Sunday, October 17, 2021

When SMS Becomes Inactive

When SMS Becomes Inactive 
By Catalina9

A Safety Management System (SMS) that is inactive will leave a void for an uncontrollable system to take its place. An SMS includes a variety of tasks and some of them are a safety policy, a process for setting goals, measuring the attainment of those goals, hazards and for evaluating and managing the associated risks, a process for personnel to be trained and competent, a process for internal reporting, a process for analyzing of hazards, incidents and accidents and for corrective action plans, an SMS manual, distribution of the SMS manual, a quality assurance program, periodic reviews or audits, developing safety cases and any additional regulatory requirements. An SMS is a comprehensive system, which must be scaled to size and complexity to conform to regulatory compliance. The scale down requirement is a process to Smarten Up SMS.

Smarten Up SMS is to avoid going to court.

Smarten Up SMS is not targeted to one area of the aviation industry, such as airports, but is a tool that can be applied to any specific regulatory requirement. Smarten Up SMS is therefore applicable specific to an enterprise’s operations certificate or regulatory compliance requirements. Simplification of the SMS is not to remove or ignore regulatory requirements, but to combine regulations into normal daily operational tasks. It is nothing but hard work to do research and development as a prerequisite for a successful SMS and then apply correct regulation to all activities.

A Safety Management System regulation is not directly applicable to non-SMS operators, but safety in operations comes with expectations that there are some sort of standards, processes, and systems in place to ensure an acceptable level of safety. Without standards, safety becomes opinion based and applied differently to the same scenarios.  When opinions are applied to safety, an airport, airline, or any other air operator have surrendered all their internal safety control to somebody else. “If you don't design Your Amazing Airport plan, chances are you'll fall into someone else's plan. And guess what they have planned for you? Not much.”  A voluntary compliance with the Safety Management System regulations is an acceptable process to maintain control of operations without relying on opinions to implement corrective action plans. Globally, the aviation industry is moving in a direction of a rating level system, where audit compliance and customer service becomes rating targets published. Just as a rating system is applied to all aspects of social media, it will also apply to internal safety levels, or safety cultures in aerodrome operators, airlines, flight schools, aerial applicators, or any areas of the aviation industry. Major and large organizations are already individually applying their own safety culture assessment of vendors, contractors, or service suppliers and basing their non-data assessment to level of services requested.   


In a healthy and functioning Safety Management System, data collection is a fundamental tool as a prerequisite for analysis and evaluation of corrective action plans. A second fundamental principle of a healthy SMS is incremental safety improvements, or continuous safety improvements. Safety in operations is not to make major changes, but to make small adjustments, or almost unnoticeable changes. SMS is to build a portfolio of safety. A regulatory requirement is to operate with a quality assurance program and include a process for quality assurance that includes periodic audits of activities and audits for cause, or on-demand audits. A third fundamental principle of a healthy Safety Management System is for an enterprise to capture data that supports adjustments. Since it is impossible to foresee future events, or when an event will occur, enterprise must maintain a daily quality control system. Depending on size and complexity of operations, several tailored, individual, or operational specific daily quality control systems may be needed. 


An Enterprise runs a business with an accountant, a financial manager, a chief executive officer, an office administrator, or any other position that helps promote the business for a higher return on investment. SMS is a businesslike approach to safety where the SMS Manager has a responsibility to monitor and evaluate results, which requires a daily journey log of activities affecting operational safety. An enterprise would not in a million years think about coming into a financial audit without being prepared for the audit and without showing records of how they prepared themselves daily for compliance. But, when it comes to airports or airlines, they enter into an SMS audit without having prepared one single item. With this approach many operators failed their third-party rating audits and regulatory inspections. When management comes unprepared for an audit or oversight inspection, their Safety Management System has become inactive, and an uncontrolled system will fill this void. 

A healthy SMS has fulfilled its daily quota.

A healthy Safety Management System is prepared for the approaching rating trend, where a rating becomes the determining factor to be awarded contracts or public confidence of an operational safety culture. They come prepared by the Accountable Executive (AE) being responsible for meeting the requirements of the regulations on behalf of an airport authority, city or town council, the mayor, or the CEO of an airline. This responsibility includes research and development, design, implementation, and oversight of a quality control system. The responsibility for an AE goes far beyond having control over financial and human resources. An AE is responsible to maintain regulatory compliance, which is to conduct ongoing audits, analysis of audits, corrective action plans (CAP) of findings, and monitor drift. In a prepared enterprise the SMS Manager is responsible for management of the SMS systems that is put in place by the Accountable Executive and implement all assigned tasks by their roles and responsibilities. When ratings are approach from within the organization, there is a functioning and healthy SMS. When an SMS is approached to please the rating or make changes due to demands from a customer or auditor, their SMS has become inactive, and the uncontrolled system will fill that void.

