Integrated Safety Management Systems –lessons from the Aviation Industry

Rob Lee, PhD

NAVY ARMY AIR

FORCE

There is no such thing as an

accident. What we call by that

name is the effect of some

cause which we do not see- Voltaire

Australasian University Safety Association Conference, 2011

For every complex problem, there is invariably

a simple solution, which is almost always wrong

H.L Mencken

‘If you don’t know where you are going,

chances are you might wind up someplace else’

Yogi Berra

Safety management is not rocket science… the

challenge of rocket science pales in comparison to the

complexities of safety management.

- James Reason, 2005

Rob Lee, PhD

Some history...

The A380 was not the first French double deck airliner; it was

the Breguet “Deux Ponts”, of the 1950’s

Airbus A380 – in service from November 2007, SIA

Global Accident Rate: as at end Q3 2009Western-built Jet Hull Losses per Million Sectors

1.00

1.20

IATA Member Rate

Industry Rate

0.00

0.20

0.40

0.60

0.80

2000 2001 2002 2003 2004 2005 2006 2007 2008 30-Sep-09

However, as an industry, aviation is not particularly safe…

4.9 5.2 5.3

9.7

6

8

10

12Lost Workday Cases per 100 Employees*

* U.S. Bureau of Labor Statistics, 2001 Data

4.7 4.9 5.2 5.3

32.6

2.31.90.3

0

2

4

6

DuPont

Chemicals

Mining

Repair Services

Pulp & Paper

Transportatio

n Equip.

Primary M

etal Industri

es

Food & K

indred Prod.

Lumber & W

ood Products

Transportatio

n by Air

IndustryAverage (2.6)

Airbus’ 3D A380 simulator

Detail

A380 interior

Different high technology industries...

The same common factors...

People…

...and Technology

Different technologies…

…the same human factors

To achieve significant and sustainable improvement in safety, every accident and incident, must be considered as a failure of the system

The Systems Safety Philosophy

...and not simply as the failure of a ...and not simply as the failure of a

person, or people

...even though human errors or

violations will almost certainly be

involved in the occurrence

The Reason Model of Systems Safety

▪ Was originally developed in the 1980s by Professor James Reason, Department of Psychology, University of Manchester

Chernobyl, April 25-26, 1986

Herald of Free Enterprise, capsized off Zeebrugge, Belgium, 6 March 1987

Space shuttle, Challenger, 28 Jan,1986

Kings Cross Underground Fire, 18 November, 1987

Tenerife, 27 March, 1977, two B747s collide on the runway

The Piper Alpha disaster, 6 July, 1988

The safety policy and

procedures were in place:

the practice was deficient

- Lord Cullen

BP Texas City, March, 2005

BP Gulf of Mexico, April, 2010

DEFENCES

BARRIERS

ACCIDENTS

&

SERIOUS

WORKPLACElocal conditions

ERROR-

PRODUCING

CONDITIONS

ORGANISATION

organisational

Deficiencies:

latent conditions

MANAGEMENTDECISIONS

VIOLATIONS

ERRORS

Safety information feedback loops: outer ; inner

PERSON

group/team

OPERATIONS

LATENT DEFICIENCIES IN DEFENCES(HOLES IN THE DEFENCES - SWISS CHEESE MODEL)

The Reason Model of Systems Safety

SERIOUS

INCIDENTSVIOLATION-

PRODUCING

CONDITIONS

DECISIONSAND

ORGANISATIONALPROCESSES

TASKING

Limited coping resources can get nibbled away

Accumulat ion of minor event s. Not so much

holes as st eady at t r it ion

(Reason, 2000)

TECHNICAL

FAILURES

The Reason Model: defences, controls, barriers…

Preventive controls Recovery controls

AccidentPotential accident Accident

Incident

accident

No IncidentWhat is the most

important information for

safety management?

The primary contributing factors in all accidents and incidents, in every high technology industry, are high technology industry, are human factors, at both the individual and organisational levels.

Human factors

The physical hazards of aviation operations are well known.

