19-05(staff instruction 19-05)tentang petunjuk teknis...
TRANSCRIPT
KEMENTERIAN PERHUBUNGAN
DIREKTORAT JENDERAL PERHUBUNGAN UDARA
PERATURAN DIREKTUR JENDERAL PERHUBUNGAN UDARANOMOR : KP 279 TAHUN 2017
TENTANG
PETUNJUK TEKNIS PERATURAN KESELAMATAN PENERBANGAN SIPIL BAGIAN19-05 (STAFF INSTRUCTION 19-05) TENTANG PETUNJUK TEKNIS (PANDUAN)
SAFETY MANAGEMENT SYSTEM (SMS) UNTUK PARA INSPEKTUR DIREKTORATJENDERAL PERHUBUNGAN UDARA DAN OPERATOR
DENGAN RAHMAT TUHAN YANG MAHA ESA
DIREKTUR JENDERAL PERHUBUNGAN UDARA,
Menimbang : a. bahwa dalam rangka melaksanakan amanah PeraturanMenteri Perhubungan Republik Indonesia Nomor PM 62Tahun 2017 tentang Peraturan KeselamatanPenerbangan Sipil Bagian 19 (Civil Aviation SafetyRegulations Part 19) tentang Sistem ManajemenKeselamatan (Safety Management System) perludiberikan panduan sistem manajemen keselamatanuntuk para inspektur Direktorat Jenderal PerhubunganUdara Dan Operator;
b. bahwa untuk digunakan sebagai pedoman dan tanggungjawab oleh Direktorat Jenderal Perhubungan Udara danpemohon yang berurusan dengan Direktorat JenderalPerhubungan Udara untuk mengevaluasi petugaslayanan panduan dan implementasi sistem manajemenkeselamatan;
c. bahwa untuk melaksanakan ketentuan sebagaimanadimaksud pada huruf a dan b, perlu menetapkanPeraturan Direktur Jenderal Perhubungan Udaratentang Petunjuk Teknis Peraturan Keselamatan
Penerbangan Sipil Bagian 19-05 (Staff Instruction 19-05)tentang Petunjuk Teknis (Panduan) Safety ManagementSystem (SMS) Untuk Para Inspektur Direktorat JenderalPerhubungan Udara Dan Operator;
Mengingat : 1. Undang-Undang Republik Indonesia Nomor 1 Tahun2009 tentang Penerbangan (Lembaran NegaraRepublik Indonesia Tahun 2009 Nomor 1, TambahanLembaran Negara Republik Indonesia Nomor 4956);
-2-
2. Peraturan Presiden Nomor 7 Tahun 2015 tentangOrganisasi Kementerian Negara (Lembaran NegaraRepublik Indonesia Tahun 2015 Nomor 8);
3. Peraturan Presiden Nomor 40 Tahun 2015 tentangKementerian Perhubungan (Lembaran Negara RepublikIndonesia Tahun 2015 Nomor 75);
4. Peraturan Menteri Perhubungan Nomor PM 189 Tahun2015 tentang Organisasi dan Tata Kerja KementerianPerhubungan (Berita Negara Republik Indonesia Tahun2015 Nomor1844) sebagaimana telah beberapa kalidiubah, terakhir dengan Peraturan MenteriPerhubungan Nomor PM 44 Tahun 2017 tentangPerubahan Kedua atas Peraturan Menteri PerhubunganNomorPM 189 Tahun 2015 tentang Organisasi dan TataKerja Kementerian Perhubungan (Berita Negara RepublikIndonesia Tahun 2017 Nomor 816);
5. Peraturan Menteri Perhubungan Nomor PM 62 Tahun2017 tentang Peraturan Keselamatan Penerbangan SipilBagian19 [Civil Aviation Safety Regulations Part 19)tentang Sistem Manajemen Keselamatan (SafetyManagement System) (Berita Negara Republik IndonesiaTahun 2017 Nomor 1098);
MEMUTUSKAN
Menetapkan : PERATURAN DIREKTUR JENDERAL PERHUBUNGAN UDARATENTANG PETUNJUK TEKNIS PERATURAN KESELAMATAN
PENERBANGAN SIPIL BAGIAN 19-05 (STAFF INSTRUCTION19-05) TENTANG PETUNJUK TEKNIS (PANDUAN) SAFETYMANAGEMENT SYSTEM (SMS) UNTUK PARA INSPEKTURDIREKTORAT JENDERAL PERHUBUNGAN UDARA DANOPERATOR
Pasal 1
Memberlakukan Petunjuk Teknis Peraturan KeselamatanPenerbangan Sipil Bagian 19-05 (Staff Instruction 19-05)Tentang Petunjuk Teknis (Panduan) Safety ManagementSystem (SMS) untuk Para Inspektur Direktorat JenderalPerhubungan Udara dan Operator sebagaimana tercantumdalam Lampiran yang merupakan bagian tak terpisahkandari Peraturan ini.
