Universal Security Audit Programme (USAP)

The ICAO Universal Security Audit Programme (USAP) represents an important initiative in ICAO's strategy for strengthening aviation security worldwide and for attaining commitment from States in a collaborative effort to establish a global aviation security system.

The programme, part of ICAO's Aviation Security Plan of Action, provides for mandatory and regular audits of all ICAO Contracting States. The ICAO audit assesses the State's capability for providing security oversight by determining whether the critical elements of a security oversight system have been implemented effectively. Thus, the USAP serves to promote global aviation security by identifying weaknesses in each State's oversight of its aviation security activities and, if required, providing suitable recommendations for mitigating or resolving such shortcomings.

Implementation of the programme began with the first security audit in November 2000. The second cycle of security audits commenced in January 2008, and is expected to conclude in 2013. In addition to security audits, the programme entails audit follow-up visits that focus on the implementation of corrective action plans.

To promote transparency and mutual confidence between States, information on the level of implementation of the critical elements of an audited State's aviation security oversight system is available to all ICAO member States on a restricted website.

BACKGROUND AND EVOLUTION


In October 2001, the 33rd Session of the ICAO Assembly adopted Resolution A33-1, Declaration on misuse of civil aircraft as weapons of destruction and other terrorist acts involving civil aviation. This resolution directed the ICAO Council and Secretary General to consider the establishment of an audit programme relating to airport security arrangements and civil aviation security programmes. It also directed the Council to convene an international High-level, Ministerial Conference on Aviation Security with the objective of strengthening ICAO's role in the adoption of Standards and Recommended Practices (SARPs) in the field of aviation security and in the auditing of their implementation.

The High-level, Ministerial Conference on Aviation Security was convened in Montreal in February 2002. The Conference endorsed a global strategy for strengthening aviation security worldwide, adopted a number of conclusions and recommendations, and issued a public declaration. A central element of the strategy was an ICAO Aviation Security Plan of Action, which includes regular, mandatory, systematic and harmonized audits to enable the evaluation of aviation security in all member States.

Consistent with the outcomes of the 33rd Assembly and the High-level, Ministerial Conference, the 166th Session of the Council adopted the Aviation Security Plan of Action in June 2002. Project 3 of the Plan of Action provides for the promotion of global aviation security through auditing of Member States. Implementation of the Programme commenced with the first aviation security audit taking place in November 2002.

One hundred and eight-two ICAO aviation security audits were conducted under the first cycle of the USAP, which ended in December 2007. The conclusion of the first cycle of security audits provided an opportune time to consider the evolution of the programme.

In recognizing that the USAP has proven to be instrumental in identifying aviation security concerns and in providing recommendations for their resolution, the 36th Session of the Assembly requested the continuation of the USAP following completion of the initial cycle of audits at the end of 2007. The Assembly further directed that audits in the second cycle focus, wherever possible, on a State's capability to provide appropriate national oversight of its aviation security activities, and that the audits be expanded to include relevant security-related provisions of ICAO Annex 9 - Facilitation.

The 36th Session of the Assembly also directed the Council to consider the introduction of a limited level of transparency with respect to aviaton security audit results, balancing the need for States to be aware of unresolved security concerns with the need to keep sensitive security information out of the public realm

SCOPE OF AUDITS

The initial cycle of aviation security audits were designed to determine the degree of compliance of each State in implementing the Standards of Annex 17 — Security to the Convention on International Civil Aviation and to determine the extent to which a State's implementation of its security system is sustainable through the establishment of appropriate legislation, national policies, and a security authority with inspection and enforcement capabilities. To this end, and in order to evaluate both the State's aviation security oversight capabilities as well as the actual security measures in place at selected key airports, the audits were conducted at both the national and airport levels. This approach has provided a comprehensive picture of the overall aviation security posture of the State and resulted in recommendations for improvement that can be aimed at all facets of the State aviation security system.

A comprehensive baseline of audit results has been established from the initial cycle of audits. Following consideration by the Council, and in a continuous effort by ICAO to enhance the USAP through its audit processes and procedures, the second cycle of audits which commenced in 2008 focuses on a State's capability to provide appropriate national oversight of its aviation security activities through the effective implementation of the critical elements of a security oversight system. At the same time, the methodology allows an in-depth examination of aviation security practices in those States where oversight is less effectively implemented. In addition, the second cycle of audits incorporates relevant security-related provisions of Annex 9 — Facilitation.

THE AUDIT PROCESS

All activities relating to a specific audit are conducted in a transparent manner involving the full participation of the State throughout the audit process; starting four to six months prior to the date of the audit when States scheduled for an audit are sent a customized Memorandum of Understanding (MoU), based upon a model bilateral MoU endorsed by the Council, so as to confirm their agreement to its terms. At the same time:  

  • States are requested to complete and submit a pre-audit questionnaire and a security audit compliance checklist to assist in the planning of the audit; and
  • Audit-related documents and other essential information are forwarded to the State to be audited to enable it to appropriately prepare for the forthcoming audit.

An ICAO aviation security audit is typically conducted over a period of five to eight days by a team of three or four auditors following standard auditing procedures and protocols. However, the duration of the audit and the composition of the audit team are adjusted depending upon the size and complexity of operations.

Post-audit action starts with a detailed on-site briefing provided to the State at the conclusion of the audit. A confidential audit report is forwarded to the audited State within 60 calendar days of the completion of the audit and, under the terms of the MoU signed with ICAO, the State is expected to submit a corrective action plan within 60 calendar days after receiving the report. At the same time, States are asked to complete and submit a State Audit Feedback Form commenting on all aspects of the audit process. This feedback is used, as appropriate, to improve the audit process.

The ICAO audit reports, coupled with the State corrective action plan, provide the starting point for initiating corrective actions taken by States. Depending upon the nature of the deficiencies identified in an audited State, immediate and direct assistance may be available through the ICAO Implementation, Support and Development Section, and longer-term assistance projects may be coordinated through the Technical Co-operation Programme.

Audit follow-up missions were initiated in 2005 in order to validate the implementation of State corrective action plans and to provide support to States in remedying identified deficiencies. These missions take place approximately two years after the initial audit and are normally conducted by the applicable Regional Office, in close coordination with Headquarters. The results of the follow-up visits indicate that the majority of States have made significant progress in the implementation of their corrective action plans.

CONFIDENTIALITY

The assurance of confidentiality is important to the USAP audit process because of the special sensitivity of aviation security-related information. In practice, USAP’s adoption of this principle means that the audit report and all audit-related documentation are subject to rigorous physical controls by ICAO and are strictly protected from release to any entity other than the audited State. ICAO, however, keeps member States informed of the programme’s progress by periodically disseminating audit activity reports offering limited information, which includes: the names of the States audited; the identity of the airport visited; and completion date for each audit. In addition to these regular updates, data on the level of implementation of the critical elements of each State’s aviation security oversight system is being made available to all ICAO member States on a restricted website.This increased transparency will promote mutual confidence in the level of aviation security amongst States while also encouraging consultations aimed at assisting States in achieving compliance with ICAO Standards and Recommended Practices (SARPs). Importantly, the policy of “limited” transparency ensures that sensitive security information does not enter the public realm.

 

 

Source: ICAO Security Manual (Doc 8973) 


 

 

WB01345_.gif (616 bytes)Back to News Page