Rules for working on ATM systems
Coordination of work
The basic and most important rule for working on ATM systems is that any interventions can be carried out only with the consent and coordination of the responsible employee of the ANS CR.
The highest level of responsibility for operation of ATM systems lies with technical supervisor in ITS room available in H24 mode. His consent and coordination provided to the employee of an external company can be arranged by another responsible employee of the ANS CR (eg. technical administrator of the relevant system, head of the department, etc.). Each external company employee must be trained by a responsible ANS CR employee regarding the specific risks of working on individual systems. Specific contact details and the method of their transfer is always defined in the relevant contract with the ANS CR contractual partner.
Another fundamental rule is that interventions on ATM systems for preventive reasons shall preferably be made, if possible, during a period of their minimum use (i.e. night hours).
ATM systems and power supply premises
Access to ATM systems premises is permitted only with the consent of the technical room supervisor responsible for the workplace. The employees of external companies are under the permanent supervision of a qualified person, an employee of ANS CR.
Energy systems in the ANS CR premises are exclusively used for powering ATM systems. The specific marking of the socket outlets of these dedicated energy systems will be communicated to an external employee accompanying the person of the ANS CR. It is unacceptable to use socket-outlets for any other purpose than the one for which they are designated, in particular any equipment not being related to the operation of air traffic control systems.
Medical and mental condition
Employees of external organizations must be medically and mentally fit for the work they have enshrined in the contractual relationship with the ANS CR. The competence of the staff of these external bodies shall be the responsibility of the external organisations themselves.
In cases of suspicion from the employees of ANS CR that the physical or mental condition of external employees may have a negative impact on the operational safety of services provided by ANS CR, a supervisor in the technical room has the right and obligation to expel such a worker from premises with ATM systems or to interrupt his remote connection to the ATM system(s).
Employees of external organizations dealing with operational safety-related tasks are obliged to notify any change in health that could affect their activities with possible consequences for the operation of ATM systems and services provided before and during the performance of the work.
Remote access (VPN) to ATM systems
Only employees of external organizations who meet the following conditions are entitled to have a remote access to ANS CR network:
· the establishment of remote access for the given worker has been demonstrably requested in accordance with the procedures specified in the relevant contract with ANS CR
· the worker confirmed the receipt of the authentication token and acquaintance with the rules for its use in the form of a handover protocol.
External organization employee obligations related to the authentication token:
· to choose a PIN known only to him, which cannot be easily guessed and which will be protected against disclosure to another person;
· not to allow the access to the VPN connection to unauthorized persons, do not lend his token to another person(s),
· to follow the displayed instructions during authentication,
· in case of physical damage to the token, its loss, disclosure of the PIN or suspicion of misuse of the token, immediately report this fact to the H24 workplace of ANS CR.
In case of a serious or repeated violation of these rules, the token will be removed from the user and at the same time the contractual partner of ANS CR, in whose favor the user performs service work, will be informed of this fact.
Terminal equipment used for connection to the ANS CR must have:
· an advanced functional anti-virus protection;
· a functional personal firewall;
· an up-to-date operating system for which security updates are issued and automatically installed.
An external employee is obliged to provide the relevant supervisor of the technical room with at least the following information before connecting to ATM systems:An employee of an external organization is obliged to communicate at least the following information to the relevant supervisor of the technical room before connecting to ATM systems:
Worker external organization is required before connecting to ATM systems to notify the appropriate supervisor of the technical hall at least the following information:
· the reason for the remote access request;
· possible impacts of the planned activity on the ATM system itself and the availability of functions for system users;
· expected duration of the activity;
· confirm the telephone connection.
The supervisor of the technical room is entitled not to allow remote access if the scope of the required activity is in conflict with his work duties or his responsibilities for ATM systems.
In the case of physical entry, the supervisor is entitled to refuse remote access in the event of a complex operational situation, unless it is a necessary intervention on the ATM system related to this situation.
The conditions for remote access to ATM systems are set by ANS CR and other remote access is not possible.