Spesific Safety

Management System
ICAO SMS 1. Safety policy and objectives
1.1 – Management commitment and responsibility
SAFETY 1.2 – Safety accountabilities of managers
FRAMEWO 1.3 – Appointment of key safety personnel
1.4 – SMS implementation plan
RK 2.
1.5 – Documentation
Safety hazard identification and risk
management
2.1 – Hazard identification processes
2.2 – Risk assessment and mitigation processes
2.3 – Internal safety investigations
3. Safety assurance
3.1 – Safety performance monitoring and
measurement
3.2 – Audits and surveys
3.3 – The management of change
3.4 – Continuous improvement of the safety
system
Implementing the SMS
Safety Policy
Top-Down Change

SMS is a “top down” process when it’s in use. From the

top downward, the Accountable Executive puts the Plan
and its growth into motion. Before that happens, a lot of
preparatory work needs to be done.
Safety
Philosophy SMS effectively works in the following safety philosophy:

1. Identify hazards - actions, conditions, system failures or procedural

failures that may result in an accident, incident or hazardous event;
2. Analyse risk of the identified hazards;
3. Implement Human Centred Design of systems, systems components
and procedures to establish and maintain an acceptable level of risk.
Controls.
The elements of the
SMS safety objectives
IATA Training & Development Institute
1. Safety policy and objectives
1.1 – Management commitment and responsibility
1.2 – Safety accountabilities of managers
1.3 – Appointment of key safety personnel
1.4 – SMS implementation plan
1.5 – Documentation
2. Safety hazard identification and risk management
2.1 – Hazard identification processes
2.2 – Risk assessment and mitigation processes
2.3 – Internal safety investigations
The elements of the
SMS safety objectives
IATA Training & Development Institute
3. Safety assurance
3.1 – Safety performance monitoring and measurement
3.2 – Audits and surveys
3.3 – The management of change
3.4 – Continuous improvement of the safety system
4. Safety promotion
4.1 – Training and education
4.2 – Safety communication
5. Emergency response planning
5.1 – Development of the emergency response plan
Safety policy and
objectives 1.1 – Management commitment and responsibility
• Senior management must:
• Develop the safety policy, signed by the Chief Executive Officer.
• Establish the safety policy, objectives and performance standards in
accordance to national and international standards and
organizational priorities.
• Communicate, with visible endorsement, the safety policy,
objectives and performance standards to all staff.
• Provide necessary human and financial resources.
Safety policy and 1.1 – Management commitment and responsibility
objectives • Identify the accountable executive
• Single, identifiable person.
• Full responsibility for the organization’s SMS
• CEO/Chairman Board of Directors
• A partner
• The proprietor

IATA Training & Development Institute

Safety policy and 1.1 – Management commitment and responsibility
objectives • Accountable executive must have:
• Full authority for human resources issues.
• Authority for major financial issues.
• Direct responsibility for the conduct of the organization‘s affairs.
• Final authority over operations under certificate.
• Final responsibility for all safety issues.
Reference: Doc 9859, Chapters 2 and 12
Safety policy and 1.2 – Safety accountabilities of managers
objectives • SMS organization
• Safety responsibilities of key personnel

Reference: Doc 9859, Chapter 12

 Safety Review Accountable executive
Safety Board (SRB)

responsibilities Director of Director of

Other directorates
– An example operations maintenance

Safety office

Flight Maintenance
safety officer safety officer
Safety Action
Group (s)
(SAG)

