Professional Documents
Culture Documents
Management System
MODULE TITLE / NUMBER
LEARNING OBJECTIVE
C.O 1 - Apply the Basic Safety Concepts
C.O 2 - Analyze and asses safety risks to mitigate it to
an acceptable level.
C.O 3 - Distinguish the understanding of flight hazards
C.O 4 – Analyze the approach and procedures in SMS
Implementation.
COURSE CONTENT
Module N° 1 – SMS
course introduction
WHY? HOW?
The evolution of safety thinking
TECHNICAL FACTORS
HUMAN FACTORS
TODAY
ORGANIZATIONAL FACTORS
ORGANIZATION
organizational violations
processes
Workplace Latent
conditions conditions
Technology
Training
Active
failures
Regulations Defences
Workforce stability
Workplace Qualifications and Latent
conditions experience conditions
Morale
Credibility
Active Ergonomics Defences
failures ...
Workplace Latent
conditions conditions
Errors
Active
Violations Defences
failures
Organizational processes
Improve Identify
Monitor
Workplace Latent
conditions conditions
Reinforce
Contain
Active
Defences
failures
People and safety
• Aviation workplaces
involve complex
interrelationships among
its many components
• To understand
operational performance,
we must understand how
it may be affected by the
interrelationships among
the various components
of the aviation work
places Source: Dedale
• A conceptual framework proposed in ICAO Circular 216-AN31.
ICAO SHELL Model • The concept was first developed by Edwards in 1972, with a
modified diagram to illustrate the model developed by
Hawkins in 1975 – Human Factors.
• Software - the rules, procedures, written documents etc.,
which are part of the standard operating procedures.
• Hardware - the Air Traffic Control suites, their configuration,
controls and surfaces, displays and functional systems.
• Environment - the situation in which the L-H-S system must
function, the social and economic climate as well as the
natural environment.
• Liveware - the human beings - the controller with other
controllers, flight crews, engineers and maintenance
personnel, management and administration people - within in
the system.
S
H L L
15
Source: Dedale
Processes and outcomes
Causes and
consequences
of operational
errors are not
linear in their
magnitude
Source: Dedale
Operational performance and technology
• In production-intensive
industries like
contemporary aviation,
technology is essential
• As a result of the massive
introduction of technology,
the operational
consequences of the
interactions between
people and technology are
often overlooked, leading
to human error
SHELL MODEL
• Liveware – Hardware (L-H)
• Relationship between the human vs. the physical attributes of equipment,
machines and facilities.
• With reference to human performance in the context of aviation operations,
there is natural human tendency to adapt to L-H mismatches.
SHELL MODEL
• Liveware – Software (L-S)
• Relationship between the human and the supporting systems found in the
workplace.
• Regulations
• Manuals
• Checklists
• SOPs
• Computer Software
SHELL MODEL
• Liveware – Liveware (L-L)
• Communication and interpersonal skills, as well as group dynamics play a role
in determining human performance.
• Relationships among people in the work environment, especially those who
function in groups.
• Flight crews
• Air traffic controllers
• Other operational personnel
SHELL MODEL
• Liveware – Environment (L-E)
• Relationship between the human and both the internal and external
environments.
• The aviation work environment includes disturbances to normal biological
rhythms and sleep patterns.
• Additional environmental aspects maybe related to organizational attributes
that may affect decision making process and create pressure to develop
“workarounds”
SHELL MODEL: A Summary
• An error is unintentional.
Professor of Psychology
University of Manchester (1962)
Swiss Cheese Model
Illustrates that, although many layers of defenses lie between
hazards and accidents, there are flaws in each layer that, if
aligned, can allow the accident to occur.
