Regulation (EU) No 1178/2011 AIRCREW : Pilot Licenses
Revision from August 2023
- EASA - AIRCREW :
- FRANCE :
Annexe VII : [PART ORA] - Organisation Requirements for Aircrew
SUBPART GEN – GENERAL REQUIREMENTS
SECTION I – GENERAL
ORA.GEN.105 Competent authority - Regulation (EU) No 1178/2011
- For the purpose of this Part, the competent authority exercising oversight over:
- organisations subject to a certification obligation shall be:
- for organisations having their principal place of business in a Member
State, the authority designated by that Member State;
- for organisations having their principal place of business located in a
third country, the Agency;
- FSTDs shall be:
- the Agency, for FSTDs:
- located outside the territory of the Member States, or,
- located within the territory of the Member States and operated by
organisations having their principal place of business located in a
third country,
- for FSTDs located within the territory of the Member States and operated by
organisations having their principal place of business in a Member State,
the authority designated by the Member State where the organisation
operating it has its principle place of business, or the Agency, ifso
requested by the Member State concerned.
- When the FSTD located outside the territory of the Member States is operated by an
organisation certified by a Member State, the Agency shall qualify this FSTD in coordination
with the Member State that has certified the organisation that operates such FSTD.
ORA.GEN.115 Application for an organisation certificate - Regulation (EU) No
1178/2011
- The application for an organisation certificate or an amendment to an existing certificate
shall be made in a form and manner established by the competent authority,taking into
account the applicable requirements of Regulation (EC) No 216/2008 and its Implementing
Rules.
- Applicants for an initial certificate shall provide the competent authority with
documentation demonstrating how they will comply with the requirements established in
Regulation (EC) No 216/2008 and its Implementing Rules. Such documentation shall include a
procedure describing how changes not requiring prior approval will be managed and notified
to the competent authority.
ORA.GEN.120 Means of compliance - Regulation (EU) No 290/2012
- Alternative means of compliance to the AMC adopted by the Agency may be used by an
organisation to establish compliance with Regulation (EC) No 216/2008 and its Implementing
Rules.
- When an organisation wishes to use an alternative means of compliance, it shall, prior to
implementing it, provide the competent authority with a full description of the alternative
means of compliance. The description shall include any revisions to manuals or procedures
that may be relevant, as well as an assessment demonstrating that Regulation (EC) No
216/2008 and its Implementing Rules are met.
The organisation may implement these alternative means of compliance subject to prior
approval by the competent authority and upon receipt of the notification as prescribed in
ARA.GEN.120(d).
AMC1 ORA.GEN.120(a) Means of compliance - ED Decision 2012/007/R
DEMONSTRATION OF COMPLIANCE
In order to demonstrate that the Implementing Rules are met, a risk assessment should be
completed and documented. The result of this risk assessment should demonstrate that an
equivalent level of safety to that established by the Acceptable Means of Compliance (AMC)
adopted by the Agency is reached.
ORA.GEN.125 Terms of approval and privileges of an organisation - Regulation (EU) No
1178/2011
A certified organisation shall comply with the scope and privileges defined in the terms of
approval attached to the organisation’s certificate.
AMC1 ORA.GEN.125 Terms of approval and privileges of an organisation - ED
Decision 2012/007/R
MANAGEMENT SYSTEM DOCUMENTATION
The management system documentation should contain the privileges and detailed scope of
activities for which the organisation is certified, as relevant to the applicable
requirements. The scope of activities defined in the management system documentation should
be consistent with the terms of approval.
ORA.GEN.130 Changes to organisations - Regulation (EU) No 1178/2011
- Any change affecting:
- the scope of the certificate or the terms of approval of an organisation; or
- any of the elements of the organisation’s management system as required in
ORA.GEN.200(a)(1) and (a)(2),
shall require prior approval by the competent authority.
- For any changes requiring prior approval in accordance with Regulation (EC) No 216/2008 and
its Implementing Rules, the organisation shall apply for and obtain an approval issued by
the competent authority. The application shall be submitted before any such change takes
place, in order to enable the competent authority to determine continued compliance with
Regulation (EC) No 216/2008 and its Implementing Rules and to amend, if necessary, the
organisation certificate and related terms of approval attached to it.
