670 likes | 1.2k Views
Introduction to the management of safety New ICAO Annex 19. Jean-Pierre ARNAUD R4.2 Rulemaking officer 27 June 2012. ICAO definition of SMS.
E N D
Introduction to the management of safetyNew ICAO Annex 19 Jean-Pierre ARNAUD R4.2 Rulemaking officer 27 June 2012
ICAO definition of SMS • Safety Management System (SMS): a systematic approach to managing safety, including the necessary organizational structures, accountabilities, policies and procedures • It provides a systematic way to identify hazards and control risks while maintaining assurance that these risk controls are effective. Did you understand? ..me neither! Let’s try another way… Introduction to safety management - 27 june 2012
On the menu today… Introduction to safety management - 27 june 2012
Component n’2: Safety risk management Introduction to safety management - 27 june 2012
The Titanic case Introduction to safety management - 27 june 2012
14 April 1912 • The largest steamer in the world…promoted as the “unsinkable”…sunk! • The court reported that the loss of the Titanic was due to collision with an iceberg, brought about by the excessive speed at which the ship was being navigated. • Weather and navigation conditions • Calm night, flat surface – no noise, no light reflect of waves • No moonlight at all: no visibility • In April icebergs remain a hazard when you navigate north and the probability to hit an iceberg is high. • 1912 was reported to be a very cold year with numerous iceberg straying abnormally southerly. • ………………...role of observation, statistics and metrics... Introduction to safety management - 27 june 2012
Additional noticeable safety factors Applicability • Design: double bottom; built to remain afloat if as many of 4 of its watertight compartments were flooded; after the collision, 5 flooded • Manufacturing: One allegation is that, under great pressure, the shipyard resorted to using second-rate iron rivets • Operational rules: Titanic did not carry enough lifeboats to save all aboard • although it met British safety codes – out-dated, however the most advanced at that time • Certification and Operations + organizational factors: • Inadequate emergency procedures: • Lifeboat n’1 departed with only 12 people instead of 40. • Several lifeboats were unusable due to the configuration of the sinking • It was a maiden voyage • No real test of the ship in operations and no training in real conditions • Not enough experience (evacuation, size of the boat, configuration etc) • Navigation services • Titanic received 6 messages on April 14 warning of the approaching ice field – all disregarded Introduction to safety management - 27 june 2012
Piling pressures… • The alleged root reasons why the captain persevered in his course, and maintained high speed, is probably to be found: • in competition with other transportation means • The captain of the ship was allegedly invited to set a speed record for its landmark maiden journey between Southampton and NY in order to increase the profit of the investors; • Therefore the ship navigated too northerly in order to save time. • in the desire of the public for quick passages rather than in the judgement of navigators (safety culture) • in the beliefs he had in the boat (« unsinkable » ) • Human factor - overconfidence Introduction to safety management - 27 june 2012
Titanic case • Hazard • Collision with iceberg • Probability and severity • High if you navigate northerly • Higher with no moonlight • Very high if you ignore the warning messages • Risk is the combination of hazard and probability of severity Introduction to safety management - 27 june 2012
Titanic case • How to mitigate the risk? • Reduce speed • Increase vigilance • Re-enforce radio monitoring • Navigate more southerly of Canada • Take timely effective management decision • This is called risk management: • Identify hazard, evaluate the risk, assess whether it is acceptable, mitigate the risk if necessary, to reduce the risk to an acceptable level • The Titanic case is clearly a failure in risk management as all information were available to avoid the accident. • Risk management is a subset of safety management (component n’2) Introduction to safety management - 27 june 2012
This accident also highlights… • Just culture – (non) Criminalization • The captain was cleared of blame • Safety culture • Captain (retired for the night at 21h30 dispite the warning messages about icebergs) • Crew team (no one questioned the captain’s decision) • Senior management of the operator and manufacturer pushing for accelerating the assembling of the steamer • Shareholders (money, money, money…) • The need to have an effective decision-making management process in operations Introduction to safety management - 27 june 2012
What can we learn from this event? • This event is not out of date and the root causes are still of interests in the aviation domain: • Human factor, piling pressure from shareholders, safety culture, organizational and human factors… • Safety management applies to any domains: • Nuclear, railways etc…even your private life… • Rules, design, certification, manufacturing, operations, navigation services, infrastructure… • Safety management is not a novelty: • Clinical approach started in the 90’s • ICAO started to adopt SARPs in 2003 • Accident investigation boards have been repeatedly highly recommended to implement it asap. Introduction to safety management - 27 june 2012