Accident investigation – Once in a million flights
Unh Inci
Fla
ps o
Che
ckl i eed acc dent /
mitt s t fa ed iden
ed ilure w arn t
ing
ology Accident
High hn
Tec aining ns
Tr
ulatio
Incident
Reg
System’s
production
objective(s)
Violation space
Low
Safety space
Minimum System output Maximum
Culture
• Culture binds people together as members of groups
and provides clues as to how to behave in both normal
and unusual situations
Organizational
National
Professional
Three distinct cultures
• National culture encompasses the value system of
particular nations
• Organizational/corporate culture differentiates the
values and behaviours of particular organizations (e.g.
government vs. private organizations)
• Professional culture differentiates the values and
behaviours of particular professional groups (e.g.
pilots, air traffic controllers, maintenance engineers,
aerodrome staff, etc.)
• No human endeavour is culture-free
Organizational/corporate culture
• Sets the boundaries for acceptable behaviour in the
workplace by establishing norms and limits
• Provides a frame work for managerial and employee
decision-making
• “This is how we do things here, and how we talk about the
way we do things here”
• Organizational/corporate culture shapes – among
many others – safety reporting procedures and
practices by operational personnel
COMMITMENT
TRAINING AWARENESS
SAFETY CULTURE
LEARNING AND
RESPONSIBILITY
REPORTING
COMMUNICATION
AND TRUST
SAFETY CULTURE
• Encompasses the commonly held perceptions and beliefs of an
organization’s members pertaining to the public’s safety;
• Can be a determinant of the behavior of the members.
• A healthy safety culture relies on a high degree of trust and respect
between personnel and management and therefore must be created
and supported at the senior management level.
HEALTHY SAFETY CULTURE
• Actively seeks improvements,
• Vigilantly remains aware of hazard and
• Utilizes systems and tools for continuous monitoring, analysis and
investigation.
• It must exist in:
• State aviation organizations, and
• Service provider organizations.
HEALTHY SAFETY CULTURE
Organizational
Safety
Culture
Professional
Safety culture
• A trendy notion with potential for misperceptions
and misunderstandings
• A construct, an abstraction
• It is the consequence of a series of organizational
processes (i.e., an outcome)
• Safety culture is not an end in itself, but a means to
achieve an essential safety management
prerequisite:
• Effective safety reporting
Safety Culture
• Safety culture is not an end in itself but a means to achieve an
essential safety management prerequisite:
Workplace Latent
conditions conditions
Active
Defences
failures
Slide number: 16
Points to remember
1. The organizational accident.
Module N° 3 – Introduction
to safety management
Management levels
Resources Resources
Protection Production
The management dilemma
Man
age
m en
t lev
els
Resources
Protection
Production
Catastrophe
The management dilemma
vels
nt le
me
n age
Ma
Resources
Production
Protection
Bankruptcy
Safety space
Financial
management ?
Bankruptcy
ce
Protection
spa
ety
Saf
Catastrophe
Safety
Production
management
The evolution of safety thinking
TECHNICAL FACTORS
HUMAN FACTORS
TODAY
ORGANIZATIONAL FACTORS
1–5 Accidents
Latent conditions
1000 – 4000
The focus of hazard identification
Hazard identification is a wasted effort
if restricted to the aftermath of rare
occurrences where there is serious
Accidents injury, or significant damage.
1–5
“Practical drift”
Reg Tech
Serious incidents ulaTtrai nol
ionnisng ogy
30 – 100
Incidents
100 – 1000
Latent conditions
1000 – 4000 “Practical drift”
SMS
Reactive safety management
• Investigation of accidents and serious incidents
• Based upon the notion of waiting until something breaks to
fix it.
• Most appropriate for:
• situations involving failures in technology.
• unusual events.
• The contribution of reactive approaches to safety
management depends on the extent to which the
investigation goes beyond the triggering cause(s), and
includes contributory factors and findings as to risks.
Proactive safety management
• Mandatory and voluntary reporting systems, safety
audits and surveys.
• Based upon the notion that system failures can be
minimized by:
• identifying safety risks within the system before it fails; and
• taking the necessary actions to reduce such safety risks.
Predictive safety management
• Confidential reporting systems, flight data analysis,
normal operations monitoring.
• Based upon the notion that safety management is best
accomplished by looking for trouble, not waiting for it.
