European Aviation Safety Agency List

Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards

LI.IMS.00003-005

Name Validation Date

Prepared by: Allison KERR Validated 30/11/2017

Verified by: Valérie LANDRY-SIVEL Validated 30/11/2017

Reviewed by: Dominique PERRON Validated 30/11/2017

Approved by: Valérie LANDRY-SIVEL Validated 30/11/2017

Authorised by: Patrick KY Validated 05/12/2017

© European Aviation Safety Agency. All rights reserved. ISO9001 Certified

Page1 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

DOCUMENT CONTROL SHEET

Log of issues
Issue Issue date Change description
001 18/07/2008 First issue, migration of E.L001-02 with original content and formal
validation dates unchanged.
002 03/01/2013 Updated taking account the revised ISO9001:2008 Standard and minor
changes to text / description of Management Standards to add clarity.
Re-ordering of the references to the ISO Standard to run sequentially.
Removal of column “E.L001-00 mapping”.
003 01/09/2014 Migration of Quality documents in compliance with Convergence
project.
004 10/03/2016 Revised to reflect the requirements of the ISO9001:2015 Standard.
Details of changes:
 Complete revision of the references to the relevant clauses in
the ISO 9001 Standard
 Minor changes to wording of EASA Management Standards 1, 2,
7, 14, 20 to align with the terminology used in the revised
Standard.
 Heading “Management Responsibility” replaced by
“Leadership”.
005 05/12/2017 Revised to reflect the requirements of the Internal Control Framework of
the European Commission1, consisting of five internal control
components and 17 principles designed to provide reasonable assurance
that the Commission’s objectives are being met.
Endorsed by the PAR AG on 24/11/2017.

1
(2017) 2373 final, Communication to the Commission from Commissioner Oettinger, Revision of Internal Control Framework,
Brussels, 19.4.2017
© European Aviation Safety Agency. All rights reserved. ISO9001 Certified
Page2 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

Context
1 The Agency shall determine and monitor the external and internal 4 Context of the organisation
issues that are relevant to its overall purpose and strategic
direction, that affect its ability to achieve the intended results of
the Integrated Management System (IMS).

2 The Agency shall develop, monitor, communicate and continually 4 Context of the organisation
improve the efficiency and effectiveness of the IMS.

The Agency shall develop the scope of the IMS while:

- taking into account the applicable legal and regulatory
requirements and stakeholder expectations;
- applying risk based thinking aimed at taking advantage of
opportunities and preventing undesirable results;
- defining the processes needed;
- selecting and developing control activities that contribute to the
mitigation of risks to an acceptable level;
- ensuring the effectiveness and continuous improvement of the
system;
- evaluating and implementing any changes needed to ensure that
these processes achieve their intended results.

© European Aviation Safety Agency. All rights reserved. ISO9001 Certified

Page3 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

Leadership
3 The Directors of the Agency shall provide evidence of their 4. Context 12. Deploys through policies and procedures
commitment to the development and implementation of the 5. Leadership
management system by: 7.3 Awareness
- taking accountability for the IMS; 7.4 Communication
- establishing, maintaining and communicating the EASA Strategy 9.3 Management Review
and IMS Policy and Quality Objectives in line with the context,
strategic direction and mission statement;
- promoting the process approach and risk based thinking;
- promoting continuous improvement.
4 The Directors and all management levels demonstrate their 5 Leadership 1. Demonstrates commitment to integrity and
commitment to the EASA values and in their instructions, actions 5.2 Quality Policy ethical values
and behavior. Assess whether individuals are aligned with the 8. Assesses fraud risk
"Code of Conduct for the staff of EASA" and address any deviations
in a timely manner.
The Directors shall also assess the potential risk in the internal
control system based on the EASA antifraud strategy and taking
into consideration audit and OLAF reports.
5 The Agency shall assign and communicate to all staff on up to date 5.3 Organisational roles, responsibilities and 3. Establishes structure, authority and
and written basis: authorities responsibility
- their responsibility and authority; 7.2 Competence
- their role in the section/department; 7.3 Awareness
- their tasks assignment (job description); 7.4 Communication
- their delegated authority, if applicable and use appropriate 7.5 Documented information
processes and technology to assign responsibility and segregate
duties;
- their reporting line to enable the execution of authority,
fulfilment of responsibilities and flow of information.

