Sofema Aviation Services (SAS) considers key roles & responsibilities for Aerodrome Key Management Personnel, including the critical function of the Accountable Manager.
Introduction
The responsibilities of the Airport Accountable Manager and Post Holders (often referred to as Nominated Persons) at an aerodrome under EASA Regulation (EU) No 139/2014 are central to establishing and maintaining the organisation’s compliance, safety, and operational standards.
Airport Accountable Manager Responsibilities
The Accountable Manager (AM) is the single, designated person who holds the ultimate responsibility for all aspects of the aerodrome operator’s compliance, safety, and financial well-being. They must possess the full financial authority to ensure that all necessary activities can be financed and carried out in accordance with EASA regulations.
Key Obligations
- Overall Accountability: The AM must ensure the implementation and maintenance of a robust Management System that integrates the Safety Management System (SMS), the Compliance Monitoring Function, and the Information Security Management System (ISMS).
- Safety and Security Policy: They are responsible for defining and signing the organisation’s overall Safety Policy and ensuring a corresponding Information Security Policy is established, implemented, and documented.
- Resource Provision: The AM must guarantee that the organisation has sufficient resources, including financial means, personnel, and infrastructure, to comply with all requirements. This explicitly includes providing the resources needed for the ISMS to be effective.
- Direct Safety Accountability: The AM must demonstrate direct accountability for safety and compliance throughout the organisation.
- Information Security Oversight: Critically, the AM is ultimately responsible for managing information security risks with a potential impact on aviation safety, as mandated by amendments stemming from Commission Implementing Regulation (EU) 2023/203.
Post Holders (Nominated Persons) Responsibilities
Post Holders are members of the management team appointed to be accountable to the Accountable Manager for specific functional areas. Their responsibilities focus on the detailed implementation and execution of management system processes within their scope.
Key Obligations (Including Information Security)
- Management System Implementation: Post Holders ensure that all procedures and processes within their area are established, implemented, and maintained in accordance with the regulatory requirements.
- Safety Manager/ISMS Lead: A designated person, often the Safety Manager or an appointed Information Security Lead, is responsible for the operational management of the ISMS. This person must:
- Conduct Information Security Risk Assessments to identify threats (e.g., cyberattacks) that could affect the integrity, confidentiality, or availability of systems critical to aviation safety.
- Develop and implement mitigation measures and controls against identified cyber risks.
- Manage the processes for detection, response, and recovery from information security incidents and vulnerabilities.
- Ensure timely reporting of information security incidents with potential safety implications to the relevant authorities.
- Compliance Monitoring Manager: This Post Holder is tasked with verifying the organisation’s compliance. They must:
- Establish and execute a comprehensive audit program that includes auditing the ISMS to verify its effectiveness and adherence to internal procedures and EASA rules.
- Report findings and ensure corrective action plans for all non-compliances, including those related to information security, are implemented.
- Personnel Competence: Post Holders are responsible for ensuring that all personnel under their command who have access to or operate critical information technology systems are adequately trained and competent in information security and cyber hygiene.
The overall framework establishes a clear safety and compliance chain: the Accountable Manager is ultimately responsible to the competent authority, and the Post Holders are directly responsible to the Accountable Manager for the performance of their assigned management functions, including the increasingly vital domain of information security.
Next Steps
Sofema Aviation Services (SAS) and Sofema Online (SOL) provide Classroom, Webinar and Online Training related to Airport Regulations, Compliance and Safety Management Systems. Please see the website or email [email protected]
Tags:
SAS blogs, SafetyManagementSystem, AviationSafety, RegulatoryTraining, EASARegulations, AerodromeManagement, AirportCompliance, InformationSecurityAviation, AviationCyberSecurity, AirportOperations
