Professional Documents
Culture Documents
3
ICAO Intent for SMS
ICAO has proposed SMS implementation in:
Aerodromes (airports)
Air Traffic System
Airlines (fixed wing and helicopter operations)
Flight Operations
Maintenance and Engineering
Secretariat proposes that the SMS provisions be
Recommended practices from 23 November 2006
and
Standards from 1 January 2009
4
ICAO Annex 6 Requirements
Corporate Management
Risk based Ownership Integrated
8
SMS Characteristics
Risk Based Approach
Corporate Management
Risk based Ownership Integrated
Corporate Management
Risk based Ownership Integrated
10
SMS Functional Elements
Regardless of how an SMS is structured
and organized, an SMS requires that
five functions be carried out.
Planning
Training/Safety
Promotion Documentation
Surveillance Risk
& Control Management
11
SMS Functional Elements
Planning
The planning function of an SMS starts with clear statement of
what top management’s objectives are
with regard to safety.
Job descriptions
Incident investigations
13
SMS Functional Elements
Risk Management
Severity
1 2 3 4 5
Negligible Minor Major Hazardous Catastrophic
Likelihood
5
Frequent 5 10 15 20 25
4
Occasional 4 8 12 16 20
3
Remote 3 6 9 12 15
2
Improbable 2 4 6 8 10
1
Extremely
Improbable
1 2 3 4 5
Unacceptable
Acceptable with Monitoring
Acceptable
15
SMS Functional Elements
Program Surveillance and Control
Purpose of this functional element is to make sure
that the SMS is working.
Internal audits of the SMS components
External audits
Internal system assessments of how well the SMS
components are working
Employee reporting and feedback
Top management reviews.
16
SMS Functional Elements
Training/Safety Promotion
Purpose of this functional element is to make sure
that:
Staff in major safety-related positions have adequate
knowledge/skills to do their job
All other staff are knowledgeable about the SMS
components and their role in the SMS
Top management promotes safety and the SMS in order
to move the organization into a Safety Culture.
Informed culture
Reporting culture
Learning culture
Just culture
Flexible culture 17
Summary
ICAO has proposed that SMS be a Standard by
January 1, 2009
SMS is different from other safety programs
Top management ownership,
A risk based approach and
It is integrated into the business system.
18
Introduction to
Safety Management Systems
20
Outline
Concept of safety
The evolution of safety thinking
A concept of accident causation – Reason model
The organizational accident
People and safety
Errors and violations
Organizational culture
Safety investigation
Questions and answers
Points to remember
21
Concept of safety
What is safety
Zero accidents (or serious incidents)?
Freedom from danger or risks?
Error avoidance
Regulatory compliance?
…?
22
Concept of safety
Consider
The elimination of accidents (and serious incidents) is
unachievable.
Failures will occur, in spite of the most accomplished
prevention efforts.
No human endeavour or human-made system can be
free from risk and error.
Controlled risk and error is acceptable in an inherently
safe system.
23
Concept of safety
24
Safety
Traditional approach – Accident prevention
Focus on outcomes (causes)
Unsafe acts by operational personnel
Attach blame/punish for failures to “perform safely”
Address identified safety concern exclusively
Identifies:
WHY? HOW?
25
The evolution of safety thinking
TECHNICAL FACTORS
HUMAN FACTORS
TODAY
ORGANIZATIONAL
FACTORS
26
Reason’s Model of Accident
Causation
Defenses
Functional Tests
A maintenance organization has Checklists
Line Management
Delegation
Prioritization Active And
Planning
Latent Failures
Decision Makers
Policies, procedures,
corporate culture
Active Failures
Latent Failures
Latent Failures
Latent Failures
Latent Failures 27
Reason’s Model of Accident
Causation
Defenses
Functional Tests
In most cases, errors are Checklists
Pre-Conditions
Off work activities
Physical size
Facilities
Schedule
Line Management
Delegation
Prioritization
Active And
Planning Latent Failures
Decision Makers
Policies, procedures, Active Failures
corporate culture
Latent Failures
Latent Failures
Latent Failures
Latent Failures
28
Reason’s Model of Accident
Causation
Defenses
Functional Tests
An accident only occurs Checklists
Line Management
Delegation
Prioritization
Active And
Planning Latent Failures
Decision Makers
Policies, procedures, Active Failures
corporate culture
Latent Failures
Latent Failures
Latent Failures
Latent Failures
29
The organizational accident
Organizational processes
Policy-making
Planning
Communication
Allocation of resources
Supervision
…
Organizational processes
Organizational processes
Latent
conditions
•Technology
•Regulations Defences
•Training and checking
Resources to protect against the risks that
organizations involved in production activities
must confront.
32
The organizational accident
Organizational processes
•Workforce stability
Workplace •Qualifications and
conditions experience
•Morale
•Credibility
•Ergonomics design
Organizational processes
Workplace
conditions
Active •Errors
failures •Violations
Actions or inactions by people (pilots,
controllers, maintenance engineers,
aerodrome staff, etc.) that have an immediate
adverse effect. 34
The organizational accident
Organizational processes
Improve Identify
Monitor
Workplace Latent
conditions conditions
Reinforce
Contain
Active
Defences
failures
35
People and safety
Aviation workplaces
involve complex
interrelationships among
its many components.
To understand operational
performance, we must
understand how it may be
affected by the
interrelationships among
the various components of
the aviation work places.
36
Understanding human performance
Understand human
performance within the
ionall context
operattiona
opera
where it takes place B
37
Definitions of Error and Violation
An error is a human action (behavior) that
unintentionally departs from the expected action
(behavior).
