Implementation of the NATS-only recommendations of the Independent Enquiry

Similar documents
LOUGHBOROUGH UNIVERSITY RESEARCH OFFICE STANDARD OPERATING PROCEDURE. Loughborough University (LU) Research Office SOP 1027 LU

Ombudsman s Determination

QUALITY ASSURANCE POLICY. Quality Assurance Policy. September 2016 Version 2.0 Policy authorised by Responsible Officer

Asda. Privacy and Electronic Communications Regulations audit report

Error! No text of specified style in document.

UNIFORM STANDARDS FOR PLT COURSES AND PROVIDERS

REPORT 2015/010 INTERNAL AUDIT DIVISION

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

European Code of Conduct on Data Centre Energy Efficiency

NATIONAL INFRASTRUCTURE COMMISSION CORPORATE PLAN TO

Communications and Media Policy

Audit Report. Mineral Products Qualifications Council (MPQC) 31 March 2014

3 Complaints against the Organisation

Business Continuity and Disaster Recovery

REPORT 2015/149 INTERNAL AUDIT DIVISION

Building Consent Authority Complaint 2017/002 6 October 2017 Complaint against Auckland Council

EU Code of Conduct on Data Centre Energy Efficiency

Telecommunications Equipment Certification Scheme FEBRUARY 2017

A Strategy for the Implementation of IPv6 in Australian Government Agencies

Policy. Business Resilience MB2010.P.119

MEETING: RSSB Board Meeting DATE: 03 November 2016 SUBJECT: Rail Industry Cyber Security Strategy SPONSOR: Mark Phillips AUTHOR: Tom Lee

Level 1 Certificate in Reception Services ( )

Audit Report. Chartered Management Institute (CMI)

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

MODEL COMPLAINTS SYSTEM AND POLICY THE OMBUDSMAN'S GUIDE TO DEVELOPING A COMPLAINT HANDLING SYSTEM

SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ

Internal Audit Follow-Up Report. Multiple Use Agreements TxDOT Office of Internal Audit

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

NSPCC JOB DESCRIPTION

Provider Monitoring Report. City and Guilds

Decision 206/2010 Mr Ian Benson and the University of Glasgow

Nottinghamshire Office of the Police & Crime Commissioner & Nottinghamshire Chief Constable

Approved Trainers Certification

UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems

IECEx Guide Guidance for Applications from Service Facilities seeking IECEx Certification

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers

HSCIC Audit of Data Sharing Activities:

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

ISO/IEC INTERNATIONAL STANDARD

Requirements for the Certification of a Welding Quality Control Co-ordinator

Children s Services Council of Palm Beach County

1 Appendix 4

Information Technology Disaster Recovery Planning Audit Redacted Public Report

Report on the activities of the Independent Integrity Unit, November 2016 to September 2017

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

1. In relation to the Jon Faine Smith/Baker broadcast interviews on 23 November 2012 via 774 ABC Melbourne:

"Energy and Ecological Transition for the Climate" Label Control and Monitoring Plan Guidelines

European Aviation Safety Agency

Complaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development

Re: Exposure Draft Proposed ISAE 3402 on Assurance Reports on Controls at a Third Party Service Organization

SOC for cybersecurity

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

ISO/IEC INTERNATIONAL STANDARD

Post-accreditation monitoring report: British Computer Society (BCS) September 2006 QCA/06/2926

QCTO CERT 002/15 QCTO Certification Policy Page 2 of 14

Audit Report. The Chartered Institute of Personnel and Development (CIPD)

Exposure Draft The Auditor s Responsibility to Consider Fraud in an Audit of Financial Statements

Request for Proposal for Technical Consulting Services

AUDIT OF ICT STRATEGY IMPLEMENTATION

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

DATA PROTECTION POLICY

INTERNAL AUDIT DIVISION REPORT 2017/138

Audit Report. City & Guilds

BACKGROUND NOTE ON ACTION PLANS

GRAMPIAN SCG PUBLIC COMMUNICATIONS PLAN

October 2007 THE FIVE PHASE CERTIFICATION AND APPROVAL PROCESS 1.0 PURPOSE

NHS Fife. 2015/16 Audit Computer Service Review Follow Up

POSITION DESCRIPTION

DOCUMENT NO. CSWIP-PED Requirements for the approval of NDT Personnel CERTIFICATION SCHEME FOR PERSONNEL. 2 nd Edition January 2011

CIVIL AVIATION REQUIREMENT SECTION 2 - AIRWORTHINESS SERIES E PART XII EFFECTIVE : FORTHWITH

Technical Advisory Board (TAB) Terms of Reference

* - Note: complete submissions are to be submitted at least two weeks before any deadline to ensure timely closure.

