Beruflich Dokumente
Kultur Dokumente
Pierre
ROSELLINI
Module 1
Why do we need a Safety Management System ?
- berlingen accident
- Reason model
berlingen accident
berlingen accident
- Most of following informations are issued from the Report
AX001 May 2004 of the BFU German Federal Bureau of
Aircraft Accidents Investigation.
- You can find this report at : http://www.bfu-web.de
- Search with Uberlingen.
berlingen accident
Search results : 1 Report and 2 Annexes.
Boeing 757 :
When the TCAS issued a RA descend descend the crew
acted in accordance with procedures.
Tupolev 154
At 09h34 56s pm 3 very closed events occurred for the
crew :
- The instruction of the controller to descent to FL350 has
just ended.
- The pilot pushed the control column forward (to descent).
- An RA climb climb was generated by TCAS.
There was a conversation in the cockpit about the RA, but
according to the compagny manual it was not mandatory
to follow the RA.
ACC Zurich
- Priorities had not been evaluated properly by the
controller.
- Single Manned Operation Procedure (SMOP) was not an
official procedure but was known and tolerated by the
management.
- Visual Short Term Conflict Alert (STCA) was off.
ATC Karlsruhe
They tried several times to phone to Zurich ; 2 calls with no
response.
Controllers
Pilots
Equipments
Reason's model : an
organization's
defenses against
failure are modeled
as a serie of
barriers,
represented as
plates with holes.
The holes in the
plates represent
weaknesses. The
size and the
position of the
holes in the plate
are varying.
Regulations
Management
Controllers
Pilots
Equipments
Collision
Collision
Immediate causes :
The conflict has not been seen and solved by the ATCO.
Management
Controllers
Pilots
Equipments
Other causes :
Collision
Collision
Collision
Collision
Regulations
Management
Controllers
Pilots
Equipments
Collision
Controllers
Pilots
Equipments
Collision
Controllers
A Safety Management
System in ACC has
actions on almost all the
plates.
Pilots
Equipments
Collision
Module 2
SMS Requirements and Implementation
ICAO Annex 19, DOC9859
European Requirements.
Policy, Responsability, Priority, Objectives, Competency.
Documentation, External Services.
Survey, Monitoring, Records.
ICAO Annex 19
ICAO Annex 19
1. Safety Policy and Objectives
ICAO Annex 19
ICAO Annex 19
1. Safety Policy and Objectives
1.1 Management commitment and responsability
1.2 Safety accountabilities.
1.3 Appointment of key safety personnel.
1.4 Coordination of emergency response planning.
1.5 SMS documentation.
ICAO Annex 19
1. Safety Policy and Objectives
1.1. Management commitment and responsability
Commitment at the highest level
1.2 Safety accountabilities.
Responsibility at the highest level
Responsibilities of the managerial staff
1.3 Appointment of key safety personnel.
Responsibilities
1.4 Coordination of emergency response planning.
Contingency plan in ATC
1.5 SMS documentation.
Management of SMS documentation
Management of operationnal documentation
Identification of demonstrative elements (records)
ICAO Annex 19
2. Safety Risk Management
ICAO Annex 19
2. Safety Risk Management
2.1 Hazard identification.
Notification, immediate actions, analysis of events
Processing of safety occurrences
Processing of security occurrences
Planning tools and resources
2.2 Safety Risk Assessment and Mitigation
Safety studies (changes)
Programmed method of intervention
Monitoring measures to reduce risk
ICAO Annex 19
3. Safety Assurance
ICAO Annex 19
3. Safety Assurance
3.1 Safety performance monitoring and measurement.
Monitoring of Indicators
3.2 The management of change.
Management of projects
3.3 Continuous improvement of SMS.
Corrective Actions
Audits
Process review
Management review
ICAO Annex 19
4. Safety Promotion
ICAO Annex 19
4. Safety Promotion
4.1 Training and education.
SMI training
Competency (ATCO, ATSE)
4.2 Safety communication.
Lesson dissemination
European requirements
2002-2004.
The Eurocontrol SAfety Regulatory Requirements (ESARR)
were prepared by Eurocontrol.
Safety
Occurrences
Risk
Assessment
and
Mitigation
Competences
Software
in ATM
functional
systems
European requirements
Today :
- 1034 2011 Safety Oversight for NSA.
- 1035 2011 Common Requirements for ANSP.
1034
1035
ICAO Annex 19
EU Requirements
To Achieve Safety
3. Safety Assurance
To Ensure Safety
4. Safety Promotion
To Promote Safety
SMS requirements
SMS Requirements
SAFETY POLICY LEVEL
SAFETY
MANAGEMENT
SAFETY
RESPONSIBILITY
TO IMPLEMENT A
FORMAL AND
EXPLICIT SAFETY
MANAGEMENT
APPROACH
EVERYBODY HAS AN
INDIVIDUAL SAFETY
RESPONSIBILITY FOR
HIS/HER OWN
ACTION
SAFETY PRIORITY
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
SAFETY
OBJECTIVE
TO MINIMISE THE ATM
CONTRIBUTION TO
THE RISK OF AN
AIRCRAFT ACCIDENT
SMS requirements
SAFETY POLICY LEVEL
SAFETY
MANAGEMENT
SAFETY
RESPONSIBILITY
TO IMPLEMENT A
FORMAL AND
EXPLICIT SAFETY
MANAGEMENT
APPROACH
EVERYBODY HAS AN
INDIVIDUAL SAFETY
RESPONSIBILITY FOR
HIS/HER OWN
ACTION
SAFETY PRIORITY
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
SAFETY
OBJECTIVE
TO MINIMISE THE ATM
CONTRIBUTION TO
THE RISK OF AN
AIRCRAFT ACCIDENT
SMS requirements
SAFETY POLICY LEVEL
SAFETY
MANAGEMENT
SAFETY
RESPONSIBILITY
TO IMPLEMENT A
FORMAL AND
EXPLICIT SAFETY
MANAGEMENT
APPROACH
EVERYBODY HAS AN
INDIVIDUAL SAFETY
RESPONSIBILITY FOR
HIS/HER OWN
ACTION
SAFETY PRIORITY
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
SAFETY
OBJECTIVE
TO MINIMISE THE ATM
CONTRIBUTION TO
THE RISK OF AN
AIRCRAFT ACCIDENT
SAFETY
RESPONSIBILITY
Implementation by
EVERYBODY HAS AN
INDIVIDUAL SAFETY
RESPONSIBILITY FOR
HIS/HER OWN
ACTION
SAFETY
RESPONSIBILITY
EVERYBODY HAS AN
INDIVIDUAL SAFETY
RESPONSIBILITY FOR
HIS/HER OWN
ACTION
Implementation by
SMS requirements
SAFETY POLICY LEVEL
SAFETY
MANAGEMENT
SAFETY
RESPONSIBILITY
TO IMPLEMENT A
FORMAL AND
EXPLICIT SAFETY
MANAGEMENT
APPROACH
EVERYBODY HAS AN
INDIVIDUAL SAFETY
RESPONSIBILITY FOR
HIS/HER OWN
ACTION
SAFETY PRIORITY
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
SAFETY PRIORITY
SAFETY
OBJECTIVE
TO MINIMISE THE ATM
CONTRIBUTION TO
THE RISK OF AN
AIRCRAFT ACCIDENT
Implementation by
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
ANSP
Operational
We can consider
that an ANSP is
surrounded by
barriers.
SAFETY PRIORITY
Implementation by
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
ANSP
Operational
SAFETY PRIORITY
Implementation by
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
Example of
commercial
pressure.
all airlines
want to arrive in
Paris around 08
am.
SAFETY PRIORITY
Implementation by
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
SAFETY PRIORITY
Implementation by
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
SAFETY PRIORITY
Implementation by
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
ANSP
Operational
- In accordance with
this requirement you
must never accept to
put less pressure on
safety barrier.
- Your policy must
explain this.
- You must apply your
policy.
