SAFETY REGULATION COMMISSION Harmonisation of ATM Safety Regulation

CHANGES in the ATM INDUSTRY QATM service provision becoming increasingly commercialised QNational ATM corporations

ATM SAFETY REGULATION RULE-MAKING SETTING MINIMUM SAFETY LEVELS SAFETY OVERSIGHT SAFETY PERFORMANCE MONITORING&IMPROVEMENT KEY

EUROPEAN Harmonisation in ATM safety regulation EUROCONTROL SRC aims at ensuring a harmonised ATM

PROCESSES RULE MAKING SAFETY OVERSIGHT SETTING MINIMUM ORGANISATIONAL SAFETY LEVELS ISSUES SAFETY PARTNERSHIP PERFORMANCE

PROCESSES RULE MAKING SAFETY OVERSIGHT SETTING ORGANISATIONAL MINIMUM SAFETY ISSUES LEVELS SAFETY PARTNERSHIP PERFORMANCE

ESARR 1 GUIDANCE MATERIAL FOR REGULATORS ATM SAFETY REGULATORY FRAMEWORK Acceptable ACCEPTABLE means OF

EAM AMC ESARR = WHAT is required ? Acceptable Means Of Compliance = Ideas

This has to be done by the provider. . . PROJECT SPECIFICATIONS DETERMINATION DESIGN

Role of ATM Safety Regulator ? PROJECT SPECIFICATIONS DETERMINATION DESIGN AND DEVELOPMENT INSTALLATION AND

EATM PROGRAMMES related EUROCONTROL Approval Process Inputs/co-ordination EATM programmes (GNSS, RVSM, ACAS. . )

EUROCONTROL ESARR 4: Risk Assessment & Mitigation in ATM

ESARR 4 REQUIREMENTS EUROCONTRO WHAT CAN GO WRONG ? WHAT CAN BE DONE TO

ESARR 4 REQUIREMENTS EUROCONTROL IN PRACTICAL TERMS. . . PROJECT DETERMINATION & SPECIFICATION DESIGN

IN ACCORDANCE WITH ESARR 4…. ESARR 4 REQUIREMENTS EUROCONTROL Hazard identification & risk assessment

IN ACCORDANCE WITH ESARR 4…. FIRST STEP Determination of the constituent part being considered

IN ACCORDANCE WITH ESARR 4…. SECOND STEP ESARR 4 REQUIREMENTS EUROCONTRO Determination of Safety

IN ACCORDANCE WITH ESARR 4…. THIRD STEP ESARR 4 REQUIREMENTS EUROCONTRO Derivation of a

IN ACCORDANCE WITH ESARR 4…. FOURTH STEP ESARR 4 REQUIREMENTS EUROCONTRO Verification Verify that

Quantification of Safety Objectives FAILURE HAZARD PROBABILITY OF OCCURRENCE OF THE HAZARD INCIDENT OR

The ATM system and supporting services ( TOTAL SYSTEM APPROACH) Operational environment boundary CNS/ATM

To. Tal System Approach and associated doc ICAO Annex 14 and associated doc ATM

To. Tal System Approach Equipment specifications, limitations, operations and maintenance Flight Manual Maintenance Manual

ESARR 4 REQUIREMENTS EUROCONTROL More Guidance ? è ESARR 4 Guidance Material - EAM

Slides: 28

Download presentation

SAFETY REGULATION COMMISSION Harmonisation of ATM Safety Regulation & ESARRs Martine Blaize - Deputy of Safety Regulation Unit (SRU)

CHANGES in the ATM INDUSTRY QATM service provision becoming increasingly commercialised QNational ATM corporations and agencies QIncreasing focus on liability QProgressive separation and clarification of safety roles

ATM SAFETY REGULATION RULE-MAKING SETTING MINIMUM SAFETY LEVELS SAFETY OVERSIGHT SAFETY PERFORMANCE MONITORING&IMPROVEMENT KEY FUNCTIONS

EUROPEAN Harmonisation in ATM safety regulation EUROCONTROL SRC aims at ensuring a harmonised ATM safety regulatory framework across ECAC • Context of the EC Single European Sky • Transfer to EASA anticipated by ECAC in 1997

