Government of Canada navigation bar

Symbol of the Government of Canada

Primary site navigation bar

Advisory Circular (AC)
No. 107-002

Safety Management Systems Development Guide for Small Operators/Organizations

PDFPDF format (593 KB)

Internal documents and documents hyperlinked and stored on
Transport Canada's intranet mentioned in this document
are available upon request. See Contact Office below.

Issuing Office: Civil Aviation
Activity Area: Oversight AC No.: 107-002
File No.: Z 5015-11-2 Issue No.: 01
RDIMS No.: 2382587 Effective Date: 2008-06-15

1.0 INTRODUCTION

This Advisory Circular (AC) is provided for information and guidance purposes only. It may describe an example of an acceptable means, but not the only means, of demonstrating compliance with regulations and standards. On its own, this AC does not change, create, amend or permit deviations from regulatory requirements, nor does it establish minimum standards.

1.1 Purpose

The purpose of this document is to provide additional guidance on the practical application of the regulations pertaining to Safety Management Systems (SMS). This guide provides examples of SMS processes suitable for small operators/organizations operating under the Canadian Aviation Regulations (CARs) Parts IV, V and VII.

1.2 Applicability

This document is applicable to the aviation industry, delegates, individuals and organizations and all Transport Canada Civil Aviation (TCCA) employees when they are exercising privileges granted to them under an External Ministerial Delegation of Authority.

1.3 Description of Changes

Not applicable.

Return to Top of Page
Top of Page

2.0 REFERENCES AND REQUIREMENTS

2.1 Reference Documents

It is intended that the following reference materials be used in conjunction with this document:

  1. Part I, Subpart 7 of the Canadian Aviation Regulations (CARs) - Safety Management System Requirements;

  2. Part V, Subpart 73 of the CAR - Approved Maintenance Organizations;

  3. Part VII, Subpart 5 of the CAR - Airline Operations;

  4. Staff Instruction (SI) SUR-001, Issue 01, dated 2008-03-07 - Safety Management System Assessment and Program Validation Procedures;

  5. Transport Publication (TP) 14135, dated 2004-09-01 - Safety Management Systems for Small Aviation Operations - A Practical Guide to Implementation; and

  6. TP 14343, Revision 1, dated 2005-06-01 - Safety Management System Implementation Procedures Guide for Air Operators and Approved Maintenance Organizations.

2.2 Cancelled Documents

Not applicable.

2.3 Definitions and Abbreviations

The following definitions and abbreviations are used in this document:

  1. AC means Advisory Circular.

  2. AMO means Approved Maintenance Organization.

  3. COM means Company Operations Manual.

  4. MCM means Maintenance Control Manual.

  5. MPM means Maintenance Policy Manual.

  6. Policy means a guiding principle used to set direction in an organization. It is a high-level overall plan that outlines goals and objectives.

  7. Procedure means a group of interrelated activities (procedures) that convert inputs to outputs.

  8. Process means a specified way to carry out an activity (e.g. a series of steps).

  9. SMS means Safety Management System.

  10. System means a group of inter-dependent processes and people that work together to achieve a defined result. Together, the policies, procedures and processes form the system.

  11. TCCA means Transport Canada Civil Aviation.
Return to Top of Page
Top of Page

3.0 BACKGROUND

3.1 What is this guide for and who should use it?

  1. In anticipation of the regulatory SMS requirements for small operators, this document has been developed to address organizations of minimum to moderate complexity.

  2. This guidance material provides an interpretation of the intent and application of the SMS regulatory requirements in small operators. It contains practical examples of how the components that make up a SMS might be implemented; however, it is not meant to be a list of prescriptive requirements or a template to be used verbatim. Each organization is required to develop policies and procedures in accordance with their unique operating requirements.

  3. Depending on the size and complexity of the organization, the tools that make up a SMS will vary. As such, the material contained herein is not intended as a formula for meeting the regulatory requirements, but rather is offered as an information source for interpreting the regulatory requirements, and is intended to pave the way forward for the successful implementation of a SMS in an organization.

  4. Whether an organization has chosen to develop an overarching SMS manual or has incorporated their SMS program into their existing manuals, such as the Maintenance Control Manual (MCM), Maintenance Policy Manual (MPM) or Company Operations Manual (COM), Transport Canada requires adequate document control in order to avoid any potential discrepancies on policy or procedures, omissions or conflicts that could result from having multiple manuals. The format used to document the SMS program must allow end users to promptly locate required information to enable them to execute their functions.

  5. Amendments to the SMS manual will be treated as an amendment to the actual MCM, MPM or COM and hence need to follow the established approval process.

  6. Users of this AC should consult the CARs and SI SUR-001 , Safety Management System Assessment and Program Validation Procedures to ensure that their SMS meets all regulations, applicable expectations and measurement criteria. Although the expectations outlined in SI SUR-001 vary, all SMS regulations must be met regardless of the organization's complexity.

  7. The information and examples provided in this document were developed by applying the applicable CARs, relevant SI SUR-001 expectations and level 3 measurement criteria to models representing small aviation operations.

3.2 What is a SMS?

  1. In technical terms, a SMS is an explicit, comprehensive and proactive process for managing risks that integrates operations and technical systems with financial and human resource management, for all activities related to a Canadian aviation document.

  2. Practically speaking, a SMS is a business-like approach to safety. In keeping with all management systems, a SMS provides for goal setting, planning, and measuring performance. It deals with organizational safety rather than the conventional health and safety concerns in the workplace. An organization's SMS defines how it intends to manage air safety as an integral part of its business management activities. A SMS becomes part of the way people do their jobs.

  3. An organization's structure, or set-up, and the activities that make up a SMS are found throughout the organization. Every employee contributes to the safety health of the organization. In some areas or sections, safety management activities will be more visible than in others, but the system must be integrated into “the way things are done” throughout the organization. This will be achieved by the implementation and continuing support of a safety program based on a coherent policy that leads to well-designed procedures.
Return to Top of Page
Top of Page

3.3 Key Generic Features of the SMS Approach

  1. There is no definitive meaning attached to the term “SMS”. Every organization, and industry, for that matter, has its own interpretation of what it is. From the Civil Aviation perspective, five generic features characterize a SMS. These are:

    1. A comprehensive systematic approach to the management of aviation safety within an organization, including the interfaces between the organization and its suppliers, subcontractors and business partners;

    2. A principal focus on the hazards of the business and their effects upon those activities critical to flight safety;

    3. The full integration of safety considerations into the business, through the application of management controls to all aspects of the business processes critical to safety;

    4. The use of active monitoring and audit processes to validate that the necessary controls identified through the hazard management process are in place and to ensure continuing active commitment to safety; and

    5. The use of quality assurance principles, including improvement and feedback mechanisms.

  2. When considering how to meet CARs requirements with respect to SMS, some organizations may choose to utilize a commercial “off-the-shelf” system. Whilst this might be appropriate for some organizations, the program should be tailored to meet the requirements of the individual organization rather than assuming that one size fits all. Attention should also be given to the need to ensure that linkages between the individual components are in place so that the system functions in a cohesive manner.

  3. A SMS includes the following key components:

    1. Safety management plan;

    2. Documentation;

    3. Safety oversight;

    4. Training;

    5. Quality assurance; and

    6. Emergency preparedness.

  4. A SMS can be divided into three principle parts, all interlinked and interdependent. The key point to remember is that if any one of these parts is missing, the system will be ineffective. The diagram below shows how each of the regulatory requirements (per the list above) fit into the SMS as a whole.

Diagram 1 - Key Generic Features of an Effective SMS


Key Generic Features of an Effective SMS: A robust system for assuring safety, an effective organization for delivering safety, and a comprehensive corporate approach to safety.


Return to Top of Page
Top of Page

4.0 SMALL OPERATORS/ORGANIZATIONS GUIDE

  1. Due to the size and complexity of the infrastructure required to support large air operations, this document is not applicable to:

    1. holders of an air operator certificate issued under CAR 705.07; or

    2. holders of an Approved Maintenance Organization (AMO) certificate issued under CAR 573.02 whose certificate includes ratings for an aircraft of a type that, if operated in commercial air transport, would be subject to CAR 705—Airline Operations.

  2. Guidance for the large complex organizations indicated above can be found in TP 14343 - Safety Management Systems Implementation Procedures Guide for Air Operators and Approved Maintenance Organizations.

4.1 Determining Complexity

  1. To assist organizations in developing their SMS using the guidance provided in this document, it is necessary to determine the degree of complexity of the organization. In order to do so, various factors, such as the number of employees, number of certificates held, number of bases, different types of equipment operated as well as the operational environment, must be considered.

  2. There is no overall complexity formula that takes all variables into account. Determining where an organization may fit in this guide is based on many factors and variables, including an understanding of the operation itself and its environment. Users should consider factors affecting their organization and then determine whether their operations are of minimal or moderate complexity, as identified in Appendix A of this document. For example, a small organization that operates a heli-ski service will have different challenges than a similarly-sized fixed-wing air taxi operation.

