December 2009.
38
23
56
15
21
13
24
36
21
56
14
20
13
21
34
19
53
14
20
13
19
0
10
20
30
40
50
60
APAC ESAF EUR/NAT MID NACC SAM WACAF
ICAO Member States 190 First-Cycle Audits 181 Follow-up Visits 172
Analysis of First-Cycle Audit and Follow-up Visit Results The analysis of first-cycle audit results on levels of compliance with Annex 17 Standards is performed on a global and regional basis. This statistical data provides the basis for understanding global and regional trends of non-compliance with Annex 17, including by subject matter, and provides a foundation for formulating remedial solutions and strategies and for prioritizing assistance activities. ___________________ *Note: South Sudan ratified the Convention on International Civil Aviation on 11 October 2011, thus becoming the 191st ICAO Member State.
First-Cycle USAP Audits and Follow-up Visits Completed
- 19 -
Global Analysis The following chart depicts the global average lack of compliance (LC) with Annex 17 Standards by subject matter module for 181 Member States following the first-cycle audits and follow-up visits conducted (a follow-up visit could not be conducted in 9 States).
Lack of Compliance (LC) with Annex 17 Standards Global Average LC: Audits - 52.98%; Follow-up Visits - 34.49%
Global Average Progress - 34.90%
- 20 -
Regional Analysis The following charts depict the average LC with Annex 17 Standards by subject matter module for all ICAO regions following the first-cycle audits and follow-up visits.
Lack of Compliance (LC) with Annex 17 Standards APAC Average LC: Audits - 53.13%; Follow-up Visits - 32.22%
- 21 -
Lack of Compliance (LC) with Annex 17 Standards ESAF Average LC: Audits - 64.31%; Follow-up Visits - 51.41%
Lack of Compliance (LC) with Annex 17 Standards EUR/NAT Average LC: Audits - 40.66%; Follow-up Visits - 19.14%
- 22 -
Lack of Compliance (LC) with Annex 17 Standards MID Average LC: Audits - 51.93%; Follow-up Visits - 20.41%
Lack of Compliance (LC) with Annex 17 Standards NACC Average LC: Audits - 57.44%; Follow-up Visits - 39.82%
- 23 -
Lack of Compliance (LC) with Annex 17 Standards SAM Average LC: Audits - 52.56%; Follow-up Visits - 35.92%
Lack of Compliance (LC) with Annex 17 Standards WACAF Average LC: Audits - 70.99%; Follow-up Visits - 65.84%
- 24 -
Key Audit Findings
National Level
Overall, States have shown a firm commitment to the protection of civil aviation from AUI and the restoration of public confidence in the industry, following the events of 11 September 2001. Much investment has been made in both human and technical resources aimed at improving the efficiency of aviation security systems. Nevertheless, sustainable aviation security systems are dependent on effective legislation, policy and programmes, reinforced through inspection and enforcement capabilities. In this context, the first cycle of USAP audits identified the following four primary areas of concern at the national level: National Civil Aviation Security Programme (NCASP). Although almost all States had an NCASP as required by Standard 3.1.1, in many States, the programme was only available in draft form or had not been kept up-to-date. Oversight and enforcement capabilities. Audit recommendations were frequently made with respect to National Civil Aviation Security Quality Control Programmes (NQCPs) and on the availability of comprehensive procedures and criteria for the conduct of audits, surveys, inspections and tests (Standards 3.4.4 to 3.4.7). Often, the appropriate authority was understaffed, was not sufficiently empowered to ensure compliance with national requirements, and was not ensuring the implementation of corrective actions, as appropriate. Aviation security training. Many States did not have a comprehensive National Civil Aviation Security Training Programme (NCASTP) to ensure that function-specific training was provided to all persons involved in the implementation of aviation security measures (Standards 3.1.6 and 3.4.2). Certification of screening personnel. Many States had not established a screener certification programme to ensure that performance standards in the screening of passengers and baggage were consistently and reliably achieved (Standard 3.4.3). The follow-up visits revealed significant improvement in the rectification of the deficiencies at the national level that were identified during the initial audits. However, a substantial amount of work remained in order to achieve full compliance. To be highlighted, in particular, was the need for States to continue their efforts in establishing comprehensive security oversight systems to ensure the effective implementation of national aviation security requirements and the SARPs contained in Annex 17. A fundamental component of such a system is a robust NQCP that provides for the conduct of national audits, surveys, inspections and tests. States also needed to give continuing attention to the policies and procedures in place in order to fulfil their training and certification obligations. The first-cycle audits demonstrated that failure to regulate and coordinate training and certification policies at the national level invariably manifested itself in a poor or inconsistent application of security measures at the operational level.
- 25 -
Airport Level The first-cycle audits and follow-up visits revealed that the level of compliance with Annex 17 Standards at the airport level was somewhat higher than at the national level, perhaps indicating a higher priority being afforded to practical security measures than to the State’s security organization, documentation and regulatory framework. Shortcomings in relation to the implementation of operational security measures at the airport level included: Airport organization and administration. Recommendations were often made in relation to the development and implementation of ASPs. In particular, many programmes were found not containing detailed procedures for the implementation of all relevant security controls at the airport level consistent with national requirements (Standard 3.2.1). Access control. Measures to prevent unauthorized access to airside and SRAs of airports were often not effectively enforced. Shortcomings were identified in relation to physical security measures, such as the screening of staff, together with items carried, and the display of security identification cards by persons and vehicles entering the airside and SRAs of airports (Standards 4.2.1 to 4.2.6). Passenger, cabin and hold baggage screening. The quality and consistency of screening operations varied significantly among States, and inconsistencies were frequently found in the training and competence of persons carrying out screening functions (Standards 4.4.1, 4.4.2, 4.5.1 and 4.5.4). Aircraft and in-flight security. The development and implementation of written procedures often required further enhancement to ensure the security of aircraft prior to and during flight, such as aircraft security checks or searches; the protection of aircraft from unauthorized interference prior to departure; and procedures for the carriage of authorized armed personnel (Standards 4.3.1 to 4.3.4 and 4.7.8). Cargo security. Shortcomings were commonly identified in regard to the application of security controls for cargo, including physical security of cargo premises, the protection of cargo after acceptance and, where applicable, appropriate policies and procedures related to regulated agent regimes (Standards 4.6.1 to 4.6.4). Response to AUI. Contingency arrangements and procedures for the management of response to AUI were often not fully developed (Standards 5.1.1 to 5.1.5). Similar to the national level, significant improvements were validated at the airport level in the course of the follow-up visits, which demonstrated overall that States made improvements in their obligations to meet Annex 17 Standards. However, varying levels of improvement were identified between regions and, in many cases, between States within a region. The following chart depicts the average LC with Annex 17 Standards by ICAO region following the first-cycle audits and the follow-up visits, as well as the average progress made by ICAO regions towards compliance with Annex 17 Standards.