• Aggressively seek information from a variety of sources
which may be indicative of emerging safety risks.
Navigating the drift
Baseline performance
Op “Practical drift”
er a
tion
al p
e r fo
r ma
nce Organization
Navigational aids
Baseline performanceigh
H id dle Low
M
OpPredictive “Practical drift”
Hazards
era Proactive Reactive Reactive
tion
al p
er form
FDA/FDM an Organization
ce ASR/ASRS ASR/ASRS Accident
Direct Surveys MOR and incident
observation Audits reports
system
Highly efficient Very efficient Efficient Insufficient
Desirable management
levels
SAFETY DATA COLLECTION AND
ANALYSIS
Safety Data: Collection and quality
• Validity – Data collected are acceptable as per established criteria for their
intended use.
• Completeness – No relevant data are missing.
• Consistency – The extent to which measurement of a given parameter is
consistent can be reproduced and avoids error.
• Accessibility – Data readily available for analysis.
• Timeliness – Data are relevant to the time period of interest and available
promptly.
• Security – Data are protected from inadvertent or malicious alteration.
• Accuracy – data are error free.
Safety Database
• Safety database may include the following data or information (safety
data collection to support data analysis)
• Accident investigation data
• Mandatory incident investigation data
• Voluntary reporting data
• Continuing airworthiness reporting data
• Safety risk assessment data
• Data from audit findings/reports
• Data from safety studies/reviews and
• Safety data from other states, regional safety oversight organizations. Or
regional accident and incident investigation org.
Safety Data Analysis
• After collecting safety data through various sources, organizations
should then perform the necessary analysis to identify hazards and
control their potential consequences.
• Safety data analysis may be used to :
• Assist in deciding what additional facts are needed;
• Ascertain latent factors underlying safety deficiencies;
• Assist in reaching valid conclusions; and
• Monitor and measure safety trends or performance
Analytical Methods and tools
• Statistical Analysis – method used to assess the significance of
perceived safety trends often depicted in graphical representations of
analysis results.
• Trend Analysis – predictions may be made about future events by
monitoring trends in safety data.
• Normative comparisons – sampling of real world experience under
similar operating conditions.
Types of Analysis
• Descriptive Analysis – What is happening?
• Inferential Analysis – What is the possible explanation
for what is happening right now?
• Predictive Analysis – How can future decisions be
made based upon what is happening now?
Analytical Methods and Tools
• Simulation and testing – Hazards may become evident through
simulation as well as lab testing to validate safety implications of
existing new types of operations, equipment, and procedures
• Expert Panel – The views of peers and specialists can be useful in
evaluating the diverse the diverse nature of hazards.
• Cost benefit analysis – the acceptance of recommended control
measures may be dependent on credible cost benefit analysis.
Safety Management Strategies –
A Summary
• Reactive method – Responds to the events that already happened,
such as incidents and accidents.
• Proactive – Looks actively for the identification of safety risks through
the analysis of the organization’s activities
• Predictive – Captures system performance as it happens in real time
normal operations.
The imperative of change
• As global aviation activity and complexity continues to
grow, traditional methods for managing safety risks to
an acceptable level become less effective and
efficient.
Identify
hazards
Re-evaluate Collect
additional Assess
control hazard risks
strategies data
Approve Develop
Assign control elimination/
responsibilities mitigation
strategies strategies
Question and answers
Introduction to safety management
Questions and answers
• Q: Explain the management dilemma regarding
safety management.
• A:
Management levels
Resources Resources
Protection Production
Safety Management Systems (SMS) Course
Module N° 4 – Hazards
• Types of hazards
• Natural
• Technical
• Economic
Natural Hazards (examples)
• Severe weather or climatic events.
• Adverse weather conditions.
• Geophysical events.
• Geographical conditions.
• Environmental events.
• Public health events.
Technical Hazards (examples)
• Deficiencies regarding:
• Aircraft components and systems.
• An organization’s facilities, tools and equipment.
