What Is Aviation Safety Policy
An Aviation Safety Policy is a document in aviation safety management systems (SMS) that outlines:
- What your organization’s safety value are;
- Expectations from employees and stakeholders;
- What safety commitments your organization is willing to make, as directed by the accountable executive; and
- Which resources employees can use to fulfill their SMS duties and responsibilities (policies, procedures, accountabilities, tools)?
Related Aviation Safety Policy Articles
- SMS First Steps - Which Safety Policy?
- How to Promote Your Aviation SMS Safety Policy
- 20 Questions for Your Safety Policy in Aviation SMS [With Free Resources]
ICAO's Doc 9859 writes that your Safety Policy is used to, “Describe the organization’s intentions, management principles and commitment to improving aviation safety in terms of the…service provider.”
Your company’s SMS Safety Policy should be the “bottom line” on all safety questions. When employees have questions regarding the SMS or safety, you should be able to send them to your Safety Policy for an answer.
The SMS' safety policy is the foundation upon which high-performing safety cultures rest. Trust in management's commitment toward safety and not toward retaliation is explicitly documented in the safety policy. An insincere safety policy breeds:
- suspicion toward management;
- disengaged employees;
- anxiety whenever "something unusual arises;"
- apathy toward both the company and the SMS;
- loss of revenue due to unreported risk control failures;
- failed SMS; or
- the proverbial paper SMS.
The Criteria for Your Safety Policy
Further criteria outlined by ICAO for your Safety Policy are that it should:
- Be in size and complexity commensurate with the size and complexity of your organization;
- State organizations intentions, principles, objectives, and commitments;
- Be signed by accountable executive;
- Be promoted by the accountable executive and other managers;
- Be reviewed periodically;
- Involve personnel at all levels of the SMS; and
- Be communicated to all employees in the organization.
An SMS' Safety Policy needs to fulfill each of the above points to have a compliant policy. In fulfilling these requirements, you also address much of the Safety Policy component of the 4 Pillars of SMS.
Related Articles on Four Pillars of Aviation SMS
- What Are the 4 Pillars of SMS?
- Who Started Four Pillars of Safety Management in Aviation?
- Which of the Four Pillars of SMS Carries the Most Weight?
How Big Should Your Safety Policy Be?
ICAO states that your Safety Policy should be based on the size of the complexity of your organization. In some ways this is true, but in other ways, this is not true in the actual practice of developing safety policies.
The fact is that most Safety Policies will be about the same size as any other company’s Safety Policy. This is because many of the required Safety Policy elements are static items that contain the "expected" sections with an appropriate number of words in each section, such as:
- High level safety goals;
- Specific safety objectives;
- Commitments to safety;
- Safety org chart; and
- Key safety personnel.
Your Safety Policy needs to include such items. So the sections of the safety policy are finite and guidance about the sections has been fairly well standardized. After all, there have to be some expectations as to what should go into the safety policy to allow SMS auditors to objectively evaluate an SMS implementation. Without guidance and expectations, there would be no control - a complete "free-for-all."
Consequently, the number of sections in safety policies will hardly vary in size among different organizations. Where a Safety Policy tends to differ in size from other companies’ Safety Policies will be seen in the subsections under:
- Safety Accountabilities;
- Roles and responsibilities; and
- Procedures and SMS policies.
Larger organizations will need to account for (i.e., document) a greater number of roles, responsibilities, policies/procedures, and accountabilities that interact in complex ways. Their Safety Policy needs to capture more detail that comes with increased size and complexity. Smaller operations, with fewer employees and a less diverse operational environment, will need to account for less.
You just need to make sure that your Safety Policy includes all required elements, and that the accountabilities, roles, policies, and procedures capture what actually exists in your operational environment. In this manner, your Safety Policy will naturally develop to be the right size. Using the safety policy from another company is fine as long as you actually practice what is described in the adopted safety policy.
What Is the Purpose of SMS' Safety Policy?
Among the most common audit findings is that the operator is not conducting operations according to policies and procedures. There is a reason for policies and procedures. They are your design - your assurance that risk controls are designed and implemented to ensure risk is as low as reasonably practical (ALARP). When employees are not following documented policies and procedures, unnecessary and uncontrolled risks are introduced into the operations.
This last point is the most important point I wish to communicate.