However, it is human factors which constitute the greatest area of risk.constitute the greatest area of risk.

Consequently, a basic knowledge and understanding of human factors must be integrated into the business processes of the organisation

… from the very top of the company

What is meant by the term

‘Human Factors’?

Human Factors

Human factors refers to the study of humans as components of complex systems made up of people and systems made up of people and technology.

These are often called ‘sociotechnical’ systems.

Human FactorsHuman factors is concerned with understanding the performance capabilities and limitations of the individual person.individual person.

As well as the collective role of all the people in the system which contribute to its output.

Which therefore includes factors such as organisational culture.

In sporting terms, human factors is concerned with the performance of the individual player...

…and of the team as a whole.

In aviation terms, human factors is concerned with the performance of the individual ‘player’…

…and of the team as a whole.

People are not autonomous. They are components of systems made up of people and technology

selectionequipment

design

Individual behaviourprocedures

trainingworking

conditions

culture

Systemic factorsSource: Brent Hayward

▪ People...

• operate

• maintain

• design

• manage• manage

• regulate

• build

• finance

... the systems within these industries

The negative dimension:

The human factors contribution to accidents

and incidents is close to 100%

The human contribution to system safety:

and incidents is close to 100%

The positive dimension

Operational experience and accident/incident

investigation shows that humans play the

primary role in maintaining and enhancing

safety

The systemic approach to air safety investigation

- adopted by ICAO as a Standard in 1994

Annex 13 to the Convention on

International Civil Aviation

Aircraft Accident and Incident Investigation

Para 1.17 Organizational and management information.

Pertinent information concerning the organizations and

their management involved in influencing the operation of

the aircraft.

The organizations include, for example, the operator; the

air traffic services, airway, aerodrome and weather service

agencies; and the regulatory authority.

▪ The information could include, but not be limited to, organizational structure and functions, resources, economic status, functions, resources, economic status, management policies and practices, and regulatory framework.

The Reason Model was endorsed by ICAO as a guide to the investigation of organisational and management ICAO as a guide to the investigation of organisational and management factors.

Piper PA31-350 Chieftain VH-NDU,Young, NSW, 11 June 1993, the first

major BASI systemic investigation using the Reason Model as a guide

For almost every aviation accident or incident, the subsequent systemic investigation has shown that:

The main contributing factors were present before

it happened.it happened.

In most cases they were common knowledge, had

been reported, and formally documented.

In all cases, they could have, and should have,

been identified and rectified before the accident or

incident.

Systemic

Hardware

Training

Organisation

Communication

Incompatible Goals

Procedures

Total factors contributing to accidents

Systemic factors

Procedures

Maintenance

Design

Housekeeping

Safety culture

An important lesson for senior management:

▪ If all the organisational factors are of the highest quality, the company is far the highest quality, the company is far more resilient to cope with a set of events and circumstances, which could otherwise lead to a catastrophic outcome

Example...

No. 3 Engine landed near pax terminalNo. 3 Engine landed near pax terminal

Figure 13 – A new section of Taxiway N1 centreline marking added and Runway 05R threshold markings (piano keys) being removed soon after the accident

New section of

centreline along

Taxiway N1 was

painted after the

accident

▪ It became apparent from systemic safety ▪ It became apparent from systemic safety investigations that most, if not all, major accidents and serious incidents would probably have been prevented if the organizations involved had had in place fully effective, integrated, safety management systems.

ICAO Annex 6

From 1 January 2009, States shall require, as part of their safety programme, that an operator implements a safety management system acceptable to the State of the operator that, as a to the State of the operator that, as a minimum:

(a) identifies safety hazards;

(b) ensures that remedial action necessary to maintain an acceptable level of safety is implemented;

(c) provides for continuous

monitoring and regular assessment of the safety level achieved; andachieved; and

(d) aims to make continuous improvement to the overall level of safety.

