AC000 - 3 Internal QA
AC000 - 3 Internal QA
AC000 - 3 Internal QA
AC 00-3
Internal Quality Assurance 24 July 2007
General
Civil Aviation Authority advisory circulars (AC) contain information about standards,
practices and procedures that the Civil Aviation Authority has found to be acceptable for
compliance with the associated rule.
Consideration will be given to other methods of compliance that may be presented to the
Authority. When new standards, practices or procedures are found to be acceptable, they
will be added to the appropriate advisory circular.
In addressing a subject the use of the imperative, for example shall or must, is because it is
associated with mandatory provisions of the Rule itself.
Purpose
The purpose of this Advisory Circular is to provide information and guidance relating to
internal quality assurance procedures. Organisations seeking certification are required,
under Civil Aviation Rules, to have such procedures in place. Any organisation requiring a
certificate under Civil Aviation Rules can apply the procedures and practices outlines in
this AC. They are equally applicable to flight, maintenance, or security operations, as
appropriate.
Focus
This material is intended for Certificated Organisations operating in the New Zealand aviation
environment. It describes the Quality Management System that you are expected to use.
Related Rules
This Advisory Circular relates specifically to CAR Part 119, Part 139, the 140-series Parts,
and the 170-series Parts.
Published by
Civil Aviation Authority
PO Box 31441
Lower Hutt
Authorised by
Manager Rules Development
Change Notice
This AC replaces AC 120-01A by re-numbering it to AC 00-3 as part of a project to
standardise the numbering of all advisory circulars. The renumbering of this AC to a
generic 00- series is intended to clarify that the AC has a general applicability to various
rule Parts.
Table of Contents
1. Background ........................................................................................................ 4
1.1 Civil Aviation Rules safety standards ................................................................. 4
1.2 Quality Management System ............................................................................. 4
1.3 Internal Quality Assurance Procedures .............................................................. 5
1.4 CAA Monitoring and Intervention........................................................................ 5
2. Definitions .......................................................................................................... 5
2.1 Evidence ............................................................................................................ 6
2.2 Controls ............................................................................................................. 6
2.3 Finding ............................................................................................................. 6
2.4 Concern ............................................................................................................. 6
2.5 Root cause ......................................................................................................... 6
2.6 Inspection ........................................................................................................... 6
2.7 Audit ............................................................................................................. 7
2.8 Audit Construction .............................................................................................. 7
3. Basis of the Quality Management System ...................................................... 8
4. Internal Quality Assurance Procedure Guidelines......................................... 9
4.1 The Quality Assurance team or Management Representative ........................... 9
4.2 Safety Policy..................................................................................................... 10
4.3 Corrective and Preventive Actions ................................................................... 11
4.4 Management Review........................................................................................ 11
4.5 The Audit Programme ...................................................................................... 12
4.6 Quality Indicators.............................................................................................. 12
4.7 Records ........................................................................................................... 13
4.8 Documenting Quality Assurance Procedures ................................................... 13
5. Conclusion ....................................................................................................... 14
1. Background
A substantial change in regulatory requirements has taken place because of the recommendations
of the Swedavia - McGregor Report of 1988. Previously, regulatory surveillance consisted mainly
of inspection of end products of the aviation system. Little attention was given to the systems and
procedures that produced them. The Civil Aviation Authority, in effect, provided an external
quality control function for the aviation industry through a process of constant inspection and
intervention.
Given the complexity of modern aircraft, aerodromes, and organisations engaged in aviation
activities, this hands on, interventionist, approach from regulatory authorities is no longer
appropriate. Inspections of end products provide a snap shot view of an organisations activities
and do not identify the underlying causal factors of the failures that occur.
The report concluded that it is more effective for the Civil Aviation Authority to examine the
system that controls the activity, and ensure that there are appropriate procedures in place to
address and achieve the required safety standard. Public safety is enhanced if deficiencies are
identified and immediately corrected when they are discovered by the operator rather than waiting
for discovery and reporting by a third party auditor.
The Civil Aviation Rules require the development, implementation, and maintenance of the
elements of the ISO standard that will promote improved aviation safety, and, as a result, provide
an environment in which aviation will operate with greater safely.
The Rules do not address all elements of the ISO standard, however, organisations certificated
under the new rules will, if they so wish, have a sound basis on which to achieve ISO certification
with its attendant benefits.
The Quality Management System is the structure, responsibilities, processes, and procedures of an
organisation that promotes and establishes an environment and culture of continuing improvement
that will enhance the safety of the operations.
