Description of Changes
CGO 3.7.2 Guidance
CGO 3.7.3 (Intentionally open)
CGO 3.7.3
CGO 3.7.4
CGO 3.7.4 Guidance
Table 7.1
Standards Eliminated
Standards Added
Recommended Practices
Eliminated
Recommended Practices Added
Tables Added
Tables Eliminated
Area Changed
Group Revisions
(These are changes applied
throughout this section but not
shown below as individual
changes)
Applicability box
General Guidance
SEC 1.1.1 Guidance
SEC 1.1.2
SEC 1.1.3 Auditor Actions
ISM Ed 14, September 2021
• Technical change: wording added (last paragraph) to address cargo
security measures at facilities under the control of an entity for which
the operator has no oversight capabilities.
• Placeholder added.
• Standard eliminated due to specifications duplicated in CGO 3.7.4;
guidance relocated to CGO 3.7.4.
• Technical change: wording added; new sub-spec to address
protection of certain cargo from unauthorized interference.
• Editorial changes: term added to IRM reference; wording added (3rd,
7th, 9th paragraphs); relocated from (deleted) CGO 3.7.3.
• Editorial change: abbreviation OM added to header.
Section 8 (SEC)
Summary of Revisions
• One (1): SEC 1.10.4.
• Six (6): SEC 3.3.2, SEC 3.5.3, SEC 3.6.3, SEC 3.6.7, SEC 3.6.8,
SEC 3.6.10 (all relocated to GRH).
• Three (3): SEC 1.11.4, SEC 1.12.2, SEC 4.1.3 (all upgraded from
recommended practices).
• One (1): SEC 3.6.11 (relocated to GRH).
• One (1): SEC 1.11.A (ORG repeat).
• None.
• None.
Revisions
Description of Change(s)
• Editorial change: universal revision to simplify language usage; all
tenses of the word “utilize” replaced by the word “use.”
• Editorial changes: correction of grammatical discrepancies;
addition/deletion of commas, periods, hyphens, apostrophes,
semicolons or spaces.
• Editorial change: universal revision to replace all cases of the term
‘security management system’ (after the initial use of the term) with
the abbreviation ‘SeMS’ for consistency with ISM convention.
• None.
• None.
• Editorial changes: wording revised (4th paragraph); replace ‘airline’
wit ‘operator’ for consistency; wording added (5th paragraph); typo
corrected.
• Editorial change: provision restructured with bullet points to improve
presentation of specifications.
• Editorial change: wording revised (2nd AA step) to emphasize
security awareness.
DOC 39
 IOSA Standards Manual

SEC 1.1.3 Guidance • Editorial change: wording added (2nd paragraph) to strengthen the
emphasis on elements that might be part of an organizational
security policy.
• Technical change: wording added (3rd paragraph) to address
incorporation of security policy in the corporate safety/compliance
policy.
• Technical change: wording added (last 6 paragraphs) to provide
expanded information relative to a corporate security policy.
SEC 1.2.1 Guidance • Technical changes: wording revised (2nd and 5th paragraphs) to
improve accuracy of information.
• Technical changes: wording added (6th and 7th paragraphs) to
provide information relevant to protection of security sensitive
information.
SEC 1.3.1 • Editorial changes: wording revised to improve the expression of
intent and to align with Annex 17 and ICAO security manual.
SEC 1.3.2 Guidance • Technical change: wording added (3rd and 4th paragraphs) to provide
explanatory information related to delegation of duties and
assignment of responsibilities.
SEC 1.3.3 Guidance • Technical change: wording deleted (4th paragraph) to remove
inaccuracy.
SEC 1.4.1 Guidance • Technical change: wording added (4th paragraph) to provide
expanded information with respect to the content of a corporate
security intranet site.
SEC 1.5.3 • Technical changes: wording revised/added in sub-specs 3 and 4 to
align with Annex 17.
SEC 1.5.3 Guidance • Editorial change: IRM reference added; first letter of term ‘security
restricted area’ revised to lower case for consistency (3rd paragraph).
• Technical change: wording revised (5th paragraph) for consistency
with specifications in the provision.
• Technical change: wording added (last paragraph)
SEC 1.6.1 Guidance • Technical changes: wording added (multiple paragraphs) to expand
information relative to security documentation management and
control.
SEC 1.6.3 • Technical change: sub-spec added to address protection of sensitive
security information.
• Editorial change: GM symbol added.
SEC 1.6.3 Guidance • New guidance to provide information regarding documentation in the
AOSP.
SEC 1.6.4 • Technical change: wording added (multiple paragraphs) to specify
transmission of security directives/instructions delivered to providers
in a secure manner.
SEC 1.6.4 Guidance • Technical change: wording added (last paragraph) to provide
security information to service providers.
SEC 1.8.1 • Technical change: word ‘integrity’ added to sub-spec (v) for
consistency with equivalent provision in ORG and other sections.
• Technical change: wording added; sub-spec (vi) expanded to
address retention/storage.of security records.
SEC 1.8.1 Guidance • Technical changes: wording added (2nd paragraph, first bullet point,
and multiple other paragraphs) to provide information related to the
management of operational security records.