Economic Hazard (example)
• Growth
• Recession
• Major operational
changes are foreseen.
• Periods of significant
organizational change.
Hazard Identification and Prioritization
• Hazards exists at all levels in the organization and are detectable
through the use of reporting systems, inspections or audits.
• Mishaps may occur when hazards interact with certain triggering
factors.
• As a result, hazards should be identified before they lead to
accidents, incidents or other safety – related occurrences.
Hazard Identification and Prioritization
• Hazards can also be identified from the review or study of
investigation reports, especially those hazards which are deemed to
be indirect contributing factors and which may not have been
adequately addressed by corrective action resulting from the
investigation process.
Hazard Identification Methodologies
• Reactive – An analysis of past outcomes or events.
• Hazards are identified through investigation of safety occurrences.
• Incident and accidents are clear indicators of system deficiencies and
therefore can be used to determine the hazards that either contributed to
the event or are latent.
Hazard Identification Methodologies
• Proactive – Actively seeking hazards in the existing process.
• Involves analysis of existing or real time situations which is the primary job
of the safety assurance function with its audits, evaluations, employee
reporting, and associated analysis of assessment processes.
Hazard Identification Methodologies
• Predictive – It involves data gathering in order to identify possible
negative future outcomes or events, analyzing system processes and
the environment to identify potential future hazards and initiating
mitigating actions.
Third fundamental – Hazard analysis
ABC of hazard analysis
AB
State the generic
hazard Identify specific
(Hazard statement) components of the Naturally leading to
C
hazard specific
Airport construction Construction
consequence(s)
equipment Aircraft colliding
Closed taxiways with construction
… equipment
Aircraft taking wrong
taxiway
…
Third fundamental – Hazard analysis
• Efficient and safe operations or provision of service
require a constant balance between production
goals...
• maintaining regular aerodrome operations during a runway
construction project
• ...and safety goals
• maintaining existing margins of safety in aerodrome
operations during runway construction project.
• Aviation workplaces may contain hazards which may
not be cost-effective to address even when operations
must continue.
Fourth fundamental – Documentation of hazards
• Appropriate
documentation
management is
important as:
• It is a formal procedure to
translate operational
safety data into hazard-
related information.
• It becomes the “safety
library” of an
organization.
Fourth fundamental – Documentation of hazards
• Tracking and analysis of
hazards is facilitated by
standardizing:
• Definitions
• Understanding
• Validation
• Reporting
• Measurement
• Management
Fourth fundamental – Documentation of hazards
Proactive method
• ASR
Develop control
and mitigation
Implement
strategies
“Safety Safety bulletins
• Surveys
• Audits
strategies
library”
Hazards
Report
Predictive method distribution
• FDA Inform person(s) Re-evaluate
• Direct responsible for strategies
observation implementing and Seminars and
strategies processes workshops
systems
Feedback
Hazards
Module N° 5 – Risks
• What is it?
• The identification, analysis and elimination, and/or
mitigation to an acceptable level of risks that threaten the
capabilities of an organization.
• What is the objective?
• Aims at a balanced allocation of resources to address all
risks and viable risk control and mitigation.
• Why is it important?
• A key component of safety management systems.
• Data-driven approach to safety resources allocation, thus
defensible and easier to explain.
Risk management
The risk is
Intolerable region
unacceptable
at any level
As The risk is
ORGANIZATION
acceptable
Low based on
As Tolerable region mitigation.
Cost benefit
Reasonably analysis
Practicable is required.
Acceptable
region The risk is
acceptable as it
currently stands
Second fundamental – Risk probability
• Definition
• Probability – The likelihood that an unsafe event or condition might
occur
Extremely
improbable Almost inconceivable that the event will occur 1
Third fundamental – Risk severity
• Definition
• Severity – The possible effects of an unsafe event or
condition, taking as reference the worst foreseeable
situation
• Safety Risk Severity – is defined as the extent of harm that
might reasonable occur as a consequence or outcome of
the identified hazard.
