CAA split into Air Services Australia and CASA after two ... · after two further systemic investigations ... 1.3 Accident and incident investigation ... Escalation Factors Escalation

Outcome:

CAA split into

Air Services

Australia and CASA

after two further

systemic

investigations

“The catalyst for the inquiry was the report from the

Bureau of Air Safety Investigation on the Monarch Airlines

crash in June 1993. Since then the Civil Aviation Authority,

its successor the Civil Aviation Safety Authority and air

safety have been the subject of constant media attention.”

(p.xi)

Session 15

The aircraft

Session 15

Session 15

Session 15

Session 15

Session 15

Figure 46: Individual actions, local conditions, risk controls, Transair

organisational factors and CASA organisational factors

Safety Management Systems (SMS)

- why they have become ICAO Standards

In virtually all aviation accidents and serious incidents, the subsequent systemic investigation has shown that:

• The primary contributing factors were all present before the accident/incident.

• In many cases they were common knowledge, and had often been formally documented.

• In all cases, they could, and should, have been identified and rectified before the accident, if an integrated safety management system had been in place, operational, and effective..

“Systems for managing safety”

versus

“Safety management systems”

• For many years aviation has had in place systems

for managing safety, and these have served us

well

• However, with few exceptions, we have not had in

place fully integrated safety management systems

• ISMS are a major step forward

The “awful sameness” of major accidents...

Total factors contributing to accidents

Systemic

factors

Hardware

Training

Organisation

Communication

Incompatible Goals

Procedures

Maintenance Management

Design

Housekeeping

Defences/risk controls

Safety culture

• The safety outcomes of the international adoption of

a systemic approach to air safety investigation since

1994 have been the key drivers for the adoption of

safety management systems in civil aviation.

• And for the same reasons , in the ADF

The mandatory introduction of civil and military

Safety Management Systems:

Annex 19

Safety Management

9

Annex 19 - Safety Management

• On February 25th 2013, after 30

years, the ICAO Council

unanimously adopted a new Annex

to the Chicago Convention, Annex

19 on Safety Management.

• Annex 19 is the first new ICAO

Annex for 30 years

ICAO Annex 19 SMS Components and Elements

4. Safety promotion

4.1 Training and education

4.2 Safety communication

1. Safety policy and objectives

1.1 Management commitment and responsibility

1.2 Safety accountabilities

1.3 Appointment of key safety personnel

1.4 Coordination of emergency response planning

1.5 SMS documentation

2. Safety risk management

2.1 Hazard identification

2.2 Safety risk assessment and mitigation

3. Safety assurance

3.1 Safety performance monitoring and measurement

3.2 The management of change

3.3 Continuous improvement of the SMS

Elements of the ADF Aviation Safety Management System (ASMS)

1 Genuine command commitment

122 A generative aviation safety culture

3 A defined safety organisation structure

4 Communication

5 Documented aviation safety policy

6 Training and education

7 Risk management

8 Hazard reporting and tracking

9 Investigation

10 Emergency response

11 Survey and audit

12 ASMS review

The ICAO State Safety Program (SSP)

• Annex 19 includes the requirement for

States to establish a State safety

programme (SSP), in order to achieve an

acceptable level of safety (ALoS) in civil

aviation.

• An SSP is a management system for the

management of safety by the State.

ICAO SSP definition (Annex 19):

• An SSP is defined as: An integrated set of regulations and activities established by a State aimed at managing civil aviation safety.

• It includes:

• specific safety activities that must be performed by the State

• regulations and directives promulgated by the State to support fulfilment of its responsibilities concerning safe and efficient delivery of aviation activities in the State.

• An SSP is an SMS at the national level

ICAO SMS Components and Elements: Service providers’

responsibilities – airlines, MROs, ANSPs, etc.

4. Safety promotion

4.1 Training and education

4.2 Safety communication

1. Safety policy and objectives1.1 Management commitment and responsibility1.2 Safety accountabilities1.3 Appointment of key safety personnel1.4 Coordination of emergency response planning1.5 SMS documentation

2. Safety risk management2.1 Hazard identification2.2 Safety risk assessment and mitigation

3. Safety assurance3.1 Safety performance monitoring and measurement3.2 The management of change3.3 Continuous improvement of the SMS

ICAO SSP Components and Elements: States’ responsibilities

4. State’s safety promotion

4.1 Internal training, communication and dissemination of safety information

4.2 External training, communication and dissemination of safety information

1. State’s safety policy and objectives

1.1 State safety legislative framework

1.2 Safety responsibilities and accountabilities

1.3 Accident and incident investigation

1.4 Enforcement policy

2. State’s safety risk management

2.1 Safety requirements for service providers SMS

2.2 Agreement on service providers’ safety performance

3. State’s safety assurance

3.1 Safety oversight

3.2 Safety data collection, analysis and exchange

3.3 Safety data driven targeting of oversight on areas of greater concern or need

Integrating the SMS:

the greatest challenge

Consider an engine. All the necessary components may be

present...

But, until the separate parts are properly assembled, fuelled

and lubricated, you do not have a functioning engine

The assembled engine then needs to be installed in a vehicle, to have a functioning,

integrated system at the “organisational” level.

