Cameroon Civil
Aviation Authority

Safety & Security

Quality Control Activities

Civil aviation security quality control activities are carried out by people who meet the necessary experience and expertise requirements and who have been authorised for this purpose by the Director General of the CCAA. They enable verification of compliance with the implementation of the security measures set out in the National Civil Aviation Security Programme.

These individuals are appointed from CCAA staff or other personnel authorised by the Director General.

Quality control activities must be carried out by CCAA aviation security “inspectors”, or by any third party approved by the CCAA to carry out these activities on its behalf and in accordance with the National Civil Aviation Security Quality Control Programme (NCASQCP).

Quality control tasks include:

  1. Audits;
  2. Inspections;
  3. Tests; and
  4. Investigations.


The Cameroon Civil Aviation Authority may also organise security exercise to test the airport’s contingency plan.

These requirements apply to all entities operating at national and international airports or involved in the implementation of the measures set out in the NCASQCP.

These include, but are not limited to:

  1. Airport supervision structures;
  2. Airport security operational units;
  3. Airport operators;
  4. National and foreign aircraft operators;
  5. Airport tenants and concessionaires;
  6. Any person who provides a service to an aircraft or airport operator;
  7. The relevant state services when they are involved in the implementation of civil aviation security measures;
  8. Authorised officers;
  9. Any person or organisation required to draw up and keep up to date a security programme approved by the CCAA;
  10. Catering companies on board aircraft;
  11. Air navigation service providers;
  12. General aviation operators;
  13. Training organisations approved by the CCAA;
  14. Ground handling companies;
  15. Airfreight and postal operators;
  16. Private security service providers;
  17. Fuel supply companies.

The Director of Security and Facilitation is responsible for drafting an annual programme, which must be submitted to the Director General of the CCAA for approval no later than October of the preceding calendar year.

The CCAA is responsible for reviewing, amending, and approving the annual programme within 30 days of receipt.

Once approved by the CCAA, the entities subject to the inspection activities will be notified within 30 days of the programme’s approval.

The annual programme shall include at least the following:

  1. A complete list of all relevant entities (airports, aircraft operators, cargo operators, ground handling companies, in-flight catering companies and general aviation operators, authorised officers and known shippers, airport tenants, air navigation service providers, etc.);
  2. Quarterly details of the quality control activities carried out by the relevant entities, such as:
    • Quarterly audit details;
    • Quarterly inspection details;
    • Quarterly details of the relevant tests;
  3. Quarterly details of tests, other than those carried out during an audit or inspection;
  4. The annual investigations to be carried out.


Although not included in the annual schedule, the programme must take into account any unforeseen or unplanned quality control activities which, for reasons deemed necessary by the CCAA, must be carried out.

Control activities should be planned on the basis of a risk assessment to determine the priorities and frequency of national quality control activities, as well as the resources available.

The risk assessment methodology used to determine the priorities and frequency of national quality control activities is based on the following factors:

  1. Threat assessment and risk management;
  2. The importance of airport operations;
  3. The frequency and volume of air traffic;
  4. The volume of freight, postal and catering traffic;
  5. The likelihood of an act of unlawful interference or the presence of high-risk aircraft operators or high-risk flights;
  6. The results of previous inspection activities carried out by the CCAA and those carried out by regional or international organisations such as ICAO;
  7. A record of their compliance with national obligations for airport and aircraft operators or any other regulated entity;
  8. The results of internal quality control activities, where applicable;
  9. New and emerging requirements in the field of aviation security;
  10. Reports of security incidents that occurred during the previous year;
  11. Information on significant changes that occurred in the previous year relating to the layout or operations of an airport, flight operations, new facilities, new security equipment, etc.;
  12. A request made by an airport or aircraft operator or by any other entity involved in the implementation of security measures.

The following deadlines must be met when notifying the relevant body of the scheduled start dates for quality control activities:

  1. For audits, at least 60 days before the scheduled date;
  2. For planned inspections, at least 30 days before the scheduled date;
  3. For tests and investigations, no announcements will be made before the date.

Safety supervision activities must be carried out in a standardised manner, taking into account the specific characteristics of each activity.