Safety Management Systems for Airlines IATA Training & Development Institute
Safety policy and 1.3 – Appointment of key safety personnel
objectives • The safety office – Corporate functions
• Advising senior management on safety
matters.
• Assisting line managers.
• Overseeing hazard identification
systems.
Safety policy and
1.3 – Appointment of key safety personnel
objectives • The safety manager – Responsibilities
• Accountable individual and focal point for the
development and maintenance of an effective safety
management system.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • The safety manager – Responsibilities
• Manages of the SMS implementation plan.
• Facilitates hazard identification and risk analysis and
management.
• Monitors the effectiveness of corrective actions.
• Provides periodic reports on safety performance.
• Maintains safety documentation.
• Plans and organizes staff safety training.
• Provides independent advice on safety matters.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • The safety manager – Selection criteria
• Operational management experience and technical
background to understand the systems that support
operations.
• People skills.
• Analytical and problem-solving skills.
• Project management skills.
• Oral and written communications skills.
Safety policy and
objectives 1.3 – Appointment of key safety personnel
• The Safety Review Board (SRB):
• High level committee
• Strategic safety functions
• Chaired by CEO.
• It may include the Board of Directors.
• Composed of heads of functional areas.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • SRB monitors :
• Safety performance against the safety policy and objectives.
• Effectiveness of the SMS implementation plan.
• Effectiveness of the safety supervision of sub-contracted
operations.
• SRB ensures that appropriate resources are allocated to achieve
the established safety performance.
• SRB gives strategic direction to the SAG
Safety policy and 1.3 – Appointment of key safety personnel
objectives • Safety Action Group(s) (SAG):
• Reports to SRB and takes strategic direction
from SRB.
• Members:
• Managers and supervisors from
functional areas.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • SAG:
• Oversees operational safety within the functional
area.
• Resolves identified risks.
• Assesses the impact on safety of operational
changes.
• Implements corrective action plans.
• Ensures that corrective action is taken in a timely
manner.
• Review the effectiveness of previous safety
recommendations.
• Safety promotion.
Reference: Doc 9859
Safety policy and 1.4 – SMS implementation plan
objectives • Developed by a planning group, which:
• Comprises an appropriate experience base.
• Meets regularly with senior management.
• Receives resources (including time for meetings).
• A realistic strategy for the implementation of an SMS that will
meet the organization’s safety needs.
• A definition of the approach the organization will adopt for
managing safety.
Safety policy and 1.4 – SMS implementation plan
objectives • Senior management endorses the plan.
• Typical implementation time frame will be one to four
years ahead (Phased approach).

Reference: Doc 9859

Safety policy and 1.5 – Documentation
objectives • Applicable regulations
• SMS records and documentation
• Records management
• The Safety Management Manual (SMM)
Safety policy and
objectives 1.5 – Documentation – Safety policy and objectives
• Define, document and endorse a safety policy confirming the
objectives identified during the planning phase.
• Safety policy must include a commitment to:
• Achieve the highest safety standards.
• Observe all applicable legal requirements and international
standards, and best effective practices.
• Provide appropriate resources.
• Enforce safety as one primary responsibility of all
managers.
• Ensure that the policy is understood, implemented and
maintained at all levels.
Safety policy and 1.5 – Documentation – Safety management manual
objectives (SMM)
• Key instrument for communicating the organization’s
approach to safety to the whole organization.
• Documents all aspects of the SMS, including the safety
policy, objectives, procedures and individual safety
accountabilities.
Safety policy and 1.5 – Documentation – SMM contents
objectives
• Scope of the safety management
system.
• The safety policy and objectives.
• Safety accountabilities.
• Key safety personnel.
• Documentation control procedures.
• Hazard identification and risk
management schemes.
• Safety performance monitoring.
• Emergency response planning.
• Management of change.
• Safety auditing.
• Safety promotion.
• Reference: Doc 9859
What Causes Accidents?
 Accident
Defences

Unsafe Acts

Preconditions

Line Management

Decision Makers
 Defences

Unsafe Acts
REASON’S
MODEL Preconditions
Window
Line Management of Opportunity

Decision Makers

Unsafe Acts
and Latent
Unsafe Conditions

Latent Unsafe Conditions

REASON’S Defences
Accident
MODEL Unsafe Acts
Preconditions
Window
Line Management of Opportunity
Decision Makers

Unsafe Acts
and Latent
Unsafe Conditions

Latent Unsafe Conditions

Accident
 No Accident
Defences

Safe Acts
Preconditions
Line Management

Decision Makers

Safe Acts and

Latent Safe Conditions

Latent Safe Conditions

Concept
• What is safety
of safety • Zero accidents (or serious incidents)?
• Freedom from danger or risks?
• Error avoidance
• Regulatory compliance?
• …?
Concept
• Consider
of safety • The elimination of accidents (and serious incidents) is
- In reality unachievable.
• Failures will occur, in spite of the most accomplished
prevention efforts.
• No human endeavour or human-made system can be free
from risk and error.
• Controlled risk and error is acceptable in an inherently safe
system.
Concept
Safety is the state in which the risk of harm to persons
of safety or property damage is reduced to, and maintained at
Doc.9859 or below, an acceptable level through a continuing
process of hazard identification and risk management.
Evolutio
n of • Technocracy – The ‘golden bullet’
Aviation • Leads to Quality Management
Safety • Opens the door to Human Factors
• Requiring the understanding of Organizational Factors
• Concluding with ‘Safety Culture’
Safety • Reason: the Three ‘C’s of Safety Culture
Culture • Commitment
- • Cognizance
• Competence
Frame
work • Westrum: “Learning Organizations”
• Pathological
• Bureaucratic
• Generative
A concept Organization Workplace People Defenses
of
Management Errors
accident decisions and
Working
ACCIDEN
and
causation organizational conditions
violations T
processes

