Omni Aviation SMS Manual SMSVP Version
Omni Aviation SMS Manual SMSVP Version
Omni Aviation SMS Manual SMSVP Version
SMS Manual
e n t
u m
See the document: Working with Omni Manuals
c t
n
in your OmniSMS web application under Guidance
o t e
Configuration for editing instructions and procedures
D n
p l e C o Revision: 15
e d
R
Assigned to: ________________________
This manual is the property of Your Company, and contains proprietary information. It may not be copied,
printed or reproduced in any manner without the express written consent of YCO. The person to whom this
manual has been assigned is responsible for the safekeeping of this manual and the timely insertion of all
revisions in accordance with the procedures contained herein.
THIS PAGE INTENTIONALLY LEFT BLANK
e n t
cu m t
D o t e n
l e o n
p
m ted C
S a c
e d a
R
AVIATION MANAGEMENT SYSTEM
SMS Manual
Record of Revisions
Manual Serial Number: ______
t
2 Addition of Section 9: Fatigue Risk Management 22 March 2015 PMS
e n
Alignment with FAA SMS Framework Rev. 3 18 June 2015 PMS
u m t
Align / update with FAA SMS VP Standard
c
29 July 2016 PMS
o t e n
Integrate with OmniSMS® v4 web application
D
15 Nov 2016 PMS
l e o n
Relocation of policy statements to Section 11 –
15 Jan 2017 PMS
p C
Appendix: Policy Statements
a m ted
7 Revised Risk Assessment (RA) matrix 04 June 2017 PMS
8
S a c
Align with revisions to OmniSMS web app; Section 2:
d
Incorporation of event risk (ER) classification; additional 05 Sept 2017 PMS
e
definitions
R
Changed ‘Safety Assessment’ to ‘Safety Issue’.
Changed ‘System Assessment’ process to ‘Risk
Control Assessment’ and align with OmniSMS web
application updates. Clarified explanations of safety
9 objectives and goals, safety key performance indicators
20 Feb 2018 PMS
(SKPIs), targets and alerts. Revised definitions to
include the term: ‘External Provider’ and add new
Safety Attribute: ‘Safety Ownership’
t
objectives to better describe their detailed nature. 15 November
13
n
PMS
Section 5: Updates to SMS VP Gap Analysis and 2019
e
Validation Project Plan tool and OmniSMS
m
Implementation document. Revised procedures in
u
paragraph 3.3 for management of change.
o c n t
Improved guidance regarding operational, safety, and
e
D t
SMS performance measurements and indicators;
n
clarified use of the terms: ‘goal’, ‘objective’ and ‘target’.
l e o
Added interfaces with IEP, EIG and ASAP Manual.
p C
Revised safety / quality policy statement. Revised
safety attribute definitions IAW AC 120-92C. Removed
m ted
paragraph 6.5 Aviation Safety Action Program to be
a
14 accomplished under separate cover: ASAP Policies &
15 May 2020 PMS
S c
Procedures Manual IAW AC 120-66C. Revised risk
a
assessment (RA) matrix and explanation of risk
d
dimensions. Previous paragraph 3.1.9 Analysis of Data
e
moved to paragraph 3.5 with enhanced guidance.
R
(SRR 5.71(b) updated). Added explanations for use of
risk and hazard registers in Section 2.
t
15 08 April 2022
n
6
2. SAFETY RISK MANAGEMENT
e
7 15 08 April 2022
8 15 08 April 2022 2-1 15 08 April 2022
m
15 08 April 2022 2-2 15 08 April 2022
u
9
t
15 08 April 2022
c
10 15 08 April 2022 2-3
o n
2-4 15 08 April 2022
D t e
2-5 15 08 April 2022
0. INTRODUCTION
n
2-6 15 08 April 2022
e o
0-1 15 08 April 2022
l
2-7 15 08 April 2022
p
0-2 15 08 April 2022
C
2-8 15 08 April 2022
0-3 15 08 April 2022
m ted
2-9 15 08 April 2022
0-4 15 08 April 2022
a
2-10 15 08 April 2022
0-5 15 08 April 2022
S c
2-11 15 08 April 2022
0-6 15 08 April 2022
a
2-12 15 08 April 2022
0-7 15 08 April 2022
d
2-13 15 08 April 2022
e
0-8 15 08 April 2022
2-14 15 08 April 2022
0-9 15 08 April 2022
R
2-15 15 08 April 2022
0-10 15 08 April 2022
2-16 15 08 April 2022
0-11 15 08 April 2022
2-17 15 08 April 2022
0-12 15 08 April 2022
2-18 15 08 April 2022
0-13 15 08 April 2022
2-19 15 08 April 2022
0-14 15 08 April 2022
2-20 15 08 April 2022
0-15 15 08 April 2022
2-21 15 08 April 2022
0-16 15 08 April 2022
2-22 15 08 April 2022
0-17 15 08 April 2022
0-18 15 08 April 2022
3. SAFETY ASSURANCE
3-1 15 08 April 2022
1. SAFETY POLICIES & OBJECTIVES
3-2 15 08 April 2022
1-1 15 08 April 2022
3-3 15 08 April 2022
1-2 15 08 April 2022
3-4 15 08 April 2022
PAGE. REV. NO. EFFECTIVE DATE. PAGE. REV. NO. EFFECTIVE DATE.
3-5 15 08 April 2022 6-13 15 08 April 2022
3-6 15 08 April 2022 6-14 15 08 April 2022
3-7 15 08 April 2022 6-15 15 08 April 2022
3-8 15 08 April 2022 6-16 15 08 April 2022
3-9 15 08 April 2022
3-10 15 08 April 2022 7. SMS ORGANIZATION
3-11 15 08 April 2022 7-1 15 08 April 2022
3-12 15 08 April 2022 7-2 15 08 April 2022
3-13 15 08 April 2022 7-3 15 08 April 2022
3-14 15 08 April 2022 7-4 15 08 April 2022
3-15 15 08 April 2022 7-5 15 08 April 2022
3-16 15 08 April 2022 7-6 15 08 April 2022
3-17 15 08 April 2022 7-7 15 08 April 2022
3-18 15 08 April 2022 7-8 15 08 April 2022
t
3-19 15 08 April 2022
n
3-20 15 08 April 2022
e
8. OPS. RISK ASSESSMENT
3-21 15 08 April 2022 8-1 15 08 April 2022
m
3-22 15 08 April 2022
u
8-2 15 08 April 2022
c t
8-3 15 08 April 2022
o n
4. SAFETY PROMOTION
e
8-4 15 08 April 2022
D t
4-1 15 08 April 2022
n
15 08 April 2022
e
4-2 9. FATIGUE RISK MANAGEMENT
l o
4-3 15 08 April 2022 15 08 April 2022
p
9-1
C
4-4 15 08 April 2022 9-2 15 08 April 2022
m ted
9-3 15 08 April 2022
a
5. SMS IMPLEMENTATION PLAN 9-4 15 08 April 2022
S c
5-1 15 08 April 2022 9-5 15 08 April 2022
a
5-2 15 08 April 2022 9-6 15 08 April 2022
d
5-3 15 08 April 2022 15 08 April 2022
e
9-7
5-4 15 08 April 2022 9-8 15 08 April 2022
6-1
6-2
R
6. CONFIDENTIAL REPORTING
15
15
08 April 2022
08 April 2022
10. FLIGHT DATA ANALYSIS
10-1
10-2
15
15
08 April 2022
08 April 2022
6-3 15 08 April 2022 10-3 15 08 April 2022
6-4 15 08 April 2022 10-4 15 08 April 2022
6-5 15 08 April 2022
6-6 15 08 April 2022 11. POLICY STATEMENTS
6-7 15 08 April 2022 11-1 15 08 April 2022
6-8 15 08 April 2022 11-2 15 08 April 2022
6-9 15 08 April 2022 11-3 15 08 April 2022
6-10 15 08 April 2022 11-4 15 08 April 2022
6-11 15 08 April 2022 11-5 15 08 April 2022
6-12 15 08 April 2022
Your Company Acceptance: FAA Acceptance:
SMS Manual
Table of Contents Right-click in the TOC field to update links !
0. INTRODUCTION .......................................................................................................................... 0-1
0.1 GENERAL INFORMATION..........................................................................................................................0-1
0.1.1 BACKGROUND ....................................................................................................................................................... 0-1
0.1.2 SMS MANUAL AND SUPPORTING DOCUMENTS ................................................................................................ 0-1
0.1.3 APPLICABILITY ...................................................................................................................................................... 0-1
0.1.4 SMS MANUAL ACCEPTANCE ............................................................................................................................... 0-1
0.2 SMS OVERVIEW .........................................................................................................................................0-2
0.2.1 STRUCTURE .......................................................................................................................................................... 0-2
0.2.2 SMS COMPONENTS .............................................................................................................................................. 0-2
0.2.3 INTEGRATED SAFETY AND QUALITY MANAGEMENT ....................................................................................... 0-2
0.3 SMS DOCUMENTATION.............................................................................................................................0-2
t
0.3.1 SMS DOCUMENTATION PROCESS ...................................................................................................................... 0-2
n
0.4 SMS OPERATIONAL RECORDS ................................................................................................................0-3
e
0.4.1 SAFETY RISK MANAGEMENT (SRM) PROCESS RECORDS .............................................................................. 0-3
0.4.2 SAFETY ASSURANCE (SA) PROCESS RECORDS .............................................................................................. 0-3
m
0.4.3 SMS TRAINING RECORDS .................................................................................................................................... 0-3
u t
0.4.4 SAFETY COMMUNICATIONS RECORDS ............................................................................................................. 0-3
c n
0.5 SMS APPROPRIATE TO SIZE, SCOPE AND COMPLEXITY ......................................................................0-4
o t e
0.6 SMS WEB APPLICATION ...........................................................................................................................0-4
D n
0.7 TECHNICAL MANAGEMENT SYSTEM ......................................................................................................0-4
l e o
0.7.1 OVERVIEW ............................................................................................................................................................. 0-4
p C
0.7.2 APPLICABLE LAWS & REGULATIONS.................................................................................................................. 0-5
0.7.3 RESPONSIBILITIES FOR TECHNICAL MANAGEMENT ....................................................................................... 0-5
m ted
0.7.4 MANUAL SYSTEM .................................................................................................................................................. 0-5
a
0.7.5 REVISION CONTROL ............................................................................................................................................. 0-5
S
0.7.6 DOCUMENT ASSIGNMENT ................................................................................................................................... 0-5
c
0.7.7 PROPOSED CHANGES.......................................................................................................................................... 0-6
a
0.7.8 DOCUMENT REVISION PROCESS ....................................................................................................................... 0-6
d
0.8 DEFINITIONS AND ACRONYMS ................................................................................................................0-7
e
0.8.1 TERMINOLOGY ...................................................................................................................................................... 0-7
R
0.8.2 ACRONYMS .......................................................................................................................................................... 0-16
n t
1.6 OPERATIONAL PERFORMANCE OBJECTIVES AND INDICATORS.......................................................1-10
e
1.6.1 OPERATIONAL KEY PERFORMANCE INDICATORS ......................................................................................... 1-10
1.7 SMS PERFORMANCE OBJECTIVES AND INDICATORS ........................................................................1-11
m
1.7.1 SMS PERFORMANCE INDICATORS ................................................................................................................... 1-11
cu t
2. SAFETY RISK MANAGEMENT .................................................................................................... 2-1
o e n
2.1 SAFETY RISK MANAGEMENT METHODS.................................................................................................2-1
D t
2.1.1 THREE LEVELS OF SAFETY RISK MANAGEMENT (SRM) .................................................................................. 2-1
e n
2.1.2 TIME-CRITICAL SRM.............................................................................................................................................. 2-1
l o
2.1.3 DELIBERATE SRM ................................................................................................................................................. 2-2
p C
2.1.4 STRATEGIC SRM ................................................................................................................................................... 2-2
m ted
2.2 SYSTEM ANALYSIS AND HAZARD IDENTIFICATION ..............................................................................2-3
a
2.2.1 SYSTEM DESCRIPTION AND ANALYSIS ............................................................................................................. 2-3
S
2.2.2 PROACTIVE HAZARD IDENTIFICATION ............................................................................................................... 2-3
c
2.2.3 PROACTIVE HAZARD ID CONSIDERATIONS ...................................................................................................... 2-4
a
2.2.4 REACTIVE HAZARD IDENTIFICATION.................................................................................................................. 2-4
d
2.2.5 SAFETY RISK MANAGEMENT (SRM) PROCESS FLOW DIAGRAM .................................................................... 2-5
e
2.3 SAFETY RISK ASSESSMENT AND CONTROL..........................................................................................2-6
R
2.3.1 SAFETY RISK ANALYSIS ....................................................................................................................................... 2-6
2.3.2 DEVELOPING A HAZARD STATEMENT AND RISK SCENARIOS ........................................................................ 2-7
2.3.3 STUDY OF SIGNIFICANT SAFETY ISSUES .......................................................................................................... 2-8
2.3.4 SAFETY RISK ASSESSMENT................................................................................................................................ 2-9
2.3.5 USE OF THE RISK ASSESSMENT (RA) MATRIX................................................................................................ 2-10
2.3.6 SAFETY RISK CONTROL ..................................................................................................................................... 2-11
2.3.7 ASSESSING RESIDUAL AND SUBSTITUTE RISK .............................................................................................. 2-11
2.3.8 CAP ACCEPTANCE / CAP LOCK......................................................................................................................... 2-12
2.3.9 IMPLEMENTING RISK CONTROLS ..................................................................................................................... 2-12
2.3.10 INITIAL SYSTEM DESCRIPTION ....................................................................................................................... 2-13
2.3.11 INITIAL SYSTEM ANALYSIS .............................................................................................................................. 2-14
2.3.12 SAFETY RISK PROFILE ..................................................................................................................................... 2-14
2.3.13 CREATING A SIGNIFICANT SAFETY ISSUE .................................................................................................... 2-14
2.3.14 CREATING A MINOR SAFETY ISSUE ............................................................................................................... 2-15
2.3.15 CREATING A QUALITY ISSUE ........................................................................................................................... 2-15
2.4 EVENT RISK CLASSIFICATION ...............................................................................................................2-16
2.4.1 MANAGING REPORTED EVENTS ....................................................................................................................... 2-16
2.4.2 EVENT-BASED RISK ANALYSIS.......................................................................................................................... 2-16
2.4.3 INTERVENTIONS, BARRIERS AND CONTROLS ................................................................................................ 2-16