- 26 -
The first-cycle audits and follow-up visits confirmed that effective national oversight remains the single most important tool for ensuring the sustainability of a State’s aviation security system by identifying and rectifying deficiencies on a continuous basis. Only with the appropriate levels of government commitment and coordination, and the establishment of a viable national oversight system with effective quality control measures, can the harmonized implementation of aviation security regulatory requirements be ensured.
Lack of Compliance (LC) with Annex 17 Standards Regional Average LC and Regional Average Progress
- 27 -
Part II - USAP Second Cycle Scope of the Second-Cycle Audits The 36th Session of the ICAO Assembly requested that future aviation security audits focus, wherever possible, on the States’ capability to provide appropriate national oversight of their aviation security activities. This was based on the recognition that, ultimately, it is the responsibility of the States to ensure both safety and security of civil aviation pursuant to the Chicago Convention and the Annexes thereto. Furthermore, the Assembly requested that the scope of the audits be expanded to include relevant security-related provisions of Annex 9 and directed the Council to consider the introduction of a limited level of transparency of ICAO aviation security audit results. Standardized auditing methodology used for the second cycle of audits was prepared in close consultation with the AVSECP and in line with the Assembly’s direction. Under the USAP second cycle, ICAO conducted audits using audit protocol questionnaires found in ICAO Doc 9807 — Security Audit Reference Manual, Appendix D (Restricted). The main purpose of these audit protocol questionnaires was to standardize the conduct of audits under the ICAO USAP. The protocol questions (PQs) were individually associated with the eight CEs of a State’s aviation security oversight system and were based on Annex 17 Standards and security-related provisions of Annex 9, as well as associated ICAO guidance material including, but not limited to, ICAO Doc 9734 — Oversight Manual, Part C — The Establishment and Management of a State’s Aviation Security Oversight System. These PQs were the main tool used during the conduct of an audit for the assessment of a State’s aviation security oversight capability. The PQs were intended to be comprehensive and yet provide sufficient flexibility to allow the scope and complexity of aviation security activities in each State to be appropriately evaluated. To facilitate the conduct of the audits and the distribution of work amongst the audit team members, the audit protocol was divided into nine parts specific to the audit areas (AAs) covered, as shown in the figure below:
- 28 -
Critical Elements of a State’s Aviation Security Oversight System The security oversight capability of a State is directly related to the effective implementation of the CEs of the State’s civil aviation security oversight system. Eight such elements are identified and defined in ICAO Doc 9734 — Oversight Manual, Part C — The Establishment and Management of a State’s Aviation Security Oversight System:
CE-1 Aviation security legislation. The provision of a comprehensive and effective legal framework to implement the provisions of Annex 17 and relevant security-related provisions contained in other Annexes to the Chicago Convention, and to effect the implementation of the State’s aviation security requirements.
CE-2 Aviation security programmes and regulations. The provision of adequate
programmes and regulations to address, at a minimum, national requirements emanating from the aviation security legislation and providing for standardized implementation procedures, equipment and infrastructures (including security management and training systems), in conformance with the SARPs of Annex 17 and security-related provisions contained in other Annexes to the Chicago Convention.
CE-3 State appropriate authority for aviation security and its responsibilities.
The designation of an appropriate national authority for aviation security matters, supported by appropriate technical and non-technical staff and provided with adequate financial resources. The responsibilities of the appropriate authority include the development and maintenance of an effective NCASP, NCASTP and NQCP. The authority must be appropriately empowered to promulgate the regulations necessary to carry out national aviation security policies, including the allocation of tasks and coordination of responsibilities between government agencies.
CE-4 Personnel qualifications and training. The establishment of minimum
knowledge and experience requirements for technical personnel performing State aviation security oversight and regulatory functions, and the provision of appropriate training to such personnel to maintain and enhance their competence at the desired level. The training should include initial and recurrent training. This element also includes the provision of training to the aviation industry on the implementation of applicable aviation security requirements, measures and procedures.
CE-5 Provision of technical guidance, tools and security-critical information.
The provision of technical guidance (including processes and procedures), tools (including facilities and equipment) and security-critical information, as applicable, to technical personnel to enable them to perform their security oversight functions in accordance with established requirements and in a standardized manner. This element also includes the provision of technical guidance by the appropriate authority to the aviation industry on the implementation of applicable regulations, instructions and programmes.
- 29 -
CE-6 Certification and approval obligations. The implementation of processes and procedures to ensure that personnel and organizations performing an aviation security activity meet the established requirements, i.e. certification of screeners and approval of security programmes before they are allowed to conduct the relevant activity.
CE-7 Quality control obligations. The implementation of processes, such as audits,
inspections, surveys and tests, to proactively ensure that aviation security entities continue to meet the established requirements and operate at the level of competency and security required by the State. This includes the monitoring of designated personnel who perform security oversight functions on behalf of the appropriate authority.
CE-8 Resolution of security concerns. The implementation of processes and
procedures to resolve identified deficiencies impacting aviation security. This includes the ability to analyse security deficiencies, provide recommendations to prevent recurrence, track the rectification of identified deficiencies, including any follow-up procedures to ensure the effective implementation of corrective actions, and take remedial action, when appropriate.
