Sms Framework
Sms Framework
Sms Framework
(SMS)
FRAMEWORK
For:
Safety Management System (SMS) Pilot Project
Participants and Voluntary Implementation of
SMS Programs
Revision 3
June 1, 2010
SMS Framework – Revision 3 June 1, 2010
Page 2
June 1, 2010 SMS Framework – Revision 3
A key objective of the Office of the Associate Administrator for Aviation Safety (AVS) and the
Flight Standards Service (AFS) is to produce expectations, guidance, and tools that allow many
types of aviation organizations to develop and implement Safety Management Systems (SMSs)
throughout their organizations. Since many organizations must interact with more than one
regulator, AVS and AFS want to minimize the need for more than one management system.
AFS originally developed and published a set of SMS process requirements in Appendix 1 to
Advisory Circular (AC) 120-92. That early SMS framework was considered essential for an
aviation organization to develop and implement an effective, comprehensive SMS. As AVS and
AFS work closely with U.S. aviation organizations, foreign authorities and businesses that have
FAA-issued certificates, and other authorizations, AFS has revised and reorganized this SMS
Framework to address four important needs:
1. To provide industry aviation organizations with one standard set of concepts, documents,
and tools for the voluntary (i.e., the absence of a SMS rule) development and
implementation of Safety Management Systems (SMSs);
2. To make SMS implementation standards agree with AVS Policy in FAA Order VS
8000.367, Appendix B;
3. To make Flight Standards (AFS) documents and tools align with the structure and format
of the International Civil Aviation Organization (ICAO) SMS framework; and
4. To make new documents and tools that are internally mapped in a manner that is easier to
use than the first generation of tools.
AFS has restructured this SMS Framework to align with FAA Order VS 8000.367 and the ICAO
Framework:
1. The expectations in this document are not different from the original, except for minor
changes in the titles and text, which were needed to align with the requirements in FAA
Order VS 8000.367.
2. The expectations have been restructured to align with the ICAO Framework. For this
reason, some text has been moved from where it was originally found.
To make this document clearer, we have defined components, elements, and processes in terms
of functional expectations, or how and organization would need to use them in order to
contribute to a robust SMS. We further define these functional expectations in terms of
performance objectives – what the process needs to do – and design expectations – what to
develop – to better align with current System Safety and Air Transportation Oversight System
(ATOS) models.
Page 3
SMS Framework – Revision 3 June 1, 2010
Page 4
June 1, 2010 SMS Framework – Revision 3
Table of Contents
APPENDIX 1............................................................................................................................................... 1
APPENDIX 2............................................................................................................................................... 1
COMPARISON OF SAFETY MANAGEMENT SYSTEM (SMS) FRAMEWORK WITH
OTHER STANDARDS ................................................................................................................... 1
Page 5
SMS Framework – Revision 3 June 1, 2010
APPENDIX 3............................................................................................................................................... 2
SAMPLE RISK ASSESSMENT TOOLS.............................................................................................. 3
FIGURE 1. SAFETY RISK MATRIX EXAMPLES………………………................. ……….6
APPENDIX 4............................................................................................................................................... 1
TABLE OF EXPECTED SAFETY MANAGEMENT SYSTEM (SMS) OUTPUTS .......................... 1
Page 6
June 1, 2010 SMS Framework – Revision 3
1. PURPOSE. This Framework provides guidance for SMS development by aviation service
providers. It contains a uniform set of expectations that align with the structure and format of the
International Civil Aviation Organization (ICAO) Framework; and AVS policy in FAA
Order VS 8000.367, Aviation Safety (AVS) Safety Management System Requirements,
appendix B.
2. APPLICABILITY.
a. Developing an SMS. This SMS Framework applies to both certificated and non-
certificated aviation service providers (and organizations) that desire to develop and implement a
SMS. This Framework is not mandatory and does not constitute a regulation. Development
and implementation of a SMS is voluntary. While the Federal Aviation Administration (FAA)
encourages each aviation service provider to develop and implement a SMS, these systems are
not substitutes for compliance with Federal regulations and all other certificate requirements,
where applicable. However, for aviation service providers that voluntarily implement a SMS,
the FAA views the objectives and expectations in this Framework to be the minimum for a
comprehensive and robust SMS.
Note: Within the context of this document, the term “aviation service provider”
refers to any organization providing aviation services. The term includes certificated
and non-certificated aviation organizations, aviation service providers, air carriers,
airlines, maintenance repair organizations, air taxi operators, single pilot operators,
corporate flight departments, repair stations, pilot schools, approved training
organizations that are exposed to safety risks during the provision of their services, and
organizations responsible for type design and/or the manufacture of aircraft. The term
aviation service provider is interchangeable with the term organization and service
provider within this document.
Page 7
SMS Framework – Revision 3 June 1, 2010
a. SMS and System Safety. Systems are integrated networks of people and other resources
performing activities that accomplish some mission or goal in a prescribed environment.
Management of the system’s activities involves planning, organizing, directing, and controlling
these assets toward the organization’s goals. Several important characteristics of systems and
their underlying process are known as process attributes or safety attributes 1 when they are
applied to safety related operational and support processes. These process attributes must have
safety requirements built in to their design if they are to result in improved safety outcomes. The
attributes include:
(2) Procedures to provide clear instructions for the members of the organization to
follow,
(3) Controls which provide organizational and supervisory controls on the activities
involved in processes to ensure they produce the correct outputs,
(4) Process Measures of both the processes and their products, and
(5) Interfaces are a critical aspect of system management; recognizing the important
interrelationships between processes and activities within the organization as well as with
contractors, vendors, customers, and other organizations with which the organization does
business.
1
The six system characteristics, responsibility, authority, procedures, controls, process measures, and interfaces,
are called safety attributes in the Federal Aviation Administration’s Air Transportation Oversight System (ATOS).
2
Manuele, Fred A. On the Practice of Safety. John Wiley & Sons, 2003, Hoboken, NJ.
Page 8
June 1, 2010 SMS Framework – Revision 3
The organizational aspect relating to safety is called the safety culture. The safety culture
consists of psychological (how people think and feel), behavioral (how people and groups act
and perform), and organizational or systematic (the programs, procedures, and organization of
the enterprise) elements. The organizational/systematic elements are the things that are most
under management control, the other two elements being outcomes of those efforts and other
influences. For this reason, this SMS Framework includes requirements for policies that will
provide the structure for the SMS and requirements for organizational functions. These functions
include an effective employee safety reporting system and clear lines of communication both up
and down the organizational chain regarding safety matters.
(1) FAA Standardization. The FAA Associate Administrator for Aviation Safety is
keenly interested in developing an integrated functional SMS in which business and
governmental roles and relationships are well defined, expectations include sound systems
engineering and system safety principles, and both regulators and regulated industries participate
in a unified safety effort. This SMS Framework provides the functional requirements to that end
(development of aviation service provider’s SMS).
(2) ICAO SMS Requirements and the FAA. The International Civil Aviation
Organization, in a recent set of documents, manuals, and amendments 3 for key annexes to the
ICAO Conventions, has revamped its standards and recommended practices to reflect a systems
approach to safety management. This coincides with the FAA’s move toward a systems approach
for oversight over the past several years. Because of the many diverse relationships between
organizations and the above stated global nature of the aviation system, it is critical that the
functions of a SMS be standardized to the point that there is a common recognition of the
meaning of SMS among all concerned, both domestically and internationally. Amendment 33 to
ICAO Annex 6, excerpt below, introduced a 12 element SMS Framework. The FAA SMS
Framework aligns with the ICAO SMS Framework; however the FAA Framework provides
additional details to facilitate a service provider’s implementation of a SMS.
3
International Civil Aviation Organization (ICAO) Document 9734, Safety Oversight Manual; ICAO Document
9859, Safety Management Manual, 2nd Edition, 2009; and ICAO Annex 6, part 1 International Commercial Air
Transport – Aeroplanes with Amendment 33.
Page 9
SMS Framework – Revision 3 June 1, 2010
b. Process Approach. As stated above, the FAA SMS Framework is written as a functional
expectations document. It stresses what the organization must do rather than how it will be
accomplished. This is important to the FAA and service providers alike. The FAA feels that each
of the SMS processes detailed in the SMS Framework is essential for a comprehensive SMS. At
the same time, the SMS Framework needs to be applicable to a wide variety of types and sizes of
service providers. This was a reason for using a similar scope, scale, and language to the
International Organization for Standardization (ISO) standards, which also are designed for
broad application. Therefore, design of the SMS Framework is scalable and allows service
providers to integrate safety management practices into their unique business models. Service
providers are not expected to configure their systems in the format of the SMS Framework
or to duplicate existing programs that accomplish the same function. The SMS Framework
attempts to strike a balance between flexibility of implementation and standardization of
essential safety management processes.
Internal Evaluation and Management Reviews may consist of periodic conferences between
business owners or top management and other employees to review information and track
progress toward resolution. This can be done whether the organization operates under 14 CFR
part 91, 121, 133, 135, public use, etc. A larger organization may need more sophisticated
resources such as web-based data systems and trained safety personnel to manage the nuts and
bolts and a more formal committee system to accomplish the same functions. While
sophisticated process development tools and methods are available, simple brainstorming
sessions with managers, supervisors, and other employees are often the most effective. In smaller
organizations, the President, CEO or owner may elect to conduct internal audits and internal
evaluation functions themselves, in conjunction with the management review function.
Page 10
June 1, 2010 SMS Framework – Revision 3
Likewise, in very small organizations the owner/operator may elect to conduct internal audits,
continuous monitoring, document reviews, safety risk analysis/assessment and training review
either personally or in conjunction with co-owners, managers, supervisors or employees.
a. Policy. All management systems must define policies, procedures, and organizational
structures to accomplish their goals. Component 1.0 in the SMS Framework outlines
expectations for these elements, which in turn provide the foundations for SMS functional
elements.
b. Safety Risk Management (SRM). A formal system of hazard identification and SRM
(Component 2.0) is essential in controlling risk to acceptable levels. The SRM function of the
SMS is based upon the system safety process model and is used in the System Safety Training
Course, Air Transportation Oversight System (ATOS) Course, and SMS Course that are taught
at the FAA Academy.
c. Safety Assurance (SA). Once SRM controls (sometimes termed mitigations) are
identified and employed, the service provider must ensure the controls continue to be effective in
a changing environment. The SA function (Component 3.0) provides for this, using system
safety and quality management concepts and processes.
d. Safety Promotion. Finally, the service provider must promote safety as a core value with
practices that support a sound safety culture. Component 4,0 provides guidance for setting up
these functions.
Integration of SRM and SA. Figure 1, shows how the SRM and SA functions relate to one
another. The SRM function (design) provides for initial identification of hazards and assessment
of risk. Organizational risk controls are developed and, once determined to be capable of
bringing the risk to an acceptable level, are employed operationally. The SA function
(performance) takes over at this point to ensure that the risk controls are practiced and they
continue to achieve their intended objectives. The SA function also provides for assessment of
the need for new controls because of changes in the operational environment.
Page 11
SMS Framework – Revision 3 June 1, 2010
FIGURE 1
Design Performance
SRM SA
System
System Description
Description
Operation And Context
(Analysis)
Risk
Analysis Analysis
Analysis
Risk System
Assessment
Assessment Assessment
a. General Organization of the SMS Framework. The SMS Framework aligns with the
structure and format of ICAO Annex 6 to the Convention on International Civil Aviation,
Operation of Aircraft and the ICAO Framework contained in Document 9859, Chapter 8;
incorporates the requirements of FAA Order VS 8000.367 and follows the principles of a
Quality Management System (QMS) in accordance with ISO Standards. The first part of the
SMS functional expectations follows the general organization of ISO 9001-2008 and ISO 14001.
The first three sections describe scope and applicability, references, and definitions. The fourth
section addresses each of the four components of SMS, as described below. Each component is
Page 12
June 1, 2010 SMS Framework – Revision 3
further defined in terms of elements and processes, each containing respective performance
objectives and design expectations:
(1) Performance Objectives are the desired outcomes of the particular element or process
under evaluation.
(2) Design Expectations are the characteristics of the element or process that, if properly
implemented, should provide the outcomes identified in the performance objectives.
(3) Procedures and Controls. (Appendix 1, Component 1.0) Two key attributes of
systems are procedures and controls. Policies are translated into procedures in order for them to
be applied. Organizational controls must be in place to ensure that critical steps are accomplished
as designed. Organizations must develop, document, and maintain procedures to carry out their
safety policies and objectives. Moreover, supervisory controls must be used to monitor the
accomplishment of the procedures and ensure that employees understand their safety roles.
(4) Safety and Quality: Striking a Balance. (Appendix 1, Component 1.0) As discussed
above, the SMS Framework uses quality management principles, but it is the expectation that
aviation service providers will manage their operation based on an objective assessment of safety
risk, rather than customer satisfaction with products or other conventional commercial goals.
