THE UNIVERSAL SECURITY AUDIT PROGRAMME … USAP Methodology Security Audit Reference Manual: Doc...
Transcript of THE UNIVERSAL SECURITY AUDIT PROGRAMME … USAP Methodology Security Audit Reference Manual: Doc...
THE UNIVERSAL SECURITY AUDIT PROGRAMME
THE UNIVERSAL SECURITY THE UNIVERSAL SECURITY AUDIT PROGRAMMEAUDIT PROGRAMME
1
(USAP)(USAP)
2
ObjectivesObjectives
USAP objective
The objective of the USAP is to promote global aviation security through auditing Contracting States, on a regular basis, to determine the status of implementation of ICAO security Standards.
USAP objectiveUSAP objective
The objective of the USAP is to The objective of the USAP is to promote global aviation security promote global aviation security through auditing Contracting through auditing Contracting States, on a regular basis, to States, on a regular basis, to determine the status of determine the status of implementation of ICAO security implementation of ICAO security Standards.Standards.
3
The primary objectives of an ICAO security audit are to:
a) determine the degree of compliance of the State in implementing Annex 17 Standards and security-related provisions of Annex 9;
b) observe and assess the State’s adherence to associated security procedures, guidance material and security-related practices;
c) determine the sustainability and effectiveness of the State’s implementation of a security system, through the establishment of legislation, programmes, regulations and a security authority with control and enforcement capabilities;
d) determine the State’s capability for security oversight by assessing the effective implementation of the critical elements of a security oversight system; and
e) provide recommendations to Contracting States to improve their security systems and oversight capabilities.
The primary objectives of an ICAO security audit are to:The primary objectives of an ICAO security audit are to:
a)a) determine the degree of compliance of the State in implementing determine the degree of compliance of the State in implementing Annex Annex 17 Standards and security17 Standards and security--related provisions of Annex 9;related provisions of Annex 9;
b)b) observe and assess the Stateobserve and assess the State’’s adherence to associated security s adherence to associated security procedures, guidance material and securityprocedures, guidance material and security--related practices; related practices;
c)c) determine the sustainability and effectiveness of the Statedetermine the sustainability and effectiveness of the State’’s s implementation of a security system, through the establishment oimplementation of a security system, through the establishment of f legislation, programmes, regulations and a security authority wilegislation, programmes, regulations and a security authority with th control and enforcement capabilities; control and enforcement capabilities;
d)d) determine the Statedetermine the State’’s capability for security oversight by assessing the s capability for security oversight by assessing the effective implementation of the critical elements of a security effective implementation of the critical elements of a security oversight oversight system; andsystem; and
e)e) provide recommendations to Contracting States to improve their provide recommendations to Contracting States to improve their security systems and oversight capabilities.security systems and oversight capabilities.
ObjectivesObjectives
4
USAP MethodologyUSAP Methodology
Security Audit Reference Security Audit Reference Manual: Doc 9807Manual: Doc 9807
To provide standard auditing To provide standard auditing procedures for the conduct of audits of procedures for the conduct of audits of Contracting StatesContracting States’’ aviation security aviation security systems.systems.
To assist both ICAO Contracting States To assist both ICAO Contracting States and audit team members by explaining and audit team members by explaining the standard auditing procedures and the standard auditing procedures and prepre-- and postand post--audit activities.audit activities.
