SMS Course

Module N° 01
SMS Course Introduction

Safety Management System
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
Module 5 Module 6 Module 7

Hazards Risks SMS planning
Module 1 Module 2 Module 3 Introduction Module 4

to safety Obligations & Responsibilities
SMS course introduction Basic safety concepts management Regulatory Requirements
Module N° 02
BASIC SAFETY CONCEPTS
Module 9
Module 8
SMS Operation
implementation


Objective
• At the end of this module, participants will be able to explain
the strengths and weaknesses of traditional methods to
manage safety, and describe new perspectives and methods
for managing safety
Outline
• Concept of safety
• The evolution of safety thinking
• A concept of accident causation – Reason model
• The organizational accident
• People, context and safety – SHEL(L) model
• Errors and violations
• Organizational culture
• Safety investigation
• Points to remember
Concept of safety
• What is safety?
– Zero accidents or serious incidents (a view widely held by
the travelling public)
– Freedom from hazards (i.e. those factors which cause or
are likely to cause harm)
– Attitudes towards unsafe acts and conditions by
employees of aviation organizations
– Error avoidance
– Regulatory compliance
– …?
Concept of safety
• Consider (the weaknesses in the notion of perfection)
– The elimination of accidents (and serious incidents) is
unachievable
– Failures will occur, in spite of the most accomplished
prevention efforts
– No human activity or human-made system can be
guaranteed to be absolutely free from hazard and
operational errors
– Controlled risk and controlled error are acceptable in
an inherently safe system
Definition of safety ( ICAO Doc 9859)
• Safety is the state in which risks associated with aviation
activities ,related to or in direct support of the operation of the
aircraft ,are reduced and controlled to an acceptable level .

Elements Of Safety
A State –Not a condition, but a state which can disappear at any time .
In Which the risk is reduced-Reduction an going and continual objective .
Sometimes said , below an acceptable level .
Through a continual process of Hazard Identification and Risk Management
The process is continual and on going.
Hazard Identification and Risk Management are core competencies of any SMS system .
Safety Redefined
Safety is more – it is Multi Dimensional
More than the absence of accidents or incidents
More than freedom from danger or risk
More than the degree to which risks inherent in aviation are “acceptable”
More than the process of “hazard identification and risk management” .
More than active and pro-active safety program .
Safety is more than all of these also

Safety is
An Attitude
What we digest inwardly we exhibit instinctively outward

• Aviation safety is the sum of all the parts of the industry – not only
what happens in the air but what happens on the ground, on the
ramp, in the hanger, in training facilities……
• Accident does not happen due to one Error/Violation, however it is a

combination of all parts of operations such as Eng, Flt Ops, Grd Ops,
Security, Cargo etc.
Accidents Impact
Any accident will have a strong impact on reputations .

Aviation accidents always get large media coverage .
 Operators and local authorities in front line .
 Possible impact on other activities (tourism, operators,..) .
 Lasting effects (several years) .
 Need for all stakeholders to be prepared .
Any investigation is a long and painful process .
 Under the responsibility of the authorities of the country of occurrence .
 It takes considerable human resources and expertise .
 It may require external support (recovery, analysis,…) .
 It generally takes several years to write an accident report .
The legal costs due to an accident can be very high .
Compensation to families .
Fees to lawyers .
Punitive damages may occur .
A dedicated team will be kept busy for many years .
Follow on costs will add up
Procedures update
Training
Infrastructure
Insurance premiums
Product modifications
…
Accident causation
.
The strongest evidence of a serious breach of a system is an accident .

An understanding of accident and incident causation is essential to understanding a safety management . accidents and
incidents are closely related ,no attempt is made to differentiate accident causation from incident causation
traditional view of causation
following a major accident ,
some kinds of questions may be asked .
1.how and why did competent personnel make the errors necessary
to precipitate the accident
2.could something like this happen again .
Modern view of causation
accidents require the coming together of a number of enabling factors – each one necessary but in itself not sufficient to
breach system deficiencies
most accidents include both active and latent conditions .
 Traditional approach – Preventing accidents
 Focus on outcomes (causes)

 Unsafe acts by operational personnel
 Attach blame/punish for failures to “perform safely”
 Address identified safety concern exclusively
 Regulatory compliance
 Identifies: WHAT? WHO? WHEN?

But not always discloses:
WHY? HOW?
The evolution of safety thinking
TECHNICAL FACTORS
HUMAN FACTORS
TODAY
ORGANIZATIONAL FACTORS
1950s 1970s 1990s 2000s

Fuente: James Reason
A concept of accident causation
Organization Workplace People Defences

Regulations
Management decisions Working conditions Errors Training
Technology
and organizational and
ORGANIZATION
processes violations
Latent conditions trajectory
Resources
Actions
Conditions
ortoinactions
protect
presentagainst
byinpeople
the system
the(pilots,
risksbefore
that
controllers,
organizations
the accident,
maintenance
involved
made evident
engineers,
in production
by triggering
aerodrome
activities
Activities
Factors that
overdirectly
which influence
any organization
the
staff, etc.) that efficiency
have anhas a of
reasonable
people
immediate in degree aviation
adverse effect. of direct
workplaces.
control
generate and
factors.
must control.
The organizational accident
Organizational processes
Workplace Policy-making Latent

conditions Planning conditions
Communication
Allocation of resources
Active Supervision
Defences
failures  ...
Activities over which any organization has a reasonable degree of direct control
Workplace  Inadequate hazard Latent

conditions identification and risk conditions
management
 Normalization of deviance
Active
Defences
failures
Conditions present in the system before the accident, made evident by triggering factors.
Workplace Latent
conditions conditions
Technology
Training
Active
failures Regulations Defences
Resources to protect against the risks that organizations involved in production activities
generate and must control.
 Workforce stability
Workplace  Qualifications and experience Latent
conditions  Morale conditions
 Credibility
 Ergonomics
Active  ... Defences
failures
Factors that directly influence the efficiency of people in aviation workplaces.

Workplace Latent
Errors
Active
Violations Defences
failures
Actions or inactions by people (pilots, controllers, maintenance engineers, aerodrome staff, etc.)
that have an immediate adverse effect.
The perspective of the organizational accident
Improve Identify
Monitor
Workplace Latent
Reinforce
Contain
Active
Defences
failures
IN A HIGH – TECHNOLOGY INDUSTRY SUCH AS AVIATION ,THE FOCUS
OF PROBLEM SOLVING IS OFTEN ON TECHNOLOGY .
HOWEVER ,THE ACCIDENT RECORD REPEATEDLY DEMONSTRATES THAT

AT LEAST THREE OUT OF FOUR ACCIDENTS INVOLVE PERFORMANCE
ERRORS MADE BY APPARENTLY HEALTHY AND APPROPRIAETLY
QUALIEFIED INDIVIDUALS .
IN THE RUSH TO EMBRACE NEW TECHNOLOGIES ,THE PEOPLE WHO

MUST INTERFACE WITH AND USE THIS EQUIPMENTT ARE OFTEN
OVERLOOKED .
People and safety
• Aviation workplaces involve
complex interrelationships among
its many components
• To understand operational
performance, we must understand
how it may be affected by the
interrelationships among the
various components of the
aviation work places
Source: Dedale
A
Understand
human performance
within the
operational context
where it takes place
B
Processes and outcomes
Causes and
consequences of
operational errors are
not linear in their
magnitude
The SHEL(L) model
Understanding the relationship between people and operational
contexts
 Software
SS  Hardware
 Environment
HH L L LL  Liveware
EE  Liveware, other persons
Operational performance and technology
• In production-intensive industries
like contemporary aviation,
technology is essential
• As a result of the massive
introduction of technology, the
operational consequences of the
interactions between people and
technology are often overlooked,
leading to human error
Understanding operational errors
• Human error is considered
contributing factor in most aviation
occurrences
• Even competent personnel commit
errors
• Errors must be accepted as a normal
component of any system where
humans and technology interact
Errors and safety – A non linear relationship
Statistically, millions of operational errors

are made before a major safety
breakdown occurs
Three strategies for the control of human error
• Error reduction strategies

intervene at the source of
the error by reducing or
eliminating the contributing
factors
– Human-centred design
– Ergonomic factors
– Training
– …
• Error capturing strategies

intervene once the error has
already been made,
capturing the error before it
generates adverse
consequences
– Checklists
– Task cards
– Flight strips
–…
• Error tolerance strategies

intervene to increase the
ability of a system to accept
errors without serious
consequence
– System redundancies
– Structural inspections
– …
Module N° 3
Introduction to safety
management
Module 9
Module 8
SMS Operation
implementation