The organisation shall provide the competent authority with any relevant documentation.
The change shall only be implemented upon receipt of formal approval by the competent
authority in accordance with ARA.GEN.330.
The organisation shall operate under the conditions prescribed by the competent
authority during such changes, as applicable.
- All changes not requiring prior approval shall be managed and notified to the competent
authority as defined in the procedure approved by the competent authority in accordance with
ARA.GEN.310(c).
AMC1 ORA.GEN.130 Changes to organisationsED Decision 2012/007/R
APPLICATION TIME FRAMES
- The application for the amendment of an organisation certificate should be submitted at
least 30 days before the date of the intended changes.
- In the case of a planned change of a nominated person, the organisation should inform
the competent authority at least 10 days before the date of the proposed change.
- Unforeseen changes should be notified at the earliest opportunity, in order to enable
the competent authority to determine continued compliance with the applicable
requirements and to amend, if necessary, the organisation certificate and related terms
of approval.
GM1 ORA.GEN.130(a) Changes to organisations - ED Decision
2017/022/R
GENERAL
- Typical examples of changes requiring prior approval which may affect the certificate or
the terms of approval are listed below:
- the name of the organisation;
- the organisation’s principal place of business;
- the organisation’s scope of activities;
- additional locations of the organisation;
- the accountable manager;
- any of the persons referred to in ORA.GEN.210(a) and (b);
- the organisation’s documentation as required by this Part, safety policy and
procedures;
- the facilities.
- Prior approval by the competent authority is required for any changes to the
organisation’s procedure describing how changes not requiring prior approval will be
managed and notified to the competent authority.
- Changes requiring prior approval may only be implemented upon receipt of formal approval
by the competent authority.
GM2 ORA.GEN.130(a) Changes to organisations - ED Decision
2012/007/R
CHANGE OF NAME OF THE ORGANISATION
A change of name requires the organisation to submit a new application as a matter of
urgency.
Where this is the only change to report, the new application can be accompanied by a copy of
the documentation previously submitted to the competent authority under the previous name,
as a means of demonstrating how the organisation complies with the applicable
requirements.
GM1 ORA.GEN.130(c) Changes to organisations - ED Decision
2017/022/R
GENERAL
Typical examples of changes not requiring prior approval are to the following items:
- medical equipment (e.g. electrocardiograph (ECG), ophthalmoscope);
- flight simulation training device (FSTD) operator’s technical personnel;
- change in schedule of preventive maintenance; and
- list of instructors.
It is recommended that all information on changes not requiring prior approval be included as
annexes to the approved training organisation (ATO)’s, FSTD operator’s, as well as
aeromedical centre’s documentation
ORA.GEN.135 Continued validity - Regulation (EU) No 1178/2011
- The organisation’s certificate shall remain valid subject to:
- the organisation remaining in compliance with the relevant requirements of
Regulation (EC) No 216/2008 and its Implementing Rules,taking into account the
provisions related to the handling of findings as specified under ORA.GEN.150;
- the competent authority being granted access to the organisation as defined in
ORA.GEN.140 to determine continued compliance with the relevant requirements of
Regulation (EC) No 216/2008 and its Implementing Rules; and
- the certificate not being surrendered or revoked.
- Upon revocation or surrender the certificate shall be returned to the competent authority
without delay.
ORA.GEN.140 Access - Regulation (EU) No 290/2012
For the purpose of determining compliance with the relevant requirements of Regulation (EC) No
216/2008 and its Implementing Rules, the organisation shall grant access to any facility,
aircraft, document, records, data, procedures or any other material relevant to its activity
subject to certification, whether it is contracted or not, to any person authorised by:
- the competent authority defined in ORA.GEN.105; or
- the authority acting under the provisions of ARA.GEN.300(d), ARA.GEN.300(e) or ARO.RAMP.
ORA.GEN.150 Findings - Regulation (EU) No 1178/2011
After receipt of notification of findings, the organisation shall:
- identify the root cause of the non-compliance;
- define a corrective action plan; and
- demonstrate corrective action implementation to the satisfaction of the competent authority
within a period agreed with that authority as defined in ARA.GEN.350(d).
