Safety Management Systems, Part 2

The Future of Aviation Safety


Previous articles have addressed how a Safety Management System (SMS) is a new concept within safety systems that allows for preventative and predictive safety. This seems like a simple concept, but when we think about the difficulties of predicting the future, it becomes more mysterious.

In a subsequent article, we will tackle the specifics of a “just safety culture,” but for the purposes of this article, a just safety culture is a bedrock concept of SMS. Unlike the past when the attitude toward safety was that “compliance is safety,” a just safety culture is non-punitive, by comparison. In the old days, if a violation, lapse, or action was judged to be unsafe, the person committing the action would be subject to punishment. Action could range from a letter of correction with retraining, to a revocation of operating privileges. In either case, people were less likely to report incidents knowing that there would be discipline.

In a just safety culture and with a system like SMS, there are two changes to this way of thinking. First is an understanding that error is inevitable. Risks are also inevitable. There is no such thing as a risk-free operation, and as such, SMS acknowledges the inevitability of both risk and error. The reason a top-down approach to a just safety culture is so critical for success is that there must be agreement among all within the organization that the data gathered will be used to enhance the safety of the overall operation and not for punitive action. This focus provides for improvement of the whole operation. Without this buy-in from all employees, the very foundation of SMS is undermined since one of the primary components of SMS is the voluntary reporting and sharing of perceived risks in the operation.

The first component that must be recognized to understand how SMS works, is that accidents typically don’t just randomly occur. There are often known deficiencies that play a role in any accident or incident that have likely occurred prior and have been identified by someone in the organization. Hence, identifying these risks from the onset, makes it possible to mitigate or eliminate the risks before they contribute to an incident or accident.

The second component that is important to understand is related to accidents. The fact is, the number of accidents caused by a single random variable is essentially zero. All accidents are the result of a sequence of events (or accident chain), where in each would have prevented the accident or incident had it been averted or mitigated. Through understanding that preventing any one of the deficient links in the chain will prevent an accident (identifying and tracking the various events that lead to an accident with the intention of mitigating them) makes it apparent that an accident can be proactively avoided.

These two factors provide the underlying concept of a Safety Management System. By integrating and applying all the data tracking methods we have already discussed in this column (ASAP, FOQA, Operational Reports, etc.) and providing a formal means to review, track, archive, and assess risk related to them, we have the foundation of an SMS. By providing a formal means to track and mitigate them, we can then also create a formal method for monitoring to verify that measures were effective. By continuously monitoring any changes made, and continually applying the formal review process, any increase in risks are constantly being evaluated and revisited. This prevents previously addressed issues from becoming a new risk through further policy changes, complacency or organizational drift. It also identifies if a new change inadvertently affects other areas of the operation.

It is the third factor of SMS that really makes it preventive. Through awareness of what issues are being tracked, what risks exist and what potential shortfalls may be present in the total safety system, a series of audits, observations, and operational reviews can be created. This process helps recognize potentially hazardous trends before the other reactive systems have created enough data (through occurrences) for them to be identified. This continuous use of feedback allows potential risks to be addressed before there is an opportunity for them to manifest in an accident or incident.

The final layer of an SMS system is a system-wide safety culture that starts at the top of the company and works its way down to line employees. This provides the safety department with the proper resources and management support to ensure that the requisite data gathering systems, reporting systems, tracking system and audit/observation systems can perform their intended functions and, more importantly, that a just safety culture is established and maintained.

So, how does a Safety Management System process the data that is fed into it? To most. this seems to be the more mysterious part of the system because the majority of the SMS system is beneath the surface of what most employees see or interact. This makes it seem a bit cryptic. Employees know there is a system at work, but because it is behind the scenes, it doesn’t affect their daily job functions of most.

Image by the FAA.

How does an SMS function?

There are four basic processes that happen concurrently anytime a risk is identified. The first component of SMS is Safety Policy. Safety policy is the where the top-down approach is created and codified, as are the safety system organization, policies, manuals, and procedures. This part of the system is the foundation of how the system is organized, how policies are developed, implemented, and reviewed, as well as what resources are required to ensure the SMS processes work as intended.

The second component of SMS is Safety Risk Management. This is the part of the system where any potential risk is identified and a relative potential for severity assigned. Once the risk is known and classified, a formal process of implementing a change to mitigate the risk is developed. This may be done by a manager, a review committee or additional policy development. This is the first step in mitigating the risk where the result may be new policies, new equipment, new training, etc.

The next component of an SMS system is Safety Assurance. Here is where SMS differs from reactive systems. Once changes are made, processes are developed to ensure that the changes are effective and that they remain effective in mitigating the identified risk. If, at some point, the changes become less effective, then the process of Safety Risk Management (the second component) begins again and new changes are made. This is the part of the process that is active and continually providing feedback on whether policies are effective.

The final component of SMS is Safety Promotion. Just as it sounds, this is the part of the system that encourages participation, reaches out to achieve widespread buy-in and keeps employees informed of any relevant risks or trends in their area of operation. By achieving buy-in to the process, the amount of data gathered increases through reporting, auditing, and active preventative participation on the part of workers on the front line of the operation. By developing feedback and disseminating relevant information, line employees are kept actively engaged in the success of the program. Feedback allows employees to be an active part of the process, as well of keeping them current on relevant and current risk issues. The other benefit to safety promotion is that it improves collective knowledge.

For example, if there is a ladder accident with a ground ops worker, the incident will be run through SMS to implement changes to prevent further incidents. First, it will be investigated and reviewed for causal factors. Next, relative risk will be assessed, and safety professionals will determine if there is a deficiency in policy, equipment, training, or other factors. The information gathered will be put through a process where the appropriate corrective actions will be evaluated and implemented. A system of reviews will be developed to make sure the risk is monitored and the changes were effective. Finally, any issues related to training or getting the relevant information out to the employees will be sent out to the appropriate employee groups to ensure awareness. Alternately, the process would follow the same stream if the employee were to identify a deficiency and report it prior to a ladder accident.

Now that we understand the process of SMS, the next and final part of this series will focus on how employees play a critical role in the success of SMS, how they interact with SMS, and what they can expect from an SMS system. Stay tuned. ACN


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.