FAA’s Safety Risk Management (SRM) Process and System Description Element
The Federal Aviation Administration’s (FAA) safety risk management (SRM) compliance requirement for System Description has one clear goal: establish the components of your operating environment’s systems, processes, procedures, and important safety elements.
Despite the fact that the goal is clear, system description is too often skimmed over in aviation SMS programs. This is a mistake.
Why is this element of SRM often skimmed over?
- The FAA's System Description language is unhelpfully vague;
- It is time consuming to outline the personnel, equipment, and facilities needed for sound safety operations;
- Establishing System Description is a high level, conceptual activity, and can often feel like shooting in the dark;
- There is limited guidance as to what FAA's definitions are – words are used differently in different contexts; and
- There are no specific related regulatory requirements, which amounts to limited guidance and less incentive to thoroughly complete this element of the Safety Risk Management Process.
Just consider the following questions:
- How do you know if your System Description is complete?
- Can you define what a System is?
- Can you describe the purpose of System Description, as instructed by the FAA?
These are not easy questions. Part of the problem is that this element needs to be left intentionally vague in order for different operators, such as airline SMS programs and airport SMS programs, to have flexibility in establishing their System Description. We will walk through and establish what you need to know in order to complete your System Description element as part of the FAA's system safety operation guidelines.
Important Language in FAA’s SRM System Description
The FAA’s SRM System Description element is basically asking you to create an outline of your safety management system in terms of what are the important:
- Interactions; and
- Systems (of hazards, more on this in next section).
The frustrating truth about the above points is the before mentioned vagueness. Understanding how to analyze and describe these points involves narrowing the language to terms that provide more guidance. Here is the important language that the FAA uses in their Advisory Circular, per the latest January 2015 release:
- Activities – what kinds of things will your company be doing to mitigate hazards (SRR. Section 5.53(b.3));
- Resources – what equipment, safety management system software, documents, etc. will your safety program be using to achieve safety goals in reference to hazard mitigation (SRR. Section 5.53(b.4));
- Safety – the FAA adopts ICAO’s definition of safety (2.1.1) as “state in which the possibility of harm to persons or of property damage is reduced…through a continuous process of hazard identification and safety risk management”;
- System – your overall safety management system;
- Systems – the hazard categories that comprise your aviation risk management program (SRR. Section 5.53(b.3));
- Flow chart/narrative – the system description process should all you to create a flow chart or descriptive picture of how your SMS program works;
- Function – this word as used by FAA is synonymous to mitigate hazards or successful mitigation strategy, e.g., “necessary for the system to function” is same as “necessary for system to mitigate hazards” (SRR. Section 5.53(b.1)); and
- Analysis – use a model, such as 5M or SHELL, to describe each hazard category.
The above language synonyms are important to keep in mind as you describe your system. They can help you keep from “getting stuck,” by keeping important elements of System Description less vague.
Goals, Objectives, and Definition of System Description
System Description is the first step in the SRM process. It leads directly into the FAA's SRM Hazard Identification element, where hazards will be identified in each of the systems (SRR. Section 5.53(a)). The FAA’s defines the objective of System Description as, “To gain an understanding of the components and elements of operational systems, processes, procedures, and the operational environment.”
Does that clarify things? It’s extremely vague, and seems to almost say “describe everything.” It certainly doesn’t help me understand specifically what the FAA wants. Let’s break it down and into terms that provide a much more specific understanding.
Using the language of the FAA, the primary goal of System description is to describe what resources and activities are needed to successfully mitigate hazards (i.e. “function”) in your operational environment. This goal may be accomplished by the following tasks:
- Choose an appropriate, industry accepted model (such as 5M or SHELL);
- Establish your Systems (the may be hazard categories in a proactive hazard analysis exercise); and
- Detail all important safety elements of each of chosen systems.
System Description from this perspective is very straightforward.
Though the FAA’s Advisory Circle doesn’t seem to indicate it, the steps and requirements for fulfilling System Description are simple and straightforward, though very time consuming. The outcome is the creation of an operational risk profile that can easily feed your hazard register.
What are Systems vs. System and Model in Your SMS Program?
Part of the frustration with the FAA’s SRM description is the interchangeable use of “System” and “Systems”. Your “System” in the singular simply means your safety management system:
- The whole collection of activities used to mitigate risk;
- All relevant hazards and risks;
- Your operational risk profile; and
- Your company.
Your System is simply the conglomeration of everything that makes up your risk management program.
“Systems” in the plural is a vague word, but it basically amounts to your specific area of operations, such as:
- flight operations,
- airport operations;
If you were building a classification schema to classify hazards, these would be your "level 1 hazard categories.” The assumption is that different risk mitigation strategies may be used in different Systems. To maintain a logical format, hazard categories:
- Should be broken up into logical parts, such as flight ops, ground ops, etc.; and
- Each "system" will be described using your chosen Model.
Your Model is the framework that you will use to analyze and describe each of your Systems. The two most common Models are:
- SHELL: describes systems using Software, Hardware, Environment, and Livewire components; and
- 5M: describes system using Man, Medium, Machine, Management, and Mission.
Both models are thorough, however the SHELL model may be superior for the purposes of System Description, though this is debatable.
Steps to Fulfill FAA’s SRM System Description Component
Fulfilling the FAA’s SRM System Description components has four straightforward, though time consuming, steps:
- Choose your model (5M or SHELL);
- Establish your Systems (i.e., main area of operations or level 1 hazard categories);
- For each system (hazard category), describe it using the components of your Model (i.e. livewire, hardware, etc.),
- In each Model component, list the relevant items needed to reduce hazards' risk to acceptable levels (e.g., list the resources/activities needed to mitigate livewire component of Flight Ops):
- policies, procedures
- types of training
- risk management strategies
- roles, equipment, facilities, etc.
- operating environment factors, such as weather, safety culture, human factors, etc.
- Document all information in aviation SMS software, an Operational Risk Profile Manual, or some other kind of documentation.
The outcome is that each of your systems has 4 (if SHELL) or 5 (if 5M) components, and each component lists the activities and resources that will be used to mitigate hazards in that hazard category.
If you've come this far, chances are this information was helpful. The good news is we have much more guidance to offer in this free ebook that offers FULL coverage what you need to know to comply with each element of the FAA's Safety Risk Management process: