Appendix G

FAA ORDER 8040.4

______________________________________________________________________________
Distribution: A-WXYZ-2; A-FOF-0 (Ltd) Initiated by: ASY-
300
8040.4
6/26/98

U.S. DEPARTMENT OF TRANSPORTATION

ORDER FEDERAL AVIATION ADMINISTRATION
8040.4

6/26/98

SUBJ: SAFETY RISK MANAGEMENT

1. PURPOSE. This order establishes the safety risk management policy and prescribes procedures for
implementing safety risk management as a decision making tool within the Federal Aviation Administration
(FAA). This order establishes the Safety Risk Management Committee.

2. DISTRIBUTION. This order is distributed to the division level in the Washington headquarters,
regions, and centers, with limited distribution to all field offices and facilities.

3. DEFINITIONS. Appendix 1, Definitions, contains definitions used in this order.

4. SCOPE. This order requires the application of a flexible but formalized safety risk management
process for all high-consequence decisions, except in situations deemed by the Administrator to be an
emergency. A high-consequence decision is one that either creates or could be reasonably estimated to
result in a statistical increase or decrease, as determined by the program office, in personal injuries and/or
loss of life and health, a change in property values, loss of or damage to property, costs or savings, or other
economic impacts valued at $100,000,000 or more per annum. The objective of this policy is to formalize a
common sense approach to risk management and safety risk analysis/assessment in FAA decisionmaking.
This order is not intended to interfere with regulatory processes and activities. Each program office will
interpret, establish, and execute the policy contained herein consistent with its role and responsibility. The
Safety Risk Management Committee will consist of technical personnel with risk assessment expertise and
be available for guidance across all FAA programs.

5. SAFETY RISK MANAGEMENT POLICY. The FAA shall use a formal, disciplined, and
documented decisionmaking process to address safety risks in relation to high-consequence decisions
impacting the complete product life cycle. The critical information resulting from a safety risk
management process can thereby be effectively communicated in an objective and unbiased manner to
decisionmakers, and from decisionmakers to the public. All decisionmaking authorities within the FAA
shall maintain safety risk management expertise appropriate to their operations, and shall perform and
document the safety risk management process prior to issuing the high-consequence decision. The choice
of methodologies to support risk management efforts remains the responsibility of each program office. The
decisionmaking authority shall determine the documentation format. The approach to safety risk
management is composed of the following steps:

a. Plan. A case-specific plan for risk analysis and risk assessment shall be predetermined in
adequate detail for appropriate review and agreement by the decisionmaking authority prior to commitment
of resources. The plan shall additionally describe criteria for acceptable risk.

Page 2
Par 5
 6/26/98
8040.4

b. Hazard Identification. The specific safety hazard or list of hazards to be addressed by the safety
risk management plan shall be explicitly identified to prevent ambiguity in subsequent analysis and
assessment.
c. Analysis. Both elements of risk (hazard severity and likelihood of occurrence) shall be
characterized. The inability to quantify and/or lack of historical data on a particular hazard does not
exclude the hazard from this requirement. If the seriousness of a hazard can be expected to increase over
the effective life of the decision, this should be noted. Additionally, both elements should be estimated for
each hazard being analyzed, even if historical and/or quantitative data is not available.

d. Assessment. The combined impact of the risk elements in paragraph 5c shall be compared to
acceptability criteria and the results provided for decisionmaking.

e. Decision. The risk management decision shall consider the risk assessment results conducted in
accordance with paragraph 5d. Risk assessment results may be used to compare and contrast alternative
options.

6. PRINCIPLES FOR SAFETY RISK ASSESSMENT AND RISK CHARACTERIZATION. In

characterizing risk, one must comply with each of the following:

a. General. Safety risk assessments, to the maximum extent feasible:

(1) Are scientifically objective.

(2) Are unbiased.

(3) Include all relevant data available.

(4) Employ default or conservative assumptions only if situation-specific information is

not reasonably available. The basis of these assumptions must be clearly identified.

(5) Distinguish clearly as to what risks would be affected by the decision and what risks
would not.

(6) Are reasonably detailed and accurate.

(7) Relate to current risk or the risk resulting from not adopting the proposal being
considered.

(8) Allow for unknown and/or unquantifiable risks.

b. Principles. The principles to be applied when preparing safety risk assessments are:

(1) Each risk assessment should first analyze the two elements of risk: severity of the
hazard and likelihood of occurrence. Risk assessment is then performed by comparing the combined effect
of their characteristics to acceptable criteria as determined in the plan (paragraph 5a).

(2) A risk assessment may be qualitative and/or quantitative. To the maximum extent
practicable, these risk assessments will be quantitative.

Par 6 Page 3
(and 4)
8040.4
6/26/98

(3) The selection of a risk assessment methodology should be flexible.

(4) Basic assumptions should be documented or, if only bounds can be estimated reliably,
the range encompassed should be described.

(5) Significant risk assessment assumptions, inferences, or models should:

(a) Describe any model used in the risk assessment and make explicit the
assumptions incorporated in the model.

(b) Identify any policy or value judgments.

(c) Explain the basis for choices.

(d) Indicate the extent that the model and the assumptions incorporated have been
validated by or conflict with empirical data.

(6) All safety risk assessments should include or summarize the information of paragraphs
6a (3) and 6a(4) as well as 6b (4) and 6b (5). This record should be maintained by the organization
performing the assessment in accordance with Order 1350.15B, Records Organization, Transfer, and
Destruction Standards.

