DASR SMS - Aviation Safety Management Systems

GM SMS.A.25(a)(2) - Size and complexity considerations (AUS)

Every organisation should ensure that its SMS is tailored for its size, the nature of its operations and the complexity of its aviation products and services. There is no ‘one size fits all’ SMS.

Larger or more diverse organisations may require several safety management levels and/or safety committees. Conversely, small organisations may not need dedicated safety staff, instead relying on a number of employees to perform the multiple functions required. In very small organisations, maintaining independence in safety oversight and improvement functions may not be possible, in which case these functions could be conducted by external parties with the required competencies.

Where one or more organisations exist within a larger business group, each organisation may leverage off a single, corporate-level SMS.

GM SMS.A.25(a)3 - Safety management system maturity level (AUS)

Variations in the size of the organisation, the nature of its operations and the complexity of its aviation products and services make it necessary to assess organisations on the ‘performance’ of their SMS rather than their ‘compliance’ and ‘conformance’. These performance assessments primarily focus on the effectiveness of the SMS and its maturity growth.

Assessment against the indicators that are contained within the published SMS assessment tool is used to determine the maturity of the organisation. Further information on the maturity and growth expectations can be found at DASA ASMS website.

GM SMS.A.25(b)(1)(1.1) - Management commitment (AUS)

Safety Policy

In preparing a safety policy, the accountable manager should consult widely with staff members in charge of key safety areas. Consultation ensures that the document is relevant to staff and provides them with a sense of ownership in it.

Unacceptable behaviours

Human error is unavoidable and must be managed. Just culture refers to the way that both errors and violations are treated. For a just culture to exist, it must be collectively agreed and clearly understood as to the distinction between acceptable and unacceptable behaviour. All personnel must understand the difference between intentional departures from the rules and honest errors. To ensure the fair treatment of persons involved, it is essential that those responsible for making determinations have the necessary technical expertise so that the context of the event may be fully considered. To maintain an effective, just and fair reporting culture, the organisation should consider utilising a standardised/documented tool such as the DFSB developed Safety Behaviour Management Tool (SBMT).

Visible endorsement

'Visible endorsement' refers to making management’s active support of the safety policy visible to the rest of the organisation. This can be done via any means of communication and also through the alignment of activities to the safety policy statement.

If the organisation chooses to make use of a ‘safety policy statement’ as its safety policy, visible endorsement could be demonstrated through attaching an annual safety schedule to the safety policy statement.

Safety objectives

Organisations should also consider the following suggestions when establishing their safety objectives:

Choose a variety of objectives that when combined encompass all of the components (policy and objectives, risk management, oversight & improvement and promotion) of the DASR SMS.

Write objectives in a SMART format (specific, measureable, achievable, relevant and timely), or support them with SMART safety targets. This will assist in demonstrating progress towards achieving the objectives.

If the organisation chooses to make use of a ‘safety policy statement’ as its safety policy, the safety objectives could be included as an attachment to the statement.

GM SMS.A.25(b)(1)(1.2) - Safety accountability and responsibilities (AUS)

SAFETY ACCOUNTABILITY AND RESPONSIBILITIES

Accountable Manager

In the context of this regulation the term 'accountability' refers to obligations which cannot be delegated. The term 'responsibilities' refers to functions and activities which may be delegated.

The accountable manager is the person who is accountable for the safe operation of the organisation on behalf of the organisation. The Accountable Manager is typically the Chief Executive Officer (CEO) or senior military commander who:

has the authority to make decisions on behalf of the organisation;

has control of resources, both financial and human; and

is responsible for ensuring appropriate actions are taken to respond to accidents and incidents, address safety issues and address safety risks.

In the case where a SMS applies to several different approvals, that are all part of the same organisation, there should be a single accountable manager. Where this is not possible, individual accountable managers should be identified for each organisation approval with clearly defined lines of accountability. It is also important to identify how their safety accountabilities will be coordinated.

