Everyone knows how critical it is to have systems in place to provide safety assurance, but is the same degree of focus placed on security?
The UK Civil Aviation Authority (UK CAA) is rolling out a modernisation programme for aviation security that has at its centre, a new approach to managing security delivery and quality assessment – Security Management Systems (SeMS).
Aviation has always been seen as a target for terrorism. However the ‘one size fits all’ approach to aviation security, so commonly adopted by countries and States throughout the world has started to become much less effective at combating and staying ahead of the ever-evolving threat.
These threats to the aviation sector come in many forms and ensuring all are identified, assessed and the appropriate mitigations are implemented is something that needs to be done on a local level, identifying all localised risks as well as the wider, overarching ones highlighted by appropriate authorities.
We need to be vigilant and agile to foresee and help mitigate the threats we currently face.
A key part of this is the ability of organisations to constantly assure themselves and regulators that their security measures are fit for purpose.
The UK CAA is assisting industry with a system that provides this assurance, not only to organisations themselves but also for the regulator. Traditionally, security requirements have been directed by government and performance monitored by regulatory bodies. The quality of oversight by each organisation varies greatly, and robust quality management systems are not standard, despite a European Commission requirement that these should be present. Reference to Annex 17 and EC300 can be made here, where regulation refers to an entity having evident and robust quality assurance process in place.
Reliance upon periodic inspections by the regulator is not a solution, and company Boards surely want to know what they are getting in return for the significant investment they make in security – how well are customers, staff and infrastructure being protected? How is business reputation being protected?
Peter Drissell, Director of UK CAA Aviation Security, explains: “SeMS is in the first place a tool for use by operators, whether they are an airline, an airport or a cargo or in-flight supplier. It is about taking a systemic approach to managing aviation security, in ways which serve to instil security in the routine daily activities of an organisation, and indeed in its very culture.”
SeMS allows an entity to have clear oversight and greater governance, whereby accountability and responsibility is clearly defined. Management can instil a positive security culture, where security is everyone’s responsibility. The reference to culture is key: a SeMS will not work unless there is a drive from the top to ensure that all staff – not just those directly involved in security – have a stake in the security culture of an organisation and recognise that they can report matters of concern and see them acted on, as appropriate. This principle dovetails with Just Culture and the ethos of Safety Management Systems.
SeMS is being adopted by various organisations across all aviation submodes on a voluntary basis, as it is not mandated. The flexibility of the SeMS framework means that it can be adapted to suit all sizes and structures, so it is not just for major organisations with a deep well of resource, but can bring benefits to small, compact businesses as well. Understandably there can be concern about the resource required to implement and manage a SeMS, as existing resource is often under pressure. Some of the benefits that a SeMS will bring is greater efficiencies within an entity, data is readily available, a proactive approach rather than reactive and is a step towards striving for ‘better aviation security’ in today’s modern world.
SeMS has been developed by the UK Department for Transport and UK CAA following extensive consultation and in recognition of a global move towards industry taking more responsibility for security performance. Industry partners have been at the forefront of this development and continue to assist in shaping UK SeMS.
SeMS can be seen as another pillar in the assurance infrastructure of an organisation. It also provides for closer and more effective oversight of 3rd party suppliers of security services, and for the sharing of information across the industry, including between sub-modes. This collaboration in a critical area of mutual interest can only benefit all parties concerned.