0% found this document useful (0 votes)
19 views125 pages

Omni Aviation SMS Manual SMSVP Version

This document is an SMS Manual template for Your Company, detailing the structure and requirements for a Safety Management System (SMS). It includes a record of revisions, a list of effective pages, and a comprehensive table of contents outlining various sections related to safety policies, risk management, and operational procedures. The manual is proprietary and should be customized before use.

Uploaded by

abdo2awf
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
19 views125 pages

Omni Aviation SMS Manual SMSVP Version

This document is an SMS Manual template for Your Company, detailing the structure and requirements for a Safety Management System (SMS). It includes a record of revisions, a list of effective pages, and a comprehensive table of contents outlining various sections related to safety policies, risk management, and operational procedures. The manual is proprietary and should be customized before use.

Uploaded by

abdo2awf
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Remove and replace with your Company Name / Logo

This is a template only. Do not use this document without


editing it to meet your needs. Users are responsible for
acceptance of content and suitability for intended use.

SMS Manual
(SMSVP Version)

See the document: Working with Omni Manuals


for guidance and editing instructions

Revision: 9
20 Feb 2018

Serial Number: ______

Assigned to: ________________________ Position: ____________________

AIRCRAFT N ____________ (if applicable) Date of Assignment: ___________

If found, please return this manual to:


Your Company
6421 South Dorset Road
Spokane, WA 99224
USA
Tel. +1 509.838.8121

This manual is the property of Your Company, and contains proprietary information. It may not be copied,
printed or reproduced in any manner without the express written consent of YCO. The person to whom this
manual has been assigned is responsible for the safekeeping of this manual and the timely insertion of all
revisions in accordance with the procedures contained herein.
THIS PAGE INTENTIONALLY LEFT BLANK
AVIATION MANAGEMENT SYSTEM
SMS Manual

Record of Revisions
Manual Serial Number: ______

Insert all revisions immediately. Briefly describe the revision or change,


and enter the revision effective date and initials of the person inserting the revision.

Revision Revision
Revision Description of Change
Effective Date Inserted By

Original Original Issuance 04 April 2012 N/A

Section 0: Introduction – Inclusion of


Compliance Monitoring; additional definitions.
1 08 Nov 2014 PMS
Section 2 - Integration of Risk Management
Program.

Addition of Section 9: Fatigue Risk


2 Management Program
22 March 2015 PMS

3 Alignment with FAA SMS Framework Rev. 3 18 June 2015 PMS

4 Align / update with FAA SMSVP Standard 29 July 2016 PMS

5 Integrate with OmniSMS® v4 web application 15 Nov 2016 PMS

Relocation of policy statements to Section


6 11 – Appendix: Policy Statements
15 Jan 2017 PMS

7 Revised Risk Assessment (RA) matrix 04 June 2017 PMS

Align with revisions to OmniSMS web app;


8 Section 2: Incorporation of Event Risk (ER) 05 Sept 2017 PMS
classification; additional definitions

Changed ‘Safety Assessment’ to ‘Safety


Issue’ to reduce confusion with the ‘System
Assessment’ process and align with
OmniSMS web application updates
Clarified explanations of safety objectives
9 and goals, key safety performance indicators
20 Feb 2018 PMS
(KSPIs), targets and alerts.
Revised definitions to include the term:
‘External Provider’ and add new Safety
Attribute: ‘Safety Ownership’

10

11

[Link] Revision: 9 Record of Revisions Page 1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Record of Revisions Page 2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

List of Effective Pages (LEP)


Revision No. 9 Effective Date: 20 Feb 2018

PAGE. REV. NO. EFFECTIVE DATE. PAGE. REV. NO. EFFECTIVE DATE.
RECORD OF REVISIONS
1 9 20 Feb 2018 1. SAFETY POLICIES & OBJECTIVES
2 9 20 Feb 2018 1-1 9 20 Feb 2018
1-2 9 20 Feb 2018
LIST OF EFFECTIVE PAGES 1-3 9 20 Feb 2018
3 9 20 Feb 2018 1-4 9 20 Feb 2018
4 20 Feb 2018 1-5 9 20 Feb 2018
1-6 9 20 Feb 2018
TABLE OF CONTENTS 1-7 9 20 Feb 2018
1-8 9 20 Feb 2018
5 9 20 Feb 2018
1-9 9 20 Feb 2018
6 9 20 Feb 2018
1-10 9 20 Feb 2018
7 9 20 Feb 2018
8 9 20 Feb 2018
9 9 20 Feb 2018 2. SAFETY RISK MANAGEMENT
10 9 20 Feb 2018 2-1 9 20 Feb 2018
2-2 9 20 Feb 2018
0. INTRODUCTION 2-3 9 20 Feb 2018
0-1 9 20 Feb 2018 2-4 9 20 Feb 2018
0-2 9 20 Feb 2018 2-5 9 20 Feb 2018
0-3 9 20 Feb 2018 2-6 9 20 Feb 2018
0-4 9 20 Feb 2018 2-7 9 20 Feb 2018
0-5 9 20 Feb 2018 2-8 9 20 Feb 2018
0-6 9 20 Feb 2018 2-9 9 20 Feb 2018
0-7 9 20 Feb 2018 2-10 9 20 Feb 2018
0-8 9 20 Feb 2018 2-11 9 20 Feb 2018
0-9 9 20 Feb 2018 2-12 9 20 Feb 2018
0-10 9 20 Feb 2018 2-13 9 20 Feb 2018
0-11 9 20 Feb 2018 2-14 9 20 Feb 2018
0-12 9 20 Feb 2018 2-15 9 20 Feb 2018
0-13 9 20 Feb 2018 2-16 9 20 Feb 2018
0-14 9 20 Feb 2018
0-15 9 20 Feb 2018
0-16 9 20 Feb 2018
0-17 9 20 Feb 2018
0-18 9 20 Feb 2018
0-19 9 20 Feb 2018
0-20 9 20 Feb 2018
0-21 9 20 Feb 2018
0-22 9 20 Feb 2018
Your Company Acceptance: FAA Acceptance:

[Link] Revision: 9 LEP Page 3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

PAGE. REV. NO. EFFECTIVE DATE. PAGE. REV. NO. EFFECTIVE DATE.
3. SAFETY ASSURANCE 7. SMS ORGANIZATION
3-1 9 20 Feb 2018 7-1 9 20 Feb 2018
3-2 9 20 Feb 2018 7-2 9 20 Feb 2018
3-3 9 20 Feb 2018 7-3 9 20 Feb 2018
3-4 9 20 Feb 2018 7-4 9 20 Feb 2018
3-5 9 20 Feb 2018 7-5 9 20 Feb 2018
3-6 9 20 Feb 2018 7-6 9 20 Feb 2018
3-7 9 20 Feb 2018 7-7 9 20 Feb 2018
3-8 9 20 Feb 2018 7-8 9 20 Feb 2018

4. SAFETY PROMOTION 8. OPERATIONAL


4-1 9 20 Feb 2018 RISK ASSESSMENT
4-2 9 20 Feb 2018 8-1 9 20 Feb 2018
4-3 9 20 Feb 2018 8-2 9 20 Feb 2018
4-4 9 20 Feb 2018 8-3 9 20 Feb 2018
8-4 9 20 Feb 2018
5. SAFETY MANAGEMENT PLAN
5-1 9 20 Feb 2018 9. FATIGUE RISK MANAGEMENT
5-2 9 20 Feb 2018 9-1 9 20 Feb 2018
9-2 9 20 Feb 2018
6. CONFIDENTIAL 9-3 9 20 Feb 2018
REPORTING SYSTEM 9-4 9 20 Feb 2018
6-1 9 20 Feb 2018 9-5 9 20 Feb 2018
6-2 9 20 Feb 2018 9-6 9 20 Feb 2018
6-3 9 20 Feb 2018 9-7 9 20 Feb 2018
6-4 9 20 Feb 2018 9-8 9 20 Feb 2018
6-5 9 20 Feb 2018
6-6 9 20 Feb 2018 10. FLIGHT DATA ANALYSIS
6-7 9 20 Feb 2018 10-1 9 20 Feb 2018
6-8 9 20 Feb 2018 10-2 9 20 Feb 2018
6-9 9 20 Feb 2018 10-3 9 20 Feb 2018
6-10 9 20 Feb 2018 10-4 9 20 Feb 2018
6-11 9 20 Feb 2018
6-12 9 20 Feb 2018 11. APPENDIX:
6-13 9 20 Feb 2018 POLICY STATEMENTS
6-14 9 20 Feb 2018 11-1 9 20 Feb 2018
6-15 9 20 Feb 2018 11-2 9 20 Feb 2018
6-16 9 20 Feb 2018 11-3 9 20 Feb 2018
6-17 9 20 Feb 2018 11-4 9 20 Feb 2018
6-18 9 20 Feb 2018 11-5 9 20 Feb 2018
6-19 9 20 Feb 2018
6-20 9 20 Feb 2018
6-21 9 20 Feb 2018
6-22 9 20 Feb 2018
Your Company Acceptance: FAA Acceptance:

[Link] Revision: 9 LEP Page 4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

SMS Manual
Table of Contents
0. INTRODUCTION............................................................................................................................... 0-1
0.1 GENERAL INFORMATION .............................................................................................................................. 0-1
0.1.1 BACKGROUND .................................................................................................................................................... 0-1
0.1.2 SMS MANUAL AND SUPPORTING PROGRAMS ............................................................................................... 0-1
0.1.3 APPLICABILITY ................................................................................................................................................... 0-1
0.1.4 SAFETY MANAGEMENT SYSTEM ACCEPTANCE ............................................................................................ 0-1
0.2 SMS OVERVIEW .............................................................................................................................................. 0-2
0.2.1 STRUCTURE ....................................................................................................................................................... 0-2
0.2.2 SMS COMPONENTS ........................................................................................................................................... 0-2
0.2.3 INTEGRATED SAFETY AND QUALITY MANAGEMENT .................................................................................... 0-2
0.3 SMS DOCUMENTATION .................................................................................................................................. 0-2
0.4 SMS OPERATIONAL RECORDS .................................................................................................................... 0-2
0.4.1 SAFETY RISK MANAGEMENT (SRM) PROCESS records ................................................................................. 0-2
0.4.2 SAFETY ASSURANCE (SA) PROCESS records ................................................................................................. 0-3
0.4.3 SMS TRAINING RECORDS ................................................................................................................................. 0-3
0.4.4 SAFETY COMMUNICATIONS RECORDS .......................................................................................................... 0-3
0.5 SMS APPROPRIATE TO SIZE, SCOPE AND COMPLEXITY ........................................................................ 0-3
0.6 OMNISMS® WEB APPLICATION ..................................................................................................................... 0-4
0.7 TECHNICAL MANAGEMENT SYSTEM........................................................................................................... 0-4
0.7.1 OVERVIEW .......................................................................................................................................................... 0-4
0.7.2 APPLICABLE LAWS & REGULATIONS............................................................................................................... 0-5
0.7.3 RESPONSIBILITIES FOR TECHNICAL MANAGEMENT .................................................................................... 0-5
0.7.4 MANUAL SYSTEM ............................................................................................................................................... 0-5
0.7.5 REVISION CONTROL .......................................................................................................................................... 0-5
0.7.6 DOCUMENT ASSIGNMENT ................................................................................................................................ 0-5
0.7.7 PROPOSED CHANGES....................................................................................................................................... 0-6
0.7.8 DOCUMENT REVISION PROCESS .................................................................................................................... 0-6
0.8 DEFINITIONS .................................................................................................................................................... 0-7
1. POLICY AND OBJECTIVES ............................................................................................................ 1-1
1.1 SAFETY AND QUALITY POLICY .................................................................................................................... 1-1
1.1.1 COMMUNICATION OF POLICIES ....................................................................................................................... 1-1
1.1.2 POLICY REVIEW ................................................................................................................................................. 1-1
1.1.3 MISSION .............................................................................................................................................................. 1-1
1.1.4 DEDICATION TO SAFETY................................................................................................................................... 1-1
1.1.5 REGULATORY COMPLIANCE ............................................................................................................................ 1-2
1.1.6 STANDARDS AND RECOMMENDED PRACTICES ............................................................................................ 1-2
1.1.7 OCCUPATIONAL HEALTH, SAFETY, AND ENVIRONMENTAL PROTECTION ................................................. 1-2
1.1.8 QUALITY MANAGEMENT AND SAFETY ASSURANCE ..................................................................................... 1-2
1.1.9 ACCEPTING RISK IN SYSTEM AND TASK DESIGN ......................................................................................... 1-2
1.1.10 REPORTING OF HAZARDS AND UNSAFE CONDITIONS ............................................................................... 1-3
1.1.11 TRAINING & QUALIFICATION OF PERSONNEL .............................................................................................. 1-3
1.1.12 JUST SAFETY CULTURE .................................................................................................................................. 1-3
1.2 SAFETY ACCOUNTABILITY AND AUTHORITY ............................................................................................ 1-4
1.2.1 OWNERS / DIRECTORS / OFFICERS ................................................................................................................ 1-4
1.2.2 ACCOUNTABLE EXECUTIVE ............................................................................................................................. 1-4
1.2.3 MANAGEMENT PERSONNEL ............................................................................................................................. 1-4
1.2.4 FRONT LINE AND SUPERVISORY PERSONNEL .............................................................................................. 1-4
1.2.5 EXTERNAL PROVIDERS..................................................................................................................................... 1-5
1.2.6 RISK TOLERABILITY / ACCEPTANCE AUTHORITY FOR EXTERNAL PROVIDERS ....................................... 1-5
1.2.7 RISK TOLERABILITY / ACCEPTANCE AUTHORITY FOR ORAs ....................................................................... 1-5
1.2.8 RISK TOLERABILITY / ACCEPTANCE AUTHORITY FOR RISK ASSESSMENTS (RA) .................................... 1-5

[Link] Revision: 9 Table of Contents Page 5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1.3 DESIGNATION OF SAFETY MANAGEMENT PERSONNEL ......................................................................... 1-6


1.3.1 ROLES AND RESPONSIBILITIES ....................................................................................................................... 1-6
1.4 COORDINATION OF EMERGENCY RESPONSE PLANNING ....................................................................... 1-6
1.5 SAFETY OBJECTIVES .................................................................................................................................... 1-7
1.5.1 KEY SAFETY PERFORMANCE INDICATORS AND TARGETS ......................................................................... 1-7
1.5.2 KSPI ALERTS ...................................................................................................................................................... 1-8
1.5.3 OPERATIONAL PERFORMANCE INDICATORS ................................................................................................ 1-8
1.5.4 SMS PERFORMANCE INDICATORS .................................................................................................................. 1-9
2. SAFETY RISK MANAGEMENT........................................................................................................ 2-1
2.1 SAFETY RISK MANAGEMENT METHODS .................................................................................................... 2-1
2.1.1 THREE LEVELS OF SRM .................................................................................................................................... 2-1
2.1.2 TIME-CRITICAL SRM........................................................................................................................................... 2-1
2.1.3 DELIBERATE SRM .............................................................................................................................................. 2-1
2.1.4 STRATEGIC SRM ................................................................................................................................................ 2-2
2.2 SYSTEM ANALYSIS AND HAZARD IDENTIFICATION ................................................................................. 2-2
2.2.1 SYSTEM DESCRIPTION AND ANALYSIS .......................................................................................................... 2-2
2.2.2 HAZARD IDENTIFICATION ................................................................................................................................. 2-3
2.2.3 HAZARD ID CONSIDERATIONS ......................................................................................................................... 2-3
2.2.4 SAFETY RISK MANAGEMENT (SRM) PROCESS FLOW DIAGRAM ................................................................. 2-4
2.3 SAFETY RISK ASSESSMENT AND CONTROL ............................................................................................. 2-5
2.3.1 SAFETY RISK ANALYSIS .................................................................................................................................... 2-5
2.3.2 DEVELOPING A HAZARD STATEMENT AND RISK SCENARIOS ..................................................................... 2-5
2.3.3 STUDY OF SIGNIFICANT SAFETY ISSUES ....................................................................................................... 2-6
2.3.4 SAFETY RISK ASSESSMENT ............................................................................................................................. 2-7
2.3.5 OMNISMS RISK ASSESSMENT (RA) MATRIX ................................................................................................... 2-8
2.3.6 SAFETY RISK CONTROL .................................................................................................................................... 2-8
2.3.7 EVALUATING RESIDUAL AND SUBSTITUTE RISK ........................................................................................... 2-9
2.3.8 CAP ACCEPTANCE / CAP LOCK ........................................................................................................................ 2-9
2.3.9 IMPLEMENTING RISK CONTROLS .................................................................................................................. 2-10
2.3.10 INITIAL SYSTEM DESCRIPTION .................................................................................................................... 2-11
2.3.11 INITIAL SYSTEM ANALYSIS ........................................................................................................................... 2-12
2.3.12 SAFETY RISK PROFILE .................................................................................................................................. 2-12
2.3.13 CREATING A SIGNIFICANT SAFETY ISSUE ................................................................................................. 2-12
2.4 EVENT RISK CLASSIFICATION.................................................................................................................... 2-13
2.4.1 MANAGING OCCURRENCE REPORTS ........................................................................................................... 2-13
2.4.2 EVENT-BASED RISK ANALYSIS ...................................................................................................................... 2-13
2.4.3 INTERVENTIONS, BARRIERS AND CONTROLS ............................................................................................. 2-14
2.4.4 ER QUESTION 1 ................................................................................................................................................ 2-14
2.4.5 ER QUESTION 2 ................................................................................................................................................ 2-15
3. SAFETY ASSURANCE .................................................................................................................... 3-1
3.1 SAFETY PERFORMANCE MONITORING AND MEASUREMENT ................................................................ 3-1
3.1.1 MONITORING OF OPERATIONAL PROCESSES ............................................................................................... 3-1
3.1.2 MONITORING OF THE OPERATIONAL ENVIRONMENT .................................................................................. 3-1
3.1.3 SAFETY ASSURANCE (SA) PROCESS FLOW DIAGRAM ................................................................................. 3-2
3.1.4 INTERNAL AUDITS OF OPERATIONAL PROCESSES AND SYSTEMS............................................................ 3-3
3.1.5 INTERNAL EVALUATIONS .................................................................................................................................. 3-3
3.1.6 OUTSIDE AUDITS / EVALUATIONS ................................................................................................................... 3-3
3.1.7 INVESTIGATION OF INCIDENTS, ACCIDENTS, NON-COMPLIANCE and other events ................................... 3-4
3.1.8 CONFIDENTIAL REPORTING SYSTEM ............................................................................................................. 3-5
3.1.9 ANALYSIS OF DATA............................................................................................................................................ 3-5
3.2 SAFETY PERFORMANCE ASSESSMENT ..................................................................................................... 3-5
3.2.1 SYSTEM ASSESSMENT ..................................................................................................................................... 3-6
3.2.2 MANAGEMENT REVIEW ..................................................................................................................................... 3-6
3.3 MANAGEMENT OF CHANGE .......................................................................................................................... 3-7
3.4 CONTINUOUS IMPROVEMENT ...................................................................................................................... 3-7
3.4.1 PREVENTIVE / CORRECTIVE ACTION .............................................................................................................. 3-7

[Link] Revision: 9 Table of Contents Page 6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

3.4.2 CORRECTING SAFETY PERFORMANCE .......................................................................................................... 3-7

4. SAFETY PROMOTION ..................................................................................................................... 4-1


4.1 OVERVIEW ....................................................................................................................................................... 4-1
4.2 COMPETENCIES AND TRAINING .................................................................................................................. 4-1
4.2.1 PERSONNEL EXPECTATIONS (COMPETENCE) .............................................................................................. 4-1
4.2.2 SMS TRAINING PROGRAM ................................................................................................................................ 4-2
4.2.3 SMS TRAINING RECORDS ................................................................................................................................. 4-2
4.3 SAFETY COMMUNICATION AND AWARENESS .......................................................................................... 4-3
4.3.1 REQUIRED COMMUNICATIONS ........................................................................................................................ 4-3
4.3.2 COMMUNICATIONS OF SAFETY LESSONS LEARNED.................................................................................... 4-3
4.3.3 GENERAL COMMUNICATIONS .......................................................................................................................... 4-4
4.3.4 PROTECTION OF SAFETY INFORMATION ....................................................................................................... 4-4
5. SMS IMPLEMENTATION PLAN....................................................................................................... 5-1
5.1 IMPLEMENTATION PLAN DESCRIPTION ..................................................................................................... 5-1
5.1.1 IMPLEMENTATION PLAN OUTLINE ................................................................................................................... 5-1
5.1.2 SMS GAP ANALYSIS ........................................................................................................................................... 5-1
6. CONFIDENTIAL REPORTING SYSTEM .......................................................................................... 6-1
6.1 POLICY ............................................................................................................................................................. 6-1
6.1.1 POSITIVE SAFETY CULTURE ............................................................................................................................ 6-1
6.1.2 AWARD INCENTIVES .......................................................................................................................................... 6-1
6.2 REPORTING RESPONSIBILITIES................................................................................................................... 6-2
6.2.1 SENIOR MANAGEMENT ..................................................................................................................................... 6-2
6.2.2 DIRECTOR OF SAFETY ...................................................................................................................................... 6-2
6.2.3 DEPARTMENT MANAGERS ............................................................................................................................... 6-2
6.2.4 PERSONNEL ....................................................................................................................................................... 6-2
6.2.5 AVIATION SAFETY REPORTING SYSTEM (NASA ASRS REPORTS) .............................................................. 6-2
6.3 REPORTING OF HAZARDS, OCCURRENCES, ERRORS AND VIOLATIONS ............................................ 6-3
6.3.1 HAZARDS ............................................................................................................................................................ 6-3
6.3.2 OCCURRENCES ................................................................................................................................................. 6-3
6.3.3 HAZARDS & OCCURRENCES REQUIRING A REPORT.................................................................................... 6-3
6.3.4 REPORTING OF ERRORS AND VIOLATIONS ................................................................................................... 6-4
6.3.5 REPORTING PROCEDURES USING THE OMNISMS WEB APPLICATION ...................................................... 6-4
6.3.6 ANONYMOUS REPORTING ................................................................................................................................ 6-5
6.3.7 NON-DISCLOSURE ............................................................................................................................................. 6-5
6.3.8 INITIAL ASSESSMENT OF SAFETY REPORTS RECEIVED.............................................................................. 6-5
6.3.9 CORRECTIONS TO WRITTEN RECORDS ......................................................................................................... 6-6
6.3.10 ASSISTANCE FROM MANAGEMENT ............................................................................................................... 6-6
6.4 MANAGING EMPLOYEE REPORTS ............................................................................................................... 6-6
6.5 AVIATION SAFETY ACTION PROGRAM ....................................................................................................... 6-7
6.5.1 BACKGROUND .................................................................................................................................................... 6-7
6.5.2 PURPOSE ............................................................................................................................................................ 6-7
6.5.3 APPLICABILITY ................................................................................................................................................... 6-7
6.5.4 ASAP DEFINITIONS ............................................................................................................................................ 6-8
6.5.5 REPORTER’S DESIGNATION OF AN ASAP SUBMISSION ............................................................................... 6-9
6.5.6 GUIDELINES FOR ACCEPTANCE OF REPORTS UNDER ASAP ..................................................................... 6-9
6.5.7 GUIDELINES FOR EXCLUDING REPORTS FROM ASAP ............................................................................... 6-11
6.5.8 ENFORCEMENT POLICY .................................................................................................................................. 6-11
6.5.9 REOPENING REPORTS BASED ON NEW EVIDENCE .................................................................................... 6-12
6.5.10 VIOLATIONS OF YOUR COMPANY ................................................................................................................ 6-12
6.5.11 RECORDKEEPING .......................................................................................................................................... 6-13
6.6 VOLUNTARY DISCLOSURE REPORTING PROGRAM ............................................................................... 6-13
6.6.1 BACKGROUND .................................................................................................................................................. 6-13
6.6.2 CONDITIONS REQUIRED FOR ELIGIBILITY.................................................................................................... 6-14
6.6.3 EXCEPTIONS .................................................................................................................................................... 6-14
6.6.4 REPEATED VIOLATION .................................................................................................................................... 6-14

[Link] Revision: 9 Table of Contents Page 7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.6.5 CLOSED CASE: CONDITIONS FOR REOPENING ........................................................................................... 6-14


6.6.6 DISPUTE RESOLUTION .................................................................................................................................... 6-15
6.6.7 SEPARATE ACTIONS AGAINST AIRMEN OR OTHER INDIVIDUAL AGENTS ............................................... 6-15
6.6.8 APPLICABILITY OF THE FOIATO SELF DISCLOSURE RECORDS ................................................................ 6-15
6.6.9 PROCEDURES FOR REPORTING TO YCO ..................................................................................................... 6-16
6.7 USE OF THE WEB-BASED VDRP TOOL FOR SUBMISSIONS .................................................................. 6-16
6.7.1 VDRP WEB-BASED SYSTEM ACCESS AND SUPPORT ................................................................................. 6-16
6.7.2 GENERAL INFORMATION ................................................................................................................................ 6-16
6.7.3 USER RESPONSIBILITIES ................................................................................................................................ 6-17
6.7.4 THE SIX STAGES OF THE VDRP ..................................................................................................................... 6-17
6.7.5 STAGE 1: NOTIFICATION BY YCO OF AN APPARENT VIOLATION .............................................................. 6-17
6.7.6 STAGE II: FAA RESPONSE TO YOUR COMPANY .......................................................................................... 6-19
6.7.7 STAGE III: WRITTEN REPORT OF YOUR COMPANY’S APPARENT VIOLATION ......................................... 6-20
6.7.8 STAGE IV: WRITTEN REPORT REVIEW BY THE FAA .................................................................................... 6-20
6.7.9 STAGE V: IMPLEMENTATION OF A COMPREHENSIVE FIX AND FAA SURVEILLANCE ............................. 6-21
6.7.10 STAGE VI: INSPECTOR SIGNOFF ................................................................................................................. 6-21
7. SMS ORGANIZATION ...................................................................................................................... 7-1
7.1 STRUCTURE .................................................................................................................................................... 7-1
7.2 SAFETY MANAGEMENT ORGANIZATION CHART ...................................................................................... 7-1
7.3 ACCOUNTABLE EXECUTIVE ......................................................................................................................... 7-1
7.3.1 DESIGNATION OF THE ACCOUNTABLE EXECUTIVE ...................................................................................... 7-1
7.3.2 RESPONSIBILITIES OF THE ACCOUNTABLE EXECUTIVE.............................................................................. 7-2
7.4 DIRECTOR OF SAFETY .................................................................................................................................. 7-2
7.4.1 RESPONSIBILITIES OF THE DIRECTOR OF SAFETY ...................................................................................... 7-2
7.4.2 SELECTION AND APPOINTMENT ...................................................................................................................... 7-3
7.4.3 KNOWLEDGE ...................................................................................................................................................... 7-3
7.4.4 EXPERIENCE AND EXPERTISE ......................................................................................................................... 7-4
7.4.5 COMPETENCY REQUIREMENTS ...................................................................................................................... 7-4
7.5 SAFETY ACTION GROUP ............................................................................................................................... 7-4
7.5.1 STRUCTURE & STAFF ........................................................................................................................................ 7-4
7.5.2 DESIGNATION AND RESPONSIBILITIES OF THE SAFETY ACTION GROUP ................................................. 7-4
7.5.3 MEETINGS ........................................................................................................................................................... 7-5
7.5.4 SAFETY ACTION GROUP CHAIR ....................................................................................................................... 7-5
7.6 SAFETY REVIEW COMMITTEE ...................................................................................................................... 7-6
7.6.1 STRUCTURE & STAFF ........................................................................................................................................ 7-6
7.6.2 DESIGNATION AND RESPONSIBILITIES OF THE SAFETY REVIEW COMMITTEE ........................................ 7-6
7.7 DEPARTMENT MANAGERS ........................................................................................................................... 7-6
7.7.1 RESPONSIBILITIES OF DEPARTMENT MANAGERS ........................................................................................ 7-6
7.8 PERSONNEL .................................................................................................................................................... 7-8
7.8.1 RESPONSIBILITIES ............................................................................................................................................. 7-8
7.8.2 STOP WORK AUTHORITY .................................................................................................................................. 7-8

8. OPERATIONAL RISK ASSESSMENT ............................................................................................. 8-1


8.1 INTRODUCTION ............................................................................................................................................... 8-1
8.2 FLIGHT RISK ASSESSMENT POLICY............................................................................................................ 8-1
8.2.1 PILOT-IN-COMMAND AUTHORITY ..................................................................................................................... 8-1
8.3 HAZARDS AND THREATS .............................................................................................................................. 8-2
8.4 USE OF RISK ASSESSMENT TOOLS ............................................................................................................ 8-3
8.4.1 OPERATIONAL RISK ASSESSMENTS (ORA) .................................................................................................... 8-3
8.4.2 OPERATIONAL RISK ASSESSMENT (ORA) PROCEDURES ............................................................................ 8-3
8.4.3 ORA – FLIGHT RISK ASSESSMENT EXAMPLE ................................................................................................ 8-4
9. FATIGUE RISK MANAGEMENT ...................................................................................................... 9-1
9.1 OVERVIEW ....................................................................................................................................................... 9-1
9.1.1 FRM SCOPE ........................................................................................................................................................ 9-1
9.1.2 FATIGUE RISK MANAGEMENT ELEMENTS ...................................................................................................... 9-1

[Link] Revision: 9 Table of Contents Page 8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.1.3 CAUSES OF FATIGUE ........................................................................................................................................ 9-1


9.1.4 DEFINITIONS ....................................................................................................................................................... 9-2
9.2 FRM POLICY / OBJECTIVES .......................................................................................................................... 9-3
9.2.1 GENERAL POLICY .............................................................................................................................................. 9-3
9.2.2 GOALS AND OBJECTIVES ................................................................................................................................. 9-3
9.2.3 FLIGHT / DUTY TIME LIMITATIONS ................................................................................................................... 9-3
9.2.4 FLIGHT / DUTY TIME EXTENSIONS................................................................................................................... 9-3
9.3 FRM RESPONSIBILITIES ................................................................................................................................ 9-4
9.3.1 PERSONNEL ....................................................................................................................................................... 9-4
9.3.2 MANAGERS ......................................................................................................................................................... 9-4
9.4 FATIGUE-RELATED DATA COLLECTION ..................................................................................................... 9-4
9.4.1 FRM PERFORMANCE INDICATORS .................................................................................................................. 9-4
9.4.2 SOURCES OF DATA ........................................................................................................................................... 9-5
9.4.3 FATIGUE-RELATED HAZARDS .......................................................................................................................... 9-5
9.4.4 NON-PUNITIVE FATIGUE REPORTING ............................................................................................................. 9-5
9.4.5 FATIGUE-RELATED EVENTS ............................................................................................................................. 9-6
9.4.6 EVENT INVESTIGATIONS................................................................................................................................... 9-6
9.4.7 FRM EVALUATIONS ............................................................................................................................................ 9-6
9.4.8 FRM PERFORMANCE ASSESSMENTS ............................................................................................................. 9-6
9.5 CONTINUAL IMPROVEMENT ......................................................................................................................... 9-7
9.5.1 ASSESSMENT OF CURRENT CONDITIONS ..................................................................................................... 9-7
9.5.2 DATA MODELING AND ANALYSIS ..................................................................................................................... 9-7
9.5.3 MITIGATION OF FATIGUE AND OPERATIONAL RISKS.................................................................................... 9-8
9.5.4 ASSESSMENT OF MITIGATIONS AND FEEDBACK .......................................................................................... 9-8
9.6 FRM PROMOTION............................................................................................................................................ 9-8
9.6.1 EDUCATION AND AWARENESS TRAINING ...................................................................................................... 9-8
9.6.2 FRM TRAINING REQUIREMENTS ...................................................................................................................... 9-8
9.6.3 COMMUNICATIONS ............................................................................................................................................ 9-8
10. FLIGHT DATA ANALYSIS PROGRAM ........................................................................................ 10-1
10.1 POLICY ......................................................................................................................................................... 10-1
10.1.1 APPLICABILITY ............................................................................................................................................... 10-1
10.1.2 FLIGHT DATA ANALYSIS SERVICE PROVIDER ........................................................................................... 10-1
10.2 PURPOSE AND USE OF THE FDAP........................................................................................................... 10-1
10.2.1 PURPOSE ........................................................................................................................................................ 10-1
10.2.2 USE OF FLIGHT DATA .................................................................................................................................... 10-2
10.3 DATA ANALYSIS ......................................................................................................................................... 10-2
10.3.1 DATA ANALYSIS PROCESS ........................................................................................................................... 10-2
10.3.2 INITIAL INVESTIGATION ................................................................................................................................. 10-2
10.3.3 MANAGING FLIGHT DATA IN OMNISMS ....................................................................................................... 10-3

11. APPENDIX – POLICY STATEMENTS .......................................................................................... 11-1


11.1 SAFETY AND QUALITY POLICY STATEMENT ......................................................................................... 11-1
11.2 NON-PUNITIVE REPORTING POLICY STATEMENT................................................................................. 11-2
11.3 ANTI- DRUG AND ALCOHOL MISUSE POLICY STATEMENT ................................................................. 11-3
11.4 FATIGUE RISK MANAGEMENT POLICY STATEMENT ............................................................................ 11-4
11.5 EMERGENCY RESPONSE POLICY STATEMENT..................................................................................... 11-5

[Link] Revision: 9 Table of Contents Page 9


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Table of Contents Page 10


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

SMS Manual
0. Introduction
0.1 GENERAL INFORMATION
0.1.1 BACKGROUND
SRR 5.1(a)
(A) Your Company’s Safety Management System (SMS) has been developed from guidance contained in:
(1) International Civil Aviation Organization (ICAO) Doc. 9859 Standards and Recommended Practices;
(2) FAA Advisory Circular AC 120-92B: Safety Management Systems for Aviation Service Providers;
(3) FAA AFS-900-002-G201 Safety Management System Voluntary Program Guide;
(4) Transport Canada Advisory Circular AC 107-001: Guidance on SMS Development.
(B) Your Company (YCO) has established, implemented, maintains and adheres to the SMS as described
herein. All SMS elements have been developed and implemented within a framework of just culture.