2.4.4 ER QUESTION 1 ................................................................................................................................................... 2-17
2.4.5 ER QUESTION 2 ................................................................................................................................................... 2-18
t
3.2.1 OVERVIEW ........................................................................................................................................................... 3-11
n
3.2.2 EVALUATING OPERATIONAL PERFORMANCE ................................................................................................. 3-11
e
3.2.3 ENSURING COMPLIANCE WITH SAFETY RISK CONTROLS ............................................................................ 3-11
3.2.4 EVALUATING PERFORMANCE OF THE SMS .................................................................................................... 3-12
m
3.2.5 RISK CONTROL ASSESSMENT .......................................................................................................................... 3-13
u t
3.2.6 IDENTIFYING CHANGES IN THE OPERATIONAL ENVIRONMENT................................................................... 3-14
c n
3.2.7 IDENTIFYING NEW HAZARDS............................................................................................................................. 3-14
o e
3.3 CONTINUAL IMPROVEMENT ...................................................................................................................3-15
D t
3.3.1 PREVENTIVE / CORRECTIVE ACTION ............................................................................................................... 3-15
n
3.3.2 CORRECTING SAFETY PERFORMANCE ........................................................................................................... 3-15
l e o
3.3.3 CORRECTING SMS PERFORMANCE ................................................................................................................. 3-15
p C
3.4 MANAGEMENT OF CHANGE ...................................................................................................................3-16
m ted
3.4.1 OVERVIEW ........................................................................................................................................................... 3-16
a
3.4.2 IDENTIFYING CHANGE........................................................................................................................................ 3-16
3.4.3 MANAGING CHANGE ........................................................................................................................................... 3-16
S c
3.4.4 USE OF SAFETY ISSUES .................................................................................................................................... 3-17
a
3.4.5 USE OF THE PROJECT / CHANGE OBJECT ...................................................................................................... 3-17
d
3.5 DATA MANAGEMENT ..............................................................................................................................3-18
e
3.5.1 DATA QUALITY CONTROL .................................................................................................................................. 3-18
R
3.5.2 ESSENTIAL DATA FIELDS ................................................................................................................................... 3-18
3.5.3 REPORT STATUS................................................................................................................................................. 3-21
t
6.3.7 NON-DISCLOSURE ....................................................................................................................................................6
n
6.3.8 INITIAL ASSESSMENT OF SMS REPORTS RECEIVED ...........................................................................................6
e
6.3.9 CORRECTIONS TO WRITTEN RECORDS ................................................................................................................6
6.3.10 ASSISTANCE FROM MANAGEMENT ......................................................................................................................6
m
6.4 MANAGING SMS REPORTS.......................................................................................................................... 7
cu t
6.5 AVIATION SAFETY ACTION PROGRAM ...................................................................................................... 7
o n
6.6 VOLUNTARY DISCLOSURE REPORTING PROGRAM ................................................................................. 8
D t e
6.6.1 BACKGROUND ...........................................................................................................................................................8
n
6.6.2 CONDITIONS REQUIRED FOR ELIGIBILITY .............................................................................................................8
l e o
6.6.3 EXCEPTIONS .............................................................................................................................................................9
6.6.4 REPEATED VIOLATION .............................................................................................................................................9
p C
6.6.5 CLOSED CASE: CONDITIONS FOR REOPENING ....................................................................................................9
m ted
6.6.6 DISPUTE RESOLUTION .............................................................................................................................................9
a
6.6.7 SEPARATE ACTIONS AGAINST AIRMEN OR OTHER INDIVIDUAL AGENTS ........................................................9
6.6.8 APPLICABILITY OF THE FOIA TO SELF DISCLOSURE RECORDS ......................................................................10
S c
6.6.9 PROCEDURES FOR REPORTING TO YCO ............................................................................................................10
a
6.7 USE OF THE WEB-BASED VDRP TOOL FOR SUBMISSIONS ................................................................... 11
d
6.7.1 VDRP WEB-BASED SYSTEM ACCESS AND SUPPORT ........................................................................................11
e
6.7.2 GENERAL INFORMATION .......................................................................................................................................11
R
6.7.3 USER RESPONSIBILITIES .......................................................................................................................................11
6.7.4 SIX STAGES OF THE VDRP PROCESS ..................................................................................................................12
6.7.5 STAGE 1: NOTIFICATION BY YCO OF AN APPARENT VIOLATION......................................................................12
6.7.6 STAGE II: FAA RESPONSE TO YOUR COMPANY .................................................................................................13
6.7.7 STAGE III: WRITTEN REPORT OF YOUR COMPANY’S APPARENT VIOLATION.................................................15
6.7.8 STAGE IV: WRITTEN REPORT REVIEW BY THE FAA ...........................................................................................15
6.7.9 STAGE V: IMPLEMENTATION OF A COMPREHENSIVE FIX AND FAA SURVEILLANCE ....................................16
6.7.10 STAGE VI: INSPECTOR SIGNOFF ........................................................................................................................16
7. SMS ORGANIZATION ..................................................................................................................... 1
7.1 STRUCTURE.................................................................................................................................................. 1
7.2 SAFETY MANAGEMENT ORGANIZATION CHART ...................................................................................... 1
7.3 ACCOUNTABLE EXECUTIVE........................................................................................................................ 1
7.3.1 DESIGNATION OF THE ACCOUNTABLE EXECUTIVE .............................................................................................1
7.3.2 DUTIES AND RESPONSIBILITIES OF THE ACCOUNTABLE EXECUTIVE ..............................................................2
7.4 DIRECTOR OF SAFETY ................................................................................................................................ 2
7.4.1 DUTIES AND RESPONSIBILITIES OF THE DIRECTOR OF SAFETY.......................................................................2
7.4.2 SELECTION AND APPOINTMENT .............................................................................................................................3
7.4.3 KNOWLEDGE .............................................................................................................................................................3
7.4.4 EXPERIENCE AND EXPERTISE ................................................................................................................................4
7.4.5 COMPETENCY REQUIREMENTS..............................................................................................................................4
t
8.2.1 PILOT-IN-COMMAND AUTHORITY ............................................................................................................................1
n
8.3 HAZARDS AND THREATS ............................................................................................................................ 2
e
8.4 USE OF RISK ASSESSMENT TOOLS ........................................................................................................... 3
m
8.4.1 OPERATIONAL RISK ASSESSMENTS ......................................................................................................................3
u t
8.4.2 ORA PROCEDURES...................................................................................................................................................3
c n
8.4.3 ORA – FLIGHT RISK ASSESSMENT EXAMPLE........................................................................................................4
o e
9. FATIGUE RISK MANAGEMENT ...................................................................................................... 1
D n t
9.1 OVERVIEW .................................................................................................................................................... 1
e o
l
9.1.1 FRM SCOPE ...............................................................................................................................................................1
p C
9.1.2 FATIGUE RISK MANAGEMENT ELEMENTS .............................................................................................................1
9.1.3 CAUSES OF FATIGUE ...............................................................................................................................................1
m ted
9.1.4 DEFINITIONS ..............................................................................................................................................................2
a
9.2 FRM POLICY / OBJECTIVES......................................................................................................................... 3
S c
9.2.1 GENERAL POLICY .....................................................................................................................................................3
a
9.2.2 OALS AND OBJECTIVES ...........................................................................................................................................3
d
9.2.3 FLIGHT / DUTY TIME LIMITATIONS ..........................................................................................................................3
e
9.2.4 FLIGHT / DUTY TIME EXTENSIONS..........................................................................................................................3
R
9.3 FRM RESPONSIBILITIES .............................................................................................................................. 4
9.3.1 PERSONNEL ..............................................................................................................................................................4
9.3.2 MANAGERS ................................................................................................................................................................4
9.4 FATIGUE-RELATED DATA ANALYSIS ......................................................................................................... 4
9.4.1 FRM PERFORMANCE INDICATORS .........................................................................................................................4
9.4.2 SOURCES OF DATA ..................................................................................................................................................5
9.4.3 FATIGUE-RELATED HAZARDS .................................................................................................................................5
9.4.4 NON-PUNITIVE FATIGUE REPORTING ....................................................................................................................5
9.4.5 FATIGUE-RELATED EVENTS ....................................................................................................................................6
9.4.6 EVENT INVESTIGATIONS..........................................................................................................................................6
9.4.7 FRM EVALUATIONS ...................................................................................................................................................6
9.4.8 FRM PERFORMANCE ASSESSMENTS ....................................................................................................................6
9.5 CONTINUAL IMPROVEMENT ........................................................................................................................ 7
9.5.1 ASSESSMENT OF CURRENT CONDITIONS ............................................................................................................7
9.5.2 DATA MODELING AND ANALYSIS ............................................................................................................................7
9.5.3 MITIGATION OF FATIGUE AND OPERATIONAL RISKS...........................................................................................8
9.5.4 ASSESSMENT OF MITIGATIONS AND FEEDBACK .................................................................................................8
9.6 FRM PROMOTION ......................................................................................................................................... 8
9.6.1 EDUCATION AND AWARENESS TRAINING .............................................................................................................8
9.6.2 FRM TRAINING REQUIREMENTS .............................................................................................................................8
9.6.3 COMMUNICATIONS ...................................................................................................................................................8
t
11.3 ANTI- DRUG AND ALCOHOL MISUSE POLICY STATEMENT .................................................................... 3
n
11.4 FATIGUE RISK MANAGEMENT POLICY STATEMENT .............................................................................. 4
e
11.5 EMERGENCY RESPONSE POLICY STATEMENT ...................................................................................... 5
cu m t
D o t e n
l e o n
p
m ted C
S a c
e d a
R
SMS Manual
0. Introduction
0.1 GENERAL INFORMATION
0.1.1 BACKGROUND
14 CFR § 5.1 (a) IS-BAO 3.1.5.1
(A) Your Company’s Safety Management System (SMS) has been developed from guidance contained in:
(1) International Civil Aviation Organization (ICAO) Doc. 9859 Standards and Recommended Practices;
(2) FAA Advisory Circular AC 120-92B: Safety Management Systems for Aviation Service Providers;
(3) FAA Order 8900.1 Volume 17, Chapter 3: Safety Management System Voluntary Program;
(4) Transport Canada Advisory Circular AC 107-001: Guidance on SMS Development.
