Evolution of the Safety Management System
By Catalina9
The Safety Management System has always been
integrated with aviation in one way or another since the first flight of 1903.
At that time, safety was reactive and based on data and comprehension of the
systems. As flying became more popular, more airplanes were built, and with more
innovative uses of this new machine accidents happened. In the beginning flying
was compared to birds and since the birds seems to do OK, a person should not
have any issues or accidents. Over time that theory did not support data
collected, since accidents happened.
 |
| A hazard is in the eye of the beholder |
One step to eliminate accidents was to
require that a pilot was trained and held a pilot license. Today, it would be
ridiculous to accept a pilot without a license. However, it was not long ago
when it was discovered that a person had flown for a major airline for several
years without a license. As a flight instructor several years ago, a pilot, who
had flown for years came and asked me if it was time for him to get a pilot
license. Other steps to improve safety was to implement more regulations,
training and mechanical and technical improvements. Over time, data showed that
safety improved, but also that additional regulations was not the only answer
to improve safety. After an accident the root cause was in most cases assigned
as pilot-error. This was a simple way to avoid accountability. In the 70-80’s
the focus on accidents turned towards human factors, which is not to be
confused with human error, or pilot-error. The SHELL model was developed and
eventually a regulatory Safety Management System was developed as a proactive
approach to safety. Fast forwarding, safety today is still reactive, but
instead of answering to the regulator, safety is now answering to the public
opinion and social media. Posts on social media have suggested that the victims of accidents have the right to demand what
safety actions are implemented.
 |
|
Just like the first printed word, SMS
has evolved.
|
With the evolution of safety moving from reactive to
proactive and now conforming to the public opinion, it becomes crucial to
safety that the regulator has oversight process in place that conforms to the
current hazards. One of the current hazards is that social media drive the
course of safety actions. It has become obvious in regulatory guidance material
that their purpose is not system oversight and SMS assessments, but reverted to
the pre-SMS of prescriptive operational inspections. When the regulator develops
new types of inspections, it’s because they have decided that previous
inspection types were ineffective to meet their goals. This does not
necessarily imply that they don’t meet their national safety goals, but also
that they don’t meet their public relations goals. Several surveys within the
regulator were designed to discredit SMS assessments. Currently their
surveillance activities fall into four categories, which are Targeted
Inspections and the Compliance Inspections, in addition to the previous System
Levels surveillance (SMS Assessments and PVI) and Process Level surveillance
(PI).
A system level surveillance is when the regulator is
using assessments or PVI. During these activities, an enterprise’s systems is
reviewed to develop an understanding of how they comply with regulatory
requirements. Based on this understanding, a sampling plan is developed and
executed to determine whether an enterprise is in compliance with its
regulatory requirements and the degree to which they can effectively continue
to remain in compliance. The output of a systems level surveillance activity is
findings of either compliance or non-compliance. A process finding under an
assessment does not imply that there must be a system fining. Here is the catch
with this approach: Unless a person monitors an enterprise daily, they will not
comprehend, or understand how an enterprise comply with regulatory requirements
by reviewing manuals.
 |
|
PI is to inspect if the output was
produced by the inputs.
|
A process level surveillance is conducted using
process inspections PI. During a PI there is an onsite review of an enterprise
processes to develop an understanding of the process. Inspectors can then trace
an output from the process to determine if it conforms to regulatory
requirements. When conducting a PI, the process input is the output of the
inspection itself. There cannot be a broken link between input and output of
the process. In addition, if the regulatory is applying a manual description of
the process, there is a bias in the inspection, with an expectation that the
process is described in the manual. A PI must be drawn backwards, from the
output, and follow the trail of how “things are done” within an enterprise.
 |
|
Targeted inspections are narrow and
specific.
|
Targeted Inspections are a flexible oversight
approach that mixes compliance monitoring with information to gain relative
knowledge on a certain issue or topic. Targeted inspections are to determine
operator’s regulatory compliance levels while also collecting data to
understand how operators interpret and implement rules. Targeted inspections
are also for the regulator to understand what factors, elements, or conditions
may be missing and contributing to unacceptable results. It’s not just a
missing factor that may contribute to an unacceptable result, but also added
factors. Targeted inspections are method of investigating risk severity and
identifying potential risk mitigation options. Results from Targeted
Inspections support strategic direction through data collection, analysis,
findings and recommendations. Regulatory inspections become hazardous to
aviation safety when the regulator submits recommendations based on their
findings. First, the regulator cannot provide legal advice to operators, and
second, the regulator does not comprehend the operations, any operations, being
airline or airports, to provide recommendations for operations.
Compliance Inspection is when the regulator conducts
inspections to verify that an activity meets the applicable regulatory
requirement or design standard. Compliance inspections include ramp
Inspections, in-flight Inspections, cabin safety inspections, inspections of
airport’s daily inspections, inspections of airport’s obstacle control,
inspections of airport’s winter operations etc. Guidance material insists that
the regulator is applying compliance inspections as supplements to their system
level surveillance. This is how the regulator takes an incorrect turn at the
fork in the road. A compliance inspection is not a supplementary inspection, is
the main activity for data collection of a full SMS Assessment.
 |
|
A positive rating is a requirement for
safe operations.
|
When analysing guidance material for system level
surveillance, process level surveillance, targeted inspections and compliance
inspections, the hazard identified by the regulator and to eliminate is
criticism from public, ensure positive ratings on social media and a perceived
micromanagement system of certificate holders.
Yes, the regulator needs to make regulations, the
regulator needs to conduct regulatory oversight, the regulator needs to have a
high rating on social media and the regulator needs to ensure safety for the
flying public. However, the line the regulator cannot cross, is to be directly
involved in operations itself, even with recommendations. Any operator, being
airlines or airports, needs to establish a Daily Rundown as their daily quality
control of monitoring operations. When eliminating or reducing SMS Assessments,
the evolution of SMS is on its course to complete the circle of SMS in 1903.
What we must remember is that we
(airlines and airports) don’t manage risks; we lead personnel, manage equipment
and validate operational design for improved performance above the safety risk
level bar.
Catalina9