38
Errors and Violations
Errors have been the focus of research, so we have
more theories of why errors occur than theories of why
violations occur.
However, errors and violations often occur together to
produce an unwanted outcome. Data from the U.S.
Navy suggest that…
~20% of the events are caused by a violation only
~20% of the events are caused by an error and a violation,
and
~60% of the events are caused by an error only.
We will collectively call errors and violations a
“maintenance system failure.”
39
Types of Maintenance System Failures
40
Human Error in Aircraft
Maintenance: UK CAA 1992
1. Incorrect installation of components
2. Fitting of wrong parts
3. Electrical wiring discrepancies
4. Loose objects left in aircraft
5. Inadequate lubrication
6. Access panels/fairings/cowlings not
secured
7. Fuel/oil caps and fuel panels not secured
8. Gear pins not removed before departure
41
UK Flight Safety Committee 2004
Top 10 Causes of Maintenance Mishaps
42
Processes and outcomes
Error:
causes and
consequences
are not linear in
their magnitude
43
Operational performance and
technology
In production-intensive
industries like aviation,
technology is essential.
The operational
consequences of the
interactions between
people and technology
are often overlooked,
leading to human error.
44
Understanding operational errors
Statistically, millions of
operational errors are
made before a major
safety breakdown occurs
Accident investigation – Once
in a million flights
49
Errors and consequences
Three strategies for the control
of human error
Error capturing strategies intervene
once the error has already been
made, capturing the error before it
generates adverse consequences.
QC inspections
Operational checks
Functional checks
…
50
Errors and consequences
51
Understanding violations – Are we ready?
People Safety
Risk space
Training
Procedures
Low
Minimum System Output Maximum52
Violations
What can be violated?
Company policies
Company processes
Company procedures
Violations are often made by well-intentioned
staff trying to finish a job, not staff who are trying
to increase comfort or reduce their work load.
53
Types of Violations
54
Violation Definitions
55
Violation Definitions (contd.)
56
Violation Definitions (contd.)
Exceptional—Mechanic/inspector willfully
breaks standing rules while disregarding the
consequences.
57
Definition of Culture
Culture = Customary beliefs, behavior
patterns, and material traits of a racial,
religious, or social group
Any organization has a culture of its own
Management style
Morale
Acceptable behaviors
Norms
58
Culture
59
Three cultures
National
Organizational
Professional
60
Three distinct cultures
National culture encompasses the value system
of particular nations.
Organizational/corporate culture differentiates
the values and behaviours of particular
organizations (e.g. government vs. private
organizations).
Professional culture differentiates the values
and behaviours of particular professional groups
(e.g. pilots, air traffic controllers, maintenance
engineers, aerodrome staff, etc.).
No human endeavour is culture-free
61
Organizational/corporate culture
62
Safety culture
A construct
An outcome, not a process
The introduction of safety management
concepts lays the foundation upon which to
build a safety culture
Safety culture cannot be “mandated” or
“designed”, it evolves.
It is generated “top-down”
63
Definition of Safety Culture
64
Importance of a Good Safety Culture
Safety, as it applies to maintenance, has
four components
1. Safety of flight
2. Personal safety
3. Equipment damage
4. Environmental damage
A good safety culture will reduce the
instances of all three of these events,
reducing the accident rate and, thus,
saving lives and money.
65
Safety culture
Informed culture Flexible culture
People are knowledgeable about the human, technical, People can adapt
organizational and environmental factors that determine the organizational processes
safety of the system as a whole. when facing high temporary
operations or certain kinds of
danger, shifting from the
conventional hierarchical
Reporting culture mode to a flatter mode.
People are prepared to
report their errors and Safety
experiences culture
Learning culture
People have the willingness
and the competence to draw
conclusions from safety
Just culture
information systems and the
People are encouraged (even rewarded) for providing essential
safety-related information. However, there is a clear line that will to implement major
differentiates between acceptable and unacceptable behaviour. reforms.
66
Safety culture
Safety Culture
Component Definition
Safety Values The organization regards safety as being of prime
importance.
Safety Beliefs The organization believes that:
Safety makes commercial sense
Individuals are not the sole causes of incidents
The next accident is waiting to happen.
Common Problem-Solving Risk assessment
Methods Cost-benefit analyses
Accident investigation AND accident analysis
Search for problems in advance of incidents.
Common Working Safety integral to design and operations practice
Practices Safety #1 on meeting agendas up to Board level
Chronic unease about safety.
Taken from Safety Culture – The Way ahead?: Theory and Practical Principles,
Patrick Hudson, Centre for Safety Science, Leiden University, 1999.
67
Three organizational types
68
Three possible organizational
cultures Source: Ron Westrum
70
Errors ...
73
Introduction to
Safety Management Systems
3. Safety Management
Objective
75
Outline
The safety stereotype
The management dilemma
Need for safety management
Strategies for safety management
The imperative of change
Safety management – Nine building blocks
Four responsibilities for managing safety
Questions and answers
Points to remember 76
The safety stereotype
77
What is the fundamental objective
of a business organization?
78
Safety management – Rationale
79
The management dilemma
Management levels
Resources Resources
Protection Production
80
The management dilemma
Res
o ur c
es
Man
agem
ent l
evel R
s esou
rces
Protection
Production
Catastrophe
81
The management dilemma
o u r ces
Res
en t
ag em
rce s Man vels
Re sou le
Production
Protection
Bankruptcy
82
Safety space
Bankruptcy
a c e
s p
Protection
nc e
i s ta
r es
u m
x i m
Ma
Catastrophe
Production 83
Safety management – The
response to the dilemma
Safety issues are a byproduct of activities
related to production/services delivery.