A safety management system shall clearly define lines of safety accountability throughout the accountability throughout the operator’s organisation, including a direct accountability for safety on the part of senior management

A safety management system is a businesslike

approach to safety. It is a systematic, explicit and

comprehensive process for managing safety risks. As

with all management systems, a safety management

system provides for goal setting, planning, and

What is a Safety Management system?

system provides for goal setting, planning, and

measuring performance.

A safety management system is woven into the fabric

of an organisation. It becomes part of the culture, the

way people do their jobs.”

Transport Canada TP 13739 E (04/2001)

CAAS SMS requirements

1. Safety Policy2. Safety Accountability3. Safety Targets and Performance

IndicatorsIndicators4. Hazard and Risk Management5. SMS Training and Promotion6. SMS Documentation and Records7. SMS Audit8. Emergency Response Plan

• Safety policy

• Safety culture;

• Governance and Internal control arrangements;

• Management responsibilities, accountabilities and authorities;

• Regulatory compliance;

• Consultation;

• Internal communication;

• Risk management;

• Human factors;

• Procurement and contract management;

• General engineering and operational

Rail SMS Elements (RSRP)

• Document control arrangements and information management;

• Review of the safety management system;

• Safety performance measures;

• Safety audit arrangements;

•Corrective action

• Management of change;

• General engineering and operational systems safety requirements; and

• Process control;

• Asset management;

• Safety Interface coordination;

• Management of notifiable occurrences;

• Security management;

• Emergency management;

12 Elements of the ADF SMS

1. Genuine command commitment

2. A generative aviation safety culture

3. Safety organisation structure

4. Communication

5. Aviation safety policy5. Aviation safety policy

6. Training and education

7. Risk management

8. Hazard reporting and tracking

9. Investigation

10.Emergency response

11.Survey and audit

12.Aviation Safety Management System review

Integrating the SMS:the greatest challenge

To be effective, safety management systems must be INTEGRATED.

All the components of the SMS must be integrated with each other.

The SMS must also be fully integrated into The SMS must also be fully integrated into the management processes of the organisation:

Operational.

Financial.

Human resource management.

Consider an engine. All the necessary components may be present...

But, until they are assembled, you do not have a functioning engine

However, even a fully integrated system will fail if the

design of the system itself is fundamentally flawed.

Integration

Disintegration

▪ To understand the internal integration of the ISMS, we can carry out a ‘link analysis’ of the ISMS components

▪ For each link, we ask the questions:“How will we link these components

together”?”“How will they communicate”?

Genuine command commitment

A generative safety culture

A defined safety

organisation structure

Training and education

Survey and audit

Risk management

Communication

Documented aviation

safety policy

Hazard identification, reporting

and tracking

Investigation

Emergency response

ASMS review.

Integrating the ISMS into the

business and operational business and operational

processes of the organisation

Company Board

Management & Direction

Sets Policy

Establishes Objectives &

Targets

Delivers the Business Plan

Finance Plan

Targets & Objectives

Budget

Accountabilities

QA/Safety Plan

Targets & Objectives

Budget

Line Management

Accountabilities

Financial Management System QA/Safety Management System

Source: Patrick Hudson and Cliff Edwards

Business processes: Financial Management and Safety Management systems

Business Case

or Safety CaseFinance Case

Allocates Resources

Raises and Approves BudgetsLevels of Authority

Procedures

AccountantsAudits

Checks and Balances

Audit

Findings

Balance

Sheets

Profit/Loss

Management of Both

Major Loss Generators

Makes Business Sense

Profit/Loss

Line Management

Authorities

Procedures

Audits

Compliance Monitoring

QA/Safety

Committee

Audit

Findings

Measure

Performance

Consider each of these key organisational areas:

Equipment

Training

CommunicationCommunication

Incompatible Goals (production versus safety)

Procedures

Maintenance Management

Design

Finance

ISMS

A positive, just, and fair, safety

culture is an essential dimension of

a successful SMS

Safety Culture

a successful SMS

It’s like the oil in an engine.

Without it, the ISMS will grind to a

halt.

Genuine command commitment

A generative safety culture

A defined safety

organisation structure

Training and education

Survey and audit

Risk management

Organisational cultureCommunication

Documented aviation

safety policy

Hazard identification, reporting

and tracking

Investigation

Emergency response

ASMS review.