0.1.2 SMS MANUAL AND SUPPORTING PROGRAMS


SRR 5.21(a)(6)
(A) This SMS Manual sets forth instructions and guidance to all personnel regarding their responsibilities,
authorities and the proper performance of duties as they pertain to the company’s Safety Management
System. Additional programs which support the SMS are hereby incorporated by reference, and are
maintained and revised under separate cover:

Emergency Response Plan Internal Evaluation Program SMS Training Program

0.1.3 APPLICABILITY
(A) YCO is an aviation service provider holding the following approvals/permits/licenses: (EDIT LIST)
(1) Scheduled or Non-Scheduled Air Carrier Certificate;
(2) Operator of large or turbojet aeroplanes for general aviation;
(3) Operation of an aerodrome;
(4) Type design and certification of aircraft;
(5) Manufacturer of aircraft;
(6) Approved maintenance organization;
(7) Approved training organization;
(8) Air traffic service provider.

0.1.4 SAFETY MANAGEMENT SYSTEM ACCEPTANCE


(A) Acceptance of the current revision to YCO’s Safety Management System is indicated by FAA’s acceptance
signature or stamp on each page of this manual’s List of Effective Pages (LEP).

[Link] Revision: 9 Introduction Page 0-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

0.2 SMS OVERVIEW


0.2.1 STRUCTURE
(A) Section titles and numbers of this SMS Manual correspond to the SMS components of ICAO’s SMS
Framework. Paragraph numbers correspond to FAA’s SMS Voluntary Program standard.
(B) This SMS Manual contains a Table of Contents which is hyperlinked to all sections and paragraphs. Such
links permit rapid retrieval of information when the document is published in electronic format.

0.2.2 SMS COMPONENTS


SRR 5.3(a)(1-4)
(A) SMS processes are performed under a framework which consists of four components and twelve key
elements. The four components addressed within this SMS Manual include: Section 1: Safety Policy; Section
2: Safety Risk Management; Section 3: Safety Assurance; and Section 4: Safety Promotion.
(B) Twelve key elements are provided within the four sections above, in other sections of this manual, or within
the OmniSMS web application. For example, the key element of Management Commitment may be found
within YCO’s Safety Policies as published in the web application.

0.2.3 INTEGRATED SAFETY AND QUALITY MANAGEMENT


(A) Your Company’s Safety Management System is a quality management system by design. The OmniSMS
web application supports YCO’s Internal Evaluation Program, Continuing Analysis and Surveillance System
(CASS), and the aerospace industry’s AS9100 auditing standard (if utilized). In this way, YCO’s systems of
safety and quality management are able to share data and be managed using a common interface.

0.3 SMS DOCUMENTATION


SRR 5.95
(A) This SMS Manual and supporting programs (as defined in paragraph 0.1.2 of this Section) describe YCO’s:
(1) Safety policy; and
(2) SMS processes and procedures.

0.4 SMS OPERATIONAL RECORDS


SRR 5.3(b)

0.4.1 SAFETY RISK MANAGEMENT (SRM) PROCESS RECORDS


SRR 5.97(a)
(A) Safety risk management processes produce outputs of:
(1) Identified hazards (or) no-hazard risk acceptance;
(2) Associated
(3) each risk; and
(4) Any .
(B) These records must be retained as long as the control remains relevant to YCO operations.
(C) SRM records are maintained within the OmniSMS web application.

[Link] Revision: 9 Introduction Page 0-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

0.4.2 SAFETY ASSURANCE (SA) PROCESS RECORDS


SRR 5.97(b)
(A) Safety assurance processes produce outputs of:
(1) Records of ;
(2) Audits of , and their findings;
(3) Evaluations of , and their findings;
(4) Investigations of incidents, accidents, and potential non-compliance with regulatory standards and other
safety risk controls that YCO has implemented;
(5) Reports from the confidential reporting system;
(6) Analyses of ;
(7) Safety .
(B) SA records must be retained for a minimum of 5 years.

0.4.3 SMS TRAINING RECORDS


SRR 5.97(c)
(A) YCO maintains individual records of SMS training for the following personnel:
(1) The Accountable Executive;
(2) All members
(3) All ho perform in safety-sensitive positions.
(B) Each individual’s training record must be retained for as long as the individual is employed by YCO.

0.4.4 SAFETY COMMUNICATIONS RECORDS


SRR 5.97(d)
(A) Records of all required safety communications must be retained for no less than 24 consecutive calendar
months after the communication was provided.

0.5 SMS APPROPRIATE TO SIZE, SCOPE AND COMPLEXITY


SRR 5.3(a)
(A) Your Company’s OmniSMS aviation management system has been designed and configured to match the
size, scope, and complexity of YCO’s operations throughout the entire organization, including home base
and managed outstations. The system supports YCO’s efforts to provide the highest reasonable level of
safety by identifying and minimizing risks which could contribute to accidents, incidents, or injury to persons.
YCO provides both safety and quality management covering the complete scope and life cycle of all systems
and functional process areas, including:
(1) Organization / Management
(2) Flight Operations
(3) Operational Control (Dispatch / Flight Following)
(4) Maintenance and Engineering including:
(a) Maintenance control
(b) Aircraft configuration

[Link] Revision: 9 Introduction Page 0-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(c)
(d) Resource management
(e) Technical data
(f)
(g) Records management
(h)
(5) Cabin Operations
(6) Ground Handling and Servicing
(7) Cargo Operations
(8) Training of all Personnel.
(B) Within each of these systems, operational processes are documented, monitored, measured and analyzed.
YCO provides all personnel and managers with procedures, instructions, guidance and training in order to
perform these operational processes with the highest degree of safety.

0.6 OMNISMS® WEB APPLICATION


(A) Safety risk management and safety assurance processes are performed using the OmniSMS web
application. Taxonomies and the reporting interface are configured to suit the scope and complexity of YCO
aviation activities, and adapt risk management methodologies to various departments’ available resources.
Built-in “liferings” provide guidance within the system for varying individual levels of expertise.
(B) The OmniSMS application allows managers to record and manage safety and quality issues discovered from
reactive, proactive, and predictive safety management activities. The app. also serves as a confidential
reporting system (CRS) for the reporting of occurrences, hazards, and other safety / quality concerns.
(C) OmniSMS is used to record, track and manage hazards identified through system analysis and the
management of change. Responsible managers analyze, assess, control and manage safety risks (including
substitute and residual risk), record responsibilities for the implementation of risk controls, and manage
internal / external audit findings. The OmniSMS web application also permits measurements of safety
performance and of the SMS itself.
(D) YCO may choose to extend one instance of the OmniSMS system across multiple licenses, approvals, or
certificates, subject to acceptance by FAA.

0.7 TECHNICAL MANAGEMENT SYSTEM


0.7.1 OVERVIEW
(A) Your Company’s Technical Management System (TMS) provides a method of managing controlled
documents, manuals, and programs, in order to ensure availability and use of current and revised guidance.
The Technical Management System also ensures a minimum standard of compliance with applicable rules,
regulations and requirements for the conduct of all YCO aviation activities. This includes identification and
tracking of all applicable laws, regulations and standards, including approvals, authorizations, exemptions
and permitted deviations.

NOTE:
Accomplishment means the management, administration, revision,
distribution and control of electronic and paper documents.

[Link] Revision: 9 Introduction Page 0-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

0.7.2 APPLICABLE LAWS & REGULATIONS


(A) The following documents and information sources specify applicable regulations with which YCO must
comply:
(1) Manual System - Contains references to regulations and standards;
(2) Operations Specifications - Require full compliance as regulatory requirements;
(3) Compliance Statement – Lists all mandatory specific regulatory requirements (SRRs);
(4) Foreign Licensing Requirements - Regulations applicable to the State(s) or countries into which flight
operations are conducted;
(5) Contractual Requirements –Minimum standards for contractual operations, in addition to regulatory
requirements;
(6) Occupational Health and Safety Requirements - Occupational health and safety requirements are
used as YCO minimum standards for worker safety and facility requirements.

0.7.3 RESPONSIBILITIES FOR TECHNICAL MANAGEMENT


(A) YCO department managers are responsible for ensuring compliance with all applicable laws and regulations
which apply to the operational processes they own. This includes:
(1) Compliance monitoring within the department;
(2) Accomplishment of manuals and programs owned under each manager’s respective area of
responsibility;
(3) Continued revision and control of owned documents;
(4) Coordination of interfaces between owned documents and those owned by other departments;
(5) Assignment / availability of manuals, programs and other technical information to department personnel.

0.7.4 MANUAL SYSTEM


(A) Your Company’s manual system contains regulatory requirements, policies, and procedures. Technical data
such as manufacturers’ manuals and other aeronautical information is also incorporated into the manual
system by reference. Department managers are responsible for accomplishment their respective portions of
the YCO manual system, as specified in each manager’s duties and responsibilities.

0.7.5 REVISION CONTROL


(A) Controlled documents are revised and verified for currency through use of each document’s list of effective
pages (LEP) and revision number / date on each page. Obsolete documents and forms are removed from
service and destroyed, to prevent unintentional use.

0.7.6 DOCUMENT ASSIGNMENT


(A) Control of manual assignment and distribution is provided by means of a dedicated filing system. All printed
copies of controlled YCO manuals, programs and documents have their own unique serial numbers as
shown on each document’s cover page. Department managers are responsible for maintaining their
respective document custody and revision control files. These files are located in the offices of the YCO
principal base of operations. Records of document assignment are completed and kept on file for each
person to whom a printed document is assigned.
(B) Each person assigned a controlled document is responsible for the continued revision, safekeeping and
availability of that document.

[Link] Revision: 9 Introduction Page 0-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

0.7.7 PROPOSED CHANGES


(A) Change proposals for documents are submitted into the OmniSMS reporting interface by logging in and
selecting: Report Type / Document change. Each proposed document change is then forwarded by the
Director of Safety (or delegate) to the appropriate manager for review.
(B) When a change proposal is received by the accomplishing manager, that manager shall:
(1) Promptly review the proposed change to determine if a safety issue exists;
(2) Determine if the proposed change is justified, practical and worthy of incorporation.
(C) If the proposed change is warranted, the accomplishing manager will draft a revision and bring the draft
revision to the next Safety Action Group (SAG) meeting.
(D) If the accomplishing manager is uncertain as to what to do with the proposed change, the proposed change
is brought to the next SAG meeting for evaluation.

0.7.8 DOCUMENT REVISION PROCESS


Interface - ERP 1.2(A)
(A) Document revision drafts are submitted by the accomplishing manager to the Safety Action Group (SAG) for
review at regularly scheduled meetings.
(B) If the accomplishing manager and/or SAG determine a document revision draft will trigger the strategic SRM
process as defined in Section 2, paragraph 2.1.4 (A), strategic SRM shall be applied in accordance with
Section 2 paragraphs 2.2 and 2.3 of this SMS Manual.
(C) Each revision draft is evaluated for interfaces
between documents is necessary to ensure
that written guidance remains consistent and accurate throughout the YCO manual system.
(D) Email, individual consultation or Safety Action Group meeting may accomplish this coordination. Each
manager who accomplishes a potentially affected document shall review the draft, and is responsible for
ensuring that the proposed revision:
(1) Does not conflict with other policies and procedures under that manager’s areas of responsibility.
(2) Does not require revision to other manuals or programs which are accomplished by that manager.
(E) In the event a conflict exists,
manual system shall be revised.
(F) Should the proposed revision prompt or dictate a revision to another document

the same document revision process described herein.


(G) Upon satisfactory review and coordination by appropriate SAG members, draft revisions will be formalized
and distributed.

NOTE:
As a courtesy, all proposed changes that are not accepted by the Safety Action Group
should be copied and returned (if possible) to the person who proposed the change,
with a brief reason as to why the change was not accepted.

[Link] Revision: 9 Introduction Page 0-6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

0.8 DEFINITIONS
SRR 5.5
(A) The following terms are used within this SMS Manual, supporting programs, and the OmniSMS application:
5 Whys – an iterative question-asking technique used to determine the root cause of a defect or event that has
occurred. (see Root cause)
Acceptable level of safety performance (ALoSP) - The minimum level of safety performance of civil aviation in
a State, as defined in its State safety programme, or of a service provider, as defined in its safety management
system, expressed in terms of safety performance targets and safety performance indicators.
Accident – a classification of event based on quantified outcomes of damage, injuries, etc. An accident is an
occurrence or series of events that results in death, injury, occupational illness, substantial damage to or loss of
equipment or property, or damage to the environment.
Accident / Incident (Ground) – an occurrence that involves damage to YCO aircraft, property, or personnel
when no intent for flight exists. This can be damage or injury incurred while towing an aircraft (not during
pushback, since intent for flight exists), driving a vehicle, or falling down stairs, but is not limited to these events.
Accountable manager (or Executive) – A single, identifiable person having responsibility for the effective and
efficient performance of the State’s SSP or of the service provider’s SMS.
Active failure – see Unsafe Acts
Aircraft accident (NTSB 830.2 definition) means an occurrence associated with the operation of an aircraft
which takes place between the time any person boards the aircraft with the intention of flight and all such
persons have disembarked, and in which any person suffers death or serious injury, or in which the aircraft
receives substantial damage.
Aircraft incident (NTSB 830.2 definition) means an occurrence other than an accident, associated with the
operation of an aircraft, which affects or could affect the safety of operations.
Aircraft accident (reportable) means an accident that must be reported to regulatory authorities.
ALARP – As Low as Reasonably Practicable - means a risk is low enough that any further risk reduction is
either not practical, or grossly outweighed by the cost.
Analysis – the process of identifying a question or issue to be addressed, modeling the issue, investigating
model results, interpreting the results, and possibly making a recommendation. Analysis may involve using
scientific or mathematical methods for evaluation.
Assessment – the process of measuring or judging the value or level of something.
• Risk assessment – a measurement of risk based on variables of exposure, severity and probability.
• System assessment – a safety assurance process in which the performance of safety-related functions
of operational processes area assessed against the objectives and expectations of those processes,
and in which the performance of the SMS is assessed against its objectives and expectations.
• Outside assessment – refers to an audit by an oversight organization (e.g., FAA, CAA).
Attributes (System Safety) – System Safety Attributes, or Safety Attributes, are design criteria for written
guidance, intended to ensure process outcomes. They form the basis for many SMS expectations:
• Authority – A clearly identifiable, qualified, and knowledgeable person who has authority to effectively
plan, direct, and control resources; change procedures; and make key determinations, including safety
risk acceptance decisions.
• Controls – Developing and maintaining the need for, and adequacy of, new or revised risk controls into
a process to ensure mitigation of unacceptable risk.
• Interfaces – Interactions between processes that must be managed in order to ensure desired
outcome(s)

[Link] Revision: 9 Introduction Page 0-7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

• Procedures – Methods or practices that include checks and restraints that are written or unwritten,
regulatory or non-regulatory, designed into a process to accomplish a desired result.
• Process Measurement – Monitoring and measuring the

• Responsibility – A clearly
quality performance of a process.
• Safety Ownership – The measure
an SMS element.
Audit – scheduled, formal reviews and verifications to evaluate compliance with regulations or conformance with
policy, standards, regulations, and/or contractual requirements. Audits typically begin with the management and
operations of the organization, and move outward to the organization's activities and products/services. The
terms ‘audit’ and ‘evaluation are often used interchangeably. See Evaluation.
• Internal audit – an audit conducted internally, by the organization being audited. In the context of this
SMS Manual, internal audits include compliance monitoring, internal evaluations, and management
reviews.
• External audit – an audit performed to assure safety and/or the quality of products / services received
from a vendor or contractor.
• Outside audit – an audit conducted by an entity outside of the organization being audited. External
audits by oversight organizations such as a country’s NAA are referred to as an assessment.
Aviation system – the functional operation/production system used by an organization to produce a product or
service. A “system” includes equipment, technology, personnel, managers and the working environment.
Best practices – Policies, procedures, methods and processes that represent the most effective way of
achieving a specific objective or desired results, proven to work well by industry, and thus recommended as a
model.
CAA – Civil Aviation Authority
Causes, Causal factors - are

The process used to find root causes is


called Root Cause Analysis.
Change management - A formal process to manage changes within an organization in a systematic manner, so
that changes which may impact identified hazards and risk mitigation strategies are accounted for, before the
implementation of such changes.
Communications (Lateral / Upward) – Information conveyed between same-level employees or between
departments, opposite the normal direction of communications from management to staff.
• Lateral – communications regarding hazards, problems, and poor-quality process outputs which
employees share with each other, and supervisors and managers share between departments.
• Upward – communications regarding hazards, problems, and poor-quality process outputs, shared
from front-line employees to supervisors, or from supervisors to managers.
Complete – nothing has been omitted and the attributes stated are essential and appropriate to the level of
detail.
Compliance monitoring – a type of internal audit during which various operational process outputs, documents
and records are sampled to determine regulatory compliance.
Condition (of front-line operators) – see Preconditions for Unsafe Acts
Conditions – are the many environmental and working factors of weather, light, temperature, cleanliness,
organization of parts, tools, etc., as well as social climate and organizational / workgroup culture.

[Link] Revision: 9 Introduction Page 0-8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

Conformity – fulfillment of a requirement (ref. ISO 9000-2000). This includes but is not limited to compliance
with Federal regulations. It also includes company requirements, requirements of operator developed risk
controls or operator specified policies and procedures.
Consequence – An occurrence

severity of outcomes. – see Top event;


Outcome(s)
Continual improvement – a cyclical process of carefully analyzed risk controls; measurements of controls and
their associated operational processes to assure control effectiveness; communication of lessons learned to
prevent reoccurrence; and feedback from the system for further application of corrective actions for further
improvement.
Contributing factors – any number of latent conditions and/or active failures which are determined to be
instrumental in the causal chain of events leading to an incident, accident, or other unwanted event.
Controls – checks and restraints designed into a process to ensure a desired result. Safety assurance activities
of monitoring, internal evaluations and management reviews are examples of SMS controls. Other methods and
practices that serve as controls for operational processes include the use of checklists and standard operating
procedures, maintenance ‘buy-back’ of work performed, toolbox shadowing, etc. All regulations and rules,
including company policies and procedures, are considered controls.
Correct – accurately reflects the item with an absence of ambiguity or error in its attributes.
Corrective action – action applied to an existing policy, procedure, rule, or other risk control, in order to bring
the control into conformance with its intended design or to increase control effectiveness.
Corrective Action Plan (CAP) – one or more risk controls and/or corrective actions designed to mitigate risk.
Criteria – an accepted standard used in making a decision or judgment about something.
Defenses – Specific mitigating actions, preventive controls or recovery measures put in place to prevent the
realization of a hazard or its escalation into an undesirable consequence. See System defenses
Documentation – information or meaningful data and its supporting medium (e.g., paper, electronic, etc.). In this
context it is distinct from records because it includes the written description of policies, processes, procedures,
objectives, requirements, authorities, responsibilities, or work instructions.
Emergency – A state of sudden, pressing necessity requiring immediate response.
Errors – An action or inaction by an operational person that leads to deviations from organizational or the
operational person’s intentions or expectations. See Undesired state; Threat, mismanaged.
Error management strategies –

system to accept errors without serious


consequence.

Evaluation – [ref. AC 120-59A] a functionally independent review of policies, procedures, and systems. The term
is synonymous with audit. If accomplished by the company itself (internal evaluation), the evaluation should be
done by a department of the company other than the department responsible for performing the function being
evaluated. Internal evaluations are performed by the Director of Safety (or delegate) on operational departments,
in order to measure the quality of both operational and SMS processes. The evaluation process builds on the

[Link] Revision: 9 Introduction Page 0-9


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

concepts of auditing and inspection. An evaluation is an anticipatory process, and is designed to identify and
correct potential findings before they occur. See: Audit.
Event – an error, irregularity, mishap, near-miss, near-accident or other occurrence which may be classified as
an incident or accident (depending on the severity of outcome(s).
Expectations – are what an SMS component, element, or process is expected to accomplish or produce. This
includes performance objectives, system outcomes, and process outputs.
• Performance objectives represent the objective outcomes of a particular element or process.
• Process expectations are the outputs a particular process is expected to produce, such as completed
forms, data, records, etc.
Exposure, risk – how often the organization is exposed to a hazard and the hazard’s associated risks,
expressed in terms of frequency or repetition.
FAA – Federal Aviation Administration
Factor – a type of hazard that is expressed in ‘negative’ terms (e.g., inadequate; incorrect; erroneous; poor;
improper; unavailable; unreliable; breakdown; ignored; wrong). Factors are used during event investigation to
understand how and why system failures have occurred.
Factors, causal - are deficiencies which, if corrected, would likely have prevented or mitigated damage and/or
injury.
Factors, contributing - are independent events
Contributing factors facilitate progression
of the sequence to other events / conditions.
Factors, human - see Human Factors
Failure, common cause – a single fault resulting in the corresponding failure of multiple components.
Failure, single point – a failure of an item that would result in the failure of the system and is not compensated
for by redundancy or an alternative operational procedure.

Fatigue risk management – activities designed to identify and control factors (environmental, organizational,
regulatory, and individual) that contribute to fatigue.
Finding – a conclusion reached after examination or investigation. For audits and evaluations, evidence of non-
conformance with policy / procedures / standards / contractual requirements, or non-compliance with regulations.
Follow-up – a scheduled review to determine the effectiveness of a risk control that has been implemented.
Functional area – areas of responsibility within an organization that are often aligned with departmental
structure. For example, in a small flight department the Cabin Safety and Dispatch functional areas may fall
under the responsibility of the Flight Operations Department.
Gap analysis - a gap analysis is basically an analysis of the safety arrangements already existing within the
organization as compared to those necessary for SMS function.
Goals – see Safety goals
Hazard – any object, behavior, event,

Hazard Statement – a description

[Link] Revision: 9 Introduction Page 0-10


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

These examples do not explicitly state anything that could go wrong. They do however describe the ‘hazard’; that
is, the situation or conditions in which one or more risks (unwanted consequences) could be realized. See Risk
scenario
HFACS framework – (Human Factors Analysis and Classification System) A framework of causal human factors
that can lead to an accident.
High consequence indicators - Safety performance indicators pertaining to the monitoring and measurement of
high consequence occurrences, such as accidents or serious incidents. High-consequence indicators are
sometimes referred to as reactive indicators. See Safety performance indicator(s)
Human factors – factors dependent on individual human judgment, response, or performance which could
contribute to the possibility of, or were found to contribute to, the occurrence of an incident or accident.
Inappropriate use - use of safety information for purposes different from the purposes for which it was collected,
namely, use of the information for disciplinary, civil, administrative and criminal proceedings against operational
personnel, and/or disclosure of the information to the public. (ICAO Annex 13/19)
Incident, minor – a classification of event based on quantified outcomes of damage, injuries, etc. A minor
incident could have resulted in greater loss, and indicates the existence of (though may not define) a hazard or
hazardous condition(s) that were not properly controlled. Minor incidents are events that should be reported to
management, but do not require reporting to authorities. Examples include:
• Minor aircraft damage (engine failure or damage limited to an engine if only one engine fails or is
damaged, bent cowling or fairing, dented skin, small puncture holes in the skin, ground damage to

• Damage to property;
• Damage to the environment.
Incident, serious (Reportable under 830.5 Subpart B) a classification of an event associated with the
operation of an aircraft (other than an accident) that requires immediate NTSB notification, in which any of the
following occur:
• Flight control system malfunction or failure;
• Inability of any required flight crewmember to perform normal flight duties as a result of injury or illness;
• Failure of any internal turbine engine component that results in the escape of debris other than out the

• Damage to property, other than the aircraft, estimated to exceed $25,000 for repair (including materials
and labor) or fair market value in the event of total loss, whichever is less;
• Release

information, excluding flickering, from more than 50 percent of an aircraft's cockpit


displays known as Electronic Flight Instrument System (EFIS) displays; Engine Indication and Crew
Alerting System (EICAS) displays; Electronic Centralized Aircraft Monitor (ECAM) displays; or other

[Link] Revision: 9 Introduction Page 0-11


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

displays of this type, which generally include a primary flight display (PFD), primary navigation display
(PND), and other integrated displays;
• Airborne Collision and Avoidance System (ACAS) resolution advisories issued either when an aircraft is
being operated on an instrument flight rules flight plan and compliance with the advisory is necessary to
avert a substantial risk of collision between two or more aircraft; or to an aircraft operating in class A
airspace;
• Damage to helicopter tail or main rotor blades, including ground damage, that requires major repair or
replacement of the blade(s);
• Any event in which an operator, when operating an airplane as an air carrier at a public-use airport on
land, (i) Lands or departs on a taxiway, incorrect runway, or other area not designed as a runway; or (ii)
Experiences a runway incursion that requires the operator or the crew of another aircraft or vehicle to
take immediate corrective action to avoid a collision;
• An aircraft is overdue and is believed to have been involved in an accident.
For large multiengine aircraft (more than 12,500 pounds MGTOW):
• In-flight failure of electrical systems which requires the sustained use of an emergency bus powered by
a back-up source such as a battery, auxiliary power unit, or air-driven generator to retain flight control or
essential instruments;
• In-flight failure of hydraulic systems that results in sustained reliance on the sole remaining hydraulic or
mechanical system for movement of flight control surfaces;
• Sustained loss of the power or thrust produced by two or more engines; and
• Aircraft evacuation in which an emergency egress system is utilized.
NOTE: Some of these events are also reportable to FAA as an MRR under FAR135.415
Industry codes of practice - Guidance material developed by an industry body for a particular sector of the
aviation industry to comply with the requirements of the International Civil Aviation Organization’s Standards and
Recommended Practices, other aviation safety requirements and the best practices deemed appropriate.
Injury, fatal (NTSB 830.2 definition) means any injury which results in death within 30 days of the accident.
Injury, minor – minor cuts or bruises, minor first degree burns over less than 5% of the body, or minor fractures
of fingers, toes or nose.
Interfaces – are the relationships and
Environment. Interfaces also apply to congruency of information
between documents.
Investigation – a structured, detailed and systematic inquiry and examination into an event (such as an
accident, incident or injury) that attempts to reveal causes and contributing factors, including organizational or
systemic deficiencies, which are also known as latent conditions.
Just Culture - a culture in which personnel are not punished for actions, omissions or decisions taken by them
which are commensurate with their experience and training, but where gross negligence, willful violations and
destructive acts are not tolerated.
Latent conditions – weaknesses or absent / ineffective risk controls in a system that can contribute to an
incident or accident but that will not, by themselves, cause an incident or accident to occur.
Latent errors – errors related to

Lessons learned – knowledge or understanding gained by experience, which may be positive, such as a
successful test or mission, or negative, such as a mishap or failure. Lessons learned should be developed from
information obtained from within, as well as outside of, the organization and/or industry.

[Link] Revision: 9 Introduction Page 0-12


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

Lower consequence indicators - Safety performance indicators pertaining to the monitoring and measurement
of lower-consequence occurrences, events or activities such as incidents, non-conformance findings or
deviations. Lower consequence indicators are sometimes referred to as proactive/predictive indicators. See
Safety performance indicator(s)
Probability – the estimated likelihood (in quantitative or qualitative terms) of the consequence of a hazard being
realized, if all barriers and controls fail. See Consequence
Line management – first-line supervisors that operate the aviation system and oversee front-line personnel.

nodding; Non-responsiveness to sensory input, radio call, conversation,


etc.
Mishap – An undesirable event that includes an aircraft accident / incident, personal injury, or damage to
facilities, assets or other equipment.
Missing aircraft – An aircraft is considered to be missing when its position is unknown, and with the supply of
fuel normally carried, can no longer be airborne.
Monitoring – keeping regular watch over activities by sampling process outputs to track operational
performance and / or the performance of risk controls.
Near-accident – a narrow escape from an actual accident; as used in the context of this manual, an event or
situation which could have become an incident or accident that was narrowly averted.
Non-compliance – failure to comply with a regulatory requirement. Due to the high-level potential consequences
associated with noncompliance (civil penalties, certificate suspension / revocation, loss of income / business,
liability, etc.) this significant type of non-conformity holds its own classification in OmniSMS.
Non-conformance –

Normalized deviation (norms) – occur when

becomes commonplace and ‘normalized’.