SMS requirements
SAFETY POLICY LEVEL
SAFETY
MANAGEMENT
SAFETY
RESPONSIBILITY
TO IMPLEMENT A
FORMAL AND
EXPLICIT SAFETY
MANAGEMENT
APPROACH
EVERYBODY HAS AN
INDIVIDUAL SAFETY
RESPONSIBILITY FOR
HIS/HER OWN
ACTION
SAFETY PRIORITY
OVER COMMERCIAL,
OPERATIONAL,
ENVIRONMENTAL OR
SOCIAL PRESSURES
SAFETY
OBJECTIVE
SAFETY
OBJECTIVE
TO MINIMISE THE ATM
CONTRIBUTION TO
THE RISK OF AN
AIRCRAFT ACCIDENT
Implementation by
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
ATCO
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
Implementation by
ATCO
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
Implementation by
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
ATCO
Implementation by
Aera East
12 teams of
18 ATCO
Subdivision
Subdivision
Subdivision
ATCO OPS
Studies
Training
Training
FMP
FIS
Alert
Aera West
12 teams of
18 ATCO
Paris ACC :
- 550 ATCOs
- Among them 100 ATCOs are in training.
Chief
Deputy
ATCO
Engineers
Subdivision
Safety
ATCO
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
Implementation by
Units
Continuing
Training 1
Continuing
Training 2
Chief
Controller
Individual
Training
English
Instructors
ATSEP
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
Implementation by
European requirements.
- ESARR 5 Section3 - Requirements for Engineering and Technical
Personnel Undertaking Operational Safety Related Tasks.
- Regulation 1035/2011 Annex II section 3.3 (idem ESARR5).
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
ATSEP
Implementation by
Energy
Communication
Electrical engineering
Navigation
Air conditioning
Surveillance
Data processing
Supervision and
monitoring systems
Aera East
12 teams of
18 ATCO
Subdivision
Subdivision
ATCO OPS
Studies
FMP
FIS
Alert
Aera West
12 teams of
18 ATCO
Paris ACC :
- 80 ATSEPs
- Among them about 8 ATSEPs are in training.
Subdivision
Training
Training
Chief
Deputy
ATSEP
Instructors
Subdivision
Safety
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
The documentation of
the SMS can be
represented by
a five floors pyramid.
SMS
Manual
Mapping, Process,
Activites
Implementation by
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Headquarters
Lille
CDG
& Orly
Brest
W
CESNAC =
Centralised Air
Navigation Systems
Operations Centre
Strasbourg
Lyon
11
Airports
5 ACC
AIS
CESNAC
Bordeaux
SW
SE
Toulouse
Marseille
Nice
Indian
Ocean
West Indies
Guiana
Implementation by
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Operational
Division
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Implementation by
Operational
Division
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
ATCOs documentation.
Operational
Division
ATCO Training
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Technical
Division
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Technical
Division
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Technical
Division
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Technical
Division
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Technical
Division
Implementation by
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
1 MISO to
implement
2 MISO to
verify
8 Events in
progress
3 Feedback
in progress
4 Corrective
Actions in
progress
Technical
Manual
Manual:
7 new
documents
Manual:
5 documents
to verify
Manual:
1 document
to approve
Manual:
83
documents
to update
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Technical
Manual
Manual:
7 new
documents
Manual:
5 documents
to verify
Implementation by
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
Implementation by
Manual:
1 document
to approve
Manual:
83
documents
to update
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
It means that :
- You must have identified a safety management function
with responsibility for development and maintenance of
the safety management system.
- This function must be accountable directly to the highest
organisational level.
- This function must be independant of the operational
management.
Implementation by
Implementation by
Finance
Subdirectorate
The Management
of Safety, Security,
Quality Mission
The Environment
Mission
Implementation by
Implementation by
ACC or Airport
Chief
Deputy
Operations
Division
RSMS
Technical
Division
Administrative
Division
Implementation by
Links between
Mission and
RSMS for
mutualization.
CDG
& Orly
Brest
W
Headquarters
MSQS
RSMS
RSMS
AIS
CESNAC
Bordeaux
SW
5 ACC
CESNAC =
Centralised Air
Navigation Systems
Operations Centre
RSMS
RSMS
RSMS
RSMS
11
Airports
Lille
RSMS
RSMS
Lyon
RSMS
RSMS
RSMS
RSMS
SE
RSMS
Toulouse
RSMS
Strasbourg
Marseille
RSMS
RSMS
Nice
Indian
Ocean
West Indies
Guiana
RSMS
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
Implementation by
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
Implementation by
Implementation by
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
External services
Supplier
Contract
Date &
Duration
Responsible
for monitoring
Maintenance of
generator sets (fuel)
SDMO
S5204
14504
01.01.12
5 years
Chief of energy
subdivision
Impact on Safety
Major.
Energy :
1 External (EDF)
2 Generator sets (fuel)
3 Batteries (4h max)
Safety objectives
for supplier (contract)
- 2 preventive
interventions by year.
- Call : intervention
within 4 hours.
- 2 generator sets.
- SDMO supplier can
be helped by local
technicians.
Implementation by
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
External services
Supplier
Contract
Date &
Duration
Responsible
for monitoring
Fire detection
SICLI
11/07
10.12.07
5 years
Chief of
administrative
division
Impact on Safety
Major.
- Risk of late detection
of a fire
- False alarms.
Safety objectives
for supplier (contract)
- 2 preventive interventions
by year.
- Call : intervention within 4
hours.
- All the be fire detectors
must changed within 4 years.
Others
Safety barriers
- 2 generator sets.
- SDMO supplier
can be helped by
local technicians.
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
MODULE 4
Safety Occurrences
SMS requirements
TO ACHIEVE SAFETY
MEANS FOR ACHIEVING HIGH SAFETY STANDARDS
AN APPROPRIATE ORGANISATION
COMPETENCY
STAFF TRAINED, MOTIVATED AND
COMPETENT
SYSTEMATIC ACTIONS
QUANTITATIVE SAFETY LEVELS
DERIVING QUANTITATIVE LEVELS
WHEREVER PRACTICABLE
SMS DOCUMENTATION
THE SMS IS A DOCUMENTED SYSTEM
ARISING FROM A SAFETY POLICY
SAFETY MANAGEMENT RESPONSIBILITY
SAFETY MANAGEMENT FUNCTION
WITHIN THE ORGANISATION
EXTERNAL SERVICES
DEALING WITH EXTERNALLY PROVIDED
SERVICES
SAFETY OCCURRENCES
ATM OPERATIONAL OR TECHNICAL
OCCURRENCES ARE INVESTIGATED
INTERNALLY
RISK ASSESSMENT AND MITIGATION
THE SAFETY OF NEW SYSTEMS AND
CHANGES IS TO BE DEMONSTRATED
USING A RISK BASED APPROACH.
RISK IS ASSESSED AND MITIGATED.
MODULE 6
Risk assessment
and Mitgation
SMS requirements
TO ENSURE SAFETY
MEANS FOR PROVIDING ASSURANCE THAT RISKS ARE BEING PROPERLY MANAGED
SYSTEMATIC ACTIONS
CONCERNING THE STEADY STATE
SAFETY SURVEYS
SAFETY HAS TO BE VERIFIED
INTERNALLY AND CONTINUOUSLY
SAFETY MONITORING
CONTINUOUS MONITORING AND
ANALYSIS OF SAFETY INDICATORS
DOCUMENTING SYSTEMATIC
ACTIONS AND CHANGES
SAFETY RECORDS
RECORDS ARE PRODUCED AND
MAINTAINED THROUGHOUT THE SMS
OPERATION
RISK ASSESSMENT AND MITIGATION
DOCUMENTATION
THE RESULTS OF RISK ASSESSMENT
AND MITIGATION PROCESSES ARE
DOCUMENTED THROUGHOUT THE
SYSTEM LIFECYCLE
SMS requirements
TO ENSURE SAFETY
MEANS FOR PROVIDING ASSURANCE THAT RISKS ARE BEING PROPERLY MANAGED
SYSTEMATIC ACTIONS
CONCERNING THE STEADY STATE
SAFETY SURVEYS
SAFETY HAS TO BE VERIFIED
INTERNALLY AND CONTINUOUSLY
SAFETY MONITORING
CONTINUOUS MONITORING AND
ANALYSIS OF SAFETY INDICATORS
DOCUMENTING SYSTEMATIC
ACTIONS AND CHANGES
SAFETY RECORDS
RECORDS ARE PRODUCED AND
MAINTAINED THROUGHOUT THE SMS
OPERATION
RISK ASSESSMENT AND MITIGATION
DOCUMENTATION
THE RESULTS OF RISK ASSESSMENT
AND MITIGATION PROCESSES ARE
DOCUMENTED THROUGHOUT THE
SYSTEM LIFECYCLE
SAFETY SURVEYS
SAFETY HAS TO BE VERIFIED
INTERNALLY AND CONTINUOUSLY
Implementation by
SAFETY SURVEYS
SAFETY HAS TO BE VERIFIED
INTERNALLY AND CONTINUOUSLY
Implementation by
Who
Periodicity
ACC (5)
Main Airports (11)
3 years
2 years
Headquarters
Each year
SAFETY SURVEYS
SAFETY HAS TO BE VERIFIED
INTERNALLY AND CONTINUOUSLY
Implementation by
SMS requirements
TO ENSURE SAFETY
MEANS FOR PROVIDING ASSURANCE THAT RISKS ARE BEING PROPERLY MANAGED
SYSTEMATIC ACTIONS
CONCERNING THE STEADY STATE
SAFETY SURVEYS
SAFETY HAS TO BE VERIFIED
INTERNALLY AND CONTINUOUSLY
SAFETY MONITORING
CONTINUOUS MONITORING AND
ANALYSIS OF SAFETY INDICATORS
DOCUMENTING SYSTEMATIC
ACTIONS AND CHANGES
SAFETY RECORDS
RECORDS ARE PRODUCED AND
MAINTAINED THROUGHOUT THE SMS
OPERATION
RISK ASSESSMENT AND MITIGATION
DOCUMENTATION
THE RESULTS OF RISK ASSESSMENT
AND MITIGATION PROCESSES ARE
DOCUMENTED THROUGHOUT THE
SYSTEM LIFECYCLE
Implementation by
SAFETY MONITORING
CONTINUOUS MONITORING AND
ANALYSIS OF SAFETY INDICATORS
Dashboard
Managers need a dashboard for monitoring the main
indicators.