5
USAP CharacteristicsUSAP CharacteristicsUSAP Characteristics
Regular, mandatory, systematic and harmonized audits
Evaluation of aviation security in place in all 190 ICAO Contracting States
Audit State’s aviation security oversight capability
Audit security measures at selected airports
Funded by voluntary contributions
Regular, mandatory, systematic and harmonized auditsRegular, mandatory, systematic and harmonized audits
Evaluation of aviation security in place in all 190 ICAO Evaluation of aviation security in place in all 190 ICAO Contracting StatesContracting States
Audit StateAudit State’’s aviation security oversight capabilitys aviation security oversight capability
Audit security measures at selected airportsAudit security measures at selected airports
Funded by voluntary contributionsFunded by voluntary contributions
USAP PrinciplesSovereignty of StatesSovereignty of States
UniversalityUniversalityTransparencyTransparency
ObjectivityObjectivityAll-inclusivenessAll-inclusiveness
FairnessFairnessQualityQuality
ConfidentialityConfidentialityTimelinessTimeliness
6
77
Programme activities
AuditsAuditsAuditsAudits
PlanningPlanningPlanningPlanning
Training & Training & CertificationCertificationTraining & Training &
CertificationCertification
Audit ToolsAudit ToolsAudit ToolsAudit Tools
Audit ReportsAudit ReportsAudit ReportsAudit Reports
WorkingWorkingPapersPapersWorkingWorkingPapersPapers
AnalysisAnalysisAnalysisAnalysis
8
Programme Management and Programme Management and AdministrationAdministration
ASA ASA SECTIONSECTION
9
ASA’s “Customers”ASAASA’’s s ““CustomersCustomers””
ASAASA
ICAOICAOAssemblyAssembly
ICAOICAOCouncilCouncil
Committee onCommittee onUnlawful InterferenceUnlawful InterferenceAviation SecurityAviation Security
PanelPanel
Contracting Contracting StatesStates
RegionalRegionalOrganizationsOrganizations
InternationalInternationalOrganizationsOrganizations
INTE
RNAL
INTE
RNAL
EXTERNALEXTERNAL
ICAOICAOSecretariatSecretariat
10
Audit +1 to 2 years
Follow-up visit
Audit +10 working days
Team Leader provides draft report to ICAO
Audit +60 days
ICAO sends audit report to State
Audit CycleAudit CycleAudit Cycle
Audit -4 to 6 months
State notified of pending audit
Audit -3 months
State accepts/rejects audit dates
Audit -2 months
State returns PAQ & Compliance Checklists
Audit -2 months
Audit dates firm. Develop State-specific Audit Plan
Audit -1 day
Team briefing
Audit Day 1
National briefing
Audit +90 days
Comments to audit report due from State
Daily during audit
Team meetings / Brief national coordinator
Audit last day
Post-audit debriefing / List of preliminary recommendations
Audit +1 day
Team members complete audit documentation
Audit +120 days
Corrective action plan due
Audit +180 days
All States notified of any State(s) that are more than 60 days late in submitting an action plan
11
Chicago ConventionAnnex 17: StandardsAnnex 9: Security ––related ProvisionsSecurity Manual Security Manual ––Doc 8973Doc 8973Security Audit Security Audit Reference Manual Reference Manual ––Doc 9807Doc 9807Oversight Manual Oversight Manual ––Doc 9734 Part CDoc 9734 Part C
Audit Related DocumentsAudit Related Documents
12
SecuritySecurity--relatedrelated ProvisionsProvisions
Latest amendmentsLatest amendmentsAmendment 11: 1 July 2006Amendment 11: 1 July 2006 Amendment 20: 15 July 2007Amendment 20: 15 July 2007
Facilitation(Twelfth Edition, 2005 )
FacilitationFacilitation(Twelfth Edition, 2005 )(Twelfth Edition, 2005 )
Safeguarding International Civil Aviation Against Acts of Unlawful Interference
(Eighth Edition, 2006 )
Safeguarding International Civil Aviation Safeguarding International Civil Aviation Against Acts of Unlawful InterferenceAgainst Acts of Unlawful Interference
(Eighth Edition, 2006 )(Eighth Edition, 2006 )
13
Security Manual for Safeguarding Civil Aviation Against Acts of Unlawful Interference
Doc 8973
Security Manual for Safeguarding Civil Aviation Security Manual for Safeguarding Civil Aviation Against Acts of Unlawful InterferenceAgainst Acts of Unlawful Interference
Doc 8973Doc 8973
To assure the protection of passengers, crew, ground personnel, the general public and facilities of an airport serving international civil aviation against acts of unlawful interference.
