Introduction To Safety Management Systems 1. What Is An SMS?

Introduction to
Safety Management Systems

1. What is an SMS?
Outline
1. What is an SMS?
2. Basic Safety Concepts
3. Safety Management
4. Hazards
5. Risks
6. Regulations
7. Introduction to SMS
8. Planning
9. Operations
10. Implementation
2
Outline
ICAO intent for SMS
What is an SMS
Characteristics of an SMS
Functional elements of an SMS
3
ICAO Intent for SMS
ICAO has proposed SMS implementation in:
 Aerodromes (airports)
 Air Traffic System
 Airlines (fixed wing and helicopter operations)
 Flight Operations
 Maintenance and Engineering
Secretariat proposes that the SMS provisions be
 Recommended practices from 23 November 2006
and
 Standards from 1 January 2009
4
ICAO Annex 6 Requirements
 “…a safety management system acceptable to the State of

the Operator that, as a minimum:
 identifies safety hazards; (Note: These are safety of flight hazards)
 ensures that remedial action necessary to maintain an acceptable
level of safety is implemented; and
 provides for continuous monitoring and regular assessment of
the safety level achieved.”
 …and, aims to make continuous improvement to the overall level of
safety (proposed amendment)”
 “An accepted safety management system shall clearly
define lines of safety accountability throughout the
operator’s organization, including a direct accountability for
safety on the part of senior management.”
5
What is a Safety Management
System?
A Safety Management System (SMS) is an set of
integrated tools, policies and processes used by
corporate management to fulfill their responsibility
to manage the safety risks associated with their
organization’s operations as a part of its overall
business.
 Flight operations/cabin crew
 Maintenance and engineering
 Ground operations
 Customer services
 Airport operations
 Air Traffic control
6
Characteristics of an SMS
 An SMS is different from other safety programs

because of…
 Corporate management ownership,
 A risk based approach and
 It is integrated into the business system.
Risk based Corporate Management Integrated

Ownership
7
SMS Characteristics
Corporate Management Ownership
Corporate Management
Risk based Ownership Integrated
As a corporate management process, an SMS is implemented

and managed at the corporate level. This type of corporate
management ownership is characterized by the fact that:
•Corporate management
•Understands and accepts the business case for safety
•Accepts the direct responsibility for the implementation and
management of the SMS
•Establishes levels of acceptable risk
•Sets performance management metrics and expectations for the
entire corporation.
8
SMS Characteristics
Risk Based Approach
Risk = Probability of Event Occurring X Severity of its Outcome

Addressing safety issues in terms of risk provides management
with a measurable picture of how “SAFE” its operations currently
are and how best to achieve its safety goals
•Defines safety in measurable terms

•Provide means to set measurable objectives
•Provides short term measure of effectiveness
•Provides means to evaluate safety strategies in terms of
•Performance
•Cost
9
SMS Characteristics
Integrated System
SMS integrates safety activities into the organization’s operations

On two levels:
Organization Level
SMS policies and procedures are vertically integrated throughout
the organization from corporate management down through every
level of the organization
Operational Requirement Level
Operational safety requirements are horizontally integrated into

all operational practices and procedures
10
SMS Functional Elements
Regardless of how an SMS is structured
and organized, an SMS requires that
five functions be carried out.
Planning
Training/Safety
Promotion Documentation
Surveillance Risk
& Control Management
11
Planning
The planning function of an SMS starts with clear statement of
what top management’s objectives are
with regard to safety.
SMS implementation plan Performance measures
Organizational structure System components

Safety
Management
Policies
System Plan Roles & Responsibilities
Emergency response Training
Strategic Safety Planning 12

Documentation
SMS information and activity must be documented. New
documentation will have to be written. All applicable
documentation must be maintained and kept current.
Plans Audit reports
Policies & Procedures Assessment findings
Regulatory requirements Industry information
Job descriptions
Incident investigations
13
Risk Management
The Risk Management component of an

SMS is designed to identify safety of flight
hazards, evaluate them for risk, and
manage those risks.
 Hazard identification process
 Reactive
 Proactive
 Predictive
 Risk assessment process
 Corrective action/risk management process.
14
Risk Assessment Matrix
Severity
1 2 3 4 5
Negligible Minor Major Hazardous Catastrophic
Likelihood
5
Frequent 5 10 15 20 25
4
Occasional 4 8 12 16 20
3
Remote 3 6 9 12 15
2
Improbable 2 4 6 8 10
1
Extremely
Improbable
1 2 3 4 5
Unacceptable
Acceptable with Monitoring
Acceptable
15
Program Surveillance and Control
Purpose of this functional element is to make sure
that the SMS is working.
 Internal audits of the SMS components
 External audits
 Internal system assessments of how well the SMS
components are working
 Employee reporting and feedback
 Top management reviews.
16
Training/Safety Promotion
Purpose of this functional element is to make sure
that:
 Staff in major safety-related positions have adequate
knowledge/skills to do their job
 All other staff are knowledgeable about the SMS
components and their role in the SMS
 Top management promotes safety and the SMS in order
to move the organization into a Safety Culture.
 Informed culture
 Reporting culture
 Learning culture
 Just culture
 Flexible culture 17
Summary
ICAO has proposed that SMS be a Standard by
January 1, 2009
SMS is different from other safety programs
Top management ownership,
A risk based approach and
It is integrated into the business system.
18
Introduction to
2. Basic Safety Concepts

Objective
At the end of this module, participants will be able

to describe the limitations of traditional methods to
manage safety and describe new perspectives and
methods for managing safety.
20
Outline
 Concept of safety
 The evolution of safety thinking
 A concept of accident causation – Reason model
 The organizational accident
 People and safety
 Errors and violations
 Organizational culture
 Safety investigation
 Questions and answers
 Points to remember
21
Concept of safety
 What is safety
 Zero accidents (or serious incidents)?
 Freedom from danger or risks?
 Error avoidance
 Regulatory compliance?
 …?
22
Concept of safety
 Consider
 The elimination of accidents (and serious incidents) is
unachievable.
 Failures will occur, in spite of the most accomplished
prevention efforts.
 No human endeavour or human-made system can be
free from risk and error.
 Controlled risk and error is acceptable in an inherently
safe system.
23
Concept of safety
Safety is the state in which the risk of harm to
persons or property damage is reduced to, and

maintained at or below, an acceptable level.
24
Safety
Traditional approach – Accident prevention
 Focus on outcomes (causes)
 Unsafe acts by operational personnel
 Attach blame/punish for failures to “perform safely”
 Address identified safety concern exclusively
 Identifies:
WHAT? WHO? WHEN?

 But not always discloses:
WHY? HOW?
25
The evolution of safety thinking
TECHNICAL FACTORS
HUMAN FACTORS
TODAY
ORGANIZATIONAL
FACTORS
1950s 1970s 1990s 2000s
26
Reason’s Model of Accident
Causation
Defenses
Functional Tests
A maintenance organization has Checklists
many barriers to error. Productive Activities

Repairs, Servicing
Fault Isolation
Errors can happen Pre-Conditions

Off work activities
at any level. Physical size
Facilities
Schedule
Line Management
Delegation
Prioritization Active And
Planning
Latent Failures
Decision Makers
Policies, procedures,
corporate culture
Active Failures
Latent Failures
Latent Failures
Latent Failures
Latent Failures 27
Causation
Defenses
Functional Tests
In most cases, errors are Checklists
caught before an Productive Activities

Repairs, Servicing
accident occurs. Fault Isolation
Pre-Conditions
Off work activities
Physical size
Facilities
Schedule
Line Management
Delegation
Prioritization
Active And
Planning Latent Failures
Decision Makers
Policies, procedures, Active Failures
corporate culture
Latent Failures
Latent Failures
Latent Failures
Latent Failures
28
Causation
Defenses
Functional Tests
An accident only occurs Checklists
when a failure occurs Repairs, Servicing

Productive Activities
Accident
Fault Isolation
in all of the Pre-Conditions
barriers. Off work activities

Physical size
Facilities
Schedule
Line Management
Delegation
Prioritization
Active And
Planning Latent Failures
Decision Makers
Policies, procedures, Active Failures
corporate culture
Latent Failures
Latent Failures
Latent Failures
Latent Failures
29
The organizational accident
Organizational processes
 Policy-making
 Planning
 Communication
 Allocation of resources
 Supervision
 …
Activities over which any organization has a

reasonable degree of direct control
30
•Inadequate hazard Latent

identification and risk conditions
management
•Normalization of
deviance
Conditions present in the system before the accident,

made evident by triggering factors.
31
Latent
conditions
•Technology
•Regulations Defences
•Training and checking
Resources to protect against the risks that
organizations involved in production activities
must confront.
32
•Workforce stability
Workplace •Qualifications and
conditions experience
•Morale
•Credibility
•Ergonomics design
Factors that directly influence the efficiency of

people in aviation workplaces.
33
Workplace
conditions
Active •Errors
failures •Violations
Actions or inactions by people (pilots,
controllers, maintenance engineers,
aerodrome staff, etc.) that have an immediate
adverse effect. 34
Improve Identify
Monitor
Workplace Latent
conditions conditions
Reinforce
Contain
Active
Defences
failures
35
People and safety
 Aviation workplaces
involve complex
interrelationships among
its many components.
 To understand operational
performance, we must
understand how it may be
affected by the
interrelationships among
the various components of
the aviation work places.
36
Understanding human performance
Understand human
performance within the
ionall context
operattiona
opera
where it takes place B
37
Definitions of Error and Violation
 An error is a human action (behavior) that
unintentionally departs from the expected action
(behavior).
 A violation is a human action (behavior) that

intentionally departs from the expected action
(behavior).
38
Errors and Violations
 Errors have been the focus of research, so we have
more theories of why errors occur than theories of why
violations occur.
 However, errors and violations often occur together to
produce an unwanted outcome. Data from the U.S.
Navy suggest that…
 ~20% of the events are caused by a violation only
 ~20% of the events are caused by an error and a violation,
and
 ~60% of the events are caused by an error only.
 We will collectively call errors and violations a
“maintenance system failure.”
39
Types of Maintenance System Failures
 Maintenance System Failure = System

failure caused by a mechanic/engineer/inspector
that leads to problems on the aircraft.
Installation failure
Servicing failure
Repair failure
Fault isolation/inspection/testing failure
Foreign object damage (FOD)
Equipment damage
Personal injury
40
Human Error in Aircraft
Maintenance: UK CAA 1992
1. Incorrect installation of components
2. Fitting of wrong parts
3. Electrical wiring discrepancies
4. Loose objects left in aircraft
5. Inadequate lubrication
6. Access panels/fairings/cowlings not
secured
7. Fuel/oil caps and fuel panels not secured
8. Gear pins not removed before departure
41
UK Flight Safety Committee 2004
Top 10 Causes of Maintenance Mishaps
1. Failure to follow published technical data or local instructions