t
(B) Your Company (YCO) has established and maintains the SMS within a framework of just culture. The SMS
n
manual describes YCO’s safety policy and objectives, SMS requirements, SMS processes / procedures, as
e
well as accountabilities, responsibilities and authorities for such SMS processes and procedures.
cu m
0.1.2 SMS MANUAL AND SUPPORTING DOCUMENTS
t
o e n
14 CFR § 5.21 (a)(6)
D t
(A) This SMS Manual sets forth instructions and guidance to all personnel regarding their responsibilities,
e n
authorities and the proper performance of duties as they pertain to the company SMS.
p l C o
(B) Additional documents which support the SMS include: (Edit list to add or remove documents)
m ted
(1) Emergency Response Plan
a
(2) Occupational Health and Safety Manual
S c
(3) Internal Evaluation Program
d a
(4) Event Investigation Guide
e
(5) ASAP Policy and Procedures Manual
R
(6) SMS Training Program
0.1.3 APPLICABILITY
(A) YCO is an aviation service provider holding the following certificates / approvals: (Edit list)
(1) Air Carrier Certificate;
(2) Approved maintenance organization;
(3) Flight school.
t
(B) Twelve key elements are provided within the four sections above, in other sections of this manual, or within
n
the SMS web application. For example, the key element of Management Commitment may be found within
e
YCO’s Safety Policies as published in the web application.
cu m t
n
0.2.3 INTEGRATED SAFETY AND QUALITY MANAGEMENT
o e
(A) Your Company’s Safety Management System is also a quality management system by design. The web
D t
application supports various standards for quality audits, including
l e o n
p
m ted C
a
0.3 SMS DOCUMENTATION
S a
14 CFR § 5.95 (a), 5.95 (b)
c
d
(A) This SMS Manual (together with the supporting documents listed in paragraph 0.1.2 of this section) comprise
e
YCO’s SMS documentation. They describe YCO’s safety / quality policy and SMS / QMS processes and
R
procedures, including safety assurance processes and procedures.
NOTE:
Refer to the YCO Internal Evaluation Program
paragraph 1.10 for compliance monitoring procedures.
n
0.4.2 SAFETY ASSURANCE (SA) PROCESS RECORDS
14 CFR § 5.97 (b)
e t
m
(A) Safety assurance processes produce outputs of:
cu t
(1) Records of operational process / operational environment monitoring;
o n
t e
(2) Audits of operational processes, systems, products and services, and their findings;
D n
(3) Evaluations of operational processes, systems, products and services, and their findings;
l e o
(4) Investigations of incidents, accidents, and potential noncompliance with regulatory standards and other
p C
safety risk controls that YCO has implemented;
a m ted
(5) Reports from the confidential reporting system;
S c
(6) Analyses of data acquired from safety assurance processes;
a
(7) Safety performance assessments.
e d
(B) SA records must be retained for a minimum of 5 years.
(A) YCO maintains individual records of SMS training for the following personnel:
(1) The Accountable Executive;
(2) All members of management;
(3) All employees who perform in safety-sensitive positions.
(B) Each individual’s training record must be retained for as long as the individual is employed by YCO.
t
(6) Ground Handling and Servicing
n
(7) Cargo Operations
(8) Training of all Personnel.
m e
u t
(B) Within each of these systems and functional areas, operational processes are identified, monitored, measured
c n
and analyzed. YCO provides all personnel and managers with procedures, instructions, guidance and training
o e
in order to conduct all operational processes with the highest degree of safety.
e D o n t
p l
0.6 SMS WEB APPLICATION
m ted C
(A) Safety risk management and safety assurance processes are performed using the SMS web application.
a
Taxonomies and the reporting interface are configured to suit the scope and complexity of YCO aviation
S
activities, and adapt risk management methodologies to various departments’ available resources. Built-in
a c
“liferings” provide guidance within the system for varying individual levels of expertise.
d
(B) The SMS web application allows managers to record and manage safety and quality issues discovered from
e
reactive, proactive, and predictive safety management activities. The web app. also serves as a confidential
R
reporting system (CRS) for the reporting of events, hazards, and other safety / quality concerns.
(C) Responsible managers use the SMS web application to analyze, assess, control and manage safety risks
(including substitute and residual risk), record responsibilities for the implementation of risk controls, and
manage findings from internal / external audits and evaluations. The web application also enables
measurements of safety performance and of the SMS itself.
(D) YCO may choose to extend one instance of the web application across multiple certificates, subject to FAA
acceptance in accordance with FAA’s Corporate Enterprise SMS guidance.
t
lacking that make policy compliance difficult, these problems must be brought to the attention of a department
n
manager or the Director of Safety. Telephonic notification should be used for issues that are of an urgent
e
nature.
cu m t
o e n
14 CFR § 5.21 (d)
D n t
(A) YCO safety, quality, and other policy statements are
l e o
ore frequently if warranted due to growth or other change.
p
m ted C
a
1.1.3 MISSION
S c
(A) Your Company’s mission is to achieve the highest level of safety possible by managing both safety and
a
quality, thereby reducing accidents, incidents and injuries, while at the same time increasing operational
d
efficiency and providing a quality work environment for all personnel.
R e
1.1.4 DEDICATION TO SAFETY
(A) Your Company regards the safety of flight operations, crews, passengers and associated ground operations
as the most important consideration, in all activities. This dedication to safety is made with the realization that
risks must often be taken in the conduct of daily operations, and that all personnel must accept the inherent
risks associated with flight operations, maintenance, and aviation in general. All personnel must remain
devoted to quality, duty, good judgment, sound operational planning, and efficient use of available resources.
In addition, YCO management shall:
(1) Document YCO’s safety management priorities;
(2) Prescribe and document procedures for performing activities/processes;
(3) Provide training to the staff to develop the necessary knowledge, skills and attitude;
(4) Provide safety directives and controls to ensure their compliance;
(5) Procure suitable equipment and systems to support activities and ensure continuing serviceability; and
(6) Ensure that necessary resources are deployed to maximize safety performance.
t
1.5.1 SAFETY KEY PERFORMANCE INDICATORS
e n
(A) Within the SMS application, safety key performance indicators (SKPIs) reside under Policy / Objectives >
Performance Indicators > Safety tab > Safety performance. YCO’s Safety Review Committee
m
during initial management
cu t
reviews.
o e n
(B) SKPIs are created for to monitor,
D t
measure and SKPIs utilize minor reportable precursors which serve as predictive
n
indicators of the issue’s unwanted consequence (risk).
p l e C o
a m ted
S a c
e d
R
(C) For example, precursors to runway excursion include rejected takeoff, unstabilized approach, continued
landing after unstable approach, destabilized approach, long landing, off-centerline landing, etc. By measuring
these low-level events, YCO is able to effectively monitor and measure safety performance related to the
significant safety issue of runway excursion avoidance. Additional precursors may be identified through FDM /
FOQA data if such data is available.
(1) SKPIs typically measure minor unwanted events from the web app’s Events / Occurrences taxonomy
after it has been configured by an Administrator under Taxonomy management. A total of four
taxonomies reside under the Hazards / Factors group:
(a) Events / Occurrences
Precursors to a CFIT accident
(b) Hazards
(c) Human Factors
(d) Organizational Factors
(2) Any factor from any of the four taxonomies
presented may be selected to be counted
t
towards a specific SKPI. The SKPI is affected
n
whenever an impacting factor:
e
(a) is set in a report as the actual event that
m
occurred; (or)
cu t
(b) is selected as a contributing or causal
o n
factor in any type of report.
D t e
(3) In the example at right, if any of the following
e n
events are reported or identified as contributing
l o
factors in a report, they will be reflected in the
p C
CFIT performance indicator and counted
m ted
toward the CFIT SKPI’s alert threshold.
a
(4) High-level SKPIs are recorded and measured
S c
when an event is categorized as an:
a
(a) Aircraft accident, aircraft accident (near),
d
or aircraft incident (serious);
R e
(b) Work accident, work accident (near), or
work incident (serious);
(c) Vehicle accident, vehicle accident (near), or
vehicle incident (serious).
(D) High-level SKPIs receive their input by first identifying outcomes and then
of each report for which an event is set.
(E) SKPIs and their related performance objectives trends
identified under the Trend analysis tab of reports which have an event set. FDM / FOQA data or other
conclusions reached through the analysis of data process SKPIs.
(F) Safety and quality KPIs may also be developed to monitor the performance of products and services provided
by external providers During investigation, when an event or causal factor has
been identified that relates to an external provider’s product or service, the provider is associated with the
event and/or causal factor for tracking and trend analysis.
NOTE:
All KPIs require an appropriate unit of measurement in order to define an objective and set an
alert threshold (e.g., per number of flights, hours flown, number of aircraft returned to service, etc).
(B) Events which cause the actual event rate (red line) to spike above the yellow-line alert threshold are
considered temporary, normal monthly fluctuations in event rates.
(C) However when the average blue-line event rate reaches the yellow-line alert threshold, an email notification is
sent to the SKPI’s selected notification group, alerting managers of apparent substandard safety performance.
(D) When managers receive such an alert, they should promptly inform the Accountable Executive (AE). The AE
may then direct appropriate managers to analyze contributing events / factors and to further direct necessary
action(s) to address the substandard safety performance. The AE’s directives may include assessment of
existing risk controls, corrections to ineffective controls, or addition of further risk controls to existing CAPs.
NOTE:
SKPI alerts may not necessarily be indicative of substandard safety performance. Based on analysis of
contributing events, factors, and the performance metric applied, monthly data entered for the SKPI’s unit of
measurement should be checked. The SKPI’s alert threshold may also need to be reset to a more realistic level.
n t
(1) Operational key performance indicators KPIs
e
may be created for a single type of delay /
interruption, or for any combination of delays
m
/ interruptions. A single cause or multiple
cu t
causes may also be selected to count
o n
towards measurement of the OKPI being
t e
created.
D n
(2) Like SKPIs, any OKPI can be limited to a
l e o
specific aircraft model / type, or combination
p C
of aircraft types.
m ted
(3) OKPIs are impacted by data entered within
a
Reports > Risk Analysis tab > Delays /
S
Interruptions panel.
a c
(4) Types of delays / interruptions and their
d
safety and quality-related causes are admin-
e
defined under Setup > System
R
Configuration > Taxonomy management.
(B) Operational performance measurements may include the following:
(1) Flight operations performance due to various safety and/or quality-related causes such as:
(a) Delays and changes of aircraft;
(b) Diversions, interruptions, and flight cancellations.
