Tuesday, April 6, 2021

Predictive SMS

 Predictive SMS

By Catalina9

There are three level of a Safety Management System (SMS). Level 1 is the reactive level, Level 2 is the proactive level, and Level 3 is the predictive level. A fully developed SMS is an SMS at a level when predictions are applied. A predictive level is different than a proactive level, but these two levels also work in harmony. Level 1, as a reactive level stands out in its own class since no actions are required until after the fact, or after the data is available in a data collection tool. Level 2 is reactive to ensure that certain events do not occur again. Level 3, the predictive level, is when the system delivers predictions of future events.  

A predictive level is the guide to excellence 
 A predictive level is different than to foresee the future.   A predictive SMS is about comparing data collected   and results from the past with current data collected to   predict the future. Without making any changes to   human factors system, organizational factors system,   supervision system, or environmental system the   outcome from the past will repeat itself in the future. A   predictive system is not designed, or capable of   predicting a specific event in time (duration), space   (location) and compass (direction), but can predict an   outcome when certain parameters are met. If a person   is  not trained to tow airplanes but expected to park five   airplanes in a hangar that normally holds only four, there is a high probability that at least one airplane will be damaged during one of the towing process. This is predictable, but it is impossible to predict a date and time of the future incident. 

A predictive SMS is also quite different from a proactive process. A reactive SMS is to generated corrective actions and implemented to respond to event analysis and to avoid future incidents or accidents. A predictive SMS is opposite to a reactive system in that a predictive level accepts that future incidents or accidents are inevitable. In a reactive system hazards are captured and entered into a hazard register for analysis. After the proactive and hazard register process is completed, the predictive system goes into the hazard register to predict what hazards are next in line to cause an incident or accident. In short, the proactive system placed hazards in the hazard register into boxes so they could no longer cause incidents, or unscheduled events, while the predictive system then removed some hazards and placed them into another box of future known incidents. It is only when an enterprise accepts that incidents are inevitable that incremental safety improvements becomes available as a safety tool.

At fist glance it also appears that the proactive and predictive system opposes each other, since the proactive system is generating corrective actions to ensure that certain incidents do not happen again, while the predictive system makes these same hazards a cause for the next incident. Yes, they are two different systems, but they complement each other. 

Remember, a predictive system is not a system with the ability to pinpoint the next incident. After a hazard register is populated and corrective actions plans (CAP) are assigned, a predictive system takes over and monitor the CAP processes. A predictive system is a daily quality control system. Some predictions may be long term, while other predictions are only available short term. If an aircraft is still travelling at 100 KTS when reaching the threshold markings at the other end, a confident prediction is that within the next few seconds the aircraft runs of the runway. If this same airplane is touching down beyond the half-way point of the runway, a runway excursion may be predicted, but it is a prediction with less confidence. At the third event, the aircraft is on approach speed and slope for a touchdown point within the touchdown area. A prediction can be made that this will be a successful landing. All this make sense, but why even bother making such obvious short-term predictions. It is absolutely true that it is nonsense to make these short-term predictions since they do not include processes to affect the outcome. A predictive SMS predicts long term predictions with a high level of confidence of an outcome by monitoring hazards. 

A predictive level is the foundation of a sound marketing plan for SMS.
From a reactive system point of view each hazard are placed in a box labeled “Corrected Hazards”. What the predictive system does is to pick up one hazard at a time and monitor it. Hazards are monitored daily within a quality control system and analyzed to the level of job performance, or how the job is done. A job performance level is analyzed to four high level factors: Human Factors (HF), Organizational Factors (OF), Supervision Factors (SF) and Environmental Factors (EF). Applying a daily rundown of airport operations tasks, these factors are monitored and recorded. Over time a predictive SMS will paint a picture of each task and if the picture mirrors expectations from the hazard register incidents are bypassed. 

In a predictive SMS the four factors are in a mastermind alliance where they are working actively together in perfect harmony toward a common definite objective. This is similar to the S-H-E-L-L model where Software, Hardware, Environment, Liveware (people) and Liveware interact with each other in a robust way. Human Factors, Organizational Factors, Supervision Factors and Environmental Factors in a predictive SMS interact with each other in incremental improvements. A change to one of the factors requires a change to one or more of the other factors. Example: An organization may change their organizational factors to suit a Safety Management System, or a person may learn to recite the alphabet for the first time, but without making changes to supervision factors there are opposing 
internal forces acting for and against incremental improvements. A person may learn to recite the alphabet for the first time, but without harmony between HR, OF, SF and EF the opposing forces are destructive to learning. 

A predictive SMS detects these opposing internal forces and can with a high level of certainty, or probability, predict that by continuing down the same path without harmony, eventually the bubble will burst, or an incident will happen. When a paired flight crew, captain and first officer, are opposing each other that aircraft is on its way towards an accident. A predictive SMS recognizes and display these forces.  


