2/22/19

 

8900.1 CHG 648

VOLUME 10  SAFETY ASSURANCE SYSTEM POLICY AND PROCEDURES

CHAPTER 2  CONFIGURATION

Section 1  Safety Assurance System: Module 1 Configuration

10-2-1-1    GENERAL. The certificate holder or applicant defines its scope of operations and develops core processes, procedures, and programs for Federal Aviation Administration (FAA) approval or acceptance. The scope of operations enables the FAA to develop a Certificate Holder Operating Profile (CHOP) for a particular certificate holder or applicant. This operating profile allows the principal inspector (PI) or certification project manager (CPM) to plan and conduct oversight activities that are specific to the certificate holder or applicant’s scope of operation.

Indicates new/changed information.

NOTE:  Security is an important feature of the Safety Assurance System (SAS) automation. If a SAS user detects a security breach or there is an indication of a security risk, he or she should immediately notify the office SAS Security Auditor or SAS Administrator. See Volume 10, Chapter 1, Section 1, Subparagraph 10-1-1-5J, Security Risks, for more information.

A.    Purpose. There are three events that can trigger a change request to the configuration process: an initial certification, an FAA‑initiated change, or a certificate‑holder‑initiated change. The outcome of this process is a final operating profile.

B.    Scope. This section applies to the PI/CPM. In Module 1, Configuration, the PI/CPM will:

    Assist the certificate holder or applicant with the application process,

    Review the application package for accuracy and completeness,

    Accept or reject the submission,

    Review and update the operating profile, and

    Finalize the operating profile.

10-2-1-3    RESERVED.

10-2-1-5    BACKGROUND.

A.    Configuration Process. The configuration process provides a method for the PI/CPM to document a change request to the certificate holder’s scope of operations. The configuration process interfaces with data from operations specifications (OpSpecs), enhanced Vital Information Databases (eVID), and configuration data to populate the operating profile. “Vitals” is a tab used in the SAS automation that includes environmental data from eVID.

B.    External Portal. The SAS External Portal is a secure, user‑friendly, web-based system that allows the PI/CPM and the certificate holder or applicant to exchange information and populate the SAS automation. The certificate holder or applicant can use the SAS External Portal to submit data. The PI is notified of certificate holder configuration change requests as they are submitted through the SAS External Portal. The use of the SAS External Portal is mandatory for new applicants. Existing certificate holders are encouraged to use the SAS External Portal. If the certificate holder or applicant cannot access the External Portal due to extenuating circumstances, then the change/application requests will be coordinated with the PI/CPM. Use of the External Portal is not mandatory for Peer Group H certificate holders and applicants; it may conflict with the existing Bilateral Aviation Safety Agreement (BASA). Refer to the SAS External Portal User’s Guide for information on how to register for access to the SAS External Portal.

Indicates new/changed information.
1)    CHOP. The main purpose of the operating profile is to generate a specific set of Data Collection Tools (DCT) used to conduct Performance Assessments (PA) and Design Assessments (DA). The operating profile is developed from configuration data taken from eVID, OpSpec, and “SAS‑only” data in the form of questions that the PIs/CPMs must answer. The operating profile represents a certificate holder’s or applicant’s scope of operations. The output of the operating profile is a tailored list of systems, subsystems, and elements with their associated data collection questions. Having an accurate CHOP is essential to developing the Comprehensive Assessment Plan (CAP), which is tailored to the certificate holder’s or applicant’s scope of operations.
Indicates new/changed information.

NOTE:  Selecting OpSpecs from the configuration data will only affect the CHOP. The approval process is completed using the Web‑based Operations Safety System (WebOPSS).

2)    Validation of Configuration Data. Certificate holder configuration data consists of OpSpecs, Vitals, Contractors, programs, and/or authorizations, which define the certificate holder’s scope of operations. Vitals information should be reviewed and updated annually. It is important that all information be current to ensure the accuracy of the CHOP. Additionally, eVID environmental information must be reviewed and updated annually.

NOTE:  Airworthiness PIs will maintain the Maintenance Provider List (MPL) in the certificate holder’s configuration data. See Volume 6, Chapter 2, Section 42 for policy pertaining to the MPL.

3)    Inputs from Module 5, Analysis, Assessment, and Action (AAA). SAS is a closed‑loop system; therefore, decisions made in Module 5 may require changes to the certificate holder’s configuration data in Module 1. For example, if during Module 5 the FAA finds that a certificate holder’s existing program is not working, the PI may want to remove that program or make changes in the certificate holder’s OpSpecs. These changes are made in Module 1.
Indicates new/changed information. Indicates new/changed information.