Source: James Reason Latent conditions

trajectory
What are their safety

Management needs ?
Financial security Needs ?
What are the safety
Regulatory needs?
What are the accepted ?
Industry Standards
Why SMS? Rate and the dynamics of change

Why Now? • Changes in:

• Understanding of accident causation;
• Ownership & operation of aviation services;
• Nature/cost of technological changes;
• Emphasis on due diligence & measurement; and
• Changing regulatory roles.
Why SMS?
Why Now? • Success in an organization's safety performance will be greatly
strengthened by the existence of a positive safety culture. Safety
culture in an organization can be described as the way in which it
conducts its business and particularly in the way it manages safety.

• It stems from the communicated principles of top management and

results in all staff exhibiting a safety ethos which transcends
departmental boundaries. Safety culture can be measured by informal
or formal staff surveys, or by observations conducted in safety related
work areas.
Why SMS?
Why Now?

Safety culture can be measured by informal or

formal staff surveys, or by observations
conducted in safety related work areas.
Why SMS? • It is essential that safety must be actively managed from the
Why How? very top of a company.

• Safety management must be seen as an integral strategic

aspect of business management, recognizing the high priority
attached by the company to safety.

• To that end, a demonstrable Board-level commitment to an

effective formal Safety Management System must exist. The
contribution that all staff can make to the effectiveness of an
organization's SMS can’t be over emphasised.
Why SMS?
Why How? 1) Organizations establishing an SMS need to take a pragmatic
approach, building where possible on existing procedures and
practices (particularly Quality Management). SMS identifies and
prioritizes the use of resources to manage risk and it should lead to
gains in efficiency.

2) Adoption of “best practice” standards must be a clearly stated

objective.
Why SMS? 3) A fully-fledged SMS is a formalized, company wide system. Established at
Why How? corporate level, the SMS then devolves out into the individual departments
of an organization. Flight Operations, engineering & Maintenance, Ground
Handling and all other departments whose activities contribute to the
operator’s safety performance will have their own processes and procedures
under the umbrella of the corporate SMS.

4) Where safety sensitive functions of the operator are outsourced (for example
maintenance and ground handling) contractual agreements should identify
the need for equivalent auditable SMS in the supplier.
 C
Threat NO
M I PO
L ITI
O CA
Sources EC L

nt
me
Y

ge
na
O LO G
Categories of risk in the

Lea

ma

SUPPLY
d

er
internal environment

ers

m
sto
hi
(inner circle), and

p
T EC H N
cts /

Cu
in the external Strat ss /Produ
egy e
Proc ces
environment Servi
(outer ring). at
ion Bu
m sin
r ess
fo res

CO
/ In ul

L
ta ts
Da

CA
M
People

PE

I
YS
TI

PH
TI
ON
COMMUNITY
Why SMS? There are three essential prerequisites for a successful Safety
Why How? Management System in aviation:

1. A comprehensive corporate approach

2. An effective organization for delivering safety
3. Systems to achieve safety oversight
Safety • The management of any aviation organization
Management requires the management of many business
processes.
– Rationale • Managing safety is one such business process.
• Safety management is a core business function just
as financial management, HR management, etc.
• This brings about a potential dilemma for
management.
Reactive
safety Investigation of accidents and serious incidents
Based upon the notion of waiting until something breaks to fix it.
management Most appropriate for:
• situations involving failures in technology.
• unusual events.
The contribution of reactive approaches to safety management depends on the
extent to which the investigation goes beyond the triggering cause(s), and
includes contributory factors and findings as to risks.
Predictive
Confidential reporting systems, flight data analysis, normal
safety operations monitoring.
management • Based upon the notion that safety management is best
accomplished by looking for trouble, not waiting for it.
• Aggressively seek information from a variety of sources
which may be indicative of emerging safety risks.
The
• Traditional – Accident/serious incident investigation
changing • Aviation system – as pre-specified – is perfect.

of the • Compliance based.

