Integrated Safety Management Systems lessons from the Aviation Industry

Integrated Safety Management Systems lessons from the Aviation Industry Rob Lee, PhD There is no such thing as an accident. What we call by that name is the effect of some cause which we do not see - Voltaire NAVY ARMY AIR Australasian University Safety Association Conference, 2011 FORCE

For every complex problem, there is invariably a simple solution, which is almost always wrong H.L Mencken

If you don t know where you are going, chances are you might wind up someplace else Yogi Berra

Safety management is not rocket science the challenge of rocket science pales in comparison to the complexities of safety management. - James Reason, 2005

Some history... Rob Lee, PhD The A380 was not the first French double deck airliner; it was the Breguet Deux Ponts, of the 1950 s

Airbus A380 in service from November 2007, SIA

Global Accident Rate: as at end Q3 2009 Western-built Jet Hull Losses per Million Sectors 1.20 1.00 IATA Member Rate Industry Rate 0.80 0.60 0.40 0.20 0.00 2000 2001 2002 2003 2004 2005 2006 2007 2008 30-Sep-09

However, as an industry, aviation is not particularly safe 12 Lost Workday Cases per 100 Employees* 10 8 6 4.7 4.9 5.2 5.3 4 2 0 0.3 Industry Average (2.6) 1.9 2.3 * U.S. Bureau of Labor Statistics, 2001 Data 2.6 3 9.7 DuPont Chemicals Mining Repair Services Pulp & Paper Transportation Equip. Primary Metal Industries Food & Kindred Prod. Lumber & Wood Products Transportation by Air

Airbus 3D A380 simulator

Detail

A380 interior

Different high technology industries... The same common factors...

People

...and Technology

Different technologies

the same human factors

The Systems Safety Philosophy To achieve significant and sustainable improvement in safety, every accident and incident, must be considered as a failure of the system...and not simply as the failure of a person, or people...even though human errors or violations will almost certainly be involved in the occurrence

The Reason Model of Systems Safety Was originally developed in the 1980s by Professor James Reason, Department of Psychology, University of Manchester

Chernobyl, April 25-26, 1986

Herald of Free Enterprise, capsized off Zeebrugge, Belgium, 6 March 1987

Space shuttle, Challenger, 28 Jan,1986

Kings Cross Underground Fire, 18 November, 1987

Tenerife, 27 March, 1977, two B747s collide on the runway

The Piper Alpha disaster, 6 July, 1988 The safety policy and procedures were in place: the practice was deficient - Lord Cullen

BP Texas City, March, 2005

BP Gulf of Mexico, April, 2010

Safety information feedback loops: outer ; inner ORGANISATION organisational Deficiencies: latent conditions MANAGEMENT DECISIONS AND ORGANISATIONAL PROCESSES WORKPLACE local conditions ERROR- PRODUCING CONDITIONS VIOLATION- PRODUCING CONDITIONS PERSON group/team ERRORS VIOLATIONS TECHNICAL FAILURES DEFENCES BARRIERS ACCIDENTS & SERIOUS INCIDENTS TASKING OPERATIONS LATENT DEFICIENCIES IN DEFENCES (HOLES IN THE DEFENCES - SWISS CHEESE MODEL) The Reason Model of Systems Safety Limited coping resources can get nibbled away Accumulat ion of minor event s. Not so much holes as st eady at t rit ion (Reason, 2000)

The Reason Model: defences, controls, barriers Preventive controls Recovery controls Potential accident Accident No Incident Incident What is the most important information for safety management?

The primary contributing factors in all accidents and incidents, in every high technology industry, are human factors, at both the individual and organisational levels.

Human factors The physical hazards of aviation operations are well known. However, it is human factors which constitute the greatest area of risk. Consequently, a basic knowledge and understanding of human factors must be integrated into the business processes of the organisation from the very top of the company

What is meant by the term Human Factors?

Human Factors Human factors refers to the study of humans as components of complex systems made up of people and technology. These are often called sociotechnical systems.

Human Factors Human factors is concerned with understanding the performance capabilities and limitations of the individual person. As well as the collective role of all the people in the system which contribute to its output. Which therefore includes factors such as organisational culture.

In sporting terms, human factors is concerned with the performance of the individual player...

and of the team as a whole.

In aviation terms, human factors is concerned with the performance of the individual player

and of the team as a whole.