An analysis of an organization's resources and
goals allows for a balanced and realistic
allocation of resources between protection
and production goals, which supports the
needs of the organization.
The product/service provided by any aviation
organization must be delivered safely (i.e.
protecting users and stakeholders). 84
Safety management – The response to
the dilemma – Alternate view
Safety is viewed as a requirement for profitability and is
managed as an aspect of product quality and integrated into
the core business process
“Safe”
a ft t y
r
Zone
rc bili
Co
Bankruptcy “Bang”
i
Zone Zone
A ila
ts
AMva
a Profitability
Air
SAFETY PERFORMANCE w ort fet y
h ine Sa
19 ss
86
Why SM? An imperfect system
Operational Op “Practical
era drift”
deployment tion
al p
erf
orm
anc
e
87
The essential is invisible to the
eyes
Number of occurrences
1–5 Accidents
Latent conditions
1000 – 4000
88
Navigating the drift
Baseline performance
Op
era
tion
al p organization
er f
orm
anc
e
“Practical
drift”
Navigational aids
92
The imperative of change
As global aviation activity and complexity
continues to grow, traditional methods for
managing safety risks to an acceptable level
become less effective and efficient.
93
The changing of the guard
Traditional – Accident/serious incident investigation
Aviation system – as pre-specified – is perfect.
Compliance based.
Outcome oriented.
Evolving – Safety management
Aviation system – as pre-specified – is imperfect.
Performance based.
Process oriented.
94
Safety management – Nine
building blocks
95
Safety management – Nine
building blocks
98
The safety management process
at a glance
Identify
hazards
Re-evaluate Collect
control additional Assess
strategies hazard risks
data
Implement Prioritize
control Safety
strategies management risks
process
Develop
Assign elimination/
Approve mitigation
responsibilities control strategies
strategies
99
In summary
100
In summary
Safety management
Includes the entire operation.
Focuses on processes (Clear difference between
processes and outcomes).
Data-driven (constant monitoring).
Strictly documented.
Gradual improvement as opposed to dramatic change.
Strategic planning as opposed to piecemeal initiatives.
101
Points to remember
102
Introduction to
Safety Management Systems
4. Hazards
Objective
104
Outline
Two definitions
Understanding hazards
Hazard identification
Documentation of hazards
Points to remember
105
Two definitions
Hazard – Condition, object or activity with the potential
of causing injuries to personnel, damage to equipment
or structures, loss of material, or reduction of ability to
perform a prescribed function.
Risk – The likelihood of injury to personnel, damage to
equipment or structures, loss of material, or reduction of
the ability to perform a prescribed function, measured in
terms of probability and severity.
Risk ( Expected Loss
Unit Time or Activity
) = Severity ( Loss
) X Prob.(
Loss Event
Loss Event
)
Unit Time or Activity
A wind of 15 knots blowing directly across the runway is a
hazard.
The possibility that a pilot may not be able to control the aircraft
during take off or landing, resulting in an accident, is one risk .
106
Examples of hazards
ATC procedures
Weather
Missed approaches
Terrain
109
Kahului 737 Event
111
Significant Maintenance
Human Factors Events
Lima, Peru 1996 Tape left on static ports757-200
112
Lima 757 Event
The aircraft's three static ports on the left side were
obstructed by masking tape. The tape had been
applied before washing and polishing of the aircraft
the day before the accident flight
Work was begun on one shift and handed over to
next morning’s shift
Poor shift handover log was a contributing factor
Mechanics and pilots both missed tape during walk
around
113
IATA Safety Report 2003
92 accidents world wide in 2003
42 Western-built jets
32 Western-built turboprops
7 Eastern-built jets
11 Eastern-built turboprops
Maintenance failures were involved in 24
(26%) of all accidents
Sometimes the primary cause.
However, the accident scenario is often a combination
of the maintenance failure and the (incorrect) handling
of the failure by the flight crew.
114
Understanding Hazards—The Dilemma
Which One is the Hazard??
Inadequate lighting
Hard-to-understand AMM
No training on the task
Fatigue
Forgot
115
Hazard identification
The scope for hazards in aviation is wide, and
may be related to:
Design factors, including equipment and task
design.
Procedures and operating practices, including
documentation and checklists.
Communications, including means, terminology
and language.
Organizational factors, such as company
policies for recruitment, training, remuneration and
allocation of resources.
Work environment factors, such as ambient
noise and vibration, temperature, lighting and
protective equipment and clothing. 116
Hazard identification
…for example:
Regulatory factors, including the applicability and
enforceability of regulations; certification of
equipment, personnel and procedures; and the
adequacy of oversight.
Defences including detection and warning systems,
and the extent to which the equipment is resilient
against errors and failures.
Human performance, including medical conditions
and physical limitations.
117
Sources of hazard identification
Predictive
Proactive
Reactive
Internal
Company voluntary reporting
system
Audits and surveys
External
Accident reports
State mandatory occurrence
system
118
Hazard identification
By whom?
By anybody
By designated personnel
How?
Through formal processes
Depends on the organization
When?
Anytime
Under specific conditions
119
Hazard identification
Specific conditions
Unexplained increase in
safety-related events or
infractions.
Periods of significant
organizational change.
120
Hazard analysis
123
Hazard analysis
Method 2 Southern California Safety Institute
124
Hazard analysis
Method 2 Southern California Safety Institute
125
Documentation of hazards
126
Points to remember
127
Introduction to
Safety Management Systems
5. Risks
Objective
129
Outline
Risk management
Risk probability
Risk severity
Risk assessment and tolerability
Risk control/mitigation
Risk management warm-up exercises
Points to remember
130
Risk management
What is it?
