Why SMS Does Not Prevent Accidents
The safety management system was sold to the aviation industry, both airports and airlines, as a system to reduce, or prevent all future accidents.
The following is a quote from a regulator about aviation accidents. “…as the aviation industry grows and departures increase, the total number of accidents will also increase.”
Even though there has been a reduction in the accident rates, this expectation is based historical data, and a calculated accidents ratio each time one aircraft is added to a random global fleet. There is an expectation within the global aviation industry that adding one aircraft anywhere adds an accident hazard to the industry as a whole, or in other words that every aircraft carries a fraction of an accident hazard onboard. Since the aviation industry lives in a 3D environment there is an inherited risk in flying.
The safety management system in aviation (SMS) is internationally recognized frameworks that help operators, both airports and airlines, to identify safety risks and prevent potential accidents.
The term "prevent" generally means to stop something from happening or to hinder the occurrence of an event or action. It involves taking measures or actions to avoid or block a particular outcome. Prevention can be applied in various contexts, such as preventing diseases, accidents, conflicts, or any undesirable situation.
A safety management system is a formal framework designed to foster a culture of safety within an organization. It sets out individual roles and responsibilities, and accountabilities for safety. It is designed both to increase awareness of various safety aspects that relate to daily activities and to establish formal lines of communication within the organization for sharing information about hazards. When operating withing an organization to improve awareness, accountability and communication, an SMS allows an organization to identify safety risks before they escalate and become serious problems.
The measurable safety objectives and periodic internal audits included in an SMS promote continuous learning within the organization, as well as constant system improvements. Putting an SMS in place usually involves a commitment from senior management for approving the organization’s safety policies and objectives, and for providing oversight, among other factors. Introducing an effective SMS poses its own challenges, but once in place, the SMS plays a major role in preventing accidents.
Until the 1960s, safety approaches in high-risk industries were based on reliability engineering, a field that studies and evaluates the probability of equipment failure. Improvements in safety were primarily informed by accident investigations, which provided data about the likelihood of such events.
Increased public awareness of industrial hazards in throughout the 1960s led to establishing a scientific approach to accident prevention. Studies in this area helped to identify some key factors in industrial safety, namely, the causes of accidents, the interface between humans and machines, the role of management, and the relationship between the economics and efficiency of safety. This research paved the way for the development of SMS.
SMS approach relies not only on accident prevention, but also on a systematic process for identifying and controlling hazards derived from what is known as “process safety.” Process safety has its roots in business ethics, commitment to health, safety, and environmental protection. This has since been adopted by industries in several counties.
The SMS approach is considered a better way to motivate airlines and airports to manage their own risks, because it makes them accountable and responsible for the human, organizational, technical, and environmental factors that lead to accidents. An oversight strategy is to maintain and improve the safety of the aviation system with the resources available. The aviation industry, including certified airports, non-certified aerodromes, scheduled airlines and on-demand air charters must accept accountability and be responsible for the proactive and systematic management of the risks that weigh on its activities, and that the primary tool used to do so is the SMS.
Airlines and airports were required to operate with a complete safety management system by 2012. Since the completion of the SMS implementation there have been several aviation accidents, and just a handful of them are mentioned below.
A Boeing 737-210C combi aircraft struck a hill 1 nautical mile east of the runway. The aircraft was destroyed by impact forces with an ensuing post-crash fire. Eight passengers and all 4 crew members sustained fatal injuries. The remaining 3 passengers sustained serious injuries. No emergency locator transmitter signal was emitted by the aircraft.
A Bombardier DHC-8-402, aircraft overran the runway after touchdown. It came to a stop about 250 m beyond the end of the runway and was stuck in grass and mud. There were no injuries, and no damage to the aircraft.
A DHC-8-400 the flight crew experienced a no. 2 engine power loss that was followed by a fire warning. The crew followed engine fire emergency procedures and subsequently the engine was shut down. The propeller feathered and there were no further indications of a fire.
A Boeing 737-700 the aircraft’s right nose wheel tire contacted 8 runway edge lights during takeoff. The flight crew was unaware that there was a runway misalignment and continued where they landed without issue. The airline was notified seven days after the occurrence by the originating airport authority.
A Boeing 737-800 the flight crew encountered directional control issues after touchdown, and the aircraft did not decelerate as expected. The aircraft overran the end of the runway by approximately 500 feet and came to rest in the mud. There was some minor damage observed on the left engine of the plane, however there was no observed damage to the landing gear. The crew and passengers did not sustain any injuries.
A de Havilland DHC-8-314 aircraft encountered a tailstrike upon landing. The tail contacted the ground and the "Touched Runway" annunciator illuminated. The aircraft subsequently taxied to the apron.
An Airport Authority maintenance vehicle was on the taxiway when it was requested to work on the runway. The maintenance vehicle was instructed to taxi on the taxiway and to hold short of the runway, and therefore was not authorized to cross runway without further instruction. A Boeing 737 MAX was on approach to land when the maintenance vehicle proceeded past the hold short line and crossed the active runway.