2. Using unauthorized procedure not referenced in technical data
3. Supervisors accepting non-use of technical data or failure to follow
maintenance instructions
4. Failure to document maintenance properly in maintenance records, work
package
5. Inattention to detail/complacency
6. Incorrectly installed hardware on an aircraft/engine
7. Performing an unauthorized modification to the aircraft
8. Failure to conduct a tool inventory after completion of the task
9. Personnel not trained or certified to perform the task
10. Ground support equipment improperly positioned for the task
42
Processes and outcomes
Error:
causes and
consequences
are not linear in
their magnitude
43
Operational performance and
technology
In production-intensive
industries like aviation,
technology is essential.
The operational
consequences of the
interactions between
people and technology
are often overlooked,
leading to human error.
44
Understanding operational errors
Human error is considered

contributing factor in most
aviation occurrences.
Even competent personnel
commit errors.
Errors must be accepted as a
normal component of any
system where humans and
technology interact.
45
Errors and safety – A non
linear relationship
Statistically, millions of
operational errors are
made before a major
safety breakdown occurs
Accident investigation – Once
in a million flights
Flaps Checklist Unheeded

omitted failure warning
Error Deviation Amplification Degradation/

breakdown
Safety management – On
almost every flight
Flaps Checklist Effective
omitted works warning
Error Deviation Amplification Normal

operation
48
Errors and consequences
Three strategies for the control of

human error
 Error reduction strategies intervene at
the source of the error by reducing or
eliminating the contributing factors.
 Redesign using Human-centred design
principles
 Ergonomic factors
 Training
…
49
Three strategies for the control
of human error
 Error capturing strategies intervene
once the error has already been
made, capturing the error before it
generates adverse consequences.
 QC inspections
 Operational checks
 Functional checks
…
50
Three strategies for the control of

human error
 Error tolerance strategies intervene to
increase the ability of a system to
accept errors without serious
consequence.
 System redundancies
 Structural inspections
 ETOPS maintenance rules
51
Understanding violations – Are we ready?
Production objective(s) Incident Accident

Violations
High
Technology
People Safety
Risk space
Training
Procedures
Low
Minimum System Output Maximum52
Violations
 What can be violated?
 Company policies
 Company processes
 Company procedures
 Violations are often made by well-intentioned
staff trying to finish a job, not staff who are trying
to increase comfort or reduce their work load.
53
Types of Violations
There are three types of violations that we

are interested in…
Routine
Situational
Exceptional.
54
Violation Definitions
 Routine—These are “common practice.”

Often occur with such regularity that they
are automatic. Violating this rule has
become a group norm. Routine violations
are condoned by management.
55
Violation Definitions (contd.)
 Situational—Mechanic/inspector strays from

accepted practices, “bending” a rule. Occur as a
result of factors dictated by the employee’s
immediate work area or environment. Due to
such things as…
 Time pressure
 Lack of supervision
 Unavailability of equipment, tools, or parts
 Insufficient staff.
56
Violation Definitions (contd.)
 Exceptional—Mechanic/inspector willfully
breaks standing rules while disregarding the
consequences.
57
Definition of Culture
Culture = Customary beliefs, behavior
patterns, and material traits of a racial,
religious, or social group
Any organization has a culture of its own
Management style
Morale
Acceptable behaviors
Norms
58
Culture
Culture binds people together as members of

groups and provides clues as to how to behave
in both normal and unusual situations.
Culture influences the values, beliefs and
behaviours that people share with other
members of various social groups.
59
Three cultures
National
Organizational
Professional
60
Three distinct cultures
National culture encompasses the value system
of particular nations.
Organizational/corporate culture differentiates
the values and behaviours of particular
organizations (e.g. government vs. private
organizations).
Professional culture differentiates the values
and behaviours of particular professional groups
(e.g. pilots, air traffic controllers, maintenance
engineers, aerodrome staff, etc.).
No human endeavour is culture-free
61
Organizational/corporate culture
Sets the boundaries for acceptable behaviour

in the workplace by establishing norms and
limits.
Provides a frame work for managerial and
employee decision-making
 “This is how we do things here, and how we talk about
the way we do things here”.
here”
62
Safety culture
 A construct
 An outcome, not a process
 The introduction of safety management
concepts lays the foundation upon which to
build a safety culture
 Safety culture cannot be “mandated” or
“designed”, it evolves.
 It is generated “top-down”
63
Definition of Safety Culture
What is a “safety culture” as it applies to an

aircraft maintenance organization?
A “safety culture” is a (maintenance
organization) culture in which safety plays a
major role.
64
Importance of a Good Safety Culture
 Safety, as it applies to maintenance, has
four components
1. Safety of flight
2. Personal safety
3. Equipment damage
4. Environmental damage
 A good safety culture will reduce the
instances of all three of these events,
reducing the accident rate and, thus,
saving lives and money.
65
Safety culture
Informed culture Flexible culture
People are knowledgeable about the human, technical, People can adapt
organizational and environmental factors that determine the organizational processes
safety of the system as a whole. when facing high temporary
operations or certain kinds of
danger, shifting from the
conventional hierarchical
Reporting culture mode to a flatter mode.
People are prepared to
report their errors and Safety
experiences culture
Learning culture
People have the willingness
and the competence to draw
conclusions from safety
Just culture
information systems and the
People are encouraged (even rewarded) for providing essential
safety-related information. However, there is a clear line that will to implement major
differentiates between acceptable and unacceptable behaviour. reforms.
66
Safety culture
Safety Culture
Component Definition
Safety Values The organization regards safety as being of prime
importance.
Safety Beliefs The organization believes that:
 Safety makes commercial sense
 Individuals are not the sole causes of incidents
 The next accident is waiting to happen.
Common Problem-Solving  Risk assessment
Methods  Cost-benefit analyses
 Accident investigation AND accident analysis
 Search for problems in advance of incidents.
Common Working  Safety integral to design and operations practice
Practices  Safety #1 on meeting agendas up to Board level
 Chronic unease about safety.
Taken from Safety Culture – The Way ahead?: Theory and Practical Principles,
Patrick Hudson, Centre for Safety Science, Leiden University, 1999.
67
Three organizational types
Organizations and the management of

information
 Pathological – Hide the information
 Bureaucratic – Restrain the information
 Generative – Value the information
Source: Ron Westrum
68
Three possible organizational
cultures Source: Ron Westrum
Pathological Bureaucratic Generative
Information Hidden Ignored Sought
Messengers Shouted Tolerated Trained
Responsibilities Shirked Boxed Shared
Reports Discouraged Allowed Rewarded
Failures Covered up Merciful Scrutinized
New ideas Crushed Problematic Welcomed
Resulting Conflicted “Red tape” Reliable

organization organization organization organization
69
Safety investigation
For “funereal” purposes

 To put losses behind
 To reassert trust and faith in the system
 To resume normal activities
 To fulfill political purposes
 Like a police investigation
For improved system reliability
 To learn about system vulnerability
 To develop strategies for change
 To prioritize investment of resources
70
Errors ...
… are like mosquitoes …

71
To fight them …
... drain their breeding swamps.

72
Points to remember
1. The organizational accident.
2. Operational contexts and human performance
3. Errors and violations.
4. Organizational culture and safety.
5. The management of safety information and
safety culture.
73
Introduction to
3. Safety Management
Objective
At the end of this section, participants will be able

to explain the need for, the strategies and the key
features of safety management.
75
Outline
The safety stereotype
The management dilemma
Need for safety management
Strategies for safety management
The imperative of change
Safety management – Nine building blocks
Four responsibilities for managing safety
Questions and answers
Points to remember 76
The safety stereotype
77
What is the fundamental objective
of a business organization?
To make money in order

to stay in business!!
78
Safety management – Rationale
In order to achieve its production objectives, the

management of any aviation organization requires the
management of many business processes.
Managing safety is one such business process.
Safety management is a core business function just as

financial management, HR management, etc.
This brings about a potential dilemma for management.
79
The management dilemma
Management levels
Resources Resources
Protection Production
80
Res
o ur c
es
Man
agem
ent l
evel R
s esou
rces
Protection
Production
Catastrophe
81
o u r ces
Res
en t
ag em
rce s Man vels
Re sou le
Production
Protection
Bankruptcy
82
Safety space
Bankruptcy
a c e
s p
Protection
nc e
i s ta
r es
u m
x i m
Ma
Catastrophe
Production 83
Safety management – The
response to the dilemma
Safety issues are a byproduct of activities
related to production/services delivery.
An analysis of an organization's resources and
goals allows for a balanced and realistic
allocation of resources between protection
and production goals, which supports the
needs of the organization.
The product/service provided by any aviation
organization must be delivered safely (i.e.
protecting users and stakeholders). 84
Safety management – The response to
the dilemma – Alternate view
Safety is viewed as a requirement for profitability and is
managed as an aspect of product quality and integrated into
the core business process
“Safe”
a ft t y
r
Zone
rc bili
Co
Bankruptcy “Bang”
i
Zone Zone
A ila
ts
AMva
a Profitability
Air
SAFETY PERFORMANCE w ort fet y
h ine Sa
19 ss
Conflicting Requirements Safety as a Requirement for

