Introduction to the management of safety New ICAO Annex 19

1
Introduction to the management of safetyNew
ICAO Annex 19

• Jean-Pierre ARNAUD
• R4.2 Rulemaking officer
• 27 June 2012

2
ICAO definition of SMS

• Safety Management System (SMS) a systematic
  approach to managing safety, including the
  necessary organizational structures,
  accountabilities, policies and procedures
• It provides a systematic way to identify hazards
  and control risks while maintaining assurance
  that these risk controls are effective.

Did you understand?
..me neither!
Lets try another way
3
On the menu today
4
Component n2 Safety risk management
5
The Titanic case
6
14 April 1912

• The largest steamer in the worldpromoted as the
  unsinkablesunk!
• The court reported that the loss of the Titanic
  was due to collision with an iceberg, brought
  about by the excessive speed at which the ship
  was being navigated.
• Weather and navigation conditions
• Calm night, flat surface no noise, no light
  reflect of waves
• No moonlight at all no visibility
• In April icebergs remain a hazard when you
  navigate north and the probability to hit an
  iceberg is high.
• 1912 was reported to be a very cold year with
  numerous iceberg straying abnormally southerly.
• ...role of observation, statistics and
  metrics...

7
Additional noticeable safety factors Applicability

• Design double bottom built to remain afloat if
  as many of 4 of its watertight compartments were
  flooded after the collision, 5 flooded
• Manufacturing One allegation is that, under
  great pressure, the shipyard resorted to using
  second-rate iron rivets
• Operational rules Titanic did not carry enough
  lifeboats to save all aboard
• although it met British safety codes
  out-dated, however the most advanced at that time
  
• Certification and Operations organizational
  factors
• Inadequate emergency procedures
• Lifeboat n1 departed with only 12 people instead
  of 40.
• Several lifeboats were unusable due to the
  configuration of the sinking
• It was a maiden voyage
• No real test of the ship in operations and no
  training in real conditions
• Not enough experience (evacuation, size of the
  boat, configuration etc)
• Navigation services
• Titanic received 6 messages on April 14 warning
  of the approaching ice field all disregarded

8
Piling pressures

• The alleged root reasons why the captain
  persevered in his course, and maintained high
  speed, is probably to be found
• in competition with other transportation means
• The captain of the ship was allegedly invited to
  set a speed record for its landmark maiden
  journey between Southampton and NY in order to
  increase the profit of the investors
• Therefore the ship navigated too northerly in
  order to save time.
• in the desire of the public for quick passages
  rather than in the judgement of navigators
  (safety culture)
• in the beliefs he had in the boat
  ( unsinkable  )
• Human factor - overconfidence

9
Titanic case

• Hazard
• Collision with iceberg
• Probability and severity
• High if you navigate northerly
• Higher with no moonlight
• Very high if you ignore the warning messages
• Risk is the combination of hazard and probability
  of severity

10
Titanic case

• How to mitigate the risk?
• Reduce speed
• Increase vigilance
• Re-enforce radio monitoring
• Navigate more southerly of Canada
• Take timely effective management decision
• This is called risk management
• Identify hazard, evaluate the risk, assess
  whether it is acceptable, mitigate the risk if
  necessary, to reduce the risk to an acceptable
  level
• The Titanic case is clearly a failure in risk
  management as all information were available to
  avoid the accident.
• Risk management is a subset of safety management
  (component n2)

11
This accident also highlights

• Just culture (non) Criminalization
• The captain was cleared of blame
• Safety culture
• Captain (retired for the night at 21h30 dispite
  the warning messages about icebergs)
• Crew team (no one questioned the captains
  decision)
• Senior management of the operator and
  manufacturer pushing for accelerating the
  assembling of the steamer
• Shareholders (money, money, money)
• The need to have an effective decision-making
  management process in operations

12
What can we learn from this event?

• This event is not out of date and the root causes
  are still of interests in the aviation domain
• Human factor, piling pressure from shareholders,
  safety culture, organizational and human factors
• Safety management applies to any domains
• Nuclear, railways etceven your private life
• Rules, design, certification, manufacturing,
  operations, navigation services, infrastructure
• Safety management is not a novelty
• Clinical approach started in the 90s
• ICAO started to adopt SARPs in 2003
• Accident investigation boards have been
  repeatedly highly recommended to implement it
  asap.