4.2 Appendix A: Safety Management Plan

  1. This guide and its associated appendices are to be used for guidance purposes in conjunction with SI SUR-001.

  2. SI SUR-001 separates SMS into distinct component parts. This separation is necessary to allow for an understanding of the components that make up the system. Organizations are free to keep components separate, or to combine them in any way that suits their operations, as long as the system contains all of the required component parts. To illustrate one way components might be grouped within the system, this guide combines the following elements:

    1. 1.6 Performance Measurement and 1.7 Management Review; and

    2. 2.2 SMS Documentation and 2.3 Records Management.

  3. The “Minimal Complexity - One-Person Operation” column of Appendix A is based on a one-person, single-certificate type air operator or AMO, as are the examples provided. Organizations that fall between minimal and moderate complexity must review any additional SMS element expectations outlined in SI SUR-001 for applicability.

  4. The “Moderate Complexity” column is based on a five- to ten-person, multiple-certificate type air operator or AMO, with individuals identified as accountable executive, operations manager, person responsible for maintenance and SMS manager. When an organization's complexity increases beyond the “moderately complex,” SI SUR-001 must be used.

  5. Each section of the SMS element detailed in this guide has three distinct components:

    1. brief description of the SMS element;

    2. SMS element criteria requirements based on:

      1. Minimal Complexity - One-Person Operation (left-hand column of Appendix A)

        1. Score 3 element criteria (Appendix B of SI SUR-001 ) are used as the basis for this component, and are identified by a hollow square bullet in the attached Appendix A.

      2. Moderate Complexity (right-hand column of Appendix A)

        1. Score 3 element criteria (Appendix B of SI SUR-001) are used as the basis for this component, and are identified by a hollow square bullet in the attached Appendix A. Organizations may incorporate additional expectations as identified in Appendix B of SI SUR-001, where such expectations are considered to be relevant to the complexity of the organization's systems. Examples of additional expectation from SI SUR-001 Appendix B are identified by arrow-shaped bullets in the attached Appendix A.

      3. Bullets

        1. Elements that are common to both minimal and moderate complexity are represented with the following symbol: (see example below); and

        2. Items found in the “Moderate Complexity” column that are deemed as additional requirements to those indicated in the “Minimal Complexity” column will be identified with the following symbol: arrow (see example below).

    3. SMS manual examples:
3. Safety Oversight    3.4 Risk Management
Minimal Complexity - One-Person Operation Moderate Complexity
(Item a) When a hazard has been identified, and the requirement for a risk assessment determined

(Item b) Risk management should:
  • include a process for…
  • include criteria…
  • include a process…
  • include a description…
(Item c) Example: … 		(Item a) When a hazard has been identified, and the requirement for a risk assessment determined

(Item b) Risk management should:

    include a process for…

    include criteria…

    include a process…

    include a description…

(Item c) Example: …


4.3 Appendices B to E

Appendices B through E are provided as examples of different recording and reporting methods in a SMS.

Return to Top of Page
Top of Page

5.0 CONTACT OFFICE

For more information, please contact the:
Chief, Technical &National Programs (AARTT)

Phone: 613-952-7974
Fax: 613-952-3298
E-mail: CAIRS_NCR@tc.gc.ca

Suggestions for amendment to this document are invited, and should be submitted via the Transport Canada Civil Aviation Issues Reporting System (CAIRS) at the following Internet address:

www.tc.gc.ca/CAIRS
or by e-mail at: CAIRS_NCR@tc.gc.ca

Original signed by Don Sherritt on June 17, 2008

D.B. Sherritt
Director, Standards
Civil Aviation

Return to Top of Page
Top of Page

APPENDIX A - SAFETY MANAGEMENT PLAN


1. Safety Management Plan    1.1 Safety Policy
Minimal Complexity - One-Person Operation Moderate Complexity
The safety policy is a valuable tool for informing clients, third-party subcontractors, TCCA and other stakeholders of the organization's commitment to safety. It establishes an overall sense of direction, states the commitment to safety and sets the principles of action for the organization.
The safety policy should ensure that:
  • a safety policy is in existence, followed and understood;
  • the organization has based its safety management system on the safety policy and there is a clear commitment to safety;
  • the safety policy is agreed to and approved by the accountable executive;
  • and the safety policy is reviewed periodically for continuing applicability.
Example:

SAFETY POLICY

Safety is a corporate value. The ultimate responsibility for providing a safe and healthy environment to our clients and organization rests with myself as the accountable executive.


To prevent accidents and to eliminate damage or injury, I have implemented and maintain an active safety management system (SMS). My objective is the proactive management of identifiable hazards, the reduction of risk to a level as low as reasonably practicable, and the sharing of safety information with my stakeholders.

Signed: ____________________
Accountable Executive

The safety policy is a valuable tool for informing personnel, clients,
third-party subcontractors, TCCA and other stakeholders of the
organization's commitment to safety. It establishes an overall sense of
direction, states the commitment to safety and sets the principles of action
for the organization. In addition, the safety policy will ensure all personnel
are aware of their safety-related obligations.
The safety policy should ensure that :

  • the organization has based its safety management system on the safety policy and there is a clear commitment to safety;
  • the safety policy is agreed to and approved by the accountable executive;
  • he safety policy is promoted by the accountable executive;
  • the safety policy is communicated to all employees with the result that they are made aware of their safety obligations; and
  • the policy is implemented at all levels of the organization;

it describes the organization's safety objectives, management
principles and commitment to continuous improvement in the
safety level.

Example:

SAFETY POLICY

Safety is a core business value, and a fundamental component of our competitive advantage. Our organization is strengthened by making continuous safety improvements and excellence an integral part of all
our activities.
All managers and employees are responsible and accountable for their actions and safety performance, starting with myself as CEO and accountable executive. I endorse all personnel to think and work
safely at all times, regardless of any real or perceived pressures to do otherwise.


To prevent accidents and to eliminate damage or injury, we have implemented and maintain an active safety management system (SMS).
Our objective is the proactive management of identifiable hazards, the reduction of risk to a level as low as reasonably practicable, and the sharing of safety information with our stakeholders.

Signed: ____________________
CEO and Accountable Executive
1. Safety Management Plan    1.2 Non-Punitive Safety Reporting Policy
Minimal Complexity - One-Person Operation Moderate Complexity
The non-punitive aspect of a reporting policy in a
one-person operation is unnecessary, as it adds no
value to the process. 		By removing the threat of disciplinary action, a non-punitive safety
reporting policy encourages a healthy reporting culture. The non-punitive
safety reporting policy should ensure that:
  • immunity from disciplinary action for employees that report, hazards, incidents or accidents is provided;
  • conditions under which punitive disciplinary action would be considered (e.g. illegal activity, negligence or wilful misconduct) are clearly defined and documented;
  • the policy is widely understood within the organization; andq there is evidence that the organization is applying the policy;

          the policy is applied throughout certificated and non-             certificated areas of the organization.

Example:
NON-PUNITIVE SAFETY REPORTING POLICY
Our organization fully supports and encourages a culture of openness and trust between all personnel. This cannot be achieved unless employees feel able to report occurrences or hazards without the fear of unwarranted retribution. Reporting occurrences or hazards should become a priority for all employees. Only with full awareness can management rectify deficiencies in a timely manner. Employees are encouraged to identify and report unsafe conditions without fear of recrimination. The organization's| primary goal is identification of any unsafe condition that exists within, or may affect, the organization. Personnel reporting safety-related issues to the organization will not be subject to punitive discipline, regardless of whether they were personally involved in the observation giving rise to the safety concern. The only cases where disciplinary action will be taken are for:
  • negligence;
  • wilful or intentional disregard;
  • criminal intent; and
  • use of illicit substances.
1. Safety Management Plan    1.3 Roles and Responsibilities
Minimal Complexity - One-Person Operation Moderate Complexity
An effective system must ensure that roles and responsibilities are identified and documented. The accountable executive maintains the responsibility to provide the necessary resources and to ensure the SMS is performing properly.
Roles and responsibilities should ensure that:

            there are documented roles and responsibilities and accountabilities for the accountable executive and evidence that the SMS is established, maintained and adhered to.

