Canadian Air Transport Security Authority Screening Contractor Management System Standard

Published September 2015 by Canadian Air Transport Security Authority (CATSA)

A.  Purpose of the standard

The Standard establishes new quality assurance requirements for organizations seeking to participate in future Request for Proposals (RFP) for screening services at designated Canadian airports. As such, it also forms an important part of the Screening Contractor certification requirements for organizations seeking to enter into Airport Screening Services Agreements (ASSAs) with the Canadian Air Transport Security Authority (CATSA). The requirements of Standard apply to any organization wishing to be considered to provide airport screening services:

  • for a long-term ASSA, or
  • on a contingency basis through the CATSA Screening Services Contingency Program (“SSCP”).

The Standard is designed to ensure organizations use a systematic and integrated approach to organizational management performance. This systems perspective means managing the whole organization, as well as its components, to achieve desired outcomes. The requirements identified in the Standard also facilitate the following goals:

  • Delivery of ever-improving value to stakeholders, resulting in organizational sustainability
  • Continuous improvement of overall effectiveness and capabilities
  • Organizational and personal learning

B. Application

The Standard presents both prescriptive and non-prescriptive requirements. Where non-prescriptive requirements are used, organizations are encouraged to develop and demonstrate creative, adaptive and flexible approaches for meeting requirements. Non-prescriptive requirements foster incremental and major improvements. 

The requirements will be applied in consideration of an organization’s size and type for the selection of tools, techniques, systems and organizational structure necessary to meet the Standard.

C. Third-party qualification

CATSA has engaged the services of the Canadian General Standards Board of Canada (CGSB) to assess organizations against the Standard. The CGSB is accredited by the Standards Council of Canada (SCC) to assess and register quality management systems for conformance to the International Organization for Standardization (ISO) DIS 9001:2015 (2014) standard. CGSB will plan and conduct their assessments in accordance with the ISO guidelines for quality management systems auditing (ISO 19011:2011) and all auditors will be certified ISO external auditors.

D. Evaluation system

An organization will be evaluated on its approach to meeting the Standard Requirements and the extent to which they are deployed within the organization.

Specifically, the word “approach” refers to:

  • The methods used to accomplish the process
  • The appropriateness of the methods
  • The effectiveness of the organizations use of the methods
  • The degree to which the approach is repeatable and based on reliable data and information (i.e., systematic)

“deployed” refers to the extent to which:

  • The approach is applied consistently
  • The approach is used by all appropriate work units

For each requirement, the organization will be given a rating of either Conforming or Non-Conforming.

E.  Relationship of this standard to ISO DIS 9001:2015 (2014)

For organizations following the ISO DIS 9001:2015 (2014) approach to quality management, the table in Appendix A cross-references, from CATSA’s perspective, the Screening Contractor Management System Standard to ISO DIS 9001:2015 (2014). Additionally, the CGSB will apply their experience and understanding of management system assessment at their discretion.

F. Requirements

Part 1 – Management Team commitment

  • 1.1 The organization shall demonstrate its processes and resources used to affirm the Management Team’s commitment to the development and implementation of its Management System and continually improving its effectiveness, including at a minimum that:
    • the Directors and Management Team can provide evidence of a clear Criminal Record Check from a Canadian policing authority or have obtained Secret Clearance from the Government of Canada
    • the organizations mission, values and “Code of Ethics” are documented and promoted throughout the organization
    • levels of management responsibility and authority are appropriate to the mandate, size and complexity of the organization and are documented and understood by employees
    • procedures and evidence exists that the Management Team communicates the importance of meeting customer as well as statutory and regulatory requirements to all employees
    • procedures and evidence exists that the Management Team reviews, at scheduled intervals, the organizations Management System to ensure that it meets or exceeds customer as well as statutory and regulatory requirements.
    • Define and endorse a risk management policy that is aligned with the organization’s mission and values, and ensures legal and regulatory requirements. The management team ensures the necessary resources are allocated within the organization and the policy is communicated throughout the organization. The team identifies:
      • risk owners who have the accountability and authority to manage risk,
      • Those accountable for the development, implementation and maintenance of the framework of managing risk,
      • Other responsibilities of people within the organization for the risk management process,
      • Establish performance measurement and external and/or internal reporting and escalation processes.