Monday, March 22, 2021

Where Is SMS Going

 Where Is SMS Going

By Catalina9

The Safety Management System (SMS) in aviation is has since its infancy taken many twists and turns to find a path forward. SMS started out as an idea of how aviation should manage safety and for the system to be integrated into a functional safety system in the operations. Prior to SMS safety was managed by the “safety card”, or an opinion-based safety solution process. With this in mind, the onset of SMS forced airlines and airport operators to revamp their safety structure and change their approach to safety 180 degrees. 

Without taking ownership of SMS direction for success is only random
This new approach caused conflicts and confusion and the path of least resistance was to reject the new Safety Management System. Rejection became apparent in news articles about how SMS had failed safety and surveys were tailored to show this. However, over a short time SMS grew enough roots to resist being pulled out and it grew stronger. One lesson the aviation industry learned quickly about SMS was that it could not fail since it was a mirror of their operations and painted a true picture of their leadership. As a mirror, the SMS caused a friction between SMS and its Accountable Executive. Since the aviation industry had developed a great safety record over the years, it was difficult to accept the fact that they might not be as safe as they thought they were.

SMS will be going in the direction of what direction the aviation industry wants it to take. It is therefore crucial that high-level leaders understand and comprehend their SMS and policies they are drafting. SMS is unlike older safety systems in that it does not force safety onto operators, but rather identifies to operators if they drift away from or remains on the path towards their objectives and goals. SMS is designed to be a fluid system and adjust to operational needs. Regulatory oversight bodies and the aviation industry are both affected by external pressure from the public, from the industry itself and from political polices of how to regulatory shape the SMS. Just a short time after SMS became a regulatory requirement for all operators, the smaller on-demand and charter only operators were excluded from operating with an SMS. This was the first time the aviation industry mapped the SMS landscape and chose their path of least resistance.

The path to a successful SMS is a balancing act.
 There are two different paths the SMS needs to take   going forward. One is the regulatory path and the   other is the operational path. These are two distinct   and different paths, while they still are connected to   the outcome of safety. Look at this as each rail of a   railroad track. Regulations in themselves are not   safety in operations requirements, but requirements   for compliance in a static environment. This can best   be described as the issuance of an airline or airport   certificate, which is issued to a static environment with planned directions of travel. As soon as there are movements is when it becomes operational and incremental safety improvements kicks in. The regulator must assess an SMS based on regulatory compliance, while an operator must assess their SMS in a fluid and operational state. Only by comprehending SMS is it possible to see the differences and that these two paths are parallel and not opposing paths.

The path SMS needs to take is the system approach path where the task becomes to design systems and processes to complete operational tasks without first assessing each task for regulatory compliance. This does not imply that systems are not assessed for regulatory compliance, but rather that the first task is to identify current operational processes since they paint a true picture of operations. This is different than conducting a gap analysis, since it is a process tracking task. After systems and processes are identified, they are assigned a regulatory compliance component and integrated in a daily quality control system. Quality control of operations is a prerequisite for the Quality Assurance System. 
Without a quality control path, the SMS is wavering

Where SMS is going is difficult to predict since there are special cause variations that will affect its path. The path it must take is the path of incremental safety improvements for both airlines and airports. Over time it will be possible to identify drift away the desired and projected path. When drift is identified it becomes possible to make incremental corrections of operational processes to change course or move back onto the path. Drift in itself is not necessarily undesirable or an unsafe change, but often a change because the planned systems and processes were impractical. The unsafe portion of drift is when the drift itself remains unidentified. 

The first stage of drift at the operational level is for a process to self-adjusts to a practical process; e.g. a pilot changing from IFR to a visual approach in VFR conditions. Eventually this drift was identified and integrated as a standard process. The second part of drift is at the management or organizational level where complacency drives the processes. Social media also has a major impact on the SMS decision-making process.  Social media is free advertising for special interest groups, including support groups for a healthy Safety Management System. 

When assessing the future of where SMS Is Going one must reflect on the past path. It is reasonable to assess that the past path of SMS, becomes a forward-looking guidance of the path to come in the future. By laying out the path from the past drift can be monitored and adjusted if the drift is undesirable. SMS is a system which cannot fail since it paints a true picture of an enterprise. For several reasons there were opposition to SMS from the industry and the regulator when the SMS regulations first was implemented. Some of the opposition was reasonable and relevant to the facts, while other were emotional and irrelevant to facts. Within a short time, surveys were designed to fail the SMS. An example is the CBC News article posted on April 14, 2014 about SMS; “A survey of Canada’s aviation inspectors shows they are increasingly concerned about aviation safety because of Transport Canada rules that leave responsibility for setting acceptable levels of risk up to the airlines. The survey, conducted by Abacus Data on behalf of the Canadian Federal Pilots Association (CFPA), indicates 67 per cent of Canadian aviation inspectors believe the current system increases the risk of a major aviation accident, up from 61 per cent in 2007.” Today is 2021, and we now know that 67% were wrong at that time. There has not been a major aviation accident being contributed to the SMS since the survey. Human factors has not changed and it is reasonable to assume that when opinions about SMS is applied, as opposed to data and facts, 67% will be wrong in the future. 

