Professional Documents
Culture Documents
SMS Course
SMS Course
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
• What is safety?
– Zero accidents or serious incidents (a view widely held by
the travelling public)
– Freedom from hazards (i.e. those factors which cause or
are likely to cause harm)
– Attitudes towards unsafe acts and conditions by
employees of aviation organizations
– Error avoidance
– Regulatory compliance
– …?
Concept of safety
• Consider (the weaknesses in the notion of perfection)
– The elimination of accidents (and serious incidents) is
unachievable
– Failures will occur, in spite of the most accomplished
prevention efforts
– No human activity or human-made system can be
guaranteed to be absolutely free from hazard and
operational errors
– Controlled risk and controlled error are acceptable in
an inherently safe system
Definition of safety ( ICAO Doc 9859)
A State –Not a condition, but a state which can disappear at any time .
Hazard Identification and Risk Management are core competencies of any SMS system .
Safety Redefined
More than the degree to which risks inherent in aviation are “acceptable”
An Attitude
Compensation to families .
Fees to lawyers .
Punitive damages may occur .
A dedicated team will be kept busy for many years .
Follow on costs will add up
Procedures update
Training
Infrastructure
Insurance premiums
Product modifications
…
Accident causation
.
WHY? HOW?
The evolution of safety thinking
TECHNICAL FACTORS
HUMAN FACTORS
TODAY
ORGANIZATIONAL FACTORS
ORGANIZATION
processes violations
Resources
Actions
Conditions
ortoinactions
protect
presentagainst
byinpeople
the system
the(pilots,
risksbefore
that
controllers,
organizations
the accident,
maintenance
involved
made evident
engineers,
in production
by triggering
aerodrome
activities
Activities
Factors that
overdirectly
which influence
any organization
the
staff, etc.) that efficiency
have anhas a of
reasonable
people
immediate in degree aviation
adverse effect. of direct
workplaces.
control
generate and
factors.
must control.
The organizational accident
Organizational processes
Activities over which any organization has a reasonable degree of direct control
The organizational accident
Organizational processes
Conditions present in the system before the accident, made evident by triggering factors.
The organizational accident
Organizational processes
Workplace Latent
conditions conditions
Technology
Training
Active
failures Regulations Defences
Resources to protect against the risks that organizations involved in production activities
generate and must control.
The organizational accident
Organizational processes
Workforce stability
Workplace Qualifications and experience Latent
conditions Morale conditions
Credibility
Ergonomics
Active ... Defences
failures
Organizational processes
Workplace Latent
conditions conditions
Errors
Active
Violations Defences
failures
Actions or inactions by people (pilots, controllers, maintenance engineers, aerodrome staff, etc.)
that have an immediate adverse effect.
The perspective of the organizational accident
Organizational processes
Improve Identify
Monitor
Workplace Latent
conditions conditions
Reinforce
Contain
Active
Defences
failures
IN A HIGH – TECHNOLOGY INDUSTRY SUCH AS AVIATION ,THE FOCUS
OF PROBLEM SOLVING IS OFTEN ON TECHNOLOGY .
Source: Dedale
A
Understand
human performance
within the
operational context
where it takes place
B
Processes and outcomes
Causes and
consequences of
operational errors are
not linear in their
magnitude
The SHEL(L) model
Understanding the relationship between people and operational
contexts
Software
SS Hardware
Environment
HH L L LL Liveware
EE Liveware, other persons
Operational performance and technology
• In production-intensive industries
like contemporary aviation,
technology is essential
• As a result of the massive
introduction of technology, the
operational consequences of the
interactions between people and
technology are often overlooked,
leading to human error
Understanding operational errors
• Human error is considered
contributing factor in most aviation
occurrences
• Even competent personnel commit
errors
• Errors must be accepted as a normal
component of any system where
humans and technology interact
Errors and safety – A non linear relationship
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
ORGANIZATION
Safety management – Rationale
• In order to achieve its production objectives, the management of any
aviation organization requires the management of many business
processes
• Managing safety is one such business process
• Safety management is a core business function just as financial
management, HR management, etc.