The Quality Management System and internal quality assurance procedures establish and provide
for the organisations self regulation. This set-up allows for the change in relationship between the
organisation (now self-regulating) and the Civil Aviation Authority (no longer inspecting, now
monitoring).
Internal quality assurance procedures will identify, document and correct instances of non-
conformance, or non-compliance. These procedures must be put in place for all areas of the
organisations activities that are covered by the rules. Internal quality assurance procedures, as well
as providing confidence in the organisation meeting regulatory compliance, can improve the
organisations commercial performance and should be of benefit to both the organisation and its
customers.
This Quality Management approach, where certificated organisations carry out their own internal
quality assurance, is being followed by the regulatory authorities of Europe and America. The
information in this advisory circular closely follows that presented by the FAA in their AC12059
and the proposal by the JAA in their Joint Advisory Material AMJ OPS 1.035. It is essential that
our processes, leading to certification, closely follow those of the major international agencies so
that New Zealand organisations can be internationally recognised.
Definitions of key quality terms and a description of the basic elements (internal quality assurance
procedures) of a Quality Management System are included in this AC. These definitions and
programme elements are consistent with recognised quality principles and standards. Where
appropriate, these terms have been tailored to conform to aviation standards and practices.
All Civil Aviation Rules for the certification of organisations state that an organisation is entitled to
a Certificate if it meets the requirements of the rule. The Director must be satisfied that an applicant
can conduct its proposed activities safely. The Quality Management System and associated quality
assurance procedures will facilitate approval of the organisations safety policy and programmes.
To assist internal and external auditors, and the organisation's personnel, it is recommended that a
matrix is developed to cross-reference where the exposition addresses or meets the requirements of
the relevant Rule.
The results of Civil Aviation Authority audits act as a barometer of the organisations performance.
It will be apparent from the level of findings and resolutions in the internal quality assurance
documentation and records whether the Quality Management System and the safety policy are
functioning satisfactorily. The performance of the organisation will dictate the level of Civil
Aviation Authority intervention that is necessary.
If the organisation performs well the Civil Aviation Authority will have less need to monitor its
compliance. As confidence is built up the level, and frequency, of audits can be reduced.
2. Definitions
The following key terms and phrases are defined to ensure a standard interpretation and
understanding of the Quality Management System and internal quality assurance procedures.
2.1 Evidence
Evidence is a documented statement of fact that is based on observations, measurements, or tests
that can be verified. For an internal audit, evidence should generally be written documentation or
reports that support the Internal Quality Assurance procedures. This data is necessary to provide
findings or concerns, to provide proof that findings and concerns are addressed, and to enable
management, staff, or auditors to determine the root causes of any reported findings. Objective
evidence generally comes from the following four elements
Equipment examined
Activities observed
Interview data, provided this data can be substantiated by one or more of the above
elements
2.2 Controls
Controls are management and operational techniques, activities, and procedures that monitor the
satisfactory performance of the internal quality assurance procedures, including the organisations
operating processes and procedures. Reviews, in process tests, checklists, spot checks and audits
are all examples of Controls.
As part of an internal quality audit or review, the controls of the area being evaluated should be
verified and tested. Sometimes, personnel performing the internal quality audit or review may have
to first determine the features of a control.
2.3 Finding
A finding is a conclusion, supported by objective evidence, that demonstrates non-compliance with
a specific standard. A finding will generate a Corrective or Preventive Action.
An internal audit or review may also produce a conclusion that is considered a finding by the
operator, but is not a non-compliance with the rule.
2.4 Concern
A concern is a conclusion, supported by objective evidence, that does not demonstrate a finding,
but rather a condition that may become a finding. A concern may generate a Preventive Action.
In the analysis of safety, quality, or operational problems, the root cause, or causes, should be
determined before any corrective action is planned.
Often the root cause is not obvious. Consequently, a careful and considered analysis of all
processes, activities, records, reports, and other evidence associated with a failure or complaint
needs to be made to ensure the corrective action(s) address not only the immediate cause but any
latent or organisational problems.
2.6 Inspection
An inspection is the act of observing, measuring, testing, or gauging one or more characteristics of
a particular event or action. This is to ensure that correct procedures and requirements are followed
during the accomplishment of that event, or action. The primary purpose of an inspection is to
verify
(a) that established standards are followed during an observed event or action; and
(b) that the end result conforms with the specified requirements of the event or action.