Summary
Topic
Safety
Traffic
Delay
Technical
Results
Trend
NM
0,60
0,55
0,50
0,45
0,40
0,35
0,60
1,00
0,90
0,80
0,70
0,60
0,50
0,40
0,30
0,20
0,10
0,00
0,55
0,50
0,45
0,40
0,35
HN70
2007
2008
2009
Janv
1
0
0
Fvr
1
0
0
Mars
1
1
0
Avr
0
1
1
Mai
0
0
1
Juin
2
2
0
Juil
1
0
0
Aot
0
0
1
Sept
0
1
1
Oct
2
1
Nov
0
0
Dc
0
1
Total
8
7
4
Evolution annuelle 12
mois glissants
0,61
Dlais 07/08
Dlais 08/09
160000
minutes
140000
120000
100000
80000
60000
40000
20000
0
Meteorogical
conditions
ATCO strike
Implementation by
SAFETY MONITORING
CONTINUOUS MONITORING AND
ANALYSIS OF SAFETY INDICATORS
Direction
When
Weekly
OPS Division
When
Monthly
Daily
Who
Technical Division
When
Who
Chief Division OPS,
deputy, chiefs subd
Subdivision
Safety
1 chief
1 Deputy
4 ATCO and assistants
Weekly
Daily
Who
Chief Technical Division,
deputy, chiefs subd
Subdivision
Safety
1 chief
1 Deputy
2 ATSEP
SMS requirements
TO ENSURE SAFETY
MEANS FOR PROVIDING ASSURANCE THAT RISKS ARE BEING PROPERLY MANAGED
SYSTEMATIC ACTIONS
CONCERNING THE STEADY STATE
SAFETY SURVEYS
SAFETY HAS TO BE VERIFIED
INTERNALLY AND CONTINUOUSLY
SAFETY MONITORING
CONTINUOUS MONITORING AND
ANALYSIS OF SAFETY INDICATORS
DOCUMENTING SYSTEMATIC
ACTIONS AND CHANGES
SAFETY RECORDS
RECORDS ARE PRODUCED AND
MAINTAINED THROUGHOUT THE SMS
OPERATION
RISK ASSESSMENT AND MITIGATION
DOCUMENTATION
THE RESULTS OF RISK ASSESSMENT
AND MITIGATION PROCESSES ARE
DOCUMENTED THROUGHOUT THE
SYSTEM LIFECYCLE
SAFETY RECORDS
RECORDS ARE PRODUCED AND
MAINTAINED THROUGHOUT THE SMS
OPERATION
Safety
y records
he result of
are the
an activity
ctivity
(indicators)
cators) or
roof that an
the proof
ty has been
activity
performed
rmed
(minutes
utes of a
meeting).
ing).
Implementation by
SMS
Manual
Mapping, Process,
Activites
SAFETY RECORDS
RECORDS ARE PRODUCED AND
MAINTAINED THROUGHOUT THE SMS
OPERATION
Implementation by
SAFETY RECORDS
RECORDS ARE PRODUCED AND
MAINTAINED THROUGHOUT THE SMS
OPERATION
Record
Acces
Minutes of
management
review
Free
Audit reports
LOAs
Safety
occurrences
analysis
Free
Free
Confide
ntial
Implementation by
Who
RSMS
RSMS
Chief
Subd
OPS
Chief
Subd
Safety
Where
Support
Duration
Archivage
G:\Dir_CRNA\SMQS\revues
Electronic
3 years
5 years
G:\Dir_CRNA\SMQS\audits
Electronic
3 years
5 years
G:\EXPLOITA\Doc_Ops\LOA
Electronic
3 years
5 years
Paper
3 years
5 years
SMS requirements
TO PROMOTE SAFETY
MEANS TO BUILD A SAFETY IMPROVEMENT CULTURE WITHIN THE
ORGANISATION
LESSON DISSEMINATION
DISSEMINATING PAST LESSONS
WITHIN THE ORGANISATION
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
SMS requirements
TO PROMOTE SAFETY
MEANS TO BUILD A SAFETY IMPROVEMENT CULTURE WITHIN THE
ORGANISATION
LESSON DISSEMINATION
DISSEMINATING PAST LESSONS
WITHIN THE ORGANISATION
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
LESSON DISSEMINATION
DISSEMINATING PAST LESSONS
WITHIN THE ORGANISATION
MODULE 4
Safety Occurrences
SMS requirements
TO PROMOTE SAFETY
MEANS TO BUILD A SAFETY IMPROVEMENT CULTURE WITHIN THE
ORGANISATION
LESSON DISSEMINATION
DISSEMINATING PAST LESSONS
WITHIN THE ORGANISATION
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
Provide ATS
services
Policy
Action plan
Objectives
Resources
SAFETY
OCCURRENCES
- Analyse
- Causes
- Gravity
Corrective
actions to avoid
same causes
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
Continuous
improvement is
never completed.
You must climb
slowly, step by
step.
AUDITS
REVIEWS
Implementation by
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
Safety Indicators
Safety Dashboard
Implementation by
Audit reports
(internal, external)
List of
Planned changes
List of
corrective actions
Actions plan
Project of internal
and external audits
Preparation
Analysis
Synthesis
done
by
RSMS
Management
Review
Minutes of
Management
Review
Actions
New
Corrective
Actions
Action
Plan
(update)
Planning
of
audits
SAFETY IMPROVEMENT
INVOLVING ALL STAFF AND
IMPLEMENTING THE IMPROVEMENT
OF SAFETY AS A CONTINUOUS
PROCESS
Agenda :
1. Safety indicators
2. Risk assessment and mitigation
3. Implementation of SMS
4. Audit reports
5. Corrective and Preventive Actions
Titre
END
Implementation by
Module 3
ANSP NSA How to work together ?
- French civil Aviation Organization.
- French ANSP Organization.
- French NSA Organisation.
- Audits NSA.
Module 3
ANSP NSA How to work together ?
- French civil Aviation Organization.
- French ANSP Organization.
- French NSA Organisation.
- Audits NSA.
General Directorate
for Civil Aviation
Directorate
for Air Transport
(DTA)
Directorate
for Air Navigation
(ANSP)
DTA elaborates
regulations.
Most of the
requirements are
coming from
ICAO and EU.
ANSP applies
the regulations
and provides
services (ATM,
CNS, AIS ).
Directorate
for Civil Aviation
Safety (NSA)
NSA monitors
ANSP through
audits.
The certificate of
provider is
issued by NSA.
Module 3
ANSP NSA How to work together ?
- French civil Aviation Organization.
- French ANSP Organization.
- French NSA Organisation.
- Audits NSA.
