VOLUME 10 SAFETY ASSURANCE SYSTEM POLICY AND PROCEDURES
CHAPTER 2 CONFIGURATION
Section 1 Safety Assurance System: Module 1 Configuration
10-2-1-1 GENERAL. The certificate holder or applicant defines its scope of operations and develops core processes, procedures,
and programs for Federal Aviation Administration (FAA) approval or acceptance. The scope of operations enables the FAA to develop a Certificate Holder
Operating Profile (CHOP) for a particular certificate holder or applicant. This operating profile allows the principal inspector (PI) or certification project
manager (CPM) to plan and conduct oversight activities that are specific to the certificate holder or applicant’s scope of operation.
NOTE: Security is an important feature of the Safety Assurance System (SAS) automation. If a SAS user detects a security breach or
there is an indication of a security risk, he or she should immediately notify the office SAS Security Auditor or SAS Administrator. See
Volume 10, Chapter 1, Section 1,
Subparagraph 10-1-1-5I, Security Risks, for more information.
A. Purpose. There are three events that can trigger a change request to the configuration process: an initial certification,
an FAA-initiated change, or a certificate-holder-initiated change. The outcome of this process is a final operating profile.
B. Scope. This section applies to the PI/CPM. In Module 1, Configuration, the PI/CPM will:
• Assist the certificate holder or applicant with the application
• Review the application package for accuracy and completeness,
• Accept or reject the submission,
• Review and update the operating profile, and
• Finalize the operating profile.
A. Configuration Process. The configuration process provides a method for the PI/CPM to document a change request to the
certificate holder’s scope of operations. The configuration process interfaces with data from operations specifications (OpSpecs), enhanced Vital
Information Databases (eVID), and configuration data to populate the operating profile. “Vitals” is a tab used in the SAS automation that includes
environmental data from eVID.
B. External Portal. The SAS external portal is a secure, user-friendly, web-based system that allows the PI/CPM and the
certificate holder or applicant to exchange information and populate the SAS automation. The certificate holder or applicant can use the SAS external portal to
submit data. The PI is notified of certificate holder configuration change requests as they are submitted through the SAS external portal. The use of the SAS
external portal is mandatory for new applicants. Existing certificate holders are encouraged to use the SAS external portal. If the certificate holder or applicant
cannot access the portal due to extenuating circumstances, then the change/application requests will be coordinated with the PI/CPM. Use of the external portal is
not mandatory for Peer Group H certificate holders and applicants; it may conflict with the existing Bilateral Aviation Safety Agreement (BASA). Refer to the SAS
External Portal User’s Guide for information on how to register for access to the SAS external portal.
1) CHOP. The main purpose of the operating profile is to generate a specific set of Data Collection Tools (DCT) used to conduct
Performance Assessments (PA) and Design Assessments (DA). The operating profile is developed from configuration data taken from eVID, OpSpec, and “SAS-only”
data in the form of questions that the PI/CPMs must answer. The operating profile represents a certificate holder’s or applicant’s scope of operations.
The output of the operating profile is a tailored list of system, subsystem, and elements with their associated data collection questions. Having an accurate CHOP is
essential to developing a comprehensive work program that is tailored to the certificate holder’s or applicant’s scope of operations.
NOTE: When the PI/CPM selects OpSpecs from the configuration data, those are the proposed OpSpecs for that configuration change. The PI/CPM
will need to update the OpSpecs using the Web-based Operations Safety System (WebOPSS).
2) Validation of Configuration Data. Configuration data consists of OpSpecs, Vitals Information, programs, and/or authorizations.
This information is used to record pertinent data about the certificate holder or applicant. It is important that the information be current and accurate because
work programs are generated using this data. The certificate holder’s Environmental Information still needs to be reviewed and updated annually in eVID. The
certificate holder’s Vitals Information is reviewed and updated annually in SAS.
NOTE: Under “Configuration Data,” “Contractor” tab, Airworthiness PIs can add and maintain contractor data for
certificate holders and applicants. Maintenance contractors for Title 14 of the Code of Federal Regulations (14 CFR) parts
OpSpec D072 can be designated as Essential Maintenance Providers (EMP). If the contractor is an EMP, check the corresponding box and enter the list of Required
Inspection Items (RII), for which they are responsible.
3) Inputs From Module 5, Analysis, Assessment, and Action (AAA). SAS is a closed-loop system; therefore, decisions made in Module 5
may require changes to the certificate holder’s configuration data in Module 1. For example, if during Module 5 the FAA finds that a certificate holder’s
existing program is not working, the PI may want to remove that program or make changes in the certificate holder’s OpSpecs. These changes are made in Module 1.
C. Configuration Triggers. The following events are triggers that identify the need for the configuration process: an initial
certification, an FAA-initiated change, and a certificate-holder-initiated change. Use the certification projects process to document an initial certification. Use
the configuration change request to document the approval/acceptance process for an FAA-initiated change and a certificate-holder-initiated change.