Page 13
SMS Framework – Revision 3 June 1, 2010
Management of process quality, with emphasis on characteristics of those processes that affect
safety, is an important aspect of safety management. The SMS Framework specifies that the
aviation service provider should prescribe both safety and quality policies. The coverage of
quality policies is limited in scope to quality in support of safety, although aviation service
providers are encouraged to integrate their management systems as much as feasible. Safety
objectives should be predominant where conflicts are identified.
Note: The SRM flow diagram (Figure 2, on the following page) includes the SMS
Framework element/process numbers and other notes to help the reader visualize the
SMS Framework in terms of a process flow (with interfaces, i.e., inputs and outputs),
and understand the component/element/process expectations.
Page 14
June 1, 2010 SMS Framework – Revision 3
Risk Analysis
2.2 Risk Assessment & Control
(2.2.1)
Evaluate
Controls Risk
Assessment Outputs: To Safety Assurance, 3.0 b (1) (b)
(2.2.3, (2.2.2)
Control/
Mitigate
Safety
Risk)
Risk
Control
(2.2.3)
Page 15
SMS Framework – Revision 3 June 1, 2010
(1) System Description and Task Analysis. (Appendix 1, Process 2.1.1) SRM begins
with system design. This is true whether the system in question is a physical system, such as an
aircraft, or an organizational system such as an air operator, maintenance, or training
establishment. These systems consist of the organizational structures, processes, and procedures,
as well as the people, equipment, and facilities used to accomplish the organization’s mission.
The system or task descriptions should completely explain the interactions among the
organization (facilities, hardware, software, people, etc.) and environment that make up the
system in sufficient detail to identify hazards and perform risk analyses. No particular format is
required for system documentation. System documentation would normally include the aviation
service provider’s manual system, 4 checklists, organizational charts, and personnel position
descriptions. A suggested functional breakdown of operational and support processes for air
aviation service providers includes:
(g) Training.
Note: Long and excessively detailed system or task descriptions are not necessary,
provided they are sufficiently detailed to perform hazard and risk analyses.
(2) Hazard Identification. (Appendix 1, Process 2.1.2) Hazards in the system and its
operating environment must be identified, documented, and controlled. It also requires that the
analysis process used to define hazards consider all components of the system, based on the
system description detailed above. The key question to ask during analysis of the system and its
operation is what if? As with system and task descriptions, judgment is required to determine the
adequate level of detail. While identification of every conceivable hazard would be unlikely,
aviation service providers are expected to exercise due diligence in identifying significant and
reasonably foreseeable hazards related to their operations.
(3) Risk Analysis and Assessment. (Appendix 1, Process 2.2.1 & 2.2.2) The risk
analysis and risk assessment components of the SMS Framework use a conventional breakdown
of risk by its two components: likelihood of occurrence of an injurious mishap and severity of
the mishap related to an identified hazard, should it occur. A common tool for risk decision-
4
While Safety Management Systems (SMS) manuals are not required, aviation service providers and agencies may
find them to be a practical means of documenting their policies and procedures.
Page 16
June 1, 2010 SMS Framework – Revision 3
making and acceptance is a risk matrix similar to those in the U.S. Military Standard (MIL STD
882) and the ICAO Safety Management Manual 5 (SMM). Appendix 3 shows a model of the
SMM and discussion of safety risk matrices. Aviation service providers should develop a matrix
that best represents their operational environment. A separate matrix with different risk
acceptance criteria may also be developed for long-term versus short-term operations.
(4) Controlling Risk. (Appendix 1, Process 2.2.3) After hazards and risk are fully
understood though the preceding steps, risk controls must be designed and implemented. These
may be additional or changed procedures, new supervisory controls, addition of organizational
hardware, or software aids, changes to training, additional, or modified equipment, changes to
staffing arrangements, or any of a number of other system changes.
(a) Residual and Substitute Risk. (Appendix 1, Process 2.2.3) Residual risk is the
risk remaining after mitigation has been completed. Often this is a multi-step process, continuing
until risk has been mitigated down to an acceptable level necessary to put the system/process into
operation (or continue operation). It is seldom possible to entirely eliminate risk, even when
highly effective controls are used. After these controls are designed but before the system is
placed back in operation, an assessment must be made of whether the controls are likely to be
effective and/or if they introduce new hazards to the system. The latter condition, introduction of
new hazards, is referred to as substitute risk, a situation where the cure is worse than the disease.
The loop seen in Figure 2 that returns back to the top of the diagram depicts the use of the
preceding systems analysis, hazard identification, risk analysis, and risk assessment processes to
determine if the modified system is acceptable.
(b) System Operation. (Appendix 1, Process 2.2.3) When the controls are
acceptable, the system is placed into operation. The next process, Safety Assurance, uses
auditing, analysis, and review systems that are familiar from similar quality management
systems. These processes are used to monitor the risk controls to ensure they continue to be
implemented as designed and continue to be effective in a changing operational environment.
The SA function applies the activities of safety assurance and internal evaluation to ensure that
risk controls, once designed, continue to conform to their expectations and that they continue to
be effective in maintaining risk within acceptable levels. These assurance and evaluation
functions also provide a basis for continuous improvement.
Note: The SA Process Flow diagram (Figure 3, below) includes the SMS Framework
element/process numbers and other notes to help the reader visualize the SMS
5
The ICAO Safety Management Manual )SMM) is Document 9859 and is available at:
http://www.icao.int/anb/safetymanagement/Documents.html
Page 17
SMS Framework – Revision 3 June 1, 2010
Framework in terms of a process flow (with interfaces, i.e., inputs and outputs), and
understand the component/element/process expectations.
Inputs:
From SRM 2.2.2 b & 2.2.3 b (2) (b), into SA: 3.0 b (1) (b)
Page 18
June 1, 2010 SMS Framework – Revision 3
system to be put into, or continue in operation. The SA process starts with a System Description
which adds structure and helps map organizational responsibilities, functions and interfaces.
Safety Assurance processes concentrate on proving, through collection and analysis of objective
evidence (i.e., documents, records, etc.), that process or system expectations continue to be met.
In a SMS, the system’s requirements are based on assessment of risk in the organization’s
operation or in the products that it produces, as discussed above. Safety assurance techniques,
including internal auditing and evaluation, are used to determine if risk controls designed into the
service provider’s processes are being practiced and are performing as designed. If an aviation
already has a comprehensive IEP, it should be reviewed to ensure that it conforms to the SMS
SA expectations. 6
Line managers are the technical experts in any organization and thus the most knowledgeable
about the specific processes involved. Line managers of the operational departments should
exercise their responsibility for monitoring these processes and periodically assessing the status
of routine operations and risk controls. Specifications for these and other related SA processes
are left at a functional level, allowing individual organizations to tailor them to the scope and
scale appropriate for their size and type of organization.
