55TH ANNUAL CONFERENCE, Las Vegas, USA, 14-18 March 2016WP No. 307A Review of the Policy on the ATM Safety Monitoring ToolPresented by PLC |
Summary
IFATCA has policy regarding what constitutes an ATM Safety Monitoring Tool and how it should be used. This paper will review the policy to ensure it continues to fit with new developments in the area and is valid for likely changes to the working environment.
Introduction
1.1. The current IFACTA Policy for ATM Safety Monitoring Tools from the 2014 Technical and Professional Manual states:
1.2. IFATCA considers ASMT to denote a generic ATM Safety Monitoring Tool that extracts ATM system data to detect infringements to parameters predefined within the system itself.
1.3. IFATCA Policy is:
| ASMT must be part of a Safety Management System and shall not be used by Management as a punitive tool for disciplinary action.
Except for Aerodrome Control, the introduction of ASMT shall be preceded by the introduction of STCA. Implementation of ASMT must be preceded by a clear statement in which its goals are defined. ATCOs shall be involved in the definition of the ASMT role. The criteria used to set up the ASMT parameters must be carefully planned and monitored. Sufficient consideration must be given to restrict false or nuisance reports. The system should not be used as a performance monitor for individual controllers. Analysis of any derived data should be undertaken by appropriately experienced and trained ATM safety experts. |
1.4. In this paper the current policy will be reviewed considering any relevant changes to ASMT focusing on the factors Member Associations should consider if being implemented in their state. It will also consider how future evolutions of the concept may impact the role of the ATCO.
Discussion
2.1. Background
2.1.1. The use of automated Air Traffic Management Safety Monitoring Tools began in the 1990’s in response to advances in technology allowing near live monitoring of aircrafts positions through radar derived data and comparing these against defined separation minima.
2.1.2. During the past two decades the technology behind these systems has advanced dramatically and the algorithms used to analyse live data is becoming incredibly advanced. These technological advances are forecast to continue and accelerate over the coming years as we enter the world of ‘Big Data’, where multiple sources of ever more accurate data are becoming available for storage and analysis over multiple platforms.
2.1.3. Perhaps the most advanced current system is that used by Eurocontrol which dynamically received and processes radar, system and downlinked data such as TCAS RAs and altitude deviations, continually processing the incoming stream against defined parameters.
2.1.4. Any potential scenario that may result in ‘an event’ is immediately stored with all available information sources retained for manual and automatic analysis. The concept is purported to be aimed at aiding early identification of long term trends and changes to the ATM network which may increase the latent risk of the operation.
2.1.5. Although the Eurocontrol system is very advanced, many other ANSPs have implemented similar systems which monitor their network for potential violations to the ATM Safety Monitoring Systems Separation Laws.
2.1.6. As the technology and regulatory oversight pushes ANSPs to become ever more efficient, the use of these tools is now being assessed against future Key Performance Indicators (KPIs) set by regional and international bodies. At a state level within Europe the monitoring of safety performance falls within their responsibility for safety oversight, as required by Regulation (EC) No 1315/2007 on safety oversight in ATM and by EUROCONTROL Safety Regulatory Requirement ESARR 1.
2.2. IFATCA Policy
2.2.1. While the principles of the current policy remain extant at a conceptual level, each element shall be reviewed to ensure that it remains appropriate in the current environment. Once the content is agreed, amendments will be proposed to merge these elements into a more logical statement.
2.2.2.
| “ASMT must be part of a Safety Management System and shall not be used by Management as a punitive tool for disciplinary action.” |
2.2.3. Any perception that the introduction of ASMT may be used as a mechanism to identify specific ATCOs is neither desirable nor conducive to an open and honest working environment. However ATCOs take their responsibilities very seriously and an essential element of the ATC System is the reliance on professionalism and trust in our colleagues to perform their task in an appropriate manner.
2.2.4. There are very rare occasions where an ATCO may act irresponsibly and in the absence of their action being otherwise observed or reported, there may be situations where an ASMT system which recognises the incident may justifiably be used to take proportionate action against the individually, which may be punitive?
2.2.5. Considering this scenario, and the widespread introduction of Team Resource Management (TRM) as well as recognised Just Culture principles, a more balanced statement would be “….shall not be used in order for Management to take punitive action.”
2.2.6. This statement is then expanded with the subsequent addition of:
2.2.7.
| “Any incidents identified by an ASMT shall be subject to a thorough holistic investigation of the scenario by appropriately qualified personnel and any subsequent action regarding the person(s) involved shall take full account of Just Culture principles.” |
2.2.8. The next element of the existing policy states:
2.2.9.
| “Except for Aerodrome Control, the introduction of ASMT shall be preceded by the introduction of STCA.” |
2.2.10. For an ATCO working in a radar environment it is entirely appropriate to require an appropriately configured Short-Term Conflict Alert (STCA) tool to be available to assist them before an ASMT is active.
2.2.11. However, the specific exclusion of Aerodrome Control from this statement unless an STCA tool is incorporated is outdated. As technology has progressed a number of safety systems have been created which offer Aerodrome Control a similar set of protections that do not necessarily include STCA. An example of such a system would be Searidge Technologies RIMCAS (Runway Incursion Monitoring and Collision Avoidance System) which monitors trajectories within a defined aerodrome zone, alerting the ATCO in a similar fashion to STCA in the radar environment.
