• Normal operations safety data: TEM serves as the basis for multiple observational safety data collection programs in aviation, including NOSS and LOSA.  TEM has also been used to guide data collection in aviation maintenance, flight dispatch, rail operations and medicine.

  • Incident investigation programs: A modified version of TEM has been applied to incident investigation programs, which aides ANSPs to better understand factors that lead to incidents.  These ANSPs have stated that TEM compliments the RAT Tool.  For example: One ANSP discovered that approximately 80% of their separation losses fell into one of 6-7 “flavours” of events – they shared a common threat & error profile.  In effect, this meant they were not having 100 (as an example) distinct separation losses, but rather 6-7 events that were occurring repeatedly, along with a handful of events that were more of a one-off nature.  The fact that multiple controllers were committing similar errors when faced with similar threats would indicate that the issues may be more systemic in nature, and thus a wide array of tools to address.

  • Training: ICAO Annex One states that principles of Threat and Error Management are a requirement to hold an air traffic controller’s license (  As such, TEM is an integral part of ATC training programs.  TEM based safety data can easily be fed into training efforts.

Threat and Error Management (TEM)

TEM is a conceptual framework that aides, from an operational perspective, in understanding the interrelationship between safety, human performance and the dynamic and challenging contexts in which ATM duties are performed.  The TEM framework is sensitive to the interplay between the operational environment and human performance, and the resultant impact on human performance.

Threats are defined as external events or errors outside the influence of the controller, but which require his or her attention and management if safety margins are to be maintained.  Threats are everywhere (traffic, adverse weather, airport/airspace infrastructure, equipment, pilots, other controllers, etc.) and controllers must devote attention to managing them. The more complex, challenging, and/or distracting the environment is, the greater the controller’s workload.  

Controller errors are defined as observed deviations from organizational expectations or controller intentions.  Errors can vary from minor deviations, such as not using a checklist, to something more severe, such as not coordinating an altitude change with other controllers. Regardless of cause or severity, the outcome of an error depends on whether the error is detected and managed before it leads to a consequential outcome. This is why the foundation of TEM lies in understanding error management rather than solely focusing on error commission.  

Undesired States (USs) may occur as a result of threats or errors that are not properly managed.  Undesired Sates are more difficult to define, but involve a clear reduction in safety margins and may be thought of as pre-cursors to incidents.  

The Threat and Error Management (TEM) framework has been used widely in aviation: 

  • ICAO has published a Circular (314) on TEM in ATC.
  • TEM was a central focus in the ICAO Human Factors Training Manual (ICAO Document 9683).
  • TEM is the foundation of human factors training at many airlines and ANSPs.
  • TEM has been adopted as the framework for the classification and analysis of worldwide accidents and incidents by the IATA Classification Working Group.
  • TEM has been integrated into incident reporting and investigation programs at numerous airlines and ANSPs around the world.