2.7 Audit
An audit is a methodical, planned, review used to determine how activities are being conducted,
and compares results with how the activities should have been conducted according to established
procedures. Audits are conducted for different purposes and have distinct identities that are defined
for the purposes of this AC as:
First party audits are those conducted internally by the organisation, using its own trained
staff, to evaluate the organisations, or parts of the organisation's, performance. The results
are used by management to confirm compliance with the documented standards and
procedures to initiate corrective action when the standard is not met or preventive actions
where there is potential for non-conformance or non-compliance.
The auditor must be independent of the function, operation or group being audited. For small
operators it may be necessary to engage an outside agency. To contain costs, provided they can
provide a substantive report and produce creditable findings and concerns, the outside agency
could be
a relative
a sub-contractor
a business associate.
Second party audits are carried out by an organisation on its suppliers or subcontractors.
These audits are intended to satisfy the contracting organisation that the subcontractor
meets the agreed quality requirements.
Third party audits are those carried out by independent bodies such as regulatory
authorities or commercial auditing companies. In the aviation industry one such body is the
Civil Aviation Authority. They are intended to give the Authority an assurance that the
organisation is in control and that the organisations Quality Management System and
internal quality assurance procedures are working effectively. Third party audits will
confirm that non-compliances are being identified and corrected by first, or second, party
audit.
(i) introduce the audit team and confirm the scope of the audit;
(iii) confirm the resources, people and facilities needed for the audit are aware and
available for the audit.
(i) interview personnel, review documents, observe and inspect operations and select
samples;
(i) descriptions of all the findings and observations with the supporting evidence;
(iii) the schedule for follow up and the closure of the corrective and preventive actions.
A certificated organisation is required to establish a Quality Management System that embraces the
following principles:
(a) A continual process that incorporates the techniques of inspections, audits, and reviews to
assess the adequacy of managerial controls in key programmes and systems
(b) An ongoing process that identifies deficiencies, develops corrective action plans to correct
these deficiencies, and performs follow-up reviews
The Civil Aviation Authority encourages organisations to extend their internal quality assurance
procedures beyond regulatory compliance to determine the causes of other deficiencies in company
operations. From these determinations the necessary enhancements to company operating practices
can be made before deficiencies occur.
The quality policy must stress the self-audit responsibilities of individual employees as well as the
organisation's management. Each employee has an equal responsibility to ensure that company
policies and procedures provide for safety compliance and allows individuals to perform work
properly.
The internal quality assurance procedures should not be misunderstood as a process that will
replace the existing third party audit requirements that are carried out by the Civil Aviation
Authority.
The Quality Management System should include the following essential elements in the internal
quality assurance procedures
(a) definition of the organisation's management commitment and responsibilities to the quality
plan and procedures. It is required that the organisation nominate a Senior Person, known
in this AC as the Management Representative, to establish an independent and focused
Quality Management System (see appendix 4); and
(b) a documented, approved, safety policy and plan to identify, implement, and maintain
safety policy procedures that
(ii) are relevant to the applicants organisational and business goals, and;
(i) corrective action to ensure existing problems that have been identified within the
system are corrected, and;
(ii) for preventive action to ensure that potential causes of problems that have been
identified within the system are remedied; and
(d) establish a procedure to ensure the Quality Management System and the internal quality
assurance procedures are subjected to continual, regular and structured review; and
(e) an internal audit programme to audit the applicants organisation for conformity with the
procedures in its exposition and achievement of the goals set in its safety policy; and
(f) a procedure to ensure quality indicators, including defect and incident reports, and
personnel and customer feedback, are monitored to identify existing problems or potential
causes of problems within the system; and
(g) a records system that clearly documents what has taken place, allowing statistical analysis
to monitor the continuing suitability and effectiveness of the Quality Management System
and the organisations operation. The records will be used to indicate trends to allow the
organisation to
(ii) determine the best goals to set for the future; and
(h) a document control procedure to manage, develop, document, change, and distribute the
organisations quality and operational procedures.
These elements are further described in the following sections 4.1 through 4.8.
(c) identify and record any findings or concerns, and the evidence necessary to confirm
findings or concerns;
(d) initiate, recommend, or provide solutions to findings or concerns through consultation with
the management owning the non-conforming process or activity;
(f) analyse the root causes of concerns and findings for presentation to management for a
review of trends and potential areas of concern;
(g) conduct and record regular Management Reviews to ensure corrective and preventive
actions are addressed and closed out within a specific time.
The Management Representative or the Quality Assurance Team must have the delegated authority
and responsibilities to allow them to work within the organisation to implement and maintain the
internal quality assurance procedures. The Management Representative or the Quality Assurance
Team will have a direct reporting line to the highest level of management necessary to sustain the
management commitment to the organisations Safety policy and plan.