To provide guidance on the implementation of Annex 17 Standards and Recommended Practices.
To assure the protection of To assure the protection of passengers, crew, ground passengers, crew, ground personnel, the general public and personnel, the general public and facilities of an airport serving facilities of an airport serving international civil aviation against international civil aviation against acts of unlawful interference.acts of unlawful interference.
To provide guidance on the To provide guidance on the implementation of Annex 17 implementation of Annex 17 Standards and Recommended Standards and Recommended Practices. Practices.
13
14
Immigration
GUIDANCE MATERIAL FOR REGULATORSKEY
REQUIREMENTS
CHICAGO CONVENTION
AMCAMC
FOR ESARR 3FOR ESARR 3
AMCAMC
FOR ESARR 4FOR ESARR 4
AMCAMC
FORFORESARR 5, 6, ...ESARR 5, 6, ...
ACCEPTABLEMEANS OF
COMPLIANCE
3.4.2
National Quality Control ProgrammeNational Quality Control Programme
Appropriate AuthorityAppropriate Authority
National Civil Aviation Security ProgrammeNational Civil Aviation Security Programme
ANNEX 17
3.1.1
RELEVANTSTANDARDS
Coordinated Framework: Policy & Methodology
National Training Programme National Training Programme
3.4.7
•Comprehensive•Central focal point
•Audits•Surveys•Inspections•Tests•Independent Inspectorate•Empowerment
•Performance Standards•Screener Certification
3.4.4
2.1.22.1.3
3.1.6
CAA PoliceMilitary
CustomsIntelligence Airlines
Foreign Affairs ETC…AirportsA UNIFIED APPROACH
3.4.3
3.1.23.1.4
to
15
Facilitation ofControl Processes
Entryand Departure
of Aircraft
Entryand Departureof Persons andTheir Baggage
Entryand Departureof Cargo andOther Articles
InadmissiblePersons andDeportees
Facilities andServices for
Traffic
GeneralPrinciples
Other FALProvisions
Key Elements of Annex 9Key Elements of Annex 9
Security-relatedProvisions
16
In brief, requires Contracting States to exercise positive control
and supervision over all civil aviation activities conducted in the State through the establishment of
an effective oversight system.
Convention on International Civil Aviation(Chicago Convention)
Convention on International Civil AviationConvention on International Civil Aviation(Chicago Convention)(Chicago Convention)
17
Aviation Security oversight is the means by which States Aviation Security oversight is the means by which States ensure effective implementation of their national security ensure effective implementation of their national security requirements in compliance with the securityrequirements in compliance with the security--related related Standards and Recommended Practices (SARPs).Standards and Recommended Practices (SARPs).
What is Aviation Security What is Aviation Security Oversight?Oversight?