85
Profitability
Why SMS? – The First Ultra-Safe
Industrial System
Fragile system (1920’s -1970’s)
 Fly-Fix-Fly
 Individual risk management & intensive training
1/1000  Accident investigation
Safe system (1970’s – mid 1990’s)
System Safety
Quality Management Systems
Technology & regulations
1/100,000 Incident investigation
Ultra-safe system (mid 1990’s onwards)

 Business management approach (SMS)
to safety
 Routine collection and analysis
1/10,000,000
of operational data
86
Why SM? An imperfect system
System Baseline performance

design
Operational Op “Practical
era drift”
deployment tion
al p
erf
orm
anc
e
87
The essential is invisible to the
eyes
Number of occurrences
1–5 Accidents
30 – 100 Serious incidents
100 – 1000 Incidents
Latent conditions
1000 – 4000
88
Navigating the drift
Baseline performance
Op
era
tion
al p organization
er f
orm
anc
e
“Practical
drift”
Navigational aids
Reactive Proactive Predictive

89
Reactive safety management
Investigation of accidents and serious incidents

 Based upon the notion of waiting until something breaks
to fix it. Also based on the belief that we should learn
from our mistakes, which provide valuable information.
 Most appropriate for:
 Events caused by errors and violations
 Situations involving failures in technology.
 Unusual events.
 The contribution of reactive approaches to safety
management depends on the extent to which the
investigation goes beyond the triggering cause(s), and
includes contributing factors and findings as to risks.
90
Predictive safety management
Risk analysis, cost vs. benefit analysis and

engineering trade studies.
 Based upon the notion that any proposed change in a
system should first be assessed to determine whether the
change imposes any new or additional risks.
 Use risk data as a selection criteria for new equipment,

aircraft or processes.
 Develop and implement risk management strategies

before system change takes place.
91
Strategies – Summary
Predictive method
Reactive method Proactive method
Change
Management
The reactive method The proactive method
responds to the looks actively for the The predictive
events that already identification of method identifies
happened, such as safety risks potential risks
incidents and through the analysis associated with
accidents of the organization’s system changes.
activities.
92
The imperative of change
As global aviation activity and complexity
continues to grow, traditional methods for
managing safety risks to an acceptable level
become less effective and efficient.
Evolving methods for understanding and managing

safety risks are necessary.
93
The changing of the guard
Traditional – Accident/serious incident investigation
 Aviation system – as pre-specified – is perfect.
 Compliance based.
 Outcome oriented.
Evolving – Safety management
 Aviation system – as pre-specified – is imperfect.
 Performance based.
 Process oriented.
94
Safety management – Nine
building blocks
 Executive management’s commitment to the

management of safety.
 Effective safety reporting.

reporting
 Continuous monitoring through systems to
collect, analyse, and share safety-related
data arising from normal operations.
95
Safety management – Nine
building blocks
 Investigation of safety occurrences with the

objective of identifying systemic safety
deficiencies rather than assigning blame.
 Sharing safety lessons learned and best

practices through the active exchange of safety
information.
 Integration of safety training (including Human

Factors) for operational personnel.
96
Evolving methods – Nine building
blocks
Effective implementation of Standard
Operating Procedures (SOPs), including the
use of checklists and briefings.
Continuous improvement of the overall level

of safety.
An organizational culture that fosters safe

practices, encourages safety communications
and actively manages safety with the same
attention to results as financial management.
97
Responsibilities for managing
safety
These responsibilities fall into four basic areas:

 Definition of policies and procedures regarding safety.
 Allocation of resources for safety management
activities.
 Adoption of best industry practices.
 Incorporating regulations governing civil aviation
safety.
98
The safety management process
at a glance
Identify
hazards
Re-evaluate Collect
control additional Assess
strategies hazard risks
data
Implement Prioritize
control Safety
strategies management risks
process
Develop
Assign elimination/
Approve mitigation
responsibilities control strategies
strategies
99
In summary
Managing safety requires resources.
Allocation of resources is a managerial function.
Management has the authority and the

responsibility to manage safety risks in the
organization.
100
In summary
Safety management
 Includes the entire operation.
 Focuses on processes (Clear difference between
processes and outcomes).
 Data-driven (constant monitoring).
 Strictly documented.
 Gradual improvement as opposed to dramatic change.
 Strategic planning as opposed to piecemeal initiatives.
101
Points to remember
1. The dilemma of the two P’s.

2. Why SM? An ultra-safe, yet imperfect system.
3. Safety management methods and their
effectiveness.
4. The changing of the guard.
5. The fundamental contribution of senior
management to safety.
102
Introduction to
4. Hazards
Objective

to apply the fundamentals of hazard identification.
104
Outline
Two definitions
Understanding hazards
Hazard identification
Documentation of hazards
Points to remember
105
Two definitions
 Hazard – Condition, object or activity with the potential
of causing injuries to personnel, damage to equipment
or structures, loss of material, or reduction of ability to
perform a prescribed function.
 Risk – The likelihood of injury to personnel, damage to
equipment or structures, loss of material, or reduction of
the ability to perform a prescribed function, measured in
terms of probability and severity.
Risk ( Expected Loss
Unit Time or Activity
) = Severity ( Loss
) X Prob.(
Loss Event
Loss Event
)
 A wind of 15 knots blowing directly across the runway is a
hazard.
 The possibility that a pilot may not be able to control the aircraft
during take off or landing, resulting in an accident, is one risk .
106
Examples of hazards
Automation events Unfamiliar phraseology
ATC procedures
Weather
Similar call signs
Missed approaches
Terrain
Heavy traffic Flight diversions
Unfamiliar airports System

Non-airworthy malfunctions
aircraft 107
Understanding hazards
Natural tendency to describe the hazards as an
outcome
 “Runway incursion” vs. “unclear aerodrome signage”
Stating hazards as outcomes disguises their

nature and interferes with identifying other
important outcomes.
However, well-named hazards allows to infer the

sources or mechanisms and loss outcome(s).
108
Significant Maintenance-
Related Events
Kahului, Hawaii, U.S.A. 1988 Upper fuselage separation 737-200
109
Kahului 737 Event
Post incident inspection revealed that there were at

least 240 cracks present at the last inspection prior
to incident.
Among the contributing factors to the error of not
seeing the cracks…
 Lack of resources–No proper platform or inspection lights.
 Fatigue–Inspection carried out late at night.
 Lack of technical knowledge–Not enough inspection
training.
 Complacency–Done other aircraft and had not find any
cracks.
110
Primary Causes of All Hull Loss Accidents
Worldwide Commercial Large Jet Fleet
Number of accidents Percentage of total accidents with known causes

Primary factor 10 20 30 40 50 60 70
1959--1994 1995--2004
Flight crew 338 73%
75 56%
53 11%
Airplane
23 17%
20 4%
Maintenance & Inspection .
5 4%
17 4%
Weather 13%
17
Airport/ATC 16 3%
5 4%
Miscellaneous/other 21 5%
8 6%
Total with known causes 465 133 Excludes:: Legend:
Unknown or awaiting reports 44 • Sabotage 1959 through 1994
77
• Military action 1995 through 2004
Total 542 177
111
Significant Maintenance
Human Factors Events
Lima, Peru 1996 Tape left on static ports757-200
112
Lima 757 Event
The aircraft's three static ports on the left side were
obstructed by masking tape. The tape had been
applied before washing and polishing of the aircraft
the day before the accident flight
Work was begun on one shift and handed over to
next morning’s shift
Poor shift handover log was a contributing factor
Mechanics and pilots both missed tape during walk
around
113
IATA Safety Report 2003
92 accidents world wide in 2003
 42 Western-built jets
 32 Western-built turboprops
 7 Eastern-built jets
 11 Eastern-built turboprops
Maintenance failures were involved in 24
(26%) of all accidents
 Sometimes the primary cause.
 However, the accident scenario is often a combination
of the maintenance failure and the (incorrect) handling
of the failure by the flight crew.
114
Understanding Hazards—The Dilemma
Which One is the Hazard??
A/C Event: Pilot head

Maintenance Maintenance
In-flight down: Loss CFIT
Contributing Error/
engine of aircraft accident
Factors Violation
shutdown control
Inadequate lighting
Hard-to-understand AMM
No training on the task
Fatigue
Forgot
115
Hazard identification
 The scope for hazards in aviation is wide, and
may be related to:
 Design factors, including equipment and task
design.
 Procedures and operating practices, including
documentation and checklists.
 Communications, including means, terminology
and language.
 Organizational factors, such as company
policies for recruitment, training, remuneration and
allocation of resources.
 Work environment factors, such as ambient
noise and vibration, temperature, lighting and
protective equipment and clothing. 116
 …for example:
 Regulatory factors, including the applicability and
enforceability of regulations; certification of
equipment, personnel and procedures; and the
adequacy of oversight.
 Defences including detection and warning systems,
and the extent to which the equipment is resilient
against errors and failures.
 Human performance, including medical conditions
and physical limitations.
117
Sources of hazard identification
Predictive
Proactive
Reactive
 Internal
 Company voluntary reporting
system
 Audits and surveys
 External
 Accident reports
 State mandatory occurrence
system
118
By whom?
 By anybody
 By designated personnel
How?
 Through formal processes
 Depends on the organization
When?
 Anytime
 Under specific conditions
119
Specific conditions
 Unexplained increase in
safety-related events or
infractions.
 Major operational changes are

foreseen.
 Periods of significant
organizational change.
120
Hazard analysis
Efficient and safe operations or provision of service

require a constant balance between production
goals (maintaining regular flight operations during a
runway construction project) and safety goals
(maintaining existing margins of safety in flight
operations during runway construction project).
Aviation workplaces contain hazardous conditions
which may not be cost-effective to eliminate even
when operations must continue.
121
Third fundamental – Hazard analysis
Method 1 ICAO
ABCs of hazard analysis
A – State the generic hazard (hazard statement)
 Airport construction
B – Identify specific components of the hazard
 Construction equipment
 Closed taxiways
 …
C – Naturally leading to potential risk(s)
 Aircraft colliding with construction equipment
 Aircraft taking wrong taxiway
 …
122
Hazard analysis
Method 2 Southern California Safety Institute
 Redefine: A hazard is anything that successfully