PROCESSES RULE MAKING SAFETY OVERSIGHT SETTING MINIMUM ORGANISATIONAL SAFETY LEVELS ISSUES SAFETY PARTNERSHIP PERFORMANCE & WITH PROVIDERS IMPROVEMENT ATM SAFETY LEVELS ICAO Annex 11… TLS for ATS in national airspace and aerodromes SRC POL DOC 1 - ATM Safety Minima Top Down approach n SRC POL DOC 1 provides a minimum to be met n Consideration of Public Interest in area concerned n Link to safety performance monitoring and improvement n Link to the design of ATM system incl. required aircraft equipage

PROCESSES RULE MAKING SAFETY OVERSIGHT SETTING ORGANISATIONAL MINIMUM SAFETY ISSUES LEVELS SAFETY PARTNERSHIP PERFORMANCE & WITH PROVIDERS IMPROVEMENT Inputs to Rule Drafting RULE-MAKING 2001/0235 - The Commission shall. . identify and adopt the ESARRs and subsequent amendment to those requirements within the scope of this Regulation… … that shall be made mandatory under Community Law n ICAO SARPS with any potential deviations n ESARRs demanding- describes the minimum to be enforced n EC ‘Common Requirements’ bearing on ANSPs , + Essential Requirements, Implementing Rules & Community Specifications n Any additional/different safety (regulatory) requirements justified by local environment of operations or national context

ESARR 1 GUIDANCE MATERIAL FOR REGULATORS ATM SAFETY REGULATORY FRAMEWORK Acceptable ACCEPTABLE means OF of MEANS compliance COMPLIANCE EUROCONTROL AMC AMC ESARR 2 SAF. OCCURRENCES GUIDANCE MATERIAL FOR REGULATORS FOR EACH ESARR FOR ESARR 2 FOR ESARR 3 AMC ESARR 3 SAFETY MANAGEMENT SYSTEMS FOR ESARR AMC 3 AMC FOR ESARR 4 AMC ESARR 4 RISK ASSESSMENT AND MITIGATION ESARR 5 ATM PERSONNEL ESARR 6 SYSTEMS SW & HW FOR ESARR 4 AMC ESARR 7 ATM PROCEDURES FOR AMC ESARR 5, 6, . . . AMC FOR ESARR 5, 6, 7. 7. ESARR ADVISORY MATERIAL (EAM) REQUIREMENTS APPLICATION DOCUMENTS (RAD) RVSM GNSS EGNOS GBAS Data Link 2000+ 8. 33 HEP ETC… ADS EATM Programme Safety Deliverables

EAM AMC ESARR = WHAT is required ? Acceptable Means Of Compliance = Ideas HOW this can be achieved ? ANSPs internal procedures = Customised solutions on HOW ANSPs meet ESARRs

ATM SAFETY REGULATION RULE-MAKING SETTING MINIMUM SAFETY LEVELS SAFETY OVERSIGHT SAFETY PERFORMANCE MONITORING&IMPROVEMENT KEY FUNCTIONS

Neither blind trust. . . Trust me. . .

PROCESSES RULE MAKING SAFETY OVERSIGHT SETTING ORGANISATIONAL MINIMUM SAFETY ISSUES LEVELS SAFETY PARTNERSHIP PERFORMANCE & WITH PROVIDERS IMPROVEMENT SAFETY OVERSIGHT SES: National Supervisory Authorities, with reliance on third party organisations. . Safety Oversight n Safety regulatory oversight of procedures implemented by ANSPs & related approval of organisation and SMS n Safety regulatory review of Safety Argument/Case & related approval of ATM systems/changes, procedures and safety staff n EC Conformity assessment processes n Certification/safety regulatory approval processes

This has to be done by the provider. . . PROJECT SPECIFICATIONS DETERMINATION DESIGN AND DEVELOPMENT INSTALLATION AND TRANSITION OPERATION RISK ASSESSMENT AND MITIGATION ACTIVITIES Risk Assessment Risk and Mitigation and Deliverables Risk Assessment and and Mitigation Deliverables RISK ASSESSMENT AND MITIGATION DOCUMENTATION REVIEW OF OF THE RISK ASSESSMENT AND MITIGATION DOCUMENTATION EUROCONTROL Safety Regulation Commission - Workshop on ESARR 3 and Related Material ACCEPTANCE