There was one simple reason why SMS was made a regulatory requirement some years ago. The reason was an understanding that their old aviation oversight system was not capable of preventing accidents. It was also understood that operators, both airlines and airports, did not have a regulatory tool available to prevent accidents until SMS became available.  A friend of mine once said: “As long as the regulatory authorities don't receive feedback from operators (as it is now in many countries), and safety accountability is not practiced and not even understood or taken seriously, the SMS will still generate data, but I cannot imagine or would say if it would be worth data; i.e. proactive data.“ This is so true. Data will be pouring in and stored without assessment or considerations. The test today to lay out the path for the NexGen SMS, is to apply the WINK test, or the What I Now Know test. If I had known then, what I now know, what would I have done different about SMS and then apply this comprehension to the NextGen SMS path. 

Comprehending SMS is a process.

Foundation of comprehension is data. When raw data is collected it comes in all types, shapes, and forms. Some enterprises do not accept data, or reports, if they are not submitted in its proper format. When the report-format is the primary tool to validate a report, the report itself will be a support tool for the safety policy rather than a support tool for data collection of hazards. An enterprise should accept any reports submitted in any format, by a report form, email, telephone, fax, verbally, news article, regulatory finding or even as a hearsay. Look at the reports as the ballots for a small-town mayor election, where the candidates are randomly submitted without preference until the count is completed. It is when data is analyzed it can be turned into information. Information is neutral, without bias or emotions. Information generate knowledge by being absorbed by one or more of the five senses. Absorbed knowledge then generates comprehension of one or more systems and their interactions.

A Safety Management System is irrelevant to safety unless it operates with a daily rundown quality controls system and daily incremental improvements derived from WINK or the What I Now Know test. For the Safety Management System to be effective, all levels in an organization must be able to answer the same question asked over and over again; “Why does the Global Aviation Industry, being Airlines or Airports, need a Safety Management System (SMS) today, when they were safe yesterday without an SMS?” Unless the reason is known, there is no motivation to improve. For the next ten years, the one major definite purpose and the greatest single reason for an SMS is for every single airline or airport personnel to accept and take ownership of their Safety Management System. There is nothing else that matters on the path Where SMS Is Going.  


Sunday, March 7, 2021



By Catalina9

Complacency is a human behavior hazardous to aviation safety. Complacency has become the new root cause for accidents and replaced pilot error. It is conventional wisdom that complacency is caused by the very things that should prevent accidents, factors like experience, training and knowledge contribute to complacency. Complacency makes crews skip hurriedly through checklists, fail to monitor instruments closely or utilize all navigational aids. It can cause a crew to use shortcuts and poor judgement and to resort to other malpractices that mean the difference between hazardous performance and professional performance. Complacency is also given as the reason when things go wrong flying the same route daily or doing the same job regularly. Complacency has just become another word for pilot error. However, this is all wrong. Complacency is not caused by experience, training, or knowledge. Complacency is all about organizational factor. 

Complacency is to take the path of least resistance.
 When conducting a root cause analysis within a   Safety Management System (SMS) world there are   four factors to consider. These are human factors,   organizational factors, supervision factors and   environmental factors. It is also crucial to a root   cause analysis to know that these factors do not   cause  complacency. In a healthy enterprise   complacency as a root cause does not exist. 

Complacency is when you are no longer striving to do your best or perform with accountability, but just do the minimum to get by. Complacency is also when you are not staying up to date in your field as an airline or airport operator. Complacency is to wait for the regulator to find problems with operations, rather than operating with a Quality Assurance System. Even if the subject is not linked to the aviation industry, take a course, or attend a conference. It is easy to drift into complacency, but it is not noticeable yourself.  Complacency is also when you are not seeking or taking advantage of new opportunities but relying on yesterdays news. There are enterprises, both large and small, that believe training is busy-time, or waste of time since their personnel was already trained. Annual training that is not a regulatory requirement are discouraged by these so-called leaders.  When you do not seek or take advantage of opportunities your skills become stale. Doing the same thing over and over gets boring. You remain invisible. Key stakeholders and decision makers do not know that the value that you contribute is to set up for an accident. Look for opportunities to work on new projects and maintain an active and curious mind. Complacency is when you are not maintaining or building your network of business contacts or associating with the industry.  When you do not build ongoing relationships at work or stay tuned to aviation news, you are not privy to critical information that can influence your daily job performance. Complacency is when you do not risk sharing your opinion or ideas. This is a high-risk factor, since when there is an inherent risk by sharing opinions, enterprises are operating outside a just culture environment. 

Complacency is to force the wrong piece to fit the puzzle.
 Complacency is not a condition but a symptom of   hazards within an enterprise and their lack of   commitment to organizational factors. To perform at 
 their best, individuals have two basic needs in the   world of work, if it is in the aviation industry or any   other industry.  The first is the autonomy need. This   is  the need to be seen and respected as an individual,   and to stand out for one’s personal performance. It is   a need to be recognized for individual achievements.   The second need is the dependency need that each   person has in the workplace. This is the need that people have to feel a part of something bigger than themselves. People want to be part of a team. It is the need to feel recognized and accepted as part of a group of people in the workplace.