C.    Configuration Triggers. The following events are triggers that identify the need to assess a certificate holder’s configuration: an initial certification, an FAA‑initiated change, and a certificate‑holder‑initiated change. Use the certification projects process to document an initial certification. Use the configuration change request to document the approval/acceptance process for an FAA‑initiated change and a certificate‑holder‑initiated change. The configuration change process may also be used to document certificate management activities.

Indicates new/changed information.
1)    Initial Certification. Title 14 of the Code of Federal Regulations (14 CFR) part 121, 135, or 145 applications are included in the scope of the Certification Services Oversight Process (CSOP). When an applicant requests authorization to operate under part 121, 135, or 145, CSOP is used to review, accept, and sequence the application using the guidance found in Volume 10, Chapter 12.

NOTE:  For changes to certificate status, see Volume 3 and the SAS Automation User Guide (AUG) for additional guidance. Coordination with the Aviation Data Branch may be required.

Indicates new/changed information.
2)    FAA-Initiated Change. The FAA issues or revises a regulation or policy that affects the certificate holder’s system or its operating authority. As part of an evaluation, the FAA may also amend the certificate holder’s OpSpecs or scope of operations.
Indicates new/changed information.
3)    Certificate-Holder-Initiated Change. The certificate holder proposes changes to its OpSpecs, Vitals, Contractors, programs, or scope of operations.

NOTE:  When applicable, the certificate holder should perform Safety Risk Management (SRM) anytime a change occurs or is introduced into the design of the system.

10-2-1-7    CONFIGURATION.

Figure 10-2-1A.  Module 1 Configuration Process Flowchart

Figure 10-2-1A. Module 1 Configuration Process Flowchart

10-2-1-9    PROCEDURES.

Indicates new/changed information.

A.    Submit a Change Request or Application (see flowchart process step 10-2-1-9A). Change requests allow the PI/CPM to document and evaluate a new or changed scope of operations and associated impacts to the CHOP. Change requests are created using the standard or streamlined methods. Depending on the impact to the certificate holder’s profile, the PI/CPM will determine if data collection is necessary.

NOTE:  In accordance with 14 CFR part 5, the PI/CPM is responsible for ensuring the certificate holder has accomplished SRM. This can be documented in the “Determine Action” tab, “Other” action block.

If the change request is for:

Use the:

Items that change the CHOP, such as Vitals daggered symbols, adding or removing OpSpecs, certificate holder renewal, certificate holder scope of operations, and/or when DCTs are required to evaluate the change, the PI must

Standard method.

Changes to configuration data that do not impact the CHOP, such as telephone number and validation date changes, the PI may

Streamlined or standard method.

Indicates new/changed information.

NOTE:  Using the streamlined method will auto-create the change request. Selecting the “Submit to Final” button will submit and accept the streamlined change. Refer to the SAS AUG, “How to Create a Configuration Data Change Request (Streamlined Method),” for additional information.

B.    Review the Change Request or Application (see flowchart process step 10-2-1-9B).

Indicates new/changed information.
1)    Certificate Holder Change Request. When the PI receives a request for a new or changed scope of operation, he or she follows the FAA procedures applicable to that request. The PI reviews the change request for content, quality, and if the request accurately represents the proposed scope of operations. The goal of this review is to determine what effect the change will have on the certificate holder’s system and the operating profile. When applicable, the certificate holder should perform the SRM process for any change request and provide the documentation for the PI to review.
2)    Application Package. When the office receives a request for an application, the office follows the FAA procedures applicable to that request and reviews the application package for content, quality, and if the application accurately represents the applicant’s proposed scope of operation. The goal of this review is to determine if the certification process can begin.

C.    Is the Change Request or Application Acceptable? (see flowchart process step 10-2-1-9C). If the change request is acceptable, then see Step 10-2-1-9F, Review/Update Pending CHOP. If the application is acceptable, then see Volume 2 for initial certification. (See Figure 10-2-1B, Acceptance of the Change Request or Application Package (Sample Letter).) If the change request or application is not acceptable, then see Step 10‑2‑1‑9D, Return the Change Request or Application.

D.    Return the Change Request or Application (see flowchart process step 10-2-1-9D). If the PI/CPM determines the change request or application is unacceptable, the PI/CPM must return the entire change request or application to the certificate holder or applicant, stating the reasons why it is returned. See Figure 10‑2‑1C, Return of the Change Request or Application Package (Sample Letter).

E.    Revise the Change Request or Application (see flowchart process step 10-2-1-9E). The certificate holder or applicant reviews the PI’s or CPM’s comments, makes the appropriate corrections to the change request or application package, and resubmits it. The certificate holder or applicant has the option to withdraw the change request or application. If the change request or application is withdrawn in the automation, then it can only be resubmitted by starting the process over.