Third fundamental – Risk severity
• Damage
Third fundamental – Risk severity
• Define the severity in Questions for assessing the severity of an
terms of effects for: occurrence:
• Strategies
• Avoidance – The operation or activity is cancelled because
risks exceed the benefits of continuing the operation or
activity
• Operations into an aerodrome surrounded by complex geography and
without the necessary aids are cancelled
Fifth fundamental – Risk control/mitigation
• Strategies
• Reduction –The operation or activity is subject to
limitations, or action is taken to reduce the magnitude of
the consequences of the accepted risks
• Operations into an aerodrome surrounded by complex geography
and without the necessary aids are limited to day-time, visual
conditions
Fifth fundamental – Risk control/mitigation
• Strategies
• Segregation of exposure – Action is taken to isolate the
effects of the consequences of the hazard or build-in
redundancy to protect against it
• Non RVSM equipped aircraft not allowed to operate into RVSM
airspace
• Operations into an aerodrome surrounded by complex geography
are limited to aircraft with specific/performance navigation
capabilities
Safety risk management at a glance
Hazard
Equipment, procedures, organization, etc.
identification
• Training
• Regulations
Risk mitigation – Defences
• As part of the risk mitigation, determine:
• Do defences to protect against such risk (s) exist?
• Do defences function as intended?
• Are the defences practical for use under actual working
conditions?
• Is staff involved aware of the risks and the defences in
place?
• Are additional risk mitigation measures required?
As a reminder
• There is no such thing as absolute safety – In aviation it is
not possible to eliminate all risks
• Risks can be managed to a level “acceptable level of risk”
(ALOR)
• Risk mitigation must be balanced against:
• time
• cost
• S/C/E (safety/comfort/economy)
• Effective risk management seeks to maximize the benefits
of accepting a risk (a reduction in time and cost) while
minimizing the risk itself
• Communicate the rationale for risk decisions to gain
acceptance by stakeholders affected by them
Hazards and risks – Closing the loop
• Hazard – Condition or object with the potential of causing
injuries to personnel, damage to equipment or structures, loss of
material, or reduction of ability to perform a prescribed function
• Consequence – Potential outcome(s) of the hazard
• Risk – The assessment, expressed in terms of predicted
probability and severity, of the consequence(s) of a hazard
taking as reference the worst foreseeable situation
• A wind of 15 knots blowing directly across the runway is a
hazard
• A pilot may not be able to control the aircraft during takeoff
or landing is one of the consequences of the hazard
• The assessment of the consequences of the potential loss of
control of the aircraft by the pilot expressed in terms of
probability and severity is the risk
Safety Management Systems (SMS) Course
Module N° 6 – SMS
Regulation
exchange
Safety promotion
Basic safety management SARPs
• The acceptable level of safety (ALoS) to be achieved
shall be established by the State
• When establishing ALoS, consideration must be given
to
• The level of safety risk that applies
• The safety risk tolerance
• The cost/benefits of improvements to the aviation system
• The public expectations in civil aviation system
Safety indicators and safety targets
• Safety indicators
• Fatal airline accidents/serious incidents
• Runway excursion events/ground collision events
• Development/absence of primary aviation legislation
• Development/absence of operating regulations
• Level of regulatory compliance
• …
• Safety targets
• Reduction in fatal airline accident/serious incidents
• Reduction in runway excursion events/ground collision
events
• Number of inspections completed quarterly
•…
Delivering ALoS – Safety action plans
• Tools and means to deliver the safety targets of an
SSP:
• Operational procedures
• Technology
• Systems
• Training programmes
Basic safety management SARPs – Part II
• States shall require, as part of their State safety
programme (SSP), that a [service provider] implements
a safety management system (SMS) acceptable to the
State that, as a minimum:
a) identifies safety hazards;
b) ensures that remedial action necessary to maintain safety
performance is implemented;
c) provides for continuous monitoring and regular
assessment of the safety performance; and
d) aims at a continuous improvement of the overall
performance of the SMS.
