What Is Safety Risk Management Process
Your Safety Risk Management process is how you design your SMS.
First you design and document your SMS, and then update it as your SMS and/or environment changes.
Developing your SRM process, and in turn designing your SMS, happens largely in Phase 3 of aviation SMS Implementation.
Completing your SMS design is a major hurdle, as it is extensive and has many moving parts:
- Describing each of your systems;
- Documenting all system resources;
- Documenting, analyzing, and assessing each hazard;
- Performing hazard analysis; and
- Documenting important processes.
Completing all of these tasks can take anywhere from 1-3 years, but can vary significantly depending on several factors:
- Size of organization;
- Complexity of organization; and
- Amount of inherent risk in operations.
Bigger size, risk, and complexity will involve significantly much more work to implement your SRM process.
How to Identify Systems in Your Operations Systems
Systems are different, logical “entities” within your organization. Each system has:
- Its own set of procedures, tasks, etc.
- Its own set of requirements, roles, personnel; and
- Its own set of safety risk controls, identified hazards, and identified risks.
For example, Flight Ops and Ground Ops could be logical systems within your company. Defining these systems means recognizing them and documenting them.
How to Describe Your Systems and Safety Resources
Describing your systems involves the following:
- Thoroughly analyzing all safety aspects of a system, such as its purpose, location(s), etc.;
- Each risk control, including how it works to control risk;
- Regular or periodic practices you will use to mitigate safety concerns, such as inspections, audits, etc.
- Policies and procedures that affect safety for the system;
- Other practices you will use to mitigate risk, such as job checklists, issue management processes, etc.
- Goals and objectives related to the system;
- Relevant tools, software, hardware, machinery, and other technology you will use to mitigate risk; and
- Documenting high-level expectations for how the system will operate.
Describing systems in your aviation SMS, simply put, is documenting how each system attempts to mitigate safety.
How to Define Acceptable Level of Safety
The term Acceptable Level of Safety (ALoS) defines your minimum level of acceptable risk for a given safety issue, based on that issue’s risk assessment.
To define your ALoS, you need to:
- Define the criteria for each level of severity in your risk matrix; and
- Define the criteria for each level of likelihood in your risk matrix.
These criteria should be formally documented. Once you have defined these criteria, you can define what is and isn’t an ALoS based on risk assessments. ALoS should be documented as well.
How to Document All Identified Hazards
As you identify hazards during issue management, you need to be documenting these hazards in a list. Hazards should:
- Be organized by the System they are relevant to;
- Are useful if they are organized in a tree, with hazard categories and sub-categories; and
- Be a dangerous condition, per the definition of a hazard.
It’s extremely important to make sure that a documented hazard is actually a hazard, and not a root cause or potential risk occurrence.
How to Perform Risk Analysis on Hazards
Performing risk analysis on hazards involves:
- Looking at each hazard;
- Identifying each potential risk occurrence that the hazard can plausibly lead to if the hazard occurs;
- Documenting that risk occurrence;
- Analyzing the risk occurrence for how severe it would be, how likely it is to occur, and how well it is controlled with existing risk controls;
- Documenting your analysis;
- Performing a risk assessment on each risk occurrence; and
- Documenting that risk assessment.
This creates a thorough paper trail for auditors to review, and for yourself to update should the hazard or risks change over time.
How to Document Processes
There are a couple types of processes in aviation safety management systems:
- Process for updating SMS design;
- Critical processes for each system to function; and
- How responsible managers will review systems they are responsible for.
These processes entail that you:
- Assign a responsible manager to a system;
- Identify critical processes; and
- Identify how you will update your SMS design.
Critical processes are processes that a system needs to function safely. For example, a Security Ops critical process might be the process for hiring security officers, or the process for checking passenger baggage.
Final Thought: Where to Document Your SMS
Ideally, your SMS will be documented in:
- One, convenient location that can easily be accessed;
- A physical manual; or
- A software or web-based manual.
It is best to design your SMS from the top down, such as close to the order we have listed each section.
Published August 2018. Last updated October 2019.