(2) Maintenance system performance including:
(a) Flt ops delays / diversions / interruptions / cancellations due to maintenance control;
(b) Unscheduled maintenance (technical difficulties);
(c) Reworks of previously performed maintenance;
(d) Supplier-related deliveries of parts / components;
(e) Other causes.
t
(B) The SRM process identifies hazards that could foreseeably cause or contribute to an aircraft accident,
n
analyzes and assesses the probability and severity of potential consequences (this is the ‘risk’), and manages
e
unacceptable risk with mitigation measures.
m
NOTE:
u t
While the SMS focuses on hazards that could foreseeably cause or contribute to an aircraft accident, it is
c n
considered a best practice to also manage lesser ‘hazards’ which do not have aircraft accident potential.
o e
In the case of these lesser hazards,
e D o n t
p l C
2.1.2 TIME-CRITICAL SRM
m ted
(A) Time-critical safety risk management is an “on the run” mental or verbal review of a situation using a basic
a
risk management process without recording information. Personnel employ time-critical SRM when making
decisions in time-compressed situations. This level of risk management should be applied during all ground,
S c
maintenance and flight operations and training, and in crisis response. It is particularly helpful in choosing the
a
appropriate course of action when an unplanned event occurs while performing a routine task.
e d
(B) The method employs five simple questions that anyone, anywhere, can ask. It requires no documentation and
can be applied very quickly and easily, with very little training. It is an exceptional tool for all employees to
R
effectively address common, everyday risk situations. Some individuals may dismiss this process as overly
simple and purely common sense, yet the unfortunate truth is that common sense is an uncommon virtue. The
natural human tendency is to “just do it”, rather than stop for a moment to think about the risks associated with
a certain activity or task. The questions are:
(1) Why am I doing this task?
(2) What could go wrong?
(3) How could it affect me or others?
(4) How likely is it to happen?
(5) What can I do about it?
(C) Using this method, front-line personnel can view jobs and tasks from a risk management perspective, and
better decisions can be made.
NOTE:
t
Refer to Section 8: Operational Risk Assessment for instructions and
n
guidance on the use of flight and ground operational risk assessments.
m e
cu t
2.1.4 STRATEGIC SRM
o e n
14 CFR § 5.51 (a), 5.51 (b), 5.51 (c), 5.51 (d)
D t
(A) Safety issues are used for proactive risk management within the SMS web app. The process begins with
l e o n
together with their associated risk(s). SRM uses a risk assessment matrix to assess hazard
p C
exposure and risk probability / severity. This formal SRM process is applied to:
m ted
(1) Implementation of new systems;
S a
(2) Revision
a c
(3) Development
d
(4) Identification of the SA processes described in Section 3.
R e
(B) Strategic SRM is also performed during
Strategic SRM documents
hazards and associated risks, risk assessments, and risk controls designed to reduce risk to acceptable
levels. For complex changes,
SMS web application.
Project / Change object in the
(C) The same formal SRM process is also utilized within reports in which a hazard is identified which could
foreseeably cause or contribute to an aircraft accident, or .
(D) The SRM process requires:
(1) A identification;
(2) Risk ;
(3) Investigation and
(4) Development of to mitigate risk if necessary).
t
procedures, and develop . Operational procedures require
n
personnel to perform their jobs safely.
e
(C) A system description may be broad (as in paragraph 2.3.10 Initial System Description), or target only one
m
aspect or segment of a specific operational process. In the latter case the description need only be as detailed
u t
as necessary to identify hazards and develop procedures. If more detail is needed,
c n
, procedures, or tasks as needed.
D o t e
(D) Next, the identified processes, activities and tasks are
n
hazards. This is typically done in a group
l e o
setting using the same described the system.
p C
(E) In conducting the system analysis, the following information must be considered:
m ted
(1) Function
S a
(2) The system’s
c
.
a
(3) An outline of the
d
(4) The personnel, equipment, and of the system.
R e
2.2.2 PROACTIVE HAZARD IDENTIFICATION
14 CFR § 5.53 (c) IS-BAO 3.2.1.2
(A) Hazards are conditions that could foreseeably best
identified by first examining the safety-critical activities and
process / activity, or the safety-critical under study.
(B) Create a safety issue in the SMS web app. and develop a system description (or reference a system
description that is outside the issue, such as a project / change or the initial system description as described
in paragraph 2.3.10 Initial System Description). The system description should define the scope of the
issue (e.g., affected location(s), aircraft type(s), and the processes / procedures under study. Then create an
outline of affected tasks and procedures. Focus on safety-critical tasks to identify hazards (conditions which
could foreseeably cause or contribute to an aircraft accident).
(C) Analyze processes / activities / tasks (not the entire operation) using one or more of the following tools:
NOTE:
Safety risk analysis is best performed in a group or ‘brainstorming’ session, with stakeholders
who are subject matter experts and possess intimate knowledge of YCO operational processes.
t
(2) OHS example: “After-hours non-routine maintenance / inspection at an outstation, with one maintenance
n
technician working from height.
e
(3) Manufacturing example: “An improperly manufactured, out-of-tolerance new part installed on an aircraft
m
in service.”
u t
(C) These examples do not explicitly state anything that could go wrong. They do however describe the ‘hazard’;
c n
that is, the situation or conditions in which the hazard could manifest itself as an aircraft accident or other
o e
potential consequence. This is the risk; any unwanted potential consequence.
D n t
(D) Step 2: Develop one or more risk scenarios. A risk scenario is a postulated chain of events (which may
e o
l
include an undesired state or top event) and a ‘risk' (a potential consequence) as the final event in the
p C
accident chain. Each risk scenario should describe how the chain of events could progress (as a result of
hazards, threats, and failed barriers) to an undesired state (the top event), and perhaps beyond the top event
m ted
to become an incident, accident, or other unwanted potential consequence:
S a
(1) Scenario for flight ops example: “Missed approach / High cockpit workload / Error(s) executing the
c
missed approach / Loss of situational awareness / Controlled flight toward terrain / GPWS or EGPWS
a
alert.
e d
(2) Scenario for OHS example: “Pressure to complete task / Tech becomes fatigued / Makes installation or
R
inspection error / Unairworthy aircraft is returned to service / System or component failure in flight.
(3) Scenario for manufacturing example: “Out-of-tolerance part is installed / Unairworthy aircraft is
returned to service / Premature inflight failure of life-limited part.
(E) Step 3: For each scenario, set a consequence. This is the ‘risk’ or most credible potential consequence at
the end of the scenario chain. Setting the consequence provides data for the risk register and input for
assessments of potential severity and probability in the risk assessment process that follows.
(F) Note in the examples above how the consequence at the end of the risk scenario can be an undesired state
and not necessarily an accident. This is because we are analyzing the risk of the most credible potential
consequence; NOT a ‘worst case scenario’. Industry accident reports are testimony to the fact that the vast
majority of hazards manifest themselves as undesired states or incidents; rarely do hazards and realized
threats result in an accident.
e n t
cu m t
D o t e n
l e o n
p
m ted C NOTE:
a
See paragraphs 2.3.12 Safety Risk Profile and 2.3.13 Creating a Significant Safety Issue
for instructions and guidance on how to develop a safety risk profile and
S c
create / manage a significant safety issue.
e d a
R
t
(D) Exposure to the hazard is assessed with qualitative measurements (rare, seldom, often, and continuous).
n
Exposure is included in each risk assessment, but is not included in the risk’s RA value. This is because
e
factoring exposure into the RA value can cause a high-risk hazard to have an unusually low RA value if the
m
hazard is infrequently encountered.
o cu n t
D n t e
p l e C o
a m ted
S a c
e d
R
(E) Risk tolerability falls into one of three levels, based on the assessment’s resulting RA value of combined
probability and severity:
(1) Acceptable (Low). Low risks may be acceptable without further action.
(2) Acceptable-with-Mitigation (Moderate). Moderate risks may be acceptable, but only with risk-
mitigating strategies in place; they require risk controls and/or corrective actions to mitigate risk.
(3) Unacceptable (High). High risks are unacceptable, and require hazard elimination or other
immediate action. If the hazard cannot be eliminated, prompt risk controls and/or corrective actions are
necessary to mitigate risk, including cessation of flight operations or interruption of maintenance and
ground activities.
t
may be necessary to assure the corrective action
n
plan is performing as intended. Enter the name of
e
the person responsible, and the date through
m
which monitoring should be performed.
cu t
(D) Open the Study tab (of an issue) or the
o n
Investigation tab (of a report) to determine which
t e
of the hazards / factors identified there will be
D n
managed with risk controls and / or corrective
l e o
actions.
p
‘Identified’
C
or ‘Contributing’ will not.
a m ted
(E) On the CAP tab, add a control and give it a short
title. Specify the factor(s) mitigated by the control.
S c
A control may
a
and one or more potential
d
consequences.
e
(F) Define the control with an explanation of what is
R
to be done, and how. Provide a definition /
rationale (i.e., why are we implementing this
control?).
(G) Select “Ready to accept” to update the status of
the control to: Awaiting CAP acceptance.
t
alert thresholds.
e n
m
2.3.14 CREATING A MINOR SAFETY ISSUE
cu t
(A) Not all safety issues are significant. Issues are also created for proactive management of any hazard which
o n
could foreseeably cause or contribute to an aircraft accident, as well as lesser safety concerns (not related to
D t e
an aircraft accident). These include:
e n
(1) Management
(2) Occupational
p l C o
m ted
(3) Environmental concerns;
a
(4) Managing .
S c
(B) A micro ‘system description’ resides in the Overview tab of each issue, for use with the smallest changes
a
(such as changing a procedure or a checklist item).
e d
(C) Utilize the processes in paragraph 2.3 Safety Risk Assessment and Control to manage the issue.
R
2.3.15 CREATING A QUALITY ISSUE
(A) Quality issues may be created from
identified trends in quality nonconformity reports and findings.
, and as a result of
t
operational experience who has been trained
n
in this risk assessment method.
m e
u
2.4.2 EVENT-BASED RISK ANALYSIS
c n t
(A) The ER classification method was designed
o e
to analyze and assess risk associated with
D t
events that have already occurred.
l e o n
(B) ER classification is based on a concept of
p
“event-based risk”, which is an assessment
C
of flight safety risk associated with the
m ted
reported event (as opposed to risk Identified interventions / barriers for an
a
associated with a future, or 'similar' event). in-flight precautionary engine shutdown.
S c
(C) Because risk is being assessed on an event
a
that has already occurred (rather than
d
recurrence of a future or similar event), no
e
residual risk exists.
R
(D) The only exception to this absence of residual risk is in cases where one or more hazards remain at the site of
the event (e.g., undetermined injuries, closed runway, debris, leaking fuel, biologic hazards, etc.)
(E) If desired, an assessment of residual risk may be followed using the risk assessment (RA) tool on the report’s
CAP tab.
2.4.4 ER QUESTION 1
(A) If this event had escalated into an accident, what would have been the most credible outcomes?
(1) In your mind, try to escalate the event into an incident or accident. If it was virtually impossible that the
event could have escalated into an accident, then you are at the bottom row of the ER matrix.
(2) If you can imagine credible accident scenarios (even if improbable ones!), consider the most credible
scenario and judge its typical outcomes in terms of injuries to people and damage to / loss of assets. Then
select the corresponding row in the matrix. The listed “typical accident scenarios” can be of help.
(B) Question 1 seeks to identify the accident outcome that is of most concern when this type of event occurs; or
put another way, ‘what is the accident we are trying to avoid by having these events reported?’
(C) This question is NOT asking for the most probable outcome - In the majority of reported events, the most
probable outcome is usually “nothing” and therefore ignores any risk that the event carries. It is also not
asking for the 'worst case scenario' since this is not the most likely outcome to expect.
(D) For example, if a (tire / wheel / brake) system or component failure/malfunction were to have escalated into a
runway excursion (accident consequence), the most credible outcomes would be aircraft damage and
t
perhaps some serious injuries, as opposed to 100% fatalities.
e n
cu m t
D o t e n
l e o n
p
m ted C
S a c
e d a
R
Event Risk Classification Matrix
(E) There may be some subjectivity between analysts in answering the first question, depending on how they
consider the event's causal factors. However that variation is addressed in question two by considering the
remaining barriers, and resulting likelihood of the most credible accident consequence being realized (not the
worst-case scenario). The risk colors and values in the ER are intended to ensure that any variation in
approach produces similar outputs in terms of risk.
(F) In the longer term, most safety analysts and operational managers will be able to readily identify the
consequences and outcomes associated with various reported events (and hence reduce subjectivity
associated with the first question).
2.4.5 ER QUESTION 2
(A) What was the effectiveness of the remaining controls / barriers between this event and the most
credible accident scenario?