• There is no aviation organization that has been created to deliver only
safety
• This brings about a potential dilemma for management
The management dilemma
Management levels
ORGANIZATION
Resources Resources
Protection Production
The management dilemma
Man
age
me nt le
vels
ORGANIZATION
Protection
Resources +
Production
Catastrophe
The management dilemma
ve ls
e
ent l
agem
n
Ma
ORGANIZATION
+ Resources
Production
Protection
Bankruptcy
Safety space
Financial
management
?
Bankruptcy ?
ORGANIZATION e
Protection
pa c
ty s
afe Safety
S Catastrophe management
Production
Safety management – The response to the dilemma
• Safety issues are a by-product of activities related to
production/services delivery
• An analysis of an organization's resources and goals allows for a
balanced and realistic allocation of resources between protection and
production goals, which supports the needs of the organization
• The product/service provided by any aviation organization must be
delivered safely (i.e. protecting users and stakeholders)
Why Safety Management? An imperfect system
System Baseline performance
design Practicaldrift
Practical drift
Operational Operatio
na l perform Defences
Regulations
deployment ance Training
Technology
Op
SMS era
ti ona
l per
form
anc
e
ORGANIZATION
The essential is invisible to the eyes
Number of occurrences
1–5 Accidents
Latent conditions
1000 – 4000
“Navigating the drift”
Baseline performance
Practical drift
Op
era Organization
ti ona
ORGANIZATION
l per
form
anc
e
Navigational aids
ORGANIZATION
era
tion
al p
FDA ASR erfoASR Accident
Direct rma and incident
Surveys MOR nce
observation Audits reports
system
Highly efficient Very efficient Efficient Insufficient
Desirable management
levels
The imperative of change
• As global aviation activity and complexity continues to grow, traditional
methods for managing safety risks to an acceptable level become less
effective and efficient
Collect
Re-evaluate additional Assess
control hazard consequences
strategies data
Implement Safety
Assess and prioritize
control management risks
strategies process
Approve Develop
control elimination/
Assign responsibilities mitigation
strategies strategies
In summary
• Managing safety requires resources.
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
exchange
Safety promotion
Basic safety management requirements
Service
Will comply all applicable national and international standards.
provider
Basic safety management requirements
• A safety management system (SMS) shall clearly
define lines of safety accountability throughout
a service provider organization, including a
direct accountability for safety on the part of
senior management.
State
safety (ALoS)
for civil (SSP)
aviation Performance-based
Acceptance oversight
Compliance
oversight
Objective:
Objective:
Services provider
Organization’s Organization’s Support
Safety policy Safety production
and Safety
Management goals and
objectives Management customer
Safety risk system (SMS) system (SMS) satisfaction
management
Safety assurance
Safety promotion
In summary
Performance-based
Prescription Regulations as safety risk
controls
Regulations as
Dynamic regulatory
administrative controls
framework:
Rigid regulatory Data based
framework identification and
Inspections prioritization of safety
risks
Audits Develop regulations to
Regulatory control safety risks
compliance Effective safety
performance
Module N° 05
HAZARD
Safety Management System
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
→Hazard analysis .
→Documentation of hazards.
→Importance of Safety data & Reporting System .
Definitions
→Hazard – Anything with the potential to cause harm.
Hard to identify
Harder to understand
ATC procedures
Weather
Missed approaches
Terrain
ATC procedures
Weather
Missed approaches
Terrain
Runway inspections
Weather
Airspace
reclassification Runway crossings
System malfunctions
Examples of Hazards for Airports
FO(D) Constructions
Vehicles in apron
Weather
Runway inspections
Security issues
Obstacles
Non standard
procedures
Heavy traffic
Noise restrictions
Wildlife
Examples of hazards by type
1. Natural
1. Natural
3. Economic
4. Ergonomic
5. Organizational
• Re-organization.
