Monday, January 24, 2022

Data Fusion

 Data Fusion

By Catalina9

Data fusion is the process of integrating multiple data sources to produce more consistent, accurate, and useful information than what is provided by any individual data source. Data fusion is the process of getting data from multiple sources in order to build more sophisticated models and understand more about a project. It often means getting combined data on a single subject and combining it for central analysis. In airport operations data fusion is to obtain reports from multiple sources such as weather information, NOTAM, hazards, incidents or accidents and analyze in a single source Statistical Process Control (SPC). Data fusion is to analyze how a change in one source affects, or trickle down to the other sources within a system. A Safety Management System is a Data Fusion System.

Data Fusion is the data comprehension process.

Data supporting an SMS is always available but needs to be captured before being put into use. Capturing data is more than receiving reports, it is also to conduct research to extract information. Just data in itself is not an asset to a safety management system, but within a Data Fusion System it becomes an invaluable asset. Data collected must first be transformed into information. When information is consumed, through any of the five senses, information becomes knowledge. With knowledge comes comprehension of one, two or more systems within a Data Fusion System. 

SMS is a businesslike approach to safety. In a business data equals cash, which always is there, but unless captured it is not a source to be used in operations. Data to an SMS Enterprise is just as much value to operations as what cash is to a business. During the pre-SMS days, accident investigation focused on pilot errors, or what task a person failed to do. At some point after the 1956 Grand Canyon disaster, problem solvers decided that the pilot, or a human was the problem. In 1956 when two aircraft crashed over the Grand Canyon, the probable cause was not determined to be what the pilots failed to do, but that the pilots did not see each other in time to avoid the collision du to intervening clouds, visual limitations due to cockpit visibility, preoccupation with normal cockpit duties, preoccupation with matters unrelated to cockpit duties such as attempting to provide the passengers with a more scenic view of the Grand Canyon area, physiological limits to human vision and insufficiency of enroute air traffic advisory information. Probable causes for the disaster included human factors, organizational factors, supervision factors and environmental factors. The probable cause was based in data fusion and how data from multiple sources trickles down to one outcome.  

Data Fusion is where data become available
without subjective random selection

For data fusion to functioning as intended, data needs to be tied to an open-source project. Within the SMS an open-source project is where data is freely available, it is shared, and it is decentralized. No single enterprise, being large, medium, or small, has enough data available within its own organization to apply a data fusion system in their operations. Data fusion is in essence to reverse the reactive data collection process when data, or hazards must be visible for collection, to applying a proactive collection process where data available is trickling into multiple systems.       

Data collection is a major task to operate with an effective SMS. There is an expectation that the aviation industry collects its own data and apply that data to their operations. The aviation industry also expects that data collected by one enterprise is not applicable, or directly shareable, with another enterprise within the same industry. SMS guidance material states that “Your organization must develop policies, processes and procedures that support your unique operating requirements and that fit the size and complexity of your organization.” When SMS first was implemented by regulations, these types of statements were incorrectly interpreted that their own data would only be applicable to their own organization and that nobody else should benefit from their discoveries. 

The same misconception was for the Accountable Executive (AE), that their only role was to have control of the financial and human resources that were necessary for their activities and operations. When in fact, the role and responsibilities of an AE is to be accountable on behalf of an enterprise to meet all the requirements of the regulations. In other words, an AE must not only have knowledge of all regulations for compliance, but also know and comprehend what processes are necessary for compliance and what processes drifts towards non-compliance. An AE without a confidential adviser stands no chance to maintain this compliance requirement.

All data for an SMS system is already out there, but needs to be captured, filtered, and analyzed. Capturing data comes in many shapes and forms. Just as cash in a business comes in bills, coins or plastic, data in an SMS comes as hazards, incidents, or emotions. Capturing cash is by affecting human behavior in purchasing patterns, expectations, and social acceptance. Capturing data for SMS is generally a reactive process and is not “cashed in” until after an event. The capture of SMS data will benefit greatly by learning from the advertising and marketing industry by affecting human behaviors to recognize their own patterns, expectations, and social acceptance within and SMS enterprise, or in other words, changing their organizational culture to a just-culture. Within a just-culture is when data fusion becomes available. Filtering data is not associated with subjective selection of data, but it is to filter data into their pre-established safety critical areas and safety critical functions. Filtered data is then analyzed in a Statistical Process Control (SPC) System, where emotions and subjective randomization are eliminated from the equation. When SPC is eliminated from the analysis with a reaction to a statistical trend, there is a tendency for overcontrol, and applying one or two events as a trend, which again leads to a greater hazard than the hazard itself.