The SMS Framework specifies a responsibility for internal auditing of the aviation service
provider’s productive processes. As with other requirements, the SMS Framework’s auditing
requirements are left at a functional level, allowing for a broad range of complexity,
commensurate with the complexity of the organization.
6
The Safety Assurance (SA) functions in the SMS Framework contained in Appendix 1 were derived almost
directly from ISO 9001-2008, the international quality management standard and the Internal Evaluation Program
(IEP) development guidance in advisory circular (AC) 120-59.
Page 19
SMS Framework – Revision 3 June 1, 2010
Note: The provisions of the SMS Framework are not intended to duplicate the
functions of a Continuing Analysis and Surveillance System (CASS) (required for
aviation service providers under 14 CFR part 121 or part 135) or Internal Evaluation
Programs (IEP). In fact, the FAA encourages an integrated approach where these
programs are all part of a comprehensive SMS.
(d) External Audits. (Appendix 1, Process 3.1.4) External audits of the SMS may
be conducted by the regulator (FAA), code-share partners, customer organizations, or other third
parties selected by the aviation service provider. These audits not only provide a strong interface
with the oversight system (Safety Assurance System or SAS) but also a secondary assurance
system.
Organizations may elect to have third-party audits of their SMS from organizations such as the
IATA or other consultant organizations. It is not the intent of a SMS to require the arrangement
or purchase of external audits, especially by small aviation service providers. However, if
external audits are conducted of the organization, the data collected should be used by the
organization in their data acquisition process.
Employees must be encouraged to use the employee reporting system without fear of reprisal.
Data from the safety reporting and feedback system should be monitored to identify emerging
hazards. Additionally, data collected in the safety reporting and feedback system should be
included in all SMS analyses functions. Many certificated operators already have invested in
Aviation Safety Action Programs (ASAP). ASAP is a collaborative, reporting, analyses and
problem solving effort among the FAA, operators, and employee unions. As mentioned earlier,
this program is an example of a voluntary program that could be integrated into the SMS
Page 20
June 1, 2010 SMS Framework – Revision 3
(2) Analysis and Assessment. (Appendix 1, Processes 3.1.7 & 3.1.8) Audits and other
information-gathering activities are useful to management only if the information is provided in
a meaningful form and conclusions are drawn to form a bottom line assessment. Recall that a
primary purpose of the SA process is to assess the continued effectiveness of risk controls put
into place by the SRM process. Where significant deviations to existing controls are discovered,
the SMS Framework requires a structured, documented process for preventive and corrective
action to place the controls back on track.
One of Dr. James Reason’s organizational safety culture principles is that of a learning culture. 7
The information in reports, audits, investigations, and other data sources is not useful if the
organization does not learn from it. The SMS Framework requires an analysis process, a
preventive/corrective action process, and a path to the SRM process for the development of new
safety controls, as environments change and new hazards are identified. It further requires that
the organization provide training and information about risk controls and lessons learned.
7
Reason. Managing the Risks of Organizational Accidents.
Page 21
SMS Framework – Revision 3 June 1, 2010
(2) Competencies and Training. (Appendix 1, Processes 4.1.1 & 4.1.2) There are
process expectations in the Safety Promotion Component (4.0) of the SMS Framework to ensure
employees, throughout the organization, are trained and competent on their safety-related job
functions. Additionally, it is important for all employees to know how to report safety concerns
and know that it is their responsibility to do so.
8. CONTACT. For additional information or suggestions, please contact the Flight Standards
Service, SMS Program Office, AFS-920, at (703) 661-0516.
8
Reason. Managing the Risks of Organizational Accidents.
Page 22
June 1, 2010 SMS Framework - Revision 3
Appendix 1
APPENDIX 1
AVIATION SERVICE PROVIDER SAFETY MANAGEMENT SYSTEM (SMS)
FRAMEWORK: FUNCTIONAL EXPECTATIONS
a. This SMS Framework describes the expectations for an aviation service provider’s (for
example, certificated and non-certificated aviation organizations, aviation service providers, air
carriers, airlines, maintenance repair organizations, air taxi operators, corporate flight
departments, repair stations, and pilot schools) SMS in the air transportation system.
(1) This SMS Framework is not mandatory and does not constitute a regulation.
Development and implementation of an SMS is voluntary. While the Federal Aviation
Administration (FAA) encourages each aviation service provider to develop and implement an
SMS, these systems are not substitutes for compliance with Federal regulations and all other
certificate requirements, where applicable. However, for aviation service providers that elect to
voluntarily implement an SMS, the FAA views the objectives and expectations in this SMS
Framework to be the minimum for a comprehensive and robust SMS.
(2) This SMS Framework is intended to address aviation safety related operational and
support processes and activities that are related to aviation safety, not occupational safety,
environmental protection, or customer service quality.
(3) The expectations of this SMS Framework apply to SMSs developed and used by
organizations that provide products and/or services in the air transportation system.
(4) Operators and service providers are responsible for the safety of services or products
contracted to or purchased from other organizations.
b. While this document establishes the minimum acceptable expectations; oversight entities
and service providers may establish more stringent requirements.
3. REFERENCES. This advisory circular (AC) is in accordance with the following documents:
Page 1
June 1, 2010 SMS Framework - Revision 3
Appendix 1
d. FAA Order VS 8000.367, Aviation Safety (AVS) Safety Management System
Requirements, 5/14/2008.
4. DEFINITIONS.
a. Accident. An occurrence associated with the operation of an aircraft that takes place
between the time any person boards the aircraft with the intention of flight and all such persons
have disembarked, and in which any person suffers death or serious injury, or in which the
aircraft receives substantial damage (49 CFR 830.2, Definitions).
b. Analysis. The conversion of data into information, to identify measures that predict
safety related problems to allow risk-management decision making, by the identification of
trends, deficiencies and root causes. This involves the processes of identifying a question or issue
to be addressed, modeling the issue, investigating model results, interpreting the results, and
possibly making a recommendation. Analysis typically involves using scientific or mathematical
methods for evaluation.
(1) Responsibility. Who is accountable for management and overall quality of the
process (planning, organizing, directing, controlling) and its ultimate accomplishment.
(2) Authority. Who can direct, control, or change the process, as well as who can make
key decisions such as risk acceptance. This attribute also includes the concept of empowerment.
