The New 107/108

Sept. 8, 2001

The New 107/108

The new regs codify, organize FAA security initiatives, says ACI-NA

By Bonnie Wilson, Vice President, Airports Council Int’l - North America

September 2001

The Federal Aviation Administration this summer released the new rules regulating safety in aviation. Here, the Airports Council International - North America, which represents the interests of airports and which has been actively involved in the rulemaking process, offers its insights into what the new regulations mean for U.S. airports and their tenants.

Federal Aviation Regulations (FAR) Parts 107 and 108 are finally here. A long time coming, if not long awaited, these comprehensive re-writes of the baseline security regulations for airports and aircraft operators present a few changes to the way we do business, but mostly they clarify and standardize current operations.
Since the rewrite process began over ten years ago, FAA has relied on policy memos, emergency amendments to security plans, security directives etc., to institute new rules, policies, and procedures. The main impact of these new rules is a codification and reorganization of those efforts.
For instance, while Part 107 does not mandate airports to develop standard Airport Security Programs (ASP), it does require that the programs follow a specific format for ease of inspection and compliance efforts.
Definitions have been revamped in both rules as well, making it as clear as you can when using regulatory language what they mean when they say it. As an add-on to the regulations themselves, FAA is also planning on publishing a Policy Memorandum Hand-book that will break down each section of the rule and add non-regulatory text to put the requirements into context and assist the reader with implementation. Keep an eye out for the guidance later this fall, because one of the major changes in the rule is who it applies to.
Both new regulations have a broader applicability scope than the old rules. Part 107 now applies to any airport serving any aircraft operator required to have a security program under either Part 108 or Part 129. The old rule included a phrase limiting this requirement to those carriers with "scheduled passenger operations."
This aspect is further clarified in Part 108 by stating you must have a plan if you enplane or deplane passengers into a sterile area.
A more significant change is that these rules now apply to individuals as well as airport and aircraft operators. Yes indeed, the FAA can now take action against an individual in a secured area, aboard an aircraft, or applying for a position that grants them privileges under these parts if they violate any aspect of these rules. This includes a person who decides to test the security system at an airport without proper authorization (even if that used to be their job).

Tenant Programs
In the spirit of having everyone participate in keeping the aviation system secure, the FAA has also given airport tenants an opportunity to create and maintain their own security programs. Airport Tenant Security Programs are similar in nature to Exclusive Area Agreements between airports and aircraft operators, but slightly more restrictive.
An airport tenant may compile its own security programs governing its security operations and the geography it occupies at an airport. The Airport Tenant Security Program (ATSP) will be included as a part of the airport’s overall ASP, and must be approved prior to implementation by the FAA.
As the tenants are not directly regulated parties, these agreements must be monitored and audited by the airport as well as by the FAA. Airports which enter into these agreements must be prepared to act on behalf of the FAA regarding non-compliance with these plans, including development of "meaningful" measures that include monetary and other penalties.

Defining Parameters
In recognition of the fact that airports and aircraft operators are trying to carry out commercial aviation operations while complying with security regulations, FAA has revisited the issue of what needs to be secured at what level. At first read it is hard to understand exactly what the new divisions of the airside really mean, but after careful consideration it becomes less muddy.
Imagine the airside of the airport divided into zones with the highest level of security compliance imposed nearest to the aircraft themselves — this is the Secure Area. This is also the Security Identifi-cation Display Area (SIDA), as the Secure Area must be declared as a SIDA. But this may not be the only SIDA.
Consider the next zone in the sequence: This is the area where the aircraft move around, traditionally referred to as the Air Operations Area (AOA). The AOA also encompasses the Aircraft Movement Area (AMA); general aviation areas; cargo facilities; aircraft parking areas; loading ramps; and, safety areas.
The AOA may have exclusive areas where individuals can operate without airport-issued identification media, and tenant security areas where they must. The AOA may also be a SIDA, but portions of it may not be. Theoretical--ly, if the section of the AOA is a SIDA it might as well be a Secure Area; but if it is not a SIDA, there are fewer requirements associated with access to the area unless it is adjacent to the Secure Area.
Clear? If it’s not, then you can rely on your Airport Security Coordina-tor (ASC) or your Ground Security Coordinator (GSC) to explain it all.