Pasal 2
Direktur Jenderal Perhubungan Udara melakukanpengawasan terhadap pelaksanaan Peraturan ini.
-3-
Pasal 3
Peraturan ini mulai berlaku sejak tanggal ditetapkan.
Ditetapkan di JakartaPada tanggal 5 OKTOBER 2017
DIREKTUR JENDERAL PERHUBUNGAN UDARA
ttd.
Dr. Ir. AGUS SANTOSO, M.Sc.
Salinan sesuai aslinyaXEPALA BAGIAN HUKUM
^c&tyupvton
ENDAH PURNAMA SARI
Pembina/ (IV/ a)NIP. 19680704 199503 2 001
LAMPIRAN
PERATURAN DIREKTUR JENDERAL PERHUBUNGAN UDARANOMOR : KP 297 TAHUN 2017TANGGAL : 5 Oktober 2017
Staff Instruction
SI 19 - 05
Safety Management Systems (SMS)Guidance for Inspector & Organizations
Amendment : 0
Date : September 2017
REPUBLIC OF INDONESIA - MINISTRY OF TRANSPORTATIONDIRECTORATE GENERAL OF CIVIL AVIATIONJAKARTA - INDONESIA
AMENDMENT RECORD LIST
SI 19-05
September 2017
Amendment
No.DG Decree No. Issue Date Remarks
Original September 2017
1. PURPOSE
2. REFERENCES
3. CANCELATION
4. AMENDMENT
FOREWORD
SI 19-05
September 2017
This Staff Instruction prescribes responsibilities guidanceto be used by the Directorate General of Civil Aviation(DGCA) and Applicant dealing with DGCA for evaluatingService Provuder's Safety Management System Manualand Implementation.
This Staff Instruction should be used in accordance withthe applicable regulations.
This Staff Instruction do not replace any previouspublications.
The amendment of this Staff Instruction shall beapproved by the Director General of Civil Aviation.
