Skip to main content

Occupational safety and health

Occupational safety and health

María Kjartansdóttir, project manager CSR and Jón Kolbeinn Guðjónsson, project manager Commercial and Airport development , provide insight into the  implementation of Isavia´s new Occupational health policy

Occupational health at Isavia

Isavia established a new policy for occupational safety and health in 2019. The policy applies to all the operations of the company and is based on the values and overall policies of Isavia. Isavia undertakes to be a role model in safety, health and occupational issues by promoting a safe and healthy work environment for those who work in and visit the operating units of the company. The policy is both intended to prevent accidents to people and to monitor the facilities provided to employees to ensure a healthy work environment.

A part of Isavia’s operations at Keflavík Airport underwent certification according to the ISO 45001 standard, and the entire health and safety management system is part of Isavia’s quality system that covers all the company’s operations. This is done to give greater importance to health and safety and to ensure that it is kept in mind in all the company’s operations. Extensive actions were undertaken to analyse the status of health and safety in the workstations to which the certification applies and mitigating measures undertaken to mitigate or eliminate the risks identified therein. Extensive work was undertaken to increase safety awareness in daily work within the company, and for example, health and safety played a leading role in Isavia’s Safety Week and efforts were made to train employees in occupational health and safety.

The number of notified work-related accidents increased last year and were 60, 19 of which resulted in absences from work. One of Isavia’s goals is to make continuous efforts to reduce the number of accidents in the workplaces of Isavia. The registration and mapping of dangerous conditions, near misses and accidents in Isavia’s areas of operation is to be investigated and improved in 2020.

Isavia’s Human Resources Division is responsible for occupational safety and health in the company. The Division employs an occupational safety and health representative who is responsible for recording accidents, incidents and for reviewing investigation reports. He allocates tasks to departments as appropriate and makes sure that improvements are made in accordance with requests. He is also the chairman of Isavia’s Safety Committee.

A mandatory Safety Committee is operated with members coming from across the company. The Committee consists of both Safety Officers who are appointed to the Committee and Safety Stewards who represent the employees. The chairman of the Committee is responsible for organising its meetings. The Safety Committee is responsible for reviewing the status of non-conformities and remedies and examining accidents and notifications as well as the reports of the Occupational Health and Safety Administration. The Safety Committee is intended to promote the safety awareness of employees through training and education and ensure compliance with laws and regulations applicable to the operation. A new occupational health and safety policy was presented to the Safety Committee before being issued with the approval of the CEO. According to the policy, Isavia undertakes, at the very least, to comply with laws and regulations but to go further when given the opportunity to do so.

Work related injuries GRI 403-9


201920182017
Number of fatalitiesas a result of work related injury000
Number of high consequence work related injuries (excluding fatalities)000
Number of recordable work related injuries (see breakdwon)605766
of which men313742
of which women292024
Rate of recordable work related injuries per 200.000 hours5,14,65,7

Work related injuries breakdown GRI 403-9

number
Back 10
Hands 11
Head 2
Feet 13
Eyes 2
Slippery ice 9
Fall on ground level 5
Fall from height 0
Fall in stairs 3
Slippery floor 1
Assult 1
Car accident 3
Bike accident 0

Isavia has a monitoring plan for health aspects in the air terminal at Keflavik Airport, where locations that have been considered especially sensitive after a risk assessment are examined with respect to noise, air quality and vibration.

Registrations of accidents and near misses are through the Isavia intraweb and, for external parties, the website of Keflavík Airport. Isavia employees are under obligation to notify of all incidents whether they are accidents, near misses, risks or an opportunity for improvement. The Safety and Health Representative is responsible for maintaining a record of these incidents and notifying those responsible for improvements as appropriate. A procedure has been defined through a root cause analysis based on the 5 why’s methodology. This is to try to find the root of the problem to make it possible to respond and prevent the incident from happening again. The employees of Isavia are under obligation to notify of accidents and are protected from censure when they notify of accidents, near misses, risks or opportunities for improvement.

Isavia uses S5 to manage all non-conformities and opportunities for improvement that relate to occupational health and safety. S5 is Isavia’s inspection database and is also used for all internal audits. The management system is a part of the internal audits of Isavia and is audited once a year. In addition, an annual audit is conducted by an external party for the ISO45001 certification.