Role of ATM Safety Regulator ? PROJECT SPECIFICATIONS DETERMINATION DESIGN AND DEVELOPMENT INSTALLATION AND TRANSITION OPERATION RISK ASSESSMENT AND MITIGATION ACTIVITIES Risk Assessment and Mitigation Deliverables RISK ASSESSMENT AND MITIGATION DOCUMENTATION REVIEW OF THE RISK ASSESSMENT AND MITIGATION DOCUMENTATION EUROCONTROL Safety Regulation Commission - Workshop on ESARR 3 and Related Material ACCEPTANCE

EATM PROGRAMMES related EUROCONTROL Approval Process Inputs/co-ordination EATM programmes (GNSS, RVSM, ACAS. . ) National ATS providers Submission of safety policy and arguments, with related operational assumptions Request for “approval” in national context of operations Final “approval” Co-ordinated views on acceptability of safety policy and arguments SRC Co-ordination National Regulator

EUROCONTROL ESARR 4: Risk Assessment & Mitigation in ATM

ESARR 4 REQUIREMENTS EUROCONTRO WHAT CAN GO WRONG ? WHAT CAN BE DONE TO PREVENT IT ? ESARR 2 deals with the PAST… ESARR 3 is focused on the PRESENT… MANAGING THE RISK ESARR 4 is about the FUTURE

ESARR 4 REQUIREMENTS EUROCONTROL IN PRACTICAL TERMS. . . PROJECT DETERMINATION & SPECIFICATION DESIGN AND DEVELOPMENT INSTALLATION AND TRANSITION OPERATION RISK ASSESSMENT AND MITIGATION PROCESS Risk Assessment and Mitigation Deliverables RISK ASSESSMENT AND MITIGATION DOCUMENTATION REVIEW OF THE RISK ASSESSMENT AND MITIGATION DOCUMENTATION ACCEPTANCE

IN ACCORDANCE WITH ESARR 4…. ESARR 4 REQUIREMENTS EUROCONTROL Hazard identification & risk assessment and mitigation for any change to those parts of the ATM System & supporting services under the provider's managerial control SYSTEM DESIGN IMPLEMENTATION OPERATION SYSTEM DEFINITION DETERMINATION OF: n SCOPE n BOUNDARIES n INTERFACES n FUNCTIONS n OPERATIONAL ENVIRONMENT OF THE CONSTITUENT BEING CONSIDERED DETERMINATION OF SAFETY OBJECTIVES: (to be placed on the constituent part) DERIVATION OF RISK MITIGATION STRATEGY: VERIFICATION: THAT ALL IDENTIFIED IDENTIFY: ASSESS: DETERMINE: SPECIFY: n ATM-RELATED n THE EFFECTS THEIR TOLERABILITY IN TERMS OF DEFENCES TO MEET SAFETY OBJECTIVES AND REDUCE OR ELIMINATE THE RISKS INDUCED BY IDENTIFIED HAZARDS CREDIBLE HAZARDS n FAILURE THEY MAY HAVE ON THE SAFETY OF AIRCRAFT CONDITIONS & n THEIR COMBINED EFFECTS n THE SEVERITY HAZARD'S MAXIMUM PROBABILITY OF OCCURRENCE OF THOSE EFFECTS SEVERITY CLASSIFICATION SCHEME RISK CLASSIFICATION SCHEME as included in ESARR 4 Appendix A (Fig A 1) (but not the same one !!) consistent with the one of ESARR 4 Appendix A (Fig A 2) SAFETY OBJECTIVES (Quantitative) n SAFETY OBJECTIVES n SAFETY REQUIREMENTS HAVE BEEN MET è PRIOR TO IMPLEMENTATION OF THE CHANGE è DURING ANY TRANSITION SAFETY REQUIREMENTS MAY BEAR ON THE CONSTITUENT PART UNDER CONSIDERATION AND/OR OTHER PARTS OF THE ATM SYSTEM OR OPERATIONAL ENVIRONMENT INTO OPERATIONAL SERVICE è DURING OPERATIONAL LIFE è DURING ANY TRANSITION TILL DECOMMISIONING (Both qualitative and quantitative methods can be used) SAFETY REQUIREMENTS (Quantitative and/or Qualitative)