Human Resources
Subdirectorate
Finance
Subdirectorate
The Environment
Mission
Operations Directorate
(ACC, Airports )
Lille
CDG
& Orly
Brest
W
Strasbourg
E
Lyon
11
Airports
AIS
CESNAC
Bordeaux
SW
5 ACC
SE
CESNAC =
Centralised Air
Navigation Systems
Operations Centre
Toulouse
Nice
Indian
Ocean
West Indies
Guiana
Marseille
Deputy
Operations
Division
ATCO
ACC or Airport
Chief
Technical
Division
ATSEP
RSMS
Administrative
Division
Aera East
12 teams of
18 ATCO
Subdivision
Subdivision
Subdivision
ATCO OPS
Studies
Training
FMP
Subdivision
Safety
FIS
Alert
Aera West
12 teams of
18 ATCO
Paris ACC :
- 550 ATCOs
- Among them 100 ATCOs are in training.
Subdivision
Subdivision
Subdivision
Subdivision
Subdivision
Subdivision
Flight Plan
Radar
Telecoms
Energy
Training
Safety
Operational maintenance
Supervision 3 ATSEP
Supervision
1 technician
Paris ACC :
- 80 ATSEPs
- Among them about 8 ATSEPs are in training.
Human Resources
Subdirectorate
Finance
Subdirectorate
The Environment
Mission
Insurance of the
Regulatory
Compliance Division
Safety Performance
Insurance Division
Systems Safety
Division
RSMS
RSMS
RSMS
RSMS
CDG
& Orly
Brest
W
RSMS
Headquarters
MSQS
RSMS
RSMS
AIS
CESNAC
Bordeaux
SW
11
Airports
5 ACC
Lille
Strasbourg
RSMS
Lyon
RSMS
RSMS
RSMS
RSMS
SE
RSMS
CESNAC =
Centralised Air
Navigation Systems
Operations Centre
RSMS
RSMS
Nice
Toulouse
RSMS
Marseille
RSMS
Module 3
ANSP NSA How to work together ?
- French civil Aviation Organization.
- French ANSP Organization.
- French NSA Organisation.
- Audits NSA.
Indian
Ocean
West indies
Guiana
RSMS
Headquarters
Local Departments
Resource
Management
European
Cooperation
Licence, medical
control, training.
Flight Crew
Certification and
monitoring of
airlines and aircratfs.
Airworthiness
and Air
Navigation
Certification and
monitoring of ANSP
and Airports.
Control the
security measures.
Security
The oversight
and monitoring
operations of
NSA are done
with the support
of local
departments.
West
North
East
South
West
Centre
East
South
Indian
Ocean
South
East
Antilles
French
Guiana
North
North
Brest
CDG
& Orly
Local
NSA
W
West
NSA
headquarters
Lyon
11
Airports
5 ACC
CESNAC =
Centralised Air
Navigation Systems
Operations Centre
Strasbourg
Centre
East
AIS
CESNAC
Bordeaux
SW
Indian
Ocean
SE
South
West
Nice
Toulouse
South
Marseille
South
East
Indian
Ocean
West Indies
Guiana
West Indies
Guiana
Airports
Certification of ANSP
Module 3
ANSP NSA How to work together ?
- French civil Aviation Organization.
- French ANSP Organization.
- French NSA Organisation.
- Audits NSA.
Audits NSA
Program of audits :
- Program over 6 years, 6 to 10 audits per year.
- Defining audit objectives and audit program by adaptation
based on the results of year n-1.
- Annual monitoring plan taking into account the maturity,
the identified risks and regulatory requirements.
- Pool of auditors from Headquarter and Local Departments.
Audits NSA
Brest
W
CDG
& Orly
Strasbourg
Headquarters
Each year
Lyon
2 years
3
years
AIS
Bordeaux
CESNAC
SW
SE
Nice
Toulouse
Marseille
Indian
Ocean
West Indies
Guiana
Corrective Actions
accepted by MSQS?
No
Yes
No
Module 4
Safety Occurrences
Regulations and Methodology of the French ANSP
Definitions, List of Safety Occurrences
Safety occurrences
Report and Notification
Analysis (Severity, Frequency, Causes)
Module 4
Safety Occurrences
Regulations and Methodology of the French ANSP
Definitions, List of Safety Occurrences
Safety occurrences
Report and Notification
Analysis (Severity, Frequency, Causes)
ICAO Annex 19
Requirements in
Annexe 19
Guidance in
DOC 9859
ICAO Annex 19
1. Safety Policy and Objectives
2. Safety Risk Management
3. Safety Assurance
4. Safety Promotion
Requirements for
Safety Occurrences.
ICAO Annex 19
2. Safety Risk Management
ICAO Annex 19
2. Safety Risk Management
2.1 Hazard identification.
Notification, immediate actions, analysis of events
Processing of safety occurrences
Processing of security occurrences
Planning tools and resources
2.2 Safety Risk Assessment and Mitigation
Safety studies (changes)
Programmed method of intervention
Monitoring measures to reduce risk
ICAO Annex 19
4. Safety Promotion
ICAO Annex 19
4. Safety Promotion
4.1 Training and education.
SMI training
Competency (ATCO, ATSE)
4.2 Safety communication.
Lesson dissemination
European requirements
Requirements
Guidance : classification
for severity and frequency
ESARR2 Summary
EAM2/GUI1 Summary
Attachment 1 is used for OPS events.
Assessment of
safety occurrences
Procedure :
Manual :
Findings/
Corrective Actions
Assessment of
Safety Occurrences
Module 4
Safety Occurrences
Regulations and Methodology of the French ANSP
Definitions, List of Safety Occurrences
Safety occurrences
Report and Notification
Analysis (Severity, Frequency, Causes)
1. Accidents :
Mid Air collision,
Controlled Flight Into Terrain (CFIT),
Collision on the ground between aircraft,
Collision between an airborne aircraft and vehicle/another
aircraft on the ground,
Collision on the ground between aircraft and vehicle or
person or obstruction(s),
Other accidents of special interest would include losses
of control in flight, due to VORTEX or meteorological
conditions.
2. Incidents :
Near collision
Separation minima infringement,
Inadequate separation,
Near Controlled Flight Into Terrain (Near CFIT),
Runway incursion where avoiding action was necessary.
Potential for collision or near
Runway incursion where no avoiding action is necessary,
Runway excursion by aircraft,
Aircraft deviation from ATC clearance,
Aircraft deviation from applicable ATM regulation:
Horizontal separation
(aircrafts same flight level FL)
5 NM
5 NM
5 NM
Vertical separation
FL 220
1 000 FT
FL 210
Visual alarm :
aircrafts
involved are in
red on the
radar screen
Module 4
Safety Occurrences
Regulations and Methodology of the French ANSP
Definitions, List of Safety Occurrences
Safety occurrences
Report and Notification
Analysis (Severity, Frequency, Causes)
Safety Occurrences
Causes
Safety Event
What did he
say ?
We could
go I
believe
Consequences
Bad radio
communications,
Human error
Incursion of a
vehicle on the
runway
Interrupted landing,
collision
Safety Occurrences
Causes
Safety Event
Consequences
Safety Occurrences
Causes
Safety Event
Consequences
Safety Occurrences
Improvement loop for
safety occurrences.
Policy
Action plan
Objectives
Resources
Safety Occurrences
Assessment
- Analyze
Corrective
actions to avoid
same causes
- Severity
- Causes
Module 4
Safety Occurrences
Regulations and Methodology of the French ANSP
Definitions, List of Safety Occurrences
Safety occurrences
Report and Notification
Analysis (Severity, Frequency, Causes)
Safety
Occurrence
ATCOs, ATSEPs, Pilots
List of events
to be notified
to managers
Immediate Actions
if necessary
Real Time
Record event
in database
ECCAIRS
Database
X
FL280
TP
RATCAS
28/10/2014
12:15
AFR
F-ABCD
A320
LFPG LFML
1457
IFR
BAW
G-KLMN
B737
EGLL LIRF
2812
IFR
123,45
YES
NO
AWY
Radar control
2,4
600
ATCO
None
X
Paris/ACC
01:05
04:05
X
11/02/2014
Position TT
S03
11/02/2014
Supervisor
ACC or Airport
N
ATCO or
ATSEP
Operational
Duty
Engineer
Analyze
with experts
Event
must be notify ?
Chief
Chief OPS
Chief Tech
RSMS
Chief
ANSP
BEA
MSQS
NAS
Office
investigation
analysis
Notification Process
Who is the operational duty engineer ?