Data Fusion is tracking, mapping and loop closure.

A Data Fusion System is a system where there is tracking, mapping and loop closure. It is also a system where data trickling from one system into another system affects both the system it is trickling from and the system it is trickling into, which also is defined as organizational drift. The tools to implement a Data Fusion System into SMS is by applying a data collection tool that your enterprise has full control over. It is to conduct research, development, project planning and work directed toward the innovation, introduction, and improvement of processes. Data Fusion is a condition, while the audit result is the symptom.  



Sunday, January 9, 2022

SMS QA Control Management: Audits and Golfing

SMS QA Control Management: Audits and Golfing:   Audits and Golfing By Catalina9 A n audit of your Safety Management System (SMS) is not to find out what, when, where, why, who and how ev...

Saturday, January 8, 2022

Audits and Golfing

 Audits and Golfing

By Catalina9

An audit of your Safety Management System (SMS) is not to find out what, when, where, why, who and how everything went wrong with your safety management system, but to confirm what was done right. As an additional, or parallel level of safety, a safety management system is a tool to identify hazards before they affect operations. A safe enterprise may attract more clients, generate a better return on investment and enjoy their success. Success stories should encourage other companies to put in place systems that meet the SMS regulations. However, implementing an SMS in development is a higher level of hazard than operating without a formal SMS since safety is assumed with the system in place, while there is a lack of audits to verify safety in operations.

An audit is the compass to maintain course

Audits is to verify what goes right or what makes operation safe and joyful ask a customer experience. SMS is a system that is required to mature in order to paint a picture of the operations itself. This holds true for both airport and flight operations. When the implementation of SMS is forced to be effective it takes on the face of a two-year old and opposes the enforcement. It is not that anyone does anything wrong or incorrect, but the good intent to improve safety cannot be forced onto the SMS system. SMS has to build its own model, which will vary from enterprise to enterprise. No two airports, airlines or persons are alike and that is the reason why two safety management systems will be alike. Just like in a chess game, no two players are alike, but still, both players may win the world championship. Simplified, running an SMS is like playing golf. 

Daily Quality Control is to stay on track.

An audit of golf performance is in the competition itself. The competition is not to compare golfing performance with other golfers, but to compare golfing to an expected performance. The person who wins the golf tournament may not be the person with the best golfing history, or safety history, but is won by the person with the most reliable process to analyse special cause variations. Wind, and wind direction is one major special cause variation in golfing. Misjudging the wind takes you out of the game, or in other words, causing an incident. There are several special cause variations in golfing. Special cause variations in golfing are wind, temperature, dewpoint, air pressure, elevation, precipitation type and intensity, cloud cover, geographical location or geoid undulation. Some of these may be considered common cause variations since they are all required and common parts of an environmental system. What makes these variations special cause variations are their variation in intensity, amount, and behavior. In addition, these special cause variations are interacting within a 3D environment, while the golfer is observing, or calculating from outside of the 3D. A 3D environment in golfing is to view the environment from the golf ball’s point of view, just as an SMS enterprise must view the environment from an affected person’s point of view.  


Golfing interacts with a conglomerate of systems. When teeing off the golfer must maintain control of the system, from where the toes are pointing to where the hands and fingers are and to the intensity, amount, and behavior of the swing. Golf balls are designed and manufactures within the allowable variations of a standard and comes with an aerodynamic design for reliability. The concept is that when two balls are hit exactly the same way they will arrive at exactly the same location. This principle may be true in a virtual world where locations are mathematically calculated. On the golf course the locations where balls arrive are statistical data collection and its variation from mathematical calculation. 

Daily quality control and audits are connected by the circles of infinity.