Examples of hazards by Organization
1. Aircraft Operator
• Load-sheet errors
• Lack of sleep during off duty
• Partial failure or loss of navigation systems
• Error in FMS data base
• Loss of radio communication
Examples of hazards by Organization
2. Airport Operator
3. Ground Handler
•Jet Blast
•Noise
•Understaffing
•Misinterpretation of Load-sheet
•Wet surfaces/ equipment
•Improper application of anti-icing fluid
Hazard identification
1. Reactive Methods
2. Proactive Methods
Hazard identification
→ In real life scenarios, both reactive and proactive methods provide an effective
means of hazard identifications. Incident investigation is still one of the largest
contributors in identifying hazards.
→Direct costs
The obvious costs, which are easily determined. The high costs of
exposure of hazards can be reduced by insurance coverage.
↘Purchasing insurance only transfers monetary risk
→Indirect costs
The uninsured costs. An understanding of these uninsured costs (or
indirect costs) is fundamental to understanding the economics of safety.
Hazard Analysis
→ Usually they amount more than the direct
costs resulting from exposure to hazards:
Loss of business
Damage to the reputation
Loss of use of equipment
Loss of staff productivity
Legal actions and claims
Fines and citations
Insurance deductibles
How the process go on in the system
Identify
hazards
Re-evaluate Collect
control additional Assess
strategies hazard risks
data
Implement Prioritize
control Safety
strategies management risks
process
Develop
Assign elimination/
Approve mitigation
responsibilities control strategies
strategies
Hazard Analysis
Hazard Analysis
Documentation of hazards
Definitions
Understanding
Validation
Reporting
Measurement
Management
Documentation of hazards
Method Identification Management Documentation Information
Proactive method
• ASR Develop control and
mitigation strategies
Implement strategies “Safety Safety bulletins
• Surveys
• Audits library”
Hazards
Report distribution
Predictive method
• FDA Inform person(s) Re-evaluate strategies
responsible for
• Direct observation implementing and
Seminars and
systems strategies processes
workshops
Feedback
Safety Information
Safety Management Systems are predicated on useful data and
information being collected, analysed /assessed, and used to make
decisions
Data and information provide the “fuel” for the tools use by all
participants to manage risks
Remember
“If In doubt – report It”
The basic safety process is accomplished as follows :
1.A safety issue or concern is raised ,a hazard is identified ,or an incident or accident
happen.
If safety issue is resolved ,the action can be documented and the safety enhancement
maintained .
Module N° 6
Risks
Safety Management System
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
→What is it?
The identification, analysis and elimination, and/or mitigation to an acceptable level of
risks that threaten the capabilities of an organization.
→Why is it important?
A key component of safety management systems.
Data-driven approach to safety resources allocation, thus defensible and easier to
explain.
Risk management
Intolerable region
The risk is
unacceptable
at any level
Acceptable
region The risk is acceptable
as it currently stands
Second fundamental - Risk probability
→Definition(s)
Probability – The chance that a situation of danger might occur.
Second fundamental – Risk probability
→… questions such:
What number of operating or maintenance
personnel must follow the procedure (s) in
question?
How frequently is the equipment or procedure under assessment
used?
Second fundamental – Risk probability
Probability of occurrence
Qualitative
Meaning Value
definition
Extremely
improbable
Almost inconceivable that the event will occur 1
Third fundamental – Risk severity
→Definition(s)
Severity – The possible consequences of a situation of danger, taking
as reference the worst foreseeable situation.
Third fundamental – Risk severity
→ … questions:
What is the severity of the property or financial damage?
↘Direct operator property loss
↘Damage to aviation infrastructure
↘Third party damage
↘Financial impact and economic impact for the State
Are there organizational, management or regulatory implications that might generate
larger threats to public safety?
What are the likely political implications and/or media interest?
Third fundamental – Risk severity
Severity of occurrences
Aviation
Meaning Value
definition
Equipment destroyed
Catastrophic Multiple deaths A
A large reduction in safety margins, physical distress or a workload such
that the operators cannot be relied upon to perform their tasks accurately
or completely.
Hazardous Serious injury or death to a number of people. B
Major equipment damage
Nuisance.
Operating limitations.
Minor Use of emergency procedures. D
Minor incident.
