direction générale de l’Aviation civile December 12th 2005 Centre en route de la Navigation aérienne sud- ouest Direction des services de la Navigation aérienne Mrs Patricia TROISFONTAINE and MrJean-Michel BOIVIN Presented by Certification of the French Air Navigation Services Provider
86
Embed
Direction générale de lAviation civile Centre en route de la Navigation aérienne sud-ouest Direction des services de la Navigation aérienne December 12th.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
direction générale de l’Aviation civile
December 12th 2005
Centre en route de la Navigation aérienne sud-ouest
Direction des services de la Navigation aérienne Mrs Patricia TROISFONTAINE
and MrJean-Michel BOIVIN
Presented by
Certification
of the French
Air Navigation Services
Provider
• Presentation of French ANSP and Bordeaux ACC.
• European Safety Regulatory Requirements (ESARR) and ISO 9001 Requirements.
• Implementation of a Safety and Quality Management System in Bordeaux ACC: an integrated ISO process leading to certification.
• Reorganisation of French DGAC:
Regulator, Surveillance Authority and ANSP.
• ANSP Certification Process, initiated by DCS and DSNAANSP Certification Process, initiated by DCS and DSNA
• Benefits of the Certification Process for Bordeaux ACC.
Summary of the presentation
• Presentation of French ANSP and Bordeaux ACC.
• European Safety Regulatory Requirements (ESARR) and ISO 9001 requirements.
• Implementation of a Safety and Quality Management System in Bordeaux ACC: an integrated ISO process leading to certification.
• Reorganisation of French DGAC:
Regulator, Surveillance Authority and ANSP.
• ANSP Certification Process, initiated by DCS and DSNAANSP Certification Process, initiated by DCS and DSNA
• Benefits of the Certification Process for Bordeaux ACC.
Summary of the presentation
DSNA Main MissionsDSNA Main Missions
• To provide Air Navigations Services with the highest level of safety.
• To plan operational evolutions and appropriate means to cope with the increase of traffic, as well as relevant studies.
• To carry out all studies to assess needs in airspace.
• To acquire, install, operate and maintain equipment and CNS systems.
• To ensure collection, production and publication of meteorological information.
• To cooperate with military organisations concerned with air navigation and foreign ANSP.
• To lend support to the Regulation Authority in order to define norms, procedures and regulations related to Air Navigation.
• To participate in international studies with regard to Air Navigation.
Direction de laTechnique
et de l ’Innovation
Jean-Marc Faysse
OperationalSystemsDaniel Azéma
Research &Development
Philippe Merlo
DSNASafety-Quality
SecurityAnne Frisch
FinancesHervé Toro
Planification & Strategy
Raymond Rosso
Human ResourcesJean-Michel
Boivin
EnvironmentPierre-Yves
Huerre
Direction des Opérations
Françoise Deygout
Brest ACC
Bordeaux ACC
Reims ACC
Marseille ACC
Paris ACC
Central Systems
AIM
Deputy APP / TWRPascal Planchon
SNA/N
SNA/O
SNA/SO
SNA/S
SNA/SSE
SNA/RP
SNA/SE
SNA/CE
SNA/NE
SNA/AG
SNA/OI
Deputy en-routeJean-Claude Coulardot
TECHNICAL(Toulouse exceptpart of R&D - in Athis-Mons)
OPERATIONS(Headquaters in Athis-Mons,
south of Paris)
HEADQUATERS(Paris – Except HR in Athis-Mons)
International adviser Maurice Georges
Communication Cell Jean-Marie Piduch
Scientic AdviserDominiqueColin de Verdière
11 regional units (« SNA »)APP/TWR + 1 ACC overseas
How an Accident Could How an Accident Could HappenHappen The The
Reason Reason ModelModel
Latent Unsafe Conditions and Acts
ResultWindow of
Opportunity
Accident Shields
ACCIDENTACCIDENT
Line Management Fails to Line Management Fails to CorrectCorrect
Management Team Unsafe Management Team Unsafe DecisionDecision
Unsafe or Untested ProceduresUnsafe or Untested Procedures
Controller or Engineers ErrorController or Engineers Error
A Safety Management System acts at each level
A Safety Mangement System : Why ?
