1. Safety Assessment The European Organisation for the Safety of Air Navigation

2. Safety Assessment Safety Assessment is an EC1035/2011 requirement EC1034-2011 helps understanding which changes require a formal assessment that needs NSA review Experience has shown that the Safety Consideration Process provides good understanding of the changes

3. Safety Assessment The Only acceptable means of compliance to ESARR4 (~EC1035/2011) as of today is SAM (with limitations) SAM most suitable for hardware changes for which we can have an influence on the design, usage much more difficult for many other changes, procedures, airspace etc… SAM is a toolbox mainly known for its FHA-PSSA- SSA processes - Functional Hazard Assessment - Preliminary System Safety Assessment - System Safety Assessment

4. Safety Assessment eSAM eSAM V2.1 helps navigating through the documentation set of "ANS Safety Assessment Methodology"; http://www.eurocontrol.int/safety/public/site_prefe rences/display_library_list_public.html#17http://www.eurocontrol.int/safety/public/site_prefe rences/display_library_list_public.html#17

5. Safety Assessment Safety considerations Initial safety argument Safety Plan Go further? Y N Safety consideration report Argumented rationale for not going further Go further? Y N Initial Safety argument (termination) Argumented rationale for not going further Safety assessment (activities as per Safety Plan) SAFETY CASE Safety Case Report Brainstorming First attempt to construct Safety Argument (high level) Translation of initial argument into required activities Conduct of activities Production of the report OPS Concept (concept elements)

6. Safety Assessment Safety considerations process

7. Safety Assessment No operational concept Scope unclear Missing assumptions Safety requirements unrealistic Bad arguments Little or no evidence Errors in calculations No concept of operations Impact at boundaries not addressed Hazards classification questionable SAFETY BENEFITS OF NORMAL OPERATIONS? What are the needs for change? What are the new system boundaries? (OPS Concept) Are there (initial) assumptions? (OPS Concept) Are (Initial) Safety requirements realistic? Will it be possible to build an argument? What evidence could be provided? Would it feasible and beneficial to quantify? How shall the new system/change be operated? What are the interfaces? What impact foreseeable? How and who will assess hazards? In what way is the proposed operational concept different from current one? Safety considerations

8. Safety Assessment We have trained the staff We have a fall-back system We have temporary procedures OK if breakdown Switching over should be OK We have tested the system Good Specifications System OK New center will start operations On XX/XX/XX Decision to go operational How did we do things so far? We have Revised procedures Staff OK What we used to do What we concluded

9. Safety Assessment What are we asked to do today? We have trained the staff We have Contingency measures We have temporary procedures OK if breakdown Switching over should be OK We have tested the system Good Specifications System OK New center will start operations On XX/XX/XX We have Revised procedures Staff OK We have trained the staff We have Contingency measures We have temporary procedures OK if breakdown Switching over should be OK We have tested the system Good Specifications System OK It will be safe to provide operations from new center We have Revised procedures Staff OK

10. Safety Assessment We need to demonstrate that change will be safe How are we going to do that? CONOPS Why do we want to do this change? Is there anything that we know we will only be able to prove after implementation but we are confident we are right Criteria for safety (ESARR4) Safe by design Safe after implementation Safe to migrate operations On-going operations will be safe Life cycle How are we going to do that? Safety Plan Arg0 Arg1 Arg2 Arg3 Arg4 Caveats How are we going to do that? How are we going to do that? How are we going to do that? Initial safety argument OPS Concept (concept elements)

11. Safety Assessment Safety Assessment for DQR [DQR-REQ-300] The safety assessment process to support the establishment of new or updated data quality requirements shall be documented and include all the necessary steps to derive the data quality requirements to ensure data of sufficient quality are provided to meet the intended use for each data item under consideration, as a minimum:

12. Safety Assessment 1. Identify all relevant uses for the aeronautical data item or dataset. 2. Conduct Hazard Identification and Analysis. 3. Determine accuracy and resolution requirements taking into consideration: a)The functionality, performance and availability required by the intended use to achieve an acceptable level of safety. b)The inherent limitations in originating the data item or dataset. 4. Determine the data integrity level, based on the results of step 1 and step 2, for the most stringent use. 5. Consider the necessity to assign requirements for the ability to determine the origin of the data, other than the ones already defined in Annex I Part C of Commission Regulation (EU) 73/2010. 6. Consider the necessity to assign requirements for the level of assurance that the data is made available to the next intended user prior to its effective start date/time and not deleted before its effective end date/time, other than the ones already defined in Article 7(3) and Article 7(4) of Commission Regulation (EU) 73/2010. Safety Assessment for DQR

13. Safety Assessment Initial safety argument Lets have a look at the MS-Visio figures

14. Safety Assessment

16. Q&A The European Organisation for the Safety of Air Navigation