Each PQ was individually linked to a CE and, when considered “not satisfactory”, an audit finding was generated and reflected under that CE in the graph of the audit results. Every audit finding was based on at least one “not satisfactory” PQ, which could also be referred to as a deficiency, but could also group together a number of deficiencies addressing the same topic. The distribution of PQs by CE and by AA is shown in the table below.
Critical Element (CE) Number of PQs CE-1 Aviation security legislation 9 CE-2 Aviation security programmes and regulations 94 CE-3 State appropriate authority for aviation security and its responsibilities 59 CE-4 Personnel qualifications and training 12 CE-5 Provision of technical guidance, tools and security-critical information 60 CE-6 Certification and approval obligations 28 CE-7 Quality control obligations 24 CE-8 Resolution of security concerns 13 Total 299
Audit Area (AA) Number of PQs Regulatory Framework and the National Civil Aviation Security System (LEG) 64 Training of Aviation Security Personnel (TRG) 21 Quality Control Functions (QCF) 18 Airport Operations (OPS) 46 Aircraft and In-flight Security (IFS) 44 Passenger and Baggage Security (PAX) 31 Cargo, Catering and Mail Security (CGO) 25 Response to Acts of Unlawful Interference (AUI) 38 Security Aspects of Facilitation (FAL) 12 Total 299
- 30 -
The following charts represent the distribution of the PQs by CE and by AA.
- 31 -
Second-Cycle Audits Completed as at 30 June 2013
Member State Audited Dates of Audit 1 Albania 12 to 16 January 2009 2 Algeria 15 to 22 November 2009 3 Andorra 13 to 17 May 2013 4 Angola 31 October to 7 November 2011 5 Antigua and Barbuda 24 to 28 August 2009 6 Argentina 12 to 19 March 2012 7 Armenia 8 to 15 July 2010 8 Australia 12 to 19 April 2010 9 Austria 18 to 22 January 2010 10 Azerbaijan 11 to 18 April 2012 11 Bahamas 26 April to 3 May 2012 12 Bahrain 14 to 21 June 2011 13 Bangladesh 8 to 15 October 2009 14 Barbados 7 to 14 May 2012 15 Belarus 19 to 26 July 2010 16 Belgium 22 to 26 June 2011 17 Belize 4 to 11 June 2012 18 Benin 6 to 13 October 2011 19 Bhutan 19 to 26 October 2009 20 Bolivia 1 to 8 September 2008 21 Bosnia and Herzegovina 13 to 17 October 2008 22 Botswana 24 April to 1 May 2008 23 Brazil 19 to 26 August 2010 24 Brunei Darussalam 14 to 21 May 2012 25 Bulgaria 24 September to 8 October 2009 26 Burkina Faso 6 to 14 May 2013 27 Burundi 15 to 22 August 2008 28 Cambodia 24 April to 1 May 2008 29 Cameroon 22 to 29 September 2008 30 Canada 18 to 25 October 2010 31 Cape Verde 22 to 29 March 2010 32 Central African Republic 4 to 11 August 2011 33 Chile 30 August to 6 September 2010 34 China 7 to 14 April 2009
Macao, SAR China 7 to 14 June 2010 35 Colombia 19 to 26 November 2009 36 Comoros 26 April to 3 May 2010 37 Congo 9 to 16 February 2012
- 32 -
Member State Audited Dates of Audit 38 Cook Islands 23 to 30 May 2011 39 Costa Rica 9 to 16 May 2011 40 Cote d’Ivoire 28 January to 4 February 2013 41 Croatia 20 to 27 October 2008 42 Cuba 25 January to 1 February 2010 43 Cyprus 23 September to 7 October 2009 44 Czech Republic 24 to 28 January 2011 45 Democratic People’s Republic of Korea 27 August to 3 September 2012 46 Denmark 14 to 18 February 2011 47 Dominican Republic 7 to 14 February 2011 48 Ecuador 21 to 28 June 2010 49 Egypt 14 to 21 May 2009 50 El Salvador 28 September to 5 October 2009 51 Eritrea 4 to 11 October 2012 52 Estonia 15 to 19 February 2010 53 Ethiopia 15 to 22 March 2012 54 Fiji 19 to 26 January 2012 55 Finland 5 to 9 November 2012 56 France 3 to 7 December 2012 57 Gabon 15 to 22 April 2010 58 Gambia 16 to 22 April 2009 59 Georgia 31 July to 7 August 2008 60 Germany 22 to 28 February 2011 61 Ghana 19 to 26 June 2008 62 Greece 17 November to 1 December 2009 63 Grenada 4 to 11 July 2011 64 Guatemala 17 to 24 February 2011 65 Guinea 6 to 13 April 2009 66 Guyana 23 to 30 June 2011 67 Honduras 9 to 16 March 2009 68 Hungary 2 to 6 August 2010 69 Iceland 24 November to 1 December 2011 70 India 3 to 10 February 2011 71 Indonesia 5 to 12 May 2008 72 Iran (Islamic Republic of) 7 to 14 October 2012 73 Ireland 2 to 5 April 2013 74 Israel 23 to 27 November 2008 75 Italy 9 to 13 August 2010 76 Jamaica 14 to 21 January 2008 77 Japan 8 to 15 November 2012
- 33 -
Member State Audited Dates of Audit 78 Jordan 7 to 14 February 2010 79 Kazakhstan 2 to 9 November 2009 80 Kenya 30 June to 7 July 2008 81 Kiribati 27 February to 5 March 2013 82 Kuwait 24 to 31 January 2011 83 Kyrgyzstan 22 to 29 October 2009 84 Lao People’s Democratic Republic 17 to 24 August 2009 85 Latvia 27 September to 1 October 2010 86 Lebanon 4 to 11 May 2009 87 Lesotho 29 August to 5 September 2011 88 Liberia 20 to 27 June 2013 89 Libya 15 to 22 November 2009 90 Lithuania 28 September to 15 October 2009 91 Luxembourg 4 to 8 March 2013 92 Madagascar 17 to 25 June 2013 93 Malawi 23 to 30 May 2013 94 Malaysia 19 to 26 May 2011 95 Maldives 9 to 16 May 2011 96 Mali 2 to 9 February 2009 97 Malta 21 to 24 May 2013 98 Marshall Islands 1 to 8 February 2012 99 Mauritania 24 to 31 October 2010 100 Mauritius 12 to 19 July 2012 101 Mexico 10 to 17 November 2008 102 Monaco 21 to 25 January 2013 103 Mongolia 11 to 18 November 2010 104 Montenegro 18 to 25 February 2013 105 Morocco 2 to 12 November 2009 106 Mozambique 10 to 17 June 2013 107 Myanmar 6 to 13 August 2009 108 Namibia 2 to 9 September 2010 109 Nepal 22 to 29 November 2010 110 Netherlands 14 to 18 February 2011 111 New Zealand 12 to 19 May 2011 112 Nicaragua 17 to 24 September 2009 113 Niger 14 to 21 October 2010 114 Nigeria 9 to 16 June 2008 115 Norway 5 to 12 December 2011 116 Oman 22 to 29 April 2012 117 Palau 29 November to 3 December 2010