 Example:
In a one-person operation, safety roles and responsibilities can be expressed in the safety policy statement.
ROLES AND RESPONSIBILITIES
I will ensure that SMS roles and responsibilities are identified, documented and periodically evaluated to ensure they are appropriate and functioning within this organization.
The accountable executive is responsible for:
  • establishing and implementing the SMS
  • ensuring the required safety resources are available
  • establishing and adhering to the safety policy;
  • ensuring that the SMS remains effective
  • managing the operation of the SMS;
  • collecting and analyzing safety information in a timely manner;
  • monitoring and evaluating the results of corrective actions;
  • ensuring that risk assessments are conducted when applicable; and
  • monitoring the industry for safety concerns that could affect the program.
An effective system must ensure that roles and responsibilities are identified, communicated and documented. The accountable
executive maintains the responsibility to provide the necessary resources, and to ensure the SMS is performing properly. In addition to individual safety responsibilities, some personnel will have additional responsibilities associated with positions they hold within the organization, e.g. accountable executive, SMS manager, operations manager and person responsible for maintenance. These responsibilities need to be documented within the SMS. Roles and responsibilities should ensure that:
  • there are documented roles and responsibilities and accountabilities for the accountable executive and evidence that the SMS is established, maintained and adhered to;
  • the accountable executive demonstrates control of the financial and human resources required for the proper execution of his/her SMS responsibilities;
  • a qualified person has been appointed, in accordance with the regulation, and has demonstrated control of the SMS;
  • the person managing the operation of the SMS fulfils the required job functions and responsibilities;
  • safety authorities, responsibilities and accountabilities are transmitted to all personnel; and
  • all personnel understand their authorities, responsibilities and accountabilities in regards to all safety management processes, decision and actions;
  • safety authorities, responsibilities and accountabilities are reviewed prior to any significant organizational change
  • safety authorities, responsibilities and accountabilities of all personnel and third parties are defined and documented in job descriptions.
Example:
ROLES AND RESPONSIBILITIES
We ensure that all SMS roles and responsibilities and employee involvement are identified, communicated, documented and periodically evaluated to ensure they are appropriate and functioning within all levels of the organization.

In addition to safety responsibilities associated with our day-to-day operations, the accountable executive, safety manager and employees have additional responsibilities associated with the operation and maintenance of our SMS.

The accountable executive is responsible for:
  • establishing and implementing the SMS;
  • ensuring the required safety resources are available;
  • establishing and adhering to the corporate safety policy;
  • promoting and supporting the SMS; and
  • ensuring that the SMS remains effective.