13
Safety risk management
14
Safety risk management

• Key Words
• Hazard, consequence, risk, mitigating factors,
  risk management.
• Challenges
• Identify the relevant hazards
• Reporting systems and all kinds of safety
  information will help
• Assess correctly the probability and severity
• Collection of data and sharing will help
• Address the appropriate mitigating factors
• Effectively manage the safety of the operations
• Exchange of information on safety data, safety
  hazards and risks between stakeholders.

15
Component n3 is Safety Assurance
16
Paramount objective of the safety management

• To reduce the accident rate per million flights
• Currently around 4 accident per million flights
  (next slide source ICAO MTOW above 2250kg)

17
Which year would you prefer to travel?

• First level
• Second level
• Third level
• Fourth level
• Fifth level

• If you had this kind of indicators in your life.

• you would start to manage your life differently

18
Safety intelligence

• With the advent of the computer, data serve as a
  comprehensive source of aviation safety
  information.
• Technology explores all domains and brings us a
  huge amount of data for analysis
• Equipment monitor and record everything, even
  satellites
• Statistics is everywhere
• Mandatory and voluntary incident and accident
  reporting system, helping in identifying hazards.
• Predicting the future (proactive approach) by
  selecting the right metrics. and then acting
  consequently

19
Active failure versus latent failure

• The accidents are just tips of the iceberg named
  active failures.
• There is still a vast quantity of data from the
  bottom of the iceberg, called latent failures
  waiting for triggering factors in order to
  emerge.

• Safety-related data intelligence and safety
  analysis highlights capabilities that assist
  organisations in
• Identifying hazard and risks (systematically or
  using reporting systems, incidents, any
  safety-related events or reports, audits, safety
  studies, experience etc)
• Collecting and analyzing all these data
  available
• Getting the trends and acting consequently

19
20
Proactive approach

• Each State or each service provider has to
• Collect safety-related data and analyse them
• Set up key safety indicators reflecting its
  activities
• Define and target objectives
• Monitor the system in place by evaluating the
  overall performance of the system
• Improve or maintain its safety performance
• Eventually allocate the most-effective resources
  to meet these objectives.
• This is called the proactive approach.
• In addition, the State will oversee the Safety
  Performance Indicators (SPIs) of the services
  providers and share data.

21
High-level instances (main contributors in
accident)

• Runway safety related (incursions, excursion,
  ground collisions)
• EX reported accidents and serious incidents
  involving runway excursions has increased during
  the last decade
• Loss of control in-flight
• Controlled flight into terrain
• Collision in flight

22
Instances of low-level safety metrics

• State
• Development/absence of primary aviation
  legislation or operating regulations
• Level of regulatory compliance Lack of
  Effective Implementation (LEI USOAP ICAO
  indicator)
• Does the audit programme cover all activities?
• State and organisation
• Incident rate or incidents reported
• Number of deviations to the SOPs (Standard
  Operating Procedures)
• Organisation
• Measurement of safety culture in an organisation
  or open climate in an organisation for reporting
• MTBF for maintenance (Aircraft, ANS and
  Aerodrome)
• Dispatch or stabilized approaches (operations)
• Deviations to the flight path or separation (Air
  Navigation Services)
• Bird strikes (Aerodrome)

23
The data will set you free.
The goal is to transform data into information,
and information into insight Ernest
Greenwood
24
Component n3 is Safety Assurance
25
Challenges and key words for safety assurance

• Safety assurance based on effective safety
  data-driven processes but not being entirely
  data-driven
• Collecting information in an organized and
  standardized manner sharing and protecting
  information
• Setting the right Key Safety Indicators (moving
  from concept towards implementable / practical
  KSIs)
• Managing properly (safety trends and effective
  decision making)
• Collaboration between States and Service
  Providers (KSIs)
• Compliance with the rules remains a must
• Develop performance-based oversight and
  performance based rules
• Enhancement of regional agencies (RSOOs
  oversight and RAIOs Accident, incidents),
  eliminating duplication of efforts, fostering
  cooperation (sharing information - databases) and
  independency