“attacks” an asset and causes damage.
 Anything that can “attack” an asset is a threat to attack
that asset.
 A successful attack causes damage to an asset.
 We are interested in any “threats” that can successfully
attack and damage an asset.
 A threat that is of vital concern in one situation may be a
threat of no interest in another situation.
 The threat is the same, it is the situation that makes it
“interesting” or “not interesting.”
123
Hazard analysis
 Associated with each threat (hazard) is

1. A likelihood that the threat will
2. cause damages to an
3. asset during some period of time.
 Look at threat (hazard)/asset pairs
 Rocks/propellers
 Berm/aircraft
 Wrench/jet engine
 Mis-installation/system failure
124
Hazard analysis
How do you find the threat (hazard)/asset pairs in

your org?
 Look at safety-related repair/doctor bills.
 Look at every safety-related legal bill.
 Ask employees what threat/asset pairs are going to cost
you money sooner or later.
Name some threat/asset pairs relevant to your
operation…
125
Documentation of hazards
The fundamental importance of

appropriate documentation
management:
 A formal procedure to translate
operational safety data into
hazard-related information.
 The “safety library” of an
organization.
126
Points to remember
1. Hazard, risk and consequence.
2. ABCs of hazard identification.
3. Hazard documentation: the “safety library” of

an organization.
127
Introduction to
5. Risks
Objective

to apply the fundamentals of risk management.
129
Outline
Risk management
Risk probability
Risk severity
Risk assessment and tolerability
Risk control/mitigation
Risk management warm-up exercises
130
Risk management
What is it?
 The identification, analysis and elimination, and/or
mitigation to an acceptable level of risks that threaten
the capabilities of an organization.
What is the objective?
 Aims at a directed and effective allocation of resources
to address all significant risks and viable risk control
and mitigation.
Why is it important?
 A key component of a Safety Management System.
 Data-driven approach to safety resources allocation,
thus defensible and easier to explain. 131
What is Risk?
The expectation of loss.

An expression of the combined severity and
probability of loss.
Risk ( Expected Loss
) = Severity ( Loss
) X Prob.(
Loss Event
Loss Event
)
132
Risk Probability/Likelihood
Definition(s)
 Likelihood – The chance that a situation might
occur expressed in qualitative terms.
 Frequent
 Seldom
 Probability – The result of a statistical analysis of a
system conducted to predict the chances that an
event might occur.
 Expressed quantitatively
 0 > probability < 1
Probability and likelihood are often used interchangeably

133
Probability or Likelihood – When to
use them
 Probability
 Most accurate
 Provides most detailed results
 Requires more and better data
 More difficult and time consuming to calculate
 Generally used for risk assessments involved in certification and
reliability.
 Likelihood
 Less accurate and detailed
 Potential variability between analysts
 Less time consuming
 Generally used in most aviation SMS models
134
Risk Likelihood
Questions for assessing the likelihood of an
occurrence:
Is there a history of occurrences like the one being
assessed, or is the occurrence an isolated event?
Is there a change in a process or procedure?
What number of operating or maintenance
personnel must follow the procedure (s) in
question?
How frequently is the equipment or procedure
under assessment used?
135
Risk likelihood
Likelihood of occurrence
Qualitative
Meaning Value
definition
Frequent Likely to occur many times (has occurred frequently) 5
Occasional Likely to occur some times (has occurred infrequently) 4
Remote Unlikely, but possible to occur (has occurred rarely) 3
Improbable Very unlikely to occur (not known to have occurred) 2
Extremely
improbable
Almost inconceivable that the event will occur 1
136
Risk severity
Definition(s)
 Severity – The possible consequences of a situation of
danger, taking as reference the worst foreseeable
situation that can be reasonably expected under
existing or proposed operational conditions.
137
Risks
Define the severity in terms of:
 Property
 Health
 Finance
 Liability
 People
 Environment
 Image
 Public confidence
138
Risk severity
Questions for assessing the severity of an
occurrence:
 How many lives are at risk?
 Employees
 Passengers
 Bystanders
 General public
 What is the environmental impact?
 Spill of fuel or other hazardous product
 Physical disruption of natural habitat
139
Risk severity
… questions:
 What is the severity of the property or financial
damage?
 Direct operator property loss
 Damage to aviation infrastructure
 Third party damage
 Financial impact and economic impact for the State
 Are there organizational, management or regulatory
implications that might generate larger threats to public
safety?
 What are the likely political implications and/or media
interest?
140
Risk severity
Aviation
Meaning Value
definition
 Equipment destroyed
Catastrophic
 Multiple deaths E/5
 A large reduction in safety margins, physical
distress or a workload such that the operators
cannot be relied upon to perform their tasks
Hazardous accurately or completely. D/4
 Serious injury or death to a number of people.
 Major equipment damage
 A significant reduction in safety margins, a
reduction in the ability of the operators to cope
with adverse operating conditions as a result
of increase in workload, or as a result of
Major conditions impairing their efficiency. C/3
 Serious incident.
 Injury to persons.
 Nuisance.
 Operating limitations.
Minor  Use of emergency procedures. B/2
 Minor incident.
Negligible  Little consequences A/1 141
Risk assessment (ICAO)
Risk severity

Risk
probability A B C D E
5 – Frequent 5A 5B 5C 5D 5E
4 – Occasional 4A 4B 4C 4D 4E
3 – Remote 3A 3B 3C 3D 3E
2 – Improbable 2A 2B 2C 2D 2E
1 – Extremely
improbable 1A 1B 1C 1D 1E
142
Risk tolerability (ICAO)
Assessment risk index Suggested criteria

Unacceptable under the existing
3E, 4D, 4E, 5C, 5D, 5E circumstances
Risk control/mitigation requires

2D, 2E, 3C, 3D, 4C, 5A, 5B management decision
Acceptable after
1D, 1E, 2C, 3B, 4A, 4B review of the operation
1A, 1B, 1C, 2A, 2B, 3A Acceptable
143
Safety Risk Assessment Matrix
(Alternate)
Severity
1 2 3 4 5
Likelihood
5
Frequent 5 10 15 20 25
4
Occasional 4 8 12 16 20
3
Remote 3 6 9 12 15
2
Improbable 2 4 6 8 10
1
Extremely
Improbable
1 2 3 4 5
144
Risk Level Definitions (alternate)
Assessment Risk Criteria

Level
Unacceptable, requiring immediate cessation of
20, 25 operation until risk is mitigated to acceptable
level.
Unacceptable, requiring that the

10, 12, 15, 16 likelihood of the hazard or the severity of
hazard be reduced to an acceptable level,
while continuing the operation.
Acceptable, but requires active monitoring to
5, 6, 8, 9 insure risk remains at acceptable levels.
Acceptable
1, 2, 3, 4,
145
Risk matrix 4 X4
Severity
1 2 3 4
4 8 12 16
4
3
Likelihood
3 6 9 12
2 2 4 6 8
1 1 2 3 4
146
Risk matrix 8X8
Acceptable risk in a 4x4 matrix
8 8 16 24 32 40 48 56 64
7 7 14 21 28 35 42 49 56
6 6 12 18 24 30 36 42 48
5 5 10 15 20 25 30 35 40
Likelihood
4 4 8 12 16 20 24 28 32
3 6 9 12 15 18 21 24
3 Acceptable risk in
2 4 6 8 10 12 14 16 A 4X4 matrix
2
1 2 3 4 5 6 7 8
1
1 2 3 4 5 6 7 8
147
Outcome
What is at Risks ?
Most undesirable conditions can be analyzed

in terms of risk.
Economic
Safety
Maintenance error
Pilot error
Public relations
Strategic operations
Equipment failure
148
Risks and Hazards, which is which?
There can be risks associated with risks. In these cases

what was once considered a risk becomes a hazard.
Maintenance Maintenance A/C Event:

Loss of A/C
Contributing Error/ System Accident
Control
Factors Violation Failure
Inadequate lighting
Hard-to-understand AMM
No training on the task
 Risks associated
Fatigue with maintenance contributing factors are errors and
Forgot
violations
 Risks associated with errors and violations are aircraft system failures
 Risks associated with aircraft system failures are loss of aircraft control
 Risks associated with loss of aircraft control are accidents
149
Risk mitigation/management
Definition(s)
Risk Mitigation – Measures to eliminate the
hazard, reduce the severity of the hazard, or
reduce the probability of the hazard.
(Mitigate – To make milder, less severe or less
harsh)
Risk Monitoring – Measures to ensure that a
risk is reliably maintained at an acceptable level.
150
Risk control/mitigation
Strategies
Avoidance – The operation or activity is
cancelled because risks exceed the benefits
of continuing the operation or activity.
 Operations into an aerodrome surrounded by
complex geography and without the necessary aids
are cancelled.
151
Risk control/mitigation
Strategies
Reduction –The– frequency of the operation or
activity is reduced, or action is taken to reduce
the magnitude of the consequences of the
accepted risks.
complex geography and without the necessary aids
are continued based upon the availability of specific
aids and application of specific procedures.
152
Risk mitigation
Strategies
Segregation of exposure – Action is taken to
isolate the effects of risks or build-in
redundancy to protect against it, i.e., reduce
the severity of risk.
complex geography are limited to day-time, visual
conditions.
 Non RVSM equipped aircraft not allowed to operate
into RVSM airspace.
153
Risk mitigation – Defences
As part of the risk mitigation, determine:

