eAvioraAviation Safety Intelligence
Security Management
CODESeMS

Threats classified
against ICAO Annex 17.

Acts of unlawful interference share a taxonomy with safety. A threat that creates a hazard isn't copied between two systems — it's one record, linked to both. Sensitive fields stay inside the SeMS perimeter, even within the unified operational picture.

Apply to be a partnerWalk a threat through Annex 17
SECURITY OPERATIONS · LIVE
ICAO ANNEX 17 · 11 CATEGORIES
THREAT ACTORASSET ZONETERMINALRAMPAIRCRAFTPERIMETERCONTROL ROOMINSIDERCRIMINALACTIVISTSTATE ACTORCYBER357WATCH4656472453622354732438
TOLERABLE
MONITOR
ACTION
CURRENT WATCH
OPEN THREAT ITEMS
8
+1 / 7d
TRUSTED PERSONS · EXPIRY
3
in 14d
BARRIER REVIEWS · DUE
5
−1 / 30d
01ANNEX 17 · THE ENUMERATION

Eleven categories.
Every event has one.

Closed enumerations beat free-text every audit. The Annex 17 categories are enforced on intake — not a “category” dropdown that suggests, but a typed field that refuses anything not in the rulebook.

A.17/1
Acts of unlawful interference
Unauthorised seizure, sabotage, hostage-taking, hijacking — classified at intake against the canonical taxonomy.
A.17/2
Bomb threats and IED incidents
Threat-warning records with credibility tiers, operational impact mapped, and disruption costs tracked.
A.17/3
Unlawful entry / breach
Perimeter, sterile zone, and tarmac breaches. Each is a typed record linked to barrier records.
A.17/4
Suspicious behaviour reports
Pre-incident indicators — intelligence that gets a structural home, not a Slack thread.
A.17/5
Cyber incidents (Doc 8973)
Operational technology, passenger data, biometric systems — attacks classified to the security taxonomy.
A.17/6
Prohibited articles discovery
Items found at screening or in restricted areas — chain of custody recorded structurally.
A.17/7
Trusted-person credential events
Background-check expiry, badge revocation, escort-required events, credential downgrades.
A.17/8
Insider threat indicators
Pattern-detected anomalies on access, behaviour, or system use within the trusted-person population.
A.17/9
Aircraft security inspection
Pre-departure search records, with discrepancies escalating to operational decisions.
A.17/10
Cargo and mail screening
Known-shipper validation, screening method, X-ray records — all linked to the consignment.
A.17/11
Catering and supplies security
Tamper-evident audit trail across the ground-side supply chain into the secure zone.
RULEClassification refuses anything not in the enumeration · auditable on demandSAMPLE COVERAGE · ICAO ANNEX 17
02FIVE MOMENTS THE PLATFORM ANSWERS FOR

Five moments.
No security shadow IT.

  • When a threat is reported.
    Classified into Annex 17 the moment the form opens.

    Acts of unlawful interference are mapped to a closed enumeration on intake. The reporter narrates; the taxonomy resolves itself. No "other / specify" buckets that hide the next attack.

  • When you assess threat × asset exposure.
    A 5x5 exposure matrix lit by your operation.

    Threat actors against asset zones, scored from your real records — not a generic vendor matrix. The current watch cell pulses; one click drills into the threats and barriers behind any score.

  • When trusted-person credentials expire.
    Background-check expiry is a workflow event, not a calendar.

    Credentials, escort permissions, and biometric enrolments are tracked records with validity periods. Expiry fires through the alert engine ahead of due date. No "I thought we revoked that badge."

  • When a security incident shares a hazard with safety.
    One record, two perimeters, no copy-paste.

    A perimeter breach that also creates a runway-incursion safety hazard becomes a single record linked to both modules. Sensitive security fields stay inside the SeMS perimeter; the unified picture stays unified.

  • When the regulator audits Annex 17 compliance.
    Coverage is a graph query, not a quarterly project.

    Threats, barriers, assets, and protective measures live as linked records. Audit lanes open scoped to the inspector. The matrix is the answer.

03WHERE THIS CONNECTS

One graph,
two perimeters.

Security and safety share structure but not visibility. A breach that's also a hazard becomes one record — linked into both modules — with the sensitive fields scoped to roles inside the SeMS perimeter.

SMS
Safety
Threats that create safety hazards become joint records — same graph, separate perimeters.
CAP
Action Plans
Protective measures and corrective security actions close through the same effectiveness gate.
REG
Regulatory
Annex 17 amendments traverse the matrix and surface affected procedures, training, and barriers.
NTF
Notifications
Alert routing for security events respects the SeMS perimeter — the right post-holder, no broader leak.
SeMS · THE SECURITY MODULE

Open an event.
Watch the matrix shift.

Classify a sample threat against Annex 17, see the exposure cell update, and walk the protective measures — with the founder, on your data shape, in 30 minutes.

Apply to be a partnerAll modules