Measure Why Things Go Right

By Didrik Strand offroadpilots@gmail.com

The safety management system (SMS) to learn what goes right every day but very quickly became a tool to catch failures by airport and airline operators. When the safety management system was sold to the aviation industry, it was promoted as a tool to help operators identify safety risks before they become bigger problems, or accidents. A safety management system does not predict when future accidents will happen but when used correctly it is a system that prevents accidents. An SMS does not predict a specific time (speed), space (location), and compass (direction) when an accident will occur, and prevented accidents goes unnoticeable. Since prevented incidents and accidents goes unnoticed it does not make sense that a successful SMS must focusing on capture such data. 

A safety management system is a modular system built on two fundamental modules. Each one of these two modules function independently of the other module, but both modules need to be designed and developed before a safety management system is implemented. Modules are furnished with blueprints, purpose descriptions, guidance directives, monitoring systems, planned outcome, corrective action plans (CAP) and followup guidance. These two modules are linked to complete their purpose to navigate the safety management system through regulatory and operational requirements. 

The two linked modules of a safety management system are the regulatory oversight module, and the operational process management module. The regulatory oversight module is applicable to the accountable executive (AE), and the operational process management module is applicable to the person who is managing the safety management system (SMS manager). Since both positions are appointed by the certificate holder (CH), their roles and responsibilities are to maintain compliance on behalf of the CH.    

Duties of an accountable executive to be responsible for operations or activities authorized under the certificate and accountable on behalf of the certificate holder for meeting the requirements of the regulations. Within the regulatory compliance module, the AE has available blueprints, purpose descriptions, guidance directives, monitoring systems, planned outcome, corrective action plans and followup guidance as their regulatory compliance toolboxes. Assessing the regulatory module for compliance is a snapshot in time of applied regulatory requirements. Regulatory compliance are still-pictures of tasks, while operational compliance are live videos of tasks.

A regulatory requirement of a safety management system is to include a safety policy on which the system is based and must meet specific regulatory requirements. A safety policy may also be known as the SMS policy. 

A safety policy is a statement of what an organization is committed to in regards to establish processes with desired outcome, or safety in operations. A safety policy is signed on behalf of the certificate holder by the accountable executive. An SMS policy clearly states intentions, management principles and aspirations for continuous and continual improvement of process outputs, and level of safety. Continuous improvements are to make adjustments to current processes, while continual improvements are to change the process. An example of continuous improvement is the change from handwritten reports to typewriter reports, and an example of continual improvement is the change from paper documents to electronic documents. Continual improvements may not always improve processes and outcome as expected. 

Process improvements are achieved through documented policies describing what organizational processes and structures it will use to achieve the SMS. An SMS policy should also contain a statement outlining the objectives and expected outcomes to achieve through its SMS. The safety policy must be seen to have value, it must be the philosophy that everyone adheres to in their everyday activities, and it must be clear and practical for compliance and practical to read. An SMS policy forms the foundation for an operator to furnish the regulatory compliance module. A safety policy is guidance for accountability from the AE to managers accountability and accountability by all personnel. 

A safety policy includes safety objectives that clearly define what an operator expects to achieve with its SMS. The objectives, as well as a top-level statement regarding commitments to achieve improvements in safety, forms the basics of a safety policy. Objectives must be clear and achievable and define the limits within which an operator is operating. Objectives are unambiguous, well documented, and readily accessible. 

Roles and responsibilities for an AE is to maintain oversight how the SMS policy function as a tool for regulatory compliance, as opposed to a tool to focus on what went wrong and incidents. An SMS policy is stable and does not change with process outcome. The role of an accountable executive is to design, develop and apply daily oversight compliance systems. 

When an SMS is used as a tool to focus on what went wrong, the SMS policy excludes the seven principles of compliance, which are blueprints, purpose descriptions, guidance directives, monitoring systems, planned outcome, corrective action plans and followup guidance. An SMS policy does not include a blueprint to induce occurrences, it does not include a purpose description of occurrences, it does not include guidance directives of how to initiate occurrences, it does not include a monitoring system to monitor that operations is on the right path for an occurrence, it does not include a planned outcome for occurrences, it does not include corrective action plans when occurrences did not happen, and it does not include followup guidance of CAPs to induce occurrences. A focus tool within a policy, is of what happen, since something was happening and replaced what did-not-happen. 

When an SMS is used as a tool to focus on what when right, the SMS policy encompasses all seven compliance principles are active contributors. When things go right, the blueprint becomes the overlay snapshot in time of the regulatory requirement to operate with a safety policy. A safety policy may include daily inspections at airports, and performing the daily inspection is therefore allocated to the safety policy. In the operational module, the daily inspection process is the blueprint of the process and tasks to be performed. Completed items on the daily inspection checklist is allocated to the performance of the safety policy as what went right. When hazards are discovered, such as debris on the runway, the debris is assigned to what went right during the inspection. That debris are runway hazards are incidental to the performance of the task which captured the debris.  