Security Coordinators
You will know exactly who the Airport Security Coordinators are at your airport, as the new Part 107 requires them to be appointed by name, that is, once they have completed their new training requirements. Within two years time, no person shall be appointed as the ASC or their alternate until they have completed a training program that includes the following elements: FAR Part 107, FAR Part 108, FAR Part 109, FAR Part 129, all elements of the security program requirements, law enforcement responsibilities, incident management, proper coordination and communication protocols when dealing with the FAA, and the proper dissemination of threat information and related intelligence.
No one person means exactly that — there is no provision in the rule to allow for grandfathering of any existing ASCs regardless of how long they may have been serving in that capacity. The good news is once you have passed through the training and achieved the designation, you can be an ASC anywhere you like as long as you have not had a two or more year break in service as an ASC.
In order to ensure that this extensive training does not go to waste, the rule also spells out those duties that must be undertaken by the ASC directly. These include: immediate corrective action of non-compliance, employment history verification and criminal history records checks, and maintenance of training records. In their spare time the ASCs should review — with sufficient frequency — law enforcement actions at security checkpoints; ID media display and challenge in the SIDA; access control measures; conditions outlined in exclusive area agreements; and, airport tenant security programs.
The rule does clarify a point of contention under the old system: ASCs can be assigned other duties at the airport as necessary, giving the airport operator operational latitude. While this seems like a lot of work, keep in mind the GSCs are required to do similar on a daily basis.

Crimes: A New List
One more significant change is the list of disqualifying crimes and how to check on them. As the rules were being finalized, Congress decided to change the way we conduct employment history verification and criminal history records checks for employees seeking unescorted access.
A new list of disqualifying crimes was promulgated by the Airport Security Improvement Act of 2000 (Public Law 106-528). This list of disqualifying crimes applies to anyone applying for a position requiring unescorted access to the secure area of an airport after December 23, 2000. The trick comes in when you try to figure out if the applicant committed the crime.
If the applicant is seeking unescorted access at a non-category X airport, then he or she follows the same procedures as in the past. They provide 10 years worth of employment history data; the airport or the air carrier verifies the last five. If there is a gap of over 12 months, or you are unable to verify other information, ask the applicant for a set of fingerprints. The prints are sent to the FBI and criminal history is then verified against the FBI’s records. If there’s no record of a conviction of a disqualifying crime, grant them unescorted access if you wish.
Now if you are at a Category X airport the situation is different — everyone gets printed. The airport operator may choose to grant unescorted access privileges only when a report back from the FBI affirms that the applicant has not been convicted of a disqualifying crime. On the other hand, the airport operator may choose to invoke the 45-day grace period granted by PL-106-528.
The 45-day grace period provision allows for an individual to submit a complete employment history verification indicating no gaps in time or information, along with a complete set of fingerprints. The airport may allow this person to have unescorted access for 45 days, based on employment history verification until their records come back from the FBI. If the FBI record indicates no convictions, the 45-day badge must now be converted to regular old badge; if the FBI record does indicate a conviction of a disqualifying crime, the airport must withdraw the unescorted access privilege and retrieve the access media issued.
It will be easy to keep track of these various badges as the FAA has in the rule codified its policy on ID media. ID media must: convey a full-face image, full name, employer, ID number of the individual, the scope of access, expiration date, and make sure all are of sufficient size and appearance "as to be readily observable for challenge purposes." This does not apply to FAA special agents actively conducting assessments or investigations.
Under the old rules, if you caught an FAA agent in the SIDA without ID, you were to escort him or her to a non-secure or public area. Now they can operate in the SIDA without a badge and continue to test even if they have been challenged.
The real message is security is everybody’s business. The rules are complicated and they are comprehensive. Folks who have been on the periphery of providing for aviation security are now part of the united front. It will take time and effort to make sure everyone understands the new rules and procedures, but in the long run it will be worth it.

About the Author

Bonnie A. Wilson, C.M., serves as vice president of airport facilities and services for the Airports Council International - North America, based in Washington. She is responsible for representing members in negotiations and rulemaking procedures with federal agencies, among others, and coordinates the activities of the association’s Public Safety & Security Committee, the Small Airports Committee, and the Environmental Affairs Committee. Wilson has a degree in Public Administration from the University of Houston.