AMC1 ORA.GEN.150(b) Findings - ED Decision 2012/007/R
GENERAL
The corrective action plan defined by the organisation should address the effects of the
non-conformity, as well as its root-cause.
GM1 ORA.GEN.150 Findings - ED Decision 2012/007/R
GENERAL
- Corrective action is the action to eliminate or mitigate the root cause(s) and prevent
recurrence of an existing detected non-compliance or other undesirable condition or
situation.
- Proper determination of the root cause is crucial for defining effective corrective
actions.
ORA.GEN.155 Immediate reaction to a safety problem - Regulation (EU) No 1178/2011
The organisation shall implement:
- any safety measures mandated by the competent authority in accordance with ARA.GEN.135(c);
and
- any relevant mandatory safety information issued by the Agency, including airworthiness
directives.
ORA.GEN.160 Occurrence reporting - Regulation (EU) No 70/2014
- The organisation shall report to the competent authority, and to any other organisation
required by the State of the operator to be informed, any accident, serious incident and
occurrence as defined in Regulation (EU) No 996/2010 of the European Parliament and of the
Council1 and Directive 2003/42/EC of the European Parliament and of the
Council2.
- Without prejudice to paragraph (a) the organisation shall report to the competent authority
and to the organisation responsible for the design of the aircraft any incident,
malfunction, technical defect, exceeding of technical limitations and any occurrence that
would highlight inaccurate, incomplete or ambiguous information contained in the operational
suitability data established in accordance with Commission Regulation (EU) No
748/20123 or other irregular circumstance that has or may have endangered the
safe operation of the aircraft and that has not resulted in an accident or serious incident.
- Without prejudice to Regulation (EU) No 996/2010, Directive 2003/42/EC, Commission
Regulation (EC) No 1321/20074 and Commission Regulation (EC) No
1330/20075, the reports referred in paragraphs (a) and (b) shall be made in a
form and manner established by the competent authority and contain all pertinent information
about the condition known to the organisation.
- Reports shall be made as soon as practicable, but in any case within 72 hours of the
organisation identifying the condition to which the report relates, unless exceptional
circumstances prevent this.
- Where relevant, the organisation shall produce a follow-up report to provide details of
actions it intends to take to prevent similar occurrences in the future, as soon as these
actions have been identified. This report shall be produced in a form and manner established
by the competent authority.
AMC1 ORA.GEN.160 Occurrence reporting - ED Decision 2012/007/R
GENERAL
- The organisation should report all occurrences defined in AMC 20-8, and as required by
the applicable national rules implementing Directive 2003/43/EC6 on
occurrence reporting in civil aviation.
- In addition to the reports required by AMC 20-8 and Directive 2003/43/EC, the
organisation should report volcanic ash clouds encountered during flight.
- 1 OJ L 295, 12.11.2010, p. 35.
- 2 OJ L 167, 4.7.2003, p. 23.
- 3 OJ L 224, 21.8.2012, p. 1.
- 4 OJ L 294, 13.11.2007, p. 3.
- 5 OJ L 295, 14.11.2007, p. 7.
- 6 Directive 2003/42/EC of the European Parliament and of the Council of 13
June 2003 on occurrence reporting in civil aviation OJ L 167, 4.7.2003, p.
23-36.
SECTION II – MANAGEMENT
ORA.GEN.200 Management system - Regulation (EU) 2015/445
- The organisation shall establish, implement and maintain a management system that includes:
- clearly defined lines of responsibility and accountability throughout the
organisation, including a direct safety accountability of the accountable manager;
- a description of the overall philosophies and principles of the organisationwith
regard to safety, referred to as the safety policy;
- the identification of aviation safety hazards entailed by the activities of the
organisation, their evaluation and the management of associated risks, including
taking actions to mitigate the risk and verify their effectiveness;
- maintaining personnel trained and competent to perform their tasks;
- documentation of all management system key processes, including a process for making
personnel aware of their responsibilities and the procedure for amending this
documentation;
- a function to monitor compliance of the organisation with the relevant requirements.
Compliance monitoring shall include a feedback system of findings to the accountable
manager to ensure effective implementation of corrective actions as necessary; and
- any additional requirements that are prescribed in the relevant subparts of this
Part or other applicable Parts.
