Back to top
Risk management of specific threat scenarios
Date issue released
Safety Issue Description

Although Airservices Australia applied operational risk assessments to high-level threats, it did not formally assess and manage the risk of specific threat scenarios. As a likely result, Airservices did not formally identify and risk manage the threat of separate aircraft concurrently carrying out the MARUB SIX standard instrument departure and a missed approach from runway 34R at Sydney Airport, even though it had been a known issue among controllers generally.

Issue number
AO-2019-041-SI-02
Issue Status
Closed – Adequately addressed
Transport Function
Airspace
Issue Owner
Airservices Australia
Mode of Transport
Aviation
Issue Status Justification

The ATSB considers that, ideally, specific threat scenarios would be individually recorded, analysed, and tracked on an ongoing basis. However, the inclusion of specific scenarios in periodic risk review activities improves risk record-keeping, and more frequent operational risk reviews now conducted by Airservices Australia are likely to significantly enhance the ongoing identification, assessment and treatment of specific threat scenarios.

Proactive action
Action number
AO-2019-041-PSA-05
Organisation
Airservices Australia
Action Status
Closed
Action description

Airservices advised on 14 June 2023 that 2 ‘escalation factors’ (elements of a risk assessment) were added to the operational risk assessment (ORA) in November 2020. The escalation factors added were:

  • RWY [runway] 34R missed approach and the MARUB SID [standard instrument departure]
  • Minimum distances between successive arrivals and a reference to the applicable [existing] procedure.

These were removed on 2 Dec 2021 with implementation of the runway 34R missed approach redesign (which now had a turn point that closely replicates where an aircraft on the MARUB SIX SID would commence turning).

Following further correspondence with the ATSB, on 1 September 2023 Airservices advised:

Since 2019, we have continued to evolve our operational safety risk management processes. Recent enhancements, supported by integration into the Corporate Integrated Risk and Reporting System (CIRRIS), including:

  • Unit operational risks are reviewed and individually assessed in accordance with the Airservices Risk Standard (as opposed to only being assessed at an aggregated level). On this basis, the maximum period between ORA [operational risk assessment] reviews is now three months or six months depending on the risk classification (previously within 2 years). Risks continue to be reviewed as needed, based on changes in the operating environment, changes to the airways system and based on reported occurrence trends.
  • Changes to risks are now recorded in discrete risk reviews and are retained with the risk record for improved visibility.
  • Risk classification assessments are informed by occurrence history (incl. threat scenarios) and Subject Matter Expert (SME) input.
  • Supporting evidence (such as safety cases or occurrence analysis) can be attached directly to risk assessments and actions can be linked directly to the assessments to provide assurance that related tasks are completed.
  • Introducing a control effectiveness deep dive. This provides further capability to document control effectiveness against specific threat scenarios and apply this to a risk review activity.
Risk management of specific threat scenarios
Safety Issue Description

Although Airservices Australia used applied operational risk assessments to high-level threats, it did not formally assess and manage the risk of specific threat scenarios. As a likely result, Airservices did not formally identify and risk manage the threat of separate aircraft concurrently carrying out the MARUB SIX standard instrument departure and a missed approach from runway 34R at Sydney Airport, even though it had been a known issue among controllers generally.

Issue number
AO-2019-041-SI-02
Issue Status
Closed – Adequately addressed
Transport Function
Airspace
Issue Owner
Airservices Australia
Mode of Transport
Aviation
Issue Status Justification

The ATSB considers that, ideally, specific threat scenarios would be individually recorded, analysed, and tracked on an ongoing basis. However, the inclusion of specific scenarios in periodic risk review activities improves risk record-keeping, and more frequent operational risk reviews now conducted by Airservices Australia are likely to significantly enhance the ongoing identification, assessment and treatment of specific threat scenarios.

Proactive action
Action number
AO-2019-041-PSA-05
Organisation
Airservices Australia
Action Status
Closed
Action description

Airservices advised on 14 June 2023 that 2 ‘escalation factors’ (elements of a risk assessment) were added to the operational risk assessment (ORA) in November 2020. The escalation factors added were:

  • RWY [runway] 34R missed approach and the MARUB SID [standard instrument departure]
  • Minimum distances between successive arrivals and a reference to the applicable [existing] procedure.

These were removed on 2 Dec 2021 with implementation of the runway 34R missed approach redesign (which now had a turn point that closely replicates where an aircraft on the MARUB SIX SID would commence turning).

Following further correspondence with the ATSB, on 1 September 2023 Airservices advised:

Since 2019, we have continued to evolve our operational safety risk management processes. Recent enhancements, supported by integration into the Corporate Integrated Risk and Reporting System (CIRRIS), including:

- Unit operational risks are reviewed and individually assessed in accordance with the Airservices Risk Standard (as opposed to only being assessed at an aggregated level). On this basis, the maximum period between ORA [operational risk assessment] reviews is now three months or six months depending on the risk classification (previously within 2 years). Risks continue to be reviewed as needed, based on changes in the operating environment, changes to the airways system and based on reported occurrence trends.
- Changes to risks are now recorded in discrete risk reviews and are retained with the risk record for improved visibility.
- Risk classification assessments are informed by occurrence history (incl. threat scenarios) and Subject Matter Expert (SME) input.
- Supporting evidence (such as safety cases or occurrence analysis) can be attached directly to risk assessments and actions can be linked directly to the assessments to provide assurance that related tasks are completed.
- Introducing a control effectiveness deep dive. This provides further capability to document control effectiveness against specific threat scenarios and apply this to a risk review activity.