Service providers
• Approved training organizations that are exposed to
safety risks during the provision of their services
• Aircraft operators
• Approved maintenance organizations
• Organizations responsible for design and/or
manufacture of aircraft
• Air traffic services providers
• Certified aerodromes
Service
State
Safety
providers
ALoS performance
SSP SMS
What is an SMS?
• A systematic approach to
managing safety, including the
necessary organizational
structures, accountabilities,
policies and procedures
• Service providers are
responsible for establishing an
SMS
• States are responsible, under
the SSP, for the acceptance
and oversight of
organizations’ SMS
Safety performance of services provider’s SMS
• Expresses the safety objectives of a service provider.
• Provides measurable reference for measuring the
safety performance of an SMS
• Within each State, the safety performance of each
SMS will separately be agreed between the State
oversight authority and individual aviation
organizations
• Agreed safety performance should be appropriate to
the:
• complexity of individual service provider specific
operational context; and
• availability of service provider resources to address them
Safety performance of an SMS
• The safety performance of an SMS represents safety
performance measurement exclusively
• The safety performance of an SMS is expressed in
practical terms by two measures or metrics:
• Safety performance indicators
• Safety performance targets
• It is delivered through various tools and means:
• Safety requirements
Safety performance of an SMS
• Safety performance indicators
• Short-term, tactical, measurable objectives reflecting the
safety performance of an SMS
• They include safety performance measurement exclusively
• Expressed in numerical terms
• Safety performance targets
• Long-term, strategic, measurable objectives reflecting the
safety performance of an SMS
• They include safety performance measurement exclusively.
• Expressed in numerical terms
Safety performance of an SMS
1. Maintain no more than 20 events of unauthorized vehicles on the taxiways per
Safety 10,000 operations.
performance
2. By January 2010 reduce to 8 FOD events on the apron per 10,000 operations.
targets
3. …
Service
Will comply all applicable national and international standards.
provider
Basic safety management SARPs – Part III
• A safety management system (SMS) shall clearly define
lines of safety accountability throughout a service
provider organization, including a direct
accountability for safety on the part of senior
management
level of safety.
• All aviation stakeholders have
a role to play in SMS.
Identifying aviation system stakeholders
• Aviation professionals
• Aircraft owners and operators
• Manufacturers
• Aviation regulatory authorities
• Industry trade associations
• Regional air traffic service providers
• Professional associations and federations
• International aviation organizations
• Investigative agencies
• The flying public
Identifying aviation system stakeholders
• Why is it important to
identify aviation system
stakeholders?
• To ensure that Aviation system
stakeholders inputs and stakeholders
knowledge relevant to
safety risk(s) decisions are
taken into consideration
before the decisions are
taken
SMS features
• Systematic – Safety management activities are in
accordance with a pre-determined plan, and applied in
a consistent manner throughout the organization
• Proactive – An approach that emphasizes hazard
identification and risk control and mitigation, before
events that affect safety occur
• Explicit – All safety management activities are
documented and visible
First fundamental – System description
• System description
• Most hazards are generated by operational interactions
among different system components.
Module N° 8 – SMS
planning
Operations Maintenance
safety officer safety officer
Safety Action
Safety Services
Group(s)
(SAG) Office
Conclusion
• The successful management of safety is a functional
responsibility that requires the participation of all
operational personnel and the supervision of the
organization (Systematic)
Safety performance
Hazard identification monitoring and Specific
measurement information
Safety Mgt. of
risks change Assessment
4. Safety communication
Safety Management Systems (SMS) Course
2. Identify the person (or planning group) within the Element 1.3
organization responsible for implementing the SMS (Module 8)
Element 4.1
2. Training relevant to proactive and predictive processes (Module 9)
Element 4.1
3. Training relevant to operational safety assurance (Module 9)
THE END
ICAO Safety Management Systems (SMS) Course 05/31/18
THANK YOU FOR
LISTENING!
PREPARED BY:
Asst. Prof. Darlyn Flores
djflores@aliac.edu.ph