We have looked at why an SMS is important and discussed some key safety points. Let’s move on to SMS fundamentals and see what makes an SMS work.
A Safety Management System is composed of only 4 Components ______. We will briefly talk about each component now, as an overview, and then go into much more depth shortly. Click The policy component defines top management’s objectives and requirements; policy provides the structure, procedures and controls for SMS implementation and maintenance. Procedures and controls are essential safety attributes in the design of robust systems. Click The Safety Risk Management (SRM) and Safety Assurance (SA) components are the primary functional processes of the SMS. These two components combine system safety and quality management into an interactive process. SRM is where hazards are identified, analyzed for risk, assessed and controlled. SA is where the controls are monitored to ensure they continue to work to mitigate safety risk. Click The safety promotion component provides the processes necessary to support a sound safety culture, such as communication and training. The safety culture of the organization is part of the environment that surrounds the entire safety management effort. Notice that Policy sits atop both SRM & SA; it sets the framework, tone, processes and procedures for the SMS. Policy is directed by management, but once established, the primary functional processes of an SMS are ____ the SRM and SA. Notice also that the Safety Promotion is not limited by a box; like a safety culture, it permeates all SMS components and the organization.
Transition; We’ve seen the foundational Components of an SMS and the relationships between the External and Internal SMS, and how they evolve from the ICAO requirements. Now, let’s look @ the main two functional processes of any SMS – that applies to both internal & external SMS. Remember that a Safety management System (SMS) provides a systematic way to control risk and to provide assurance that those risk controls are effective Let’s get into a little more detail of the specific processes of the two main functional components of the SMS. Note; In preparation for presenting this slide, recommend practicing the builds, and reading the Word document, “SRM SA Flowchart Script.doc” Note; this is foundational to any SMS – it applies to both internal & external SMS SRM and SA are the primary functional processes of an SMS. These two components combine system safety and quality management into a single, interactive process. We will see how these are applied to our responsibility, in the next slide… These are the 5 major building blocks of the SRM & SA system. Let’s look at @ each of them quickly; Description & Context – critical to know what the system is & does to be able to manage effectively Specific information – within the context of the system, obtain the information needed to evaluate & make sound decisions Analysis – Caution; We sometimes see Root Cause Analysis miss-applied to risk after an event happened – there is no longer risk; it already happened. Root Cause Analysis used to evaluate the past – looking for a cause & why something did/didn’t happen. Risk analysis looks into the future – will it happen again? Where & when will it happen again, etc? Assessment – Ask why it didn’t perform as intended? Corrective Action Additional SRM slide-build notes: System Analysis (Design) gets the stakeholders in the room, so that an effective functional flow of the processes can be done Hazard Identification asks the questions, “What If?” Risk Analysis asks, “How likely is it to occur, and if it occurs, how bad will it be?” Risk Assessment – a determination is made as to whether or not the identified risk is acceptable; if so, the system/operation/program is put into operation, and is monitored, using the SA, if not… Risk Control is developed, then the revised system is run back through the SRM, to ensure no replacement risks have been introduced Additional SA slide-build notes: Recall the definition of assurance; something that gives confidence System Operation – normal operation & continual monitoring mode Data Acquisition & Process – Assuring its operation, identifying discrepancies, auditing, collecting specific information/data (facts – no inference or judgment) Analysis – Root Cause analysis (RCA) – human inferences System Assessment – Human value/judgment/opinion, based on experience, industry knowledge, etc. If acceptable, return to the operational environment, if unacceptable…. Corrective Action – If system is OK, but non-conforming product/event, need course correction (corrective action), then plug back into Operational flow. (There are many models for decision making & problem solving, to determine an appropriate corrective action). But, if system is identified as being deficient, the flow is driven back to SRM, to properly address.
As a recap, the SRM process is essentially a design process where you understand the objectives, system and environment of the operation in enough detail to identify the hazards and develop risk controls. The SA process is a performance assurance process that monitors and measures risk controls to assure or gain confidence in the system’s ability to maintain risk controls and ensure Continuing Operational Safety (COS). Together SRM and SA are tools to be used in DECISION MAKING. Decision making to manage risk…a safety management system.
Now let’s address the roles, responsibilities and relationships between the FAA, and our service providers. ____ ________ Dr. James Reason described two principal functions within a business organization – production and protection. First, we have productive functions, the reason for the existence of the business – to provide a useful service or product, at a profit to public users. We must balance these two functions. The management chain from the top through the managers who oversee operational functions have both sets of functional responsibilities; production (the obligation of supplying products and services) and protection (the obligation to provide them safely). The FAA’s contribution to public safety at this level is through the agency’s oversight systems. Traditionally, this has been by __ through surveillance. Click The FAA still intends to conduct surveillance, but its focus is changed to supporting safety assurance.____ This is the essential concept of system safety. Click The FAA oversight program (ATOS/NPG and our “internal” SMS) will provide the Agency’s safety assurance function.___ Click ATOS, our current Part 121 oversight system, adds a management system to oversight _____. These elements organize regulatory requirements into a systematic structure of Systems, Subsystems and Elements. ATOS and the NPG organize the oversight management system into two sets of modules – Design Assessment (DA) and Performance Assessment (PA). At this point, we’ve gone as far as we can go with oversight. Real safety management must involve processes from within the operator’s organization. Click Thus we add the operator’s SMS, the external SMS…consisting primarily of the two functional processes of SRM (Design) and SA (Performance) that we discussed earlier. These are supported by the policy and promotional components of the SMS. Click SRM, a design function, will work closely in conjunction with the design assessment function of the oversight system… Click …where certification and program approval/acceptance decisions are made. Click Likewise, the operator’s safety assurance functions and the FAA’s performance assessment processes will work to assure or gain confidence… Click …in the Continuing Operational Safety (C.O.S.) of operational systems. Click
To complete the oversight picture… Click The Design Assessment is performed with the ATOS Safety Attribute Inspection… Click …and the Performance Assessment is performed with the ATOS Element Performance Inspection. Click What will the future hold? Probably something very similar and it will be called the Safety Assurance System (SAS), a meld of System Safety, ATOS and SMS.