The European Safety Regulatory Requirements
Requirements approved by the Safety Regulation Unit and by the Safety Regulation Commission
Applicability : to all providers of ATM services in Eurocontrol member states – ECAC states who are not members are encouraged to use the requirements (the SMS has to cover also all supporting services under the managerial control of the organisation)
Requirements effective within three years from the date of adoption by the Eurocontrol Commission
Each state will have to ensure through appropriate safety regulation that ATM service providers meet these requirements
To ensure appropriate organisational performance with minimum safety standards set up in the public interest
For harmonisation across the ECAC area
Contributors to incidents
75%
21%
4%
Humanelements
Procedureselements
Equipmentelements
SYSTEM
Safety Management Systems
Maintenance
People Equipment
Procedures
Support
ATCOs
Engineers
ATC Operating
Surveillance
Communication
Navaids
Information
SMS = A total system approach
TO ACHIEVE SAFETY MEANS FOR ACHIEVING HIGH SAFETY
STANDARDS
TO ENSURE SAFETY
MEANS FOR PROVIDING ASSURANCE THAT RISKS ARE BEING PROPERLY MANAGED
AN APPROPRIATE ORGANISATION
SYSTEMATIC ACTIONS
TO PROMOTE SAFETY
MEANS TO BUILD A SAFETY IMPROVEMENT CULTURE WITHIN
THE ORGANISATION
LESSON DISSEMINATIONDISSEMINATING PAST LESSONS WITHIN THE ORGANISATION
SAFETY IMPROVEMENTINVOLVING ALL STAFF AND IMPLEMENTING THE IMPROVEMENT OF SAFETY AS A CONTINUOUS PROCESS
SMS DOCUMENTATION THE SMS IS A DOCUMENTED SYSTEM ARISING FROM A SAFETY POLICY
COMPETENCY STAFF TRAINED, MOTIVATED AND COMPETENT
SAFETY MANAGEMENT RESPONSIBILITY A SAFETY MANAGEMENT FUNCTION WITHIN THE ORGANISATION
EXTERNAL SERVICES DEALING WITH EXTERNALLY PROVIDED SERVICES
SAFETY SURVEYS SAFETY HAS TO BE VERIFIED INTERNALLY AND CONTINUOUSLY
SAFETY OCCURRENCES ATM OPERATIONAL OR TECHNICAL OCCURRENCES ARE INVESTIGATED INTERNALLY
SAFETY MONITORING CONTINUOUS MONITORING AND ANALYSIS OF SAFETY INDICATORS
RISK ASSESSMENT AND MITIGATION THE SAFETY OF NEW SYSTEMS AND CHANGES IS TO BE DEMONSTRATED USING A RISK BASED APPROACH. RISK IS ASSESSED AND MITIGATED.