Monitoring the aviation industry is an enormous task and a regulatory requirement the AE must comply with. Weather is the one single most important factors impacting the aviation industry, being airlines, air operators or aerodromes. There is not much one can do about the weather, but the actions taken, or CAPs applied (e.g. timely snow removal, de-icing, low visibility etc.) is crucial for successful operations. The Cranbrook BC crash on February 11, 1978, during a snowstorm, is an example of how lessons learned were about improving clear and precise communication. 

The tasks an AE has is to find all pieces and  analyze them for applicability

The following are examples of some of the tasks an airport AE has to maintain regulatory compliance. These tasks includes monitoring the aviation industry, monitor drift and for the AE to maintain a quality control system including public weather, METAR/TAF, GFA, ICING, flight conditions, field image, radar, local live and forecasted surface winds, sunrise and sunset for day or night operations, or plan of construction operations, monitoring enroute overhead flights (e.g. medical emergencies), a toolbox with links to frequently used documents and forms, AMSCR records, CADORS records, CADORS airfield tenants, procedures for the exchange of information in respect of hazards, incidents and accidents among the operators of aircraft and the provider of air traffic services at the airport and the airport operator), daily inspection records, active NOTAM, historical NOTAM, proposed and new regulations monitored weekly, airside operations plans tailored to airside operations, tenants safety concerns and comments, the public concerns and comments, regulatory inspections, planned, open or closed, calendar with current events, NOTAM Manual, AIM Manual, aeronautical obstructions assessments, TP312E 5Th training, airside training, airport operations training, monthly newsletter, monthly SMS posts, SMS performance monthly, monitoring the aviation industry, airport surveillance of airside activities for safety and regulatory compliance, bird and wildlife reporting and handling, airport emergency plan and any other management or operational subject an airline, air operator, airport operator, aerodrome operator, flight school or aerial applicator requests to be added.            

An inactive SMS is not an SMS that is inoperative, but an SMS  where there is dereliction of duty for complete regulatory compliance. Their task is so enormous that it is impossible to run a healthy SMS without a confidential adviser to the AE. The duty of a confidential adviser to the accountable executive, is to act in the best interest of the accountable executive and to fill the void of an inactive SMS.



Thursday, September 30, 2021

Smarten Up SMS

 Smarten Up SMS

By Catalina9

We don’t manage risks. We lead personnel, manage equipment, and validate operational design for improved performance above the safety risk level bar. A businesslike approach to safety is to lead the Safety management system in the direction of your visions, goals, and services. Running SMS like a businesslike approach to safety is to Smarten Up SMS. Smarten up SMS is not to ignore or take away regulatory requirements, or jeopardize safety in operations, but it is to make the Safety management system a userfriendly application for the Accountable Executive, SMS Managers, and all other personnel. Smarten Up SMS is applicable to both SMS-operators and non-SMS operators since it is a tool to apply safety in operations.

Smarten Up SMS is a choice at the fork in the road
Smarten Up SMS is based on the regulations that a safety management system shall be adapted to the size, nature and complexity of the operations, activities, hazards, and risks associated with the operation. A Safety management system that is too complex for operations, does not conform to regulatory requirements. The goal of Smarten Up SMS is to operate with a daily quality control program for compliance with the regulations and a prerequisite for a quality assurance program. The objective of Smarten Up SMS is to maintain ongoing regulatory compliance and safety in operations.

There are three parts to a Safety Management System. The first part is for the accountable executive to be responsible for meeting the requirements of the regulations on behalf of the airport authority, city, or town council, the mayor and city administrator, the aerodrome, the airline, aerial applicator or flight training unit. This responsibility includes research and development and the implementation of a daily quality control program.

The second part is for the SMS manager to be responsible for management of the SMS systems and implement plans researched, developed, and designed by the accountable executive. The SMS manager implement a reporting system to ensure the timely collection of information related to hazards, incidents and accidents that may adversely affect safety, identify hazards and carry out risk management analyses of those hazards, investigate, analyze and identify the cause of all hazards, incidents and accidents. The SMS manager also implement an electronic safety data collection system and an electronic analysis system to monitor and analyze trends in hazards, incidents, and accidents. Analyze trends in hazards is different than analyze trends of hazards. Trends of hazards is an enumeration of hazards identified, while trends in hazards are to first identify the effect a hazard has on operations. This can be achieved by defining safety critical areas and safety critical functions in operations. If, over a period of 30 days, 100 highway cones were observed on an airport ramp, there are 100 hazards identified, or one trend of hazards over that period. When applying trends in hazard these highway cones become multiple trends, since the trends may be obstructions to aircraft, obstructing the view, or distractions to pedestrians, vehicles, or aircraft operations. An SMS manager must monitor and evaluate the results of corrective actions, monitor the concerns of the civil aviation industry in respect of safety and their perceived effect on safety, and determine the adequacy of the training required for all personnel. 

Smarten Up SMS is to observe.

The third part of a safety management system is for all operational personnel to take part in the SMS, where operations are observed, reports are submitted, and assigned corrective actions are implemented. 