Leaders create environments where people feel both autonomous and important, on the one hand, and have their dependency needs satisfied by making them feel as if they are part of a team; part of the whole organization. Using positive reinforcement at work is a key factor in personnel motivation. It is what takes place at the moment of contact or communication between the manager and personnel that is the key determinant of performance, effectiveness, productivity, output and profitability of an organization. The point at which the two people connect, whether positively or negatively, is where the past, present and future performance of the individual and the organization is determined. When this contact between the boss and the subordinate is positive, supportive, and encouraging of self-esteem and a positive self-image, then performance, productivity and output of the individual will reach its highest level.

When lightning strikes it’s best to play it safe.

  The worst way to gain personnel satisfaction is   when  the point of contact between the manager and   the managed is negative for any reason at all,   performance and output will decline. A negative   relationship with the boss will trigger fears of failure,   rejection, and disapproval. When their boss is   negative for any reason, people will play it safe, and   only do exactly what they need to do to avoid being 
 fired. Almost everyone has worked in a low self-   esteem environment. These are usually remembered   as the worst jobs the person ever had. Everything you do to improve this intersection or contact improves the overall quality of your work life, no matter where you are on the ladder of management.

The more effective you can become in eliciting peak performance from each of your staff members, the more and better people you will be given to manage for it. The top managers and leaders of today are those who are capable of eliciting extraordinary performance from ordinary people. Effective managers are intensely action oriented. When they hear a good idea, they move quickly to implement the idea and put it into action. Therefore, if you hear about anything that you think can help you to motivate your staff to a higher level, do not delay. Practice it immediately, that very day. You will be amazed at the results.

The Safety Management System (SMS) has all the tools an enterprise needs for Project Solutions Leadership Motivation. SMS has a just culture, where there is trust, learning, accountability and information sharing. In a successful SMS world, comprehension is derived from data (collected by hazard, incident or accident reports), information (data is turned into information), knowledge (absorbed information) and comprehension (interacting systems). When comprehension is missing the system is faulty, or data is not analyzed, system comprehension is faulty. This faulty system comprehension does not rest with pilots, mechanics, or airport crew, but with the enterprise. When a CEO or Accountable Executive wants to find out the reason for complacency in their organization, all they have to do is to take a look in the mirror. 


Tuesday, February 23, 2021

When Hazards Are Reactive

 When Hazards Are Reactive

By Catalina9

It is a regulatory requirement that an airport or airline has a process in place for identifying hazards to aviation safety. It is also expected that an airport or airline has a proactive process or system that provides for the capture of information identified as hazards. At the time when the Safety Management System (SMS) was implemented, both airlines and airports established a reactive process to capture operational hazards as they were relaying on organizational personnel to identify and report hazards. This process in itself is a hazard, but was put in place without a risk assessment or change management analysis. The directive was simply for their personnel to head out to identify and report hazards.

Some activity is a hazard simply due to regulatory non-compliance

Within the SMS regulations, hazards are defined as a proactive process. A proactive process is to recognize an opportunity and plan a change. It is also to test the change by carrying out a small-scale study or apply your SMS random sampling process. After testing is completed, the task is to review the test, analyze the results, and identify what you have learned. The next critical step, which is a step often assumed as an unwritten rule, is to make a decision. A decision is more than decide on what path to take, it is to identify and document hazards and make a risk analysis decision. A final .step of the decision circle is to take action based on what you learned in the study step. If the change did not work, go through the cycle again with a different plan. If you were successful, incorporate what you learned from the test into wider changes. Use what you learned to plan new improvements, beginning the cycle again.

At the time of SMS implementation and when airports and airlines made their decision for operational personnel to identify and report hazards, they had overlooked the decision step. Since the step was overlooked, or ignored, they unknowingly placed their personnel in a hazardous environment. It was understandable to all that no consideration to this issue was made at that time since there were no changes to their current operational processes. Pilots were still flying airplanes the same way, ground personnel did their regular jobs, mechanics kept on fixing airplanes and airport personnel continued with their same tasks as they had done for years. In their own mind there were no change management analysis required. However, if their analysis had included a decision process, a door would have opened to the fact that SMS regulations were a new and require a change management analysis, or a safety case. Organizations, small and large, are still sending their personnel out in the minefield of hazard identification. 

At first glance it may not seem like a high risk to send personnel out looking for hazards, since they had worked in that same hazard environment prior to SMS implementation. To an extent this is true, except that SMS was a new regulation and required to come with a proactive hazard approach and personnel assigned duties are required to be trained. In addition, that all personnel were aware of the hazard environment they worked in was an assumption causing an assumed and untrue risk level. When airlines or airports are sending personnel out looking for hazards without guidance, they are accepting a risk beyond their own imagination. 