Some of the special cause variations may be estimated at the time of the swing, while other may be mathematically calculated to determine the intensity, amount, and behavior of the swing. Winds are estimated and the swing adjusted. Elevation, temperature and dewpoint are calculated, since their variation are gradual over time. Even a cold front temperature change within an hour is a gradual change. A wind gust is a variable within a split second, or an instant change. A geoid undulation is a change in distance between geographical coordinates with elevations, where the distance between geographical coordinates at sea level or at altitude could vary as much as a foot. Some of these special cause variations may be assessed as significant to performance but sill inconsequential to the end result since after the swing there is no turning back to alter the location where the golf ball will arrive. Each round of golf, or every golfing competition is its own audit of every candidate, or system attending. The quality control, which is a prerequisite for an audit, is in the data collection, testing and analysis of a golfer’s swing prior to the audit. 


An audit of an airport, airport or a safety management system follows the same process as golfing, with a daily quality control system, data collection, testing analysis of the systems. An audit of an SMS enterprise is in the operations itself, or how things go right, or as expected from a customer’s point of view. The weather is a significant variable in how well an enterprise performs, or how safe they operate. At an airport, a contaminated runway is a runway when a significant portion of the runway surface area is affected by compacted snow, dry snow, frost, ice, slush, standing water, wet ice, or wet snow. A daily quality control system is an oversight system where contamination is analyzed and accepted or rejected by the airport operator. The next step is for the airline, or pilot, to accept or reject the runway surface conditions. This decision in turn becomes the audit result to assess the safety in operations by an enterprise. The enterprise itself may have completed their required tasks, but they overlooked how their decision affected aircraft operations, which is turn is the audit result, or in other words the golf tournament result.  


An audit of a safety management system is an audit of a parallel system to the requirements of operations itself. An enterprise has a responsibility to do what it takes to ensure safety when the operational regulations are without a system to assess safety. Aircrews must assess the aerodrome as being suitable for the intended operation, while an airport operator is not required to make this assessment. However, prior to SMS there was nothing that informed an aircraft operator as to the airport level of service provided at the airport. Only a general statement was provided as to whether or not the runways were maintained in compliance with airport standards. This general statement did not provide the aircraft operator, or flight crew, adequate detail as to the suitability of each runway, taxiway, or apron at an airport. As an additional level of safety, or an oversight system parallel to the operations, an audit of an airport captures a painted picture of the end result and not a snapshot of regulatory compliance level. 





Saturday, December 11, 2021

Santa’s SMS Did It Again

 Santa’s SMS Did It Again


Last year Santa moved the production line south to an undisclosed location. The North Pole had become too remote with the anticipated supply chain shortage. When Santa first moved to the North Pole, the waterways were free of ice and ships could move material from anywhere on the globe into Santa’s harbor for another production year. Before moving to the North Pole, Santa had the production site on an undisclosed location with easy access to and from all seven seas. As the Norsemen begun to intrude on the production line and plundering toys and presents, Santa realized that it was time to move to a different place, and the North Pole was chosen. It wasn’t very far for Santa to move since the manufacturing place was nicely hidden in an ocean bay. Travel to the North Pole was just a short journey travel between a few islands and beautiful green landscape to reach the ice landscape at the Pole. Moving south again last season was therefore not new for Santa, Mrs. Santa, or the Elves.

Santa practicing at an undisclosed location
 What was different this off-season was that     Rudolph, Randolph and the other reindeers had their airworthiness certificates suspended by TC (Take Care Authority) and was therefore not able train or prepare for rooftop landings or departures and practice speedy delivery across the globe in 24 hours. There was even a chance that the reindeers would not get their certificate back for this season due to the mad-reindeer rampant at the North Pole. The way this affects reindeers become uncontrollable and their air navigation reliability totally unreliable. Due to a similar rampant in 1918 Santa was not able to deliver presents since the reindeers only circled the North Pole. Luckily, none of Santa’s reindeers were affected this year due to their healthy living from Mrs. Santa’s special-cause reindeer mixture.     

