Professional Documents
Culture Documents
Management System
ICAO SMS 1. Safety policy and objectives
1.1 – Management commitment and responsibility
SAFETY 1.2 – Safety accountabilities of managers
FRAMEWO 1.3 – Appointment of key safety personnel
1.4 – SMS implementation plan
RK 2.
1.5 – Documentation
Safety hazard identification and risk
management
2.1 – Hazard identification processes
2.2 – Risk assessment and mitigation processes
2.3 – Internal safety investigations
3. Safety assurance
3.1 – Safety performance monitoring and
measurement
3.2 – Audits and surveys
3.3 – The management of change
3.4 – Continuous improvement of the safety
system
Implementing the SMS
Safety Policy
Top-Down Change
Safety office
Flight Maintenance
safety officer safety officer
Safety Action
Group (s)
(SAG)
Safety Management Systems for Airlines IATA Training & Development Institute
Safety policy and 1.3 – Appointment of key safety personnel
objectives • The safety office – Corporate functions
• Advising senior management on safety
matters.
• Assisting line managers.
• Overseeing hazard identification
systems.
Safety policy and
1.3 – Appointment of key safety personnel
objectives • The safety manager – Responsibilities
• Accountable individual and focal point for the
development and maintenance of an effective safety
management system.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • The safety manager – Responsibilities
• Manages of the SMS implementation plan.
• Facilitates hazard identification and risk analysis and
management.
• Monitors the effectiveness of corrective actions.
• Provides periodic reports on safety performance.
• Maintains safety documentation.
• Plans and organizes staff safety training.
• Provides independent advice on safety matters.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • The safety manager – Selection criteria
• Operational management experience and technical
background to understand the systems that support
operations.
• People skills.
• Analytical and problem-solving skills.
• Project management skills.
• Oral and written communications skills.
Safety policy and
objectives 1.3 – Appointment of key safety personnel
• The Safety Review Board (SRB):
• High level committee
• Strategic safety functions
• Chaired by CEO.
• It may include the Board of Directors.
• Composed of heads of functional areas.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • SRB monitors :
• Safety performance against the safety policy and objectives.
• Effectiveness of the SMS implementation plan.
• Effectiveness of the safety supervision of sub-contracted
operations.
• SRB ensures that appropriate resources are allocated to achieve
the established safety performance.
• SRB gives strategic direction to the SAG
Safety policy and 1.3 – Appointment of key safety personnel
objectives • Safety Action Group(s) (SAG):
• Reports to SRB and takes strategic direction
from SRB.
• Members:
• Managers and supervisors from
functional areas.
Safety policy and 1.3 – Appointment of key safety personnel
objectives • SAG:
• Oversees operational safety within the functional
area.
• Resolves identified risks.
• Assesses the impact on safety of operational
changes.
• Implements corrective action plans.
• Ensures that corrective action is taken in a timely
manner.
• Review the effectiveness of previous safety
recommendations.
• Safety promotion.
Reference: Doc 9859
Safety policy and 1.4 – SMS implementation plan
objectives • Developed by a planning group, which:
• Comprises an appropriate experience base.
• Meets regularly with senior management.
• Receives resources (including time for meetings).
• A realistic strategy for the implementation of an SMS that will
meet the organization’s safety needs.
• A definition of the approach the organization will adopt for
managing safety.
Safety policy and 1.4 – SMS implementation plan
objectives • Senior management endorses the plan.
• Typical implementation time frame will be one to four
years ahead (Phased approach).
Unsafe Acts
Preconditions
Line Management
Decision Makers
Defences
Unsafe Acts
REASON’S
MODEL Preconditions
Window
Line Management of Opportunity
Decision Makers
Unsafe Acts
and Latent
Unsafe Conditions
Unsafe Acts
and Latent
Unsafe Conditions
Safe Acts
Preconditions
Line Management
Decision Makers
Management needs ?
Financial security Needs ?
What are the safety
Regulatory needs?
What are the accepted ?
Industry Standards
Why SMS? Rate and the dynamics of change
4) Where safety sensitive functions of the operator are outsourced (for example
maintenance and ground handling) contractual agreements should identify
the need for equivalent auditable SMS in the supplier.
C
Threat NO
M I PO
L ITI
O CA
Sources EC L
nt
me
Y
ge
na
O LO G
Categories of risk in the
Lea
ma
SUPPLY
d
er
internal environment
ers
m
sto
hi
(inner circle), and
p
T EC H N
cts /
Cu
in the external Strat ss /Produ
egy e
Proc ces
environment Servi
(outer ring). at
ion Bu
m sin
r ess
fo res
CO
/ In ul
L
ta ts
Da
CA
M
People
PE
I
YS
TI
PH
TI
ON
COMMUNITY
Why SMS? There are three essential prerequisites for a successful Safety
Why How? Management System in aviation:
The outputs from such a system are usually felt across the whole of an
organisation. Although financial risks are taken the financial procedures
an organisation has in place should ensure that there are no “business
surprises”.