Module 4
Safety Occurrences
Regulations and Methodology of the French ANSP
Definitions, List of Safety Occurrences
Safety occurrences
Report and Notification
Analysis (Severity, Frequency, Causes)
Analysis
Severity and Frequency
Classification
Debriefing of ATCO
or ATSEP involved by
safety subdivision
The databases
are updated during analysis
N
END
ECCAIRS : European Coordination
Centre for Accident and Incident
Reporting Systems.
Search
Causes ?
Y
Toward next step
(search causes)
Safety Subdivision or
safety commission
Safety Subdivision
To determine if causes
must be searched
a matrix is used by the
safety Subdivision
Analysis
Y
The databases
are updated during analysis
Safety
Commission
?
Causes evaluated
by safety
commission
Causes evaluated
by safety
subdivision
Signification
A : Serious incident
B : Major incident
C : Significant incident
D : Not determined
E : No safety effect
Examples
A : Serious incident
B : Major incident
Regulations
Management
Controllers
Equipments
DEFINITION
5 Extremely rare
4 Rare
3 Occasional
2 Frequent
1 Very Frequent
Serious
A1
A2
A3
A4
A5
Major
B1
B2
B3
B4
B5
Significant
C1
C2
C3
C4
C5
Not determined
D1
D2
D3
D4
D5
No safety effect
E1
E2
E3
E4
E5
Very
frequent
Frequent
Occasional
Rare
Extremely
rare
Serious
A1
A2
A3
A4
A5
Major
B1
B2
B3
B4
B5
Significant
C1
C2
C3
C4
C5
Not determined
D1
D2
D3
D4
D5
No safety effect
E1
E2
E3
E4
E5
Very
frequent
Frequent
Occasional
Rare
Extremely
rare
Replaying radio
communications
Replaying radar data
Causes
We have to identify the different categories of causes,
specially for the human factors.
ft
ft
Year Y
Sector
66%
RT
Description
2 aircrafts going to Orly. 2nd
one goes faster than 1st.
Bad reaction to STCA.
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
Loss
of Sep
497
AFR130
1
AFR55
73
100%
5NM
<5NM
5NM
Speed 1
Speed 2
107
%
Sector
AO
Description
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
Loss
of Sep
668
TAR964
AF415
N
100%
Loss
of Sep
D <5 NM
Sector
111%
TM
Description
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
588
LGL809
4
6200
100%
MIL
Sector
83%
UP
Description
Level Bust.
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
Loss
of Sep
603
AF814
WL
VPBB
V
70%
Pilote
FL 220
1 000 FT
FL 210
1 000 FT
FL 200
DEFINITION
aa Total inability to
provide safe ATM
service
b Partial inability to
provide safe ATM
service
DEFINITION
c Ability to provide
safe but
degraded ATM
service
d Not determined
e No effect on ATM
service
DEFINITION
5 Extremely rare
4 Rare
3 Occasional
2 Frequent
1 Very Frequent
aa1
aa2
aa3
aa4
aa5
a1
a2
a3
a4
a5
b1
b2
b3
b3
b5
c1
c2
c3
c4
c5
d Not determined
d1
d2
d3
d3
d5
e No effect on ATM
service
e1
e2
e3
e3
e5
Very
frequent
Frequent
Occasional
Rare
Extremely
rare
aa1
aa2
aa3
aa4
aa5
a1
a2
a3
a4
a5
b1
b2
b3
b3
b5
c1
c2
c3
c4
c5
d Not determined
d1
d2
d3
d3
d5
e No effect on ATM
service
e1
e2
e3
e3
e5
Very
frequent
Frequent
Occasional
Rare
Extremely
rare
ATCO
position 1
Backup
LAN
ATCO
position 2
ATCO
position 3
ATCO
position 4
ATCO
position n
ACC
ATCO
position 1
Begin
End
11/02/14
04h18
am
Description
.
The backup computer that manages
11/02/14
the radar screen was out of service
04h24
without any alarm. The backup
am
computer seems to be frozen since
several hours and displays an
image of the radar situation at 9h22
pm.
After a reset situation OK.
sev
Freq
Function
Ref
DTI
S03
(radar)
functio
n).
0095
FFT
11/14
France Telecom
ACC
Begin
05/09/14
02h00
pm
End
Description
Lille Airport
sev
Freq
Function
Ref
DTI
S02
Ground
Ground
821
No
Module 4
Safety Occurrences
Regulations and Methodology of the French ANSP
Definitions, List of Safety Occurrences
Safety occurrences
Report and Notification
Analysis (Severity, Frequency, Causes)
Corrective Actions, Feedback
Corrective Actions
Corrective
Actions
Causes
Safety Event
Consequences
Corrective Actions
The databases
are updated during analysis
Decide
Corrective Actions
and Feedback
Monitoring commission
Chief of OPS
Implement
Corrective Actions
and Feedback
Responsible of the
Corrective Action.
Responsible of the
Feedback.
Monitoring
Corrective Actions and
Feedback.
Monitoring commission
Corrective
Action
effective?
Monitoring commission
Y
END
Corrective actions
Feedback
Sector
66%
RT
Description
2 aircrafts going to Orly. 2nd
one goes faster than 1st.
Bad reaction to STCA.
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
Loss
of Sep
497
AFR130
1
AFR55
73
100%
107%
Secto
r
AO
Description
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
Loss
of Sep
668
TAR964
AF415
N
100%
Sector
111%
TM
Description
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
588
LGL809
4
6200
Loss
of Sep
100%
MIL
Sector
83%
UP
Description
Level Bust.
ATM
sev
ATC
sev
Freq
Ref
A/C 1
A/C 2
Loss
of Sep
603
AF814
WL
VPBB
V
70%
Pilote
9 cases in 2007 and only 1 in 2008. The actions of awareness and the
trainings carried out by the safety subdivision have been effective.
30 january
2007 Feedback
about visual
separation
20 february
2007 note
07CPG012 to
all ATCOs
1 to 12
march
2007 :
During
briefing
reminder
on visual
separation
02 to 20 april
2007 : During
briefing
reminder on
visual
separation
17 to 28
september 2007 :
During briefing
reminder on
visual separation
t
Visual separation
by ACC forbidden
ON
ATCO
position 1
Backup
Module 3
Safety Occurrences
Definition, List of Safety Occurrences
Why Reporting and Assessment of Safety Occurrences ?
Report, Notification
Analysis = Severity, Frequency, Causes
Corrective Actions,
Safety Occurrences Documentation
SMS
Manual
Mapping, Process,
Activites
AGATA
Corrective Actions must be stored
and recorded in a database or in a
file.
Corective Actions database or Table
Titre
END
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAY).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAY).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
ATCO Training
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAY).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
1 MISO to
implement
2 MISO to
verify
8 Events in
progress
3 Feedback
in progress
4 Corrective
Actions in
progress
Technical
Manual
Manual:
7 new
documents
Manual:
5 documents
to verify
Manual:
1 document
to approve
Manual:
83
documents
to update
News
Reports of
meetings
Scheduled
Works
Daybook
(alarms,
supervisor
actions).
Corrective
Actions
Search
Technical
documentation
Safety
Events
Technical
Manual
Manual:
7 new
documents
Manual:
5 documents
to verify
Manual:
1 document
to approve
Manual:
83
documents
to update
Equipments, systems
selected
Post it in progress,
news
Radar : ON
Telecom : ON
Flight Plan: ON
Energy : OFF
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAI).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
What ?
Who ?
Safety
Subdivision
Users ?
All
Subdivisions :
Safety,
Studies,
OPS, Training
Contents ?
Goal
Safety Events
and data
Local database
Traceability of safety
events.
Achivement of
indicators and
statistics.
Database
INCA
National database.
used by safety subdivisions
in ACC and airports.
ECCAIRS Community
What ?
Who ?
Users ?
Contents ?
Safety
Subdivision
All Technical
Subdivisions and
sections
Operational supervision
Scheduled works
Safety events
Documentation,
Corrective actions.
Goal
Daybook
Technical
documentation
Management of
Safety events,
corrective actions.
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAY).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
Findings/Corrective Actions
Findings are non compliance, weak points (audits) and
causes of safety events.
FINDINGS
RSM
S
RSM
S
Bres
t
RSM
S
N
W
RSM
S
RSM
S
CDG
&
Orly
Headquarters
MSQS
AIS
S
W
Toulous
e
RSM
S
RSM
S
Strasbour
g
E
RSM
S
Lyon
RSM
S
CESNA
C
RSM
S
Bordeau
x
RSM
S
Lill
e
RSM
S
RSM
S
RSM
S
S
E
RSM
S
Nice
Marseille
RSM
S
Who ?