Santa had a huge task this season to get all reindeers trained and in shape for travel. After several months of quarantined in a congested area, they had lost much of their strength and time for training was running out. The first thing on Santa’s list was to upgrade their hooves to the current version of rooftop autolanding system. The latest is an autoland Category 4RVR or four reindeer rooftop simultaneously and includes a chimney glide slope, where the chimney itself geo-located for GPS, or Get-Presents-Soon approaches to be used anywhere. Prior to GPS approaches 4RVR and visibility zero-zero, Santa had to do several approaches to make it in to one single home. Sometimes the reindeers missed the rooftop and slid off the gable end. In areas with little or no snow, Santa was hurt and unable to crawl down the chimney and had to leave the presents outside. 


Santa’s backup plan if reindeers were permanently grounded.

Prior to the Category 4RVR autoland Rudolph had a radio altimeter installed in the front-right hoof. This approach allowed for approaches down to 200-hooves. Most of the times this worked well, but the radio frequencies of the many new electronic toys, interfered with the radio altimeter signal which could cause crash landings. A crash landing did not disable the reindeers, since the crash was cushioned by Santa’s heavy sleigh landing first. Santa was sometimes hurt, especially when ejected from the sleigh, but recovered quickly after seated back in the sleigh by Rudolph.

By the end of summerseason Santa had installed CAT 4RVR equipment on all four hooves of all the reindeers. When all reindeers had CAT 4RVR installed, the programmed glideslope was determined for each hoof and locked in on approach for autoland. The next step was to train the reindeers to use this new system. One hazard identified was that Rudolph and the other reindeers tried to locate a rooftop visually which caused spatial disorientation, the inability of a reindeer to determine the true body position, motion, and altitude relative to the earth or the surroundings. Since all initial training was required by TC to be done by the VFR regulations, or Very Frequent Runs regulations, it became a difficult task for Santa to simulate zero-zero visibility. Mrs. Clause had already completed a Change Management case, or Safety Case of how to administer the training applying the VFR regulations. It was not a simple task, but by building a 3-D virtual town in the sky, they could place eye-covers on all the reindeers and do their CAT 4RVR approach training. The beauty of this 3-D virtual town was that after the reindeers came to a stop, they would not fall out of the sky but remain on the rooftop for zero-zero departure training. 

After the quarantine all systems were treated as new and fist approval.

By now, Santa had complied with two out of three requirements identified in Mrs. Clause’s Safety Case. The last item for the airworthiness certificate to be reinstated to ensure that all reindeers were fit to fly, that their fur were smooth to create lift, that their engines, or their hoof turbine assistant system could operate at takeoff speed and continuous flight level speed over a 24-hour period and that all other secondary navigation systems and lights, including Rudolph’s red nose was working. After a few days the airworthiness certificate for all reindeers were reinstated. This new certificate came with a barcode to identify a reindeer’s health, location, and travel in 3-D. These barcodes were attached to the reindeers’ ears so that satellites and other air traffic could scan and identify Santa from a safe distance. 

Once again Santa was ready to deliver presents. If it had not been for Santa’s SMS, or Streamlined Mission Service system, they could not have managed the enormous task to ensure safety in their operations after being quarantined for several months, several months with no operational training and several months without starting up or using their systems required to make 100% deliveries to 100% of the homes 100% successful 100% of the times. 



Monday, November 29, 2021

Fond Du Lac

Fond Du Lac

By Catalina9

This post is about the ATR-42 crash at Fond Du Lac. There are several lessons to learn from this incident, while on the other hand it is easy to overlook what we can learn by denial that this could never happen to us. TSB report was released October 28, 2021.

After accident investigations TSB issue recommendations to TC to implement new or change current regulations. A recommendation from this incident is for TC to require all commercial aviation operators in Canada to implement a formal safety management system. 

TSB report reads: “When the flight crew and dispatcher held a briefing for the day’s flights, they became aware of forecast icing along the route of flight. Although both the flight crew and the dispatcher were aware of the forecast ground icing, the decision was made to continue with the day’s planned route to several remote airports that had insufficient de-icing facilities.”