RISK ASSESSMENT AND MITIGATION DOCUMENTATION THE RESULTS OF RISK ASSESSMENT AND MITIGATION PROCESSES ARE DOCUMENTED THROUGHOUT THE SYSTEM LIFECYCLE
SAFETY POLICY LEVEL
Schematic Representation of SMS Requirements in accordance to ESARR 3Schematic Representation of SMS Requirements in accordance to ESARR 3
SAFETY RECORDS RECORDS ARE PRODUCED AND MAINTAINED THROUGHOUT THE SMS OPERATION
SAFETY MANAGEMENTTO IMPLEMENT A FORMAL AND EXPLICIT SAFETY MANAGEMENT APPROACH
SAFETY RESPONSIBILITYEVERYBODY HAS ANINDIVIDUAL SAFETYRESPONSIBILITY FORHIS/HER OWN ACTIONS
SAFETY PRIORITYOVER COMMERCIAL, OPERATIONAL, ENVIRONMENTAL OR SOCIAL PRESSURES
SAFETY OBJECTIVETO MINIMISE THE ATM CONTRIBUTION TO THE RISK OF AN AIRCRAFT ACCIDENT
REQUIREMENTS FORSAFETY MANAGEMENT
SYSTEMS
May 2001 - EUROCONTROL SRC
ESARR2 requirements
To ensure that formal means exist to assess safety performance
ATM personnel are encouraged to systematically report safety occurrences, to improve visibility on safety occurrences
(a non punitive culture is necessary) Investigating and assessing the ATM system contribution to the cause of
safety occurrences to take corrective measures and preventive measures
The severity of each occurrence has to be determined Safety recommandations and corrective actions are developped, and their
implementation is monitored Each state ensures that appropriate safety data are collated and reported
to Eurocontrol In Bordeaux ACC, there are people in charge of collecting and
investigating all safety occurrences ; corrective and preventive actions are then determined and implemented : In technical systems By feedback when causes are human factors (briefings to 12 controlers
teams – 3 times a year) : events are presented to all controlers
ESARR4 requirements
Use of risk assessment and mitigation including hazard identification in ATM when introducing/planning changes
• A quantitative and qualitative risk-based approach
• The requirement covers human, procedural and equipment elements
• Evidence from risk assessment and mitigation studies must be collated and documented; safety requirements related to the implementation of a change has to be traceable
(The depth and scope analysis depends on the types of functions performed, the severity of the effects of the hazards, the complexity of the part of the system,…)
• For existing parts of the ATM System, an analysis can take into account historical data
• Hazards are classified with a Severity classification scheme
ESARR5 requirements
Defines requirements for all ATM services’ personnel responsible for safety related tasks
• A designated authority shall ensure that organisations and personnel responsible for tasks related to the safety of air trafic are competent to carry out those tasks
• Personnel are subject to appropriate measures to ensure ongoing competence and that they meet medical requirements
• There are special requirements for on-the-job training instructors
• There must be a process by which controllers can be assessed
• Technical and engineering personnel must have and maintain sufficient knowledge about the services they are supporting and the potentiel effects of their work on the safety of those services
Single Sky Regulations – Common RequirementsSingle Sky Regulations – Common Requirements
EC will publish at the end of 2005 a regulation laying down EC will publish at the end of 2005 a regulation laying down « Common Requirements for the provision of Air Navigation Services »« Common Requirements for the provision of Air Navigation Services »
This regulation covers all types of Air Navigation Services: This regulation covers all types of Air Navigation Services: Air Traffic Services, CNS Services, Aeronautical Information Services and Air Traffic Services, CNS Services, Aeronautical Information Services and Meteorological Services.Meteorological Services.
The Common Requirements will become effective on the day of their The Common Requirements will become effective on the day of their publication. publication.
This means that end 06/early 07, Member states will need to organise This means that end 06/early 07, Member states will need to organise certification of ANSPs. certification of ANSPs. Certificates will be valid for the whole EU. Certificates will be valid for the whole EU.
Technical and operational competence and suitability
Systems and processes for safety and quality management
Reporting systems
Financial strength
Ownership and organisational structure
Human resources
Security
Single Sky regulation on service provision
Liability and insurance cover
Single Sky regulation
on interoperability
Single European Sky – Common Requirements Single European Sky – Common Requirements
NATIONAL REGULATIONS
FOR : Security and sovereignty,
Finance & accounting,Legal liabilities,
Social rights,…..