Module 1 Module 2 Module Module 3

3 Introduction Module 4
to safety
Introduction to Safety Obligations & Responsibilities
management
Objective
• At the end of this module, participants will be able to explain
the need for, the strategies and the key features of safety
management
Outline
• The safety stereotype
• The management dilemma
• Need for safety management
• Strategies for safety management
• The imperative of change
• Safety management – Eight building blocks
• Four responsibilities for managing safety
The safety stereotype
Is it?
Really?
What is the fundamental objective of a business organization ?
ORGANIZATION
Safety management – Rationale
• In order to achieve its production objectives, the management of any
aviation organization requires the management of many business
processes
• Managing safety is one such business process
• Safety management is a core business function just as financial
management, HR management, etc.
• There is no aviation organization that has been created to deliver only
safety
• This brings about a potential dilemma for management
The management dilemma
Management levels
ORGANIZATION
Resources Resources
Protection Production
Man
age
me nt le
vels
ORGANIZATION
Protection
Resources +
Production
Catastrophe
ve ls
e
ent l
agem
n
Ma
ORGANIZATION
+ Resources
Production
Protection
Bankruptcy
Safety space
Financial
management
?
Bankruptcy ?
ORGANIZATION e
Protection
pa c
ty s
afe Safety
S Catastrophe management
Production
Safety management – The response to the dilemma
• Safety issues are a by-product of activities related to
production/services delivery
• An analysis of an organization's resources and goals allows for a
balanced and realistic allocation of resources between protection and
production goals, which supports the needs of the organization
• The product/service provided by any aviation organization must be
delivered safely (i.e. protecting users and stakeholders)
Why Safety Management? An imperfect system
System Baseline performance
design Practicaldrift
Practical drift
Operational Operatio
na l perform Defences
Regulations
deployment ance Training
Technology
Op
SMS era
ti ona
l per
form
anc
e
ORGANIZATION
The essential is invisible to the eyes
Number of occurrences
1–5 Accidents
30 – 100 Serious incidents
100 – 1000 Incidents
Latent conditions
1000 – 4000
“Navigating the drift”
Baseline performance
Practical drift
Op
era Organization
ti ona
ORGANIZATION
l per
form
anc
e
Navigational aids
Reactive Proactive Predictive

Reactive safety management
• Investigation of accidents and serious incidents
– Based upon the notion of waiting until something breaks to fix it
– Most appropriate for:
• situations involving failures in technology
• unusual events
– The contribution of reactive approaches to safety management
depends on the extent to which the investigation goes beyond the
triggering cause(s), and includes contributory factors and findings
as to risks
Proactive safety management
• Mandatory and voluntary reporting systems, safety audits and
surveys
– Based upon the notion that system failures can be minimized by:
• identifying safety risks within the system before it fails; and
• taking the necessary actions to reduce such safety risks

Predictive safety management
• Confidential reporting systems, flight data analysis, normal operations
monitoring.
– Based upon the notion that safety management is best
accomplished by looking for trouble, not waiting for it
– Aggressively seek information from a variety of sources which may

be indicative of emerging safety risks
Strategies – Summary
Reactive method
The reactive method Proactive method
responds to the events that The proactive method
already happened, such as looks actively for the
incidents and accidents identification of Predictive method
safety risks The predictive method
through the analysis captures
of the organization’s system performance as it
activities happens in real-time
normal operations to
identify potential future
problems
Strategies – Levels of intervention and tools
Safety management levels
System High MiddleBaseline performanceLow

design Practical drift
HAZARDS
Predictive Proactive Reactive Reactive

Op
ORGANIZATION
era
tion
al p
FDA ASR erfoASR Accident
Direct rma and incident
Surveys MOR nce
observation Audits reports
system
Highly efficient Very efficient Efficient Insufficient
Desirable management
levels
The imperative of change
• As global aviation activity and complexity continues to grow, traditional
methods for managing safety risks to an acceptable level become less
effective and efficient
• Evolving methods for understanding and managing safety risks are

necessary
The safety management process at a glance
Identify
hazards
Collect
Re-evaluate additional Assess
control hazard consequences
strategies data
Implement Safety
Assess and prioritize
control management risks
strategies process
Approve Develop
control elimination/
Assign responsibilities mitigation
strategies strategies
In summary
• Managing safety requires resources.
• Allocation of resources is a managerial function.
• Management has the authority and the

responsibility to manage safety risks in the
organization .
In summary
• Safety management
– Includes the entire operation
– Focus on processes (Clear difference between processes and
outcomes)
– Data-driven (constant monitoring)
– Strictly documented
– Gradual improvement as opposed to dramatic change
– Strategic planning as opposed to piecemeal initiatives
A balanced perspective
…The pilot-in-command must bear responsibility for the decision to
land and take-off in Dryden… However, it is equally clear that the air
transportation system failed him by allowing him to be placed in a
situation where he did not have all the necessary tools that should
have supported him in making the proper decision …
Module N° 04
Obligations & Responsibilities
Regulatory Requirements
Module 9
Module 8
SMS Operation
implementation

Module 1 Module 2 Module 3 Introduction Module

Module44
to safety Obligations
Obligations&&Responsibilities
Responsibilities
SMS course introduction Basic safety concepts management Regulatory
RegulatoryRequirements
Requirements
Objective
At the end of this module participants will be able to

describe the safety management regulatory requirements ply
the fundamentals of hazard identification and analysis through a case study
Outline
• SSP and SMS requirements
• What is an SSP?
• What is an SMS?
• Acceptable level of safety (ALoS)
• Safety performance of the service provider’s
SMS
• Performance-based regulatory environment
The big picture
• Two audience groups
– States
– Service providers
• Three distinct requirements
– State safety programme (SSP)
• Acceptable level of safety (ALoS)
– Safety management System (SMS)
• Safety performance of the SMS
– Management accountability
Basic safety management requirements
• States shall establish a State safety

programme (SSP), in order to achieve an
acceptable level of safety in civil aviation.
What is an SSP?
• An integrated set of regulations and activities
aimed at improving safety.
• States are responsible for establishing an SSP,
encompassing the following responsibilities:
Safety regulation
Accident/incident investigation
Safety assurance
Mandatory/voluntary
reporting systems
Safety data analysis and
exchange
Safety promotion
• The acceptable level of safety (ALoS) to be

achieved shall be established by the State.
Basic safety management
requirements
• States shall require, as part of their State safety
programme (SSP), that a [service provider]
implements a safety management system (SMS)
acceptable to the State that, as a minimum:
a) identifies safety hazards;
b) ensures that remedial action necessary to maintain
safety performance is implemented;
c) provides for continuous monitoring and regular
assessment of the safety performance; and
d) aims at a continuous improvement of the overall
performance of the SMS.
Service providers
• Approved training organizations that are
exposed to safety risks during the provision of
their services;
• Aircraft operators;
• Approved maintenance organizations;
• Organizations responsible for design and/or
manufacture of aircraft;
• Air traffic services providers; and
• Certified aerodromes.
What is an SMS?
• A systematic approach to
managing safety, including the
necessary organizational
structures, accountabilities,
policies and procedures.
• Service providers are
responsible for establishing an
SMS.
• States are responsible, under
the SSP, for the acceptance and
oversight of organizations’
SMS.
Safety performance of services provider’s SMS
• Expresses the safety objectives of a service provider.
• Provides measurable reference for measuring the
safety performance of an SMS.
• Within each State, the safety performance of each SMS
will separately be agreed between the State oversight
authority and individual aviation organizations.
• Agreed safety performance should be commensurate to
the:
– complexity of individual service provider specific
operational context; and
– availability of service provider resources to address them.
Safety performance of an SMS
• The safety performance of an SMS represents
safety performance measurement exclusively.
• The safety performance of an SMS is expressed
in practical terms by two measures or metrics:
– Safety performance indicators
– Safety performance targets
• It is delivered through various tools and means:
– Safety requirements.
• Safety performance indicators
– Short-term, tactical, measurable objectives reflecting the
– They include safety performance measurement exclusively.
– Expressed in numerical terms.
• Safety performance targets
– Long-term, strategic, measurable objectives reflecting the
– They include safety performance measurement exclusively.
– Expressed in numerical terms.
 Legal considerations
 Establishing safety performance for the SMS leaves
unaffected the obligations of services providers and other
related parties, and it does not relieve the services
providers and other related parties from compliance with
SARPs and/or national regulations, as applicable.
1. Training course for drivers / installation of specific signage.
Safety
2. Thrice-daily walk-in ramp inspection programme.
requirements
3. …
1. Maintain no more than 20 events of unauthorized vehicles on the taxiways per