Finally, for this module, we reach the summary slide that wraps up the critical elements & functions of an SMS. They can be captured in two statements. SMS provides a systematic method to: Identify hazards and control associated risk, and Provide assurance that risk controls remain effective.
Now we will explore the key elements of the SMS Policy Component.
What does policy mean to you? If you thought about organizational structures, goals, objectives or just something that puts it all together, you would be right on track. clisk All management systems must define policies and organizational structures. . In a Safety Management System, policy must show management’s commitment to safety management for the entire organization and must define safety objectives for everyone in the company…. Click … and SMS policy must establish the framework necessary to meet those objectives.
Click If Top Management does not lead the way into SMS, you will never have an SMS; you will only have a robust safety program. Without Top Management, safety management will never mature; it will only be a dream. Click Top Management must show personal involvement… Click …must establish safety goals and objectives… Click …must provide the resources to build and maintain an SMS… Click …and must clearly communicate their needs throughout the organization. These are the critical Top Management activities that are required for the development of a healthy safety environment.
Under an SMS… Click …managers must manage safety. Click Safety management uses the same skills and knowledge and the same decision making effort as financial management or human resource management.
So, what about management requirements? Click Part 119.65 has management requirements already, the “five wise men or women” (three for part 135) have a regulated goal… Click …and they have regulated duties to perform. Thought that are very general non=specific duities. Click SMS provides a structured methodology to integrate those positions into the safety management system .
What about the Technical Managers, the experts who manage on the flight line, school house or hangar floor? What part do they play in SMS? Click they are some of the primary hazard identifiers (they know what can hurt the company)… These individuals manage the predictive processes where hazards are encountered so …... Click …they are the primary risk assessors (decision makers) (is the risk acceptable?, am I happy with it?)… Click …and, they monitor controls to ensure their effectiveness. These managers are also responsible for. safety promotion, communication, training, obtaining safety objectives, and many other critical roles.
Earlier we discussed the part 119 required positions. Where do they fit in? The Director of Operation, Director of Maintenance and Chiefs are part of the normal management chain and their safety roles must be defined by top management. How about the Director of Safety? Doesn’t the DOS own the SMS? Absolutely NOT!. Traditionally, the DOS does own the safety program. A bad thing happens and the CEO, President, or other member of top management asks the DOS what happened and why. With an Safety Management System top management owns the SMS and the DOS facilitates the SMS process. The Director of Safety is still the resident safety expert and brings the information to the table, but the top management make the decisions. This is no different from how the CFO works. Previously we determined that technical management identifies the hazards… Click …the Director of Safety facilitates hazard identification by providing expertise, focused attention and defines hazard vs risk, etc.. Click Management assesses risk and makes the decisions on acceptability, the DOS provides management the decision making tools from analysis of the data. Click And finally, the director of Safety assures the effectiveness of risk controls by monitoring the application of those controls..
As you can see here, by signing the safety policy top management is committing to an exhaustive list of expected items. It is expected that these items will have full management support. This leaves no doubt as to who owns the SMS.
System documentation for SMS contains nothing new or different from the other systems of the Company. Click It conveys management expectations and work instructions to employees. Click Policy, procedures, instructions, outputs, documents and records may be in a stand-alone manual or integrated into existing documentation or manual systems. There is not a requirement for an SMS manual, however it is important that an organization be able to manage their SMS.. Often this is more easily done through structured outline style manual that classifies organizational-level SMS Policies.
Safety Management Systems (SMS) Fundmentals: Policy
Safety Risk Management (SRM) and Safety Assurance (SA) Workflow
Oversight and SMS
Technical Program Requirements
Oversight and SMS
Safety Management System
Provides a systematic way to:
1. Identify hazards and control risk
2. Provide assurance that risk controls are effective
• Establishes management commitment and
objectives – what the management wants.
• Sets up a framework of organizational
structures, accountabilities, plans,
procedures, and controls to meet the
Top Management Involvement
Top management* stimulates a healthy
• Visible, personal involvement of top
• Setting safety goals and objectives as policy
• Allocation of resources to meet safety goals
• Clear communication
(*Top management includes accountable executive
or accountable manager)
• Managers should manage safety in the same
way that they manage other areas of the
• Safety management involves judgment,
assessing priorities, and making decisions –
like all management decision making
• (119.65(a)): “…sufficient qualified
management and technical personnel to
ensure the highest degree of safety in its
• 119.65(d)(3): [shall] “…discharge their
duties to meet applicable legal requirements
and to maintain safe operations.”
• The SMS provides a structured system of
processes to meet these requirements.
Typical Duties of Technical
• Hazard identification
• Safety risk assessment
• Assuring the effectiveness of safety risk
Typical Duties of Management
• Facilitating hazard identification
• Safety risk analysis
• Monitoring the effectiveness of safety risk
Safety Policy Requirements:
• System documentation conveys
management expectations and work
instructions to employees
• May be a stand-alone manual or
integrated into existing documentation