An RJ-900 aircraft began its takeoff to the left of the runway centerline, where it contacted 3 runway edge lights before its trajectory was corrected. During the aircraft’s climb, a fuel imbalance was detected. The flight crew was not able to correct the imbalance and subsequently shut down the right engine. An emergency was declared, and the aircraft diverted to the nearest suitable airport. Airport rescue and fire flighting (ARFF) personnel advised that a tire was deflated, and smoke was coming from the wheel. The left main landing gear was sprayed by ARFF, and the smoke dissipated. Passengers were disembarked and transported to the terminal.
Shortly after landing an Airbus A330-343 the bogie beam failed on the right main landing gear. At the same time, indications of a right main landing gear malfunction were displayed in the cockpit. The aircraft continued its landing roll, with the right gear shock strut scraping the runway, and came to rest on the runway.
These are just a few examples of how the safety management system were incapable of preventing incidents. The airline industry expects incidents to occur, while there are no justifications for any incidents.
A question the aviation industry needs to ask is why the SMS failed to prevent accidents. The answer is simple, the SMS did not fail, and cannot fail, since a safety management system paints a true picture of operations. Incidents occurs because the system is designed and developed with that purpose. Human errors may still be the cause, but with the introduction of the SMS, human errors were moved from the cockpit, airside, and maintenance floor environment to the office of the accountable executive.
Human error is a symptom of trouble deeper inside a system or an organization. On the other hand, human error is also a symptom of a successful organization. There are organizations where human errors are integrated with the system and need to be there for the organization to exist and prosper. It is the system itself that is set up for human errors.
In an organization where there are overwhelming events of human errors, the organization operates within a system that is prone to these errors. Two examples are Daytona 500, or Reno Air Races, where the systems (race to win) are setting each driver and pilot up for human error, or a crash. Both the Daytona 500 and Reno Air Race organizers have requirements and systems in place to reduce harm to drivers, pilots, or spectators.
These systems are designed for human errors, or for safety to fail.
Imagine how successful Daytona 500 would be if the speed was limited to 50MPH, or if the Reno Air Race required airplanes to fly between gates separated a mile apart.
Operating with an SMS does not prevent incidents or accidents and data in above examples shows that fact. If operating with an SMS automatically prevented incidents there would not be any incidents. However, the regulator and the aviation industry, both airlines and airports, do not accept occurrence free operations. After an airliner crashed into a parked aircraft while taxiing, the airline accepted that this incident had occurred with a justification that the flight crew was taxiing as instructed by ATC across an apron with non-standard markings.
A special cause variation at an airport does not justify an airline occurrence, and an airline special cause variation does not justify an airport occurrence.
Special cause variation, also known as assignable cause variation, refers to variations in a process that are not inherent to the process itself but are caused by specific identifiable factors. In statistical process control and quality management, understanding and distinguishing between common cause variation and special cause variation are essential for improving processes and achieving consistency in outcomes.
Special causes variations are specific and identifiable factors that can be traced to a particular source or event. This could include a machine malfunction, a sudden change in environmental conditions, or an error in the manufacturing process.
Special cause variation is typically unpredictable and sporadic. It does not follow a consistent pattern and can happen unexpectedly.
When special cause variation is detected, it is important to conduct a root cause analysis to determine the underlying reason for the variation. Addressing the root cause is a tool to prevent the same occurrence from happening in the future. Abnormal operations, or intentional deviation from common processes are special cause variations. When abnormal processes operations are activated, an SMS enterprise must apply their established abnormal operations policy and processes. Taxiing across an apron with non-standard markings is a deviation from normal processes, or abnormal operations.
Special causes usually require management intervention to investigate and rectify the issue. This may involve adjusting the process, repairing equipment, retraining personnel, or implementing other corrective actions.
Special cause variations are often temporary and can be eliminated or controlled by addressing the specific cause. Once the cause is addressed, the process may return to a state of common cause variation. An example of a temporary special cause variation is when airport winds are gusting to 20KTS, but within seconds, and undetected, the wind gust is 50KTS. Wind gusts, without thunderstorms, or microbursts in the area, are constant, reliable and dependable with very little variations to the gust itself, or windshear. Changes to wind gusts and wind shears in mountainous areas are common cause variations since the terrain affects velocity and direction.
In contrast to special cause variation, common cause variation is inherent to a process and is often the result of random factors that are part of the normal operation of the system. Statistical process control tools, such as control charts, are commonly used to monitor processes and differentiate between common and special cause variations. A examples of a common cause variations are the migratory bird season, winter season, or forest fires season.
The ability to distinguish between common and special cause variation is crucial for organizations seeking to improve their processes, enhance product quality, and achieve greater consistency in their operations.
If the confidence level is established at 95%, a calculated statistical value that was based on a sample is also true for the whole population within the established confidence level with a 95% chance. In other words: the chances are very high that the arithmetic mean (as a statistical value) of a population is exactly within the margins of error which were established for the survey based on a sample.
The key to a successful safety management system is where there is free speech, there is trust, leaning, forward-looking accountability and information sharing. Free speech does not come without responsibilities, and responsibilities quadruples with a person as their position is moved upwards in the SMS enterprise hierarchy.
SMS is a tool to prevent accidents, but as with any other tool, when used incorrectly the output does not perform as expected.
OffRoadPilots
Comments
Post a Comment