The SMS manager is responsible for:
  • managing the operation of the SMS;
  • collecting and analyzing safety information in a timely manner;
  • monitoring and evaluating the results of corrective actions;
  • ensuring that risk assessments are conducted when applicable;
  • determining the adequacy of training;
  • authority to delegate specific SMS tasks/roles to persons within the organization;
  • ensuring that periodic reviews are conducted to determine the effectiveness of the system;
  • monitoring the industry for safety concerns that could affect the program; and
  • ensuring safety-related information, including organization goals and objectives,
    are made available to all personnel through established communication processes.
Employees are responsible for:
  • following established safe working practices;
  • immediately dealing with any unsafe condition, as practical;
  • identifying and reporting all occurrences, hazards, operational irregularities, unsafe conditions or practices in a timely manner; and
  • being familiar with the organization's SMS.
1. Safety Management Plan    1.4 Communication
Minimal Complexity - One-Person Operation Moderate Complexity
Effectively communicating safety information is as important in a one-person operation as it is in a larger organization. For example, a one-person operation will be in regular communication with their industry peers, clients and TCCA.
Communications should ensure that:
  • there are communication processes in place within the organization that permit the safety management system to function effectively;
  • information is established and maintained in a suitable medium, e.g. simple paper records or entries in a readily available “black book” is one method that could be employed when records of safety communications are required; and
  • there is a process for the dissemination of safety information (e.g. signage, passenger briefing cards or a bulletin board) throughout the organization and a means of monitoring the effectiveness of this process.
Example:
COMMUNICATION
  • To facilitate the operation and maintenance of our SMS, we will communicate, share, review and document safety-related information through the following process:
  • TCCA:
    • participation in relevant and accessible safety-related forums, etc.
  • Industry groups:
    • participation in relevant and accessible safety-related forums;
    • other operators/associations, etc.
  • Clients:
    • safety briefings, safety cards and customer feedback, etc.
I document communications by keeping simple paper records or making entries in the organization's “black book.” All records are stored in a secure location.
 Effective communication encourages all personnel to participate in the SMS, and builds a safety culture where issues are openly identified and addressed.
As the organization grows in size and complexity, the processes required to communicate and record information will become more involved and formalized.
An organization may choose to develop a binder where all employees are required to review and sign as having read safety-related information each time they come to work. Other techniques, such as staff instructions, memos, meetings, posters or newsletters may also be employed at the organization's discretion.
Communications objectives and goals should ensure that:
  • there are communication processes in place within the organization that permit the safety management system to function effectively;
  • communication processes (written, meetings, electronic, etc.) are commensurate with the size and complexity of the organization;
  • information is established and maintained in a suitable medium; and
  • there is a process for the dissemination of safety information throughout the organization and a means of monitoring the effectiveness of this process.
Example:
COMMUNICATION
To facilitate the operation, maintenance and effectiveness of our SMS, we will communicate, share, and review safety-related information through meetings, electronic and written documentation with the following:
  • Internal:
    • quarterly (or as required) safety meetings to review reports;
    • face-to-face on an individual or group basis;
    • organization memos;
    • safety bulletin board; and
    • amendments to documentation.
  • TCCA:
    • participation in relevant and accessible safety-related forums.
  • Industry:
    • participation in relevant and accessible safety-related forums;
    • other organizations and associations; and
    •  manufacturers.
  • Clients:
    • safety briefings;
    • safety cards; and
    • customer feedback.
1. Safety Management Plan    1.5 Safety Planning
Minimal Complexity–One-Person Operation Moderate Complexity
Safety objectives and goals help identify and prioritize issues, measure safety performance, allocate resources where they are needed the most, and ensure continuous safety improvement.
For our purposes, objectives are broad statements that provide the overall context for what the organization's safety plan is trying to accomplish. To meet an objective, goals should be established.
Goals should be specific targets and tasks that support the achievement of the stated objectives. Goals should be evaluated to see whether they have been achieved. Goals should be specific, measurable, achievable, realistic and time-bound (SMART).
Safety planning objectives and goals should ensure that:
  • safety objectives have been established utilizing a safety risk profile that considers hazards and risks;
  • objectives and goals are consistent with the safety policy and their attainment is measurable;
  • safety objectives and goals are reviewed and updated periodically;
  • there is a documented process to develop a set of safety goals to achieve overall safety objectives; and
  • safety objectives and goals are documented and publicized.
Example:
SAFETY PLANNING OBJECTIVES AND GOALS
The aim of establishing attainable objectives and goals is to ensure the effectiveness and continuous improvement of safety.
Our current objectives and goals are:
  • Objective A: Reduce hazards and associated risks.
    • Goal 1: Identify a larger percentage of existing hazards annually through increased documentation of identified hazards.
  • Objective B: Reduce occurrence-related losses.
    • Goal 1: Ensure documentation of occurrences.
    • Goal 2: Ensure risk management process has been implemented when applicable.
  • Objective C: To prevent damage and injury to non-organization personnel and property resulting from our operations.
    • Goal 1: Placement of new passenger information notices and signage in office and on ramp.
    • Goal 2: Standardized passenger briefings.
Safety objectives and goals help identify and prioritize issues, measure safety performance, allocate resources where they are needed the most, and ensure continuous safety improvement.
Regardless of whether the organization is a one-person operation or moderately complex, the process for setting safety goals and objectives is similar. As the operation increases in complexity, the objectives and goals may become more detailed.
For our purposes, objectives are broad statements that provide the overall context for what the organization's safety plan is trying to accomplish. To meet an objective, goals should be established.
Goals should be specific targets and tasks that support the achievement of the stated objectives. Goals should be evaluated to see whether they have been achieved or not. Goals should be specific, measurable, achievable, realistic and time-bound (SMART).
Safety planning objectives and goals should ensure that:
  • safety objectives have been established utilizing a safety risk profile that considers hazards and risks;
  • objectives and goals are consistent with the safety policy and their attainment is measurable;
  • safety objectives and goals are reviewed and updated periodically;
  • there is a documented process to develop a set of safety goals to achieve overall safety objectives; and
  • safety objectives and goals are documented and publicized;
  • the organization has a process for analyzing and allocating resources for achieving their objectives and goals;
  • Safety objectives have been established utilizing a safety risk profile that considers:
    • hazards and risks;
    • financial, operational and business requirements;
    • views of interested parties; and
    • industry-wide safety risk profile.
Example: SAFETY PLANNING OBJECTIVES AND GOALS
  • business plan;
  • results of internal audits; and
  • occurrence and hazard reports.
Our current objectives and goals are:
  • Objective A: Reduce hazards and associated risks.
    • Goal 1: Receive an increased percentage (5 percent) of existing latent hazards annually through increased reporting.
    • Goal 2: Increase the number of occurrence reports received by 5 percent.
  • Objective B: Continue to enhance trend monitoring and the development of effective corrective action plans.
    • Goal 1: Provide additional trend monitoring and root cause analysis training to SMS manager.
    • Goal 2: SMS manager will provide additional SMS training to other personnel.
  • Objective C: To reduce losses through a reduction in the number and severity of accidents and incidents.
    • Goal 1: Increase the number of occurrence reports received by 5 percent.
    • Goal 2: Join the local aircraft maintenance engineer (AME) association.
    • Goal 3: Provide St. John's ambulance
      and fire extinguisher training
      to those who do not already have it.
1. Safety Management Plan    1.6 Performance Measurement and    1.7 Management Review
Minimal Complexity - One-Person Operation Moderate Complexity
Performance Measurement
The identification of performance expectations is needed to evaluate whether or not objectives are being met, training has been effective, system failures are being repaired, and if efforts to mitigate risk are actually working, etc.
An organization must decide on safety performance parameters to be measured. Identifying and measuring safety performance is a tool that can be used to assess the effectiveness of the SMS and verify continuous safety improvement progress.
Management Review
The purpose of management review is to evaluate how the SMS is working and assure continuous improvement in safety performance. This could be accomplished in a variety of ways, including: comparing performance with objectives and goals, and reviewing findings, incidents, audits and reports.
Performance Measurement and Management Review Combined
Many smaller organizations may choose to identify safety performance parameters and measure them in combination with the management review process.For example, the quality assurance audit (component 5) may be used as the basis for the safety performance measurement and management review process.
Performance measurement should ensure that:
  • there is a documented process to develop and maintain a set of performance parameters that are linked to the organization's goals and objectives; and
  • procedures have been established and maintained to monitor and measure safety performance on a regular basis.
Management review should ensure that:
  • there are periodic, planned reviews and reviews for cause of the company's safety management system to ensure its continuing adequacy and effectiveness as well as a review of company safety performance and achievement;
    • internal audit results;
    • safety objective achievement results;
    • hazards and occurrence investigation and analysis results;
    • internal/external feedback analysis and results;
    • status of corrective and preventive action(s);
    • follow-up actions from previous management reviews;
    • changes that could affect the SMS; and
    • recommendations for improvement.
  • there is a documented procedure defining responsibilities and requirements for planning and conducting internal audits of :
    • management policies, controls and procedures concerning all safety critical activities; and
    • the implementation and maintenance of SMS requirements established by the organization.
  • there is a process to evaluate the effectiveness of corrective actions resulting from the first bullet in this list.
Example: PERFORMANCE MEASUREMENT AND MANAGEMENT REVIEW
Annually, I utilize aspects of the quality assurance self-audit to conduct my management review, measure safety performance, assess SMS effectiveness and verify continuous improvement in accordance with the following process:
  • identifying trends;
  • evaluating effectiveness of corrective actions;
  • updating safety objectives and goals;
  • monitoring and updating safety performance measures;
  • allowing for risk-based allocation of resources;
  • reviewing safety-critical functions; and
  • reviewing the Emergency Response Plan.
The safety performance measures for this year are:
  • continued absence of serious injury and damage to non-organization personnel and/or property;
  • 50-percent reduction in minor injury and damage to non-organization personnel and/or property; and
  • 25-percent reduction in damage to organization property.
Performance Measurement
The identification of performance expectations is needed to evaluate whether or not objectives are being met, training has been effective, system failures are being repaired, and if efforts to mitigate risk are actually working, etc.
An organization must decide on safety performance parameters to be measured. Identifying and measuring safety performance is a tool that can be used to assess the effectiveness of the SMS and verify continuous safety improvement progress.
Management Review
The purpose of management review is to evaluate how the SMS is working and assure continuous improvement in safety performance. This could be accomplished in a variety of ways, including: comparing performance with objectives and goals, reviewing findings, incidents, audits and reports, identifying trends, the risk-based allocation of resources and Emergency Response Plan updates.