Users ?
Contents ?
Goal
Safety
subdivision
Head of division
and all the
subdivisions
Safety Events,
Causes.
Audits reports.
Correctives
Actions
Monitoring of the
corrective actions.
Verifying their
effectiveness.
Head of division
and all the
subdivisions
Safety Events,
Causes.
Audits reports.
Correctives
Actions
Monitoring of the
corrective actions.
Verifying their
effectiveness.
OPS Division
Events and
corrective
actions in an
excel file
Technical Division
Events and
corrective
actions in
database
Safety
subdivision
Ref.
Origin
& Date
Number/
YY
State of
progress
Finding
Target
Date
Actions planned
and carry out
Name
or better
Function
In progress,
Completed,
Closed.
Safety review
Internal audits,
External audits,
Process reviews
Others
Responsible
List of actions
planned
and carried out
Findings of audits,
Action decided,
Proposal,
Others
Effectiveness
Criteria
Criteria to check
before closing the
Finding
Origin
& Date
State of
progress
Finding
Respon
sible
Target
Date
Effectiveness
Criteria
03/07
Internal
Audit
January
2007
In
progress
Description of
jobs not
completed
RSMS
mars 08
mars 09
mars10
- Ask a national
coordination.
- Wait for RSMS
meeting in Brest
- ATSEP job
description in
progress.
- ATCO job description
to plan.
All job
description
done and
signed.
12/08
NSA
audit
April
2008
In
progress
Chief
Division
OPS
End
2009
1 Oficial reminder to
ATCO.
Done under ref.
08/2008
2 Monitor the report
rate with an indicator.
3 Briefings to ATCO.
Briefings done in june
2014.
New briefings
scheduled in oct 2008
Report rate =
100% for RA
TCAS and
AIRPROX.
ATCO : bad
reports of
safety events
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAY).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
SPIRIT
SPIRIT
SPIRIT
Lille
SPIRIT
SPIRIT
SPIRIT
CDG
SPIRIT
& Orly
Brest
W
SPIRIT is managed
by MSQS.
Each entity can
access to SPIRIT
(RSMS and people
involved in safety
studies).
SPIRIT
SPIRIT
SPIRIT
Strasbourg
E
SPIRIT
SPIRIT
Lyon
SPIRIT
SPIRIT
AIS
CESNAC
Bordeaux
SPIRIT
SW SPIRIT
SPIRIT
SE
Toulouse
SPIRIT
Marseille
SPIRIT
Nice
SPIRIT
SPIRIT
Indian
Ocean
West Indies
Guiana
SPIRIT
SPIRIT
SPIRIT
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAY).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
Dashboard
Managers need a dashboard for monitoring the main
indicators.
Summary
Topic
Safety
Traffic
Delay
Technical
Results
Trend
0,60
0,55
0,50
0,45
0,40
0,35
0,60
1,00
0,90
0,80
0,70
0,60
0,50
0,40
0,30
0,20
0,10
0,00
0,55
0,50
0,45
0,40
0,35
HN70
2007
2008
2009
Janv
1
0
0
Fvr
1
0
0
Mars
1
1
0
Avr
0
1
1
Mai
0
0
1
Juin
2
2
0
Juil
1
0
0
Aot
0
0
1
Sept
0
1
1
Oct
2
1
Nov
0
0
Dc
0
1
Total
8
7
4
Evolution annuelle 12
mois glissants
0,61
A graph is subjective. The 2 graphs are built with the same datas but
have different scales.
It is useful to present the data in a table.
Dlais 07/08
Dlais 08/09
160000
minutes
140000
120000
100000
80000
60000
40000
20000
0
Meteorogical
conditions
ATCO strike
Implementation by
SAFETY MONITORING
CONTINUOUS MONITORING AND
ANALYSIS OF SAFETY INDICATORS
Direction
When
Weekly
OPS Division
When
Monthly
Daily
Who
Technical Division
When
Who
Chief Division OPS,
deputy, chiefs subd
Weekly
Subdivision
Safety
Daily
1 chief
1 Deputy
4 ATCO and assistants
Who
Chief Technical Division,
deputy, chiefs subd
Subdivision
Safety
1 chief
1 Deputy
2 ATSEP
Module 5
SMS Tools
- SMS Intranet site.
- Technical Division Tool (SIAM).
- Safety Occurrences data base (INCA, ECCAIRS, e-TOKAY).
- Findings/Corrective Actions Tools (Excel Files, AGATHA).
- Risk Assessment and Mitigation Tool (SPIRIT).
- Dashboard
- Action Plan
Action Plan
Every year an action plan with the main objectives and the
planned actions.
Action Plan
A monthly review of the action plan with an update of the
monitoring document.
SMS Tools
Main tools for managers : Action Plan, Corrective Action
Table, Dashboard.
Action Plan
(yearly)
Dashboard
Module 6
Risk Assessment and Mitigation
Regulations.
General Principles (FHA, PSSA, SSA ).
French Methodology (ANSP and NSA).
Preliminary Study (EPIS CA, EPIS TECH).
Methodology of intervention (MISO).
Safety Study : new procedure for Marseille Provence
Airport (south east of France).
Module 6
Risk Assessment and Mitigation
Regulations and General Principles.
page 5-23
European Regulations
Regulation n
1035/2011
1034/2011
European Regulations
The origin of the regulation about Risk Assessment and
Mitigation can be found in ESARR4.
Module 6
Risk Assessment and Mitigation
Regulations.
General Principles (FHA, PSSA, SSA ).
French Methodology (ANSP and NSA).
Preliminary Study (EPIS CA, EPIS TECH).
Methodology of intervention (MISO).
Safety Study : new procedure for Marseille Provence
Airport (south east of France).
What is a Change ?
A change is :
- A new equipment (hardware and/or software),
- A modification of an equipment (hardware and/or software),
- A modification of airspace (airways, design )
- A significant change in working methods.
We can have :
- Technical change,
- Airspace change,
- Both Technical and Airspace.
Technical Change
Instrument Landing
System (ILS)
Radar Station
Radio Station
Network
Airspace Change
FL345
AP
FL285
AO
FL285
AO
General principles
t
Definition of the system perimeter and environment
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Objectives
Achieved ?
YES
Stored
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Analysis of transition phases
Definition of safety assurance means
Synthesis
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Analysis of transition phases
Definition of safety assurance means
Synthesis
Objectives
Achieved ?
YES
Stored
Description of change
and perimeter of safety analysis.
It must take into account the three following elements :
- Human factors (working methods, Human Machine Interface (HMI)
competencies).
- Procedures.
- Equipements (hardware and software).
LOA
Protocol
CTR classe D
SID a
Loc
SID a
Technical
STAR z
Glide
Q F U 10-32
TWR
AIP
Users
Technical room
Exploiting
ploiti
ting
ti
ng
Protocoll
STAR y
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Objectives
Achieved ?
YES
Stored
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Analysis of transition phases
Definition of safety assurance means
Synthesis
Identification of Hazards
Hazard = danger affecting the provision of services by
ANSP and that can lead to an accident or incident.
Causes
of hazard
Human Factor
Error
Technical
Dysfunction
Combination
Brainstorming with
experts to identify hazards.
Procedural
Error
Brainstorming
with experts
to identify
causes
Hazard
Consequences
Severity
Frequency
Brainstorming
with experts to find
severity and frequency
Example of Hazards
Examples of hazard :
- Loss of one radio frequency in a control center.
FL285
AO
Radar screen
of AO, AP, SU
positions
SU
FL345
AP
FL285
ATCO
Consequences of Hazards
For each hazard we have to identify the potential
consequences.
Consequences
Severity
Gravity
Severity of Hazards
5 levels are defined for the severity.
Severity
Consequences Accidents
on operations
Examples of
consequences
(assessment
beforehand)
One or several
catastrophic
accidents;
One or more
air collision;
One or more
ground
collision;
Serious
incidents
Major
incidents
Significant
incidents
No immediate
effect on safety
Important loss
of separation
(eg. < 50% of
minimum
separation)
where aircrew
or ATC cant
fully control the
situation or
arent able to
put it right
Important
loss of
separation
(eg. < 50% of
minimum
separation)
where
aircrew or
ATC fully
control the
situation and
are able to
put it right
Increase in
controllers or
aircrew
workload or
slight
deterioration
of functional
capacity in
ATC system
A situation that
can generate
danger : no direct
or indirect impact
on safety
Brainstorming
with experts
Severity = 3
Major
incident
The ATCO
makes an error,
he gives to the
FL345 aircraft the
frequency of AP
instead of SU.
