Customer satisfaction and security
Customer satisfaction and product quality
Objective – The customer comes first at Fraport, both in Frankfurt as well as at all international Group airports. The objective is therefore to continuously improve the focus on customers and service at Group airports. Global passenger satisfaction and baggage connectivity are considered the most important criteria for service quality (see the “Control system” and “Non-financial Performance Indicators” chapters). Protecting the health of employees and customers is also a top priority.
Concepts, measures and results –. To increase the service quality and sense of cleanliness in the sanitary facilities, approximately 250 further contactless Smiley Boxes were introduced at the Frankfurt Airport to collect feedback. These contribute to an improved passenger experience against the background of the coronavirus pandemic and the resulting greatly increased need for passengers to have a seamless travel journey. Further passenger services, such as digital information desks (Info Gates), have been put into operation to assist passengers. The digital information offering featuring contactless, personal interaction with staff has been extended to 14 sites in Terminal 1 and Terminal 2 in 2022 in order to give all passengers quick, comprehensive, and easy access to information.
In March 2022, TÜV Hessen once again examined the measures implemented to protect the health of passengers and employees at the Frankfurt airport, once again awarding them the TÜV seal “Safe from Covid-19”. A detailed review was carried out, for example, on cleaning and disinfection procedures, social distancing measures and controls, wearing protective masks, the availability of disinfectants, the use of standard personal protective equipment by airport staff, and internal protection and precautionary measures for employees. The seal is valid up to and including March 2023.
In order to guarantee service quality and to meet passengers’ and airlines’ requirements, Fraport conducted extensive modernization measures at the Group airports. Sensors for optical distance and speed measurement were installed in Thessaloniki, Corfu and Rhodes in order to increase the accuracy of queue wait times. In order to further improve performance at security checkpoints, an optimization project was launched that will be rolled out at all Group airports in Greece by 2025. In addition to the expansion of lounge areas, a telephone hotline was introduced at the airport in Lima, which can be used to obtain all information relating to flying.
The international airport association ACI awarded the “Airport Health Accreditation” for the organizational, infrastructural, and personnel measures introduced to protect against the coronavirus at Frankfurt Airport. The accreditation was carried out as part of a structured evaluation process along the entire airport process chain and included all stakeholders. The Group airports in Greece also received the Airport Health Accreditation.
In the context of the permanent passenger survey Fraport-MONITOR, which was conducted at Frankfurt Airport in order to collect information about global satisfaction, self-assessment interviews were carried out on the passenger’s own mobile device (smartphone, tablet, laptop) or on a tablet provided on site by the interviewers. The largely unchanged basic questionnaire was supplemented with additional questions by the Association of German Airports, Arbeitsgemeinschaft Deutscher Verkehrsflughäfen (ADV). The number of customer satisfaction criteria queried compared with the second half of 2021 was unchanged at 22.
At the fully-consolidated international Group airports, the regular surveys to measure passenger satisfaction were resumed from the second quarter of 2022 at the latest, albeit in some cases with reduced case numbers compared to pre-crisis levels. However, the sample sizes are sufficient to provide a valid figure for global satisfaction in both the international portfolio and the Group for the reporting year 2022. The passenger surveys were supplemented by measurements using the mystery shopping method, for example at Ljubljana Airport. Further insights on improving passenger satisfaction were gained in this way.
The reliable loading of luggage for departing flights and the fast delivery of luggage to the baggage claim for arriving flights have a major impact on customer satisfaction. Fraport AG measures this performance for departure baggage based on the non-financial performance indicator Baggage Connectivity (see also the “Control System” and “Non-financial Performance Indicators” chapters). In order to maintain connectivity at its current high level in the future coupled with increasing numbers of baggage items, Fraport is constantly working on optimization measures that are implemented in close cooperation with airlines within the scope of regular performance discussions. 2022 was characterized by operational challenges and a shortage of staff. Numerous management measures were implemented to counteract this. The focus was on recruiting and training employees in particular. Processes were also further optimized, for example, by implementing automated baggage forwarding on large parts of Lufthansa's route profile.
The Executive Board is informed about the development of baggage connectivity on a monthly basis. Management receives information on a daily basis so that measures can be taken at any time. Fraport regularly discusses the values with the airlines and ensures improvements are made. For example, Deutsche Lufthansa frequently receives a detailed monitoring report, and optimization measures are managed jointly with Fraport within the scope of regular meetings.
Performance indicators – Global passenger satisfaction and baggage connectivity are considered the most important criteria for measuring service quality (see the “Control System” and “Non-financial Performance Indicators” chapters).
IT security and airport safety and security
Security is the key requirement for air traffic. This principle applies equally to passenger traffic and air freight. Accordingly, security management has always been a top priority at Fraport.
All countries in which Fraport is active belong to the International Civil Aviation Organization (ICAO) and have contractually committed to comply with the organization’s safety standards and recommended practices for airports. In contrast to most ICAO member states, German law allocates passenger and baggage checks to government authorities, whereas in other countries this is usually the responsibility of the airports.