 Do defences to protect against such risk(s) exist?
 Do defences function as intended?
 Are the defences practical for use under actual
working conditions?
 Is staff involved aware of the risks and the defences
in place?
 Are additional risk mitigation measures required?
154
Risk mitigation – Defences
Recall the three basic defences in aviation:

 Technology
 Training
 Procedures
155
Risk Mitigation – How Far?
How far do we need to reduce an

unacceptable risk?
As low as reasonability practicable ?
Reliably acceptable?
156
Risk Mitigation (ICAO)
At the intersection of protection and
production
The acronym ALARP is used to describe a
safety risk which has been reduced to a level
that is as low as reasonably practicable.
In determining what is reasonably
practicable consideration is given to both the
technical feasibility and the cost of further
reducing the safety risk.
This includes a cost/benefit study.
157
Risk mitigation at a glance using
ALARP (ICAO)
Hazard identification Assessment of the Accepting the
and Control and
risk management defences within mitigation mitigation of
the safety system of the risk (s) the risk
H H H H  Does the mitigation

address the hazard?
Regulations  Does it address the
Intolerable risk (s)?
EACH HAZARD Training region Is it effective?

Technology  Is it appropriate?
A  Is additional or
R R R R L different
Tolerable
region mitigation warranted?
A
EACH RISK R  Do the mitigation
P strategies generate
Acceptable additional risk (s)
region
158
Risk Mitigation (Alternate)
The intent of a risk mitigation strategy is to
reduce a risk to a level where is can reliably
maintained (managed)
 Control/mitigation strategies are evaluated on the
basis of achieved risk reduction (is the risk now
acceptable?).
 When you reach a reliably acceptable level - stop
159
Risk mitigation (Alternate)
H H H H
EACH HAZARD procedures

Training
Unacceptable
Technology
R R R R
Management
Zone
Acceptable
R Develop Risk Mitigation
strategy
Strategy
Develop Risk
Management
Strategy
no yes no
Is risk acceptable? Does risk require

yes active management
160
As a reminder
 There is no such thing as absolute safety – In aviation it is
not possible to eliminate risks.
 Risks must be managed at a level that is acceptable to
Senior Management
 Risks can be managed to a level “as low as reasonably
practicable” (ALARP)
 Risks can also be managed to a level that can be reliably
maintained at an acceptable level
 Risk mitigation must be balanced against:
 Time
 Cost
 Difficulty of taking measures to reduce or eliminate the
risk (i.e. managed).
161
As a reminder
Effective risk management seeks to

maximize the benefits of accepting a
risk (a reduction in time and cost) while
maintaining the risk at an acceptable
level.
Communicate the rationale for risk
decisions to gain acceptance by
stakeholders affected by them.
162
163
Risk likelihood
Likelihood of occurrence
Qualitative
Meaning Value
definition
Frequent Likely to occur many times (has occurred frequently) 5
Occasional Likely to occur some times (has occurred infrequently) 4
Remote Unlikely, but possible to occur (has occurred rarely) 3
Improbable Very unlikely to occur (not known to have occurred) 2
Extremely
improbable
Almost inconceivable that the event will occur 1
164
Risk severity
Aviation
Meaning Value
definition
 Equipment destroyed
Catastrophic  Multiple deaths E/5
 A large reduction in safety margins, physical
distress or a workload such that the operators
cannot be relied upon to perform their tasks
Hazardous accurately or completely. D/4
 Serious injury or death to a number of people.
 Major equipment damage
 A significant reduction in safety margins, a
reduction in the ability of the operators to cope
with adverse operating conditions as a result
of increase in workload, or as a result of
Major conditions impairing their efficiency. C/3
 Serious incident.
 Injury to persons.
 Nuisance.
 Operating limitations.
Minor  Use of emergency procedures. B/2
 Minor incident.
Negligible  Little consequences A/1 165
Risk assessment (ICAO)
Risk severity

Risk
probability A B C D E
5 – Frequent 5A 5B 5C 5D 5E
4 – Occasional 4A 4B 4C 4D 4E
3 – Remote 3A 3B 3C 3D 3E
2 – Improbable 2A 2B 2C 2D 2E
1 – Extremely
improbable 1A 1B 1C 1D 1E
166
Risk tolerability (ICAO)
Assessment risk index Suggested criteria

Unacceptable under the existing
3E, 4D, 4E, 5C, 5D, 5E circumstances
Risk control/mitigation requires

2D, 2E, 3C, 3D, 4C, 5A, 5B management decision
Acceptable after
1D, 1E, 2C, 3B, 4A, 4B review of the operation
1A, 1B, 1C, 2A, 2B, 3A Acceptable
167
Hazard identification and risk
management – Warm-up exercise
Scenario:
 Fuel spill on the apron area surface of approximately 25
m (75 ft) length and 5 m (15 ft) width, produced by an
A310 ready to pushback and taxi for departure.
Report by the apron responsible person:
 After the A310 pushback the spill was contained and the
apron area was decontaminated.
168
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
169
Scenario:
 It was observed that airline baggage handling personnel
generates FO(D) on the aerodrome apron area.
Report by the apron responsible personnel:
 It should be noted that airline baggage handling
personnel are not complying with safety standards as set
in the aerodrome operating manual. This is considered a
hazard that can produce incident or accident in the
movement area.
170
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
171
Scenario:
 A parked aircraft shows damage in the left wing root
near the fuselage. Such damage was caused by a
maintenance stair hitting the aircraft as a consequence
of the wind, apparently because the stair was not
properly restrained.
 In conditions of strong winds it is essential that all
equipment around aircraft is properly restrained and
locked, thus preventing the possibility of aircraft
damage.
172
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
173
Scenario:
 The vehicle and ramp equipment parking area behind the
fingers shows a large amount of FO(D) (food, trays,
plastics, pillows, etc.) left behind by an airline.
 The presence of decomposed food and others dangerous
material was informed to the airline, since in addition to
FO(D), this presents a bacteriological danger for people
who operate in this sector, also attracting animals to the
operative apron.
174
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
175
Scenario:
 A loose wheel, apparently from a baggage cart, was
observed in the handling area. The driver apparently
did not notice what happened. The wheel rolled at
high speed through the area, hitting the fence
accessing the fuel zone.
 This could have caused injuries to ramp personnel in
addition to material damage to equipment and/or
aerodrome facilities. We have insisted in the past on
the periodic verification of all equipment and vehicles
that operate in the aerodrome apron area.
176
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
177
Scenario:
 The absence of airline personnel attending the stairs was
observed in three occasions, in flights from different
companies. The presence of airline personnel is
necessary to guide passengers when embarking and
disembarking.
Report by the apron responsible personnel:
 This is a risk for passengers, since they should access
the apron to board aircraft in an orderly manner under the
guidance of airline personnel.
178
Hazard:
Risk probability
Risk severity
Risk(s):
Risk index
Risk tolerability
179
Points to remember
1. The risk assessment matrix.

2. The risk assessment criteria table.
3. Risk mitigation: avoid, reduce, segregate.
180
Introduction to
6. Regulations
Objective
At the end of this module participants will be able to

describe the safety management requirements
included in Annexes 6, 11 and 14, including the
relationship between a safety programme and an
SMS.
182
Outline
AGA, ATS and OPS/AMO safety management
What is a safety programme?
What is an SMS?
Acceptable level of safety
Acceptable level of safety – Implementation,
scope and legal considerations
Protection of sources of safety information
Questions and answers
183
The big picture
Operation of aircraft
Maintenance of aircraft
Air traffic services
Aerodromes
 Two audience groups
 States
 Service providers
 Three distinct requirements
 Safety programme
 SMS
 Management accountability
184
As of 23 November 2006
States shall establish a safety programme, in order

to achieve an acceptable level of safety in:
 The operation of aircraft
 The maintenance of aircraft
 The provision of air traffic services
 Aerodrome operations
The acceptable level of safety to be achieved shall
be established by the State(s) concerned.
185
What is a safety programme?
An integrated set of regulations and activities
aimed at improving safety.
States are responsible for establishing a safety
programme:
 Safety regulation
 Safety oversight
 Accident/incident investigation
 Mandatory/voluntary reporting systems
 Safety data analysis
 Safety promotion
186
Definitions
Acceptable level of safety – A concept

