Aviation Security (AVSEC) Incident Report
Reporting of security occurrences by individuals, entities and organizations in the aviation system is necessary to collect information that may be analyzed by CAAM for security incidents, or preparatory acts of unlawful interference
Events and activities that appear to be abnormal, unusual, strange, etc. should be reported internally or directly to CAAM by any person.
If that observation, impression, feeling, or activity is not reported, then it is lost even if it could have been a good indicator or precursor for security analysts.
Security Occurrence: Any security-related event that may result in a reduced security outcome, may increase the operational risks or endangers the safety of passengers, crew, ground personnel and the general public, or is a potential compliance breach. This includes the identification or observation of a vulnerability in the protection of civil aviation against acts of unlawful interference.
Security Incident: A designation given to a security occurrence which affects or could affect the safety of passengers, crew, ground personnel and the general public. Security incidents are designated by a security official or manager to a reported security occurrence based on an analysis of the occurrence and a determination that additional action is required. A security incident may also result in an act of unlawful interference
- Ground personnel
Location of the occurrence, using if possible official designation;
Exact date and time of the occurrence;
Description of the occurrence as precise as possible;
Name of the person reporting (if possible); and
Immediate action(s) taken upon the identification of the security occurrence, such as notifying local law enforcement and/or airport authorities of the situation.
Analysis is an essential step in the process of dealing with an occurrence. In general, it should consist of a factual description of the reported event and an interpretation of the facts. In any case, it should be proportionate to the level of risk associated with the event. Thus, for the least significant occurrences, the analysis may be reduced to a simple evaluation and a closure without follow-up. Conversely, the most significant occurrences will be analyzed in depth.
Identifying threats and vulnerabilities in the aviation security system;
Informing the entity to update their risk assessment and changes thereto;
Informing location specific and national risk assessment and changes thereto;
Monitoring of trends and patterns in aviation security;
Analyzing root causes and causal/contributing factors of security occurrences or incidents;
Reinforcing relevant information sharing between authorities and industry stakeholders for
enhancing respective risk assessments; and
Bolstering the security culture among all aviation stakeholders.
When a security occurrence has been designated a security incident, several actions need to take place:
Immediate corrective actions should be taken to address vulnerabilities identified in the report;
The information contained in the security occurrence report, together with the analysis and corrective actions initiated by the security official or manager, should be compiled into a security incident report to be shared with the appropriate authorities; and
All reports and actions should be recorded for quality control and auditing purposes.
The immediate reporting of security incidents to the appropriate authorities is also essential in the event other security incidents are occurring locally, nationally or internationally, that are linked and/or are indicators that a security threat is evolving. Nonetheless, some reporting systems may categorize security incidents into levels of severity and assign different reporting timeline requirements. Figure-001 provides an example as to how a State might define which incidents should be reported within a particular timeframe with a particular mean.