However, even a fully integrated system will fail if the design of the system itself, the

“engine”,

is fundamentally flawed.

“If the SMS is not integrated, but

standalone and fragmented, it will

function independently of other

management systems. This usually

results in hazards, errors, violations,

and safety deficiencies being

overlooked, or not communicated

throughout the organisation. The

result is [an organisation] does not

learn or improve its ability to manage

the safety of its operations.” (p308)

The Honourable Peter McInerney, QC , Special

Commission of Inquiry into the Waterfall Rail

Accident, 2005

Where are we going?

New thinking in safety management

• We need to adopt a fully integrated approach

– at the State level, and

– the service provider level

• Change our primary focus from the events to:

• the preventive controls that failed

• the recovery controls that worked

• The same sets of preventive and recovery controls are common to many generic categories of adverse operational events

• We need to fully integrate risk management

and safety investigation

• Both processes consider the same risk controls

– Risk management before the category of event

– Safety investigation after the event

• They are two sides of the same coin

• Effective safety management is the

management of risk controls, not events

OPERATIONS

LATENT CONDITIONS

DEFENCES

BARRIERS

Risk management

ACCIDENTS

&

SERIOUS

INCIDENTS

WORKPLACElocal conditions

ERROR-

PRODUCING

CONDITIONS

VIOLATION-

PRODUCING

CONDITIONS

ORGANISATION

organisational

Deficiencies:

latent conditions

MANAGEMENT

DECISIONS

AND

ORGANISATIONAL

PROCESSES

TASKING

PERSON

group/team

VIOLATIONS

ERRORS

Investigation

Basic Bow Tie Concept

Events and

Circumstances

Harm to people and

damage to assets

or environment

C

O

N

S

E

Q

U

E

N

C

E

S

BARRIERS

Undesirable event with

potential for harm or damage

Engineering activities

Maintenance activities

Operations activities

Top

Event

Preventive Controls Recovery Controls

H

A

Z

A

R

D

T2

T3

T1

L

O

S

S

O

F

A

I

R

C

R

A

F

T

Engineering activities

Maintenance activitiesOperations activities

Preventive Controls Recovery Controls

STALL

T2

T3

T1

SOR4

Stick Shaker activates

HAZARD CONSEQUENCETOP EVENT

SOR3

SOR2

SOR1

SOR = Safety Occurrence Report

The Bow Tie in operational safety management

M

I

D

A

I

R

C

O

L

L

I

S

I

O

N

Engineering activities

Maintenance activities

Operations activities

Preventive Controls Recovery Controls

A

I

R

C

R

A

F

T

T2

T3

T1

SOR4

Breakdown in separation

HAZARD CONSEQUENCETOP EVENT

SOR3

SOR2

SOR1

The Bow Tie in operational safety management

Incident

H

A

Z

A

R

D

C

O

N

S

E

Q

U

E

N

C

E

S

Undesirable event with

potential for harm or damage

Engineering activities

Maintenance activities

Operations activities

Top

Event

Preventive Controls Recovery Controls

Escala

tion F

acto

rs Escalation controls

Escala

tion F

acto

rsEscalation controls

T2

T3

T1

The ARMS Methodology for

Operational Risk Assessment

in Aviation Organisations

Developed by the ARMS Working Group, 2007-2010

UK CAA “Significant Seven” Bow Tie Templates

(2014)

http://www.caa.co.uk/default.aspx?catid=2816

Service providers

• Many leading service providers are now

structured so that within Group Safety

departments the risk managers and

investigators are the same people

• Risk management and investigation processes

are fully integrated with each other, and with

all the elements of the organisation's SMS

The Defence Aviation Safety Program (DASP)

• Modelled on the ICAO SSP concept

• In October 2011, DI(G) OPS 02-2 was reissued under the revised title of the Defence Aviation Safety Program (DASP)

• to reflect a single integrated policy that addresses both the Airworthiness Management System (AMS) and the Aviation Safety Management System (ASMS)

The need for major change:At the State level, is the current aviation safety

structure compatible with the new ways of thinking

about integrated safety management?

• We still have a basic structure which dates back to the 1980s

• Aviation has changed, and continues to change, in technical, social, commercial, economic and political dimensions

• Investigations keep coming up with the same systemic factors for generic categories of occurrence – breakdowns in separation, runway incursions, approach and landing accidents, and so on

• We need to follow the lead of major aviation service providers and look at things differently

• Safety investigation organisations are by their very nature primarily reactive

• We need to integrate the risk management and investigation processes in the one organisation, and link these to all the elements of the SSP

• We need to move from the traditional focus on investigation to focus on improved pro-active risk management and the improvement of our controls

• The SSP needs to incorporate these new ideas through improved and well informed policies in consultation with all stakeholders

• That requires the education of stakeholders, to change the “traditional” mind set.

Some final thoughts

• We need to adopt a new way of thinking about safety management

• In some areas we have made a good start

• The time has come to develop and adopt a fully integrated approach to risk management and safety investigation both at the State and service provider levels

• We need to adopt new structures and organistions to achieve that end, supported by control based safety information systems

• Safety management should also be regarded as a dimension of enterprise risk management

Thank you