© European Aviation Safety Agency. All rights reserved. ISO9001 Certified

Page4 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

Strategy and Planning

6 The Agency shall define, communicate, implement and monitor a 4.1 Understanding the organisation and its 6. Specifies suitable objectives
strategy and planning process so as to cover long-term, medium context 12. Deploys control activities through policies
and short term planning, including: 4.2 Understanding the needs and expectations and procedures
- setting of objectives and indicators at every level, and updating of interested parties
when necessary; 5.1 Leadership and commitment
- allocating resources required to achieve policy, operational, 6 Planning
financial and performance goals; 7.1 Resources
- identifying responsibilities; 7.5 Documented information
- establishing deadlines:
- defining how the results will be evaluated.

The Agency may conduct, as appropriate, impact assessments to

assess the performance, analyse options and related impact on
new initiatives.
7 The Agency shall identify and assess risks and opportunities to the 6 Planning 7. Identifies and analyses risk
achievement of its objectives across the organisation, as a basis for 7.5 Documented information 8. Assesses fraud risk
determining how they should be managed, to: 9.3 Management review
- give assurance that the management system can achieve its
intended results;
- enhance desirable effects;
- prevent, or reduce, undesired effects;
- achieve improvement.
8 The Agency shall identify and assess changes that could 6.3 Planning of changes 9. Identifies and analyses significant change
significantly impact on the IMS, the internal control system and the
achievement of objectives. The changes shall be carried out in a
planned manner considering the purpose of changes and potential
consequences and available resources.

© European Aviation Safety Agency. All rights reserved. ISO9001 Certified

Page5 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

Support
9 The Agency shall determine, provide and maintain the 7.1.1 Resources - General 11. Selects and develops general control over
infrastructure and work environment needed to achieve its 7.1.2 People technology
objectives including: 7.1.3 Infrastructure
- buildings; 7.1.4 Environment for the operation of
- equipment; processes
- information and communication technology (including security of
IT system and data quality, availability and confidentiality).
The Agency shall select and develop control activities over the
acquisition, development and maintenance of technology and
related infrastructure.
10 The Agency shall define, provide and maintain the environment 7.1.3 Infrastructure
necessary for the operation of its processes, including: 7.5 Documented information
- social; 8.1 Operational planning and control
- psychological;
- physical.
11 The Agency shall implement a document management system to 7.5 Documented information 13. Uses relevant information
manage the lifecycle of its internal and external documents, 8.5.3 Property belonging to customers or
including identification, registration, versioning, availability, filing, external providers
archiving, retention, disposal and retrieval capabilities. 8.5.4 Preservation
As a minimum:
- the Strategy and IMS Policy;
- documented processes and procedures;
- records as evidence of output of the processes;
- records regarding competence and training of individuals;
- audit reports;
- output from Management Review.
The Agency shall identify, control and protect stakeholder property
(external information).
© European Aviation Safety Agency. All rights reserved. ISO9001 Certified
Page6 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

12 The Agency shall determine the internal and external 7.4 Communication 14. Communicates internally
communications relevant to the IMS, including: 15. Communicates externally

- what it will communicate;

- when to communicate;
- with whom to communicate;
- how to communicate;
- and who communicates.
13 The Agency demonstrates a commitment to attract, develop and 7. Support 4. Demonstrates commitment to competence
retain competent individuals in alignment with objectives by: 7.1.2 People 5. Enforces accountability
7.2 Competence
- defining clear roles and responsibilities and holds individuals and 7.3 Awareness
entrusted entities accountable for the performance of internal 7.5 Documented information
control responsibilities across the Agency and for implementation
of corrective action as necessary;
- defining the competences and knowledge necessary to support
the achievement of objectives;
- annually assess staff efficiency, abilities and conduct against
expected of standards and set objectives, taking action to address
shortcomings where necessary;
- organise the promotion of eligible staff after consideration of
comparative merits;
- provide the training and coaching needed to attract, develop and
retain a sufficient number of competent staff;
- promote and plan staff mobility so as to strike the right balance
between continuity and renewal;
- establish succession planning and deputising arrangements for
operational activities and financial transactions to ensure
continuity of operations.

