ASTM F3365-23

This document is not an ASTM standard and is intended only to provide the user of an ASTM standard an indication of what changes have been made to the previous version. Because
it may not be technically possible to adequately depict all changes accurately, ASTM recommends that users consult prior editions as appropriate. In all cases only the current version
of the standard as published by ASTM is to be considered the official document.
Designation: F3365 − 19 F3365 − 23
Standard Practice for
Compliance Audits to ASTM Standards on Unmanned
Aircraft Systems
This standard is issued under the fixed designation F3365; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (´) indicates an editorial change since the last revision or reapproval.
1. Scope
1.1 This standard practice establishes the minimum set of requirements for auditing programs, methods, and systems, the
responsibilities for all parties involved, and qualifications for entities conducting audits against ASTM standards on Unmanned
Aircraft Systems. This document has been purposefully designed within the broader context of the Committee F38 library.
Although the original source materials for the content presented here were intended to function as standalone documents, the
committee has consciously removed any redundant information in favor of adopting a referential "single-source-of-truth"
approach. Consequently, when applying this standard, it is essential to consider and integrate all relevant Committee F38 standards
to ensure its comprehensive and accurate implementation.
1.2 When intending to utilize the information provided in this document as a Means of Compliance for operational or design
approval, or both, it is crucial to consult with the respective oversight authority (for example, CAA) regarding its acceptable use
and application. To find out which oversight authorities have accepted this standard (in whole or in part) as an acceptable Means
of Compliance to their regulatory requirements (hereinafter "the Rules"), please refer to the Committee F38 webpage
(www.ASTM.org/COMMITTEE/F38.htm).
1.3 This practice provides requirements to enable consistent and structured examination of objective evidence for compliance that
is beneficial for the UAS industry and its consumers. It is the intent of this practice to provide the necessary minimum requirements
for organizations to develop audit programs and procedures.
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility
of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of
regulatory limitations prior to use.
1.5 This international standard was developed in accordance with internationally recognized principles on standardization
established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued
by the World Trade Organization Technical Barriers to Trade (TBT) Committee.
2. Referenced Documents
2.1 ASTM Standards:
E2159 Guide for Selection, Assignment, and Monitoring of Persons To Be Utilized as Assessors/Auditors or Technical Experts
F3060 Terminology for Aircraft
F3341 Terminology for Unmanned Aircraft Systems
This practice is under the jurisdiction of ASTM Committee F38 on Unmanned Aircraft Systems and is the direct responsibility of Subcommittee F38.03 on Personnel
Training, Qualification and Certification.
Current edition approved Feb. 1, 2019Aug. 1, 2023. Published March 2019August 2023. Originally approved in 2019. Last previous edition approved in 2019 as
F3365 – 19. DOI: 10.1520/F3365–19.10.1520/F3365–23.
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United States
F3365 − 23
3. Terminology
3.1 Unique and Common Terminology—Terminology used in multiple standards is defined in Terminology F3341, UAS
Terminology Standard and Terminology F3060, Aircraft Terminology Standard. Terminology that is unique to this specification is
defined in this section.
3.2 Definitions:
3.2.1 action plan, n—an audited entity’s plan to address audit findings that describes response actions, parties responsible for their
execution, and expected completion dates.
3.2.2 audit (compliance audit), n—a systematic, documented, and objective review of an audited entity to evaluate its compliance
status relative to audit criteria.
3.2.3 audit criteria, n—the set of requirements that are applicable to the audited entity and specified in the audit scope. Examples
may include standards, regulations, and laws.
3.2.4 audit data, n—information obtained during an audit to support audit findings.
3.2.5 audit finding, n—a statement of audited entity conditions at the time of the audit by evaluation against audit criteria. Audit
findings shall be based upon verifiable audit data and may be either positive or negative with respect to audit criteria.
3.2.6 audit objective(s), n—broad statement(s) of what the audit intends to accomplish.
3.2.7 audit plan, n—documentation that describes the audit.
3.2.8 audit program, n—an auditing entity’s overarching collection of approaches, methods, systems, etc. toward the goal of
achieving an audit objective(s) and in compliance with this standard.
3.2.9 audit protocol, n—a method designed to collect information to support the audit objective(s) based upon audit criteria.
3.2.10 audit purpose, n—reason for the audit.
3.2.11 audit report, n—a written summary of audit findings that is objective, clear, concise, constructive, and timely.
3.2.12 audit scope, n—a description of what is to be audited. The audit scope shall include a description of the period under review,
the audited entity, and the audit criteria.
3.2.13 audit team, n—one or more auditors responsible for conducting an audit. The audit team may be supported by technical
experts and auditors-in-training.
3.2.14 audited entity, n—a facility, organization, or part thereof, that is the subject of an audit.
3.2.15 auditing entity, n—the organization that provides the audit program and authorizes, or initiates the audit process. The
auditing entity may be internal or external to the audited entity.
