Beruflich Dokumente
Kultur Dokumente
Staff Instruction
SI 19 – 05
Safety Management Systems (SMS)
Guidance for Inspector & Organizations
Amendment : 0
Date : October 2017
i
FOREWORD
Ttd.
ii
ABBREVIATIONS
iii
TABLE OF CONTENT
iv
APPENDIX A Phased Implementation Approach ....................................................................................... 31
APPENDIX B Gap Analysis Questions ......................................................................................................... 33
APPENDIX C Example Of An SMS Implementation Plan/Schedule ............................................................ 40
APPENDIX D Guidance to Review Voluntary and Confidential Reporting Systems .................................... 41
APPENDIX E Guidance to Review The Safety Performance Indicators ....................................................... 44
APPENDIX F LIST OF APPLICABLE FORMS .................................................................................................. 52
v
CHAPTER I GENERAL
1. Purpose
This Staff Instruction prescribes responsibilities guidance to be used by the
Directorate General of Civil Aviation (DGCA) for Service Provider’s Safety
Management System Manual (Chapter II) and surveilance Implementation
of Service Provider’s Safety Management System Manual (Chapter III).
2. Introduction
The purpose of this Staff Instruction is to provide guidance on the
implementation of Safety Management Systems (SMS). It has been
developed to give sufficient understanding of SMS concepts and the
development of management policies and processes to implement and
maintain an effective SMS.
There is not a ‘one size fits all’ model for SMS that will cater for all types of
organizations. Organizations should tailor their SMS to suit the size, nature
1
and complexity of the operation, and the hazards and associated risks
inherent with its activities.
3. Definitions
As used in this document, the following words or phrases are defined:
2
h. Evaluation – Denotes the process whereby data is assembled, analyzed,
and compared to expected performance to aid in making systematic
decisions.
n. Risk – See Safety Risk. The terms Risk and Safety Risk are used
synonymously.
3
t. Safety Performance – Realized or actual safety accomplishment
relative to the organization’s safety objectives.
4. Regulatory References
a. CASR 19
b. CASR 91
c. CASR121
d. CASR 135
e. CASR 145
4
f. CASR 141
g. CASR142
h. CASR 147
i. ICAO Annex 19, Safety Management. First Edition, July 2013.
j. ICAO Doc 9859, Safety Management Manual (SMM). Third Edition,
2013.
5
CHAPTER II EVALUATION AND APPROVAL OF SAFETY MANAGEMENT
SYSTEM MANUAL
1. INTRODUCTION
Objective. This chapter provides guidance for evaluating and approving
Safety Management System Manual.
2. PROCEDURES
a. Review Applicable Information. Before the inspection, the DGCA
Inspector should carefully review :
2) CASR 830
DGCA Inspector will review that the contents of the manual shall
include at least the following sections:
a) Document control;
b) SMS regulatory requirements;
c) Scope and integration of the safety management system;
d) Safety policy;
e) Safety objectives;
6
f) Safety accountabilities and key personnel;
g) Safety reporting and remedial actions;
h) Hazard identification and risk assessment;
i) Safety performance monitoring and measurement;
j) Safety-related investigations and remedial actions;
k) Safety training and communication;
l) Continuous improvement and SMS audit;
m) SMS records management;
n) Management of change; and
o) Emergency/contingency response plan.
a) Management Commitment
In any organization, management controls the activities of
personnel and the use of resources for the delivery of a product or
service. Management’s primary responsibility for ensuring a safe
and efficient operation is discharged through ensuring adherence
to SOPs (safety compliance) and establishment and maintenance
of a dedicated SMS that establishes the necessary safety risk
controls (safety performance).
8
management with authority to make decisions regarding safety
risk tolerability.
The selection criteria for a safety manager should include, but not
be limited to, the following:
1) Safety/quality management experience;
2) Operational experience;
9
3) Technical background to understand the systems that
supportoperations;
4) People skills;
5) Analytical and problem-solving skills;
6) Project management skills; and
7) Oral and written communications skills.
11
The purpose of an ERP is to
1) Governing policies.
2) Organization.
12
e) Establishing procedures for receiving a large number of
requests for information, especially during the first few
days after a major accident;
f) Designating the corporate spokesperson for dealing with
the media;
g) Defining what resources will be available, including
financial authorities for immediate activities;
h) Designating the company representative to any formal
investigations undertaken by state officials;
i) Defining a call-out plan for key personnel.