A daily quality control program is based on a simple principle that if the regulations are not broad enough to capture all aspects of their operation, the operator is responsible for safety in operations and must add additional safety levels to ensure an acceptable level of safety. The principle of Smarten Up SMS is to operate with a userfriendly system for the end-user, places a high workload on the accountable executive to conduct comprehensive research and development.  

The SMS regulations is a helpful tool for operators to document and establish processes that works. SMS is an oversight regulation and is therefore applicable to all aspects, or regulatory requirements of all airport or airline operations. As an example: A daily inspection at an airport is not a regulatory requirement but becomes a tool under the SMS regulation to comply with airport standards. An aerodrome operator, aerial applicator, flight school or airline are all required to comply with their own parts of the regulations and must have tools in place for compliance. Even though the SMS regulations is not applicable to all of these operations, it is a helpful tool to apply to ensure compliance with their specific applicable regulations. 

An operator may voluntarily use the SMS tools as their process control for compliance. Since the SMS tool are already available, and operators have access to use the systems, there is no need to begin new research and development to design a system to implement in their own operations.

It is vital for success for airports and airlines operations that they have a third party to represent their interest at audits, inspections, or onsite regulatory oversight activities. Corrective action plans (CAP), including research, development and presentation are extremely labor intensive and costly for both large and small operators. Develop and design CAP takes away time for safety in operation.

Smarten Up SMS is when nobody is in the office, but where everyone is away working.

The aviation industry has already moved into a rating level system, where audit compliance and customer service become your rating targets published. Just as a rating system is applied to all aspects of social media, it is also applied to aerodrome operators, airlines, flight schools or aerial applicators. Smarten Up SMS is not about what your SMS is, or who you are, but about who you must become.


Monday, September 20, 2021

SMS Authority

 SMS Authority

By Catalina9

A Safety Management System plays a role in the organizational charts for both airport and airlines, but without overriding any other regulatory requirements the SMS is an administrative tool rather than a safety improvement tool. Since the SMS being a businesslike approach to safety, poor decision makings are allowed, and losses are acceptable. In addition to other regulations, the regulator must verify that airports and airlines comply with all regulations and not just the SMS regulations. This could create conflicts between the SMS regulations and operational regulations. 

It is a lonely road for an AE to find hidden SMS facts.

The two avenues of a Safety Management System are the regulatory and operations avenues. The regulatory avenue includes oversight, policies, systems, research, development, design, compliance, project solutions leadership motivation, quality control, audits, and quality assurance. The operations side of the SMS are processes, procedures, implementation and maintenance, training, data collection, analyses, review, and communication. Oversight is by the Accountable Executive (AE) and operations is by the SMS Manager. 

The two regulatory requirements to act as the AE are that they have control of financial and human resources that are necessary operations. These requirements are different than roles and responsibilities of an AE, since they are only the authority to act as Accountable Executive. Their roles and responsibilities are defined in the regulations as to be accountable on behalf of an airport authority, a mayor, a city council, a corporation, a business, or a person for meeting the requirements of the regulations. Depending on size and complexity of an airport or airline, an Accountable Executive is responsible for between 250-500 regulations. This responsibility is much greater than the asserted responsibility over financial and human resources.  


The roles and responsibilities of an SMS Manager are operational in nature. Their responsibilities under the regulations are defined as being responsible for implementation of a reporting system to ensure the timely collection of information related to hazards, incidents and accidents that may adversely affect safety. Timely collection may be different today than yesterday and may look very different tomorrow. When SMS was first invented, timely delivery was by fax. If someone sends a fax today, their report might not arrive on the SMS Manager’s desk. 


Another responsibility is to identify hazards and carry out risk analyses of the hazards. This responsibility is so huge that it is almost impossible to comprehend. Identification of hazards are not defined in the regulations as an opinion, but actually of factual hazards. A hazard identified one day is still a hazard the next day. When hazards are identified an SMS Manager has a responsibility to investigate, analyze and identify the root cause of all hazards, incidents and accidents identified. The regulatory requirement is not to identify the root cause of selective hazards, but to identify the root cause of all hazards. 


An effective SMS needs a safety data system to be implemented by electronic or other means. This is another responsibility of the SMS Manager. When this requirement was first implemented a paperformat safety data system was acceptable, but as the SMS evolved it became unmanageable as a paperformat system and electronic databases were used. Over time this system also became obsolete since electronic spreadsheets could be manipulated or corrupted by adding or removing data. There are several SMS cloudbased services available, the comprehensive task is to select one that do not demand control over your Safety Management System. There are only a handful cloudbased data collection tools that let you maintain full control over your own SMS.  


This leads us to the next responsibility is that the SMS Manger implements a safety data system to monitor and analyze trends. Monitoring is to maintain regular surveillance over events, and to do this at uniform intervals. Monitoring events does do very little to improve safety. After data is collected it is turned into information to be absorbed by one, or all, of the five senses. When absorbed, information turns into knowledge, which is used to analyze for trends. When trends are known, the SMS Manager has a tool to comprehend interconnected links. This tool is also available to the SMS Manager as a tool to monitor and evaluate the results of corrective actions implemented from the analysis. 

