What Is Safety Assurance for FAA
Safety Assurance is designed to ensure that aviation service providers have the ability to manage safety risks effectively using a structured, prescribed approach to managing identified safety concerns.
The purpose of aviation safety management systems (SMS) is to provide operators with a "systematic approach to managing safety. Yet there are no standards that every operator must follow, as the range of aviation industry segments is vast, just as the size and complexity of the thousands of service providers around the world. Even if there were a standardized, one-size-fits-all aviation SMS model, aviation regulatory authorities would still need to provide oversight to ensure that operators were following the prescribed "model SMS."
Related Safety Assurance Articles
- 4 Pillars | What Safety Assurance Really Means in Aviation SMS
- Best Tip for Safety Assurance Monitoring in Aviation SMS
- 40 Questions for Your Safety Assurance Process in Aviation SMS [With Free Checklists]
Safety Assurance Benefits Both Operators and Regulatory Authorities
Safety Assurance processes in aviation SMS implementations are designed to not only assist civil aviation authorities in providing regulatory oversight but also for individual operators to self-monitor their SMS implementations.
Self-monitoring each operator's aviation SMS will be required to demonstrate "continuous improvement of the SMS." Without self-monitoring activities, the accountable executive would have no assurance that the aviation SMS is implemented across the entire organization and is performing as designed.
Safety Assurance is one of the Four Pillars of SMS. Safety assurance philosophies have strong overlaps with quality management systems, after which safety management systems have been modeled.
If you have just started your SMS implementation, don't focus too heavily on Safety Assurance activities, except for your safety reporting system. In the early stages of SMS implementation, your focus will naturally turn to
- what is required in a fully implemented aviation SMS;
- how the organization will structure the SMS;
- how to communicate the coming changes to all employees; and
- what are employee and managers' roles and responsibilities in the SMS.
As aviation SMS implementations mature, the Safety Assurance pillar will gradually become more important until it becomes a center point of the SMS implementation. Not only will Safety Assurance activities take center stage, but they will also become critical to the long-term success of the SMS.
The first two elements of Safety Assurance, as defined by the Federal Aviation Administration, are:
- System Monitoring; and
- Data Acquisition.
These two elements are tightly intertwined, and as such the FAA considers them together. Here are the FAA’s Safety Performance Monitoring and Data Acquisition components.
Monitor Operational Processes
The FAA’s Part 5 (5.71(a)(1)) indicates that you need to develop a process for monitoring operational processes on a day-to-day basis.
These operational processes include:
- Supervision of employees;
- Reviewing safety data, such as duty logs or safety reports; and
- Safety policy and procedures (including checklists).
It goes without saying that the larger the organization, the more complex these monitoring activities will be. In smaller organizations, monitoring operational processes may be fulfilled by only one person. As organizations grow, the burden of this monitoring will transfer to multiple people (such as a safety team), and eventually to multiple tiers of management. In addition, larger operators may employ automated systems that can report "exceptions" to the aviation SMS, thereby initiating reactive risk management processes.
Having a solid risk management process is one way to fulfill this element. The most common inputs from day-to-day monitoring of operational processes are:
- Reported safety issues coming from the safety reporting system; and
- Audit findings coming from both internal and external auditing teams.
It is the responsibility of all employees to identify hazards and immediately report safety concerns. Taken from this vantage point, we could say the entire organization is actively monitoring operational processes. But why stop there? Your aviation SMS' safety reporting system should be available to stakeholders outside your organization, which may include, depending on your type of operation:
- Contractors or vendors;
- Tenants (at airports); and
- Customers.
Related Aviation Safety Reporting System Articles
- How to Develop a Safety Reporting System in Aviation SMS [With Free Checklist]
- Best Practices for Safety Reporting in Aviation SMS - With Examples
- How to Develop Healthy Safety Reporting Cultures in Aviation SMS
Monitoring Operational Environment
The second part of the FAA’s Safety Performance Monitoring and Data Acquisition in Part 5 (5.71(a)(2)) is monitoring the operational environment to detect changes. This element is a bit troubling because:
- “…changes” is rather vague; and
- The distinction between this element and monitoring operational processes is blurred.
The FAA’s Advisory Circular admits that this element involves “practices that are similar to those of operational processes.” However, the important point is that:
- “Operational environment” is equivalent to the “System” that is described in the first part of the FAA’s SRM process; and
- “Changes” are assumed to be elements of the operational environment that are not accounted for in the “System”.
As in the previous case, documented risk management processes will fulfill this element.
Auditing Operational Processes
Auditing operational processes, Part 5 (5.71(a)(3)), is a straightforward data acquisition action that safety professionals are familiar with. One doesn’t often think of aviation SMS audits as having the goal of “data acquisition,” however they do have one primary goal:
- Evaluate to what extent that organization practices are being followed as documented.
