Note: This article is entirely based on the draft ICAO NOSS Manual.
In observing the business-like approach to safety underlying Safety Management Systems (SMS), it is evident that in order to sustain safety in the modern aviation system, a proactive data collection methodology, to complement the existing reactive systems, is required. To that end, electronic data acquisition systems and non-jeopardy self-reporting programmes were introduced to collect safety data from normal operations. The latest addition to these proactive safety data collection methodologies are data acquisition systems that are based on direct observation of operational personnel during normal operations.
NOSS was introduced by recommendation 2/5 of the Eleventh International Civil Aviation Organisation (ICAO) Air Navigation Conference, held in Montreal in 2003, which reads: “That ICAO initiate studies on the development of guidance material for the monitoring of safety during normal air traffic service operations, taking into account, but not limited to, the line operations safety audit (LOSA) programmes which have been implemented by a number of airlines.”
Although NOSS is different from LOSA in many respects, there are also similarities in the methodology applied by both. NOSS and LOSA are both based on the Threat and Error Management (TEM) framework. NOSS was developed with the assistance of the ICAO NOSS Study Group and is based on a similar method used in the flight deck environment.
Overview and Brief Description
The Normal Operations Safety Survey (NOSS) is a methodology for the collection of safety data during normal air traffic control (ATC) operations. A normal ATC operation is defined as an operation during the course of which no accident, incident or event takes place of which the reporting and/or investigation are required under existing legislation or regulations. Training and check shifts are considered to be outside the scope of normal operations.
By conducting a series of targeted observations of ATC operations over a specific period of time, and the subsequent analysis of the data thus obtained, the organisation is provided with an overview of the most pertinent threats, errors and undesired states that air traffic controllers must manage on a daily basis. One feature of NOSS is that it identifies threats, errors and undesired states that are specific to an organisation's particular operational context, as well as how those threats, errors and undesired states are managed by air traffic controllers during normal operations. The information thus obtained will enhance the organisation's ability to proactively make changes in its safety process without having to experience an incident or accident.
Relationship to the Safety Management System
NOSS is designed to complement existing safety data collection sources. Its added value is that it provides data from normal operations (as opposed to abnormal occurrences during operations), and it is not occurrence-driven like most of the existing mechanisms. NOSS can be scheduled at any time that is suitable for the organisation, to sample the systemic safety performance in daily operations and to provide an overview of the organisational strengths and weaknesses in the management of threats, errors and undesired states during normal operations. The organisation can subsequently act on the outcome of a NOSS before safety issues manifest themselves through occurrences.
Safety data from NOSS are data that are not otherwise available. As such they complement the traditional sources of data of a safety management system. NOSS is regarded as a component of an ATC safety management system (SMS), as a safety management tool.
As such NOSS is a tool that assists air traffic services providers to comply with Annex 11, 184.108.40.206 c), i.e. to “provide for continuous monitoring and regular assessment of the safety level achieved”.
Scope of NOSS
NOSS is a method developed for application in the operational environment and has ten specific operating characteristics. Rather than being a tool to assess individual controller behaviour or controller productivity, NOSS will provide the organisation with a picture of the most pertinent threats and errors in a specific operation, how they are managed and how effectively any resulting undesired states are managed during normal ATC operations.
Purpose of NOSS
The purpose of conducting a NOSS in an organisation is to find out what are the most pertinent threats and errors that controllers have to manage during normal operations and how these are managed. NOSS thus captures ATC system performance through the eyes of the air traffic controllers. Once that information is available, the SMS of the organisation can propose adjustments in the operational processes as required (e.g. changes in procedures, or specific safety topics for recurrent training programmes for air traffic controllers) as countermeasures to the threats and errors that the controllers are confronted with on a daily basis. By conducting follow-up NOSSs, an organisation will be provided with feedback on the effects of its safety change process since the previous NOSS.
Added Value of NOSS
Conventional safety data collection programmes mainly present data from abnormal operations, i.e. data about situations that went wrong, or failed system/human performance data. Furthermore, data collection is traditionally outcome-driven, i.e. some triggering event must take place in order for the programme to capture safety data. NOSS provides data about normal situations, i.e. where situations resulted in uneventful outcomes, or successful system/human performance data. The NOSS data include information about the effect of specific countermeasures on managing threats, errors and/or undesired states, which is an indication of the success of existing safety strategies in the operations of the organisation. Furthermore, NOSS data are process-driven, i.e. there is no need for a triggering event to take place in order for the programme to capture safety data.
