Develop Policy on System Defences During Planned System Degradation

  • Home 2004 Develop Policy on System Defen....

Develop Policy on System Defences During Planned System Degradation

43RD ANNUAL CONFERENCE, Hong Kong, China (SAR), 22-26 March 2004

WP No. 100

Develop Policy on System Defences During Planned System Degradation

Presented by SC1


1.1 In the light of the serious accidents in Italy and Germany the EUROCONTROL Provisional Council established a High Level European Action Group for ATM Safety (AGAS) to identify priority actions to further improve ATM safety across European Civil Aviation Conference (ECAC).

1.2 AGAS carried out an impartial overview of European ATM Safety and identified priority actions to further improve ATM safety across the ECAC area. In advance to the development of the Action Plan, AGAS considered that certain of the high priority areas could well have a direct and immediate impact on the ATM safety levels.

1.3 One of the priority areas concerned are the resourcing of controller working positions, particularly during periods of systems outage.

1.4 In light of the discussions during last year’s Annual Conference, SC1 accepted the work item to develop policy on system defences during PLANNED system degradation


2.1 PLANNED SYSTEM DEGRADATION could be any potential reduction in the availability, reliability or integrity of any part of the ATM system, known in advance to the user of the system.

2.2 Out of the AGAS report:

“There are still significant difference in application and implementation of various Human Factors developments designed to ensure a safe provision of ATM services. In particular there is concern that there are insufficient arrangements for the staffing of controller working positions during outages, maintenance phases and transition phases to new systems”.

2.3 The PANS-ATM, Doc 4444, states:

Para 2.3.1:

An ATS safety management programme should include, inter alia, the following with respect to the provision of air traffic services : c) safety assessments in respect of the planned implementation of airspace reorganizations, the introduction of new equipment systems or facilities, and new or changed ATS procedures.


Reports concerning the serviceability of ATS facilities and systems, such as failures and degradations of communications, surveillance and other safety significant systems and equipment, shall be systematically reviewed by the appropriate ATS authority in order to detect any trend in the operation of such systems which may have an adverse effect on safety.

Para 2.5.2:

Scope, Regulatory issues

g) procedures to be applied in the event of failures or degradations of ATS systems, including communications, navigation and surveillance systems, are practicable and will provide for an acceptable level of safety.

para 2.5.2:

Scope, Operational and technical issues

d) communications, navigation, surveillance and other safety significant systems and equipment

4) include documentation on the consequences of system, sub-system and equipment failures and degradations,

5) include measures to control the probability of failures and degradations, and,

6) include adequate back-up facilities and/or procedures in the event of a system failure or degradation.

2.4 The above paragraph confirms that safety assessments are only required when implementing NEW systems but does not cover for planned system degradation.

2.5 Issues to be considered when discussing planned system degradation are:

  • sufficient staffing of controller working positions
  • risk assessment and risk management

2.6 For any service provider it is important to understand the operation of his system and to provide a means to identify potential weaknesses when planning system degradation.


3.1 Planned system degradation is part of the ATM system.

3.2 Procedures, guidelines or recommendations should be in place for service providers how to safely manage planned system degradation. Every planned system degradation should be done in a co-ordinated manner, and the effect on operations should be thoroughly investigated.

3.3 Within the context of procedures to be applied in the event of and measures to control the probability of failure or degradation, PANS-ATM, doc 4444 omits the requirement to have risk assessment in case of planned system degradation.

3.4 When making policy on planned system degradation, two issues should be clearly considered:

  • Risk management/assessment
  • Resource of controller working positions

3.5 Multiple events, such as software changes/technical upgrades should be kept to an absolute minimum.


It is recommended that;

4.1 Risk assessment should be carried out for every planned system degradation.

4.2 Arrangements should be made for sufficient staffing during planned system degradation.

4.3 MAs should direct their Air Navigation Services Provider (ANSP) to take full account of the severity/level of impact on operations, in order to protect ATS staff from operational complications originated by system degradation.

Last Update: September 29, 2020  

March 24, 2020   877   Jean-Francois Lepage    2004    

Comments are closed.

  • Search Knowledgebase