FL285
SU
AP
ATCO
Brainstorming
with experts
Severity = 4
Significant
incident
Frequency of Hazards
The frequency can be quantitative but its easier to have
qualitative level.
Frequency
Extremely
rare
Rare
Occasional
Frequent
Very
Frequent
1 per 1000
years
1 per 5-10
years
1, 2 times
per year
Several times
per year
1 time per
month
Hazard 1
Brainstorming
with experts
Frequency =
Frequent
Hazard 2
Brainstorming
with experts
Frequency =
Frequent
X
ATCO
AP
The ATCO
makes an error,
he gives to the
FL345 aircraft the
frequency of AP
instead of SU.
FL285
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Objectives
Achieved ?
YES
Stored
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Analysis of transition phases
Definition of safety assurance means
Synthesis
Safety Objectives
For each level of severity we must define the maximum
acceptable frequency.
Severity
1
Accident
2
Serious
Incident
3
Major
Incident
4
Significant
Incident
5
No
Effect
Safety
Objective
Extremely
rare
Rare
Occasional
Frequent
1 per 1000
years
1 per 5-10
years
1, 2 times
per year
Several times
per year
Safety Objectives
A matrix is used to see if a hazard (severity + frequency) is
in the acceptable area.
Frequency
Very
Frequent
Frequent
Occasionnal
Rare
Extremely
rare
Severity
1 Accident
2 Serious
Incident
3 Major
Incident
4 Significant
Incident
5 No Effect
Hazard 2
Severity = 4
Frequency =
Frequent
Very
Frequent
Frequent
Severity
1 Accident
2 Serious
Incident
3 Major
Incident
4 Significant
Incident
5 No Effect
Hazard n
Hazard n
Occasionnal
Rare
Extremely
rare
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Objectives
Achieved ?
YES
Stored
Synthesis
AO
Radar screen of
SU position
FL345
AP
FL285
ATCO
Mitigation means :
- ATCO training.
- ATCO documentation.
- Warning on positions.
Brainstorming
with experts
after MM
Severity = 4
(3 before MM)
Frequency = Frequent
(same before MM)
Hazard 2
Brainstorming
with experts
after MM
AP
The ATCO
makes an error,
he gives to the
FL345 aircraft the
frequency of AP
instead of SU.
FL285
ATCO
Severity = 4
(same before MM)
Frequency = Rare
(Frequent before MM)
Hazard 2
Severity = 4
Frequency =
Rare
Very
Frequent
Frequent
Occasionnal
Severity
1 Accident
2 Serious
Incident
3 Major
Incident
4 Significant
Incident
5 No Effect
Rare
Extremely
rare
Very
Frequent
Frequent
Occasionnal
Rare
Extremely
rare
Severity
1 Accident
2 Serious
Incident
3 Major
Incident
Hazard 1
4 Significant
Incident
Hazard 1
Hazard 2
Hazard 2
5 No Effect
Human Factor
Error
Technical
Dysfunction
Procedural
Error
Mitigation
Frequency
Frequency
Decrease
Has
effect on
Consequences
Hazard
Preventive
MMS
Severity
Decrease
Protective
MMS
Has
effect on
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Objectives
Achieved ?
YES
Stored
Synthesis
Hazard 2 :
The traceability of ATCO training must be done and
recorded.
The ATCO manuals have been updated. A new manual
has been created fot the new sector.
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Analysis of transition phases
Definition of safety assurance means
Synthesis
Objectives
Achieved ?
YES
Stored
General principles
Definition of the system perimeter and environment
FHA
System analysis
Identification of Hazards (severity, frequency )
Definition of the Safety Objectives
NO
PSSA
SSA
Identification
of objectives
the Mitigation
Means
Conversion
of safety
in requirements
Demonstrate
implementation
of mitigation
means
Quantitativethe
and
qualitative assessment
of safety
Objectives
Achieved ?
YES
Stored
Synthesis
Safety Assurance
Safety assurance defines the means to monitor the new
system :
- Verify that an acceptable safety level is maintained on
the long run.
- Verify that the initial hypothesis are always valid.
- Verify if new hazards occur.
They can take different forms :
- Definition of safety indicators.
- Procedure to monitor the indicators.
If necessary the safety analysis is updated.
FL285
AO
Module 6
Risk Assessment and Mitigation
Regulations.
General Principles (FHA, PSSA, SSA ).
French Methodology (ANSP and NSA).
Preliminary Study (EPIS CA, EPIS TECH).
Methodology of intervention (MISO).
Safety Study : new procedure for Marseille Provence
Airport (south east of France).
Safety Analysis
This methodology
explains how to do a
safety analysis :
procedure, guides,
templates
How to do a safety
analysis ? The
regulations and the
general principles are
not enough explicit.
Procedure
Guides
Templates
Guide
Procedure
Template
Airspace
Change
Safety
Analysis Report
MISO
MISO
Technical
Change
Hazards
Preliminary
Analysis
Documentation
French ANSP Methodology
Procedure
Technical
EPIS-TIL
template
Airspace
EPIS-CA
template
MISO
template
Structure for
Safety Analysis Report
EPIS-CA
guide
MISO
guide
Safety analysis
guide
Brainstorming
Brainstorming
Leader : Safety Coordinator of the change
Experts : ATCOs, ATSEP, engineers
Brainstorming
Brainstorming
ILS
Radar
Radio
Flight plan,
Radar data
Network
SU
AP
FL345
AP
FL285
AO
AO
New airways
FL285
New sector
we must have 1 or
Safety Assurance
Activities
EPIS-TIL
and/or
EPIS-CA
Beginning of
the change
Severity
1 or 2
No
Yes
Is the safety
analysis pertinent ?
Safety Analysis
Report
MISO
Monitoring indicators
Documentation reviews
Audits
Implementation
decided by DSNA
after approval by
DSAC if necessary
SPIRIT
DSNA database
SPIRIT
ACC
Headquarters
Airports
DSAC procedure
For oversight
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Request for
Complementary
information ?
Refusal of change
Implementation
of change
Documentary reviews
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Request for
Complementary
information ?
N
Refusal of change
Documentary reviews
Implementation
of change
Notification
SPIRIT
National Database
Change
DSNA units :
ACC, Airports, Others.
Every month
Notification to
DSAC
DSAC
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Request for
Complementary
information ?
N
Refusal of change
Documentary reviews
Implementation
of change
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Request for
Complementary
information ?
N
Refusal of change
Documentary reviews
Implementation
of change
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Request for
Complementary
information ?
N
Refusal of change
Documentary reviews
Implementation
of change
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Request for
Complementary
information ?
N
Refusal of change
Documentary reviews
Implementation
of change
Level A
Level B
Level C
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Request for
Complementary
information ?
Refusal of change
Implementation
of change
Documentary reviews
DSNA
DSAC
Followed up
Nomination of a correspondant
Decision
of follow up
by NSA ?
Not followed up
Change approved ?
Request for
Complementary
information ?
Refusal of change
Implementation
of change
Documentary reviews
Changed approval
The correspondant report gives DSAC :
- Essential characteristics of the change.
- Critical review of safety analysis.
- Conclusion of the correspondant regarding the approval
of change related to safety.
DSAC delay for answer : 1 month.
Three possible answers by DSAC :
- Approval of change.
- Request for further information.
- Refusal of change
DSNA
DSAC
Decision
of follow up
by NSA ?
Followed up
Nomination of a correspondant
Not followed up
Request for
Complementary
information ?
Refusal of change
Implementation
of change
Documentary reviews
Synthesis
DSAC
Decision
to follow
change
Approval
of
Procedures
Notification
Review of
procedures
Decision
to make
a change
DSNA
Use of documented
procedures
Review
of SA
Approval
of change
Decision
of
Implementation
Documented
procedures
Monitoring of
continuous
conformity
Implementation
Module 6
Risk Assessment and Mitigation
Regulations.
General Principles (FHA, PSSA, SSA ).
French Methodology (ANSP and NSA).
Preliminary Study (EPIS CA, EPIS TECH).
Methodology of intervention (MISO).
Safety Study : new procedure for Marseille Provence
Airport (south east of France).
Module 6
Risk Assessment and Mitigation
Regulations and General Principles.