Concerns of the aviation industry may vary with experience.

The most comprehensive responsibility that an SMS Manager has is to monitor the concerns of the civil aviation industry in respect of safety and their perceived effect on an airport or airline. There are several responsibilities applied to this regulatory requirement. The first task is to decide what to monitor, another task is to decide when to monitor, with a third task where to monitor, e.g. locally or globally, the next task is define in details why to monitor, in addition to the regulatory requirement, and who should monitor. Monitoring might not be done by the SMS Manager, but could be assigned to dispatch, flight following or airside maintainer. The final task is to decide how to monitor the aviation industry. 

Other responsibility an SMS Manger has is to determine the adequacy of the training required by the SMS Manager and for personnel assigned duties under the safety management system. A person with any responsibility for an aircraft operating airside at an airport or a person with airside responsibilities are personnel assigned duties under the SMS. This includes both the Accountable Executive and SMS Manger in addition to other workers with roles and responsibilities for the safe operations of an aircraft or airport. 

With all these SMS responsibilities both airline operations, or airside regulations will overrule SMS proactive actions. A requirement at an airport is to maintain obstacle free zones for approach surfaces and transitional surfaces. When an SMS identified that tall trees or construction cranes are almost penetrating these surfaces and should be removed as a precautionary action, the overall decisions in the past were that since these obstructions legally conform, they must not be removed or restricted. The same scenario could be applied to a damaged, but legally conforming engine, a stress-damaged wing that is legally conforming, or the tailstrike damage to Air China 601 accident. If SMS is given its intended regulatory powers by an airline or airport will be documented in how recovery in aviation after a pandemic is given accountability to legally conforming concerns. Both pilots and maintenance crew are experiencing the old effect of being “bushed”.  As an old bush-pilot, I've seen people get "bushed" living in the middle of nowhere for months and they would do unthinkable things. What the global aviation industry must comprehend is that pilots and mechanics are being “bushed” by quarantine and other enforced pandemic demands. Since the regulations is not broad enough to include, or cover this aspect of aviation safety, it becomes the responsibility of the airlines and airports to ensure that SMS is allowed to function as intended and capture every “almost” in aviation. 



Monday, September 6, 2021



By Catalina9

Exposure in the Safety Management System is an integrated part of a risk assessment and risk analysis. A risk assessment involves several steps and forms the backbone of an overall risk oversight plan. Included in a risk assessment is one or several risk analyses to determine the defining characteristics of each hazard and to assign risk level scores based on the analysis. Key components of a risk analysis are likelihood, severity and exposure. Likelihood is a definition of times between intervals of an active hazard, severity is a defined outcome of the occurrence, and exposure is the variable, defined as common cause variation or special cause variation and a assigned a function, or weight score, between 0 to 1. If the exposure is zero, the hazard does not exist or has been eliminated. When the exposure is one, the impact of a hazard is inevitable.

When common cause variations are treated as special cause variations, the risk analysis has taken the wrong turn at the fork in the road. Common cause variations are integrated in a process, they are necessary for the process and the process would fail if one or more common cause variations were eliminated. An example of common cause variation is ice in clouds and thunderstorms. For ice to form on an aircraft in flight, the air must be cold and contain moisture. Icing conditions frequently occur when moist air is forced upward. As the air rises, it expands and cools. If the air cools to the saturation point, where the temperature equals the dew point, the moisture will condense into clouds or precipitation. For ice to form there must be clouds or precipitation and icing can be most intense near the cloud tops, where the amount of liquid water is often greatest. This part of the cloud has the greatest amount of lifting, cooling, and condensation. Encountering inflight icing in clouds is therefore a common cause variation, while non inflight icing in clouds is a special cause variation.

When applying exposure in a risk analysis the task is to analyse in 3D and measured
in time (hours-minutes-seconds), space (geographical location) and compass (direction). A 3D analysis is to analyse a moving object within the tube itself, rather than from behind, below, above, beside or in front of a moving object. A 3D analysis is the expected view as observed by the pilot at a specific moment in time, location, and direction.

Exposure paints a picture of the past to plan for the future.
The first step when analyzing exposure is to determine if the variation is a common cause variation or a special cause variation. When traveling to or from work, people conduct a mental exposure analysis by leaving at a certain time to avoid the heaviest traffic. In aviation common cause variation analyses are also conducted for arrivals at major airports or during special events. Comprehension of systems is therefore vital to correctly identify the true variation and develop the proper corrective action plan. If encountering inflight icing in clouds was assigned as a special cause variation with a root cause analysis, the analysis would be derailed from the beginning. The analysis could easily take a turn to explain that icing in clouds were not in the forecast. While this might be true, does not make it a special cause variation, since icing in clouds is to be expected anytime an aircraft is flying above freezing level. 