Safety risk management Introduction to safety management - 27 june 2012
Safety risk management • Key Words: • Hazard, consequence, risk, mitigating factors, risk management. • Challenges: • Identify the relevant hazards • Reporting systems and all kinds of safety information will help; • Assess correctly the probability and severity • Collection of data and sharing will help; • Address the appropriate mitigating factors; • Effectively manage the safety of the operations; • Exchange of information on safety data, safety hazards and risks between stakeholders. Introduction to safety management - 27 june 2012
Component n’3 is Safety Assurance Introduction to safety management - 27 june 2012
Paramount objective of the safety management • To reduce the accident rate per million flights • Currently around 4 accident per million flights (next slide – source ICAO MTOW above 2250kg) Introduction to safety management - 27 june 2012
Which year would you prefer to travel? • First level • Second level • Third level • Fourth level • Fifth level • …If you had this kind of indicators in your life…. • …you would start to manage your life differently… Introduction to safety management - 27 june 2012
Safety intelligence • With the advent of the computer, data serve as a comprehensive source of aviation safety information. • Technology explores all domains and brings us a huge amount of data for analysis • Equipment monitor and record everything, even satellites… • Statistics is everywhere • Mandatory and voluntary incident and accident reporting system, helping in identifying hazards. • Predicting …the future… (proactive approach) by selecting the right metrics…. and then acting consequently… Introduction to safety management - 27 june 2012
Active failure versus latent failure The accidents are just tips of the iceberg named “active failures”. There is still a vast quantity of data from the bottom of the iceberg, called “latent failures” waiting for triggering factors in order to emerge. • Safety-related data intelligence and safety analysis highlights capabilities that assist organisations in: • Identifying hazard and risks (systematically or using reporting systems, incidents, any safety-related events or reports, audits, safety studies, experience etc); • Collecting and analyzing all these data available; • Getting the trends and acting consequently… Introduction to safety management - 27 june 2012 19
Proactive approach • Each State or each service provider has to: • Collect safety-related data and analyse them; • Set up key safety indicators reflecting its activities; • Define and target objectives; • Monitor the system in place by evaluating the overall performance of the system; • Improve or maintain its safety performance; • Eventually allocate the most-effective resources to meet these objectives. • This is called the “proactive approach”. • In addition, the State will oversee the Safety Performance Indicators (SPIs) of the services providers and share data. Introduction to safety management - 27 june 2012
High-level instances (main contributors in accident) • Runway safety related (incursions, excursion, ground collisions) • EX: reported accidents and serious incidents involving runway excursions has increased during the last decade • Loss of control in-flight • Controlled flight into terrain • Collision in flight change via "view" > "header and footer"
Instances of low-level safety metrics • State • Development/absence of primary aviation legislation or operating regulations • Level of regulatory compliance – Lack of Effective Implementation (LEI – USOAP ICAO indicator) • Does the audit programme cover all activities? • State and organisation • Incident rate or incidents reported • Number of deviations to the SOPs (Standard Operating Procedures) • Organisation • Measurement of safety culture in an organisation or open climate in an organisation for reporting • MTBF for maintenance (Aircraft, ANS and Aerodrome) • Dispatch or stabilized approaches (operations)… • Deviations to the flight path or separation (Air Navigation Services) • Bird strikes (Aerodrome) Introduction to safety management - 27 june 2012
The data will set you free…. “The goal is to transform data into information, and information into insight” Ernest Greenwood Introduction to safety management - 27 june 2012
Component n’3 is Safety Assurance Introduction to safety management - 27 june 2012
Challenges and key words for safety assurance • Safety assurance based on effective safety data-driven processes but not being entirely data-driven; • Collecting information in an organized and standardized manner; sharingand protecting information; • Setting the right Key Safety Indicators (moving from concept towards implementable / practical KSIs); • Managing properly (safety trends and effective decision making); • Collaboration between States and Service Providers (KSIs) • Compliance with the rules remains a must • Develop performance-based oversight and performance – based rules • Enhancement of regional agencies (RSOOs – oversight and RAIOs –Accident, incidents), eliminating duplication of efforts, fostering cooperation (sharing information - databases) and independency Introduction to safety management - 27 june 2012
Component n’4 is Safety Promotion Introduction to safety management - 27 june 2012