People are not autonomous. They are components of systems made up of people and technology selection equipment design training working conditions procedures Individual behaviour culture Systemic factors Source: Brent Hayward

People... operate maintain design manage regulate build finance... the systems within these industries

The human contribution to system safety: The negative dimension: The human factors contribution to accidents and incidents is close to 100% The positive dimension Operational experience and accident/incident investigation shows that humans play the primary role in maintaining and enhancing safety

The systemic approach to air safety investigation - adopted by ICAO as a Standard in 1994

Annex 13 to the Convention on International Civil Aviation Aircraft Accident and Incident Investigation

Para 1.17 Organizational and management information. Pertinent information concerning the organizations and their management involved in influencing the operation of the aircraft. The organizations include, for example, the operator; the air traffic services, airway, aerodrome and weather service agencies; and the regulatory authority.

The information could include, but not be limited to, organizational structure and functions, resources, economic status, management policies and practices, and regulatory framework.

The Reason Model was endorsed by ICAO as a guide to the investigation of organisational and management factors.

Piper PA31-350 Chieftain VH-NDU,Young, NSW, 11 June 1993, the first major BASI systemic investigation using the Reason Model as a guide

For almost every aviation accident or incident, the subsequent systemic investigation has shown that: The main contributing factors were present before it happened. In most cases they were common knowledge, had been reported, and formally documented. In all cases, they could have, and should have, been identified and rectified before the accident or incident.

Systemic factors Hardware Training Organisation Communication Incompatible Goals Procedures Maintenance Design Housekeeping Safety culture Total factors contributing to accidents

An important lesson for senior management: If all the organisational factors are of the highest quality, the company is far more resilient to cope with a set of events and circumstances, which could otherwise lead to a catastrophic outcome

Example...

No. 3 Engine landed near pax terminal

New section of centreline along Taxiway N1 was painted after the accident Figure 13 A new section of Taxiway N1 centreline marking added and Runway 05R threshold markings (piano keys) being removed soon after the accident

It became apparent from systemic safety It became apparent from systemic safety investigations that most, if not all, major accidents and serious incidents would probably have been prevented if the organizations involved had had in place fully effective, integrated, safety management systems.

ICAO Annex 6 From 1 January 2009, States shall require, as part of their safety programme, that an operator implements a safety management system acceptable to the State of the operator that, as a minimum: (a) identifies safety hazards; (b) ensures that remedial action necessary to maintain an acceptable level of safety is implemented;

(c) provides for continuous monitoring and regular assessment of the safety level achieved; and (d) aims to make continuous improvement to the overall level of safety.

A safety management system shall clearly define lines of safety accountability throughout the operator s organisation, including a direct accountability for safety on the part of senior management

What is a Safety Management system? A safety management system is a businesslike approach to safety. It is a systematic, explicit and comprehensive process for managing safety risks. As with all management systems, a safety management system provides for goal setting, planning, and measuring performance. A safety management system is woven into the fabric of an organisation. It becomes part of the culture, the way people do their jobs. Transport Canada TP 13739 E (04/2001)

CAAS SMS requirements 1. Safety Policy 2. Safety Accountability 3. Safety Targets and Performance Indicators 4. Hazard and Risk Management 5. SMS Training and Promotion 6. SMS Documentation and Records 7. SMS Audit 8. Emergency Response Plan

Rail SMS Elements (RSRP) Safety policy Safety culture; Governance and Internal control arrangements; Management responsibilities, accountabilities and authorities; Regulatory compliance; Document control arrangements and information management; Review of the safety management system; Safety performance measures; Safety audit arrangements; Corrective action Management of change; Consultation; Internal communication; Risk management; Human factors; Procurement and contract management; General engineering and operational systems safety requirements; and Process control; Asset management; Safety Interface coordination; Management of notifiable occurrences; Security management; Emergency management;

12 Elements of the ADF SMS 1. Genuine command commitment 2. A generative aviation safety culture 3. Safety organisation structure 4. Communication 5. Aviation safety policy 6. Training and education 7. Risk management 8. Hazard reporting and tracking 9. Investigation 10.Emergency response 11.Survey and audit 12.Aviation Safety Management System review

Integrating the SMS: the greatest challenge

To be effective, safety management systems must be INTEGRATED. All the components of the SMS must be integrated with each other. The SMS must also be fully integrated into the management processes of the organisation: Operational. Financial. Human resource management.

Consider an engine. All the necessary components may be present...

But, until they are assembled, you do not have a functioning engine

However, even a fully integrated system will fail if the design of the system itself is fundamentally flawed.

Integration

Disintegration

To understand the internal integration of the ISMS, we can carry out a link analysis of the ISMS components For each link, we ask the questions: How will we link these components together? How will they communicate?

Genuine command commitment Training and education A generative safety culture A defined safety organisation structure Survey and audit Risk management Communication Documented aviation safety policy Hazard identification, reporting and tracking Investigation Emergency response ASMS review.

