Assurance Levels for ATM elements: Human (HAL), Operational Procedure (PAL), Software (SWAL)

The institutional framework recently set-up in Europe requires risk assessment and mitigation to be conducted for changes to, or the introduction of new, air traffic management (ATM) systems or services. In order to allow ATM service providers (ATMSPs) to perform such assessments, and to comply with regulatory requirements, a Task Force of European ATMSP, together with EUROCONTROL, has developed an approach aimed at providing assurance, before entry into operations, that changes to, or new, ATM systems can be introduced into operations. This approach - the EUROCONTROL Safety Assessment Methodology (SAM) - recommends the allocation of quantitative Safety Requirements to the elements of the ATM system. Where practicable, these should be supplemented by assurance levels (ALs) for the satisfaction of the safety requirements, as follows: (a) Software Assurance Levels (SWALs) (b) procedure assurance level (PAL) restricted currently to operational procedures. (c) human assurance levels (HALs) restricted currently to ground-based operational staff The ALs cover the whole lifecycle of the system from definition, design, implementation, integration, transfer into operation, to operation and maintenance. This paper explains how ALs are allocated to ATM elements, and describes the related objectives and assurance activities. It also explains the relationship with the quantification of safety requirements, together with lessons learned and future developments.