IT Security
Objective – All important business and operating processes at Fraport AG are supported by IT systems and IT components. Due to the ongoing development of new technologies and the increasing global threat of cyberattacks generally, there is an underlying risk potential for IT systems. The objective is therefore to protect all IT systems and data against failure, manipulation, and unwanted publication.
Concepts, measures, and results – Fraport protects its IT systems and data against failure, manipulation, and unwanted publication with active and preventive IT security management. These systems are configured redundantly and are housed at separate sites. The risks in the area of IT security are included in the risk management system (see also the “Risk and Opportunities Report” chapter). The requirements for IT security are specified in the IT security policy and security guidelines that must be followed throughout the Group. Compliance with these requirements is checked regularly by Internal Auditing, IT Security Management, or external advisors. In 2022, Fraport AG once again implemented a variety of projects to adequately respond to the growing risks arising from information technology. The level of IT security is also part of the annual management report for the quality management certification according to ISO 9001 and is therefore regularly audited by external auditors. In addition, potential for improvement identified within the scope of internal audits, such as the ISO27001 audit most recently conducted in 2022 in the area of energy management, will be processed and the Information Security Management System (ISMS) will be developed further.
Within the scope of a working group in the German Aviation Association, Fraport AG along with other airport operators, Deutsche Lufthansa, and the German Air Traffic Control has developed the security standards of the industry. These are based on the new KRITIS requirements. The objective is to establish a high safety standard within the aviation industry through close cooperation and reciprocal verification of compliance with regulatory requirements.
The Group companies outside of Frankfurt use their own IT infrastructure, that they protect according to the Group’s IT security guidelines. As a rule, the IT systems of the Group companies at the Frankfurt site as well as the SAP systems of Fraport Greece are integrated into the technology of Fraport AG and managed from Frankfurt. Using other IT systems is only possible with the consent of the Executive Board. At Fraport AG, a separate section within the “Information and Telecommunication” service unit is responsible for IT security. Its tasks are, among other things, the ongoing identification and implementation of measures to meet high security standards.
Performance indicator – The security management system at Fraport receives a variety of performance indicators that measure the effectiveness of the measures implemented. These indicators cannot be published for security reasons.
Airport safety
This area encompasses both security and safety: safety refers to the operational safety of the overall airport as well as the safety within the airport site. Security is understood in terms of defending against terrorist threats and protecting civil aviation.
Objective – For all operational processes, this focuses on safeguarding the safety and security of everyone at Fraport's airports.
Concepts, measures, and results – The measures include passenger, baggage, and cargo inspections, as well as the access control points for airport employees and suppliers. Regular weekly or monthly meetings are held with airlines, security service providers, and authorities to exchange current information.
At the international Group airports, the security requirements of each respective country as well as international standards for safety and security management are in effect. It is the responsibility of the local Group companies to implement and comply with these requirements. They include, among other things, a safety management system and access controls when entering the security area.
Fraport AG supports the Group companies in planning and implementing security measures. It also provides needs-based training for employees online, for example within the context of safety and security workshops. Within the scope of specialist exchange events, there is also a regular exchange between the Group companies.
Safety
Based on European statutory regulations, Fraport AG is obliged to operate a Safety Management System (SMS) at Frankfurt Airport. The EASA Safety Manager follows the guidelines of the European Aviation Safety Agency (EASA) and enjoys a direct reporting right to the Executive Board.
The SMS focuses on the safety of airport operations. The SMS takes into account all the risks – technical, organizational, or human – that may affect them. The SMS coordinates security measures in daily operations. It records safety-related events and is able to detect vulnerabilities. The objective is for all parties involved in air travel to implement the requirements contained in the Safety Policy of Fraport AG. Airport employees can submit safety-related reports to the SMS. In addition, anyone with access to the airside areas (apron and runway) must regularly complete safety training.
As a central reporting and alarm point for security matters, Fraport AG operates a security control center at Frankfurt Airport, which activates the emergency and crisis management, if required. The airport fire department, medical services, ambulance service, and the security services then coordinate operations on site. A crisis unit commences operation in the “Emergency Response and Information Center” (ERIC). It coordinates and executes all measures that require a concerted approach at the site beyond any routine damage and risk prevention. If necessary, the Fraport Emergency Team, consisting of volunteer employees of Fraport AG and the Group companies at the Frankfurt site, is deployed, which takes care of passengers, greeters, and relatives on site.
The contingency plan for Frankfurt Airport “FRA Not” documents which preparations have been made for various emergency scenarios and defines procedures to minimize the impact. ICAO and EASA prescribe regular exercises to be carried out by the respective airport operating company at the Group airports to train for the handling of emergencies and other security-related scenarios. Such exercises have no impact on flight operations. The results are used for further education and training.