Objective – the desired state or performance target of a process. An objective is usually the final state of a
process and contains the results and outputs used to obtain the objective (see also Safety goals and objectives).
Occurrence – an unwanted event. For purposes of safety risk management, an occurrence may be considered
a factor in a risk scenario, a top event, or a consequence.
Operational context – the conditions within which people perform their jobs and interact with software (policies,
procedures, manuals, computer programs), hardware (machines, equipment, tools), and the environment
(weather, workplace conditions, available resources, operating pressures, corporate climate, safety culture, etc.)
Operational life cycle – period of time from implementation of a product/service until it is no longer in use.
Operational personnel - Personnel involved in aviation activities who are in a position to report safety
information. Such personnel include, but are not limited to: flight crews; air traffic controllers; aeronautical station
operators; maintenance technicians; personnel of aircraft design and manufacturing organizations; cabin crews;
flight dispatchers, apron personnel and ground handling personnel.
Operational processes – separate and distinct parts of an organization’s aviation activities, such as flight
operations; operational control (dispatch/flight following); maintenance and inspection; cabin safety; ground
handling and servicing; cargo handling; and training. See Functional area
Operational processes (expanded) – Broad categories of operational processes can be broken down and
analyzed further to assure system safety. For example, ‘cabin safety’ includes many operational sub-processes
such as pre-flight cabin safety checks and equipment readiness, safety demonstrations and announcements,

[Link] Revision: 9 Introduction Page 0-13


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

inflight service, security procedures, procedures for dealing with unruly passengers, communications with the
flight deck, emergency procedures, etc., as well as supervisory activities that support and assure the
performance of front-line cabin safety personnel.
Organizational Influences – policies, communications, actions, or omissions of upper-level management which
directly or indirectly affect supervisory practices, conditions or actions of the organization, and result in system
failure, human error or an unsafe (latent) condition. The three types of organizational influences are:
• Organizational Climate: Prevailing atmosphere within the organization including such things as
policies, command structure, expectations of management, and culture, all of which influence worker
performance.
• Operational Process: Organizational influences on operational processes include program design,
oversight and management, contracting of services (e.g., training or maintenance), quality assurance,
and safety management. Factors include operational tempo, time pressures, incentive systems and
work schedules, which can all influence safety.
• Resource Management: This category describes how human, monetary, and equipment resources
necessary to carry out the mission of an organization are managed. Mismanagement of resources can
result in overworked personnel, poorly maintained equipment and workspaces, and the failure to correct
known deficiencies.
Outcome(s) – losses from

See Consequence
Outputs – see Process outputs
Overdue aircraft - an aircraft is considered to be overdue when an ATC agency reports it as such, or when no
information about the aircraft has been received by ATC or YCO (1) for 30 minutes after its last notified
estimated time of arrival (ETA); (2) for 5 minutes after the estimated time of landing, after having landing
clearance; or within 10 minutes after takeoff.
Oversight – monitoring and surveillance performed to assure continued compliance and conformance with
safety-related standards, requirements, regulations, and associated procedures. Safety oversight is performed
internally, as well as by an outside regulatory agency, such as the FAA, Transport Canada, or EASA.
Planned inappropriate operations – operations, activities or tasks planned and conducted without adequate
consideration for crew / team composition, recent and / or total experience, proficiency, or safety risks involved.
Practical Drift – the difference between how a system or process was designed to perform, and how it actually
performs in practice; hence the name, ‘practical drift’. Without clearly defined and followed policies and
procedures, a system or process may ‘drift’ in practice to the point where it is operating outside of design and
safety parameters, and an accident may occur.
Preferred order of controls –

to eliminate hazards through design selection


or adequately reduce the associated risk with safety and warning devices, procedures should be
developed and published, and training should be administered.

[Link] Revision: 9 Introduction Page 0-14


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

Preventive action – action applied to an existing policy, procedure, rule, or other risk control, in order to prevent
the occurrence of an undesirable outcome or consequence.
Proactive – see Safety Risk Management, Proactive
Probability - the likelihood an event will occur, measured in quantitative or qualitative terms.
Procedure – specified way to carry out an activity or a process.
Process – set of interrelated or interacting activities.
Process measures – see Attributes (Process Measures)
Process outputs – the expectations of a particular process in terms of measurable criteria.
Product/service – anything that might satisfy a want or need, which is offered in, or can be purchased in, the air
transportation system.
Product / service provider – any entity that offers or sells a product/service to satisfy a want or need in the air
transportation system. Examples of product/service providers include: aircraft and aircraft parts manufacturers;
aircraft operators; providers of fueling and de-icing services; maintainers of aircraft, avionics, and air traffic
control equipment; educators in the air transportation system; etc.
Quality – degree to which a set of inherent characteristics fulfils requirements.
Quality assurance – a function which monitors and ensures the quality of work performed within a particular
department in compliance with requirements.
Quality escape –

Records – evidence of results achieved or activities performed. In this context it is distinct from documentation
because records are the documentation of SMS outputs.
Redundancy – the presence of more than one independent means for accomplishing a given function. Each
means of accomplishing the function need not be identical.
Residual risk – remaining safety risk that exists after all control techniques have been implemented or
exhausted, and all controls have been verified. Only verified controls can be used for the assessment of residual
safety risk.
Review – a review of a risk control, typically done immediately after it is implemented, to determine if the control
(as implemented) conforms to its intended design.
Risk – the possible injury, illness, death, damage or loss that could occur if the consequence of a hazard is
realized, measured in terms of probability and severity. “Risk” is an event. In a risk scenario, it’s the last event in
the accident chain; the consequence). A given hazard may have more than one associated risk (consequence).
For example, a defective or unapproved part installed on an aircraft could result in one or more of the following
risks or consequences: 1) System / component failure; 2) Smoke or fire inflight; 3) Loss of control.
Risk analysis - the process of analyzing how a hazardous situation or condition being realized as an incident or
accident in terms of probability, severity of associated outcome(s), and frequency of exposure.
Risk assessment - the process of assessing the acceptability of various risk levels for hazardous situations or
conditions identified with a particular task, activity, mission, or operation.
Risk control / mitigation – steps taken to eliminate hazards or to mitigate their effects by reducing severity,
probability or exposure of risk associated with those hazards.
Risk-acceptance authority – The appropriate risk-acceptance authority is that person who has the ability to
most effectively allocate resources in order to reduce risk and eliminate hazards. This includes the authority

[Link] Revision: 9 Introduction Page 0-15


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

necessary to implement (or oversee the implementation) of risk controls and corrective actions which comprise a
corrective action plan (CAP).

need to be elevated if a manager does not have the


authority or resources necessary to lower risk to a level that is ALARP.
Risk level – the composite of predicted severity and probability of the potential effect of a hazard, based on the
most credible incident / accident outcome. Measured as High (unacceptable), Moderate (may be acceptable if
mitigated), and Low (acceptable).

Risk mitigation - The process of incorporating defences or preventive controls to lower the severity and/or
likelihood of a hazard’s projected consequence.

Risk mitigation strategies - strategies used to control the risks associated with hazards and their
consequences. These strategies include:
• Risk avoidance - means avoiding the hazard and the associated risk, thereby avoiding the
consequences of an injury or loss, if an unwanted event were to occur.
• Risk reduction – application of risk controls designed to reduce either the probability of the
consequence(s) of a hazard being realized, or the magnitude and impact of the consequences. This is
the most commonly applied risk control and mitigation measure.
• Segregation of exposure - controls risk by limiting the exposure of certain groups, assets, and
operations to known hazards and their consequences.
Risk, residual – the remaining safety risk level that is expected to exist after all barriers and controls have been
implemented and verified.
Risk scenario – a postulated sequence of events

part.
Risk, substitute – risk unintentionally created as a consequence of safety risk control(s).
Root cause(s) – one or more basic initiating cause(s) of a causal chain which, either individually or combined,
can lead to an undesirable outcome (such as an incident / accident or other event). A root cause is the most
basic cause that can reasonably be identified, that management has control to fix and, when fixed, will prevent
(or significantly reduce the probability of) recurrence of the undesirable outcome. See Causes.
Root cause analysis (RCA) – a systematic method of identifying the causes of events, in order to identify what
behaviors, actions, inactions, or conditions need to be changed to prevent recurrence of similar events. Within
OmniSMS, facts are first gathered from investigation of the event. Hazards and events are then identified as
contributing factors and arranged into a time-line sequence of events that led up to the top-level event. Causal
factors are then identified and root causes determined.
Safety - The state in which risks associated with aviation activities, related to, or in direct support of the
operation of aircraft, are reduced and controlled to an acceptable level.
Safety action group (SAG) – takes direction from the SRC and typically includes managers, supervisors and
staff from across the organization. The SAG holds weekly or monthly meetings to review and assess (yellow)
moderate-risk and (red) high-risk Reports and Issues. In larger organizations, special-project SAGs may also be

[Link] Revision: 9 Introduction Page 0-16


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

created to assess and manage risk associated with significant change (e.g., acquisition of a new aircraft type, or
commencement of a major construction / expansion project).
Safety assessment - a proactive assessment of the hazards and risks associated with a new operation, activity,
mission, process, or procedure, as well as changes to existing operations, activities, processes, or procedures.
Safety assessments deal with future changes and usually result in one or more safety issues, to which strategic
SRM is applied. See Safety issue
Safety assurance – processes within the SMS which include activities of monitoring, compliance monitoring,
internal evaluations, external audits, data analysis, system assessment and management review, together which
systematically provide confidence that organizational products/services meet or exceed safety requirements.
Safety attributes – see Attributes.
Safety culture – the product of individual and group values, attitudes, competencies, and patterns of behavior
that determine the commitment to, and the style and proficiency of, the organization's management of safety.
Organizations with a positive safety culture are characterized by communications founded on mutual trust, by
shared perceptions of the importance of safety, and by confidence in the efficacy of preventive measures.
Safety data - A defined set of facts or se

• safety studies and reviews


Safety goals and objectives – something sought or aimed for, related to safety. Goals are generally broader in
nature, and objectives more specific. Safety goals and objectives should be included in the safety policy.
• Examples of safety goals include a maximum number of accidents (typically zero) / near-accidents /
serious incidents / number of regulatory violations during a specified time period (or) number of flight
hours (or) number of legs flown.
• Examples of more defined safety objectives include a maximum number of injuries, specified minor
occurrences (such as product defects, component malfunctions, altitude busts, audit findings, and
quality escapes during a specified time period (or) number of flight hours (or) number of legs flown.
Safety information - Information contained in Safety Data Collection and Processing System (SDCPS)
established for the sole purpose of improving aviation safety, and qualified for protection under specified
conditions.
Safety Issue – a proactive assessment

, LOSA observations
within various functional areas, or repeat occurrences. Trends may also be identified from frequently
encountered hazards and recurring causal factors identified during investigations. (See Section 2,
paragraph 2.1.4)

[Link] Revision: 9 Introduction Page 0-17


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

• Significant Safety Issue - one of the 'top ten' (or more) potential safety issues to which an organization
is exposed. Together, these issues make up the organization's Safety Risk Profile (SRP). Significant
safety issues are normally created from system analyses during SMS implementation and management
review. They are best expressed in terms of a hazardous activity, situation, or combination of hazards
as defined by the issue's hazard statement. (e.g., line maintenance away from base; non-precision
approaches in mountainous terrain; a defective part entering the supply chain). Significant safety issues
should be tied to the organization's safety goals and SPIs / KPIs.
Safety management system (SMS) – the formal, top-down business-like and systematic approach to managing
safety, including the necessary organizational structures, accountabilities, policies and procedures.
Safety net – a type of barrier or control

resolution advisories directly to the pilots. Warning times are


generally shorter, up to 40 seconds. Pilots are expected to immediately take appropriate avoiding
action.
Safety oversight - a function performed by a State to ensure that individuals and organizations performing an
aviation activity comply with safety-related national laws and regulations.

Safety performance - A State’s or service provider´s safety achievement as defined by its safety performance
targets and safety performance indicators.

Safety performance indicator(s) (KSPI) – special types of key performance indicator (KPI) that use data-based
safety parameters for monitoring and assessing safety performance. KSPIs are tied to the goals and objectives
of the organization, and should include

KSPIs may be set for any occurrence or event


shown in the Occurrence taxonomy.

Safety performance target - A planned or intended target (goal) for a specific safety performance indicator that
is tied to significant safety issues and safety objectives.

Safety planning – part of safety management focused on setting safety objectives and specifying necessary
operational processes and related resources to fulfill quality objectives (i.e., assure the quality of operational
process outputs).
Safety report – a reported occurrence, event, hazard or concern which requires risk analysis and perhaps
mitigation. Safety reports are considered reactive (as in the case of a mandatory occurrence report of a serious
incident or accident) or proactive (as in the case of a voluntary safety report of a lesser event which may be a
precursor for, and indicative of, a potential future incident or accident).
Safety Review Committee (SRC) – is a high level committee comprising the heads of functional areas and
chaired by the accountable executive.

The SRC also performs annual management


reviews.
Safety risk – The predicted probability and severity of a consequence or outcome of a hazard.
Safety risk control – anything that reduces or mitigates the safety risk of a hazard. Safety risk controls must be
measurable and monitored to ensure effectiveness.

[Link] Revision: 9 Introduction Page 0-18


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

Safety risk management (SRM) - systematic processes of identifying and controlling risks in all activities
through application of appropriate methods, procedures, and risk-acceptance authorities. SRM processes
include system analyses, hazard identification, risk analysis / assessment, and application of risk mitigating
strategies.
• Proactive SRM – the proactive method looks actively for the identification of safety risks through
analysis of the organization’s activities. Proactive SRM exists on 3 levels:
• Time-critical SRM –

of deliberate SRM include flight and ground operational


risk assessments.
• Strategic SRM - formal risk management requiring the development of system description(s), system
analyses, identification of hazards, and use of a risk assessment matrix. Strategic SRM is applied
when managing change; to new systems; when revising existing systems; when developing
operational procedures.
• Reactive SRM – the reactive method of SRM responds to incidents and accidents that have already
occurred, in order to identify contributing and causal factors and implement corrections and controls to
prevent recurrence of similar events.
• Predictive SRM – the predictive method captures system performance as it happens in real-time
normal operations to identify potential future problems. Examples include LOSA programs and flight
data monitoring / FOQA programs.
Safety risk profile (SRP) – also known as a Significant Safety Issue List, or SIL, the safety-risk profile lists the
top ten or twelve potential safety issues to which an organization is exposed. These areas of higher risk require
increased vigilance, surveillance, and risk controls to ensure an accident, incident or injury does not occur.
Safety promotion – a combination of safety culture, training, and data sharing activities that support the
implementation and operation of an SMS in an organization.
Serious Injury (NTSB 830.2 definition) means any injury which; (1) requires hospitalization for more than 48
hours, commencing within 7 days from the date the injury was received; (2) results in a fracture of any bone
(except simple fractures of fingers, toes, or nose); (3) causes severe hemorrhages, nerve, muscle, or tendon
damage; (4) involves any internal organ; or (5) involves second or third degree bums, or any bums affecting
more than 5 percent of the body surface.
Service - work performed to benefit another individual, company, or organization.
Service Provider - refers to any

be experienced if the consequence of a hazard


is realized. OmniSMS® establishes severity criteria across five risk dimensions of Airworthiness / People / Assets
/ Reputation / Environment, with definitions for each dimension. The general class of severity is also defined as
follows:
• Catastrophic: An event which would result in multiple fatalities, usually with the loss of the airplane.
• Hazardous (severe): Large reduction in safety margins and operational capabilities of the aircraft. Can't
rely on crew to perform tasks accurately due to high workload or distress.
• Major: Significant reduction in safety margins and aircraft operational capabilities. Crew has difficulty
coping with adverse conditions.
• Minor: Slight reduction in safety margins and operational capabilities. Increase in crew workload. Use of
abnormal or emergency procedures.
Significant safety issue – See Safety Issue; Safety Risk Profile

[Link] Revision: 9 Introduction Page 0-19


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

Sleep debt (partial) – Partial sleep debt (sleep deprivation) occurs when a person sleeps too little for several
days or weeks, and results in varying degrees of fatigue.
Sleep debt (total) – Total sleep debt (sleep deprivation) occurs when a person has been awake for at least 24
hours without any sleep.
SMS manual – written guidance containing policies, procedures, responsibilities, and authorities necessary for
the formalized application of the Safety Management System.
Substantial Damage (NTSB 830.2 definition) means damage or failure which adversely affects the structural
strength, performance or flight characteristics of the aircraft, and which would normally require major repair or
replacement of the affected component. Engine failure or damage limited to an engine if only one engine fails or
is damaged, bent fairings or cowling, dented skin, small punctured holes in the skin or fabric, ground damage to
rotor or propeller blades, and damage to landing gear, wheels, tires, flaps, engine accessories, brakes, or
wingtips are not considered substantial damage for the purpose of this part.
Substitute risk – see Risk, substitute.
Supplier – a person, company, or organization who/which has agreed to provide products or services for the
benefit of another.
Surveillance - The State activities through which the State proactively verifies through inspections and audits
that aviation license, certificate, authorization or approval holders continue to meet the established requirements
and function at the level of competency and safety required by the State.
Sustainability – as it applies to risk controls, a risk control is considered sustainable if it remains cost-effective,
affected personnel continue to conform to its requirements, supervisors continue to assure conformance, and
management continues to provide necessary resources.
System – an integrated set of constituent elements that are combined in an operational or support environment
to accomplish a defined objective. These elements include people, hardware, software, firmware, information,
procedures, facilities, services, and other support facets.
System description and analysis – the process of

performance.
System Defenses – system defenses are resources which are designed and built into the system to protect
against the safety risks that organizations involved in production activities generate and must control. Typically,
defenses in aviation can be grouped under three large headings: technology, training and procedures.
System safety attributes – see Attributes.
Senior management – see Top management.
Technical publications – include Airplane Flight Manuals (AFM), performance / runway analyses, avionics
operations guides, cockpit checklists, manufacturers’ manuals, Illustrated Parts Catalogs (IPC), company
operations manuals, company maintenance manuals, work cards, aircraft specifications, type certificate data
sheets, airworthiness directives (AD), service bulletins (SB), and other publications related to the design,
operation, maintenance and repair of aircraft, systems, components, equipment, tools, etc.
Threat – external situations, events or errors that occur outside the influence of the flight crew that increase that
increase complexity of the operations, and if not properly managed can decrease the safety margin.
Threat, mismanaged - a threat that is linked to error, or induces error.
Threat and error management (TEM) – the process of detecting
further error or undesired state.
Top event – a progressed undesired system state

[Link] Revision: 9 Introduction Page 0-20


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

the top event would be: Unairworthy aircraft in service.

; Outcome(s)
Top management – (ref. ISO 9000-2000 definition 3.2.7) the person or group of people who direct(s) and
control(s) an organization. See Accountable manager
Tribal knowledge – undocumented policies, procedures, and methods used to perform tasks and complete
operational processes, typically handed down from experienced workers to new employees.
Triggering event – events which must act upon a latent condition, or vulnerable situation, for a consequence or
undesirable outcome to occur. For

flight crew.
Undesired operational state – an unintended situation in which safety margins are reduced; a “risky” or unsafe
condition for an aircraft, equipment, and/or personnel. This state can sometimes be the last stage before an
incident, accident or injury occurs.
Undesired preflight state – a state in which the aircraft is improperly prepared for flight operations due to mis-
managed threats and/or errors.
Undesired flight state - operational conditions resulting from one or more unmanaged or mis-managed threats
during flight, in which an undesired situation occurs with reduced safety margins. Includes undesired attitudes,
airspeeds, and configurations.
Undesired maintenance state – occurs

for which training has been


administered and of which the individual is aware. Violations may be intentional or unintentional; they may occur
out of negligence, or made with good intentions (as in the case of a ‘workaround’).
• Routine Violation: often referred to as
/ rules. Routine violations can be habitual by nature
and are often enabled by supervision and management that tolerates such deviations, particularly when
they facilitate production / mission accomplishment.
• Exceptional Violation: isolated departures from authority, neither typical of the individual nor condoned by
management.
Violation (regulatory) – a regulatory violation may occur concurrently with violation of company policy or
procedures. Regulatory violations may be intentional or unintentional. See Non-compliance
Violation (supervisory) – failures by supervisors / managers to enforce rules, or when supervisors permit
unwritten or unofficial ‘defacto policy’ to govern workers’ actions or behavior. Also covers supervisors’ allowance
of untrained or non-current personnel to
Voluntary disclosure – (or self-disclosure, or Voluntary Disclosure Reporting Program (VDRP)) – a formal
report or reporting program whereby an operator discloses a potential instance of regulatory non-compliance to
FAA or CAA inspectors, together with a “comprehensive fix” (Corrective Action Plan) to prevent reoccurrence.
Inadvertent errors, timeliness of reports, follow-through with the CAP, and other requirements may prevent or
preclude civil penalties and/or certificate action against the operator.
Workaround – a ‘shortcut’ or other violation of policy or procedures, in order to accomplish a task. Most
workarounds typically stem from a genuine desire to do a good job; seldom are they acts of negligence. They are
developed by operational personnel because the organization has failed to provide the necessary resources and
/ or realistic procedures to accomplish the task.

[Link] Revision: 9 Introduction Page 0-21


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Introduction Page 0-22


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1. Policy and Objectives


1.1 SAFETY AND QUALITY POLICY
1.1.1 COMMUNICATION OF POLICIES
SRR 5.21(b),(c)
(A) Your Company’s safety and quality policy statement is visibly endorsed (signed) by the company’s
Accountable Executive and published / visible to all employees and stakeholders. Access the YCO safety
and quality policy by logging into OmniSMS and selecting Policies from the main menu’s Policy /
Objectives tab.
(B) Additional policies regarding safety, quality, and various other aspects of company operations may be found
within the OmniSMS application under Policy / Objectives, and throughout this and other company
documents.
(C) All YCO policies are to be considered mandates by company personnel and sub-contractors. If a
policy cannot be met or complied with for any reason, or if instructions or procedures are lacking that make
policy compliance difficult, these problems must be brought to the attention of a department manager or the
Director of Safety. Telephonic notification should be used for issues that are of an urgent nature.

1.1.2 POLICY REVIEW


SRR 5.21(d)
(A) YCO Safety and Quality Policy is reviewed annually by the Accountable Executive to ensure it remains
relevant and appropriate to the company’s aviation products and services. This is usually done at the
company’s annual management review, or more frequently if warranted due to growth or other change.

1.1.3 MISSION
(A) Your Company’s mission is to achieve the highest level of safety possible by managing both safety and
quality, thereby reducing accidents, incidents and injuries, while at the same time increasing operational
efficiency and providing a quality work environment for all personnel.

1.1.4 DEDICATION TO SAFETY


(A) Your Company regards the safety of flight operations, crews, passengers and associated ground operations
as the most important consideration, in all activities. This dedication to safety is made with the realization
that risks must often be taken in the conduct of daily operations, and that all personnel must accept the
inherent risks associated with flight operations, maintenance, and aviation in general. All personnel must
remain devoted to quality, duty, good judgment, sound operational planning, and efficient use of available
resources. In addition, YCO management shall:
(1) Document YCO’s safety management priorities;
(2) Prescribe and document procedures for performing activities/processes;
(3) Provide training to the staff to develop the necessary knowledge, skills and attitude;
(4) Provide safety directives and controls to ensure their compliance;
(5) Procure suitable equipment and systems to support activities and ensure continuing serviceability; and
(6) Ensure that necessary resources are deployed to maximize our safety performance.

[Link] Revision: 9 Safety Policy & Objectives Page 1-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1.1.5 REGULATORY COMPLIANCE


(A) Principal elements governing the conduct of all operations are safety, regulatory compliance and strict
observance of all company policies, standards and recommended practices. Regulatory compliance
provides only a minimum level of safety, while adherence to YCO standards and recommended practices
assures the quality of all operational processes. As a basic premise to safety, all activities conducted by
flight, ground, and maintenance personnel shall be conducted in accordance with all applicable CAA
regulations and all state and local laws. Further, all personnel must comply with the laws, regulations and
procedures of those States (foreign countries) in which YCO operations are conducted. It is important for
all personnel to view regulatory compliance as a minimum standard.

1.1.6 STANDARDS AND RECOMMENDED PRACTICES


(A) Standards & recommended practices are policies, procedures, methods and processes that have been
developed by Your Company to establish and maintain the highest level of safety possible. These standards
and recommended practices are incorporated into the YCO written guidance, and shall be treated by all
personnel as mandates. All standards and recommended practices, in addition to regulatory compliance,
shall be followed at all times (except when necessary to deviate in case of emergency), and are an essential
component of system safety. YCO will continue to investigate, pursue and adopt new safety standards and
recommended practices that are commensurate with the highest levels of safety in the aviation industry.

1.1.7 OCCUPATIONAL HEALTH, SAFETY, AND ENVIRONMENTAL PROTECTION


(A) Your Company will comply with all applicable governmental regulations concerning the safety and health of
all personnel. Core SMS processes of safety risk management and safety assurance are applied equally to
occupational, environmental and system safety alike. The health and safety of all personnel, the public and
our environment, will remain continuing strategic objectives of Your Company.

1.1.8 QUALITY MANAGEMENT AND SAFETY ASSURANCE


(A) Your Company managers will ensure that the products, services, systems and technologies it uses, whether
developed internally or acquired externally, meet appropriate and specified standards. All quality
management and assurance processes, including monitoring, compliance monitoring, vendor audits, follow-
ups, internal evaluations, external audits and management reviews, shall remain consistent with YCO’s
primary focus on quality and safety risk management, and shall assure that intended process outputs
conform with all regulatory and safety standards and recommended practices. All safety and quality policies
will be periodically reviewed to ensure they remain relevant and appropriate to the size, scope and types of
activities conducted by Your Company.

1.1.9 ACCEPTING RISK IN SYSTEM AND TASK DESIGN


(A) Your Company determines the acceptability of safety-risks for each identified hazard prior to implementing:
(1) New system designs;
(2) Changes to existing system designs;
(3) New operations/procedures; and
(4) Modified operations/procedures.
(B) When planning these systems, operations and activities, one or more safety issues are created in the
OmniSMS web application, hazards are identified, and risk controls are implemented in order to reduce risk
to a level that is as low as reasonably practicable (ALARP).

[Link] Revision: 9 Safety Policy & Objectives Page 1-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1.1.10 REPORTING OF HAZARDS AND UNSAFE CONDITIONS


(A) Each employee is responsible for bringing to the immediate attention of a supervisor any action, conduct,
event, observation, practice or operating principle that may lead to an unsafe condition. Your Company
personnel will be acknowledged and rewarded when they bring these issues to the attention of
management. This will permit YCO to systematically identify and eliminate or control hazards, thus ensuring
the highest possible degree of safety, quality of service and public protection.
(B) Refer to Section 6: Confidential Reporting System for safety reporting procedures.

1.1.11 TRAINING & QUALIFICATION OF PERSONNEL


(A) Formal personnel training programs and competency certifications are accomplished in accordance with
applicable regulations and recommended practices as specified in the YCO manual system. This includes
documentation and assurance of qualifications, skills, competencies, training, equipment and tools
necessary for all personnel to enable them to discharge their duties and responsibilities in a safe manner.

1.1.12 JUST SAFETY CULTURE


(A) Your Company continually supports a positive and just safety culture among all managers and personnel. A
just culture is one in which all personnel and managers can identify and report safety issues, including
unintentional errors, without fear of reprisal. YCO encourages and rewards employees for their reporting of
hazards, errors and other safety concerns, and educates managers and supervisors who may need
assistance in moving away from apportioning blame, in order to create a climate of open communication
and trust. YCO considers the growth of this positive and just safety culture as an essential component of
safety management.
(B) YCO has established and documented policies and procedures to support its just culture, including policies
and procedures for:
(1) Mandatory and voluntary reporting of hazards and occurrences;
(2) Defining acceptable and unacceptable behaviors for employees;
(3) Disciplinary procedures for supervisors and managers.
(C) Through SMS training, YCO senior management has familiarized themselves with the principles and
practice of ‘just culture’, and has incorporated a structured strategy for just culture development as part of
YCO’s SMS implementation. This strategy includes:
(1) Dissemination of YCO’s safety / quality and non-punitive reporting policies;
(2) Implementation of the confidential reporting system with policy reminders on the reporting form
interface;
(3) FDAP non-punitive policy communications to flight crews;
(4) SMS training for supervisors and managers, which teaches how to distinguish culpable behavior from
honest mistakes;
(5) SMS training for employees, which defines acceptable and unacceptable behaviors.

[Link] Revision: 9 Safety Policy & Objectives Page 1-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1.2 SAFETY ACCOUNTABILITY AND AUTHORITY


1.2.1 OWNERS / DIRECTORS / OFFICERS
(A) The owners, directors and officers of Your Company are accountable for the continued support of the YCO
Safety Management System, and for providing the necessary resources in order to attain the strategic
safety objectives set forth herein, and for the SMS to function effectively.

1.2.2 ACCOUNTABLE EXECUTIVE


SRR 5.23(a)(1)
(A) Your Company’s Accountable Executive is the final authority over all operations authorized to be conducted.
The Accountable Executive controls the financial and human resources required for all operations, and
retains ultimate accountability for the safety performance of all operations conducted.
(B) The Accountable Executive is responsible for

appropriate to YCO operations;


(5) Regularly review the safety performance of YCO and direct actions necessary to address substandard
safety performance through use of the OmniSMS application.

1.2.3 MANAGEMENT PERSONNEL


SRR 5.23(a)(2)
(A) Management personnel are jointly accountable for overall safety performance of the Company. Senior
management holds department and line management and all employees accountable for safety
performance.
(B) Management personnel are accountable for

-contractors and vendors with which the department


contracts;
(3) Assuring the effectiveness of safety risk controls, including those that impact sub-contractors;
(4) Promoting safety and the SMS;
(5) Advising the Accountable Executive on the performance of the SMS and on any need for improvement.

1.2.4 FRONT LINE AND SUPERVISORY PERSONNEL


SRR 5.23(a)(3)
(A) All front line personnel, supervisors and team leads are accountable for individual safety performance, and
for performing their daily jobs, activities and tasks with the highest level of professionalism. To support and
assure YCO system safety, the following safety risk management (SRM) methods should be applied:
(1) Time-critical risk management;
(2) Deliberate risk management;
(3) Strategic risk management.

[Link] Revision: 9 Safety Policy & Objectives Page 1-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1.2.5 EXTERNAL PROVIDERS


(A) External providers (vendors and sub-contractors) of YCO are accountable for their own safety performance.
(B) Before contracting or obtaining a safety-critical product or service from an external provider, the YCO
department manager who is responsible for the contracted product or service shall ensure the provider has
a safety reporting system commensurate with its size and complexity that facilitates the early identification of
hazards and systemic failures of concern to YCO.

1.2.6 RISK TOLERABILITY / ACCEPTANCE AUTHORITY FOR EXTERNAL PROVIDERS


(A) An external provider’s employees have the authority to accept Green/Low risk assessments regarding
products and services they provide to YCO.
(B) A provider’s department manager has the authority to accept risks assessed as Acceptable with Mitigation
/ / Moderate if such risk is mitigated to a level that is ALARP (as low as reasonably practicable).
(C) The YCO department manager responsible for contracting a provider’s product or service has the authority
to accept the provider’s corrective action plan (CAP) and associated residual risk, if such risk is assessed as
Green/Low or Acceptable with Mitigation / / Moderate.
(D) The YCO responsible manager shall perform their own risk assessment and acceptance, and shall not rely
on the provider’s assessment. In this way, the YCO responsible manager becomes accountable for the
external provider’s safety performance.

1.2.7 RISK TOLERABILITY / ACCEPTANCE AUTHORITY FOR ORAS


SRR 5.23(b)
(A) For operational risk assessments that are flight-related (ORA-Flight), the pilot in command (PIC) is
authorized to accept Green/Low risk assessments. This authority shall not be delegated.
(B) For operational risk assessments that are ground-related (other than for flight operations) the team lead (and
when working alone, individual employees) are authorized to accept Green/Low risk assessments.

1.2.8 RISK TOLERABILITY / ACCEPTANCE AUTHORITY FOR RISK ASSESSMENTS (RA)


SRR 5.23(b)
(A) Risks assessed as Acceptable / / Low, do not require mitigation. Employees, supervisors and
managers at all levels are authorized to accept risk that has been assessed as Acceptable / / Low.
(B) Risk assessed as Acceptable with Mitigation / / Moderate may be accepted by department
managers and their delegates, provided risk is mitigated to a level that is ALARP (as low as reasonably
practicable).
(C) Risks assessed as Unacceptable / Red / High may not be accepted under any circumstances, and the
operation must not continue unless and until risk is mitigated to a level that is ALARP. The resulting residual
risk must fall into the Acceptable with Mitigation / / Moderate level or lower, and must be accepted
by the Safety Action Group or Accountable Executive.

[Link] Revision: 9 Safety Policy & Objectives Page 1-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1.3 DESIGNATION OF SAFETY MANAGEMENT PERSONNEL


SRR 5.25(a) & (b)
(A) Refer to Section 7: SMS Organization of this SMS Manual for designation of YCO safety management
personnel.