3.2.16 auditor, n—a person qualified to conduct an audit.
3.2.17 independence, n—a condition characterized by organizational standing where an auditor is free to conduct an audit without
being controlled or influenced by others.
3.2.18 lead auditor, n—an auditor designated to lead and manage the audit.
F3365 − 23
3.2.19 objectivity, n—a condition characterized by the absence of bias, influences, and conflicts of interest that affect or have the
potential to compromise audit findings.
3.2.20 open issues, n—potential audit findings that cannot be verified or resolved without additional information.
3.2.21 period under review, n—the time interval over which conditions at the audited entity are evaluated against audit criteria.
3.2.22 records, n—documentation and other forms of recorded information.
3.2.23 working papers, n—records collected and developed by an auditor through the use of audit protocols.
4. Significance and Use
4.1 The purpose of this standard practice is to provide the minimum requirements for the conduct of compliance audits.
4.2 The intended use of this practice is to provide a basis for an internal or external entity to develop an audit program. An audit
program defines specific requirements for the execution of audits for a particular objective. An example of an audit program would
be an external (third party) audit of UAS manufacturer’s quality assurance system.
4.3 Compliance to this practice would ensure that audit programs and those who develop and execute them are following a
consensus set of minimum requirements.
4.4 This practice does not mandate either internal or external audits.
4.5 An auditing entity cannot request or approve an audit.
4.6 Other Audit Criteria—Other audit criteria may be included in the audit scope if specified in the audit plan. Examples include
safety, technical, operational, and management requirements. Items that are outside the scope of auditable criteria may be
submitted as observations for possible resolution. However, these are not binding and are not mandatory.
4.7 Additional Services—Additional services are outside the scope of an audit objective. Examples of such services are
consultation to resolve negative or open findings or any other service where the auditing entity conducts an activity other than an
audit for the audited entity.
4.8 Compliance Assurance—An audit is only an indicator of the compliance health of the facility or organization, or both, during
only the period under review and therefore has limited compliance assurance and is not assumed to be exhaustive.
4.9 Level of Review is Variable—The audit scope may vary to meet different audit objectives. For example, the audit scope may
include only selected audit criteria, selected period under review, or selected portions of a facility or organization.
5. Audit Program
5.1 The auditing entity shall develop and document an audit program that conforms to this practice prior to carrying out an audit.
The audit program and its documentation is internal to the auditing entity.
5.2 The audit program shall specify an audit purpose and audit objective(s).
5.3 The audit program shall specify the procedures and guidelines that will be used to conduct the audit process in Section 56,
including target timelines. As practical, the program should also provide drafts of audit-specific information such as audit scope,
audit plan, and audit reports.
5.4 The audit program shall contain requirements for record management as specified in Section 1011.
F3365 − 23
5.5 The audit program shall define criteria for audit status levels. Examples of audit status include pass/fail, open/closed, or
complete/incomplete.
5.6 The audit program shall include auditor qualifications as specified in Section 1112.
5.7 The audit program shall define guidelines and procedures for identifying and reporting any compromise of auditor
qualifications.
6. Audit Process
6.1 An audit shall, at a minimum, involve three activities. These are: preparation activities, execution activities, and reporting
activities.
6.2 Preparation—Preparation activities occur before execution and are intended to plan, organize, and communicate the execution
and reporting activities for a specific audit. The result of the preparation activities is the audit plan (Section 67). The audit plan
shall be agreed upon between the auditor and the audited entity in a timely manner prior to the execution of an audit.
6.3 Execution—The audit plan is carried out between the audit team and audited entity during this activity. These activities may
occur remotely or during an on-site visit, or both, as specified by the audit plan. Execution activities shall include communication
activities (Section 78) and data gathering activities (Section 89).
6.4 Reporting—Reporting activities occur after audit execution between the auditor and audited entity. Reporting deliverables and
milestones occur following execution; however, preparatory work may occur at other times during the process. Reporting shall
include documentation activities specified in Section 910.
7. Audit Plan
7.1 An audit plan shall contain the following:
7.1.1 The audit objective;
7.1.2 Audit scope;
7.1.3 Identities of the auditing entity, audited entity, and audit team;
7.1.4 Audit schedule;
7.1.5 Record management and confidentiality procedures; and
7.1.6 Logistics.
7.2 Background Information—Background information should be used as appropriate to develop the audit plan or refine an
existing audit plan. Background information may consist of records, process, site descriptions, operation and maintenance manuals,
compliance inspection reports, previous audit reports, notices of violations, and other relevant information.
7.3 Schedule—A schedule of audit activities shall be developed and documented. The schedule shall clearly document the
expected timeline between the auditing and audited entity with respect to audit execution, reporting audit findings, and action plans
as applicable.
7.4 On-site Logistics—If an on-site visit is planned, issues such as scheduling a site orientation meeting, identifying site contacts,
scheduling the site visit dates, and resolution of lodging and transportation logistics should be addressed.
...