The 36th Session of the ICAO Assembly directed the ICAO Council to consider the introduction of a limited level of transparency with respect to ICAO aviation security audit results, balancing the need for States to be aware of unresolved security concerns with the need to keep sensitive security information out of the public realm.
The ICAO Council has approved the USAP-CMA MoU, which facilitates the limited level of transparency requested by the 36th Session of the ICAO Assembly. The information released consists of an indication of the level of implementation of the critical elements of an audited State's aviation security oversight system, as well as an indication of the level of compliance with the Annex 17 – Security Standards. This information is released to all ICAO Member States on the USAP secure website, and consists of two charts. This limited level of transparency applies to all audits under the USAP_CMA. Certain information is also available with regard to USAP second-cycle audits.
Significant Security Concerns
In addition to the measures which allow limited transparency of audit results, the ICAO Council approved in February 2010 a definition and a mechanism to deal with Significant Security Concerns (SSeCs) in a timely manner, outside of the established timeline for the production of audit reports and CAPs.
An SSeC occurs when the appropriate authority responsible for aviation security in the State permits aviation activities to continue despite a lack of effective implementation of the minimum security requirements established by the State and by the provisions set forth in Annex 17 – Security related to critical aviation security controls including, but not limited to, the screening and the protection from unauthorized interference of passengers, cabin and hold baggage; the security of cargo and catering; access control to restricted and security-restricted areas of airports; and the security of departing aircraft resulting in an immediate security risk to international civil aviation.
When a potential SSeC is identified, the State in question is informed during the audit of the existence of a preliminary SSeC. If the preliminary SSeC is confirmed by an ICAO validation committee, the State will receive written notification, including the detailed finding and recommendation, within 15 calendar days of the audit debriefing. The State is given a timeframe (maximum 15 calendar days) to take immediate actions to mitigate or address the deficiency. If the State fails to mitigate or resolve the deficiency within the agreed timeframe, the existence of an unresolved SSeC is disclosed to all States through the USAP secure website without providing its details. A chart showing the SSeC mechanism is shown below.