26
Component n4 is Safety Promotion
27
Safety promotion

• Safety promotion based on
• Internal and external training
• Communication and dissemination of safety
  information

• Train (initial and continuous) your staff,
  educate, inform, increase the level of safety
  awareness, promote your policy and your
  objective, communicate, instruct, share
• Develop and maintain the level of safety
  culture among the States, the organisations or
  any stakeholders playing a role in safety
• It includes senior management, front-line
  management, staff in the field, decision-makers
  etc

28
What is Safety culture?

• Safety culture is the set of enduring values and
  attitudes regarding safety issues, shared by
  every member at every level of an organization.
• Refers to the extent to which every individual
  of the organization is aware of the risks and
  unknown (?) hazards induced by their activities
• Objective Raising and maintaining the level of
  awareness
• In that sense, component n4 of the safety
  management is the safety awareness promotion

28
29
Concorde and safety culture (1)

• Concorde F-BTSC accident, 25 July 2000, France
• 109 casualties, a/c destroyed
• Source final investigation report, available at
  
• http//www.bea.aero/docspa/2000/f-sc000725a/htm/f-
  sc000725a.html
• The French BEA concluded in 2002 that a wear
  strip of metal, fallen off from a DC-10 that
  took off 4 minutes earlier, had punctured a tire
  of the Concorde, sending shards of rubber into
  the fuel tanks, leading to flames pouring from
  its undercarriage and making the plane crashing
  into a hotel few kilometers away.
• The strip was attached with rivets close to other
  previous existing holes (reverse of the engine)
  and was improperly attached

29
30
Concorde and safety culture (2)

• Who could have thought that this 40cm long piece
  of metal was a killer?

• Not even the mechanic who did the repair

• 8 holes and rivets over 5 cm long

30
31
Concorde and safety culture (3)
31
32
Concorde and safety culture (4)
32
33
DC10 reverse as found How it should be

• Holes too close
• 37 holes in total

• Correct spacing 12 holes were only allowed

34
Concorde and safety culture (6)

• The engine cowl support was drilled with 37 holes
  whereas the installation of the strip required
  only 12.
• Therefore the strip was attached with rivets
  close to other previous existing holes and was
  improperly attached, resulting in it falling onto
  the runway.
• The mechanic (a metal sheet worker, not a
  certifying staff) used titanium, rather than
  aluminium (higher resistance), to construct a
  replacement piece (deviation to the maintenance
  repair as prescribed by the engine manufacturer).
• The mechanic who did the repair and the
  certifying staff who released to service the
  aircraft were charged with negligence (just
  culture).
• This part had been replaced during a C check 6
  weeks before the accident took place.
• 3 weeks after the C check, the part detached
  again and was replaced by another part (the one
  fell off on 25 July 2000).
• These signals should have alerted the maintenance
  organization that improper maintenance had been
  carried out and that the trouble shooting was
  poor. The organisation was charged with
  negligence.

34
35
Component n4 is Safety Promotion
36
Component n1 is
37
Component n1 Policies and Objectives

• Responsibilities, accountabilities and
  commitment, including identification of key
  safety personnel
• A legislative framework for the State
• An accident and incident investigation for the
  State
• A mandatory and voluntary incident reporting
  system (State and service provider)
• Policies and resources to collect and analyse
  safety data
• An emergency response planning for the service
  provider
• A process to set-up objectives, policies,
  monitoring and maintainingthen train and
  communicate
• Documentation (process, manual and procedures)
• The management of changes
• An enforcement policy

38
About the reporting system

• Report! And avoid the sinking

• It must
• Be voluntary
• Be anonymous
• Identify the hazards and better understand the
  latent failures
• Should not lead to any blaming except in the case
  of malicious act or gross negligence (this is
  called just culture)
• Be supported by a statement / commitment of the
  accountable manager (no blaming)
• Just culture (definition) an atmosphere of trust
  in which people are encouraged for providing
  essential safety-related information, but in
  which they are also clear about where the line
  must be drawn between acceptable and unacceptable
  behavior.