• Outcome oriented.
guard • Evolving – Safety management
• Aviation system – as pre-specified – is imperfect.
• Performance based.
• Process oriented.
SMS Safety Management System Definition
Defined CAP 712 includes two definitions considered appropriate to
commercial air transport operations. They are:

1. “Safety Management” is defined as the systematic

management of the risks associated with flight
operations, related ground operations and aircraft
engineering or maintenance activities to achieve high
levels of safety performance: and,
SMS 2. A “ Safety Management System” is an explicit element of the
Defined corporate management responsibility which sets out a
company’s safety policy and defines how it intends to manage
safety as an integral part of its overall business.
SMS In simple terms an SMS can be compared with a financial management
Defined system as a method of systematically managing a vital business
function.

The outputs from such a system are usually felt across the whole of an
organisation. Although financial risks are taken the financial procedures
an organisation has in place should ensure that there are no “business
surprises”.

If there are it can be disastrous for a small company whilst for larger
organisations, unwelcome media attention usually follows an
unexpected loss.
SMS An aircraft accident is also an “unexpected loss” and not one any
Defined organisation in the civil aviation industry wishes to suffer. It should
therefore be apparent that the management of safety must attract at
least the same focus and degree of care as that given to an
organisation’s financial health.

An effective, developed Safety Management System will provide this.

SMS – the
focus is on ….
Due Diligent Management
Due
Due Diligence is the effort a party makes to avoid harm to
Diligenc another party. Failure to make this effort is considered
negligence.
e
Safety
Management Safety Management is defined as the systematic
Systems management of the risks associated with;
• flight operations
• related ground operations
• aircraft engineering or
• maintenance activities
to achieve high levels of safety performance.
Safety
Management A “ Safety Management System” is an explicit
element of the corporate management
Systems responsibility which sets out a company’s safety
policy and defines how it intends to manage
safety as an integral part of its overall business.
 Establish Identify Residual Accept Risk or
Initiation & Define Monitor &
the Context/ Threats & Risks & Action Plan
Schedule Objectives Report
Scope Controls Assessment

Safety-Risk
Managemen
Schedule : Systematic prioritization of activities to be risk
t – Key Steps assessed. Target organizational changes, problem areas,
new equipment or technology introductions
Context / Scope : Define the boundaries for each assessment
Objectives: Define the objective/s of the area / activity / project
subject to assessment
 • Initiation:

Safety-Risk • Establish the program, train personnel, obtain management support, and
commence identifying applications for departments, processes and/or project
Managemen activities

t – Key Steps • Threat Identification: Identify internal and external

threats
 • Controls:
Safety-Risk Identify the controls that are currently in place that provide assurance that
the objective/s will be achieved
Managemen • Residual Risk:

t – Key Steps What risks remain after threats and controls are reviewed
• Risk Assessment:
Risk Likelihood x Risk Consequence = Risk Rating
• Risk Treatment:
If high or significant risks exist then Action Plans are to be put in place
• Monitoring:
Monitor effective closure of actions, monitor for changes & new risks
When do we
use Risk • Whenever a change occurs to a current Procedure or Process.
(internal change / external change)
Management
Processes….? • Whenever we compare our current procedure or process’s to someone
else's

• Whenever we embark on a new Project which results in a new Policy,

Process, Procedure, or Product.

• Whenever we make a Decision….??…any Decision…!!!

 RISK MITIGATION Risk Management Cycle RISK ANALYSIS

Review meetings
Update Status
Hazard to Risk
Monitoring Identification

Facilitation
Implement
or
Actions Self Analysis

QUALITY
Resolution ASSSURANCE Analysis
& PROCESS
Actions
Probability
+
Develop Risk Impact
Mgt Plans

Mitigation / Evaluate
Contingency Prioritisation
Planning Risk Exposure
The Risk Analysis Process Should Conform to
the Quality Management Elements of the ISO
Standards such as the ISO 9000 family, QMS
2000 etc
• Involvement of People
• System Approach to Management
• Analytical ‘Process’ Approach
• Factual Approach to Decision Making
• Feed Back Loop
• Accountability
• Continual Improvement
• Mutually Beneficial
Definitions
- IATA
Hazard: The condition or circumstance that can lead to a loss of life or
an aircraft

Risk : The consequence of a hazard, measured in terms of likelihood

and severity
Definitions
- ICAO • Hazard – Condition, object or activity with the potential of causing injuries
to personnel, damage to equipment or structures, loss of material, or
reduction of ability to perform a prescribed function.
• Risk – The chance of a loss or injury, measured in terms of severity and
probability. The chance that something is going to happen, and the
consequences if it does.
• A wind of 15 knots blowing directly across the runway is a hazard. The
possibility that a pilot may not be able to control the aircraft during take off or
landing, resulting in an accident, is one risk .
First fundamental
– Understanding • Natural tendency to describe the hazards as an outcome
• “Runway incursion” vs. “unclear aerodrome signage”
hazards
• Stating hazards as outcomes disguises their nature and interferes with
identifying other important outcomes.
• However, well-named hazards allows to infer the sources or mechanisms
and loss outcome(s).