1) Initial Certification. Title 14 CFR part
are included within the scope of the Certification Services Oversight Process (CSOP). When an applicant requests authorization to operate under part
CSOP is used to review, accept, and sequence the application using the guidance found in Volume 11, Chapter 13.
NOTE: For changes to certificate status, see Volume 3 and the SAS Automation User Guide (AUG) for additional guidance. Coordination with
the Aviation Data Branch may be required.
2) FAA-Initiated Change. The FAA issues or revises a regulation or policy that affects the certificate holder system or its
operating authority. As part of an evaluation, the FAA may require the certificate holder to revise one or more of its programs or systems, or modify one or more of
3) Certificate-Holder-Initiated Change. The certificate holder proposes changes to its OpSpecs, programs, or manual revisions.
Examples may include:
• Cargo to passenger;
• Supplemental to domestic;
• Adding a new aircraft type;
• Changes to training programs; and/or
• Any other changes that affect the certificate holder’s operating
NOTE: The certificate holder or applicant performs Safety Risk Management (SRM) anytime a change occurs or is introduced into the design
of the system.
Figure 10-2-1A. Module 1 Configuration Process Flowchart
A. Submit a Change Request or Application (see flowchart process step 10-2-1-9A). Configuration change requests allow the PI/CPM
to document and evaluate any new or changed scope of operation. Configuration data consists of OpSpecs, Vitals Information, programs, and/or authorizations. The
certificate holder should submit a change request or application through the SAS external portal, or the PI/CPM must submit the change request or application. The
PI/CPM reviews the change request or application to determine the effect it will have on the certificate holder’s system and CHOP. Configuration change
requests are created using the standard or streamlined methods.
Items that change the CHOP such as Vitals daggered symbols, adding or removing OpSpecs,
certificate holder renewal, certificate holder scope of operations, and/or when DCTs are required to evaluate the change, the PI must
Changes to configuration data that do not impact the CHOP, such as telephone number
and validation date changes, the PI may
Streamlined or standard method.
NOTE: The streamlined method can be used from the “Configuration Data” tab, “Vitals”
tab, or “Operation Specification” tab using the “Edit” function on the bottom of the screen. Using the streamlined method will
auto-create the change request and will display as “auto-generated change request” in the change request description. Selecting the “Submit”
button on the “Vitals” tab or “Operation Specification” tab will then submit and accept the streamlined change. The status will change to
“Final” and the configuration change will be complete.
1) Initial Certification. An applicant for a part
must submit an application package to the appropriate Flight Standards office through the use of the SAS external portal. The applicant will have access to Module
1 for configuration data and to Module 4, Data Collection, Data Reporting, and Data Review, for Element Design DCTs (ED DCT). The Office Manager (OM) is notified of an
application as it is submitted through the SAS external portal.
NOTE: The applicant will have to upload a signed Preapplication Statement of Intent (PASI) to the SAS database as part of the formal
2) FAA-Initiated Change. The FAA may amend OpSpecs or require program revisions when safety in the public interest requires such
action. Amendments or revisions can result from significant changes to the certificate holder’s operating environment or safety concerns. If the certificate
holder does not use the SAS external portal, the PI must enter the configuration data into the automation with a change request.
3) Certificate-Holder-Initiated Change. The certificate holder should submit the request in letter form or through the use of the
SAS external portal. If the certificate holder uses the SAS external portal, they will have access to Module 1 for configuration data and to Module 4 for ED DCTs
(if required). The certificate holder must submit documentation for the FAA to evaluate the impact of the change.
a) Although the use of the SAS external portal is not required for existing certificate holders, it is highly recommended. If the
certificate holder cannot or does not use the SAS external portal, the PI must enter the configuration data into the automation with a change request.
b) Certificate renewals will be documented using a configuration change request. The PI will add the renewal Custom Data Collection Tool
(C DCT) to the configuration change request to document the process.
B. Review the Change Request or Application (see flowchart process step 10-2-1-9B).
1) Certificate Holder Change Request. When the PI receives a request for a new or changed scope of operation, the PI follows the
FAA procedures applicable to that request and reviews the change request for content, quality, and if the change request accurately represents the proposed scope
of operations. The goal of this review is to determine what effect the change request will have on the certificate holder’s system and the operating profile.
If applicable, the certificate holder should perform the SRM process for any change request and include the documentation for the PI to review.
2) Application Package. When the office receives a request for an application, the office follows the FAA procedures applicable to
that request and reviews the application package for content, quality, and if the application accurately represents the applicant’s proposed scope of operation.
The goal of this review is to determine if the certification process can begin.
C. Is the Change Request or Application Acceptable? (see flowchart process step 10-2-1-9C). If the change request is acceptable,
then see Step 10-2-1-9F, Review/Update Pending CHOP. If the application is acceptable, then see Volume 2 for initial certification. (See Figure 10-2-1B, Acceptance of
the Change Request or Application Package (Sample Letter).) If the change request or application is not acceptable, then see Step 10‑2‑1‑9D,
Return the Change Request or Application.