39
Safety policies and objectives - component n1

• Key words Just culture
• Challenges
• Criminalization or lay off of staff
• Protection of persons and data
• Commitment of the personnel and effective
  implementation of the policies
• In particular middle and front-line management
  (leadership and safety culture in the field play
  essential roles)
• Safety vision
• Transparency and sharing
• Effective implementation

40
Vocabulary

• The safety management is called
• SSP (Sate Safety Programme) for the State
• EASA has developed the EASP
• ICAO has developed the GASP
• SMS (Safety Management System) for the service
  provider.

41
Main objectives of the State Safety Programme

• Ensure that a State has the minimum required
  regulatory framework in place
• Ensure coordination and harmonization amongst the
  States regulatory and administrative
  organizations in their respective safety risk
  management roles
• Facilitate monitoring and measurement of the
  aggregate safety performance of the service
  providers
• Coordinate and continuously improve the States
  safety management functions
• Provides appropriate oversight functions
• Promulgate and support effective implementation
  and interaction with service providers SMS
• Facilitate data aggregation
• Facilitate information sharing
• Promote safety

42
What is ICAO Annex 19?
43
What is Annex 19 First Edition

• Compilation of common existing safety management
  provisions from existing annexes into one single
  new annex
• Annex 1 Personnel Licensing
•  
• Annex 6 Operation of Aircraft
• Part I International Commercial Air Transport
  Aeroplanes
• Part II International General Aviation
  Aeroplanes
• Part III International Operations Helicopters
•  
• Annex 8 Airworthiness of Aircraft
•  
• Annex 11 Air Traffic Services
• Annex 13 Aircraft Accident and Incident
  Investigation
• Annex 14 Aerodromes
• Volume I Aerodrome Design and Operations

44
Applicability (Service providers)

• A) training services that are directly exposed to
  safety risks
•  
• B) operation and maintenance of aeroplanes and
  helicopters involved in international commercial
  air transport
•  
• C) operation of aeroplanes and helicopters
  involved in international general aviation,
  except aerial work
•  
• D) type design and manufacture of aircraft,
  engines, and propellers
•  
• E) air navigation services and
•  
• F) operation of aerodromes.

45
Content of Annex 19

• Five chapters, 2 appendices and 2 attachments
• Definitions
• Applicability
• State safety management responsibilities
• Appendix 1 State safety oversight system
• Attachment A Framework for a State Safety
  Programme (SSP)
• Safety Management System (Service providers)
• Appendix 2 Framework for a safety management
  system (SMS)
• Safety data collection, analysis and exchange
• Attachment B Legal guidance for the protection
  of information from safety data collection and
  processing systems

46
Status of Annex 19
47
Benefit of Annex 19

• The consolidation of provisions from six
  different Annexes into a new draft Annex had been
  undertaken with the intent of improving
  implementation
• Enhancing the role of the State at a higher level
  (coordination between all domains and all
  stakeholders)
• Having a legal basis in one unique document
• Developing harmonized standards that are
  applicable to several domains
• Better identifying and developing the future
  needs
• Having a dedicated ICAO panel, working on the
  next iterations (EC and EASA are members)
• Having a global vision through implementation.

48
Future needs or challenges

• Better integration between the SSP and the
  oversight system
• Better and higher State policy not only at CAA
  level (implementation, overall performance and
  coordination between all actors)
• Collection, sharing and protection of data
• Analysis and common formatting of safety data
  (standardisation)
• Identification of hazard
• Just culture (Criminalization)
• Better coordination between AIG and State,
  between States and Agencies
• Development of an Emergency Response Plan by both
  the State and the service provider
• Development of implementation guidance
• Effective and efficient safety indicators
• Scalability
• Training safety culture
• Industry and State (ex oversight inspectors)
• Communication between State and Service Providers
• Moving from compliance towards performance

49
Benefit of integrated safety management

• Whats being put forward is a vision of a
  community identifying hazard sharing data etc
• The recent agreement signed off between EASA and
  Singapore illustrates this willingness.
• The role of Regional Agency and Regional
  investigation board is another example of
  cooperation and development.
• EASA / EASP common objectives 27 States

50
This is not an all-cure system

• It is not a revolution but an evolution
• Just a clinical approach of better managing
  safety
• a kind of modern management of safety with the
  available technological tools
• It is an additional layer
• Traditional compliance to the rules remains a
  must
• Safety management builds on this fundamental
  because most of the incidents or accident are due
  to deviation to the SOPs
• Make our processes and procedures more robust
• Raise our awareness performance and safety
  culture
• Develop an integrated safety system (complex
  environment needed coordination).