Safety 10,000 operations.
performance
2. By January 2010 reduce to 8 FOD events on the apron per 10,000 operations.
targets
3. …
Safety 1. 20 events of unauthorized vehicles on the taxiways per 10,000 operations.

performance 2. 15 FOD events on the apron per 10,000 operations.
indicators 3. ...
Service
Will comply all applicable national and international standards.
provider
• A safety management system (SMS) shall clearly
define lines of safety accountability throughout
a service provider organization, including a
direct accountability for safety on the part of
senior management.
(Accountability – Obligation or willingness to

account for one’s actions)
SSP – SMS relationship
Objective:
Establish State
acceptable Safety
level of
Programme
State
safety (ALoS)
for civil (SSP)
aviation Performance-based
Acceptance oversight
Compliance
oversight
Objective:
Objective:
Services provider
Organization’s Organization’s Support
Safety policy Safety production
and Safety
Management goals and
objectives Management customer
Safety risk system (SMS) system (SMS) satisfaction
management
Safety assurance
Safety promotion
In summary
State Service provider

States shall establish a Identify safety hazards.
State safety programme Ensure ensures remedial
(SSP), in order to achieve action to maintain safety
an acceptable level of performance.
safety (ALoS) in civil Provides continuing
aviation. monitoring and regular
The acceptable level of assessment of the safety
safety (ALoS) to be performance.
Aims at a continuous
achieved shall be
established by the State. improvement of the
overall performance of
the SMS.
In summary
Performance-based
Prescription Regulations as safety risk
controls
Regulations as
Dynamic regulatory
administrative controls
framework:
Rigid regulatory  Data based
framework identification and
Inspections prioritization of safety
risks
Audits Develop regulations to
Regulatory control safety risks
compliance  Effective safety
performance
Module N° 05
HAZARD
Module 9
Module 8
SMS Operation
implementation


Objectives
At the end of this module, participants will be

able to apply the fundamentals of hazard
identification and analysis.
ICAO Requirements
→ Within the organizational framework of the
SMS, operators/service providers “shall
develop and maintain a formal process for
effectively collecting, recording, acting on and
generating feedback about hazards in
operations, based on a combination of
reactive, proactive methods of safety data
collection”.
ECAA Requirements
→ ECAR 121.5
All certificate holders are required to establish Safety
Management Systems (SMS) that, as a minimum:
• identifies safety hazards;
• assesses risks;
• ensures that remedial action necessary to maintain an
acceptable level of safety is implemented;
• provides for continuous monitoring and regular assessment
of the safety level achieved; and
• aims to make continuous improvement to the overall level
of safety.
Outline
→Hazard definitions
→Understanding hazards .
→Hazard identification / Log / Register .
→Hazard analysis .
→Documentation of hazards.
→Importance of Safety data & Reporting System .
Definitions
→Hazard – Anything with the potential to cause harm.
→Hazard – Any existing or potential condition that can lead to injury,

illness or death to people, damage to or loss of a system, equipment or
property, or damage to environment.
→Hazard – A condition that is a prerequisite to an accident or incident.

Understanding Hazards
 Hazards are easy to define
 Hard to identify
 Harder to understand
 Natural tendency is to describe a hazard as an outcome
 Describing a hazard by its outcome disguises its true nature

– A “runway incursion” or “unclear airport signage”
Examples of Hazards for Pilots
Automation events Unfamiliar phraseology
ATC procedures
Weather
Similar call signs
Missed approaches
Terrain
Heavy traffic Flight diversions
Unfamiliar airports System malfunctions

Examples of Hazards that Maintenance Create for Pilots
Automation events Unfamiliar phraseology
ATC procedures
Weather
Similar call signs
Missed approaches
Terrain
Heavy traffic Flight diversions
AIRWORTHINESS CONTROL FAILURES

Equipment / system failure
Examples of Hazards For ATC
LAHSO Missed approaches
Noise restrictions Communication failure
Runway inspections
Weather
Similar call signs

SIRO
Reduced separation
minima
Heavy traffic Airspace restrictions
Airspace
reclassification Runway crossings
System malfunctions
Examples of Hazards for Airports
FO(D) Constructions
Vehicles in apron
Weather
Runway inspections
Security issues
Obstacles
Non standard
procedures
Heavy traffic
Noise restrictions
Built-up areas Runway crossings
Wildlife
Examples of hazards by type
1. Natural
• Severe weather or climatic events: Hurricanes,

major winter storms, drought, tornadoes,
thunderstorms lighting, and wind shear.
• Adverse weather conditions: Icing, freezing

precipitation, heavy rain, snow, winds, and
restrictions to visibility.
• Geophysical events: Earthquakes, volcanoes,

tsunamis, floods and landslides.
1. Natural
• Geographical conditions: E.g.: adverse terrain or

large bodies of water.
• Environmental events: wildfires, wildlife

activity, and insect or pest infestation.
• Public health events: epidemics of influenza or

other diseases.
2. Technical, deficiencies regarding:
• Aircraft and aircraft components, systems, sub-systems

and equipments. This includes Failures, inadvertent or
erroneous functioning of Systems.
• An organisation’s facilities, tools, and related equipment.
• Facilities, systems, sub-systems and related equipment

external to the organisation.
3. Economic
• Major trends related to: Growth,

Recession, Cost of material or
equipment, Fuel cost, Environmental
issues, etc.
• Diverging interests: operation vs.

shareholder
4. Ergonomic
• Deficiencies in the environment the front line employees have to operate
• 24-hour operation with impact on individual’s performance (circadian cycle)

5. Organizational
• Complex organizational structures resulting in unclear responsibilities
• Re-organization.
Examples of hazards by Organization
1. Aircraft Operator
• Load-sheet errors
• Lack of sleep during off duty
• Partial failure or loss of navigation systems
• Error in FMS data base
• Loss of radio communication
2. Airport Operator
• Worn Runway Markings

• Unclear ramp marking for vehicle holding point
• Fuel Spillage
• Not well lit parking position
• Partial failure of weather monitoring devices (e.g. anemometer)
3. Ground Handler
•Jet Blast
•Noise
•Understaffing
•Misinterpretation of Load-sheet
•Wet surfaces/ equipment
•Improper application of anti-icing fluid
Hazard identification
→ The scope for hazards in aviation is wide, and

may be related to:
 Design factors, including equipment and task
design.
 Procedures and operating practices, including
documentation and checklists.
 Communications, including means, terminology
and language.
 Organizational factors, such as company policies for recruitment,

training, remuneration and allocation of resources.
 Work environment factors, such as ambient noise and vibration,
temperature, lighting and protective equipment and clothing.
 Regulatory factors, including the applicability and enforceability of

regulations; certification of equipment, personnel and procedures;
and the adequacy of oversight.
 Defences including detection and warning systems, and the extent to
which the equipment is resilient against errors and failures.
 Human performance, including medical conditions and physical
limitations.
→ By whom?
 By anybody
 By designated personnel
→ How?
 Through formal processes
 Depends on the organization
→ When?
 Anytime
 Under specific conditions
Examples of Sources for Identifying Hazards
1. Flight Operations Data Analysis (FODA) / Flight Data Monitoring (FDM)

2. Flight Reports
3. Cabin Reports
4. Maintenance Reports
5. Confidential Safety Reports
6. Operations Control Reports
7. Crew Observation (LOSA)
8. Investigations & Hearings
9. Quality Assurance Program .