Organisational culture

� The goal of the specific element� The key performance criteria required to

For each element of the SMS you need to

specify clearly:

� The key performance criteria required to achieve the goal

� The main safety benefits to the organisation, resulting from achievement of the goal

Safety ReportingSafety Reporting

Goal� All hazards, incidents, and

accidents are reported and accidents are reported and

processed in an open and

honest manner, in a just

and fair company culture.

Safety ReportingSafety Reporting

Key Performance Criteria� Reported hazards and safety occurrences are treated

in a just and fair manner, but deliberate violations

of rules and procedures are not tolerated.

� A system is available to enable personnel to submit

confidential reports on safety issues if they are

unwilling, for whatever reason, to report openly.

Safety ReportingSafety Reporting

Key Safety Benefits� Data from the safety information system provides the

empirical basis for data-driven decision making and risk-based safety management.

� Provides data for measuring safety performance, and � Provides data for measuring safety performance, and achieving continuous improvement.

� Facilitates a reporting culture in which personnel are willing to report their errors, identified hazards, and suggestions to enhance safety.

� Enables risks to be proactively managed, and creates the potential for a positive outcome from a negative event, when incidents or accidents do occur.

I commend CFF to you.

Recent examples of Rail safety management

initiatives

Integrating Aviation Safety Management

Systems, Quality Management Systems, and

Occupational Safety, Health and

Environment laws

The need for Integration :exampleASOR: A fuel tanker’s brakes fail and it hits an

aircraft, damaging the aircraft and the tanker.

As a result, jet fuel is spilled, and a ground staff

member falls and is injured.

We have:

An air safety occurrence with the damage to the aircraft

a maintenance issue with the tanker's brakes

a quality issue in determining the factors which

contributed to the brake failure,

an environmental incident with the fuel spill

a WHS safety incident with the ground staff member

falling, and sustaining injuries.

– This single incident spans multiple departments, including loading, maintenance, ground handling, and flight operations.flight operations.

– Yet, each uses a different reporting and investigation methodology to investigate and process the occurrence

If You Are An Employer Or Principal:You must, as far as reasonably practicable, protect the safety and health of your employees or workers working under your employees or workers working under your direct control and all who may be affected by their work. This includes:

conducting risk assessments to remove or

control risks to workers at the workplace

maintaining safe work facilities and

Workplace Safety and Health

Act requirements

maintaining safe work facilities and

arrangements for the workers at work

ensuring safety in machinery, equipment, plant, articles, substances and work processes at the workplace

developing and putting into practice control measures for dealing with emergencies

Workplace Safety and Health

Act requirements (cont.)

providing workers with adequate instruction, information, training and supervision.

CAAS SMS Requirements

1. Safety Policy2. Safety Accountability3. Safety Targets and Performance

IndicatorsIndicators4. Hazard and Risk Management5. SMS Training and Promotion6. SMS Documentation and Records7. SMS Audit8. Emergency Response Plan

SP

SA

ST&PI

H&RM

SMST&P

conducting risk assessments to remove or

control risks to workers at the workplace

maintaining safe work facilities and

Workplace Safety and Health

Act requirementsCAAS SMS

Elements

SMST&P

SMSD&R

SMSA

ERP

maintaining safe work facilities and

arrangements for the workers at work

ensuring safety in machinery, equipment, plant, articles, substances and work processes at the workplace

developing and putting into practice control measures for dealing with emergencies

Workplace Safety and Health

Act requirements (cont.)CAAS SMS

Elements

SP

SA

ST&PI

H&RM

SMST&P

providing workers with adequate instruction, information, training and supervision.

SMST&P

SMSD&R

SMSA

ERP

The Piasecki PA-97 Helistat

• Built under a US Navy contract for the US Forest Service

• Able to lift 26 tons

• Four helicopters interconnected, controlled by one pilot

Thank you

Robert Lee and Sue Burdekin Pty Ltd