- The management system shall correspond to the size of the organisation and the nature and
complexity of its activities,taking into account the hazards and associated risks inherent
in these activities.
- Notwithstanding point (a), in an organisation providing training only for the LAPL, PPL, SPL
or BPL and the associated ratings or certificates, safety risk management and compliance
monitoring defined in points (a)(3) and (a)(6) may be accomplished by an organisational
review, to be performed at least once every calendar year. The competent authority shall be
notified about the results of this review by the organisation without undue delay.
AMC1 ORA.GEN.200(a)(1);(2);(3);(5) Management system - ED Decision
2012/007/R
NON-COMPLEX ORGANISATIONS - GENERAL
- Safety risk management may be performed using hazard checklists or similar risk
management tools or processes, which are integrated into the activities of the
organisation.
- The organisation should manage safety risks related to a change. The management of
change should be a documented process to identify external and internal change that may
have an adverse effect on safety. It should make use of the organisation’s existing
hazard identification, risk assessment and mitigation processes.
- The organisation should identify a person who fulfils the role of safety manager and who
is responsible for coordinating the safety management system. This person may be the
accountable manager or a person with an operational role in the organisation.
- Within the organisation, responsibilities should be identified for hazard
identification, risk assessment and mitigation.
- The safety policy should include a commitment to improve towards the highest safety
standards, comply with all applicable legal requirements, meet all applicable standards,
consider best practices and provide appropriate resources.
- The organisation should, in cooperation with other stakeholders, develop, coordinate and
maintain an emergency response plan (ERP) that ensures orderly and safe transition from
normal to emergency operations and return to normal operations. The ERP should provide
the actions to be taken by the organisation or specified individuals in an emergency and
reflect the size, nature and complexity of the activities performed by the organisation.
AMC1 ORA.GEN.200(a)(1) Management system - ED Decision 2012/007/R
COMPLEX ORGANISATIONS - ORGANISATION AND ACCOUNTABILITIES
// TODO
GM1 ORA.GEN.200(a)(1) Management system - ED Decision 2012/007/R
SAFETY MANAGER
- Depending on the size of the organisation and the nature and complexity of its
activities, the safety manager may be assisted by additional safety personnel for the
performance of all safety management related tasks.
- Regardless of the organisational set-up it is important that the safety manager remains
the unique focal point as regards the development, administration and maintenance of the
organisation’s safety management system.
GM2 ORA.GEN.200(a)(1) Management system - ED Decision 2012/007/R
COMPLEX ORGANISATIONS - SAFETY ACTION GROUP
// TODO
AMC1 ORA.GEN.200(a)(2) Management system - ED Decision 2012/007/R
COMPLEX ORGANISATIONS - SAFETY POLICY
// TODO
GM1 ORA.GEN.200(a)(2) Management system - ED Decision 2012/007/R
SAFETY POLICY
The safety policy is the means whereby the organisation states its intention to maintain and,
where practicable, improve safety levels in all its activities and to minimise its
contribution to the risk of an aircraft accident as far as is reasonably practicable.
The safety policy should state that the purpose of safety reporting and internal
investigations is to improve safety, not to apportion blame to individuals.
AMC1 ORA.GEN.200(a)(3) Management system - ED Decision 2012/007/R
COMPLEX ORGANISATIONS - SAFETY RISK MANAGEMENT
// TODO
GM1 ORA.GEN.200(a)(3) Management system - ED Decision 2012/007/R
INTERNAL OCCURRENCE REPORTING SCHEME
- The overall purpose of the scheme is to use reported information to improve the level of
safety performance of the organisation and not to attribute blame.
- The objectives of the scheme are to:
- enable an assessment to be made of the safety implications of each relevant
incident and accident, including previous similar occurrences, so that any
necessary action can be initiated; and
- ensure that knowledge of relevant incidents and accidents is disseminated, so
that other persons and organisations may learn from them.
- The scheme is an essential part of the overall monitoring function and it is
complementary to the normal day-to-day procedures and ‘control’ systems and is not
intended to duplicate or supersede any of them. The scheme is a tool to identify those
instances where routine procedures have failed.