High level safety management goals of an
oversight authority [or a service provider]
Minimum safety performance that service
providers should achieve while conducting their
core business functions
A reference against which one can measure
safety performance
187
 States shall require, as part of their safety programme,

that an [operator, maintenance organization, ATS
provider, certified aerodrome operator] implements a
safety management system accepted by the State that,
as a minimum:
 Identifies safety hazards
 Ensures that remedial action necessary to maintain an
acceptable level of safety is implemented
 Provides for continuous monitoring and regular
assessment of the safety level achieved
 Aims to make continuous improvement to the overall
level of safety
188
What is an SMS?
 A systematic approach to
managing safety, including
the necessary organizational
structures, accountabilities,
risk management, policies
and procedures, and safety
promotion.
 Providers are responsible for
establishing an SMS.
 States are responsible of the
acceptance and oversight for
providers’ SMS.
189
Safety programme – SMS
relationships
Objective:
Public State
safety safety
programme
Oversight
Acceptance
Oversight
Organization’s Objective:
Objective: Organization’s Achieve
Manage and safety commercial
production
control management goals and
safety risk Risk management processes customer
system (SMS)
Safety assurance satisfaction
190
An accepted safety management system shall

clearly define lines of safety accountability
throughout the [airline, maintenance, ATS
provider, certified aerodrome operator]
organization, including direct accountability
for safety on the part of senior management.
Note. – Guidance on safety management
systems is contained in the ICAO Safety
Management Manual (Doc 9859).
(Accountability – Obligation or willingness to
account for one’s actions) 191
Acceptable level of safety
Implementation
The concept of acceptable level of safety is
expressed in practical terms by three measures:
 Safety metrics
 Safety performance indicators
 Safety performance targets
It is delivered through various tools and means:
 Safety requirements.
requirements …
192
Safety metrics
 Variables that are measured and are related to safety
Pilot examples
 Rejected take-offs due to pilot skill
 Unstabilized approaches
 Go arounds
 Runway incursions
Maintenance examples
 Rejected take-offs due to mechanical failures
 Maintenance write-ups for 10 days after D check
 Average number of MEL items per aircraft per fleet.
193
Safety indicators
 Short and medium term objectives of a State safety
programme, or an operator/services provider SMS.
 Linked to major components of a State safety
programme, or an operator/services provider SMS.
 The measure that the state considers “safe” or “safe
enough”
 Expressed in numerical terms.
 Example – No more than 0.8 Cat A and B (most serious)
runway incursions per million operations through 2009.
194
 Safety targets
 Long-term objectives of a State safety programme,
or an operator/services provider SMS.
 Determined weighing what is desirable and what is
realistic for an individual State/operator/services
provider.
 Expressed in numerical terms.
 Example - By 2010 reduce Cat A and B (most serious)
runway incursions to a rate of not more than 0.5 per
million operations.
195
 Safety indicators and safety targets may be different

 Example – No more than 0.8 Cat A and B (most
serious) runway incursions per million operations
through 2009, and reduce Cat A and B (most serious)
runway incursions to a rate of not more than 0.5 per
million operations by 2010.
 Safety indicators and safety targets may be the same
 Example – Maintain 0.8 Cat A and B (most serious)
runway incursions per million operations through 2010.
196
 … Implementation
 The safety requirements should be
expressed in terms of operational procedures,
technology and systems, programmes, and
contingency arrangements.
 Measures of reliability, availability and/or
accuracy may be added.
 Example – Install Airport Surface Detection
Equipment-Model X (ASDE-X) at (three busiest
airports) within the next 12 months, with 98%
annual availability. 197
… Implementation
 An acceptable level of safety will always be expressed
by a number of safety indicators and safety targets,
never by a single one.
198
Scope
There will seldom be a single or national
acceptable level of safety.
Most frequently, within each State, different
acceptable levels of safety will be separately
agreed between the oversight authority and
individual operators/services providers.
199
Scope
Each agreed acceptable level of safety
should be commensurate to the:
complexity of individual operator/services
provider specific operational contexts
availability of operator/services provider
resources to address them.
200
Legal considerations – States

Establishing acceptable level(s) of safety does
not replace legal, regulatory, or other already
established requirements, but it must support
compliance with them.
Establishing acceptable level(s) of safety for their
safety programme leaves unaffected the
obligations of States, and does not relieve States
from compliance with SARPs.
201
Legal considerations – Operators and service
providers
Establishing acceptable level(s) of safety for their
safety management system leaves unaffected
the obligations of operators or services providers
and other related parties, and it does not relieve
the operator, services providers and other related
parties from compliance with SARPs and/or
national regulations, as applicable.
202
Protecting sources of safety
information
Assembly Resolution A35/17
Legal guidance in Annex 13, Attachment E
Safety information must not be used for
purposes other than the purposes for which it
was collected.
Introduction and definitions
 General principles
 Principles of protection
 Principles of exceptions
 Responsibilities of the custodian of safety information
 Protection of recorded information
203
Why ICAO safety management
provisions?
A move from prescription to performance
Prescriptive regulations – Prescribe what the
safety requirements are and how they are to be
met.
Performance based regulations – Specify the
safety requirements to be met, but provide
flexibility in terms of how safety requirements are
met.
204
FAA SMS Applicability
AC 120-92 Introduction to Safety Management

Systems for Air Operators
Developing AC 145-XXX Introduction to Safety
Management Systems for Maintenance
Organizations
ATOS—Adding an Element 8 Safety Management
Systems
205
FAA Four Pillars
Safety Management System

Safety
Safety Safety
Policy Risk
Assurance Promotion
Management
System
Proce- Descrip Data •Audits Comm
dures •Invest.
Hazard •Reports
Process Ident Analysis Training
Controls
Risk
Analysis
Planning Assmt
Risk
Assmt
Prev/Corr
Risk Action 206
Control
Points to remember
1. Standardised SMS provisions – Prescription vs.
performance.
2. Safety programme.
3. SMS.
4. Acceptable of level of safety.
a) Safety performance indicators.
b) Safety performance targets.
c) Safety requirements.
5. The need to protect the source of information
References: Annexes 6, 11, 13 and14, and Doc 9859, Chapter 3
207
Introduction to
7. Introduction to SMS
Objective

to describe the features of an SMS, explain the
importance of system description and gap analysis,
and the relationship between SMS and QMS.
209
Outline
ICAO requirements
SMS – Introductory concepts
SMS features
System description
Gap analysis
SMS and QMS
Clarifying terms
210
ICAO requirements
Compliance with all relevant

regulations and ICAO
standards, in addition to those
SMS-related, is a key
component of an SMS.
Many of these regulations and

standards, including the
operational provisions, will
form part of the SMS.
211
SMS – Introductory concepts
A toolkit
 The scope of SMS encompasses most of the
activities of the organization.
 SMS must start from senior management,
management and safety
must be considered at all levels of the organization.
organization
 SMS aims to make continuous improvement to the
overall level of safety.
 All aviation stakeholders have a role to play in SMS.
212
Identifying aviation system
stakeholders
 Aviation professionals
 Aircraft owners and operators
 Manufacturers
 Aviation regulatory authorities
 Industry trade associations
 Regional air traffic service providers
 Professional associations and federations
 International aviation organizations
 Investigative agencies
 The flying public
213
Identifying aviation system
stakeholders
Why is it important to identify aviation system

stakeholders?
To ensure that stake holders relevant to risk
decision are taken into consideration and
contribute with their knowledge before the
decision is taken.
214
SMS features
Systematic – Safety management activities are

in accordance with a pre-determined plan, and
applied in a consistent manner throughout the
organization.
Proactive – An approach that emphasizes

hazard identification and risk control and
mitigation, before events that affect safety occur.
Explicit – All safety management activities are

documented and visible.
215
Operational System description
Operational system description

 Most hazards are generated by operational
interactions among different system components.
It is therefore essential to describe the system in
terms of its components as one of the first
activities when planning an SMS.
216
Operational system description
1. The system interactions with other systems in
the air transportation system.
2. The system functions.
3. Required Human Factors considerations of the
system operation.
4. Hardware components of the system.
5. Software components of the system.
6. Related procedures that define guidance for the
operation and use of the system.
7. Operational environment
8. Contracted and purchased products and
services.
217
Gap analysis
An analysis of safety arrangements

existing within the organization.
The organizational structures
necessary for an SMS may be
found throughout an organization.
Various activities of an SMS are
probably already in place and are
working.
SMS development should build
upon existing organizational
structures.
218
Gap analysis
Conduct the gap analysis against the

components and elements of the SMS
Once completed and documented the
gap analysis forms the basis of the
SMS implementation plan.
219
SMS and QMS (ICAO)
SMS results in the design and implementation of

organizational processes and procedures to identify
hazards and control/mitigate risks in aviation
operation.
QMS techniques provide a structured process for
ensuring that these processes and procedures
achieve their intended objectives and, where they
fall short, to improve them.
220
SMS and QMS (ICAO)
SMS builds partly upon QMS principles.

SMS should include both safety and quality
policies.
The coverage of quality policies should be
limited to quality in support of safety.
Safety objectives should receive primacy
where conflicts are identified.
221
SMS and QMS (Alternate)
In commercial aviation safety is an aspect of

product quality
Aircraft
Passenger service
Maintenance
An SMS is that part of a QMS that addresses
safety
222
SMS and QMS (Alternate)
Safety and quality policies should be integrated

The coverage of quality policies should include
safety risk management requirements
Safety requirements should receive primacy where
conflicts are identified.
223
Systems integration
There is a tendency in civil aviation to integrate

the different systems of management:
 Quality management system (QMS).
 Environment management system (EMS).
 Occupational health and safety management system
(OHSMS).
 Safety management system (SMS).
 Security management system
IATA supports this and has just developed a
program to integrate these different functions. 224
Systems integration benefits
Reduce duplication and therefore costs.
Reduce risks and increase profitability.
Balance potentially conflicting objectives.
Eliminate potentially conflicting responsibilities

and relationships.
225
Systems integration
considerations (ICAO)
There are different ways to integrate a safety
management system in the operation of the
organization.
Aviation organizations should be encouraged to
integrate their management system for quality,
safety, security, occupational health and safety,
and environmental protection management.
This integration, however, is presently beyond the
scope of the harmonized ICAO safety management
requirements.
226
Clarifying the use of terms
Safety oversight – Is what the CAA performs

with regard to the operators/service providers
SMS.
Safety assurance – Is what the
operators/service providers do with regard to
safety performance monitoring and measurement
Safety audit – Is what the CAA performs with
regard to its safety programme and the
operators/service providers perform with regard
to the SMS. 227
SMS – Nothing new?
 Rounding up the usual suspects.

