- Got Questions?
- +1-316-444-1378
- +44-141-628-6690
- [email protected]
ICAOSMSModuleN2Basicsafetyconcepts2008-11E.pdf
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Revision N° 11 ICAO Safety Management Systems (SMS) Course 29/09/08
Module N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 2
Building an SMS
Module 1SMS course introduction
Module 2Basic safety
concepts
Module 3Introduction
to safety management
Module 4Hazards
Module 5Risks
Module 6SMS regulation
Module 7Introduction to SMS
Module 8SMS planning
Module 9SMS operation
Module 10Phased approach to SMS Implementation
SafetyManagementSystem
Module 2Basic safety
concepts
Safety
Module N° 2 ICAO Safety Management Systems (SMS) Course 3
Objective
At the end of this module, participants will be able to
explain the strengths and weaknesses of traditional
methods to manage safety, and describe new perspectives
and methods for managing safety.
Module N° 2 ICAO Safety Management Systems (SMS) Course 4
Outline
Concept of safetyThe evolution of safety thinkingA concept of accident causation – Reason modelThe organizational accidentPeople, context and safety – SHEL(L) modelErrors and violationsOrganizational cultureSafety investigationQuestions and answersPoints to rememberExercise Nº 02/01 – The Anytown City Airport accident (See Handout N° 1)
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 5
Concept of safety
What is safetyZero accidents (or serious incidents)?Freedom from danger or risks?Error avoidanceRegulatory compliance?… ?
Module N° 2 ICAO Safety Management Systems (SMS) Course 6
Concept of safety
Consider (the weaknesses in the notion of perfection)The elimination of accidents (and serious incidents) is unachievable. Failures will occur, in spite of the most accomplished prevention efforts.No human endeavour or human-made system can be free from risk and error. Controlled risk and controlled error is acceptable in an inherently safe system.
Module N° 2 ICAO Safety Management Systems (SMS) Course 7
Concept of safety (Doc 9859)
Safety is the state in which the risk of harm to persons or
property damage is reduced to, and maintained at or below,
an acceptable level through a continuing process of
hazard identification and risk management.
Module N° 2 ICAO Safety Management Systems (SMS) Course 8
SafetyTraditional approach – Preventing accidents
Focus on outcomes (causes)Unsafe acts by operational personnelAttach blame/punish for failures to “perform safely”Address identified safety concern exclusivelyIdentifies:
WHAT? WHO? WHEN?
WHY? HOW?
But not always discloses:
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 9
The evolution of safety thinking
HUMAN FACTORS
TODA
Y1950s 1970s 1990s 2000s
Module N° 2 ICAO Safety Management Systems (SMS) Course 10
Latent conditions trajectory
TechnologyTrainingRegulations
Defences
Errorsandviolations
People
A concept of accident causation
Accident
Working conditions
WorkplaceOrganization
Management decisions and
organizational processes
Source: James Reason
Module N° 2 ICAO Safety Management Systems (SMS) Course 11
The organizational accident
Organizational processes
Activities over which any organization has a reasonable degree of direct control
Policy-makingPlanningCommunication Allocation of resourcesSupervision…
Module N° 2 ICAO Safety Management Systems (SMS) Course 12
The organizational accident
Conditions present in the system before the accident, made evident by triggering factors.
Inadequate hazard identification and risk managementNormalization of deviance
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 13
The organizational accident
Resources to protect against the risks that organizations involved in production activities generate and must control.
Technology TrainingRegulations Defences
Organizational processes
Latentconditions
Module N° 2 ICAO Safety Management Systems (SMS) Course 14
The organizational accident
Factors that directly influence the efficiency of people in aviation workplaces.
Workforce stabilityQualifications and experienceMoraleCredibilityErgonomics…
Module N° 2 ICAO Safety Management Systems (SMS) Course 15
The organizational accident
Actions or inactions by people (pilots, controllers, maintenance engineers, aerodrome staff, etc.) that have an immediate adverse effect.
ErrorsViolations
Module N° 2 ICAO Safety Management Systems (SMS) Course 16
The organizational accident
Improve IdentifyMonitor
Cont
ain
Reinforce
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 17
People and safety
Aviation workplaces involve complex interrelationships among its many components. To understand operational performance, we must understand how it may be affected by the interrelationships among the various components of the aviation work places.