Performance Measurement and Management Review Combined
Organizations may choose to identify safety performance parameters and measure them in combination with the management review process.For example, the quality assurance audit (component 5) may be used as the basis for the safety performance measurement and management review process.
Performance measurement should ensure that:
  • there is a documented process to develop and maintain a set of performance parameters that are linked to the organization's goals and objectives; and
  • procedures have been established and maintained to monitor and measure safety performance on a regular basis;
  • the analysis and allocation of resources are based on outputs from the performance measurement;
  • personnel at all levels are aware of the safety performance measures in their areas of responsibility and the results of performance measures are transmitted to them.
Management review should ensure that:
  • there are periodic, planned reviews and reviews for cause of the company's safety management system to ensure its continuing adequacy and effectiveness as well as a review of company safety performance and achievement;
    • internal audit results;
    • activities to verify that employees understand the SMS and their role and responsibilities in it;
    • safety objective achievement results;
    • hazards and occurrence investigation and analysis results;
    • internal/external feedback analysis and results;
    • status of corrective and preventive action(s);
    • follow-up actions from previous management reviews;
    • changes that could affect the SMS;
    • recommendations for improvement;
    • sharing of best practices across the organization.
  • there is a documented procedure defining responsibilities and requirements for planning and conducting internal audits of:
    • management policies, controls and procedures concerning all safety critical activities; and
    • the implementation and maintenance of SMS requirements established by the organization
  • there is a process to evaluate the effectiveness of corrective actions resulting from the first bullet in this list;
  • The organization has established a structured committee or board, appropriate for the size and complexity of the organization, consisting of a full range of senior management representatives including certificated, non-certificated and third parties that review the management review report.
Example: PERFORMANCE MEASUREMENT AND MANAGEMENT REVIEW
Annually, management reviews data from various sources to measure safety performance, assess SMS effectiveness and verify continuous improvement.
Components of the process include:
  • identifying trends through data analysis and information sharing;
  • evaluating effectiveness of corrective actions;
  • updating safety objectives and goals;
  • monitoring and updating safety performance measures;
  • allowing for risk-based allocation of resources;
  • reviewing quality issues; and
  • reviewing the Emergency Response Plan.
Our safety performance measures for this year are:
  • number of hazards identified this year vs. previous years;
  • number of incident and accident reports received this year vs. previous years;
  • provision of SMS training to organization personnel;
  • reduction in minor injury and damage to non-organization personnel and/or property this year vs. previous years; and
  • reduction in damage to organization property this year vs. previous years.
2. Documentation    2.1 Identification and Maintenance of Applicable Regulations
Minimal Complexity - One-Person Operation Moderate Complexity
The purpose of the identification and maintenance of applicable regulations within a SMS is to ensure the organization understands its legal responsibilities, not simply to maintain a library.
Organizations currently have processes in approved documents such as the MCM, MPM or COM for the identification and maintenance of regulations. One method of addressing this issue is to reference the existing MCM, MPM or COM processes in the SMS document. Another option could include detailing the process in the SMS manual. Either of these methods will ensure that applicable regulations are identified, updated and dealt with as required. This could include other regulations such as occupational safety and health (OSH), environmental, U.S. Federal Aviation Regulations (FARs), etc.
Identification and maintenance of applicable regulations should ensure that:
  • a documented procedure has been established and maintained for identifying applicable regulatory requirements; and
  • regulations, Standards and exemptions are periodically reviewed to ensure that the most current information is available.
Example: IDENTIFICATION AND MAINTENANCE OF APPLICABLE REGULATIONS
I will review bi-annual CARs updates (via the summary) and act upon change as applicable. When received, additional safety regulations such as the Canada Labour Code, Workplace Safety and Insurance Act, 1997, and the latest revisions of manufacturer's technical information, will be reviewed and acted upon as applicable.
 The purpose of the identification and maintenance of applicable regulations within a SMS is to ensure the organization understands its legal responsibilities, not simply to maintain a library.
Organizations currently have processes in approved documents such as the MCM, MPM or COM for the identification and maintenance of regulations. One method of addressing this issue is to reference the existing MCM, MPM or COM processes in the SMS document. Another option could include detailing the process in the SMS manual. Either of these methods will ensure that applicable regulations are identified, updated and dealt with as required. This could include other regulations such as occupational safety and health (OSH), environmental, U.S. Federal Aviation Regulations (FARs), etc.
Identification and maintenance of applicable regulations should ensure that:
  • a documented procedure has been established and maintained for identifying applicable regulatory requirements;
  • regulations, Standards and exemptions are periodically reviewed to ensure that the most current information is available; and
  • all pertinent technical and regulatory information is readily accessible by personnel.
Example:
IDENTIFICATION AND MAINTENANCE OF APPLICABLE REGULATIONS
The purpose of identifying and maintaining applicable regulations is to ensure that we understand our legal responsibilities. The person responsible for safety will ensure the following process is followed:
  • Bi-annual review of CARs and Standards (via the summary), including applicable exemptions, and act upon change as appropriate;
  • When received, additional safety regulations, such as the Canada Labour Code and Workplace Safety and Insurance Act, 1997, will be reviewed and acted upon as applicable; and
  • Pertinent regulatory and technical information is available to all personnel through their applicable departments.
2. Documentation    2.2 SMS Documentation and 2.3 Records Management
Minimal Complexity–One-Person Operation Moderate Complexity
Documentation
Processes should be documented to help ensure the SMS is effective
and that personnel are aware of their roles, responsibilities and accountabilities.
There are two types of SMS documentation:
  1. the description of the policies, processes, and procedures to
    operate the SMS; and
  2. the records or outputs from the SMS processes. The reports
    that are generated will be analyzed and stored as records.
Records Management
Records provide a historical reference and information for continuous
safety improvement. They can detail such things as:
  1. occurrences and hazards;
  2. risk assessment and root cause analysis;
  3. training;
  4. corrective and preventative actions;
  5. trend monitoring;
  6. performance measurement; and
  7. goals and objectives.
Documentation and Records Management Combined
In many small organizations, maintaining documents and records are so closely linked that they are parts of the same process.
SMS documentation should ensure that:
  • there is controlled documentation that describes the SMS and the interrelationship between all of its elements;
  • there is a process to periodically review SMS documentation to ensure its continuing suitability, adequacy and effectiveness, and
    that changes to company documentation have been implemented;
    and
  • the organization has a process to identify changes within the organization that could affect company documentation.
Records management should ensure that:
  • the organization has a records system that ensures the generation
    and retention of all records necessary to document and support
    the SMS; and
  • the system shall provide the control processes necessary to ensure appropriate identification, legibility, storage, protection, archiving, retrieval, retention time, and disposition of records.
Example: SMS DOCUMENTATION AND RECORDS
MANAGEMENT
I maintain two types of SMS documents:
  • description of SMS policies, processes, and procedures; and
  • records or outputs from these processes.
The following policy, process and procedure documents are kept
in an easily-accessible location and are updated as required:
  • SMS manual;
  • maintenance control manual; and
  • company operations manual.
Records and output (information gathered through the SMS) will be stored in a secure filing cabinet and kept for a minimum of two audit cycles.
The SMS manual will be kept with the other required manuals and updated as required. Information in the SMS manual is reviewed
during the annual internal quality assurance audit. Additionally, information in the SMS manual is reviewed on an as-required
basis, i.e. to identify issues and trends between audit intervals.
 Documentation
Processes should be documented to help ensure the SMS
is effective and that personnel are aware of their roles, responsibilities and accountabilities.
There are two types of SMS documentation:
  1. the description of the policies, processes, and procedures to operate the SMS; and
  2. the records or outputs from the SMS processes.
    The reports that are generated will be analyzed
    and stored as records.
Records Management
Records provide a historical reference and information
for continuous safety improvement. They can detail such
things as:
  1. occurrences and hazards;
  2. risk assessment and root cause analysis;
  3. training;
  4. corrective and preventative actions;
  5. trend monitoring;
  6. performance measurement; and
  7. goals and objectives.
Documentation and Records Management Combined
In many small organizations, maintaining documents and records are so
closely linked that they are parts of the same process.
SMS documentation should ensure that:
  • there is controlled documentation that describes the SMS and the interrelationship between all of its elements;
  • documentation is readily accessible to all personnel;
  • there is a process to periodically review SMS documentation to
    ensure its continuing suitability, adequacy and effectiveness, and
    that changes to company documentation have been implemented;
  • there are acceptable means of documentation,
    including but not limited to, organizational charts,
    job descriptions and other descriptive written
    material that defines and clearly delineates the
    system of authority and responsibility within the organization for ensuring safe operation; and
  • the organization has a process to identify changes within the organization that could affect company documentation.
Records management should ensure that:
  • the organization has a records system that ensures
    the generation and retention of all records necessary
    to document and support the SMS;
    and
  • the system shall provide the control processes necessary to ensure appropriate identification,
    legibility, storage, protection, archiving,
    retrieval, retention time, and disposition of records.
Example:
SMS DOCUMENTATION AND RECORDS MANAGEMENT
By documenting and managing associated records, we ensure all personnel remain informed and involved with our SMS. The person responsible for
the SMS maintains two types of SMS documents and records:
  • description of SMS policies, processes, and procedures; and
  • records or outputs from these processes.
The following policy, process and procedure
documents are kept in a
location easily accessible by all personnel and are
updated as required:
  • SMS manual;
  • maintenance control manual; and
  • company operations manual.
Records and output (information gathered through the SMS) will be stored in a secure filing cabinet and kept for a minimum of two audit cycles.
The SMS manual will be kept with our other required manuals and updated as required. Information in the SMS manual is reviewed
during the annual internal quality assurance audit. Additionally, information in the SMS manual is reviewed on an as-required basis,
i.e. to identify issues and trends between audit intervals. Information recorded in the SMS manual will be stored for a period of two
audit cycles.
3. Safety Oversight 3.1 Reactive Processes-Reporting
Minimal Complexity - One-Person Operation Moderate Complexity
A simple reactive process is essentially a means to report, analyze and identify corrective actions for occurrences (incidents or accidents that have already happened).A reactive process should ensure that:
  • the organization has a process or system that provides for the capture of information including hazards, incidents and accidents and other data relevant to SMS;
  • the reactive reporting system is simple, accessible and commensurate with the size and complexity of the organization;
  • reactive reports are reviewed;
  • there is a process in place to monitor and analyze trends; and
  • corrective actions are generated and implemented to respond to event analysis.