Although responsibility for the day-to-day operation of the SMS is typically managed by other key safety personnel, the accountable manager cannot delegate accountability for the system, nor can accountability of the decisions regarding safety risks be delegated (the authority to make decisions regarding safety risk may be assigned to individuals, management positions, ranks or committees).

Organisational safety structure

The responsibilities of all personnel with safety-related duties should be clearly defined through the organisation’s safety structure. The organisation’s safety structure should:

Define the responsibilities of all personnel involved in the management and operation of the SMS. The responsibilities should be commensurate with the extent to which the personnel are involved with and utilise the SMS.

Contain clear lines of communication and safety responsibility so that personnel can locate their superiors and subordinates in the safety structure.

Be clearly written, in a format that is understandable and easily accessible to all personnel.

Focus on the staff member’s contribution to the safety performance of the organisation (the organisation’s safety outcomes).

Safety risk decisions

An organisation ensures that decisions carrying significant potential consequences are made at an appropriate level by establishing levels of management that have the authority to make decisions regarding safety risk. Authority may be assigned to individuals, management positions, ranks or committees.

Decisions regarding safety risk are business decisions, aimed at ensuring that activities with residual risk are not conducted without approval from the appropriate level of management. All activities that are conducted are still required to have safety risks eliminated, So Far As is Reasonably Practicable (SFARP), and where not reasonably practicable to eliminate, minimised SFARP. That is, a predetermined level of safety risk must not influence the risk management process to cease the elimination and minimisation of risks prematurely.

GM SMS.A.25(b)(1)(1.3) - Appointment of key safety personnel (AUS)

APPOINTMENT OF KEY SAFETY PERSONNEL

The safety manager function

Appointment of a competent individual or group to fulfil the safety manager function is essential to an effectively implemented and functioning SMS. The individual or persons filling the function of safety manager advise the accountable manager and line managers on safety management matters, and are responsible for coordinating and communicating safety issues within the organisation. Safety manager functions and responsibilities may include:

manage the SMS implementation plan on behalf of the accountable manager (upon initial implementation);

perform/facilitate hazard identification and safety risk analysis;

monitor corrective actions and evaluate their results;

provide periodic reports on the organisation’s safety performance;

maintain SMS documentation and records;

plan and facilitate staff safety training;

provide independent advice on safety matters;

monitor safety concerns in the aviation industry and their perceived impact on the organisation’s operations aimed at product and service delivery; and

coordinate and communicate (on behalf of the accountable manager) with the Authority and CASA as necessary on issues relating to safety.

GM SMS.A.25(b)(1)(1.4) - Coordination of emergency response planning (AUS)

COORDINATION OF EMERGENCY RESPONSE PLANNING

Applicability

The DASR SMS requirement for emergency response planning applies to all emergency situations/scenarios that could affect the safety of aviation products or services. Although it may seem indirect, poor emergency response in manufacturing and maintenance organisations could introduce latent hazards in aviation systems.

An ERP may not be relevant to all organisations. Currently all DASR 21J organisations are exempt from the need to have an ERP to handle aviation-related emergencies.

The Emergency Response Plan

An emergency response plan (ERP) is an integral component of an organisation’s safety risk management process to address aviation related emergencies, crises or events. The ERP should:

address reasonably foreseeable aviation-related emergencies;

ensure an orderly and efficient transition from normal to emergency operations;

aim to re-establish ‘normal’ operations following the emergency (this includes all of the checks/inspections that are to be conducted prior to resuming work);

provide a selection of standard mitigating actions, processes and control measures;

assign appropriate personnel with emergency responsibilities and delegation(s) of authority;

provide actions to be taken by responsible personnel during an emergency;

contain coordinated actions with different organisations, eg airfield management services and external, non-aviation, emergency services; and

be easily accessible to the appropriate key personnel and the coordinating external organisations.