1.3.1 ROLES AND RESPONSIBILITIES


(A) Section 7: SMS Organization describes the roles, responsibilities, duties and relationships of all YCO
safety management personnel and employees. These roles and responsibilities are communicated
throughout Your Company within the YCO manual system and during safety orientation training.

1.4 COORDINATION OF EMERGENCY RESPONSE PLANNING


SRR 5.27
(A) Your Company’s Accountable Executive has approved the YCO Emergency Response Plan (ERP) (under
separate cover) in order to maintain YCO in a state of preparedness to respond to an aircraft accident,
incident or other emergency.
(B) The YCO Emergency Response Plan (ERP) provides guidance regarding:
(1)

emergency response plans of other


organizations with which YCO must interface during the provision of its services.
(C) The ERP has been developed to suit the size, scope and complexity of YCO’s aviation operations.
(D) Emergency response drills are performed as a type of internal audit in accordance with guidance contained
in the YCO Internal Evaluation Program. During such drills, any sub-contractor roles, responsibilities and
functions relevant to the ERP are tested.

NOTE:
Refer to the YCO Internal Evaluation Program for instructions and
procedures when performing an emergency response drill.

[Link] Revision: 9 Safety Policy & Objectives Page 1-6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

1.5 SAFETY OBJECTIVES


(A) Broad safety objectives of ZERO ACCIDENTS and ZERO REGULATORY VIOLATIONS are conveyed
through YCO’s published safety policy statement and communicated organization-wide.
(B) More specific safety objectives (i.e., safety goals in the form of safety performance targets) exist within
significant safety issues
performance indicators are created to monitor these issues, and
targets for improvement are set based on past performance.
(C) Safety objectives,

.
(D) During annual management review, safety goals should be reviewed to ensure they remain relevant and
appropriate to YCO’s on the previous year’s
performance.

1.5.1 KEY SAFETY PERFORMANCE INDICATORS AND TARGETS


(A) Within the OmniSMS application, specific and measurable key safety performance indicators (KSPIs / KPIs)
are established under Policy safety review committee
creates and/or revises these indicators:
(1) During initial system analysis;
(2) During annual management review.
(B) KSPIs should be
often predictive indicators of a
more serious consequence (such as runway excursion). Low-level KSPIs provide a means to effectively
monitor safety performance related to the organization’s “top ten” safety issues.
(1) Low-level KSPIs are selected from the
OmniSMS Occurrence taxonomy, after it
has been configured by the YCO Safety
Action Group (SAG).
(2) Parent terms of grouped occurrences may
be set as KSPIs, so that whenever a child
occurrence is reported (or identified as a
factor during investigation), it is included in
the parent group KSPI.
(3) In the example at right, if CFIT is selected as
the KPI, any reported occurrence that is a
child term of the CFIT indicator (e.g., GPWS
alert, minimum safe altitude warning,
unintended flight into IMC) will count against
the CFIT performance indicator and target.
(4) High-level KSPIs are recorded and measured when an occurrence is classified as an:
(a) aircraft accident, aircraft accident (near), or aircraft incident (serious);
(b) Work accident, work accident (near), or work incident (serious).
(C) High-level KPIs receive

of Safety, and/or the Safety Action Group.

[Link] Revision: 9 Safety Policy & Objectives Page 1-7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(E) Safety and quality KPIs may also be developed to monitor the performance of products and services
provided by external providers (sub-contractors & vendors). During investigation, when a causal factor has
been identified that relates to an external provider’s product or service, the provider’s company name is
associated with the causal factor.

NOTE:
It is not necessary to create a safety issue in order to add a KSPI.

1.5.2 KSPI ALERTS


(A) The red line as displayed on system

indicator term):
(B) Events which cause the red actual event rate to remain below the current average (shown in blue) are
considered temporary, normal fluctuations in event rates.
(C) Actual event rates which spike above the blue-line average should alert managers to focus their safety
management efforts by:
(1) Analyzing contributing events
to determine causal factors;
(2) Decide on necessary action(s)
to address identified causal
factors, including failed risk
controls.
(D) If desired, a new Safety Issue can
be created in OmniSMS to manage
the identified causes.
(E) Perform risk management in
accordance with Section 2: Safety
Risk Management.
(F) Then develop a corrective action
plan (CAP) which may include

appropriate risk-
acceptance authority.

1.5.3 OPERATIONAL PERFORMANCE INDICATORS


(A) Operational performance is measured through reports received from the confidential reporting system, and
may include the following:
(1) Flight operations performance:
(a) Delays;
(b)
;
(d) Cancellations.

[Link] Revision: 9 Safety Policy & Objectives Page 1-8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(2) Maintenance performance:


(a) Flt ops delays / diversions / interruptions / cancellations due to maintenance;
(b) Unscheduled maintenance;
(c)
;
(e) Product recalls.

1.5.4 SMS PERFORMANCE INDICATORS


(A) SMS performance is measured through various indicators which may include:
(1) Number of employee reports received per employee group;
(2) Percentage of investigations completed on time;
(3) Number of risk

from audits / evaluations;


(6) Lessons learned communicated per functional area;
(7) Number of employees who have
safety review committee during annual management
review. Areas for improvement are identified and corrective actions applied to improve SMS performance.

[Link] Revision: 9 Safety Policy & Objectives Page 1-9


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Safety Policy & Objectives Page 1-10


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2. Safety Risk Management


2.1 SAFETY RISK MANAGEMENT METHODS
2.1.1 THREE LEVELS OF SRM
(A) Safety Risk Management (SRM) consists of policies, methods and procedures for all personnel, in all
departments, and at all levels of management, to manage the many safety risks inherent in aviation. Safety
risk management (SRM) enhances operational effectiveness by anticipating hazards and reducing the
potential for loss.

minutes or seconds to act!”);


(2) Deliberate (“I have a few hours or days to plan this activity or mission”);
(3) Strategic (“I have several weeks or months to plan this (new) operation, or to proactively manage safety
throughout the organization”).

2.1.2 TIME-CRITICAL SRM


(A) Time-critical risk management is an “on the run” mental or verbal review of a situation using a basic risk
management process without recording information. Personnel employ time-critical SRM when making
decisions in time-

event occurs while performing a routine task.


(B) The method employs five simple questions that anyone, anywhere, can ask. It requires no documentation
and can be applied very quickly and easily, with very little training. It is an exceptional tool for all employees
to effectively address common, everyday risk situations. Some individuals may dismiss this process as
overly simple and purely common sense, yet the unfortunate truth is that common sense is an uncommon
virtue. The natural human tendency is to “just do it”, rather than stop for a moment to think about the risks
associated with a certain activity or task. The questions are:
(1) Why am I doing this task?
(2) What could go wrong?
(3) How could
?
(5) What can I do about it?
(C) Using this method, front-line personnel can view jobs and tasks from a risk management perspective, and
better decisions can be made.

2.1.3 DELIBERATE SRM


(A) Deliberate risk management records identified hazards and risk mitigations. Your Company utilizes flight
and non-flight Operational Risk Assessment (ORAs) within the OmniSMS application for this purpose.
The ORA tool can be applied to any activity or mission such as flight operations, line and depot-level
maintenance, ground
other functional area of YCO.
(B) Flight crews and work teams use this method when assigned to complete unusual / infrequent tasks or
common tasks that must be completed in unusual circumstances (e.g., foul weather, field working
conditions, etc.). Identified hazards (or no hazards) are documented and overall risk (low, moderate, or high)
is assessed for the planned

various levels of risk.


(C) Refer to Section 8: Operational Risk Assessment for instructions and guidance on the use of flight and
non-flight operational risk assessments.

[Link] Revision: 9 Safety Risk Management Page 2-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.1.4 STRATEGIC SRM


SRR 5.51 (a-d)
(A) Strategic safety risk management is the formal SRM process used for proactive risk management. The
process begins with a system description and analysis in order to identify hazards and associated risk(s),
and uses a risk

(3) Development of operational procedures;


(4) Identification of hazards;
(5) Identification of ineffective risk controls through the safety assurance processes described in Section 3.
(B) Strategic SRM is applied during SMS implementation and when managing change, such as when
introducing new aircraft, equipment, routes, facilities, products and services. Strategic SRM documents
hazards and associated risks, risk assessments, and risk controls designed to reduce risk to acceptable
levels. Within OmniSMS, one or more Safety Issues are created to manage this SRM process.

2.2 SYSTEM ANALYSIS AND HAZARD IDENTIFICATION


SRR 5.53 (a)
(A) YCO uses the following processes to identify hazards to safe operations. A combination of reactive,
proactive, and predictive methods of safety data analysis are applied to SMS data inputs.

2.2.1 SYSTEM DESCRIPTION AND ANALYSIS


SRR 5.53(b)(1-4)
(A) System descriptions explain the interactions among hardware, software, people, and the environment that
make up the system

area managers within the OmniSMS application for an


understanding of critical design and performance factors. System description(s) should be in sufficient detail
to understand and analyze tasks, identify hazards, develop operational procedures, and develop /
implement risk controls. Operational procedures require sufficient clarity and detail for personnel to perform
their jobs safely
(C) A system description may be broad (as in paragraph 2.3.9 Initial System Description and Analysis), or
target only one aspect or segment of a specific operational process. In the latter case the description need
only be as detailed as
, project, or change into sub-processes, missions,
activities, tasks and procedures.
(E) Next, operational processes, activities and tasks are analyzed to determine what could go wrong (under both
normal and abnormal operating conditions) in order to identify hazards. This is typically done in a group
setting using the same stakeholders and subject-matter experts who described the system.
(F) In conducting the system analysis, the following information must be considered:
(1) Function and purpose of the system.
(2) The system’s operating environment.
(3) An outline of the system’s processes and procedures.
(4) The personnel, equipment, and facilities necessary for operation of the system.

[Link] Revision: 9 Safety Risk Management Page 2-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.2.2 HAZARD IDENTIFICATION


SRR 5.53 (c)
(A) Hazards are best identified by first identifying the safety-critical activities and tasks necessary to accomplish
the operational process / activity, or the safety-critical elements of the procedure under study.
(B) Create a Safety Issue in OmniSMS and develop a system description (or reference a system description
that is outside the issue, such as a project, change, or the initial system description in paragraph 2.3.9 of
this Section). The system description should define the scope of the issue (e.g., affected location(s),
aircraft type(s), and the

operation) using one or more of the following tools:


(1) Operations Analysis Tool
(a) Purpose: Used to understand the flow and interfaces of related tasks and activities. A separate
operations analysis may be performed for each operational or job segment.
(b) Method: Create a time-actor diagram and list the tasks required for the operational process or
segment in sequence. Cards or stick-notes may be used for easy arrangement. Combine this
method with the ‘what-if’ tool (e.g., ‘what could go wrong’ during this process / segment?)
(2) Preliminary

, hazards are identified and assessed using


scenario thinking, brainstorming, experts, accident data, and regulations. For more complex jobs,
activities, or operations, consider all phases of the operation using a separate PHA and operations
analysis for each operational segment. Prioritize areas for further analysis if necessary.
(3) “What If” Tool
(a) Purpose: Used to

combinations that compound risk.

2.2.3 HAZARD ID CONSIDERATIONS


(A) When identifying hazards within the context of a system description:
(1) Consider human factors in the analysis of tasks, including cognitive, ergonomic, environmental, and
occupational health / safety
as regulatory requirements and current written guidance,
technologies, and training. Determine the need for additional instructions / procedures.
(3) Identify interactions between hardware, software, people, and the environment, as they pertain to the
operational segment, activity and tasks being analyzed.
(4) Identify external

and threats in the OmniSMS application under the Issue’s Study


tab. Barriers designed to prevent threats from escalating may also be added.

[Link] Revision: 9 Safety Risk Management Page 2-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.2.4 SAFETY RISK MANAGEMENT (SRM) PROCESS FLOW DIAGRAM

NOTE:
SRM outputs (risk controls) interface with Safety Assurance through CAP monitoring, follow-ups on risk controls,
and system assessments (see paragraph 3.2.1). Follow-ups are performed to evaluate controls
and assure that they have been implemented in accordance with their intended design.

[Link] Revision: 9 Safety Risk Management Page 2-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.3 SAFETY RISK ASSESSMENT AND CONTROL


2.3.1 SAFETY RISK ANALYSIS
SRR 5.55(a)
(A) Safety risk analysis receives inputs from
analysis, and change management. The Safety
Issue object within OmniSMS is utilized to perform the safety risk analysis process.
(B) The risk analysis process requires evaluation of those threats, conditions and events which could give rise to
one or more
escalate further into one or more incident or accident consequences of varying
severity.
(C) The analysis considers human error, equipment failures (hardware / software), environmental conditions
(such as weather or lighting), process breakdowns (such as communications or control failures), and human
interfaces with the environment and hardware / software involved.
(D) Some failures / accidents may require a combination or specific sequence of triggering events or conditions;
others may requir
the probability and severity of the consequence(s) that could be realized.
(E) Existing barriers and risk controls currently in place may also be analyzed. Such analysis typically results in
determinations of less severe consequences, confirming the robust nature of our aviation system and its
many controls.

NOTE:
Safety risk analysis is best performed in a group or ‘brainstorming’ session, with stakeholders
who are subject matter experts and possess intimate knowledge of the company’s operations.

2.3.2 DEVELOPING A HAZARD STATEMENT AND RISK SCENARIOS


(A) Hazard statements and risk scenarios help us clearly define a hazard and understand how the hazard’s
associated risk(s)
of identified hazards, develop a hazard statement, from which undesired events
(how they might occur and how they might affect us) can easily be implied, but are not explicit:
(1) Flight ops example: “Night IFR operations into an unfamiliar mountain airport with a complex missed
approach procedure, and without ground-based radar.”
(2) Maintenance example: “After-hours non-routine maintenance / inspection at an outstation without a
hangar, staffed by one maintenance technician.
(3) Manufacturing example: “An improperly manufactured, out-of-tolerance new part installed on an
aircraft in service.”
(C) These examples do not explicitly state anything that could go wrong. They do however describe the ‘hazard’;
that is, the situation or conditions in which the hazard could manifest itself as a risk (a consequence).

[Link] Revision: 9 Safety Risk Management Page 2-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(D) Step 2: Develop one or more risk scenarios. A risk scenario is a postulated chain of events, which includes
a top event and a ‘risk' or consequence (a credible incident or accident outcome) as the final event in the
accident chain. Each risk scenario should describe how the chain of events could progress (as a result of
hazards, threats, and failed barriers) to an undesired state (the top event), and perhaps beyond the top
event to become an incident or accident:
(1) Scenario for flight

to complete task / Tech becomes fatigued / Makes


installation or inspection error / Unairworthy aircraft is returned to service / System or component failure
in flight.
(3) Scenario for manufacturing example: “Out-of-tolerance part is installed / Unairworthy aircraft is
returned to service / Premature inflight failure of life-limited part.
(E) Step 3: For each scenario, set the

end of the risk scenario can be an undesired state


and not an accident. This is because we are analyzing the risk of the most credible incident / accident
outcome; NOT a ‘worst case scenario’. Industry accident reports are testimony to the fact that the vast
majority of hazards manifest themselves as undesired states or incidents; rarely do hazards result in an
accident outcome.

Source: ARMS Methodology for Operational Risk Assessment v 4.1


March 2010 ARMS Working Group (modified).

2.3.3 STUDY OF SIGNIFICANT SAFETY ISSUES


(A) For significant safety issues which comprise the company’s Safety Risk Profile, further in-depth study is
possible within the OmniSMS application. In this study:
(1) Hazards, threats, triggering events and avoidance barriers that lead to the top event are identified;
(2) Escalation barriers that could prevent the accident consequence are identified;
(3) A simple bow-tie analysis can be presented.

[Link] Revision: 9 Safety Risk Management Page 2-6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.3.4 SAFETY RISK ASSESSMENT


SRR 5.55(b)
(A) The safety risk assessment process assesses the probability of the top event being realized, and the severity
of the top event in terms of various negative outcomes. Exposure to the hazard is also considered in the
assessment. Safety risk assessment helps managers make sound decisions, establish priorities, and focus
their safety management efforts where they will provide the greatest risk reduction.
(B) Probability may be assessed qualitatively or quantitatively in the RA Matrix. FAR / JAR 25.1309 harmonized
definitions are used to support probability failure assessments of parts, components, aircraft, and systems.
Qualitative assessments of flight safety events are also supported. Probability criteria for single point failures
and common cause failures are also provided. Source: FAA ATO SMS Manual, July 2016.
(C) Severity is assessed on each consequence, or 'risk'. This is the last event listed in the risk scenario's chain
of events, which considers barriers and controls currently in place. By considering barriers and controls, the
analysis produces a credible incident / accident outcome (which is often inconsequential or an undesired
aircraft state), rather than a worst-case accident scenario. If the consequence is a serious incident, accident,
or medical emergency, recovery measures may also be considered to produce a more accurate severity
assessment.
(D) Exposure to the hazard is assessed with qualitative measurements (rare, seldom, often, and continuous).
(E) Risk tolerability falls into
one of three levels, based
on the assessment’s
resulting RA value of
combined probability and
severity:
(1) Acceptable
(Low)
(2) Acceptable-with
-Mitigation
(Moderate)
(3) Unacceptable
(High)

NOTE:
Exposure is included in each risk assessment, but is not included in the risk’s RA value.
This is because frequency of exposure to the hazard has no impact on the probability of
barriers and controls failing which are intended to prevent the risk from being realized.
Further, factoring exposure into the RA value can cause a high-risk hazard to
have an unusually low RA value if the hazard is infrequently encountered.

[Link] Revision: 9 Safety Risk Management Page 2-7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.3.5 OMNISMS RISK ASSESSMENT (RA) MATRIX


(A) Severity of each consequence may be assessed in any one or all five risk dimensions of Airworthiness,
People, Assets, Reputation, and Environment. “Flight safety risks” are typically assessed in the dimensions
of Airworthiness, People and Assets.
(B) For each consequence, the resulting RA severity value will be the highest of the five dimensions assessed.

2.3.6 SAFETY RISK CONTROL


SRR 5.55(c)
(A) Effective control measures reduce or eliminate one of the three components of risk: (exposure, probability or
severity). For each identified hazard, individual risk controls which comprise a corrective action plan (CAP)
are developed, clearly described, and implemented by appropriate managers, ready to be used in the
operational environment for which they are intended.
(B) CORRECTIVE ACTION PLAN. Within OmniSMS, A CAP may contain corrective actions and risk controls as
necessary to mitigate risk to an acceptable level. Corrective actions are not preventive; they simply correct a
hazard, error or other deficiencies (e.g., correct an erroneous record, complete an overlooked inspection, or
remove FOD or other hazard). Risk controls are preventive. They may include initial notifications to
personnel (cautions or warnings), elimination of one aspect of a hazard (such as illuminating an obstruction
hazard on a dark ramp), safety devices, warning devices, or changes to written policy and procedures. The
most effective controls begin with system design, or are built in to an existing system. Investigate specific
strategies and tools that reduce, mitigate, or eliminate the risk.
(C) CAP MONITORING. Describe any monitoring that may be necessary to assure the corrective action plan is
performing as intended. Enter the name of the person responsible, and the date through which monitoring
should be performed.

[Link] Revision: 9 Safety Risk Management Page 2-8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(D) Open the Study tab (of an Issue) or the Investigation tab (of a Report) to determine which of the hazards /
factors identified there will be managed with risk controls and / or corrective actions. Those factors selected
as ‘Managed’ or ‘Causal’ will be mitigated by the CAP; those left as ‘Identified’ or ‘Contributing’ will not.
(E) On the CAP tab, add a control and give it a short title.
Specify the factor(s) mitigated by the control. A control
may mitigate one or more factors, including the top
event and one or more unwanted consequences.
(F) Define the control with an explanation of what is to be
done, and how. Provide a definition / rationale (i.e., why
are we implementing this control?).
(G) Select “Ready to accept” to update the status of the
control to: Awaiting CAP acceptance.

2.3.7 EVALUATING RESIDUAL AND SUBSTITUTE RISK


SRR 5.55(d)
(A) RESIDUAL RISK. It is seldom possible to entirely eliminate risk, even when highly effective controls are
used. After a CAP has been developed and controls designed into it, an evaluation is made as to whether
the risk will be acceptable with the proposed safety risk control(s) applied. This must be done before
controls are implemented:
(1) Using the risk matrix in the OmniSMS CAP tab, set the residual risk.
(2) Determine risk tolerability.
(3) Refer to paragraph 1.2.6: Risk Acceptance Authority for OmniSMS Risk Assessments (RA) to
determine who may accept various levels of residual risk.
(B) SUBSTITUTE RISK. Effective CAP development also requires an evaluation of proposed actions to ensure
that they do not introduce new hazards into the system. New hazards introduced as a result of implemented
risk controls are referred to as substitute risks, and may result in a situation where “the cure is worse than
the disease.” For example, locking a door for security reasons could cause personnel to be unable to exit a
building in case of fire. If substitute risks are present, additional risk controls to mitigate such risks are
necessary, and are recorded as part of the CAP within the OmniSMS application.

2.3.8 CAP ACCEPTANCE / CAP LOCK


(A) When the status of all controls has been set to Awaiting CAP acceptance, the CAP may be reviewed and
accepted by the appropriate risk-acceptance authority. This is typically a department manager who ‘owns’
the processes the CAP is intended to control.
(B) When the appropriate risk-acceptance authority accepts a CAP, that person has determined:
(1) That they hold the necessary authority and have the necessary resources available to effectively
implement all risk controls and corrective actions which comprise the CAP;
(2) That the proposed CAP has been properly developed based on a system analysis or (in the case of an
occurrence or finding) a determination of root causes;
(3) That a preferred order of controls has been considered; that substitute risks have been evaluated and
risk controls proposed to mitigate any substitute risk that is deemed unacceptable; and
(4) That the overall level of residual risk after the CAP is implemented has been determined to be at a level
that is as low as reasonably practicable (ALARP).
(5) Upon acceptance of the corrective action plan, the CAP may be locked. Locking the CAP prevents any
further editing of agreed-upon risk controls. Only report / issue owners and safety administrators may
lock or unlock a CAP.

[Link] Revision: 9 Safety Risk Management Page 2-9


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.3.9 IMPLEMENTING RISK CONTROLS


(A) Typically, a CAP’s individual risk controls are assigned to appropriate managers, supervisors, or other
qualified personnel for implementation. Any person assigned to implement a risk control must possess the
necessary knowledge, experience, and ability to implement the control.
(1) On the Controls tab, request action and set the user who is responsible for implementing each control.
Set the due date.
(2) Communicate implementation – Be sure the CAP is understood and accepted by all affected personnel
in all affected departments. Safety comms / memos within OmniSMS may be used for this purpose.
(3) Assign responsibilities for risk control implementation and establish accountability for performance.
(4) Provide the necessary resources to properly implement all controls which comprise the CAP.
(B) FOLLOW-UPS: Each risk control recorded in OmniSMS requires a follow-up to assure that the risk control
was implemented correctly and conforms to its intended design. This follow-up should be performed by the
process owner - the owner of the operational process the risk control is intended to control (typically the
department manager).
(C) To accomplish a follow-up, the process owner (or delegate) may observe the affected operational process,
hold a discussion with

the follow-up is being performed;


(3) Review documents / observe operational processes / interview personnel as necessary;
(4) Confirm that the control as implemented was in conformance with its intended design;
(5) Confirm that the control is effective in eliminating the hazard or reducing risk;
(6) Confirm any substitute risks created as a result of the control are being mitigated to ALARP levels.
(D) Record results of the follow-up (satisfactory or unsatisfactory), and document any non-conformities,
ineffective performance, and substitute risks revealed or not adequately mitigated.
(1) If a follow-up is unsatisfactory, additional controls may be required, or corrective action applied to an
ineffective or non-conforming risk control. In this case the record should remain open, and another
follow-up scheduled.
(2) Upon satisfactory follow-ups of all risk controls which comprise a CAP, and thereafter at the discretion
of the report or issue owner, the record may be closed.
(E) CLOSING OF REPORTS / ISSUES. Department Managers who ‘own’ a Report or Issue typically close
reports within their respective departments. More

throughout the life cycle of the system,


operation, project or activity. Supervisors and managers at every level must fulfill their respective roles in
assuring controls are sustained over time. After a Report or Issue is closed:
(1) CAP monitoring (which may have been assigned to evaluate the controls that comprise the CAP) may
provide feedback;
(2) Feedback may also be received from employee hazard reports and departmental audits;
(3) The System assessment process is used to evaluate risk controls during internal evaluations.
(G) These feedback loops help managers to assure that implemented risk controls and corrective actions
continue to work as expected, and to assess system performance. If feedback indicates a particular risk
control was implemented improperly, or is not mitigating risk as intended, the safety risk management
process is re-applied and the affected risk control is corrected.

[Link] Revision: 9 Safety Risk Management Page 2-10


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.3.10 INITIAL SYSTEM DESCRIPTION


(A) When the OmniSMS application is first implemented, various taxonomies within the application are
configured by the Director of Safety or other knowledgeable person. Select CONFIGURATION /
TAXONOMY MANAGEMENT in the upper R/H corner of the OmniSMS dashboard. Within each taxonomy,
terms may be hidden / added / moved as desired.
(B) The application is then brought before the YCO Safety Action Group (SAG) for further refinement and
development of an initial system description. Select ASSURANCE / SYSTEM DESCRIPTION to begin this
process.

(d) Activities
(e) Clients / Contracts
(f) Programs
(2) Operating Environment
(a) Areas of Operations
(b)

(d) Environment / Context


(3) Organization
(a) Bases
(b) Divisions
(c)

(4) Personnel and Equipment


(a) Job Title / Position
(b) Duty

(d) Equipment Manufacturer

NOTE:
As the system description is developed, significant safety issues should become
apparent for inclusion in the YCO Safety Risk Profile. Keep a list of these
issues for further analysis during the initial system analysis that follows.

[Link] Revision: 9 Safety Risk Management Page 2-11


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.3.11 INITIAL SYSTEM ANALYSIS


(A) During initial system analysis, additional OmniSMS taxonomies are configured pertaining to hazards and risk
controls. Using information developed in the initial system description, operational processes, activities and
tasks are analyzed to determine what could go wrong (under both normal and abnormal operating
conditions) in order to
should be performed in a group setting, preferably using the same stakeholders
and subject-matter experts who created the initial system description. As taxonomy terms are presented,
thought processes
by hiding terms that do not apply, and adding terms that are not present:
(1) Hazards / Factors
(a) Hazards
(b) Human Factors
(c) Organizational Factors
(2) Risk Controls
(a) Positive Interventions
(b)

2.3.12 SAFETY RISK PROFILE


(A) Your Company’s Safety Risk Profile (also known as a significant safety issue list) is a grouping of high
priority safety issues that require elevated levels of safety oversight in order to ensure the highest level of
safety. To be effective, the
resources where they will have the most benefit
in accident avoidance.
(B) Significant safety issues may be titled in terms of an unwanted occurrence or consequence (e.g., “runway
excursion avoidance” or “controlled flight into terrain avoidance”), an activity (e.g., night operations in
mountainous terrain), or a hazardous condition (e.g., “fuel contamination”), or situation (e.g., “improper use
of automation”). They may pertain to a specific location (e.g., “runway excursion at Telluride airport”), a
specific aircraft type, or a specific mission type (e.g., “repositioning” or “test flights after critical maintenance
actions”). In any case, it’s important to define the scope of each significant safety issue.
(C) Periodic review and revision of the Safety Risk Profile is performed at least annually during the YCO safety
review committee’s annual management review. Issues with moderate and high risks are reviewed and re-
evaluated. Based on these evaluations, risk controls may be corrected; levels of oversight adjusted; and
enhanced safety management activities carried out.

2.3.13 CREATING A SIGNIFICANT SAFETY ISSUE


(A) Within the OmniSMS application, create a safety issue under RISK MANAGEMENT. Select issue type:
Significant Safety Issue. On the System Analysis tab, define the scope of the issue including the function
and purpose of the system, the system’s operating environment, an outline of the system’s processes and
procedures, and the personnel, equipment, and facilities necessary for operation of the system.
(B) In the Overview panel
performance metric (e.g., “reduce quality escapes in maintenance
to less than 1 escape per 10,000 hours worked” or “reduce undesired approach / landing events to less than
1 event per 10,000 flight hours” ).

[Link] Revision: 9 Safety Risk Management Page 2-12


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(C) On the RA / Actions tab, perform safety risk analysis and safety risk assessment in accordance with the
instructions in paragraph 2.3: Safety Risk Assessment and Control of this Section. Develop a risk
scenario and
to the occurrence taxonomy under CONFIGURATION / TAXONOMY MANAGEMENT.
(D) Then under POLICY / OBJECTIVES, select Performance Indicators / Add KPI to set one or more low-
level key safety performance indicators for the chosen consequence. This ties relevant safety performance
indicators to the issue’s safety objectives.
(E) When setting KPIs, select events from the
Occurrence taxonomy which are ‘precursor’
events to the unwanted consequence.
(F) For example, a common industry-wide
safety initiative in the fixed wing sector is runway
excursion avoidance. Precursor events to this
unwanted event are found under the term:
Undesired
term to use when creating a low-level
safety performance indicator for the significant
safety issue: Runway excursion avoidance.
(G) In this example, when any of the events under the parent term: Undesired approach / landing are reported or
identified from flight data analysis or root cause analysis, they will count towards the Undesired approach /
landing KPI.

NOTE:
The parent term “Undesired approach / landing” and its child-term events are predictive indicators of how a
runway excursion accident could be realized. By creating a safety performance indicator for this group of
precursor events, trends can be identified and mitigations applied before a runway excursion accident occurs.

2.4 EVENT RISK CLASSIFICATION


2.4.1 MANAGING OCCURRENCE REPORTS
(A) Event risk classification provides an effective means
for managers to quickly screen incoming occurrence
reports and determine when urgent action is
necessary.
(B) ER classification should take place preferably within
one or two days of the event and be carried out by a
person with operational experience who has been
trained in risk assessment.

2.4.2 EVENT-BASED RISK ANALYSIS


(A) The ER classification method was designed to
analyze and assess risk associated with events that
have already occurred.
(B) ER classification is based on a concept of “event-
based risk”, which is an assessment of flight safety
risk associated with the reported event (as opposed
to risk associated with future, or 'similar' events).
(C) In the case of moderate or severe ER values, an
assessment of residual risk should follow using the Risk Assessment (RA) tool.

[Link] Revision: 9 Safety Risk Management Page 2-13


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

2.4.3 INTERVENTIONS, BARRIERS AND CONTROLS


(A) First identify the interventions, barriers and controls that prevented the reported event from escalating into an
incident or accident scenario. Ignore barriers that already failed; these will be studied in the investigation
that follows. Consider only the barrier(s) which worked, and any subsequent barriers that remained in place.
(B) Analyzing these barriers provides a more accurate assessment of the likelihood of an incident or accident
scenario being realized.

2.4.4 ER QUESTION 1
(A) If this event had escalated into an accident, what would have been the most credible outcomes?
(1) In your mind, try to escalate the event into an incident or accident. If it was virtually impossible that the
event could have escalated into an accident, then you are at the bottom row of the ER matrix.
(2) If

we are trying to avoid by having these events reported?’


(C) This question is NOT asking for the most probable outcome - In the majority of reported events, the most
probable outcome is usually “nothing” and therefore ignores any risk that the event carries. It is also not
asking for the 'worst case scenario' since this is not the most likely outcome to expect.
(D) For example, if a (tire / wheel / brake) system or component failure/malfunction were to have escalated into a
runway excursion (accident consequence), the most credible outcomes would be aircraft damage and
perhaps some serious injuries, as opposed to 100% fatalities.