The regulatory module is applying the safety policy to a purpose descriptions, which could be as simples as to maintain regulatory compliance. In the operational module, the purpose description is applied a safety in operations. Guidance directives are applied in the regulatory module to the text of how to apply the safety policy, and in the operational module, are applied as airside operations plans. The regulatory module apply monitoring systems to the safety policy to capture drift of the policy, or changes in the interpretation of the policy, and in the operational module it is monitored as a quality control system, what tasks are completed, when they are completed, where they are completed, who (position) are completing the tasks, why they are completed and how they are completed. The planned outcome of a safety policy is in the regulatory module an outcome that the safety policy is in existence and communicated to all, and in the operational module, drift from the planned outcome is recorded, analyzed and root cause assigned for a CAP. Corrective action plans in the regulatory module are corrections to existence and communication of the safety policy, and in the operational module, the CAPs are applied to operational processes the are deviation from the safety policy. Deviation from the safety policy could be to remove debris on the runway without recording it in the SMS system. Followup guidance in the regulatory module is to have a system in place to capture new regulations, and in the operational module, new processes are designed to conform to the new regulations. 

In both the regulatory module and the operational module, the same method is applied to other regulatory requirements. An SMS is required to include a process for setting goals and for measuring those goals, a process for identifying hazards and managing the associated risks, a process for training of personnel and that they are competent, a process for reporting and analyzing hazards, incidents and accidents and for taking corrective actions, a document containing all safety management system processes and a process for making personnel aware of their responsibilities with respect to them, a quality assurance program, a process for conducting periodic reviews or audits of the safety management system and reviews or audits, for cause, of the safety management system, and any additional requirements for the safety management system that are prescribed under the regulations. Placing these items into both the regulatory module and the operational module is hard work and a comprehensive task. However, when all tasks are completed, it is a simple task to follow the compliance path.  

Measuring what goes right is a more complex task than measuring failures. It is more work to identify and build systems than it is to tear down systems to fail. The regulatory requirement to have a process in place to capture hazards is not a process to fail a system but is a process to make a system successful by the fact that hazards were captured. 

It is also difficult to measure what went right when a system did not capture a hazard and resulting in an incident. An example of something that went wrong could be if a daily runway inspection did not capture debris on the runway, causing an incident and nothing went right. The easy way out is to capture the incident and focus on the failure. 

When measuring what went right, move the occurrence to the regulatory module and the operational module. Conduct a special cause variation root cause analysis as appropriate to scope of airport operations, with a corrective action plan to include human factors, organizational factors, supervision factors or environmental factors. After an occurrence, the air operator conducts a root cause analysis of aircraft operations, and the airport does one for airport operations. After tasks are completed in both the regulatory module and the operational module, record the failure to discover debris on the runway as an item that went wrong. 

When things go wrong does not give an operator an excuse to focus on failures, but it becomes a part of an intergraded system to measure the reliability why things go right. 



OffRoadPilots


Comments

Post a Comment

Popular posts from this blog

Accepting or Rejecting Risks

By Didrik Strand offroadpilots@gmail.com
Image
Accepting or rejecting risks is a fundamental principle in a successful safety management system (SMS). A person managing the safety management system is expected to maintain a process for identifying hazards to aviation safety and for evaluating and managing the associated risks and ensuring that personnel are trained and competent to perform their duties as they apply to the safety management system. This includes training for both the accountable executive and SMS manager, in addition to other airport and airline operations personnel. A level of risk is an inherent element of aviation safety and there are several types of risks to consider when accepting or rejecting risks. One type of risk may take precedence over another type even if it is not directly associated with operations. Risk control strategies are beyond accepting or rejecting a risk, it is to justify control actions based on defined criteria. There are five categories of risks. The total risk is the sum of identified an
Read more

Lawless

By Didrik Strand offroadpilots@gmail.com
Image
A safety management system (SMS) is a regulatory requirement for airport and airline operators, the SMS regulations are performance-based, processes must conform to regulatory requirements, but still, a healthy SMS is lawless. In a lawless system events are unrestricted, actions are reactive to immediate threats, and data are collected by random chance. A safety management system contains multiple components to conduct research study of patterns. Research study design is a framework, or the set of methods and procedures used to collect and analyse data on variables specified in a particular research problem. A safety management system research study designs comes in many shape and forms, with advantages and limitations. A rule-based SMS is an overcontrolled system to justify an expected definite and unambiguous output. A system where predetermined results exists, is a system without trust, without learning, without accountability, and a system where information sharing impossible. A la
Read more

Human Factors

By Didrik Strand offroadpilots@gmail.com
Image
Human factors and human errors are two separate things but are often used interchangeable in conversations and in the aviation industry. Human errors are attached to a person who could be linked to an occurrence. In addition, the severity of the outcome is a predetermining factor how important it is to assign human error as the root cause after an accident.  Human error root cause analysis has widespread support from the aviation industry. However, with the implementation of the Safety Management System (SMS) regulations, accountability came into play, and it became impossible to justify human error as the root cause.  A healthy SMS looks at the organization and its systems, and the fact that a person overlooked, or missed an item is no longer a root cause, such as a pilot missing a checklist item. Checklists are required and are used for any flight, but there is no evidence a missed checklist item was the root cause of any accidents. At the other end of the spectrum, completing the ge
Read more