  • In the case of audits, inspections and investigations:
    • preparation and preliminary review of documents;
    • introduction and meeting with representatives of the audited entities;
    • conducting the audit (including observations, interviews and document review);
    • end-of-activity debriefing session;
    • drafting of the report, including any recommendations.
  • In the case of tests:
    • the above-mentioned actions;
    • the introduction, without the knowledge of the persons being tested, of test items approved by the CCAA and simulating explosives, firearms and other items prohibited from carriage by air, into restricted airport security areas;
    • the introduction of test items approved by the CCAA for carriage by air, and in the case of firearms, explosives and simulated explosive devices, ensuring that such items are properly secured against misuse; and
    • simulating acts that breach civil aviation security procedures, such as access control or intrusion, without informing the individuals and organisations being tested in advance.


When carrying out the security tests referred to above, inspectors must pay attention to:

  1. their compliance with regulatory requirements; and
  2. the safety of people, staff and property.
Security Audits

By definition, a security audit is a thorough review of the application of all aspects of the implementation of the National Civil Aviation Security Programme.

For the purposes of the NCASQCP, an audit of a particular airport may include an audit of all supervised entities operating at that airport, including aircraft operators, in-flight catering companies, cargo handling personnel, authorised officers, ground handling personnel, entities responsible for security screening, airport tenants, security service providers and law enforcement agencies, where applicable.

Security audits must always be announced in advance and must not include security tests whether announced or covert.

All audits must include a briefing session at the start of the audit and a debriefing session after the audit.

Audits must be conducted in accordance with the guidelines set out in the Civil Aviation Security Inspector’s Procedures Manual.

Follow-up audit visits must also be taken into account, as agreed between the respective operators and the CCAA in accordance with the corrective action plans.

Different types of security audits:

  • Airport audit;
  • Audit of aircraft operators;
  • Audit of in-flight catering companies;
  • Audit of general aviation operators;
  • Audits of freight operators;
  • Audit of training institutions.


Security audit report:
Once the activity has been completed, the team will draft a report summarising the audit findings and recommendations, as well as the measures to be taken to address any shortcomings identified where applicable.

A security inspection is an examination, whether announced or unannounced, of the effectiveness of the implementation of specific security measures.

An inspection may concern only a single entity (for example an inspection carried out at an airport does not require all airport users to be inspected at the same time). Similarly, the inspection of an aircraft operator does not mean that all aircraft operators at that airport will be inspected as well.

An inspection may or may not include testing. Inspections may be announced in advance or, impromptu in some follow-up missions. If they are announced, the inspections will begin with a briefing.

Inspections will always include a debriefing at the end of the inspection, although this may not be as formal as the debriefing at the end of an audit.

Inspections will be carried out using a standardised methodology for quality control activities (document review, observations, interviews and appropriate tests).

Different types of security inspections:

  • Airport inspection;
  • Inspection of an aircraft operator;
  • Inspection of in-flight catering companies;
  • Inspection of general aviation operators;
  • Inspection of training institutions.


Security inspections report:
Once the activity has been completed, the team will draft a report summarising the findings of the inspection and the recommendations, as well as the measures to be taken to address any shortcomings identified.

A security test is the covert or overt testing of an aviation security measure by simulating an attempt to carry out an act of unlawful interference.

Security tests simulating acts of unlawful interference to assess the effectiveness of a security measure must be conducted covertly by an authorised person using a test tool approved by the CCAA.

The conduct of a blind test must be carefully planned in order to rule out the possibility of it being mistaken for a real attack, thereby causing disruption to operations or even posing a risk of injury or death to those affected or involved in the test.

At the end of each test, or as soon as possible after the test is over, the supervisor or head of service must be informed of the test results.

Tests must be standardised and based on standard test procedures and protocols as defined in the Civil Aviation Security Inspector’s Procedures Manual (MPISAC).

Only standard testing tools approved by the CCAA should be used to ensure consistency and uniformity.

The objective of the test is set out in the test protocols and procedures.

Test protocols must include at least the following details:

  1. How to conduct the test;
  2. Who to use as a tester or to conceal the testing tools;
  3. Degree of concealment;
  4. When to perform the test;
  5. When to stop the test;
  6. How to give feedback and to whom;
  7. How to assess the factors for success;
  8. Frequency of testing and reporting.


Security test report:
At the end of the activity, the test report is drawn up and submitted to the CCAA in accordance with the submission deadline set out in the MPISAC.