(4) Controls. Controls are elements of the system, including hardware, software, special
procedures, or procedural steps, and supervisory practices designed to keep processes on track to
achieve their intended results. Organizational process controls are typically defined in terms of
special procedures, supervisory and management practices, and processes. Many controls are
inherent features of the SMS Framework. Practices such as continuous monitoring, internal
audits, internal evaluations, and management reviews (all parts of the Safety Assurance (SA)
component) are identified as controls within the design expectations. Additionally, other
practices such as documentation, process reviews, and data tracking are identified as controls
within specific elements and processes.
Page 2
June 1, 2010 SMS Framework - Revision 3
Appendix 1
(5) Process Measures. Ways to provide feedback to responsible parties that required
actions are taking place and required objectives are being achieved. A basic principle of SA is
that fundamental processes be measured so that management decisions can be data-driven. The
general expectations for the Policy Component 1.0, specify that SMS outputs be measured and
analyzed. These measurements and analyses are accomplished in SA Component 3.0. Outputs of
each process should, therefore, be identified during Component 3.0 activities and should be the
subjects of continuous monitoring, internal audits, and internal evaluation.
(6) Interfaces. This aspect includes examining such things as lines of authority between
departments, lines of communication between employees, consistency of procedures, and clearly
delineating lines of responsibility between organizations, work units, and employees. Interfaces
are the inputs and outputs of a process.
e. Audit. Scheduled, formal reviews and verifications that evaluate whether an organization
has complied with policy, standards, and/or contract requirements. An audit starts with the
management and operations of the organization and then moves to the organization's activities
and products/services.
(1) Internal Audit. An audit conducted by, or on behalf of, the organization being
audited, e.g., the flight training department audits the flight training department.
(2) External Audit. An audit conducted by an entity outside of the organization being
audited, e.g., the flight operations department audits the flight training department.
f. Aviation Service Provider. Refer to definition for organization below. Aviation service
provider is interchangeable with the terms service provider and organization within this
document.
h. Complete. Nothing has been omitted and what is stated is essential and appropriate to the
level of detail.
Page 3
June 1, 2010 SMS Framework - Revision 3
Appendix 1
l. Corrective Action. Action to eliminate (remove) or mitigate (lessen) the cause or reduce
the effects of a detected nonconformity or other undesirable (unwanted) situation.
n. Documentation. Information or meaningful data and its supporting medium (e.g., paper,
electronic, etc.). In this context, documentation is different from records because documentation
is the written description of policies, processes, procedures, objectives, requirements, authorities,
responsibilities, or work instructions; where as records are the evidence of results achieved or
activities performed.
q. Hazard. Any existing or potential condition that can lead to injury, illness, or death;
damage to or loss of a system, equipment, or property; or damage to the environment. A hazard
is a condition that might cause (is a prerequisite to) an accident or incident.
u. Line Management. The management structure that operates (controls, supervises, etc)
the operational activities and processes of the aviation system.
Page 4
June 1, 2010 SMS Framework - Revision 3
Appendix 1
requirements of aviation service provider-developed risk controls or aviation service provider-
specified policies and procedures.
w. Objective. The desired state or performance target of a process. Usually it is the final
state of a process and contains the results and outputs used to obtain the desired state or
performance target.
y. Organization. Within the context of this document, the term organization refers to any
organization providing aviation services. The term includes certificated and non-certificated
aviation organizations, aviation service providers, air carriers, airlines, maintenance repair
organizations, air taxi operators, corporate flight departments, repair stations, pilot schools,
approved training organizations that are exposed to safety risks during the provision of their
services and organizations responsible for type design and/or manufacture of aircraft.
(Also see service provider below). The term organization is interchangeable with the term
aviation service provider and service provider within this document.
z. Outputs. The product or end result of an SMS process, which is able to be recorded,
monitored, measured, and analyzed. Outputs are the minimum expectation for the product of
each process area and the input for the next process area in succession. Each of the outputs of a
process should have a method of measurement specified by the organization. Measures need not
be quantitative where this is not practical; however, some method of providing objective
evidence of the attainment of the expected output is necessary. A table of expected SMS process
outputs is in Appendix 4.
aa. Oversight. A function performed by a regulator (such as the FAA) that ensures that an
aviation organization complies with and uses safety-related standards, requirements, regulations,
and associated procedures. Safety oversight also works to assure that the acceptable level of
safety risk is not exceeded in the air transportation system.
bb. Preventive Action. Preemptive action to eliminate or mitigate the potential cause or
reduce the future effects of an identified or anticipated nonconformity or other undesirable
situation.
cc. Procedure. Specified ways to carry out operational activities that translate the what
(objectives) into how (practical activities).
dd. Process. A set of interrelated or interacting activities that transform inputs into outputs.
ee. Process Measures. Refer to definition for process measures under the attributes
definition, above, i.e., a means of providing feedback to responsible parties that required actions
are taking place and required objectives are being achieved.
ff. Product/Service. Anything that is offered or can be purchased that might satisfy a want
or need in the air transportation system.
Page 5
June 1, 2010 SMS Framework - Revision 3
Appendix 1
gg. Records. Evidence of results achieved or activities performed (also see documentation
above).
hh. Residual Safety Risk. The safety risk that exists after mitigation has been
accomplished or all controls have been implemented or exhausted and verified. Only verified
controls can be used for assessing residual safety risk.
ii. Risk. The composite of predicted severity (how bad) and likelihood (how probable) of
the potential effect of a hazard in its worst credible (reasonable or believable) system state. The
terms risk and safety risk are interchangeable for the purposes of this document.
jj. Risk Control. Steps taken to eliminate (remove) hazards or to mitigate (lessen) their
effects by reducing the severity and/or likelihood of risk associated with those hazards.
kk. Safety Assurance (SA). A formal management process within the SMS that
systematically provides confidence that an organization’s products/services meet or exceed
safety requirements. Safety Assurance expectations are provided in this SMS Framework,
Component 3.0.
ll. Safety Culture. The product of individual and group values, attitudes, competencies,
and patterns of behavior that determine the commitment to, and the style and proficiency of, the
organization's management of safety. Organizations with a positive safety culture are
characterized by communications founded on mutual trust, by shared perceptions of the
importance of safety and by confidence in the efficacy of preventive measures.
mm. SMS. The formal, top-down business-like approach to managing safety risk. It includes
systematic procedures, practices, and policies for the management of safety (as described in this
document it includes Safety Policy, Safety Risk Management, Safety Assurance, and Safety
Promotion).
nn. Safety Objective. 9 A goal or desirable outcome related to safety. Generally based on
the organization’s safety policy, and specified for relevant functions and levels in the
organization. Safety objectives are typically measurable.
oo. Safety Planning. 10 Part of safety management focused on setting safety objectives and
specifying needed operational processes and related resources to fulfill these objectives.
pp. Safety Risk. The composite of predicted severity (how bad) and likelihood
(how probable) of the potential effect of a hazard in its worst credible (reasonable or believable)
system state. The terms safety risk and risk are interchangeable for the purposes of this
document.