Event Risk Classification Matrix

[Link] Revision: 9 Safety Risk Management Page 2-14


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(E) There may be some subjectivity between analysts in answering the first question, depending on how they
consider the event's causal factors. However that variation is addressed in question two by considering the
remaining barriers, and resulting likelihood of the most credible accident consequence being realized (not
the worst-case scenario). The risk colors and values in the ER are intended to ensure that any variation in
approach produces similar outputs in terms of risk.
(F) In the longer term, most safety analysts and operational managers will be able to readily identify the
consequences and outcomes associated with various reported events (and hence reduce subjectivity
associated with the first question).

2.4.5 ER QUESTION 2
(A) What was the effectiveness of the remaining controls / barriers between this event and the most
credible accident scenario?
(B) The second question only considers remaining barriers – to estimate the probability of further escalation into
the most credible accident scenario as identified from question 1. The barrier which stopped the escalation
will be counted in (because it was still in place), along with any others that are believed to still remain. The
already failed barriers will be ignored.
(C) It is recognized that there is still subjectivity in the answer to the second question, and that expert knowledge
will still be required to make an accurate categorization.
(D) Analyze both the number and robustness of the remaining barriers between this event and the accident
scenario in Question 1. For the vertical column selection, you should pick:
(1) Not Effective - if the only thing separating the event from an accident was pure luck or exceptional
skill, which is not trained for, nor required;
(2) Minimal - if some barrier(s) were still in place but their total effectiveness was “minimal”. For example,
this could be a GPWS warning just before an imminent CFIT;
(3) Limited - if the effectiveness of the

of a redundant system, or engine


failure in cruise flight.
(E) The reference in this analysis (even for manufacturers and repair organizations) has to be to an accident,
because risk assessment only

their related accident outcomes. In some cases, the


reference accident could be so minor that it would not actually qualify as an accident according to ICAO and
NTSB definitions.

Source: ARMS Methodology for Operational Risk Assessment


v 4.1 March 2010 - ARMS Working Group (modified).

[Link] Revision: 9 Safety Risk Management Page 2-15


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Safety Risk Management Page 2-16


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

3. Safety Assurance
3.1 SAFETY PERFORMANCE MONITORING AND MEASUREMENT
SRR 5.71(a)
(A) YCO has developed and maintains Safety Assurance (SA) processes to collect safety data pertaining to its
operations, products and services. This data is used to monitor safety performance and validate the
effectiveness of
fall short, are improved.
(B) Such data includes the data used for hazard identification (hazard reports, occurrence reports and system
descriptions) as well as data from safety studies, surveys, audits, and investigations.
(C) Safety performance is primarily monitored and measured using safety performance indicators and targets, in
support of the company’s
operational environment.

3.1.1 MONITORING OF OPERATIONAL PROCESSES


SRR 5.71(a)(1)
(A) Department managers monitor operations for the processes they own, including products and services
received from vendors and contractors. Monitoring is performed in order to assure regulatory compliance,
determine
identify hazards to safe operations.
(B) Monitoring of operational processes is accomplished by reviewing:
(1) Flight operations documents and records (e.g., load manifests, flight releases, crew duty time reports,
customs declarations, dangerous goods PIC notifications & declarations);
(2) Maintenance documents and records (e.g., maintenance logs, inspection status, work cards &
packages, airworthy releases, Required Inspection Item (RII) authorities, duty time sheets);
(3) Records of training and certifications;
(4) Reports received from the confidential reporting system;
(5) Risk controls
to assess system performance.

3.1.2 MONITORING OF THE OPERATIONAL ENVIRONMENT


SRR 5.71(a)(2)
(A) Department managers monitor the operational environment of their respective areas of responsibility, in
order to detect changes that could affect the safety of operations. One or more system analyses developed
under paragraph 2.2: System Description and Analysis provide the context for monitoring of the
operational environment. This may include monitoring and reviews of:
(1) Environmental conditions, forecasts, and alerts;
(2) Operational complexity (age of fleet; varied fleet; seasonal operations; lease arrangements);
(3) Operational stability (financial conditions; management turnover; workforce stability / reduction; rapid
growth; new or major
and foreign;
(5) The Airport / ATC environment (airport / ATC services, approach and enroute procedures, etc.);
(6) Other environmental factors (costs, labor, political, security).

[Link] Revision: 9 Safety Assurance Page 3-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

3.1.3 SAFETY ASSURANCE (SA) PROCESS FLOW DIAGRAM

[Link] Revision: 9 Safety Assurance Page 3-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

3.1.4 INTERNAL AUDITS OF OPERATIONAL PROCESSES AND SYSTEMS


SRR 5.71(a)(3)
(A) Internal audits of operational processes and systems (departmental audits) are performed internally by
managers within their respective departments.
(B) Each department manager is responsible for the quality of the Internal Audit process within his / her
department. Since managers are accountable for all operational processes within their departments, they
are best suited to audit their own operational processes (and those provided by vendors / contractors), as
well as evaluate the effectiveness of safety

to conform to their intended design, and that


they remain effective.
(D) Second, departmental audits are utilized to assure the quality of operational process outputs.

NOTE:
Auditors shall not audit their own work, in accordance with
basic auditing and quality management principles.

3.1.5 INTERNAL EVALUATIONS


SRR 5.71(a)(4)
(A) Internal evaluations of all departments are performed by the Director of Safety (or delegate auditors).
(B) The Director of Safety is responsible for the quality of the internal evaluation process.
(C) Internal evaluations determine conformity with safety risk

order to determine if the


process is being performed in accordance with the control. The quality of the operational process output is
further evaluated. If process outputs are
, by sampling regulatory requirements that
apply to the operational processes being evaluated.
(E) Internal evaluations further assist management in determining if the SMS is meeting the company’s
objectives and goals.
(F) Auditors performing internal evaluations should be functionally independent of the department being
evaluated.

3.1.6 OUTSIDE AUDITS / EVALUATIONS


SRR 5.71(a)(4)
(A) Outside audits / evaluations are conducted by individuals outside of Your Company. These may include
audits by clients, accreditation agencies, insurance companies, etc., as well as assessments by oversight
organizations such as YCO’s Civil Aviation Authority (FAA).
(B) Outside audits / evaluations / assessments may include examinations of operational processes, SMS
processes, and a review of risk controls for the entire scope of all YCO operational processes.
(C) The Director of Safety is responsible for

, non-conformance, or other deficiencies); or


(2) Corrected risk controls (for existing controls that are not conforming or performing properly).

[Link] Revision: 9 Safety Assurance Page 3-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(D) Your Company will include the results of all outside assessments performed by oversight organizations in its
Analysis of Data process (see Analysis of Data below).
(E) The Safety Action Group may also elect to include the results of outside audits / evaluations performed by
entities other than oversight organizations in its data analysis process, and for the development of risk-
mitigating strategies. These objective, third-party audits often reveal deficiencies or areas requiring
improvement that would otherwise remain undetected.

NOTE:
Refer to the YCO Internal Evaluation Program for instructions and procedures
for the performance of internal audits and evaluations.

3.1.7 INVESTIGATION OF INCIDENTS, ACCIDENTS, NON-COMPLIANCE AND OTHER EVENTS


SRR 5.71(a)(5,6)
(A) Investigation is an essential safety
, findings of non-compliance, and other minor events.
(B) REACTIVE INVESTIGATIONS. At a minimum, YCO will investigate the following occurrences:
(1) All incidents and accidents;
(2) Near-accidents;
(3) Instances of potential regulatory non-compliance;
(4) Instances of non-compliance with YCO safety risk controls.
(C) PROACTIVE INVESTIGATIONS. YCO safety staff and managers may also choose to investigate minor
irregularities that are indicative of quality or process deficiencies within their respective departments. The
simple yet effective “5 Why Root
taxonomies of Occurrences, Hazards, Errors and
Organizational factors.
(D) PREDICTIVE INVESTIGATIONS. Predictive FDAP / FOQA data (such as deviations from flight manual
limitations / SOPs, exceedances of speed, pitch, rates of descent, etc.) and deviations / errors identified
during LOSA observations may be investigated using root cause analysis if reported as an Occurrence. In
the case of an identified trend, a Safety Issue may be used to study the trend.
NOTE:
Factors identified within Safety Issues may include events that have not
actually occurred, and therefore do not impact safety performance indicators.

(E) Certain reported events are also considered predictive indicators. These include lower-consequence SPIs
(such as unstable approach / long landing / continued landing after unstable approach). OmniSMS
taxonomies support the investigation of these predictive events and associated trends.
(F) Accidents, incidents and reported predictive events often have contributing factors and influences outside the
company (such as factors from vendors, sub-

and causal factors that may have


contributed to the occurrence.
(G) To record investigation notes within the OmniSMS application, open the Investigation tab of a report. In the
Investigation notes panel, select ‘add investigation note’. This panel serves as a ‘forum’ for multiple
investigators to share information during a branched investigation.
(H) Through investigation of occurrences, minor events and predictive trends, Your Company collects data
which helps to identify latent conditions, process deficiencies and organizational factors that could contribute
to a future incident or accident.

[Link] Revision: 9 Safety Assurance Page 3-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

3.1.8 CONFIDENTIAL REPORTING SYSTEM


SRR 5.71(a)(7)
(A) Your Company’s confidential reporting system encourages all personnel to report hazards, concerns,
occurrences, incidents, irregularities, and instances of potential regulatory non-compliance without fear of
reprisal. Under this non-punitive reporting system, most safety reports are resolved through system
improvements rather than through punishment or discipline.
(B) Reports are analyzed by appropriate managers to identify hazards to safe operations and (in the case of
accidents, incidents and other occurrences), determine root causes. Corrective Action Plans (CAPs) are
developed and implemented, and information is communicated to appropriate YCO employee groups.
(C) By actively participating in this process, all company personnel and vendor employees make valuable
contributions to the organization, thereby assisting YCO in achieving the highest possible level of safety.

NOTE:
Refer to Section 6: Confidential Reporting System for further guidance.

3.1.9 ANALYSIS OF DATA


SRR 5.71(b)
(A) Whenever an internal evaluation of a department is performed, data from various safety assurance sources
is analyzed to measure and evaluate safety management performance within the department’s functional
area(s). This data
within the department;
(2) Results of event investigations;
(3) Results of corrective/preventive actions, including evaluation of action effectiveness;
(4) Results of actions

reports;
(7) Results of the effectiveness of new risk controls that were implemented by process owners since the
last internal evaluation.
(B) The Director of Safety is responsible for the quality of data analysis performed during internal evaluations.
(C) Safety performance within the functional area / department is also evaluated in relation to key safety
performance indicators (KSPIs), and process owner compliance with required safety management activities.
(D) Results of these evaluations are independently reported by the Director of Safety to executive management
and / or the Accountable Executive.

3.2 SAFETY PERFORMANCE ASSESSMENT


SRR 5.73(a)
(A) Your Company utilizes the processes of system assessment and management review to assess company
safety performance against safety objectives.

[Link] Revision: 9 Safety Assurance Page 3-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

3.2.1 SYSTEM ASSESSMENT


SRR 5.73(a)(3)
(A) System Assessment is used to

a process deficiency. System assessment begins by looking at


existing risk controls in the OmniSMS application which apply to the functional area and department being
audited or evaluated.
(B) To perform a System Assessment, select: ASSURANCE / System Assessment in the OmniSMS
application. Select a desired
). This produces a list of all controls that have been created within the
department.
(C) Controls can be selected to view further details, including the status of the control and the responsible
manager (the CAP developer). The Report or Issue with which the control is associated can also be viewed.
(D) Each risk control is then

process is producing desired results.


(E) If System Assessment reveals a control that is not performing, the process in paragraph 3.4.1: Preventive /
Corrective Action is triggered. In this case, it is not necessary to conduct a new safety risk analysis; risk is
implicitly unacceptable, because the control failed to perform satisfactorily.

3.2.2 MANAGEMENT REVIEW


SRR 5.73(a)(1-5), (b)
(A) Management reviews perform the same function as system assessments, by evaluating the effectiveness of
safety risk controls and identifying any ineffective controls across all departments. Management reviews
further:
(1) Ensure compliance with safety risk controls established by YCO;
(2) Identify changes in the operational environment that may introduce new hazards;
(3) Identify new hazards;
(4) Evaluate YCO safety performance relative to established targets and indicators;
(5) Evaluate performance of the SMS.
(B) When revising safety performance indicators and targets (or establishing new ones), YCO management shall
review the data used for hazard identification (system descriptions and Issue studies), as well as the results
of surveys, audits and investigations.
(C) YCO management uses the results of these reviews as objective evidence of SMS performance; to
determine whether any
for continuous improvement of the SMS.
(D) If ineffective controls or new hazards are identified during management review, they are recorded as findings
in the OmniSMS application and the safety risk management process is again applied.

NOTE:
Refer to the YCO Internal Evaluation Program for guidance on performing
internal evaluations, system assessments, and management reviews

[Link] Revision: 9 Safety Assurance Page 3-6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

3.3 MANAGEMENT OF CHANGE


(A) Change management uses the strategic safety risk management process described in Section 2: Safety
Risk Management. Change management identifies hazards that may be introduced during changes to
company systems,

must first be defined. This could range from a single


activity within a department (such as the first heavy check of a new type aircraft) to a multi-departmental,
multi-faceted project (such as commencing operation of a new type of aircraft).
(C) Inputs for change management are system description(s) for the proposed new system, operation, or
procedure. System analysis is applied to identify potential hazards associated with the proposed change, by
providing an understanding of
hazard in order to determine acceptable levels
of risk.
(D) Management of change produces identified hazards within Safety Issues, a top event for each safety issue
(if desired), and a safety risk assessment for each identified consequence (risk). Hazards are recorded in
the OmniSMS application and, for associated risks

. When titling each Safety


Issue, use a naming convention that accurately describes the change and the operational processes it
addresses. Identify hazards; analyze and assess risk; implement risk control
.

3.4 CONTINUOUS IMPROVEMENT


SRR 5.75
(A) Continuous Improvement requires recurring application of safety risk management and safety assurance
processes. These processes continuously improve the effectiveness of risk controls, and of the SMS.
(B) As system assessment

, where risk controls and corrective actions are applied.

3.4.1 PREVENTIVE / CORRECTIVE ACTION


(A) When a system assessment or management review reveals that a risk control is not performing, or an
operational process is not in conformance with established risk controls, corrections must be made to
eliminate the cause(s) of non-conformance.
(B) If an existing risk control is not conforming, or the control is not meeting expectations, the control is
corrected within the OmniSMS application. The department manager responsible for the control then
develops a corrective action to address

control.

3.4.2 CORRECTING SAFETY PERFORMANCE


(A) If a safety performance assessment process reveals a safety performance indicator (SKPI) that is higher
than expected, or is approaching a target threshold, the process described in paragraph 1.5.2 KSPI
TARGET EXCEEDANCE is applied to correct the trend, and/or to prevent it from escalating further.

[Link] Revision: 9 Safety Assurance Page 3-7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Safety Assurance Page 3-8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

4. Safety Promotion
4.1 OVERVIEW
(A) Safety Promotion processes provide support for all other SMS processes through clear communications of
safety, quality, non-punitive

and improve the organization’s positive safety culture.


(B) Safety promotion includes establishing competency requirements for safety-related positions, and training for
all personnel. This training helps personnel understand the SMS and its importance to safety and efficiency.
(C) Safety communications (such as dissemination of safety information and lessons learned) also keep
personnel informed and enhances overall organizational safety.
(D) Through its Safety Promotion (SP) efforts, Your Company continually promotes the growth of our positive
safety culture, and communicates this positive safety culture throughout YCO with policies, commitments,
and actions of management. This begins with YCO’s conspicuous publishing of the company’s Safety &
Quality Policy. Within the OmniSMS application and elsewhere. In addition:
(1) Your Company communicates safety responsibilities for all personnel, which include clear and regular
communications of
system supports anonymous reporting if desired, in order to
promote and encourage the uninhibited reporting of hazards, errors, and safety concerns;
(3) The OmniSMS application provides accessible and efficient means of retrieving information and
administering safety management training.
(E) Ongoing safety promotion activities of Your Company include ensuring that all employees know what is
expected of them as pertains to safety management and how the YCO SMS functions. Employees receive
instruction regarding what their limits of authority are if a hazard or potential threat is perceived, how to
communicate the presence of a threat or
word, posters, announcements, website updates,
safety awards, etc. Above all, Your Company provides ongoing safety promotion through continual
demonstrations by management of hazard identification, prompt and decisive risk management, open
communications, and a positive and “just” safety culture.

4.2 COMPETENCIES AND TRAINING


SRR 5.91

4.2.1 PERSONNEL EXPECTATIONS (COMPETENCE)


(A) Competency requirements are essential in order to ensure that personnel who perform safety-related
functions have the

safety-related processes that support the SMS, including


requirements for:
(1) The Director of Safety;
(2) Department managers;
(3) Auditors.
(B) Competency requirements for
found in the YCO Internal Evaluation Program.

[Link] Revision: 9 Safety Promotion Page 4-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

4.2.2 SMS TRAINING PROGRAM


(A) Your Company has developed and maintains a safety training program for key safety personnel and
members of management. This
commensurate with their positions.
(B) Specific SMS training modules are provided for the following individuals, appropriate to each individual’s
involvement in the safety management system:
(1) The Accountable Executive;
(2) The Director of Safety and safety staff;
(3) Supervisors and managers at all levels.
(C) SMS training is further provided for employees who perform in safety-sensitive positions (e.g., pilots, cabin
attendants, dispatchers,
in the SMS.
(D) SMS training may be conducted in-house, or outsourced to a reputable provider of aviation safety training. If
SMS training is conducted in-house, instructors are responsible for ensuring that all materials, handbooks,
presentations and tests used in training are valid and current at the time of training.
(E) If SMS training is outsourced, Your Company provides company-specific SMS training that includes
instruction regarding safety policy and objectives, how to use the confidential reporting system, company
safety performance, and lessons

within the preceding 12 calendar months for each person’s


assigned duty position. Qualification is established by successful completion of a quiz or written exam.
Subjects are covered in sufficient depth so as to provide adequate knowledge for personnel to accomplish
their duties with the highest level of safety.

NOTE:
Refer to the YCO SMS Training Program for courses and categories of training, course syllabi,
objectives, prerequisites, training intervals, instructional methods and recordkeeping requirements.

4.2.3 SMS TRAINING RECORDS


Interface – SMS Training Program: Recordkeeping
(A) The SMS Training process produces outputs of:
(1) SMS Training Program (as set forth above);
(2) Records of required and delivered training;
(3) Incorporation of lessons learned into training.
(B) The Director of Safety is charged with the overall accuracy, completeness, maintenance and security of all
SMS training files. The Director of Safety assembles and maintains a training folder for each individual who
receives SMS training. These training

be maintained for as long as the individual is performing


duties for the company, and for no less than 24 consecutive calendar months thereafter.

[Link] Revision: 9 Safety Promotion Page 4-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

4.3 SAFETY COMMUNICATION AND AWARENESS


(A) Your Company has developed and maintains formal safety communications using the Safety Comm /
Memo System within the OmniSMS application. Safety Comms convey safety-critical information. Both
Safety Comms and memos provide managers with a record of acknowledgement.
(B) When a Safety Comm or memo is created,
confirms each recipient’s receipt and
understanding of each message being conveyed.
(C) If a recipient does not check his / her email, a ‘forced acknowledgement’ feature exists whereby upon the
next login to the OmniSMS application, each previously un-acknowledged Safety Comm or memo will
present for acknowledgement by the user. Users cannot access their dashboards for action requests,
operational risk assessments, etc., without first acknowledging all memos and safety communications.
(D) When new-hires are being
and the new-hire will need to read and
acknowledge all communications before accessing their OmniSMS dashboard. This will produce a record of
receipt and understanding for the new-hire’s responsible manager.
(E) Your Company may also communicate safety information from within the OmniSMS application to regulatory
authorities, in accordance with established memorandums of understanding and disclosure programs.

4.3.1 REQUIRED COMMUNICATIONS


SRR 5.93
(A) Safety Comms and memos may target individuals, specific groups, departments, or be disseminated
company-wide. These communications:
(1) Ensure that employees and managers at all levels are aware of SMS policies, processes, and tools
which are relevant to their responsibilities and commensurate with their positions;
(2) Convey safety-critical information
been (or will be) taken to improve safety;
(4) Explain why safety procedures have been changed, or are being introduced.
(B) When a Safety Comm applies to a subcontractor’s product or service, the responsible dept. manager shall
provide all pertinent subcontractors’ points-of-contact (POCs) with the Safety Comm (for dissemination to
employees of the subcontractor). To ensure that all affected sub-contractor employees have been provided
with the Safety Comm, the responsible manager shall obtain confirmation from each POC (via email or other
written communication) that the information has been disseminated to affected employees.

4.3.2 COMMUNICATIONS OF SAFETY LESSONS LEARNED


(A) Solving problems provides opportunities to foster learning and embed knowledge (within a group,
department or organization) that may help prevent similar problems from occurring in the future. Such
knowledge is referred to as
, and using it effectively is one of the objectives of Your Company’s
Safety Management System.
(C) Safety Lessons Learned may come from industry or from within the Company. These communications may
be of an advisory nature, or may inform personnel of the Company’s risk management efforts.

[Link] Revision: 9 Safety Promotion Page 4-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(D) Safety lessons learned are communicated to personnel by creating Safety Comms and Memos within
OmniSMS, where notifications are generated and acknowledgement is required. Memos and safety comms
can target individuals, specific

bulletin boards.
(E) Safety lessons learned that may be of interest to other organizations are also communicated, in order to
inter-operate with those organizations’ SMSs, and cooperatively manage issues of mutual concern.

NOTE:
When lessons learned come from sources outside the company such as accident / incident / ASAP
reports from other operators, safety advisories, airworthiness directives, all-operator
messages, etc., department managers
departments.

4.3.3 GENERAL COMMUNICATIONS


(A) These communications convey information of a general nature that is not related to specific safety issues,
and promote employee awareness of SMS benefits. Topics may include:
(1) Number of days worked without an injury;
(2) Positive impact of

mitigated;
(4) Announcements of safety awards presented to personnel for outstanding contributions, etc.

4.3.4 PROTECTION OF SAFETY


management system shall be protected by YCO
management, to be used by YCO for the furtherance and promotion of safety, and for no other purpose,
except in the following cases:
(1) If circumstances reasonably indicate that an occurrence may have been caused by conduct with intent
to cause damage or conduct with knowledge that damage would probably result, equivalent to reckless
conduct, gross negligence or willful misconduct;
(2) Review by YCO senior management

[Link] Revision: 9 Safety Promotion Page 4-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

5. SMS Implementation Plan


5.1 IMPLEMENTATION PLAN DESCRIPTION
(A) YCO’s SMS Implementation Plan is a “roadmap” describing actions needed to conform to SMSVP
requirements.
(B) Implementation is in
based on YCO’s Initial SMS Gap Analysis and an internal
examination of YCO’s:
(1) Organizational structure;
(2) Guidance and processes currently in place;
(3) Identification of individuals

areas of responsibility. Process manager responsibilities


are defined in Section 7, paragraph 7.6.1.

5.1.1 IMPLEMENTATION PLAN OUTLINE


(A) The SMS Implementation Plan contains an outline which includes:
(1) A listing of the relevant sections of the

responsible for implementing required actions;


(4) Estimated target dates that each expectation will be ready for design validation and performance
demonstration.

5.1.2 SMS GAP ANALYSIS


(A) YCO’s Implementation Plan is the result of a thorough system wide gap analysis. The gap analysis
compares existing processes, procedures, programs, and activities to the SMSVP Standard and identifies
existing programs, processes, and practices which with the SMSVP Standard, and which do not.
(B) The SMS Gap Analysis is accessed by logging into the YCO OmniSMS :
ASSURANCE / SMS Implementation from the top navigation tabs.

NOTE:
Refer to the YCO Gap Analysis / Implementation Plan for additional information.

[Link] Revision: 9 Safety Management Plan Page 5-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Safety Management Plan Page 5-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6. Confidential Reporting System


6.1 POLICY
6.1.1 POSITIVE SAFETY CULTURE
(A) Your Company and its owners, directors, officers and managers are committed to creating and fostering a
non-

to outside agencies, often avoiding certificate action


and civil penalties;
(2) Share the results of risk analysis and mitigation in a manner that protects confidential information;
(3) Improve YCO systems and processes in order to preclude reoccurrence of the event.
(B) To assure these outcomes, personnel who report these issues to their manager or the Director of Safety are
advised that no disciplinary action will be taken against any employee or person who reports an incident or
occurrence involving human error, and who openly participates in the investigation and development of error
prevention strategies. A minimum level of participation requires providing contact information in the report,
and at least one suggestion for correction.
(C) In addition to providing a “just safety culture”

and constructively contribute to YCO’s


confidential reporting system will be recognized and rewarded for their positive actions.

NOTE:
Refer to YCO’s published Non-punitive Reporting Policy Statement for details.

6.1.2 AWARD INCENTIVES


(A) Your Company may reward individuals who make positive contributions to YCO’s Safety Management
System through safety recognition and awards. Awards may include:
(1) Letters of commendation;
(2) Printed certificates or engraved plaques;
(3) Personal items related to aviation;
(4) Caps, patches, jackets and mugs;
(5) Gift certificates to local restaurants.
(B) Special emphasis is given to those individuals who include with their reports creative ideas for risk
mitigating strategies that can be accomplished with maximum efficiency and conservation of
resources. These recognitions and awards are effective tools for maintaining employee interest and
participation in the SMS. Candidates
one individual to be recognized and awarded at
periodic SAG meetings.

[Link] Revision: 9 Confidential Reporting System Page 6-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.2 REPORTING RESPONSIBILITIES


6.2.1 SENIOR MANAGEMENT
(A) The Accountable Executive is responsible for the continued fostering of Your Company’s “just culture”
regarding the open reporting of hazards, irregularities, errors, violations and other safety concerns.

6.2.2 DIRECTOR OF SAFETY


(A) The Director of Safety is responsible for administration of the confidential reporting system. Administration of
the system includes, but is not limited to:
(1) Collection and retention of all hazard, irregularity, and occurrence reports generated by personnel and
vendor employees;
(2) Collection and
, violations, or other self-disclosures;
(4) Organization, filing and security of all reports.
(B) The Director of Safety is further responsible for presenting all reports received at each regularly scheduled
meeting of the Safety Action Group, to solicit SAG recommendations for effective Corrective Action Plans.

6.2.3 DEPARTMENT MANAGERS


(A) Each manager who receives a verbal, telephonic, or written report of a hazard, occurrence, or other safety
concern is responsible for the immediate review and assessment of the report to determine if an urgent
safety condition exists. If warranted,
entered into the OmniSMS application.

6.2.4 PERSONNEL
(A) All personnel are responsible for the prompt reporting of any hazard, irregularity, incident, accident, error,
omission, violation or safety concern which they have caused or of which they have become aware. Urgent
concerns must be reported by the most expeditious means necessary.
(B) For urgent or life-threatening situations, immediate verbal or telephonic notifications are appropriate. Less
urgent situations may be reported in writing, or through YCO’s OmniSMS website. Although anonymity is
possible, personnel are encouraged to include personal information, without fear of retribution. This will
enable YCO managers to ask questions, gather more details and provide an opportunity for employees to
participate in the development of Corrective Action of an event.

NOTE:
A copy of the source document or original report may be attached to
the Report’s Docs / Images tab in the OmniSMS web application.

6.2.5 AVIATION SAFETY REPORTING SYSTEM (NASA ASRS REPORTS)


(A) The FAA has established an Aviation

present system. This program is


described in AC 00-46, Aviation Safety Reporting Program.

[Link] Revision: 9 Confidential Reporting System Page 6-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(B) When ASRS receives a report describing a hazardous situation – for example, a defective navigation aid,
mis-charting, a confusing procedure, or any other circumstance which might compromise safety of flight, an
alerting message is issued. Alerting messages take a variety of forms but they have a single purpose; to
relay safety information to individuals in positions of authority so that needed corrective actions can be
taken. This is a positive program intended to ensure the safest possible system by identifying and correcting
unsafe conditions before they lead to accidents.
(C) NASA ASRS reports are similar to voluntary self-disclosures in that airmen who inadvertently make an error
or violate a rule, and who file a report through this system within 10 days after a potential violation, may
avoid FAA

and air traffic control communications, aircraft cabin


operations, aircraft movement on the airport, near midair collisions, aircraft maintenance and record keeping
and airport conditions or services.
(E) The FAA utilizes the National Aeronautics and Space Administration (NASA) to act as an independent third
party to receive and analyze

NASA at: [Link]

6.3 REPORTING OF HAZARDS, OCCURRENCES, ERRORS AND VIOLATIONS


6.3.1 HAZARDS
(A) Hazards are tangible, observable objects, conditions or behaviors. Identification of hazards therefore
requires evaluation of the context, or environment, in which the hazard is observed. Many hazards do not
warrant reporting or corrective action unless associated with other conditions. Obviously, a spinning
propeller is a potential hazard in and of itself, but does not warrant a hazard report; however, the boarding of
passengers in the vicinity of a spinning propeller is a significant hazard that should be reported.

6.3.2 OCCURRENCES
(A) Occurrences are accidents, near-accidents, incidents, mishaps, injuries, damage events and irregularities.
YCO safety staff may classify

as to whether an occurrence is a MOR,


and notify authorities accordingly.
(C) Under no circumstances should an employee report a MOR event directly to regulatory authorities; such
notifications are the responsibility of department managers.

6.3.3 HAZARDS & OCCURRENCES REQUIRING A REPORT


(A) The following occurrences, events and hazards should be reported to YCO management:
(1) Aircraft Accidents & Incidents - All accidents, incidents and occurrences involving aircraft should be
reported, whether in-flight or on the ground. This includes even minor damage (even a scratch) to
aircraft parked, in maintenance, or in service.
(2) Damage Events - All

, vehicle, facility, equipment, employee, contractor,


operation or maintenance activity.

[Link] Revision: 9 Confidential Reporting System Page 6-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(3) Injuries to Personnel - All occurrences involving injury or illness to personnel, customers, passengers
or other persons should be reported, if the event or occurrence is associated in any way with any
aircraft, facility, equipment, employee, vendor, contractor, operation or maintenance activity.
(4) Flight Irregularities - Report all flight irregularities that occur during flight, in preparation for flight, or
during close-out

.
(5) Maintenance Errors – Occurrences or near-occurrences involving the use of suspected unapproved
parts (SUP), improper fluids,
technical references or guidance, or use of documents or
forms that are not current, should be reported.

6.3.4 REPORTING OF ERRORS AND VIOLATIONS


(A) It is the responsibility of every person to report mistakes and/or errors made by operations, administrative,
maintenance and inspection personnel immediately upon discovery. The owners, officers and managers of
Your Company understand

. Still, all errors and potential violations should be reported.


When making a report, attempt to identify the cause of the error, and all persons involved. Provide
suggestions that may prevent similar future occurrences. Your Company maintains two programs that can
protect certificated airmen from potential certificate actions and civil penalties. They are described in
paragraph 6.5 Aviation Safety Action Program and paragraph 6.6 Voluntary Disclosure Reporting
Program. Refer to these programs for more information.
(C) Your Company will never punish an employee for reporting an honest mistake or error, even if something
was overlooked or forgotten. Errors should always be honestly revealed, even if the error resulted in injury,
equipment damage, or regulatory

of government regulations or Company procedures, the error must


still be disclosed. Safety benefits from rule violations only result when the circumstances of the violation are
fully investigated. In many cases, personnel who repeatedly violate a rule prove eventually that the rule (or
part of it) is not fostering safety at all, and should be modified. This determination can only be made through
an honest examination of the violation.
(E) Your Company’s Director of Safety and appropriate department managers will determine any corrective
action(s) that need to be taken.
other corrective actions. If a concern regarding pilot proficiency
arises, the pilot may be evaluated, removed from all non-training flight duties, re-trained and re-qualified.

