Outcome: CAA split into Air Services Australia and CASA after two further systemic investigations
“The catalyst for the inquiry was the report from the
Bureau of Air Safety Investigation on the Monarch Airlines
crash in June 1993. Since then the Civil Aviation Authority,
its successor the Civil Aviation Safety Authority and air
safety have been the subject of constant media attention.”
(p.xi)
Figure 46: Individual actions, local conditions, risk controls, Transair
organisational factors and CASA organisational factors
Safety Management Systems (SMS)
- why they have become ICAO Standards
In virtually all aviation accidents and serious incidents, the subsequent systemic investigation has shown that:
• The primary contributing factors were all present before the accident/incident.
• In many cases they were common knowledge, and had often been formally documented.
• In all cases, they could, and should, have been identified and rectified before the accident, if an integrated safety management system had been in place, operational, and effective..
“Systems for managing safety”
versus
“Safety management systems”
• For many years aviation has had in place systems
for managing safety, and these have served us
well
• However, with few exceptions, we have not had in
place fully integrated safety management systems
• ISMS are a major step forward
Total factors contributing to accidents
Systemic
factors
Hardware
Training
Organisation
Communication
Incompatible Goals
Procedures
Maintenance Management
Design
Housekeeping
Defences/risk controls
Safety culture
• The safety outcomes of the international adoption of
a systemic approach to air safety investigation since
1994 have been the key drivers for the adoption of
safety management systems in civil aviation.
• And for the same reasons , in the ADF
The mandatory introduction of civil and military
Safety Management Systems:
Annex 19
Safety Management
9
Annex 19 - Safety Management
• On February 25th 2013, after 30
years, the ICAO Council
unanimously adopted a new Annex
to the Chicago Convention, Annex
19 on Safety Management.
• Annex 19 is the first new ICAO
Annex for 30 years
ICAO Annex 19 SMS Components and Elements
4. Safety promotion
4.1 Training and education
4.2 Safety communication
1. Safety policy and objectives
1.1 Management commitment and responsibility
1.2 Safety accountabilities
1.3 Appointment of key safety personnel
1.4 Coordination of emergency response planning
1.5 SMS documentation
2. Safety risk management
2.1 Hazard identification
2.2 Safety risk assessment and mitigation
3. Safety assurance
3.1 Safety performance monitoring and measurement
3.2 The management of change
3.3 Continuous improvement of the SMS
Elements of the ADF Aviation Safety Management System (ASMS)
1 Genuine command commitment
122 A generative aviation safety culture
3 A defined safety organisation structure
4 Communication
5 Documented aviation safety policy
6 Training and education
7 Risk management
8 Hazard reporting and tracking
9 Investigation
10 Emergency response
11 Survey and audit
12 ASMS review
The ICAO State Safety Program (SSP)
• Annex 19 includes the requirement for
States to establish a State safety
programme (SSP), in order to achieve an
acceptable level of safety (ALoS) in civil
aviation.
• An SSP is a management system for the
management of safety by the State.
ICAO SSP definition (Annex 19):
• An SSP is defined as: An integrated set of regulations and activities established by a State aimed at managing civil aviation safety.
• It includes:
• specific safety activities that must be performed by the State
• regulations and directives promulgated by the State to support fulfilment of its responsibilities concerning safe and efficient delivery of aviation activities in the State.
• An SSP is an SMS at the national level
ICAO SMS Components and Elements: Service providers’
responsibilities – airlines, MROs, ANSPs, etc.
4. Safety promotion
4.1 Training and education
4.2 Safety communication
1. Safety policy and objectives1.1 Management commitment and responsibility1.2 Safety accountabilities1.3 Appointment of key safety personnel1.4 Coordination of emergency response planning1.5 SMS documentation
2. Safety risk management2.1 Hazard identification2.2 Safety risk assessment and mitigation
3. Safety assurance3.1 Safety performance monitoring and measurement3.2 The management of change3.3 Continuous improvement of the SMS
ICAO SSP Components and Elements: States’ responsibilities
4. State’s safety promotion
4.1 Internal training, communication and dissemination of safety information
4.2 External training, communication and dissemination of safety information
1. State’s safety policy and objectives
1.1 State safety legislative framework
1.2 Safety responsibilities and accountabilities
1.3 Accident and incident investigation
1.4 Enforcement policy
2. State’s safety risk management
2.1 Safety requirements for service providers SMS
2.2 Agreement on service providers’ safety performance
3. State’s safety assurance
3.1 Safety oversight
3.2 Safety data collection, analysis and exchange
3.3 Safety data driven targeting of oversight on areas of greater concern or need
But, until the separate parts are properly assembled, fuelled
and lubricated, you do not have a functioning engine
The assembled engine then needs to be installed in a vehicle, to have a functioning,
integrated system at the “organisational” level.
However, even a fully integrated system will fail if the design of the system itself, the
“engine”,
is fundamentally flawed.