GM SMS.A.25(b)(1)(1.5) - SMS documentation (AUS)

SMS documentation

The SMS documentation should describe the organisation’s SMS policies, processes and procedures to facilitate the organisation’s internal administration, communication and maintenance of the SMS. SMS documentation should:

help personnel to understand how the organisation’s SMS functions;

describe how the safety policy and objectives will be met;

include a system description that provides the boundaries of the SMS;

help clarify the relationship between the various policies, processes, procedures and practices, and define how these link to the organisation’s safety policy statement and objectives;

be written to address the day-to-day safety management activities of the organisation;

be easily understood by personnel throughout the organisation;

be kept up to date; and

provide appropriate cross-referencing to other relevant documentation.

SMS documentation may be a stand-alone document, or it may be integrated with other documents maintained by the organisation. Where details of the organisation’s SMS processes are already addressed in existing documents, appropriate cross-referencing to such documents (demonstrating compliance with the 4 components and 12 elements) may be considered sufficient.

GM SMS.A.25(b)(2)(2.1) - Hazard identification (AUS)

HAZARD IDENTIFICATION

Introduction

Organisations must develop and maintain a formal process to identify hazards that could impact aviation safety in all areas of operations and activities. This includes hazards that may be introduced through the use of plant, substances, structures and any goods or services provided by external organisations.

Common sources for hazard identification

There are a variety of sources for hazard identification, some internal to the organisation and some external to the organisation. Sources of hazard identification include:

daily monitoring of normal operations,

automated monitoring systems,

voluntary and mandatory safety reporting systems,

surveys and audits,

feedback from training,

internal and external safety investigations,

interfaces with external organisations (3rd party relationships and interactions),

aviation accident reports,

safety publications and notifications produced by aviation safety authorities, and

WHS legislation (Act, Regulations and Codes of practice).

Safety reporting system

A safety reporting system is a major source for ongoing hazard identification, regularly raising potential safety issues such as those found in accidents, incidents, near misses or errors. It can provide valuable information to the Authority and the organisation on lower consequence events.

The Defence corporate solution for a safety reporting system is now ‘Sentinel’. The organisation should contact the Defence Flight Safety Bureau (DFSB) for assistance and information regarding its function and use.

It is important that organisations provide appropriate protections to encourage people to report what they see or experience. It should be clearly stated that reported information will be used primarily to support the enhancement of safety. The intent is to promote an effective reporting culture and proactive identification of potential safety deficiencies.

Voluntary safety reporting systems should be confidential, requiring that any identifying information about the reporter is known only to the custodian to allow for follow-up action. The role of custodian should be kept to a few individuals, typically restricted to the safety manager and personnel involved in the safety investigation. Maintaining confidentiality will help facilitate the disclosure of hazards leading to human error, without fear of retribution or embarrassment. Voluntary safety reports may be de-identified and archived once necessary follow-up actions are taken. De-identified reports can support future trending analyses to track the effectiveness of risk mitigation and to identify emerging hazards.

To be effective, safety reporting systems should be readily accessible to all personnel. Depending on the situation, a paper-based, web-based or desktop form can be used. Having multiple entry methods available maximises the likelihood of staff engagement. Everyone should be made aware of the benefits of safety reporting and what should be reported

Feedback to the reporter

Anybody that submits a safety report should receive feedback on what decisions or actions have been taken. Feedback to reporters in voluntary reporting schemes serves to demonstrate that such reports are considered seriously. This helps to promote a positive safety culture and encourage future reporting.

SAFETY INVESTIGATIONS

When to conduct a safety investigation?

The organisation must establish, implement and maintain procedures for:

Investigating, responding to, an taking action to minimise any harm caused by accidents and incidents;

investigating and responding to system failures; and

initiating and completing appropriate corrective and preventive action.

In addition to accidents and incidents, there are other conditions that may merit more detailed investigation, eg where the organisation experiences an unexplained increase in aviation safety-related events or regulatory non-compliance. Any additional conditions that may require a safety investigation are to be identified in the organisation’s SMS documentation.