6.3.5 REPORTING PROCEDURES USING THE OMNISMS WEB APPLICATION


(A) Employees may report directly into the OmniSMS web application any hazards, events, and other safety
concerns for which immediate verbal or

.[Link]

[Link] Revision: 9 Confidential Reporting System Page 6-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(B) Procedures for accessing the OmniSMS online reporting form (including the YCO generic reporting
password) are issued to employees via Safety Comm from the office of the Director of Safety.
(C) The reporting interface supports iPads, other tablets and both Apple and Android mobile devices. An internet
connection, or cellphone connection with data, is required.
(D) OmniSMS account holders login with their email address and password. From the Dashboard, click on
‘Report’ to be taken to the YCO online reporting form.
(E) Submitted reports are saved in the OmniSMS application, and an email notification is sent to specified
individuals.

6.3.6 ANONYMOUS REPORTING


(A) OmniSMS supports true anonymous reporting by allowing employees, vendors, and clients / customers to
submit a report using an anonymous account and generic password that is set by administrators and may
be changed at any time.
(B) It is also possible for logged-in users to report anonymously by checking the box titled “Submit this report
anonymously” on the reporting form.

6.3.7 NON-DISCLOSURE
(A) Both the Director of Safety and other managers involved with each report received under this program shall
not disclose the contents of the report or disclose the identities of the persons involved, unless:
(1) Necessary to evaluate data or determine root causes;
(2) An immediate safety concern dictates otherwise.
(B) In such cases, information from reports received shall be released only on a need-to-know basis. If the report
involves an event of non-compliance, or if subsequent investigation by management reveals any issues of
non-compliance, YCO management will assist those airmen involved with NASA ASRP reporting in an effort
to protect personnel from civil penalties or certificate action imposed by regulating authorities.

6.3.8 INITIAL ASSESSMENT OF SAFETY REPORTS RECEIVED


(A) Whenever a reported hazard, occurrence or violation is received by the Director of Safety or a department
manager, that manager shall promptly perform an initial assessment of the hazard or situation and
associated risk(s). If a life-

involved.
(B) Managers should seek the consultation and advice of the Director of Safety or other manager(s). Likewise, if
a hazard, irregularity, occurrence, near-accident, error or violation is brought to the attention of the Director
of Safety, the Director of Safety shall contact appropriate knowledgeable manager(s) to discuss and assess
the event and associated risks. If doubt exists as to the severity of a hazard or event, and a possibility exists
for injury or damage to property, it is better to err on the side of safety, and make decisions accordingly.
(C) All reports received under the confidential reporting system shall be entered into the OmniSMS web
application (by the manager receiving the report) for investigation, risk assessment, and Corrective Action
Plan development.
(D) Occasionally a written record may an apparent violation, when in fact an administrative error has
occurred (such as an incorrect carry-forward of airframe total time which makes the logbook appear like the
aircraft has overflown an inspection). This is one reason why initial assessments are important.

[Link] Revision: 9 Confidential Reporting System Page 6-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.3.9 CORRECTIONS TO WRITTEN RECORDS


(A) All written Company records are to be made with ball-point pen, in blue or black ink. To correct a written
record (such as the
correct information adjacent to the error. This is the only acceptable method
of correction.
(B) Never change a record to conceal any mistake or error. Provisions exist to protect personnel and YCO from
certificate action and civil penalties in the event an inadvertent violation occurs.

6.3.10 ASSISTANCE FROM MANAGEMENT


(A) If a crewmember, dispatcher or mechanic should receive a "Notice of Investigation" involving a reported
violation, caution is advised in preparing a response. Many people often make self-incriminating statements
that subsequently appear as part of an enforcement action case or a civil action. For these reasons, YCO
management advises all

of YCO management and the resources available to management,


when dealing with these issues.
(B) Careful study of the processes involved may reveal a company process or procedure that is not well
designed, or even error-inducing. This may provide some defense and protection for the person(s) involved,
by placing the onus of regulatory violation on a company process, rather than on the individual.

6.4 MANAGING EMPLOYEE REPORTS


(A) The Director of Safety (DOS) is responsible for the timely initial assessment of all reports received, and for
determining their disposition. In the DOS’s absence, initial assessment in accordance with paragraph 6.3.8
Initial Assessment of Safety Reports Received may be delegated to a safety staff member or department
manager, and reports managed as follows:
(1) Reports submitted for training purposes and that do not warrant safety-risk or quality management may
be archived.
(2) If a report’s initial Event Risk classification (ER) or Risk Analysis (RA) is Acceptable / / Low,
ownership may be assigned to any department manager (or the responsible manager’s delegate) for
corrective action using the OmniSMS Fixit! Tool.
(B) If a report’s initial Event Risk classification (ER) or Risk Analysis (RA) is Acceptable with Mitigation /
/ Moderate, ownership shall be assigned to the appropriate department manager for risk mitigation
to a level that is ALARP (as low as reasonably practicable), and the report brought before the Safety Action
Group for review at regularly scheduled SAG meetings.
(C) If a report’s initial Event Risk classification (ER) or Risk Analysis (RA) is Unacceptable / Red / High,
immediate action may be necessary in accordance with paragraph 6.3.8 Initial Assessment of Safety
Reports Received. Ownership shall be assigned to the appropriate department manager for risk mitigation
to a level that is ALARP (as low as reasonably practicable), and the report brought before the Safety Action
Group for review at regularly scheduled SAG meetings.
(D) Based on these initial assessments, the appropriate manager and the Director of Safety determine whether
additional observations are warranted and if additional information is needed. If the hazard or safety risk
concern no longer exists and

and the data is sufficiently accurate, complete, timely


and valid, the Director of Safety and/or appropriate managers then proceed to identify other root-cause
potential hazards and assess levels of risk by completing the various risk management processes in the
OmniSMS web application.

[Link] Revision: 9 Confidential Reporting System Page 6-6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.5 AVIATION SAFETY ACTION PROGRAM


6.5.1 BACKGROUND
(A) Your Company’s Aviation Safety Action Program (ASAP) has been developed in accordance with Best
Practices for Event Review Committees by the American Institutes for Research, guidance in FAA Advisory
Circular AC 120-66B, and Order 8900.1 Flight Standards Information Management System (FSIMS), Vol.
11, Chap. 2, Sec. 1, Aviation Safety Action Program.
(B) The objective o

due to fear of punitive enforcement sanctions by FAA, and/or company


disciplinary action. The program encourages participation from various employee groups such as flight
crewmembers, mechanics, flight attendants, and dispatchers, by providing incentives to report errors and
violations when certain conditions are met.
(C) Reports of errors, occurrences and potential violations provide safety information that helps YCO and
Federal Aviation Administration (FAA) regulators identify potential precursors to accidents. Identifying these
precursors is essential to further reducing the already low accident rate.
(D) ASAP data entered into the OmniSMS management system allows managers to identify contributing and
causal factors related to violations, and to further determine if such regulatory and / or policy or other risk
control violations are unintentional, situational, routine, or exceptional in nature. Once properly identified,
corrective actions can be applied and trends addressed with effective risk controls.

6.5.2 PURPOSE
(A) The ASAP is based on a safety partnership that includes YCO management and FAA Inspectors, and may
include a third party, such as a labor union or industry organization (identify 3rd party here). To encourage
employee reports of errors and occurrences that may involve the employee’s possible noncompliance with
Federal Aviation Regulations, enforcement-related incentives have been designed into the program. The
elements of the ASAP are set forth in a Memorandum of Understanding (MOU) between the FAA and YCO
management. In some cases, this may also include an appropriate third party, such as an employee’s labor
organization or other industry safety organization which serves as an ASAP facilitator (revise to include 3rd
party facilitator).
(B) YCO managers utilize de-

YCO utilizes the OmniSMS application for collection, analysis,


storage, and retrieval of all ASAP data.

6.5.3 APPLICABILITY
(A) Your Company, the FAA, and other parties (identify other party) have entered this ASAP voluntarily. The
YCO ASAP may cover employees of a contractor only if contractual arrangements between the parties
specifically provide that the contractor and its employees shall abide by the terms of the applicable ASAP
MOU, and by the decisions of the company’s ERC. In order for the program to cover contract employees the
applicable ASAP MOU must stipulate that such contractual arrangements are in place.

This ASAP covers:

LIST EMPLOYEE GROUPS HERE


such as flightcrew members, flight attendants, mechanics,
dispatchers, flight followers, contract employees as agreed upon
in the MOU(s).

[Link] Revision: 9 Confidential Reporting System Page 6-7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.5.4 ASAP DEFINITIONS


(A) The following key terms and phrases are defined to ensure standard interpretation of the ASAP guidance
contained herein:
(1) Administrative Action: Under FAA’s Compliance and Enforcement Program, administrative action is a
means for disposing of violations or alleged violations that do not warrant the use of enforcement
sanctions. The two types of administrative action are a warning notice and a letter of correction.
(2) Air Carrier: A person who undertakes directly by lease, or other arrangement, to engage in air
transportation.
(3) Aviation Safety Action Program (ASAP) Facilitator: A third party who provides personnel, expertise
and/or time in order to

of ASAP reports, and coordinating and tracking the company’s


implementation of corrective action recommendations of the ERC.
(5) Certificate-Holding District Office (CHDO): The Flight Standards District Office (FSDO) or Certificate
Management Office (CMO) having overall responsibility for all FAA reporting requirements, technical
administration requirements, and regulatory oversight of a certificate holder.
(6) Consensus of the Event Review Committee (ERC): Under an ASAP, consensus of the ERC means
the voluntary agreement of all representatives of the ERC to each decision required by the MOU.
(7) Corrective Action: For the purposes of ASAP, corrective action refers to any safety-related action
determined necessary by the ERC based upon a review, investigation, and analysis of the reports
submitted under the ASAP. Corrective action can be recommended by the ERC for any safety issue
identified in an accepted ASAP report, regardless of whether or not it involves an individual’s
qualification issue. Corrective action may involve joint or individual action by the parties to the MOU.
(8) Covered Under the Program / Qualified for Inclusion / Included in ASAP: For the purposes of
ASAP, these terms all have the same meaning. They mean that the enforcement-related incentives and
other provisions of the ASAP apply to the employee who submitted the report.
(9) Enforcement-Related Incentive: In order to encourage participation by certificate holder employees,
an assurance that no enforcement action will be used to address certain apparent violations of the
regulations. This incentive only applies to ERC-accepted reports.
(10)Event Review Committee

omissions or errors.
(12)Memorandum of Understanding (MOU): Refers to the written agreement between two or more
parties setting forth the purposes for, and terms of, an ASAP. A standard MOU template is available
from the FAA at [Link]
(13)Party/Parties: Refers to Your Company, the FAA, and (specify 3rd parties here) that are signatories to
the MOU.
(14)Person: A person refers to an individual, firm, partnership, corporation, company, association, joint
stock association, or government entity. It includes a trustee, receiver, assignee, or similar
representative of any of them.
(15)Safety-Related Report: Refers to a written or online report of any event that involves an operational or
maintenance issue related to aviation safety reported through the YCO ASAP.

[Link] Revision: 9 Confidential Reporting System Page 6-8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(16)Sole-Source Report: The ERC will consider a report to be sole-source when all evidence of the event
available is predicated on the ASAP report. It is possible to have more than one sole-source report for
the same event. For the purpose of any additional action taken by the company outside of ASAP, Your
Company considers a report to be sole-source when all evidence of the event known to YCO is
discovered by or otherwise predicated on the ASAP disclosure. Your Company does not use any
information

evidence means evidence gathered by an investigation not caused by,


or otherwise predicated on, the individual’s safety-related report. There must be sufficient evidence to
prove the violation, other than the individual’s safety-related report. In order to be considered sufficient
evidence under ASAP, the ERC must determine through consensus that the evidence (other than the
individual’s safety-related report) would likely have resulted in the processing of a FAA enforcement
action had the individual’s safety-related report not been accepted under ASAP. Accepted ASAP
reports for

violation recurrence. YCO’s VDRP is described in paragraph 6.6:


Voluntary Disclosure Reporting Program that follows in this Section.

6.5.5 REPORTER’S DESIGNATION OF AN ASAP SUBMISSION


(A) If an employee is involved in an occurrence wherein a federal aviation regulation may have been violated,
the reporter may designate his / her OmniSMS Occurrence Report as an ASAP submission.
(B) Only covered employees under the YCO ASAP program may designate their report as an ASAP report. The
employee must be logged in to OmniSMS at: [Link] (anonymous
reporting does not permit ASAP submissions).
(C) To designate a report as an ASAP submission, select OCCURRENCE REPORT and the appropriate sub-
classification:
(1) Air Safety Report (pilot group)
(2) Cabin Safety Report (flight attendant group)
(3) Dispatch Safety Report (dispatcher / flight follower group)
(4) Ramp Safety

as an ASAP submission.
(F) Within the OmniSMS application, an occurrence report carries and displays this ASAP attribute throughout
its lifecycle.

6.5.6 GUIDELINES FOR ACCEPTANCE OF REPORTS UNDER ASAP


(A) General. Participation in Your Company’s ASAP is limited to YCO employees and to events occurring while
acting in that capacity. Each employee participating in the ASAP must individually submit a report in order to
receive the enforcement-related incentives and benefits of the ASAP policy. In cases where an event may
be reported by more than one person, each individual who seeks coverage under the ASAP must submit a
separate report in accordance with the reporting procedures specified herein.

[Link] Revision: 9 Confidential Reporting System Page 6-9


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(B) If a YCO investigator determines a reported occurrence may have violated a regulation, a recommendation
may be made to one or
this case, the original occurrence report need not be re-submitted. Rather,
each person involved need only login and submit an additional occurrence report (details not required) that
references the original occurrence report. The report must be designated as an ASAP submission.

(C) Criteria for Acceptance. The following criteria must be met in order for a report involving a possible
violation to be covered under the YCO ASAP:
(1) The employee must submit a report in a timely manner. In order to be considered timely, an employee
must submit their report involving a possible regulatory violation that meets either of the following two
criteria:
(a) Within the time period stated in the MOU (specify). If the report has been submitted within this time
period, a report would not be rejected because it was not timely, even if the FAA was already
aware of the possible noncompliance with the regulations, and may have brought it to the attention
of the employee;
(b) Within 24 hours of the employee having become aware of possible noncompliance, in accordance
with the following criteria: If a report is submitted later than the time period allowed under
paragraph (a) above, the ERC will review all available information to determine whether the
employee knew or should have

the report is submitted within 24 hours of the


employee having become aware of possible noncompliance, and provided all other ASAP
acceptance criteria have been met. If the employee knew or should have known about the apparent
noncompliance, then the report would not be accepted under the ASAP.
(2) The alleged regulatory violation must be inadvertent, and must not appear to involve an intentional
disregard for safety.
(3) The reported event must not appear to involve criminal activity, substance abuse, controlled
substances, alcohol, or intentional falsification.
(4) Sole-source reports that meet all of the above acceptance criteria except timely submission will be
accepted under ASAP.

(D) Repeated Violations. Reports involving the same or a similar possible noncompliance that were previously
addressed with administrative action under the ASAP will be accepted into the program, provided they
otherwise satisfy the acceptance criteria under paragraphs 6.5.6 (A), (B), and (C) above. The ERC will
consider on a case-by-case basis the corrective action that is appropriate for such reports.

(E) Non-Reporting Employees Covered Under the ASAP MOU. If an ASAP report identifies another covered
employee of YCO in a possible violation, and that employee has not submitted a separate report, the ERC
will determine on a case-by-case basis whether that employee knew or reasonably should have known
about the possible violation. If the ERC determines that the employee did not know or could not have known
about the apparent violation(s), and the original report otherwise qualifies for inclusion under ASAP, the
ERC will offer the non-reporting employee the opportunity to submit an ASAP report. If the non-reporting
employee submits a report within 24 hour

by that employee will be referred to an appropriate


office within the FAA for additional investigation and reexamination and/or enforcement action, as
appropriate, and for referral to law enforcement authorities, if warranted.

[Link] Revision: 9 Confidential Reporting System Page 6-10


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(F) Non-Reporting Employees Not covered Under the MOU. If an ASAP report identifies another employee of
YCO who is not covered under the MOU, and the report indicates that employee may have been involved in
a possible violation, the ERC will determine on a case-by-case basis whether it would be appropriate to offer
that employee the opportunity to submit an ASAP report. If the ERC determines that it is appropriate, the
ERC will provide that employee with information about ASAP and invite the employee to submit an ASAP
report. If the employee submits an ASAP report within 24 hours of notification, that report will be covered
under ASAP, provided all

additional investigation and reexamination and/or enforcement action,


as appropriate, and for referral to law enforcement agencies, if warranted.

6.5.7 GUIDELINES FOR EXCLUDING REPORTS FROM ASAP


(A) Exclusion. The following types of reports are excluded under an ASAP:
(1) Reports involving an apparent violation that is not inadvertent or that appear to involve an intentional
disregard for safety.
(2) Reports that appear to involve possible criminal activity, substance abuse, controlled substances,
alcohol, or intentional falsification.
(3) Untimely reports excluded under paragraph 6.5.6(B)(1) above, or reports where a consensus on
acceptance under paragraph 6.5.6 is not reached by the ERC.
(4) Reports of events that occurred when NOT acting as an employee of Your Company.

(B) Failure to Complete Corrective Action. Reports initially included in an ASAP will be excluded from the
program if the employee fails to complete the recommended corrective action in a manner satisfactory to all
members of the ERC. In those cases, failure of any individual to complete corrective action for an apparent
violation, a qualification issue, or medical certification or qualification issue in a manner acceptable to all
members of the ERC, may result in the reopening of the case and referral of the matter for appropriate
action.

6.5.8 ENFORCEMENT POLICY


(A) FAA Investigation of Events Involving Possible Noncompliance with 14 CFR. By public law and FAA
orders, the FAA is responsible for the proper investigation and disposition of all suspected cases of
noncompliance with 14 CFR. The FAA establishes investigative and enforcement jurisdiction and
responsibility regarding events reported to the ASAP ERC.
(1) The FAA CHDO ERC representative is empowered to complete ASAP investigations and is responsible
for coordinating all corrective and administrative actions in accordance with the current versions of the
following FAA orders, as applicable:
(a) Order 2150.3, Compliance and Enforcement Program;
(b) Order 8020.11, Aircraft Accident and Incident Notification, Investigation, and Reporting;
(c) Order 8400.10, Air Transportation Operations Inspector’s Handbook; and/or
(d) Order 8300.10, Airworthiness Inspector’s Handbook.
(2) The determination of whether or not a reported event meets the criteria for inclusion into YCO’s ASAP
will be made in accordance with the applicable orders and through the ERC process. If an event meets
the criteria for participation and is accepted into ASAP by the ERC, the FAA shall transfer all jurisdiction
and responsibility for compliance and enforcement investigations related to the event to the CHDO,
even if an enforcement investigation has been previously opened outside of ASAP.

[Link] Revision: 9 Confidential Reporting System Page 6-11


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(B) Reports Covered Under ASAP


(1) Those non-sole-source reports included in ASAP with sufficient evidence (see paragraph 6.5.4(A)(17)
for the definition of sufficient evidence) to support a violation of 14 CFR will be closed with
administrative action. Those non-sole-source reports without sufficient evidence to support a violation
of 14 CFR will be closed with a FAA Letter of No Action.
(2) Those sole-source reports that are included in ASAP will be closed with no action.
(3) Those reports included in ASAP that demonstrate a lack of qualification or raise a question of a lack of
qualification will be addressed

ASAP will be referred to the FAA for possible enforcement


action and/or re-examination under 49 U.S.C., Subtitle VII, and as prescribed in FAA Order 2150.3A.
(2) Reports of events that appear to involve possible criminal activity, substance abuse, controlled
substances, alcohol, or intentional falsification will be referred to an appropriate FAA office for further
handling. The FAA may use such reports for any enforcement purposes, and will refer such reports to
law enforcement agencies, if appropriate. If upon completion of subsequent investigation it is
determined that the event did not involve any of the aforementioned activities, then the report will be
referred back to the ERC for a determination of acceptability under ASAP. Such reports will be
accepted under ASAP provided they otherwise meet the acceptance criteria contained in paragraph
6.5.6 above.
(3) Neither the written ASAP report nor the

The FAA may conduct an independent investigation


of an event disclosed in a report.

6.5.9 REOPENING REPORTS BASED ON NEW EVIDENCE


(A) All safety-related reports should be fully evaluated and, to the extent appropriate, investigated by the FAA. A
closed ASAP case, including any related enforcement investigative report (EIR), involving a violation
addressed with administrative action or for which no action has been taken, may be reopened and
appropriate enforcement action taken if evidence later is discovered that establishes that the violation
should have been excluded from the program.

6.5.10 VIOLATIONS OF YOUR COMPANY


(A) An apparent violation of Your Company disclosed through a safety-related report under the YCO ASAP may
be handled by FAA under FAA’s Voluntary Disclosure Policy, provided YCO reports the apparent violation to
the FAA and the other elements of that policy are met.

NOTE:
Refer to paragraph 6.6: Voluntary Disclosure Reporting Program for guidance.

[Link] Revision: 9 Confidential Reporting System Page 6-12


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.5.11 RECORDKEEPING
(A) Your Company maintains those records necessary for the ASAP program’s administration and evaluation.
Records submitted to the FAA for review relating to an ASAP are protected to the extent allowed by law
under applicable exemptions of the Freedom of Information Act.
(B) All records, documents and safety-related information relating to the YCO ASAP are appropriately kept in a
manner that ensures compliance with 14 CFR and all applicable law, including the Pilot Records
Improvement Act. These records include:
(1) ASAP Occurrence Reports in YCO’s OmniSMS application;
(2) Investigations and ERC recommendations within each ASAP Occurrence Report
(3) ERC decisions within each

actions in YCO’s individual employee files, including:


(c) Warning notices;
(d) Letters of correction.
(C) All records, documents and safety-related information should be retained for a period of time sufficient for
the ERC to determine the effectiveness of its recommended corrective actions, but not less than for 24
consecutive calendar months.

6.6 VOLUNTARY DISCLOSURE REPORTING PROGRAM


6.6.1 BACKGROUND
(A) FAA Advisory Circular AC 00-58B Voluntary Disclosure Reporting Program (and associated Appendix 1)
sets forth procedures for the voluntary reporting of 14 CFR violations, and FAA policies regarding how these
reported violations are handled. The FAA believes that aviation safety is well served by incentives for
certificate holders and other operators to identify and correct their own instances of noncompliance, and to
invest more resources in efforts to preclude their recurrence. The FAA's policy of forgoing civil penalty
actions when an operator detects violations, promptly discloses the violations to the FAA, and takes prompt
corrective action to ensure that the same or similar violations do not recur, is designed to encourage
compliance with FARs, foster safe operating practices, and promote the development of Internal Evaluation
Programs.
(B) Self-disclosures by employees to YCO management also provide YCO with safety information that may not
be captured through other reporting mechanisms. Self-disclosures are a positive indication to FAA of Your
Company’s commitment to addressing safety problems and proactively identifying potential safety hazards.
They demonstrate both employees’ and management’s emphasis on safety and willingness to better
manage safety issues. Self-disclosure of apparent violations to FAA also serves to heighten the trust that
exists between YCO and the FAA, and is a visible demonstration of YCO’s positive safety culture.
(C) Self-disclosures may also
event of an inadvertent violation, including civil penalty actions and suspension
of airmen certificates. Certain eligibility requirements must be met for this protection, as set forth herein.
(D) All employees are encouraged to immediately bring to the attention of a manager, any known or suspect
violation of FARs. YCO managers support and promote YCO’s positive safety culture, and are well-qualified
to assist individual employees with the protections offered under this program. Through the prompt reporting
of apparent violations, determination of root causes and implementation of comprehensive fixes, Your
Company will continue to maintain the highest level of aviation safety.

[Link] Revision: 9 Confidential Reporting System Page 6-13


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

NOTES:
Apparent violations involving Hazardous Materials (Dangerous Goods) shouldbe accomplished in accordance
with current AC 121-37, Voluntary Disclosure Reporting Program—Hazardous Materials.

Voluntary disclosure for violations of anti-drug and alcohol misuse prevention program regulations must be
reported to the Drug Abatement Division Manager, AAM-800, 800 Independence Avenue S.W., Washington,
D.C. 20591. Reports will be processed in accordance with directions from that office.

6.6.2 CONDITIONS REQUIRED FOR ELIGIBILITY


(A) In evaluating whether an apparent violation is covered by FAA policy as set forth in AC 00-58B, FAA will
ensure that the following five conditions are met:
(1) YCO must

must have been inadvertent, and not a blatant disregard for the FARs.
(3) The apparent violation must not indicate a lack, or reasonable question, of qualification of Your
Company.
(4) Immediate action must be taken (satisfactory to the FAA) upon discovery to terminate the conduct or
operation that resulted in the apparent violation.
(5) YCO must have developed, or be in the process of developing, a comprehensive fix which is
satisfactory to FAA. The comprehensive fix must include:
(a) Identification of root cause(s).
(b) A schedule of implementation.
(c) An internal follow-up self-audit to ensure the action taken corrects the noncompliance.

6.6.3 EXCEPTIONS
(A) If the FAA has learned of an
by the FAA, even though the FAA has already learned of the
violation from the ASAP.
(B) Similarly, if YCO voluntarily agrees to conduct a joint audit (inspection) with the FAA during which an
apparent violation is discovered either by YCO or FAA members of the audit (inspection) team, the FAA may
accept a voluntary disclosure submitted by YCO, even though the FAA has already learned of the apparent
violation during the course of the inspection.

6.6.4 REPEATED VIOLATION


(A) If a repeated violation occurs, and upon consideration of the facts and circumstances surrounding the
repeated violation, the FAA will determine on a case-by-case basis whether a repeated violation will be
covered under this policy. Depending upon the specific circumstances associated with the event, citations of
a common regulation may not necessarily be indicative of a common systemic failure.

6.6.5 CLOSED CASE: CONDITIONS FOR REOPENING


(A) Following FAA closure of
of the disclosure, FAA will not reopen the
case unless it determines that Your Company failed to comply with all the elements of the comprehensive fix
as agreed upon by FAA and YCO.

[Link] Revision: 9 Confidential Reporting System Page 6-14


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.6.6 DISPUTE RESOLUTION


(A) When disputes occur regarding the acceptance of a proposed comprehensive fix, or a modification thereto
before the fix i

6.6.7 SEPARATE ACTIONS AGAINST AIRMEN OR OTHER INDIVIDUAL AGENTS


(A) Voluntary Disclosure Application. The voluntary disclosure policy applies to individual airmen or other
agents of an employing certificate holder, fractional ownership program, or PAH only when all of the
following occur:
(1) The apparent violation

the report of his or her apparent violation to YCO.


(4) Your Company immediately notifies the FAA of both the airman or other agent’s apparent violation and
the apparent deficiency in its practice or procedures.
(B) Procedures if Conditions are Met. When all the aforementioned conditions are met, a separate EIR is
opened for the individual and closed with no more than administrative action in accordance with the current
edition of FAA Order 2150.3, Compliance and Enforcement Program.
(C) Procedures if Conditions Are Not Met. If all the aforementioned conditions are not met, the PI will review
all facts associated with the case and determine what action is appropriate for individual airmen or other
agents of Your Company.
(D) Application of this Provision. This provision does not apply to matters concerning qualifications to hold an
airman certificate.
(E) Special Provisions. Special provisions exist for apparent violations by Your Company, when a voluntary
disclosure is made based on information in an ASAP report. In such cases, the FAA may, at its sole
discretion, accept the corrective action recommended by the ASAP Event Review Committee (ERC) for an
accepted ASAP report as the comprehensive fix for the voluntary disclosure. This is acceptable when the
following conditions all apply (even when an apparent employee qualification or competency issue is
involved):
(1) The FAA determines that the violation is due entirely to the actions of the employee(s) and not to a
systematic or procedural deficiency of Your Company;
(2) The employee completes the corrective action recommended by the ASAP Event Review Committee to
the satisfaction of the FAA.

6.6.8 APPLICABILITY OF THE FOIATO SELF DISCLOSURE RECORDS


(A) Records submitted to

of Information Act (FOIA). Specifically, provisions of part 193 and FAA Order
8000.89, Designation of Voluntary Disclosure Reporting Program (VDRP) Information as Protected from
Public Disclosure under 14 CFR Part 193.

[Link] Revision: 9 Confidential Reporting System Page 6-15


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.6.9 PROCEDURES FOR REPORTING TO YCO


(A) Personnel should first report an apparent violation into YCO’s OmniSMS application:
(1) If the
Reporting into OmniSMS.
(2) If the reporter’s employee group is covered under the YCO ASAP, make the report in accordance with
paragraph 6.5.5 Reporter’s Designation of an ASAP Submission.
(B) YCO managers will assist those involved in order to evaluate the number and depth of any potential
violation(s). It may be

YCO, while acting on behalf of YCO, inadvertently violates the FAA’s


regulations as a direct result of a deficiency of YCO that causes YCO to be in violation of the
regulations.
NOTE:
The voluntary disclosure policy does not apply to the airman or other agent when
His / her apparent violation is the result of actions unrelated to a YCO deficiency.

6.7 USE OF THE WEB-BASED VDRP TOOL FOR SUBMISSIONS


6.7.1 VDRP WEB-BASED SYSTEM ACCESS AND SUPPORT
(A) Access. The Web-based

certificate responsibilities for Your Company. Each authorized


representative will be issued a unique login identification and password for access to the system.

VDRP Web Address (URL): [Link]

(B) User Support. Refer to VDRP User Guide at: [Link] or contact:
(1) VDRP Help Desk at (866) 285-4942 for additional information
(2) FAA MyIT Service Center Phone: 1-844-FAA-MYIT (322-6948)
(3) E-mail Address: helpdesk@[Link] / [Link]

6.7.2 GENERAL INFORMATION


(A) The Web-based VDRP is accessible anywhere with an Internet connection, on a 24-hour, 7-day-a-week
basis, subject to access privileges granted.
(1) Internal tracking and

install.
(4) Secure: Only authenticated users can access VDRP system. All transactions are encrypted using 128
bit Secure Socket Layer (SSL) technology.

[Link] Revision: 9 Confidential Reporting System Page 6-16


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.7.3 USER RESPONSIBILITIES


(A) Your Company Managers: Each designated YCO VDRP authenticated user is responsible for submitting a
voluntary disclosure for potential violations that occur within his / her functional area of responsibility. This
includes completing the written report, and implementing corrective actions satisfactory to the functional
area manager’s principal inspector (PI).
(B) FAA Inspectors: A PI, or his/her designee, is assigned to a voluntary disclosure. The assigned inspector is
responsible for reviewing and accepting (or declining) submissions from YCO (i.e., initial notification, written
report and any revisions to the written report/corrective actions). In addition, the PI will issue a Letter of
Correction (or other administrative action, as appropriate), while confirming implementation of the corrective
actions agreed upon with YCO. The PI will close the VDRP file upon satisfactory implementation of the
corrective action(s), or open an enforcement investigation if YCO should fail to implement the corrective
action as detailed in the Letter

stage process. Responsibility for each such stage is assigned either to


Your Company or the FAA, as described below. The voluntary disclosure policy applies only when
notification of an apparent violation is made to the FAA by Your Company, immediately after the apparent
violation has been discovered by YCO, and before the FAA learns of the apparent violation by some other
means.
(1) Your Company Requirements. Your Company is required to utilize the Web-based VDRP system for
submitting voluntary disclosures to the FAA.
(2) Disclosure Notification. Notification of a disclosure to the FAA will normally be made via the Web-
based system, unless extenuating circumstances prevent initial notification using that venue.
(3) Web-based VDRP System Provisions. The Web-based VDRP system contains provisions for
indicating that the notification process was initiated via another media. When acceptable to the PI,
initial notice of a voluntary disclosure may be submitted orally, via a written hardcopy, or by electronic
copy, provided Your Company enters the initial notification data via the Web-based VDRP system
within 72 hours of the original notification. Compliance with the 10 or 30-day limit for submission of the
written report, as described in Stage III below, will be based on the date of the original notification,
regardless of the submission means or media.