A security investigation is a technical inquiry into any actual act or attempted act of unlawful interference with civil aviation security and/or any alleged or suspected breach of the national civil aviation security programme or any other legal or regulatory requirement relating to aviation security.

An investigation may be required when circumstances warrant a thorough inquiry to be launched. For example, an investigation must be open whenever there is an allegation of non-compliance during an audit, inspection or test, or when an allegation is made by an operator, an airport user, a law enforcement officer, a security screening officer, or even a passenger.

Whenever an investigation is opened, a letter of investigation must be sent to the party or entity concerned. The letter of investigation must at least provide information on the following elements:

  1. Description of the allegation (s);
  2. The time, date and location of the alleged non-compliance or infringement;
  3. Failure to comply with a regulatory provision or a NCASP requirement;
  4. An opportunity for the entity against which the allegation is made to provide any relevant information; and Deadlines by which the entity concerned must provide the necessary information to the CCAA.

The inspector responsible for conducting an investigation is authorised and required to gather all relevant evidence in order to refute or substantiate the alleged breach or offence. Evidence may include:

  1. a) Written statements from an auditor, inspector or witness;
  2. b) Any relevant document;
  3. c) Photographs and plans;
  4. d) Any other acceptable evidence.


At the end of an investigation, the party concerned must be notified in writing of the results of the investigation and of any enforcement measures that may be taken as a result.

In the event of an actual or potential security breach, an investigation will be conducted using an appropriate risk assessment methodology that takes into account the three components of risk (threat, consequences, vulnerability) for each of the threat scenarios examined. Security measures will be adjusted accordingly.

Investigation report:
Investigation reports must provide a conclusion, based on the evidence presented and used to prove or refute the alleged facts, as well as the recommendations necessary for the effective implementation of corrective measures

The CCAA and airport operators must conduct comprehensive exercises at intervals of no more than two years to determine whether the security system complies with documented procedures and processes, whether it is effective in achieving the desired results, and whether it has been properly implemented and maintained. They must also carry out partial emergency exercise during the intermediate year to ensure that any shortcomings identified during the large-scale exercise are corrected.

Security monitoring

Safety & Security

Quality Control Activities

Civil aviation security quality control activities are carried out by people who meet the necessary experience and expertise requirements and who have been authorised for this purpose by the Director General of the CCAA. They enable verification of compliance with the implementation of the security measures set out in the National Civil Aviation Security Programme.

These individuals are appointed from CCAA staff or other personnel authorised by the Director General.

Quality control activities must be carried out by CCAA aviation security “inspectors”, or by any third party approved by the CCAA to carry out these activities on its behalf and in accordance with the National Civil Aviation Security Quality Control Programme (NCASQCP).

Quality control tasks include:

  1. Audits;
  2. Inspections;
  3. Tests; and
  4. Investigations.


The Cameroon Civil Aviation Authority may also organise security exercise to test the airport’s contingency plan.

These requirements apply to all entities operating at national and international airports or involved in the implementation of the measures set out in the NCASQCP.

These include, but are not limited to:

  1. Airport supervision structures;
  2. Airport security operational units;
  3. Airport operators;
  4. National and foreign aircraft operators;
  5. Airport tenants and concessionaires;
  6. Any person who provides a service to an aircraft or airport operator;
  7. The relevant state services when they are involved in the implementation of civil aviation security measures;
  8. Authorised officers;
  9. Any person or organisation required to draw up and keep up to date a security programme approved by the CCAA;
  10. Catering companies on board aircraft;
  11. Air navigation service providers;
  12. General aviation operators;
  13. Training organisations approved by the CCAA;
  14. Ground handling companies;
  15. Airfreight and postal operators;
  16. Private security service providers;
  17. Fuel supply companies.

The Director of Security and Facilitation is responsible for drafting an annual programme, which must be submitted to the Director General of the CCAA for approval no later than October of the preceding calendar year.

The CCAA is responsible for reviewing, amending, and approving the annual programme within 30 days of receipt.

Once approved by the CCAA, the entities subject to the inspection activities will be notified within 30 days of the programme’s approval.