Source ICAO
Second
fundamental – • The scope for hazards in aviation is wide, and may be related to:
• Design factors, including equipment and task design.
Hazards • Procedures and operating practices, including
Identification documentation and checklists.
• Communications, including means, terminology and
language.

Source ICAO
Hazard • … for example:
identification - • Organizational factors, such as company policies for recruitment, training,
continued remuneration and allocation of resources.
• Work environment factors, such as ambient noise and vibration, temperature,
lighting and protective equipment and clothing.
Hazard • …for example:
identification - • Regulatory factors, including the applicability and
enforceability of regulations; certification of equipment,
continued personnel and procedures; and the adequacy of oversight.
• Defenses including detection and warning systems, and the
extent to which the equipment is resilient against errors and
failures.
• Human performance, including medical conditions and physical
limitations.
Sources of • Predictive
hazard • Reactive
identification • Internal
• Company voluntary reporting
system
• Audits and surveys
• External
• Accident reports
• State mandatory occurrence
system
Hazard • By whom?
• By anybody
identification • By designated personnel
• How?
• Through formal processes
• Depends on the organization
• When?
• Anytime
• Under specific conditions
Hazard • Specific conditions
identification • Unexplained increase in safety-related
events or infractions.
• Major operational changes are foreseen.
• Periods of significant organizational
change.
Third
fundamental – • Efficient and safe operations or provision of service require a
constant balance between production goals (eg: maintaining
Hazards regular airline operations during a runway construction project)
and safety goals (maintaining existing margins of safety in airline
Management operations during runway construction project).
• Aviation workplaces contain hazardous conditions which may not
be cost-effective to eliminate even when operations must continue.

Source ICAO
Third
fundamental – • At the intersection of protection and production
Hazards • The acronym ALARP is used to describe a safety risk
which has been reduced to a level that is as low as
Management reasonably practicable.
• In determining what is reasonably practicable
consideration is given to both the technical feasibility
and the cost of further reducing the safety risk.
• This includes a cost/benefit study.

Source ICAO
Hazard
Management • Direct costs
- continued • The obvious costs, which are easily determined. The high costs of exposure of
hazards can be reduced by insurance coverage.
• Purchasing insurance only transfers monetary risk
• Indirect costs
• The uninsured costs. An understanding of these uninsured costs (or indirect
costs) is fundamental to understanding the economics of safety.
Hazard • Usually they amount more than the direct
Management costs resulting from exposure to hazards:

- continued • Loss of business

• Damage to the reputation
• Loss of use of equipment
• Loss of staff productivity
• Legal actions and claims
• Fines and citations
• Insurance deductibles
Fourth
fundamental – • The fundamental importance of appropriate
documentation management:
Hazards • A formal procedure to translate operational
safety data into hazard-related
Documentation information.
• The “safety library” of an organization.

Source ICAO
Fourth
fundamental – • The need for standardization: facilitating
tracking and analysis of hazards by
Hazards common:
• Definitions
Documentation • Understanding
• Validation
• Reporting
• Measurement
• Management

Source ICAO
Managing • What is it?
Risk • The identification, analysis and elimination, and/or mitigation to an
acceptable level of risks that threaten the capabilities of an
organization.
• What is the objective?
• Aims at a balanced allocation of resources to address all risks and
viable risk control and mitigation.
• Why is it important?
• A key component of safety management systems.
• Data-driven approach to safety resources allocation, thus defensible
and easier to explain.
Risk Value At some stage, organizational values and subjective judgments enter the
Judgements decision-making process and you have to consider:
1. The importance of the estimated risk
2. Associated social, environmental and economic considerations
3. The potential cost of acting vs. not acting
Risk Value A risk assessment team develops and documents an understanding of a hazard
and its risk. From that understanding, the team needs to go on to developing
Judgements mitigations for the hazard, and from that the team heads into the touchiest
part of Risk Management – the level of risk acceptance that will bear on the
hazard.