Safety promotion • Safety promotion based on • Internal and external training • Communication and dissemination of safety information • Train (initial and continuous) your staff, educate, inform, increase the level of safety awareness, promote your policy and your objective, communicate, instruct, share… • Develop and maintain the level of “safety culture” among the States, the organisations or any stakeholders playing a role in safety • It includes senior management, front-line management, staff in the field, decision-makers etc Introduction to safety management - 27 june 2012
What is Safety culture? Safety culture is the set of enduring values and attitudes regarding safety issues, shared by every member at every level of an organization. Refers to the extent to which every individual of the organization is aware of the risks and unknown (?) hazards induced by their activities Objective: Raising and maintaining the level of awareness In that sense, component n°4 of the safety management is the safety awareness promotion Introduction to safety management - 27 June 2012 28
Concorde and safety culture (1) Concorde F-BTSC accident, 25 July 2000, France 109 casualties, a/c destroyed Source: final investigation report, available at http://www.bea.aero/docspa/2000/f-sc000725a/htm/f-sc000725a.html The French BEA concluded in 2002 that a wear strip of metal, fallen off from a DC-10 that took off 4 minutes earlier, had punctured a tire of the Concorde, sending shards of rubber into the fuel tanks, leading to flames pouring from its undercarriage and making the plane crashing into a hotel few kilometers away. The strip was attached with rivets close to other previous existing holes (reverse of the engine) and was improperly attached Introduction to safety management - 27 june 2012 29
Concorde and safety culture (2) • Who could have thought that this 40cm long piece of metal was a killer? • Not even the mechanic who did the repair… • 8 holes and rivets over 5 cm long Introduction to safety management - 27 june 2012 30
Concorde and safety culture (3) Introduction to safety management - 27 june 2012 31
Concorde and safety culture (4) Introduction to safety management - 27 june 2012 32
DC10 reverse as found How it should be • Holes too close • 37 holes in total • Correct spacing – 12 holes were only allowed Introduction to safety management - 27 june 2012
Concorde and safety culture (6) The engine cowl support was drilled with 37 holes whereas the installation of the strip required only 12. Therefore the strip was attached with rivets close to other previous existing holes and was improperly attached, resulting in it falling onto the runway. The mechanic (a metal sheet worker, not a certifying staff) used titanium, rather than aluminium (higher resistance), to construct a replacement piece (deviation to the maintenance repair as prescribed by the engine manufacturer). The mechanic who did the repair and the certifying staff who released to service the aircraft were charged with negligence (just culture). This part had been replaced during a C check 6 weeks before the accident took place. 3 weeks after the C check, the part detached again and was replaced by another part (the one fell off on 25 July 2000). These signals should have alerted the maintenance organization that improper maintenance had been carried out and that the trouble shooting was poor. The organisation was charged with negligence. Introduction to safety management - 27 june 2012 34
Component n’4 is Safety Promotion Introduction to safety management - 27 june 2012
Component n’1 is: Introduction to safety management - 27 june 2012
Component n’1: Policies and Objectives • Responsibilities, accountabilities and commitment, including identification of key safety personnel • A legislative framework for the State • An accident and incident investigation for the State • A mandatory and voluntary incident reporting system (State and service provider) • Policies and resources to collect and analyse safety data • An emergency response planning for the service provider • A process to set-up objectives, policies, monitoring and maintaining…then train and communicate… • Documentation (process, manual and procedures) • The management of changes • An enforcement policy Introduction to safety management - 27 june 2012
About the reporting system… • Report! And avoid the sinking… • It must • Be voluntary; • Be anonymous; • Identify the hazards and better understand the latent failures • Should not lead to any blaming except in the case of malicious act or gross negligence (this is called “just culture”) • Be supported by a statement / commitment of the accountable manager (no blaming) • Just culture (definition): an atmosphere of trust in which people are encouraged for providing essential safety-related information, but in which they are also clear about where the line must be drawn between acceptable and unacceptable behavior. Introduction to safety management - 27 june 2012
Safety policies and objectives - component n’1 • Key words: Just culture • Challenges: • Criminalization or lay off of staff • Protection of persons and data • Commitment of the personnel and effective implementation of the policies • In particular middle and front-line management (leadership and safety culture in the field play essential roles) • Safety vision • Transparency and sharing • Effective implementation Introduction to safety management - 27 june 2012