Identifying hazards is a process and like any other process which includes training and that there is a documented process to identify training requirements so that personnel are competent to perform their duties. An Accountable Executive is responsible for operations and accountable for meeting the regulatory requirements. It only takes a label, or organizational position to be accepted as an accountable executive, without any knowledge of SMS processes. The accountable executives for both airports and airlines have a responsibility to identify hazards prior to assigning personnel in their operations to identify these hazards. 

The task is to conduct a pre-hazard assessment and define the hazard as Safety Critical Areas (SCA) and Safety Critical Functions (SCF). The Safety Critical Function is a sub-category of the Safety Critical Area. It is assumed that any accountable executive has the knowledge and comprehension of their operations to develop their SCA and SCF. When a comprehensive list of SCA and SFC are developed, and personnel trained, they are qualified to go looking for hazards and report how they affect their operational tasks. An airport may assign their SCA to runways, taxiways, aprons, approaches, the runway strip etc, and assign SCF, or hazards that are common within those areas. The same concept goes for airlines, to establish SCA of ground operations, cockpit, cabin etc, and assign SCF to these areas.

Some years ago, I climbed a
tree to take a picture.
There was an inherent
risk by climbing
while the true risk
was waiting below.
    One question I am often asked is if a pilot or airport person, should         report the same hazard day after day and the answer is no, they             don’t. Hazards which are present daily and regularly are inherent         risks of aviation, or common cause variations and are mitigated             progressively. In addition, knowledge of these risks are learned by         obtaining a pilot license, crew training, company flight training,             airport manger certificate or other operational training. Knowing             what not to report is just as much a part of organizational hazard             training as knowing what to report. This type of training is also             commonly called Judgement Training.

    Operators without a Judgement Training program are operating with     a reactive hazard reporting system. A couple of examples would be        an aircraft leaving the gate may have to navigate different routes            from time to time due to vehicle traffic or oncoming aircraft. These       are hazards, but not expected to be reported. 

    However, if a vehicle moves in an uncomfortable proximity to the       aircraft it becomes a reportable hazard. For airport operations, snow   on  the runway, while still reported as runway surface conditions, is   also a common, or inherent risk in aviation and not to be reported as a   hazard. On the other hand, if the snow is at a rate and quantity require   the airport to close, it becomes a reportable hazard. 


Monday, February 8, 2021

How To Implement Aviation SMS

 How To Implement Aviation SMS

By Catalina9

There are several tools available to an enterprise to build an aviation Safety Management System (SMS) program for an airline or airport and every operator wants the best possible tool for their operations. There are several pre-built SMS online software tools available and suppliers who generally offer the same service for an enterprise to conform to their operating system. This turn-key SMS program is an efficient way to establish a regulatory compliant SMS. Both airline and airport operators are then trained by their supplier in operations of the system and what fields to complete to achieve their desired result or outcome. Using this approach an enterprise will have their SMS up and running in no time.

After SMS is operational is when hard work begins
 After their SMS system is operational is when the   hard work begins. The SMS Manager’s tasks are to   identify hazards and carry out risk management   analyses of those hazards, investigate, analyze, and   identify the cause or probable cause of all hazards,   incidents, and accidents, monitor and evaluate the   results of corrective actions and determine the   adequacy of operational and SMS training. The SMS   Manager’s main role is the role and responsibility as   the data analytics expert and managing the process of   examining data sets to find trends and draw   conclusions about the information they contain. The SMS Software program must also include tasks for compliance with the SMS Manger responsibility to monitor the concerns of the civil aviation industry in respect of safety. 

A Quality Assurance Program is also an integrated component of the Safety Management System, and it’s impossible to run one without the other. There is an ongoing discussion if it is the SMS or the QA that should be built first when building the SMS. The same question is raised to the SMS software suppliers of what approach to expect from them when they are explaining their program. After conducting several interviews with software suppliers, my observations were that most of them are task oriented by providing training in program capability, or what checkbox to click, or where communication flows, or how to sort reports, rather than provide training in how their system helps an enterprise to maintain a Quality Assurance Program (QAP).

SMS success is available with a paperless system site document
Canada was the first country to implement SMS, and their program is built on six foundations, principles, or components. These components are the Safety Management Plan, Document Management, Safety Oversight, Training, Quality Assurance and Emergency Preparedness. Each one of the components are attached to a regulatory requirement under the Canadian Aviation Regulations. Within the SMS itself is a QA component which allows for the QA to be operational if the SMS has been implemented. Without SMS the QA as a regulatory compliance component is unavailable. On the other hand, without the QA, SMS is a program without directional guidance. A dilemma when implementing the Safety Management System is to find out where to begin, or to find the first thread to pull, or where to place the first piece of a puzzle. 

Compare the processes of implementing an SMS to making bread. Making bread is a specialized process where each ingredient is to be measured, individually prepared, placed at a pre-determined place in the process, integrated with the other ingredients, or mixed, and baked at a pre-determined temperature and time. After the baking process is completed the process is to place the bread on a shelf for cooling and a quality control (QC) of the bread. Quality control is different than quality assurance but is also a prerequisite for a quality assurance program. The quality control process is not just to assess the value of the outcome but is also a quality control of each input ingredient. Before the grain is milled into flour, it goes through a quality control check, or before water is added to the equation it is also checked in a quality control process. Each one of these quality control checks should be under the umbrella of a Quality Assurance Program. 