(B) The second question only considers remaining barriers – to estimate the probability of further escalation into
the most credible accident scenario as identified from question 1. The barrier which stopped the escalation will
be counted in (because it was still in place), along with any others that are believed to still remain. The already
failed barriers will be ignored.
(C) It is recognized that there is still subjectivity in the answer to the second question, and that expert knowledge
will still be required to make an accurate categorization.
(D) Analyze both the number and robustness of the remaining barriers between this event and the accident
scenario in Question 1. For the vertical column selection, you should pick:
(1) Ineffective - if the only thing separating the event from an accident was pure luck or exceptional skill,
which is not trained for, nor required;
(2) Minimal - if some barrier(s) were still in place but their total effectiveness was “minimal”. For example, this
t
could be a GPWS warning just before an imminent CFIT;
n
(3) Limited - if the effectiveness of the barrier(s) was better than minimal, but "limited". Typically, this is an
e
abnormal situation, more demanding to manage, but with still a considerable remaining safety margin
m
(e.g., an engine failure on takeoff or runway incursion on short final);
cu t
(4) Effective - if several good barriers remain, such as in-flight failure of a redundant system, or engine
o n
failure in cruise flight.
D t e
(E) The reference in this analysis (even for manufacturers and repair organizations) has to be to an aircraft
n
accident, because risk assessment only makes sense in relation to an accident. It does not change the fact
l e o
that we manage events that are not actually accidents, it just recognizes the fact that to measure the risk
p C
associated with lesser events, we need to reference them to their related accident consequences. In some
m ted
cases, the reference accident could be so minor that it would not actually qualify as an accident according to
a
ICAO and NTSB definitions.
S a c
e d
Source: ARMS Methodology for Operational Risk Assessment
v 4.1 March 2010 - ARMS Working Group (modified).
e n t
cu m t
D o t e n
l e o n
p
m ted C
S a c
(D) The Highest residual risk column
a
shows the highest numerical RA value
d
from all risk assessments of the same
e
risk. For example, the risk of Engine
R
shutdown inflight may have been
residually assessed as in an
initial system description safety issue,
and then again as in a
later identified safety (trend) issue. In this
case the risk register will display the risk
of the consequence: Engine shutdown
inflight only once and its highest
residual risk will display as:
. Related (child) risks of System / component failure
(E) The Risk group shows how risks are related. In the example above, Engine shutdown inflight, Failure /
Malfunction (powerplant) and Failure / Malfunction (propeller) are all related child terms of the parent group:
System / component failure.
(F) If the parent term: System / component failure is identified as a risk in a safety issue, then all risk controls
created in the system which mitigate that parent term (or any of its child terms) will appear in the risk register
drill-down. This concept of parent / child relationships is essential to understanding event trend analysis and
the effective creation of safety key performance indicators (SKPIs).
(G) Any risk or risk group may be set and monitored as a safety key performance indicator (SKPI). In the example
above, an SKPI could be set for Engine shutdown inflight and another for Failure/Malfunction
(powerplant). Further, the Failure/Malfunction (powerplant) SKPI could be set to capture the many child
events under it (including engine shutdown inflight if desired) such as engine overspeed, compartment
overheat, etc. See Paragraph 1.5.2 Safety Key Performance Indicators for more information.
e n t
cu m t
D o t e n
l e o n
p
m ted C
S a c
e d a
(C) Select the blue command button: Assess current risk to review, re-assess and record the current level of
R
risk, including the date of the assessment and the person making the review. Re-assess current risk:
(1) If trends identified from KPIs or repeated events indicate that risk controls are not effective;
(2) When changes occur in the operating environment;
(3) During annual management review.
(D) During management review, each risk in the risk register with aircraft accident potential is re-
assessed. The re-assessment should be based on current operations and exposure to hazards in the
operating environment which could foreseeably cause or contribute to an aircraft accident. The assessment
also considers risk controls in place to mitigate risk.
(E) risks which are not associated with a potential aircraft accident may also be re-assessed if
desired. It is not necessary to review residual risks assessed as .
(F) The risk register is an effective aid in the analysis of YCO’s significant safety issues, quality issues, and safety
/ quality trends.
e n t
cu m t
D o t e n
l e o n
p
m ted C
(C) Factors from Reports. During investigations of reported events, hazards and nonconformities, factors are
a
recorded within advanced root cause analysis. These are events, states, and conditions which actually
S
occurred or were present at the time of the report.
a c
(D) Factors are given one of three attributes:
d
(1) Identified factors are factors found to be present during an event or nonconformity, but which did not
e
directly contribute to, or cause the reported event / nonconformity.
R
(2) Contributing factors are factors which contributed to the event or nonconformity.
(3) Causal factors are contributing factors which, when made causal, must be addressed by one or more
mitigating risk controls or corrective actions (RC/CAs) before the report’s CAP can be accepted.
(a) A causal factor may be considered a root cause.
(b) More than one root cause may be identified for a reported event or nonconformity.
NOTE:
Contributing and causal factors from reports impact
safety key performance indicators (SKPIs)
(E) Factors from Issues. Factors identified from proactive studies of safety and quality issues also show up in
the hazard register as identified, contributing or causal. However unlike reports, contributing and causal
factors from issue studies are events / conditions that have not actually occurred, and therefore do not impact
SKPIs.
(F) Factors from Operational Risk Assessments. Factors identified from flight and ground operational risk
assessments (ORAs) are also displayed and incremented, but do not show up in the ‘Total’ column.
3. Safety Assurance
3.1 SAFETY PERFORMANCE MONITORING AND MEASUREMENT
14 CFR § 5.71 (a)
(A) YCO has developed and maintains Safety Assurance (SA) processes to collect safety data pertaining to its
operations, products and services. This data is used to monitor safety performance and validate the
effectiveness of risk controls. Safety assurance processes assure that risk controls achieve their intended
objectives and, when they fall short, are improved.
(B) Safety data comes from system descriptions, hazard / event reports, audit findings and FOQA / FDM reports
of events or trends, as well as data from safety studies, surveys, and investigations.
(C) Safety performance is primarily monitored and measured using safety performance indicators, objectives, and
alert thresholds, in support of the company’s safety goals. YCO also monitors operational processes and the
company’s operational environment.
n t
3.1.1 MONITORING OF OPERATIONAL PROCESSES
e
14 CFR § 5.71 (a)(1)
m
(A) Department managers monitor operations
cu t
safety risk controls, measure the effectiveness of safety risk controls, assess
o n
system performance, and identify hazards to safe operations.
D t e
(B) Monitoring of operational processes may include reviews of:
n
l e o
(1) Flight operations
p C
declarations);
m ted
(2) Maintenance documents
a
(RII) authorities, duty time sheets);
S c
(3) Records of ;
a
(4) Reports received from the confidential reporting system;
e d
(5) Risk controls implemented process;
R
(6) FDM / FOQA analysis;
(7) CASS data or reviews.
e n t
cu m t
D o t e n
l e o n
p
m ted C
S a c
e d a
R
NOTE:
SA outputs to SRM (operational process deficiencies, new hazards and findings from management review)
interface with safety risk management through the creation of audit finding reports and issues. SA outputs
of nonconforming or ineffective risk controls do not go back through the SRM process; the controls
are simply corrected, or additional controls may be added to the ineffective control’s CAP.
(D) Your Company will include the results of all outside evaluations / assessments performed by oversight
organizations in its Analysis of Data process (see paragraph 3.1.9 below).
(E) The Safety Action Group may also elect to
and for the development of risk-mitigating strategies.
These objective, third-party audits often reveal deficiencies or areas requiring improvement that would
otherwise remain undetected.
NOTE:
Refer to the YCO Internal Evaluation Program for further guidance on performing departmental
audits, external provider audits, internal evaluations, and compliance monitoring / audits.
t
(A) Investigation is an essential safety assurance
n
and other minor events.
e
(B) Reactive investigations. At a minimum, YCO will investigate the following:
m
(1) All incidents and accidents;
(2) Near-accidents;
o cu n t
t e
(3) Instances of
D n
(4) Instances of controls.
l e o
(C) Proactive investigations. YCO safety staff and managers may also choose to investigate minor irregularities
p C
that are indicative of quality or process deficiencies
m ted
purpose. On the Investigation tab of a report,
a
select ‘Add factor’ to reference taxonomies of Events / Occurrences, Hazards, Human factors and
S c
Organizational factors.
a
(D) Predictive investigation / Study. Predictive FDAP / FOQA data (such as deviations from flight manual
d
limitations / SOPs, exceedances of speed, pitch, rates of descent, etc.) and deviations / errors identified
e
during LOSA observations may be which
R
an event is set). In the case of an identified trend, a safety issue may be used to study the trend.
(E) Certain reported events may also be investigated which are considered predictive indicators (e.g.,
maintenance errors and quality escapes which are precursors to an unairworthy aircraft in service). Such
precursors are minor events / factors nsequences. The SMS web app
supports the investigation of these precursors and 1) automatically trends them if they are set as events; and
2) utilizes them to impact SKPIs when they are identified as contributing or causal factors in reports.
(F) Accidents, incidents and related precursors often have contributing factors and influences from outside the
company (such as
NOTE:
Refer to the YCO Event Investigation Guide for further guidance.
(E) Analysis of audits of operational processes and systems (ref. paragraph 3.1.4)
(1) In the Audits / Evaluations table, filter audits for dates completed in the previous 12 months.
(2) Then in the Type column, filter for: Departmental audit.
(3) Filter further as desired for division and/or department to analyze completed audits of operational
processes and systems.
(4) Select an audit to see related findings. On the audit’s Findings tab, use the Next audit / Previous audit
commands and all filters will be retained.
(F) Analysis of evaluations of the SMS and operational processes and systems (ref. paragraph 3.1.5)
(1) In the Audits / Evaluations table, filter audits for date completed in the previous 12 months.
(2) Then in the Type column, filter for: Internal evaluation.
t
(3) In the Functional area / process column, select 1.5 Safety Management to analyze evaluations of the
n
SMS.
e
(4) Filter further as desired to review and analyze completed evaluations of operational processes and
m
systems within various departments.
o cu n t
e
(G) Analysis of investigations of incidents and accidents (ref. paragraph 3.1.7)
D n t
(1) Filter the Reports table by date range for the past 12 months.
e o
l
(2) Filter the OCC Category column by aircraft accident or incident.
p C
(3) For each reported incident or accident, select the report’s Investigation tab.
a m ted
(4) See investigator’s notes in the Investigation notes / forum panel.
S c
(5) Under Advanced root cause analysis, see identified contributing and causal factors (these factors appear
a
and are incremented in the hazard register).
e d
(6) In the CAP tab that follows, analyze the lead investigator’s identified safety / quality concern(s) and
recommendations. These should support development of an effective CAP.
R
(H) Analysis of reports regarding potential noncompliance with regulatory standards or other safety risk
controls established through the SRM process described in Section 2 (ref. paragraph 3.1.7)
(1) Audit finding and nonconformity reports.
(a) Filter the Reports table by date range for the past 12 months.
(b) Filter the Reports table’s Nonconformity (NCF) class column for Regulatory noncompliance. This
shows all audit findings (and other nonconformities discovered outside of an audit) in which a
potential regulatory noncompliance was revealed.
(c) Filter the Nonconformity (NCF) class column for Procedural noncompliance. This shows all audit
findings (and other nonconformities discovered outside of an audit) in which noncompliance with
policies, procedures, manuals or other risk control has been identified.