3) Notifications.
a) Management;
b) State authorities (search and rescue, the regulatory
authority, the accident investigation board, etc.);
c) Local emergency response services (aerodrome authorities,
fire fighters, police, ambulance, medical agencies, etc.);
d) Relatives of victims (a sensitive issue that, in many states,
is handled by the police);
e) Company personnel;
f) Media; and
g) Legal, accounting, insurers, etc.
4) Initial response.
13
5) Additional assistance.
Employees with appropriate training and experience can
provide useful support during the preparation, exercising and
updating of an organization’s ERP. Their expertise may be
useful in planning and executing such tasks as:
a) Acting as passengers or customers in exercises;
b) Handling survivors or external parties;
c) Dealing with next of kin, authorities, etc.
7) Records.
In addition to the organization’s need to maintain logs of
events and activities, the organization will also be required to
provide information to any State investigation team. The ERP
should address the following types of information required by
investigators:
14
a) all relevant records about the product or service
concerned;
b) lists of points of contact and any personnel associated
with the occurrence;
c) notes of any interviews (and statements) with anyone
associated with the event;
d) any photographic or other evidence.
8) Accident site.
9) News media.
How the company responds to the media may affect how well
the company recovers from the event. Clear direction is
required regarding, for example:
15
b) who may speak on behalf of the parent organization at
head office and at the accident site (public relations
manager, chief executive officer or other senior executive,
manager, owner);
c) prepared statements for immediate response to media
queries;
d) what information may be released (what should be
avoided);
e) the timing and content of the company’s initial statement;
f) provisions for regular updates to the media.
16
An ERP is a paper indication of intent. Training is required to
ensure that these intentions are backed by operational
capabilities. Since training has a short ―shelf life, regular drills
and exercises are advisable.
e) SMS Documentation
17
c) Record of completed or in-progress safety assessments;
d) SMS internal review or audit records;
e) Safety promotion records;
f) Personnel SMS/safety training records;
g) SMS/safety committee meeting minutes; and
h) SMS implementation plan (during implementation
process).
18
g) Hazard Identification may include the use of group brainstorming
sessions in which subject-matter experts conduct detailed analysis
scenarios.
DGCA Inspector must verify that external data sources for hazard
identification include:
20
Figure 2 above presents the safety risk management process in its
entirety. The process starts with the identification of hazards and
their potential consequences. The safety risks are then assessed in
terms of probability and severity, to define the level of safety risk
(safety risk index). If the assessed safety risks are deemed to be
tolerable, appropriate action is taken and the operation continues.
DGCA Inspector must be aware that if the safety risks are assessed
as intolerable, the following questions become relevant:
Once risks have been assessed, the service provider will engage in a
decision-making process to determine the need to implement risk
mitigation measures. This decision-making process involves the use
of a risk categorization tool that may be in the form of an assessment
matrix. An example of a safety risk (index) assessment matrix is
provided in Figure below.
21
5A 5B 5C 5D 5E
(RED) (RED) (RED) (YELLOW (YELLOW)
4A 4B 4C 4D 4E
(RED) (RED) (YELLOW) (YELLOW (YELLOW)
3A 3B 3C 3D 3E
(RED) (YELLOW) (YELLOW) (YELLOW (GREEN)
2A 2B 2C 2D 2E
(YELLOW) (YELLOW) (YELLOW) (GREEN) (GREEN)
1A 1B 1C 1D 1E
(GREEN) (GREEN) (GREEN) (GREEN) (GREEN
DGCA Inspector must verify that the service provider use the matrix
above to categorized risk according to an assessment of their
potential severity and probability.
22
The three generic safety risk mitigation approaches include:
a) Avoidance
The activity is suspended either because the associated safety
risks are intolerable or deemed unacceptable vis-à-vis the
associated benefits.
b) Reduction
Some safety risk exposure is accepted, although the severity or
probability associated with the risks are lessened, possibly by
measures that mitigate the related consequences.
c) Segregation of exposure
d) Action is taken to isolate the potential consequences related to the
hazard or to establish multiple layers of defences to protect
against them.
d. SAFETY ASSURANCE
Safety assurance consists of processes and activities undertaken by the
service provider to determine whether the SMS is operating according to
expectations and requirements.