6.7.5 STAGE 1: NOTIFICATION BY YCO OF AN APPARENT VIOLATION


(A) When Your Company

as all PI’s for the YCO certificate are notified when a disclosure is submitted.
However, if YCO submits the initial notification via alternative media, as authorized in paragraph 6.7.6
below, the disclosure must be submitted to the appropriate PI.
(B) It is FAA policy that initial notification should be accomplished on a timely basis, ordinarily within 24 hours of
the discovery of the apparent violation. However, an inspector may accept disclosures that exceed the 24
hour policy when the inspector determines that a later submission is justified based on the specific
circumstances, and in view of those circumstances, the submission is still considered timely.
(C) For example, a voluntary disclosure based on a company violation revealed in an Aviation Safety Action
Program (ASAP) report may require more than 24 hours from the submission of that ASAP report in order
for the responsible company entity to become aware of the information in the report and to initiate a
voluntary disclosure.

[Link] Revision: 9 Confidential Reporting System Page 6-17


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(D) The FAA retains sole discretion in determining whether a voluntary disclosure received later than 24 hours
after discovery of the violation is timely. Your Company should therefore not delay notification for any
reason, and should address, to the maximum extent possible, the following items:
(1) Brief Description of Apparent Violation. A brief description of the apparent violation, including an
estimate of the duration of time that it remained undetected, as well as how and when it was
discovered.
(2) Verification of Cease of Noncompliance. Verification that noncompliance ceased after it was
identified.
(3) Brief Description of Immediate Action. A brief description of the immediate action taken after the
apparent violation was identified, the immediate action taken to terminate the conduct that resulted in
the apparent violation, and the person responsible for taking the immediate action.
(4) Verification of Evaluation. Verification that an evaluation is underway to determine:
(a) If there are any systemic problems; and
(b) The corrective steps necessary to prevent the apparent violation from recurring.
(5) Identification of Responsible Person. Identification of the person responsible for preparing the
comprehensive fix.
(6) Acknowledgement of a Written Report. Acknowledgment that a written report will be provided to the
PI within 10 working-days.
(7) Initial Notification Submission by Official YCO Management. The initial notification of a voluntary
disclosure must be submitted by one of the management officials specified in part 119, § 119.65, or §
119.69, as appropriate, or in accordance with paragraph (D)(8) directly below.
(8) Initial Notification Submission by Authorized Employees. The initial notification can be submitted
by an employee authorized by Your company to accomplish initial notification as long as that employee
includes a letter signed by one of the management officials specified in § 119.65 or § 119.69, as
appropriate. That
manager is aware of the disclosure;
(b) Your Company took immediate action to cease the violation; and
(c) Your Company has developed, or is developing, a proposed comprehensive fix for FAA
consideration to prevent future reoccurrences of the violation.

NOTE:
The Web-based VDRP allows upload of documents (photos, text documents, letters, etc.) by YCO in Stages I
and III and upload by the FAA in Stages II, III, IV, V and VI, to enable attachment
of whatever documents may be required to support their submissions.

[Link] Revision: 9 Confidential Reporting System Page 6-18


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

6.7.6 STAGE II: FAA RESPONSE TO YOUR COMPANY


(A) The PI will review the Web-based submission from YCO and respond in a timely manner. If the original
submission from YCO was made via an alternative media (e.g., telephone, etc.), the PI may respond via an
alternative means, but must also respond to the subsequent Web-based submission by YCO.
(1) PI Review. The PI’s review of the disclosure shall, to the extent possible, confirm the submission meets
the following

to the FAA, was taken upon discovery to terminate the conduct that
resulted in the apparent violation.
(e) YCO has developed, or is developing, a comprehensive fix and schedule of implementation
satisfactory to the FAA. The comprehensive fix includes a followup self-audit to ensure that the
action taken corrects the noncompliance. This self-audit is in addition to any audits conducted by
the FAA.
(f) The initial notification of a voluntary disclosure was submitted by one of the management officials
specified in § 119.65 or § 119.69, as appropriate; or, the initial notification was submitted by an
employee authorized by YCO to accomplish initial notification and includes a letter which meets the
requirements set forth in paragraph 6.7.5 (D)(8) of this Section.
(2) PI Completion of the Review. Once the PI completes the review of the voluntary disclosure
submission, he/she makes a determination to accept the disclosure, return it for editing, or find it
invalid.
(a) Acceptance: If the PI elects to accept the disclosure, the inspector completes the required Stage II
entries in the Web-based VDRP and submits his/her input. Upon submission by the PI, the VDRP
system will alert the Office Manager, via email, that the file is awaiting his or her review.
(b) Return for Edit: If the PI finds the disclosure does not contain sufficient information to accept the
disclosure, the PI has the option of returning the disclosure to YCO for editing. Upon selection of
the “send back” button and submission by the PI, the VDRP system notifies YCO of the
determination via email and returns the case to Stage I, pending resubmission by YCO.
(c) Rejection/Invalid: If the PI finds the disclosure does not meet the requirements set forth herein for
acceptance, or it has been determined that no violation occurred, the PI selects “No” in response to
the question, “Is this a valid self-disclosure?”. Upon submission by the PI, YCO is notified of that
determination by email.

. The Office Manager will review the PI’s determination to


accept the voluntary disclosure.
(a) If the Office Manager indicates concurrence with the PI’s acceptance determination and selects,
“Submit,” Stage II is concluded and the record will advance into Stage III, which triggers automated
email notification of YCO of the acceptance. It also triggers the VDRP system to open an
Enforcement Investigative Report (EIR), with automatic assignment of an EIR number to the report.
(b) If the Office Manager indicates nonconcurrence with the PI’s acceptance determination, the case
will be referred back to the PI for reconsideration with whatever comments have been entered by
the Office Manager. The case will not advance to Stage III until the Office Manager submits
concurrence with the PI’s determination.

[Link] Revision: 9 Confidential Reporting System Page 6-19


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

NOTE:
If, at any time subsequent to acceptance of the disclosure, the FAA becomes aware that the disclosure did not
meet the requirements set forth for acceptance under the VDRP, the acceptance may be withdrawn. In such
cases, as well in those cases where it is subsequently determined that a violation did not occur, the web-based
system provides the option of “rescinding” a case, which closes the file without action within the VDRP. If the
certificate holding office has sufficient evidence to proceed with enforcement action, independent of the
materials provided by Your Company as part of its submission under VDRP, enforcement action may be
initiated in accordance with the procedures set forth in the current edition of FAA Order 2150.3.

6.7.7 STAGE III: WRITTEN REPORT OF YOUR COMPANY’S APPARENT VIOLATION


(A) Written Report. The written report should be submitted by the air carrier, to the PI, via the web-based VDRP
system, within 10 working-days from the date the disclosure was submitted to the FAA. This report must
contain a detailed description of the proposed comprehensive fix, outlining the planned corrective steps, the
responsibilities for

fix should be submitted to the FAA within 30 calendar-


days after initial notification.
(B) Required Input. The VDRP web-based system requires the input of the following information in the Written
Report Stage:
(1) A list of the specific FAA regulations that may have been violated.
(2) A description of the apparent violation, including the duration of time it remained undetected, as well as
how and when it was detected.
(3) A description of the immediate action taken to terminate the conduct that resulted in the apparent
violation, including when it was taken, and who was responsible for taking the action.
(4) An explanation that shows the apparent violation was inadvertent.
(5) Evidence that demonstrates the seriousness of the apparent violation and the regulated entity’s
analysis of that evidence (Investigation of the event and root causes in OmniSMS)
(6) Completion of an Event Risk classification (ER) in the OmniSMS application to aid in evaluating the
significance of the event.
(7) A detailed description of the proposed comprehensive fix, outlining the planned corrective steps, the
responsibilities for implementing those corrective steps, and a time schedule for completion of the fix
and the subsequent self-audit.
(8) Identification of the company official(s) responsible for monitoring the implementation and completion of
the comprehensive fix and the self-audit.

6.7.8 STAGE IV: WRITTEN REPORT REVIEW BY THE FAA


(A) The FAA works with Your Company to ensure that YCO has identified any root causes and systemic issues
which led to the apparent violation. In this stage, the PI is also tasked with completing a Risk Assessment
Matrix to aid in evaluating the significance of the event and the proposed comprehensive fix. This
collaboration helps to ensure that the corrective actions contained in the comprehensive fix are acceptable
to the FAA.

[Link] Revision: 9 Confidential Reporting System Page 6-20


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

NOTE:
Should investigation of the apparent violation result in the determination that no violation has occurred, FAA may
close the EIR by rescinding the file and providing an explanation in the provided comment box. If the
inspector confirms the rescission, the case is closed in VDRP on that date and will close in EIS
ten (10) days later, with the original date of closure recorded in EIS. The ten day delay is
provided to enable FAA to re-open the file within that ten day “window” if necessary.

6.7.9 STAGE V: IMPLEMENTATION OF A COMPREHENSIVE FIX AND FAA SURVEILLANCE


(A) Implementation Period. During the implementation period, the FAA and YCO should continue to work
together. The FAA may advise and assist YCO in correcting any identified systemic problems. Changes will
be made to the proposed comprehensive fix when the need is identified. Upon determining that the initial
implementation of the proposed comprehensive fix is satisfactory, the PI may issue a letter of correction in
Stage V. Alternatively, the PI may elect instead to issue the letter of correction in Stage VI, if deemed
appropriate. If the letter of correction is issued in Stage V, and subsequent changes are made to the
Comprehensive Fix, the PI shall issue and upload a revised letter of correction in Stage VI which reflects the
letter of correction as implemented.
(B) Corrective Steps. FAA monitors the implementation of the corrective steps. Throughout the implementation
period, the FAA assesses Your

action initiated.

6.7.10 STAGE VI: INSPECTOR SIGNOFF


(A) At the conclusion of the implementation period, the PI and the certificate-holding Office Manager will make a
final assessment. Consultation with regional specialists, legal counsel, or other FAA personnel may be
accomplished when deemed appropriate by the PI or the Office Manager.
(1) Stage VI Completion. If all elements of the comprehensive fix have been satisfactorily accomplished,
including Your Company’s self-audit (Follow-up in OmniSMS), the PI will submit the required entries in
the Web-based system for Stage VI completion.
(2) Stage VI Submission. Upon Stage VI submission by the PI, the VDRP system will notify the Office
Manager via email that the file is awaiting the manager’s review. The Office Manager will then log into
the VDRP system, review the VDRP file, and assess the adequacy of the Comprehensive Fix and its
implementation. The Office Manager must decide whether to concur with the PI’s determination that the
Comprehensive Fix was satisfactorily accomplished.
(a) If the Office Manager concurs with the PI’s determination, Stage VI is concluded upon submission
of the manager’s concurrence, and the VDRP system will automatically generate the Form 2150-5
as well as close the associated EIR record in the Enforcement Information System (EIS).
(b) If the Office Manager wishes to indicate nonconcurrence with the PI’s determination, the Office
Manager will offer any comments in the comment area provided for that purpose, and the case will
be referred back to the PI for reconsideration with whatever comments were entered by the Office
Manager. The case will not advance out of Stage VI until it is re-submitted by the PI and the Office
Manager submits his/her concurrence.

[Link] Revision: 9 Confidential Reporting System Page 6-21


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Confidential Reporting System Page 6-22


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

7. SMS Organization
7.1 STRUCTURE
(A) Your Company’s Safety Management Organization consists of both management personnel and employees,
all of whom actively participate in the company’s safety management efforts. These participants consist of
the Accountable Executive, the Director of Safety, the Safety Action Group, department managers, and
all employees.

7.2 SAFETY MANAGEMENT ORGANIZATION CHART

Insert your ORG chart here – be sure there is a direct line of


communication from the Director of Safety to the
senior Accountable Executive

7.3 ACCOUNTABLE EXECUTIVE

First Name Last Name Tel. (xxx) – XXX-XXXX Email:

7.3.1 DESIGNATION OF THE ACCOUNTABLE EXECUTIVE


SRR 5.25(a)
(A) Your Company has designated the above-named Accountable Executive who, irrespective of other
functions:
(1) Is the final authority over operations authorized to be conducted by YCO;
(2) Controls the financial resources required for the operations authorized;
(3) Controls the human resources required for the operations authorized;
(4) Retains ultimate responsibility for the safety performance of the operations conducted.

[Link] Revision: 9 SMS Organization Page 7-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

7.3.2 RESPONSIBILITIES OF THE ACCOUNTABLE EXECUTIVE


SRR 5.25(b)
(A) The Accountable Executive shall provide a strong and active leadership role in safety management by
fostering Your Company’s positive safety culture and setting personal examples in day-to-day work.
(B) The Accountable Executive is an active participant in Your Company’s SMS. The Accountable Executive
reviews the

shall, when absent, appoint a management representative to serve in his


capacity, with regard to SMS duties and responsibilities.
(D) Your Company’s Accountable Executive is further responsible for:
(1) Ensuring the SMS is properly implemented and performing in all functional areas of YCO;
(2) Developing and signing YCO’s safety and quality policy statement;
(3) Communicating the safety policy throughout Your Company;
(4) Regularly
YCO’s safety performance, and directing actions necessary to address
substandard safety performance.

NOTE:
Reviews of safety policy and safety performance are conducted during YCO’s annual
management review. Refer to the YCO Internal Evaluation Program
(under separate cover) for Instructions and procedures.

7.4 DIRECTOR OF SAFETY

First Name Last Name Tel. (xxx) – XXX-XXXX

7.4.1 RESPONSIBILITIES OF THE DIRECTOR OF SAFETY


SRR 5.23(a)(2), 5.25(c)
(A) The Director of Safety (DOS), as a department manager, is responsible for the requirements of paragraphs
7.6.1(A) and (B) below. In addition, the DOS is responsible, on behalf of the Accountable Executive, for:
(1) Ensuring that processes needed for the SMS are established, implemented and maintained;
(2) Accomplishing the SMS Manual and supporting programs;
(3) Monitoring of employee reports and corrective actions, disposition of reports received, and evaluating
the results of

;
(7) Planning and facilitating staff safety training;
(8) Providing independent advice on safety matters;
(9) Communicating safety requirements and promoting awareness of safety expectations throughout the
organization.

[Link] Revision: 9 SMS Organization Page 7-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(B) The DOS is further responsible for:


(1) Monitoring and collecting pertinent safety information from industry sources regarding industry safety
concerns that may have an impact on operations;
(2) Coordinating and communicating (on behalf of the accountable executive) with regulators and other
service providers on issues relating to safety;
(3)

directly to the highest level of authority, the Accountable Executive.


(D) The Director of Safety is responsible for acting as chairperson of the Safety Action Group, and shall perform
the duties of Safety Action Group chairperson as set forth in paragraph 7.5.4 Safety Action Group Chair
below.
(E) The Director of Safety reports directly to the Accountable Executive and, unless also serving as a key
aviation manager for Your Company, operates independently from the operations, dispatch, maintenance
and inspection departments of YCO. Even though the Director of Safety may hold a full time position under
another department head (such as pilot or mechanic), a direct line of responsibility, authority and reporting
to the Accountable Executive permits the Director of Safety to perform follow-up audits and internal
evaluations without pressure or fear of reprisal from any manager.

NOTE:
The Director of Safety may delegate certain duties to other personnel (such as auditors or an administrative
assistant), but remains responsible for the proper accomplishment of all duties delegated. The
Director of Safety shall, when absent, appoint a representative to serve in his/her capacity,
with regard to the duties and responsibilities of the YCO Safety Management System.

7.4.2 SELECTION AND APPOINTMENT


(A) The Director of Safety is selected in accordance with the guidance contained in ICAO Doc 9859, and
appointed by the Accountable Executive as identified above. The Director of Safety shall perform all duties
at all times in accordance with YCO best practices and with the highest level of safety.

7.4.3 KNOWLEDGE
(A) The person assigned as Director of Safety should have a full understanding of the following materials with
respect to YCO’s operations:
(1) The YCO
Specifications and appropriate maintenance and airworthiness requirements;
(3) Occupational Health and Safety standards and safe operating practices.

[Link] Revision: 9 SMS Organization Page 7-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

7.4.4 EXPERIENCE AND EXPERTISE


(A) The Director of Safety should have extensive operational experience and professional qualifications in
aviation. This includes a knowledge and understanding of the SMS Manual, aviation safety standards, and
safe aviation operating practices.
(B) The Director of Safety should also have established professional qualifications. These qualifications may be
any of the following:
(1) A commercial pilot or airline transport pilot certificate.
(2) A mechanic’s

comparable position in military aviation operations.


(6) Three years’ experience in a supervisory position with an ICAO member state government department,
board, or agency that deals directly with aviation matters.

7.4.5 COMPETENCY REQUIREMENTS


(A) The Director of Safety shall have received training in the implementation and administration of this SMS
Manual and supporting programs through completion of appropriate online SMS training courses. It is highly
desirable that the Director of Safety shall also have completed a course of study in Aviation Safety and one
or more Aviation Safety Education Programs as offered by FAA and other private organizations.
Participation in industry safety meetings, conferences or schools is also considered an important part of the
continuing education of the Director of Safety.

7.5 SAFETY ACTION GROUP


7.5.1 STRUCTURE & STAFF
(A) Safety Action Group members may be adjusted / added at the discretion of the D.O.S.
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:

7.5.2 DESIGNATION AND RESPONSIBILITIES OF THE SAFETY ACTION GROUP


SRR 5.25(c)
(A) The Accountable Executive has designated management personnel to be members of the YCO Safety
Action Group who, on behalf of the Accountable Executive are responsible for the following:
(1) Coordinate

of safety risk controls;

[Link] Revision: 9 SMS Organization Page 7-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(4) Ensure safety promotion throughout the organization as required;


(5) Regularly report to the Accountable Executive on SMS performance and on any need for improvement.
(B) Safety Action Group members are further responsible for:
(1) Review of, and revisions to, the Emergency Response Plan;
(2) Managing interfaces between documents when revisions are necessary;
(3) Investigating and reporting on incidents/accidents, with recommendations to preclude a recurrence.
(4) Resolution of

and designated auditors meet minimum competency requirements;


(C) Safety Action Group members should possess the necessary training, knowledge, experience and expertise
to identify hazards, assess risk, and develop risk controls and corrective actions to mitigate risk for
operational processes within their respective areas.
(D) Each Safety Action Group member shall, when absent, appoint a representative from their department to
serve in his/her capacity, with regard to that member’s duties and responsibilities as set forth herein.

7.5.3 MEETINGS
(A) Safety Action Group meetings should be held at least quarterly or more often if deemed necessary by the
Director of Safety or the Accountable Executive. Minutes of each meeting will be taken by a team member
and formalized by the Director of Safety. Minutes shall then be distributed to all team members and should
contain, at a minimum:
(1) Courses of action regarding high-risk issues
(2) Plans for growth or change
(3) Responsibilities for Issues in the OmniSMS application.
(B) At regularly scheduled meetings of the Safety Action Group, the Director of Safety reviews all reports, safety
information, audit findings and other safety concerns with appropriate department managers who are
responsible for various areas of the company’s operational processes (flight operations, ground services,
maintenance, inspection, administration, etc.). Issues are created and reviewed in the OmniSMS
application, as well as responsibilities and due dates for all tasks assigned.

7.5.4 SAFETY ACTION GROUP CHAIR


(A) The Director of Safety chairs the Safety Action Group. The Director of Safety conducts and chairs regularly
scheduled Safety Action Group meetings and emergency meetings when necessary, and prepares written
agenda and minutes for all

System, including identified hazards, employee suggestions for


safety, IEP (audit) findings, industry safety developments, analysis of risks, and the results of industry
accident and incident investigations.
(C) The Director of Safety may also submit loss prevention programs to the Safety Action Group for review and
approval.

[Link] Revision: 9 SMS Organization Page 7-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

7.6 SAFETY REVIEW COMMITTEE


7.6.1 STRUCTURE & STAFF
(A) Safety review committee members may be adjusted / added at the discretion of the D.O.S.
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:
First Name Last Name Tel. (xxx) – XXX-XXXX Email:

7.6.2 DESIGNATION AND RESPONSIBILITIES OF THE SAFETY REVIEW COMMITTEE


SRR 5.25(c)
(A) The Accountable Executive has designated management personnel to be members of the YCO Safety
review committee who, on behalf of the Accountable Executive are responsible for the following:
(1) Provide strategic safety direction;
(2) Ensure that sufficient and appropriate resources are allocated to achieve required safety performance;
(3) Monitor
management reviews.

NOTE:
Depending on the size and scope of YCO operations, the Safety Action Group and the
Safety review committee may be one committee, staffed by the same qualified managers.

7.7 DEPARTMENT MANAGERS


7.7.1 RESPONSIBILITIES OF DEPARTMENT MANAGERS
SRR 5.23(a)(2)
(A) Functional area department managers, together with the Director of Safety, are responsible for developing,
implementing, and maintaining SMS processes within their respective areas of responsibility. This includes,
but is not limited to:
(1) Hazard

required in Section 4: Safety Promotion and;


(4) Advising the Accountable Executive on the performance of the SMS and on any need for improvement.

[Link] Revision: 9 SMS Organization Page 7-6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

(B) Department managers are responsible for maintaining documents and sources of information from the YCO
Technical Management System that pertain to their respective departments. These documents and
information sources include:
(1) Appropriate Parts of YCO Operations Specifications;
(2) Manuals and Programs applicable to each department;
(3)
requirements.

(C) Department managers are responsible for safety-related tasks and duties within their respective areas of
responsibility which include:
(1) Monitoring of operational data (e.g., duty logs, crew reports, work cards, process sheets, and reports
from the confidential reporting system);
(2) Receipt, evaluation and forwarding to the Director of Safety of all reports received from the confidential
reporting system;
(3) Encouragement of employee and vendor suggestions which lead to improved safety, health, or
environmental quality in the workplace;
(4) Development of department-specific loss prevention programs;
(5) Acquisition of safety

and maintaining currency of MSDS files;


(7) Posting and dissemination of all SAFETY NOTICES to department personnel and vendors;
(8) Elimination of accumulations of equipment or waste materials from the workplace that could lead to
injuries, accidents, or unhealthy conditions.
(9) Development and improvement of controls that help to ensure safety and successful process outputs.

NOTE:
Controls that regulate or ensure process functions are critical to system safety. Whenever a change is
made to controls in operational processes, the YCO Safety Action Group shall review the proposed
change and perform a risk assessment of the proposed change before it is implemented.

[Link] Revision: 9 SMS Organization Page 7-7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

7.8 PERSONNEL
7.8.1 RESPONSIBILITIES
SRR 5.23(a)(3)
(A) All personnel are responsible for:
(1) Professionalism while on duty and when representing YCO in any capacity, both on-duty and off-duty;
(2) Reporting for duty properly rested and fit, both physically and mentally;
(3) Notifying a supervisor if for any reason fitness for duty is compromised due to life stressors or events;
(4) Adherence to all YCO
with all YCO policies, procedures, and government rules;
(6) Application of time-critical risk management during all duty assignments (viewing assignments and
tasks from a risk-management perspective).
(7) Initiating suggestions to management that will improve safety, efficiency, and the quality of services
provided.
(B) All personnel at all levels throughout YCO are responsible for the prompt and diligent reporting of all
observed or suspected hazards, as well as for reporting all injuries, damage to property, incidents, and
accidents honestly, and without fear of reprisal.

NOTE:
Like FAA regulations, company policies and procedures are written in the interest
of preserving the lives and resources entrusted to each person,
and when rules are violated, risk is usually increased.

7.8.2 STOP WORK AUTHORITY


(A) In the interest of safety, all

interruption of ground and/or maintenance activities, and


evacuation of premises.

[Link] Revision: 9 SMS Organization Page 7-8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

8. Operational Risk Assessment


8.1 INTRODUCTION
(A) Every flight and ground or maintenance activity has hazards and some level of risk associated with it. YCO
uses an integrated
Go / No-go thresholds for risk assessment, in order to achieve the highest level
of safety. These tools are applied during preflight and job planning to identify various hazards to safe
operations.
(B) Pilots, engineers, and their respective managers are therefore able to easily differentiate between a low risk
flight or job and a high risk flight or activity. Mitigations may then be applied with the input of crew / team
members to address hazards which require mitigation and / or whose associated risks are deemed
unacceptable. Each completed ORA generates a ‘checklist’ of identified hazards that forms a sound
basis for crew resource and maintenance resource management briefings, both prior to and during
the activity or mission.
(C) YCO’s proactive method of quantifying and assessing various risk factors for a specific flight or job uses the
following Risk Assessment

level, risk factors are further evaluated and the risk


reduced using the procedures contained herein.

8.2 FLIGHT RISK ASSESSMENT POLICY


(A) Your Company flight managers are responsible for determining an acceptable level of risk for all flight
operations based on the type of operation, environment, aircraft and equipment utilized, crew training, and
overall operating experience of the flight crew. When high-risk hazards or combinations of hazards are
identified which elevate risk, the overall level of risk should be reduced to a level that is As Low As
Reasonably Practicable (ALARP).

8.2.1 PILOT-IN-COMMAND AUTHORITY


(A) The pilot’s authority to decline a flight assignment is supreme, while his / her decision to accept a flight
assignment is subject to review, if certain risks are identified.
(1) The pilot’s decision to decline, cancel, divert, or terminate a flight overrides any decision of other
parties to accept or continue a flight.
(2) The pilot’s decision to accept a flight assignment may be overridden by other personnel through use of
the operational control procedures and policies of YCO, including use of the risk assessment /
management tools and

per the YCO flight risk assessment plan, other


knowledgeable personnel must provide additional operational inputs.
(D) As potential hazards are identified in the assessment process, a collaborative group of additional persons
who have the experience and knowledge to assist the flightcrew in safety determinations are brought into
the decision-making process. Such collaboration should never result in the questioning or overruling of the
pilot’s determination that the risks associated with a flight mission or operation are too numerous or high.

[Link] Revision: 9 Operational Risk Assessment Page 8-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

8.3 HAZARDS AND THREATS


(A) Hazards and threats to safe flight (and other activities) are affected by the type of mission being planned, the
operating environment, equipment, and human factors. YCO flight managers should remain vigilant for
variables that are unique to specific mission types, airports, geographic areas, etc., and in particular to
planned flights which are atypical

activities and mission types.


(C) When developing an ORA template for flight operations, consider the following hazard groups, and select
hazards to present in the ORA template:
(1) Flight planning
(2) Environmental attributes
(3) Adverse weather
(4) Geography
(5) Mission attributes
(6)

(9) Scheduling / Crew fitness


(10)Crew knowledge and skills
(11)Recent experience in type, duty position, environment, destination(s)

(D) When developing an ORA template for non-flight operations, consider the following hazard groups, and
select hazards to present in the ORA template:
(1) Adverse weather
(2) Environmental attributes
(3) Ambient light
(4) Scheduling / fitness
(5)

on aircraft, with equipment interface, tasks, procedures


(8) Communications barriers
(9) Tech data support equipment, tools, etc.

NOTE:
In order to ensure the highest level of safety, pertinent hazards should be identified, evaluated,
and then mitigated, deferred or accepted in accordance with applicable
regulations and YCO policies, procedures and best practices.

[Link] Revision: 9 Operational Risk Assessment Page 8-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

8.4 USE OF RISK ASSESSMENT TOOLS


8.4.1 OPERATIONAL RISK ASSESSMENTS (ORA)
(A) Operational Risk Assessments are developed by YCO department managers for use by various YCO groups
who perform safety-critical jobs (e.g., pilots, maint. techs). The ORA is used to record hazards identified
during preflight and job planning. Whenever values fall above specified thresholds, risk mitigating strategies
are required in accordance with YCO policy (see paragraph 8.2 Flight Risk Assessment Policy above).
(B) To ensure the efficacy of Your Company’s ORA tools, YCO managers assign numeric values to each hazard
on the ORA template, from 1-5. Numerical thresholds are also established that trigger additional levels of
scrutiny in order

thresholds, it is important to understand that risk has several


elements that must be considered, including probability, severity, and weighted value:
(1) Based on the hazard, what type of undesired event are we concerned about?
(2) What is the probability of that particular event occurring?
(3) If the event were to occur, what is its anticipated severity?
(4) And what is the weighted value of this hazard in relation to other hazards that may be present?
(D) Using this criteria, YCO managers set weighted values for each ORA hazard, and thresholds for operations
that require management authorization (moderate risk) or that demand a NO-GO decision (high risk).
(E) Managers should periodically review their ORA templates for continued applicability, for items that are
unique to current YCO operations, and for refinement of the hazard lists and thresholds. Feedback from
front-line users should

hazards taxonomy during ORA template development and revision.


(G) Your Company flight managers are responsible for determining an acceptable level of risk for all flight
operations based on the type of operation, environment, aircraft used, crew training, and overall operating
experience. When the risk for a flight exceeds the acceptable level, the hazards associated with that risk
should be further evaluated and the risk reduced, or the operation cancelled.

CAUTION:
A higher risk flight should not be operated if hazards
cannot be mitigated to an acceptable level.

8.4.2 OPERATIONAL RISK ASSESSMENT (ORA) PROCEDURES


(A) Perform preflight planning in accordance with YCO standards and policies. Then, using the desired ORA
template as developed by management, conduct an analysis of the intended flight using the steps below:
(1) Select pertinent hazards
(2) Review the ORA with other crewmembers
(3) Mitigate
value of each hazard mitigated, based on effectiveness of the mitigation.
(5) Assess the ORA value, and obtain management authorization if necessary.
(6) Accept the ORA if the final value is within the acceptable range.

[Link] Revision: 9 Operational Risk Assessment Page 8-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

8.4.3 ORA – FLIGHT RISK ASSESSMENT EXAMPLE


(A) The following discussion provides a practical example involving the operation of a night flight where the
destination airport is experiencing windy, rainy conditions. The captain has fewer than 200 hours in type,
and the first officer has flown less than 100 hours in the last 90 days.
(B) The ORA template selected requires the chief pilot to authorize ORA values of over 15, and to assist the PIC
in determining whether the risk will be accepted, rejected, or mitigated. Further, the ORA threshold sets a
NO-GO threshold prohibiting operation if the value exceeds 20.
(1) Identify the hazards
(a) The captain is

.
(d) The flight will operate at night.
(e) The destination crosswinds are greater than 15 knots.

(2) Assess the risks


(a) The combination of hazards associated with this flight generates a risk value of 21.
(b) The ORA threshold for management authorization is 15, so the chief pilot is brought in for
consultation.

(3) Analyze risk control measures


(a) The flight could be cancelled or delayed.
(b) A more experienced PIC and/or SIC could be assigned (if available).
(c) A different destination airport could be specified (if possible / practical).

(4) Make control decisions


(a) Since the risk value of 21 exceeds the ORA’s NO-GO threshold of 20, the flight must either be

level.

(5) Mitigate hazards


(a) The chief pilot decides to allow the scheduled captain to operate the flight.
(b) However, a first officer is assigned who is more current and who has flown more than 100 hours in
the last 90 days.
(c) Further, the Chief pilot changes the destination airport to an airport with no crosswind expected.
(C) By reducing the hazards present, the chief pilot has reduced the overall flight risk value to 18 and has
elevated the operational level of safety.

Note:
It is important to note here that the PIC still makes the go / no-go decision; not the chief pilot.