Module N° 2 ICAO Safety Management Systems (SMS) Course 18BB
AA
Understand Understand human performance human performance
within the within the operational context operational context where it takes placewhere it takes place
Module N° 2 ICAO Safety Management Systems (SMS) Course 19
Processes and outcomes
Causes andconsequences of operational errors are not linear in their magnitude
Module N° 2 ICAO Safety Management Systems (SMS) Course 20
The SHEL(L) model
SH L
E
LS
H L LE
SH L L
E
SoftwareHardwareEnvironmentLivewareLiveware, other persons
Understanding the relationship between people and operational contexts
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 21
Operational performance and technology
In production-intensive industries like contemporary aviation, technology is essential. As a result of the massive introduction of technology, the operational consequences of the interactions between people and technology are often overlooked, leading to human error.
Module N° 2 ICAO Safety Management Systems (SMS) Course 22
Understanding operational errors
Human error is considered contributing factor in most aviation occurrences. Even competent personnel commit errors. Errors must be accepted as a normal component of any system where humans and technology interact.
Module N° 2 ICAO Safety Management Systems (SMS) Course 23
Errors and safety – A non linear relationship
Statistically, millions of operational errors are made
before a major safety breakdown occurs
Module N° 2 ICAO Safety Management Systems (SMS) Course 24
Accident investigation – Once in a million flights
Flaps omittedFlaps omitted
Error
Checklist failure
Checklist failure
Deviation
Unheeded warning
Unheeded warning
AmplificationDegradation/breakdown
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 25
Safety management – On almost every flight
Flaps omittedFlaps omitted
Error
Checklist works
Checklist works
Deviation
Effective warning
Effective warning
AmplificationDegradation/breakdown
Module N° 2 ICAO Safety Management Systems (SMS) Course 26
Three strategies for the control of human error
Error reduction strategies intervene at the source of the error by reducing or eliminating the contributing factors.
Human-centred design Ergonomic factorsTraining…
Module N° 2 ICAO Safety Management Systems (SMS) Course 27
Error capturing strategies intervene once the error has already been made, capturing the error before it generates adverse consequences.
ChecklistsTask cardsFlight strips…
Three strategies for the control of human error
Module N° 2 ICAO Safety Management Systems (SMS) Course 28
Error tolerance strategies intervene to increase the ability of a system to accept errors without serious consequence.
System redundancies
Structural inspections
…
Three strategies for the control of human error
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 29
Understanding violations – Are we ready?
System output MaximumMinimum
Risk
High
Low
Technolo
gy
Training
Regulat
ions
Safety space
Viol
atio
n sp
ace
Exce
ptio
nal v
iola
tion
spac
e
IncidentAccident
System’s production objective(s)
Module N° 2 ICAO Safety Management Systems (SMS) Course 30
Culture
Culture binds people together as members of groups and
provides clues as to how to behave in both normal and
unusual situations.
Culture influences the values, beliefs and behaviours that
people share with other members of various social groups.
Module N° 2 ICAO Safety Management Systems (SMS) Course 31
National
Three cultures
Organizational
Professional
National
Module N° 2 ICAO Safety Management Systems (SMS) Course 32
Three distinct cultures
National culture encompasses the value system of particular nations.Organizational/corporate culture differentiates the values and behaviours of particular organizations (e.g. government vs. private organizations). Professional culture differentiates the values and behaviours of particular professional groups (e.g. pilots, air traffic controllers, maintenance engineers, aerodrome staff, etc.).No human endeavour is culture-free
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 33
Organizational/corporate culture
Sets the boundaries for acceptable behaviour in the workplace by establishing norms and limits. Provides a frame work for managerial and employee decision-making
“This is how we do things here, and how we talk about the way we do things here”.
Organizational/corporate culture shapes – among many others – safety reporting procedures and practices by operational personnel.
Module N° 2 ICAO Safety Management Systems (SMS) Course 34
Safety culture
A trendy notion with potential for misperceptions and misunderstandings
A construct, an abstractionIt is the consequence of a series of organizational processes (i.e., an outcome)
Safety culture is not an end in itself, but a means to achieve an essential safety management prerequisite:
Effective safety reporting
Module N° 2 ICAO Safety Management Systems (SMS) Course 35
Effective safety reporting – Five basic traitsInformation
People are knowledgeable about the human, technical and organizational factors that determine the safety of the system
as a whole.
FlexibilityPeople can adapt reporting
when facing unusual circumstances, shifting from the established mode to a direct mode thus allowing
information to quickly reach the appropriate decision-
making level.
Learning
People have the competence to draw conclusions from
safety information systems and the will to implement
major reforms.
Willingness
People are willing to report their errors and
experiences.
Accountability
People are encouraged (and rewarded) for providing essential safety-related information. However, there is a clear line that
differentiates between acceptable and unacceptable behaviour.