If the freezing level was lower than forecasted still makes it a common cause variation, since this is what the freezing levels do every day. The forecasted freezing level is nothing else but a risk assessed model of what altitude the level might be in the future. Pilots and dispatches often blindfolded accept icing and freezing level computer models, which then could be mistaken for a special cause variation. Level of exposure changes with time, location, and direction of an aircraft. An aircraft on the ground has a zero-exposure level to inflight icing. The exposure level begins when the reach the rotation speed. Inflight icing could be from ice accumulated on the ground and the exposure level for inflight icing is therefore 1,or 100% likelihood, or probability, that the ice will affect aircraft performance. 

One reason for ground de-icing and anti-icing is to reduce the exposure level of inflight icing to an acceptable level and defined as holdover time. Research of anti-ice fluids has determined that the fluid remains effective for a short period of time and when an aircraft is airborne prior to the time expires, the exposure probability, or likelihood, to inflight icing is inconceivable, or times between intervals are imaginary, theoretical, virtual, or fictional.

After it has been determined that a variation is a common cause, the next step is to analyse how the hazard could be exposed, or how the hazard could affect operations. If the hazard is icing in cloud, the analysis shows a likelihood of 1 that flight into known icing will expose the aircraft to inflight icing. The analysis is both a part of the pre-flight planning and inflight operational observations. The severity of icing is determined by several conditions, but for the purpose of icing when entering clouds at a flight level above freezing level, the likelihood of exposure is methodical, planned and dependable, without defining the operational system or processes involved. When analysing flight crew, aircraft and expected level of icing severity, available operational systems play a role. Encountering icing may vary from a level of informational, which is a severity level that is not compatible with another fact or claim of the hazard, to catastrophic which is a severity level where functions, movements, or operations cease to exist, or it could be any level between these two extreme severity levels. Exposure level in SMS is a pre-flight, or pre-task operational tool with actions defined in applicable safety cases.

Special cause variation Beatty NV 1981-03-18
The third step and an analysis of level of exposure to a special cause variation is a totally different approach, since a
special cause variation is unexpected, it is an abnormal condition and a variation that is irrelevant for the process to function as expected. A special cause variation could be a
malfunctioning ITT or Inter Turbine Temperature during takeoff. Special cause variations are excluded from pre-flight planning since they are items covered by other levels of protections. When using the ITT example above, aircraft engines are regularly inspected and found acceptable, or it is removed from the aircraft if unacceptable. When the pilot takes off, the engine is expected to perform as it should without malfunctioning. However, a principle in aviation is to expect the best but to be prepared for the worst. Preparing for the worst at every takeoff is not exposure to an engine failure or other system failures but is a part of an ongoing recurrent training program. Below is an example of how a malfunctioning ITT is identified in a control chart and when this is identified a root cause analysis must be performed. Normally the ITT is running 680°, but one day it was 681°.

This variation did not trigger an incident or ITT exceedance, but it is a variation that is not common within the system itself and must be investigated with a root cause analysis. Exposure levels triggers two actions: The first action is to prepare for common cause variations and the second action is to conduct a root cause analysis of a special cause variation.


Sunday, August 22, 2021

Scale Down for Compliance

Scale Down for Compliance

By Catalina9

Scale Down for Compliance

An airport operator has several responsibilities when it comes to the activation of an airport emergency plan, activities during the emergency and post emergency activities. Airport Emergency Plan compliance is a comprehensive task which at first glance seems impossible to comprehend and achieve.

Airport emergency planning is the process of preparing an airport to cope with an emergency occurring at the airport or in its vicinity. The object of the airport emergency planning is to minimize the effects of an emergency, particularly in respect of saving lives and maintaining aircraft operations. The airport emergency plan sets forth the procedures for coordinating the response of different airport agencies and other community agencies in the surrounding community that could be of assistance in responding to the emergency. The basic needs and concepts of emergency planning and exercises are command, communicate and coordinate.

An airport operator has a responsibility to identify organizations at the airport and community organizations that are capable of aiding during an emergency at the airport or in its vicinity. Telephone numbers and other contact information for each organization are listed in the airport emergency plan and the type of assistance each organization can provide is also listed.

An airport operator has a responsibility to identify any other resources available at the airport and in the surrounding communities for use during an emergency, or in recovery operations and provide their telephone numbers and other contact information.

An airport operator has a responsibility to describe lines of authority for each emergency and the relationships between the organizations and how interactions between these organizations are coordinated, and coordination within each of these organizations.

An airport operator has a responsibility to identify supervisors and describe the responsibilities for each emergency.

An airport operator has a responsibility to specify the positions occupied by airport personnel who will respond to an emergency and describe their specific emergency response duties.

An airport operator has a responsibility to identify the on-scene controller and describe the person’s emergency response duties.

An airport operator has a responsibility to provide authorization for a person to act as an on-scene controller or a supervisor if they are not airport personnel.

An airport operator has a responsibility to set out the criteria to be used for positioning the on-scene controller within visual range of an emergency scene.

An airport operator has a responsibility to set out the measures to be taken to make the on-scene controller easily identifiable at all times by all persons responding to an emergency.