Success is paperless site documents.
So, when we have all the ingredients to make bread, we are ready to go, right? Anyone should know how to make it, since everything that’s needed is there and available. When SMS was implemented in Canada all the ingredients were handed out, but without directions. This caused confusion, and it became easier to reject SMS than to learn about it. In addition, the path of least resistance was for operators to purchase an SMS software with tasks to click and assign. Airlines who drastically had failed a regulatory inspection would pass with flying colors with an SMS cloudbased program, but without having gained new SMS knowledge. 

The third principle, or component introduced when implementing the SMS is training, or directional control. Enterprises in Canada was given all ingredients for a successful SMS, but without directions of where to start or where to look first, they were unable to put the pieces together. Enterprises kept on failing inspections and SMS was blamed. 

When training someone to make a bread, the first step is to show the outcome, or what a bread should look like. There is a reason why products in advertising looks or behaves perfect and the same reason should be applied to bread making. A perfect product, or service, is emotionally desirable which makes it easier to recall as a positive and desired experience. After the bread is accepted as a positive outcome, the next steps are to communicate the purpose of each ingredient. The water needs to be warmed up to a temperature with very narrow tolerances or else it will destroy the live cells in the yeast. One ingredient out of place, or incorrect measured, affects the outcome of the bread. The same principles are applicable to a Safety Management System. 

The four items introduced as a possible place to start when implementing SMS are the SMS itself, QA, QC and Training. None of these stands out like a star as the perfect place to start and the fifth element of process tracing is therefore introduced. Process Tracing (PT) is where the outcome, or last step, becomes the beginning, while the first input of the process becomes the end or product outcome. At each stage, or change, in process tracing both a quality control element and a training element are introduced. When all five elements are included, an enterprise is ready to implement SMS. 

The first step when implementing SMS is training by process tracing from beginning to end. The second step is also training with process tracing to the first stage or change in process where quality control is applied and each step is traced until the end. The purpose of the QAP is to analyze the training, process tracing, how quality control performed at each step and where in the SMS regulatory requirement hierarchy these elements integrate with the Safety Management System processes. In short, implementing the SMS is a step-by-step process and applying elements as required for the process to continue. 

An effective SMS needs to be managed by an SMS cloudbased software. However, it is vital for a successful SMS that the SMS cloudbased program is implemented as a part of SMS implementation, as opposed to be implemented as a solution to recover from findings. A cloudbased safety program is a necessity to manage the Safety Management System. My experience is that there is only one exceptionally well designed, adaptable to every situation, being airline or airport, and user-friendly cloudbased program available. 


Thursday, January 21, 2021

Human Factors 7 Ways

 Human Factors 7 Ways

By Catalina9

There are several principles applied to the Safety Management System (SMS) and human factors, or human behavior is one of them. Human behavior is predictable and reliable with common cause variations, but also includes an element of special cause variation, or adaptability, which is often assigned as a common cause variation. Human behavior adapts to how things are done on the job, or what is an expected job performance outcome. In aviation, human error or pilot error was over the years determined to be the root cause of all incidents and an accepted system to eliminate human behavior. When pilots became the root cause all written processes, procedures and checklists were deemed to be infallible within an infallible operations system itself. With pilots as the root cause and their deviation form a perfect system, they became the special cause variation which caused the incident. In the mind of every accident analysts and air operator, they had solved the problem until another unreliable person would show up as a pilot. When human behavior is determined to be the root cause, the root cause analysis took a wrong turn at the crossover point on the infinity path, bypassed several stops and went directly from plan to act. 

An effective Safety Management System is operational infinity.
With the implementation of the Safety Management System the PDCA circle was transformed into the infinity path by the addition of just culture. In addition to Plan – Do – Check – Act, the Just Culture path added Trust – Learning – Accountability – Sharing. This overall path allows for incremental safety improvements by the just culture path and safety improvement oversight by the administrative path. 

With the Just Culture path arrived the seven SMS principles of successful human behavior for a desired outcome in operations. 

The first is the principle of control, or an SMS principle of personnel involvement. A person feels positive about themselves to the degree they are in control of their own destination or their sense of coherence. A person in control of their activities feel happy, are engaged and at peace with themselves. Their contribution to safety on the infinity path comes from within, or internal locus of control. On the other hand, a person feels negative about themselves to the degree to which they feel they are not in control of their own future. A person with an external locus of control feels that other people are in charge of their job performance, such as their boss or their customers. A person with an internal locus of control makes their decision with accountability and within a just culture system.  An interesting point to remember is that a person can give away control to the boss or customers, but they are still responsible for the outcome of their actions. Control begins with thoughts which determine the feelings which then determine actions. When emergencies happen, a pilot who feels scared while flying will make a different decision than a pilot who enjoy flying.