    Note:
    In an organization of minimal complexity, a simple documentation tool, such as an incident and hazard record book for reactive process management, may be considered.
Example:
REACTIVE PROCESSES
When an occurrence, incident or accident occurs it must be documented by completing the OCCURRENCE REPORT AND HAZARD IDENTIFICATION FORM included in Appendix B.The process is as follows:
  • Complete Parts A, B and C as soon as practicable.
    • Part A consists of tombstone data, incident/accident narrative and preliminary recommendations.
    • Part B is the incident/accident analysis process.
  • When Parts A, B and C have been completed, the incident and hazard record book will be updated with a narrative of the process results.
  • Completed forms will be stored in a secure location and retained for two audit cycles.
A reactive process is essentially a means to report, analyze and identify corrective
actions for occurrences (incidents or accidents that have already happened).As the organization increases in complexity, it is possible that more individuals with delegated
levels of management will become involved in these processes.A reactive process
should ensure that:
  • the organization has a process or system that provides for the capture of
    information including hazards, incidents and accidents and other data relevant
    to SMS;
  • the reactive reporting system is simple, accessible and commensurate with the
    size and complexity of the organization;
  • reactive reports are reviewed at the appropriate level of management;
  • there is a feedback process to notify contributors that their reports have been
    received and to share the end results of the analysis;
  • there is a process in place to monitor and analyze trends; and
  • corrective actions are generated and implemented to respond to event analysis;
  • the organization has a process in place to ensure confidentiality when requested;
  • the range and scope of safety-related occurrences or deficiencies that must be
    reported by employees are explained and defined;
  • there is evidence that personnel are encouraged and supported to suggest corrective actions when submitting a report.
Example: REACTIVE PROCESSES
As a component of our continuous safety improvement process, we maintain an occurrence/hazard reporting system (reactive/proactive) to collect and analyze
data and carry out investigations. All reports will be dealt with in confidence. Self-identified reporters will receive a response acknowledging their submission within 5 days, and an update within 30 days or upon process completion. The process is described in detail below.
When an occurrence (incident or accident) happens this must be documented by completing the OCCURRENCE REPORT AND HAZARD IDENTIFICATION FORM located in Appendix B.
The process is as follows:
  • Complete Parts A, B and C as soon as practicable.
    • Reporter completes Part A and submits it to the person responsible for safety. Part A consists of tombstone data, occurrence narrative and preliminary recommendations.
    • The person responsible for safety leads the investigation and completes Part B (occurrence analysis).
    • The person responsible for safety leads the development of corrective actions in accordance with Part C, including follow up and the determination of the requirement to carry out a risk assessment.
    • A risk assessment is required when:
      • trend analysis shows that previous corrective actions have not resolved similar concerns;
      • it is not clear what the root cause is;
      • the issue is complex;
      • the potential loss is severe; or
      • the person responsible for safety or other personnel feel it is necessary.
  • When Parts A, B and C have been completed, relevant documentation will be filed and saved for a minimum of two audit cycles.
  • This information will be used as part of our
    performance measurement and management review process
The following must be reported:
  • any incident or accident involving injury or damage to personnel, equipment or facilities;
  • any incident or accident involving injury or damage to non-organization personnel, equipment or facilities, resulting from organization operations.
3. Safety Oversight   3.2 Proactive Processes-Hazard ID
Minimal Complexity - One-Person Operation Moderate Complexity
A simple proactive process is essentially a means to report, analyze and identify preventative actions for hazards (a condition that could potentially contribute to an accident or incident).A proactive process should ensure that:
  • the organization has a proactive process or system that provides for the capture of information identified as hazards and other data relevant to SMS and develops a hazard register;
  • the proactive reporting process is simple, accessible and commensurate with the size and complexity of the organization;
  • proactive reports are reviewed;
  • there is a process in place to monitor and analyze trends;
  • corrective actions are generated and implemented in response to hazard analysis;
  • the organization has planned self-evaluation processes, such as regularly scheduled reviews, evaluations, surveys, operational audits, assessments, etc;
  • the organization conducts hazard analyses and builds a safety case for changes that may impact their operations for example :
    • introduction of new aircraft type; and
    • change in route structures.
  • the organization has a clearly defined interval between hazard analyses; and
  • the organization will develop a safety risk profile that prioritizes hazards listed on the hazard register. 
Note:
In an organization of minimal complexity, a simple documentation tool such as an incident and hazard record book for proactive process management may be considered.
Example:
PROACTIVE PROCESSES
When a hazard is identified, it must be documented by completing the OCCURRENCE REPORT AND HAZARD IDENTIFICATION FORM located in Appendix B.
The process is as follows:
  • Complete Parts A and C as soon as practicable.
    • Part A consists of tombstone data, hazard narrative and preliminary recommendations.
  • When Parts A and C have been completed, the incident and hazard record book will be updated with a narrative of the process results.
  • Completed forms will be stored in a secure location and retained for two audit cycles.
A proactive process is essentially a means to report, analyze and identify preventative actions for hazards (a condition that could potentially contribute to an accident or incident).
As the organization increases in complexity, it is possible that more individuals with delegated levels of management will become involved in these processes.
A proactive process should ensure that:
  • the organization has a proactive process or system that provides for the capture of information identified as hazards and other data relevant to SMS and develops a hazard register;
  • the proactive reporting process is simple, accessible and commensurate with the size and complexity of the organization;
  • proactive reports are reviewed at the appropriate level of management;
  • there is a feedback process to notify contributors that their proactive reports have been received and to share the end result of the analysis;
  • there is a process in place to monitor and analyze trends;
  • corrective actions are generated and implemented in response to hazard analysis;
  • the organization has planned self-evaluation processes, such as regularly scheduled reviews, evaluations, surveys, operational audits, assessments, etc;
  • the organization conducts hazard analyses and builds a safety case for changes that may impact their operations for example :
    • introduction of new aircraft type;
    • change in route structures;
    • change in key personnel;
    • mergers; and
    • management/bargaining agent agreements.
    • the organization has a clearly defined interval between hazard analyses; and
    • the organization will develop a safety risk profile that prioritizes hazards listed on the hazard register;
  • the organization has a process in place to ensure confidentiality when required;
  • the range and scope of safety-related hazards that must be reported are explained and defined;
  • all proactive reports are subjected to a risk analysis process to determine their level of priority on the safety risk profile and the extent of further action.
Example:
PROACTIVE PROCESSES
When a hazard is identified, it must be documented by completing the OCCURRENCE REPORT AND HAZARD IDENTIFICATION FORM located in Appendix B.
The process is as follows:
  • Complete Parts A and C as soon as practicable.
    • Reporter completes Part A and submits it to the person responsible for safety. Part A consists of tombstone data, hazard narrative and preliminary recommendations.
    • The person responsible for safety will lead the development of preventative actions in accordance with Part C, including follow up and the determination of the requirement to carry out a risk assessment.
    • A risk assessment is required when:
      • trend analysis shows that previous preventative actions have not resolved similar concerns;
      • it is not clear what the root cause is;
      • the issue is complex;
      • the potential loss is severe; and
      • the person responsible for safety or other personnel feel it is necessary.
  • When Parts A and C have been completed, relevant documentation will be filed and saved for a minimum of two audit cycles.
  • This information will be used as part of our
    performance measurement and management review process.
The following must be reported:
  • any identified hazards that may contribute to an incident or accident involving injury or damage to organization personnel, equipment or facilities; and
  • any identified hazards that may contribute to an incident or accident involving injury or damage to non-organization personnel, equipment or facilities resulting from organization operations.
Reactive and Proactive Processes Chart
Even though the reactive process deals with events that have already happened and the proactive process looks for potential problems, the methods used to manage both are similar. While these processes are separate issues, many organizations will choose to combine them as much as practicable due to their similarities.
3. Safety Oversight   3.3 Investigation and Analysis
Minimal Complexity - One-Person Operation Moderate Complexity
To mitigate and correct potentially unsafe situations and events, investigation procedures should be in place.
Five basic steps make up a typical investigation process:
  1. Identification of the issue;
  2. Documentation of the issue;
  3. Determination of the cause;
  4. Development and implementation of corrective or preventive actions; and
  5. Evaluation of corrective actions to make sure they are effective.
Investigation and analysis should ensure that:
  • there are procedures in place for the conduct of investigations;
  • measures exist to ensure that all reported hazards, incidents and accidents are reviewed and, where required, investigated;
  • there is a process to ensure that hazards, incidents and accidents are analyzed to identify contributing and root causes;
  • when identifying contributing and root causes, the organization considers individual human factors and the environment;
  • there is a process to capture information from an investigation that can be used to monitor and analyze trends; and
  • there is evidence that the organization has made every effort to complete the investigation and analysis process in the established timeframe.
    Note:
    If the investigation and analysis portions of the system are already detailed somewhere else, then a simple reference to those areas should be sufficient.
Example:
INVESTIGATION AND ANALYSIS
The ability to investigate, analyze and identify the cause or probable cause of hazards and occurrences documented through the SMS is an important component of my continuous safety improvement process. Investigation and analysis are components of the reactive, proactive and risk-management processes. Details can be found in those sections.
 To mitigate and correct potentially unsafe situations and events, investigation
procedures should be in place.
Five basic steps make up a typical investigation process:
  1. Identification of the issue;
  2. Reporting/documentation of the issue;
  3. Determination of the cause;
  4. Development and implementation of corrective or preventive actions;
    and
  5. Evaluation of corrective actions to make sure they are effective
Investigation and analysis should ensure that:
  • there are procedures in place for the conduct of investigations;
  • measures exist to ensure that all reported hazards, incidents and
    accidents are reviewed and, where required, investigated;
  • there is a process to ensure that hazards, incidents and accidents are analyzed
    to identify contributing and root causes;
  • when identifying contributing and root causes, the organization considers individual human factors, the environment, supervision and organizational elements;
  • the organization has a staff of competent investigators commensurate with its
    size and complexity;
  • results of the analysis are communicated to the responsible manager for corrective action and to other relevant managers for their information; and
  • there is a process to capture information from an investigation that can be
    used to monitor and analyze trends; and
  • there is evidence that the organization has made every effort to complete the investigation and analysis process in the established timeframe.