DOC 40 ISM Ed 14, September 2021


SEC 1.9.2 Guidance
SEC 1.10.1 Guidance
SEC 1.10.2 Guidance
SEC 1.10.3B
SEC 1.10.3B Auditor Actions
SEC 1.10.3B Guidance
SEC 1.10.4 (Intentionally open)
SEC 1.10.4
SEC 1.11.1A
SEC 1.11.1B
SEC 1.11.1B Guidance
SEC 1.11.2
SEC 1.11.2 Guidance
SEC 1.11.4
SEC 1.11.4 Guidance
SEC 1.12.1
SEC 1.12.1 Auditor Actions
SEC 1.12.1 Guidance
SEC 1.12.2
ISM Ed 14, September 2021
Description of Changes
• Technical changes: wording added (3rd and 4th paragraphs) to
include security review committee and reference to the IATA SeMS
Manual.
• Editorial change: IRM reference added.
• Technical changes: wording added/revised (7th and 8th paragraphs)
to provide information relevant to auditor training and qualification,
and to quality control mechanism that complement an audit.
• Technical changes: wording added (multiple paragraphs) to provide
information relative to security auditing.
• Technical change: wording revised for consistency with
corresponding ORG provision that addresses SMS.
• Editorial change: wording revised (4th AA step) for consistency with
wording in the provision.
• Technical changes: wording added (multiple paragraphs) to provide
expanded information relevant to the audit process.
• Placeholder added.
• Standard eliminated (Annex 17 alignment).
• New recommended practice and guidance to specify an aviation
security service provider selection process (repeat ORG provision).
• Editorial change: suffix “B” added to identifier for sequencing with
new SEC 1.11.1A.
• Technical change: wording revised; the term ‘measurable
specifications’ replaced by ‘specific documented requirements’ to be
consistent with changes to the ORG master provision.
• Technical change: wording added (last paragraph) to provide
reference to IATA Standard Ground Handling Agreement.
• Technical change: note added to specify consideration of the full
audit report when IOSA or ISAGO are used as the only means of
monitoring an external service provider (repeat ORG provision).
• Technical change: wording added (5th paragraph) to provide a
reference to the IATA Standard Ground Handling Agreement.
• Upgrade to standard; wording revised (Annex 17 alignment).
• Editorial change: wording ‘as permitted’ added.
• Technical changes: wording revised (1st paragraph) to provide
methods for oversight of security functions performed by external
entities.
• Technical changes: wording revised and sub-spec (ii) added for
relative consistency with ORG 3.1.3; new terminology included to
align with Annex 17.
• Editorial change: wording revised (1st AA step) to be consistent with
terminology in the standard.
• Editorial change: IRM references added.
• Technical change: wording added (3rd paragraph) to state indirect
link to SEC 4.3.2; wording revised (4th paragraph, 3rd bullet point) to
include Just Culture included in reporting policy; wording revised (9th,
10th and 11th paragraphs) to address submission of security reports
to IDX.
• Upgrade to standard; wording revised for terminology alignment with
Annex 17 standard and changes to other SEC provisions.
DOC 41

