This document provides an overview of a Safety Management System (SMS) as used by the Federal Aviation Administration (FAA). It discusses the four main components or "pillars" of an SMS: policy, safety risk management, safety assurance, and safety promotion. It also outlines the workflows for safety risk management and safety assurance. Key aspects of an SMS include identifying hazards, controlling risks, providing assurance that risk controls are effective, and promoting a positive safety culture. An SMS provides a systematic approach to these aspects of safety management.
3. Safety Risk Management (SRM) and Safety Assurance (SA) Workflow
SRM
SA
System
Analysis
(Design)
System
Monitoring
Hazard
Ident
Data
Acquisition
& Process
Specific
Information
Risk
Analysis
Analysis
(C.O.S.)
Analysis
Risk
Assmt
System
Assmt
Assessment
Risk
Control
Corrective
Action
Design
Performance
Description
& Context
Action:
Problem
Resolution
Federal Aviation
Administration
SL-3
5. Oversight and SMS
FAA
Oversight Program
Management
DA
PA
Protection
FAA’s Safety
Management
(Oversight)
(SAS)
Production
Technical Program Requirements
•Systems
•Subsystems
•Elements
Surveillance
S
R
M
Cert
S
A
Operator’s Safety
Management
System
Operational
Process
Public:
Users
C.O.S.
Federal Aviation
Administration
SL-5
6. Oversight and SMS
FAA
Oversight Program
Management
DA
PA
DA (SAI)
SAS
(Future)
S
R
M
S
A
PA(EPI)
Cert
C.O.S.
Federal Aviation
Administration
SL-6
7. Safety Management System
Provides a systematic way to:
1. Identify hazards and control risk
2. Provide assurance that risk controls are effective
Policy
(Structure)
Safety Risk
Management
Safety
Assurance
Safety Promotion
(Culture)
Federal Aviation
Administration
SL-7
9. SMS Policy
• Establishes management commitment and
objectives – what the management wants.
• Sets up a framework of organizational
structures, accountabilities, plans,
procedures, and controls to meet the
objectives.
Federal Aviation
Administration
SL-9
10. Top Management Involvement
Top management* stimulates a healthy
safety environment
• Visible, personal involvement of top
management
• Setting safety goals and objectives as policy
• Allocation of resources to meet safety goals
• Clear communication
(*Top management includes accountable executive
or accountable manager)
Federal Aviation
Administration
SL-10
11. Management Responsibility
• Managers should manage safety in the same
way that they manage other areas of the
business
• Safety management involves judgment,
assessing priorities, and making decisions –
like all management decision making
Federal Aviation
Administration
SL-11
12. Management Requirements
• (119.65(a)): “…sufficient qualified
management and technical personnel to
ensure the highest degree of safety in its
operations.”
• 119.65(d)(3): [shall] “…discharge their
duties to meet applicable legal requirements
and to maintain safe operations.”
• The SMS provides a structured system of
processes to meet these requirements.
Federal Aviation
Administration
SL-12
13. Typical Duties of Technical
Management
• Hazard identification
• Safety risk assessment
• Assuring the effectiveness of safety risk
controls
Federal Aviation
Administration
SL-13
14. Typical Duties of Management
Representative (DOS)
• Facilitating hazard identification
• Safety risk analysis
• Monitoring the effectiveness of safety risk
controls
Federal Aviation
Administration
SL-14
16. SMS Documentation
• System documentation conveys
management expectations and work
instructions to employees
• May be a stand-alone manual or
integrated into existing documentation
systems
Federal Aviation
Administration
SL-16
Hinweis der Redaktion
We have looked at why an SMS is important and discussed some key safety points. Let’s move on to SMS fundamentals and see what makes an SMS work.
A Safety Management System is composed of only 4 Components ______. We will briefly talk about each component now, as an overview, and then go into much more depth shortly.
Click
The policy component defines top management’s objectives and requirements; policy provides the structure, procedures and controls for SMS implementation and maintenance. Procedures and controls are essential safety attributes in the design of robust systems.
Click
The Safety Risk Management (SRM) and Safety Assurance (SA) components are the primary functional processes of the SMS. These two components combine system safety and quality management into an interactive process. SRM is where hazards are identified, analyzed for risk, assessed and controlled. SA is where the controls are monitored to ensure they continue to work to mitigate safety risk.
Click
The safety promotion component provides the processes necessary to support a sound safety culture, such as communication and training. The safety culture of the organization is part of the environment that surrounds the entire safety management effort.