Of course we want to eliminate all risks and their hazards, but experience
teaches us that complete mitigation or control is not feasible or realistic. That
means that there always will be some level of acceptance that applies to risk.
Risk Value
Judgements This is the point when technical experts bring decision makers into the effort.
Sometimes decision makers are left out or they choose not to participate until the
time comes to make a decision.

However, it’s always better that decision makers participate in the Risk
Assessment process so that they have a good basis of knowledge.
Risk This is why it’s so important for the Risk Assessment group to thoroughly
document its research and conclusions. All of this needs to be explained to the
decision makers. Sometimes Risk Assessment conclusions must be explained
to the regulator, and sometimes even explained to the public.

For the Decision Maker(s) there are two questions that bear on their Risk
Management:

1. What risk will I accept?

2. What risk will those I represent accept?

Risk This is not “shoot from the hip” decision making. This is decision
making based on the Risk Assessment that’s been furnished and
based on the decision maker’s knowledge of the organization’s
environment.

It’s possible that the decision maker may send the Assessment
Team back to do more work. Decision makers get to do that.

However, this may not be a good idea if the hazard is rated as

Imminent and Catastrophic. The Risk Assessment group needs to
clearly describe the importance of its recommendations.
Risk Once the decision on Risk Acceptance and actions is made then
Documentation needs to take place. Documentation serves two important
purposes for the company:

1. Documentation lays out the rationale for Risk Acceptance based

on Risk Acceptance. This is the material that Decision Makers
will need for reference when questions arise.
2. Documentation preserves the Risk Assessment and Acceptance
work for those that come along later. It can spare later Assessors
from having to start from a zero knowledge point, and it shows
what the situation was at the time of the original work.
Risk Intolerable region The risk is

management unacceptable
at any level

As Tolerable region
If the risk can
Low be mitigated, it
As is acceptable.
Reasonably Cost benefit
Practicable analysis
required.
Acceptable
region The risk is acceptable
as it currently stands
Risk
Probability Definition(s)
• Probability – The chance that a situation of danger might
occur.
Risk
Questions for assessing the probability of an occurrence:
Probability • Is there a history of occurrences like the one being assessed, or
is the occurrence an isolated event?
• What other equipment, or similar type components, might have
similar defects?
• What number of operating or maintenance personnel must
follow the procedure (s) in question?
• How frequently is the equipment or procedure under
assessment used?
Risk Severity
or Impact Definition(s)
• Severity – The possible consequences of a situation of
danger, taking as reference the worst foreseeable situation.
Risk Severity
or Impact • … questions:
• What is the severity of the property or financial damage?
• Direct operator property loss
• Damage to aviation infrastructure
• Third party damage
• Financial impact and economic impact for the State
• Are there organizational, management or regulatory implications that
might generate larger threats to public safety?
• What are the likely political implications and/or media interest?
Risk
Factor • Multiplying the Probability Risk Rating by the Impact Risk
Rating provides the overall Risk Factor for that stage of the
analysis.

• ie: Risk Factor = PRR x IRR

Source: PL Bates Syd Uni 2006

 Identify the hazards to equipment
,property, HAZARD
Risk personnel or the organization
. IDENTIFICATION

assessment
Identify the risk(s) and assess RISK ASSESSMENT
at a glance the chances of it (them) occurring? Probability

RISK ASSESSMENT
Evaluate the seriousness of the risk(s) occurring Severity

Is (are) the consequent risk(s) acceptable and within RISK ASSESSMENT

the organization’s safety performance criteria? Acceptability

NO
YES Take action to reduce
Accept the risk(s) the risk(s) to an RISK CONTROL/MITIGATION
acceptable level
Definition - Mitigation:
IATA the measures taken to eradicate a hazard, or to reduce the
likelihood or severity of a risk

Controls:
The controls in place to ensure that the objective is met.

System Safety,
the circumstance that permit hazards of a like
Deficiency:
nature to exist
Risk Control /
Mitigation • Definition(s)
• Mitigation – Measures to eliminate the potential
hazard or to reduce the risk probability or severity.
• Risk mitigation = Risk control

• (Mitigate – To make milder, less severe or less harsh)