9
Adapted from definition 3.2.5 in ISO 9000-2005 for quality objectives.
10
Adapted from definition 3.2.9 in ISO 9000-2005 for quality planning.
Page 6
June 1, 2010 SMS Framework - Revision 3
Appendix 1
qq. Safety Risk Control. A characteristic of a system that reduces or mitigates (lessens)
the potential undesirable effects of a hazard. Controls may include process design, equipment
modification, work procedures, training or protective devices. Safety risk controls must be
written in requirements language, measurable, and monitored to ensure effectiveness.
rr. Safety Risk Management (SRM). A formal process within the SMS that describes the
system, identifies the hazards, assesses the risk, analyzes the risk, and controls the risk. The SRM
process is embedded in the processes used to provide the product/service; it is not a
separate/distinct process. SRM expectations are provided in the SMS Framework, Component
2.0.
ss. Safety Promotion. A combination of safety culture, training, and data sharing activities
that support the implementation and operation of an SMS in an organization. Safety Promotion
expectations are provided in this SMS Framework, Component 4.0.
uu. Service Provider. (Refer to definition for Organization above). The term service
provider is interchangeable with the terms aviation service provider and organization within this
document.
xx. System. An integrated set of constituent elements that are combined in an operational
or support environment to accomplish a defined objective. These elements include people,
hardware, software, firmware, information, procedures, facilities, services, and other support
facets.
zz. Top Management. The person or group of people who direct and control an
organization, reference ISO 9000-2005 definition 3.2.7 – “person or group of people who directs
and controls an organization at the highest level.” Top management translates the policy into
goals, objectives and strategies, and projects a shared-vision of the future. Top management
makes decisions that affect everyone in the organization, and is held entirely responsible for the
success or failure of the enterprise. In many large organizations, this can be the Chief Executive
Officer, Chairman/Chairwoman, President or the Board of Directors; in smaller organizations,
this might be the owner of the organization.
Page 7
June 1, 2010 SMS Framework - Revision 3
Appendix 1
5.1 SMS FRAMEWORK STRUCTURE. The SMS Framework is broken down into
components, elements, and processes. The components and elements are based on the ICAO
Framework. Elements in the SRM, Safety Assurance, and Safety Promotion components are
further broken down into processes.
a. Performance Objectives are the desired outcomes of the particular element or process
under evaluation.
b. Design Expectations are the characteristics of the element or process that, if properly
implemented, should provide the outcomes identified in the performance objectives.
Page 8
June 1, 2010 SMS Framework - Revision 3
Appendix 1
Page 9
June 1, 2010 SMS Framework - Revision 3
Appendix 1
(c) Measured, and
(d) Analyzed.
(4) It is expected that:
(a) The organization will promote the growth of a positive safety culture
(described under Component 4.0, b);
(b) If the organization has a quality policy, top management will ensure that the
quality policy is consistent with the SMS;
(c) The SMS will include a means to comply with FAA policy, legal, regulatory and
statutory requirements applicable to the SMS;
(d) The organization will establish and maintain a procedure to identify current
FAA policy, legal, regulatory and statutory requirements applicable to the SMS;
(e) The organization will establish and maintain procedures with measurable criteria
to accomplish the objectives of the safety policy 11 ;
(f) The organization will establish and maintain supervisory and operational
controls to ensure procedures are followed for safety-related operations and activities; and
(g) The organization will establish and maintain a safety management plan to
describe how it will achieve its safety objectives.
11
Measures are not expected for each procedural step. However, measures and criteria should be of sufficient depth
and level of detail to ascertain and track accomplishment of objectives. Criteria and measures can be expressed in
either quantitative or qualitative terms.
Page 10
June 1, 2010 SMS Framework - Revision 3
Appendix 1
(h) Provide management guidance for reviewing safety objectives;
(i) Be documented;
(j) Be communicated with visible management endorsement to all employees and
responsible parties;
(k) Be reviewed periodically to ensure it remains relevant and appropriate to the
organization; and
(l) Identify responsibility and accountability of management and employees with
respect to safety performance.
Page 11
June 1, 2010 SMS Framework - Revision 3
Appendix 1
Page 12
June 1, 2010 SMS Framework - Revision 3
Appendix 1
5. Retained for a specified period of time as determined by the organization.
(b) The organization will establish and maintain procedures for controlling all
documents required by this SMS Framework to ensure that:
1. They can be located; and
2. They are periodically:
(a) Reviewed,
(b) Revised as needed, and
(c) Approved for adequacy by authorized personnel.
(c) The current versions of relevant documents are available at all locations where
essential SMS operations are performed; and
(d) Obsolete documents are promptly removed from all points of use or otherwise
assured against unintended use.
(4) Records Management.
(a) The organization will establish and maintain procedures to:
1. Identify,
2. Maintain, and
3. Dispose of their SMS records.
(b) SMS records will be:
1. Legible,
2. Identifiable, and
3. Traceable to the activity involved.
(c) SMS records will be maintained in such a way that they are
1. Readily retrievable and;
2. Protected against:
(a) Damage,
(b) Deterioration, or
(c) Loss.
(d) Records retention times will be documented.
Page 13
June 1, 2010 SMS Framework - Revision 3
Appendix 1
Page 14
June 1, 2010 SMS Framework - Revision 3
Appendix 1
Page 15
June 1, 2010 SMS Framework - Revision 3
Appendix 1
ELEMENT 2.1 HAZARD IDENTIFICATION AND ANALYSIS.
12
While it is recognized that identification of every conceivable hazard is impractical, organizations are expected to
exercise due diligence in identifying and controlling significant and reasonably foreseeable hazards related to their
operations.
Page 16
June 1, 2010 SMS Framework - Revision 3
Appendix 1
b. Design Expectations:
(1) The safety risk analysis process will include:
(a) Existing safety risk controls,
(b) Triggering mechanisms, and
(c) Safety risk of reasonably likely outcomes from the existence of a hazard, to
include estimation of the 13 :
1. Likelihood, and
2. Severity.
13
Risk likelihood and severity may be expressed in quantitative or qualitative terms.