The organisation must implement and record any changes in SMS documentation and procedures that result from safety investigations and their corrective and preventive actions.

The safety investigation process

Providing in-depth detail of the process for conducting safety investigations is outside of the scope of this guidance material. Further information regarding the conduct and application of safety investigations can be obtained through contacting the Defence Flight Safety Bureau (DFSB) and consulting their associated publications.

In establishing and maintaining procedures for safety investigations the organisation should include these basic elements:

identifying the causal and contributing factors for the incident(s) or hazard(s);

identifying and implementing the necessary corrective action(s);

implementing or modifying control measures that are necessary to avoid occurrence or repetition of the incident/situation; and

recording any changes in SMS documentation and procedures resulting from the safety investigation and its corrective and preventative actions.

Safety investigation training

Safety investigations, and the resultant reports, are to be conducted by staff with, or supervised by staff with, relevant safety investigation or incident investigation training. The suitability of safety investigators will be assessed on a case-by-case basis, taking into account the size of the organisation, the nature of its operations and the complexity of its aviation products and services.

Although there are no specific training courses required by the DASR SMS for safety investigators, organisations may choose to utilise the Aviation Incident Investigation Course (AIIC) provided by the Defence Flight Safety Bureau (DFSB).

Third party relationships and interactions

Third party relationships and interactions previously existed as a separate element (1.4.) of the DASR SMS. The decision was made to align more closely with ICAO and incorporate its requirements into the safety risk management component. This change does not mean that the treatment of third party hazards and risks is to be forgotten in any way. Hazards and risks associated with interactions with third parties are still to be identified and treated using the process outlined in element 2.1. and 2.2.

GM SMS.A.25(b)(2)(2.2) - Safety risk assessment and mitigation (AUS)

The Work Health and Safety Act 2011 and Work Health and Safety Regulations 2011 outline a number of specific requirements relating to the management of risks to health and safety. Although these requirements can be easily understood when read in isolation, the final risk management process can become complicated due to the interactions between them.

For example, the reasonably practicable requirements must be applied up to 4 times in the execution of managing risks due to the structure and use of the hierarchy of control measures being applied during minimisation. This makes for a non-linear process that will vary in difficulty depending on the context.

To provide direction on the application of the WHS legislated requirements, Defence has produced a 7 step Safety Risk Management (SRM) process, incorporating the 5 requirements outlined in the AMC:

Step 1. Establish hazard and risk context.

Step 2. Be reasonably informed of the risk and all possible controls.

Step 3. Eliminate risk so far as is reasonably practicable (SFARP).

Step 4. Minimise risk SFARP.

Step 5. Characterise risk.

Step 6. Decision to proceed.

Step 7. Continuous risk monitoring and review.

Guidance for the application of the 7 step SRM process can be found in the Advisory Circular 'AC 003/2018 – Risk Management in the Defence Aviation Safety Program'.

GM SMS.A.25(b)(3)(3.1) - Safety performance monitoring and measurement (AUS)

SAFETY PERFORMANCE OBJECTIVES, TARGETS AND INDICATORS

Safety performance monitoring is conducted through the collection of safety data and safety information from a variety of sources typically available to an organisation. Data availability to support informed decision-making is one of the most important aspects of the SMS. Using this data for safety performance monitoring and measurement are essential activities that generate the information necessary for safety risk decision-making.

Safety performance monitoring and measurement should be conducted observing some basic principles. The safety performance achieved is an indication of organisational behaviour and is also a measure of the effectiveness of the SMS. This requires the organisation to define:

Safety Objectives – Safety objectives should be established first to reflect the strategic achievements or desired outcomes related to safety concerns specific to the organisation’s operational context and produced in a Suitable, Measureable, Achievable Relevant and Timely format (SMART);

Safety Performance Targets (SPTs) - SPTs are tactical level SMART goals that work individually or as a group to monitor progress towards the achievement of the safety objectives.