D. Return the Change Request or Application (see flowchart process step 10-2-1-9D). If the PI/CPM determines the change request or
application is unacceptable, the PI/CPM must return the entire change request or application to the certificate holder or applicant stating the reasons why it is
returned. See Figure 10‑2‑1C, Return of the Change Request or Application Package (Sample Letter).
E. Revise the Change Request or Application (see flowchart process step 10-2-1-9E). The certificate holder or applicant reviews the
PI’s or CPM’s comments, makes the appropriate corrections to the change request or application package, and resubmits it. The certificate holder or
applicant has the option to withdraw the change request or application. If the change request or application is withdrawn in the automation, then it can only be
resubmitted by starting the process over.
F. Review/Update Pending CHOP (see flowchart process step 10-2-1-9F). The PI/CPM reviews the pending operating profile changes to
ensure it contains all the systems/subsystems, elements, and questions applicable to the certificate holder’s or applicant’s change request or application
package. If the pending CHOP does not contain the applicable information, then the PI/CPM can update the information.
NOTE: If a request for initial European Aviation Safety Agency (EASA) approval is added as a configuration change for a Peer Group F
certificate holder, the PI will update the Vitals Information by selecting “EASA Listed” and entering “PEND” in the “EASA Certificate
Number” field, along with the Quality Monitoring System (QMS) contractor information and EASA Accountable Manager. Upon acceptance of the application package and
receipt of the EASA
part 145 approval,
the PI will update the Vitals by replacing “PEND” with the EASA certificate number.
G. Is Data Collection Required? (see flowchart process step 10-2-1-9G). The PI/CPM determines if an Element Design Assessment (EDA)
or C DCT is required to evaluate the change request or application package. Once the PI/CPM selects the assessment or C DCT, that assessment or C DCT is automatically
added to the Comprehensive Assessment Plan (CAP). When the PI/CPM generates the CAP, the EDA will populate in the CAP based on the configuration data. The data
collected is evaluated in Modules 4 and 5 before the change can be approved or accepted. If data collection is not required, then see Step 10-2-1-9H, Approve/Accept.
NOTE: Renewal certification is done as a configuration change. The PI must add the C DCT from the configuration change request.
H. Approve/Accept? (see flowchart process step 10-2-1-9H). If the PI/CPM affirms the DA based on the results of Module 5 AAA, then
see Step 10-2-1-9I, Finalize CHOP. If the PI/CPM does not affirm the design, then see Step 10-2-1-9D, Return the Change Request or Application.
NOTE: When the PI/CPM approves or accepts the change request or application, the automation does not automatically notify the certificate
holder or applicant of this status unless the SAS external portal is used. The PI/CPM may have to follow up with the notification. See Subparagraph 10-2-1-9J, Notify
the Certificate Holder or Applicant, for further information.
I. Finalize CHOP (see flowchart process step 10-2-1-9I). After the PI/CPM approves or accepts the change, the operating profile is
considered finalized and the Vitals are updated. However, if the change affected a change in OpSpecs, then the PI/CPM will need to update the OpSpec using WebOPSS.
Once all the changes have been made, the PI/CPM should validate the changes in the operating profile and the configuration data.
J. Notify the Certificate Holder or Applicant. The PI/CPM can notify the certificate holder or applicant of the approval or
acceptance of the change by using the SAS external portal or a letter.
10-2-1-11 THROUGH 10-2-1-13 RESERVED.
10-2-1-15 JOB AIDS.
Figure 10-2-1B. Acceptance of the Change Request or Application Package (Sample Letter)
Mr. Rockwell J. Jones
President and CEO, MidSouth Airlines
601 Sky Harbor Blvd.
Little Rock, AR 72202
Dear Mr. Jones:
We reviewed your change request/application package and found it to be acceptable. Our acceptance of the change request/application package does not convey
specific approval of the attachments. We will approve or accept the attachments after a detailed evaluation by the Federal Aviation Administration (FAA) team.
We look forward to working with you and your team.
John T. Smith
Figure 10-2-1C. Return of the Change Request or Application Package (Sample Letter)
Mr. Rockwell J. Jones
President and CEO, MidSouth Airlines
601 Sky Harbor Blvd.
Little Rock, AR 72202
Dear Mr. Jones:
We reviewed your change request/application package, dated ____. We are returning your change request/application because of the following deficiencies:
• Résumés of Harvey Anderson, Director of Operations (DO),
and S.F. Whipley, Director of Maintenance (DOM) were not included in your application.
• The compliance statement is incomplete. For example, you did
not address Title 14 of the Code of Federal Regulations (14 CFR) part
§ 121.XXX, [Subject].
• Your company’s general manual attachment describes methods
of compliance with this regulatory section, and you should appropriately reference them in the compliance statement. As previously discussed, the compliance
statement must address all applicable regulatory sections.
• The minimum equipment list (MEL) does not contain maintenance
and operations procedures as required on the Master Minimum Equipment List (MMEL).
You must submit a new application when you have corrected all discrepancies noted above and any other omissions that exist. Please contact us if we can
be of any further assistance in clarifying the requirements for your application.
John T. Smith
10-2-1-17 through 10-2-1-29 RESERVED.