It is not by accident that older airplanes are still flying.
The second is the principle of accident, or an SMS principle of objectives and goals. The principle of accident is completely opposed to the principle of control. We say failing to plan is planning to fail. Since objectives and goals are established a person living by this principle expect goals to happen by accident and that their actions do not affect the outcome. A person living by this principle is apathetic, has lost interest in their job performance, and 

complete their tasks because they have to, and not because their actions affect the outcome. A person living by this principle believes the cards are stacked against them because who other people are or what other people do.  The greatest enemy of human success, or safety in aviation is passivity and when personnel feel passive and helpless. Airports and airlines are very good at setting goals, but then they operate without a goal achievement plan.  Remember, a ship without a rudder drifts completely by the force of the sea, while a ship with a rudder sails straight and true to its destination through any type of sea.

The third is the principle of cause and effect, or an SMS principle of monitoring safety. This principle is that for every effect in operations, there is a specific cause. Everything that happens for a reason even if the reason is unknown. Both success and failure in aviation safety are not accidents but have specific causes. A great rule is that when an airline or airport plan incremental safety improvements is to do what others have done to achieve their goals. Success leaves tracks and when and airline or airport learn what other successful operators did and then do the same thing you, they will eventually get the same result. This principle is nature’s unbiased principle. Nature just says here is the principle, this is the playing field and here are the rules of the game. When the game is played by the principle the outcome is success, but if the principle is ignored, there is failure in aviation safety. An important application of this principle is that thoughts are causes and conditions are effects. Thoughts is a primary moving force in operations, they create the conditions and are affected by communication inputs.   

The fourth is the principle of belief, or an SMS principle of incremental safety improvements. When a person emotionally believe they need to hurry with their tasks, they will hurry and when they believe hurrying will cause errors, they will make errors. Whatever any person believes with emotions, or with intensity, it becomes a reality because that person act on the basis of their beliefs. The more intensely a person hold their belief to be true, the more the belief becomes true. Many things we believe about aviation safety is not true at all. However, once a person has decided to believe certain things are true, they do not see, or accept anything that contradicts it. A blind spot is created. Obstacles to aviation safety are self-limiting beliefs, or that time to perform tasks is a limited factor. Within an effective SMS system any person performs tasks with an unshakeable belief and expectation that they are performing tasks successfully with accountability.

The fifth is the principle of expectations, or an SMS principle of preparation for safety improvements. The principle of expectation are expectations of operational outcome and becomes a self-fulfilling prediction since there is a tendency for human factors to take the path of least resistance to their expected outcome. When the flight crew expects a flight will be successful their attitude towards operations focuses on tasks required for a successful outcome. When their focus is on other things than the successful outcome of their flight, safety critical functions may be left unattended. An airline or airport operator must never consider anything else but to expect the best job performance of themselves and all other personnel and show this by their actions. 

   The sixth is the principle of attraction, or SMS     principle of a clear commitment to safety. The   principle of attraction is a living magnet, and you   attract into your life the people and the 
 circumstances that are in harmony with your   dominant thoughts. The attention of an SMS 
 manager is drawn to aviation safety issues, while the   attention of an aircraft mechanic is drawn towards   improved tools or repair processes. On the other   hand, achievements of an SMS manager or aircraft   mechanic are elevated for other likeminded to be   attracted to. When driving a vehicle, the colors of   other vehicles are seldom noticed. However, the day you bought a red car, you all of a sudden noticed how many red cars there are on the road. When someone thinks negative thoughts, they will attract negative people into their environment and when thinking positive they will attract positive people. This has become apparent in social media postings where negative thoughts and post are extremely successful. The more emotion that is attached to a thought the greater is the intensity of attraction. An airline or airport striving to be successful achieve success by becoming more like other successful airlines or airports. Major airlines are successful today because they thrived on positive values. Success in airline and airport operations is to attract personnel with a positive attitude. 

The seventh is the principle of correspondence, or an SMS principle of promoting the safety policy. The principle of correspondence is as within so without. A person’s outer world is a mirror and reflects what is going on in the inner world. This becomes apparent in the relationship with operational processes. When compliance and performance is removed from within, it is also removed from the outside world, or how the job is done. This makes human factors, or human behavior a common cause variation as opposed to a special cause, where outside distractions interfered with the tasks. Common cause is fully integrated within the organization and their expectations. Reading, thinking, planning, visualizing, with all these things you can create within your mind a mental equivalent of what you want to enjoy on the outside. Promotion of the safety policy by the accountable executive is an invaluable tool to instill awareness with incremental changes of the world within. A person becomes what they think about most of the time. Everything in the material world began with a thought in the mind of a person and that thought turned into a goal which turned into a plan which began to take physical reality. 

The principle of correspondence is crucial for safety improvements of human behavior, to manage thinking within a just culture and to reduce common cause variations within human factors. 


Friday, January 8, 2021

Run Aviation Safety The Same Way As COVID Safety

 Run Aviation Safety The Same Way As COVID Safety

By Catalina9

You would think it should work and be safe to run aviation safety the same way as COVID safety is run and managed. The public trust COVID processes completely and without concerns. We do not ask questions about experts’ qualifications and we demand that our leaders lead us down the safe path with their proven COVID safety processes. 

