FAA’s Safety Risk Management (SRM) Process and System Description Element
The Federal Aviation Administration’s (FAA) safety risk management (SRM) compliance requirement for System Description has one clear goal: establish the components of your operating environment’s
- procedures, and
- important safety elements.
Despite the fact that the goal is clear, system description is too often skimmed over by safety teams during their initial implementation phase of their aviation safety management systems (SMS). This is a mistake.
Why is this element of SRM often skimmed over?
- The FAA's System Description language is unhelpfully vague;
- It is time consuming to outline the personnel, equipment, and facilities needed for sound safety operations;
- Establishing System Description is a high level, conceptual activity, and can often feel like shooting in the dark;
- There is limited guidance as to what FAA's definitions are – words are used differently in different contexts; and
- There are no specific related regulatory requirements, which amounts to limited guidance and less incentive to thoroughly complete this element of the Safety Risk Management Process.
When is the System Description "Good Enough?"
Just consider the following questions:
- How do you know if your System Description is complete?
- Can you define what a System is?
- How much detail should be included about nested systems or sub-systems?
- Can you describe the purpose of System Description, as instructed by the FAA?
These are not easy questions. Part of the problem is that this element needs to be left intentionally vague in order for different service providers operating in different aviation industry segments, such as
- aviation maintenance organizations;
- air traffic control, etc.
Considering the breadth of the aviation industry as well as the size and complexity of these various operators, the operators required to implement formal SMS need to have flexibility in establishing their System Description. We will walk through and establish what you need to know in order to complete your System Description element as part of the FAA's system safety operation guidelines.
Related Articles on Aviation Safety Risk Management (SRM)
- 4 Elements of Safety Risk Management (SRM)
- How to implement SRM Process in Aviation SMS [With Free Checklist]
- Most Important Activities in Safety Risk Management (SRM)
Important Language in FAA’s SRM System Description
The FAA’s SRM System Description element is basically asking you to create an outline of your safety management system in terms of what are the important:
- Interactions; and
- Systems (of hazards, more on this in next section).
The frustrating truth about the above points is the before mentioned vagueness. Understanding how to analyze and describe these points involves narrowing the language to terms that provide more guidance. Here is the important language that the FAA uses in their Advisory Circular, per the latest January 2015 release:
- Activities – what kinds of things will your company be doing to mitigate hazards (SRR. Section 5.53(b.3));
- Resources – what equipment, safety management system software, documents, etc. will your safety program be using to achieve safety goals in reference to hazard mitigation (SRR. Section 5.53(b.4));
- Safety – the FAA adopts ICAO’s definition of safety (2.1.1) as “state in which the possibility of harm to persons or of property damage is reduced…through a continuous process of hazard identification and safety risk management”;
- System – your overall safety management system;
- Systems – the hazard categories that comprise your aviation risk management program (SRR. Section 5.53(b.3));
- Flow chart/narrative – the system description process should all you to create a flow chart or descriptive picture of how your aviation SMS works;
- Function – this word as used by FAA is synonymous to mitigate hazards or successful mitigation strategy, e.g., “necessary for the system to function” is same as “necessary for system to mitigate hazards” (SRR. Section 5.53(b.1)); and
- Analysis – use a model, such as 5M or SHELL, to describe each hazard category.
The above language synonyms are important to keep in mind as you describe your system. They can help you keep from “getting stuck,” by keeping important elements of System Description less vague.
Goals, Objectives, and Definition of System Description
System Description is the first step in the SRM process. It leads directly into the FAA's SRM Hazard Identification element, where hazards will be identified in each of the identified systems (SRR. Section 5.53(a)). The FAA’s defines the objective of System Description as, “To gain an understanding of the components and elements of operational systems, processes, procedures, and the operational environment.”
Does that clarify things? It’s extremely vague, and seems to almost say “describe everything.” It certainly doesn’t help me understand specifically what the FAA wants. Let’s break it down and into terms that provide a much more specific understanding.
How to Understand Requirements of SRM System Description
Using the language of the FAA, the primary goal of System description is to describe what resources and activities are needed to successfully mitigate hazards (i.e. “function”) in your operational environment. This goal may be accomplished by the following tasks:
- Choose an appropriate, industry accepted model (such as 5M or SHELL);
- Establish your Systems (they may be hazard categories in a proactive hazard analysis exercise); and
- Detail all important safety elements of each of chosen systems.
System Description from this perspective is very straightforward.
Though the FAA’s Advisory Circle doesn’t seem to indicate it, the steps and requirements for fulfilling System Description are simple and straightforward, though very time consuming. The outcome is the creation of an operational risk profile that can easily feed your hazard register. This becomes a very important point when safety teams begin to list and document hazards that affect operations.
