Integrated Safety Management Systems – lessons from the ... · PDF fileIntegrated Safety...
Transcript of Integrated Safety Management Systems – lessons from the ... · PDF fileIntegrated Safety...
Integrated Safety Management Systems –lessons from the Aviation Industry
Rob Lee, PhD
NAVY ARMY AIR
FORCE
There is no such thing as an
accident. What we call by that
name is the effect of some
cause which we do not see- Voltaire
Australasian University Safety Association Conference, 2011
For every complex problem, there is invariably
a simple solution, which is almost always wrong
H.L Mencken
Safety management is not rocket science… the
challenge of rocket science pales in comparison to the
complexities of safety management.
- James Reason, 2005
Rob Lee, PhD
Some history...
The A380 was not the first French double deck airliner; it was
the Breguet “Deux Ponts”, of the 1950’s
Global Accident Rate: as at end Q3 2009Western-built Jet Hull Losses per Million Sectors
1.00
1.20
IATA Member Rate
Industry Rate
0.00
0.20
0.40
0.60
0.80
2000 2001 2002 2003 2004 2005 2006 2007 2008 30-Sep-09
However, as an industry, aviation is not particularly safe…
4.9 5.2 5.3
9.7
6
8
10
12Lost Workday Cases per 100 Employees*
* U.S. Bureau of Labor Statistics, 2001 Data
4.7 4.9 5.2 5.3
32.6
2.31.90.3
0
2
4
6
DuPont
Chemicals
Mining
Repair Services
Pulp & Paper
Transportatio
n Equip.
Primary M
etal Industri
es
Food & K
indred Prod.
Lumber & W
ood Products
Transportatio
n by Air
IndustryAverage (2.6)
To achieve significant and sustainable improvement in safety, every accident and incident, must be considered as a failure of the system
The Systems Safety Philosophy
...and not simply as the failure of a ...and not simply as the failure of a
person, or people
...even though human errors or
violations will almost certainly be
involved in the occurrence
The Reason Model of Systems Safety
▪ Was originally developed in the 1980s by Professor James Reason, Department of Psychology, University of Manchester
The Piper Alpha disaster, 6 July, 1988
The safety policy and
procedures were in place:
the practice was deficient
- Lord Cullen
DEFENCES
BARRIERS
ACCIDENTS
&
SERIOUS
WORKPLACElocal conditions
ERROR-
PRODUCING
CONDITIONS
ORGANISATION
organisational
Deficiencies:
latent conditions
MANAGEMENTDECISIONS
VIOLATIONS
ERRORS
Safety information feedback loops: outer ; inner
PERSON
group/team
OPERATIONS
LATENT DEFICIENCIES IN DEFENCES(HOLES IN THE DEFENCES - SWISS CHEESE MODEL)
The Reason Model of Systems Safety
SERIOUS
INCIDENTSVIOLATION-
PRODUCING
CONDITIONS
DECISIONSAND
ORGANISATIONALPROCESSES
TASKING
Limited coping resources can get nibbled away
Accumulat ion of minor event s. Not so much
holes as st eady at t r it ion
(Reason, 2000)
TECHNICAL
FAILURES
The Reason Model: defences, controls, barriers…
Preventive controls Recovery controls
AccidentPotential accident Accident
Incident
accident
No IncidentWhat is the most
important information for
safety management?
The primary contributing factors in all accidents and incidents, in every high technology industry, are high technology industry, are human factors, at both the individual and organisational levels.
Human factors
The physical hazards of aviation operations are well known.
However, it is human factors which constitute the greatest area of risk.constitute the greatest area of risk.
Consequently, a basic knowledge and understanding of human factors must be integrated into the business processes of the organisation
… from the very top of the company
Human Factors
Human factors refers to the study of humans as components of complex systems made up of people and systems made up of people and technology.
These are often called ‘sociotechnical’ systems.
Human FactorsHuman factors is concerned with understanding the performance capabilities and limitations of the individual person.individual person.
As well as the collective role of all the people in the system which contribute to its output.
Which therefore includes factors such as organisational culture.
People are not autonomous. They are components of systems made up of people and technology
selectionequipment
design
Individual behaviourprocedures
trainingworking
conditions
culture
Systemic factorsSource: Brent Hayward
▪ People...
• operate
• maintain
• design
• manage• manage
• regulate
• build
• finance
... the systems within these industries
The negative dimension:
The human factors contribution to accidents
and incidents is close to 100%
The human contribution to system safety:
and incidents is close to 100%
The positive dimension
Operational experience and accident/incident
investigation shows that humans play the
primary role in maintaining and enhancing
safety
Annex 13 to the Convention on
International Civil Aviation
Aircraft Accident and Incident Investigation
Para 1.17 Organizational and management information.
Pertinent information concerning the organizations and
their management involved in influencing the operation of
the aircraft.
The organizations include, for example, the operator; the
air traffic services, airway, aerodrome and weather service
agencies; and the regulatory authority.