Risk Control /
Mitigation • Strategies
• Avoidance – The operation or activity is cancelled because
risks exceed the benefits of continuing the operation or
activity.
• Operations into an aerodrome surrounded by
complex geography and without the necessary aids
are cancelled.
Risk Control /
Mitigation • Strategies
• Segregation of exposure – Action is taken to isolate the effects of
risks or build-in redundancy to protect against it, i.e., reduce the
severity of risk.
• Operations into an aerodrome surrounded by complex
geography are limited to day-time, visual conditions.
• Non RVSM equipped aircraft not allowed to operate into
RVSM airspace.
Risk Mitigation
• Recalling the three basic defences in
– Defences aviation:
• Technology
• Training
• Regulations
Risk Mitigation
• As part of the risk mitigation, determine:
– Defences • Do defences to protect against such risk (s) exist?
• Do defences function as intended?
• Are the defences practical for use under actual working
conditions?
• Is staff involved aware of the risks and the defences in
place?
• Are additional risk mitigation measures required?
Risk
Exposure Consider:
• The Probability of the Risk element occurring and the Impact on the project if the
Risk element does actually eventuate.
• Is generally used to prioritise risks, and to focus on the risks that will have the
greatest impact on the project
Risk EXPOSURE H IG H

Exposure I
M
P
A
C
T LOW
P R O B A B I L I T Y
Risk Exposure
Valuation The concept of ‘Risk-Exposure Valuation’ is based on the premise that any one Risk
Element can ultimately have an ‘Impact’, and its portion towards the total risk-
exposure value is a function of the probability of that Risk Element actually
occurring – based on the “weakest link in the chain concept”.
• The Value of the determined Risk Exposure may not necessarily be numerical.
• Also:
• The units of measurement need not be in dollar terms, for security it may be
appropriate to use the term eg ‘Points’
• Risk-Exposure Valuation may not be appropriate in all circumstances
• (eg Prob x Impact … 1x10-3 X $350M = $350,000)
Acceptable • Set by Regulators and reflects Social Acceptable v’s Achievable
Risk Expectations
• Constrained and Limited by Company’s Financial resources
• Limited by the Company’s ability to offset risk through a third party
- Parent, Insurance Co’s… etc
• Defined by the Company’s ‘Base-Line Level of Acceptable Risk’
Acceptable • Set by the Regulatory Bodies and Social Norms
Liability • Set by the ‘Corporate Mission Statement’
• Set by Internal / External Financial resources
• Set by the availability of ‘Offset liability financial Guarantors’ - Insurance
Companies, Governments etc
 RISK MITIGATION Risk Management Cycle
RISK ASSESSMENT

Review meetings
Update Status
Hazard to Risk
Monitoring Identification
6 1
Facilitation
Implement
or
Actions Self Analysis

QUALITY
Resolution ASSSURANCE Analysis
& PROCESS 2
Actions 5
Probability
+
Develop Risk Impact
Mgt Plans

Mitigation / Evaluate
Contingency Prioritisation
Strategy 4 Risk Exposure 3
Mitigation or
Contingency An attempt to mitigate the identified Risk elements should always be
attempted. The ‘Analysis Team Members’ may use past and present
experience, knowledge and information to devise any means so as to
reduce the identified risk factor – both probability and impact.
Mitigation or
Contingency • The resulting ‘Risk Factor’ should have been reduced,?!?!…
• however if it has not been reduced to an acceptable level or value, then
• an appropriate contingency strategy would need to be implemented
• Follow company / project guidelines and /or protocols.
Mitigation
Priority Order • Attempt to Eliminate
• Attempt to Isolate (quarantine)
• Attempt to Minimise by Engineering means
• Attempt to Minimise by Administrative means… eg training, signage,
supervision
• Consider shedding to a third party
• Protect the individual, entity, project
• eg, PPE, Insurance, ….etc
•
Contingency • Pass on to a Higher level of Management
• Quantify the resultant risk exposure above the ‘acceptable level’
• Determine if Risk Shedding is available
• eg, Insurance, another Dept, Regulatory liability acceptance,
Government acceptance
• Advise the appropriate level of management of the resultant risk
exposure
• This type of Contingency Strategy is generally actioned by high
level Management, and, may only offer Legal liability relief
and/or financial relief. - ie the the exposure to that ‘risk element’
is still present
Acceptable
level of Implementation
safety The concept of acceptable level of safety is
expressed in practical terms by two measures or
metrics:
safety performance indicators
safety performance targets
It is delivered through various tools and means:
safety requirements.
Acceptable
level of Safety performance indicators
Established objectives of a State’s safety programme, or
safety an operator/services provider SMS.
Linked to major components of a State’s safety
programme, or an operator/services provider SMS.
Expressed in numerical terms.
Example – No more than 0.8 Cat A and B (most
serious) runway incursions per million operations
through 2019.
Acceptable
level of The safety requirements should be satisfied in terms of operational

