Safety Assurance for NATS SSE Network


NATS, the UK Air Navigation Service Provider (ANSP), is consolidating its operational and technical systems into a single logical operation that will be delivered from its two operational centres in Swanwick and Prestwick, utilising a common technology platform.

The supporting network capability needs to remove the constraints of latency and bandwidth so that interaction between systems is seamless whether they are local or remote, or in different security or safety domains. A Wide Area Network (WAN) capability is being deployed that ensures total availability and unhindered performance in the exchange of information; this includes two key external information-sharing networks and connection to other organisations via the Internet.

Scottish & Southern Energy Telecoms (SSE) is the provider of the fibre network architecture, which is based on a high availability 2 x 10 Gbps protected data network, with 2 data centres at Farnborough and Corsham. With detailed design of technical and service elements approved by NATS, deployment commenced in July 2017 with acceptance in October 2017.


SSE produced the original Safety Assurance Plan and Safety Assurance Report for the initial architecture, in line with NATS’ requirements. Following the evolution of the network architecture, SSE sought assistance from Ebeni to update the existing deliverables. The revised documents needed to take into account the new architecture, revalidate / amend the safety argument and check available evidence, all within a challenging deadline.


Our safety engineers first conducted a review of the existing safety deliverables in order to outline to the SSE Team the aspects of those deliverables that potentially needed update, amendment, inclusion and in some cases removal.

Ebeni supported stakeholder meetings with the respective teams’ Project and Safety Managers, which gave us a good insight into the expectations of the NATS’ team and a better understanding of the project constraints. It appeared in particular that NATS were now looking for ‘draft’ deliverables to support their Test Readiness Review (TRR). Further discussion identified two key areas of concern: traceability of evidence to a Safety Argument and Common Cause Failure (CCF). We were able to differentiate between expected failure types and demonstrate to NATS that it was actually Common Mode Failure (CMF) that would potentially lead to a failure of the service to perform its intended function.

We subsequently prepared an assurance argument strategy based on the high availability of the SSE Commercial off the shelf (COTS) optical infrastructure. The assurance argument was fully decomposed to call upon detail and referenced evidence in order to support its claims. Supporting evidence was sourced from design, test and verification, as well as from analysis of historical in-service use and processes supporting through-life management of service delivery.


SSE were able to rely on Ebeni’s safety expertise, its understanding of the ATM domain and their customer, NATS, as well as experience of similar tasks. Ebeni quickly built a positive working relationship with all project stakeholders, and captured, explored and documented expectations so that SSE successfully fulfilled their contractual obligations, meeting the required deadline for the service deployment of the network.