DIRECTOR GENERAL OF CIVIL AVIATION
ttd
Dr. Ir. AGUS SANTOSO M. Sc
Salinan sesuai aslinyaCEPALA BAGIAN HUKUM
ENDAH PURNAMA SARI
Pembina/ (IV/ a)NIP. 19680704 199503 2 001
n
SI 19-05
September 2017
ABBREVIATIONS
AOC : Air Operator Certificate
DGCA : Directorate General of Civil Aviation
ERP : Emergency Response Plan
ICAO : International Civil Aviation Organization
SMS : Safety Management System
SPIs : Safety Performance Indicators
SRM : Safety Risk Management
in
TABLE OF CONTENT
SI 19-05
September 2017
AMENDMENT RECORD LIST i
FOREWORD -
ABBREVIATIONS in
TABLE OF CONTENT iv
CHAPTER I l
GENERAL 1
1. Purpose j
2. Introduction !
3. Definitions 2
4. Regulatory References 4
CHAPTER II 5
EVALUATION AND APPROVAL OF SAFETY MANAGEMENT SYSTEM MANUAL.... 5
1. INTRODUCTION 5
2. PROCEDURES 5
a. Review Applicable Information 5
b. Review SMS Manual 5
c. SAFETY RISK MANAGEMENT 15
d. SAFETY ASSURANCE 19
e. SAFETY PROMOTION 21
3. TASK OUTCOMES 23
a. Complete the Task 23
b. Document the Task 23
4. FUTURE ACTIVITIES 23
CHAPTER III 24
GAP ANALYSIS & SMS IMPLEMENTATION PLAN 24
1. INTRODUCTION 24
2. PROCEDURES 24
a. Review Applicable Information 24
b. Review Gap Analysis 24
c. Review SMS implementation plan 24
3. TASK OUTCOMES 25
a. Complete the Task 25
b. Document the Task 25
4. FUTURE ACTIVITIES 25
APPENDIX A 26
Phased Implementation Approach 26
iv
SI 19-05
September 2017
APPENDIX B 2?Gap Analysis Questions 27APPENDIX C 33
Example Of An SMS Implementation Plan/Schedule 33APPENDIX D 34
Guidance to Review Voluntary and Confidential Reporting Systems 34APPENDIX E oc:
36
Guidance to Review The Safety Performance Indicators 36APPENDIX F 43
LIST OF APPLICABLE FORMS 43
CHAPTER I
GENERAL
SI 19-05
September 2017
1. Purpose
This Staff Instruction prescribes responsibilities guidance to be used by theDirectorate General of Civil Aviation (DGCA) for Service Provider's SafetyManagement System Manual (Chapter II) and surveilance Implementation ofService Provider's Safety Management System Manual (Chapter III).
2. Introduction
The purpose of this Staff Instruction is to provide guidance on theimplementation of Safety Management Systems (SMS). It has been developedto give sufficient understanding of SMS concepts and the development ofmanagement policies and processes to implement and maintain an effectiveSMS.
This document meets ICAO Annex 19 requirements. It applies to Air OperatorCertificate (AOC) holders, Aircraft Design and Manufacturers organizations,Maintenance Organizations, and Approved Training Organizations
A Safety Management System is a systematic and proactive approach formanaging safety risks. As with all management systems, SMS includes goalsetting, planning, and measuring performance. An effective SafetyManagement System is woven into the fabric of an organization.
Safety management goes beyond compliance with prescriptive regulations, to asystematic approach where potential safety risks are identified and managedto an acceptable level. SMS adopts a business-like approach to safety, similarto the way that finances are managed, with Safety Plans, Safety PerformanceIndicators and Targets and continuous monitoring of the Safety Performanceof the organization. It enables effective risk-based decision-making processesacross the business.
It is important to recognize that SMS is a top down driven system, whichmeans that the Accountable Manager of the organization is responsible for theimplementation and continuing compliance of the SMS. Without thewholehearted support and ownership of the Accountable Manager the SMSwill not be effective. However, safety is a shared responsibility across thewhole organization and needs the involvement of all staff.
There is not a 'one size fits all' model for SMS that will cater for all types oforganizations. Organizations should tailor their SMS to suit the size, natureand complexity of the operation, and the hazards and associated risksinherent with its activities.
Where an organization is part of a group that has several approvals a singleGroup SMS may be developed provided that there is clear accountabilitybetween the group and the subsidiary companies.
SI 19-05
September 2017
Definitions
As used in this document, the following words or phrases are defined:
a. Acceptable Risk - The level of risk that individuals or groups are willing toaccept given the benefits gained. Each organization will have its ownacceptable risk level, which is derived from its legal and regulatorycompliance responsibilities, its threat profile, and itsbusiness/organizational drivers and impacts.
b. Accident - An unplanned event or series of events that results in death,injury, or damage to, or loss of, equipment or property.
c. Aircraft Accident - An occurrence associated with the operation of anaircraft that takes place between the time any person boards the aircraftwith the intention of flight and all such persons have disembarked, and inwhich any person suffers death or serious injury, or in which the aircraftreceives substantial damage.
d. Aerospace System - U.S. airspace, all manned and unmanned vehiclesoperating in that airspace, all U.S. aviation operators, airports, airfields,air navigation services, pilots, regulations, policies, procedures, facilities,equipment, and all aviation-related industry.
e. Audit - A systematic, independent and documented process for obtainingrecords, statements of fact or other information and evaluating itobjectively to determine the extent to which policies, procedures, orrequirements are met.
f. Control - See Safety Risk Control.
g. Corrective Action - Action to eliminate or mitigate the cause or reducethe effects of a detected nonconformity or other undesirable situation.
h. Evaluation - Denotes the process whereby data is assembled, analyzed,and compared to expected performance to aid in making systematicdecisions.
i. Hazard - A condition that could foreseeably cause or contribute to anaccident.
j. Incident - An occurrence other than an accident that affects or couldaffect the safety of operations.
k. Interoperability - The ability for each organization's SMS to be part of alarger SMS framework through interdependent processes and/orcomponents with shared principles, information, and governance.