23
DGCA Inspector must verify that the service provider develop safety
performance indicator by analysing data collected from safety
reporting system (Voluntary and Mandatory Reporting System).
25
Internal evaluations and independent audits of the SMS are
implemented to measure continous improvement of SMS by
monitoring safety performance indicator
e. SAFETY PROMOTION
26
standards for operational personnel, managers and supervisors,
senior managers and the accountable executive.
27
c) safety newsletters, notices and bulletins; and
d) websites or email.
3. TASK OUTCOMES
4. FUTURE ACTIVITIES
Schedule and conduct follow up inspections as applicable.
28
CHAPTER III GAP ANALYSIS & SMS IMPLEMENTATION PLAN
1. INTRODUCTION
Objective. This chapter provides guidance for evaluating Gap Analysis and
SMS Implementation Plan
2. PROCEDURES
29
responsible for the delivery of products and services related to, or in
support of, the safe operation of aircraft.
2) Accountable executive of Service Provider shall endorses the SMS
implementation plan.
3) The SMS implementation plan includes timelines and milestones
consistent with the requirements identified in the gap analysis
process, the size of the service provider and the complexity of its
products or services.
4) The SMS implementation plan should address coordination with
external organizations or contractors where applicable.
5) The service provider’s implementation plan shall be documented in
different forms, varying from a simple spreadsheet to specialized
project management software.
3. TASK OUTCOMES
4. FUTURE ACTIVITIES
Schedule and conduct follow up inspections as applicable.
30
APPENDIX A PHASED IMPLEMENTATION APPROACH
31
Phased approach explained as followed
32
APPENDIX B GAP ANALYSIS QUESTIONS
1.1-2 Does the safety policy reflect senior management’s commitment Yes
regarding safety management? No
Partial
1.1-3 Is the safety policy appropriate to the size, nature and complexity Yes
of the organization? No
Partial
1.2-2 Does the accountable executive have full control of the financial Yes
and human resources required for the operations authorized to No
be conducted under the operations certificate? Partial
1.2-3 Does the Accountable Executive have final authority over all Yes
aviation activities of his organization? No
Partial
33
1.2-4 Has [Organization] identified and documented the safety Yes
accountabilities of management as well as operational personnel, No
with respect to the SMS? Partial
1.2-5 Is there a safety committee or review board for the purpose of Yes
reviewing SMS and safety performance? No
Partial
1.2-8 Are there safety action groups that work in conjunction with the Yes
safety committee (especially for large/complex organizations)? No
Partial
1.3-2 Does the qualified person have direct access or reporting to the Yes
accountable executive concerning the implementation and No
operation of the SMS? Partial
1.3-3 Does the manager responsible for administering the SMS hold Yes
other responsibilities that may conflict or impair his role as SMS No
manager. Partial
1.3-4 Is the SMS manager’s position a senior management position not Yes
lower than or subservient to other operational or production No
positions Partial
1.4-3 Does the ERP include procedures for the continuing safe Yes
production, delivery or support of its aviation products or services No
during such emergencies or contingencies? Partial
34
1.4-4 Is there a plan and record for drills or exercises with respect to Yes
the ERP? No
Partial
1.4-5 Does the ERP address the necessary coordination of its Yes
emergency response/contingency procedures with the No
emergency/response contingency procedures of other Partial
organizations where applicable?
1.4-7 Is there a procedure for periodic review of the ERP to ensure its Yes
continuing relevance and effectiveness? No
Partial
1.5-2 Does the SMS documentation address the organization’s SMS Yes
and its associated components and elements? No
Partial
1.5-6 Does the SMS implementation plan address the coordination Yes
between the service provider’s SMS and the SMS of external No
organizations where applicable? Partial
35
2.1-2 Is the voluntary hazard/threats reporting simple, available to all Yes
personnel involved in safety-related duties and commensurate No
with the size of the service provider? Partial
2.2-3 Is there a procedure for periodic review of existing risk mitigation Yes
records? No
Partial
2.2-6 Is there a programme for systematic and progressive review of all Yes
aviation safety-related operations, processes, facilities and No
equipment subject to the HIRM process as identified by the Partial
organization?