An airport operator has a responsibility to describe the procedure for transferring control to the on-scene controller if initial on-scene control was assumed by a person from a responding organization, e.g. fire, ambulance or police.

An airport operator has a responsibility to describe any training and qualifications required for the on-scene controller and other airport personnel identified in the emergency plan.

An airport operator has a responsibility to describe the method for recording any training provided to the on-scene controller and airport personnel.

An airport operator has a responsibility to describe the communication procedures and specify the radio frequencies to be used to link the airport operator with the on- scene controller, and to link the airport operator with the providers of ground traffic control services and air traffic control services.

An airport operator has a responsibility to describe the communication procedures allowing the on-scene controller to communicate with the organizations identified in the emergency plan.

An airport operator has a responsibility to identify the alerting procedures that activate the emergency plan, establish the necessary level of response, allow immediate communication with the organizations identified in the emergency plan in accordance with the required level of response, confirm the dispatch of each responding organization, establish the use of standard terminology in communications, and establish the use of the appropriate radio frequencies as set out in the emergency plan.

An airport operator has a responsibility to specify the airport communication equipment testing procedures, a schedule for the testing, and the method of keeping records of the tests.

An airport operator has a responsibility to specify the location of the emergency coordination center used to provide support to the on-scene controller when ARFF is on the field.

An airport operator has a responsibility to describe the measures for dealing with adverse climatic conditions and darkness for each potential emergency.

An airport operator has a responsibility to describe the procedures to assist persons who have been evacuated if their safety is threatened or airside operations are affected.

An airport operator has a responsibility to describe the procedures respecting the review and confirmation of emergency status reports, coordination with the coroner and the investigator designated by the Transportation Safety Board of Canada regarding the accident site conditions, disabled aircraft removal, airside inspection results, accident or incident site conditions, and air traffic services and NOTAM coordination to permit the return of the airport to operational status after an emergency situation.

An airport operator has a responsibility to describe the procedures for controlling vehicular flow during an emergency to ensure the safety of vehicles, aircraft and persons.

An airport operator has a responsibility to specify the procedures for issuing a NOTAM in the event of an emergency affecting the critical category for fire fighting if ARFF are available on the field, or changes or restrictions in facilities or services at the airport during and after an emergency.

An airport operator has a responsibility to describe the procedures for preserving evidence as it relates to aircraft or aircraft part removal, and the site of the accident or incident in accordance with the Canadian Transportation Accident Investigation and Safety Board Act.

An airport operator has a responsibility to describe the procedures to be followed, after any exercise, or the activation of the plan, a post-emergency debriefing session with all participating organizations, the recording of the minutes of the debriefing session, an evaluation of the effectiveness of the emergency plan to identify deficiencies, changes, if any, to be made in the emergency plan, and partial testing subsequent to the modification of an airport emergency plan.

An airport operator has a responsibility to describe the process for an annual review and update of the emergency plan, describe the administrative procedure for the distribution of copies of an updated version of the emergency plan to the airport personnel who require them and to the community organizations identified in the plan, and describe the procedures to assist in locating an aircraft when the airport receives notification that an ELT has been activated.

An airport operator includes in the airport emergency plan a copy of signed agreements between the airport operator and community organizations that provide emergency response services to the airport and an airport grid map.

A Safety Management System (SMS) is a process oversight system of all areas of airport operations. The challenge with an Airport Emergency Plan (AEP) is not all required responsibilities, and a conglomerate of interactions, but that the AEP must be scaled down to size and complexity of the airport. Unless the AEP is scaled, the airport operator is in non- compliance with a regulatory requirement that a safety management system is adapted to the size, nature and complexity of the operations, activities, hazards and risks associated with the operations. The key to success is to scale down to a common denominator with combined tasks.


Sunday, August 8, 2021

Your Safety Data System

Your Safety Data System

By Catalina 9

The regulations require that an airport or airline operator implement a safety data system, by either electronic or other means, to monitor and analyze trends in hazards, incidents and accidents. Regulations are scalable and paper format as other means is included to monitor and analyze trends. At some of the smaller airports with only one or two persons managing and maintaining the airport the paper format may work for that size and complexity. For airports with three or more workers or larger airports and airlines, it becomes a humongous and labor-intensive task to conform to regulatory compliance by monitoring and analyzing trends using paper documents.

Unless there is tangible action the SMS is only empty words

The Safety Management System (SMS) is more than data point entries and designing graphs. SMS needs to be built up by a safety data system with tangible actions and results. A safety data system must be autonomous, preserve its integrity, it must be flexible and scalable to size and complexity, or tailored to operational needs. In an autonomous safety data system there is task completion, performance reliability and performance analytics. Performance analytics is the engine, or system, that uncovers insights and reveals hidden value to define new, targeted learning interventions. The result is learning spend that helps aviation safety achieve key objectives.