10. Training records (e.g. crew periodic checks, simulator checks and training, line
checks, etc)
11. Safety Reporting
12. Safety (& Quality) Audits / Assessments
13. Safety Culture monitoring through surveys
14. Internal safety investigations
15. Company voluntary reporting system
16. Audits and surveys
17. Ground Handling Report
18. Disruptive Passenger Report
19. Captain's Special Report
20. Flight and Duty Time Discretion Report
21. Accident reports
22. State mandatory occurrence system
23. IOSA reports
→ Depending on the hazard identification sources and the approach to hazard
identification, two groups of methods for identifying hazards can be defined:
1. Reactive Methods
2. Proactive Methods
→ In real life scenarios, both reactive and proactive methods provide an effective
means of hazard identifications. Incident investigation is still one of the largest
contributors in identifying hazards.
→ In successful safety management systems, the proactive approach for hazard

identification is utilized extensively, so the hazard is recognized and addressed
before it could turn into an occurrence.
Hazard Log
The most important step in the safety risk assessment process is safety assessment
documentation.
Organizations should wherever possible maintain a centralized log of all identified

hazards. The nature and format of such a log may vary from a simple list of hazards to a
more sophisticated relational database linking hazards to mitigations, responsibilities and
actions (as part of an integrated safety risk management process).
Hazard Log
As a minimum, it is recommended that the following information be included in the
hazard log:
• Unique hazard reference number against each hazard

• Hazard description
• Indication of the potential causes of the hazard (safety events)
• Qualitative assessment of the possible outcomes and severities of consequences
arising from the hazard
• Qualitative assessment of the risk associated with the possible consequences of the
hazard
• Description of the risk controls for the hazard
• Indication of responsibilities in relation to the management of the risk controls
Hazard Log
In addition, organizations may wish to consider the following information for
inclusion in the log.
• A quantitative assessment of the risk associated with the possible

consequences of the hazard
• Record of actual incidents or events related to the hazard or its’ causes
• Risk tolerability statement
• Statement of formal system monitoring requirements
• Indication of how the hazard was identified
• Hazard owner
• Assumptions
• Third party stakeholders
Hazard Log template
Hazard Register (Sample only)
Hazard Analysis
→ Efficient and safe operations or provision of service require a constant

balance between production goals (maintaining regular aerodrome
operations during a runway construction project) and safety goals
(maintaining existing margins of safety in aerodrome operations during
runway construction project).
→ Aviation workplaces contain hazardous conditions which may not be
cost-effective to eliminate even when operations must continue.
Hazard Analysis
→ABC of hazard analysis
A – State the generic hazard (hazard statement)
↘ Airport construction
B – Identify specific components of the hazard
↘ Construction equipment
↘ Closed taxiways
↘…
C – Naturally leading to specific risk(s)
↘ Aircraft colliding with construction equipment
↘ Aircraft taking wrong taxiway
↘ …
Hazard Analysis
→At the intersection of protection and production

The acronym ALARP is used to describe a safety risk which has been
reduced to a level that is as low as reasonably practicable.
In determining what is reasonably practicable consideration is given to
both the technical feasibility and the cost of further reducing the safety
risk.
This includes a cost/benefit study.
Hazard Analysis
→Direct costs
The obvious costs, which are easily determined. The high costs of
exposure of hazards can be reduced by insurance coverage.
↘Purchasing insurance only transfers monetary risk
→Indirect costs
The uninsured costs. An understanding of these uninsured costs (or
indirect costs) is fundamental to understanding the economics of safety.
Hazard Analysis
→ Usually they amount more than the direct
costs resulting from exposure to hazards:
 Loss of business
 Damage to the reputation
 Loss of use of equipment
 Loss of staff productivity
 Legal actions and claims
 Fines and citations
 Insurance deductibles
How the process go on in the system
Identify
hazards
Re-evaluate Collect
control additional Assess
strategies hazard risks
data
Implement Prioritize
control Safety
strategies management risks
process
Develop
Assign elimination/
Approve mitigation
responsibilities control strategies
strategies
Hazard Analysis
Hazard Analysis
Documentation of hazards
→ The fundamental importance of appropriate

documentation management:
A formal procedure to translate operational
safety data into hazard-related information.
The “safety library” of an organization.
→ The need for standardization: facilitating

tracking and analysis of hazards by common:
 Definitions
 Understanding
 Validation
 Reporting
 Measurement
 Management
Method Identification Management Documentation Information
Reactive method Safety

Assess the management
• ASR Assign
consequences and information
• MOR responsibilities
prioritize the risks
• Incident reports
Hazards
• Accident reports Trend analysis
Proactive method
• ASR Develop control and
mitigation strategies
Implement strategies “Safety Safety bulletins
• Surveys
• Audits library”
Hazards
Report distribution
Predictive method
• FDA Inform person(s) Re-evaluate strategies
responsible for
• Direct observation implementing and
Seminars and
systems strategies processes
workshops
Feedback
Safety Information
Safety Management Systems are predicated on useful data and
information being collected, analysed /assessed, and used to make
decisions
Data and information provide the “fuel” for the tools use by all
participants to manage risks
The same data and information used by operators is used by

regulators information flows both ways.
The flow of information is key to managing risks within the system .
HOW DOES CAA USE INFORMATION ?
CAA uses information to understand safety risk, and to then:
– Identify where risks sit within the system

– Design actions which mitigate those risks
– Implement those actions
– Measure whether the actions have the desired effect
Management must establish a system to collect and
analyze safety data.
– Accidents and incidents records

– Any safety concerns raised by employees
– Results of audits / evaluation
– Latest developments of safety
The benefit will be :
Safety data and information are available to the people

who need it to do their jobs
Establishing a Safety Reporting System
– Employees must have a way to report hazards

– Everyone must known how to report
– When an hazard reported, the report should be acknowledged
and analyzed
– Confidence in the system
Establishing a Safety Reporting System
Remember
“If In doubt – report It”
The basic safety process is accomplished as follows :
1.A safety issue or concern is raised ,a hazard is identified ,or an incident or accident
happen.
2.The concern or event is reported or brought to the attention of management .
3.The event ,hazard, or issue is analysed to determine its cause or source.
4.Corrective action, control or mitigation is developed and implemented ,and
5.The corrective action is evaluated to make sure it is effective .
If safety issue is resolved ,the action can be documented and the safety enhancement
maintained .
Module N° 6
Risks
Module 9
Module 8
SMS Operation
implementation


Objective
At the end of this module, participants will be able to

apply the fundamentals of risk management
Outline
→Definition Of Risk
→First fundamental – Risk management
→Second fundamental – Risk probability
→Third fundamental – Risk severity
→Fourth fundamental - Risk assessment and tolerability
→Fifth fundamental – Risk control/mitigation
→Points to remember
First fundamental – Risk management
→What is it?
 The identification, analysis and elimination, and/or mitigation to an acceptable level of
risks that threaten the capabilities of an organization.
→What is the objective?