Page 17
June 1, 2010 SMS Framework - Revision 3
Appendix 1
Page 18
June 1, 2010 SMS Framework - Revision 3
Appendix 1
COMPONENT 3.0 SAFETY ASSURANCE.
a. Performance Objective: The organization will monitor, measure, and evaluate the
performance of their systems to identify new hazards, measure the effectiveness of risk controls,
(to include preventative and corrective actions) and ensure compliance with regulatory
requirements.
b. General Design Expectations:
(1) The organization will monitor their systems and operations to:
(a) Identify new hazards,
(b) Measure the effectiveness of safety risk controls,
(c) Ensure compliance with regulatory requirements applicable to the SMS, and
(d) Ensure the Safety Assurance function is based upon a comprehensive system
description as described in Process 2.1.1.
(2) The organization will collect the data necessary to demonstrate the effectiveness of
its:
(a) Operational processes, and
(b) The SMS.
Page 19
June 1, 2010 SMS Framework - Revision 3
Appendix 1
PROCESS 3.1.2 INTERNAL AUDITS BY OPERATIONAL DEPARTMENTS.
a. Performance Objective: The organization will perform regularly scheduled internal
audits of its operational processes, including those performed by contractors, to verify safety
performance and evaluate the effectiveness of safety risk controls.
b. Design Expectations:
(1) Line management of operational departments will conduct regular internal audits of
safety-related functions of the organization’s operational processes (production system). (Note:
The internal audit is a primary means of output measurement under Component 1.0, b, (3) (c)
and (4) (e)).
(2) Line management will ensure that regular audits are conducted to:
(a) Determine conformity with safety risk controls, and
(b) Assess performance of safety risk controls.
(3) Planning of the audits program will take into account:
(a) Safety criticality of the processes to be audited, and
(b) Results of previous audits.
(4) The organization will define:
(a) Audits, including:
1. Criteria,
2. Scope,
3. Frequency,
4. Method;
(b) How the auditors will be selected; and
(c) Requirement that auditors will not audit their own work.
(5) The organization will document audit procedures, to include:
(a) Responsibilities; and
(b) Expectations for:
1. Planning audits,
2. Conducting audits,
3. Reporting results,
4. Maintaining records, and
5. Auditing contractors and vendors.
Page 20
June 1, 2010 SMS Framework - Revision 3
Appendix 1
a. Performance Objective: The organization will conduct internal evaluations of the SMS
and operational processes at planned intervals, to determine that the SMS conforms to its
objectives and expectations.
b. Design Expectations:
(1) The organization will conduct internal evaluations of the operational processes and
the SMS at planned intervals to determine that the SMS conforms to objectives and expectations
(Note: SMS output measurement is a primary control under Component 1.0, b, (3) (c) and (4)
(e)).
(2) Planning of the evaluation program will take into account:
(a) Safety criticality of the processes being evaluated, and
(b) Results of previous evaluations.
(3) The organization will define:
(a) Evaluations, including:
1. Criteria,
2. Scope,
3. Frequency, and
4. Methods;
(b) The processes used to select the evaluators; and
(c) Documented procedures, which include:
1. The responsibilities and
2. Requirements for:
(a) Planning evaluations,
(b) Conducting evaluations,
(c) Reporting results,
(d) Maintaining records, and
(e) Evaluating contractors and vendors.
(4) The program will include an evaluation of the programs described in
Component 1.0, b (1).
(5) The person or organization performing evaluations of operational processes must be
independent of the process being evaluated.
Page 21
June 1, 2010 SMS Framework - Revision 3
Appendix 1
b. Design Expectations: The organization will include the results of oversight organization
assessments, and other external audit results, in the analyses conducted as described in Process
3.1.7.
Page 22
June 1, 2010 SMS Framework - Revision 3
Appendix 1
PROCESS 3.1.7 ANALYSIS OF DATA.
a. Performance Objective: The organization will analyze the data acquired in
Processes 3.1.1 through 3.1.6 to assess the performance and effectiveness of risk controls in the
organization’s operational processes and the SMS, and to identify root causes of
nonconformance’s and potential new hazards.
b. Design Expectations:
(1) The organization will analyze the data acquired in Processes 3.1.1 through 3.1.6 to
demonstrate performance and effectiveness of:
(a) Risk controls in the organization’s operational processes, and
(b) The SMS.
(2) Through data analysis, the organization will identify root causes of nonconformance
and potential new hazards and evaluate where improvements can be made to the organizations:
(a) Operational processes, and
(b) The SMS.
Page 23
June 1, 2010 SMS Framework - Revision 3
Appendix 1
(4) The organization will maintain records of assessments in accordance with the
expectations of Element 1.5 b (3) and (4).
Page 24
June 1, 2010 SMS Framework - Revision 3
Appendix 1
(a) Preventive actions for identified potential nonconformities with risk controls,
and
(b) Corrective actions for identified nonconformities with risk controls.
Page 25
June 1, 2010 SMS Framework - Revision 3
Appendix 1
Page 26
June 1, 2010 SMS Framework - Revision 3
Appendix 1
Page 27
June 1, 2010 SMS Framework - Revision 3
Appendix 1
(2) Training development will consider scope, content, and frequency of training required
to maintain competency for those individuals in the positions identified in Elements 1.2 b (3) and
1.3.
(3) Employees will receive training commensurate with their:
(a) Position level within the organization, and
(b) Impact on the safety of the organization’s products or services.
(4) To ensure training currency, training will be periodically:
(a) Reviewed and
(b) Updated.
Page 28
June 1, 2010 SMS Framework - Revision 3
Appendix 2
APPENDIX 2
COMPARISON OF SAFETY MANAGEMENT SYSTEM (SMS) FRAMEWORK WITH
OTHER STANDARDS
1. PURPOSE OF THIS APPENDIX. The table below is provided to assist those organizations
developing and implementing an SMS. It provides a reference between existing standards and
this SMS Framework. It includes references to the following:
c. Occupational Safety and Health Management Systems via OHSAS 18001. OHSAS
18001 is an Occupation Health and Safety Assessment Series for health and safety management
systems, which was created through a concerted effort from a number of the world’s leading
national standards bodies, certification bodies, and specialist consultancies.
Note: The following table is intended to assist the organization SMS developers in
building on existing management systems to develop the SMS and/or integrating its
SMS with these existing management systems.
Page 1
June 1, 2010 SMS Framework - Revision 3
Appendix 2
Page 2
June 1, 2010 SMS Framework - Revision 3
Appendix 2
Page 3
June 1, 2010 SMS Framework, Revision 3
Appendix 3
Page 2
June 1, 2010 SMS Framework - Revision 3
Appendix 3
APPENDIX 3
SAMPLE RISK ASSESSMENT TOOLS
Page 3
June 1, 2010 SMS Framework, Revision 3
Appendix 3
Page 4
June 1, 2010 SMS Framework - Revision 3
Appendix 3
a. Risk Acceptance. In the development of its risk assessment criteria, aviation service
providers are expected to develop risk acceptance procedures, including acceptance criteria and
designation of authority and responsibility for risk management decision making.
