Evolution of the Safety Management System
The Safety Management System has always been integrated with aviation in one way or another since the first flight of 1903. At that time, safety was reactive and based on data and comprehension of the systems. As flying became more popular, more airplanes were built, and with more innovative uses of this new machine accidents happened. In the beginning flying was compared to birds and since the birds seems to do OK, a person should not have any issues or accidents. Over time that theory did not support data collected, since accidents happened.
|A hazard is in the eye of the beholder|
One step to eliminate accidents was to require that a pilot was trained and held a pilot license. Today, it would be ridiculous to accept a pilot without a license. However, it was not long ago when it was discovered that a person had flown for a major airline for several years without a license. As a flight instructor several years ago, a pilot, who had flown for years came and asked me if it was time for him to get a pilot license. Other steps to improve safety was to implement more regulations, training and mechanical and technical improvements. Over time, data showed that safety improved, but also that additional regulations was not the only answer to improve safety. After an accident the root cause was in most cases assigned as pilot-error. This was a simple way to avoid accountability. In the 70-80’s the focus on accidents turned towards human factors, which is not to be confused with human error, or pilot-error. The SHELL model was developed and eventually a regulatory Safety Management System was developed as a proactive approach to safety. Fast forwarding, safety today is still reactive, but instead of answering to the regulator, safety is now answering to the public opinion and social media. Posts on social media have suggested that the victims of accidents have the right to demand what safety actions are implemented.
Just like the first printed word, SMS has evolved.
With the evolution of safety moving from reactive to proactive and now conforming to the public opinion, it becomes crucial to safety that the regulator has oversight process in place that conforms to the current hazards. One of the current hazards is that social media drive the course of safety actions. It has become obvious in regulatory guidance material that their purpose is not system oversight and SMS assessments, but reverted to the pre-SMS of prescriptive operational inspections. When the regulator develops new types of inspections, it’s because they have decided that previous inspection types were ineffective to meet their goals. This does not necessarily imply that they don’t meet their national safety goals, but also that they don’t meet their public relations goals. Several surveys within the regulator were designed to discredit SMS assessments. Currently their surveillance activities fall into four categories, which are Targeted Inspections and the Compliance Inspections, in addition to the previous System Levels surveillance (SMS Assessments and PVI) and Process Level surveillance (PI).
A system level surveillance is when the regulator is using assessments or PVI. During these activities, an enterprise’s systems is reviewed to develop an understanding of how they comply with regulatory requirements. Based on this understanding, a sampling plan is developed and executed to determine whether an enterprise is in compliance with its regulatory requirements and the degree to which they can effectively continue to remain in compliance. The output of a systems level surveillance activity is findings of either compliance or non-compliance. A process finding under an assessment does not imply that there must be a system fining. Here is the catch with this approach: Unless a person monitors an enterprise daily, they will not comprehend, or understand how an enterprise comply with regulatory requirements by reviewing manuals.
PI is to inspect if the output was produced by the inputs.
A process level surveillance is conducted using process inspections PI. During a PI there is an onsite review of an enterprise processes to develop an understanding of the process. Inspectors can then trace an output from the process to determine if it conforms to regulatory requirements. When conducting a PI, the process input is the output of the inspection itself. There cannot be a broken link between input and output of the process. In addition, if the regulatory is applying a manual description of the process, there is a bias in the inspection, with an expectation that the process is described in the manual. A PI must be drawn backwards, from the output, and follow the trail of how “things are done” within an enterprise.
Targeted inspections are narrow and specific.
Targeted Inspections are a flexible oversight approach that mixes compliance monitoring with information to gain relative knowledge on a certain issue or topic. Targeted inspections are to determine operator’s regulatory compliance levels while also collecting data to understand how operators interpret and implement rules. Targeted inspections are also for the regulator to understand what factors, elements, or conditions may be missing and contributing to unacceptable results. It’s not just a missing factor that may contribute to an unacceptable result, but also added factors. Targeted inspections are method of investigating risk severity and identifying potential risk mitigation options. Results from Targeted Inspections support strategic direction through data collection, analysis, findings and recommendations. Regulatory inspections become hazardous to aviation safety when the regulator submits recommendations based on their findings. First, the regulator cannot provide legal advice to operators, and second, the regulator does not comprehend the operations, any operations, being airline or airports, to provide recommendations for operations.
Compliance Inspection is when the regulator conducts inspections to verify that an activity meets the applicable regulatory requirement or design standard. Compliance inspections include ramp Inspections, in-flight Inspections, cabin safety inspections, inspections of airport’s daily inspections, inspections of airport’s obstacle control, inspections of airport’s winter operations etc. Guidance material insists that the regulator is applying compliance inspections as supplements to their system level surveillance. This is how the regulator takes an incorrect turn at the fork in the road. A compliance inspection is not a supplementary inspection, is the main activity for data collection of a full SMS Assessment.
A positive rating is a requirement for safe operations.
When analysing guidance material for system level surveillance, process level surveillance, targeted inspections and compliance inspections, the hazard identified by the regulator and to eliminate is criticism from public, ensure positive ratings on social media and a perceived micromanagement system of certificate holders.
Yes, the regulator needs to make regulations, the regulator needs to conduct regulatory oversight, the regulator needs to have a high rating on social media and the regulator needs to ensure safety for the flying public. However, the line the regulator cannot cross, is to be directly involved in operations itself, even with recommendations. Any operator, being airlines or airports, needs to establish a Daily Rundown as their daily quality control of monitoring operations. When eliminating or reducing SMS Assessments, the evolution of SMS is on its course to complete the circle of SMS in 1903. What we must remember is that we (airlines and airports) don’t manage risks; we lead personnel, manage equipment and validate operational design for improved performance above the safety risk level bar.