For some organisations, operating size may justify the costs associated with the necessity of having
full-time, dedicated, resources and personnel in a separate Quality Assurance Department or group.
However, when full-time, dedicated, resources and personnel are not practical, the organisation
should develop procedures that preclude persons directly responsible for the areas to be evaluated
from participating in the selection of the audit team.
For very small organisations, an appropriate internal quality assurance procedure should consist of
developing check-lists and a schedule for accomplishing the check-list items. Each checklist must
be signed. The operator must schedule an occasional independent review of the check-lists and the
checklist items.
The characteristics that define a safety culture and that decision-makers should observe when
modelling the corporate safety culture include:
(a) senior management places strong emphasis on safety as part of the strategy of controlling
risks;
(b) decision-makers and operational personnel hold a realistic view of short- and long-term
hazards involved in the organisations activities;
(c) those in top positions do not use their influence to force their views or to avoid criticism;
(d) those in top positions foster a climate in which there is a positive attitude towards
criticisms, comments, and feedback from lower levels of the organisation;
(e) there is an awareness of the importance of communicating relevant safety information at all
levels of the organisation both within it and with outside entities;
(f) there is promotion of appropriate, realistic, and workable rules relating to hazards, to
safety, and to potential sources of damage, with such rules being supported and endorsed
throughout the organisation; and
(g) personnel are well trained and well educated and fully understand the consequences of
unsafe acts.
(c) monitoring each corrective action to verify timely and effective implementation and
completion;
(d) test that the corrective action is long-term and ensures the issue does not recur;
(a) the internal quality assurance procedures, the quality indicators, and inspection and test
results to verify the Quality Management System is working;
(b) that the corrective and preventive actions have been recorded, implemented, and closed
out;
(c) that the operation and quality assurance programmes are under constant review and
improvement.
The organisation must prepare and conduct a programme to regularly review all company policies,
processes, and procedures. The review should be carried out by dedicated staff. It will encompass
all the activities, procedures, and processes of the organisation. The programme should be a
comprehensive and continual process that considers the following:
(a) The overall effectiveness of the organisation in achieving its stated objectives.
(b) The ability of the internal quality assurance and the operational procedures to respond to
new technologies, to market strategies, to legislative or regulatory changes, and to social or
environmental conditions.
(c) Are the current processes and procedures up-to-date, effective, and relevant?
For the purposes of this procedure, the term management means the team or person who has the
authority to resolve issues and take action.
The management reviews with supporting documents will be recorded. The organisation will
determine and document, as a quality assurance procedure, the frequency, format, and structure for
informing management of internal quality assurance plans, trends, results, and follow-up actions.
The procedure will define the responsibilities and the independence of personnel who perform or
supervise the management reviews.
(c) manage the review, reporting, and close-out of findings and concerns;
To facilitate and ensure the audit is thorough, divide the organisation into audit components based
on the organisations operational or functional structure. Dependant on the size of the organisation
the audit cycle might be greater than one year, however, eighteen months is the maximum.
Schedule the audit within each component to allow enough flexibility for resources to be
committed.
Schedule special audits, or spot checks, based on a review of the organisations, or industry, trends.
(a) Reports derived from the analysis of operational logs and records kept of incidents,
occurrences, accidents, and other safety indicators;
(b) Root cause analysis from corrective and preventive action records;
(c) Performance measurements of both the Quality Management System and the organisations
operation;
4.7 Records
Records documenting the performance and results of carrying out the internal quality assurance
procedures will be maintained by the organisation. Records are the principal form of evidence.
Documented evidence is essential in analysing and determining the root cause of findings or
concerns so that potential areas of non-compliance or non-conformance can be identified by the
organisation. The record must be accurate, complete, reliable, and accessible.
(d) analysis of root causes and the ensuing trends and management reports;
customer complaints
customer surveys
Each organisation shall review the size and complexity of their operation to determine the scale of
processes and procedures that will maximise the benefits of their Quality Management System and
their operations. Consequently they will improve their safety level and the business results.
Each organisation will require several, possibly many, processes to sustain their operation. Each
process will consist of one or more procedures.
The Quality Management System is a process. The internal quality assurance procedures that are
mandatory for an effective Quality Management System are defined in section 4 of this AC.
(a) be concise and complete enough to be a useful guide for a user with the appropriate skills
to perform the task(s) within the procedure;
(b) state specifically how the organisation will address and meet the requirements of Rules,
Acts, ACs, CASOs or an other reference standard or document initiating the procedure. For
example, it is not sufficient, to pass approval or audit, for a procedure to simply state:
Organisation ABC will comply with Rule XYZ.