The annual programme shall include at least the following:

  1. A complete list of all relevant entities (airports, aircraft operators, cargo operators, ground handling companies, in-flight catering companies and general aviation operators, authorised officers and known shippers, airport tenants, air navigation service providers, etc.);
  2. Quarterly details of the quality control activities carried out by the relevant entities, such as:
    • Quarterly audit details;
    • Quarterly inspection details;
    • Quarterly details of the relevant tests;
  3. Quarterly details of tests, other than those carried out during an audit or inspection;
  4. The annual investigations to be carried out.


Although not included in the annual schedule, the programme must take into account any unforeseen or unplanned quality control activities which, for reasons deemed necessary by the CCAA, must be carried out.

Control activities should be planned on the basis of a risk assessment to determine the priorities and frequency of national quality control activities, as well as the resources available.

The risk assessment methodology used to determine the priorities and frequency of national quality control activities is based on the following factors:

  1. Threat assessment and risk management;
  2. The importance of airport operations;
  3. The frequency and volume of air traffic;
  4. The volume of freight, postal and catering traffic;
  5. The likelihood of an act of unlawful interference or the presence of high-risk aircraft operators or high-risk flights;
  6. The results of previous inspection activities carried out by the CCAA and those carried out by regional or international organisations such as ICAO;
  7. A record of their compliance with national obligations for airport and aircraft operators or any other regulated entity;
  8. The results of internal quality control activities, where applicable;
  9. New and emerging requirements in the field of aviation security;
  10. Reports of security incidents that occurred during the previous year;
  11. Information on significant changes that occurred in the previous year relating to the layout or operations of an airport, flight operations, new facilities, new security equipment, etc.;
  12. A request made by an airport or aircraft operator or by any other entity involved in the implementation of security measures.

The following deadlines must be met when notifying the relevant body of the scheduled start dates for quality control activities:

  1. For audits, at least 60 days before the scheduled date;
  2. For planned inspections, at least 30 days before the scheduled date;
  3. For tests and investigations, no announcements will be made before the date.

Safety supervision activities must be carried out in a standardised manner, taking into account the specific characteristics of each activity.

  • In the case of audits, inspections and investigations:
    • preparation and preliminary review of documents;
    • introduction and meeting with representatives of the audited entities;
    • conducting the audit (including observations, interviews and document review);
    • end-of-activity debriefing session;
    • drafting of the report, including any recommendations.
  • In the case of tests:
    • the above-mentioned actions;
    • the introduction, without the knowledge of the persons being tested, of test items approved by the CCAA and simulating explosives, firearms and other items prohibited from carriage by air, into restricted airport security areas;
    • the introduction of test items approved by the CCAA for carriage by air, and in the case of firearms, explosives and simulated explosive devices, ensuring that such items are properly secured against misuse; and
    • simulating acts that breach civil aviation security procedures, such as access control or intrusion, without informing the individuals and organisations being tested in advance.


When carrying out the security tests referred to above, inspectors must pay attention to:

  1. their compliance with regulatory requirements; and
  2. the safety of people, staff and property.
Security Audits

By definition, a security audit is a thorough review of the application of all aspects of the implementation of the National Civil Aviation Security Programme.

For the purposes of the NCASQCP, an audit of a particular airport may include an audit of all supervised entities operating at that airport, including aircraft operators, in-flight catering companies, cargo handling personnel, authorised officers, ground handling personnel, entities responsible for security screening, airport tenants, security service providers and law enforcement agencies, where applicable.

Security audits must always be announced in advance and must not include security tests whether announced or covert.

All audits must include a briefing session at the start of the audit and a debriefing session after the audit.

Audits must be conducted in accordance with the guidelines set out in the Civil Aviation Security Inspector’s Procedures Manual.

Follow-up audit visits must also be taken into account, as agreed between the respective operators and the CCAA in accordance with the corrective action plans.

Different types of security audits:

  • Airport audit;
  • Audit of aircraft operators;
  • Audit of in-flight catering companies;
  • Audit of general aviation operators;
  • Audits of freight operators;
  • Audit of training institutions.


Security audit report:
Once the activity has been completed, the team will draft a report summarising the audit findings and recommendations, as well as the measures to be taken to address any shortcomings identified where applicable.

A security inspection is an examination, whether announced or unannounced, of the effectiveness of the implementation of specific security measures.