- 34 -
Member State Audited Dates of Audit 118 Panama 1 to 8 March 2012 119 Papua New Guinea 14 to 21 October 2010 120 Paraguay 11 to 18 September 2008 121 Peru 10 to 17 June 2010 122 Philippines 6 to 13 July 2009 123 Poland 13 to 17 December 2010 124 Portugal 9 to 13 June 2011 125 Qatar 4 to 11 March 2012 126 Republic of Korea 25 August to 1 September 2011 127 Republic of Moldova 20 to 27 May 2010 128 Romania 9 to 13 May 2011 129 Russian Federation 10 to 17 March 2011 130 Rwanda 11 to 18 March 2010 131 Saint Kitts and Nevis 31 August to 4 September 2009 132 Saint Lucia 19 to 26 January 2012 133 Saint Vincent and the Grenadines 30 January to 6 February 2012 134 Samoa 19 to 26 November 2012 135 San Marino 13 to 17 August 2012 136 Sao Tome and Principe 23 to 30 July 2012 137 Saudi Arabia 4 to 11 June 2011 138 Senegal 2 to 9 October 2008 139 Serbia 31 May to 7 June 2010 140 Seychelles 23 to 30 July 2012 141 Sierra Leone 10 to 17 June 2013 142 Singapore 8 to 15 November 2012 143 Slovakia 8 to 12 November 2010 144 Slovenia 17 to 21 June 2011 145 Solomon Islands 18 to 25 February 2013 146 South Africa 18 to 25 August 2011 147 Spain 10 to 14 December 2012 148 Sri Lanka 24 to 31 May 2012 149 Sudan 23 to 30 September 2012 150 Suriname 9 to 16 July 2009 151 Swaziland 1 to 8 June 2009 152 Sweden 3 to 7 October 2011 153 Switzerland 30 November to 6 December 2012 154 Syrian Arab Republic 11 to 18 August 2008 155 Tajikistan 28 February to 7 March 2011 156 Thailand 15 to 22 August 2012 157 The former Yugoslav Republic of Macedonia 19 to 26 January 2009
- 35 -
Member State Audited Dates of Audit 158 Timor-Leste 3 to 7 November 2008 159 Togo 1 to 8 July 2010 160 Tonga 25 October to 1 November 2010 161 Trinidad and Tobago 25 February to 3 March 2008 162 Tunisia 24 November to 1 December 2008 163 Turkey 7 to 11 April 2008 164 Turkmenistan 2 to 9 September 2010 165 Uganda 22 to 29 January 2009 166 Ukraine 18 to 25 October 2012 167 United Arab Emirates 27 January to 3 February 2010 168 United Kingdom 17 to 21 December 2012 169 United Republic of Tanzania 11 to 18 June 2009 170 United States 19 to 26 September 2011 171 Uruguay 8 to 15 August 2011 172 Uzbekistan 23 to 30 August 2010 173 Vanuatu 22 to 28 April 2010 174 Venezuela 20 to 27 July 2009 175 Viet Nam 7 to 14 December 2010 176 Zambia 4 to 12 April 2011 177 Zimbabwe 23 to 30 August 2010
In addition to the USAP second-cycle audits of 177 Member States and one SAR completed between 2008 and 2013, the European Commission’s aviation security inspection system was assessed under the USAP from 9 to 13 February 2009 by an ICAO aviation security assessment team. The assessment was conducted in accordance with the Memorandum of Cooperation (MoC) signed on 17 September 2008 between ICAO and the European Community (EC) and the related MoU between ICAO and the European Commission agreed to on 3 February 2009. The MoC establishes mutual cooperation in the field of aviation security audits/inspections to ensure optimum use of limited resources to avoid duplication of efforts, given that most of the Standards contained in Annex 17 are also covered by relevant EC legislation. For the purpose of the assessment of the European Commission’s aviation security inspection system, only those Annex 17 Standards directly addressed by the EC legislation and the European Commission oversight activities were assessed in the context of the eight CEs of an aviation security oversight system. For the remainder of the Annex 17 Standards and the relevant security-related provisions of Annex 9, a questionnaire was sent to all 27 European Union (EU) Member States (plus Switzerland) on a staggered basis to reflect the timeline where a full audit would have been scheduled under the second cycle of USAP audits. The ICAO Aviation Security Audit Section audited the completed questionnaire in accordance with the instruction of the ICAO Council. The information provided was amalgamated with the results obtained through the assessment of the Commission’s aviation security inspection system to produce a graph depicting the audit results by CEs of each EU Member State’s (and Switzerland’s) aviation security oversight system.
- 36 -
The second cycle of USAP audits was launched in January 2008 and was completed in June 2013. A total of 177 Member States and one SAR received second-cycle audits. As was the case in the first cycle of USAP audits, it was not possible to conduct a second-cycle audit of all ICAO Member States. Some States were not audited due to their security level, as assigned by the United Nations Department of Safety and Security (UNDSS). In other cases, an analysis of first-cycle audit and follow-up mission results, and/or a review of CAPs and information supplied in PAQs, identified certain States that would benefit from referral to the ISD-SEC Programme for the provision of appropriate assistance prior to the conduct of a USAP audit. The following chart shows the geographical distribution by ICAO region of the 191 ICAO Member States and of the 177 Member States audited as at 30 June 2013 under the second cycle of the USAP.