- All occurrence reports judged reportable by the person submitting the report should be
retained as the significance of such reports may only become obvious at a later date.
GM3 ORA.GEN.200(a)(3) Management system - ED Decision 2013/008/R
APPROVED TRAINING ORGANISATIONS - RISK MANAGEMENT OF FLIGHT OPERATIONS WITH KNOWN OR
FORECAST VOLCANIC ASH CONTAMINATION
// TODO
GM4 ORA.GEN.200(a)(3) Management system - ED Decision 2013/008/R
SAFETY RISK ASSESSMENT – RISK REGISTER
The results of the assessment of the potential adverse consequences or outcome of each hazard
may be recorded by the ATO in a risk register, an example of which is provided below.
// TODO
AMC1 ORA.GEN.200(a)(4) Management system - ED Decision 2012/007/R
TRAINING AND COMMUNICATION ON SAFETY
- Training
- All personnel should receive safety training as appropriate for their safety
responsibilities.
- Adequate records of all safety training provided should be kept.
- Communication
- The organisation should establish communication about safety matters that:
- ensures that all personnel are aware of the safety management activities
as appropriate for their safety responsibilities;
- conveys safety critical information, especially relating to assessed
risks and analysed hazards;
- explains why particular actions are taken; and
- explains why safety procedures are introduced or changed.
- Regular meetings with personnel where information, actions and procedures are
discussed may be used to communicate safety matters.
GM1 ORA.GEN.200(a)(4) Management system - ED Decision 2012/007/R
TRAINING AND COMMUNICATION ON SAFETY
The safety training programme may consist of self-instruction via a media (newsletters,
flight safety magazines), class-room training, e-learning or similar training provided by
training service providers.
AMC1 ORA.GEN.200(a)(5) Management system - ED Decision 2012/007/R
ORGANISATION’S MANAGEMENT SYSTEM DOCUMENTATION
- The organisation’s management system documentation should at least include the following
information:
- a statement signed by the accountable manager to confirm that the organisation
will continuously work in accordance with the applicable requirements and the
organisation’s documentation as required by this Part;
- the organisation's scope of activities;
- the titles and names of persons referred to in ORA.GEN.210(a) and (b);
- an organisation chart showing the lines of responsibility between the persons
referred to in ORA.GEN.210;
- a general description and location of the facilities referred to in
ORA.GEN.215;
- procedures specifying how the organisation ensures compliance with the
applicable requirements;
- the amendment procedure for the organisation’s management system
documentation.
- The organisation’s management system documentation may be included in a separate manual
or in (one of) the manual(s) as required by the applicable Subpart(s). A cross reference
should be included.
GM1 ORA.GEN.200(a)(5) Management system - ED Decision 2012/007/R
ORGANISATION’S MANAGEMENT SYSTEM DOCUMENTATION
- It is not required to duplicate information in several manuals. The information may be
contained in any of the organisation manuals (e.g. operations manual, training manual),
which may also be combined.
- The organisation may also choose to document some of the information required to be
documented in separate documents (e.g. procedures). In this case, it should ensure that
manuals contain adequate references to any document kept separately. Any such documents
are then to be considered an integral part of the organisation’s management system
documentation.
AMC1 ORA.GEN.200(a)(5) Management system - ED Decision 2012/007/R
COMPLEX ORGANISATIONS – ORGANISATION’S SAFETY MANAGEMENT MANUAL
// TODO
AMC1 ORA.GEN.200(a)(6) Management system - ED Decision 2012/007/R
COMPLIANCE MONITORING - GENERAL
- Compliance monitoring
The implementation and use of a compliance monitoring function should enable the
organisation to monitor compliance with the relevant requirements of this Part and other
applicable Parts.
- The organisation should specify the basic structure of the compliance monitoring
function applicable to the activities conducted.
- The compliance monitoring function should be structured according to the size of
the organisation and the complexity of the activities to be monitored.
- Organisations should monitor compliance with the procedures they have designed to ensure
safe activities. In doing so, they should as a minimum, and where appropriate, monitor:
- privileges of the organisation;
- manuals, logs, and records;
- training standards;
- management system procedures and manuals.