DATA PROTECTION POLICY THE HOLST GROUP

12 Approval of a New PRESTO Agreement Between York Region and Metrolinx

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Protecting information across government

Qualification details

V&A/Icon Conservation and Collections Care Technicians Diploma What is the V&A / Icon Conservation and Collections Care Technicians Diploma?

ISO Certification. How we got there and why it s worth it! Worried that your compliance program isn t good enough?

SAS 70 revised. ISAE 3402 will focus on financial reporting control procedures. Compact_ IT Advisory 41. Introduction

Ministry of Government and Consumer Services. ServiceOntario. Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report

1. The application should be sponsored by two existing members of ICAM (proposer and seconder).

Information Security Governance and IT Governance

Submission to AASB: Revised Conceptual Framework Phase 1

Director, Major Projects and Resilience. To: Planning and Performance Committee 6 November 2014

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

Remit Issue April 2016

CONCLUSIONS AND RECOMMENDATIONS

Memorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program

IVOA Document Standards Version 0.1

Qualification Manual. Level 3 Diploma in NGINEERING. Fabrication and Welding. Engineering Technology. Qualification Code: 501/1131/0. Issue 2.

Internal Quality Assurance Report. Inspector General Department

Qualification Specification for the Knowledge Modules that form part of the BCS Level 3 Infrastructure Technician Apprenticeship

EU Code of Conduct on Data Centre Energy Efficiency. Endorser Guidelines and Registration Form. Version 3.1.0

ISACA Cincinnati Chapter March Meeting

OFFICIAL COMMISSIONING OF SECURITY SYSTEMS AND INFRASTRUCTURE

National Vocational Qualifications Delivered Overseas policy

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Foundation Learning as a progression route to. Apprenticeships. The Toolkit

Transcription:

Dame Deirdre Hutton Chair, Civil Aviation Authority 45-59 Kingsway London WC2B 6TE 14 th October 2016 NATS Corporate & Technical Centre 4000 Parkway Whiteley Fareham PO15 7FL Dear Dame Deirdre Implementation of the NATS-only recommendations of the Independent Enquiry Thank you for your letter of 7 September acknowledging receipt of my letter of 19 August and the NATS report on the implementation of the NATS-only recommendations of the Independent Enquiry ( the NATS Report ). The NATS Report included an audit opinion from KPMG under the internationally recognised International Standard on Assurance Engagements 3000 (Revised). Both our letters referred to a follow up review to be conducted by Sir Robert Walmsley, the Chair of the Independent Enquiry. This review commenced in August and concluded in late September, and the terms of reference and the outputs are appended to this letter. Sir Robert conducted his review of the implementation of the NATS-only recommendations through a combination of document review, interviews, and visits to NATS Swanwick Centre and NATS Corporate and Technical Centre. He also undertook a review of the NATS contribution to the joint CAA/NATS recommendations in a similar manner, including meeting CAA staff. I am pleased that Sir Robert has reported to me that First and most importantly I have readily confirmed that NATS have engaged positively and seriously with the recommendations of the 2015 Enquiry. His conclusion is that NATS have tackled the Enquiry recommendations with impressive, well thought out, commitment. I am satisfied that a comprehensive listing of further work needed to ensure the recommendations are successfully applied will allow them to be closed and the Enquiry report to be archived. The further work can then be carried out as part of normal business. The further work referred to above comprises ongoing actions to which we committed in the NATS Report and those which have subsequently been suggested by Sir Robert. The actions are ongoing due to the long-term nature of the recommendations. As recommended by Sir Robert, progressing these actions will be subsumed into normal business process and NATS' Head of Internal Audit will execute a long term audit programme to verify their completion, with results of the audits being reported to the Audit Committee, a sub-committee of the NATS Board. Based upon the contents of the NATS Report, Sir Robert s review and the review by your own team, I am seeking your confirmation that you are satisfied that the 21 NATS-only recommendations have been addressed fully, and that NATS has applied appropriate rigour to ensure closure of the recommendations. Furthermore, we would ask you to confirm that you are satisfied, based on the above, to agree that the enquiry can now be formally closed for the NATS specific recommendations. Yours sincerely

Martin Rolfe Chief Executive Officer cc: Andrew Haines, Chief Executive, Civil Aviation Authority

