Understanding the EASA Management System Assessment Tool (MSAT)

Thursday, April 3, 2025

Written by Managing Principal Consultant Steve Hough

The MSAT is a methodology for assessing and improving Management Systems (MS) within the European Union (EU) to strengthen oversight by National Competent Authorities. Although primarily designed for Competent Authorities, the tool can also help organisations assess their own MS, identify areas for improvement, and address gaps—particularly when working with subcontracted organisations. 

The results can be shared with authorities to build a common understanding of system performance and drive continuous improvement. 

It focuses on two main components: 

  1. Safety Management System (SMS): Based on ICAO Annex 19, the tool covers the four core pillars of safety - policy and objectives, risk management, assurance, and promotion.
  2. Compliance Monitoring System: This ensures organisations meet the relevant EU regulatory requirements. 


The methodology also emphasises interface management, which plays a key role in maintaining operational safety. While the document keeps ICAO terminology (e.g., "SMS"), it adapts some terms to fit the EU context (e.g., using "Organisation" instead of "Service Provider") and refers to Regulation (EU) 376/2014 where needed. 

The goal is to help authorities move beyond traditional compliance-based oversight to a more performance-based approach. This common framework also supports:

  • Recognising SMS under international agreements, 
  • Streamlining approvals for Integrated Management Systems, and 
  • Harmonising Part-CAMO systems with operators’ MS, especially when multiple authorities are involved (per Regulation (EU) 2022/410).

How and When is this tool used 

Initial Certification: 
Before granting initial certification, competent authorities ensure that MS processes are “Present” and “Suitable” to enable safe operations from the start. Much of this assessment can be done through a desktop review of MS documentation, with follow-up on-site visits. This phase also allows authorities to guide the organisation on implementing its MS and evaluate the understanding of safety policies and culture among key managers and staff. 

Continuing Oversight: 

Once operations begin, competent authorities verify that MS processes are not only “Present” and “Suitable” but also “Operating” and eventually “Effective.” Regular assessments combine organisational visits, meetings, and desktop reviews. As processes mature, authorities may revisit their suitability, particularly when there are significant operational changes or amendments to approvals. 

Credit for Other Oversight Activities:
 
MS effectiveness can be informed by routine compliance audits, inspections, occurrence investigations, and meetings. Competent authorities may also credit organisations that meet industry standards or have received relevant accreditations. 

Extending the Oversight Cycle: 

Performance-based oversight allows authorities to extend oversight cycles for organisations that demonstrate effective safety risk management, control over changes, and compliance. This decision hinges on meeting specific criteria, such as the absence of major findings and timely corrective actions. 

Integrated Management Systems: 

When organisations hold multiple certificates, an integrated MS can streamline oversight. The assessment tool supports a “one MS = one assessment” principle, enabling a global evaluation across domains. However, if domain-specific complexities prevent a single assessment, results should be shared among assessment teams to ensure consistent oversight and messaging. Coordination between authorities may be required for cohesive assessments when multiple agencies are involved. 

By addressing specific domain requirements and enabling a unified approach for integrated systems, the tool helps ensure effective oversight and continuous improvement across various operational contexts. 

Guidance
The MSAT evaluates the compliance and effectiveness of a MS using features based on ICAO Annex 19 and EASA MS requirements. It incorporates the 12 elements of the ICAO Safety Management System (SMS) Framework, additional EASA requirements such as Regulation (EU) 376/2014 on occurrence reporting, and key enablers to promote a Just Culture environment. Each feature is assessed to determine if it is “Present,” “Suitable,” “Operating,” and “Effective,” with definitions provided in the tool. While it does not fully evaluate safety culture, the Safety Management International Collaboration Group (SMICG) Industry Safety Culture Evaluation tool is suggested for additional support.

The tool can be used by competent authority inspectors for evaluation or by organisations for self-assessment, which can then be verified and validated by authorities.

 

Applicability 
The tool applies to organisations of all sizes but must be scaled to reflect the size, nature, and complexity of the organisation. Assessors should consider sector-specific regulations, Alternative Means of Compliance, and existing EASA guidelines for non-complex organisations when determining suitability.

Though designed to address generic MS requirements, the tool can and should be customised for sector-specific needs, particularly when organisations manage multiple certificates or integrate their MS across domains. 
The MS assessment tool is designed to evaluate both compliance and performance, ensuring that: 

  • The relevant MS elements are present and suitable for effective functioning (compliance-focused). 
  • The MS operates as intended and achieves desired outcomes (performance-focused). 

The assessment goes beyond traditional compliance by evaluating the organisation's ability to manage safety, establish and monitor safety objectives, and achieve intended targets. The grading system—Present, Suitable, Operating, and Effective (PSOE)—is used as a maturity model to assess overall performance and safety management capability: 

  1. Present: The MS is documented and defined.
  2. Suitable: The MS is appropriately designed for the organisation’s size, complexity, and operations.
  3. Operating: The MS functions as designed, though outcomes may still fall short of targets. 
  4. Effective: The MS is mature, agile, and achieves safety objectives while driving continuous improvement. 
 
The tool is not a compliance checklist; it must not be reduced to a narrow, step-by-step verification process. Instead, it serves as a guide to help assessors prepare for evaluations, adapt the tool to the organisation’s unique context, and provide a holistic view of the MS’s maturity and performance. 

 

Being compliant does not guarantee being safe. A narrow, overly prescriptive approach risks complicating the MS unnecessarily, overlooking risks, and missing the ultimate goal: ensuring safe operations and effective safety management. Assessors must focus on performance, maturity, and the organisation’s overall ability to manage safety effectively. 

There are advantages in using the MSAT if the organisation is operating under EASA regulations and oversight as it easily aligns with the EASA approach and can be an effective way of understanding and communication the maturity of an organisations management system with the regulator as well as providing internal assurance that the management system is effective.  

 

Alternative MS toolkits – our SMARRT approach 
The MSAT tool does have limitations as it was initially focussed on the SMS elements and has less attention on compliance and culture, though this has been somewhat addressed in the second release (V2.0 Sep 23). To not only understand the maturity of the core elements of an SMS, the MS must be looked at in the whole and why a MS matures into effectiveness.  

It is here that our Safety Management and Risk Reduction Toolkit (SMARRT MAP) approach is ideal, as it assesses four core elements of the management system but also five enablers. It is these enablers that light the fuse of a management system, turning it from a regulatory minimum document that is just bolted on, to a fully integrated system that ensures compliance and effectively manages risk, giving full benefit to an organisation and enabling risk-based, data-driven decision making. A SMARRT MAP assessment is used as the basis of an improvement plan for the organisation to achieve and maintain effectiveness. 

We have many years of experience in conducting both MSAT and SMARRT MAP assessments of varied organisations, using our trained, independent, expert consultants. Providing organisations with a clear assessment of MS maturity, gaining clarity for the starting point for the next steps of an organisation's MS journey or assurance that the current system is mature, optimal and effective. 

To find out more about how our SMARRT MAP can help you measure and improve your journey through Compliance to Performance, you can download our toolkit for free and speak to our team of experts to discuss how it can be effectively applied.