[Link] Revision: 9 Operational Risk Assessment Page 8-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9. Fatigue Risk Management


9.1 OVERVIEW
(A) Your Company’s fatigue risk management (FRM) program consists of policies, methods and procedures that
mitigate the risks associated with fatigue and other related hazards. It is intended to provide an enhanced
level of safety by identifying and managing the causes of fatigue and fatigue-related events.
(B) YCO manages fatigue using a data-driven approach based on scientific principles and operational
knowledge. This requires monitoring and management of not just fatigue risks, but also related operational
risks when operators may be fatigued.
(C) Fatigue risk management identifies fatigue drivers and fatigue-related hazards, allowing managers to
develop proactiv
and manage the potential risks associated with fatigue, including fatigue-related
errors.
(D) Over time, data analysis and repetitive performance improvements result in continuous improvement by
identifying and addressing fatigue factors and changing physiological and operational circumstances.

9.1.1 FRM SCOPE


(A) Fatigue risk management policies and procedures shall apply to all YCO personnel who perform safety-
sensitive tasks for YCO. This includes dispatch and flight following personnel, pilots, mechanics, cabin
crews, and ground support personnel during performance of safety-critical tasks.

9.1.2 FATIGUE RISK MANAGEMENT ELEMENTS


(A) YCO manages fatigue-related risks through use of the following FRM elements:
(1) Fatigue risk management policies and objectives;
(2) Fatigue reporting

;
(5) Education and awareness training;
(6) FRM performance evaluation.

9.1.3 CAUSES OF FATIGUE


(A) The primary causes of fatigue in aviation personnel are:
(1) Amount, timing, and quality of sleep each day (sleep/wake schedule);
(2) Amount of time since last sleep period (continuous hours awake);
(3) Time of day (circadian rhythm);
(4) Operations through multiple time zones; and
(5) Workload and time on task.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.1.4 DEFINITIONS
Acute Fatigue - Acute fatigue is closely related to recent sleep (i.e., sleep within the last 24 hours), time since
last sleep, and current time of day. Less than 8 hours of sleep in the last 24 hours, being awake longer than 17
hours, and working between midnight and 0600 are associated with acute fatigue in the average person.
Chronic Fatigue - The average person needs about 8 hours of sleep per day. If the average person gets less
than the required amount of sleep each day for multiple days, then a state of chronic fatigue can occur. With
chronic fatigue, performance is degraded and recovery tends to be relatively slow. A person can hasten
recovery by attempting to sleep longer than the normal amount for several days.
Circadian Fatigue - Circadian fatigue refers to the reduced performance during nighttime hours, particularly
during an individual’s Window of Circadian Low (WOCL) (typically between 0200 and 0600 hours).
Circadian Rhythm - In humans, the circadian rhythm is a daily alteration in a person’s behavior and physiology.
These behavioral and physiological alterations are controlled by an internal biological clock located in the brain
(i.e., the circadian clock). Examples of circadian rhythms include body temperature, melatonin levels, cognitive
performance, alertness levels, and sleep patterns.
Cumulative Fatigue - Cumulative fatigue is fatigue brought on by repeated mild sleep restriction or extended
hours awake across a series of days.
Duty, Duty period, Off duty – Duty is any task a person is required by the company to perform, including flight
time, administrative work, managerial duties, training and deadheading. Duty period is a continuous period of
time during which tasks are performed for the company, from report time until free from all required tasks. Off
duty is a continuous, predefined period of uninterrupted time during which a person is free of all duties.
Fatigue - Fatigue is a complex state characterized by a lack of alertness and reduced mental and physical
performance, often

) occurs when a person has been awake for at least 24


hours. This event is reportable if an employee is on duty and has been awake for 24 hours without any sleep.
Window of Circadian Low (WOCL) - The window of circadian low is best estimated by the hours between 0200
and 0600 for individuals adapted to a usual day-awake / night-sleep schedule. This estimate is calculated from
scientific data on the circadian low of performance, alertness, peak fatigue, and body temperature. For duty
periods that cross three or fewer time zones, the window of circadian low is estimated to be 0200 to 0600 home-
base / domicile time. For duty periods that cross four or more time zones, the window of circadian low is
estimated to be 0200 to 0600 home-base / domicile time for the first 48 hours only. After a crew member
remains more than 48 hours away from home-base / domicile, the window of circadian low is estimated to be
0200 to 0600 local time at the point of departure. For flightcrews, recommended guidelines related to the window
of circadian low should be applied when any of the following operations occur: landing within the window; flight
through both sides of the window; or duty period that starts at 0400 or earlier within the window.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.2 FRM POLICY / OBJECTIVES


9.2.1 GENERAL POLICY
(A) Fatigue risk management is shared jointly by every person at YCO, at all levels of management. This is
because fatigue is affected by more than just work demands; fatigue is affected by all waking activities. The
following policies provide a framework under which the risks associated with fatigue are managed, and risks
reduced to an acceptable level.

NOTE:
Refer to Section 1: Safety Policy and Objectives for YCO’s formal Fatigue Risk
Management Policy Statement as signed and published by the Accountable Executive.

9.2.2 GOALS AND OBJECTIVES


(A) Your Company’s safety goals and objectives (as set forth in Section 1: Safety Policy and Objectives) will
be achieved in part by applying fatigue risk management policies and procedures to all safety-critical tasks
and activities. This includes dispatch and flight following, flight operations, maintenance activities, and
ground support

which tasks, activities, and operations have a higher level of safety-criticality


and, when fatigue is present, a greater probability of negative outcomes.

9.2.3 FLIGHT / DUTY TIME LIMITATIONS


(A) YCO schedulers, the flight operations department and all personnel shall observe all regulatory and
company-prescribed flight time and duty time limitations. Senior management is committed to fully comply
with all flight / duty time and rest period requirements as well as regulatory requirements for fatigue risk
management, in order to fulfill our safety goals and objectives.

9.2.4 FLIGHT / DUTY TIME EXTENSIONS


(A) Should operational contingencies require an extension of flight time or duty time limitations, such an
extension can only be granted:
(1) In accordance with FAA / CAA regulations; and
(2) When approved by the appropriate department manager; and
(3) With the specific concurrence of all members of the aircraft crew or team.
(B) Such extensions will be formally recorded and retained on file for no less than two years.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.3 FRM RESPONSIBILITIES


9.3.1 PERSONNEL
(A) All personnel are expected to report for duty fit and sufficiently well rested to be able to safely perform the
duties of the job. Each individual is responsible for alerting their supervisor or department manager when he
or she is not sufficiently rested to perform safely.
(B) If circumstances preclude sufficient sleep for an individual to be adequately alert and rested and to perform
duty, whether they are the result of the schedule, delays, illness, life events, or personal actions, it is each
person’s responsibility to report his or her state of fatigue to their supervisor or department manager. No
person should accept

can decide how much sleep is adequate to maintain alertness


and performance. It is each person’s individual responsibility to get as much sleep as they need and to take
additional sleep when they feel fatigued or unfit for duty.
(D) Plan sleep ahead of time. Getting adequate sleep requires planning with future duty times in mind. For
example, if duty will require an early morning awakening, plans should be made to go to bed early the night
before so as to be fully rested for the next duty period. If the next duty will commence in the evening, the
employee is responsible for taking an afternoon or evening nap so that he or she does not start work with
eight or more hours of continuous wakefulness before the start of duty.

9.3.2 MANAGERS
(A) Department managers are responsible for managing work-related fatigue in their people when job planning
and scheduling personnel for duty. This includes providing adequate rest opportunities (and facilities when
necessary) between assignments, as well as making revisions and amendments when delays or other
operational considerations will affect duty time and rest periods.
(B) Managers will not pressure nor coerce personnel into performing duties when they have alerted
management that they are fatigued and not fit for duty.

9.4 FATIGUE-RELATED DATA COLLECTION


9.4.1 FRM PERFORMANCE INDICATORS
(A) YCO managers may choose to include fatigue-related events in the company’s key safety performance
indicators (KSPIs).

be set and measured against hours worked;


(3) Fatigue events on the ramp and in line service can be set and measured against number of flight
operations.
(B) Performance indicators allow managers to ‘drill down’ and see a quick-view of all reports, or the full details of
each report which contributed to the number of fatigue events displayed. Fatigue events also display on the
OmniSMS Risk Register with each event type’s associated risk index.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.4.2 SOURCES OF DATA


(A) Data collection allows YCO managers to identify fatigue drivers, such as scheduling policies, delays,
workload, and other conditions that can contribute to fatigue. Good data also helps managers identify
operational risks which could become elevated when personnel are fatigued. Sufficient data must be
gathered to provide department managers with an understanding of the operational factors that are likely to
cause fatigue, when fatigue is to be expected, and if crewmembers are performing safety-critical operations
while fatigued. The following FRM data sources are utilized for this purpose:
(1)
of fatigue events;
(3) Extensions of flight duty periods and flight times;
(4) Event investigations in which fatigue has been determined to be a contributing factor.

9.4.3 FATIGUE-RELATED HAZARDS


(A) Fatigue-related hazards, threats and fatigue drivers that may be identified, captured and trended from ORAs
and event investigations include:
(1) Extreme hot / cold
(2) Mission duration
(3) Length of segment
(4) Task of long duration
(5) Repetitive / monotonous
(6) Duty

Suitability of rest facilities

9.4.4 NON-PUNITIVE FATIGUE REPORTING


(A) YCO’s non-punitive reporting policies apply to reports of fatigue and fatigue-related occurrences. All
personnel are encouraged to report openly and without fear of reprisal, any and all events in which fatigue is
a contributing
assignments, as appropriate, to improve our working conditions and continue building
our safety culture.

NOTE:
OmniSMS reports may be submitted anonymously; however, YCO non-punitive reporting policies
apply, and managers may need to contact crewmembers for additional information
in order to develop effective risk mitigation strategies.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.4.5 FATIGUE-RELATED EVENTS


(A) The following fatigue-related events are reportable occurrences within YCO’s OmniSMS confidential
reporting system:
(1) Microsleep: A temporary loss of awareness and subsequent recovery after a brief lapse in

debt (sleep deprivation) occurs when a person has been awake for at
least 24 hours. This event is reportable if an employee is on duty and has been awake for 24 hours
without any sleep.
(3) Excessive fatigue: A subjective determination that fatigue has progressed to a point where
performance is impaired and safety margins have been reduced.
(4) Falling asleep on duty: Any sleep event beyond a microsleep, while on duty and not during a
designated rest or napping period.

9.4.6 EVENT INVESTIGATIONS


(A) When reports of flight irregularities, injuries, incidents, near-accidents and other events are submitted into
the OmniSMS confidential reporting system, the report owner (or delegated investigator) shall note whether
fatigue was a contributing factor in the occurrence. This information will be used to better understand fatigue
drivers and to identify deficiencies and conditions which could cause fatigue-related error.

9.4.7 FRM EVALUATIONS


(A) Compliance with
are evaluated during internal audits and evaluations. Findings are addressed with
risk controls or corrective actions as needed.

9.4.8 FRM PERFORMANCE ASSESSMENTS


(A) FRM performance is measured during system assessment and annual management review. These
performance assessments look for:
(1) Conformance of risk controls (mitigations) to their intended design;
(2) Substitute risks and unintended consequences of risk controls implemented;
(3) Effectiveness of risk controls in reducing fatigue and associated operational risks.
(B) Results are recorded i
or ineffective.

NOTE:
Refer to paragraph 3.2 Safety Performance Assessment for guidance on
the performance of system assessment and management review processes.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-6


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.5 CONTINUAL IMPROVEMENT


(A) YCO’s fatigue risk management actions are built on company safety policies and safety assurance / risk
management procedures to produce a continual improvement process (CIP). The process is repeated as
often as necessary, based on data collected, assessment of mitigations, and feedback from front-line
personnel. The FRM continual improvement process is depicted here:

FATIGUE RISK MANAGEMENT CONTINUAL IMPROVEMENT PROCESS

9.5.1 ASSESSMENT OF CURRENT CONDITIONS


(A) The first step is to measure and assess the level of fatigue risk associated with current schedules and
operations by collecting information on crewmember reports of fatigue or fatigue-related errors and
incidents, and information on the schedules that led up to these reported fatigue-related errors and
incidents. Understanding current conditions within the organization is critical for the development of a valid
mitigation plan.

9.5.2 DATA MODELING AND ANALYSIS


(A) This second step helps to determine the root cause(s) of fatigue by modeling work schedules and analyzing
fatigue risk associated with them. This step identifies the specific operational and crewmember factors that
could contribute to significant performance degradation as a result of fatigue. Effective fatigue risk mitigation
depends on this step because fatigue risk needs to be connected to the conditions (fatigue drivers) that
contribute to fatigue, and therefore to the overall level of risk.
(B) Analysis of the fatigue
potential consequence(s) of fatigue, should a negative outcome be
realized.
(C) For example, flight time that occurs between midnight and 0600 will inevitably include the period identified as
the window of circadian low (WOCL). This low point in performance should be evaluated in relation to the
duties to be performed at that time; an expected raised level of fatigue is of greater concern if it
coincides with critical flight maneuvers, or safety-critical tasks performed.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-7


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

9.5.3 MITIGATION OF FATIGUE AND OPERATIONAL RISKS


(A) Based on the measurement and analysis of fatigue drivers and safety-critical operations, this third step
requires routine and

and when fatigue is likely to occur.


(B) Data from the first two steps is considered by knowledgeable and experienced stakeholders in a
collaborative process, in order to develop effective solutions to address both fatigue-causing factors and
operational risks.

9.5.4 ASSESSMENT OF MITIGATIONS AND FEEDBACK


(A) The fourth step in the process is collection of evidence of success in the form of improved schedules,
additional sleep opportunities, enhanced training, and revised policies. This will require objective data,
demonstrating that the changes have effectively reduced fatigue. Such data includes fewer reports of fatigue
and/or errors due to fatigue, evidence of increased sleep, or modeling of schedules that predict improved
performance and reductions in fatigue related risk.
(B) Feedback may also reveal that mitigation strategies are ineffective, leading to a need for further schedule
adjustments and/

current operations and correct for changes in future


operations.

9.6 FRM PROMOTION


9.6.1 EDUCATION AND AWARENESS TRAINING
(A) YCO provides fatigue risk management training to the Accountable Executive, crewmembers, crew
schedulers, dispatchers, persons holding operational control, and appropriate management personnel.

9.6.2 FRM TRAINING REQUIREMENTS


(A) Fatigue is a complex topic. All personnel should have adequate training to understand the causes of fatigue,
how an individual can maximize the benefits of rest opportunities, the use of various countermeasures to
minimize the effects of fatigue, and the overall responsibilities of the individual to report for duty fit to safely
perform duties. Fatigue risk management training may include the following topics:
(1) Overview of Fatigue Risk Management (FRM)
(2) Fatigue Mitigation and Managing Rest
(3)

(6) Records and Reports


(7) FRM Policies, Procedures, and Implementation

9.6.3 COMMUNICATIONS
(A) YCO’s fatigue risk management actions should be communicated to all personnel. This will further increase
fatigue awareness, and motivate personnel to participate in sharing fatigue-related data with management.

[Link] Revision: 9 Fatigue Risk Mgmnt Page 9-8


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

10. Flight Data Analysis Program


10.1 POLICY
10.1.1 APPLICABILITY
(A) Your

maximum gross takeoff weight (MGTOW) above 27,000


kilograms (59,525 pounds) in the YCO fleet.
(C) See (insert reference) for a list of aircraft covered under this program.

10.1.2 FLIGHT DATA ANALYSIS SERVICE PROVIDER


(A) Your Company has

/ FOQA Provider
Address
Telephone
Website

(B) FDAP / FOQA Provider maintains adequate safeguards on protection of data sources and provides state-of-
the art, proprietary methods of data extraction, data transmission, and data analysis.
(C) Lead Captains and/or Administrators of Maintenance on the covered aircraft transmit downloaded flight data
to FDAP / FOQA Provider for approved methods a minimum of every three
calendar months.
(D) The (RESPONSIBLE PERSON’S TITLE) at YCO is responsible for the administration, maintenance, and
execution of the FDAP / FOQA Provider website for this program.

NOTE:
All data obtained through the Flight Data Analysis Program is non-punitive
and will not be used for crewmember disciplinary purposes.

10.2 PURPOSE AND USE OF THE FDAP


10.2.1 PURPOSE
(A) The YCO Flight Data Analysis Program allows YCO to:
(1) Identify areas of operational risk and quantify current safety margins;
(2) Quantify operational risks by discovering and evaluating circumstances surrounding identified non-
standard, unusual or

or risk controls once an unacceptable flight safety risk


(either actually present or predicted by trending) has been identified; and
(5) Confirm the effectiveness of any remedial action(s) / risk controls by monitoring and follow-up.

[Link] Revision: 9 Flight Data Analysis Page 10-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

10.2.2 USE OF FLIGHT DATA


(A) Exceedance detection of triggered events. This looks for deviations from flight manual limits, and
standard operating procedures. A set of core events is selected to cover the main areas of interest to the
operator. The event detection limits should be periodically reviewed to reflect the operator’s current
operating procedures.
(B) Some

or high during takeoff; and


(3) Excessive rate of descent below 1000 feet.
(C) Routine measurements. Ideally, data should be retained from all flights. At the very least a sufficient
selection of measures will be taken from the fleet to ensure that normal practice is defined. Data will be
recovered frequently enough to enable significant safety issues to be identified and mitigated. This may be
accomplished by retaining select parameters at a given point in space. For example:
(1) Climb speed at 400 AAL;
(2) Flap retraction altitude/speed;
(3) Gear extension altitude/speed;
(4) Airspeed at 1000 feet AAL on approach; and
(5) Rate of descent at

before there are significant numbers of events, and


emerging trends can be monitored before SKPI alert levels associated with exceedances are reached.

10.3 DATA ANALYSIS


10.3.1 DATA ANALYSIS PROCESS
(A) The YCO Director of Operations, EVP Maintenance and Director of Safety and Security will review and
analyze all data received through the program using the FDAP / FOQA Provider website in conjunction with
support of the Flight Data Analysts at FDAP / FOQA Provider.
(B) Initial reports are received via email once the download of aircraft data has been received, processed and
uploaded for further review on the FDAP / FOQA Provider website.
(C) The data will identify any possible exceedances from normal flight operations that may warrant further
investigation.

10.3.2 INITIAL INVESTIGATION


(A) At the discretion of the YCO safety action group (SAG), a flight operations department manager or
supervisor may be tasked with exceedance. Such investigation typically consists
of interviewing the crew involved to determine the circumstances surrounding the exceedance.
(B) Results of the initial investigation will determine whether the exceedance will be entered into the OmniSMS
management system.

[Link] Revision: 9 Flight Data Analysis Page 10-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

10.3.3 MANAGING FLIGHT DATA IN OMNISMS


(A) Based on
). If the exceedance is a type of event that has been selected as a safety
performance indicator (SPI), system SPI charts will show the exceedance in relation to target thresholds.
(B) The occurrence report is then analyzed and risk-assessed using Event Risk classification (ER) within
OmniSMS. Remedial and/or corrective actions may be applied, and the report closed. Monitoring may also
be requested of a supervisor or , and a low-level safety performance indicator created if
desired.
(C) If an existing low-level SPI target has been exceeded, a Safety Issue should be created for further study.
Here, further analysis, risk

[Link] Revision: 9 Flight Data Analysis Page 10-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

THIS PAGE INTENTIONALLY LEFT BLANK

[Link] Revision: 9 Flight Data Analysis Page 10-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

11. Appendix – Policy Statements


11.1 SAFETY AND QUALITY POLICY STATEMENT
SRRs 5.21(a)(1-3), 5.21(b)
The owners, directors and officers of Your Company (YCO) hereby pledge their commitment to fulfill our
Company’s safety objectives through implementation and continued support of the YCO Safety Management
System. This commitment includes managing all safety risks to acceptable levels, regular reviews of policy and
safety objectives to ensure they remain relevant and appropriate, and continuous improvement in our level of
safety. Senior management is committed to fully comply with all regulatory requirements and international
standards, and to further exceed those requirements to achieve the highest safety standards.
High levels of safety and quality are core business values, and because safety is a team effort, they must also
be our core personal values. We enjoy a competitive advantage through continually striving for high levels of
both safety and quality, and our business is strengthened by making quality and safety excellence an integral
part of all

is accountable for safety performance. Safety is a primary


responsibility of all managers. Safety performance is an important part of our management / employee
evaluation system. We recognize and value safety performance and the quality of work performed.
Managers at all levels pledge to ensure that our safety policies are understood, implemented and maintained at
all levels. This includes making everyone aware of safety rules, procedures for the safe accomplishment of all
activities, and individual personal responsibilities to observe and follow such policies, rules and procedures. All
personnel must be physically and mentally fit for duty. Each of us is accountable for our own behavior, and shall
at all times be safety-conscious, quality-conscious, and proactive in correcting any weaknesses regarding safety
or quality within our respective areas of responsibility.

Our most important safety objectives are:


ZERO ACCIDENTS and ZERO REGULATORY VIOLATIONS.

All safety performance objectives will be achieved through a strong commitment to safety and professionalism
from all levels within the company; to adopt proven best practices appropriate to the activity; and by learning
from our mistakes and sharing our lessons learned. We will apply these lessons by striving to reduce instances
of human error, and by developing systems and processes that both reduce human error, and are more error-
tolerant.
Your Company is committed to providing all resources necessary to achieve these goals and objectives, and to
continuously improve the safety and quality
and the YCO Emergency Response Plan, in order to
achieve the highest levels of safety management and emergency preparedness. Safety and quality excellence
will always be essential components of our mission, and your continued active participation in the company’s
Safety Management System will allow us to provide the highest quality products and services, while achieving
the highest level of safety possible.

Signed: _________________________________ Date: _______________________


(Name and Title of Accountable Executive)

[Link] Revision: 9 Appendix: Policies Page 11-1


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

11.2 NON-PUNITIVE REPORTING POLICY STATEMENT


SRR 5.21(a)(4),(5)
Your Company (YCO) fully recognizes the need to establish a safety culture that meets the highest industry
standards, and is continually improving. In order to accomplish this, all personnel are encouraged to report on
safety issues openly and fully. Further, supervisors and managers at all levels must be willing and ready to
immediately address and remedy all operational shortcomings brought to their attention.
All incidents, near-accidents, hazards, apparent regulatory violations and other safety issues must be reported
without exception. By providing prompt, accurate and detailed reports of any event or condition which could
jeopardize the safety of people, aircraft, equipment, or the environment, and by providing practical suggestions
for correction, front-line employees support our safety management efforts, as we work together to maintain the
highest level of safety.
Personnel are also encouraged to report instances of human error in which they are personally involved, or that
they become aware of through any circumstances. By establishing and fostering a company-wide atmosphere of
mutual trust, the uninhibite

environment, and dissemination of lessons learned from


this enhanced level of reporting will result in a more informed organization and safer workplace.
Your Company will not apportion blame nor impose disciplinary action on any individual reporting an
unintentional error, mishap, operational incident or other risk exposure, including events in which they
themselves may have violated regulations, company policy, or failed to follow standard operating
procedures.
Exceptions to this general non-punitive policy relate to unacceptable behavior which includes the following
serious failures of employees to act responsibly, thereby creating or worsening risk exposures:
Premeditated or intentional acts that cause harm to personnel or damage to equipment/property.
Reckless actions or decisions disregarding safety and precautions which affect the security of our
customers, employees, or the economic welfare of the Company
Failure to promptly report safety incidents

certificate action(s) that may be imposed by


regulatory authorities.
This non-punitive reporting policy helps maintain the benefits of a learning culture, while balancing the need to
maintain personal accountability and discipline. It is reviewed regularly by YCO management.
Thank you for supporting our Safety Management System, and for your efforts to continually improve.

Signed: _________________________________ Date: _______________________


(Name and Title of Accountable Executive)

[Link] Revision: 9 Appendix: Policies Page 11-2


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

11.3 ANTI- DRUG AND ALCOHOL MISUSE POLICY STATEMENT

Your Company (YCO) is committed to providing safe and reliable services to customers, and a safe and
productive work environment for all employees. The transportation, possession, or use of illegal drugs and
narcotics pose serious threats to company assets and the well-being of company employees. Likewise,
improper use or misuse of prescription drugs and alcohol may also create hazards to safe operations.

It is our policy that

disciplinary action will be levied against any


employee who voluntarily comes forward seeking assistance for such problems.

We will refer you to a resource within our community for assistance with the treatment of alcohol or substance
abuse problems. The cost of any treatment received from any of these services (which are not covered by
company insurance or other benefits) is the employee’s responsibility.

Employees whose job performance deteriorates may be referred by management to an assistance program for
diagnosis of the performance problem(s). This diagnosis will be at the employee’s expense, and a refusal to
undergo diagnosis in these cases will result in termination of the employee’s employment.

Participation, in itself, in a program for alcohol/drug problems will in no way jeopardize an employee’s job. In
fact, successful treatment will be viewed positively. However, such participation will not:
Prevent normal disciplinary action for violation(s) which may have already occurred.
Relieve an employee of the responsibility to

of policy violation.

Your Company is committed to the highest level of safety in operations and our workplace, by providing support,
resources, and training necessary to maintain a drug-free and alcohol misuse-free workplace.

Signed: ________________________________________ Date: _______________________


(Name and Title of Accountable Executive)

[Link] Revision: 9 Appendix: Policies Page 11-3


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

11.4 FATIGUE RISK MANAGEMENT POLICY STATEMENT

Your Company (YCO) owners, directors, officers and managers hereby pledge their commitments to support
and utilize YCO fatigue risk management policies and procedures as an essential element of the Company’s
Safety Management System (SMS). These commitments include effective and uninhibited reporting of excessive
fatigue and fatigue-related occurrences, and managing all fatigue-related safety risks to acceptable levels.
Senior management is committed to fully comply with all flight / duty time and rest period requirements, as well
as best practices for fatigue risk management, in order to fulfill our safety goals and objectives.
Managing the risks associated with fatigue is a responsibility shared jointly by every person at YCO, at all levels
of management. This is because fatigue is affected by more than just work demands. Fatigue is affected by all
waking activities, sometimes described as

unfit for duty, or is expected to be excessively


fatigued at the planned completion of a duty period, appropriate reporting and risk-mitigating actions must be
taken.
Fatigue risk management goals and objectives will be achieved by applying fatigue risk management policies
and procedures to all safety-critical tasks and activities. This includes dispatch and flight following, flight
operations, maintenance activities, and ground

Fatigue Risk Management Program


are defined, revised, and annually reviewed in the OmniSMS web application.

By learning from our mistakes and sharing our lessons learned, we shall strive to reduce errors and unwanted
events in which fatigue is a contributing factor. We shall also develop schedules, systems and processes that
reduce the risk of fatigue-related events and their consequences.
Your Company is committed to providing the resources necessary to effectively manage the risks associated
with fatigue and to continuously improve our management of fatigue and related hazards. These efforts include
periodic review of fatigue risk management policies and procedures, as well as safety objectives, to ensure that
our policies remain relevant and appropriate, and our procedures and controls remain effective.

Signed: _________________________________ Date: _______________________


(Name and Title of Accountable Executive)

[Link] Revision: 9 Appendix: Policies Page 11-4


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.
AVIATION MANAGEMENT SYSTEM
SMS Manual

11.5 EMERGENCY RESPONSE POLICY STATEMENT


SRR 5.21(a)(6)
Aviation accidents are rare events, and as a result, few organizations are really prepared when one occurs. To
address this essential need, Your Company has developed an Emergency Response Plan (ERP) to maintain
YCO in a state of preparedness to respond to an aircraft accident, incident or other emergency.

Emergency response is normally associated with aircraft accidents, but it’s equally applied to events that could
occur in all

be familiar with, and know


where to locate, our Emergency Response Plan.

The ERP specifies in writing what should be done after an accident, and who is responsible for each action. The
ERP also contains instructions and procedures for other critical events. Our ERP provides all employees and
managers with guidance regarding:
Delegation of emergency authority throughout YCO;
Assignment of employee

help us effectively manage events during or following an


accident or other crisis.

Your Company is committed to providing the resources and training necessary to maintain us in a constant state
of preparedness to effectively manage an aircraft accident. This includes annual emergency response exercises
and drills in all departments.

Experiencing an aircraft accident in which the lives of friends and co-workers are lost is one of the most difficult
and traumatic experiences you could endure during your aviation career.

That’s why we need to do everything in our power to prevent accidents.

I have approved the YCO Emergency Response Plan and the publishing / distribution thereof to our employees
and organizations with which we interface.

Signed: _________________________________ Date: _______________________


(Name and Title of Accountable Executive)

[Link] Revision: 9 Appendix: Policies Page 11-5


Date: 20 Feb 2018
Uncontrolled copy when printed; confirm current online revision before use.

Common questions

Powered by AI

Fatigue risk management elements such as fatigue policies, reporting systems, education, and performance evaluations establish a comprehensive approach to manage fatigue-related hazards. These elements work in concert to identify, report, and mitigate fatigue risks through structured policies and data-driven insights. This comprehensive approach ensures personnel are sufficiently rested and reduces the likelihood of fatigue-related errors, enhancing overall operational safety .

The Voluntary Disclosure Reporting Program (VDRP) aims to encourage operators to voluntarily disclose safety violations without the immediate threat of punitive action, fostering an environment of learning and improvement. Disclosures are evaluated based on specific eligibility criteria, and if the conditions are met, corrective measures are developed and implemented to address the underlying issues. This process enhances safety by focusing on systemic improvements and preventing recurrence .

The confidential reporting system encourages a robust safety culture by allowing employees to report safety violations or hazards without fear of retaliation. This helps in fostering openness, trust, and transparency, which are core elements of a proactive safety culture. It ensures that potential safety issues are identified and addressed timely, contributing to overall risk reduction and continuous improvement in safety practices .

Fatigue risk management contributes to the continual improvement of safety by systematically identifying fatigue drivers and hazards, which allows for development of proactive measures to manage these risks effectively. This includes utilizing non-punitive reporting to gather data, analyzing work schedules to identify fatigue-related risks, and implementing changes to optimize rest and work schedules. Data-driven strategies facilitate the evaluation and adjustment of mitigations, supporting continuous refinement and enhancement of safety practices .

Safety promotion is important as it integrates safety principles into the organizational culture, which supports other SMS elements like risk management and assurance by nurturing awareness, training, and communication among stakeholders. The anticipated outcomes include improved safety performance, enhanced compliance with safety standards, and a transparent environment where safety issues are openly discussed and managed effectively .

Residual risk refers to the safety risk that remains after all control strategies have been implemented and verified. Within an SMS framework, managing residual risk implies a continual process of monitoring and reviewing controls to ensure that they effectively mitigate the risk to an acceptable level. The implications are significant as this involves ongoing resource allocation, authority oversight, and evaluation to achieve and maintain safety objectives .

Management reviews serve as critical oversight tools to verify that risk controls are functioning as intended. They facilitate the ongoing evaluation of safety performance, compliance, and the effectiveness of existing controls. Reviews lead to identification of gaps or non-conformances, prompting corrective actions that ensure safety objectives are met and continuously improved .

Risk analysis involves understanding hazardous situations and estimating the probability and severity of potential outcomes, while risk assessment evaluates the acceptability of those risks to determine appropriate control measures. Risk analysis focuses more on the identification and quantification stages, whereas risk assessment deals with decision-making regarding how much risk can be tolerated and what steps must be taken to mitigate it effectively within operational parameters .

Management of change within SMS involves analyzing potential hazards introduced by new systems or procedures and assessing the associated risks. This process includes documenting system descriptions, identifying possible hazards, and implementing risk controls to manage these risks to acceptable levels before changes are put into effect. Such proactive management minimizes disruptions and enhances system safety by effectively integrating change without compromising safety performance .

Hazard statements and risk scenarios are utilized to clearly articulate the presence and implications of hazards. These statements allow for a structured identification of undesired events and their potential impacts, enabling stakeholders to infer possible outcomes and correlate them with existing controls or necessary mitigations. By explicitly defining hazard contexts and possible risk scenarios, management can enhance readiness and response strategies .

You might also like