Canadian Aviation Security Regulations, 2012 (SOR/2011-318)

DIVISION 9Airport Security Programs

Overview

Marginal note:Division overview

345 This Division sets out the regulatory framework for promoting a comprehensive, coordinated and integrated approach to airport security. The processes required under this Division are intended to facilitate the establishment and implementation of effective airport security programs that reflect the circumstances of each aerodrome.

Interpretation

Marginal note:Processes and procedures

346 For greater certainty, any reference to a process in this Division includes the procedures, if any, that are necessary to implement that process.

Airport Security Program Requirements

Marginal note:Requirement to establish and implement

• 347 (1) The operator of an aerodrome must establish and implement an airport security program.

• Marginal note:Program requirements

  (2) As part of its airport security program, the operator of an aerodrome must

  • (a) define and document the aerodrome-related security roles and responsibilities assigned to each of the operator’s employee groups and contractor groups;

  • (b) communicate the information referred to in paragraph (a) to the employees and contractors in those groups;

  • (c) have a security policy statement that establishes an overall commitment and direction for aerodrome security and sets out the operator’s security objectives;

  • (d) communicate the security policy statement in an accessible manner to all persons who are employed at the aerodrome or who require access to the aerodrome in the course of their employment;

  • (e) establish and implement a process for responding to aerodrome-related security incidents and breaches in a coordinated manner that is intended to minimize their impact;

  • (f) establish and implement a security awareness program that promotes a culture of security vigilance and awareness among the following persons:

    • (i) persons who are employed at the aerodrome,

    • (ii) crew members who are based at the aerodrome, and

    • (iii) persons, other than crew members, who require access to the aerodrome in the course of their employment;

  • (g) assess risk information and disseminate it within the operator’s organization for the purpose of informed decision-making about aviation security;

  • (h) establish and implement a process for receiving, retaining, disclosing and disposing of sensitive information respecting aviation security in order to protect the information from unauthorized access;

  • (i) identify sensitive information respecting aviation security and receive, retain, disclose and dispose of sensitive information respecting aviation security in a manner that protects the information from unauthorized access;

  • (j) disclose sensitive information respecting aviation security to the following persons if they have been assigned aerodrome-related security roles and responsibilities and require the information to carry out those roles and responsibilities:

    • (i) persons who are employed at the aerodrome, and

    • (ii) persons who require access to the aerodrome in the course of their employment;

  • (k) have a current scale map of the aerodrome that identifies all restricted areas, security barriers and restricted area access points; and

  • (l) document how the operator achieves compliance with the aviation security provisions of the Act and the regulatory requirements that apply to the operator.

• Marginal note:Other program requirements

  (3) The following also form part of the airport security program:

  • (a) the security official referred to in section 270;

  • (b) the aerodrome security personnel training referred to in sections 271 and 272;

  • (c) the security committee or other working group or forum referred to in section 350;

  • (d) if applicable, the multi-agency advisory committee referred to in section 353;

  • (e) if applicable, the airport security risk assessment referred to in section 354;

  • (f) if applicable, the strategic airport security plan referred to in section 359;

  • (g) the menu of additional safeguards referred to in section 365;

  • (h) the emergency plan referred to in section 367; and

  • (i) the security exercises referred to in sections 368 and 369.

Marginal note:Documentation

• 348 (1) The operator of an aerodrome must

  • (a) keep documentation related to its menu of additional safeguards and any amendment to it for at least five years;

  • (b) if applicable, keep documentation related to its airport security risk assessment and any review of it for at least five years;

  • (c) if applicable, keep documentation related to its strategic airport security plan and any amendment to it for at least five years; and

  • (d) keep all other documentation related to its airport security program for at least two years.

• Marginal note:Ministerial access

  (2) The operator of the aerodrome must make the documentation available to the Minister on reasonable notice given by the Minister.

Marginal note:Requirement to amend

349 The operator of an aerodrome must amend its airport security program if the operator identifies, at the aerodrome, an aviation security risk that is not addressed by the program.

Security Committee

Marginal note:Security committee

• 350 (1) The operator of an aerodrome must have a security committee or other working group or forum that

  • (a) advises the operator on the development of controls and processes that are necessary at the aerodrome in order to comply with the aviation security provisions of the Act and the regulatory requirements that apply to the operator;

  • (b) helps coordinate the implementation of the controls and processes that are necessary at the aerodrome in order to comply with the aviation security provisions of the Act and the regulatory requirements that apply to the operator; and

  • (c) promotes the sharing of information respecting the airport security program.

• Marginal note:Terms of reference

  (2) The operator of the aerodrome must manage the security committee or other working group or forum in accordance with written terms of reference that

  • (a) identify its membership; and

  • (b) define the roles and responsibilities of each member.

• Marginal note:Records

  (3) The operator of the aerodrome must keep records of the activities and decisions of the security committee or other working group or forum.

Requirements that Apply only if an Amendment to Schedule 2 or a Ministerial Order is made: Multi-agency Advisory Committee; Airport Security Risk Assessments; and Strategic Airport Security Plans

Marginal note:Application

• 351 (1) Subject to section 352, sections 353 to 364 apply to the operator of an aerodrome if

  • (a) the Governor in Council makes an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome; or

  • (b) the Minister makes an order stating that sections 353 to 364 apply to the operator.