(I) Analysis of the performance of the confidential reporting system (ref. paragraph 3.1.8)
(1) Under Performance Indicators > SMS tab, filter by date range for the period under review.
n t
(2) In the Reports by reporting group area, compare displayed data to performance objectives
e
(leaving Department un-selected displays data for all departments).
m
(3) Select a department to assess the performance of various SMS processes in just that department.
u t
(4) Record assessments for each objective, or delete objectives that no longer apply.
o c n
(5) If desired, revise performance objectives and/or create new ones. Objectives can be organization-wide or
D t e
department-specific.
e n
(6) Select an area within any pie chart to see reports impacting the indicator. Go to a specific report to
l o
analyze contributing and causal factors.
p
m ted C
a
(J) Other SMS performance indicators measure the performance of SMS processes by calendar month, year,
S
or custom date range. They are updated automatically as various due dates and completion dates are
c
recorded in the SMS application. Click on a pie chart segment to see the reports / issues / audits that are
a
impacting the selected data. Note: Select "Not defined" or "Unassigned" pie chart segments to identify where
d
data is missing, and to improve the data as necessary.
R e
1. Further assess performance of the SMS by e under Performance Indicators > SMS
tab, and comparing displayed data to performance objectives (leaving Department un-selected displays
data for all departments).
2. Select a department to assess the performance of various SMS processes in just that department.
3. Record assessments for each longer apply.
4. If desired, revise organization-wide or
department-specific.
n t
(3) The TCAS RA is the highest level event. It is the event
e
(typically the last in the chain of events) which has either
m
the most significant outcomes, or the greatest potential
u
for negative
c t
into an accident scenario, its
o n
unwanted consequence would have the highest potential
t e
severity.
e D n
(4) All 3 of these events should be captured to feed SKPIs and for event trend analysis. The reported event
l o
should not be set to Altitude / level deviation; it should be set to TCAS RA. And the altitude deviation and
p C
violation events should both be entered as contributing or causal factors using advanced root cause
m ted
analysis under the report’s Investigation tab..
a
(5) Note the Navigation error (Airborne) event group under which the Altitude / level deviation term resides.
S c
The report’s Trend analysis tab automatically displays all related events
a
than loss of separation events. So the reported
d
event is re-set to the event which carries with it the highest risk.
R e
Trend analysis tab of an Air Safety report for which an event has been set.
n t
(a) Create a finding with a classification of Risk control nonconformity and make the report a child of
e
the original report or issue from which the ineffective control originates. The original report or issue
should contain a risk analysis / assessment, so
m
these SRM processes need not be repeated.
cu t
(b) Correct the ineffective control in the original report or issue, and add additional controls as necessary
o n
to assure a satisfactory operational process output.
D n t e
l e o
3.2.6 IDENTIFYING CHANGES IN THE OPERATIONAL ENVIRONMENT
p C
14 CFR § 5.73 (a)(4)
m ted
(A) A current system description and ing changes in the operational
a
environment. When a change is detected which could introduce new hazard(s) a safety issue is created to
S c
manage the change.
a
(1) Under System Description, select Add system description and save. This loads the last system
d
description for comparative analysis.
e
(2) Under System Analysis, open the various panels and compare current operations and the current
R
operational environment notes / explanations.
(3) Select Add issue to manage any changes which could introduce new hazards that could foreseeably
cause or contribute to an aircraft accident.
n t
3.3.1 PREVENTIVE / CORRECTIVE ACTION
e
(A) When a risk control
m
risk controls, corrections must be made to eliminate
u
the cause(s) of nonconformity.
c n t
(B) If an existing risk control is not conforming, or the control is not meeting expectations, the department
o e
manager responsible for the control develops a corrective action to address the nonconformity, or preventive
D t
action(s) to address potential future
n
risk controls. Each corrected or new control is
l e o
implemented and a follow-up is scheduled to assure the corrected or new control was properly implemented.
p
m ted C
a
3.3.2 CORRECTING SAFETY PERFORMANCE
S c
(A) If management review reveals that performance objectives have not been met, or whenever a safety key
a
performance indicator (SKPI) alert thres in paragraph 1.5.2 SKPI
d
Thresholds and Alerts is applied to correct the trend and prevent it from escalating further.
R e
3.3.3 CORRECTING SMS PERFORMANCE
(A) If management review reveals that SMS performance objectives have not been met, or that a SMS
performance indicator is more Finding reports are created for application of
safety risk management.
NOTE:
A management review is a type of internal audit. Refer to the YCO
Internal Evaluation Program for further guidance on performing management reviews.
t
these changes and their related hazards, in order that related safety risks may be assessed and controlled in
n
accordance with YCO’s safety risk management (SRM) procedures as described in Section 2: Safety Risk
e
Management.
cu m t
o n
(A) Your Company identifies change during:
D t e
(1) Each annual management review’s system description update;
n
l e o
(2) Compliance monitoring assessments using procedures contained in the YCO Internal Evaluation
p C
Program.
a
3.4.3 MANAGING CHANGE
m ted
S a c
(A) The strategic safety risk management (SRM) process described in paragraph 2.1.4 Strategic SRM is used to
d
analyze, assess and manage risk associated with hazards that may be introduced during changes to
e
company systems, operations, and procedures.
R
(B) Inputs for SRM are system new system, operation, or procedure.
System analysis identifies potential hazards associated with the proposed change, by providing an
understanding of critical Safety risk analysis and
assessment are then applied to each identified hazard and associated consequence, in order to determine
acceptable levels of risk.
(C) Management of change should not be management tool. Rather, it is used to identify
and manage hazards associated with the project / change. To avoid duplication of effort, change management
should be planning.
NOTE:
When change management identifies a hazard which could foreseeably cause or contribute to an aircraft
accident, the SRM process must be applied. For identified hazards which do not have accident potential, a
simple risk control or corrective action (RC/CA) may be sufficient; the formal SRM process is not required.
4. Safety Promotion
4.1 OVERVIEW
(A) Safety Promotion processes support all other SMS processes through clear communications of safety, quality,
non-punitive reporting and other policies. Safety promotion also communicates the company’s safety
performance and
culture.
(B) Safety promotion includes establishing competency requirements for safety-related positions, and training for
all personnel. This training helps personnel understand the SMS and its importance to safety and efficiency.
(C) Safety communications (such as dissemination of safety information and lessons learned) also keep
personnel informed and enhances overall organizational safety.
(D) Through its Safety Promotion (SP) efforts, Your Company continually promotes the growth of our positive
safety culture, and
of the company’s Safety & Quality
t
Policy within the SMS web application and elsewhere. In addition:
n
(1) Your Company communicates safety responsibilities for all personnel, which include clear and regular
e
communications of safety policies, goals, objectives, expectations, standards, and performance to all
m
employees;
u t
(2) Your Company’s confidential reporting system supports anonymous reporting if desired, in order to
c n
promote and encourage the uninhibited reporting of hazards, errors, and safety concerns;
D o t e
(3) The SMS web application provides accessible and efficient means of retrieving information and
n
administering safety management training.
l e o
(E) Ongoing safety promotion activities of Your Company include ensuring that all employees know what is
p C
expected of them as
S c
(F) Methods of safety promotion include spoken and written word, posters, announcements, website updates,
a
safety awards, etc. Above all, Your Company provides ongoing safety promotion through continual
d
demonstrations by management of hazard identification, prompt a
e
just” safety culture.
R
4.2 COMPETENCIES AND TRAINING
14 CFR § 5.91
to each individual’s
involvement in the safety management system:
(1) The Accountable Executive;
(2) The Director of Safety and safety staff;
(3) Supervisors and managers at all levels.
(C) SMS training is further provided for employees who perform in safety-sensitive positions (e.g., pilots, cabin
attendants, dispatchers, maintenance technicians, ramp workers, etc.). This training is appropriate for front-
line operational personnel who are involved in the SMS.
t
(D) SMS training may be
n
for ensuring that all materials, handbooks,
e
presentations and tests used in training are valid and current at the time of training.
m
(E) If SMS training is outsourced, Your Company provides company-specific SMS training that includes
u
instruction regarding safety policy and objectives, how to use the confidential reporting system, company
c t
safety performance, and lessons
o n
from outside industry sources.
D t e
(F) SMS Training shall be completed satisfactorily within the preceding 12 calendar months for each person’s
e n
assigned duty position.
l o
knowledge for personnel to accomplish
p C
their duties with the highest level of safety.
a m ted
S
NOTE:
c
Refer to the YCO SMS Training Program for courses and categories of training, course syllabi,
a
objectives, prerequisites, training intervals, instructional methods and recordkeeping requirements.
e d
R
4.2.3 SMS TRAINING RECORDS
Interface – SMS Training Program § 2.5 Recordkeeping
(A) The SMS Training process produces outputs of:
(1) SMS Training Program (as described above);
(2) Records of required and delivered training;
(3) Incorporation of lessons learned into training.
(B) The Director of Safety is charged with the overall accuracy, completeness, maintenance and security of all
SMS training files. The Director of Safety assembles and maintains a training folder for each individual who
receives SMS training. Thes
(B) When a Safety Comm or memo is created, each recipient is notified by email with instructions to read and
acknowledge the communication. The acknowledgement confirms each recipient’s receipt and understanding
of each message being conveyed.
(C) If a recipient does not
n t
(E) Your Company may also communicate safety information from within the SMS application to regulators in
e
accordance with established memorandums of understanding and disclosure programs.
cu m t
o e n
4.3.1 REQUIRED COMMUNICATIONS
D n t
14 CFR § 5.93 IS-BAO 3.4.2.1
l e o
(A) Safety Comms and memos may target individuals, specific groups, departments, or be disseminated
p C
company-wide. These communications:
m ted
(1) Ensure that employees
S a c
relevant to the employee’s responsibilities;
a
(3) Explain why particular safety actions have been (or will be) taken to improve safety;
e d
(4) Explain why safety procedures have been changed, or are being introduced.
R
(B) When a Safety Comm applies to a subcontractor’s product or service, the responsible dept. manager shall
provide all pertinent
(D) Safety lessons learned are communicated to personnel by creating Safety Comms and Memos within the
web app, where notifications are generated and acknowledgements are recorded. Memos and safety comms
can be sent to individuals, specific groups, departments, or be disseminated company-wide. Lessons learned
are also communicated during company-specific training classes, and through newsletters and postings on
company bulletin boards.
(E) Safety lessons learned that may be of interest to other organizations are also communicated, in order to inter-
operate with those organizations’ SMSs, and cooperatively manage issues of mutual concern.
NOTE:
When lessons learned come from sources outside the company such as accident / incident / ASAP
reports from other operators, safety advisories, airworthiness directives, all-operator
t
messages, etc., department managers are responsible for disseminating
n
this information to personnel within their respective departments.
m e
o cu n t
D
4.3.3 GENERAL COMMUNICATIONS
n t e
l e o
(A) These communications convey information of a general nature that is not related to specific safety issues, and
p C
promote employee awareness of SMS benefits. Topics may include:
m ted
(1) Number of days worked without an injury;
S a
(2) Positive impact of the company’s Safety Management System;
c
a
(3) Success stories on how sharp eyes, non-complacency and a ‘continual state of awareness’ have
d
identified hazards and risks have been mitigated;
e
(4) Announcements of safety awards presented to personnel for outstanding contributions, etc.
R
4.3.4 PROTECTION OF SAFETY INFORMATION
IS-BAO 7.4.1
(A) Safety information collected under the YCO safety management system shall be protected by YCO
management, to be used by YCO for the furtherance and promotion of safety, and for no other purpose,
except in the following cases:
(1) If circumstances reasonably indicate that an event or occurrence may have been caused by conduct with
intent to cause damage or conduct with knowledge that damage would probably result, equivalent to
reckless conduct, gross negligence or willful misconduct;
(2) Review by YCO senior management determines that the release of the safety information is necessary for
the proper administration of justice.
n t
(4) Scheduling of the 11 self-assessments and FAA design demonstrations as specified in the SOE.
m e
u
5.1.2 SCHEDULE OF EVENTS
c n t
(A) FAA’s Schedule of Events (.xlsx worksheet) satisfies requirements for SMSVP planning and is used by YCO
o e
and their CMT to document the schedule of events by which YCO will achieve SMSVP active conformance.