Benefits of NOSS
- Proactive hazard identification
- Prioritized safety actions
- Enhanced understanding of air safety incident trends
- Converging lines of evidence
- Identification of areas of strength
- Improved organisational trust
- Engaged workforce
- Positive cooperation with the regulator
- Exchange of information, industry benchmarking and collaboration with airlines
- Decision support tool
- Verification of the quality and usability of procedures
- An understanding of controller shortcuts and workarounds.
Specific Objectives of NOSS Implementation
After conducting a NOSS, the organisation will be able to set clear targets for safety enhancement of its operations. The effect of changes made can be “measured” by conducting a follow-up or repeat NOSS. In the meantime the effect of changes may be noticeable by comparing specific events trends from the pre- and post-NOSS periods.
Framework of NOSS
NOSS is based on the Threat and Error Management (TEM) framework as developed by the University of Texas. TEM is a conceptual framework that assists in understanding, from an operational perspective, the interrelationship between safety and human performance in dynamic and challenging operational contexts. The TEM framework focuses simultaneously on the operational context and the people discharging operational duties in such a context. The use of TEM thus provides a common framework that can assist in addressing multi-disciplinary issues in the aviation industry through the exchange and analysis of safety data from normal aviation operations.
Prerequisites For NOSS
Before NOSS is conducted in an organisation a careful preparation for NOSS should be carried out. There has to be agreement from both the management of the organisation and the body or bodies that represent(s) the air traffic controllers. In the agreement the non-disciplinary nature of the data collection process must be emphasized. Furthermore a mechanism has to be agreed for securing the collected data and for preventing that data from being misused. It should be clear that NOSS data are not designed to be used for incident investigation or research purposes. Organisations require a process independent from NOSS for capturing safety data in the event of an incident or accident.
The data from a NOSS programme are intended for use by the SMS of the air traffic service provider organisation that conducts the NOSS.
Where is a NOSS Conducted?
NOSS observations are conducted at the normal operational working position(s) of the observed controller(s). The observers should be as unobtrusive as possible while conducting their observations.
Subjects of NOSS Observations
NOSS observations will not be held in on-the-job (OJT) training or check situations. In a typical observation session, lasting up to 1 hour and 30 minutes, a single controller working position will be observed, even if the controller observed is working with another controller as part of a team. Observed controllers will know that they are being observed, and they will also know the purpose of the observation. Controller participation is voluntary, i.e. a controller can refuse to be observed for NOSS purposes.
The observers for a NOSS programme are selected from the pool of qualified air traffic controllers in the organisation. This selection may involve a joint effort by staff representatives and the management of the organisation. Experience has shown that observers provide optimal data when observing in a setting outside the one they normally work in; therefore consideration should be given to selecting candidates from other facilities or positions than the one(s) where the NOSS will be held. Candidate observers may also be selected from the (non-operational) instructor group in the organisation, or from outside the organisation. As a general guideline the number of operationally qualified observers should be no less than 80 per cent of the total number of observers. This adds to an enhanced perception of the validity of the data because the data are collected by peers rather than “outsiders”. The observations are performed by single (individual) observers.
NOSS Observer Training
The observer training and data collection is an important element of the pre-data collection phase. The training will normally last up to 5 working days. Focus in the training programme is on the TEM framework, as the observational concept that will guide observers towards what they are expected to look for, and on how to fill in the observation forms. The last days of the training programme comprise “controlled” observations, in which the completed observation forms are analysed with the observers in order to help ensure the consistency and reliability of reports from different observers.
NOSS Data Collection and Processing
All data collected by the observers are reported in a de-identified format in order to guarantee the anonymity of the controllers involved. After all data have been collected, data verification is performed by selected observers and key staff from the organisation verify all received reports and the coding of the threats, errors and undesired states as applied by the observers. Specialists subsequently analyse the data. Next a detailed report of the results and findings from the NOSS is presented to the management of the organisation.
NOSS Data Ownership and Storage
The data from a NOSS is owned by the ATS provider organisation that conducted the NOSS. However NOSS data are sensitive material that could potentially be abused if taken out of context. Therefore a trusted site should be selected and assigned to store the data after they have been collected and analysed. Circumstances that can help determine whether or not an air traffic services provider should store NOSS data in-house comprise inter alia: the national legislation on freedom of information (i.e. to the press and the public), the status of the air traffic services provider (e.g. part of the government or a corporatized entity) and, last but not least, the need to be able to benchmark or otherwise compare the data with other organisations where a NOSS has been done. Alternative locations for storing NOSS data could include, but are not limited to, universities or aviation research laboratories in the State or region of the air traffic services provider