Page 367 - UK Continuing Airworthiness Regulations (Consolidated) 201121
P. 367
Part CAMO - ANNEX Vc - Organisational Requirements for Continuing Airworthiness Management
(vi) details of findings, corrective actions, date of action closure, any exemption
and enforcement actions;
(viii) copies of all organisation CAMEs or manuals and amendments thereto;
(ix) copies of any other document approved by the CAA;
(5) the evaluation of alternative means of compliance proposed by organisations, and
the assessment of alternative means of compliance used by the CAA itself;
(6) safety information and follow-up measures in accordance with point CAMO.B.125;
(7) the use of flexibility provisions in accordance with Regulation (EU) 2018/1139 and
its delegated and implementing acts.
(b) The CAA shall maintain a list of all organisation certificates it issued.
(c) All records referred to in points (a) and (b) shall be kept for a minimum period of 5 years
subject to applicable data protection law.
CAMO.B.220(a) AMC1 Record-keeping
GENERAL
(a) The record-keeping system should ensure that all records are accessible within a
reasonable time whenever they are needed. These records should be organised in a
manner that ensures their traceability and retrievability throughout the required retention
period.
(b) All records that contain sensitive data regarding applicants or organisations should be
stored in a secure manner with controlled access to ensure confidentiality.
(c) Records should be kept in paper form or in electronic format or a combination of the two.
Records that are stored on microfilm or optical discs are also acceptable. The records
should remain legible and accessible throughout the required retention period. The
retention period starts when the record is created.
(d) Paper systems should use robust material which can withstand normal handling and
filing. Computer record systems should have at least one backup system, which should
be updated within 24 hours of any new entry. Computer record systems should include
safeguards against any unauthorised personnel from altering the data.
(e) All computer hardware that is used to ensure the backup of data should be stored in a
different location from the one that contains the working data, and in an environment that
ensures that the data remains in a good condition. When hardware or software changes
take place, special care should be taken to ensure that all the necessary data continues
to be accessible throughout at least the full period specified in point CAMO.B.220(c).
CAMO.B.220(a)(1) AMC1 Record-keeping
CAA MANAGEMENT SYSTEM
Records that are related to the CAA’s management system should include, as a minimum, and as
applicable:
(a) the documented policies and procedures;
(b) the personnel files of the CAA’s personnel, with the supporting documents related to their
training and qualifications;
(c) the results of the CAA’s internal audit and safety risk management processes, including
audit findings, and corrective, preventive and risk mitigation actions; and
(d) the contract(s) established with any qualified entities that perform certification or oversight
tasks on behalf of the CAA.
CAMO.B.300 Oversight principles
(a) The CAA shall verify:
(1) compliance with the requirements applicable to organisations prior to the issue of
an organisation certificate, as applicable;
(2) continued compliance with the applicable requirements of organisations it has
certified;
(3) implementation of appropriate safety measures mandated by the CAA as defined in
points (c) and (d) of point CAMO.B.135.
(b) This verification shall:
(1) be supported by documentation specifically intended to provide personnel
responsible for safety oversight with guidance to perform their functions;
(2) provide the organisations concerned with the results of safety oversight activity;
(3) be based on assessments, audits and inspections, including unannounced
inspections;
(4) provide the CAA with the evidence needed in case further action is required,
including the measures provided for in point CAMO.B.350 ‘Findings and corrective
actions’.
(c) The scope of oversight defined in points (a) and (b) shall take into account the results of
past oversight activities and the safety priorities.
(f) The CAA shall collect and process any information deemed useful for oversight, including
for unannounced inspections.
CAMO.B.300(a);(b);(c) AMC1 Oversight principles
MANAGEMENT SYSTEM ASSESSMENT
As part of the initial certification of an organisation, the CAA should assess the organisation’s
management system and processes to make sure that all the required enablers of a functioning
management system are present and suitable.
As part of its continuing oversight activities, the CAA should verify that the required enablers remain
20 November 2021 367 of 412