Notice that Policy sits atop both SRM & SA; it sets the framework, tone, processes and procedures for the SMS. Policy is directed by management, but once established, the primary functional processes of an SMS are ____ the SRM and SA. Notice also that the Safety Promotion is not limited by a box; like a safety culture, it permeates all SMS components and the organization.
Transition; We’ve seen the foundational Components of an SMS and the relationships between the External and Internal SMS, and how they evolve from the ICAO requirements.
Now, let’s look @ the main two functional processes of any SMS – that applies to both internal & external SMS.
Remember that a Safety management System (SMS) provides a systematic way to control risk and to provide assurance that those risk controls are effective
Let’s get into a little more detail of the specific processes of the two main functional components of the SMS.
Note; In preparation for presenting this slide, recommend practicing the builds, and reading the Word document, “SRM SA Flowchart Script.doc”
Note; this is foundational to any SMS – it applies to both internal & external SMS
SRM and SA are the primary functional processes of an SMS. These two components combine system safety and quality management into a single, interactive process. We will see how these are applied to our responsibility, in the next slide…
These are the 5 major building blocks of the SRM & SA system. Let’s look at @ each of them quickly;
Description & Context – critical to know what the system is & does to be able to manage effectively
Specific information – within the context of the system, obtain the information needed to evaluate & make sound decisions
Analysis – Caution; We sometimes see Root Cause Analysis miss-applied to risk after an event happened – there is no longer risk; it already happened. Root Cause Analysis used to evaluate the past – looking for a cause & why something did/didn’t happen. Risk analysis looks into the future – will it happen again? Where & when will it happen again, etc?
Assessment – Ask why it didn’t perform as intended?
Corrective Action
Additional SRM slide-build notes:
System Analysis (Design) gets the stakeholders in the room, so that an effective functional flow of the processes can be done
Hazard Identification asks the questions, “What If?”
Risk Analysis asks, “How likely is it to occur, and if it occurs, how bad will it be?”
Risk Assessment – a determination is made as to whether or not the identified risk is acceptable; if so, the system/operation/program is put into operation, and is monitored, using the SA, if not…
Risk Control is developed, then the revised system is run back through the SRM, to ensure no replacement risks have been introduced
Additional SA slide-build notes:
Recall the definition of assurance; something that gives confidence
System Operation – normal operation & continual monitoring mode
Data Acquisition & Process – Assuring its operation, identifying discrepancies, auditing, collecting specific information/data (facts – no inference or judgment)
Analysis – Root Cause analysis (RCA) – human inferences
System Assessment – Human value/judgment/opinion, based on experience, industry knowledge, etc. If acceptable, return to the operational environment, if unacceptable….
Corrective Action – If system is OK, but non-conforming product/event, need course correction (corrective action), then plug back into Operational flow. (There are many models for decision making & problem solving, to determine an appropriate corrective action). But, if system is identified as being deficient, the flow is driven back to SRM, to properly address.
As a recap, the SRM process is essentially a design process where you understand the objectives, system and environment of the operation in enough detail to identify the hazards and develop risk controls.
The SA process is a performance assurance process that monitors and measures risk controls to assure or gain confidence in the system’s ability to maintain risk controls and ensure Continuing Operational Safety (COS). Together SRM and SA are tools to be used in DECISION MAKING. Decision making to manage risk…a safety management system.
Now let’s address the roles, responsibilities and relationships between the FAA, and our service providers. ____
________ Dr. James Reason described two principal functions within a business organization – production and protection. First, we have productive functions, the reason for the existence of the business – to provide a useful service or product, at a profit to public users. We must balance these two functions.
The management chain from the top through the managers who oversee operational functions have both sets of functional responsibilities; production (the obligation of supplying products and services) and protection (the obligation to provide them safely).
The FAA’s contribution to public safety at this level is through the agency’s oversight systems. Traditionally, this has been by __ through surveillance.
Click
The FAA still intends to conduct surveillance, but its focus is changed to supporting safety assurance.____ This is the essential concept of system safety.
Click
The FAA oversight program (ATOS/NPG and our “internal” SMS) will provide the Agency’s safety assurance function.___
Click
ATOS, our current Part 121 oversight system, adds a management system to oversight _____. These elements organize regulatory requirements into a systematic structure of Systems, Subsystems and Elements. ATOS and the NPG organize the oversight management system into two sets of modules – Design Assessment (DA) and Performance Assessment (PA). At this point, we’ve gone as far as we can go with oversight. Real safety management must involve processes from within the operator’s organization.