IN ACCORDANCE WITH ESARR 4…. FIRST STEP Determination of the constituent part being considered ESARR 4 REQUIREMENTS EUROCONTRO DETERMINATION OFassessment THE CONSTITUENT PART The "constituent part" under is determined by what the ATM service provider wants to introduce at the time BEING CONSIDERED DETERMINATION OF: n SCOPE n BOUNDARIES n INTERFACES n FUNCTIONS n OPERATIONAL ENVIRONMENT OF THE CONSTITUENT BEING CONSIDERED

IN ACCORDANCE WITH ESARR 4…. SECOND STEP ESARR 4 REQUIREMENTS EUROCONTRO Determination of Safety Objectives We identify hazards and determine "Safety Objectives" to express the maximum tolerability of DETERMINATION the hazards identified… OF SAFETY OBJECTIVES … These "Safety Objectives" will become targets to be achieved when designing, developing and operating the system DETERMINATION OF: n SCOPE n BOUNDARIES n INTERFACES n FUNCTIONS n OPERATIONAL ENVIRONMENT OF THE CONSTITUENT BEING CONSIDERED DETERMINATION OF SAFETY OBJECTIVES: (to be placed on the constituent part) IDENTIFY: ASSESS: DETERMINE: n ATM-RELATED n THE EFFECTS THEIR TOLERABILITY IN TERMS OF CREDIBLE HAZARDS n FAILURE THEY MAY HAVE ON THE SAFETY OF AIRCRAFT CONDITIONS & n THEIR COMBINED EFFECTS n THE SEVERITY HAZARD'S MAXIMUM PROBABILITY OF OCCURRENCE OF THOSE EFFECTS SEVERITY CLASSIFICATION SCHEME RISK CLASSIFICATION SCHEME as included in ESARR 4 Appendix A (Fig A 1) (but not the same one !!) consistent with the one of ESARR 4 Appendix A (Fig A 2) SAFETY OBJECTIVES (Quantitative)

IN ACCORDANCE WITH ESARR 4…. THIRD STEP ESARR 4 REQUIREMENTS EUROCONTRO Derivation of a Risk Mitigation Strategy In order to meet the Safety Objectives, various mitigation measures are identified. DERIVATION OF A RISK STRATEGY They are commonly known. MITIGATION as "Safety Requirements" DETERMINATION OF: n SCOPE n BOUNDARIES n INTERFACES n FUNCTIONS n OPERATIONAL ENVIRONMENT OF THE CONSTITUENT BEING CONSIDERED DETERMINATION OF SAFETY OBJECTIVES: (to be placed on the constituent part) DERIVATION OF RISK MITIGATION STRATEGY: IDENTIFY: ASSESS: DETERMINE: SPECIFY: n ATM-RELATED n THE EFFECTS THEIR TOLERABILITY IN TERMS OF DEFENCES TO MEET SAFETY OBJECTIVES AND REDUCE OR ELIMINATE THE RISKS INDUCED BY IDENTIFIED HAZARDS CREDIBLE HAZARDS n FAILURE THEY MAY HAVE ON THE SAFETY OF AIRCRAFT CONDITIONS & n THEIR COMBINED EFFECTS n THE SEVERITY HAZARD'S MAXIMUM PROBABILITY OF OCCURRENCE OF THOSE EFFECTS SEVERITY CLASSIFICATION SCHEME RISK CLASSIFICATION SCHEME as included in ESARR 4 Appendix A (Fig A 1) (but not the same one !!) consistent with the one of ESARR 4 Appendix A (Fig A 2) SAFETY OBJECTIVES (Quantitative) SAFETY REQUIREMENTS MAY BEAR ON THE CONSTITUENT PART UNDER CONSIDERATION AND/OR OTHER PARTS OF THE ATM SYSTEM OR OPERATIONAL ENVIRONMENT SAFETY REQUIREMENTS (Quantitative and/or Qualitative)

