Download the PDF consolidation of Part 140 [PDF 215 KB]
(a) An authorised aviation security service provider other than AvSec must employ—
(1) a senior person identified as the Chief Executive who has the authority within the applicant’s organisation to ensure that all activities undertaken by the organisation can be financed and carried out in accordance with the requirements prescribed by this Part; and
(2) a senior person or group of senior persons—
(i) responsible for ensuring that the applicant’s organisation complies with the requirements of this Part; and
(ii) ultimately responsible to the Chief Executive; and
(3) sufficient personnel to plan, inspect, supervise, and carry out the aviation security services detailed under rule 140.61(a)(7)
(b) AvSec must ensure there are suitable personnel for the planning, inspection, supervision, and carrying out of the aviation security services detailed in its documentation under rule 140.61(c), and retain written evidence of the scope of their responsibilities and authority.
(c) An authorised aviation security service provider must —
(1) establish a procedure to initially assess the ability of a person to perform the duties and requirements of the position of an aviation security officer, taking into account the person’s—
(i) education; and
(ii) communication skills; and
(iii) character; and
(iv) experience; and
(v) health; and
(2) designate those employees within its workforce who will be aviation security officers; and
(3) establish a procedure to train and maintain the competence of its aviation security officers; and
(4) provide personnel who are authorised to plan, inspect, supervise, and carry out the aviation security services detailed under rule 140.61(a)(7) with written evidence of the scope of their authorisation.
(a) An authorised aviation security services provider must establish procedures necessary to enable the requirements in Appendix A to be complied with.
(b) An authorised aviation security service provider which is the operator of a security designated navigation installation must establish procedures necessary to enable the requirements in A.12(d) to be complied with.
(a) An authorised aviation security service provider must establish a procedure to ensure all documentation that is necessary to support the aviation security services that it provides is available to all personnel who need access to the documentation to carry out their duties.
(b) The documentation referred to in paragraph (a) must include—
(1) all relevant legislation; and
(2) all relevant international technical manuals or notices on aviation security; and
(3) documentation issued to the provider by the Director; and
(4) the provider’s exposition or equivalent documentation under rule 140.61.
(c) The provider must establish a procedure to control all documents referred to in paragraph (a) to ensure that—
(1) the documents are reviewed and approved by appropriate personnel prior to issue; and
(2) current issues of relevant documents are available to personnel at all locations where they need access to such documents; and
(3) outdated documents are promptly removed from all points of issue or use; and
(4) changes to documents are reviewed and approved by appropriate personnel; and
(5) the current issue of each document can be identified; and
(6) its exposition or equivalent documentation under rule 140.61 is amended so as to remain a current description of the service provider, its services, procedures, and facilities.
(d) The provider must establish a procedure to provide and maintain a copy of its exposition or equivalent documentation under rule 140.61 at each location specified under rule 140.61(a)(5).
(a) An authorised aviation security service provider must establish a procedure to identify, collect, index, store, and maintain the records that are necessary to ensure compliance with this Part.
(b) The provider must establish a procedure to—
(1) maintain a register of its aviation security officers, including details of their experience, qualifications, competence, training, medical assessment, and current authorisations; and
(2) ensure that—
(i) all records are of a legible and permanent nature; and
(ii) the records required by paragraph (b)(1) are retained for 2 years from the date the person ceases to be an aviation security officer employed or designated as such by the provider; and
(iii) the records required other than by paragraph (b)(1) are retained for 2 years.
(a) An authorised aviation security service provider must establish an internal quality assurance system to ensure compliance with, and the adequacy of, the procedures required by this Part.
(b) The internal quality assurance system must include—
(1) a security policy and security policy procedures that are relevant to the provider’s goals and the expectations and needs of its customers; and
(2) a procedure to ensure quality indicators, including defect and incident reports, and personnel and customer feedback, are monitored to identify existing problems or potential causes of problems within the system; and
(3) a procedure for corrective action to ensure existing problems that have been identified within the system are corrected; and
(4) a procedure for preventive action to ensure that potential causes of problems that have been identified within the system are remedied; and
(5) an internal quality audit programme to audit the provider for conformity with the procedures required under this Part and achievement of the goals set in its security policy; and
(6) management review procedures that may, where appropriate, include the use of statistical analysis, to ensure the continuing suitability and effectiveness of the internal quality assurance system in satisfying the requirements of this Part; and
(7) in the case of a provider other than AvSec, a procedure to ensure that the senior person who has the responsibility for internal quality assurance has direct access to the Chief Executive on matters affecting security; or
(8) in the case of AvSec, a procedure equivalent to the requirement in paragraph (7) that demonstrates that the person or persons with responsibility for internal quality assurance have direct access to personnel who are accountable for meeting the requirements prescribed in this Part.