Aviation Security oversight is a State’sresponsibility
Aviation Security oversight is a State’sresponsibility
18
Critical Elements of a StateCritical Elements of a State’’s Security s Security Oversight SystemOversight System
CE 1:CE 1: Aviation Security LegislationAviation Security Legislation
CE 2:CE 2: Aviation Security Programmes and RegulationsAviation Security Programmes and Regulations
CE 3:CE 3: State Appropriate Authority for Aviation Security and itsState Appropriate Authority for Aviation Security and itsResponsibilitiesResponsibilities
CE 4:CE 4: Personnel Qualifications and Training Personnel Qualifications and Training
CE 5:CE 5: Provision of Technical Guidance, Tools andProvision of Technical Guidance, Tools andSecurity Critical InformationSecurity Critical Information
CE 6:CE 6: Certification and Approval ObligationsCertification and Approval Obligations
CE 7:CE 7: Quality Control Obligations Quality Control Obligations
CE 8:CE 8: Resolution of Security ConcernsResolution of Security Concerns
19
Critical Elements of a State’s Security Oversight System
Critical Elements of a StateCritical Elements of a State’’s Security s Security Oversight SystemOversight System
1AviationSecurity
Legislation2
Programmes&
Regulations
3Appropriate
Authority
4Personnel
Qualifications& Training
5Guidance,
Tools &Information
6Certification &
ApprovalObligations
7QualityControl
Obligations8Resolution of SecurityConcerns
ESTABLISH
IMPLEMENT
20
Audit ToolsAudit ToolsAudit ToolsCompliance ChecklistCompliance Checklist
State Corrective Action PlanState Corrective Action Plan
Audit Mission ReportAudit Mission Report
State Audit Feedback FormState Audit Feedback Form
Memorandum of Memorandum of UnderstandingUnderstanding
Audit ProtocolAudit Protocol
AuditorAuditor’’s Guidances Guidance
PrePre--audit Questionnaire audit Questionnaire (PAQ)(PAQ)
21
Audit Protocol: Audit AreasAudit Protocol: Audit AreasAudit Protocol: Audit Areas
1. Regulatory Framework and the National Civil Aviation Security System
2. Training of Aviation Security Personnel3. Quality Control Functions4. Airport Operations5. Aircraft and In-flight Security6. Passenger and Baggage Security7. Cargo, Catering and Mail Security8. Response to Acts of Unlawful Interference9. Security Aspects of Facilitation
1. Regulatory Framework and the National Civil 1. Regulatory Framework and the National Civil Aviation Security SystemAviation Security System
2. Training of Aviation Security Personnel2. Training of Aviation Security Personnel3. Quality Control Functions3. Quality Control Functions4. Airport Operations4. Airport Operations5. Aircraft and In5. Aircraft and In--flight Securityflight Security6. Passenger and Baggage Security6. Passenger and Baggage Security7. Cargo, Catering and Mail Security7. Cargo, Catering and Mail Security8. Response to Acts of Unlawful Interference8. Response to Acts of Unlawful Interference9. Security Aspects of Facilitation9. Security Aspects of Facilitation
22
AA-1AAAA--11The availability of an organization for aviation security. The availability and implementation of comprehensive, flexible and effective national AVSEC legislation, regulations, programmes, preventive measures and procedures.
The availability of an organization for The availability of an organization for aviation security. The availability and aviation security. The availability and implementation of comprehensive, flexible implementation of comprehensive, flexible and effective national AVSEC legislation, and effective national AVSEC legislation, regulations, programmes, preventive regulations, programmes, preventive measures and procedures.measures and procedures.
Regulatory FrameworkRegulatory Frameworkandand
the National Civil Aviation Securitythe National Civil Aviation SecuritySystem System
23
AA-2AAAA--22The availability of a comprehensive aviation security training programme for the effective implementation of preventive measures identified in the national civil aviation security programme. A system for training and testing of security personnel, in order to achieve and maintain an acceptable level of efficiency.
The availability of a comprehensive aviation security The availability of a comprehensive aviation security training programme for the effective implementation of training programme for the effective implementation of preventive measures identified in the national civil preventive measures identified in the national civil aviation security programme. A system for training and aviation security programme. A system for training and testing of security personnel, in order to achieve and testing of security personnel, in order to achieve and maintain an acceptable level of efficiency.maintain an acceptable level of efficiency.
Training of AviationTraining of Aviation
Security PersonnelSecurity Personnel
24
AA-3AAAA--33The establishment and implementation of a written national quality control programme to assess the effectiveness of the national civil aviation security programme, to identify deficiencies within it, and to ensure that sustainable and appropriate corrective actions are implemented. Authority, responsibility and a mechanism for the conduct of audits, tests,surveys and inspections of all aviation security measures implemented in the aviation security system by all agencies, authorities, aircraft operators and others concerned.
