Build Your Own SMS Expectations
Post by CatalinaNJB
With any performance-based regulations goals must be established, objectives must be set, and parameters must be defined. One available tool to assist in reaching the goals is to establish expectations. A Safety Management System is a performance-based system where there are expectations or job-aids available as tools for operators to establish processes that conform to regulatory compliance. These tools are established and maintained by the regulator. Expectations are not only applicable to the regulator and their inspections but may also be applied by an enterprise to establish and maintain compliance with organizational policies, processes, procedures and job performance in addition to be their regulatory compliance tool. An expectation is an action required to comply with the intent of a regulatory requirement. However, expectations cannot be applied as the foundation of a regulatory non-compliance or system failure finding.
An operator may develop their own expectations independent of what expectations or job-aids the regulator is applying in their SMS assessment of an enterprise. Self-developed expectations become easier for personnel within the organization to accept as practical safety tools since they are known, understood and tailored to the operations. Organizations that are spread out geographically, or with a large spectrum in operational processes, may develop expectation differences for operational differences. Expectations established by the regulator are one-fit-all, which on its own merit is a system failure. When applying these one-fit-all system failures as the basis for compliance there will always be system failure findings. When the regulator is forcing, as opposed to enforcing, expectations on an operator, the foundation of an effective Safety Management System is eroding.
Applying one-fit-all expectations as system failure is to fail the forest where trees didn’t grow.
The basis for a surveillance program is regulatory requirements and the regulator oversees compliance with those regulatory requirements only. To assist inspectors with this task, a series of expectations were developed as suggestions to set the bar for regulatory compliance. These expectations are explanations of what, in the opinion of the regulator, would constitute an effective system for an enterprise to achieve and maintain compliance with regulatory requirements. Even if these expectations define the intent of regulatory requirements there are several other ways to effectively meet the regulatory requirements.
There is a twofold approach to SMS:
11) Regulatory compliance; and
22) Safety compliance.
Expectations developed by the regulator are not safety compliance expectations, but regulatory requirement compliance. The fact that an inspection determined an enterprise to be regulatory compliant by the expectations is not a guarantee for future safety in operations. Regulatory compliance is applicable to a static-state operation only. E.g. an Operations Certificate is issued prior to start-up of the operations. It is only an opinion of the regulator that an enterprise has processes in place that conforms to operational regulatory requirements. Actual regulatory compliance or non-compliance is in the data.
Expectations developed by the regulator do not address safety-in-operations compliance. These safety-in-operations expectations, or parameters, are established by the enterprise itself. That the regulator uses the phrase “in the interest of public safety” is an application of the Safety Card. That a Safety Card statement includes the phrase “safety” is not a statement of a fact, or evidence of unsafe operations, but only a statement of an opinion.
Expectations kept airplanes flying for many years. What changed?
When this is entered into the equation, that regulatory compliance is not safety compliance, an enterprise has established a platform for the safe operations. In other words, comprehending that there is a difference between regulatory compliance and safety compliance, and after regulatory compliance successfully has been achieved, the risk acceptance for continuous safety-in-operations rests with the operator and not the regulator. That there is a twofold approach to SMS is a reason why an enterprise develops their own expectations, or parameters of how their safety aspect of operations is met. Regulatory requirement is opinion based while the safety in operations is based on data, facts and SPC applied. SMS cannot be an effective functional system without Statistical Process Control.
When the regulator conducts an assessment of a Safety Management System, the team members performs their research in order to develop an understanding of the enterprise systems and how they relate to the regulator’s expectations. This research must be for inspectors to comprehend an enterprise’s SMS system and establish a sampling process platform to assess if an enterprise has established acceptable means, or tools, of complying with regulatory requirements. This sampling plan collects data, which then is processed into information, which again is processed into knowledge and at the end it’s processed into comprehension of the SMS system.
Unless this comprehension is established prior to an inspection and explained to the operator what opinion they arrived at, there will always be unjust safety-in-operations findings. No oversight inspectors are trained or qualified to determine if the operator meet the intent of the regulations for safety-in-operations. They are only trained to determine regulatory compliance. A title within a government organization doesn’t qualify a person to make operational safety decisions. SMS demands that inspectors are not only trained to follow guidance material, but also trained to comprehend an operator’s SMS. This does not only require continuous training of inspectors, but also requires training of inspectors in change management [each enterprise is different] and why one-fit-all approach to safety does not work.
Increasingly, enterprises are being associated with independent sources that are removed from operations [in-house or external], but who also are intimate familiar with operations and comprehend their operations, to conduct mini-audits of continuous compliance. This compliance data serves as an asset in support of both regulatory compliance and safety-in-operations compliance. The beauty of an effective SMS is that an independent and non-operational source is not constrained by certificate limitations. The time has come for operators to be proactive and to be accountable to their own Safety Management System and not be dependant on the regulator to micromanage their safety-in-operations.