A successful process may be applied to other safety concerns and generate a safety outcome. A process that is used to operate a vehicle on icy roads can also be applied to icy runways or icy airplanes wings. The process is the simple plan – do – check – decide – act/adjust process. 

Plan is to establish an objective, which is for the public to feel safe or healthy. Do is to carry out what needs to be done to meet the objective. Check is to analyze data from the previous phase. Decide is to make an objective decision at the fork-in-the-road, based on collected datapoints. Decide is to make an objective decision at the fork-in-the-road, based on collected datapoints. Act, or adjust is to make changes to improve the process. The objective is for the public to feel safe by travelling on a road or runway surface that will provide friction, while it is the opposite for an aircraft wing. The do-phase is to apply the plan and conclude with a check or test of the result. After this data is analysed there will always be a fork-in-the-road, and when arriving here an educated decision is made. As the path continues one direction or another, adjustments or action may be applied to improve the road surfaces or quality of de-icing. The corrective action my be different in these examples, but all processes are the same. Gravel may be put on icy roads, chemicals on icy runways and de-icing fluid on an aircraft. At the end of the day the public feel safe and willing to drive the road or enter an aircraft departing from an icy runway relying on laws of nature to transport them safe to their destination. 

The onset of COVID surprised everyone and there was little or no data available to understand how react to the virus. In aviation there could also come a time when an unexpected or unknown event would take place. An aircraft cold for no apparent reason become uncontrollable, or a runway could be covered by a swarm of insects within a few minutes. 

Parking an airplane is a safety tool to eliminate a risk to aviation.
When COVID hit, everything came to a halt. Applying the same safety principle to aviation when an unknown event hits all flight stops, which was the reaction on September 11, 2001. Within a few days and after the risk was reduced all airplanes were flying again. If an aircraft for no apparent reason becomes out of control, the immediate action could be to stop all flights, since all aircraft are relying on the same laws of physics. When these catastrophic events occur and applying the COVID principle, the next step would be to plan, or define an objective. 

Since the objective is for the public to be safe, continue to keep all runways closed and aircraft parked is accepted by the flying or travelling public since it was widely publicized that there were no other reasons but for their own safety that these corrective actions had to be implemented. This also parallels the plan phase of the COVID attack. Since there is always a hazard involved when an object or person is moving, or moving close to each other, 100% safety was achieved by stopping all activities.   

The do-phase is to apply the plan, which is to communicate to teach the public that it is dangerous and unsafe to be a passenger on an aircraft since the cause or cure has not yet been defined. Time goes on and the flying and travelling pubic accept these conditions as true and stay put. This phase also parallels the COVID process.   

The next phase is the check phase where data collected is analyzed in a statistical process control software. Since there are no flights, the data shows that the applied corrective action works without any other incidents. The experts let the public know that parking the aircraft has been successful for the safe operations of an aircraft. However, since the flying and travelling public were unable to fly, they drove the highway, which resulted in an increase of fatal accidents. Since several of these accidents were cause by passengers who normally would fly, the fatalities were contributed to airline travelers. Since airline passengers now were causing highway accidents, severe restrictions were imposed on vehicle owners and secondary highways were closed. The major highways remained open without restrictions. 

Bird travel routes were not changed after several birds took an airliner down.
At this time about a year had gone by since the first out of control aircraft crashed. Pilots in remote areas had been flying under the radar, but since a policy stated that flying was unsafe a decision needed to be made as to what new safety actions should be. The decision makers had arrived at the fork-in-the-road where a decision of action was forced upon them. Still, without a cure or solution for the out-of-control aircraft it would be a defeat to their integrity if they allowed airplanes to fly again.

The final stage of the process is to act or adjust for continuous safety improvements. A decision was made to continue down the path of compliance enforcement, since it had been successful in preventing aircraft accidents. Enforcement actions would be taken against any pilot flying since there is a possibility that the aircraft could be involved in an accident. It was also decided to enforce penalties if a person who normally would be travelling by air was operating a vehicle on any roads. This final stage also paralleled the COVID process in that enforcement actions are taken against groups of people gathering. 

When applying this process to aviation safety an aircraft would never fly again since the aviation industry and the safety of the flying public is only safe when all aircraft are parked. 

When a root cause is unknown or there is no cure for the failure, two options become available. One is to do nothing, and the other option is to overreact and take extreme actions. The most logical safety option is to overreact to ensure safety. It is easer, less stressful, less work to say no and transfer the risk to someone else than accept responsibility and take measures to mitigate. None of these two options are steps to fulfil the purpose of the objective. What is missing in the equation is a third, but hidden option, which is to assess residual consequences and new hazards by doing nothing or taking extreme measures.  


Predictive SMS

 Predictive SMS By Catalina9 T here are three level of a Safety Management System (SMS). Level 1 is the reactive level, Level 2 is the proac...