21.B.55 Record-keeping

(a)     The competent authority shall establish a record-keeping system that allows the adequate storage, accessibility and reliable traceability of:

1.       the management system’s documented policies and procedures;

2.       the training, qualifications and authorisation of its personnel;

3.       the allocation of tasks, covering the elements required by point 21.B.30, as well as the details of tasks allocated;

4.       certification processes and continuing oversight of certified organisations, including:

(i)      the application for a certificate, approval, authorisation and letter of agreement;

(ii)     the competent authority’s continuing oversight programme, including all the assessments, audits and inspection records;

(iii)     the certificates, approvals, authorisations and letters of agreement issued, including any changes to them;

(iv)     a copy of the oversight programme, listing the dates when audits are due and when audits were carried out;

(v)      copies of all formal correspondence;

(vi)     recommendations for the issue or continuation of a certificate, an approval authorisation or a letter of agreement, detail of findings and actions taken by the organisations to close those findings, including the date of closure, enforcement actions and observations;

(vii)    any assessment, audit and inspection report issued by another competent authority pursuant to points 21.B.120(d), 21.B.221(c) or 21.B.431(c);

(viii)   copies of all the organisation expositions, handbooks or manuals, and of any amendments to them;

(ix)     copies of any other documents approved by the competent authority;

5.       Statements of Conformity (EASA Form 52, see Appendix VIII) and Authorised Release Certificates (EASA Form 1, see Appendix I) that it has validated for organisations that produce products, parts or appliances without a production organisation approval certificate according to Subpart F of Section A of this Annex.

(b)     The competent authority shall include in the record-keeping:

1.       documents supporting the use of alternative means of compliance

2.       safety information in accordance with point 21.B.15 and follow-up measures;

3.       the use of safeguard and flexibility provisions in accordance with Articles 70, 71(1) and 76(4) of Regulation (EU) 2018/1139.

(c)      The competent authority shall maintain a list of all the certificates, approvals, authorisations and letters of agreement it has issued.

(d)     All the records referred to in points (a), (b) and (c) shall be kept for a minimum period of 5 years, subject to applicable data protection law.

(e)     All the records referred to in points (a), (b) and (c) shall be made available, upon request, to a competent authorities of another Member State or to the Agency.