(c) The security policy procedure must ensure that the security policy is understood, implemented, and maintained at all levels within the provider.
(d) The procedure for corrective action must specify how—
(1) to correct an existing problem; and
(2) to follow up a corrective action to ensure the action is effective; and
(3) management will measure the effectiveness of any corrective action taken.
(e) The procedure for preventive action must specify how—
(1) to correct a potential problem; and
(2) to follow up a preventive action to ensure the action is effective; and
(3) to amend any procedure required by this Part as a result of a preventive action; and
(4) management will measure the effectiveness of any preventive action taken.
(f) The internal quality audit programme must—
(1) specify the frequency and location of the audits taking into account the nature of the activity to be audited; and
(2) ensure audits are carried out by trained auditing personnel who are independent of those having direct responsibility for the activity being audited; and
(3) ensure the results of audits are reported to the personnel responsible for the activity being audited and the manager responsible for internal audits; and
(4) require preventive or corrective action to be taken by the personnel responsible for the activity being audited if problems are found by the audit; and
(5) ensure follow up audits to review the effectiveness of any preventive or corrective action taken.
(g) The procedure for management review must—
(1) specify the frequency of management reviews of the quality assurance system taking into account the need for the continuing effectiveness of the system; and
(2) identify the responsible manager who will review the quality assurance system; and
(3) ensure the results of the review are evaluated and recorded.
Where required by the Director, AvSec must establish and maintain additional procedures to enable the Director to monitor and evaluate its performance under section 32(2)(e) of the Act.
(a) An applicant for the grant of an aviation security service certificate must provide the Director with an exposition that contains—
(1) a statement signed by the Chief Executive, on behalf of the organisation, confirming that the exposition—
(i) defines the organisation and demonstrates its means and methods for ensuring ongoing compliance with this Part; and
(ii) is to be complied with by its personnel at all times; and
(1A) if a DAMP is required (see rule 99.5 and section 114 of the Act) a DAMP meeting the requirements of Part 99 and of the Act; and
(2) the titles and names of the persons required by rule 140.51(a)(1) and (2); and
(3) the duties and responsibilities of the persons specified in paragraph (a)(2) including matters in respect of which they deal directly with the Director on behalf of the organisation; and
(4) an organisation chart showing associated lines of responsibility of the persons and supervisory persons specified in paragraph (a)(2); and
(5) details of each location where the organisation intends to provide aviation security services and the facilities at each location; and
(6) a summary of the organisation's staffing structure to be used at each location listed under paragraph (a)(5); and
(7) details of the aviation security services to be provided at each location; and
(8) details of the scope of the medical examination report and the method of assessment of fitness required by A.22 of Appendix A; and
(9) details of the applicant’s procedures required by—
(i) rule 140.53 regarding the operating procedures; and
(ii) rule 140.55 regarding control and distribution of aviation security documentation; and
(iii) rule 140.57 regarding the identification, collection, indexing, storage, and maintenance of records; and
(iv) rule 140.59 regarding internal quality assurance of the applicant’s organisation; and
(10) procedures for controlling, amending, and distributing the exposition; and
(11) procedures for notifying, investigating and reporting any security incident to the Director in accordance with Part 12; and
(12) procedures for reporting the detection of dangerous goods to the Director.
(b) An applicant’s exposition must be acceptable to the Director.
(c) AvSec must maintain documentation equivalent to that in paragraphs (a)(5) to (12) above.
(d) AvSec’s documentation must be acceptable to the Director.
(e) References elsewhere in this Part to requirements or documents under paragraph (a) refer, in relation to AvSec, to any corresponding requirement or document under paragraph (c).