AERMAC
MESANGE
New system
Previous system
END
1.2 CONTEXT OF THE CHANGE
S2 COM GROUND/GROUND
S3 RADAR
S4 FLIGHT PLAN
S5 RECORDS
S6 Particular AirSpace
S7 ATFM
S8 RADIONAV
S14 STCA
2 ENTITIES CONCERNED
Alarms.
9.2 ACTIONS
Coordination
Experts
Tests
Final check
TO DO
DONE
DONE
TO DO
DONE
Methodology
gy of intervention ((MISO).
)
10 CHRONOLOGY OF INTERVENTION
10.1 EXECUTION
Module 6
Risk Assessment and Mitigation
Regulations and General Principles.
Where is Marseille ?
Brainstorming
with experts
EPIS-CA
EPIS-CA
Safety Study
Safety
Plan
Other
Documents
EPIS-CA
Coordination
Plan
with NSA
EPIS-CA
Minutes meeting
Planning
Records
Verification of procedures.
Results
Integration
Working methods
Technical
Human resources
Aeronautical publication - Communication
Experience on a similar change
Results
Consequences
Update Flight
gh PLN data processing
p
g
MM1 Up
Radar
separation
pa
12NM
MM2
Extension Istres area
MM3
MM
MM4 Radar surveillance, vectoring
MM5 Briefing to pilots, to airlines
Update LOA
MM6 Up
MM7 ATCOs training, simulations
MM7
MM8 Phraseology
MM9 New
MM9
New AIP
AIP
MM10 Take into account military requirements
Hazards
MM11
MM12
MM13
MM13
MM14
MM15
MM16
Preventive maintenance
Equipment
Eq
pm
redundancy
cy
Alternative procedure via Salon
IRMA PC
Regular
gu
exhange
ng (civil
(c
and military)
y)
MM17
MM18
Tactical coordination
Backup phone
H2,H4,
H5
H3
H2,H3
H4,H5
Module 7
- Organization of SMS, QMS and IMS.
- Quality Management System QMS
- Mapping
- Management Reviews.
Module 7
- Organization of SMS, QMS and IMS.
- Quality Management System QMS
- Mapping
- Management Reviews.
SMS Organization
When
Every 2 or 3
years
Who
Audits
MSQS
NSA Auditors
MSQS Auditors
Every 2 years
SMS
ANSP
Safety Management
review (ANSP level)
Twice
a year
AGATA
According to
the annual
program
SMS ACC or
Airport
Internal
Audits
Safety Management
review
(ACC or Airport level)
Twice
a year
Monthly
OPS
Monitoring
Group
Corrective
Actions
For every
change
Every 2 years
Actions
Audits
MSQS
ISO Auditors
ISO
Audits
Quality Management
review (ANSP level)
MSQS Auditors
QMS
ANSP
Monthly
QMS ACC or
Airport
Processes
reviews
OPS
Monitoring
Group
For every
change
Corrective
Actions
Corrective
Actions
Technical
Monitoring
Group
Corrective
Actions
SPIRIT
INCA
For every
event
Local Auditors
ECCAIRS
Processing
of Quality
Events.
Safety Studies
OPS division
Processing
of safety
Events
Director ANSP
Deputy
Chiefs ACC &
Airports
MSQS
Pilots, Actors of
processes/
Quality Management
review
(ACC or Airport level)
Twice
a year
Who
Internal
Audits
Report
Notification
Analyse
Safety commission
Corrective Actions
Feedback
AGATA
According to
the annual
program
Responsibles of safety
studies,RSMS
QMS Organization
Twice
a year
Local Auditors
Tech Division
Processing
of safety
Events
SPIRIT
Report
INCA
Notification
Analyse
ssion
Safety commission
Corrective Actions
ns
ECCAIRS
Feedback
When
Every Year
Technical
Monitoring
Group
Corrective
Safety Studies
OPS division
Processing
of safety
Events
For every
event
Corrective
Actions
Director ANSP
Deputy
Chiefs ACC &
Airports
MSQS
Tech Division
Processing
of safety
Events
IMS Organization
When
Every Year
Every 2 years
Who
Audits
MSQS
ISO
Audits
MSQS Auditors
Management
review (ANSP level)
Twice
a year
IMS
ANSP
AGATA
According to
the annual
program
Internal
Audits
IMS ACC or
Airport
Processes
reviews
OPS
Monitoring
Group
Corrective
Actions
For every
change
Director ANSP
Deputy
Chiefs ACC &
Airports
MSQS
Local Auditors
Pilots, Actors of
processes/
Management
review
(ACC or Airport level)
Twice
a year
Monthly
ISO Auditors
NSA Auditors
Corrective
Actions
Technical
Monitoring
Group
Corrective
Actions
Safety Studies
SPIRIT
INCA
For every
event
ECCAIRS
OPS division
Processing
of safety
Events
Processing
of Security,
Quality,
Environment
Events.
Tech Division
Processing
of safety
Events
Module 7
- Organization of SMS, QMS and IMS.
- Quality Management System QMS
- Mapping
- Management Reviews.
5 Management
Responsibility
6 Resource
Management
7 Product
Realization
8 Measurement
Analysis and
Improvement
4.1 General
Requirements
5.1 Management
Commitment
6.1 Provision of
Resources
7.1 Planning of
Product
Realization
8.1 General
4.2 Documentation
Requirements
5.2 Customer
Focus
6.2 Human
Resources
7.2 Customer
Related Process
6.3 Infrastructure
5.4 Planning
6.4 Work
Environment
7.4 Purchasing
5.5 Responsibility,
Authority,
Communication
8.5 Improvement
5.6 Management
Review
7.6 Control of
Measuring and
Monitoring
Equipment
A lot of common
requirements
SMS = Safety
Management System
ICAO Annex 19
QMS = Quality
Management System
ISO 9001
IMS
IMS = Integrated
Management System
Safety
Security
Environment
Quality
2 complementary approaches :
PROCESSUS Management of
the collective performance.
Input : listening to customers
Output : results, performance.
STRUCTURE
Management of :
Entities
Functions
Actors
Module 7
- Organization of SMS, QMS and IMS.
- Quality Management System QMS
- Mapping
- Management Reviews.
Mapping
In the next slide we have a mapping of Paris ACC.
Management
Listening customers
Strategy and management
Evaluation and improvement
of the management system.
Realization
Support
What is a Process ?
Pilot
Audits
Copilot
Reviews
Process
Indicators
Input
data
PROCESS A
Others
Performance
Indicators
Output
data
What is a Process ?
Chief OPS
Pilot
Division
Audits
Chief ATCO
Copilot
Subdivision
Reviews
Others
Ratio ATCO
on duty/
Process
ATCO
available
Indicators
Flight
Plans,
Input
Calls
from
data
Pilots
Process vs Organization
Performance
Safety
indicators
(Losses
of separation)
Indicators
Output
Safety
for
data
Aircrafts,
Safety Events
Process vs Organization
Module 7
- Organization of SMS, QMS and IMS.
- Quality Management System QMS
- Mapping
- Management Reviews.
Management review
2 Management review per year.
Members of the management review :
- Chief of ACC or Arports (chairman of the revue) and deputy.
- RSMS (secretary of the revue)
- Chief of operational division
- Deputy of operational division
- Chief of technical division
- Deputy of technical division
- Chief of administrative division.
- Chiefs of safety subdivisions
Management review
Safety Indicators
Safety Dashboard
Audit reports
(internal, external)
List of
Planned changes
List of
corrective actions
Actions plan
Project of internal
and external audits
Preparation
Analysis
Synthesis
done
by
RSMS
Management
Review
Minutes of
Management
Review
New
Planned
Corrective
Changes
Actions
Action
Plan
(update)
Planning
of
audits
Agenda :
1. Safety indicators
2. Risk assessment and mitigation
3. Implementation of SMS
4. Audit reports
5. Corrective and Preventive Actions
END
Module 8
Global Aviation Safety Plan (GASP)
Module 8
Global Aviation Safety Plan (GASP)
Annex 19
Requirements
Between NSA
& ANSP, NSA
& NSA, ANSP
& ANSP.
Sharing of
statistics in
order to
determine the
main safety
problems and to
set plans to
solve these
problems.
NSA
ANSP
Phase 2 : 12 months.
Phase 3 : 18 months.
Phase 4 : 18 months.
NSA &
ANSP
Module 8
Global Aviation Safety Plan (GASP)
Accidents statistics
Accidents statistics
Accidents 2009-2013