Second-Cycle USAP Audits Completed
- 37 -
Analysis of the Second-Cycle Audit Results The following two charts depict the average lack of effective implementation (LEI) by the eight CEs of an aviation security oversight system and in each of the nine AAs at the global level, based on the 178 second-cycle audits conducted from 1 January 2008 to 30 June 2013, which include 177 Member States and one SAR.
Global Analysis
- 38 -
The results shown in the upper graph on the previous page indicate that, overall, Critical Element 7 – quality control obligations shows the highest level of LEI, while Critical Element 8 – resolution of security concerns, Critical Element 4 – personnel qualifications and training, Critical Element 5 – provision of technical guidance, tools and security-critical information and Critical Element 6 – certification and approval obligations are also areas of concern. These results are consistent with the results shown in the lower graph by AA, which indicate that the area of quality control functions shows the highest level of LEI. The following two charts depict the distribution of the number of second-cycle audits by average LEI of the eight CEs.
A: LEI between 0% and 10% F: LEI between 50% and 60% B: LEI between 10% and 20% G: LEI between 60% and 70% C: LEI between 20% and 30% H: LEI between 70% and 80% D: LEI between 30% and 40% I: LEI between 80% and 90% E: LEI between 40% and 50% J: LEI between 90% and 100%
- 39 -
As indicated, the global average LEI by the eight CEs of an aviation security oversight system is 30.70 per cent. Approximately 49 per cent of all audited States have average LEI rates above the global average. Therefore, comprehensive strategies are required to enhance compliance and oversight capabilities among States whose performance in these areas needs improvement.
- 40 -
Regional Analysis
The charts shown below and on the following pages depict the analysis of USAP audit results by ICAO region. Two charts are provided for each region showing (in percentage) the average LEI by CE and by AA.
- 41 -
- 42 -
- 43 -
- 44 -
- 45 -
- 46 -
- 47 -
The following two charts depict the average LEI of the total (eight) CEs on a regional basis, as well as the corresponding comparison of the second-cycle average audit results by CE for all ICAO regions.
- 48 -
The following two charts depict the average LEI in the total (nine) AAs on a regional basis, as well as the corresponding comparison of the second-cycle average audit results by AA for all ICAO regions.
- 49 -
Analysis by Critical Element
In the following analysis by CE, the charts show the average LEI for the specific CE in each of the ICAO regions based on the audits of 177 Member States conducted from 1 January 2008 to 30 June 2013. The textual part of the analysis is based on the audit results of 177 Member States and one SAR. All reference to the “178 audited States” or “178 States audited” should be understood as 177 Member States and one SAR audited.
Critical Element 1. Aviation security legislation
Of the 178 States audited, approximately 82 per cent have promulgated primary aviation security legislation and/or regulations. However, for 21 States audited, the primary aviation legislation does not contain provisions for the establishment of an appropriate authority for aviation security. All but 25 of the audited States have ensured that their primary aviation legislation and/or regulations provide for the enforcement of the applicable rules. In 29 audited States, the national laws and/or regulations do not allocate to the appropriate authority any enforcement powers to ensure compliance with the NCASP. Approximately 82 per cent of the audited States have included in their primary aviation legislation or in their regulations provisions for aviation security inspectors to have unrestricted and unlimited access to aircraft, airport and aviation facilities; to access and inspect aviation security documents; and to have sufficient legal authority to carry out audits, inspections, tests and surveys. Eight audited States have not established in relevant national documentation a primary objective as it relates to aviation security.
- 50 -
Critical Element 2. Aviation security programmes and regulations
All but 29 of the 178 audited States have established orders, directives, instructions and/or other documents containing specific aviation security measures to enable States to effectively implement the provisions of Annex 17. Approximately 70 per cent of the audited States have established written procedures for the review and amendment of their aviation security regulations, measures and procedures, taking into consideration existing ICAO requirements and amendments to Annex 17. Of the 178 States audited, 86 per cent have established in their national laws and/or regulations a requirement for the development of a written NCASP; however, 12 per cent of the audited States do not have an approved NCASP. In 123 of the audited States, the NCASP does not accurately reflect or reference all current aviation security requirements, measures and procedures with sufficient accuracy, clarity and detail, as well as the States’ obligations to comply with the provisions of Annex 17. Approximately 93 per cent of the audited States have established a requirement for the development of an NCASTP, but only 143 audited States have established an approved NCASTP. Forty-seven States audited have not established a comprehensive training policy for technical staff (including persons implementing oversight functions), and 41 audited States do not formally require certification of security screeners. Fifty-one per cent of the audited States have not established a requirement for the development, implementation and maintenance of an NQCP and/or have developed an NQCP that does not address the main elements of a quality control programme in sufficient detail. In 36 audited States, the established NQCP does not apply to all entities involved in performing security controls. Sixty-one audited States do not require and/or ensure that entities performing aviation security functions develop, implement and maintain internal quality control measures. Seventy of the audited States do not require the priorities and frequency of quality control activities to be established based on a security risk assessment. Of the 178 States audited:
a) one hundred and sixteen States (65 per cent) have established a requirement for 100 per cent staff screening (however, even where a 100 per cent requirement is established, in many cases findings are still generated in regard to the effectiveness of staff screening);
b) seventy-two States (41 per cent) have not established a requirement for a security
risk assessment to be conducted to determine whether an aircraft security check or search should be conducted for originating aircraft engaged in commercial aviation;
c) seventy-five States (42 per cent) have not established a policy to make available
the necessary information as soon as possible, but in any case not later than 24 hours before the scheduled time of departure of the flight, when making arrangements with an aircraft operator for the removal of a deportee;
d) seventy-three States (41 per cent) have not established a policy to assist aircraft
operators in the evaluation of travel documents presented by passengers; e) fifty States (28 per cent) do not require aircraft operators to take the necessary
precautions at the point of embarkation to ensure that passengers are in possession of the documents prescribed by the States of transit and destination for control purposes;
- 51 -
f) one hundred and eight States (61 per cent) have not established a regulated agent programme (not mandatory); and
g) one hundred and thirty-one States (74 per cent) have not established a national in-flight security officer programme (not mandatory).
