Fail to Safe
Fail to Safe
The ‘fail to safe’ phase of contingency deals with the immediate and short term actions to be taken within the first 48 hours after any emergency.
The priority of the ‘fail to safe’ phase is to ensure the safety of contingency operations in the immediate aftermath of an emergency and to lay the foundations for the service continuity and recovery phases.
The contingency policy should set out the organisation's attitude towards contingency and state the overall Contingency goals and objectives. In particular, it identifies the scope of Contingency within the organisation, e.g. whether it wishes to include the provision of service continuity or limit provision to 'fail to safe' modes of operation. Whatever the policy, safety is considered to be a 'constant'; it should not be compromised (e.g. air navigation service providers (ANSP) should ensure that they can 'fail to safe' in emergency and degraded modes of operation). Within the planning for ‘fail to safe’ several different phases can be identified.
Phase 1 - Immediate Actions. A dangerous situation has been identified. Actions focus on:
- The safe handling of aircraft in the airspace of the ‘failing’ unit, using all technical means still operationally available.
- Securing the actual traffic situation, considering possible options such as the:
- delegation of air traffic services (ATS) to other ANSPs;
- implementation of emergency contingency flight level allocation schemes (cFLAS); or
- evacuation of the airspace - 'clear the skies'.
- Determining the magnitude of problem and the duration of the outage.
- Preparation of ‘fall-back’ instructions to ensure the safety of operations allowing a 'smooth' transition to service continuity and recovery.
- Informing all interested parties - neighbours and Central Flow Management Unit (CFMU).
- Evacuating control rooms, if necessary.
Phase 2: Short/Medium Term Actions (<48 hours). Focuses on stabilising the situation and, if necessary, preparing for longer term contingency arrangements. Actions will include:
- Completion of notification to interested parties.
- Initiation of contingency measures such as the delegation of ATS, where appropriate.
- Determination and coordination of flow control measures.
- Contingency Lifecycle
- Emergency Phase in Contingency
- Safety Management for Contingency
- Service Continuity
- Testing and Exercising
- Training for Contingency Operations
- For further information on Contingency Planning see the EUROCONTROL, Guidelines for Contingency Planning for Air Navigation Services (including Service Continuity). In particular, the safety requirement for an ACC to ‘fail to safe’ is covered on page 57 of the guidelines. There is also a useful summary of the key issues on Page 77.
- Contingency Planning of ANS- A practical case: Fire in a tower Practical Case study, by Professor Chris Johnson.
- See also the EUROCONTROL Reference Guide to EUROCONTROL Guidelines for Contingency Planning