Effective safety reporting
Module N° 2 ICAO Safety Management Systems (SMS) Course 36
Three options
Organizations and the management of information
Pathological – Hide the information
Bureaucratic – Restrain the information
Generative – Value the information
Source: Ron Westrum
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 37
Three possible organizational cultures
Hidden
Shouted
Shirked
Discouraged
Covered up
CrushedConflicted
organization
Ignored
Tolerated
Boxed
Allowed
Merciful
Problematic“Red tape”
organization
Sought
Trained
Shared
Rewarded
Scrutinized
WelcomedReliable
organization
PathologicalPathological BureaucraticBureaucratic GenerativeGenerative
InformationInformation
MessengersMessengers
ResponsibilitiesResponsibilities
ReportsReports
FailuresFailures
New ideasNew ideasResulting Resulting organizationorganization
Source: Ron Westrum
Module N° 2 ICAO Safety Management Systems (SMS) Course 38
Safety investigation
For “funereal” purposesTo put losses behindTo reassert trust and faith in the systemTo resume normal activitiesTo fulfil political purposes
For improved system reliabilityTo learn about system vulnerabilityTo develop strategies for changeTo prioritize investment of resources
Module N° 2 ICAO Safety Management Systems (SMS) Course 39
Investigation
The facts An old generation four engine turboprop freighter flies into severe icing conditions. Engines 2 and 3 flameout as consequence of ice accretion, and seven minutes later engine 4 fails. The flight crew manages to re-start engine number 2. Electrical load shedding is not possible, and the electrical system reverts to battery power. …
Module N° 2 ICAO Safety Management Systems (SMS) Course 40
Investigation
… The facts While attempting to conduct an emergency landing, all electrical power is lost. All that is left to the flight crew is the self-powered standby gyro, a flashlight and the self-powered engine instruments. The flight crew is unable to maintain controlled flight, and the aircraft crashes out of control.
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 41
Investigation
FindingsCrew did not use the weather radar.Crew did not consult the emergency check-list.Demanding situation requiring decisive thinking and clear action.Conditions exceeded certification condition for the engines.Did not request diversion to a closer aerodrome….
Module N° 2 ICAO Safety Management Systems (SMS) Course 42
Investigation
… FindingsCrew did not use correct phraseology to declare emergency.Poor crew resource management (CRM).Mismanagement of aircraft systems.Emergency checklist – presentation and visual information.Flight operations internal quality assurance procedures.
Module N° 2 ICAO Safety Management Systems (SMS) Course 43
Investigation
CausesMultiple engine failuresIncomplete performance of emergency drillsCrew actions in securing and re-starting enginesDrag from unfeathered propellersWeight of icePoor CRMLack of contingency plansLoss of situational awareness
Module N° 2 ICAO Safety Management Systems (SMS) Course 44
Investigation
Safety recommendations
Authority should remind pilots to use correct
phraseology.
Authority should research into most effective form of
presentation of emergency reference material.
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 45
Investigation
The factsAn old generation two engine turboprop commuter aircraft engaged in a regular passenger transport operation is conducting a non-precision approach in marginal weather conditions in an uncontrolled, non-radar, remote airfield. The flight crew conducts a straight-in approach, not following the published approach procedure. …
Module N° 2 ICAO Safety Management Systems (SMS) Course 46
Investigation
… The facts
Upon reaching MDA, the flight crew does not acquire
visual references.
The flight crew abandons MDA without having acquired
visual references to pursue the landing.
The aircraft crashes into terrain short of the runway.
Module N° 2 ICAO Safety Management Systems (SMS) Course 47
Investigation
Findings
The crew made numerous mistakes.
ButCrew composition legal but unfavourable in view of demanding flight conditions.
According to company practice, pilot made a direct approach, which was against regulations.
…Module N° 2 ICAO Safety Management Systems (SMS) Course 48
Investigation
… ButThe company had consistently misinterpreted regulations. Level of safety was not commensurate with the requirements of a scheduled passenger operation.Aerodrome operator had neither the staff nor the resources to ensure regularity of operations.
…
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 49
Investigation
… But
Lack of standards for commuter operations.
Lack of supervision of air traffic facilities.
Authorities’ disregard of previous safety violations.
Legislation out of date.
…
Module N° 2 ICAO Safety Management Systems (SMS) Course 50
Investigation
… But
Conflicting goals within the authority.
Lack of resources within the authority.
Lack of aviation policy to support the authority.
Deficiencies in the training system.
Module N° 2 ICAO Safety Management Systems (SMS) Course 51
Investigation
Causes
Decision to continue approach below MDA without
visual contact.
Performance pressures.
Airline’s poor safety culture.
Module N° 2 ICAO Safety Management Systems (SMS) Course 52
Investigation
Safety recommendations“Tip-of-the-arrow” recommendations.