The identification, analysis and elimination, and/or
mitigation to an acceptable level of risks that threaten
the capabilities of an organization.
What is the objective?
Aims at a directed and effective allocation of resources
to address all significant risks and viable risk control
and mitigation.
Why is it important?
A key component of a Safety Management System.
Data-driven approach to safety resources allocation,
thus defensible and easier to explain. 131
What is Risk?
132
Risk Probability/Likelihood
Definition(s)
Likelihood – The chance that a situation might
occur expressed in qualitative terms.
Frequent
Seldom
Probability – The result of a statistical analysis of a
system conducted to predict the chances that an
event might occur.
Expressed quantitatively
0 > probability < 1
134
Risk Likelihood
Questions for assessing the likelihood of an
occurrence:
Is there a history of occurrences like the one being
assessed, or is the occurrence an isolated event?
Is there a change in a process or procedure?
What number of operating or maintenance
personnel must follow the procedure (s) in
question?
How frequently is the equipment or procedure
under assessment used?
135
Risk likelihood
Likelihood of occurrence
Qualitative
Meaning Value
definition
Extremely
improbable
Almost inconceivable that the event will occur 1
136
Risk severity
Definition(s)
Severity – The possible consequences of a situation of
danger, taking as reference the worst foreseeable
situation that can be reasonably expected under
existing or proposed operational conditions.
137
Risks
Define the severity in terms of:
Property
Health
Finance
Liability
People
Environment
Image
Public confidence
138
Risk severity
Questions for assessing the severity of an
occurrence:
How many lives are at risk?
Employees
Passengers
Bystanders
General public
What is the environmental impact?
Spill of fuel or other hazardous product
Physical disruption of natural habitat
139
Risk severity
… questions:
What is the severity of the property or financial
damage?
Direct operator property loss
Damage to aviation infrastructure
Third party damage
Financial impact and economic impact for the State
Are there organizational, management or regulatory
implications that might generate larger threats to public
safety?
What are the likely political implications and/or media
interest?
140
Risk severity
Aviation
Meaning Value
definition
Equipment destroyed
Catastrophic
Multiple deaths E/5
A large reduction in safety margins, physical
distress or a workload such that the operators
cannot be relied upon to perform their tasks
Hazardous accurately or completely. D/4
Serious injury or death to a number of people.
Major equipment damage
A significant reduction in safety margins, a
reduction in the ability of the operators to cope
with adverse operating conditions as a result
of increase in workload, or as a result of
Major conditions impairing their efficiency. C/3
Serious incident.
Injury to persons.
Nuisance.
Operating limitations.
Minor Use of emergency procedures. B/2
Minor incident.
Negligible Little consequences A/1 141
Risk assessment (ICAO)
Risk severity
5 – Frequent 5A 5B 5C 5D 5E
4 – Occasional 4A 4B 4C 4D 4E
3 – Remote 3A 3B 3C 3D 3E
2 – Improbable 2A 2B 2C 2D 2E
1 – Extremely
improbable 1A 1B 1C 1D 1E
142
Risk tolerability (ICAO)
Acceptable after
1D, 1E, 2C, 3B, 4A, 4B review of the operation
143
Safety Risk Assessment Matrix
(Alternate)
Severity
1 2 3 4 5
Negligible Minor Major Hazardous Catastrophic
Likelihood
5
Frequent 5 10 15 20 25
4
Occasional 4 8 12 16 20
3
Remote 3 6 9 12 15
2
Improbable 2 4 6 8 10
1
Extremely
Improbable
1 2 3 4 5
144
Risk Level Definitions (alternate)
Acceptable
1, 2, 3, 4,
145
Risk matrix 4 X4
Severity
1 2 3 4
4 8 12 16
4
3
Likelihood
3 6 9 12
2 2 4 6 8
1 1 2 3 4
146
Risk matrix 8X8
8 8 16 24 32 40 48 56 64
7 7 14 21 28 35 42 49 56
6 6 12 18 24 30 36 42 48
5 5 10 15 20 25 30 35 40
Likelihood
4 4 8 12 16 20 24 28 32
3 6 9 12 15 18 21 24
3 Acceptable risk in
2 4 6 8 10 12 14 16 A 4X4 matrix
2
1 2 3 4 5 6 7 8
1
1 2 3 4 5 6 7 8
147
Outcome
What is at Risks ?
149
Risk mitigation/management
Definition(s)
Risk Mitigation – Measures to eliminate the
hazard, reduce the severity of the hazard, or
reduce the probability of the hazard.
(Mitigate – To make milder, less severe or less
harsh)
Risk Monitoring – Measures to ensure that a
risk is reliably maintained at an acceptable level.
150
Risk control/mitigation
Strategies
Avoidance – The operation or activity is
cancelled because risks exceed the benefits
of continuing the operation or activity.
Operations into an aerodrome surrounded by
complex geography and without the necessary aids
are cancelled.
151
Risk control/mitigation
Strategies
Reduction –The– frequency of the operation or
activity is reduced, or action is taken to reduce
the magnitude of the consequences of the
accepted risks.
Operations into an aerodrome surrounded by
complex geography and without the necessary aids
are continued based upon the availability of specific
aids and application of specific procedures.
152
Risk mitigation
Strategies
Segregation of exposure – Action is taken to
isolate the effects of risks or build-in
redundancy to protect against it, i.e., reduce
the severity of risk.
Operations into an aerodrome surrounded by
complex geography are limited to day-time, visual
conditions.
Non RVSM equipped aircraft not allowed to operate
into RVSM airspace.
153
Risk mitigation – Defences
154
Risk mitigation – Defences
155
Risk Mitigation – How Far?