Only 45 of the 178 audited States (25 per cent) have established a formal National Air Transport Facilitation Programme (NATFP) based on the facilitation requirements of the Chicago Convention and Annex 9 thereto. Approximately 65 per cent of the audited States have not introduced an Advance Passenger Information system (not mandatory). Sixty-one audited States have not established a policy to grant prompt release or clearance, upon completion of simplified documentary procedures, of security equipment imported or exported by an aircraft operator of another Member State. Seventy-two audited States have not established a policy to regularly update security features in the new versions of their travel documents. Seventy-six audited States have not established a requirement to ensure that fraudulent, falsified or counterfeit travel documents are immediately removed from circulation and returned to the appropriate authorities or to the resident Diplomatic Mission of the issuing State.
Critical Element 3. State appropriate authority for aviation security and its responsibilities
Ninety-three per cent of the audited States have identified within their administration a single organization as the appropriate authority for aviation security. However, 11 audited States have not specified the designated appropriate authority for aviation security to ICAO. Audits have revealed that in approximately 44 per cent of the States, the appropriate authority does not have sufficient resources to implement all of its assigned responsibilities, particularly the oversight of all entities involved in the implementation of aviation security measures given the scope and complexity of these activities.
- 52 -
Approximately 22 per cent of the audited States have not ensured that the functions and responsibilities of the various entities within the civil aviation security system are clearly defined to ensure that there are no overlaps of responsibilities. Thirty-nine per cent of the audited States have not ensured the formal establishment or proper functioning of National Civil Aviation Security Committees for the purpose of coordinating activities among the departments, agencies and other organizations involved in aviation security in each State. Thirty-nine audited States have not designated a specific office or entity as responsible for the issuance and oversight of the screener certification process and, in 26 audited States, no specific office or entity has been designated as responsible for the development, implementation and maintenance of an NQCP.
Critical Element 4. Personnel qualifications and training
The majority of the audited States (84 per cent) have ensured their appropriate authority’s active role in the selection and recruitment of technical staff with appropriate qualifications by establishing minimum competency requirements for such personnel. However, in 57 audited States, the appropriate authority was not able to recruit and retain adequately qualified and experienced technical staff. In 43 per cent of the audited States, the appropriate authority has not developed training programmes detailing what type of training should be provided to aviation security inspectors and, in only 110 audited States, the appropriate authority inspectors are required to satisfactorily complete on-the-job training prior to being assigned tasks and responsibilities. In 51 per cent of the audited States, the NCASTP does not apply to, or explain with sufficient detail, training requirements for all personnel involved in various aspects of aviation security. Forty-eight per cent of the States audited do not require and/or ensure specific training for all staff conducting aviation security functions.
- 53 -
Critical Element 5. Provision of technical guidance, tools and security-critical information
Of the 178 States audited, 124 States have established procedures to notify ICAO of differences identified in their national aviation security legislation through the amendment process. Only 68 per cent of the audited States have implemented a formal process for issuing aviation security procedures, guidance material and performance criteria to ensure that aviation security service providers are aware of national regulations, programmes and supporting requirements which have to be met to ensure compliance with NCASPs. The most common deficiency related to Critical Element 5 is that almost 70 per cent of the audited States have not established sufficient guidance, performance criteria and/or procedures to ensure efficient, effective and consistent application of the policies and requirements established in their NCASP. As a general pattern, appropriate risk management methodology is not available and utilized for determining:
a) the level of threat (42 per cent of audited States); b) the applicability of security measures to domestic operations (16 per cent of audited
States); c) the priorities and frequency of oversight activities (62 per cent of audited States); d) the proportion of persons other than passengers entering the SRAs to be screened
(16 per cent of audited States); and e) whether a security check or search is required for originating aircraft engaged in
commercial aviation (49 per cent of audited States).
- 54 -
Approximately 55 per cent of the audited States have not fully established and/or implemented comprehensive terms and conditions for the certification of security screeners, including performance criteria. Fifty-six per cent of the audited States have not developed detailed forms, checklists or protocols for the conduct of security audits, inspections, tests and surveys. However, 87 per cent of the audited States have established common standards to be met by all aircraft operators providing service from these States, such as a model security programme. A relatively high percentage of audited States have not developed detailed instructions, guidance material or performance criteria for:
a) the screening of passengers and cabin baggage (60 per cent of audited States); b) the screening of originating hold baggage (48 per cent of audited States); c) reconciliation of hold baggage (44 per cent of audited States); d) authorization of hold baggage (45 per cent of audited States); e) security controls applied to cargo and mail (44 per cent of audited States); f) the protection of cargo and mail from unauthorized interference, from the point
security controls are applied, until departure of the aircraft (47 per cent of audited States);
g) security controls applied to catering (34 per cent of audited States); h) perimeter protection (56 per cent of audited States); and
i) the types and performance capabilities of security screening equipment
(41 per cent of audited States).
- 55 -
Critical Element 6. Certification and approval obligations
Audits have revealed several deficiencies in the approval obligations of Member States. Only 60 per cent of the audited States have ensured that ASPs for all their airports have been reviewed and approved. However, in 53 per cent of audited States, the ASPs do not address all national requirements and applicable security measures at airports in sufficient detail to ensure the correct application of all such measures. In regard to Aircraft Operator Security Programmes (AOSPs), approximately 69 per cent of the audited States have not established a formal review and approval process for AOSPs. Approximately 51 per cent of the audited States have not reviewed or approved all training courses for staff performing security functions to ensure that national requirements are met. A large number of audited States (56 per cent) have not approved appropriate items to be used as covert test pieces. Seventy-five audited States have not established a process to require the development of appropriate procedures at the airport level for the screening of originating passengers and their cabin baggage to be submitted to the appropriate authority for review and approval. Fifty-two per cent of the audited States have ensured the development of appropriate procedures at the airport level for the screening of originating hold baggage. Fifty-one per cent of the audited States have established a process to require the development of appropriate procedures at the airport level for the application of security controls, and the protection of cargo and mail from unauthorized interference for review and approval by the appropriate authority. Sixty-three per cent of the audited States require and have ensured the development of appropriate procedures (security programmes or equivalent standard operating procedures) by entities responsible for applying security controls to catering supplies intended for carriage on commercial flights. In 44 per cent of the audited States, national requirements for contingency plans do not include a requirement for the review and approval of such plans by appropriate authorities. In regard to Member States certification obligations, as mentioned under Critical Element 5, approximately 55 per cent of the audited States have not fully established and/or implemented comprehensive terms and conditions for the certification of security screeners, including performance criteria. In practice, screeners in these States are not appropriately certified by or on behalf of the appropriate authority for aviation security. In addition, about 34 per cent of the audited States do not require the recertification of screeners on a periodic basis. Approximately 51 per cent of the audited States do not issue Crew Member Certificates (not mandatory).