Part 2 – Financial and general capability

  • 2.2 The organization shall provide audited financial statements for the previous three years, where available. If audited financial statements are not available, then the candidate must provide:
    • documentation detailing both current and long-term credit or borrowing instruments (i.e.: Lines of Credit, Loans, etc.) must be verified and signed off by a Lending and/or Banking Institution.
    • documentation from the organization’s Lending Institutions verifying that the organization is not currently in breach of any of the Lending Institutions banking covenants must be verified and singed off by a Lending and/or Banking Institution.

Part 3 – Human resource optimization

  • 3.1 The organization shall demonstrate its planning process for ensuring it has the capability to meet the human resource challenges presented by national, regional and local employment markets and conditions; including at a minimum how it assesses its workforce capability and capacity needs, including skills, competencies and staffing levels.
  • 3.2 The organization shall demonstrate programs or activities designed to foster an organizational culture that results in a motivated workforce.
  • 3.3 The organization shall demonstrate a Human Resource Information System and procedures that provide, at a minimum:
    • electronic and hardcopy reports of relevant employee information, for example, employee training status, availability, and language capabilities
    • current employee status and planned intervals for updating and maintenance of records
    • the ability to be modified or customized to add and maintain new requirements for employee information
  • 3.4 The organization shall demonstrate a Information Security system and procedures that provide, at a minimum:
    • A documented policy or strategy for performing an information security risk assessment a planned intervals or when significant changes are proposed or occur.
    • To control planned changes, review the consequences of unintended changes, and take action to mitigate any adverse effects.
    • Any outsourced processes are determined and controlled.
    • Implement a security risk treatment process to:
      • Select the appropriate security risk treatment options,
      • Determine all controls required to implement,
      • Implement, and monitor results.
  • 3.5 The organization shall demonstrate a Payroll System and procedures that result in on-time delivery of accurate employee compensation.
  • 3.6 The organization shall demonstrate its recruitment and retention processes to fill and maintain the categories of human resources required at the management and non-management levels, including at a minimum:
    • a documented policy and/or strategy for attracting new employees
    • a documented policy and/or strategy  for retaining existing employees
    • a documented policy and/or strategy for career development
    • a documented compensation and benefits program
    • programs for improving employee engagement and commitment to their work
    • evidence of an employee assistance program
    • evidence of a reward and recognition program
    • evidence of a skills and knowledge-based training program
    • evidence of pre-employment qualification assessments of employees, including records of the criteria, competencies and testing used for qualifying an employees suitability to customer service roles
    • a procedure for checking employee references
  • 3.7 The organization shall demonstrate the processes and resources to manage employees providing service to a third party where those employees are represented by a union, including:
    • Dispute Resolution, Collective Bargaining, Resource Transition Management
    • corporate experience and understanding of:
      • administering a collective agreement (i.e., the resolution of workplace disputes through the grievance and arbitration process) by providing copies of collective agreements
      • a documented policy and/or strategy for the negotiation of collective agreements
      • a documented policy and/or strategy for the management of legal and illegal labour disruptions by employees.

Part 4 – Service delivery excellence

  • 4.1 The organization shall demonstrate the processes and resources necessary to:
    • determine customer requirements (stated and not stated by the customer) for service delivery and post-service delivery activities
    • determine statutory or regulatory requirements related to the service
    • determine how contract amendments are resolved and implemented
    • determine and implement effective communication with customers in relation to service delivery information, including contract amendments.
  • 4.2 The organization shall demonstrate an employee scheduling process for the deployment of human resources that meet client and service requirements, including:
    • a procedure for dealing with fluctuating requirements that include part-time, split-shift and full-time employees
    • the ability to demonstrate its use through the provision of current and previous work schedules.
  • 4.3 The organization shall demonstrate its administrative management processes including those meant to ensure the timely and accurate flow of information, including at a minimum: 
    • billing details
    • cost substantiation
    • work or billing authorizations
    • the existence of an employee time recording system
    • organizational policies and procedures for the completion and approval of time sheets
    • reporting and control features of the time recording system
    • the process used to reconcile the labour distribution to the payroll register and supporting documentation.
  • 4.4 The organization shall demonstrate the processes and resources to plan and carry out service delivery under controlled conditions, including at a minimum:  
    • the availability of readily identifiable work instructions
    • a procedure for disseminating new and updated work instructions to employees
    • management oversight and monitoring
    • the availability and use of equipment and measuring devices, where applicable
  • 4.5 The organization shall demonstrate the processes and resources to care for customer property while it is under the organization’s control or being used by the organization.
  • 4.6 The organization shall demonstrate or define the processes and resources to plan and carry out Emergency Planning and Preparedness in the service delivery environment.