    Note:
    If the investigation and analysis portions of the system are already
    detailed somewhere else, then a simple reference to those areas
    should be sufficient.
Example:
INVESTIGATION AND ANALYSIS
The ability to investigate, analyze and identify the cause or probable
cause of hazards and occurrences documented through the SMS is an important component of our continuous safety improvement process. Investigation and analysis are components of the reactive, proactive
and risk-management processes. Details can be found in those sections.
The person responsible for safety will lead the investigation and analysis
of occurrences and hazards to:
  • determine the cause;
  • develop and implement corrective or preventive actions; and
  • evaluate corrective actions to make sure they are effective.
3. Safety Oversight   3.4 Risk Management
Minimal Complexity - One-Person Operation Moderate Complexity
When a hazard has been identified, and the requirement for a risk assessment determined, associated risks need to be established. This process should express the level of risk based on likelihood (probability) and seriousness (severity).
Risk management should ensure that:
  • there are criteria for evaluating the level of risk and the tolerable level of risk the organization is willing to accept;
  • the organization has risk control strategies that include risk control, risk acceptance, risk mitigation, risk elimination and where applicable a corrective action plan;
  • corrective actions resulting from the risk assessment, including timelines, are documented; and
  • the organization has a process for evaluating the effectiveness of the corrective actions.
Example:
RISK MANAGEMENT
If it is determined that a risk assessment is required for identified hazards and occurrences, I will document the risk management process by completing the RISK MANAGEMENT WORKSHEET located in Appendix E.
The risk-management process is as follows:
  • the hazard or occurrence is identified;
  • the associated risks are determined;
  • the probability or severity risk rating is determined;
  • risk control strategies, including timelines, are developed and a revised risk rating is determined;
  • risk control strategies are implemented;
  • implemented risk controls are assessed;
  • when the process has been completed, the SMS file is updated with a narrative of the results; and
  • the completed forms are stored in a secure location.
When a hazard has been identified, and the requirement for a risk assessment determined, associated risks need to be established. This process should express the level of risk based on likelihood (probability), level of exposure and seriousness (severity).
Risk management should ensure that:
  • there are criteria for evaluating the level of risk and the tolerable level of risk the organization is willing to accept;
  • the organization has risk control strategies that include risk control, risk acceptance, risk mitigation, risk elimination and where applicable a corrective action plan;
  • corrective actions resulting from the risk assessment, including timelines, are documented; and
  • the organization has a process for evaluating the effectiveness of the corrective actions.
Example:
RISK MANAGEMENT
The ability to identify hazards and assess risk associated with hazards is an important component of our continuous safety improvement process. If it is determined that a risk assessment is required, the person responsible for safety will conduct and document the process by completing the RISK MANAGEMENT WORKSHEET located in Appendix E.
The risk-management process is as follows:
  • the hazard or occurrence is identified;
  • the associated risks are determined;
  • the probability or severity risk rating is determined;
  • risk control strategies, including timelines, are developed and a revised risk rating is determined;
  • risk control strategies are implemented;
  • implemented risk controls are assessed;
  • when the process has been completed, the SMS file is updated with a narrative of the results; and
  • the completed forms are stored in a secure location.
4. Training   4.1 Training, Awareness and Competence
Minimal Complexity - One-Person Operation Moderate Complexity
In order to comply with SMS requirements, knowledge of human and organizational factors as well as an appropriate level of competence is necessary. To effectively accomplish this, the organization should identify and document applicable SMS training requirements.
As a condition of the existing air operator certificate, the sole
employee is currently trained in accordance with applicable CARs training requirements. In this case, relevant SMS training needs to be added to existing training requirements.
Training, awareness and competence should ensure that:
  • there is a process to identify SMS training requirements;
  • there is a process to measure SMS training effectiveness;
  • initial, recurrent and update training as applicable is included;
  • human and organizational factors are included; and
  • emergency preparedness and response training as applicable are
    included.
Example:
SMS TRAINING, AWARENESS AND COMPETENCE
As a condition of the existing air operator certificate, the accountable executive is currently trained in accordance with all applicable Part VII training requirements. In order to meet additional SMS training requirements, I have implemented the following:
  • Initial SMS training
    • The accountable executive has developed and implemented
      the organization's SMS, therefore, this meets the intent of
      initial SMS training requirements.
  • Update SMS training:
    • When regulatory changes have been identified, such changes will be reviewed and incorporated, if applicable, and SMS documents will be updated as required.
  • Additional SMS training:
    • Where it is shown to be necessary by findings identified
      during the internal quality assurance audit, additional
      training will be undertaken; and
    • When any new requirement arises, for example new or
      modified equipment.
  • Training validation/performance measurement:
    • Assessment of the overall effectiveness of training shall be determined by any internal audit finding that identifies additional training in the corrective action plan. Subsequent audits will validate the effectiveness of the training provided.
  • Emergency preparedness and response training:
    • I have briefed local emergency service providers on its operation, and participate in emergency response exercises.
  • Training records:
    • A record of all training completed is kept on file.
In order to comply with SMS requirements, knowledge of human and organizational factors as well as an appropriate level of competence is necessary. To effectively accomplish this, the organization should
identify and document applicable SMS training requirements.
As a condition of the existing air operator or approved maintenance organization (AMO) certificates, employees are currently trained in
accordance with applicable CARs training requirements. In this case,
relevant SMS training needs to be added to existing training requirements.
Organizations should assess the overall effectiveness of training provided
as part of the performance measurement/management review process,
and they should ensure that appropriate individuals or groups are familiar
with their Emergency Response Plan.
As the organization grows in size and complexity, different individuals may receive different types of training depending on their area of specialization
within the organization and their involvement with the SMS. Training,
awareness and competence should ensure that:
  • there is a documented process to identify training requirements so
    that personnel are competent to perform their duties within the SMS;
  • there is a validation process that measures the effectiveness of the
    SMS training;
  • there is emergency preparedness and response training for affected personnel.
  • SMS training requirements are documented for each area of activity within the organization, including non-certificated areas where training requirements are not defined by regulations.  The attendance at
    symposia should also be considered;
  • a SMS training file is developed for each employee, including management, to assist in identifying and tracking employee training requirements and verifying that personnel have received the planned training; and
  • management recognizes and uses informal opportunities to instruct employees on safety management.
Example:
SMS TRAINING, AWARENESS AND COMPETENCE
All personnel are qualified in accordance with applicable CARs training requirements. In order to meet additional SMS training requirements we have implemented the following:
  • Initial SMS training:
    • The person responsible for safety will receive additional
      trend monitoring and root cause analysis training; and
    • The person responsible for safety will provide all
      organization personnel with an initial training session
      on the SMS.
  • Update SMS training:
    • When regulatory changes have been identified, such
      changes will be reviewed and incorporated, if applicable,
      and the SMS program will be updated as required;
    • Once each year, or as required, all personnel will receive update training to include:
      • information on changes to the SMS; and
      • a review of all reported occurrences and hazards, including recommended mitigations and corrective
        or preventative actions.
  • SMS training validation/performance measurement:
    • Assessment of the overall effectiveness of training shall be determined by:
      • the person responsible for safety evaluating the
        level of learning through verbal or written quizzes;
      • any internal audit finding that identifies additional training in the corrective action plan.
  • Additional SMS training:
    • Where it is shown to be necessary by findings identified during the internal quality assurance audit, additional training will be undertaken; and
    • When any new requirement arises, for example new or modified equipment.
  • Emergency preparedness and response training:
    • The person responsible for safety will ensure that all personnel are trained in, and aware of, their duties and responsibilities within the organization's Emergency
      Response Plan; and
    • The organization has briefed local emergency service providers on its operation, and participates in emergency response exercises.
  • Training records:
    • A record of all training completed will be kept in
      personnel fi      les.
5. Quality Assurance   5.1 Operational Quality Assurance
Minimal Complexity - One-Person Operation Moderate Complexity
The quality assurance audit is a means of assessing the effectiveness of the SMS and determining if SMS expectations have been met.
Certificate holders are currently required to follow internal quality assurance procedures in areas outside of SMS. Regulations and expectations require that the SMS also undergo an operational quality assurance process. Adding SMS quality assurance requirements to existing quality assurance processes is one way of addressing this need.
Operational quality assurance should ensure that:
  • a quality assurance program is established and maintained;
  • there exists an operationally independent audit function with the authority required to carry out an effective internal evaluation program;
  • the organization conducts reviews and audits of its processes, its procedures, analyses, inspections and training;
  • the organization has a system to monitor for completeness the internal reporting process and the corrective action completion;
  • the quality assurance system covers all functions defined within the certificate(s);
  • there are defined audit scope, criteria, frequency and methods;
  • a selection/training process to ensure the objectivity and competence of auditors as well as the impartiality of the audit process;
  • there is a procedure to record verification of action(s) taken and the reporting of verification results;
  • the organization performs a periodic Management review of safety critical functions and relevant safety or quality issues that arise from the internal evaluation program;
  • there is a documented procedure for reporting audit results and maintaining records;
  • there is a documented procedure outlining requirements for timely corrective and preventive action in response to audit results; and
  • there is evidence that the quality assurance program has itself been subjected to internal audits.
Example:
OPERATIONAL QUALITY ASSURANCE (QA)
As a condition of the existing air operator certificate, I meet applicable CARs Part VII, QA Program requirements. In order to meet additional SMS QA requirements, I have implemented the following:
  • Existing independent audit procedures will continue to be followed;
  • The organization has added applicable SMS components to existing annual internal audit checklists, to include:
    • Safety policy;
    • Communications;
    • Safety planning objectives and goals;
    • Performance measurement and management review;
    • Identification and maintenance of applicable regulations;
    • SMS documentation and records management;
    • Reactive and proactive processes, investigation and analysis;
    • Risk management;
    • Training;
    • Emergency preparedness and response; and
    • Review of safety critical functions.
  • Additional SMS audit component training will be provided if required.
The quality assurance audit is a means of assessing the effectiveness of the SMS and determining if SMS expectations have been met.
Certificate holders are currently required to follow internal quality assurance procedures in areas outside of SMS. Regulations and expectations require that the SMS also undergo an operational quality assurance process. Adding SMS quality assurance requirements to existing quality assurance processes is one way of addressing this need.
Operational quality assurance should ensure that:
  • a quality assurance program is established and maintained, and the program is under the management of an appropriate person;
  • there exists an operationally independent audit function with the authority required to carry out an effective internal evaluation program;
  • the organization conducts reviews and audits of its processes, its procedures, analyses, inspections and training;
  • the organization has a system to monitor for completeness the internal reporting process and the corrective action completion;
  • the quality assurance system covers all functions defined within the certificate(s);
  • there are defined audit scope, criteria, frequency and methods;
  • a selection/training process to ensure the objectivity and competence of auditors as well as the impartiality of the audit process;
  • there is a procedure to record verification of action(s) taken and the reporting of verification results;
  • the organization performs a periodic Management review of safety critical functions and relevant safety or quality issues that arise from the internal evaluation program;
  • there is a documented procedure for reporting audit results and maintaining records;
  • there is a documented procedure outlining requirements for timely corrective and preventive action in response to audit results;
  • there is evidence that the quality assurance program has itself been subjected to internal audits; and
  • competence to perform duties is evaluated;
  • where contracted functions exist, the organization performs a quality assurance review on those functions;
  • the audit report recognizes excellence to provide opportunities for recognition by management and motivation of people.
Example:
OPERATIONAL QUALITY ASSURANCE (QA)
As a condition of the existing air operator or approved maintenance organization (AMO) certificates, we meet applicable CARs Parts IV and V, QA Program requirements. In order to meet additional SMS QA requirements, we have implemented the following:
  • Existing independent audit procedures will continue to be followed;
  • The organization has added applicable SMS components to existing annual internal audit checklists, to include:
    • Safety policy;
    • Non-punitive reporting policy;
    • Roles, responsibilities and employee involvement;
    • Communications;
    • Safety planning objectives and goals;
    • Performance measurement and management review;
    • Identification and maintenance of applicable regulations;
    • SMS documentation and records management;
    • Reactive and proactive processes, investigation and analysis;
    • Risk management;
    • Training;
    • Emergency preparedness and response; and
    • Review of safety critical functions.
  • Additional SMS audit component training will be provided as required.
6. Emergency Preparedness    6.1 Emergency Preparedness and Response
Minimal Complexity - One-Person Operation Moderate Complexity
Although no one conducts operations with the intent of having an accident or serious
incident, the possibility is always there. When an accident or serious incident does
happen, confusion is often a common factor. The Emergency Response Plan
is a condensed document, customized to meet an organization's unique
operating requirements and designed to assist organizations in responding to
an accident or serious incident. Many of the steps that must take place in the event of an aviation emergency can be planned.
This will eliminate most of the confusion that usually occurs when an emergency happens. Emergency response plans and procedures are living documents and require regular exercising and review if they are to be effective when called upon. Emergency preparedness and response should ensure that:
  • the organization has an emergency preparedness procedure
    appropriate to the size, nature and complexity of the organization;
  • the emergency preparedness procedures have been documented
    and implemented;
  • the emergency preparedness procedures have been periodically
    reviewed as a part of the management review;
  • the organization has a process to distribute the Emergency Response
    Plan (ERP) procedures and to communicate the content to affected
    organizations/external personnel; and
  • the organization has conducted drills and exercises with applicable
    personnel/organizations at intervals defined in the approved control manual.
Example: EMERGENCY PREPAREDNESS AND RESPONSE
Under the management of the accountable executive, the
organization has implemented a documented Emergency Response Plan (ERP).
The ERP is:
  • periodically examined as part of the management review;
  • distributed to all parties who have a role to play in the event of an emergency;
  • exercised in co-operation with local authorities on an annual basis;
  • updated as required by exercises and reviews; and
  • a required training item for all personnel who may be involved in the event of an emergency.
Although no one conducts operations with the intent of having an accident or serious
incident, the possibility is always there. When an accident or serious incident does
happen, confusion is often a common factor. The Emergency Response Plan is a
condensed document, customized to meet an organization's unique operating
requirements and designed to assist organizations in responding to an accident or serious incident. Many of the steps that must take place in the event of an aviation emergency
can be planned. This will eliminate most of the confusion that usually occurs when an emergency happens. Emergency response plans and procedures are living documents
and require regular exercising and review if they are to be effective when called upon.
While, traditionally, emergency response planning has been focused primarily on flight operations, maintenance and any other operations
within an organization should be readied for a catastrophic or
emergency event.
Emergency preparedness and response should ensure that:
  • the organization has an emergency preparedness procedure appropriate
    to the size, nature and complexity of the organization;
  • the emergency preparedness procedures have been
    documented, implemented and assigned to a responsible
    manager;
  • the emergency preparedness procedures have been
    periodically reviewed as a part of the management review and after key
    personnel or organizational changes;
  • the organization has a process to distribute the Emergency Response
    Plan (ERP) procedures and to communicate the content to affected
    personnel; and
  • the organization has conducted drills and exercises with all
    key personnel at intervals defined in the approved control
    manual.
Example:
EMERGENCY PREPAREDNESS AND RESPONSE
The organization recognizes that even the safest organizations can suffer loss.
In order to reduce human suffering and property damage after an accident or
serious incident has occurred, the organization has developed an Emergency
Response Plan (ERP).
The ERP is:
  • periodically examined as part of the management review;
  • communicated and distributed to all organization and flight watch
    personnel and local emergency response authorities;
  • exercised in co-operation with local authorities on an annual basis;
  • updated as required by exercises and reviews; and
  • a required training item for all personnel who may be involved in the
    event of an emergency.
Return to Top of Page
Top of Page