156
Risk Mitigation (ICAO)
At the intersection of protection and
production
The acronym ALARP is used to describe a
safety risk which has been reduced to a level
that is as low as reasonably practicable.
In determining what is reasonably
practicable consideration is given to both the
technical feasibility and the cost of further
reducing the safety risk.
This includes a cost/benefit study.
157
Risk mitigation at a glance using
ALARP (ICAO)
Hazard identification Assessment of the Accepting the
and Control and
risk management defences within mitigation mitigation of
the safety system of the risk (s) the risk
Technology Is it appropriate?
A Is additional or
R R R R L different
Tolerable
region mitigation warranted?
A
EACH RISK R Do the mitigation
P strategies generate
Acceptable additional risk (s)
region
158
Risk Mitigation (Alternate)
The intent of a risk mitigation strategy is to
reduce a risk to a level where is can reliably
maintained (managed)
Control/mitigation strategies are evaluated on the
basis of achieved risk reduction (is the risk now
acceptable?).
159
Risk mitigation (Alternate)
H H H H
R R R R
Management
Zone
Acceptable
R Develop Risk Mitigation
strategy
Strategy
Develop Risk
Management
Strategy
no yes no
162
163
Risk likelihood
Likelihood of occurrence
Qualitative
Meaning Value
definition
Extremely
improbable
Almost inconceivable that the event will occur 1
164
Risk severity
Aviation
Meaning Value
definition
Equipment destroyed
Catastrophic Multiple deaths E/5
A large reduction in safety margins, physical
distress or a workload such that the operators
cannot be relied upon to perform their tasks
Hazardous accurately or completely. D/4
Serious injury or death to a number of people.
Major equipment damage
A significant reduction in safety margins, a
reduction in the ability of the operators to cope
with adverse operating conditions as a result
of increase in workload, or as a result of
Major conditions impairing their efficiency. C/3
Serious incident.
Injury to persons.
Nuisance.
Operating limitations.
Minor Use of emergency procedures. B/2
Minor incident.
Negligible Little consequences A/1 165
Risk assessment (ICAO)
Risk severity
5 – Frequent 5A 5B 5C 5D 5E
4 – Occasional 4A 4B 4C 4D 4E
3 – Remote 3A 3B 3C 3D 3E
2 – Improbable 2A 2B 2C 2D 2E
1 – Extremely
improbable 1A 1B 1C 1D 1E
166
Risk tolerability (ICAO)
Acceptable after
1D, 1E, 2C, 3B, 4A, 4B review of the operation
167
Hazard identification and risk
management – Warm-up exercise
Scenario:
Fuel spill on the apron area surface of approximately 25
m (75 ft) length and 5 m (15 ft) width, produced by an
A310 ready to pushback and taxi for departure.
Report by the apron responsible person:
After the A310 pushback the spill was contained and the
apron area was decontaminated.
168
Hazard identification and risk
management – Warm-up exercise
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
169
Hazard identification and risk
management – Warm-up exercise
Scenario:
It was observed that airline baggage handling personnel
generates FO(D) on the aerodrome apron area.
Report by the apron responsible personnel:
It should be noted that airline baggage handling
personnel are not complying with safety standards as set
in the aerodrome operating manual. This is considered a
hazard that can produce incident or accident in the
movement area.
170
Hazard identification and risk
management – Warm-up exercise
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
171
Hazard identification and risk
management – Warm-up exercise
Scenario:
A parked aircraft shows damage in the left wing root
near the fuselage. Such damage was caused by a
maintenance stair hitting the aircraft as a consequence
of the wind, apparently because the stair was not
properly restrained.
Report by the apron responsible person:
In conditions of strong winds it is essential that all
equipment around aircraft is properly restrained and
locked, thus preventing the possibility of aircraft
damage.
172
Hazard identification and risk
management – Warm-up exercise
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
173
Hazard identification and risk
management – Warm-up exercise
Scenario:
The vehicle and ramp equipment parking area behind the
fingers shows a large amount of FO(D) (food, trays,
plastics, pillows, etc.) left behind by an airline.
Report by the apron responsible person:
The presence of decomposed food and others dangerous
material was informed to the airline, since in addition to
FO(D), this presents a bacteriological danger for people
who operate in this sector, also attracting animals to the
operative apron.
174
Hazard identification and risk
management – Warm-up exercise
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
175
Hazard identification and risk
management – Warm-up exercise
Scenario:
A loose wheel, apparently from a baggage cart, was
observed in the handling area. The driver apparently
did not notice what happened. The wheel rolled at
high speed through the area, hitting the fence
accessing the fuel zone.
Report by the apron responsible person:
This could have caused injuries to ramp personnel in
addition to material damage to equipment and/or
aerodrome facilities. We have insisted in the past on
the periodic verification of all equipment and vehicles
that operate in the aerodrome apron area.
176
Hazard identification and risk
management – Warm-up exercise
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
177
Hazard identification and risk
management – Warm-up exercise
Scenario:
The absence of airline personnel attending the stairs was
observed in three occasions, in flights from different
companies. The presence of airline personnel is
necessary to guide passengers when embarking and
disembarking.
Report by the apron responsible personnel:
This is a risk for passengers, since they should access
the apron to board aircraft in an orderly manner under the
guidance of airline personnel.
178
Hazard identification and risk
management – Warm-up exercise
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
179
Points to remember
180
Introduction to
Safety Management Systems
6. Regulations
Objective
182
Outline
AGA, ATS and OPS/AMO safety management
What is a safety programme?
What is an SMS?