7. ANALYSIS OF RISK REDUCTION BENEFITS AND COSTS. For each high-consequence

decision, the following tasks shall be performed:

a. Compare the results of a risk assessment for each risk-reduction alternative considered,
including no action, in order to rank each risk assessment for decisionmaking purposes. The assessment
will consider future conditions, e.g., increased traffic volume.

b. Assess the costs and the safety risk reduction or other benefits associated with implementation
of, and compliance with, an alternative under final consideration.

8. SUBSTITUTION RISKS. Safety risk assessments of proposed changes to high-consequence

decisions shall include a statement of substitution risks. Substitution risks shall be included in the risk
assessment documentation.

9. SAFETY RISK MANAGEMENT COMMITTEE. This order establishes the Safety Risk
Management Committee. Appendix 2, Safety Risk Management Committee, contains the committee
charter. The committee shall provide a service to any FAA organization for safety risk management
planning, as outlined in appendix 2, when requested by the responsible program office. It also meets
periodically (e.g., two to four times per year) to exchange risk management ideas and information. The
committee will provide advice and counsel to the Office of System Safety, the Assistant Administrator for
System Safety, and other management officials when requested.

Jane F. Garvey
Administrator

Page 2
Par 5
 8040.4
Appendix 1

APPENDIX 1. DEFINITIONS.

1. COSTS. Direct and indirect costs to the United States Government, State, local, and tribal
governments, international trade impacts, and the private sector.

2. EMERGENCY. A circumstance that requires immediate action to be taken.

3. HAZARD. Condition, event, or circumstance that could lead to or contribute to an unplanned or

undesired event.

4. HAZARD IDENTIFICATION. Identification of a substance, activity, or condition as potentially

posing a risk to human health or safety.

5. HIGH-CONSEQUENCE DECISION. Decision that either creates or could be reasonably estimated to

result in a statistical increase or decrease in personal injuries and/or loss of life and health, a change in
property values, loss of or damage to property, costs or savings, or other economic impacts valued at
$100,000,000 or more per annum.

6. PRODUCT LIFE CYCLE. The entire sequence from precertification activities through those
associated with removal from service.

7. MISHAP. Unplanned event, or series of events, that results in death, injury, occupational illness, or
damage to or loss of equipment or property.

8. RISK. Expression of the impact of an undesired event in terms of event severity and event likelihood.

9. RISK ASSESSMENT.

a. Process of identifying hazards and quantifying or qualifying the degree of risk they pose for
exposed individuals, populations, or resources; and/or

b. Document containing the explanation of how the assessment process is applied to individual
activities or conditions.

10. RISK CHARACTERIZATION. Identification or evaluation of the two components of risk, i.e.,
undesired event severity and likelihood of occurrence.

11. RISK MANAGEMENT. Management activity ensuring that risk is identified and eliminated or
controlled within established program risk parameters.

12. SAFETY RISK. Expression of the probability and impact of an undesired event in terms of hazard
severity and hazard likelihood.

13. SUBSTITUTION RISK. Additional risk to human health or safety, to include property risk, from an
action designed to reduce some other risk(s).

Page 1 and 2
 6/26/98
8040.4
Appendix 2

APPENDIX 2. SAFETY RISK MANAGEMENT COMMITTEE

1. PURPOSE. The Safety Risk Management Committee provides a communication and support team to
supplement the overall risk analysis capability and efficiency of key FAA organizations.

2. RESPONSIBILITIES. The Committee supports FAA safety risk management activities. It provides
advice and guidance, upon request from responsible program offices, to help them fulfill their authority and
responsibility to incorporate safety risk management as a decisionmaking tool. It serves as an internal
vehicle for risk management process communication, for coordination of risk analysis methods, and for use
of common practices where appropriate. This includes, but is not limited to:

a. Continuing the internal exchange of risk management information among key FAA
organizations.

b. Fostering the exchange of risk management ideas and information with other government
agencies and industry to avoid duplication of effort.

c. Providing risk analysis/management advice and guidance.

d. Identifying and recommending needed enhancements to FAA risk analysis/management

capabilities and/or efficiencies upon request.

e. Maintaining a risk management resources directory that includes:

(1) FAA risk methodologies productively employed,

(2) Specific internal risk analysis/management expertise by methodology or tool and

organizational contact point(s), and

(3) A central contact point for resource identification assistance.

f. Encouraging the establishment of an international directory of aviation safety information

resources via the Internet.

g. Assisting in the identification of suitable risk analysis tools and initiate appropriate training in
the use of these tools.

3. COMPOSITION. The Safety Risk Management Committee is composed of safety and risk
management professionals representing all Associate/Assistant Administrators and the Offices of the Chief
Counsel, Civil Rights, Government and Industry Affairs, and Public Affairs. The Assistant Administrator
for System Safety will designate an individual to chair the committee. The chairperson is responsible for
providing written notice of all meetings to committee members and, in coordination with the executive
secretary, keeping minutes of the meetings.

Page 1
8040.4
6/26/98
Appendix 2

4. ASSIGNMENTS. The Safety Risk Management Committee may form ad hoc working groups to
address specific issues when requested by the responsible program office. Composition of those working
groups will consist of member representatives from across the FAA. Working groups will be disbanded
upon completion of their task. The Office of System Safety shall provide the position of executive
secretary of the committee. The Office of System Safety shall also furnish other administrative support.

5. FUNDING. Resources for support staff and working group activities will be provided as determined
by the Assistant Administrator for System Safety. Unless otherwise stated, each member is responsible for
his/her own costs associated with committee membership.

Page 2