Risk severity
5 – Frequent 5A 5B 5C 5D 5E
4 – Occasional 4A 4B 4C 4D 4E
3 – Remote 3A 3B 3C 3D 3E
2 – Improbable 2A 2B 2C 2D 2E
1 – Extremely
improbable 1A 1B 1C 1D 1E
Fourth fundamental – Risk tolerability
5A, 5B, 5C, 4A, 4B, 3A Unacceptable under the existing circumstances
5D,5E, 4C, 3B, 3C, 2A, 2B Risk control/mitigation requires management decision
Acceptable after
4D, 4E, 3D, 2C, 1A, 1B review of the operation
RISK ASSESSMENT
Evaluate the seriousness of the risk(s) occurring Severity
NO
YES Take action to reduce
Accept the risk(s) the risk(s) to an RISK CONTROL/MITIGATION
acceptable level
Fifth fundamental – Risk control/mitigation
→Definition(s)
Mitigation – Measures to eliminate the potential hazard or to reduce
the risk probability or severity.
↘Risk mitigation = Risk control
→ Strategies
→ Strategies
Segregation of exposure – Action is taken to isolate the effects of risks or build-in
redundancy to protect against it, i.e., reduce the severity of risk.
H H H H
Ø Does the mitigation
address the hazard?
Regulations Ø Does it address the
risk (s)?
EACH HAZARD Training Ø Is it effective?
Ø Is it appropriate?
Technology
Ø Is additional or
R R R R different
mitigation warranted?
EACH RISK Do the mitigation
Ø
strategies generate
additional risk (s)
As a reminder
SMS planning
Safety Management System
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
Operations Maintenance
safety officer safety officer
Safety Action
Safety Services
Group(s)
(SAG) Office
ICAO SMS framework
Safety policy and objectives
1.1 – Management commitment and responsibility
1.2 – Safety accountabilities
1.3 – Appointment of key safety personnel
1.4 – Coordination of emergency response planning
1.5 – SMS documentation
Safety risk management
2.1 – Hazard identification
2.2 – Risk assessment and mitigation
Safety assurance
3.1 – Safety performance monitoring and measurement
3.2 – The management of change
3.3 – Continuous improvement of the SMS
Safety promotion
4.1 – Training and education
4.2 – Safety communication
Safety policy and objectives
Operations Maintenance
safety officer safety officer
Safety Action
Safety Services
Group(s)
(SAG) Office
Safety policy and objectives
Operations Maintenance
safety officer safety officer
Safety Action
Safety Services
Group(s)
(SAG) Office
Safety policy and objectives
1.3 – Appointment of key safety personnel
• The Safety Review Board (SRB):
– High level committee
– Strategic safety functions
• Chaired by the accountable executive.
• It may include the Board of Directors.
• Composed of heads of functional areas.
Safety policy and objectives
1.3 – Appointment of key safety personnel
• SRB monitors:
– Safety performance against the safety policy and
objectives.
– Effectiveness of the SMS implementation plan.
– Effectiveness of the safety supervision of sub-contracted
operations.
• SRB ensures that appropriate resources are
allocated to achieve the established safety
performance.
• SRB gives strategic direction to the SAG.
Safety responsibilities
Safety Review Accountable Executive
Board (SRB)
Operations Maintenance
safety officer safety officer
Safety Action
Safety Services
Group(s)
(SAG) Office
Safety policy and objectives
SMS Operation
Safety Management System
Module 9
Module 8
Phased Approach to SMS
SMS Operation
implementation
consequences of hazards in
operations to ALARP.
ICAO SMS framework
Safety policy and objectives
1.1 – Management commitment and responsibility
1.2 – Safety accountabilities
1.3 – Appointment of key safety personnel
1.4 – Coordination of emergency response planning
1.5 – SMS documentation
Safety risk management
2.1 – Hazard identification
2.2 – Risk assessment and mitigation
Safety assurance
3.1 – Safety performance monitoring and measurement
3.2 – The management of change
3.3 – Continuous improvement of the SMS
Safety promotion
4.1 – Training and education
4.2 – Safety communication
Safety assurance
3.1 – Safety performance 1. Training course for drivers / installation of specific
measurement 3. …
a
Safety
for m
performance 2. By January 2009 reduce to 8 FOD events on the
safety performance of
the organization, and to 1. 20 events of unauthorized vehicles on the taxiways
Safety per 10,000 operations.
validate the performance
indicators
2. 15 FOD events on the apron per 10,000 operations.
risks controls.