A requirement for a safety data system is that it acts as an inhibitor against corruption, subjectivity or bias. Corruption is when a system may, intentionally or unintentionally, being altered causing a different outcome. Subjectivity is when someone has a personal interest, or an agenda to manipulate the outcome of data collected, or of facts discovered. Bias is prejudice of outcome based on an assumption or an opinion about someone, or something, simply based on past history. The differences between corruption, subjectivity and bias, is that corruption could be an error, mistake or intentional action, subjectivity is personal to the outcome where facts are ignored, and bias is a decision made prior to an investigation or fact finding mission. A safety data system must prevent these opportunities to occur within its system.
A paper format safety data system is inherent corrupted by self-degradation over time. A document may be legible one year but totally unreadable the next year. Paper documents can also be altered or lost. In an operation with two workers only, such as the Accountable Executive and Airport Manager/ SMS Manager, a paper format may work since any changes are traced to one or the other. If there are three workers, a conflict of interest may arise. Paper documents is an available option under the regulation to accommodate for the simplest common denominator which is one aircraft and one person, or one airport and one person.

Electronic spreadsheets is an option often used by airlines and airport operator as their safety data system. Just as a paper system, an electronic spreadsheet system may also be corrupted, subjective or biased to the facts. A safety data system that in not corrupted, subjective or bias starts with the SMS safety policy. An effective Safety Policy is a tool to manage corruption, subjectivity or bias and must be tailored to the organization so all personnel can recognize accountability, accept accountability for the policy and take ownership of it. Without ownership of the Safety Policy, the policy is an ineffective tool and in itself a hazard to safety.

When there is no accountability to the Safety Policy it becomes more important to adhere to the text in the policy rather than the intent of safety in operations. When the text itself is paramount in the decision-making process, a grammatical error has in the past become the determining factor for a regulatory SMS finding. When selecting a safety data system, the two most important functions to consider are the probability of file deletion, or alternation and the simplicity of reporting. In its simplest form an SMS report should accept a submission with one or two pictures only. A system where files can be deleted by an operator does not preserve the integrity of the system. Files must remain in the safety data system for as long as they are applicable to operations, or personnel, at which time they may be archived, but still available for retrieval. An example would be the Canadian CADORS files for an airport. The airport may analyze CADORS for the past five years, but after 5 years and 1 month, the 1 month may be archived.

If advertising does not work, social media does not affect safety in aviation

CADORS are as much a part of the data collection system as any other report. If CADORS are excluded from the hazard register, an airline or airport operator is operating with a corrupt safety data system and a skewed analysis. Public complaints are also a part of the hazard register, since public opinions affects how the regulator views an airline or airport. As an example, it was not long ago that the regulator revoked a certificate with unsubstantiated findings, or findings added after the inspection, due to public opinion of the operator. Another example is how the public opinion affected a CADORS to be biased against a smaller operator and gave an excuse for the airline’s on-time departure record. The excuse why the airliner entered the runway for backtracking when the smaller aircraft was on base leg was that they needed a VFR departure since the IFR clearance was going to take a while. When the smaller aircraft turned onto final, the taxiing aircraft was ¾ of the way down the runway for takeoff and declared that they had vacated the active runway when they were parked in the turnaround bay. An unbiased CADORS would have stated the facts, which was that a small aircraft had to make an avoidance maneuver due to an airliner backtracking on an active runway. There are several examples of how public opinions or social media affects the CADORS. For an airport or airline to preserve their integrity and fight for their regulatory conformance, CADORS must be investigated and filed in their hazard register. Another short CADORS example shows how social media or public opinions make it into the CADORS [redacted]: An aircraft flew directly overhead an airport [small private airport] northbound, at an altitude of approximately 1000 feet above ground level and a rate of 151 knots ground speed without making any radio calls. Video evidence is available.  

Your Safety Data System must be integrated as a winning combination of your quality control and quality assurance system for incremental safety improvements. SiteDocs is a winning safety data collection tool. Data collected must be preserved and include reports that are both favorable, and unfavorable for your operations. A Safety Data System is more than just collecting and filing reports, it is a tool for the Accountable Executive to learn and comprehend safety in operations and review how lessons learned are derived from the Safety Policy. 



Monday, July 26, 2021

$ Money Talks $

 Money Talks

By Catalina9

One could define risk management as the identification, analysis and elimination of those hazards, as well as the residual risks that threaten the viability of an enterprise. The discussion if it is possible or practical to eliminate hazards are ongoing with opposing views. Airports and airlines accept the inherent risks in aviation every time there is a movement on the field or in aeronavigation. On the other hand, both regulators and professional auditors, expects from the corrective action plans that an operator make changes to ensure that an occurrence will never happen again. While it is unreasonable to expect the complete elimination of risk in aviation, it is also unreasonable to expect that that all risks are acceptable. It is a fine line to balance between what risks to eliminate, and what risk to accept. Risk acceptance, or elimination is a 3D identification process measured in time (speed), space (location), and compass (direction). When 3D thinking is introduced, a future scenario can be designed, or the exposure level. Risk mitigation then becomes an exposure level mitigation and not the mitigation of the hazard itself.  This does not imply that the future can be predicted, but it implies that data, information, knowledge, and comprehension are vital steps to predict hazards that affect operational processes. Exposure level mitigation is currently a major part of risk mitigation, e.g., airside markings, markers, signs or lighting, or aeronavigation flow into congested airspace and for gate assignments. 