The establishment and implementation of a written national The establishment and implementation of a written national quality control programme to assess the effectiveness of the quality control programme to assess the effectiveness of the national civil aviation security programme, to identify national civil aviation security programme, to identify deficiencies within it, and to ensure that sustainable and deficiencies within it, and to ensure that sustainable and appropriate corrective actions are implemented. Authority, appropriate corrective actions are implemented. Authority, responsibility and a mechanism for the conduct of audits, tests,responsibility and a mechanism for the conduct of audits, tests,surveys and inspections of all aviation security measures surveys and inspections of all aviation security measures implemented in the aviation security system by all agencies, implemented in the aviation security system by all agencies, authorities, aircraft operators and others concerned.authorities, aircraft operators and others concerned.
Quality ControlQuality Control
FunctionsFunctions
25
AA-4AAAA--44The availability of an authority to coordinate and implement security at the airport. The availability of an airport security programme and associated standard operating procedures. The availability of aviation facilities and supporting resources. The availability and implementation of systems and procedures to prevent unauthorized access to the airside and the security restricted areas of the airport.
The availability of an authority to coordinate and The availability of an authority to coordinate and implement security at the airport. The availability of an implement security at the airport. The availability of an airport security programme and associated standard airport security programme and associated standard operating procedures. The availability of aviation operating procedures. The availability of aviation facilities and supporting resources. The availability and facilities and supporting resources. The availability and implementation of systems and procedures to prevent implementation of systems and procedures to prevent unauthorized access to the airside and the security unauthorized access to the airside and the security restricted areas of the airport.restricted areas of the airport.
AirportAirportOperationsOperations
26
AA-5AAAA--55
The availability and implementation of written procedures to ensure security of aircraft prior to and during flight.
The availability and The availability and implementation of written implementation of written procedures to ensure procedures to ensure security of aircraft prior to security of aircraft prior to and during flight.and during flight.
AircraftAircraftandand
InIn--flight Securityflight Security
27
AA-6AAAA--66The availability and implementation of written procedures to prevent and/or detect prohibited items and other dangerous devices from being introduced on board aircraft by passengers, in cabin and hold baggage.
The availability and implementation of The availability and implementation of written procedures to prevent and/or detect written procedures to prevent and/or detect prohibited items and other dangerous prohibited items and other dangerous devices from being introduced on board devices from being introduced on board aircraft by passengers, in cabin and hold aircraft by passengers, in cabin and hold baggage.baggage.
PassengerPassengerandand
Baggage SecurityBaggage Security
28
AA-7AAAA--77The availability and implementation of written procedures to ensure that cargo, mail and other goods, including catering supplies for carriage on an aircraft are subjected to appropriate security controls.
The availability and The availability and implementation of written implementation of written procedures to ensure that procedures to ensure that cargo, mail and other cargo, mail and other goods, including catering goods, including catering supplies for carriage on an supplies for carriage on an aircraft are subjected to aircraft are subjected to appropriate security appropriate security controls.controls.
Cargo, CateringCargo, Cateringandand
Mail SecurityMail Security
29
AA-8AAAA--88
The availability and implementation of policies at the national level, as well as procedures at the airport level for the management of acts of unlawful interference.
The availability and implementation of The availability and implementation of policies at the national level, as well as policies at the national level, as well as procedures at the airport level for the procedures at the airport level for the management of acts of unlawful management of acts of unlawful interference.interference.
Response toResponse toActs of UnlawfulActs of Unlawful
InterferenceInterference
30
AA-9AAAA--99The availability of policies and programmes for the efficient execution of control procedures, to expedite clearance and prevent unnecessary delays, including the coordination of security and facilitation issues. The establishment and implementation of a system and procedures for the security of travel documents.
The availability of policies and The availability of policies and programmes for the efficient execution programmes for the efficient execution of control procedures, to expedite of control procedures, to expedite clearance and prevent unnecessary clearance and prevent unnecessary delays, including the coordination of delays, including the coordination of security and facilitation issues. The security and facilitation issues. The establishment and implementation of a establishment and implementation of a system and procedures for the security system and procedures for the security of travel documents.of travel documents.