“If the SMS is not integrated, but
standalone and fragmented, it will
function independently of other
management systems. This usually
results in hazards, errors, violations,
and safety deficiencies being
overlooked, or not communicated
throughout the organisation. The
result is [an organisation] does not
learn or improve its ability to manage
the safety of its operations.” (p308)
The Honourable Peter McInerney, QC , Special
Commission of Inquiry into the Waterfall Rail
Accident, 2005
Where are we going?
New thinking in safety management
• We need to adopt a fully integrated approach
– at the State level, and
– the service provider level
• Change our primary focus from the events to:
• the preventive controls that failed
• the recovery controls that worked
• The same sets of preventive and recovery controls are common to many generic categories of adverse operational events
• We need to fully integrate risk management
and safety investigation
• Both processes consider the same risk controls
– Risk management before the category of event
– Safety investigation after the event
• They are two sides of the same coin
• Effective safety management is the
management of risk controls, not events
OPERATIONS
LATENT CONDITIONS
DEFENCES
BARRIERS
Risk management
ACCIDENTS
&
SERIOUS
INCIDENTS
WORKPLACElocal conditions
ERROR-
PRODUCING
CONDITIONS
VIOLATION-
PRODUCING
CONDITIONS
ORGANISATION
organisational
Deficiencies:
latent conditions
MANAGEMENT
DECISIONS
AND
ORGANISATIONAL
PROCESSES
TASKING
PERSON
group/team
VIOLATIONS
ERRORS
Investigation
Basic Bow Tie Concept
Events and
Circumstances
Harm to people and
damage to assets
or environment
C
O
N
S
E
Q
U
E
N
C
E
S
BARRIERS
Undesirable event with
potential for harm or damage
Engineering activities
Maintenance activities
Operations activities
Top
Event
Preventive Controls Recovery Controls
H
A
Z
A
R
D
T2
T3
T1
L
O
S
S
O
F
A
I
R
C
R
A
F
T
Engineering activities
Maintenance activitiesOperations activities
Preventive Controls Recovery Controls
STALL
T2
T3
T1
SOR4
Stick Shaker activates
HAZARD CONSEQUENCETOP EVENT
SOR3
SOR2
SOR1
SOR = Safety Occurrence Report
The Bow Tie in operational safety management
M
I
D
A
I
R
C
O
L
L
I
S
I
O
N
Engineering activities
Maintenance activities
Operations activities
Preventive Controls Recovery Controls
A
I
R
C
R
A
F
T
T2
T3
T1
SOR4
Breakdown in separation
HAZARD CONSEQUENCETOP EVENT
SOR3
SOR2
SOR1
The Bow Tie in operational safety management
Incident
H
A
Z
A
R
D
C
O
N
S
E
Q
U
E
N
C
E
S
Undesirable event with
potential for harm or damage
Engineering activities
Maintenance activities
Operations activities
Top
Event
Preventive Controls Recovery Controls
Escala
tion F
acto
rs Escalation controls
Escala
tion F
acto
rsEscalation controls
T2
T3
T1
The ARMS Methodology for
Operational Risk Assessment
in Aviation Organisations
Developed by the ARMS Working Group, 2007-2010
Service providers
• Many leading service providers are now
structured so that within Group Safety
departments the risk managers and
investigators are the same people
• Risk management and investigation processes
are fully integrated with each other, and with
all the elements of the organisation's SMS
The Defence Aviation Safety Program (DASP)
• Modelled on the ICAO SSP concept
• In October 2011, DI(G) OPS 02-2 was reissued under the revised title of the Defence Aviation Safety Program (DASP)
• to reflect a single integrated policy that addresses both the Airworthiness Management System (AMS) and the Aviation Safety Management System (ASMS)
The need for major change:At the State level, is the current aviation safety
structure compatible with the new ways of thinking
about integrated safety management?
• We still have a basic structure which dates back to the 1980s
• Aviation has changed, and continues to change, in technical, social, commercial, economic and political dimensions
• Investigations keep coming up with the same systemic factors for generic categories of occurrence – breakdowns in separation, runway incursions, approach and landing accidents, and so on
• We need to follow the lead of major aviation service providers and look at things differently
• Safety investigation organisations are by their very nature primarily reactive
• We need to integrate the risk management and investigation processes in the one organisation, and link these to all the elements of the SSP
• We need to move from the traditional focus on investigation to focus on improved pro-active risk management and the improvement of our controls
• The SSP needs to incorporate these new ideas through improved and well informed policies in consultation with all stakeholders
• That requires the education of stakeholders, to change the “traditional” mind set.
Some final thoughts
• We need to adopt a new way of thinking about safety management
• In some areas we have made a good start
• The time has come to develop and adopt a fully integrated approach to risk management and safety investigation both at the State and service provider levels
• We need to adopt new structures and organistions to achieve that end, supported by control based safety information systems
• Safety management should also be regarded as a dimension of enterprise risk management