Avioverse Limited
Safety Management

Safety Management

Aside Dionysis KefalasLeave a comment

Often we see quotes by many aviation organizations that safety is their top priority. In fact although it seems correct and gives credibility to the organization, it is not a real expectation.

Safety should be a mutual responsibility from all aviation staff within an organization and together with compliance or quality management will drive to safe operations and products.

Why safety?

A common question is why we have safety management systems (SMS), safety trainings, etc?

The plain answer is that because it is required by the regulators worldwide.

Outside the organization’s documentation, the following are the references regarding SMS:

  • ICAO Annex 13;
  • ICAO Annex 19;
  • ICAO Doc 9859;
  • any other applicable regulatory reference (this varies per country, i.e. for European organization it should be 145.A.200, CAMO.A.200, ORO.A.200, etc.).

In general we are required to establish a system that will take into account the following elements:

  • accountabilities and responsibilities and their interrelations;
  • safety policy;
  • hazard identification and safety risk management;
  • personnel training;
  • internal investigation;
  • safety performance monitoring;
  • management of change;
  • continuous improvement;
  • reaction to an emergency;
  • compliance monitoring.

Being compliant does not necessarily means being safe, because not all safety risks can be addressed by the rules. Local context, crisis, norms, changes shall be considered, and a process/ procedure may not be effective to all organizations.

Organization’s Documentation

There is not a solutions that fits all needs and types of operation on how an organization shall document the SMS and QMS procedures.

These could be part of an existing manual, a separate manual applicable to all organization’s approvals, or the organization may decide to establish an SMS and QMS separately for each approval granted.

What works for one organization may not work for the other. So, before establishing the SMS and QMS procedures the following shall be taken into account:

  • customization;
  • avoid duplications;
  • common procedures;
  • human performance limitations.

What is safety?

Having an SMS cannot guaranty that we will have zero accidents or incidents, but it can ensure that we identify the hazards linked to our operations and mitigating them.

There are multiple definitions about safety, one of them are presented below:

Safety is the state in which the possibility of harm to persons or property damage is reduced to, and maintained at or below, an acceptable level through a continuing process of hazard identification and safety risk management

ICAO Doc 9859

Advantages of a SMS

Some of the advantages of an effective safety management system are outlined below:

  • risk quantification in order to accept or reject the operation/ procedure, etc.;
  • reduce the risks;
  • develop effective and practicable solutions;
  • communicate the risks and available options;
  • invest resources safety wise;
  • develop safety culture;
  • inspire confidence from staff, customers, insurance;
  • management of all business risks;
  • regulatory compliance.

Phraseology

Risk management
Assessment and mitigation of safety risks

Probability
Likelihood or frequency that a safety consequence or outcome might occur

Severity
The extent of harm as a consequence or outcome of the identified hazard

Risk index
The composite probability and severity

Risk tolerability
The degree of acceptability of a risk

Mitigation
The process of incorporating defenses or preventive methods to a lower severity and/or likelihood of a hazard’s projected consequence

SMS Approaches

There are 3 main SMS approaches as below:

Reactive

The event has already happened.
The input is usually though incident/ accident reports and requires a triggering event.
From a consequence or unwanted event we identify the related hazards.

Proactive

This is the approach that an SMS should focus on by looking actively for identification of safety risks.
The input may be checklists, management of change, risk/ hazard reports, practicing existing procedures, near misses.
They require a less serious triggering event.
We identify hazards before escalating into an unwanted event/ consequence.

Predictive

They capture the system performance as it happens.
Data are required to identify patterns in order to make predictions.
They require no triggering event.

Accident Causation

A common model used to describe how an incident or accident is caused is the accident causation model (later named as Swiss cheese model).

It takes into account the latent conditions, which are present in the system before the accident and is made evident by triggering factors.

The systems are protected by multiple layers of defences that are designed to prevent hazards or system failures from cascading into accidents.

Each layer of protection, however, can develop “holes” or flaws though safety deficiencies, resembling the Swiss cheese (or other cheese from your country with holes).

As the number and size of these holes in the defences increase, the chances of accidents also increase.

When the holes in each of the layers of defences line up, an accident/ incident will occur.

The defence layers may be the following:

  1. Organizational processes (activities over which the organization has direct control);
    policy making, planning, communication, resources allocation, supervision
  2. Technology;
  3. Training;
  4. Regulations;
  5. Workplace conditions.
    workplace stability, qualifications and experience, morale, credibility

The latent conditions may be inadequate hazard identification or normalization of deviance and active failures are actions by people that have an immediate adverse effect.

What can we do to avoid an accident/ incident?

Monitor the organization processes, identify the latent conditions, reinforce the defences, improve the workplace conditions and contain the active failures.

Attention: Human error is the end result and not the root cause.

Below is presented an example of the accident causation model for respiratory virus pandemic (reference Wikimedia Commons).

Practical Drift

Practical drift is the phenomenon where actual performance varies from the ideal or designed performance, and is inevitable

Take into account an organization’s manual. Someone might have developed it and designed the related processes by having in mind that he/she actually implement them without any distraction and with his/her own mindset.

In reality, this person might not be in the organization or may be employed in another position and other staff are called to implement the aforementioned procedures. There are distractions, the regulations changes, the organization has changed the operating aircrafts, people from different cultures and with different experience levels are employed. All there factors will cause a variation from the ideal performance.

Any defences applied to the system will try to close that “gap”.

Copyright (c) AvioVerse Limited – All Rights Reserved

Leave a Reply