SEC 1.12.2 Auditor Actions
SEC 1.12.2 Guidance
SEC 2.1.1
SEC 2.1.1 Auditor Actions
SEC 2.1.1 Guidance
SEC 2.1.2
SEC 2.1.2 Auditor Actions
SEC 2.1.2 Guidance
SEC 2.1.5 Guidance
SEC 2.1.6
SEC 2.1.6 Guidance
SEC 2.1.8
SEC 2.1.8 Guidance
SEC 3.1.3
SEC 3.1.3 Guidance
SEC 3.3.1
SEC 3.3.2 (Intentionally open)
SEC 3.3.2
SEC 3.4.2
SEC 3.4.5 Guidance
SEC 3.4.6 Guidance
SEC 3.4.7 Auditor Actions
SEC 3.5.2 (Intentionally open)
DOC 42
IOSA Standards Manual
• Technical changes: wording revised (1st and 3rd AA steps) for
consistency with specifications in the standard.
• Editorial change: wording revised (1st paragraph) for consistency
with wording in provision.
• Technical change: wording added (last paragraph) to expand
information relative to security risk management.
• Technical changes: wording added to include requalification training;
note added to require background check prior to certain training.
• Editorial change: wording added (1st AA step) for consistency with
new note in the standard.
• Technical change: wording added (5th paragraph) to provide
information relevant to background checks; wording added (last
paragraph) to provide information relevant to security awareness
and reporting.
• Technical changes: wording added (sub-specs (ii) and (iv) to expand
specifications that address provider security training program.
• Editorial change: (GM) symbol added.
• Editorial change: wording added (3rd AA step) to provide increase
specificity.
• New guidance material.to address monitoring to ensure service
providers have appropriate security training program.
• Technical change: wording revised (last paragraph) to address
improvised explosive devices.
• Editorial change: GM symbol added.
• New guidance to provide information relevant to the elements of a
training course review/revision program.
• Technical changes: wording revised for consistency with terminology
changes in other SEC provisions.
• Technical changes; wording added (2nd and 3rd paragraphs) to
provide information relevant to personnel employment and security
reporting.
• Technical change: wording added for alignment with Annex 17.
• Technical changes: wording added (1st and 2nd paragraph) to provide
information related to access control and personnel screening
measures; wording revised (4th paragraph, 2nd and 4th bullet points)
to expand information related to aircraft access control measures.
• Technical change: Note added to address a requirement to notify the
PIC when armed persons are on board the aircraft.
• Placeholder added.
• Standard eliminated; relocated to GRH section as GRH 3.7.5.
• Technical change: wording deleted for alignment with Annex 17.
• Technical change: wording added (1st paragraph) to address
additional passenger/baggage screening for flights between states
that have an equivalent application of security standards.
• Editorial change: word only added (2nd paragraph).
• Technical change: wording added (3rd paragraph) to reference
specifications and guidance associated with SEC 1.11.4.
• Technical/editorial change: wording added/revised (1st AA step) to
address supernumeraries.
• Placeholder deleted.
ISM Ed 14, September 2021
 Description of Changes

SEC 3.5.3 • Standard eliminated; relocated to GRH section as GRH 3.7.6.

SEC 3.6.1 • Editorial change: wording restructured to include numbered bullet
points.
• Technical change: sub-spec (ii) added to retain hold baggage control
specification from SEC provisions that are eliminated and relocated
to GRH section.
SEC 3.6.2 • Editorial change: wording restructured to include numbered bullet
points.
• Technical change: sub-spec (ii) added to retain hold baggage control
specification from SEC provisions that are eliminated and relocated
to GRH section.
SEC 3.6.3–3.6.5 (Intentionally • Placeholder revised
open)
SEC 3.6.3 • Standard eliminated; relocated to GRH section as GRH 3.7.7.
SEC 3.6.7 • Standard eliminated; relocated to GRH section as GRH 3.7.8.
SEC 3.6.8 • Standard eliminated; relocated to GRH section as GRH 3.7.9.
SEC 3.6.9 (Intentionally open) • Placeholder deleted.
SEC 3.6.10 • Standard eliminated; relocated to GRH section as GRH 3.7.10.
SEC 3.6.11 • Recommended practice eliminated; relocated to GRH section as
GRH 3.7.11.
SEC 3.9.2 • Editorial change: wording revised to ‘security restricted area’ for
accuracy of terminology.
SEC 3.9.2 Auditor Actions • Editorial change: wording revised (1st and 2nd AA steps) for accuracy
of terminology.
SEC 3.9.2 Guidance • Editorial changes: IRM reference revised; wording revised (last
paragraph) for accuracy of terminology.
SEC 4.1.1 • Technical change: wording added to address cybersecurity (Annex
17 alignment).
SEC 4.1.1 Guidance • Editorial change: IRM reference added.
• Technical change: wording deleted/added (last 12 paragraphs) to
provide information relevant to the management of cyber threats to
operations.
SEC 4.1.3 • Upgrade to standard; wording revised for alignment with Annex 17
standard.
• Technical change: Note added to state a condition of applicability.
SEC 4.1.3 Guidance • Technical change: wording added (last paragraph) to emphasize
requirement for state approval for information sharing.
SEC 4.3.1 • Editorial change: (GM) symbol added; wording revised for transition
to bullet points.
• Technical change: sub-spec (iii) added to align with Annex 17.
SEC 4.3.1 Guidance • New guidance to address investigation outcomes.
SEC 4.3.2 • Technical changes: wording revised to align terminology with
Annex 17.
SEC 4.3.3 • Technical changes: effective date deleted; wording revised to define
events that are reported to IATA for inclusion in IDX.
SEC 4.3.3 Guidance • Technical changes: wording deleted/revised (all paragraphs) to
provide expanded information regarding IDX reporting and to be
consistent with terminology changes in other provisions.

ISM Ed 14, September 2021 DOC 43