Safety policies (and other policies and procedures) are designed to allow the organization to operate safely as long as everyone follows "certain steps," also known as procedures. When someone does not follow the policies and procedures, management must be alerted and the reactive risk management process begins. An investigation should then be initiated to discover why?
Related Aviation Risk Management Articles
- What Is Reactive Risk Management (Why It’s Essential for Aviation SMS)
- From Reactive to Proactive Risk Management in Aviation SMS
- Is Root Cause Analysis Proactive or Reactive?
Once management investigates to discover the root cause as to why the policy or procedure was neglected or not followed, management can implement risk controls to prevent a recurrence using their documented risk management processes. This process is both
- in the interest of safety and
- controlling operations in an inherently unsafe and difficult-to-control operating environment.
Publicly submitting a safety report on yourself declaring that you "messed up" and made a mistake is difficult even on your best day. Managers and peers may look at you as if you are:
- lazy; or
- drunk or stoned (intoxicated).
An SMS' safety policy affords assurances to the employees that "it is all right to make mistakes." Of course, managers don't like it when you make mistakes, but in the interests of safety, management must address the correct mindset of system safety. "Tell us what went wrong so we can improve the system so it will not happen again." There are of course where an employee should not receive immunity from management. That will not be discussed here.
This above describes modern aviation risk management. Safety policy tells employees that they are expected to report ALL
- potential hazards;
- close calls, regardless of whether there was damage or injury; or
- minor discrepancies in workflows.
Once employees report these safety concerns, management can run these safety issues through their reactive and proactive risk management processes. However, when employees don't know about the SMS, or they don't know what is expected from them in the SMS, the safety reporting culture will remain substandard or nonexistent. There will be no way for management to address system design flaws in the SMS risk management cycle of safety risk management (SRM = Design) and safety assurance (SA = monitor).
Obtaining as much data on valid safety concerns is extremely valuable for management to improve the system and reduce losses. The more data, the better. As your company gathers more data and has a way to store, categorize, and retrieve this risk management data, the organization becomes more efficient in decision-making processes and will be able to benefit from predictive risk management processes.
Have You Read
- Difference between Reactive, Predictive and Proactive Risk Management in Aviation SMS
- How to Practice Reactive, Proactive, and Predictive Risk Management in Aviation SMS
- The Truth about What Predictive Risk Management Is
What Should Be in Your Safety Policy
Though we have already covered some of these important items listed below, your Safety Policy should include:
- Key commitments, such as:
- CEO commitment to safety
- Organizational commitment to safety
- Commitment to non-punitive reporting
- Voluntary and mandatory reporting
- High level company goals
- Specific company safety objectives that help SMS reach goals
- Safety organizational chart showing reporting and management chain of command
- List key personnel, including:
- Accountable executive
- Safety manager to maintain SMS
- Safety committees
- Other important personnel
- List all roles in your organization, including the safety responsibilities and accountabilities of each role
- Important safety resources, including SMS:
There may be more items you should include in your Safety Policy based on your size and complexity, but these items cover the core elements to help you reach Safety Policy compliance. Evaluating the safety policy by SMS auditors is not an easy task as there is a degree of subjectivity. As long as you have the "expected" elements covered, there should be no valid complaints from the SMS auditor.
Final Thought on Reviewing Your Policy
Your Safety Policy is not a static document.
Safety policies will change in size and scope over time as you review and update them.
When aviation service providers begin their SMS implementations, among the first tasks to be completed is the Safety Policy. It is considered a "low-hanging fruit" from the safety manager's perspective. All he has to do is grab one of many templates that can be found on the web and slap the accountable executive's name at the bottom. Of course, he should read it and modify the template to ensure it aligns with the company's goals and objectives.
In extreme cases, the safety manager may forget to remove the names on the original safety policy template. While this neglectful oversight is not common, it happens more than we like.
A best practice is for your accountable executive, safety manager, and safety committee/team to perform a comprehensive audit of your Safety Policy once per year. Beyond this, any anomalies discovered in the policy when referencing it during normal operations should be promptly fixed, rather than waiting until the comprehensive review.
Another best practice is to have a reminder in your SMS database or calendar to ensure the policy is reviewed regularly. When I see safety policies that have not been reviewed in five years, this is an excellent safety culture indicator. It also indicates this operator has a "paper SMS" that was implemented to only "check the box" without regard to the tangible benefits offered by a performing SMS.
Last updated February 2023.