APPENDIX B - OCCURRENCE REPORT AND HAZARD IDENTIFICATION FORM

PART A


Note:

Part A must be completed as soon as practical after an occurrence is reported or a hazard is identified. Submit completed reports to the person responsible for safety as soon as practicable.

Name:
____________________________
Date:
____________________________
Location:
____________________________
Report No.
____________________________
Hazard Identification Report:
____________________________
Occurence Report:
____________________________

Note:

If reporting an occurrence, Part B must be completed as soon as practicable. In all cases, Part C must be completed as soon as practicable.

Details of Occurence:
____________________________

Preliminary recommendations to prevent a future occurrence or eliminate hazard:

Return to Top of Page
Top of Page

APPENDIX C - INCIDENT/ACCIDENT ANALYSIS

PART B
Can the occurrence be attributed to one or more causes listed below? If “yes,” estimate a percentage for each cause and state what may have prevented it.
    NO YES % Prevention
1. Lack of communication        
2. Complacency        
3. Lack of knowledge        
4. Distraction        
5. Lack of teamwork        
6. Fatigue        
7. Lack of resources        
8. Pressure from:
  • self
  • peers
  • organization
  • schedule
       
9. Lack of assertiveness        
10. Stress        
11. Lack of awareness        
12. Norms        
13. Additional        
14. Additional        
Return to Top of Page
Top of Page

APPENDIX D - CORRECTIVE/PREVENTATIVE ACTION PLAN

Is a risk assessment required? Yes______ No_______

Note :

If a risk assessment is required, complete it before determining short- and long-term corrective action plan.
Short-term corrective/preventative action - to be completed within 30 days:
Long-term corrective/preventative action - including due date and follow-up requirements:
Follow-up:
Was the corrective/preventative action effective? Yes ________ No ________

Note :

If “no,” a revised corrective action plan is to be determined, documented and its effectiveness is to be determined.

APPENDIX E - RISK MANAGEMENT WORKSHEET

1. Hazard/Occurrence: 2. Date : 3. Prepared by:

4. Hazard 5. Risks 6. Initial risk rating 7. Risk control strategies 8. Revised risk rating 9. Implementation 10.Control effectiveness













           
Process Manager:_______________________
Signature 		 _______________
Date
Return to Top of Page
Top of Page

APPENDIX F - RISK MATRIX

This risk matrix is designed to help determine the level of risk for a particular hazard by providing objective criteria relating to probability and severity.

Low
Medium
High

Probability 5 5 10 15 20 25
4 4 8 12 16 20
3 3 6 9 12 15
2 2 4 6 8 10
1 1 2 3 4 5
  1 2 3 4 5
  Severity

Values Risk Levels Action
1 – 5 Low Proceed after considering all elements of risk.
6 – 12 Medium Continue after taking appropriate mitigating action.
13 – 25 High STOP: do not proceed until sufficient control measures have been implemented to reduce risk to an acceptable level.

Severity (S)
Level 1
  • No damage or injury or adverse consequences.
Level 2
  • Personnel - first aid injury; no disability or lost time
  • Public - minor impact
  • Environment - contained release
  • Equipment - minor damage; potential organizational slowdown or potential downtime
Level 3
  • Personnel - lost time injury; no disability
  • Public - greater than minor impact, loss of confidence; some injury potential
  • Environment - small uncontained release
  • Equipment - minor damage; leads to organizational slowdown or minor downtime
Level 4
  • Personnel - disability or severe injury
  • Public - exposed to a hazard that could or will produce injuries
  • Environment - moderate uncontained release
  • Equipment - major damage; results in major slowdown or downtime
Level 5
  • Personnel - fatal, life-threatening injury
  • Public - exposed to life-threatening hazard
  • Environment - large uncontained release
  • Equipment - loss of critical equipment, or shutdown of organization
Probability (P)
Level 1
  • Mishap almost impossible.
Level 2
  • Postulated event (may be possible, but not known to have occurred).
Level 3
  • Has occurred rarely (known to have happened, but a statistically credible frequency cannot be determined).
Level 4
  • May/has occur(ed) infrequently.
Level 5
  • May/has occur(ed) frequently.
Date modified:
2012-02-27