36
Component 3 — SAFETY ASSURANCE
3.1-1 Are there identified safety performance indicators for measuring Yes
and monitoring the safety performance of the organization’s No
aviation activities? Partial
37
3.2-3 Is there a procedure for review of new aviation safety-related Yes
operations and processes for hazards/risks before they are No
commissioned? Partial
3.3-3 Does the SMS audit plan include the sampling of Yes
completed/existing safety risk assessments? No
Partial
3.3-4 Does the SMS audit plan include the sampling of safety Yes
performance indicators for data currency and their target/alert No
settings performance? Partial
3.3-5 Does the SMS audit plan cover the SMS interface with Yes
subcontractors or customers where applicable? No
Partial
4.1-3 Are personnel involved in conducting risk mitigation provided with Yes
appropriate risk management training or familiarization? No
Partial
38
4.1-4 Is there evidence of organization-wide SMS education or Yes
awareness efforts? No
Partial
4.2-3 Are [Organization] SMS manual and related guidance material Yes
accessible or disseminated to all relevant personnel? No
Partial
39
APPENDIX C EXAMPLE OF AN SMS IMPLEMENTATION PLAN/SCHEDULE
40
APPENDIX D GUIDANCE TO REVIEW VOLUNTARY AND CONFIDENTIAL
REPORTING SYSTEMS
DGCA Inspector must ensure that the reporting system covers areas such
as :
a. Flight operations;
b. Hangar aircraft maintenance;
c. Workshop component maintenance;
d. Technical fleet management;
e. Inventory technical management;
f. Engineering planning;
g. Technical services;
h. Technical records;
i. Line maintenance.
Note : The Ares covered depend on size, nature & complexity of the service
provider’s organization
Person who can make a volutary report will be depend on size nature &
complexity of the service provider’s organization such as :
41
e. Airport ground handling operators;
f. Aerodrome employees;
g. General aviation personnel.
a. The reporter wishes for others to learn and benefit from the incident or
hazard but are concerned about protecting his/her identity;
b. There is no other appropriate reporting procedure or channel; and
c. The reporter has tried other reporting procedures or channels without
the issue having been addressed.
DGCA inspectors must ensure that the reports will be processed as follows:
42
organizations or authorities as soon as possible to enable them to take
the necessary safety actions;
The service provider will set up the manager position who would be able
and open to discussion before making report. This manager and alternate
manager will be able to be contacted during office hours at dedicated
telephone numbers.
43
APPENDIX E GUIDANCE TO REVIEW THE SAFETY PERFORMANCE
INDICATORS
1. SMS Safety Indicator necessary correlate and congruent between with SSP
safety indicators.
3. The corresponding alert and target level criteria for each indicator are to be
accounted and documented as example as shown below :
a. The alert level setting is based on basic safety metrics standard deviation
criteria.
Where:
X is the value of each data point;
N is the number of data points and
μ is the average value of all the data points.
44
any necessary action to address the unacceptable trend. Point as
consideration when evaluate the Alert Level are :
4) Target achievement:
At the end of the current year, if the average rate for the current year
is at least 5% or more lower than the preceding year’s average rate,
then the set target of 5% improvement is deemed to have been
achieved.