Safety Performance Indicators (SPIs) - SPIs are tactical parameters related to safety objectives and SPTs and therefore are the reference for data collection; and

SPIs are used to measure operational safety performance of the organisation and the performance of their SMS. SPIs rely on the monitoring of data and information from various sources including the safety reporting system. They should be specific to the individual organisation and be linked to the safety objectives already established.

When establishing SPIs organisations should consider:

Measuring the right things - Determine the best SPIs that will show the organisation is on track to achieving its safety objectives and SPTs. Also consider what are the biggest safety issues and safety risks faced by the organisation, and identify SPIs which will show effective control of these.

Availability of data - Is there data available which aligns with what the organisation wants to measure? If there isn’t, there may be a need establish additional data collection sources. For small organisations with limited amounts of data, the pooling of data sets may also help to identify trends. This may be supported by industry associations who can collate safety data from multiple organisations.

Reliability of the data - Data may be unreliable either because of its subjectivity or because it is incomplete.

Common industry SPIs - It may be useful to agree on common SPIs with similar organisations so that comparisons can be made between organisations. The regulator or industry associations may enable these.

A more complete picture of the organisation’s safety performance will be achieved if SPIs encompass a wide spectrum of indicators. This should include:

low probability/high severity events, eg accidents and serious incidents;

high probability/low severity events, eg uneventful operational events, non-conformance reports, deviations etc;

process performance, eg training, system improvements and report processing;

qualitative and quantitative type indicators; and

leading (inputs) and lagging (outputs) type indicators.

Primarily, safety performance monitoring and measurement provides a means to verify the effectiveness of safety risk control measures, a requirement of the Work Health and Safety Regulations 2011, in particular Regulations 37 and 38.

Internal audits

Internal audits are performed to assess the effectiveness of the SMS and identify areas for potential improvement. Internal audits are most effective when conducted by persons or departments independent of the functions being audited. Such audits should provide the accountable manager and senior management with feedback on:

the current state of compliance with DASR regulations;

the current state of compliance with policies, processes and procedures;

the effectiveness of safety risk control measures;

the effectiveness and status of recent corrective actions;

any deficiencies identified in the SMS; and

any opportunities for improvement for the SMS.

Some organisations cannot ensure appropriate independence of an internal audit, in such cases, the organisation should consider engaging external auditors (e.g. independent auditors or auditors from another organisation).

The results of the internal audit process become one of the various inputs to the SRM process and safety oversight and improvement functions. Internal audits inform the organisation’s management of the level of compliance within the organisation, the degree to which safety risk controls are effective and where corrective or preventive action is required.

GM SMS.A.25(b)(3)(3.2) - The management of change (AUS)

THE MANAGEMENT OF CHANGE

Organisations experience change due to a number of factors including, but not limited to:

organisational expansion or contraction;

business improvements that impact safety; these may result in changes to internal systems, processes or procedures that support the safe delivery of the products and services;

changes to the organisation’s operating environment;

changes to staffing numbers;

changes to shift work schedules;

changes to the SMS interfaces with external organisations;

legislative and regulatory changes; and

economic changes and emerging risks.

Change may affect the effectiveness of existing safety risk controls. In addition, new hazards, and related safety risks may be inadvertently introduced into an operation when change occurs. Hazards should be identified and related safety risks assessed and controlled as defined in the organisation’s existing hazard identification and SRM procedures.

Small incremental changes often go unnoticed, but the cumulative effect can be considerable. Changes, large and small, might affect the organisation’s system description, and may lead to the need for its revision. Therefore, the system description should be regularly reviewed to determine its continued validity, given that most organisations experience regular, or even continuous, change.

The organisation should define the triggers for the formal change process. Changes that are likely to trigger ‘management of change’ processes include:

introduction of new technology or equipment;

changes in the operating environment;

changes in key personnel;

significant changes in staffing levels;

changes in safety regulatory requirements;

significant restructuring of the organisation; and

physical changes (new facility or base, aerodrome layout changes etc.).

