March 18, 2026

Steven Bentley

Sofema Aviation (SA) considers key aspects of assessing compliance within the EASA Part CAMO and Maintenance Control Centre (MCC) areas.

Introduction

In the current 2026 regulatory landscape, the transition to Part-CAMO has fundamentally shifted the focus from “administrative oversight” to “proactive risk management.”

  • For organizations, this means moving beyond simple compliance checklists toward an integrated Management System that treats safety and cybersecurity with the same rigor as physical aircraft maintenance.
  • When auditing the MCC under Part-CAMO, the focus is on the interface between the CAMO’s long-term planning and the Part-145’s tactical execution.

Key Compliance Challenges in 2026

The complexity of modern airworthiness management has introduced several high-stakes challenges:

  • Cybersecurity & Data Integrity (Part-IS): As of February 2026, compliance with EASA Part-IS is mandatory. The challenge is no longer just “IT security” but “Digital Airworthiness.”
    • CAMOs must now protect the integrity of electronic records (back-to-birth data, AD status) against corruption or unauthorized access, treating a data breach as a potential safety hazard.
  • The “Experience Dilution” Trap: A global shortage of senior airworthiness engineers has led to “experience dilution.” Organizations struggle to maintain the high level of technical competency required for complex tasks like Airworthiness Reviews (ARC) while onboarding newer staff.
  • Supply Chain & MEL Management: Increased lead times for critical components have forced CAMOs to manage more frequent and complex Minimum Equipment List (MEL) deferrals. This creates “fleet fragility,” where a single additional failure can ground multiple aircraft.
  • Data-Driven Safety Monitoring: Moving from “tick-the-box” audits to using Safety Performance Indicators (SPIs) requires sophisticated data analysis tools that many legacy organizations still lack.

Best Practices for Audit Prep & Coordination – Coordination: CAMO vs. Maintenance Control Centre (MCC)

The MCC is the “nerve center” that bridges the gap between the CAMO’s long-term planning and the maintenance organization’s (AMO) tactical execution.

  • Integrated Interface Procedures: Ensure the CAME (Continuing Airworthiness Management Exposition) explicitly defines the “handover” protocols for AOG (Aircraft on Ground) events and defect rectification.
  • Engineering Liaison: Deploy “engineering aware” staff within the MCC. A liaison who understands both Part-21 (Design) and Part-145 (Maintenance) can prevent compliance gaps during urgent repairs or major modifications.
  • Joint Risk Assessments: For major maintenance inputs, the CAMO and MCC should conduct joint risk assessments to identify potential “snowball” effects of deferred defects before the aircraft enters the hangar.

Audit Preparation

  • The “Digital Walkaround”: Before an authority audit, conduct an internal review of your digital ecosystem. Check write-access levels for technical record databases and verify the authenticity of digital EASA Form 1s.
  • Root Cause Analysis (RCA): Shift from “fixing the finding” to “fixing the system.” Authorities in 2026 look for evidence of robust RCA, including all contributing factors that address organizational factors, not just individual errors.
  • Personnel Competence Files: Ensure that training records are not just present but reflect Competency-Based Training (CBTA), proving staff can actually perform the tasks assigned to them.

Integrated Compliance in Part-CAMO. In the CAMO environment, the auditor’s focus must transition from static records to the integrity of the digital thread.

  • Risk-Based Oversight: Move beyond sample-based auditing of aircraft technical logs. Guidance suggests auditing the HIRA (Hazard Identification and Risk Assessment) process itself.
  • Ensure that the CAMO isn’t just identifying risks, but that those risks are actively informing the Maintenance Programme (AMP).
  • Software & Data Configuration: Under Part-IS, auditors must verify that software versions on the aircraft match the approved design data. High-level guidance now includes auditing the cybersecurity of data transfer between the Ground Station and the Aircraft. Important Note to Validate the process – not just to perform a snapshot)

Real-Time Auditing in the MCC – The Maintenance Control Centre (MCC) acts as the heartbeat of operational airworthiness. Auditing this area requires a “live” approach to ensure technical decision-making remains sound under pressure.