(c) be current and met the requirements of referenced document(s). For example. the rule;
(e) comply with a defined (by the organisation) standard format, for example
(i) Title *
(v) References (what other documents, (Rules, Acts, standards, other procedures)
affect or are related to this procedure?);
(ix) Records (what records? For example but not limited to, checklists, reports,
reviews, measurements.)
Each heading must be considered, but this list is not definitive, however, the headings denoted by
an asterisk are mandatory.
5. Conclusion
The development, implementation, and conscientious application and maintenance of a Quality
Management System and the associated internal quality assurance procedures, as discussed in this
AC, will ensure that a certificated organisation is responsive to growth and change, and the
organisation continually complies with appropriate safety and regulatory requirements.
Furthermore, it is strongly recommended that organisations make the Quality Management System
an integral part of their everyday management process. Aviation safety is best served by procedures
that allow organisations to identify and correct their own instances of non-compliance and invest
more resources in efforts to preclude their recurrence.
APPENDIX 1
Title: Document Control
Purpose:
Document control procedures will establish processes that:
Manual Standards:
Manual standards should include:
(b) Every page to be identified as belonging to the organisation by including the title of the
company in the document header or footer;
(c) Every policy, procedure or work instruction to be written as a stand alone document, and
will be uniquely identified by a subject code in the document header or footer;
(d) Every page within a policy, or procedure or work instruction to be identified in the
document header or footer as Page x of y; and
Procedures:
1. Identification and Authorisation of Controlled Documents
Documents to be controlled will be identified by reviewing the content of the document against the
following criteria:
(a) Any document that provides instruction or guidance to the organisations personnel to
support them in achieving the planned quality and business objectives;
(b) Any document containing legislative requirements that the organisation is responsible for
administrating or required to conform with; and
(c) Any document containing standards, recommended practices, or guidance material that has
been adopted, and used when undertaking the functions and activities of the organisation.
If one or more of the above criteria apply, the document must be controlled.
3. Document Distribution
Obsolete pages are to be promptly removed from all points of issue or use. In most cases these
documents will be destroyed to ensure they can not be used in the workplace. However, a hard
copy of an obsolete document may be archived, provided each page is identified as obsolete.
4. Document Review
All documents originating within the company need to be reviewed at least annually to ensure they
are current and continue to meet the organisations needs. The organisation must establish and
maintain a programme to complete these reviews.
Define the number of amendments a document may have before it will be reviewed against current
documentation and editorial standards and if necessary re-write and re-issue the document to
conform with current standards and practices.
Documents that are written, amended and distributed by external agencies and are used
operationally by the company, should be reviewed twice yearly to ensure they are current.
External documents used for day-to-day activities must be current. Any person using these
documents for day-to-day activities must check and maintain the currency of the documents each
time the document is used.
APPENDIX 2
Title: Corrective and Preventive Actions
Purpose:
To document a procedure that defines the corrective and preventive action processes that ensure
existing issues and potential problems are identified, recorded, corrected and followed up to ensure
they do not re-occur.
Definitions:
Corrective and Preventive actions are raised as a result of :
Procedures:
Reporting
The following details must be recorded for every corrective and preventive action raised:
(i) measurement applied to ensure action taken was effective and permanent.
Review
All corrective and preventive actions should be reviewed by the management representative
responsible for quality.
The root causes of all actions raised over a set period of time will be reviewed to determine any
significant trends. This process is designed to identify potential issues and problems. A preventive
action should be raised for any action to be taken as a result of the review. The results of reviews
are to be recorded and retained for future reference.
APPENDIX 3
Title: Management Reviews
Purpose:
To define the procedure establishing a management review process, that test and confirm the
suitability and effectiveness of the quality system.
Procedure:
A Review Meeting will be held regularly (once a month), with minutes, action plans and
documents kept to support the observations, conclusions and recommendations reached. These
record will be retained for future reference and analysis.
APPENDIX 4
Title: Management Representative
Purpose:
To define the role and responsibilities of the Management Representative.
Definition:
Management representative The Management Representative is delegated by the Senior
Management to facilitate and maintain the organisation's quality system.
(c) Co-ordinate the implementation new quality system procedures or changes to current
procedures
(g) Review root causes of all corrective and preventive actions and provide management and
Group with a report on trends with recommended actions.
(h) The preparation and distribution to the Manager and the team, statistical information and
survey results that measure and test: the current processes and the organisations
performance.