If there are it can be disastrous for a small company whilst for larger
organisations, unwelcome media attention usually follows an
unexpected loss.
SMS An aircraft accident is also an “unexpected loss” and not one any
Defined organisation in the civil aviation industry wishes to suffer. It should
therefore be apparent that the management of safety must attract at
least the same focus and degree of care as that given to an
organisation’s financial health.
Safety-Risk
Managemen
Schedule : Systematic prioritization of activities to be risk
t – Key Steps assessed. Target organizational changes, problem areas,
new equipment or technology introductions
Context / Scope : Define the boundaries for each assessment
Objectives: Define the objective/s of the area / activity / project
subject to assessment
• Initiation:
Safety-Risk • Establish the program, train personnel, obtain management support, and
commence identifying applications for departments, processes and/or project
Managemen activities
t – Key Steps What risks remain after threats and controls are reviewed
• Risk Assessment:
Risk Likelihood x Risk Consequence = Risk Rating
• Risk Treatment:
If high or significant risks exist then Action Plans are to be put in place
• Monitoring:
Monitor effective closure of actions, monitor for changes & new risks
When do we
use Risk • Whenever a change occurs to a current Procedure or Process.
(internal change / external change)
Management
Processes….? • Whenever we compare our current procedure or process’s to someone
else's
Review meetings
Update Status
Hazard to Risk
Monitoring Identification
Facilitation
Implement
or
Actions Self Analysis
QUALITY
Resolution ASSSURANCE Analysis
& PROCESS
Actions
Probability
+
Develop Risk Impact
Mgt Plans
Mitigation / Evaluate
Contingency Prioritisation
Planning Risk Exposure
The Risk Analysis Process Should Conform to
the Quality Management Elements of the ISO
Standards such as the ISO 9000 family, QMS
2000 etc
• Involvement of People
• System Approach to Management
• Analytical ‘Process’ Approach
• Factual Approach to Decision Making
• Feed Back Loop
• Accountability
• Continual Improvement
• Mutually Beneficial
Definitions
- IATA
Hazard: The condition or circumstance that can lead to a loss of life or
an aircraft
Source ICAO
Second
fundamental – • The scope for hazards in aviation is wide, and may be related to:
• Design factors, including equipment and task design.
Hazards • Procedures and operating practices, including
Identification documentation and checklists.
• Communications, including means, terminology and
language.
Source ICAO
Hazard • … for example:
identification - • Organizational factors, such as company policies for recruitment, training,
continued remuneration and allocation of resources.
• Work environment factors, such as ambient noise and vibration, temperature,
lighting and protective equipment and clothing.
Hazard • …for example:
identification - • Regulatory factors, including the applicability and
enforceability of regulations; certification of equipment,
continued personnel and procedures; and the adequacy of oversight.
• Defenses including detection and warning systems, and the
extent to which the equipment is resilient against errors and
failures.
• Human performance, including medical conditions and physical
limitations.
Sources of • Predictive
hazard • Reactive
identification • Internal
• Company voluntary reporting
system
• Audits and surveys
• External
• Accident reports
• State mandatory occurrence
system
Hazard • By whom?
• By anybody
identification • By designated personnel
• How?
• Through formal processes
• Depends on the organization
• When?
• Anytime
• Under specific conditions
Hazard • Specific conditions
identification • Unexplained increase in safety-related
events or infractions.
• Major operational changes are foreseen.
• Periods of significant organizational
change.
Third
fundamental – • Efficient and safe operations or provision of service require a
constant balance between production goals (eg: maintaining
Hazards regular airline operations during a runway construction project)
and safety goals (maintaining existing margins of safety in airline
Management operations during runway construction project).
• Aviation workplaces contain hazardous conditions which may not
be cost-effective to eliminate even when operations must continue.
Source ICAO
Third
fundamental – • At the intersection of protection and production
Hazards • The acronym ALARP is used to describe a safety risk
which has been reduced to a level that is as low as
Management reasonably practicable.
• In determining what is reasonably practicable
consideration is given to both the technical feasibility
and the cost of further reducing the safety risk.
• This includes a cost/benefit study.
Source ICAO
Hazard
Management • Direct costs
- continued • The obvious costs, which are easily determined. The high costs of exposure of
hazards can be reduced by insurance coverage.