2.2.12. There are also tools which offer protection for airborne traffic in the vicinity which do not conform to the limited definition of STCA. Therefore it is proposed that the statement is amended to allow for alternate technologies as appropriate for the environment. The proposed amendment states:
2.2.13.
| “An ASMT shall only be enabled once appropriate safety nets relevant to the task such as STCA have been incorporated.” |
2.2.14. The next two elements of the existing policy states to be considered are:
2.2.15.
| “ATCOs shall be involved in the definition of the ASMT role” |
2.2.16.
| “Implementation of ASMT must be preceded by a clear statement in which its goals are defined.” |
2.2.17. The requirement for ATCOs to be actively engaged at all stages in the development, implementation and review stages is paramount to the creation and maintenance of a robust safety focussed operation. Therefore there are no proposed amendments to the first element.
2.2.18. However the second sentence is an integral requirement of the previous line and should therefore be considered for deletion.
2.2.19.
| “The criteria used to set up the ASMT parameters must be carefully planned and monitored. Sufficient consideration must be given to restrict false or nuisance reports.” |
2.2.20. While there is nothing inappropriate about this statement, the second sentence is predominantly an expansion of the previous. Therefore it is proposed that this be replaced with:
2.2.21.
| “The criteria used to define ASMT parameters must be carefully planned and monitored with due consideration to minimising nuisance alerts” |
2.2.22. The final two elements of the existing policy are:
2.2.23.
| “The system should not be used as a performance monitor for individual controllers. Analysis of any derived data should be undertaken by appropriately experienced and trained ATM safety experts.” |
2.2.24.
| “Data obtained from the system should not be used as a capacity measurement or monitoring indicator.” |
2.2.25. While these statements are still appropriate, they can be reinforced through the removal of “should” and clarified by removing the potentially inaccurate reference to “ATM” safety experts. The proposed combined statement then reads:
2.2.26.
| “The system shall not be used as a performance monitor for individual controllers, for capacity measurement or as a monitoring indicator. Analysis of any derived data shall be undertaken by appropriate safety experts.” |
2.2.27. This concludes the review of the ASMT policy, however during this process a recurring theme of the evolving ATM environment within ASMT is the exponential rise of data gathering.
2.2.28. Following the rise in quality and quantity of data now available for analysis, ANSPs are considering how they may be able to use this data to analyse the performance of ATS provision.
2.2.29. As a concept, this introduces some significant challenges over the evolution of performance based feedback and individual controller performance and conformance monitoring. While this has previously been confined to areas such as separation monitoring and reportable incidents, in an increasingly electronic environment where all elements of the system are chronologically recorded (Radar, RT, Mode S parameters, Electronic strip entries, etc) ANSPs are now considering how this data can be used to assess the performance of all elements of ATC.
2.2.30. It is possible to recreate traffic scenarios in a highly accurate manner. Some ANSPs are beginning to use these models to compare flight efficiency performance in near real time. These are then compared between sectors, routes and ATCO teams. It is likely that an early consideration will be how this can be utilised to compare and contrast similar operations and operators safety performance, and subsequently understand how to maximise the performance of the operation.
2.2.31. Depending upon how this is implemented, it may present risks to the ATCO community which are not fully understood. However we should also appreciate that, used appropriately, in an open and constructive fashion, this analysis may help enrich the ATCO community and support future personal development.
2.2.32. While not directly comparable, consider the use of Cockpit Data Management (and monitoring). In modern airliners each airframe streams data to airlines and manufacturers. Models of normal operations were developed and any observed data which falls outside of these limits is logged. The processing then determines how this is recorded and potentially fed back to the operator. While many crews were initially sceptical about it’s purpose, when used constructively and in a supportive capacity, many pilots now feel that it is of positive benefit to their role.
2.2.33. In order for this to be a positive evolution, trust must be established in the validity of the data and fair and transparent manner in which this is processed.
2.2.34. While not within the remit of the ASMT tool policy, the broad access to data is a potential concern if not used in a responsible and appropriate manner to support the ATCOs and the ANSP. It is therefore suggested that how this data is obtained and processed is included in a future work package.
Conclusions
3.1. The evolution of ASMT and the legal requirement to implement it in an increasing number of states presents a challenge for many ATCO communities. The paper ensures that the IFATCA policy is fit for purpose, providing a clear framework to Member Associations who are either experiencing ASMT for the first time or dealing with the evolution of existing systems.
3.2. The paper also identifies potential future challenges that the increasing levels of data capture, processing and storage may present ATCOs.
Recommendations
4.1. It is recommended that IFATCA Policy is:
4.2.
ASMT must be part of a Safety Management System and shall not be used in order for Management to take punitive action. An ASMT shall only be enabled once appropriate safety nets relevant to the task such as STCA have been incorporated. The criteria used to define ASMT parameters must be carefully planned and monitored with due consideration to minimising nuisance alerts.
4.3.
ATCOs shall be involved in the definition of the ASMT role.
4.4.
Any incidents identified by an ASMT shall be subject to a thorough holistic investigation of the scenario by appropriately qualified personnel and any subsequent action regarding the person(s) involved shall take full account of Just Culture principles.
4.5.
The system shall not be used as a performance monitor for individual controllers, for capacity measurement or as a monitoring indicator. Analysis of any derived data shall be undertaken by appropriate safety experts.
References
IFATCA Technical & Professional Manual 2014.
https://www.eurocontrol.int/services/automatic-safety-monitoring-tool
Eurocontrol ASMT Factsheet – Automatic Safety Monitoring Tool.
https://www.skybrary.aero/index.php/Flight_Data_Monitoring
https://www.caa.co.uk/docs/33/CAP739.PDF
https://www.iaa.ie/…/PRBMonitoringReport2012-Volume4-Safety1.pdf
CANSO Safety Management System – A CANSO Standard of Excellence September 2009 https://www.canso.org/safety/documents
https://www.eurocontrol.int/sites/default/files/publication/files/20120207-factsheet-asmt.pdf
Last Update: October 1, 2020