 In aviation, safety is first.
 Safety is everybody’s responsibility.
 If ain’t broke, why fix it?
 If you believe safety is expensive, try an accident.
 70% accidents are due to human error.
 SMS sets forth to destroy all these
misperceptions.
228
In summary
Safety – The state in which the risk of harm

to persons or property damage is reduced to,
and maintained at or below, an acceptable
level.
Management – Allocation of resources.

System – Organized set of processes and
procedures.
229
Points to remember
1. SMS main features
2. The importance of system description
3. The importance of gap analysis
4. The relationship between SMS and QMS
230
Introduction to
8. Planning
Objective
When completing the module the participants will

be able to describe the requirements associated to
the planning of an SMS, and explain the structure
of an SMS implementation plan.
232
Outline
The components of SMS

The elements of SMS
Safety policy and objectives
233
The components of SMS
 Safety policy and objectives

 Safety risk management
 SMS (program) surveillance and control
 Safety promotion
234

1.1 – Management commitment and responsibility
1.2 – Safety accountabilities of managers
1.3 – Appointment of key safety personnel
1.4 – SMS implementation plan
1.5 – Coordination of the emergency response plan
1.6 – Documentation
2.1 – Hazard identification processes
2.2 – Risk assessment and mitigation processes
235
 SMS (program) Surveillance and Control

3.1 – Safety performance monitoring and measurement
3.2 – The management of change
3.3 – Continuous improvement of the safety system
4.1 – Training and education
4.2 – Safety communication
236

237
Safety policy and objectives
1.1 – Management commitment and
responsibility
 Executive management must:
 Develop the safety policy, signed by the senior management,
in accordance to national and international standards and
organizational priorities.
 Communicate, with visible endorsement, the safety policy to all
staff.
 Provide necessary human and financial resources.
238
responsibility
 Executive management must:
 Establish safety objectives and performance standards
standard for
the SMS.
 The safety objectives and performance standards should be
linked to the safety performance indicators,
indicators safety
performance targets and safety requirements of the SMS.
SMS
239
responsibility
 Executive management
 Single, identifiable person
 Has responsibility for the organization’s safety performance
 CEO/Chairman Board of Directors
 President
 The proprietor
240
responsibility
 Executive management must have:
 Final responsibility for determining level of acceptable risk for
safety
 Full authority for human resources issues.
 Authority for major financial issues.
 Direct responsibility for the conduct of the organization’s
affairs.
 Final authority over operations under certificate.
 Final responsibility for all safety issues.
241

242
 SMS organization
 Safety responsibilities of key personnel
243
Safety responsibilities – An
example
Safety Review Executive Management

Board (SRB)
Director of Director of
Other directorates
operations maintenance
Safety services
office
Flight Maintenance
safety officer safety officer
Safety Action
Group (s)
(SAG)
244

245
 The safety office – Corporate functions
 Advising executive management on safety matters.
 Assisting line managers.
 Overseeing hazard identification systems.
246
 The safety manager – Responsibilities
 Responsible individual and focal point for the development
and maintenance of an effective safety management system
 The safety manager is NOT responsible for the safety
performance of the organization
247
The safety manager – Functions
 Manages the SMS implementation plan on behalf of
the executive manager.
 Facilitates hazard identification and risk analysis and
management.
 Monitors corrective actions to ensure their
accomplishment.
 Provides periodic reports on safety performance.
 Maintains safety documentation.
 Plans and organizes staff safety training.
 Provides independent advice on safety matters.
248
 The safety manager – Selection criteria
 Operational management experience and technical
background to understand the systems that support
operations.
 People skills.
 Analytical and problem-solving skills.
 Project management skills.
 Oral and written communications skills.
249
Safety responsibilities

Board (SRB)
Other directorates
Safety services
office
Flight Maintenance
Safety Action
Group (s)
(SAG)
250
 The Safety Review Board (SRB):
 High level committee
 Strategic safety functions
 Chaired by executive management
 It may include the Board of Directors.
 Composed of heads of functional areas.
251
 SRB monitors :
 Safety performance against the safety policy and objectives.
 Effectiveness of the SMS implementation plan.
 Effectiveness of the safety supervision of sub-contracted
operations.
 SRB ensures that appropriate resources are allocated
to achieve the established safety performance.
 SRB gives strategic direction to the SAG
252
Safety responsibilities

Board (SRB)
Other directorates
Safety services
office
Flight Maintenance
Safety Action
Group (s)
(SAG)
253
Safety Action Group(s) (SAG):
 Reports to SRB and directors takes strategic direction
from SRB.
 Members:
 Managers and supervisors from functional areas.
 Front-line personnel.
254
SAG:
 Oversees operational safety within the functional area.
 Resolves identified risks.
 Assesses the impact on safety of operational changes.
 Implements corrective action plans.
 Ensures that corrective action is taken in a timely
manner.
 Review the effectiveness of previous safety
recommendations.
 Safety promotion. 255

256
 Developed by a planning group, which:
 Comprises an appropriate experience base.
 Meets regularly with executive management.
 Receives resources (including time for meetings).
 A realistic strategy for the implementation of an
SMS that will meet the organization’s safety
needs.
 A definition of the approach the organization will
adopt for managing safety.
257
1.4 – SMS implementation plan – Contents
1) Reference to the safety policy
2) Safety planning, objectives and goals
3) System description
4) Gap analysis
5) SMS components
6) Safety roles and responsibilities
7) Safety reporting policy
8) Means of employee involvement
9) Safety communication
10) Safety performance measurement
11) Management review (of safety performance) 258
Executive management approves the plan.
Typical implementation time frame will be one to

four years ahead (Phased approach).
259

260
 An emergency response plan

(ERP) outlines in writing what
should be done after an
accident, and who is responsible
for each action.
 Plans should address several
types of emergencies such as:
 Aircraft accidents
 Facility fires
 Natural disasters
261
1.5 – Coordination of the ERP
 The purpose of an ERP is to ensure that there is:
 Orderly and efficient transition from normal to emergency
operations.
 Designation of emergency authority.
 Assignment of emergency responsibilities.
 Authorization by key personnel for actions contained in the
plan.
 Coordination of efforts to cope with the emergency.
 Safe continuation of operations, or return to normal operations
as soon as possible.
262
1.5 – Coordination of the ERP
 Plan contents:  Plan contents:
 Governing policies.  Records.
 Organization.  Accident site.
 Notifications.  News media.
 Initial response.  Formal investigations.
 Family assistance.
 Additional assistance.
 Post critical incident stress
 Crisis Management Centre
counselling.
(CMC).
 Post occurrence review.
263

264
 Applicable regulations
 SMS records and documentation
 Records management
 The Safety Management System Manual (SMSM)
265
1.6 – Documentation – Safety policy and objectives
 Defines executive managements commitment and vision
for safety
 Safety policy must include a commitment to:
 Achieve the highest safety standards.
 Observe all applicable legal requirements and
international standards, and best effective practices.
 Provide appropriate resources.
 Enforce safety as one primary responsibility of all
managers.
 Ensure that the policy is understood, implemented
and maintained at all levels.
266
1.6 – Documentation – Safety management
system manual (SMSM)
 Key instrument for communicating the organization’s
approach to safety to the whole organization.
 Documents all aspects of the SMS, including the safety
policy, objectives, procedures and individual safety
accountabilities.
267
1.6 – Documentation – SMSM contents
1. Scope of the safety 7. Safety performance
management system. monitoring.
2. The safety policy and 8. Emergency response
objectives. planning.
3. Safety accountabilities.
9. Management of change.
4. Key safety personnel.
10. Safety auditing.
5. Documentation control
procedures. 11. Safety promotion.
6. Hazard identification and 12. Contracted activities
risk management schemes
268
Conclusion
The successful management of safety is a

functional responsibility that requires the
participation of all operational personnel and the
supervision of the organization (Systematic).
This principle must be reflected in the structure of
the organization (Explicit).
269
Conclusion
The organization must define, document and

communicate individual lines of responsibility and
authority in regard to the management of
operational safety (Explicit).
The means to manage safety within the
organization include hazard identification, risk
management, safety assurance and safety
promotion (Proactive).
270
Points to remember
1. The four components of an SMS.

2. The SMS implementation plan.
3. The importance of documenting safety
responsibilities.
4. The SMSM.
5. SRB, SAG and the safety manager.
6. Safety responsibilities.
271
Introduction to
9. Operations
Objective
When completing the module the participants

will be able to describe the requirements
associated to the operation of an SMS.
273
Outline
Safety risk management

SMS (Program) surveillance and control
Safety promotion
274

3. Program surveillance and control
3.1 – Performance monitoring and analysis
275
Safety risk management
A formal means of collecting, recording, acting
on and generating feedback about hazards and
risks in operations.
Three methods:
Reactive
Proactive
Predictive
276

Reporting systems – A special paragraph
Nobody knows better actual system
performance than operational personnel.
Mandatory reporting system.
Voluntary reporting systems.
Confidential reporting systems.
277
Reporting systems
People are reluctant to report.
Why?
Retaliation.
Self-incrimination.
Embarrassment.
278
Typical qualities of successful confidential
reporting systems:
Reports easy to make.
No disciplinary actions as result of reports.
Reports are confidential.
Feedback is rapid, accessible and informative.
279
 Four steps for action:
1. Reporting hazards, events or safety concerns.
2. Collecting and storing the data.
3. Analyzing reports.
4. Distributing the information distilled from the
analysis.
280

 Program surveillance and control
281
The risk assessment, the mitigation of a risk to an
acceptable level, and reliably maintaining it at that
level.
282

