Saturday, July 20, 2024



By OffRoadPilots

A safety management system (SMS) is a regulatory requirement for airport and

airline operators, the SMS regulations are performance-based, processes must

conform to regulatory requirements, but still, a healthy SMS is lawless. In a lawless

system events are unrestricted, actions are reactive to immediate threats, and

data are collected by random chance. A safety management system contains

multiple components to conduct research study of patterns. Research study design

is a framework, or the set of methods and procedures used to collect and analyse

data on variables specified in a particular research problem. A safety management

system research study designs comes in many shape and forms, with advantages

and limitations. A rule-based SMS is an overcontrolled system to justify an

expected definite and unambiguous output. A system where predetermined

results exists, is a system without trust, without learning, without accountability,

and a system where information sharing impossible. A lawless SMS paints a true

picture of airport and airline operators.

When data collections are

subject to rules, opinions,

and obedience, then data

collected becomes

corrupted data, unreliable

data for analysis and

fraudulent data. It is a

simple task to make an

SMS look acceptable on

paper by immediately

making corrections to

findings without reporting

these to the SMS. Prior to

SMS becoming a regulatory requirements, items and occurrences were repaired,

and documents were properly amended as a part of normal safety control, but they were not systematically documented for statistical process control (SPC)

analysis. One difference with an SMS, is to document findings, report findings to

SMS, fix or repair the findings, and monitor for patterns and compliance after


When there are rules and practices for what is allowed to be reported to an SMS

manager, invaluable information is lost. SMS is not as much about reporting

incidents, as it is to establish patterns. Micromanagement of what is allowed does

not change the fact of how workers do their job day in and day out. All it does, is to

show a hazard register with allowable hazards as opposed to actual hazards.

Allowable hazards to report are unwritten organizational rules and practices. Over

time personnel learns to accept what to report and what is not allowed to be

reported. A common mistake by operators is to only accept reported hazards and

taking the position that unreported hazards do not exist. When the position is

taken that verbally reported hazards do not exist, or that verbally reported events

did not happen, operators are creating an officially controlled safety management

system. When an SMS authoritarian system is established, the authority of an SMS

is characterized by highly concentrated and centralized governing powers

maintained by excluding opposition, objections, and challenges. An authoritarian

SMS uses common sense justification to mobilize around the unwritten goals of

the operator. The requirement that the accountable executive is responsible

operations and activities authorized under the certificate and accountable on

behalf of the certificate holder for meeting the requirements of the regulations is

set up for an authoritarian SMS and misrepresentation of the system. Maintaining

regulatory requirements under such a system induces operational pathways with

hazard levels above hazard levels without operating with a safety management


Running a safety management system is a specialty task different from any other

airline or airport operations tasks. A safety management system is not about

safety, but about processes, just as an accounting system is about processes and

not about the bottom line. The bottom line, profit, or loss is affected by accounting

processes applied, but these processes must adhere to accounting principles, evenif the CEO, or AE is the person with the final authority. A CEO cannot, while some

do, arbitrary demand their accountant to go against proper accounting principles

to adjust the outcome for short-term benefits, but long-term harm. In the

accounting world it is fraud to manipulate inputs to the process. Operating an SMS

by manipulating the inputs are also fraud, but difficult to detect for an untrained


Operating with a safety

management system

requires comprehensive

changes to airport and

airline operations. A fraud

management system needs

to be implemented pursuant

the quality assurance

program when operating

with an SMS, that is

required to conform to

regulatory requirements.

Justification for a fraud management system as an integral part of the quality

assurance program, is to place the oversight in the hands of the SMS manager. In

the pre-SMS era, there were no need for a fraud management system since any

use for the word “safety” justified any actions.

Fraud is intentional deception to secure unfair gain. Unfair gain applicable to a

safety management system, is when multiple operators providing the same

contracted services are gauged by their outputs, as opposed to what is reported.

When other operators only report favorable hazards and minimize their outputs,

while a single operator reports all raw data collected, the single reporting operator

generates 80% of events and hazards. With 80% of hazards and events allocated to

one single operator, this operator is being red-flagged and as unsuitable for further

contracts. What is forgotten in the equation, is that a contracted air operator’s

.right to operate their SMS as they see fit, are the responsibilities that comes with

freedom and rights.

In the face of new fraud methods and increasing incidence of fraud, operators

must continually identify and address vulnerabilities. Success will require core

capabilities in areas of enhanced threat intelligence along client journeys, data-

cycle testing and feedback, advanced data, technology, and analytics, and

transformation of the operating model.