 Aims at a balanced allocation of resources to address all risks and viable risk control and
mitigation.
→Why is it important?
 A key component of safety management systems.
 Data-driven approach to safety resources allocation, thus defensible and easier to
explain.
Risk management
Intolerable region
The risk is
unacceptable
at any level
As If the risk can

Tolerable region be mitigated, it
Low
is acceptable.
As Cost benefit
Reasonably analysis
Practicable required.
Acceptable
region The risk is acceptable
as it currently stands
Second fundamental - Risk probability
→Definition(s)
 Probability – The chance that a situation of danger might occur.
Second fundamental – Risk probability
→Questions for assessing the probability of an occurrence:

 Is there a history of occurrences like the one being assessed, or is the
occurrence an isolated event?
 What other equipment, or similar type components, might have
similar defects?
→… questions such:
 What number of operating or maintenance
personnel must follow the procedure (s) in
question?
 How frequently is the equipment or procedure under assessment
used?
Probability of occurrence
Qualitative
Meaning Value
definition
Frequent Likely to occur many times (has occurred frequently) 5
Occasional Likely to occur some times (has occurred infrequently) 4
Remote Unlikely, but possible to occur (has occurred rarely) 3
Improbable Very unlikely to occur (not known to have occurred) 2
Extremely
improbable
Almost inconceivable that the event will occur 1
Third fundamental – Risk severity
→Definition(s)
Severity – The possible consequences of a situation of danger, taking
as reference the worst foreseeable situation.
→Define the severity in terms of:

Property
Health
Finance
Liability
People
Environment
Image
Public confidence
→Questions for assessing the severity of an occurrence:

How many lives are at risk?
↘Employees
↘Passengers
↘Bystanders
↘General public
What is the environmental impact?
↘Spill of fuel or other hazardous product
↘Physical disruption of natural habitat
→ … questions:
 What is the severity of the property or financial damage?
↘Direct operator property loss
↘Damage to aviation infrastructure
↘Third party damage
↘Financial impact and economic impact for the State
 Are there organizational, management or regulatory implications that might generate
larger threats to public safety?
 What are the likely political implications and/or media interest?
Severity of occurrences
Aviation
Meaning Value
definition
 Equipment destroyed
Catastrophic  Multiple deaths A
 A large reduction in safety margins, physical distress or a workload such
that the operators cannot be relied upon to perform their tasks accurately
or completely.
Hazardous  Serious injury or death to a number of people. B
 Major equipment damage
 A significant reduction in safety margins, a reduction in the ability of the

operators to cope with adverse operating conditions as a result of increase
in workload, or as a result of conditions impairing their efficiency.
Major  Serious incident. C
 Injury to persons.
 Nuisance.
 Operating limitations.
Minor  Use of emergency procedures. D
 Minor incident.
Negligible  Little consequences E

Fourth fundamental – Risk assessment
Risk severity
Catastrophic Hazardous Major Minor Negligible

Risk probability
A B C D E
5 – Frequent 5A 5B 5C 5D 5E
4 – Occasional 4A 4B 4C 4D 4E
3 – Remote 3A 3B 3C 3D 3E
2 – Improbable 2A 2B 2C 2D 2E
1 – Extremely
improbable 1A 1B 1C 1D 1E
Fourth fundamental – Risk tolerability
Assessment risk index Suggested criteria
5A, 5B, 5C, 4A, 4B, 3A Unacceptable under the existing circumstances
5D,5E, 4C, 3B, 3C, 2A, 2B Risk control/mitigation requires management decision
Acceptable after
4D, 4E, 3D, 2C, 1A, 1B review of the operation
3E, 2D, 2E, 1C, 1D, 1E Acceptable

Risk assessment at a glance
Identify the hazards to equipment , property , HAZARD
personnel or the organization . IDENTIFICATION
Identify the risk(s) and assess RISK ASSESSMENT

the chances of it (them) occurring? Probability
RISK ASSESSMENT
Evaluate the seriousness of the risk(s) occurring Severity
Is (are) the consequent risk(s) acceptable and within RISK ASSESSMENT

the organization’s safety performance criteria? Tolerability
NO
YES Take action to reduce
Accept the risk(s) the risk(s) to an RISK CONTROL/MITIGATION
acceptable level
Fifth fundamental – Risk control/mitigation
→Definition(s)
Mitigation – Measures to eliminate the potential hazard or to reduce
the risk probability or severity.
↘Risk mitigation = Risk control
(Mitigate – To make milder, less severe or less harsh)

→ Strategies
 Avoidance – The operation or activity is cancelled because risks exceed the

benefits of continuing the operation or activity.
↘Operations into an aerodrome surrounded by complex geography and

without the necessary aids are cancelled.
→ Strategies
 Reduction –The frequency of the operation or activity is reduced, or action is

taken to reduce the magnitude of the consequences of the accepted risks.
↘Operations into an aerodrome surrounded by complex geography and without

the necessary aids are continued based upon the availability of specific aids
and application of specific procedures.
Fifth fundamental – Risk mitigation
→ Strategies
 Segregation of exposure – Action is taken to isolate the effects of risks or build-in
redundancy to protect against it, i.e., reduce the severity of risk.
↘Operations into an aerodrome surrounded by complex geography are limited

to day-time, visual conditions.
↘Non RVSM equipped aircraft not allowed to operate into RVSM airspace .
Risk mitigation – Defences
→Recalling the three basic defences in aviation:

 Technology
 Training
 Regulations
Risk mitigation – Defences
→ As part of the risk mitigation, determine:

 Do defences to protect against such risk (s) exist?
 Do defences function as intended?
 Are the defences practical for use under actual working conditions?
 Is staff involved aware of the risks and the defences in place?
 Are additional risk mitigation measures required?
Risk mitigation at a glance
Hazard identification Assessment of Control and Accepting the

and defences Mitigation mitigation of
risk management the risk
Of risks
H H H H
Ø Does the mitigation
address the hazard?
Regulations Ø Does it address the
risk (s)?
EACH HAZARD Training Ø Is it effective?
Ø Is it appropriate?
Technology
Ø Is additional or
R R R R different
mitigation warranted?
EACH RISK Do the mitigation
Ø
strategies generate
additional risk (s)
As a reminder
→ There is no such thing as absolute safety – In aviation it is not possible to eliminate

all risks.
→ Risks can be managed to a level “as low as reasonably practicable” (ALARP)
→ Risk mitigation must be balanced against:
 time
 cost
 difficulty of taking measures to reduce or eliminate the risk (i.e. managed).
→ Effective risk management seeks to maximize the benefits of accepting a risk (a
reduction in time and cost) while minimizing the risk itself.
→ Communicate the rationale for risk decisions to gain acceptance by stakeholders
affected by them.
Risk management process at a glance
A safety concern is perceived
Feedback and Identify hazards and assess risks

record the
hazard
identification Define the level of Define the level of
and severity probability
assessment
and/or risk Define the level
mitigation of risk
Is the risk level acceptable? No

Take action and
continue the Yes
operation
Can the risk be eliminated? No

Take action and
continue the Yes
operation
Yes Can the risk be mitigated?
Take action and Can the residual risk Cancel the

continue the Yes be accepted (If any)? No operation
operation
Hazards and risks – Closing the loop
• Hazard – Condition or object with the potential of causing injuries
to personnel, damage to equipment or structures, loss of material,
or reduction of ability to perform a prescribed function
• Consequence – Potential outcome(s) of the hazard
• Risk – The assessment, expressed in terms of predicted probability
and severity, of the consequence(s) of a hazard taking as reference
the worst foreseeable situation
– A wind of 15 knots blowing directly across the runway is a hazard
– A pilot may not be able to control the aircraft during takeoff or landing is
one of the consequences of the hazard
– The assessment of the consequences of the potential loss of control of the
aircraft by the pilot expressed in terms of probability and severity is the risk
Points to remember
1. The risk assessment matrix.

2. The risk assessment criteria table.
3. Risk mitigation: avoid, reduce, segregate.
Module N° 7
SMS planning
Module 9
Module 8
SMS Operation
implementation

Hazards Risks SMS Planning
planning

Objective
• When completing the module the participants
will be able to describe the requirements
associated to the planning of an SMS, and
explain the structure of an SMS
implementation plan and the contents of the
safety management system manual (SMSM).
Outline
• The components of SMS
• The elements of SMS
• Safety policy and objectives
• Questions and answers
• Exercise 08/01 – Cuzco International Airport
operation (See Handout N° 5)
The components of SMS
Safety policy and objectives