1. Likelihood - The estimated probability or frequency, in quantitative orqualitative terms, of a hazard's effect or outcome.
SI 19-05
September 2017
m. Product/Service Provider - An organization engaged in the delivery ofaviation products or services.
n. Risk - See Safety Risk. The terms Risk and Safety Risk are usedsynonymously.
o. Safety - The state in which the risk of harm to persons or propertydamage is acceptable.
p. Safety Assurance - Processes within the SMS that function systematicallyto ensure the performance and effectiveness of safety risk controls andthat the organization meets or exceeds its safety objectives through thecollection, analysis, and assessment of information.
q. Safety Culture - The shared values, actions, and behaviors thatdemonstrate a commitment to safety over competing goals and demands.
r. Safety Management System (SMS) - The formal, top-down, organization-wide approach to managing safety risk and assuring the effectiveness ofsafety risk controls. It includes systematic procedures, practices, andpolicies for the management of safety risk.
s. Safety Objective - A measurable goal or desirable outcome related tosafety.
t. Safety Performance - Realized or actual safety accomplishment relative tothe organization's safety objectives.
u. Safety Policy - The documented commitment to safety of an FAA Line ofBusiness (LOB) or staff office, or an aviation service/product provider,organization, or certificate holder, which defines its safety objectives andthe accountabilities and responsibilities of its employees with regard tosafety.
v. Safety Promotion - A combination of training and communication ofsafety information to support the implementation and operation of an SMSin an organization.
w. Safety Risk - The composite of predicted severity and likelihood of thepotential effect of a hazard.
x. Safety Risk Control - A means to reduce or eliminate the effects ofhazards.
y. Safety Risk Management (SRM) - A process within the SMS composed ofdescribing the system, identifying the hazards, and analyzing, assessing,and controlling risk.
z. Severity - The consequence or impact of a hazard's effect or outcome interms of degree of loss or harm.
SI 19-05
September 2017
aa. System - An integrated set of constituent elements that are combined in
an operational or support environment to accomplish a defined objective.These elements include people, hardware, software, firmware, information,procedures, facilities, services, and other support facets.
bb. Safety Review Comitee (SRC) is a very high-level committee, chaired bythe accountable executive and composed of senior managers, includingline managers responsible for functional areas as well as those fromrelevant administrative departments.
4. Regulatory References
a. CASR 19
b. CASR121
c. CASR 135
d. CASR 145
e. CASR 141
f. CASR142
g. CASR 147
h. ICAO Annex 19, Safety Management. First Edition, July 2013.
i. ICAO Doc 9859, Safety Management Manual (SMM). Third Edition, 2013.
SI 19-05
September 2017
CHAPTER II
EVALUATION AND APPROVAL OF SAFETY MANAGEMENT SYSTEM MANUAL
1. INTRODUCTION
Objective. This chapter provides guidance for evaluating and approving SafetyManagement System Manual.
General. CASR Parts 19 requires that proposed Safety Management SystemManual will be approved by DGCA and existing manual will be evaluated byDGCA Inspector and applicant dealing with DGCA. SMS Manual is to be keptcurrent and available for inspection and verification.
The manual will serve to communicate the organization's SMS frameworkinternally as well as with relevant external organizations. The manual may besubject to approval by the DGCA as evidence of the acceptance of the SMS.
2. PROCEDURES
a. Review Applicable Information. Before the inspection, the DGCAInspector should carefully review :
1) CASR 19 and CASR pertinent to the organization (CASR 121, CASR 135,CASR 145,CASR 141, CASR 142, CASR 147 etc).
2) CASR 830
3) Existing/Proposed SMS Manual
b. Review SMS Manual. Review the AMO's certificate of approval andOpSpecs to verify that they are:
1) Review Content of Manual Section
DGCA Inspector will review that the contents of the manual shallinclude at least the following sections:
a) Document control;
b) SMS regulatory requirements;
c) Scope and integration of the safety management system;
d) Safety policy;
e) Safety objectives;
f) Safety accountabilities and key personnel;
g) Safety reporting and remedial actions;
h) Hazard identification and risk assessment;
i) Safety performance monitoring and measurement;
j) Safety-related investigations and remedial actions;
k) Safety training and communication;
1) Continuous improvement and SMS audit;
m) SMS records management;
SI 19-05
September 2017
n) Management of change; and
o) Emergency/contingency response plan.