OACI SARP’s
ISO 9000
ESSAR 3 & 4
ESSAR 2
ESSAR 5
OACI Annexes
Information disclosure
Specifications :
Business plansAnnual plans
Annual reports
NSA
USERs
other ANSPs
PRC
Quality of services
ISO 9001 requirements
ISO 9001 requirements are to establish, document and maintain a Quality Management System and continuously improve its effectiveness
- processes have to be defined and managed
- It requires the focus to be on the customer with the aim of enhancing customer satisfaction
- Main other items :- Control of documents, Control of records- Quality policy, Planning : quality objectives- Responsibility, authorities and communication- Management review- Provision of resources, Human resources- Infrastructure, environment- Planning of product realisation, review of the requirements related to the product- Design and development- Purchasing- Control of production , control of non-conforming product- Measurement, analysis and improvement
P DA C
PlanDo Check Act
Deming wheel
ServiceOutputOutputdatadata
5. DirectionResponsibility
6. ResourcesManagement
7. SERVICE PROVISION
8. Measures, AnalysisImprovement
Input Input
datadata
SATISFACTION
REQUIREMENTS
QMS continuous improvement
ISO 9001 and ESARR3
• ISO 9001 requires a Quality Management System
• ESARR3 requires a Safety Management System
• Eurocontrol has made a mapping of ESARR-ISO and of ISO-ESARR
• In France, the development of a QMS based on ISO 9001 approach has been used to implement in the ACCs the National Safety Management System : ACCs have Safety and Quality Management Systems
• ESARR3 : is similar to ISO 9001 but includes more detailed requirements for safety in ATM and a risk-based approach for main changes
ISO 9001 and ESARR3
• Both require :• One person in charge of the system• Quality policy – Safety policy• Incident reporting and analysis – feedback• Corrective and preventive actions• Documentation on significant changes• Transverse approach• Updating of documentation• Records
• The main differences :• ISO requires the focus to be on the customer focus (to increase customer
satisfaction)• ESARR requires risk assessment and mitigation processes
• Presentation of French ANSP and Bordeaux ACC.
• European Safety Regulatory Requirements (ESARR) and ISO 9001 requirements.
• Implementation of a Safety and Quality Management System in Bordeaux ACC: an integrated ISO process leading to certification.
• Reorganisation of French DGAC:
Regulator, Surveillance Authority and ANSP.
• ANSP Certification Process, initiated by DCS and DSNAANSP Certification Process, initiated by DCS and DSNA
• Benefits of the Certification Process for Bordeaux ACC.
Summary of the presentation
Bordeaux ACC ISO 9001 Certification
April 2002 Jan. 2005Oct. 2004Sept. 2004
Certification Audit
ISO 9001Pre audit
ESARR audit by the DNA
23.02.05.
ISO 9001Certification
• No exclusion :– neither in Bordeaux ACC activities– nor in ISO 9001 requirements
• ISO 9001 used to implement ESARR :– Process development included ESARR requirements– ESARR implementation leads to « strong points » for ISO compliance
• What existed before Safety and Quality approach:– Safety events notification and analysis – experience feedback (1)– Operational procedures and manuals– Coordinations between technical staff and control staff to organize changes
in ATM systems and procedures
(1) existed in the french ACCs before ESARR2
Simultaneous implementation of a safety management system and a quality
management system
What had to be done
• To describe our processes and to pilot them with indicators
• To give evidence of customer satisfaction – to collect their expectations by annual meeting with Airlines and other airspace users
• To define quantitative safety levels and safety objectives (coming from national safety objectives)
• To define methods to guarantee the updating of documentation
• To collect corrective and preventive actions data – to monitor their implementation
• To implement risk assessment and mitigation methods : – MISO– EPIS
• To implement internal auditing
• To implement management review meetings
• To assess external services from a safety point of view
Planification
• The development of the Quality and Safety Management System needs planning (Project Management Method) :– To identify all the tasks
– To ensure that each person knows what he has to do
– To monitor the advancement
– To transmit information
The Bordeaux ACC schedule for ISO certification in 2004
• Presentation of French ANSP and Bordeaux ACC.
• European Safety Regulatory Requirements (ESARR) and ISO 9001 requirements.
• Implementation of a Safety and Quality Management System in Bordeaux ACC: an integrated ISO process leading to certification.
• Reorganisation of French DGAC:
Regulator, Surveillance Authority and ANSP.
• ANSP Certification Process, initiated by DCS and DSNAANSP Certification Process, initiated by DCS and DSNA
• Benefits of the Certification Process for Bordeaux ACC.
Summary of the presentation
direction générale de l’Aviation civile
December 12th 2005
Centre en route de la Navigation aérienne sud-ouest
Direction des services de la Navigation aérienne
2005 A New Organisation
2005 : French CAA (DGAC) has restructured and modernised its organisation in an effort to
increase customer satisfaction and improve efficiency.
direction générale de l’Aviation civile
December 12th 2005
Centre en route de la Navigation aérienne sud-ouest
Direction des services de la Navigation aérienne
2005A New Organisation
New organisation copes with European regulations and with French state
modernisation.
