Considering the Roles within the EASA Quality Assurance System (QAS) – QA & QC - Where are the Industry Challenges
Please consider that just because a product meets for example compliance with ISO 9001-2015 objectives does not automatically mean it is safe. (Just as not having an accident can be taken as meaning that we will not have an accident in the future.)
In reality the key aspect becomes our ability to measure risk and exposure. Quality systems audits consider gaps related to compliance with both external regulations and internal organisational process and procedures.
Quality Assurance and Risk Assessment
The first point to make is that the term “risk” subjective whereas the role of an EASA regulatory driven audit is to assess compliance with a standard not an opinion so this creates a challenge.
So when a discrepancy is identified it creates a number of questions
The first relates to the Root Cause – why did this become a problem ( The answer typically lies within the depths of the business area) which is why ultimately it is correct for the Nominated Person / Business Area Owner to assume responsibility for the determination of the Root Cause as well as the appropriate solution.
Note that there are usually a range of solutions available and as long as it deals with the fundamental cause it should be acceptable – however often it does not and the problem re surfaces.
Consider the Competence required to perform effective root cause assessment – has the business area owner demonstrated the competence necessary to deliver an effective assessment
This element should be part of any oversight audit
The next area to consider is that whilst risk is subjective – we as quality auditors need to make an assessment of how serious the finding is and for guidance EASA provides the following criteria
A level 1 finding is any significant non-compliance with Part 145 requirements which lowers the safety standard and hazards seriously the flight safety.
A level 2 finding is any non-compliance with the Part 145 requirements which could lower the safety standard and possibly hazard the flight safety.
Note that the use of Safety Standards as a term is also very subjective – and is ultimately down to the competence of the auditor (see separate section related to auditor competence)
Considering Quality Control
Quality Control is the responsibility of the individual nominated persons and business area owners.
Quality Control is delivered through the development of regulatory compliant organisational processes and procedures which are followed by suitably trained and competent organisational staff.
Independently all QC processes should be audited by the QA process.
Part of the reason EASA has renamed the Quality Assurance Manager as the Compliance Manager is to focus on the role of Quality Control as well as on the understanding as to where the responsibility sits.
Considering the responsibility of the Compliance Manager
Verification that corrective action is taken by the manager responsible in response to any finding of non-compliance, moreover that the steps taken have addressed the issue - competence in validating root cause – how to demonstrate?
Sofema Aviation Services www.sassofia.com (