ButReview the process of granting AOC.Review the training system.Define an aviation policy which provides support to the task of the aviation administration. …
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 53
Investigation
… But
Reform aviation legislation.
Reinforce existing legislation as interim measure.
Improve both accident investigation and aircraft and
airways inspection processes.
Module N° 2 ICAO Safety Management Systems (SMS) Course 54
Errors …
… are like mosquitoes …
Module N° 2 ICAO Safety Management Systems (SMS) Course 55
To fight them …
… drain their breeding swamps…. drain their breeding swamps.Module N° 2 ICAO Safety Management Systems (SMS) Course 56
Questions and answersBasic safety concepts
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 57
Questions and answers
Q: How is safety defined in document 9859? A:
Safety is the state in which the risk of harm to persons or property damage is reduced to, and maintained at or below, an acceptable level through a continuing process of hazard identification and risk management.
Slide number: 7
Module N° 2 ICAO Safety Management Systems (SMS) Course 58
Questions and answers
Q: Enumerate the five building blocks of the organizational accident. A:
Slide number: 16
Module N° 2 ICAO Safety Management Systems (SMS) Course 59
Questions and answers
Q: Explain the components of the SHEL(L) Model. A:
Slide number: 20
SoftwareHardwareEnvironmentLivewareLiveware, other persons
S
H L LE
Module N° 2 ICAO Safety Management Systems (SMS) Course 60
Questions and answersQ: Enumerate three basic traits underlying effective safety reporting. A:
Slide number: 35
InformationPeople are knowledgeable about the human, technical and
organizational factors that determine the safety of the system as a whole.
FlexibilityPeople can adapt reporting
when facing unusual circumstances, shifting from the
established mode to a direct mode thus allowing information to quickly reach the appropriate
decision-making level .
Learning
People have the competence to draw conclusions from safety
information systems and the will to implement major reforms.
Willingness
People are willing to report their errors and
experiences.
Accountability
People are encouraged (and rewarded) for providing essential safety-related information. However, there is a clear line that differentiates
between acceptable and unacceptable behaviour.
Effective safety reporting
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 61
Questions and answers
Q: How can organizations be characterized, depending upon their management of safety information?
A:
Pathological – Hide the informationBureaucratic – Restrain the informationGenerative – Value the information
Slide number: 36
Module N° 2 ICAO Safety Management Systems (SMS) Course 62
Points to remember
1. The organizational accident.
2. Operational contexts and human performance
3. Errors and violations.
4. Organizational culture and effective safety reporting.
5. The management of safety information.
Module N° 2 ICAO Safety Management Systems (SMS) Course 63
Basic safety concepts
Exercise 02/01 – The Anytown City Airport accident (Handout Nº 1)
Module N° 2 ICAO Safety Management Systems (SMS) Course 64
The Anytown City Airport accident
In the late hours of a summer Friday evening, while landing on a runway heavily contaminated with water, a twin-engine jet transport aircraft with four crew members and 65 passengers on board overran the westerly end of the runway at Anytown City airport. The aircraft came to rest in the mud a short distance beyond the end of the runway. There were no injuries to crew or passengers, and there was no apparent damage to the aircraft as a consequence of the overrun. However, a fire started and subsequently destroyed the aircraft.
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Module N° 2 ICAO Safety Management Systems (SMS) Course 65
The Anytown City Airport accident
Group activity:A facilitator will be appointed, who will coordinate the discussion. A summary of the discussion will be written on flip charts, and a member of the group will brief on their findings in a plenary session.
Required task:Read the text related to the accident of the twin-engined jet transport at Anytown City Airport. …
Module N° 2 ICAO Safety Management Systems (SMS) Course 66
The Anytown City Airport accident
… required task:From the investigation report of the above accident, you should identify:
1. Organizational processes that influenced the operation and which felt under the responsibility of senior management (i.e. those accountable for the allocation of resources);
2. Latent conditions in the system safety which became precursors of active failures;
3. Defences which failed to perform due to weaknesses, inadequacies or plain absence; …
Module N° 2 ICAO Safety Management Systems (SMS) Course 67
The Anytown City Airport accident
… required task:
4. Workplace conditions, which may have influenced operational personnel actions; and
5. Active failures, including errors and violations
When you have concluded the above, your task is to complete the Table 02/01 – Analysis (Handout N° 1)classifying your findings in accordance with the organizational accident model.
Module N° 2 ICAO Safety Management Systems (SMS) Course 68
The organizational accident
ICAO Safety Management Systems (SMS) CourseModule N° 2 – Basic safety concepts
Revision N° 11 ICAO Safety Management Systems (SMS) Course 29/09/08
Module N° 2 – Basic safety concepts