- 56 -
Critical Element 7. Quality control obligations
The audits have revealed that about 68 per cent of the audited States do not ensure the consistent and effective application of security audits, inspections and tests. These States have not established and implemented a formal schedule of regular and systematic quality control activities covering aviation security measures implemented by all relevant entities, including foreign aircraft operators. As a general pattern:
a) approximately 61 per cent of the audited States have not ensured that maintenance
and performance testing of screening equipment are conducted. The audits have revealed that the majority of States audited have not established minimum detection settings and/or have not approved test pieces for security screening equipment;
b) approximately 59 per cent of the audited States have not established oversight and quality control measures to ensure that AOSPs are being effectively implemented. In the majority of the audited States, foreign aircraft operators providing services from those States are not subjected to quality control activities;
c) approximately 54 per cent of the audited States have not ensured that
person/baggage reconciliation and baggage authorization requirements are adequately implemented;
d) approximately 51 per cent of the audited States have not ensured the
establishment and implementation of appropriate procedures for the screening of persons other than passengers and vehicles entering SRAs; and
- 57 -
e) approximately 57 per cent of the audited States have not ensured the implementation of procedures for the conduct of aircraft security checks or searches by aircraft operators.
In addition, approximately 56 per cent of the audited States do not implement an effective training oversight mechanism in order to identify and correct training needs or deficiencies in the training process. Due to a lack of oversight activities, 55 per cent of the audited States have not ensured that all required training – basic, on-the-job and recurrent – is completed for aviation security personnel. The audits also revealed that approximately 65 per cent of the audited States do not rely on screening performed at the point of origin in a foreign State for transfer passengers, their cabin and hold baggage, i.e. such passengers together with their cabin and hold baggage are subjected to screening in the same manner as originating passengers and their cabin/hold baggage.
Critical Element 8. Resolution of security concerns Of the 178 States audited, 84 States have not established a mechanism for passengers, crew, ground personnel and others to confidentially provide feedback related to aviation security. Eighty-six audited States do not ensure that quality control findings are reported and analysed. In approximately 72 per cent of the audited States, the inspection system provides for immediate enforcement action to be taken against any person or entity from exercising the privileges of any aviation security authorization, responsibility, certificate or procedure based on just cause. However, due to a lack of oversight activities, about 41 per cent of the audited States have not developed and implemented procedures to ensure that corrective measures identified through quality control mechanisms are implemented when determined necessary. As a general trend in this area:
a) approximately 54 per cent of the audited States have not established appropriate resolution procedures in the event of failure of covert tests; and
- 58 -
b) approximately 40 per cent of the audited States do not maintain records related to quality control measures performed, deficiencies identified, corrective actions required and follow-up actions taken.
- 59 -
Analysis by Audit Area
The following charts show the average LEI for the specific AA in each of the ICAO regions based on the audits of 177 Member States conducted from 1 January 2008 to 30 June 2013.
- 60 -
- 61 -
- 62 -
- 63 -
- 65 -
Top Ten Protocol Questions Not Satisfactorily Implemented
The following table contains the top ten PQs which were found to be not satisfactory based on the results of the 178 audits conducted under the second cycle of the USAP from 1 January 2008 to 30 June 2013.
PQ Number PQ Annex
Provision Number of
Audits Percentage of
Audits 9.876 Has the State established an NATFP
based on the facilitation requirements of the Convention and of Annex 9 thereto?
Annex 9 Standard
8.17
133 75
9.348 Has the State recently been performing appropriate quality control measures?
Annex 17 Standard
3.4.6
130 73
9.040 Of the policies and requirements established in the NCASP, has the State established sufficient guidance, performance criteria and/or procedures to ensure their efficient, effective and consistent application?
Annex 17 Standard
3.1.1
124 70
9.037 Does the NCASP accurately reflect or reference all current aviation security requirements and measures?
Annex 17 Standard
3.1.1
123 69
9.492 Has the State established a review and approval process for AOSPs?
Annex 17 Standard
3.3.1
122 69
9.354 Does the State monitor and ensure the consistent and effective application of security audits, inspections and tests?
Annex 17 Standard
3.4.6
121 68
9.342 Has the State established provisions for the testing of all categories of staff performing security functions at regular intervals to assess their proficiency?
Annex 17 Standard
4.4.1
116 65
9.321 Are the priorities and the frequency of quality control activities established based on a risk assessment?
Annex 17 Standard
3.4.5
114 64
9.318 Is an appropriate risk management methodology available and utilized to determine the frequency of oversight activities?