• Marginal note:Minister’s authority

  (2) The Minister is authorized to make orders stating that sections 353 to 364 apply to operators of aerodromes listed in Schedule 2.

Marginal note:Transition

• 352 (1) Sections 353 and 356 do not apply to the operator of an aerodrome until the day that is six months after the earlier of

  • (a) the day on which an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome comes into force, and

  • (b) the day on which a ministerial order stating that sections 353 to 364 apply to the operator comes into force.

• Marginal note:Transition

  (2) Sections 354 and 355 do not apply to the operator of an aerodrome until the day that is 10 months after the earlier of

  • (a) the day on which an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome comes into force, and

  • (b) the day on which a ministerial order stating that sections 353 to 364 apply to the operator comes into force.

• Marginal note:Transition

  (3) Sections 359 and 361 do not apply to the operator of an aerodrome until the day that is 22 months after the earlier of

  • (a) the day on which an aviation security regulation adding an asterisk in Schedule 2 after the International Civil Aviation Organization (ICAO) location indicator of the aerodrome comes into force, and

  • (b) the day on which a ministerial order stating that sections 353 to 364 apply to the operator comes into force.

Marginal note:Multi-agency advisory committee

• 353 (1) The operator of an aerodrome must have a multi-agency advisory committee.

• Marginal note:Membership

  (2) The operator of the aerodrome must invite at least the following persons and organizations to be members of the multi-agency advisory committee:

  • (a) the Department of Transport;

  • (b) CATSA;

  • (c) the police service with jurisdiction at the aerodrome;

  • (d) the Royal Canadian Mounted Police;

  • (e) the Canadian Security Intelligence Service; and

  • (f) the Canada Border Services Agency.

• Marginal note:Terms of reference

  (3) The operator of the aerodrome must manage the multi-agency advisory committee in accordance with written terms of reference.

• Marginal note:Objectives

  (4) The objectives of the multi-agency advisory committee are

  • (a) to advise the operator of the aerodrome on its airport security risk assessment and its strategic airport security plan; and

  • (b) to promote the sharing of sensitive information respecting aviation security at the aerodrome.

• Marginal note:Records

  (5) The operator of the aerodrome must keep records of the activities and decisions of the multi-agency advisory committee.

Marginal note:Airport security risk assessments

354 The operator of an aerodrome must have an airport security risk assessment that identifies, assesses and prioritizes aviation security risks and that includes the following elements:

• (a) a threat assessment that evaluates the probability that aviation security incidents will occur at the aerodrome;

• (b) a criticality assessment that prioritizes the areas, assets, infrastructure and operations at or associated with the aerodrome that most require protection from acts and attempted acts of unlawful interference with civil aviation;

• (c) a vulnerability assessment that considers the extent to which the areas, assets, infrastructure and operations at or associated with the aerodrome are susceptible to loss or damage and that evaluates this susceptibility in the context of the threat assessment; and

• (d) an impact assessment that, at a minimum, measures the consequences of an aviation security incident or potential aviation security incident in terms of

  • (i) a decrease in public safety and security,

  • (ii) financial and economic loss, and

  • (iii) a loss of public confidence.

Marginal note:Submission for approval

355 The operator of an aerodrome must submit its airport security risk assessment to the Minister for approval, and must submit a new airport security risk assessment to the Minister within five years after the date of the most recent approval.

Marginal note:Requirement to consult

356 The operator of an aerodrome must consult its multi-agency advisory committee when the operator is

• (a) preparing its airport security risk assessment for submission to the Minister for approval; and

• (b) conducting a review of its airport security risk assessment.

Marginal note:Airport security risk assessment — annual review

• 357 (1) The operator of an aerodrome must conduct a review of its airport security risk assessment at least once a year.

• Marginal note:Airport security risk assessment — other reviews

  (2) The operator of the aerodrome must also conduct a review of its airport security risk assessment if

  • (a) a special event that is scheduled to take place at the aerodrome could affect aerodrome security;

  • (b) the operator is planning a change to the physical layout or operation of the aerodrome that could affect aviation security at the aerodrome;

  • (c) an environmental or operational change at the aerodrome could affect aerodrome security;

  • (d) a change in regulatory requirements could affect aerodrome security;

  • (e) the operator identifies, at the aerodrome, a vulnerability that is not addressed in the assessment, or the Minister identifies such a vulnerability to the operator; or

  • (f) the Minister informs the operator that there is a change in the threat environment that could result in a new or unaddressed medium to high risk.

• Marginal note:Equivalency

  (3) For greater certainty, a review conducted under subsection (2) counts as a review required under subsection (1).

• Marginal note:Documentation

  (4) When the operator of the aerodrome conducts a review of its airport security risk assessment, the operator must document

  • (a) any decision to amend or to not amend the assessment or the operator’s risk-management strategy;

  • (b) the reasons for that decision; and

  • (c) the factors that were taken into consideration in making that decision.

• Marginal note:Notification

  (5) The operator of the aerodrome must notify the Minister if, as a result of a review of its airport security risk assessment, the operator amends the assessment

  • (a) to include a new medium to high risk; or

  • (b) to raise or lower the level of a risk within the medium to high range.