Security
Both international and European regulations contain guidelines on the structural design of airport infrastructure to prevent attacks such as sabotage or terrorist activities.
In Germany, the German Aviation Security Act (LuftSiG) regulates the passenger and baggage controls as well as personnel and goods checks for access to the security areas. In addition, the LuftSiG defines the access and approach controls to airside areas as being within the direct responsibility of the airport operator. At Frankfurt Airport, Fraport AG employees as well as employees of the Group company FraSec Luftsicherheit and other private security service providers currently carry out airport security checks on behalf of the German Federal Police. Personnel and goods checks are carried out by the Group company, FraSec Flughafensicherheit.
Fraport AG develops measures to maintain high security standards independently and in agreement with the competent authorities. In the reporting year, the focus was on preparing for the transfer of responsibility for the performance of security services, which will take place at Frankfurt Airport from 2023. A service provider management system was designed and established. After the transfer of responsibility, it will be possible for the airport operator to make greater progress with control and quality management and thus to make processes more flexible and more efficient.
In May 2021, “Click2Drive”, a fully automated, label-based access control system, was introduced for the first time in Cargo City Süd (CCS). Due to the reliability of the system, the expansion to enable this type of access control in other operational areas was started in 2022 and thus laid the foundation for further digitalization projects, such as a digital version of the vehicle identification for certain operational areas.
A significant digitalization project was also driven forward for access to security areas. In 2022, biometric access control for personnel was implemented, which again increases the level of security. The first sites will be equipped with biometric scanners in the upcoming years.
Performance indicator – No performance indicator, target value, or term has been defined within the scope of the Sustainability Program.
Data protection
Objective –The objective is to ensure the handling of personal data in compliance with the data protection laws and to safeguard the rights of data subjects. It is irrelevant whether this involves data from passengers, customers, employees or external companies.
Concepts, measures and results – Fraport AG has a reporting system for processes that require the company to process personal data. These processes are recorded in a central processing directory. To consolidate the processes and rules at Fraport AG, existing processes were implemented in a data protection management system and a data protection policy was established. In the data protection policy, the Executive Board has laid out the principles, procedures, and obligations to be observed by all employees when they collect, disclose, transmit, modify, store, or delete personal data such as names, addresses, personnel numbers, or IP addresses in the course of their business activities. Specific data protection topics, such as data subject information or data subject rights, the deletion of data, or the reporting of data protection violations, have been set out in action guidelines with practical information, instructions, process descriptions and reference samples. The guidelines are to be implemented as an annex to the data protection directive for all employees. Extensive training concepts such as an e-learning tool and video training have been established, which can be accessed on the Intranet. At Fraport AG, the separation between the audit and control function and the specification function is ensured by filling the roles of data protection officer and data protection manager.
The Data Protection Officer monitors whether all data protection regulations are complied with at the company. This officer reports directly to the Executive Board and is independent in their tasks. Violations of the EU’s General Data Protection Regulation (GDPR) are reported directly to this officer – anonymously if so desired. The data protection manager is responsible for the processing directory of Fraport AG and organizes the processes required for this. This manager has authority to issue guidelines and reports to the Executive Board at regular intervals. The fundamental task of the data protection manager is to initiate, plan, implement and control the data protection management system.
The majority of the personal data processed by Fraport is due to the issue of airport ID cards and is thus compulsory for security reasons. Fraport AG has implemented both technical and organizational measures to protect data against misuse. Access to this system is allowed to only a limited group of people for a specifically defined task. Fraport AG collects personal data of passengers primarily for the use of parking garages, baggage handling, and specific processes at the terminal. Special regulations were therefore established while implementing biometric passenger processes (biometric eGates at the integrated pre-checks). The travel data is processed exclusively by the airlines. There are clear guidelines for the use of video technology at the Frankfurt site in order to ensure the personal rights of passengers, visitors, and employees. It also regulates the extent to which authorities are allowed to use Fraport video technology.
Given the advancing digitalization, the data protection team implemented specific processes in order to meet future requirements within a reasonable period of time. The procedures introduced ensure that data protection law is taken into account from the outset, both for business processes in general and for specific data protection topics, such as the processing of data subject inquiries. Checklists and automated evaluations are essential components here.
The level of data protection is part of the annual management report for the quality management certification according to ISO 9001. In addition, the data protection officer prepares an activity report. Since 2022, quality management audits will regularly include questions on data protection. Specific core questions are asked about the implementation of data protection. Depending on the answers, the data protection team develops an action plan for the following cycle. In addition, Internal Auditing reviews selected data protection topics annually.
The Executive Board of Fraport AG works towards ensuring that Group companies in Europe comply with the European General Data Protection Regulation and the timely implementation of the relevant legal requirements. In addition to offering training for employees, the Group companies have also created technical requirements to always take data protection into account. The Group companies outside the EU comply with the relevant national laws on data protection.
Performance indicator – No performance indicator, target value, or term has been defined within the scope of the Sustainability Program.