The risks associated with disruptions to PNT are fundamentally the risks of loss of critical information, and should be considered as such within existing risk management activities within your enterprise. In this activity it is important to identify and document where fallback strategies are required to deliver enterprise resilience, business continuity, and disaster recovery, in the event that critical PNT risks are realised.

The complete loss of PNT for various lengths of time should also be explicitly identified within your risk governance and strategy activities. We recommend that for best practices, the loss of PNT for the specific lengths of time of one minute, one hour, one day, one week, and one month should be specifically considered and the resulting plans and procedures that are required be created and maintained. Where relevant these time intervals can be adjusted to reflect a specific critical time boundary for your organisation or use case. For example the “one day” boundary might be changed to “20 hours” for an organisation where this is the maximum holdover time provided by your local oscillators and this time boundary reflects very clear changes in the mitigation strategy.

Priority should be given to safety-critical operations. Identify the safety-critical systems that are most dependent on PNT services, and establish detectable and measurable thresholds for switching from normal PNT services to backup or degraded modes when disruptions are detected. Communicate clearly with operators and end users about the status of PNT services and provide guidance on using alternative procedures during disruptions.

An annual audit of the business’s reliance on PNT should be conducted, and the output of that audit checked against the relevant risk assessments. This activity should include listing what your organising is using Positioning information, Navigation information, and Timing information for.

Key suppliers of PNT hardware, services, or data should be requested to provide information, with evidence where appropriate, that their own PNT risks are being managed within their business, and that ideally they are also following these best practice guidelines.