Acceptable level of safety
Acceptable level of safety – Implementation,
scope and legal considerations
Protection of sources of safety information
Questions and answers
Points to remember
183
The big picture
Operation of aircraft
Maintenance of aircraft
Air traffic services
Aerodromes
Two audience groups
States
Service providers
Three distinct requirements
Safety programme
SMS
Management accountability
184
As of 23 November 2006
185
What is a safety programme?
An integrated set of regulations and activities
aimed at improving safety.
States are responsible for establishing a safety
programme:
Safety regulation
Safety oversight
Accident/incident investigation
Mandatory/voluntary reporting systems
Safety data analysis
Safety promotion
186
Definitions
Oversight
Acceptance
Oversight
Organization’s Objective:
Objective: Organization’s Achieve
Manage and safety commercial
production
control management goals and
safety risk Risk management processes customer
system (SMS)
Safety assurance satisfaction
190
As of 23 November 2006
Implementation
The concept of acceptable level of safety is
expressed in practical terms by three measures:
Safety metrics
Safety performance indicators
Safety performance targets
It is delivered through various tools and means:
Safety requirements.
requirements …
192
Acceptable level of safety
Safety metrics
Variables that are measured and are related to safety
Pilot examples
Rejected take-offs due to pilot skill
Unstabilized approaches
Go arounds
Runway incursions
Maintenance examples
Rejected take-offs due to mechanical failures
Maintenance write-ups for 10 days after D check
Average number of MEL items per aircraft per fleet.
193
Acceptable level of safety
Safety indicators
Short and medium term objectives of a State safety
programme, or an operator/services provider SMS.
Linked to major components of a State safety
programme, or an operator/services provider SMS.
The measure that the state considers “safe” or “safe
enough”
Expressed in numerical terms.
Example – No more than 0.8 Cat A and B (most serious)
runway incursions per million operations through 2009.
194
Acceptable level of safety
Safety targets
Long-term objectives of a State safety programme,
or an operator/services provider SMS.
Determined weighing what is desirable and what is
realistic for an individual State/operator/services
provider.
Expressed in numerical terms.
Example - By 2010 reduce Cat A and B (most serious)
runway incursions to a rate of not more than 0.5 per
million operations.
195
Acceptable level of safety
… Implementation
The safety requirements should be
expressed in terms of operational procedures,
technology and systems, programmes, and
contingency arrangements.
Measures of reliability, availability and/or
accuracy may be added.
Example – Install Airport Surface Detection
Equipment-Model X (ASDE-X) at (three busiest
airports) within the next 12 months, with 98%
annual availability. 197
Acceptable level of safety
… Implementation
An acceptable level of safety will always be expressed
by a number of safety indicators and safety targets,
never by a single one.
198
Acceptable level of safety
Scope
There will seldom be a single or national
acceptable level of safety.
Most frequently, within each State, different
acceptable levels of safety will be separately
agreed between the oversight authority and
individual operators/services providers.
199
Acceptable level of safety
Scope
Each agreed acceptable level of safety
should be commensurate to the:
complexity of individual operator/services
provider specific operational contexts
availability of operator/services provider
resources to address them.
200
Acceptable level of safety
201
Acceptable level of safety
Legal considerations – Operators and service
providers
Establishing acceptable level(s) of safety for their
safety management system leaves unaffected
the obligations of operators or services providers
and other related parties, and it does not relieve
the operator, services providers and other related
parties from compliance with SARPs and/or
national regulations, as applicable.
202
Protecting sources of safety
information
Assembly Resolution A35/17
Legal guidance in Annex 13, Attachment E
Safety information must not be used for
purposes other than the purposes for which it
was collected.
Introduction and definitions
General principles
Principles of protection
Principles of exceptions
Responsibilities of the custodian of safety information
Protection of recorded information
203
Why ICAO safety management
provisions?
A move from prescription to performance
Prescriptive regulations – Prescribe what the
safety requirements are and how they are to be
met.
Performance based regulations – Specify the
safety requirements to be met, but provide
flexibility in terms of how safety requirements are
met.
204
FAA SMS Applicability
205
FAA Four Pillars
System
Proce- Descrip Data •Audits Comm
dures •Invest.
Hazard •Reports
Process Ident Analysis Training
Controls
Risk
Analysis
Planning Assmt
Risk
Assmt
Prev/Corr
Risk Action 206
Control
Points to remember
1. Standardised SMS provisions – Prescription vs.
performance.
2. Safety programme.
3. SMS.
4. Acceptable of level of safety.
a) Safety performance indicators.
b) Safety performance targets.
c) Safety requirements.
5. The need to protect the source of information
207
Introduction to
Safety Management Systems
7. Introduction to SMS
Objective
209
Outline
ICAO requirements
SMS – Introductory concepts
SMS features
System description
Gap analysis
SMS and QMS
Clarifying terms
Points to remember
210
ICAO requirements
A toolkit
The scope of SMS encompasses most of the
activities of the organization.
SMS must start from senior management,
management and safety
must be considered at all levels of the organization.
organization
SMS aims to make continuous improvement to the
overall level of safety.
All aviation stakeholders have a role to play in SMS.
212
Identifying aviation system
stakeholders
Aviation professionals
Aircraft owners and operators
Manufacturers
Aviation regulatory authorities
Industry trade associations
Regional air traffic service providers
Professional associations and federations
International aviation organizations
Investigative agencies
The flying public
213
Identifying aviation system
stakeholders
214
SMS features
216
Operational system description
1. The system interactions with other systems in
the air transportation system.
2. The system functions.
3. Required Human Factors considerations of the
system operation.
4. Hardware components of the system.
5. Software components of the system.
6. Related procedures that define guidance for the
operation and use of the system.