The system description becomes an incredibly important first step in the proactive hazard identification process. Why? As you start your system description, hazards will naturally surface from the exercise of documenting the systems. While safety teams are considering the systems that they must describe, this process of describing the system will serve as an inspiration for getting started with your hazard list, which will subsequently populate the hazard register.
In short: The process of System Description facilitates preliminary proactive hazard identification activities. The act of writing will cause managers to become inspired and hopefully, the activity will jog the memory and cause the "ah-ha" moment and say, yes, that is a hazard we need to document.
Related Hazard Identification Articles
- What Is Hazard Identification in Aviation SMS
- 4 Tips to Approach Hazard Identification in Aviation SMS
- What Is Proactive Hazard Identification and Risk Management in Aviation SMS
What are Systems vs. System and Model in Your SMS Program?
Part of the frustration with the FAA’s SRM description is the interchangeable use of “System” and “Systems”. Your “System” in the singular simply means your safety management system:
- The whole collection of activities used to mitigate risk;
- All relevant hazards and risks;
- Your operational risk profile; and
- Your company.
Your System is simply the conglomeration of everything that makes up your operational "safety program," including the risk management processes.
“Systems” in the plural is a vague word, but it basically amounts to your specific area of operations, such as:
- flight operations,
- airport operations;
If you were building a classification schema to classify hazards, these would be your "level 1 hazard categories.” The assumption is that different risk mitigation strategies may be used in different Systems. To maintain a logical format, hazard categories:
- Should be broken up into logical parts, such as flight ops, ground ops, etc.; and
- Each "system" will be described using your chosen Model.
Your Model is the framework that you will use to analyze and describe each of your Systems. The two most common Models are:
- SHELL: describes systems using Software, Hardware, Environment, and Livewire components; and
- 5M: describes system using Man, Medium, Machine, Management, and Mission.
Both models are thorough, however the SHELL model may be superior for the purposes of System Description, though this is debatable.
Steps to Fulfill FAA’s SRM System Description Component
Fulfilling the FAA’s SRM System Description components has four straightforward, though time consuming, steps:
- Choose your model (5M or SHELL);
- Establish your Systems (i.e., main area of operations or level 1 hazard categories);
- For each system (hazard category), describe it using the components of your Model (i.e. livewire, hardware, etc.),
- In each Model component, list the relevant items needed to reduce hazards' risk to acceptable levels (e.g., list the resources/activities needed to mitigate livewire component of Flight Ops):
- policies, procedures
- types of training
- risk management strategies
- roles, equipment, facilities, etc.
- operating environment factors, such as weather, safety culture, human factors, etc.
- Document all information in aviation SMS software, an Operational Risk Profile Manual, or some other kind of documentation.
The outcome is that each of your systems has 4 (if SHELL) or 5 (if 5M) components, and each component lists the activities and resources that will be used to mitigate hazards in that hazard category.
Related Hazard Identification Articles
- How to Identify Hazards in Aviation SMS
- How to Be Compliant with ICAO Hazard Identification
- From Reactive to Proactive Hazard Identification in Aviation SMS
Final Thoughts on System Description and Documenting Hazards
In the previous section, I mentioned that you should document the system description and related identified hazards in aviation SMS software or another tool. If you are still documenting hazards in a spreadsheet, this is not a best practice.
Hazards listed in a spreadsheet are very difficult to track and associate to safety reports treated in your risk management processes. A better approach is to have an integrated hazard register that allows managers to easily associate identified hazards with:
- reported safety issues; and
- audit findings.
Why is this important? If you wish to benefit from proactive and predictive risk management activities, you will want your safety data organized. System descriptions with the relevant hazards sitting in a spreadsheet will offer very little value to mature SMS implementations. You may get away with this in the early SMS implementation phases, but when it comes time to demonstrate continuous improvement, or to engage in predictive risk management activities, you will realize that your SMS data management strategy is severely lacking.
A better approach is to either develop an SMS database that has your hazards integrated into the system, or to adopt a low-cost, commercially available SMS database. For smaller companies, this is a "no-brainer." Larger operators may already have quality management systems in place that can be extended to include their hazard register. If you need any assistance in this area, I can think of an SMS database that provides a complete, soup-to-nuts solution. It is called SMS Pro.
If you've come this far, chances are this information was helpful. The good news is we have much more guidance to offer in this free ebook that offers FULL coverage what you need to know to comply with each element of the FAA's Safety Risk Management process:
Published March 2017. Last updated August 2019.