We use necessary cookies to make our website work. We'd also like to use optional cookies to understand how you use it, and to help us improve it.

For more information, please read our cookie policy.

UK Civil Aviation Regulations

These are published by the CAA on our UK Regulations pages. EU Regulations and EASA Access Guides published by EASA no longer apply in the UK. Our website and publications are being reviewed to update all references. Any references to EU law and EASA Access guides should be disregarded and where applicable the equivalent UK versions referred to instead.



A Security Management System (SeMS) provides an entity with a framework of operating principles and guidance which enable it to enhance security performance by proactively managing risks, threats, and areas where there are gaps and vulnerabilities which may have a negative impact on that performance.

SeMS is:

  • based on a risk-driven framework designed to embed security within your operations and culture
  • suitable for any entity within the aviation sector, regardless of size or operation
  • an enabler for the UK Civil Aviation Authority (CAA) as it develops a flexible, risk-based oversight regime
  • an enabler for entities required to meet quality control provisions of articles 12, 13 and 14 of Baseline Security Measures as retained in UK Regulation and UK Law.

The UK CAA remains aligned with IATA, ICAO, ECAC and other regulatory bodies in the move towards modernising aviation security and considers SeMS key in achieving this.

Our SeMS mission statement

The Civil Aviation Authority (CAA) is committed to sustaining and improving public confidence in air travel through constant industry self-assurance and responsible management of risk, combined with a focused and adaptive regulatory approach.

A Security Management System (SeMS) enables an organisation to identify and manage its own security risks in a proactive manner, with an effective security culture as the bedrock. SeMS provides top down assurance that the security measures taken to manage those risks are effective, on the basis that:

  • security risks are managed at the right level
  • there is appropriate accountability for security standards
  • security performance is managed effectively with clear oversight in place
  • a positive security culture is embedded across the organisation

We will work alongside organisations as they exploit the insights and efficiencies delivered by a mature and effective SeMS - and we will utilise the resulting assurance data to develop an adaptive and risk-based oversight regime in the move towards Risk Based Oversight (RBO).

Close Our SeMS mission statement

Implementing SeMS

The implementation of SeMS is straightforward:

  • we encourage organisations to incorporate or develop existing governance arrangements, systems and processes wherever possible
  • we do not prescribe additional or specific IT systems or platforms
  • we are committed to providing support to Industry partners to ensure they may exploit the opportunities and efficiencies a mature SeMS offers

Further information is available on implementing a SeMS

The phases of SeMS development

Gap Analysis

The entity completes a Gap Analysis to identify which areas of their operation are already in line with the Security Management System (SeMS) Framework, and which will require further development to meet Framework requirements.

Phase 1

The Civil Aviation Authority (CAA) will conduct a Phase 1 assessment to verify if the SeMS is present and suitable. This assessment comprises:

  • an evidential assessment of key SeMS processes
  • a meeting between a CAA Manager and the entity's Accountable Manager

Phase 2

Once sufficient time has elapsed for the entity's SeMS to mature, the CAA conducts a Phase 2 assessment to establish if the SeMS is operating and effective

This assessment comprises:

  • an evidential assessment of documented processes
  • an interview conducted by CAA Senior Managers with the entity's Accountable Manager
  • operational assessments conducted across the entity's site or sites

Phase 2B

At Phase 2B, the entity provides continued assurance of its SeMS.

This comprises:

  • quarterly submissions of SeMS Performance Data to the CAA
  • an Assurance Assessment to verify that the SeMS continues to be operating and effective
  • operational assessments conducted across the entity's site or sites
Close The phases of SeMS development

Growing numbers of organisations across all modes are actively developing their SeMS.

We are leading the way in making SeMS a reality for the wider aviation industry and continue to support the ever-increasing numbers of entities making use of the advantages of implementing a robust and effective SeMS.

Current list of Phase 2 entities

Risk Based Oversight

It is envisaged that Risk Based Oversight (RBO) utilises additional security assurance data, including SeMS performance data, to adjust the frequency and/or target of CAA observations.

RBO will:

  • offer an entity the prospect of adjustments to, regulatory observation and routine compliance visits
  • develop our oversight regime by providing us with capacity options for future compliance oversight. This will be supported by our approach to risk management and means of supporting industry partners in an ever evolving aviation landscape.

We are currently developing our RBO approach with Industry with a view to identifying the most appropriate data sets on which the adjustments to our oversight regime will be based. SeMS is a necessary precursor for the CAA to achieve this.

Training

Training is available on a variety of Aviation Security topics, including SeMS, and is particularly relevant for Security Managers and Accountable Managers.

Our training provides a great opportunity to meet with the Regulator and Industry colleagues, share best practice, and find out more about implementing a successful SeMS.

SeMS guidance material

Contact us

For more information contact the SeMS team at sems@avsec.caa.co.uk.