A Safety Management System (SMS) is an oversight system of the operations itself. An effective oversight system includes a daily quality control system. There are several parts to an SMS, but the two key parts to operations are daily quality control and monitoring of quality assurance. Airport operations and flight operations traditionally has been separated as two independent operations which one does not affect the other. With SMS this changed that if a regulation it not broad enough to capture a hazard, then the operator is responsible to mitigate the hazard. One of the SMS regulations reads that an SMS Enterprise needs a process for identifying hazards to aviation safety and for evaluating and managing the associated risks. Sometimes it is just as important to know what the regulations does not read. This regulation does not read that an airport or airline must identify their own hazards. It simply reads that they need a process to identify hazards to aviation safety. Under the SMS regulations it is just as incumbent on the airport operator as the airline to ensure that de-icing equipment is in place since it has to do with safety for the flying public and safety at the airport. The TSB report addresses remote Canadian Airports and there are remote airports that provide de-icing services and a vehicle with hot de-icing fluid. De-icing fluid is a service for sale, just as they sell fuel and other services. TSB recommendation is that the Department of Transport collaborate with air operators and airport authorities to identify locations where there is inadequate de-icing and anti-icing equipment and take urgent action to ensure that the proper equipment is available to reduce the likelihood of aircraft taking off with contaminated critical surfaces.

Another part of the regulation reads that no person shall conduct or attempt to conduct a take-off in an aircraft that has frost, ice or snow adhering to any of its critical surfaces. A daily quality control system has a responsibility to capture the daily weather forecast and other weather-related reports, images or videos as a prerequisite for their quality assurance system. An airline may be operating with a dispatch system, flight following system or a pilot self-dispatch system. Whatever level of operational oversight system that is in place, any weather report must trigger a reaction. 

The reaction could be to do nothing, but needs to be documented and justified why nothing, or no reaction is required. An SMS Manger, or Safety Director, at an airport is responsible under the regulations to implement a reporting system to ensure the timely collection of information related to hazards, incidents and accidents that may adversely affect safety. This regulation is applicable under the airport regulations. An aircraft taking off, or attempting a takeoff with contaminated surfaces, is just as much of a hazard to the airport as an airport vehicle on the runway with an aircraft on approach. It is the responsibility of the airport to collect data about this hazard. As the final authority for an airport or airline SMS Enterprise, the accountable executive is to be responsible for operations or activities authorized under the certificate and accountable for meeting the requirements of the regulations. This includes justification to the regulator why or why not certain processes must be included or removed. 

On March 10, 1989 Air Ontario 1363 crashed shortly after takeoff due to ice contamination. The Final Report reads: “Modern air transportation is a complex enterprise. Similarly complex are the causes of aircraft accidents. Previous aircraft accident investigations have demonstrated that an accident or serious incident is not normally the result of a single cause, but rather the cumulative result of oversights, shortcuts, and miscues which, considered in isolation, might have had minimal causal significance. A properly functioning air transportation system with appropriate standards operates as an ongoing check against the circumstances that can give rise to an accident. It became clear from the evidence that, when one or more of the components in the system breaks down, the probability of an accident or serious incident is increased. The accident at Dryden on March 10, 1989, was not the result of one cause but of a combination of several related factors. Had the system operated effectively, each of the factors might have been identified and corrected before it took on significance. It will be shown that this accident was the result of a failure in the air transportation system.” 

Almost 30 years later the aviation industry as a hole are still struggling with broken systems learned from the Dryden accident. In 1989 the Safety Management System in aviation did not exists as a regulatory oversight. When there is not a formal SMS system in place, it becomes impossible to identify how there was a gap in the system causing the incident. The Dryden report identified intelligently and clearly that “an accident or serious incident is not normally the result of a single cause, but rather the cumulative result of oversights, shortcuts, and miscues which, considered in isolation, might have had minimal causal significance.”  At that time airlines managed safety by a simple principle of ensuring superior customer service to ensure the safe arrival at intended destination. With the implementation of SMS, the SMS system itself was expected to ensure safety in operations. A Safety Management System cannot fail since it paints a picture of the operations itself. What can malfunction within an SMS is a system to recognize processes which does not serve its purpose. This does not only apply to de-icing of aircraft prior to takeoff, but also includes the collection of hazards affecting aviation safety which goes beyond operational control or take on a role when the regulation itself is not board enough to include all future hazards to be identified. 