7. Operational environment
8. Contracted and purchased products and
services.
217
Gap analysis
219
SMS and QMS (ICAO)
220
SMS and QMS (ICAO)
223
Systems integration
225
Systems integration
considerations (ICAO)
There are different ways to integrate a safety
management system in the operation of the
organization.
Aviation organizations should be encouraged to
integrate their management system for quality,
safety, security, occupational health and safety,
and environmental protection management.
This integration, however, is presently beyond the
scope of the harmonized ICAO safety management
requirements.
226
Clarifying the use of terms
228
In summary
230
Introduction to
Safety Management Systems
8. Planning
Objective
232
Outline
233
The components of SMS
234
The components of SMS
235
The components of SMS
236
The components of SMS
237
Safety policy and objectives
1.1 – Management commitment and
responsibility
Executive management must:
Develop the safety policy, signed by the senior management,
in accordance to national and international standards and
organizational priorities.
Communicate, with visible endorsement, the safety policy to all
staff.
Provide necessary human and financial resources.
238
Safety policy and objectives
1.1 – Management commitment and
responsibility
Executive management must:
Establish safety objectives and performance standards
standard for
the SMS.
The safety objectives and performance standards should be
linked to the safety performance indicators,
indicators safety
performance targets and safety requirements of the SMS.
SMS
239
Safety policy and objectives
1.1 – Management commitment and
responsibility
Executive management
Single, identifiable person
Has responsibility for the organization’s safety performance
CEO/Chairman Board of Directors
President
The proprietor
240
Safety policy and objectives
1.1 – Management commitment and
responsibility
Executive management must have:
Final responsibility for determining level of acceptable risk for
safety
Full authority for human resources issues.
Authority for major financial issues.
Direct responsibility for the conduct of the organization’s
affairs.
Final authority over operations under certificate.
Final responsibility for all safety issues.
241
The components of SMS
242
Safety policy and objectives
1.2 – Safety accountabilities of managers
SMS organization
Safety responsibilities of key personnel
243
Safety responsibilities – An
example
Director of Director of
Other directorates
operations maintenance
Safety services
office
Flight Maintenance
safety officer safety officer
Safety Action
Group (s)
(SAG)
244
The components of SMS
245
Safety policy and objectives
1.3 – Appointment of key safety personnel
The safety office – Corporate functions
Advising executive management on safety matters.
Assisting line managers.
Overseeing hazard identification systems.
246
Safety policy and objectives
1.3 – Appointment of key safety personnel
The safety manager – Responsibilities
Responsible individual and focal point for the development
and maintenance of an effective safety management system
The safety manager is NOT responsible for the safety
performance of the organization
247
Safety policy and objectives
1.3 – Appointment of key safety personnel
The safety manager – Functions
Manages the SMS implementation plan on behalf of
the executive manager.
Facilitates hazard identification and risk analysis and
management.
Monitors corrective actions to ensure their
accomplishment.
Provides periodic reports on safety performance.
Maintains safety documentation.
Plans and organizes staff safety training.
Provides independent advice on safety matters.
248
Safety policy and objectives
1.3 – Appointment of key safety personnel
The safety manager – Selection criteria
Operational management experience and technical
background to understand the systems that support
operations.
People skills.
Analytical and problem-solving skills.
Project management skills.
Oral and written communications skills.
249
Safety responsibilities
Director of Director of
Other directorates
operations maintenance
Safety services
office
Flight Maintenance
safety officer safety officer
Safety Action
Group (s)
(SAG)
250
Safety policy and objectives
1.3 – Appointment of key safety personnel
The Safety Review Board (SRB):
High level committee
Strategic safety functions
Chaired by executive management
It may include the Board of Directors.
Composed of heads of functional areas.
251
Safety policy and objectives
1.3 – Appointment of key safety personnel
SRB monitors :
Safety performance against the safety policy and objectives.
Effectiveness of the SMS implementation plan.
Effectiveness of the safety supervision of sub-contracted
operations.
SRB ensures that appropriate resources are allocated
to achieve the established safety performance.
SRB gives strategic direction to the SAG
252
Safety responsibilities
Director of Director of
Other directorates
operations maintenance
Safety services
office
Flight Maintenance
safety officer safety officer
Safety Action
Group (s)
(SAG)
253
Safety policy and objectives
1.3 – Appointment of key safety personnel
Safety Action Group(s) (SAG):
Reports to SRB and directors takes strategic direction
from SRB.
Members:
Managers and supervisors from functional areas.
Front-line personnel.
254
Safety policy and objectives
1.3 – Appointment of key safety personnel
SAG:
Oversees operational safety within the functional area.
Resolves identified risks.
Assesses the impact on safety of operational changes.
Implements corrective action plans.
Ensures that corrective action is taken in a timely
manner.
Review the effectiveness of previous safety
recommendations.
Safety promotion. 255
The components of SMS
256
Safety policy and objectives
1.4 – SMS implementation plan
Developed by a planning group, which:
Comprises an appropriate experience base.
Meets regularly with executive management.
Receives resources (including time for meetings).
A realistic strategy for the implementation of an
SMS that will meet the organization’s safety
needs.
A definition of the approach the organization will
adopt for managing safety.
257
Safety policy and objectives
1.4 – SMS implementation plan – Contents
1) Reference to the safety policy
2) Safety planning, objectives and goals
3) System description
4) Gap analysis
5) SMS components
6) Safety roles and responsibilities
7) Safety reporting policy
8) Means of employee involvement
9) Safety communication
10) Safety performance measurement
11) Management review (of safety performance) 258
Safety policy and objectives
1.4 – SMS implementation plan
259
The components of SMS
260
Safety policy and objectives
1.5 – Coordination of the emergency response plan
262
Safety policy and objectives
1.5 – Coordination of the ERP
Plan contents: Plan contents:
Governing policies. Records.