  • MEL/CDL Management: High-level guidance focuses on the cumulative effect of deferred defects. Auditing the MCC involves ensuring that multiple “Category C” items don’t combine to create an unacceptable safety margin, even if each individual item is technically compliant.
  • The Interface Audit: A critical failure point is the handover between the MCC and the Part-145 maintenance provider. Guidance dictates auditing the communication loop: Did the MCC ensure effective communication and support to the 145.

The “Cyber-Airworthiness” Audit Pillar – Across both CAMO and MCC, the Part-IS (Information Security) requirements introduce a new audit domain. High-level guidance now mandates:

  • Access Control Audits: Who has the authority to sign off on digital releases or alter reliability data?
  • Resilience Testing: Auditing the “Return to Service” capability in the event of a system-wide digital outage.

Training & Development Auditing – To stay ahead, organizations should move away from generic “refresher” training and adopt:

  • Management of Change (MoC) Training: Train engineers specifically on the MoC process. Regulatory changes are now so frequent that the ability to assess the impact of a change is as important as the change itself.
  • Upskilling in Digital Tools: Prioritize training in specialized CAMO software and data visualization tools

The Human Factor: Commercial Pressure – The MCC is the most pressured environment in an airline. A robust audit includes “shadowing” or interviewing MCC controllers to determine:

  • Safety Reporting Culture: Do controllers feel empowered to ground an aircraft even if it causes a major disruption?
  • Fatigue Risk Management: Since MCCs often operate 24/7, auditing their shift patterns and handover quality is essential for Part-CAMO compliance.

Key Compliance Challenges: Maintaining Continuous Airworthiness

Beyond the MCC, CAMO organizations face structural challenges in maintaining a “clean” airworthiness status:

  • Bridging the Part-21/Part-CAMO Gap: As aircraft become more complex, CAMOs often struggle to get timely Repair Design Approvals (RDAs) from Original Equipment Manufacturers (OEMs). Managing these “open” engineering orders while maintaining flight schedules is a constant regulatory tightrope.

Auditing Critical Skills for Airworthiness Engineers  – The profile of the Airworthiness Engineer is shifting from “Technical Administrator” to “Systems Risk Manager.”

  • Systems Thinking and Risk Assessment. Future engineers must move away from “binary” compliance (Yes/No) toward Risk-Based Oversight.

>> This involves understanding how a minor defect in one system (e.g., a sensor) might increase the risk profile of another system during specific weather conditions or routes.

  • Digital Literacy and Cybersecurity – Understanding Part-IS is no longer optional.

>> Engineers need to know how to verify the “digital birth certificate” of a component and how to spot potential data corruption within the Continuing Airworthiness Management System.

  • Negotiation and Communication The CAMO sits between Flight Ops, Finance (Supply Chain), and Maintenance, the ability to communicate technical risks to non-technical stakeholders is becoming a top-tier skill.

Next Steps

Join Sofema Aviation for a CAMO Compliance Challenges webinar on Tuesday, 24 March, from 10:30 – 13:00 Sofia time. Register for the webinar here – places are limited, so be sure to secure your spot early.

Explore our extensive course library featuring 500+ aviation training courses and take the opportunity to deepen your regulatory knowledge, or email [email protected] for support.

Sofema Aviation Services (SAS) and Sofema Online (SOL) provide classroom, webinar, and online training. Please see the websites or email [email protected] for support.

Share this with your network:

Tags:

Aircraft Maintenance, Audit, Supply Chain, EASA Part – CAMO, Maintenance Control Centre (MCC), Cybersecurity, Management System, Coordination, IT Security, Sofema Aviation (SA), Data Integrity (Part-IS), February 2026, Digital Airworthiness, MEL Management