© European Aviation Safety Agency. All rights reserved. ISO9001 Certified

Page7 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

Operation
14 The Agency shall describe and manage its processes in compliance 4 Context of the organisation 10. Selects and develops control activities
with its applicable requirements (e.g. Basic Regulation, 5.1.2Customer focus 12. Deploys through policies and procedures
Implementing Rules, Financial Regulation, ISO 9001 standard, ICS 5.3 Organizational roles, responsibilities and 13. Uses relevant information
standard…). These processes shall ensure appropriate segregation authorities
of duties. 7.5 Documented information
The Integrated Management System shall ensure appropriate 8.1 Operational planning and control
traceability and evidence of conformity of the work performed. 8.2 Determination of requirements for products
Records shall be established and controlled as an output of each and services
process. 8.5 Production and service provision
15 The Agency shall identify, implement and continually improve a 5.1.2 Customer focus 15. Communicates externally
stakeholder-related process so as to determine and review the 8.2.1 Customer communication
stakeholders’ needs, to collect and analyse their feedback and to 9.1.2 Customer satisfaction
monitor their expectations and satisfaction. 9.3 Management review
16 The Agency shall define and implement purchasing process, 7.5 Documented information
including: 8.1 Operational planning and control
- supplier evaluation and monitoring; 8.2 Determination of requirements for products
- the verification of purchased product; and services
- ensuring that outsourced processes are controlled. 8.4 Control of externally provided products and
services
8.5 Production and service provision
8.6 Release of products and services
8.7 Control of nonconforming process outputs,
products and services
17 The Agency shall establish and maintain business continuity plans 7.1.3 Infrastructure 10. Selects and develops control activities
used by trained staff to ensure continuation of work in case of a
major disruption. Where necessary they must include coordinated
and agreed disaster recovery plan for time sensitive supporting
infrastructure.
© European Aviation Safety Agency. All rights reserved. ISO9001 Certified
Page8 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

Performance evaluation
18 The Agency shall measure, monitor, analyse and review the 6.1 Actions to address risks and opportunities 16. Conducts ongoing and/or separate
effectiveness of its processes and conformity of related products. 7.5 Documented information assessments
The staff member in charge performs the Business Process 8.5 Production and service provision 12. Deploys control activities through policies
Assessment, including control of activities and risk assessment in a 8.6 Release of products and services and procedures
timely manner and takes corrective action where needed. 8.7 Control of nonconforming outputs
9.1 Monitoring, measurement, analysis and
Deviation from established processes and procedures shall be evaluation
documented in exception reports. All instances must be justified 9.3 Management review
and approved before action is taken and lodged centrally. 10.2 Nonconformity and corrective action
19 The Agency shall set up an appropriate audit capability, including: 6.1 Actions to address risks and opportunities 16. Conducts ongoing and/or separate
7.5 Documented information assessments
- planning and maintenance of audit programme; 9.2 Internal audit 17. Assesses and communicates deficiencies
- defining audit criteria and scope; 9.3 Management review
- audit reporting; 10.2 Nonconformity and corrective action
- reporting on deficiencies to the management and in the Annual
Activity Report after assessment of the severity classification;
- definition and monitoring of correction and corrective action
plans ensuring timely implementation of corrective action by
action owner.
20 The Agency shall develop and monitor its EASA Management 4. Context of the organisation 16. Conducts ongoing and/or separate
Standards. 5. Leadership assessments
7.5 Documented information
The EASA Management Standards shall be assessed once a year. 9.3 Management Review
The results of the assessment shall be reported to the
Management Review and used for improvement of the Integrated
Management System.

© European Aviation Safety Agency. All rights reserved. ISO9001 Certified

Page9 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union
 European Aviation Safety Agency List
Doc # LI.IMS.00003-005
EASA Management Standards
Approval Date 05/12/2017

EASA Management Standards ISO 9001 Standard Internal Control Framework

21 The Directors shall review, at planned intervals, the continuing 4.Context of the organisation 2. Exercises oversight responsibility
suitability, adequacy, performance and effectiveness of the IMS 5.1 Leadership and commitment 16. Conducts ongoing and/or separate
during the Management Review including decision and action 7.5 Documented information assessments
related to: 9.3 Management Review
- the effectiveness of internal control, including deficiencies and 10. Improvement
deviations; 10.1 General
- opportunities for improvement; 10.3 Continual improvement
- need for change to the IMS;
- resources needed.
22 The Executive Director, in his capacity as Authorising Officer, shall 7.5 Documented information 2. Exercises oversight responsibility
oversee the development and performance of internal control and 9.1.3 Analysis and evaluation 17. Assesses and communicates deficiencies
risk management, in order to provide a Declaration of Assurance* 9.3 Management review
on the appropriate allocation of resources and their use for their
intended purpose in an accordance with the principles of sound
financial management, as well as, on the adequacy of the control
procedures in place.

*This declaration is part of the Annual Activity Report of the

Agency.

© European Aviation Safety Agency. All rights reserved. ISO9001 Certified

Page10 of 10
Proprietary document. Copies are not controlled. Confirm revision status through the EASA-Internet/Intranet.
An agency of the European Union