Click
Thus we add the operator’s SMS, the external SMS…consisting primarily of the two functional processes of SRM (Design) and SA (Performance) that we discussed earlier. These are supported by the policy and promotional components of the SMS.
Click
SRM, a design function, will work closely in conjunction with the design assessment function of the oversight system…
Click
…where certification and program approval/acceptance decisions are made.
Click
Likewise, the operator’s safety assurance functions and the FAA’s performance assessment processes will work to assure or gain confidence…
Click
…in the Continuing Operational Safety (C.O.S.) of operational systems.
Click
To complete the oversight picture…
Click
The Design Assessment is performed with the ATOS Safety Attribute Inspection…
Click
…and the Performance Assessment is performed with the ATOS Element Performance Inspection.
Click
What will the future hold? Probably something very similar and it will be called the Safety Assurance System (SAS), a meld of System Safety, ATOS and SMS.
Finally, for this module, we reach the summary slide that wraps up the critical elements & functions of an SMS. They can be captured in two statements.
SMS provides a systematic method to:
Identify hazards and control associated risk, and
Provide assurance that risk controls remain effective.
Now we will explore the key elements of the SMS Policy Component.
What does policy mean to you?
If you thought about organizational structures, goals, objectives or just something that puts it all together, you would be right on track.
clisk
All management systems must define policies and organizational structures. . In a Safety Management System, policy must show management’s commitment to safety management for the entire organization and must define safety objectives for everyone in the company….
Click
… and SMS policy must establish the framework necessary to meet those objectives.
Click
If Top Management does not lead the way into SMS, you will never have an SMS; you will only have a robust safety program. Without Top Management, safety management will never mature; it will only be a dream.
Click
Top Management must show personal involvement…
Click
…must establish safety goals and objectives…
Click
…must provide the resources to build and maintain an SMS…
Click
…and must clearly communicate their needs throughout the organization.
These are the critical Top Management activities that are required for the development of a healthy safety environment.
Under an SMS…
Click
…managers must manage safety.
Click
Safety management uses the same skills and knowledge and the same decision making effort as financial management or human resource management.
So, what about management requirements?
Click
Part 119.65 has management requirements already, the “five wise men or women” (three for part 135) have a regulated goal…
Click
…and they have regulated duties to perform. Thought that are very general non=specific duities.
Click
SMS provides a structured methodology to integrate those positions into the safety management system .
What about the Technical Managers, the experts who manage on the flight line, school house or hangar floor? What part do they play in SMS?
Click
they are some of the primary hazard identifiers (they know what can hurt the company)… These individuals manage the predictive processes where hazards are encountered so …...
Click
…they are the primary risk assessors (decision makers) (is the risk acceptable?, am I happy with it?)…
Click
…and, they monitor controls to ensure their effectiveness. These managers are also responsible for.
safety promotion, communication, training, obtaining safety objectives, and many other critical roles.
Earlier we discussed the part 119 required positions. Where do they fit in?
The Director of Operation, Director of Maintenance and Chiefs are part of the normal management chain and their safety roles must be defined by top management.
How about the Director of Safety? Doesn’t the DOS own the SMS? Absolutely NOT!.
Traditionally, the DOS does own the safety program. A bad thing happens and the CEO, President, or other member of top management asks the DOS what happened and why. With an Safety Management System top management owns the SMS and the DOS facilitates the SMS process. The Director of Safety is still the resident safety expert and brings the information to the table, but the top management make the decisions. This is no different from how the CFO works.
Previously we determined that technical management identifies the hazards…
Click
…the Director of Safety facilitates hazard identification by providing expertise, focused attention and defines hazard vs risk, etc..
Click
Management assesses risk and makes the decisions on acceptability, the DOS provides management the decision making tools from analysis of the data.
Click
And finally, the director of Safety assures the effectiveness of risk controls by monitoring the application of those controls..
As you can see here, by signing the safety policy top management is committing to an exhaustive list of expected items. It is expected that these items will have full management support. This leaves no doubt as to who owns the SMS.
System documentation for SMS contains nothing new or different from the other systems of the Company.
Click
It conveys management expectations and work instructions to employees.
Click
Policy, procedures, instructions, outputs, documents and records may be in a stand-alone manual or integrated into existing documentation or manual systems.
There is not a requirement for an SMS manual, however it is important that an organization be able to manage their SMS.. Often this is more easily done through structured outline style manual that classifies organizational-level SMS Policies.