DGAC MissionsDGAC Missions
The main mission is to ensure a high level of safety in• Air Navigation Services• Surveillance and Certification of aircraft manufacturers and maintenance workshops, airlines, flying
crews, etc.• Airports Certification
To guarantee a high level of protection of environment (noise, air quality…)
To exercise economic regulation over airlines and airports
To provide support to aircraft manufacturers
To guarantee a high level of security to passengers and freight operations
direction générale de l’Aviation civile
December 12th 2005
Centre en route de la Navigation aérienne sud-ouest
Direction des services de la Navigation aérienne
NATIONALSUPERVISORYAUTHORITY(DCS)
STRATEGY& REGULATION(DAST and DRE)
2005DGAC New Organisation
PROVIDERS
Three fields
of activity
Supervisory authority is independant of ANSP
AIR NAVIGATION SERVICES PROVIDER (DSNA)
AERONAUTICAL TRAINING PROVIDERS (ENAC and SEFA)
Strategic and Technical AffairsEconomic Regulation
• To check that the ANSP meets the single sky regulations.
• To improve safety and security levels through formal procedures and improved working methods such as formalized internal and external audits.
Certification : o the ANSP demonstrates it has implemented all measures to meet requirements, and that these measures will continue to be in force. o the ANSP will be increasingly supported by safety management systems.
Continuous Surveillance : o the Surveillance Authority (DCS) checks that ANSP (DSNA) operations are at all times fully compliant with the regulations. o main methods of surveillance: continuous surveillance, change management, incident analysis, follow up of safety indicators.
Surveillance PrinciplesSurveillance Principles
Authority ANSP
RegulatesRegulates
ChecksChecksApproves Approves
Grants Grants
Checks Checks AnalysesAnalysesCorrectsCorrects
DemonstratesDemonstrates
DetectsDetects Assesses Assesses CorrectsCorrects
AgreesAgrees
DAST
EC
DCSDACs
DCS…. BEA
External FeedbackInternal Feedback
Surveillance PrinciplesSurveillance Principles
Surveillance PrincipleSurveillance Principle
DSNAdemonstrates it meets
requirements
DCSagrees (or not)
- Organised structure- 5-year Business plan- Safety management System (ESARR/3, ESARR/4)- Quality management System (Applicable mean of conformity = ISO 9001)- Security management system- Operating manuals- Human resources : ESARR/5- Financial strength- Risk insurance coverage- Customers enquiries about quality of service provided. - Contingency plans- Annual reports - Compliance with ICAO Annexes (2, 3, 4, 10, 11, 14, 15)
European Regulation Applicable to ANSPsEuropean Regulation Applicable to ANSPs« Single European Sky »« Single European Sky »
• To set up a common understanding of the applicable referential
• To define the process of DSNA certification as an AIS and CNS services provider
• To define how to check compliance with ICAO requirements
• To ensure full coherence with the methods of certification elaborated at a european level
• To identify the risks that the objective is not met (DSNA certification at the end 2006)– Delays in delivery of conformity documentation– Delays in the implementation of a security management system– Possible non-conformity and discovered late, if its correction is a preliminary condition for
• 3. Adequate levels of SQS: resources, manual and records management, external providers, risk assessment and mitigation, capacity planification, control of deviations from objectives.
• 4. Insurance and promotion of SQS: audits, surveillance, corrective and preventive actions, feedback, collection of improvement propositions, management system updating.
The DSNA manual will be a short high level manual, with links to relevant documents and procedures
Through Safety Occurences by DCS and MSQS input data : safety occurences, BEA recommandations, Eurocontrol,…
Through Safety Studies DCS (ESARR1)
- major changes To get DCS agreement- minor changes To inform DCS- DSNA procedures « safety studies »
To get DCS approbation
MSQS Letter of agreement DCS-DSNA
Through audits DCS external audits (to check compliance with regulation) MSQS internal audits
• Presentation of French ANSP and Bordeaux ACC.
