Lawless
A safety management system (SMS) is a regulatory requirement for airport and airline operators, the SMS regulations are performance-based, processes must conform to regulatory requirements, but still, a healthy SMS is lawless. In a lawless system events are unrestricted, actions are reactive to immediate threats, and data are collected by random chance. A safety management system contains multiple components to conduct research study of patterns. Research study design is a framework, or the set of methods and procedures used to collect and analyse data on variables specified in a particular research problem. A safety management system research study designs comes in many shape and forms, with advantages and limitations. A rule-based SMS is an overcontrolled system to justify an expected definite and unambiguous output. A system where predetermined results exists, is a system without trust, without learning, without accountability, and a system where information sharing impossible. A lawless SMS paints a true picture of airport and airline operators.
When there are rules and practices for what is allowed to be reported to an SMS manager, invaluable information is lost. SMS is not as much about reporting incidents, as it is to establish patterns. Micromanagement of what is allowed does not change the fact of how workers do their job day in and day out. All it does, is to show a hazard register with allowable hazards as opposed to actual hazards.
Allowable hazards to report are unwritten organizational rules and practices. Over time personnel learns to accept what to report and what is not allowed to be reported. A common mistake by operators is to only accept reported hazards and taking the position that unreported hazards do not exist. When the position is taken that verbally reported hazards do not exist, or that verbally reported events did not happen, operators are creating an officially controlled safety management system. When an SMS authoritarian system is established, the authority of an SMS is characterized by highly concentrated and centralized governing powers maintained by excluding opposition, objections, and challenges. An authoritarian SMS uses common sense justification to mobilize around the unwritten goals of the operator. The requirement that the accountable executive is responsible operations and activities authorized under the certificate and accountable on behalf of the certificate holder for meeting the requirements of the regulations is set up for an authoritarian SMS and misrepresentation of the system. Maintaining regulatory requirements under such a system induces operational pathways with hazard levels above hazard levels without operating with a safety management system.
Running a safety management system is a specialty task different from any other airline or airport operations tasks. A safety management system is not about safety, but about processes, just as an accounting system is about processes and not about the bottom line. The bottom line, profit, or loss is affected by accounting processes applied, but these processes must adhere to accounting principles, even if the CEO, or AE is the person with the final authority. A CEO cannot, while some do, arbitrary demand their accountant to go against proper accounting principles to adjust the outcome for short-term benefits, but long-term harm. In the accounting world it is fraud to manipulate inputs to the process. Operating an SMS by manipulating the inputs are also fraud, but difficult to detect for an untrained eye.
Fraud is intentional deception to secure unfair gain. Unfair gain applicable to a safety management system, is when multiple operators providing the same contracted services are gauged by their outputs, as opposed to what is reported. When other operators only report favorable hazards and minimize their outputs, while a single operator reports all raw data collected, the single reporting operator generates 80% of events and hazards. With 80% of hazards and events allocated to one single operator, this operator is being red-flagged and as unsuitable for further contracts. What is forgotten in the equation, is that a contracted air operator’s right to operate their SMS as they see fit, are the responsibilities that comes with freedom and rights.
In the face of new fraud methods and increasing incidence of fraud, operators must continually identify and address vulnerabilities. Success will require core capabilities in areas of enhanced threat intelligence along client journeys, data-cycle testing and feedback, advanced data, technology, and analytics, and transformation of the operating model.
Even as fraud threats have become more sophisticated, customers are demanding more streamlined and low-friction journeys. Addressing these challenges requires an enhanced strategy that has strong customer experience and fraud prevention components and bases its long-term success on prioritizing 360-degree intelligence. An operator, being airports or airlines must know their customers, know their own operations and SMS, vulnerabilities, and capability gaps, and know their competitors. A competitor may me a customer, an operator in the same business, or the general public.
Analyzing the huge volume of intelligence data now available is a real challenge. The traditional manual approach driven by individual investigators are fading away. Instead, companies need a new at-scale technology-enabled solution and multidisciplinary approach. A client intelligence and fraud prevention center can better source and integrate threat intelligence and analysis to serve antifraud decision making. This involves the creation of trusted stakeholder networks, both within the organization and among clients, partners, and government entities, to facilitate collaboration across silos and organizations. The cross-functional team includes business leaders, experience designers, marketing specialists, product development specialists, fraud specialists, investigators, operations specialists, data scientists, technologists, and cyber experts.
To ensure that client journeys and controls provide the required protection against vulnerabilities and that the organization meets defined and goals. Airport and airline operators run data on files to identify nonfraudulent and fraudulent behaviors and match them against actual SMS reports. Implementation of new fraud control could cause the loss of a significant amount of business unless it is performed properly. This is averted by reactive testing the control against historical populations to gauge the outcome before implementation was under way. Spelling out all the key outcomes allows operators to determine which special cause variation generate the root cause of potential loss of customers and enable them to devise a plan to address these special cause variations.
When conducting testing, test parameters of SMS reports must be established. Testing is conducted randomly throughout SMS reports journey, with controlled setup in live tests. Determining which version performs better enables operators to identify the impact on fraud rates and customer satisfaction.
Airports and airlines need multilayer defenses with sophisticated data analytics that enable rapid decision making for applications and nearly instant response rates for monitoring. Technology needs to be flexible, adaptive, and quick enough to react to fast-paced fraud attacks. Equally important is the need for insightful and actionable analytics to identify fraud attacks quickly, enabling SMS enterprises to modify controls and strategies.
Operators need to build the data and analytics that allow them to understand customer experiences and changes in behavior after a fraud incident and across a hazard’s journeys. They also need predictions and triggers to handle fraud experiences rapidly and proactively, such as communications about why fraud occurred and ways to protect the account in the future.
This requires data models that incorporate both internal and external sources. Internal data, which should be combined across product silos, could be related to fraud, identification, SMS reports profiles, and connected interactions across channels. External sources could include device, biometric, and social data. The model should also be updated to include new value-added data sources continually. Additionally, it requires an orchestration layer that integrates different systems and allows fraud management teams to think across the value chain, capture complex fraud patterns, and identify fraud earlier. It should also enable them to orchestrate the response and communication so SMS team members can handle the experience in their area of expertise and department.
The safety management system is defined as a businesslike approach to safety. With a businesslike approach, an SMS must include a businesslike fraud management system. Fraud management of internal processes and common cause variations, e.g. the AE demands certain input actions and results, are different than fraud management of special cause variations occurring because of how the work is done, e.g. an SMS report could be shared with ability to make changes and cause unintended consequences.
Fraud prevention is a regulatory requirement to ensure the integrity of a safety management system. Regulations require SMS enterprises to operate with a fraud management system of their recording systems, which includes computer records, that do not comprise entries on paper. Computer records requires measures to ensure that the records contained in the recording systems are protected against inadvertent loss or destruction and against tampering, and a copy of the records contained in the recording systems can be printed on paper to verify the integer of processes.
In a lawless SMS organization, there are no restrictions on what area allowed to be reported and there is no requirement for obedience to one single communication process.
OffRoadPilots
Comments
Post a Comment