SecuritySecurityAspects ofAspects ofFacilitationFacilitation
31
SatisfactoryNot satisfactoryNot applicable
SatisfactoryNot satisfactoryNot applicable
SatisfactoryNot satisfactoryNot applicable
ICAO reference
Aspects to be audited or questions to be answered Status Example of evidence to be reviewed Status of
Implementation Response/Comments CE
2.1.11
Has the State established in relevant national documentation the primary objective as it relates to aviation security?
Yes No
Review the relevant aviation security legislation and/or National Civil Aviation Security Programme (NCASP) for an appropriate objective
1
2.1.12
Does the State ensure this policy is made available to all within the aviation industry?
Yes No
Confirm dissemination has occurred. Describe the means of availability (web access, library, etc)
1
1.2 Primary Aviation Security Legislation and Regulations – Enforceability
2.1.28
Does the primary aviation legislation and/or regulations provide for the enforcement of the applicable rules?
Yes No
Relevant law or regulations. Ensure that regulations specify penalty, when applicable
1
Format of the Audit ProtocolFormat of the Audit ProtocolFormat of the Audit Protocol
Audit Protocol Question
Source Reference
Review Evidence
Applicable Critical Element
Auditor Notes
State Response
1. Regulatory Framework and the National Civil Aviation Security System1.1 Primary aviation security legislation and regulations – Promulgation and Amendment Procedures
AuditorAssessment
32
Audit ResultsAudit Results
USAP Audit ReportsStrictly confidential on the part of ICAOStates are encouraged to share audit
results and information on a bilateral or multilateral basis (Annex 17 RP 2.4.5)
Audit activity report
USAP Audit ReportsUSAP Audit ReportsStrictly confidential on the part of ICAOStrictly confidential on the part of ICAOStates are encouraged to share audit States are encouraged to share audit
results and information on a bilateral or results and information on a bilateral or multilateral basis (Annex 17 RP 2.4.5)multilateral basis (Annex 17 RP 2.4.5)
Audit activity reportAudit activity report
33
Audit ResultsAudit ResultsAudit Results
Analysis of audit findingsAudit data, to be entered in the
ASA audit database Enables an accurate
identification of deficiencies impacting security
Keeps track of the status of implementation of State corrective action plans
Analysis of audit findingsAnalysis of audit findingsAudit data, to be entered in the Audit data, to be entered in the
ASA audit database ASA audit database Enables an accurate Enables an accurate
identification of deficiencies identification of deficiencies impacting securityimpacting security
Keeps track of the status of Keeps track of the status of implementation of State implementation of State corrective action planscorrective action plans
34
Analysis of Audit ResultsAnalysis of Audit ResultsAnalysis of Audit Results
Enables an accurate identification of deficiencies impacting securityEnables customization of remedial action at a State or group of States levelat a regional or sub-regional levelcan be targeted to resolve specific
problems on the basis of established priorities
Allows for a review of ICAO SARPs
Enables an accurate identification of Enables an accurate identification of deficiencies impacting securitydeficiencies impacting securityEnables customization of remedial action Enables customization of remedial action at a State or group of States levelat a State or group of States levelat a regional or subat a regional or sub--regional levelregional levelcan be targeted to resolve specific can be targeted to resolve specific
problems on the basis of established problems on the basis of established prioritiespriorities
Allows for a review of ICAO SARPsAllows for a review of ICAO SARPs
35
Remedial AssistanceRemedial AssistanceRemedial Assistance
State corrective action planAVSEC Mechanism: immediate/urgent assistanceTCB: project documents
State corrective action planState corrective action planAVSEC Mechanism: AVSEC Mechanism: immediate/urgent assistanceimmediate/urgent assistanceTCB: project documentsTCB: project documents
36
FollowFollow--up Visitsup Visits
Bridge to remedial assistance
Ongoing dialogue with
States