Division Directors are responsible for establishing goals for each division. The goals are intended to support the safety and health work of Isavia, and the Directors are responsible for ensuring that the goals and actions plans are presented to employees at least once a year. They are also responsible for ensuring that there are sufficient resources available to implement the goals and to allocate tasks and responsibilities among middle managers.

Safety week

Isavia’s annual Safety Week was held in October, featuring a diverse series of events to foster safety and raise awareness of safety issues among staff. Management and other staff members participated actively in Isavia working locations throughout the country. Another event organised was the particularly popular FOD (Foreign Object Debris) walk, in which participants walked around aprons and runways to ensure that there were no foreign objects in the area which could pose a significant risk. There were also various lectures over the week at workplaces and on the Isavia intranet, on subjects such as fatigue management, separation loss and just culture, to name but a few. Attendance at organised events was very good – unsurprising given the very great importance of safety in the work of Isavia employees.

It is important for Isavia to pay proper attention to this aspect, as incidents that occur have the potential to have extensive negative effects on the company together with the fact that the goal of all who work for Isavia or in its workplaces is to come home healthy at the end of the working day.

What is considered to be liquid at security?

Information security

Isavia has established an information safety policy where the focal points of the company as regards the protection and treatment of information, including personal information, are described. The policy covers all the information valuables and activities of the company irrespective of the format in which the information is stored. The policy, moreover, covers all information valuables from third parties that Isavia has in its possession and/or which the company has asked a third party to manage on its behalf. Isavia follows the criteria of the safety standard ÍST EN ISO/IEC 27001:2017 and encourages the security of information valuables through formal procedures contained in the information security handbook and quality handbook that support continuity in operations and minimise operational risk. The policy was established in 2018 and is reviewed annually, most recently on 10 September 2019, and approved by the CEO.

What kind of personal information is being processed and how such information should be preserved must be kept in mind in all Isavia’s operations on a daily basis. Isavia and its subsidiaries practice generally accepted work practices and adopt personal data protection into their operation to ensure that it is an integral part of daily operations. This includes maintaining a processing file, preparing processing agreements, updating and/or documenting work procedures relating to the processing of personal information, educating individuals about the processing of their personal information, notifying of security failures, performing risk assessments to assess the effects on personal data protection, acquiescing to requests from individuals as regards their rights together with educating staff about personal data protection.

Isavia assesses the personal data protection management system by conducting internal audits which are also a part of the company’s quality system. In addition, management conducts reviews of the management systems, the results of audits and responses to security breaches at least once a year. Employees and stakeholders have the opportunity to submit suggestions to the personal data protection representative and full confidentiality is maintained. Suggestions are taken under consideration and used to make improvements to the management system. In addition, Isavia takes advantage of results from personal data protection monitoring bodies and sees such results as an opportunity for improvements and as a recognition for the effectiveness of the management system.

Isavia employs active security measures to prevent security breaches from occurring. Security breaches are responded to immediately when discovered or notified and an investigation initiated. Improvements are always recommended on completion of an investigation and are implemented with the view of strengthening the company’s security measures.

No complaints have been sent to Isavia from monitoring bodies. Three reasoned complaints relating to breaches of the personal data protection of customers have either been sent to Isavia or been discovered in-house.

Two types of attacks were performed at the same time against the website of Isavia with the aim of disrupting the operations of the users of the website. These were, however, only of short duration. The security breach was immediately responded to with the appropriate measures. On closer investigation, it was revealed that no data was lost and that the breach did not have an effect on the rights and freedoms of individuals.

Spam was sent to Isavia employees and was immediately responded to with the appropriate measures. An investigation revealed that an employee had disclosed a username and password and e-mail from the mailbox of the employee in question had been sent to a group of contacts and therefore constituted a security breach. The breach was not considered to have an effect on the rights and freedoms of individuals, but as the matter concerned access to personably identifiable information, the breach was notified to the Data Protection Authority and, in addition, the police were informed.

Isavia received information from a customer that the wireless Internet in the air terminal provided to customers was being interfered with. The appropriate security measures were in place, and an investigation of the information revealed that there were no signs of any break-in of the wireless network. The security breach had no effect on the rights and freedoms of individuals, no data was lost and there were no disruptive effects on the services of the airport.