- Organisational set up
- To ensure that the organisation continues to meet the requirements of this Part
and other applicable Parts, the accountable manager should designate a
compliance monitoring manager. The role of the compliance monitoring manager is
to ensure that the activities of the organisation are monitored for compliance
with the applicable regulatory requirements , and any additional requirements as
established by the organisation, and that these activities are being carried out
properly under the supervision of the relevant head of functional area.
- The compliance monitoring manager should be responsible for ensuring that the
compliance monitoring programme is properly implemented, maintained and
continually reviewed and improved.
- The compliance monitoring manager should:
- have direct access to the accountable manager;
- not be one of the other persons referred to in ORA.GEN.210(b);
- be able to demonstrate relevant knowledge, background and appropriate
experience related to the activities of the organisation; including
knowledge and experience in compliance monitoring; and
- have access to
- In the case of a non-complex organisation, this task may be exercised by the
accountable manager provided he/she has demonstrated having the related
competence as defined in (c)(3)(iii).
- In the case the same person acts as compliance monitoring manager and as safety
manager, the accountable manager, with regards to his/her direct accountability
for safety, should ensure that sufficient resources are allocated to both
functions, taking into account the size of the organisation and the nature and
complexity of its activities.
- The independence of the compliance monitoring function should be established by
ensuring that audits and inspections are carried out by personnel not
responsible for the function, procedure or products being audited.
- Compliance monitoring documentation
- Relevant documentation should include the relevant part(s) of the organisation’s
management system documentation.
- In addition, relevant documentation should also include the following:
- terminology;
- specified activity standards;
- a description of the organisation;
- the allocation of duties and responsibilities;
- procedures to ensure regulatory compliance;
- the compliance monitoring programme, reflecting:
- schedule of the monitoring programme;
- audit procedures;
- reporting procedures;
- follow-up and corrective action procedures; and
- recording system.
- the training syllabus referred to in (e)(2);
- document control.
- Training
- Correct and thorough training is essential to optimise compliance in every
organisation. In order to achieve significant outcomes of such training, the
organisation should ensure that all personnel understand the objectives as laid
down in the organisation’s management system documentation.
- Those responsible for managing the compliance monitoring function should receive
training on this task. Such training should cover the requirements of compliance
monitoring, manuals and procedures related to the task, audit techniques,
reporting and recording.
- Time should be provided to train all personnel involved in compliance management
and for briefing the remainder of the personnel.
- The allocation of time and resources should be governed by the volume and
complexity of the activities concerned.
GM1 ORA.GEN.200(a)(6) Management system - ED Decision 2012/007/R
COMPLIANCE MONITORING - GENERAL
- The organisational set-up of the compliance monitoring function should reflect the size
of the organisation and the nature and complexity of its activities. The compliance
monitoring manager may perform all audits and inspections himself/herself or appoint one
or more auditors by choosing personnel having the related competence as defined in AMC1
ORA.GEN.200(a)(6) point (c)(3)(iii), either from within or outside the organisation.
- Regardless of the option chosen it must be ensured that the independence of the audit
function is not affected, in particular in cases where those performing the audit or
inspection are also responsible for other functions within the organisation.
- In case external personnel are used to perform compliance audits or inspections:
- any such audits or inspections are performed under the responsibility of the
compliance monitoring manager; and
- the organisation remains responsible to ensure that the external personnel has
relevant knowledge, background and experience as appropriate to the activities
being audited or inspected; including knowledge and experience in compliance
monitoring.
- The organisation retains the ultimate responsibility for the effectiveness of the
compliance monitoring function in particular for the effective implementation and
follow-up of all corrective actions.
GM2 ORA.GEN.200(a)(6) Management system - ED Decision 2012/007/R
COMPLEX ORGANISATIONS - COMPLIANCE MONITORING PROGRAMME FOR ATOs
// TODO
GM3 ORA.GEN.200(a)(6) Management system - ED Decision 2012/007/R
AUDIT AND INSPECTION
- ‘Audit’ means a systematic, independent and documented process for obtaining evidence
and evaluating it objectively to determine the extent to which requirements are complied
with.
- ‘Inspection’ means an independent documented conformity evaluation by observation and
judgement accompanied as appropriate by measurement, testing or gauging, in order to
verify compliance with applicable requirements.