• European Safety Regulatory Requirements (ESARR) and ISO 9001 requirements.
• Implementation of a Safety and Quality Management System in Bordeaux ACC: an integrated ISO process leading to certification.
• Reorganisation of French DGAC:
Regulator, Surveillance Authority and ANSP.
• ANSP Certification Process, initiated by DCS and DSNAANSP Certification Process, initiated by DCS and DSNA
• Benefits of the Certification Process for Bordeaux ACC.
Summary of the presentation
ESARR2 :
Safety occurrences are reported or detected(1) are entered into a national data bank; are analysed and classified :
- In Local Safety Commissions (technical or operational) for the more significant occurrences, with the controllers concerned and together with the management
- In local Safety meetings every month
- In a national Safety Commission (CNSCA) for the more significant operational occurrences
Causes are identified Corrective and preventive actions are decided The list of actions to be taken is monitored and updated every month 3 times a year, the head of people in charge of safety occurrence analysis
presents the more significant events to all the controllers (the situation which has been recorded is « re-played »)
(1) Spacing < 5 NM and < 1000ft are automatically detected
Main improvements provided by the SQMS implementation
ESARR3 and ISO 9001:
• A Safety and Quality Policy
• Objectives & performance indicators - Everyone can consult them
• New quality and safety quantitative levels
• All the documentation has been updated :– All the operational manuals (for controllers, for supervisors, for technical
supervisor, for people in charge of alert service or information service,…)– All the documentation on the control positions– All the documentation in technical supervision– Some « actions to take cards » are easy to find for urgency procedures
• Tracing has been improved
• Internal auditing has been implemented
• Internal and external communication has been improved
Main improvements provided by the SQMS implementation
ESARR4 :
• Using a Method for Interventions on Operational Systems for risk assessment and mitigation for each planned intervention on technical systems supporting ATC services
(MISO : Méthode d’Intervention sur Système Opérationnel)- To identify the worst risk define procedures to mitigate the risk- To give information to all the people involved
• Using a method to support the decision process when evaluating if a change deserves a full safety assessment process or not : EPIS
• Using a Project Management Method for significant changes to the ATM system :
– One person in charge of planning– Very short meetings every week with everybody involved, to identify all risks,
problems, delayed tasks, and to update the scheduleanticipation improvement
Main improvements provided by the SQMS implementation
EPIS global process
Identification of the change
Identification of severity of Worst Credible Case (WCC)
Justification of risk acceptability
No need for further assessment Regular Safety Assessment
Regular Safety Assessment ?YesNo
Contribution to a known hazard characterization of the size
Contribution to a support service characterization of the risk
EPIS for equipment EPIS for airspace designand procedures
Simplified temporal scale for a project
Example : case of new system
EPIS
Beginning of the Projet
Put in operation after formal
decision
Safety Plan and Safety Case
End of the Project
Mentor (Project Management Tool)
T- x months T- x weeks T
Safety Assurance
MISO
ESARR 5 :
• Controllers– All the different types of training have been defined (initial and continuous
training)– Everyone involved in safety has to follow the required training– The controllers have to pass an exam every three year to maintain their
qualification– Everyone must have an updated medical certificate ; this certificate needs
special requipements for the controllers
• Technical staff:– organisation of training has been done – will be improved in 2006.– a procedure to qualify technical for maintenance is in the process of
being finalized.
Main improvements provided by the SQMS implementation
ESARR 3 :
• A special national organisation for safety management has been set up, to overview the level safety, and to follow problems which requires a national solution.
• There is a national feedback organisation for occurrences which happen in one ACC and could happen in others ACC
Main improvements provided by the SQMS implementation
To collect all the documentation about the Safety and Quality Management System, an Intranet site has been developed, including:– The european and national requirements
– Safety policy and objectives
– Description of responsibilities
– All documents describing the system : processes, procedures, …
– Information on audits (planning and results)
– Indicators
– Records : • Safety Management Review meetings reports,…
Intranet site : CRNA/SO Safety and Quality Manual
Thank you for your attentionThank you for your attention