45
f. If a more quantitative performance summary measurement is desired,
appropriate points may be assigned to each Yes/No outcome for each
target and alert outcome. Example:
High-consequence indicators:
Alert level not breached [Yes (4), No (0)]
Target achieved [Yes (3), No (0)]
Lower-consequence indicators:
Alert level not breached [Yes (2), No (0)]
Target achieved [Yes (1), No (0)]
46
SI 19-05
October 2017
Alert level Target level Alert level Target level Safety Alert level Target level Safety performance Alert level Target level
Safety indicator Safety indicator performance
criteria criteria criteria criteria criteria criteria indicator criteria criteria
indicator
Air operators (air operators of the State only)
CAA aggregate Average + % (e.g. 5%) CAA aggregate CAA aggregate Average + % (e.g. 5%) Operator combined Average + % (e.g. 5%)
air operator 1/2/3 SD improvemen air operator air operator 1/2/3 SD improvement fleet monthly 1/2/3 SD improvement
Consideration
Consideration
yearly Runway (annual or t between annual yearly Runway (annual or between each incident rate (e.g. (annual or between each
Excursion 2 yearly reset) each annual surveillance Excursion 2 yearly reset) annual mean per 2 yearly annual mean
Occurance (e.g. mean rate audit Occurance (e.g. rate 1 000 FH) reset) rate
per 1 000 FH) LEI % or findings per 1 000 FH)
rate (findings per
audit)
CAA aggregate Average + % (e.g. 5%) CAA aggregate CAA aggregate Average + % (e.g. 5%) Operator internal
air operator 1/2/3 SD improvemen air operator air operator 1/2/3 SD improvement QMS/SMS annual
Consideration
Consideration
Consideration
Consideration
yearly (annual or t between annual line yearly Abnormal (annual or between each audit LEI % or
Abnormal 2 yearly reset) each annual station Runway Contact 2 yearly reset) annual mean findings rate
Runway Contact mean rate inspection rate (e.g. per rate (findings per audit)
rate (e.g. per LEI % or findings 1 000 FH)
1 000 FH) rate (findings per
inspection)
CAA aggregate CAA annual foreign CAA aggregate Average + % (e.g. 5%) Operator
air operator air operator ramp air operator 1/2/3 SD improvement voluntary hazard
Consideration
Consideration
Consideration
Consideration
yearly surveillance yearly Controlled (annual or between each report rate (e.g.
Controlled inspection average Flight into 2 yearly reset) annual mean per 1 000 FH)
Flight into LEI % (for each Terrain rate (e.g. rate
Terrain rate foreign operator) per
(e.g. per 1 000 FH)
1 000 FH)
CAA aggregate Average + % (e.g. 5%) Operator DGR Average + % (e.g. 5%)
operator DGR 1/2/3 SD improvement incident report 1/2/3 SD improvement
incident report (annual or 2 between each rate (e.g. per 1 (annual or between each
rate (e.g. per yearly reset) annual mean 000 FH) 2 yearly annual mean
1 000 FH) rate reset) rate
etc.
47
SI 19-05
October 2017
Table 2 Examples of safety performance indicators for maintenance, production and design
organizations (DOA/POA/MRO)
SSP safety indicators (aggregate State) SMS safety performance indicators (individual service provider)
High-consequence indicators Lower-consequence indicators High-consequence indicators (occurrence/outcome-based) Lower-consequence indicators (event/activity-based)
(occurrence/outcome-based) (event/activity-based)
Alert Target Safety
Alert level Target level Safety performance Alert level Alert level Target level
Safety indicator Safety indicator level level Target level criteria performance
criteria criteria indicator criteria criteria criteria
criteria criteria indicator
DOA/POA/MRO
CAA aggregate Average + % (e.g. CAA MRO/POA Average + % (e.g. 5%) MRO/POA/DOA
MRO quarterly 1/2/3 SD 5%) aggregate quarterly rate of 1/2/3 SD improvement internal QMS/SMS
Consideration
Consideration
Consideration
Consideration
mandatory (annual or improvemen MRO/POA/D component technical (annual or between each annual audit LEI
defect reports 2 yearly reset) t between OA warranty claims 2 yearly reset) annual mean rate % or findings rate
(MDR) received each annual annual surveillance (findings per
mean rate audit LEI % or audit)
findings rate
(findings per audit)
CAA aggregate POA/DOA MRO/POA/DOA
POA/DOA quarterly rate of quarterly final
Consideration
Consideration
Consideration
Consideration
Consideration
Consideration
quarterly rate of operational products inspection/testi
operational which are the subject ng
products which of ADs/ASBs (per failure/rejection
are the subject product line) rate (due to
of ADs/ASBs internal quality
(per product issues)
line)
MRO/POA MRO/POA/DOA
quarterly rate of voluntary hazard
Consideration
Consideration
Consideration
Consideration
component report rate (per
mandatory/major operational
defect reports raised personnel per
(due to internal quarter)
quality issues)
etc.
48
Table 3 Sample data sheet used to generate a high-consequence SMS
safety indicator chart (with alert and target setting criteria)
49
Table 4 Example of an SMS safety performance indicator chart
50
Table 5 Example of Alpha Airline’s SMS safety performance measurement
51
APPENDIX F LIST OF APPLICABLE FORMS
52