GM SMS.A.25(b)(3)(3.3) - Continuous improvement of the SMS (AUS)

CONTINUOUS IMPROVEMENT OF THE SMS

Maintenance and continuous improvement of the organisation’s SMS effectiveness is supported by safety oversight and improvement activities that include the verification and follow up of actions and the internal audit processes. It should be recognised that maintaining and continuously improving the SMS is an ongoing journey as the organisation itself and the operational environment will be constantly changing.

Assessing the SMS’s effectiveness should not be based solely on SPIs; organisations should aim to implement a variety of methods to determine its effectiveness, measure outputs as well as outcomes of the processes, and assess the information gathered through these activities. Such methods may include:

audits,

assessments,

monitoring of occurrences,

safety surveys,

management reviews,

evaluation of Safety Performance Indicators (SPIs) and Safety Performance Targets (SPTs), and

addressing lessons learnt.

Ongoing monitoring of the SMS, its related safety risk controls and support systems assures the organisation that the safety management processes are achieving their desired safety performance objectives.

Safety committees

The organisation should consider the establishment of safety committees to support the continuous improvement of SMS effectiveness. Some types of safety committees that organisations may consider establishing include:

Safety Review Board (SRB) – A high level safety committee that discusses the strategic direction and performance of the SMS.

Safety Action Group (SAG) – Operationally focussed safety committees that coordinate the implementation of safety strategies decided by the SRB.

GM SMS.A.25(b)(4)(4.1) - Training and education (AUS)

TRAINING AND EDUCATION

Personnel being trained and competent to perform their SMS duties, regardless of their level in the organisation, is an indication of management’s commitment to an effective SMS. The training programme should include initial and recurrent training requirements to maintain competencies. Initial safety training should consider, as a minimum, the following:

organisational safety policies and safety objectives;

organisational roles and responsibilities related to safety;

a foundational understanding of the SRM process;

safety reporting systems;

the organisation’s SMS processes and procedures; and

human factors.

Recurrent safety training should focus on changes to the SMS policies, processes and procedures, and should highlight any specific safety issues relevant to the organisation or lessons learnt.

The training programme should be tailored to the needs of the individual’s role within the SMS. For example, the level and depth of training for managers involved in the organisation's safety committees will be higher than personnel directly involved with delivery of the organisation’s product or services.

Training needs analysis

For most organisations, a formal training needs analysis (TNA) is necessary to ensure there is a clear understanding of the operation of the organisation, the safety duties of the personnel and the available training. A typical TNA will normally start by conducting an audience analysis, which usually includes the following steps:

Identify each safety duty and in what ways they will interact with the safety management processes, inputs and outputs.

Identify the knowledge and competencies needed to perform each safety duty and the knowledge and competencies required by each staff grouping.

Conduct an analysis to identify the gap between the current safety skill and knowledge across the workforce and those needed to effectively perform the allocated safety duties.

Identify the most appropriate skills and knowledge development approach for each group with the aim of developing a training programme appropriate to each individual or group’s involvement in safety management.

The main purpose of the safety training programme is to ensure that personnel, at all levels of the organisation, maintain their competence to fulfil their safety roles; therefore, competencies of personnel should be reviewed on a regular basis.

GM SMS.A.25(b)(4)(4.2) - Safety communication (AUS)

SAFETY COMMUNICATION

There should be a communication strategy that enables safety communication to be delivered by the most appropriate method based on the individual’s role and need to receive safety related information. This may be done through safety newsletters, notices, bulletins, briefings or training courses. The safety manager should also ensure that lessons learned from investigations and case histories or experiences, both internally and from other organisations, are distributed widely.

Organisations should consider whether any internal safety information needs to be communicated to external organisations.

Organisations should assess the effectiveness of their safety communication by checking personnel have received and understood any safety critical information that has been distributed. This can be done as part of the internal audit activities or when assessing the SMS effectiveness.

Safety promotion activities should be carried out throughout the life cycle of the SMS, not only at the beginning.