safety procedures, technology and systems, programmes, and contingency

arrangements.
Measures of reliability, availability and/or accuracy may be added.
Example – Install Airport Surface Detection Equipment- Model X
(ASDE-X) at (three busiest airports) within the next 12 months, with
98% annual availability.
Acceptable
level of
Implementation
safety
An acceptable level of safety will always be expressed by a

number of safety performance indicators and safety

performance targets, never by a single one.
Acceptable Scope
level of There will seldom be a single or national acceptable level of

safety safety.
Most frequently, within each State, different acceptable levels of
safety will be separately agreed between the oversight authority
and individual operators/services providers.
Each agreed acceptable level of safety should be
commensurate to the:
 complexity of individual operator/services provider specific
operational context
 availability of operator/services provider resources to address
them.
Acceptable levels of safety performance – SMS
Safety 1. Training course for drivers/installation of specific signage
Requirement 2. Thrice-daily walk-in ramp inspection programme
3. …

Safety performance Target 1. Maintaning no more than 20 events of unauthorized vehicles on the
taxiways per 10,000 operations
2. By January 2009 reduce to 8 FOD events on the apron per 10,000
operation
3. ...

Safety Performance 1.20 events of unauthorized vehicles on the taxiways per 10,000
Indicator operations
2. 15 FOD events on the apron per 10,000 operation
3. …
Service Provider Will comply all applicable national and international standards
Acceptable levels of safety performance – SSP

Safety 1. Installation of ASDEX in 5 international airport

Requirement 2. Video on ground de-icing / revision of the circular on in-flight icing /
briefing on pitot tube ice formation and use of de-icing boots
3. …

Safety performance Target 1. By 2010 reduce runway incursions to 0.5 per 100,000 operations
2. By 2009 reduce in-flight loss of control events due to ice accumulation
to 2 per 1,000 operations
3. ...
Safety Performance 1. 0.8 runway incursions per 100,000 operations
Indicator 2. 4 in-flight loss of control events due to ice accumulation per 1,000
operation
3. …
State Will comply all applicable international standard
Gap
• An analysis of safety arrangements existing within the
analysis organization

• The basic organizational structures necessary to start

developing an SMS may exist in the organization

• Various activities related to an SMS may be in place and

working

• SMS development should build upon existing organizational

structures
Gap
analysis • Conduct the gap analysis against the
components and elements of the SMS

• Once completed and documented the

gap analysis forms the basis of the SMS
implementation plan
Gap • SMS differs from QMS in that:
• SMS focuses on the safety, human and
analysis organizational aspects of an organization
• i.e. safety satisfaction
• QMS focuses on the product(s) and
service(s) of an organization
• i.e. customer satisfaction
SMS and QMS • SMS builds partly upon QMS principles
– Striking a • SMS should include both safety and
balance quality policies

• The coverage of quality policies –

insofar as SMS is concerned – should be
limited to quality in support of the
management of safety
SMS and QMS
• The safety risk management component of an SMS – based on risk
– Striking a management principles – results in the design and implementation of
balance organizational processes and procedures to identify safety hazards and
control/mitigate safety risks in aviation operation
• The safety assurance component of an SMS – based on quality
principles – provides a structured approach to monitor that processes
and procedures to identify safety hazards and control/mitigate safety
risks in aviation operations function as intended and, when they do not,
to improve them
Systems
• There is a tendency in civil aviation to integrate the different systems of management:
integration • Quality management system (QMS)
• Environment management system (EMS)
• Occupational health and safety management system (OHSMS)
• Safety management system (SMS)
• Security management system
Systems
integration benefits
• Reduce duplication and therefore costs
• Reduce risks and increase profitability
• Balance potentially conflicting objectives
• Eliminate potentially conflicting responsibilities and relationships
• Defuse the power system
Systems
• There are different ways to integrate a safety management system in
integration the operation of the organization
considerations • Aviation organizations should be encouraged to integrate their
management system for quality, safety, security, occupational health
and safety, and environmental protection management

• This integration, however, is presently beyond the scope of the

harmonized ICAO safety management requirements and of this
training course
Clarifying the use
of terms • Safety oversight
• Is what the CAA performs with regard to the service providers
SMS
• Safety assurance
• Is what the service providers do with regard to safety
performance monitoring and measurement
• Safety audit
• Is what the CAA performs with regard to its safety programme
and the service providers perform with regard to the SMS