Safety risk management
Safety assurance
Safety promotion
The elements of SMS
Safety policy and objectives
1.1 – Management commitment and responsibility
1.2 – Safety accountabilities
1.3 – Appointment of key safety personnel
1.4 – Coordination of emergency response planning
1.5 – SMS documentation
Safety risk management
2.1 – Hazard identification
2.2 – Risk assessment and mitigation
The elements of SMS
Safety assurance
3.1 – Safety performance monitoring and
measurement
3.2 – The management of change
3.3 – Continuous improvement of the SMS
Safety promotion
4.1 – Training and education
4.2 – Safety communication
ICAO SMS framework
 Safety policy and objectives
 Safety risk management
 Safety assurance
3.1 – Safety performance monitoring and measurement
 Safety promotion
• The service provider shall define the safety policy
of the organization which shall:
1) Be in accordance with international and national
requirements;
2) Be signed by the Accountable executive of the
organization;
3) Reflect organizational commitments regarding safety;
4) Include a clear statement about the provision of the
necessary resources for the implementation of the
safety policy; ...
• ... safety policy of the organization shall
(cont’d):
5) Be communicated, with visible endorsement,
throughout the organization;
6) Include the safety reporting procedures;
7) Clearly indicate which types of operational
behaviours are unacceptable;
8) Include the conditions under which exemptions
from disciplinary action would be applicable; ...
• ... safety policy of the organization shall (cont’d):
9) Be periodically reviewed to ensure it remains
relevant and appropriate to the organization;
10) Ensure the implementation of remedial action
necessary to maintain agreed safety performance;
11) Provide for continuous monitoring and regular
assessment of the safety performance;
12) Aim at a continuous improvement to the overall
performance of the SMS; and ...
• ... safety policy of the organization shall
(cont’d):
13) Include a statement about the establishment of
the organization’s safety objectives and safety
performance standards and their relationship to:
• Safety performance indicators;
• Safety performance targets; and
• Safety requirements.
ICAO SMS framework
• The organization shall identify:
– The Accountable Executive who, irrespective of
other functions, shall have ultimate responsibility
and accountability, on behalf of the organization,
for the implementation and maintenance of the
SMS; and
– The accountabilities of all members of
management, irrespective of other functions, as
well as of employees, with respect to the safety
performance of the SMS.
• The Accountable Executive shall:

– Be a single and identifiable person.
• CEO/Chairman Board of Directors.
• A partner.
• The proprietor.
• ...
• The Accountable Executive must have:
– Full authority for human resources issues.
– Authority for major financial issues.
– Direct responsibility for the conduct of the
organization’s affairs.
– Final authority over operations under certificate.
– Final responsibility for all safety issues.
• Safety responsibilities, accountabilities and
authorities shall:
– Be documented;
– Be communicated throughout the organization; and
– Include a definition of the levels of management

with authority to make decisions regarding safety
risks tolerability.
• The job description of each senior manager

(departmental head or responsible for a
functional unit) should include, to the
appropriate extent, and in addition to the specific
responsibilities for the department/functional
unit operation:
– the safety accountabilities; and
– the responsibilities regarding the operation of the
SMS.
Safety responsibilities – An example
Safety Review Accountable Executive

Board (SRB)
Head of Head of Heads of other

operations maintenance areas
Operations Maintenance
safety officer safety officer
Safety Action
Safety Services
Group(s)
(SAG) Office
ICAO SMS framework
• The organization shall identify a safety

manager to be the responsible individual and
focal point for the implementation and
maintenance of an effective SMS.
Safety responsibilities
Board (SRB)

Safety Action
Safety Services
Group(s)
(SAG) Office

• The Safety services office – Corporate functions
– Advising senior management on safety matters.
– Assisting line managers.
– Overseeing hazard identification systems.

• The safety manager – Functions
– Manages the SMS implementation plan on behalf
of the accountable executive.
– Facilitates hazard identification and risk analysis
and management.
– Monitors corrective actions to ensure their
accomplishment.
– Provides periodic reports on safety performance.
– Maintains safety documentation.
– Plans and organizes staff safety training.
– Provides independent advice on safety matters.
• The safety manager – Selection criteria
– Operational management experience and technical
background to understand the systems that
support operations.
– People skills.
– Analytical and problem-solving skills.
– Project management skills.
– Oral and written communications skills.
Board (SRB)

Safety Action
Safety Services
Group(s)
(SAG) Office
• The Safety Review Board (SRB):
– High level committee
– Strategic safety functions
• Chaired by the accountable executive.
• It may include the Board of Directors.
• Composed of heads of functional areas.
• SRB monitors:
– Safety performance against the safety policy and
objectives.
– Effectiveness of the SMS implementation plan.
– Effectiveness of the safety supervision of sub-contracted
operations.
• SRB ensures that appropriate resources are
allocated to achieve the established safety
performance.
• SRB gives strategic direction to the SAG.
Board (SRB)

Safety Action
Safety Services
Group(s)
(SAG) Office

• Safety Action Group(s) (SAG):
– Reports to SRB and takes strategic direction from
SRB.
– Members:
• Managers and supervisors from functional areas.
• Front-line personnel.
• SAG:
– Oversees operational safety within the functional area.
– Resolves identified risks.
– Assesses the impact on safety of operational changes.
– Implements corrective action plans.
– Ensures that corrective action is taken in a timely
manner.
– Review the effectiveness of previous safety
recommendations.
– Safety promotion.
ICAO SMS framework
• The organization shall ensure that an emergency

response plan that provides for the orderly and
efficient transition from normal to emergency
operations, and the return to normal operations is
properly coordinated with the emergency response
plans of those organizations it must interface with
during the provision of its services.
1.4 – Coordination of emergency
response planning
• Emergency response planning
outlines in writing what should
be done after an accident, and
who is responsible for each
action.
– Airport Emergency Plan (AEP)
– Contingency Plans (ATC)
– Emergency Response Plan
(Operators)
• The coordination of the different
plans should be described in the
SMS Manual.
ICAO SMS framework
• The organization shall develop and maintain
SMS documentation to describe:
– The safety policy and objectives;
– The SMS requirements;
– The SMS processes and procedures;
– The accountabilities, responsibilities and
authorities for processes and procedures; and
– The SMS outputs.
• As part of the SMS documentation, the
organization shall:
1) Develop an SMS implementation plan, endorsed by
senior management of the organization that defines
the organization’s approach to the management of
safety in a manner that meets the organization’s
safety objectives; and
2) Develop and maintain a safety management system
manual (SMSM), to communicate its approach to the
management of safety throughout the organization.
1.5.1 – SMS implementation plan
• Developed by a planning group, which:
– Comprises an appropriate experience base.
– Meets regularly with senior management.
– Receives resources (including time for meetings).
• A realistic strategy for the implementation of an
SMS that will meet the organization’s safety
performance needs.
• A definition of the approach the organization will
adopt for managing safety.
1.5.1 – SMS implementation plan
• Senior management endorses the plan.
• Typical implementation time frame will be one
to four years ahead.
– See Module 10 – Phased approach to SSP and SMS
implementation.
1.5.1 – SMS implementation plan – Contents
1) Safety policy and objectives
2) System description
3) Gap analysis
4) SMS components
5) Safety roles and responsibilities
6) Safety reporting policy
7) Means of employee involvement
8) Safety performance measurement
9) Safety training
10) Safety communication
11) Management review (of safety performance)
1.5.2 – Safety Management
System Manual (SMSM)
• Key instrument for
communicating the
organization’s approach to
safety to the whole organization.
Safety Management
• Documents all aspects of the System Manual (SMSM)
SMS, including the safety policy,
objectives, procedures and
individual safety responsibilities
and accountabilities.
1.5.2 – SMSM contents
1. Scope of the safety 7. Hazard identification
management system. and risk management
2. The safety policy and schemes.
objectives. 8. Safety assurance.
3. Safety accountabilities. 9. Safety performance
4. Key safety personnel. monitoring.
5. Documentation control 10. Safety auditing.
procedures. 11. Management of
6. Coordination of the change.
emergency response 12. Safety promotion.
planning. 13. Contracted activities.
Conclusion
• The successful management of safety is a
functional responsibility that requires the
participation of all operational personnel and
the supervision of the organization (Systematic).
• This principle must be reflected in the structure
of the organization (Explicit).
Conclusion
• The organization must define, document and
communicate individual lines of responsibility and
authority in regard to the management of operational
safety (Explicit).
• The means to manage safety within the organization
include hazard identification, risk management,
safety assurance and safety promotion (Proactive).
Module N° 8
SMS Operation
Module 9
Module 8
SMS Operation
implementation


Objective
• When completing the module the participants

will be able to describe the requirements
associated with the operation of an SMS.
Outline
• Safety risk management
• Safety assurance
• Safety promotion
ICAO SMS framework
2.1 – Hazard identification (Module 4)
• The organization shall develop and maintain a
formal process that ensures that hazards in
operations are identified.
• Hazard identification shall be based on a
combination of reactive, proactive and
predictive methods of safety data collection.
• Safety reporting systems – A special mention
– Nobody knows better actual system performance
than operational personnel.
• Mandatory reporting system.
• Voluntary reporting systems.
• Confidential reporting systems.
– The requirements of safety reporting systems may
vary among States.
• Reporting systems
– People are reluctant to report.
– Why?
• Retaliation.
• Self-incrimination.
• Embarrassment.
Protecting sources of safety information
• Assembly Resolution A35/17
• Legal guidance in Annex 13, Attachment E
• Safety information must not be used for purposes
other than the purposes for which it was collected.
– Introduction and definitions
– General principles
– Principles of protection
– Principles of exceptions
– Responsibilities of the custodian of safety information
– Protection of recorded information
• Typical qualities of successful safety reporting

systems:
– Reports easy to make.
– No disciplinary actions as result of reports.
– Reports are confidential.
– Feedback is rapid, accessible and informative.