It is true that SMS is about aviation processes. However, the authority, or to which level safety is paramount, rests with one person only. This person is not always the accountable executive, but the person who within an organization has the power of authority. This person be a part of the organization itself but could also be a third-party person. This person may have other interests in mind than safety in operations since past records demonstrate a safe tracking record.  Everyone believe they are the key piece to keep aviation safe, but it is the person who demonstrates the best vocabulary who wins the deal.  


Drift in aviation is what a pilot from the days of NDB navigation understands. An NDB used for navigation always took the aircraft to its destination, but often by drift and correction to make it there safely. In the early days of an NDB they were broadcasting in morse codes to identify quadrants. Later an ADF with a needle pointing in its direction were installed in an aircraft. Great progress was made in air navigation. Also, an AM radio frequency could be used as a means of long-range navigation and was easily picked up 3-400 miles away. When navigating to an NDB, drift went undetected unless the pilot could comprehend the different systems and how one system affected the other. A sea captain navigating by lighthouses also comprehended drift in navigation, how to recognize drift and how to apply inputs for change. Both the Dryden and Fond Du Lac accidents were products of drift and the inability to recognize the drift itself. Drift is simply said how we do things. Drift is only recognized when there is an identified path to follow. At both Dryden and Fond Du Lac, the identified path to follow was an expectation to arrive at on time at the next destination. If the KWINK principle had been applied the captain would not have attempted the takeoff. KWINK is Knowing-What-I-Now-Know.


The KWINK system is a system to recognize drift, just as with navigating to an NDB, the pilot needs to correct their drift by doubling their correction track to take the most direct route. KWINK is for airline and airport operators to leap into the future and review their operational decisions. Taking a leap into the future is to review records and data from the past and apply to the next immediate task.   




Tuesday, November 16, 2021

How to Audit SMS

How to Audit SMS
By Catalina9

Conventional wisdom of how to audit the Safety Management System (SMS) is to generate an audit checklist based on regulatory requirements for an SMS, and develop expectations, or processes, in a checklist form to determine level of regulatory compliance. There are several itemized expectations for an SMS enterprise to audit every single aspect of operations for compliance. Auditing by expectations does not paint a true picture of an SMS enterprise level of compliance since an expectation audit does not audit for reliability. 

Research and development is the responsibility of an AE.
An airline or airport may be required to comply with hundreds of regulations in addition to just as many operational standards. One regulation may be compliant by applying several different operational methods, or expectations, which may be interpreted differently by inspectors, auditors or organizational management. When expectations are applied to an SMS audit, all operators are grouped into one expectation and that one-fits-all. Auditing by expectations is a hazard in itself, since an SMS enterprise may change their operational behavior to please the inspector’s or auditor’s checkbox, rather than trusting their own operational judgement. Auditing by expectation is also an avenue to group safety with ratings. A high rating number becomes equal to a high, or superior, level of safety. As an operational oversight system SMS paints a picture of results, or process outputs, and not of a predetermined input. A shopping list contains expectations or inputs, and when used correctly each item is checked off, but the condition, output, or quality of each item is unknown until after the shopping is done.  

The first level of audit of an SMS enterprise is to audit for scalability, or size and complexity. There is a regulatory requirement that a safety management system shall be adapted to the size, nature and complexity of the operations, activities, hazards and risks associated with the operations. Humans are great at making simple tasks complex, or even unmanageable. An unmanageable SMS is a system where hazards to operations are unknown. In an unmanageable SMS, or where an SMS is scaled beyond their operational needs, operations tend to drift towards informal, and simplified processes. An SMS workload is not the SMS itself, but research and develop to scale down systems to size and complexity for regulatory compliance, for safety in operations compliance, for compliance with operational needs and compliance with the SMS policy. An SMS system should be scaled to a level where it can be explained in just a few words. If an SMS enterprise is unable to explain how to maintain regulatory compliance and safety in operations, don’t expect the regulator to explain it for you.