The acceptability of risk can be evaluated using a risk matrix such as the two examples
illustrated in Figure 1. The example matrices show three areas of acceptability.
Risk matrices may be color coded; unacceptable (red), acceptable (green), and acceptable with
mitigation (yellow).
(1) Unacceptable (Red). Where combinations of severity and likelihood cause risk to
fall into the red area, the risk would be assessed as unacceptable and further work would be
required to design an intervention to eliminate that associated hazard or to control the factors that
lead to higher risk likelihood or severity.
(2) Acceptable (Green). Where the assessed risk falls into the green area, it may be
accepted without further action. The objective in risk management should always be to reduce
risk to as low as practicable regardless of whether or not the assessment shows that it can be
accepted as is. This is a fundamental principle of continuous improvement.
(3) Acceptable with Mitigation (Yellow). Where the risk assessment falls into the
yellow area, the risk may be accepted under defined conditions of mitigation. An example of this
situation would be an assessment of the impact of a non-operational aircraft component for
inclusion on a minimum equipment list (MEL). Defining an Operational (O) or Maintenance (M)
procedure in the MEL would constitute a mitigating action that could make an otherwise
unacceptable risk acceptable, as long as the defined procedure was implemented. These
situations may also require continued special emphasis in the Safety Assurance function.
Page 5
June 1, 2010 SMS Framework, Revision 3
Appendix 3
FIGURE 1. SAFETY RISK MATRIX EXAMPLES
Severity Higher
Likelihood Lower
Un
ac c
Ac ep
c ep tab
tab le
le w
More i th
Less Mit
Ac ig atio
cep
tab n
le
Example 1
Risk Severity
Risk
Frequent 5 5A 5B 5C 5D 5E
Occasional 4 4A 4B 4C 4D 4E
Remote 3 3A 3B 3C 3D 3E
Improbable 2 2A 2B 2C 2D 2E
Extremely
1 1A 1B 1C 1D 1E
Improbable
Example 2
Page 6
June 1, 2010 SMS Framework - Revision 3
Appendix 3
b. Other Risk Assessment Tools for Flight and Operational Risk Management. Other
tools can also be used for flight or operational risk assessment such as the Controlled Flight into
Terrain (CFIT), Approach and Landing Accident Reduction (ALAR), operational control, and
ground operations risk assessment tools available from the Flight Safety Foundation
(http://www.flightsafety.org/technical_initiatives.html).
c. Causal Analysis. Risk analyses should concentrate not only on assigning levels of
severity and likelihood but on determining why these particular levels were selected. This is
referred to as root cause analysis, and is the first step in developing effective controls to reduce
risk to lower levels.
Several structured software systems are available to perform root cause analysis. However, in
many cases, simple brainstorming sessions among the company’s pilots, mechanics, or
dispatchers other experienced subject matter experts is the most effective and affordable method
of finding ways to reduce risk. This also has the advantage of involving employees who will
ultimately be required to implement the controls developed.
Page 7
June 1, 2010 SMS Framework, Revision 3
Appendix 3
Page 8
June 1, 2010 SMS Framework - Revision 3
Appendix 4
APPENDIX 4
TABLE OF EXPECTED SAFETY MANAGEMENT SYSTEM (SMS) OUTPUTS
1. PURPOSE OF THIS APPENDIX. To a large extent, controls are built into the design of
the SMS Framework. A general expectation of the Policy Component is that SMS outputs will be
“recorded, monitored, measured, and analyzed” (Component 1.0, b (3)). The Internal Evaluation
Process (3.1.3, b (1)), of the Safety Assurance Component 3.0 calls for evaluations “at planned
intervals” of SMS conformance to objectives and expectations.
Note: There is a relationship between controls and process measures. That is, the
internal evaluation process is the method of controlling the processes, through the
associated data collection, analysis, assessment, and preventive/corrective action
processes. The individual outputs are the content of the measures.
3. MANAGEMENT REVIEWS. Finally, management reviews are the means of making sure
that the appropriate levels of responsibility and authority are brought into the process and that
management can be accountable in a proactive way, rather than an after-the-fact attribution.
Note: Table 1 below is a complete set of outputs, as a minimum expectation, for the
content of internal evaluations of each process area.
Page 1
June 1, 2010 SMS Framework, Revision 3
Appendix 4
Process Reference Output Expectation
Monitoring accordance with company policy
3.1.2 Internal Audit by 3.1.2b(5)(b)(1) Plans
Operational Departments
3.1.2b(5)(b)(3) Reports/records
& (4)
3.1.3 Internal Evaluation 3.1.3b(3)(d)(2) Plans
(a)
3.1.3b(3)(d)(2) Reports/records
(c) & (d)
3.1.4 External Auditing of 3.1.4 Objective evidence of external audit findings (e.g.,
the SMS International Air Transport Association Operational
Safety Audit (IOSA), International Business Aviation
Council (IS-BAO), Air Charter Safety Foundation
(ACSF), and Federal Aviation Administration (FAA))
3.1.5 Investigations 3.1.5b(1) Data collected (e.g. records, reports) for investigations
of:
3.1.5b(1)(a) • Incidents
3.1.5b(1)(b) • Accidents
3.1.6 Employee Reporting 3.1.6b(1) Evidence of system (e.g. report file, log, database)
and Feedback System
(ERS)
3.1.6b3) Evidence of monitoring of ERS data for hazards
3.1.6b(4) Evidence of analysis of ERS data
3.1.7 Analysis of Data 3.1.7b Objective evidence of analysis processes for each data
3.1.7b(1) type
3.1.8 System Assessment 3.1.8b(4) Records of system assessments
3.3.1 Preventive/Corrective 3.3.1b(1) Corrective action plans
Action
3.3.1b(5) Records of disposition and status of corrective actions
3.3.2 Management Review 3.3.2b(1) Objective evidence of management reviews (e.g.,
minutes, log)
Component 4.0 - Safety Promotion
4.1.1 Personnel 4.1.1b(1) Documented competency requirements in accordance
Expectations (Competence) with 1.2 b(3) & 1.3b(1)
4.1.2 Training 4.1.2b(1) Plans/requirements
4.1.2b(3) Records
4.1.2b(4) Reviews
Page 2