GOVERNMENT OF INDIA

OFFICE OF THE DIRECTOR GENERAL OF CIVIL AVIATION

Opp. Safdarjung Airport, New Delhi – 110 003

SSP Division Circular No.1 of 2012

File No.:DGCA-15032(03)/1/2020-DAS
Dated 26.10.2012
Rev.2 Dated 29.09.2020

Subject: Safety Risk Management (SRM) Documentation

CAR Section 1 Series C Part I requires scheduled or non-scheduled operator, general aviation
operator operating large or turbojet aeroplanes, aerodrome operators, ATS provider,
maintenance organisations, flying training organisations, organisations engaged in type design
and manufacture of aircraft, engines or propellers, to develop, establish and implement
effective Safety Management System in their respective organisations.

Safety Risk Management (SRM) is a key component of safety management and includes hazard
identification, safety risk assessment, safety risk mitigation and risk acceptance. SRM is a
continuous activity because the aviation system is constantly changing, new hazards can be
introduced and some hazards and associated safety risks may change over time. In addition,
the effectiveness of implemented safety risk mitigation strategies must be monitored to
determine if further action is required.

Hazard identification is the first step in the SRM process followed by a safety risk assessment
& mitigation. This requires a clear understanding of hazards and their related consequences.

All the activities of Safety Risk Management should be documented, along with its probability
and severity assessment, and any safety risk mitigation actions taken.

Maintaining the data of identified hazards in a specified format minimizes the likelihood that
the organization will lose sight of its known hazards. Safety risk decision-making tools and
processes can be used to improve the repeatability and justification of decisions taken by
organizational safety decision makers/authority to make safety risk tolerability decisions.

The SRM outputs should be documented. This documentation should include the identified
hazard and any consequences, the safety risk assessment, any safety risk control actions taken
and tracking. This SRM documentation becomes a historical source of organizational safety
knowledge which can be used as reference when making safety decisions, justification of the
decisions taken and for safety information exchange. This safety knowledge provides material
for safety trend analyses and safety training and communication. It is also useful for internal
audits to assess whether safety risk controls and actions have been implemented and are
effective.

This excel spreadsheet is a template
for the production of a hazard register
‐ also known as a risk register.
What does this risk register do?
Scroll down
DGCA Template for Hazard Register
The aim is to identify the high level risks the
organisation faces, to assess them, identify
mitigations, and put in place actions to assure the
risk control is implemented.
Appendix “A”
Detailed hazard register will not be
approved by the DGCA, and remain the
responsibility of the individual
operator.

The template laid out in this Excel file is intended to assist organisations in preparing a hazard register. It contains guidance on the areas
to be completed, along with a suggested hazard tolerability scheme. The hazard register is a critical part of the "safety library" of
an organisation.
What is a Hazard Register?
Definition 1 Definition 2 Definition 3
"Unawareness and unwillingness can be overcome “The continually updated record of "Organisations should wherever possible
only through knowledge. The formal the Hazards, incident sequences and maintain a centralised register of all
documentation of hazards is therefore an essential incident / accidents associated with a identified hazards. The nature and format
requirement for hazard identification as well as a system. It includes information of such a register may vary from a
trait of mature safety management. Safety documenting risk management for simple list of hazards to a more
information (i.e. analysed raw data) and safety each Hazard and accident (incident). sophisticated relational database linking
intelligence (i.e. safety information that has been These Hazards, incident sequences hazards to mitigations, responsibilities
corroborated and further analysed by adding and accidents/incidents are those and actions (as part of an integrated
context) combine to generate safety knowledge which could conceivably happen, safety risk management process)."
that must formerly recite in the organisation, not and not only the ones which have
in the hats of individual members of the already been experienced.”
organization." Source: EASA European Strategic Safety
Initiative ‐ Guidance on Hazards
Source: ICAO Doc 9859 section 4.6.2, Ed.2 Source: Def Stan 00‐56 Issue 4 Identification
What does the DGCA template contain and why?
ID Unique Hazard ID number assigned by organisations ‐ this allows traceability of the hazard
(particularly if discovered via multiple sources)
Originator Name of organisation (as used by DGCA)
Source Method from which hazard was identified. Examples could include accident/incident investigations, safety
audits, proactive methods etc.
Location If applicable, the location of the hazard (identified by its ICAO designator if relevant)
Functional area The area (or function) of the operation within which the hazard resides
Hazard description A short description of the hazard. For guidance on hazard types, see sheet 5 of this file which gives
a non‐comprehensive list
Resultant risk of Document all the risk arising from the hazard.
hazard
Worst credible effect A short description of the worst credible effect of the hazard (what risk could the hazard potentially lead to?)
and reason and the reasons for the hazard leading to this risk
Existing controls Identification of the existing mitigations (or controls) which prevent the hazard leading to the end
effect
Outcome pre‐ An analysis of the risk, in terms of probability, severity and safety risk description (Intolerable,
mitigation tolerable or acceptable)
Additional risk If the risk is found to not be acceptable (or acceptable with additional mitigations), additional controls
controls will be shown here
Outcome post‐ Following the implementation of additional controls, the new outcome (risk) is analysed for
mitigation acceptability
Action Specific actions are identified to implement any new risk controls or stop the activity
Owner Specific action owners are identified for each action ‐ the responsibility for implementation of the
risk control lies with them
Deadline A deadline for the action should be fixed. It is not enough to identify risk controls and leave them to
be implemented in five years' time
Review period A review period should be specified, upon which the effectiveness of the new controls should be
assessed. Are they effective, or are new risk controls necessary?
 Safety Risk Tolerability
In assessing the tolerability of various hazards, organisation must examine all the resultant risk and determine the worst
credible effect (risk) associated with the hazard. Guidance on this can be found in ICAO Doc 9859 (Safety Management
Manual). The characterisation of the worst credible effect is carried out using the variables of severity and probability.
The process of bringing the safety risks of the consequences of hazards under organizational control starts by assessing:

 Safety Risk Probability:

Safety risk probability is the likelihood that a safety consequence or outcome will occur. It is important to envisage
a variety of scenarios so that all potential consequences can be considered.

 Safety Risk Severity:

The second step in the process is to assess the severity, taking into account the potential consequences related to
the hazard. Safety risk severity is defined as the extent of harm that might reasonably be expected to occur as a
consequence or outcome of the identified hazard. The severity assessment should consider all possible
consequences related to a hazard, taking into account the worst foreseeable situation.

 Once the safety risk index of the consequences of an identified Hazard has been assessed by combing the results
of probability and severity, the third step in the process of bringing the safety risk index of the consequences of
the unsafe event or condition under organizational control by putting an addition mitigation controls.

For determining the safety risk index, the safety risk matrix is given in Table 1. The safety risk index range as given in
this risk matrix should be used by all the applicable service providers. The risk matrix and the specific scale used can
be individual to each organisation depending upon the scope of operation and complexity of each organisation:

Table 1: Safety Risk Matrix

Safety Risk Severity

Catastrophic Hazardous Major Minor Negligible
Probability E
A B C D

Frequent 5 5A 5B 5C 5D 5E

Occasional 4 4A 4B 4C 4D 4E

Remote 3 3A 3B 3C 3D 3E

Improbable 2 2A 2B 2C 2D 2E
Extremely Improbable 1
1A 1B 1C 1D 1E

Safety Risk Index Range Safety Risk Recommended Action

5A, 5B, 5C, 4A, 4B, 3A
5D, 5E, 4C, 4D, 4E, 3B, 3C, 3D,
2A, 2B, 2C, 1A
3E, 2D, 2E, 1B, 1C, 1D, 1E
Description
INTOLERABLE Take immediate action to mitigate the risk or stop the activity.
Perform priority safety risk mitigation to ensure additional or
enhanced preventative controls are in place to bring down the
safety risk index to tolerable.
TOLERABLE Can be tolerated based on the safety risk mitigation. It may
require management decision to accept the risk.
ACCEPTABLE Acceptable as is. No further safety risk mitigation required.

Note─ In determining the safety risk tolerability, the quality and reliability of the data used for the hazard
identification and safety risk probability should be taken into consideration
 Sources of hazard data

The following non‐exhaustive list shows the potential sources for hazard data. A reminder: a hazard is an
event with the potential to cause risk (harm).

 Accident / incident investigations

 Flight Operations Quality Assurance (FOQA) ‐ also known as Flight Data Monitoring (FDM)
 Cockpit Voice Recorders (CVR)
 Internal safety audits
 Flight reports (flight crew, cabin crew) ‐ including operational reports, hazard reports, incident
reports etc.
 Maintenance reports
 Hazard workshops (proactive brainstorming)
 DGCA regulatory audits and surveillance activities
 Mandatory Safety Reports
 Voluntary Safety Reporting Systems (anonymous)
 Safety surveys
 Line Operations Safety Audits (LOSA)
 Change risk assessments (for operational changes)
 Other organisations' hazard register
 Quality audits
 Manufacturers reports
 Safety Information Exchange programmes
 CAR‐145 audits (if applicable)
 Fatigue risk management system.
 Special air-reports
 Reliability programme reports.
 Service difficulty reports
 In-service occurrence reports
 Unapproved parts reports
 Unauthorized laser interference report.
 Remotely piloted aircraft system report
 Aerodrome safety report
 Data of communication error reports
 Example hazards ‐ by type and per organisation
This spreadsheet gives some initial examples of hazards. It is in no way exhaustive.

Fatigue Malfunction of systems

Defect control
Runway incursion systems
Standard Operating
Operational tools and techniques

low visibility etc) Unclear responsibilities

Re‐organisation

cost of fuel) decisions

Aircraft Operators (SOP and NSOP) ANSPs

•Fatigue •Incorrect clearance given

•Wrong call‐sign

Airport Operators

•Use of non‐certified parts

•Improper tools used