An inspection may concern only a single entity (for example an inspection carried out at an airport does not require all airport users to be inspected at the same time). Similarly, the inspection of an aircraft operator does not mean that all aircraft operators at that airport will be inspected as well.

An inspection may or may not include testing. Inspections may be announced in advance or, impromptu in some follow-up missions. If they are announced, the inspections will begin with a briefing.

Inspections will always include a debriefing at the end of the inspection, although this may not be as formal as the debriefing at the end of an audit.

Inspections will be carried out using a standardised methodology for quality control activities (document review, observations, interviews and appropriate tests).

Different types of security inspections:

  • Airport inspection;
  • Inspection of an aircraft operator;
  • Inspection of in-flight catering companies;
  • Inspection of general aviation operators;
  • Inspection of training institutions.


Security inspections report:
Once the activity has been completed, the team will draft a report summarising the findings of the inspection and the recommendations, as well as the measures to be taken to address any shortcomings identified.

A security test is the covert or overt testing of an aviation security measure by simulating an attempt to carry out an act of unlawful interference.

Security tests simulating acts of unlawful interference to assess the effectiveness of a security measure must be conducted covertly by an authorised person using a test tool approved by the CCAA.

The conduct of a blind test must be carefully planned in order to rule out the possibility of it being mistaken for a real attack, thereby causing disruption to operations or even posing a risk of injury or death to those affected or involved in the test.

At the end of each test, or as soon as possible after the test is over, the supervisor or head of service must be informed of the test results.

Tests must be standardised and based on standard test procedures and protocols as defined in the Civil Aviation Security Inspector’s Procedures Manual (MPISAC).

Only standard testing tools approved by the CCAA should be used to ensure consistency and uniformity.

The objective of the test is set out in the test protocols and procedures.

Test protocols must include at least the following details:

  1. How to conduct the test;
  2. Who to use as a tester or to conceal the testing tools;
  3. Degree of concealment;
  4. When to perform the test;
  5. When to stop the test;
  6. How to give feedback and to whom;
  7. How to assess the factors for success;
  8. Frequency of testing and reporting.


Security test report:
At the end of the activity, the test report is drawn up and submitted to the CCAA in accordance with the submission deadline set out in the MPISAC.

A security investigation is a technical inquiry into any actual act or attempted act of unlawful interference with civil aviation security and/or any alleged or suspected breach of the national civil aviation security programme or any other legal or regulatory requirement relating to aviation security.

An investigation may be required when circumstances warrant a thorough inquiry to be launched. For example, an investigation must be open whenever there is an allegation of non-compliance during an audit, inspection or test, or when an allegation is made by an operator, an airport user, a law enforcement officer, a security screening officer, or even a passenger.

Whenever an investigation is opened, a letter of investigation must be sent to the party or entity concerned. The letter of investigation must at least provide information on the following elements:

  1. Description of the allegation (s);
  2. The time, date and location of the alleged non-compliance or infringement;
  3. Failure to comply with a regulatory provision or a NCASP requirement;
  4. An opportunity for the entity against which the allegation is made to provide any relevant information; and Deadlines by which the entity concerned must provide the necessary information to the CCAA.

The inspector responsible for conducting an investigation is authorised and required to gather all relevant evidence in order to refute or substantiate the alleged breach or offence. Evidence may include:

  1. a) Written statements from an auditor, inspector or witness;
  2. b) Any relevant document;
  3. c) Photographs and plans;
  4. d) Any other acceptable evidence.


At the end of an investigation, the party concerned must be notified in writing of the results of the investigation and of any enforcement measures that may be taken as a result.

In the event of an actual or potential security breach, an investigation will be conducted using an appropriate risk assessment methodology that takes into account the three components of risk (threat, consequences, vulnerability) for each of the threat scenarios examined. Security measures will be adjusted accordingly.

Investigation report:
Investigation reports must provide a conclusion, based on the evidence presented and used to prove or refute the alleged facts, as well as the recommendations necessary for the effective implementation of corrective measures

The CCAA and airport operators must conduct comprehensive exercises at intervals of no more than two years to determine whether the security system complies with documented procedures and processes, whether it is effective in achieving the desired results, and whether it has been properly implemented and maintained. They must also carry out partial emergency exercise during the intermediate year to ensure that any shortcomings identified during the large-scale exercise are corrected.

Security monitoring