A public speaker is a highly regarded expert.
 A speaker at an aviation safety conference made a statement that the regulator has decided to only issue findings against regulatory non-compliances and no longer issue findings to an SMS enterprise for non-compliance with their own internal manuals. That the regulator no longer plans to issue findings to an internal manual is a step in the right direction. When a finding is made to non-conformance with an internal manual an operator has two corrective action plan (CAP) options. The first is to make a change to the manual, or the second option to make a change to the process, or how things are done. Either way, the regulator must approve the CAP by directing what the manual text must read or direct the operator to what specific process they must implement. When the regulator mandates, or locks-in text or processes, they are interfering with the operators sole responsibilities pursuant to the regulations to operate with an SMS that is scaled to size and complexity. An benefit to an SMS enterprise when the regulator only issue finding to regulatory non-compliance is that they now have an opportunity to self-correct their own manuals or ineffective processes.

An accountable executive (AE) is responsible for operations authorized under the certificate and accountable on behalf of the mayor, council, airport authority, CEO, corporation or business owner for meeting the requirements of the regulations. In the regulations it states that an appointed AE must have control over human and financial resources. In the past, this regulation was interpreted by regulatory oversight that their only responsibilities was to apply cash to safety and hire personnel to do the jobs. As long as an AE could answer yes to these two questions, they passed their part of the audit. What was overlooked by the inspectors or auditors, was that an AE was not only responsible for cash and personnel, but also responsible for meeting all the other requirements under the regulations. When the regulator no longer issues findings for compliance with the SMS manual itself the manual or processes becomes much more flexible to change, and both airlines and airport operators having an opportunity to perform a true audit of their SMS enterprise. 

The second part of an audit is to audit for outputs, or results. Inputs for these audits are the daily, hourly, or frequently assigned operational tasks. Inputs are how the job is done and what tools are used to support these operational tasks. As an oversight system an SMS enterprise documents the results as they are completed, or at the time of their transactions. Just as upon completion of the shopping list, an itemized receipts and cash exchanged is documented at the time of transaction. Counting the cash is the first step in a quality control system for an upcoming financial audit. Counting outputs and results of an assigned task within an SMS world is a control system for a safety audit. In a financial audit, the auditors do not audit against expectations, how an organization plans to do their inputs, or if they are compliant with their expected inputs. In a financial audit the end result is audited by confirming receipts and financial entries. In a safety audit, the same process is followed by auditing the end results, or outputs, and confirmed by receipts, or data, and entries into the SMS system. An airline or airport conducts daily quality control, regular surveillance of their systems by random sampling and classifies their data to a level of security to preserve its integrity. The audit of an SMS then based on results and not based on virtual, or opinion-based expectations. SMS is to build a portfolio of safety.   




Monday, November 1, 2021

The Swiss Cheese

 The Swiss Cheese

By Catalina9

The other day when I was on my way to the store to buy swiss cheese and it was raining. I had opened my umbrella inside, walk under a ladder and a black cat crossed in front of me by the time I got to my car. My day was off to an unpredictable day. I purchased a block of swiss cheese and a package of sliced. I could not see the swiss cheese holes in the block, but I could see them in the sliced cheese, and all the holes were lined up. An unavoidable incident seems to be on the march in my direction today. I had opened an umbrella inside, walked under a ladder, black cat crossed in front of me and now all the holes in the swiss cheese lined up. And to make things worse, I embrace the principle that more is less and less is more. 

Umbrellas are attainable and measurable goals to be used for
a purpose.
An effective Safety Management System (SMS) is expected to run smoothly, and that safety will come by itself if we just do the right tings. The right thing is to find the holes in the swiss cheese and to stop the flow of accidents by plugging or diverting holes. If we make safety objectives and goals, we will be safe, or if we just remain vigilant, observant and follow the rules, we will also be safe. Accidents are built from a blueprint for a system to fulfil an undesired purpose, or aim, and the swiss cheese analogy is an imaginary description to simplify how integrated micro-systems builds accidents.

They key to a successful SMS is to accept that there are micro-systems within larger systems. These micro-systems are defined as at random, since there is no obvious logic to how they form or are placed within its own system. The definition of at random in the Marriam-Webster dictionary is without definite aim, direction, rule, or method, and lacking a definite plan, purpose, or pattern. Applying these micro-systems as random and unpredictable is how they must be applied within an SMS enterprise.  

