Canadian Aviation Security Regulations, 2012 (SOR/2011-318)

Marginal note:Requirement to amend

349 The operator of an aerodrome must amend its airport security program if the operator identifies, at the aerodrome, an aviation security risk that is not addressed by the program.

Security Committee

Marginal note:Security committee

• 350 (1) The operator of an aerodrome must have a security committee or other working group or forum that

  • (a) advises the operator on the development of controls and processes that are necessary at the aerodrome in order to comply with the aviation security provisions of the Act and the regulatory requirements that apply to the operator;

  • (b) helps coordinate the implementation of the controls and processes that are necessary at the aerodrome in order to comply with the aviation security provisions of the Act and the regulatory requirements that apply to the operator; and

  • (c) promotes the sharing of information respecting the airport security program.

• Marginal note:Terms of reference

  (2) The operator of the aerodrome must manage the security committee or other working group or forum in accordance with written terms of reference that

  • (a) identify its membership; and

  • (b) define the roles and responsibilities of each member.

• Marginal note:Records

  (3) The operator of the aerodrome must keep records of the activities and decisions of the security committee or other working group or forum.

Requirements that Apply only if an Amendment to Schedule 2 or a Ministerial Order is made: Multi-agency Advisory Committee; Airport Security Risk Assessments; and Strategic Airport Security Plans

Marginal note:Application

• 351 (1) Subject to section 352, sections 353 to 364 apply to the operator of an aerodrome if

  • (a) the Governor in Council makes an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome; or

  • (b) the Minister makes an order stating that sections 353 to 364 apply to the operator.

• Marginal note:Minister’s authority

  (2) The Minister is authorized to make orders stating that sections 353 to 364 apply to operators of aerodromes listed in Schedule 2.

Marginal note:Transition

• 352 (1) Sections 353 and 356 do not apply to the operator of an aerodrome until the day that is six months after the earlier of

  • (a) the day on which an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome comes into force, and

  • (b) the day on which a ministerial order stating that sections 353 to 364 apply to the operator comes into force.

• Marginal note:Transition

  (2) Sections 354 and 355 do not apply to the operator of an aerodrome until the day that is 10 months after the earlier of

  • (a) the day on which an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome comes into force, and

  • (b) the day on which a ministerial order stating that sections 353 to 364 apply to the operator comes into force.

• Marginal note:Transition

  (3) Sections 359 and 361 do not apply to the operator of an aerodrome until the day that is 22 months after the earlier of

  • (a) the day on which an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome comes into force, and

  • (b) the day on which a ministerial order stating that sections 353 to 364 apply to the operator comes into force.

Marginal note:Multi-agency advisory committee

• 353 (1) The operator of an aerodrome must have a multi-agency advisory committee.

• Marginal note:Membership

  (2) The operator of the aerodrome must invite at least the following persons and organizations to be members of the multi-agency advisory committee:

  • (a) the Department of Transport;

  • (b) CATSA;

  • (c) the police service with jurisdiction at the aerodrome;

  • (d) the Royal Canadian Mounted Police;

  • (e) the Canadian Security Intelligence Service; and

  • (f) the Canada Border Services Agency.

• Marginal note:Terms of reference

  (3) The operator of the aerodrome must manage the multi-agency advisory committee in accordance with written terms of reference.

• Marginal note:Objectives

  (4) The objectives of the multi-agency advisory committee are

  • (a) to advise the operator of the aerodrome on its airport security risk assessment and its strategic airport security plan; and

  • (b) to promote the sharing of sensitive information respecting aviation security at the aerodrome.

• Marginal note:Records

  (5) The operator of the aerodrome must keep records of the activities and decisions of the multi-agency advisory committee.

Marginal note:Airport security risk assessments

354 The operator of an aerodrome must have an airport security risk assessment that identifies, assesses and prioritizes aviation security risks and that includes the following elements:

• (a) a threat assessment that evaluates the probability that aviation security incidents will occur at the aerodrome;

• (b) a criticality assessment that prioritizes the areas, assets, infrastructure and operations at or associated with the aerodrome that most require protection from acts and attempted acts of unlawful interference with civil aviation;

• (c) a vulnerability assessment that considers the extent to which the areas, assets, infrastructure and operations at or associated with the aerodrome are susceptible to loss or damage and that evaluates this susceptibility in the context of the threat assessment; and

• (d) an impact assessment that, at a minimum, measures the consequences of an aviation security incident or potential aviation security incident in terms of

  • (i) a decrease in public safety and security,

  • (ii) financial and economic loss, and

  • (iii) a loss of public confidence.

Marginal note:Submission for approval

355 The operator of an aerodrome must submit its airport security risk assessment to the Minister for approval, and must submit a new airport security risk assessment to the Minister within five years after the date of the most recent approval.

Marginal note:Requirement to consult

356 The operator of an aerodrome must consult its multi-agency advisory committee when the operator is

• (a) preparing its airport security risk assessment for submission to the Minister for approval; and

• (b) conducting a review of its airport security risk assessment.

Marginal note:Airport security risk assessment — annual review

• 357 (1) The operator of an aerodrome must conduct a review of its airport security risk assessment at least once a year.