F.    Review/Update Pending CHOP (see flowchart process step 10-2-1-9F). The PI/CPM reviews the pending operating profile changes to ensure it contains all the systems/subsystems, elements, and questions applicable to the certificate holder’s or applicant’s change request or application package. If the pending CHOP does not contain the applicable information, then the PI/CPM can update the information.

NOTE:  If a request for initial European Aviation Safety Agency (EASA) approval is added as a configuration change for a Peer Group F certificate holder, the PI will update the Vitals Information by selecting “EASA Listed” and entering “PEND” in the “EASA Certificate Number” field, along with the Quality Monitoring System (QMS) contractor information and EASA Accountable Manager. Upon acceptance of the application package and receipt of the EASA part 145 approval, the PI will update the Vitals by replacing “PEND” with the EASA certificate number.

Indicates new/changed information.

G.    Is Data Collection Required? (see flowchart process step 10-2-1-9G). The PI/CPM determines if an Element Design Assessment (EDA) or Custom Data Collection Tool (C DCT) is required to evaluate the change request or application package. Once the PI/CPM selects the assessment or C DCT, that assessment or C DCT is automatically added to the CAP. When the PI/CPM generates the CAP, the EDA will populate in the CAP based on the configuration data. The data collected is evaluated in Modules 4 and 5 before the change can be approved or accepted. If the PI/CPM determines data collection is not required, then see Step 10-2-1-9H, Approve/Accept.

NOTE:  Renewal certification is done as a configuration change. The PI must add the C DCT from the configuration change request.

H.    Approve/Accept? (see flowchart process step 10-2-1-9H). If the PI/CPM affirms the DA based on the results of Module 5 AAA, then see Step 10-2-1-9I, Finalize CHOP. If the PI/CPM does not affirm the design, then see Step 10-2-1-9D, Return the Change Request or Application.

NOTE:  When the PI/CPM approves or accepts the change request or application, the automation does not automatically notify the certificate holder or applicant of this status unless the SAS External Portal is used. The PI/CPM may have to follow up with the notification. See Subparagraph 10-2-1-9J, Notify the Certificate Holder or Applicant, for further information.

I.    Finalize CHOP (see flowchart process step 10-2-1-9I). After the PI/CPM approves or accepts the change, the operating profile is considered finalized and the Vitals are updated. However, if the change affected a change in OpSpecs, then the PI/CPM will need to update the OpSpec using WebOPSS. Once all the changes have been made, the PI/CPM should validate the changes in the operating profile and the configuration data.

J.    Notify the Certificate Holder or Applicant. The PI/CPM can notify the certificate holder or applicant of the approval or acceptance of the change by using the SAS External Portal or a letter.

10-2-1-11 through 10-2-1-13 RESERVED.

10-2-1-15 JOB AIDS.

Figure 10-2-1B.  Acceptance of the Change Request or Application Package (Sample Letter)

[FAA Letterhead]

[Date]

Mr. Rockwell J. Jones

President and CEO, MidSouth Airlines

601 Sky Harbor Blvd.

Little Rock, AR 72202

Dear Mr. Jones:

We reviewed your change request/application package and found it to be acceptable. Our acceptance of the change request/application package does not convey specific approval of the attachments. We will approve or accept the attachments after a detailed evaluation by the Federal Aviation Administration (FAA) team. We look forward to working with you and your team.

Sincerely,

John T. Smith

Figure 10-2-1C.  Return of the Change Request or Application Package (Sample Letter)

[FAA Letterhead]

[Date]

Mr. Rockwell J. Jones

President and CEO, MidSouth Airlines

601 Sky Harbor Blvd.

Little Rock, AR 72202

Dear Mr. Jones:

We reviewed your change request/application package, dated ____. We are returning your change request/application because of the following deficiencies:

    Résumés of Harvey Anderson, Director of Operations (DO), and S.F. Whipley, Director of Maintenance (DOM), were not included in your application.

    The compliance statement is incomplete. For example, you did not address Title 14 of the Code of Federal Regulations (14 CFR) part 121, § 121.XXX, [Subject].

    Your company’s general manual attachment describes methods of compliance with this regulatory section, and you should appropriately reference them in the compliance statement. As previously discussed, the compliance statement must address all applicable regulatory sections.

    The minimum equipment list (MEL) does not contain maintenance and operations procedures as required on the Master Minimum Equipment List (MMEL).

You must submit a new application when you have corrected all discrepancies noted above and any other omissions that exist. Please contact us if we can be of any further assistance in clarifying the requirements for your application.

Sincerely,

John T. Smith

10-2-1-17 through 10-2-1-29 RESERVED.