IN ACCORDANCE WITH ESARR 4…. FOURTH STEP ESARR 4 REQUIREMENTS EUROCONTRO Verification Verify that all identified Safety Objectives and Safety Requirements have been met VERIFICATION DETERMINATION OF: n SCOPE n BOUNDARIES n INTERFACES n FUNCTIONS n OPERATIONAL ENVIRONMENT OF THE CONSTITUENT BEING CONSIDERED DETERMINATION OF SAFETY OBJECTIVES: (to be placed on the constituent part) DERIVATION OF RISK MITIGATION STRATEGY: VERIFICATION: THAT ALL IDENTIFIED IDENTIFY: ASSESS: DETERMINE: SPECIFY: n ATM-RELATED n THE EFFECTS THEIR TOLERABILITY IN TERMS OF DEFENCES TO MEET SAFETY OBJECTIVES AND REDUCE OR ELIMINATE THE RISKS INDUCED BY IDENTIFIED HAZARDS CREDIBLE HAZARDS n FAILURE THEY MAY HAVE ON THE SAFETY OF AIRCRAFT CONDITIONS & n THEIR COMBINED EFFECTS n THE SEVERITY HAZARD'S MAXIMUM PROBABILITY OF OCCURRENCE OF THOSE EFFECTS SEVERITY CLASSIFICATION SCHEME RISK CLASSIFICATION SCHEME as included in ESARR 4 Appendix A (Fig A 1) (but not the same one !!) consistent with the one of ESARR 4 Appendix A (Fig A 2) SAFETY OBJECTIVES (Quantitative) n SAFETY OBJECTIVES n SAFETY REQUIREMENTS HAVE BEEN MET è PRIOR TO IMPLEMENTATION OF THE CHANGE è DURING ANY TRANSITION SAFETY REQUIREMENTS MAY BEAR ON THE CONSTITUENT PART UNDER CONSIDERATION AND/OR OTHER PARTS OF THE ATM SYSTEM OR OPERATIONAL ENVIRONMENT INTO OPERATIONAL SERVICE è DURING OPERATIONAL LIFE è DURING ANY TRANSITION TILL DECOMMISIONING (Both qualitative and quantitative methods can be used) SAFETY REQUIREMENTS (Quantitative and/or Qualitative)

Quantification of Safety Objectives FAILURE HAZARD PROBABILITY OF OCCURRENCE OF THE HAZARD INCIDENT OR ACCIDENT SRC POL DOC 1 ECAC ATM Safety Minima CLASS 1 Accidents SAFETY OBJECTIVE ? 1, 55 x 10 -8 ? TBD MAXIMUM PROBABILITY OF OCCURRENCE OF HAZARD PROBABILITY OF THE HAZARD LEADING TO ACCIDENT/INCIDENT MAXIMUM PROBABILITY OF OCCURRENCE OF HAZARD EFFECTS SEVERITY OF EFFECTS ON AIRCRAFT OPERATIONS SEVERITY OF EFFECTS INDUCED BY THE HAZARD CLASS 2 Serious Incidents CLASS 3 Major Incidents CLASS 4 Significant Incidents CLASS 5 No Immediate Effect on Safety LIMITATIONS…. ESARR 2 collection

The ATM system and supporting services ( TOTAL SYSTEM APPROACH) Operational environment boundary CNS/ATM system boundary ATSU Aircraft People ATC Procedures Ground Equipment Airspace Flight Operations procedures Pilot training Aircraft equipment CNS/ATM Procedures

To. Tal System Approach and associated doc ICAO Annex 14 and associated doc ATM Safety codes Ai rp or co t Sa de fe ty s ICAO Annex 11 ICAO Annex 8 Airworthiness codes Flight Operations Certification codes and associated doc ICAO Annex 6 and associated doc

To. Tal System Approach Equipment specifications, limitations, operations and maintenance Flight Manual Maintenance Manual Equipment Manufacturer Aeroplane Manufacturer Types of operations authorised Authorised areasof operations AIS ANSP Aeroplane Operator Airspace Environment State Safety Assessment State National Airworthiness Authority AIS: Aeronautical Information Services National Airworthiness Authority State National Operational Approval Authority ANSP Supervisory Authority

ESARR 4 REQUIREMENTS EUROCONTROL More Guidance ? è ESARR 4 Guidance Material - EAM 4/GUI 1 Explanatory Material on ESARR 4 Edition 1. 0 EUROCONTROL Safety Regulation Commission - Workshop on ESARR 3 and Related Material

SAFETY REGULATION COMMISSION Harmonisation of ATM Safety Regulation & ESARRs Martine Blaize - Deputy of Safety Regulation Unit (SRU)