• Marginal note:Airport security risk assessment — other reviews

  (2) The operator of the aerodrome must also conduct a review of its airport security risk assessment if

  • (a) a special event that is scheduled to take place at the aerodrome could affect aerodrome security;

  • (b) the operator is planning a change to the physical layout or operation of the aerodrome that could affect aviation security at the aerodrome;

  • (c) an environmental or operational change at the aerodrome could affect aerodrome security;

  • (d) a change in regulatory requirements could affect aerodrome security;

  • (e) the operator identifies, at the aerodrome, a vulnerability that is not addressed in the assessment, or the Minister identifies such a vulnerability to the operator; or

  • (f) the Minister informs the operator that there is a change in the threat environment that could result in a new or unaddressed medium to high risk.

• Marginal note:Equivalency

  (3) For greater certainty, a review conducted under subsection (2) counts as a review required under subsection (1).

• Marginal note:Documentation

  (4) When the operator of the aerodrome conducts a review of its airport security risk assessment, the operator must document

  • (a) any decision to amend or to not amend the assessment or the operator’s risk-management strategy;

  • (b) the reasons for that decision; and

  • (c) the factors that were taken into consideration in making that decision.

• Marginal note:Notification

  (5) The operator of the aerodrome must notify the Minister if, as a result of a review of its airport security risk assessment, the operator amends the assessment

  • (a) to include a new medium to high risk; or

  • (b) to raise or lower the level of a risk within the medium to high range.

Marginal note:Approval

358 The Minister must approve an airport security risk assessment submitted by the operator of an aerodrome if

• (a) the assessment meets the requirements of section 354;

• (b) the assessment has been reviewed by an executive within the operator’s organization who is responsible for security;

• (c) the operator has considered risk information provided by its multi-agency advisory committee;

• (d) the operator has considered all available and relevant information; and

• (e) the operator has not overlooked an aviation security risk that could affect the operation of the aerodrome.

Marginal note:Strategic airport security plans

359 The operator of an aerodrome must establish a strategic airport security plan that

• (a) summarizes the operator’s strategy to prepare for, detect, prevent, respond to and recover from acts or attempted acts of unlawful interference with civil aviation; and

• (b) includes a risk-management strategy that addresses the medium to high aviation security risks identified and prioritized in the operator’s airport security risk assessment.

Marginal note:Requirement to consult

360 The operator of an aerodrome must consult its multi-agency advisory committee when the operator

• (a) establishes its strategic airport security plan; and

• (b) amends its strategic airport security plan under subsection 364(1).

Marginal note:Requirement to submit

361 The operator of an aerodrome must submit its strategic airport security plan to the Minister for approval.

Marginal note:Requirement to implement

362 The operator of an aerodrome must, as soon as its strategic airport security plan is approved, implement its risk-management strategy.

Marginal note:Approval of plan

363 The Minister must approve a strategic airport security plan submitted by the operator of an aerodrome if

• (a) the plan meets the requirements of section 359;

• (b) the plan has been reviewed by an executive within the operator’s organization who is responsible for security;

• (c) the plan is likely to enable the operator to prepare for, detect, prevent, respond to and recover from acts or attempted acts of unlawful interference with civil aviation;

• (d) the risk-management strategy is in proportion to the risks it addresses;

• (e) the operator has considered the advice of its multi-agency advisory committee;

• (f) the operator has not overlooked an aviation security risk that could affect the operation of the aerodrome; and

• (g) the plan can be implemented without compromising aviation security.

Marginal note:Amendments

• 364 (1) The operator of an aerodrome may amend its strategic airport security plan at any time, but must do so if

  • (a) the plan does not reflect the operator’s airport security risk assessment;

  • (b) the Minister informs the operator that there is a change in the threat environment that could result in a new or unaddressed medium to high risk;

  • (c) the Minister informs the operator that its risk-management strategy is not in proportion to a medium to high risk set out in the operator’s airport security risk assessment; or

  • (d) the operator identifies a deficiency in the plan.

• Marginal note:Documentation — risk-management strategy

  (2) If the operator of the aerodrome amends its risk-management strategy, the operator must document

  • (a) the reason for the amendment; and

  • (b) the factors that were taken into consideration in making that amendment.

• Marginal note:Documentation — strategic airport security plan

  (3) If the operator of the aerodrome amends its strategic airport security plan, the operator must document

  • (a) the reason for the amendment; and

  • (b) the factors that were taken into consideration in making that amendment.

• Marginal note:Submission of amendment

  (4) If the operator of the aerodrome amends its strategic airport security plan, the operator must, as soon as possible, submit the amendment to the Minister for approval.

• Marginal note:Approval

  (5) The Minister must approve an amendment if

  • (a) in the case of an amendment to the summary required under paragraph 359(a), the conditions set out in paragraphs 363(a) to (c) have been met; and

  • (b) in the case of an amendment to the risk-management strategy required under paragraph 359(b), the conditions set out in section 363 have been met.

• Marginal note:Implementation

  (6) If the operator of the aerodrome amends its risk-management strategy, the operator must implement the amended version of the strategy once it is approved by the Minister.