• Four steps for action:
1. Reporting hazards, events or safety concerns.
2. Collecting and storing the data.
3. Analyzing reports.
4. Distributing the information distilled from the
analysis.
ICAO SMS framework
2.2 – Risk assessment and
mitigation (Module 5)
• The organization shall
develop and maintain a Intolerable region
formal process that ensures:

– Analysis (probability and A
L
severity of occurrence); A Tolerable region
R
– Assessment (tolerability); and P
– Control (mitigation) of the
Acceptable
safety risks assessed to the region
consequences of hazards in
operations to ALARP.
ICAO SMS framework
3.1 – Safety performance 1. Training course for drivers / installation of specific
monitoring and Safety

requirements 2.
signage.
Thrice-daily walk-in ramp inspection programme.
measurement 3. …
• The organization shall 1. Maintain no more than 20 events of unauthorized
develop and maintain

nce
vehicles on the taxiways per 10,000 operations.
a
Safety
for m
performance 2. By January 2009 reduce to 8 FOD events on the
the means to verify the

Pe r
targets apron per 10,000 operations.
3. …
safety performance of
the organization, and to 1. 20 events of unauthorized vehicles on the taxiways
Safety per 10,000 operations.
validate the performance
indicators
2. 15 FOD events on the apron per 10,000 operations.
effectiveness of safety 3. ...
risks controls.
Will comply all applicable national and international
Prescripti
Service
standards.
provider
on
measurement
• The safety performance of the organization is
verified throughout the following tools:
– Safety reporting systems
– Safety studies
– Safety reviews
– Safety audits
– Safety surveys
– Internal safety investigations
–…
measurement
• Safety audits are used to ensure that the
structure of the SMS is sound in terms of:
– Levels of staff;
– Compliance with approved procedures and
instructions;
– Level of competency and training to:
• Operate equipment and facilities; and
• Maintain their levels of performance.

measurement
• Safety surveys examine particular elements or
processes of a specific operation.
– Problem areas or bottlenecks in daily operations.
– Perceptions and opinions of operational personnel.
– Areas of dissent or confusion.
measurement
• Safety surveys may involve the use of:
– Checklists
– Questionnaires.
– Informal confidential interviews.
• Since surveys information is subjective, verification
may be needed before corrective action.
• Surveys may provide an inexpensive source of
significant safety information.
measurement
• Internal safety investigations include
occurrences or events that are not required
to be investigated or reported to State.
– In-flight turbulence (flight operations)
– Frequency congestion (ATC)
– Material failure (maintenance)
– Ramp vehicle operations (aerodrome)
ICAO SMS framework
• The organization shall develop and maintain a
formal process to identify changes within the
organization which may affect established
processes and services, in order to:
– Describe the arrangements to ensure safety
performance before implementing changes; and
– To eliminate or modify safety risk controls that are no
longer needed or effective due to changes in the
operational environment.
• Aviation organizations experience permanent
changes due to expansion, introduction of new
equipment or procedures.
• Changes can:
– Introduce new hazards.
– Impact the appropriateness of risk mitigation.
– Impact the effectiveness of risk mitigation.
• External changes
– Change of regulatory requirements.
– Security.
– Reorganization of air traffic control.
–…
• Internal changes
– Management changes
– New equipment.
– New procedures.
–…
ICAO SMS framework
• The organization shall:
– Develop and maintain a formal process to identify
the causes of sub-standard performance of the
SMS;
– Determine the implications of sub‑standard
performance of the SMS in operations; and
– Eliminate or mitigate such causes.
• Continuing improvement is achieved through:
– Proactive evaluation of facilities, equipment,
documentation and procedures through safety
studies, reviews, audits and surveys.
– Proactive evaluation of the individuals’
performance, to verify the fulfilment of their safety
responsibilities and accountabilities.
• Continuing improvement is achieved through:
– Reactive evaluations in order to verify the
effectiveness of the system for control and
mitigation of risks, for example through
information obtained from :
• Accidents, incidents and major events investigations.
Safety Risk Management (SRM) and Safety Assurance
(SA) – Summary
Design Operation
SRM SA
System
description/gap System operation Description
analysis and context
Safety performance
Hazard identification monitoring and Specific
measurement information
Safety risks Continuous

assessment improvement Analysis
Safety Mgt. of
risks change Assessment
Safety risks mitigation Corrective action Problem

resolution
ICAO SMS framework
• The organization shall develop and maintain a safety

training programme that ensures that personnel are
trained and competent to perform the SMS duties.
• The scope of the safety training shall be appropriate

to each individual’s involvement in the SMS.
• The safety manager should, in conjunction

with the personnel department, review the job
descriptions of all staff, and identify those
positions that have safety responsibilities.
Who? Why? How much?

 Operational  To ensure that  Appropriate to
personnel personnel are the individual’s
 Managers and trained and involvement in
supervisors competent to the SMS
 Senior managers perform the
 Accountable SMS duties
executive
4.1 – Training and education – A building block approach
Operational Managers and
Senior managers
personnel supervisors
1) Organization 3) The safety 6) Organizational

safety policy process safety standards
2) SMS 4) Hazard and national
fundamentals identification and regulations
and overview risk management 7) Safety assurance
5) The management
of change
• Accountable executive – A special mention
– A briefing on:
• Safety policy and objectives
• SMS roles and responsibilities
• Safety risk management
• Safety assurance
– Somewhere between two hours and half a day
ICAO SMS framework
• The organization shall develop and maintain
formal means for safety communication that:
– Ensures that all personnel are fully aware of the
SMS;
– Conveys safety critical information;
– Explains why particular safety actions are taken; and
– Explains why safety procedures are introduced or
changed.
• The means to communicate may include:
– Safety policies and procedures
– News letters.
– Bulletins.
– Website.
• Safety communication is an essential
foundation for the development and
maintenance of an SMS.
Module N° 9
Phased Approach to SSP and SMS Implementation

Module 9
Module 8
SSP
SMS Operation
and implementation
SMS Implementation


Objective
• At the end of this module participants will be
able to develop a proposal for an SMS
standard, based upon a phased
implementation, and explain the organization
of a State safety programme (SSP).
Outline
• Why a phased approach to SMS?
• The four phases
• The State safety programme (SSP)
• SSP initial steps in support of SMS
implementation
• A vision of the future – Integration
Why a phased approach to SMS?
• To provide a manageable series of steps to
follow in implementing an SMS.
• To effectively manage the workload associated
with SMS implementation.
• To pre-empt a “ticking boxes” exercise.
• Four implementation phases are proposed.
• Each phase is based upon the introduction of
specific SMS elements.
Phase 1 – Planning
• Provides:
– a blueprint on how the SMS requirements will be

met and integrated to the organization’s work
activities, and
– an accountability framework for the

implementation of the SMS.
Elements
1. Identify the Accountable Executive and the safety
1.1 and 1.2
accountabilities of managers. (Module 8)
2. Identify the person (or planning group) within the
Element 1.3
organization responsible for implementing the (Module 8)
SMS.
3. Describe the system (ATOs that are exposed to
safety risks during the provision of their services,
aircraft operators, AMOs, organizations Element 1.5
responsible for type design and/or manufacture of (Module 8)
aircraft, air traffic services providers and certified
aerodromes).
4. Conduct a gap analysis of the organization’s
existing resources compared with the national and Element 1.5
international requirements for establishing an (Module 8)
SMS.
5. Develop an SMS implementation plan that
explains how the organization will implement the Element 1.5
SMS on the basis of national requirements and
international SARPs, the system description and (Module 8)
the results of the gap analysis.
6. Coordinate emergency response planning with Element 1.4

similar planning of interfacing organizations. (Module 8)
7. Develop documentation relevant to safety policy Element 1.5

and objectives. (Module 8)
8. Develop and establish means for safety Element 4.2

communication. (Module 9)
Phase 2 – Reactive processes
1. Implement those elements of the SMS Elements
implementation plan that refer to the safety risk 2.1 and 2.2
management component – reactive processes. (Module 9)
2. Training relevant to reactive processes:

Element 4.1
SMS implementation plan components. (Module 9)
Safety risk management component.
3. Documentation relevant to reactive processes:

Element 1.5
SMS implementation plan components. (Module 8)
Safety risk management component.
Phase 3 – Proactive and predictive
processes
1. Implement those elements of the SMS
implementation plan that refer to the safety risk Elements
management component – proactive and 2.1 and 2.2
predictive processes. (Module 9)
2. Training relevant to proactive and predictive Element 4.1

processes. (Module 9)
3. Documentation relevant to proactive and Element 1.5

predictive processes. (Module 8)
Phase 4 – Operational safety assurance
1. Development and agreement on safety
Element 1.1
performance indicators and safety performance (Module 8)
targets.
2. Initiate safety performance monitoring and
Elements
measurement, including the management of
3.1, 3.2 and
change and the continuous improvement of the 3.3 (Module 9)
SMS.
Element 4.1
3. Training relevant to operational safety assurance. (Module 9)
4. Documentation relevant to operational safety Element 1.5

assurance. (Module 8)
SMS implementation phases – Summary
Timeline
PHASE I
PHASE II
PHASE III
PHASE IV
Planning SMS Implementation
Implementation
Elements: of reactive safety of proactive and Implementation
1.1; 1.2; 1.3 and management predictive safety of operational
processes management safety assurance
1.5 ; [and 1.4] processes
Elements: Elements:
2.1 and 2.2 Elements:
2.1 and 2.2 1.1; 3.1; 3.2 ;3.3
4.1 and 4.5
Develop documentation – Element 1.5
Develop and establish means for safety communication – Element 4.2
Develop and deliver training – Element 4.1

The bridge
Service
State
providers
SSP SMS
State safety programme
• Definition
– An integrated set of regulations and activities
aimed at improving safety.
• Requirement
– States shall establish a State safety
programme (SSP), in order to achieve an
acceptable level of safety in civil aviation.
State safety programme
• Implementation
– Develop the State safety programme (SSP) around
the following four components:
1. State safety policy and objectives
2. State safety risk management
3. State safety assurance
4. State safety promotion
ICAO SSP framework
1. State safety policy and objectives
1.1 State safety legislative framework
1.2 Safety responsibilities and accountabilities
1.3 Accident and incident investigation
1.4 Enforcement policy
2. State safety risk management
2.1 Safety requirements for service providers SMS
2.2 Agreement on service providers’ safety performance
3. State safety assurance
3.1 Safety oversight
3.2 Safety data collection, analysis and exchange
3.3 Safety data driven targeting of oversight on areas of greater concern or need
4. State safety promotion
4.1 Internal training, communication and dissemination of safety information
4.2 External training, communication and dissemination of safety information
SSP initial steps in support of SMS implementation
STEP 1
Conduct a gap STEP 2
analysis of the
SSP, in order to Develop an STEP 3
ascertain the
SMS training
status of Develop SMS
maturity and programme for STEP 4
the State safety regulations for
existence within
oversight service Revise the
the State of the
elements of an authority staff. providers. State
SSP. Prepare enforcement
guidance policy.
material for the
implementation
of SMS.
• The service providers’ SMS cannot effectively
perform either in a regulatory vacuum, or in an
exclusively compliance-oriented environment.
• In such environments, service providers will only
implement and demonstrate, and the State
authorities will only assess, the tokens of an SMS.
• In such environments, service providers will not be
able to implement, or the State authorities will be
not able to assess, effectively performing SMS.
• Effectively performing SMS by service

providers can only flourish under the enabling
umbrella provided by an SSP.
• The SSP is therefore a fundamental enabler
for the implementation of effective SMS by
service providers.
The bridge
Service
State
Safety
providers
ALoS performance
SSP SMS
A vision of the future – Integration
State safety programme (SSP) + Service providers SMS =
Integrated safety system (ISS)
Objective:
Establish State
acceptable Safety
State
level of Programme (SSP)
safety (ALoS) Performance-based
for civil oversight
aviation Acceptance
Compliance
oversight
Objective: Objective:
Services provider
Safety policy Organization’s Organization’s Support
and Safety Safety production
objectives Management Management goals and
customer
Safety risk system (SMS) system (SMS)
satisfaction
management Safety assurance
Safety promotion
Points to remember
1. Reduce a complex task to a series of
manageable steps.
2. Avoid a bureaucratic exercise (“Ticking boxes”).
3. Element allocation under a particular phase may
slightly vary depending upon the specific Annex.
4. The State safety programme (SSP) framework
5. SSP initial steps in support of SMS
implementation.

SMS Course

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SMS Course

Uploaded by

Copyright:

Available Formats

Module N° 01

SMS Course Introduction

Module 5 Module 6 Module 7

Module 1 Module 2 Module 3 Introduction Module 4

Module 5 Module 6 Module 7

Module 1 Module 2 Module 3 Introduction Module 4

• Safety is the state in which risks associated with aviation

activities ,related to or in direct support of the operation of the

aircraft ,are reduced and controlled to an acceptable level .

In Which the risk is reduced-Reduction an going and continual objective .

Sometimes said , below an acceptable level .

Through a continual process of Hazard Identification and Risk Management

The process is continual and on going.

Safety is more – it is Multi Dimensional

More than the absence of accidents or incidents

More than freedom from danger or risk

More than the process of “hazard identification and risk management” .

More than active and pro-active safety program .

Safety is more than all of these also

What we digest inwardly we exhibit instinctively outward

• Accident does not happen due to one Error/Violation, however it is a

Any accident will have a strong impact on reputations .

The strongest evidence of a serious breach of a system is an accident .

 Focus on outcomes (causes)

 Identifies: WHAT? WHO? WHEN?

1950s 1970s 1990s 2000s

Organization Workplace People Defences

Latent conditions trajectory

Workplace Policy-making Latent

Workplace  Inadequate hazard Latent

Factors that directly influence the efficiency of people in aviation workplaces.

HOWEVER ,THE ACCIDENT RECORD REPEATEDLY DEMONSTRATES THAT

IN THE RUSH TO EMBRACE NEW TECHNOLOGIES ,THE PEOPLE WHO

Statistically, millions of operational errors

• Error reduction strategies

• Error capturing strategies

• Error tolerance strategies

Module 5 Module 6 Module 7

Module 1 Module 2 Module Module 3

30 – 100 Serious incidents

100 – 1000 Incidents

Reactive Proactive Predictive

• identifying safety risks within the system before it fails; and

• taking the necessary actions to reduce such safety risks

– Aggressively seek information from a variety of sources which may

System High MiddleBaseline performanceLow

Predictive Proactive Reactive Reactive

• Evolving methods for understanding and managing safety risks are

• Allocation of resources is a managerial function.

• Management has the authority and the

Module 5 Module 6 Module 7

Module 1 Module 2 Module 3 Introduction Module

At the end of this module participants will be able to

• States shall establish a State safety

• The acceptable level of safety (ALoS) to be

1. Maintain no more than 20 events of unauthorized vehicles on the taxiways per

Safety 1. 20 events of unauthorized vehicles on the taxiways per 10,000 operations.

(Accountability – Obligation or willingness to

State Service provider

Module 5 Module 6 Module 7

Module 1 Module 2 Module 3 Introduction Module 4

At the end of this module, participants will be