▪ The information could include, but not be limited to, organizational structure and functions, resources, economic status, functions, resources, economic status, management policies and practices, and regulatory framework.
The Reason Model was endorsed by ICAO as a guide to the investigation of organisational and management ICAO as a guide to the investigation of organisational and management factors.
Piper PA31-350 Chieftain VH-NDU,Young, NSW, 11 June 1993, the first
major BASI systemic investigation using the Reason Model as a guide
For almost every aviation accident or incident, the subsequent systemic investigation has shown that:
The main contributing factors were present before
it happened.it happened.
In most cases they were common knowledge, had
been reported, and formally documented.
In all cases, they could have, and should have,
been identified and rectified before the accident or
incident.
Systemic
Hardware
Training
Organisation
Communication
Incompatible Goals
Procedures
Total factors contributing to accidents
Systemic factors
Procedures
Maintenance
Design
Housekeeping
Safety culture
An important lesson for senior management:
▪ If all the organisational factors are of the highest quality, the company is far the highest quality, the company is far more resilient to cope with a set of events and circumstances, which could otherwise lead to a catastrophic outcome
Figure 13 – A new section of Taxiway N1 centreline marking added and Runway 05R threshold markings (piano keys) being removed soon after the accident
New section of
centreline along
Taxiway N1 was
painted after the
accident
▪ It became apparent from systemic safety ▪ It became apparent from systemic safety investigations that most, if not all, major accidents and serious incidents would probably have been prevented if the organizations involved had had in place fully effective, integrated, safety management systems.
ICAO Annex 6
From 1 January 2009, States shall require, as part of their safety programme, that an operator implements a safety management system acceptable to the State of the operator that, as a to the State of the operator that, as a minimum:
(a) identifies safety hazards;
(b) ensures that remedial action necessary to maintain an acceptable level of safety is implemented;
(c) provides for continuous
monitoring and regular assessment of the safety level achieved; andachieved; and
(d) aims to make continuous improvement to the overall level of safety.
A safety management system shall clearly define lines of safety accountability throughout the accountability throughout the operator’s organisation, including a direct accountability for safety on the part of senior management
A safety management system is a businesslike
approach to safety. It is a systematic, explicit and
comprehensive process for managing safety risks. As
with all management systems, a safety management
system provides for goal setting, planning, and
What is a Safety Management system?
system provides for goal setting, planning, and
measuring performance.
A safety management system is woven into the fabric
of an organisation. It becomes part of the culture, the
way people do their jobs.”
Transport Canada TP 13739 E (04/2001)
CAAS SMS requirements
1. Safety Policy2. Safety Accountability3. Safety Targets and Performance
IndicatorsIndicators4. Hazard and Risk Management5. SMS Training and Promotion6. SMS Documentation and Records7. SMS Audit8. Emergency Response Plan
• Safety policy
• Safety culture;
• Governance and Internal control arrangements;
• Management responsibilities, accountabilities and authorities;
• Regulatory compliance;
• Consultation;
• Internal communication;
• Risk management;
• Human factors;
• Procurement and contract management;
• General engineering and operational
Rail SMS Elements (RSRP)
• Document control arrangements and information management;
• Review of the safety management system;
• Safety performance measures;
• Safety audit arrangements;
•Corrective action
• Management of change;
• General engineering and operational systems safety requirements; and
• Process control;
• Asset management;
• Safety Interface coordination;
• Management of notifiable occurrences;
• Security management;
• Emergency management;
12 Elements of the ADF SMS
1. Genuine command commitment
2. A generative aviation safety culture
3. Safety organisation structure
4. Communication
5. Aviation safety policy5. Aviation safety policy
6. Training and education
7. Risk management
8. Hazard reporting and tracking
9. Investigation
10.Emergency response
11.Survey and audit
12.Aviation Safety Management System review
To be effective, safety management systems must be INTEGRATED.
All the components of the SMS must be integrated with each other.
The SMS must also be fully integrated into The SMS must also be fully integrated into the management processes of the organisation:
Operational.
Financial.
Human resource management.
However, even a fully integrated system will fail if the
design of the system itself is fundamentally flawed.
▪ To understand the internal integration of the ISMS, we can carry out a ‘link analysis’ of the ISMS components
▪ For each link, we ask the questions:“How will we link these components
together”?”“How will they communicate”?
Genuine command commitment
A generative safety culture
A defined safety
organisation structure
Training and education
Survey and audit
Risk management
Communication
Documented aviation
safety policy
Hazard identification, reporting
and tracking
Investigation
Emergency response
ASMS review.