Even as fraud threats have become more sophisticated, customers are demanding

more streamlined and low-friction journeys. Addressing these challenges requires

an enhanced strategy that has strong customer experience and fraud prevention

components and bases its long-term success on prioritizing 360-degree

intelligence. An operator, being airports or airlines must know their customers,

know their own operations and SMS, vulnerabilities, and capability gaps, and know

their competitors. A competitor may me a customer, an operator in the same

business, or the general public.

Analyzing the huge volume of intelligence data now available is a real challenge.

The traditional manual approach driven by individual investigators are fading away.

Instead, companies need a new at-scale technology-enabled solution and

multidisciplinary approach. A client intelligence and fraud prevention center can

better source and integrate threat intelligence and analysis to serve antifraud

decision making. This involves the creation of trusted stakeholder networks, both

within the organization and among clients, partners, and government entities, to

facilitate collaboration across silos and organizations. The cross-functional team

includes business leaders, experience designers, marketing specialists, product

development specialists, fraud specialists, investigators, operations specialists,

data scientists, technologists, and cyber experts.

To ensure that client journeys and controls provide the required protection against

vulnerabilities and that the organization meets defined and goals. Airport and

airline operators run data on files to identify nonfraudulent and fraudulentbehaviors and match them against actual SMS reports. Implementation of new

fraud control could cause the loss of a significant amount of business unless it is

performed properly. This is averted by reactive testing the control against

historical populations to gauge the outcome before implementation was under

way. Spelling out all the key outcomes allows operators to determine which special

cause variation generate the root cause of potential loss of customers and enable

them to devise a plan to address these special cause variations.

When conducting testing, test parameters of SMS reports must be established.

Testing is conducted randomly throughout SMS reports journey, with controlled

setup in live tests. Determining which version performs better enables operators

to identify the impact on fraud rates and customer satisfaction.

Learning from ongoing tests

requires a mindset shift by

leaders and specialists in

operations, technology,

customer experience, and

compliance and risk. Test

results should be

synthesized and reviewed in

a rapid feedback loop. By

adopting this rapid testing

cycle, airports and operates

can continuously adapt its

fraud controls and prevention measures as fraud threats evolve.

Airports and airlines need multilayer defenses with sophisticated data analytics

that enable rapid decision making for applications and nearly instant response

rates for monitoring. Technology needs to be flexible, adaptive, and quick enough

to react to fast-paced fraud attacks. Equally important is the need for insightful

and actionable analytics to identify fraud attacks quickly, enabling SMS enterprises

to modify controls and strategies.

Operators need to build the data and analytics that allow them to understand

customer experiences and changes in behavior after a fraud incident and across a

hazard’s journeys. They also need predictions and triggers to handle fraud

experiences rapidly and proactively, such as communications about why fraud

occurred and ways to protect the account in the future.

This requires data models that incorporate both internal and external sources.

Internal data, which should be combined across product silos, could be related to

fraud, identification, SMS reports profiles, and connected interactions across

channels. External sources could include device, biometric, and social data. The

model should also be updated to include new value-added data sources

continually. Additionally, it requires an orchestration layer that integrates different

systems and allows fraud management teams to think across the value chain,

capture complex fraud patterns, and identify fraud earlier. It should also enable

them to orchestrate the response and communication so SMS team members can

handle the experience in their area of expertise and department.

For SMS enterprises to

support advanced fraud

management, they should

consider enhancing their

operating model across

human factors,

organizational factors,

supervision factors and

environmental factors.

The safety management

system is defined as a

businesslike approach to safety. With a businesslike approach, an SMS must include a businesslike fraud management system. Fraud management of internal

processes and common cause variations, e.g. the AE demands certain input actions and results, are different than fraud management of special cause variations occurring because of how the work is done, e.g. an SMS report could be shared with ability to make changes and cause unintended consequences.

Fraud prevention is a regulatory requirement to ensure the integrity of a safety

management system. Regulations require SMS enterprises to operate with a fraud

management system of their recording systems, which includes computer records,

that do not comprise entries on paper. Computer records requires measures to

ensure that the records contained in the recording systems are protected against

inadvertent loss or destruction and against tampering, and a copy of the records

contained in the recording systems can be printed on paper to verify the integer of


In a lawless SMS organization, there are no restrictions on what area allowed to be

reported and there is no requirement for obedience to one single communication




  Lawless By OffRoadPilots A safety management system (SMS) is a regulatory requirement for airport and airline operators, the SMS regulatio...