Appendix Follow-Up report dated 14 September 2016 (to 15 May 2015 report) Introduction 1. The independent enquiry into an LAC air traffic control incident on 14 December 2014 reported on 15 May 2015. Since then, NATS have engaged in responding to the Report s 21 NATS only recommendations and, with the CAA, to the 5 joint recommendations. Background 2. NATS accepted all the report s recommendations and adopted a well-defined process for implementing the recommendations that, separately and in the case of each recommendation, required the production of a closure report. The CEO of NATS then employed KPMG to provide external assurance that NATS had properly responded to the Enquiry Panel s recommendations. KPMG were provided with all the closure reports and conducted extensive inspections of supporting documentation as well as interviews with NATS staff. They concluded that nothing has come to our attention which caused them to believe the responses are not suitably designed to fulfil the Specified Recommendations. 3. I met the KPMG lead (Mr Ben Foulser of the firm s Transport Advisory Practice) on 26 August 2016 and he explained that the rather passive tone of their conclusion is a standard liability limiting clause that reflects the scope of their assignment as one of limited assurance. Their report points out that the level of assurance is substantially lower than the assurance [provided by] a reasonable assurance engagement. Tellingly, they state: we express no overall conclusion as to whether the recommendations as a whole have been or will be fulfilled. 4. In July 2016, the CEO asked me if I would be content to add my own review of the work done to implement the recommendations of the Enquiry (which I had chaired). This Follow-Up report is the result of that work; the terms of reference are attached. The primary aim was to review the implementation of the 21 NATS Only recommendations with the secondary aim being a review of the 5 recommendations jointly assigned to NATS and the CAA as the secondary aim. The NATS Only Recommendations 5. First and most importantly I have readily confirmed that NATS have engaged positively and seriously with the recommendations of the 2015 enquiry. This was evident during a day s visit to Swanwick and the CTC on 8 August 2016 when I had the opportunity to meet the full range of staff. This favourable impression was reinforced by my inspection of considerable quantities of documentation. 6. Secondly and despite my remarks at paragraph 4, I understand the nature of the KPMG assignment and its resulting limitations and respect the quality of their work. It was quite evident that Mr Foulser is an experienced professional in his field. The KPMG report was a foundation document for my own review and I could not possibly have hoped to repeat the quantity and depth of their work.

7. Many of the recommendations apply to the future systems envisaged in SESAR, the name for the new European modern air traffic control arrangements, that is now in the early years of procurement. Absent the possibility of confirmation that measures planned for the future have been implemented as intended, it is impossible to confirm that the intended bacon will be brought home at the due time. Similarly some of the recommendations have resulted in on-going requirements to institute new practices or procedures. Where these practices and procedures have been created and authorised for use there remains the issue of their continued meticulous observation without which the intent of the recommendation will not be achieved. 8. The CEO reported on 29 July 2016 to the Chairs of both NATS and the CAA that the actions taken to address the 21 NATS Only recommendations have been closed robustly and sought their confirmation, as sponsors of the initial Enquiry, that they are satisfied that these recommendations have been addressed fully. I have concluded that, while is there is some work necessary to demonstrate or ensure the successful implementation of the majority of the recommendations, it would make sense to list all envisaged further work and to transfer this to normal NATS assurance arrangements. This will allow the Enquiry report to be archived and will avoid it becoming too historic a document to have much relevance to those trying to implement it. 9. I have engaged in detail with NATS on their response to the NATS only recommendations including where I have been able to see the need for further work as well as making clear where I believe none is required ( Recommendation closed ). I am satisfied that, subject to preparation of the comprehensive list of outstanding work referred to in the previous paragraph, the overall response is being and will be addressed in NATS plans for future assurance activities. There are, however, 2 items to which I wish to draw particular attention: a. A Golden Thread. Any major business transformation should have explicit Board approval. The designated Sponsor of the transformation usually seeks this approval in a document that sets out the aims, benefits, costs, operating concepts and risks of implementation. When equipment or systems need to be bought, it is important that the associated specifications can rest on a Target Operating Model or some such which explains how the Sponsor will go about delivering the agreed aims. At the time of the original enquiry, I was not aware of the TOM (I now understand it was still under development) and the original enquiry report used the term concept of operations to convey a similar idea in formulating R25. Both a TOM and an OCD now exist, as well as Requirements Guidance Documents but I have not seen any Board approved document that directly provides the context and unequivocal guidance on which the more junior documents rest. The TOM itself is currently a 97 slide, power point presentation. This style of document, however useful when discussing ideas, may not be the best form through which to secure formal approval. It is for consideration that a Golden Thread should run from a Board approved document through a TOM and an OCD to Requirements and thence to Specifications. b. People. Taking forward the NATS Only recommendations is all about implementation. In my view it is impossible to overestimate the importance of having the right quality of staff, with the right experience, in post. NATS has many people with super qualifications but it is important to continually assess whether the staffing is appropriate to the assigned responsibilities. I believe that this is a vital issue and goes beyond the scope of the original R26 that relates to a rather narrower staffing issue.