Organization. Accident site.
Notifications. News media.
Initial response. Formal investigations.
Family assistance.
Additional assistance.
Post critical incident stress
Crisis Management Centre
counselling.
(CMC).
Post occurrence review.
263
The components of SMS
264
Safety policy and objectives
1.6 – Documentation
Applicable regulations
SMS records and documentation
Records management
The Safety Management System Manual (SMSM)
265
Safety policy and objectives
1.6 – Documentation – Safety policy and objectives
Defines executive managements commitment and vision
for safety
Safety policy must include a commitment to:
Achieve the highest safety standards.
Observe all applicable legal requirements and
international standards, and best effective practices.
Provide appropriate resources.
Enforce safety as one primary responsibility of all
managers.
Ensure that the policy is understood, implemented
and maintained at all levels.
266
Safety policy and objectives
1.6 – Documentation – Safety management
system manual (SMSM)
Key instrument for communicating the organization’s
approach to safety to the whole organization.
Documents all aspects of the SMS, including the safety
policy, objectives, procedures and individual safety
accountabilities.
267
Safety policy and objectives
1.6 – Documentation – SMSM contents
1. Scope of the safety 7. Safety performance
management system. monitoring.
2. The safety policy and 8. Emergency response
objectives. planning.
3. Safety accountabilities.
9. Management of change.
4. Key safety personnel.
10. Safety auditing.
5. Documentation control
procedures. 11. Safety promotion.
6. Hazard identification and 12. Contracted activities
risk management schemes
268
Conclusion
269
Conclusion
270
Points to remember
271
Introduction to
Safety Management Systems
9. Operations
Objective
273
Outline
274
The components of SMS
275
Safety risk management
2.1 – Hazard identification processes
A formal means of collecting, recording, acting
on and generating feedback about hazards and
risks in operations.
Three methods:
Reactive
Proactive
Predictive
276
Safety risk management
277
Safety risk management
2.1 – Hazard identification processes
Reporting systems
People are reluctant to report.
Why?
Retaliation.
Self-incrimination.
Embarrassment.
278
Safety risk management
2.1 – Hazard identification processes
Typical qualities of successful confidential
reporting systems:
Reports easy to make.
No disciplinary actions as result of reports.
Reports are confidential.
Feedback is rapid, accessible and informative.
279
Safety risk management
2.1 – Hazard identification processes
Four steps for action:
1. Reporting hazards, events or safety concerns.
2. Collecting and storing the data.
3. Analyzing reports.
4. Distributing the information distilled from the
analysis.
280
The components of SMS
282
The components of SMS
284
SMS Functional Element
Program Surveillance and Control
This function provides quality assurance for the SMS. It is
divided into:
Compliance Monitoring
Compliance monitoring Process control
Compliance monitoring provides management with information
concerning
Audits whether SMS policies, practices and procedures
have been
Incident incorporated into the organization’s operations and
reports
business practices and whether they are being correctly
followed.
Process Control
286
Program Surveillance and
Control
287
Program Surveillance and
Control
288
SMS performance metrics
Lagging indicators
Relatively small sample sizes.
Will generally take a long time (years) to acquire enough
data to establish statistical significance.
Accident and injury data are most common lagging
indicators.
Difficult to use for quality management and process
improvement.
Leading indicators
Large sample sizes.
Shorter time to develop statistical significance.
Used commonly for quality management and process
improvement.
289
The components of SMS
291
Program Surveillance and
Control
293
The components of SMS
295
Program Surveillance and
Control
298
Safety promotion
4.1 – Training and education
Who?
Operational personnel
Managers and supervisors
Senior managers
Accountable executive
Why?
To ensure that personnel are trained and competent
to perform the SMS duties.
How much?
Appropriate to the individual’s involvement in the
SMS. 299
Safety promotion
4.1 – Training and education
A building block approach
Operational personnel
Organization safety policy
SMS fundamentals and overview
Manager and supervisors
The safety process
Hazard identification and risk management
The management of change
Senior managers
Organizational safety standards and national regulations
Safety assurance
300
Safety promotion
4.1 – Training and education
Accountable executive – A special paragraph
Awareness of:
SMS roles and responsibilities
Safety policy
SMS Standards
Safety assurance
301
The components of SMS
303
Safety promotion
4.2 – Safety communication
The means to communicate may include:
Safety policies and procedures
News letters.
Bulletins.
Safety communication is an essential
foundation for the development and
maintenance of a safety culture.
304
SMS at a glance
Safety
305
Points to remember
306
Introduction to
Safety Management Systems
10. Implementation
Objective
308
Outline
309
Why a phased approach to SMS?
To provide a manageable series of steps to follow in
implementing an SMS.
To effectively manage the workload associated with
SMS implementation.
311
Phase 1
1. Identify the accountable executive and the
safety accountabilities of managers.
2. Identify the person (or planning group) within
the organization responsible for implementing
the SMS.
3. Describe the system (Air operator or
approved maintenance organization)
312
Phase 1
4. Conduct a gap analysis of the organization’s existing
resources compared with the national requirements
for establishing a SMS.
315
Phase 4
316
The final objective – Integration
Oversight
Acceptance
Oversight
Organization’s Objective:
Objective: Organization’s Achieve
Manage and safety commercial
control
production goals and
management
safety risk Risk management processes customer
system (SMS) Safety assurance satisfaction 317
Points to remember
318