Will comply all applicable national and international
Prescripti
Service
standards.
provider
on
Safety assurance
3.1 – Safety performance monitoring and
measurement
• The safety performance of the organization is
verified throughout the following tools:
– Safety reporting systems
– Safety studies
– Safety reviews
– Safety audits
– Safety surveys
– Internal safety investigations
–…
Safety assurance
3.1 – Safety performance monitoring and
measurement
• Safety audits are used to ensure that the
structure of the SMS is sound in terms of:
– Levels of staff;
– Compliance with approved procedures and
instructions;
– Level of competency and training to:
• Operate equipment and facilities; and
• Maintain their levels of performance.
Safety assurance
Design Operation
SRM SA
System
description/gap System operation Description
analysis and context
Safety performance
Hazard identification monitoring and Specific
measurement information
Safety Mgt. of
risks change Assessment
Module 9
Module 8
Phased Approach to SMS
SSP
SMS Operation
and implementation
SMS Implementation
Service
State
providers
SSP SMS
State safety programme
• Definition
– An integrated set of regulations and activities
aimed at improving safety.
• Requirement
– States shall establish a State safety
programme (SSP), in order to achieve an
acceptable level of safety in civil aviation.
State safety programme
• Implementation
– Develop the State safety programme (SSP) around
the following four components:
1. State safety policy and objectives
2. State safety risk management
3. State safety assurance
4. State safety promotion
ICAO SSP framework
1. State safety policy and objectives
1.1 State safety legislative framework
1.2 Safety responsibilities and accountabilities
1.3 Accident and incident investigation
1.4 Enforcement policy
2. State safety risk management
2.1 Safety requirements for service providers SMS
2.2 Agreement on service providers’ safety performance
3. State safety assurance
3.1 Safety oversight
3.2 Safety data collection, analysis and exchange
3.3 Safety data driven targeting of oversight on areas of greater concern or need
4. State safety promotion
4.1 Internal training, communication and dissemination of safety information
4.2 External training, communication and dissemination of safety information
SSP initial steps in support of SMS implementation
STEP 1
Conduct a gap STEP 2
analysis of the
SSP, in order to Develop an STEP 3
ascertain the
SMS training
status of Develop SMS
maturity and programme for STEP 4
the State safety regulations for
existence within
oversight service Revise the
the State of the
elements of an authority staff. providers. State
SSP. Prepare enforcement
guidance policy.
material for the
implementation
of SMS.
SSP initial steps in support of SMS implementation
• The service providers’ SMS cannot effectively
perform either in a regulatory vacuum, or in an
exclusively compliance-oriented environment.
• In such environments, service providers will only
implement and demonstrate, and the State
authorities will only assess, the tokens of an SMS.
• In such environments, service providers will not be
able to implement, or the State authorities will be
not able to assess, effectively performing SMS.
SSP initial steps in support of SMS implementation
Service
State
Safety
providers
ALoS performance
SSP SMS
A vision of the future – Integration
State safety programme (SSP) + Service providers SMS =
Integrated safety system (ISS)
Protection Production
Objective:
Establish State
acceptable Safety
State
level of Programme (SSP)
safety (ALoS) Performance-based
for civil oversight
aviation Acceptance
Compliance
oversight
Objective: Objective:
Services provider
Safety policy Organization’s Organization’s Support
and Safety Safety production
objectives Management Management goals and
customer
Safety risk system (SMS) system (SMS)
satisfaction
management Safety assurance
Safety promotion
Points to remember
1. Reduce a complex task to a series of
manageable steps.
2. Avoid a bureaucratic exercise (“Ticking boxes”).
3. Element allocation under a particular phase may
slightly vary depending upon the specific Annex.
4. The State safety programme (SSP) framework
5. SSP initial steps in support of SMS
implementation.