Vocabulary • The safety management is called: • SSP (Sate Safety Programme) for the State • EASA has developed the EASP • ICAO has developed the GASP • SMS (Safety Management System) for the service provider. Introduction to safety management - 27 june 2012
Main objectives of the State Safety Programme • Ensure that a State has the minimum required regulatory framework in place • Ensure coordination and harmonization amongst the State‘s regulatory and administrative organizations in their respective safety risk management roles • Facilitate monitoring and measurement of the aggregate safety performance of the service providers • Coordinate and continuously improve the State‘s safety management functions • Provides appropriate oversight functions • Promulgate and support effective implementation and interaction with service providers‘ SMS • Facilitate data aggregation • Facilitate information sharing • Promote safety Introduction to safety management - 27 june 2012
What is ICAO Annex 19? Safety Management Introduction to safety management - 27 june 2012
What is Annex 19 First Edition Compilation of common existing safety management provisions from existing annexes into one single new annex: • Annex 1— Personnel Licensing • Annex 6— Operation of Aircraft Part I — International Commercial Air Transport — Aeroplanes Part II — International General Aviation — Aeroplanes Part III — International Operations — Helicopters • Annex 8— Airworthiness of Aircraft • Annex 11— Air Traffic Services • Annex 13— Aircraft Accident and Incident Investigation • Annex 14— Aerodromes Volume I — Aerodrome Design and Operations Introduction to safety management - 27 june 2012
Applicability (Service providers) • A) training services that are directly exposed to safety risks; • B) operation and maintenance of aeroplanes and helicopters involved in international commercial air transport; • C) operation of aeroplanes and helicopters involved in international general aviation, except aerial work; • D) type design and manufacture of aircraft, engines, and propellers; • E) air navigation services; and • F) operation of aerodromes. Introduction to safety management - 27 june 2012
Content of Annex 19 • Five chapters, 2 appendices and 2 attachments: • Definitions • Applicability • State safety management responsibilities • Appendix 1: State safety oversight system • Attachment A: Framework for a State Safety Programme (SSP) • Safety Management System (Service providers) • Appendix 2: Framework for a safety management system (SMS) • Safety data collection, analysis and exchange • Attachment B: Legal guidance for the protection of information from safety data collection and processing systems Introduction to safety management - 27 june 2012
Status of Annex 19 Introduction to safety management - 27 june 2012
Benefit of Annex 19 • The consolidation of provisions from six different Annexes into a new draft Annex had been undertaken with the intent of improving implementation: • Enhancing the role of the State at a higher level (coordination between all domains and all stakeholders); • Having a “legal” basis in one unique document; • Developing harmonized standards that are applicable to several domains; • Better identifying and developing the future needs; • Having a dedicated ICAO panel, working on the next iterations (EC and EASA are members); • Having a global vision through implementation. Introduction to safety management - 27 june 2012
Future needs or challenges • Better integration between the SSP and the oversight system • Better and higher State policy –not only at CAA level (implementation, overall performance and coordination between all actors) • Collection, sharing and protection of data: • Analysis and common formatting of safety data (standardisation) • Identification of hazard • Just culture (Criminalization) • Better coordination between AIG and State, between States and Agencies • Development of an Emergency Response Plan by both the State and the service provider • Development of implementation guidance: • Effective and efficient safety indicators • Scalability • Training – safety culture • Industry and State (ex: oversight inspectors) • Communication between State and Service Providers • Moving from compliance towards performance Introduction to safety management - 27 june 2012
Benefit of integrated safety management • What’s being put forward is a vision of a community identifying hazard sharing data etc • The recent agreement signed off between EASA and Singapore illustrates this willingness. • The role of Regional Agency and Regional investigation board is another example of cooperation and development. • EASA / EASP: common objectives – 27 States Introduction to safety management - 27 june 2012
This is not an all-cure system • It is not a revolution but an evolution • Just a clinical approach of better managing safety • a kind of “modern” management of safety with the available technological tools • It is an additional layer • Traditional compliance to the rules remains a must • Safety management builds on this fundamental because most of the incidents or accident are due to deviation to the SOPs • Make our processes and procedures more robust • Raise our awareness – performance and safety culture • Develop an integrated safety system (complex environment – needed coordination). Introduction to safety management - 27 june 2012