2.2 – Risk assessment, mitigation and processes
283
Program Surveillance and Control
3.1 Safety performance monitoring and analysis
 Performance monitoring and analysis is conducted for
two reasons
 Verify safety performance of the organization in comparison to the
approved safety policies and objectives.
 Provide data to support the quality improvement program of the
SMS
284
SMS Functional Element
Program Surveillance and Control
This function provides quality assurance for the SMS. It is
divided into:
Compliance Monitoring
Compliance monitoring Process control
Compliance monitoring provides management with information
concerning
Audits whether SMS policies, practices and procedures
have been
Incident incorporated into the organization’s operations and
reports
business practices and whether they are being correctly
followed.
Process Control
Process control provides management with information

concerning the effectiveness of SMS policies, practices and
Procedures.
•Performance
•Cost
285
Program Surveillance and Control
3.1 – Safety system performance monitoring

and analysis
 Safety audits are used to ensure that the structure of
the SMS is sound in terms of:
 levels of staff;
 compliance with approved procedures and instructions;
 level of competency and training to:
 operate equipment and facilities; and
 maintain their levels of performance.
286
Program Surveillance and
Control

and analysis
 Safety surveys examine particular elements or
processes of a specific operation.
 Problem areas or bottlenecks in daily operations.
 Perceptions and opinions of operational personnel.
 Areas of dissent or confusion.
287
Control

and analysis
 Safety surveys may involve the use of:
 Checklists
 Questionnaires.
 Informal confidential interviews.
 Since surveys information is subjective, verification
may be needed before corrective action.
 Surveys may provide an inexpensive source of
significant safety information.
288
SMS performance metrics
 Lagging indicators
 Relatively small sample sizes.
 Will generally take a long time (years) to acquire enough
data to establish statistical significance.
 Accident and injury data are most common lagging
indicators.
 Difficult to use for quality management and process
improvement.
 Leading indicators
 Large sample sizes.
 Shorter time to develop statistical significance.
 Used commonly for quality management and process
improvement.
289

290
Control

Aviation organizations experience permanent
change due to expansion, introduction of new
equipment or procedures.
Changes can:
 Introduce new hazards.
 Impact the appropriateness of risk mitigation.
 Impact the effectiveness of risk mitigation.
291
Control

External changes
 Change of regulatory requirements.
 Security.
 Reorganization of air traffic control.
…
Internal changes
 Management changes
 New equipment.
 New procedures.
… 292
Control

A formal management of change process should:
 Identify changes within the organization which may
affect established processes and services.
 Conduct a predictive hazard assessment and risk
analysis to identify risks associated with the change
 Prior to implementing changes describe the
arrangements to ensure safety performance.
293

3.1 – Performance monitoring and measurement
294
Control
3.3 – Continuous improvement of the safety

Continuing improvement aims at:
 Determining the immediate the causes of performance
under the standard and the implications of this
performance in the operation of the SMS.
 Rectifying situations involving situations under the
standard identified through other safety assurance
activities.
295
Control

Continuing improvement is achieved through:
 Reactive evaluations in order to determine why the
risks were not under control, for example:
investigations of minor and major incidents and
accidents.
 Proactive evaluation of facilities, equipment, and
documentation and procedures through audits and
surveys.
 Proactive evaluation of the individuals’ performance,
to verify the fulfillment of their safety responsibilities.
 Predictive change management.
296

297
Safety promotion
 The safety manager should, in conjunction with the
personnel department, review the job descriptions of all
staff, and identify those positions that have safety
responsibilities.
298
Safety promotion
Who?
 Operational personnel
 Managers and supervisors
 Senior managers
 Accountable executive
Why?
 To ensure that personnel are trained and competent
to perform the SMS duties.
 How much?
 Appropriate to the individual’s involvement in the
SMS. 299
Safety promotion
A building block approach
 Operational personnel
 Organization safety policy
 SMS fundamentals and overview
 Manager and supervisors
 The safety process
 Hazard identification and risk management
 The management of change
 Senior managers
 Organizational safety standards and national regulations
 Safety assurance
300
Safety promotion
Accountable executive – A special paragraph
 Awareness of:
 SMS roles and responsibilities
 Safety policy
 SMS Standards
 Safety assurance
301

3.1 – Safety performance monitoring and analysis
302
Safety promotion
 Safety communication aims to:
 Ensure that all staff are fully aware of the SMS.
 Convey safety critical information.
 Explain why particular actions are taken.
 Explain why safety procedures are introduced or
changed.
 Convey “nice-to-know” information.
303
Safety promotion
The means to communicate may include:
 Safety policies and procedures
 News letters.
 Bulletins.
Safety communication is an essential
foundation for the development and
maintenance of a safety culture.
304
SMS at a glance
Safety
Safety policy Safety risk

and objectives management
Safety Management Surveillance

promotion commitment and
control
Effectiveness Efficiency
Aviation
community
stakeholders
305
Points to remember
1. Key ingredients for successful reporting

2. The importance of a formal management of
change
3. Safety training – Who, why and how much
306
Introduction to
10. Implementation
Objective
At the end of this module participants will be able to

develop a proposal for an SMS standard, based
upon a phased implementation.
308
Outline
Why a phased approach to SMS?

The four phases
CAAs – Four steps for SMS implementation
309
Why a phased approach to SMS?
To provide a manageable series of steps to follow in
implementing an SMS.
To effectively manage the workload associated with
SMS implementation.
To pre-empt a “ticking boxes” exercise.
Four implementation phases are proposed.
Each phase is based upon the introduction of

specific SMS elements.
310
Phase 1
Provides a blueprint on how the SMS
requirements will be met and integrated to the
organization’s work activities.
Provides an accountability framework for the

implementation of the SMS.
311
Phase 1
1. Identify the accountable executive and the
safety accountabilities of managers.
2. Identify the person (or planning group) within
the organization responsible for implementing
the SMS.
3. Describe the system (Air operator or
approved maintenance organization)
312
Phase 1
4. Conduct a gap analysis of the organization’s existing
resources compared with the national requirements
for establishing a SMS.
5. Develop an SMS implementation plan that explains

how the organization will implement the SMS on the
basis of national requirements and the results of the
gap analysis.
6. Develop documentation relevant to safety policy and

objectives.
7. Develop and establish means for safety

communication. 313
Phase 2
 Puts into practice those elements of the

SMS implementation plan that refer to:
1. Safety risk management component.
 Reactive processes
 Investigation and analysis
2. Training relevant to:
 The SMS implementation plan components.
 The safety risk management component (Reactive
processes).
3. Documentation relevant to:
 The SMS implementation plan components.
 The safety risk management component (Reactive
processes). 314
Phase 3
 Puts into practice those elements of the SMS

implementation plan that refer to:
1. Safety risk management component.
 Proactive and predictive processes
 Investigation and analysis
2. Training relevant to proactive and predictive
processes.
3. Documentation relevant to proactive and predictive
processes.
315
Phase 4
1. Program Surveillance and Control

 Development of acceptable level (s) of safety.
safety
 Develop SMS program metrics
 Leading indicators
 Lagging indicators
2. Training relevant to SMS program surveillance and
control.
3. Documentation relevant to SMS program surveillance
and control.
316
The final objective – Integration
Safety programme + SMS = State integrated safety

management system
Objective: State
Public
safety safety
programme
Oversight
Acceptance
Oversight
Organization’s Objective:
Objective: Organization’s Achieve
Manage and safety commercial
control
production goals and
management
safety risk Risk management processes customer
system (SMS) Safety assurance satisfaction 317
Points to remember
1. Reduce a complex task to series of manageable

steps.
2. Avoid a bureaucratic exercise (“Ticking boxes”).
3. Element allocation under a particular phase may
slightly vary depending upon the specific Annex.
4. The CAAs four steps for SMS implementation.
318

Introduction To Safety Management Systems 1. What Is An SMS?

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction To Safety Management Systems 1. What Is An SMS?

Uploaded by

Copyright:

Available Formats

Introduction to

Safety Management Systems

 “…a safety management system acceptable to the State of

 An SMS is different from other safety programs

Risk based Corporate Management Integrated

As a corporate management process, an SMS is implemented

Risk = Probability of Event Occurring X Severity of its Outcome

•Defines safety in measurable terms

SMS integrates safety activities into the organization’s operations

Operational Requirement Level

Operational safety requirements are horizontally integrated into

SMS implementation plan Performance measures

Organizational structure System components

Emergency response Training

Strategic Safety Planning 12

Plans Audit reports

Policies & Procedures Assessment findings

Regulatory requirements Industry information

The Risk Management component of an

2. Basic Safety Concepts

At the end of this module, participants will be able

Safety is the state in which the risk of harm to

persons or property damage is reduced to, and

WHAT? WHO? WHEN?

1950s 1970s 1990s 2000s

many barriers to error. Productive Activities

Errors can happen Pre-Conditions

caught before an Productive Activities

when a failure occurs Repairs, Servicing

barriers. Off work activities

Activities over which any organization has a

•Inadequate hazard Latent

Conditions present in the system before the accident,

Factors that directly influence the efficiency of

 A violation is a human action (behavior) that

 Maintenance System Failure = System

1. Failure to follow published technical data or local instructions

Human error is considered

Flaps Checklist Unheeded

Error Deviation Amplification Degradation/

Error Deviation Amplification Normal

Three strategies for the control of

Three strategies for the control of

Production objective(s) Incident Accident

There are three types of violations that we

 Routine—These are “common practice.”

 Situational—Mechanic/inspector strays from

Culture binds people together as members of

Sets the boundaries for acceptable behaviour

What is a “safety culture” as it applies to an

Organizations and the management of

 Bureaucratic – Restrain the information

 Generative – Value the information

Source: Ron Westrum

Pathological Bureaucratic Generative

Information Hidden Ignored Sought

Messengers Shouted Tolerated Trained

Responsibilities Shirked Boxed Shared

Reports Discouraged Allowed Rewarded

Failures Covered up Merciful Scrutinized

New ideas Crushed Problematic Welcomed

Resulting Conflicted “Red tape” Reliable

For “funereal” purposes