Integrating the ISMS into the
business and operational business and operational
processes of the organisation
Company Board
Management & Direction
Sets Policy
Establishes Objectives &
Targets
Delivers the Business Plan
Finance Plan
Targets & Objectives
Budget
Accountabilities
QA/Safety Plan
Targets & Objectives
Budget
Line Management
Accountabilities
Financial Management System QA/Safety Management System
Source: Patrick Hudson and Cliff Edwards
Business processes: Financial Management and Safety Management systems
Business Case
or Safety CaseFinance Case
Allocates Resources
Raises and Approves BudgetsLevels of Authority
Procedures
AccountantsAudits
Checks and Balances
Audit
Findings
Balance
Sheets
Profit/Loss
Management of Both
Major Loss Generators
Makes Business Sense
Profit/Loss
Line Management
Authorities
Procedures
Audits
Compliance Monitoring
QA/Safety
Committee
Audit
Findings
Measure
Performance
Consider each of these key organisational areas:
Equipment
Training
CommunicationCommunication
Incompatible Goals (production versus safety)
Procedures
Maintenance Management
Design
Finance
ISMS
A positive, just, and fair, safety
culture is an essential dimension of
a successful SMS
Safety Culture
a successful SMS
It’s like the oil in an engine.
Without it, the ISMS will grind to a
halt.
Genuine command commitment
A generative safety culture
A defined safety
organisation structure
Training and education
Survey and audit
Risk management
Organisational cultureCommunication
Documented aviation
safety policy
Hazard identification, reporting
and tracking
Investigation
Emergency response
ASMS review.
Organisational culture
� The goal of the specific element� The key performance criteria required to
For each element of the SMS you need to
specify clearly:
� The key performance criteria required to achieve the goal
� The main safety benefits to the organisation, resulting from achievement of the goal
Safety ReportingSafety Reporting
Goal� All hazards, incidents, and
accidents are reported and accidents are reported and
processed in an open and
honest manner, in a just
and fair company culture.
Safety ReportingSafety Reporting
Key Performance Criteria� Reported hazards and safety occurrences are treated
in a just and fair manner, but deliberate violations
of rules and procedures are not tolerated.
� A system is available to enable personnel to submit
confidential reports on safety issues if they are
unwilling, for whatever reason, to report openly.
Safety ReportingSafety Reporting
Key Safety Benefits� Data from the safety information system provides the
empirical basis for data-driven decision making and risk-based safety management.
� Provides data for measuring safety performance, and � Provides data for measuring safety performance, and achieving continuous improvement.
� Facilitates a reporting culture in which personnel are willing to report their errors, identified hazards, and suggestions to enhance safety.
� Enables risks to be proactively managed, and creates the potential for a positive outcome from a negative event, when incidents or accidents do occur.
Integrating Aviation Safety Management
Systems, Quality Management Systems, and
Occupational Safety, Health and
Environment laws
The need for Integration :exampleASOR: A fuel tanker’s brakes fail and it hits an
aircraft, damaging the aircraft and the tanker.
As a result, jet fuel is spilled, and a ground staff
member falls and is injured.
We have:
An air safety occurrence with the damage to the aircraft
a maintenance issue with the tanker's brakes
a quality issue in determining the factors which
contributed to the brake failure,
an environmental incident with the fuel spill
a WHS safety incident with the ground staff member
falling, and sustaining injuries.
– This single incident spans multiple departments, including loading, maintenance, ground handling, and flight operations.flight operations.
– Yet, each uses a different reporting and investigation methodology to investigate and process the occurrence
If You Are An Employer Or Principal:You must, as far as reasonably practicable, protect the safety and health of your employees or workers working under your employees or workers working under your direct control and all who may be affected by their work. This includes:
conducting risk assessments to remove or
control risks to workers at the workplace
maintaining safe work facilities and
Workplace Safety and Health
Act requirements
maintaining safe work facilities and
arrangements for the workers at work
ensuring safety in machinery, equipment, plant, articles, substances and work processes at the workplace
developing and putting into practice control measures for dealing with emergencies
Workplace Safety and Health
Act requirements (cont.)
providing workers with adequate instruction, information, training and supervision.
CAAS SMS Requirements
1. Safety Policy2. Safety Accountability3. Safety Targets and Performance
IndicatorsIndicators4. Hazard and Risk Management5. SMS Training and Promotion6. SMS Documentation and Records7. SMS Audit8. Emergency Response Plan
SP
SA
ST&PI
H&RM
SMST&P
conducting risk assessments to remove or
control risks to workers at the workplace
maintaining safe work facilities and
Workplace Safety and Health
Act requirementsCAAS SMS
Elements
SMST&P
SMSD&R
SMSA
ERP
maintaining safe work facilities and
arrangements for the workers at work
ensuring safety in machinery, equipment, plant, articles, substances and work processes at the workplace
developing and putting into practice control measures for dealing with emergencies
Workplace Safety and Health
Act requirements (cont.)CAAS SMS
Elements
SP
SA
ST&PI
H&RM
SMST&P
providing workers with adequate instruction, information, training and supervision.
SMST&P
SMSD&R
SMSA
ERP
The Piasecki PA-97 Helistat
• Built under a US Navy contract for the US Forest Service
• Able to lift 26 tons
• Four helicopters interconnected, controlled by one pilot