The Joint CAA/NATS Recommendations 10. I met the CAA staff most concerned with the Enquiry recommendations on 26 August 2016 and was readily convinced that they, like NATS, are committed to fulfilling the 5 joint recommendations. I am satisfied that these are being pursued with an approach likely to lead to them meeting the intention of the Enquiry. However, as with the NATS only recommendations, NATS and CAA will want to ensure that these too are tracked to formal completion. Acknowledgement 11. I acknowledge with warm thanks the support from Peter Whysall (again) and Richard Schofield who have been invaluable sources of guidance and help during this review. I would also like to say what a pleasure it was to visit Swanwick and the CTC on 8 August and to become reacquainted with many super people on and off the operations floor. Conclusion 12. NATS have tackled the Enquiry recommendations with impressive, well thought out, commitment. I am satisfied that a comprehensive listing of the further work needed to ensure the recommendations are successfully applied will allow them to be closed and the Enquiry report to be archived. The further work can then carried out as part of normal business. Sir Robert Walmsley KCB 14 September 2016

NATS Enquiry Follow-Up Report Follow-Up Terms of Reference 1. Background 1. Following the failure of the System Flight Server (SFS) at the NATS Swanwick Centre on 12 December 2014, an Independent Enquiry was undertaken into the cause of the failure, the recovery and other matters within its terms of reference. The Final Report included 31 recommendations of which 21 were placed on NATS, 5 were jointly placed on CAA and NATS and the remaining 5 on the CAA. 2. NATS accepted all 21 recommendations and has accepted the 5 joint recommendations which have longer targets for completion and has worked collaboratively with the CAA to make good progress. 3. The 21 NATS recommendations have been subject to an internal assurance process which includes the production of a recommendation closure report and a formal closure meeting with the sponsor of each recommendation. All of the 21 recommendations have been closed. 4. To provide additional external assurance that NATS has properly responded to the Enquiry Panel s recommendations, KPMG LLP were appointed to undertake a review of the actions which NATS had planned to take prior to their appointment and issue an opinion under the internationally recognised International Standard on Assurance Engagements 3000 (Revised). The KPMG opinion is included as part of the final report. 2. Scope & Objectives 1. The purpose of this enquiry follow-up review is to undertake a final assessment as to whether the approach taken to closing the recommendations meets the intentions of the original Enquiry Report and Panel. The intent is that the review would be undertaken by the Chair of the original Enquiry Panel (Sir Robert Walmsley) with the view that the experience of involvement in the investigation and report process be brought to bear in this assessment. 2. The primary objective of the work is to review the closure of the 21 NATS only recommendations, taking into account the related KPMG review. A secondary objective is to assess NATS contribution to date in the progress of the joint NATS / CAA recommendations. 3. The processed scope of work for the review is to: (1) Meet with key staff within NATS / CAA and view specific evidence where necessary to gain a direct perspective on the approach taken to

addressing key recommendations and how they have been embedded in the business. (2) Review the final report of the recommendation closure for the 21 NATS only recommendations from the Independent Enquiry. (3) Where appropriate review additional detail of the actions undertaken and closure process through assessment of the 21 individual closure reports. (4) Review the current reports describing conclusions of the work undertaken to date on joint NATS / CAA activities. (5) Express a view on whether the actions taken are sufficient to meet the intent of the recommendations providing further comments or endorsement as appropriate. (6) Express a view on the progress of the joint NATS/CAA actions and whether they appear on track to meet the intent of the recommendations. 2.2. Review Process The review is anticipated to commence around 1 st August 2016 with a final report available by 16 th September. NATS will provide access to the necessary documentation and organise visits to NATS / CAA as required. These visits would be expected to take place during August. NATS will also provide secretariat support as required. If, during the course of the review, any major issues are identified that may require further action before NATS Board could recommend closure then these are to be brought to the attention of NATS CEO in writing at the earliest opportunity. The final report of the review will be provided to CAA and will be put into the public domain. July 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback