SMS Pro Aviation Safety Software Blog 4 Airlines & Airports

Transparency and Aviation Safety Data Security - User Roles SetUp

Posted by Tyler Britton on Jan 25, 2016 6:00:00 AM

Transparency Is a Philosophical Question

How Security Roles and Access Affect Transparency for best aviation safety data security

As I have written before concerning transparency and Just Culture, a high level of transparency in aviation SMS programs is critical for creating:

I think most, if not all, aviation safety managers would agree with me on this. Aviation safety data security is commonly under control of an SMS administrator, who may also be the director of safety. These managers are safety professional and not data security professionals.

This is probably why safety managers have so many questions about how to set up users in their aviation safety management system (SMS) database program. For starters, they may be managing users' safety roles and permissions in different parts of their aviation safety database program. For example, one SMS software program may use:

  • Individual User Security Roles; and
  • Custom User-Access Roles.

The million dollar question is: "what is the best practice for organizing access to safety information?"

Data Access Goes Beyond a Single Aviation Safety Software Solution

While this seems like a more practical, "how-to-use-the-software" question, it’s actually more a philosophical question:

  • How transparent should my organization be?

But what exactly do we mean when we talk about transparency?

Watch 3 Risk Management Solution Demo Videos

Definition of Transparency in Aviation Safety Cultures

It all comes down to information and what people (are allowed to) know. Transparent safety cultures are cultures that:

  • Give high latitudes of relevant access to all employees – even with fairly sensitive safety information
  • Do not restrict relevant information except in rare cases
  • Employees have access to managerial safety issues that may affect them

The catchword here is relevant. Transparency does not mean everyone has access to all information – it means that if a piece of information affects an employee, he/she has a means of being aware of it. Period.

Of course, there are certain practical considerations here, such as issues that require investigation, etc. With that in mind, what are some best practices for User Roles/Security set up to maintain data security in aviation SMS programs? Some of the roles described herein relate to SMS Pro's aviation SMS solution. Your software may have something similar.

Security Roles Setup

The first thing that should be done is to, initially, try and set up your security roles for different users as they function in real life. Before assigning any roles, consider and perhaps even map out an org chart of your company with a brief description of what each management personnel is responsible for. Organizational charts are useful for visualizing the layout and workflow of safety information within an organization. Here is a good resource to create an org chart for your aviation safety program.

For example, your org chart may lead you to have:

  • 1 Admin user who controls the portal
  • Safety Manager(s) of the organization who is in charge of overseeing safety issues of a division

Note that one Safety Manager may also have the Admin role if he/she is in charge of maintaining the portal.

  • SMS Department Heads should be assigned to each designated department head of the organization who will be managing safety issues within their department
  • An executive who is typically in charge of operations, such as a CEO

Can also assign SMSExecutive roles depending on organization’s set up, such as the head of HR, CEO, and CFO, as may all likely have vested interests in the SMS program.

In this case, as well, an executive may be given a department head role if he/she performs such in real life.

We can consider SMS users as being best suited for general employees.

Custom User Roles in Aviation SMS Programs

Some aviation safety software programs allow custom roles. Custom user roles are designed to control what issues users can/can not see. Again, setting this up properly entails that you have a solid stance on what transparency means for your organization, as well as some common sense. What follows is an example of how one program handles data security. Other programs may do something similar but in a different fashion.

For SMS Pro, the first thing to note is that if the SMS users role has “View All Divisions” checked, every user will be able to see all divisions because every user has the SMS users role by default once they are trained and inducted into the system.

Integrated Aviation Safety Quality Solutions require well thought out aviation safety data security protocols

The ability of users to access information from different divisions is of primary concern to how much transparency an organization has.

It involves questions like:

  • Do you want general SMS users to only be able to see issues that they have submitted (no "View" checks), only in their own division, or all divisions?
  • Do you want safety managers/department heads to be notified of reported issues from other divisions?
  • Do you want safety managers or department heads to be able to view issues from other divisions?
  • Should SMS users be notified whenever an issue is reported in their division?
  • Whom do you want to be notified on high-risk issues?
  • Should anyone else but the SMS admin user be able to delete issues?

Your answers to these questions will determine how transparent (and liberal) your organization is.

Obviously, a balance between what is practical/ideal is the perfect setup. Some things, such as SMS users receiving notification of reported issue from all divisions, are both unwise and impractical. Other things, such as only letting SMS users view their own issues (no checks on “View” column) clearly subscribes to a lower level of transparency, but may be prudent.

Deciding the proper set up will take:

  • Some serious consideration
  • A hard look at how information is currently distributed in practice

Every check (or lack of check) should be carefully considered. A good rule of thumb for this question is to work from the highest level of access (SMS admin) to the lowest (SMS users).

Final Thought

Remember that designing security access of roles follows a pretty linear process:

  1. Give security roles to users that best mimics real life responsibility
  2. Consider organization’s stance on transparency at all levels of
  3. Assign levels of access in User Roles Setup
  4. Modify security roles and user roles if needed

Also, remember that granting access down the road will look a lot better than restricting access later on, so perhaps a conservative approach to start is a good idea.


To see an aviation SMS software solution and its benefits in action, you may be interested in these demo videos.

Watch SMS Demo Videos

Topics: Aviation SMS Database

Site content provided by Northwest Data Solutions is meant for informational purposes only. Opinions presented here are not provided by any civil aviation authority or standards body.

 

 

What is the FAA Part 5 Automation Tool?

Part 5 Automation Tool Logo

Request Live Demo

Live Demo Part 5 Automation Tool

Best Practices for SMS Programs

 

Watch SMS Pro Demo Videos

These two on-demand videos offer:

  • High-level overview of SMS Pro;
  • Hazard Reporting & Risk Management walk-through.
Watch SMS Demo Videos
 
 
 
 

Subscribe to Email Updates

Recent Posts