• Purchasing insurance only transfers monetary risk
• Indirect costs
• The uninsured costs. An understanding of these uninsured costs (or indirect
costs) is fundamental to understanding the economics of safety.
Hazard • Usually they amount more than the direct
Management costs resulting from exposure to hazards:
Source ICAO
Fourth
fundamental – • The need for standardization: facilitating
tracking and analysis of hazards by
Hazards common:
• Definitions
Documentation • Understanding
• Validation
• Reporting
• Measurement
• Management
Source ICAO
Managing • What is it?
Risk • The identification, analysis and elimination, and/or mitigation to an
acceptable level of risks that threaten the capabilities of an
organization.
• What is the objective?
• Aims at a balanced allocation of resources to address all risks and
viable risk control and mitigation.
• Why is it important?
• A key component of safety management systems.
• Data-driven approach to safety resources allocation, thus defensible
and easier to explain.
Risk Value At some stage, organizational values and subjective judgments enter the
Judgements decision-making process and you have to consider:
1. The importance of the estimated risk
2. Associated social, environmental and economic considerations
3. The potential cost of acting vs. not acting
Risk Value A risk assessment team develops and documents an understanding of a hazard
and its risk. From that understanding, the team needs to go on to developing
Judgements mitigations for the hazard, and from that the team heads into the touchiest
part of Risk Management – the level of risk acceptance that will bear on the
hazard.
Of course we want to eliminate all risks and their hazards, but experience
teaches us that complete mitigation or control is not feasible or realistic. That
means that there always will be some level of acceptance that applies to risk.
Risk Value
Judgements This is the point when technical experts bring decision makers into the effort.
Sometimes decision makers are left out or they choose not to participate until the
time comes to make a decision.
However, it’s always better that decision makers participate in the Risk
Assessment process so that they have a good basis of knowledge.
Risk This is why it’s so important for the Risk Assessment group to thoroughly
document its research and conclusions. All of this needs to be explained to the
decision makers. Sometimes Risk Assessment conclusions must be explained
to the regulator, and sometimes even explained to the public.
For the Decision Maker(s) there are two questions that bear on their Risk
Management:
It’s possible that the decision maker may send the Assessment
Team back to do more work. Decision makers get to do that.
management unacceptable
at any level
As Tolerable region
If the risk can
Low be mitigated, it
As is acceptable.
Reasonably Cost benefit
Practicable analysis
required.
Acceptable
region The risk is acceptable
as it currently stands
Risk
Probability Definition(s)
• Probability – The chance that a situation of danger might
occur.
Risk
Questions for assessing the probability of an occurrence:
Probability • Is there a history of occurrences like the one being assessed, or
is the occurrence an isolated event?
• What other equipment, or similar type components, might have
similar defects?
• What number of operating or maintenance personnel must
follow the procedure (s) in question?
• How frequently is the equipment or procedure under
assessment used?
Risk Severity
or Impact Definition(s)
• Severity – The possible consequences of a situation of
danger, taking as reference the worst foreseeable situation.
Risk Severity
or Impact • … questions:
• What is the severity of the property or financial damage?
• Direct operator property loss
• Damage to aviation infrastructure
• Third party damage
• Financial impact and economic impact for the State
• Are there organizational, management or regulatory implications that
might generate larger threats to public safety?
• What are the likely political implications and/or media interest?
Risk
Factor • Multiplying the Probability Risk Rating by the Impact Risk
Rating provides the overall Risk Factor for that stage of the
analysis.
assessment
Identify the risk(s) and assess RISK ASSESSMENT
at a glance the chances of it (them) occurring? Probability
RISK ASSESSMENT
Evaluate the seriousness of the risk(s) occurring Severity
NO
YES Take action to reduce
Accept the risk(s) the risk(s) to an RISK CONTROL/MITIGATION
acceptable level
Definition - Mitigation:
IATA the measures taken to eradicate a hazard, or to reduce the
likelihood or severity of a risk
Controls:
The controls in place to ensure that the objective is met.
System Safety,
the circumstance that permit hazards of a like
Deficiency:
nature to exist
Risk Control /
Mitigation • Definition(s)
• Mitigation – Measures to eliminate the potential
hazard or to reduce the risk probability or severity.
• Risk mitigation = Risk control
Exposure I
M
P
A
C
T LOW
P R O B A B I L I T Y
Risk Exposure
Valuation The concept of ‘Risk-Exposure Valuation’ is based on the premise that any one Risk
Element can ultimately have an ‘Impact’, and its portion towards the total risk-
exposure value is a function of the probability of that Risk Element actually
occurring – based on the “weakest link in the chain concept”.
• The Value of the determined Risk Exposure may not necessarily be numerical.
• Also:
• The units of measurement need not be in dollar terms, for security it may be
appropriate to use the term eg ‘Points’
• Risk-Exposure Valuation may not be appropriate in all circumstances
• (eg Prob x Impact … 1x10-3 X $350M = $350,000)
Acceptable • Set by Regulators and reflects Social Acceptable v’s Achievable
Risk Expectations
• Constrained and Limited by Company’s Financial resources
• Limited by the Company’s ability to offset risk through a third party
- Parent, Insurance Co’s… etc
• Defined by the Company’s ‘Base-Line Level of Acceptable Risk’
Acceptable • Set by the Regulatory Bodies and Social Norms
Liability • Set by the ‘Corporate Mission Statement’
• Set by Internal / External Financial resources
• Set by the availability of ‘Offset liability financial Guarantors’ - Insurance
Companies, Governments etc
RISK MITIGATION Risk Management Cycle
RISK ASSESSMENT
Review meetings
Update Status
Hazard to Risk
Monitoring Identification
6 1
Facilitation
Implement
or
Actions Self Analysis
QUALITY
Resolution ASSSURANCE Analysis
& PROCESS 2
Actions 5
Probability
+
Develop Risk Impact
Mgt Plans
Mitigation / Evaluate
Contingency Prioritisation
Strategy 4 Risk Exposure 3
Mitigation or
Contingency An attempt to mitigate the identified Risk elements should always be
attempted. The ‘Analysis Team Members’ may use past and present
experience, knowledge and information to devise any means so as to
reduce the identified risk factor – both probability and impact.
Mitigation or
Contingency • The resulting ‘Risk Factor’ should have been reduced,?!?!…
• however if it has not been reduced to an acceptable level or value, then
• an appropriate contingency strategy would need to be implemented
• Follow company / project guidelines and /or protocols.
Mitigation
Priority Order • Attempt to Eliminate
• Attempt to Isolate (quarantine)
• Attempt to Minimise by Engineering means
• Attempt to Minimise by Administrative means… eg training, signage,
supervision
• Consider shedding to a third party
• Protect the individual, entity, project
• eg, PPE, Insurance, ….etc
•
Contingency • Pass on to a Higher level of Management
• Quantify the resultant risk exposure above the ‘acceptable level’
• Determine if Risk Shedding is available
• eg, Insurance, another Dept, Regulatory liability acceptance,
Government acceptance
• Advise the appropriate level of management of the resultant risk
exposure
• This type of Contingency Strategy is generally actioned by high
level Management, and, may only offer Legal liability relief
and/or financial relief. - ie the the exposure to that ‘risk element’
is still present
Acceptable
level of Implementation
safety The concept of acceptable level of safety is
expressed in practical terms by two measures or
metrics:
safety performance indicators
safety performance targets
It is delivered through various tools and means:
safety requirements.
Acceptable
level of Safety performance indicators
Established objectives of a State’s safety programme, or
safety an operator/services provider SMS.
Linked to major components of a State’s safety
programme, or an operator/services provider SMS.
Expressed in numerical terms.
Example – No more than 0.8 Cat A and B (most
serious) runway incursions per million operations
through 2019.
Acceptable
level of The safety requirements should be satisfied in terms of operational
safety safety.
Most frequently, within each State, different acceptable levels of
safety will be separately agreed between the oversight authority
and individual operators/services providers.
Each agreed acceptable level of safety should be
commensurate to the:
complexity of individual operator/services provider specific
operational context
availability of operator/services provider resources to address
them.
Acceptable levels of safety performance – SMS
Safety 1. Training course for drivers/installation of specific signage
Requirement 2. Thrice-daily walk-in ramp inspection programme
3. …
Safety performance Target 1. Maintaning no more than 20 events of unauthorized vehicles on the
taxiways per 10,000 operations
2. By January 2009 reduce to 8 FOD events on the apron per 10,000
operation
3. ...
Safety Performance 1.20 events of unauthorized vehicles on the taxiways per 10,000
Indicator operations
2. 15 FOD events on the apron per 10,000 operation
3. …
Service Provider Will comply all applicable national and international standards
Acceptable levels of safety performance – SSP
Safety performance Target 1. By 2010 reduce runway incursions to 0.5 per 100,000 operations
2. By 2009 reduce in-flight loss of control events due to ice accumulation
to 2 per 1,000 operations
3. ...
Safety Performance 1. 0.8 runway incursions per 100,000 operations
Indicator 2. 4 in-flight loss of control events due to ice accumulation per 1,000
operation
3. …
State Will comply all applicable international standard
Gap
• An analysis of safety arrangements existing within the
analysis organization