51
How does it affect EASA?

• Establishment of an EASP (the global safety
  vision)
• Identification of hazards and risks, safety
  performance indicators etc
• Coordination between all partners
• Being more data-driven, collecting all safety
  info (E2, E6)
• Review of our processes and procedures,
  introducing the management of risks on top of
  compliance to the rules
• Certification of aircraft (C)
• Performance based oversight (Standardisation
  Inspection Annual Programme - SIAP) (S)
  workshop next October
• Performance based rules (R)
• Safety assurance (E)
• International cooperation and sharing (based on
  agreements) (E, R, C, S)
• Training and competence (EASA staff, States,
  stakeholders)
• Promotion of safety everywhere safety culture
• Better managing our internal resources

52
Basic Safety Management Tool Kit

• ICAO Annex 19
• Click here to access to the document
• SMM edition 3 (ICAO doc 9859)
• Click here to access to the document
• Rulemaking focal point within the Agency
  Regine.hamelijnck_at_easa.europa.eu
• A more detailed presentation on Annex 19 is here
  available (click here)

53
Advanced safety management tool kit

• Noteworthy websites about Safety management in
  aviation
• http//flightsafety.org/current-safety-initiatives
  /corporate-flight-operational-quality-assurance-c-
  foqa.
• ICAO Flight Safety Information Exchange
  http//www.icao.int/fsix/
• The Australian Civil Aviation Safety Authority
  web site at http//www.casa.gov.au/sms/index.htm
  including Advisory Circular 172-01(0) September
  2005 Guidelines For Preparing A Safety Management
  System (SMS) at http//www.casa.gov.au/rules/1998c
  asr/172/172c01.pdf, ,
• The Transport Canada Civil Aviation web site at
  http//www.tc.gc.ca/civilaviation/systemsafety/pub
  s/menu.htm and
• The UK Civil Aviation Authority web site at
  http//www.caa.co.uk/default.aspx?catid872pagety
  pe90pageid9953
• The Overseas Territories web site at
  http//www.airsafety.aero/safety_development/sms
• The IBAC web site at http//www.ibac.org. In
  addition, chapter 5 Evaluating the Operators SMS
  of the IS-BAO Internal Audit Manual may be
  helpful in the SMS development process.
• The NASA web site at http//www.nasa.gov.
• The FAA Safety Management System information
  pages at http//www.faa.gov/about/initiatives/sms
  /specifics_by_aviation_industry_type/ and Risk
  Management Handbook at www.faa.gov/library/manual
  s/aviation/media/FAA-H-8083-2.pdf
• The International Helicopter Safety Team (IHST)
  SMS Toolkit at http//ihst.rotor.com/Portals/54/2
  009_SMS_Toolkit_ed2_Final.pdf
• The European Strategic Safety Initiative (ESSI)
  at http//www.easa.europa.eu/essi/index.html
• FAA Advisory Circular 120-92 Introduction to
  Safety Management Systems for Air Operators at
  http//www.airweb.faa.gov/Regulatory_and_Guidance_
  Library/rgAdvisoryCircular.nsf/0/6485143d5ec81aae8
  625719b0055c9e5/FILE/AC20120-92.pdf, and FAAs
  Flight Risk Assessment Tool at http//www.faa.gov/
  other_visit/aviation_industry/airline_operators/ai
  rline_safety/info/all_infos/media/2007/inFO07015.p
  df.
• EASA website www.easa.europa.eu/sms/

54
True or false?

• Annex 19 is called risk management.
• SSP is created by Service Providers
• ICAO facilitates safety management information
  sharing among Service Providers within the State
• EASA oversees Service Providers Safety
  performance
• Risk management means you can deviate to the
  rules if properly mitigating factors are in place
• All statements are false

55
Any comment or question, contactjean-pierre.arnau
d_at_easa.europa.eu
http//intranet/your-intranet-page