Risk in aviation are the common cause variations, which are variations within a process, and required to be a part of the process for the process to function as intended. An example of a common cause variation is the runway friction. Without runway friction landings and takeoffs would not be possible. For an air operator, runway friction becomes a special cause variation with rain, snow or slush. Special cause variations are mitigated to an acceptable exposure level. The difference between a risk and a hazard, is that a hazard is one item and the effect it has on safety, while the risk is a conglomerate of hazard probabilities in a 3D scenario with a combined effect of safety.

Let’s take a moment and analyze the probability of the probability of a midair disaster involving two aircraft departing 350 NM apart and travelling to two different destinations in a non-congested airspace. If a risk assessment was done of a midair collision prior to departure, the assumption is that both assessments would accept the risk and defined as a green color. In this first risk assessment the planned departure times and destinations of the other aircraft was unknown. An inherent risk in aviation, or common cause variation, is that the 3D position of other aircraft flying in accordance with the visual flight rules (VFR) are unknown. In an instrument flight rule (IFR) environment, the position of other aircraft, or their estimated 3D positions are known and mitigated. In an IFR environment the exposure level is mitigated to an acceptable level. In a VFR operational environment, the exposure level is unknown until communication between pilots are established, or visual contact has been established. 

Safety in aviation is the strategic game of moving hazards.
 Two aircraft may be on collision course   without knowing of each other.   Depending on aircraft design, an   approaching aircraft may be in a blind   spot for several minutes, as it was for   flight 498. An exposure level may last   for  several minutes, or only for a split   second. When the 3D location is   unknown, the exposure level is   unknown,  even if two aircraft are on a   certain collision course. In 2012 two   aircraft departed 350 NM apart for   different destinations and crashed   midair.  A 3D location could have been   calculated if their altitude, track and groundspeed were known. However,

flying VFR and relying on visual or audio clues is an inherent risk, or a common cause variation in aviation. A common cause variation transforms to special cause variation when one or more of the other systems are malfunctioning. The investigating authority defined a weakness of the see-and-avoid system for VFR flights. A secondary system malfunctioning may have been the position reporting system when departing an altitude or communicate their intended VFR approach procedure.

The safety cycle in aviation is safety, operations, and accounting. When a student pilots take off for their first solo flight, their primary concern is safety and that their first landing will be a safe landing. What their general flying skills are or what the cost of the airplane is, becomes secondary to safety. When safety is achieved and the student pilot is proficient in landing, they are focusing on cross country skills and flights beyond sight of the airport. As more time is accumulated equals more money spent. Eventually, money becomes the governing factor of flying. 

Safety is Project Solutions Leadership Motivation

The principle, or cycle of safety, operations and accounting is a cycle that airlines or airports go through at regular intervals. When first starting up as an airline, their primary concern is safety, including new upstarts of low-cost carriers. Without safety processes in place, they would not qualify for the operations certificate. When SMS was regulatory mandated, airlines and airports went overboard to ensure safety compliance. As they move forward, customer service is added to safety in operations, but eventually, their capacity limits out and cost becomes the determining factor. A regional airline spent more than $750,000.00 within a short time to ensure safety compliance. Eventually the accounting department focuses on cash spent on safety and demands reductions in spending. At first this seems reasonable and acceptable, but over time this drift eliminates critical tasks and moves the operations closer to the fine line between safety and incidents. Several years ago, a regional operator, who had not experienced a fatal accident in 35 years, had their first fatal accident because they relied on prior years track records which had included safety processes. With a good track record, it made sense to accounting to reduce cash spent on safety investments. Fail to plan equals plan to fail.    

Safety in aviation is not what accidents or incident did not occur, but it is what the cash return on safety investment is. In general terms, return on investment is the additional revenue, or cash generated. The return on investment in aviation safety is the reduction of cash spent on safety, or negative cash generated. Return on investment of SMS is not the savings by a reduction of accidents or incidents, but the return of cash revenue generated by in-control processes and organizational based safety investment decisions. A CEO of a company works with cash daily and a reduction of quantity is less significant than a higher cash value of the organization. For an airline or airport with 500,000 annual movements or cycles, a reduction of annual incidents from 1,500 to 1,200 is less significant to the CEO and the Board than a reduction in cash spending of 1,080,000.00 dollars. 

When the reduction of cash spent on incidents has a positive impact on the bottom line, the old-fashion cycle of safety may be broken, and continuous safety improvements becomes an available option to the processes. Money talks and when safety is the profit generator, it makes sense to invest in safety.    


When SMS Becomes Inactive

When SMS Becomes Inactive  By Catalina9 A Safety Management System (SMS) that is inactive will leave a void for an uncontrollable system to...