NOTE: This post is from one of our frequent contributors to this blog, "Birdseye59604."
It has been said that a Safety Management System, (SMS), is self-regulating of aviation. SMS may be lot of things, but self-regulating is not one of them. SMS is self-management, and a tool for an enterprise to manage the day to day operation, to plan for the future and to analyze processes applied in the past for further improvement of operational safety.
A risk assessment for an exemption request includes mitigation processes.
An enterprise is managing safety by risk assessments and applying mitigation processes. It may be possible to apply for regulatory exemptions. However, with an exemption an enterprise still conform to regulatory compliance. When an enterprise prepares an exemption application, they are developing mitigation plans and conducting risk assessments to justify their intent. Operating with an exception could cause more strain on the operation than anticipated. It becomes a significant factor what choice of data is entered into the risk assessments for mitigation. Other data than data from the enterprise requesting the exception is non-reliable data.
"SMS is self-management..."
Before an exception request is considered, an enterprise should apply data collected to make a self-assessment of processes to conform to regulatory requirements. Data from their pre-exemption operational processes should be collected and analyzed in a Statistical Process Control, (SPC), environment. If there is a finding that a process is not in control, and gives unexpected results, the process should be changed and tested again before an exemption application is considered.
Mitigation processes may take on a different face than regular operational processes.
Data collected of exception self-testing over a period of time may be applied as justification. Depending on the complexity of tests, it could be a week, a month or a year of testing before there is enough data to establish a process that conform to regulatory requirements. Data collected is then entered into a database and analyzed for effectiveness, and if the process is within acceptable control limits.
A request for an exemption may be executed after data has been analyzed and found to be within acceptable tolerable limits and the enterprise has established that they have processes in place to conform to regulatory requirements. An exemption is application of mitigation processes to be regulatory compliant, or meet the conditions of the exemption, when operational conditions in one or more areas are less than favorable. SMS is not a self-regulating tool to transfer responsibility, but an exceptional tool of accountability in risk acceptance management.