A latter is a tool to reach new goals, so don’t walk
under it.
The swiss cheese principle is an exceptional good description of at random, or of how accidents are built and the many interactions of events that must take place to build up to the accident itself. However, this principle is only effective as a reactive tool for analysis after an accident, since when arriving at one hole, there is no road map or directions as what turn to take next to avoid lining up another swiss cheese hole. The swiss cheese analysis is non-directional, it is operating within a dark space and each hole in the cheese are individually and specifically placed within its own micro-system and without connections to current events. Holes in the swiss cheese may appear to be randomly placed, but they are systematically placed within its own micro-system produced by carbon dioxide. Each hole in the swiss cheese is a result of a cause which creates the effect. The cause is its own system within the swiss cheese creating these pockets of gas. From outside the swiss cheese, these holes may appear to pop-up randomly, while within the dark spaces of the micro-system itself their location placing becomes predictable

Conventional wisdom is that more is less, and less is more. Professional organizations are rigidly applying this principle in their decision-making process. When applied correctly, simplifying processes is a tool to achieve more. However, simplifying processes does not include a reduction in level of service, or removal of regulatory compliance processes. When more is less, and less is more, there is much more work, research, design, and project planning needed to produce a simplified system output on the front line.  

Looking for the black cat is active hazard identification
Safety in aviation is beyond being a miracle, a matter of luck or dreams come true. Everything happens for a reason, good or bad, positive, or negative. Accepting that at random are micro-systems affecting your goals, and that this system appears as at random is vital to the goal achievement process. If at random is without definite aim, direction, rule, or method, and lacking a definite plan, purpose, or pattern, then accidents are meaningless. A meaningless event has no purpose or reason. An accident is emotionally meaningless since there is no reason or purpose for people to be harmed or loss of life due to unexpected events. However, when applying meaningless, or without definite aim in an SMS organization it becomes impossible to establish cause and integrated factors of occurrences and unexpected events. That everything happens for a reason does not imply that events magically occur, is a statement that there are micro-systems affecting operations which cannot be determined, recorded, or predicted. In an SMS world, these systems are also defined as special cause variations.

A Regulator is responsible for the development and regulation of aeronautics and the supervision of all matters connected with aeronautics. When a new regulation comes into force, an airport or airline operator only have one choice to continue operations, which is to maintain compliance with the new regulation. Public opinions, political environment and aviation incidents are all triggers for new regulations. Over time these regulations add up to an overwhelming task for both airlines and airports. In addition, the regulations require an SMS enterprise to run a safety management system that is adapted to the size, nature and complexity of the operations, activities, hazards, and risks associated with the operations. More regulation and a scaled down SMS system are two opposing regulatory requirements.  

Scaling down an SMS enterprise is not to remove or decline specific regulations, but to combine operational tasks applicable to each regulatory requirement. Scaling down is to make your job as the Accountable Executive userfriendly and manageable for the SMS Manager. When regulations are performance based, an operator is obligated to demonstrate how their activities conform to the regulations. Demonstrating compliance is more than demonstrating compliance with one regulation, but to demonstrate how each task maintain compliance, and how any of these separate tasks does not interfere or causing non-compliance with other regulations.

The swiss cheese principle is a valuable analogy to describe actions, reactions and results of a micro-hazard travelling through the cheese and setting the main system up for failure by travelling through each hole in the swiss cheese. However, if an SMS enterprise establish a safety goal to avoid the swiss cheese holes and objectives are to navigate safely around the holes, they are doing the right thing, but operating with unmeasurable goals since the distance and directions to the holes are not measurable.  


Applying the principle that less is more and more is less gives the same output as the swiss cheese principle. Both principles come with a valuable application, but it is impossible to establish measurable goals from these principles. On the other hand, opening an umbrella inside, walking under a ladder or the black cat crossing, are all events that can be used to establish measurable goals. Find the umbrella, ladder, and black cat within your SMS enterprise micro-systems to build a portfolio of safety. 


Data Fusion

  Data Fusion By Catalina9 D ata fusion is the process of integrating multiple data sources to produce more consistent, accurate, and useful...