D n t
(B) The Schedule of Events (SOE) must be kept current. If planned dates change, the document must be revised
l e o
and the revision submitted to the CMT (with a revised date in Cell D 1 of the Schedule of Events tab).
p C
(C) The Schedule of Events contains:
m ted
(1) The Job Aids YCO will use for self-assessment, and their CMT will use for design validation and design
a
demonstration phases;
S c
(2) The parts of the SMSVP standard that are validated by each Job Aid.
e d a NOTE:
R
Self-assessments are required by the certificate holder prior to assessment by the CMT.
(D) SMS implementation status and dates may also be recorded and tracked in the SMS web application under
ASSURANCE > SMS Implementation, where:
(1) The current and periodically edited Schedule of Events is uploaded, retained and retrieved for editing;
(2) Corrective action requests are made and completed actions are recorded (such as an action request to
submit the revised SOE to the CMT for coordinating availability).
(E) Instructions for completing the Schedule of Events are provided in the FAA .xlsx worksheet.
(B) The Compliance Statement / Tracker must be completed by the Certificate Holder (YCO personnel in charge
of SMSVP conformance). The document is provided within the SMS web application under Setup >
Guidance Configuration > Documents tab > Miscellaneous Documents panel.
(1) Within the SMS web application under ASSURANCE > SMS Implementation, the current and periodically
revised Compliance Statement / Tracker is uploaded and periodically retrieved for editing if necessary;
(2) Corrective action requests are made and completed actions are recorded.
t
purpose.
e n
(5) Upon conformance with the SMSVP standard, enter into the CS worksheet the manual - section -
paragraph and/or area in the SMS web application where the 14 CFR reference is listed.
u m
(6) Continue through the CS worksheet until all 14 CFR references have been addressed.
o c e n t
D t
(D) Each time a revision to the Compliance Statement is submitted to YCO’s CMT, update the revision number
n
and date in the worksheet’s Compliance Statement Tracker tab.
p l e C o NOTE:
m ted
Multiple references from various documents may be required
a
to fully address all Part 5 / SMSVP standard references.
S a c
e d
5.1.4 IMPLEMENTATION PLAN OUTLINE
R
(A) The SMS is implemented as follows:
(1) Administer the eLearning courses: Initial SMS Training for Personnel and Initial SMS Training for
Managers to the YCO management team. SMS eLearning courses are accessed within the web app.
under PROMOTION > SMS e-Learning. Managers who lack SMS experience and training should start
with the initial Personnel course before taking the Manager’s course, to refresh their knowledge of SMS
processes and better understand the SMS message being delivered to front-line employees.
(2) Read, edit and accept the SMS Manual template and chosen supporting programs. Save each
internally-accepted manual / program / guide as a PDF document and upload the documents to the SMS
web app. in the appropriate panels under Setup > Guidance Configuration > Documents tab.
IMPORTANT:
Edit the SMS Manual and supporting programs with guidance provided in the document: Working with
Omni Manuals. This document resides in the SMS web app under Setup > Guidance Configuration >
Documents > Miscellaneous Documents. Certain paragraphs contain specific regulatory requirements
of Part 5 and the SMSVP standard. Paragraph numbering must therefore be maintained.
(3) Read, edit and accept relevant policy statement templates. They reside both in the SMS Manual and
as stand-alone documents in the SMS web app. under Setup > Guidance Configuration > Documents
> Policies. Be sure they are agreed to and signed by the Accountable Executive before uploading PDF
versions to the SMS application.
(4) Configure the SMS web application. This creates user accounts, enters equipment information, maps
departments to functional areas and processes, and configures the many taxonomies in the web app to
suit the size and scope of YCO operations. The confidential reporting system is also configured to set
report types, notification groups and reportable events / MOR events.
(5) Develop an initial system description and system analysis. During this step:
(a) Hazards which could foreseeably cause or contribute to an aircraft accident are identified;
(b) The company’s Safety Risk Profile is generated, consisting of significant safety issues (SSIs) as
desired;
n t
(c) Safety objectives and safety key performance indicators (SKPIs) are created to monitor safety
e
performance; and
m
(d) Baseline controls are entered into the system.
o cu n t
(6) Schedule the eLearning course: Initial SMS Training for Personnel for all YCO staff members who
D t e
work in safety-sensitive positions (e.g., pilots, cabin attendants, Mx techs., operational control staff, ramp
n
staff, cargo ops., etc.). Plan the training to coincide with formal implementation and roll-out of the SMS.
p l e C o
m ted
5.1.5 SMS VOLUNTARY PROGRAM (SMSVP) APPLICATION
a
(A) To enter into the SMSVP program, first review all the information in Volume 17, 8900.1.
S c
(B) Submit a letter to the Certificate Management Team. Per the 8900.1, Volume 17, 17-3-1-11 (A) the letter must
a
be on company letterhead and contain the following items:
e d
(1) A statement that Your Company’s top management is committed to establishing and maintaining an SMS
program within the organization;
R
(2) A statement that YCO is committed to providing the necessary financial and personnel resources
dedicated to accomplishing the task.
(3) A statement requesting entry into the “FAA SMS Voluntary Program.”
(C) The letter needs to be signed by a member or members of top management and sent to the local Certificate
Management Team responsible for the oversight of your certificate. Copy the SMS PO at 9-NATL-SMS-
[email protected]
(D) Upon receipt of the application letter, the SMS Program Office will coordinate with the Certificate Management
Team (CMT) to set up a virtual SMSVP Briefing if needed.
NOTE:
Refer to the following documents for additional information, under Setup >
Guidance Configuration > Documents in the Miscellaneous Documents panel:
Schedule of Events / Compliance Statement Tracker / OmniSMS Implementation
e n t
m
THIS PAGE INTENTIONALLY LEFT BLANK
o cu n t
D n t e
p l e C o
a m ted
S a c
e d
R
t
employee or person who reports an event, incident or other occurrence involving human error, and who
n
openly participates in the investigation and development of error prevention strategies. A minimum level of
e
participation requires providing contact information in the report, and at least one suggestion for correction.
m
(C) In addition to providing a “just safety culture” wherein personnel and vendor employees can identify safety
u t
hazards and report events without fear of reprisal, YCO management is committed to continued training and
c n
re-education of its valued personnel, and to the rehabilitation of those employees in need of such assistance.
o t e
(D) YCO management is committed to achieving the highest level of safety, and this includes active support of
D n
our reporting system. Therefore, all personnel who support and constructively contribute to YCO’s confidential
l e o
reporting system will be recognized and rewarded for their positive actions.
p
m ted C NOTE:
a
Refer to YCO’s published Non-punitive Reporting Policy Statement for details.
S a c
d
6.1.2 AWARD INCENTIVES
R e
(A) Your Company may reward individuals who make positive contributions to YCO’s Safety Management
System through safety recognition and awards. Awards may include:
(1) Letters of commendation;
(2) Printed certificates or engraved plaques;
(3) Personal items related to aviation;
(4) Caps, patches, jackets and mugs;
(5) Gift certificates to local restaurants.
(B) Special emphasis is given to those individuals who include with their reports creative ideas for risk
mitigating strategies that can be accomplished with maximum efficiency and conservation of
resources. These recognitions and awards are effective tools for maintaining employee interest and
participation in the SMS. Candidates for recognition may be submitted to department managers by all
personnel. The YCO Safety Action Group agrees upon one individual to be recognized and awarded at
periodic SAG meetings.
t
(4) Organization, all reports.
e n
(B) The Director of Safety is further responsible for presenting all reports
recommendations for effective Corrective Action Plans.
cu m t
n
6.2.3 DEPARTMENT MANAGERS
D o t
(A) Each manager who receives a verbal,
n e
report of a hazard, event or other safety concern
is responsible for prompt evaluation of the report to determine if an urgent safety condition exists. If
l e o
warranted, immediate action to mitigate risk is authorized, including cessation of flight operations or
p C
interruption of work. All validated reports received shall be promptly entered into the SMS web application.
6.2.4 PERSONNEL
a m ted
S a c
(A) All personnel are responsible for the prompt reporting of any hazard, irregularity, incident, accident, error,
d
omission, violation or safety become aware. Urgent
e
concerns must be reported by the most expeditious means necessary.
R
(B) For urgent or life-threatening situations, immediate verbal or telephonic notifications are appropriate. Less
urgent situations may be reported in writing, or through the SMS web application. Although anonymity is
possible, personnel
for employees to
participate in the development of corrective action plans to prevent recurrence of similar events.
NOTE:
A copy of the source document or original report may be attached to
the report’s Docs / Images tab in the SMS web application.
t
U.S.C. subtitle VII, or any regulation promulgated there for a period of 5 years prior to the date of
n
occurrence; and
e
(3) The report is submitted within 10 days after the violation (or the date the reporter became aware of the
m
potential violation).
cu t
(E) The FAA utilizes the National Aeronautics and Space Administration (NASA) to act as an independent third
o n
party to receive and analyze reports submitted under the program. Reports are therefore anonymous and
D t e
normally cannot be used by the FAA for enforcement purposes, unless the violation was willful or negligent.
n
Additional information is available directly from NASA: https://asrs.arc.nasa.gov/overview/immunity.html
p l e C o
m ted
6.3 REPORTING OF HAZARDS, EVENTS, ERRORS AND VIOLATIONS
S a
6.3.1 HAZARDS
a c
(A) Hazards are tangible, observable objects, conditions or behaviors. Identification of hazards therefore
d
requires evaluation
e
er conditions. Hazards which could
foreseeably cause or contribute to an aircraft accident must be reported, and the SRM process in Paragraph
R
2.1.4: Strategic SRM applied.
(B) Other lesser hazards which would NOT foreseeably cause or contribute to an aircraft accident should
nevertheless be reported for safety risk management purposes.
6.3.2 EVENTS
(A) Events include accidents, near-accidents, incidents, injuries, illness, medical events, damage to aircraft /
equipment / property, and a myriad of other minor events and irregularities. Events are things that have
actually occurred (as opposed to a hazardous situation where something could happen, but has not
happened yet). YCO safety staff may categorize events as irregularities,, minor work incidents, aircraft
incidents / accidents, etc. after evaluation of an event and its outcomes (such as number and severity of
injuries, extent of damage, and other occurrence categorization criteria).
(B) Some events are defined as Mandatory Occurrence Reports (MORs). MORs are typically incidents,
accidents, or other events that could seriously compromise safety which must be reported to regulatory
authorities. YCO management will make a determination as to whether an occurrence is a MOR, and notify
authorities accordingly.
(C) Under no circumstances should an employee report a MOR event directly to regulatory authorities; such
notifications are the responsibility of department managers.
t
(5) Maintenance Errors – Events or near-events involving the use of suspected unapproved parts (SUP),
n
improper fluids, supplies, equipment or tools, tool calibration, test equipment, incorrect parts or hardware,
e
incorrect or conflicting technical references or guidance, or use of documents or forms that are not
current, should be reported.
cu m t
o n
6.3.4 REPORTING OF ERRORS AND VIOLATIONS
D t e
(A) It is the responsibility of every person to report mistakes and/or errors made by operations, administrative,
n
maintenance and inspection personnel immediately upon discovery. The owners, officers and managers of
l e o
Your Company understand that mistakes sometimes happen. Although every effort must be made to keep
p C
mistakes and errors to a minimum, what really matters is the intent of those involved, and how mistakes and
m ted
errors are dealt with after the fact.
a
(B) Your Company utilizes the following programs to protect both personnel and the company from potential
S c
certificate actions and civil penalties that may result due to unintentional errors:
a
(1) Aviation Safety Reporting System (ASRS)
e d
(2) Aviation Safety Action Program (ASAP)
R
(3) Voluntary Disclosure Reporting Program (VDRP)
(C) Errors may not necessarily result in a violation. Still, all errors and potential violations should be reported.
When making a report, identify all persons involved, and attempt to identify the cause of the error. Look for
systemic causes (i.e., areas where operational processes and procedures might be improved) and provide
suggestions that may prevent similar future occurrences.
(D) Your Company will never punish an employee for reporting an honest mistake or error, even if something was
overlooked, forgotten, or damaged. Errors should always be honestly revealed, even if the error resulted in
injury, equipment damage, or regulatory violation(s). The investigation of small errors, and taking steps to
eliminate the causes of error, are essential parts of preventing major accidents.