Annex 17 Standard
3.4.5
111 62
9.621 Does the State ensure that maintenance and performance testing of screening equipment are conducted?
Annex 17 Standard
4.4.1
108 61
———————————————
- 67 -
CONCLUSION In accordance with the mandates given by Assembly Resolutions A33-1, A35-9, A36-20 and A37-17, ICAO has established and implements a comprehensive Programme of regular, mandatory, systematic and harmonized aviation security audits of its Member States. From its inception, the USAP has enjoyed the support of Member States, serving as a catalyst for their continued efforts to meet their international obligations in the field of aviation security, and has proven to be instrumental in the identification of aviation security concerns and in the provision of recommendations for their resolution. The second cycle of aviation security audits under the USAP was launched in January 2008 and was completed in June 2013. The USAP is highly regarded as an effective and objective mechanism for assessing Member States’ aviation security systems and oversight capabilities. Feedback received from Member States indicates a high level of satisfaction with the conduct of the audits and that the USAP is making a valuable contribution to the enhancement of global aviation security. The recommendations of USAP audits result in action by Member States to resolve deficiencies and in the effective targeting of technical assistance and cooperation by ICAO, in line with the outcomes of the 37th Assembly of ICAO, including the Declaration on Aviation Security. For many Member States lacking a satisfactory aviation security oversight capability, the USAP is the most effective means to assess existing aviation security systems and to cause the correction of deficiencies, while for those States with more mature oversight capabilities, USAP audits continue to offer recommendations for further enhancement of these systems. Moreover, the critical role that ICAO fulfils in the area of technical assistance and cooperation is highly dependent on auditing to identify deficiencies as a first activity toward the enhancement of Member States’ aviation security systems. The threat to civil aviation continues to evolve and has become more challenging to predict. All facets of civil aviation, including, but not limited to, passenger aircraft, airport terminals and cargo facilities are at risk. Despite overall improvement in the implementation of aviation security measures worldwide, the results of both cycles of USAP audits indicate that a significant number of Member States continue to have difficulty in meeting their international obligations, and their aviation security systems show serious deficiencies. The prevailing and forecasted threat and risk environment, combined with continuing pressures to enhance aviation security, reinforce the need for the continuation of the USAP. In order to prepare for the continuation of the USAP beyond 2013, the 37th Session of the Assembly requested the Council to assess the feasibility of extending the continuous monitoring approach (CMA) being applied by the USOAP to the USAP after the conclusion of the second cycle of audits. Accordingly, the 187th Session of the Council directed the Secretary General to study the feasibility of applying a CMA to the USAP. In 2012, the Secretariat, with the assistance of a Secretariat Study Group, examined various options for the future of the USAP, including the feasibility of adopting a CMA, and recommended that the Programme move towards a CMA, specific to aviation security, while incorporating risk management elements. This recommendation was endorsed by the Twenty-third Meeting of the AVSECP (AVSECP/23), and the 2012 High-Level Conference on Aviation Security (HLCAS) expressed strong support for the concept and for the implementation of a transition period. The 197th Session of the Council was presented with information regarding the proposed methodology for the USAP-CMA. It was also presented with a suggested transition plan and timelines,
- 68 -
with the objective of full implementation of the USAP-CMA beginning in 2015. The Council formally approved the USAP-CMA and the transition plan during its 197th Session. The scope of the USAP-CMA will remain unchanged from the second cycle of the USAP, covering Annex 17 – Security, the security-related provisions of Annex 9 – Facilitation, and associated guidance material. While the scope will remain the same, the methodology of the Programme will be new, incorporating a variety of monitoring activities tailored to each Member State’s aviation security situation as determined through the first two cycles of the Programme. The USAP-CMA will not constitute a third cycle of audits. Rather, the expectation is that the USAP-CMA will be ongoing, and therefore continuous, and will use a methodology that can adapt in response to the changing needs of States and the global aviation security situation. Planned activities under the USAP-CMA will include documentation-based audits, oversight-focused audits, compliance-focused audits, validation missions and assessments based on mandatory submissions of information, as determined to be most appropriate for each State. Activities under the USAP-CMA will aim to gather information, identify deficiencies and provide recommendations, as appropriate. It is anticipated that initially a number of States will not be in a position to derive the most benefit from an audit under the USAP-CMA, as opposed to a different form of engagement from the Organization. These States will instead be considered for another type of monitoring activity and will be referred to the Organization’s ISD-SEC Programme, typically leading to an offer by the Organization of appropriate assistance. The Secretariat will adopt a risk management approach to select the most appropriate monitoring activity and methodology for each State and to determine the scheduling and frequency of monitoring activities. This system will be flexible enough to optimize the use of ICAO resources and will be able to respond to the changing needs of aviation security, including focusing on States’ implementation of measures to counter new and emerging threats, as well as to respond to improving levels of development of States’ aviation security and oversight systems. Existing USAP audit and follow-up audit results will be used initially to determine the most appropriate type of monitoring activity for each State. Subsequently, activities will be defined on the basis of updated USAP-CMA results. The scheduling and scope of individual USAP-CMA activities will be determined based on indicators including, but not limited to:
a) time elapsed since the last audit activity;
b) existence, or possible existence of an SSeC based on information gathered through a previous audit activity;
c) geographical balance;
d) recent audits/inspections conducted by regional oversight organizations;
e) a significant development in the State;
f) a recent occurrence of an act of unlawful interference or significant security incident;
g) information gathered during ICAO assistance activities; and
h) the quantity and quality of data provided by each State as part of the continuous
monitoring process or in response to ICAO information requests.
- 69 -
It is envisaged that States may, on occasion, proactively request monitoring activities under the USAP-CMA. Such requests may be accommodated, as far as practicable, as ICAO resources and scheduling permit, and are to be conducted on a cost-recovery basis. The results of these monitoring activities will be treated identically to the results derived from regularly scheduled USAP monitoring activities. The principle of universality will be maintained under the USAP-CMA as all States will continue to be monitored, though the type, scope and frequency of activities will vary based on each State’s specific circumstances. The MARB will continue to oversee the activities of the USAP and will provide regular reports to the Council. The USAP-CMA will provide States with audit reports in a new format containing both oversight and compliance information. The findings and recommendations will be presented in such a way as to allow States to prioritize short-, medium- and long-term corrective actions. As subsequent USAP-CMA activities are conducted, results for individual States will be updated on the USAP secure website. This information will be available to all ICAO Member States and, based on the decisions of ICAO’s Governing Bodies, could include, but not necessarily be limited to, information on levels of LEI of the CEs of an aviation security oversight system, levels of compliance with ICAO Standards, and the existence of any identified and unresolved SSeCs. The USAP will continue to operate as an integral part of the ICAO ICASS, in parallel with standard creation and assistance activities, to provide a balanced and proactive response to ongoing and emerging threats to civil aviation.
— END —