Integrating the ISMS into the business and operational processes of the organisation

Business processes: Financial Management and Safety Management systems Source: Patrick Hudson and Cliff Edwards Financial Management System Finance Plan Targets & Objectives Budget Accountabilities Levels of Authority Procedures Checks and Balances Audits Audit Findings Accountants Balance Sheets Company Board Management & Direction Sets Policy Establishes Objectives & Targets Delivers the Business Plan Raises and Approves Budgets Allocates Resources Management of Both Major Loss Generators Makes Business Sense QA/Safety Management System QA/Safety Plan Targets & Objectives Budget Accountabilities Line Management Authorities Procedures Compliance Monitoring Audits Audit Findings QA/Safety Committee Measure Performance Profit/Loss Finance Case Business Case or Safety Case Profit/Loss

Consider each of these key organisational areas: ISMS Equipment Training Communication Incompatible Goals (production versus safety) Procedures Maintenance Management Design Finance

Safety Culture A positive, just, and fair, safety culture is an essential dimension of a successful SMS It s like the oil in an engine. Without it, the ISMS will grind to a halt.

Genuine command commitment Training and education A generative safety culture A defined safety organisation structure Survey and audit Communication Organisational culture Risk management Documented aviation safety policy Hazard identification, reporting and tracking Investigation Emergency response ASMS review.

For each element of the SMS you need to specify clearly: The goal of the specific element The key performance criteria required to achieve the goal The main safety benefits to the organisation, resulting from achievement of the goal

Safety Reporting Goal All hazards, incidents, and accidents are reported and processed in an open and honest manner, in a just and fair company culture.

Safety Reporting Key Performance Criteria Reported hazards and safety occurrences are treated in a just and fair manner, but deliberate violations of rules and procedures are not tolerated. A system is available to enable personnel to submit confidential reports on safety issues if they are unwilling, for whatever reason, to report openly.

Safety Reporting Key Safety Benefits Data from the safety information system provides the empirical basis for data-driven decision making and riskbased safety management. Provides data for measuring safety performance, and achieving continuous improvement. Facilitates a reporting culture in which personnel are willing to report their errors, identified hazards, and suggestions to enhance safety. Enables risks to be proactively managed, and creates the potential for a positive outcome from a negative event, when incidents or accidents do occur.

Recent examples of Rail safety management initiatives I commend CFF to you.

Integrating Aviation Safety Management Systems, Quality Management Systems, and Occupational Safety, Health and Environment laws

The need for Integration :example ASOR: A fuel tanker s brakes fail and it hits an aircraft, damaging the aircraft and the tanker. As a result, jet fuel is spilled, and a ground staff member falls and is injured. We have: An air safety occurrence with the damage to the aircraft a maintenance issue with the tanker's brakes a quality issue in determining the factors which contributed to the brake failure, an environmental incident with the fuel spill a WHS safety incident with the ground staff member falling, and sustaining injuries.

This single incident spans multiple departments, including loading, maintenance, ground handling, and flight operations. Yet, each uses a different reporting and investigation methodology to investigate and process the occurrence

If You Are An Employer Or Principal: You must, as far as reasonably practicable, protect the safety and health of your employees or workers working under your direct control and all who may be affected by their work. This includes:

Workplace Safety and Health Act requirements conducting risk assessments to remove or control risks to workers at the workplace maintaining safe work facilities and arrangements for the workers at work ensuring safety in machinery, equipment, plant, articles, substances and work processes at the workplace

Workplace Safety and Health Act requirements (cont.) developing and putting into practice control measures for dealing with emergencies providing workers with adequate instruction, information, training and supervision.

CAAS SMS Requirements 1. Safety Policy 2. Safety Accountability 3. Safety Targets and Performance Indicators 4. Hazard and Risk Management 5. SMS Training and Promotion 6. SMS Documentation and Records 7. SMS Audit 8. Emergency Response Plan

Workplace Safety and Health Act requirements conducting risk assessments to remove or control risks to workers at the workplace maintaining safe work facilities and arrangements for the workers at work ensuring safety in machinery, equipment, plant, articles, substances and work processes at the workplace CAAS SMS Elements SP SA ST&PI H&RM SMST&P SMSD&R SMSA ERP

Workplace Safety and Health Act requirements (cont.) developing and putting into practice control measures for dealing with emergencies providing workers with adequate instruction, information, training and supervision. CAAS SMS Elements SP SA ST&PI H&RM SMST&P SMSD&R SMSA ERP

The Piasecki PA-97 Helistat Built under a US Navy contract for the US Forest Service Able to lift 26 tons Four helicopters interconnected, controlled by one pilot

Thank you Robert Lee and Sue Burdekin Pty Ltd