(E) If the error resulted from willful violation of government regulations or Company procedures, the error must
still be disclosed. Safety benefits from rule violations only result when the circumstances of the violation are
fully investigated. In many cases, personnel who repeatedly violate a rule prove eventually that the rule (or
part of it) is not fostering safety at all, and should be modified. This determination can only be made through
an honest examination of the violation.
(F) Your Company’s Director of Safety and appropriate department managers will determine any corrective
action(s) that need to be taken. This may include the administering of additional training, revisions to
documents, manuals and programs, or other corrective actions. If a concern regarding pilot proficiency arises,
the pilot may be evaluated, removed from all non-training flight duties, re-trained and re-qualified.
t
(3) A description of the immediate action taken to terminate the conduct that resulted in the apparent
n
violation, including when it was taken, and who was responsible for taking the action.
e
(4) An explanation that shows the apparent violation was inadvertent.
m
u t
(5) Evidence that demonstrates the seriousness of the apparent violation and the regulated entity’s analysis
c n
of that evidence (Investigation of the event and causal factors in the SMS web application)
o t e
(6) Completion of an event risk classification (ER) in the SMS web application to aid in evaluating the
D n
significance of the event.
l e o
(7) A detailed description of the proposed comprehensive fix, outlining the planned corrective steps, the
p C
responsibilities for implementing those corrective steps, and a time schedule for completion of the fix and
m ted
the subsequent self-audit.
a
(8) Identification of the company official(s) responsible for monitoring the implementation and completion of
S c
the comprehensive fix and the self-audit.
e d a
6.7.8 STAGE IV: WRITTEN REPORT REVIEW BY THE FAA
R
(A) The FAA works with Your Company to ensure that YCO has identified any root causes and systemic issues
which led to the apparent violation. In this stage, the PI is also tasked with completing a Risk Assessment
Matrix to aid in evaluating the significance of the event and the proposed comprehensive fix. This
collaboration helps to ensure that the corrective actions contained in the comprehensive fix are acceptable to
the FAA.
NOTE:
Should investigation of the apparent violation result in the determination that no violation has occurred, FAA may
close the EIR by rescinding the file and providing an explanation in the provided comment box. If the
inspector confirms the rescission, the case is closed in VDRP on that date and will close in EIS
ten (10) days later, with the original date of closure recorded in EIS. The ten day delay is
provided to enable FAA to re-open the file within that ten day “window” if necessary.
t
6.7.10 STAGE VI: INSPECTOR SIGNOFF
n
(A) At the conclusion of the implementation period, the PI and the certificate-holding Office Manager will make a
e
final assessment. Consultation with regional specialists, legal counsel, or other FAA personnel may be
m
accomplished when deemed appropriate by the PI or the Office Manager.
cu t
(1) Stage VI Completion. If all elements of the comprehensive fix have been satisfactorily accomplished,
o n
including Your Company’s self-audit (Follow-up in the web app), the PI will submit the required entries in
t e
the web-based system for Stage VI completion.
l e D o n
(2) Stage VI Submission. Upon Stage VI submission by the PI, the VDRP system will notify the Office
Manager via email that the file is awaiting the manager’s review. The Office Manager will then log into the
p C
VDRP system, review the VDRP file, and assess the adequacy of the Comprehensive Fix and its
m ted
implementation. The Office Manager must decide whether to concur with the PI’s determination that the
a
Comprehensive Fix was satisfactorily accomplished.
S c
(a) If the Office Manager concurs with the PI’s determination, Stage VI is concluded upon submission of
a
the manager’s concurrence, and the VDRP system will automatically generate the Form 2150-5 as
d
well as close the associated EIR record in the Enforcement Information System (EIS).
e
(b) If the Office Manager wishes to indicate nonconcurrence with the PI’s determination, the Office
R
Manager will offer any comments in the comment area provided for that purpose, and the case will be
referred back to the PI for reconsideration with whatever comments were entered by the Office
Manager. The case will not advance out of Stage VI until it is re-submitted by the PI and the Office
Manager submits his/her concurrence.
7. SMS Organization
7.1 STRUCTURE
IS-BAO 3.1.2.1(c), (d)
(A) Your Company’s Safety Management Organization consists of both management personnel and employees,
all of whom actively participate in the company’s safety management efforts. These participants consist of the
Accountable Executive, the Director of Safety, the Safety Action Group, department managers, and all
employees.
n t
senior Accountable Executive
e
cu m t
D o t e n
l e o n
p
m ted C
S a c
e d a
R
7.3 ACCOUNTABLE EXECUTIVE
;
(4) Ensuring safety promotion throughout the organization; and
(5) Regularly reporting of the SMS and any need for
improvement.
(C) The Accountable Executive shall, when absent, appoint a management representative to serve in his
t
capacity, with regard to SMS duties and responsibilities.
e n
(D) Your Company’s
m
all areas of the organization;
u t
(2) Developing and signing YCO’s safety and quality policy statement;
o c n
(3) Communicating Your Company;
(4) Regularly reviewing
l e o
(5) Regularly reviewing YCO’s safety performance, and directing ress substandard
p C
safety performance.
a m ted NOTE:
S
Reviews of safety policy and safety performance are conducted during YCO’s annual
c
management review. Refer to the YCO Internal Evaluation Program
a
(under separate cover) for instructions and procedures.
e d
R
7.4 DIRECTOR OF SAFETY
(5) Reporting to the on SMS performance and the need for improvement;
(6) Maintaining SMS records ;
(7) Planning and facilitating staff safety training;
(8) Providing on safety matters;
(9) Communicating safety requirements of safety expectations throughout the
organization.
(B) The DOS is further responsible for:
(1) Monitoring and collecting
t
(4) Performing internal ses, in all departments.
n
(C) When performing internal evaluations, the DOS collects data, observes systems and processes, performs
e
follow-up audits, and recommendations are made not only
m
to department managers but directly to the highest level of authority, the Accountable Executive.
u t
(D) The Director of Safety is responsible for acting as chairperson of the Safety Action Group, and shall perform
c n
the duties of Safety Action Group chairperson as set forth in paragraph 7.5.4 Safety Action Group Chair
o e
below.
D n t
(E) The Director of Safety reports directly to the Accountable Executive and, unless also serving as a key aviation
e o
l
manager for Your
p C
line of responsibility, authority and reporting to
m ted
the Accountable Executive permits the Director of Safety to perform follow-up audits and internal evaluations
a
without pressure or fear of reprisal from any manager.
S a c NOTE:
d
The Director of Safety may delegate certain duties to other personnel (such as auditors or an administrative
e
assistant), but remains
R
to serve in his/her capacity,
with regard to the duties and responsibilities of the YCO Safety Management System.
7.4.3 KNOWLEDGE
(A) The person assigned as Director of Safety should have a full understanding of the following materials with
respect to YCO’s operations:
(1) The YCO manual system;
(2) YCO Operations requirements;
(3) Occupational Health and Safety standards and safe operating practices.
t
board, or agency that deals directly with aviation matters.
e n
m
7.4.5 COMPETENCY REQUIREMENTS
u t
(A) The Director of Safety shall have received training in the implementation and administration of this SMS
c n
Manual and supportin
D o n t e
private organizations. Participation in
e
industry safety meetings, conferences or schools is also considered an important part of the continuing
l o
education of the Director of Safety.
p
m ted C
a
7.5 SAFETY ACTION GROUP
S
7.5.1 STRUCTURE & STAFF
a c
d
(A) Safety Action Group members may be adjusted / added at the discretion of the D.O.S.
e
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
R
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
7.5.3 MEETINGS
e n t
m
(A) Safety Action Group meetings should be held at least quarterly or more often if deemed necessary by the
u t
Director of Safety or the Accountable Executive. Minutes of each meeting will be taken by a team member
c n
and formalized by the to all team members and should
o e
contain, at a minimum:
D n t
(1) Courses of action regarding reports assessed as moderate risk;
e o
l
(2) Responsibilities ;
(3) Plans
p
m ted C
.
a
(B) At regularly
S
managers who own various
c
operational processes (flight operations, ground services, maintenance, inspection, administration, etc.). If
a
necessary, reports or issues are created and reviewed in the SMS web application, and responsibilities with
e d
due dates for action requests.
R
7.5.4 SAFETY ACTION GROUP CHAIR
(A) The Director of
(B) The Director of Safety reports regularly to the Safety Action Group and the Accountable Executive on various
elements of the YCO
analysis of risks, and the results of industry
accident and incident investigations.
(C) The Director of Safety may also submit loss prevention programs to the Safety Action Group for review and
approval.
t
(A) The Accountable
n
Executive are responsible and accountable for the
e
following:
m
(1) Provide strategic safety direction;
cu t
(2) Ensure that to achieve required safety performance;
o e n
(3) Monitor actual safety objectives;
D n t
(4) Perform
p l e C o
a m ted
S c
NOTE:
a
Depending on the size and scope of YCO operations, the Safety Action Group and the
d
Safety Review Committee may be one committee, staffed by the same qualified managers.
R e
7.7 DEPARTMENT MANAGERS
7.7.1 DUTIES AND RESPONSIBILITIES OF DEPARTMENT MANAGERS
14 CFR § 5.23 (a)(2) Interface – IEP § 1.4.3
(A) Functional area department managers, together with the Director of Safety, are responsible and
espective areas of responsibility.
This includes, but is not limited to:
(1) Hazard ;
(2) Assuring the effectiveness of safety risk controls;
(3) Promoting safety as required in Section 4: Safety Promotion and;
(4) Advising the Accountable Executive on the performance of the SMS and on any need for improvement.
(B) Department managers are and sources of information from the YCO
Technical Management System that pertain to their respective departments. These documents and
information sources include:
(1) Appropriate ;
(2) Manuals and ;
(3) requirements;
(4) .
e n t
environmental quality in the workplace;
suggestions which lead to improved safety, health, or
u m
(4) Development of department-specific loss prevention programs;
c n t
(5) Acquisition of safety
o e
CAA requirements;
D n t
(6) Providing all department employees with easily accessible Material Safety Data Sheets (MSDS) as
e o
l
required by Occupational Health and Safety regulations,
p C
and vendors;
m ted
(8) Elimination of accumulations from the workplace that could lead to
a
injuries, accidents, or unhealthy conditions.
S c
(9) Development and improvement of controls that help to ensure safety and successful process outputs.
e d a
R NOTE:
Controls that regulate or ensure process functions are critical to system safety. Whenever a change is
made to controls in operational processes, the YCO Safety Action Group shall review the proposed
change and perform a risk assessment of the proposed change before it is implemented.
7.8 PERSONNEL
7.8.1 DUTIES AND RESPONSIBILITIES
14 CFR § 5.23 (a)(3)
(A) As pertains to the SMS, all personnel are responsible and accountable for:
(1) in any capacity, both on-duty and off-duty;
(2) Reporting for duty properly rested and fit, both physically and mentally;
(3) Notifying a due to life stressors or events;
(4) Adherence to all YCO
rules;
(6) Application of time-critical risk management during all duty assignments (viewing assignments and tasks
from a risk-
improve safety, efficiency, and the quality of services
t
provided.
e n
(B) All personnel at all levels throughout YCO are responsible and accountable for the prompt and diligent
reporting of all observed or
m
.
o cu n t
e
NOTE:
D t
Like FAA regulations, company policies and procedures are written in the interest
e n
of preserving the lives and resources entrusted to each person,
l o
and when rules are violated, risk is usually increased.
p
m ted C
S a
7.8.2 STOP WORK AUTHORITY
c
a
Interface: OHS Manual paragraph 2.1.6 Stop Work Authority
d
(A) In the interest of safety, all personnel are authorized to take whatever actions are deemed necessary to
e
eliminate or control a
R
of ground and/or maintenance activities, and
evacuation of premises. YCO’s non-punitive policies are always considered during review of stop work
events.
When considering the use of stop work authority, it is better to err on the side of safety.