Part 5 - Performance measurement and continuous improvement

  • 5.1 The organization shall demonstrate its ability to report on key contractual performance indicators and the way in which it measures the achievement of key performance indicators by providing copies of current and previous performance management reports.
  • 5.2 The organization shall demonstrate how it collects and reports appropriate data for monitoring and measurement of the service delivery process, including at a minimum:
    • customer satisfaction reports
    • employee attrition rate reports
    • conformity to service requirements reports.
  • 5.3 The organization shall demonstrate how it analyses and evaluates appropriate data for monitoring and measurement of the service delivery process, including at a minimum:
    • ensure conformity to service requirements
    • assess and enhance customer satisfaction
    • assess the performance of external providers
    • ensure conformity and effectiveness of management system, and determine the need or opportunities for improvements.
  • 5.4 The organization shall demonstrate the processes and resources to conduct internal audits at planned intervals in order to provide information on whether the management system;
    • Conforms to the requirements of  this standard
    • Conforms to its own requirements for its management system
    • Is effectively implemented and maintained

Part 6 – Continuous Improvement

  • 6.1 The organization shall demonstrate the controls and related responsibilities and authorities for dealing with a nonconforming service and to ensure that any service which does not conform to service standards is discontinued. 
  • 6.2 The organization shall demonstrate the processes used to eliminate the cause of nonconformities in order to prevent recurrence and potential nonconformities, including at a minimum, a documented procedure:
    • for reviewing nonconformities (including customer complaints)
    • for determining the cause of nonconformities
    • determining and implementing action needed
    • recording the results of action taken
    • reviewing corrective action taken.
  • 6.3 The organization shall demonstrate the processes and resources to implement continuous improvement, including at a minimum:
    • consider the results of analysis and evaluation, and management review to confirm if there are areas of underperformance or opportunities that shall be addressed.
    • Select and utilize applicable tools and methodologies for investigation of the causes of underperformance and for supporting continual improvement.

Appendix A

Relationship of the Standard to ISO DIS 9001:2015

For organizations following the ISO DIS 9001:2015 (2014) approach to quality management, the table below cross-references, from CATSA’s perspective, the Screening Contractor Management System Standard to ISO DIS 9001:2015 (2014). Additionally, the CGSB will apply their experience and understanding of management system assessment at their discretion.

Part 1 – Management Team commitment

  • 1.1 Management Team commitment,
    • ISO 9001 Reference 5.1.1, 5.1.2, 5.3, 7.4, 9.3.1

Part 2 – Financial and general capability

  • 2.1 Financial Statements
    • No ISO 9001 Reference 

Part 3 – Human resource optimization

  • 3.1 Capability
    • ISO 9001 Reference 7.1.1, 7.1.2
  • 3.2 Motivated Workforce
    • ISO 9001 Reference 7.2, 7.3
  • 3.3 Human Resource Information System
    • ISO 9001 Reference 7.1.3
  • 3.4 Payroll System
    • ISO 9001 Reference 7.1.3, 7.1.4
  • 3.5 Staff Recruitment
    • ISO 9001 Reference 7.1.6, 7.2
  • 3.6 Management of Personnel Represented by a Union
    • ISO 9001 Reference 8.2.2

Part 4 – Service delivery excellence

  • 4.1 Service Delivery
    • ISO 9001 Reference 8.2.2, 8.6
  • 4.2 Employee Scheduling
    • ISO 9001 Reference 8.1
  • 4.3 Administrative Management
    • ISO 9001 Reference 8.4
  • 4.4 Service Delivery Control
    • ISO 9001 Reference 8.5.1
  • 4.5 Customer Property
    • ISO 9001 Reference 8.5.3
  • 4.6 Emergency Control
    • ISO 9001 Reference 7.1.5

Part 5 – Performance measurement and continuous improvement

  • 5.1 Key Contractual Performance indicators Report
    • ISO 9001 Reference 9.1.3
  • 5.2 Service Delivery Monitoring and Measurement Data
    • ISO 9001 Reference 9.1.1
  • 5.3 Control of a Nonconforming Service
    • ISO 9001 Reference 8.7
  • 5.4 Corrective and Preventive Action
    • ISO 9001 Reference 10.2