This component is three-fold:
- That you outline an auditing process;
- That you develop auditing procedures; and
- That you follow through with actually conducting audits.
This is explicitly stated in Part 5. Auditing can be completed by documenting the audit results:
- On paper;
- In a spreadsheet, such as Excel; or
- In aviation SMS database software for auditing.
The Advisory Circular indicates that the frequency of audits should scale with the size of the organization (a larger company means more audits).
Related Aviation Safety Audit Articles
- How to Conduct Internal SMS Audits in Aviation Industry
- How Often Should You Conduct Aviation SMS Audit
- How to Create an Aviation SMS Audit Plan
Evaluation of Aviation SMS Implementation
Evaluation of the aviation SMS – Part 5 (5.71(a)(4)) – is a tough nut to crack because of seemingly conflicting information. The AC says that evaluations are usually carried out by an independent party. This indicates that the primary difference between Auditing and Evaluation is:
- That an evaluation is performed by an external party.
However, the AC goes on to say that an “…evaluation is an internal oversight tool…” So, which is it: an internal or external function? The happy medium here is that:
- Each section of an audit is overseen by the relevant department head (or similar person in charge);
- Evaluations are carried out by an “objective” party that is not regularly involved with what is being evaluated.
Organizations will need to list their specific criteria or for how to conduct evaluations, clarifying things like:
- What does “objective” mean to the company;
- What qualifications an evaluator needs to have; and
- The scope of what each evaluator is evaluating.
The goal of evaluations is to provide a summary of the entire SMS implementation, such as a list of what is “working” and what “isn’t working” that can be presented to the accountable executive to direct remedial actions.
Perform Investigations on Safety Incidents and Non-Compliance
Part 5 (5.71(a)(5)) further points to a different data acquisition process, and investigations, which is somewhat similar to Evaluations and Audits. However, the difference between Investigations and Evaluations/Audits is that Investigations are performed:
- On an individual safety concern(i.e., case by case basis depending on severity of incident or accident); and
- To establish “what went wrong” for a specific hazard (dangerous condition).
Both Audits and Evaluations can be tailored to analyze the SMS implementation in parts, or as a whole. Investigations are designed for specific cases, such as an accident with a fatality. In the same manner, Part 5 (5.71(a)(6)) calls for investigations of non-compliance. These investigations also are done on a case-by-case basis. Of course, this requirement entails that you have a way for employees to report potential non-compliance, and this is typically performed through the organization's safety reporting system.
Related Aviation Safety Reporting System Articles
- How Confidential Aviation Safety Reporting Systems Offer Assurance to Employees
- Examples of Good Hazard Reporting Forms in Aviation Safety
- How to Bring Your Aviation Safety Reporting System to Compliance?
Have Confidential Safety Reporting System
The last component of the Part 5 requirements for Safety Monitoring and Data Acquisition is the requirement for SMS implementations to have a confidential reporting system (5.71(a)(7)). All this entails is that employees can report:
- Hazards;
- Safety issues;
- Concerns; and
- Suggestions.
Of course, the “confidential” portion of this requirement also entails that employees can report confidentially. “Confidential” should be defined by each organization, but generally means that employees can report:
- Anonymously;
- Without other employees seeing their report; and
- Without managers (other than the safety manager) seeing the report.
SMS implementations under FAA jurisdiction need to define AND document a safety reporting process and ensure that it works for employees.
Data Management Strategy to Demonstrate Safety Assurance Compliance
During this discussion on FAA's Safety Assurance requirements, four recurring data-intensive elements should cause you to look inward and consider your own SMS implementations. These recurring elements include:
- Safety reports from confidential safety reporting system;
- Investigations from more serious safety events;
- Audit findings from evaluations and audits; and
- Risk management processes to analyze and treat identified risks.
For safety professionals who are very conversant in aviation SMS requirements, we know that an aviation SMS' data management requirements are far more complex than safety reports, audit findings, and risk management processes to investigate and treat the safety reports and audit findings. Other important sub-systems are also important when verifying the success of your aviation SMS implementation. Systems with relevant SMS data may include but are not limited to:
- Hazard Register accessible by managers to review hazards, risks, and risk controls;
- Management of Change System;
- ERP Documentation Management;
- Training and Qualifications Management; and
- Safety Communication System (Message Board, Meeting Manager, Safety Surveys, Newsletters, Lessons Learned Library)
The point I wish to stress is that your SMS data management strategy will dictate how successful you are in demonstrating compliance with FAA's Safety Assurance requirements. By now, I'm hoping you will realize that spreadsheets are not a good option. An SMS database is better aligned to store many years worth of disparate risk management data.
To learn how your organization can benefit from a low-cost commercially available SMS database, please watch these short demo videos.
For a full overview of FAA compliance, you will find these resources valuable:
Last updated in June 2024.