Page 49 - UK ATM ANS Regulations (Consolidated) 201121
P. 49
Part ATM/ANS.OR - ANNEX III - Common Requirements for Service Providers
(1) the consistency of all the evidence; and
(2) the fact that all the evidence is derived from a known version of the software (i.e. all
evidence and arguments are actually available and can be traced without ambiguity
to the executable version).
(b) The service provider should:
(1) anticipate the possibility for on-site audits or inspections by the competent
authority; and
(2) when evidence and arguments are developed by contracted organisations, include
the corresponding rights of the competent authority to assess said organisations
during on-site audits or inspections.
ATM/ANS.OR.A.055 Findings and corrective actions
After receipt of notification of findings from the competent authority, the service provider shall:
(a) identify the root cause of the non-compliance;
(b) define a corrective action plan that meets the approval by the competent authority;
(c) demonstrate corrective action implementation to the satisfaction of the competent
authority within the time period proposed by the service provider and agreed with that
authority, as defined in point ATM/ANS.AR.C.050(e).
ATM/ANS.OR.A.055 GM1 Findings and corrective actions
GENERAL
(a) Corrective action is the action taken to eliminate or mitigate the root cause(s) and prevent
the recurrence of existing detected non-compliance or other undesirable condition or
situation.
(b) The proper determination of the root cause is crucial for defining effective corrective
actions.
ATM/ANS.OR.A.055(b) AMC1 Findings and corrective actions
GENERAL
The corrective action plan defined by the service provider should address the effects of the non-
conformity and its root cause.
ATM/ANS.OR.A.055(c) AMC1 Findings and corrective actions
CORRECTIVE ACTION IMPLEMENTATION PERIOD DAT PROVIDERS
In case of a Level 1 finding, the DAT provider should demonstrate corrective action to the satisfaction
of the competent authority within a period of no more than 21 working days following receipt of written
confirmation of the finding. At the end of this period and subject to the nature of the finding, the 21-
working-day period may be extended and agreed by the competent authority when the safety issue is
mitigated.
ATM/ANS.OR.A.060 Immediate reaction to a safety problem
A service provider shall implement any safety measures, including safety directives, mandated by the
competent authority in accordance with point ATM/ANS.AR.A.025(c).
ATM/ANS.OR.A.065 Occurrence reporting
(a) A service provider shall report to the competent authority, and to any other organisation
required by the competent authority any accident, serious incident and occurrence as
defined in Regulation (EU) No 996/2010 of the European Parliament and of the Council1
and Regulation (EU) No 376/2014.
(b) Without prejudice to point (a), the service provider shall report to the competent authority
and to the organisation responsible for the design of system and constituents, if different
from the service provider, any malfunction, technical defect, exceeding of technical
limitations, occurrence, or other irregular circumstance that has or may have endangered
the safety of services and that has not resulted in an accident or serious incident.
(c) Without prejudice to Regulations (EU) No 996/2010 and (EU) No 376/2014, the reports
referred to in points (a) and (b) shall be made in a form and manner established by the
competent authority and contain all the pertinent information about the event known to the
service provider.
(d) Reports shall be made as soon as possible and in any case within 72 hours of the
service provider identifying the details of the event to which the report relates unless
exceptional circumstances prevent this.
(e) Without prejudice to Regulation (EU) No 376/2014, where relevant, the service provider
shall produce a follow-up report to provide details of actions it intends to take to prevent
similar occurrences in the future, as soon as these actions have been identified. This
report shall be produced in a form and manner established by the competent authority.
ATM/ANS.OR.A.065 AMC1 Occurrence reporting
REPORTING PROCEDURES
The service provider should establish procedures to be used for reporting to the competent authority
and any other organisation required which include:
(a) description of the applicable requirements for reporting;
(b) description of the reporting mechanism, including reporting forms, means and deadlines;
(c) personnel responsible for reporting; and
(d) description of mechanism and personnel responsibilities for identifying root causes, and
the actions that may be needed to be taken to prevent similar occurrences in the future,
as appropriate.
ATM/ANS.OR.A.065 GM1 Occurrence reporting
GENERAL
20th November 2021 49 of 238
