Safety - our first priority

The Board has overall responsibility for the governance of risks. Oversight is maintained through the Board’s Audit Committee and Safety, Health, Environment & Security Committee (also known as CHESS), which is responsible for strategy, policy, systems oversight, monitoring and governance of the Qantas Group’s operational risks.

Management has a governance model that facilitates information sharing through airlines (Jetstar, QantasLink, Network Aviation, National Jet Systems and Qantas Airways) and functions (for example engineers, pilots and cabin crew).

The Qantas Group operates under one Safety Management System that integrates the management of risks associated with:

• People and aviation operational safety
• Aviation operational security
• Privacy and cyber security.

The Safety Management System is audited internally and by external parties such as International Air Transport Association (IATA), the Civil Aviation Safety Authority (CASA) and Work Health and Safety (WHS) regulators.

In FY24, we updated our Safety Strategy, an evolution of the previous Strategy established in 2021. The updated Strategy builds on the strategic foundations established during the preceding three years and represents a consistent Group approach to our enduring and emerging safety priorities.

Our Safety Strategy has four key areas:

• Safety leaders
• Navigating safe operational outcomes
• Safer and healthier with us
• Safety done well, capably and consistently.

It continues to focus on our key risks — the Significant 21 — which are the aviation, engineering and people safety risks which could have the highest consequences, such as an aircraft accident or a fatality. These risks are tracked and discussed monthly at department, airline and Group forums.

The aviation industry continues to face complex threats from individuals and organisations globally. Qantas invests significant resources to protect passengers and employees, as well as aircraft worth billions of dollars, from security risks which can vary from acts of terrorism to conflict zones impacting airspace.

The strategic model under which Group Security and Facilitation (GSF) operates continues to reflect the Qantas Group Strategic Plan, with an emphasis on securing our people, customer, brand and assets. Having these foundations in place has been vital as the Group navigates a more complex operating environment, driven by growth in the network, volatile geopolitical conditions and more robust enforcement by domestic and international regulators. 

GSF has played an important role in security leadership across the broader aviation industry. This has included participation in several domestic and international committees to review and refine security measures, plan for and acquire enhanced security equipment and implement world best practices in aviation security.

GSF also regularly engages with the Department of Home Affairs’ Cyber and Infrastructure Security Centre, the Australian Border Force, as well as with key offshore regulators, such as the US Transportation Security Administration, the UK Civil Aviation Authority (CAA) and New Zealand CAA, on proposed regulatory reforms, industry threats and opportunities. This has positioned us well to help shape the regulatory and operating environment, which may deliver operational efficiencies, as well as being trusted partners in innovations in collaboration with industry and government. This also enables the Group to conduct specialised and complex operations, such as supporting the government in humanitarian and repatriation and evacuation flights, as well as contribute to national security objectives.

The aviation sector is dependent on data, systems and networks and, like many organisations, operates in an environment of ever-evolving cyber threats where attackers continually adopt more sophisticated techniques. 

We recognise the importance of protecting data and systems from these attacks, and the potential financial and reputational implications associated with unauthorised  access to the information we hold. 

Across the Group, we are responsible for handling a substantial amount of personal information. We collect, share, use, store and process personal information in accordance with an ever‑changing and increasingly complex landscape of international and domestic laws and regulations. 

We acknowledge our responsibility to protect and maintain the privacy rights of individuals, to maintain the security and the value of their personal information, and strive to meet their expectations regarding fair, ethical and responsible data use. 

We continue to invest in improving the resources, processes and technology that support the Group to address the volumes of personal information we manage. Risk assessments are conducted on relevant third-party suppliers and we work with them to address any material cyber and privacy risks identified. 

The Group is committed to raising our employees’ awareness of our shared privacy compliance obligations and embedding a CyberSafe culture. This includes articulating clear cyber accountabilities at all levels of the organisation. The need for shared vigilance on cyber issues is supported by formal recognition of employees who demonstrate positive CyberSafe behaviours.