Frequently asked questions

Certifying or releasing a maintenance task by means of a TLB, CRS or EASA Form 1 is considered to be the last action in the production process of a maintenance facility, and this task is the privilege of the certifying staff duly authorised to do so. A Quality Manager of a maintenance centre, as well as the Quality System auditors, should not be involved in this production process (AMC 145.A.65 (c) 1-11), since when managing/performing quality audits, an essential component of the Quality System, the required independent nature of the quality system would be infringed. 
 
Depending on the size of the organisation in some cases, and in the reverse direction of the case being dealt with, competent personnel, without being quality auditors, are allowed to carry out quality audits of production processes in which they are not directly involved, but it is not admitted that the Head of the Quality System or Personnel Auditor exercises the certification privileges.

Oh, yeah, yeah. In relation to maintenance of aircraft components by an organisation with rating A, maintenance not covered by the AMM and yes by the CMM, Regulation 1321/2014 makes two references: 

1.- Appendix IV to Part M, paragraph 4
It argues that an A-rating organisation can maintain components in the aircraft according to the CMM. 
Limitation: That component must be fixed on the aeroplane and may only be disassembled to improve access to that component during maintenance. Such disassembly cannot generate additional maintenance. This maintenance should be included in section 1.9.1 of the Organisation’s Manual (MOE/MOM) and approved by EASA. 

2.- M.A.502 (b) 
It argues that for this maintenance it is not necessary to issue an EASA Form 1, it is sufficient to refer this maintenance in the CRS (CMM task) of the aircraft.

No fee is required for the application for a flight permit.

No fee is required for the declaratory renewal of the certificate of airworthiness.

No fee is required for the declaratory renewal of the certificate of airworthiness.

Having a single manual will be a matter to evaluate in each organization, according to its characteristics. In regulation, it is explicitly not required.

ISO 2700X certification will be considered to comply with the EASA PART-IS Regulation to a large extent. However, the EASA PART-IS Regulation introduces requirements specific to the aviation security context that are not covered by the ISO 2700X certification framework. Guidance material on ISO 2700X certification has been developed within the EASA PART-IS Working Group for Authorities and may be useful to you.

The supervision of the EASA PART-IS Regulation will be carried out by the Competent Authority that issued the approvals for the different activities of the organization. For those approvals issued by EASA, the inspection of each organization, once the Regulation is in force, will be carried out by the Unit assigned by that organization.

Regulation 203/2023 of the PART-IS establishes cybersecurity requirements to be met by entities belonging to civil aviation from the SAFETY point of view; while Regulation 2019/1583 and its transposition into the National Security Programme and Instruction SA-16 also establishes cybersecurity requirements, but from the AVSEC (SECURITY) point of view.

Therefore, they are regulations with measures related to Information Security (Cybersecurity) but with different objectives and establishing different measures that in some cases may or will need synergies since there will be entities that are affected by both regulations as often happens with the legislations of SAFETY and SECURITY. It is clear that one does not come to replace the other, and therefore, both must coexist.

AESA is in the process of developing these aspects.