2) Review Safety Policies And Objective.
a) Management Commitment
In any organization, management controls the activities of personneland the use of resources for the delivery of a product or service.Management's primary responsibility for ensuring a safe andefficient operation is discharged through ensuring adherence toSOPs (safety compliance) and establishment and maintenance of adedicated SMS that establishes the necessary safety risk controls(safety performance).
DGCA Inspector shall review that organization policy made by seniormanagement are:
1) Visibly endorsed;
2) Communicated to all appropriate staff;
and make sure that senior management :1) Establish safety performance targets for the SMS and the
organization; and
2) Establish safety objectives that identify what the organizatiointends to achieve in terms of safety management.
The safety policy must include a commitment to:
1) Achieve the highest safety standards;
2) Comply with all applicable regulatory requirements;
3) Comply with international standards if applicable;
4) Adopt proven best practices appropriate to the activity;
5) Provide all the necessary resources;
6) Ensure safety is a primary responsibility of all managers;
7) Follow the disciplinary policy; and
8) Ensure that the safety policy is understood, implemented andmaintained at all levels.
b) Safety accountability and responsibilities
The accountable executive identified by the service provider is thesingle person having ultimate responsibility for the SMS, his/herresponsibilities such as but not limited to :
1) Responsibility to provide the resources essential to its b andmaintenance.
2) The responsibility for the overall safety performance is placed ata level in the organization having the authority to take action toensure that the sms is effective.
3) Responsible for ensuring appropriate corrective actions are takento address hazards and errors reported, as well as responding toaccidents and incidents.
6
SI 19-05
September 2017
DGCA Inspector should review that the accountable executive'sauthorities and responsibilities include, but are not limited to:
1) Provision and allocation of human, technical, financial or otherresources necessary for the effective and efficient performance ofSMS;
2) Direct responsibility for the conduct of the organization's affairs;3) Final authority over operations under the certificate/approval of
the organization;
4) Establishment and promotion of the safety policy;5) Establishment of the organization's safety objectives and safety
targets;
6) Acting as the organization's safety champion;7) Having final responsibility for the resolution of all safety issues;
and
8) Establishing and maintaining the organization's competence tolearn from the analysis of data collected through its safetyreporting system.
These accountability frameworks need to include accountability forthe safety performance of the subproduct or subcontracted serviceproviders that do not separately require safety certification orapproval.
These safety responsibilities, accountabilities and authorities mustbe documented and communicated throughout the organization, andthe organization need to identify the levels of management withauthority to make decisions regarding safety risk tolerability.
c) Appointment of key safety personnel
The organization is required to appoint key safety personnel. In mostorganization the key safety personnel is known as safety managerwhose responsible for :
1) The development and maintenance of an effective SMS and also2) Advises the accountable executive and line managers on safety
management matters and
3) Is responsible for coordinating and communicating safety issueswithin the organization, as well as with external stakeholders.
DGCA Inspector should review the safety manager's functionsinclude, but are not necessarily limited to:
1) Managing the SMS implementation plan on behalf of theaccountable executive;
2) Performing/facilitating hazard identification and safety riskanalysis;
3) Monitoring corrective actions and evaluating their results;4) Providing periodic reports on the organization's safety
performance;
5) Maintaining records and safety documentation;
7
SI 19-05
September 2017
6) Planning and facilitating staff safety training;7) Providing independent advice on safety matters;8) Monitoring safety concerns in the aviation industry and their
perceived impact on the organization's operations aimed atservice delivery;
9) Coordinating and communicating (on behalf of the accountableexecutive) with the State's oversight authority and other Stateagencies as necessary on issues relating to safety; and
10) Coordinating and communicating (on behalf of the accountableexecutive) with international organizations on issues relating tosafety.
The selection criteria for a safety manager should include, but not belimited to, the following:1) Safety/quality management experience;2) Operational experience;
3) Technical background to understand the systems thatsupportoperations;
4) People skills;
5) Analytical and problem-solving skills;6) Project management skills; and7) Oral and written communications skills.
The safety manager is generally supported by additional staff. Thiswill depend upon the size of the organization and the nature andcomplexity of the organization. The safety manager liaises directlywith line managers or their delegates, such as where operationalunits are supported by dedicated safety officers.
Safety Manager plays important roles in SRC (Safety Review Comitte)in advisory capacity only. The SRC is a very high-level committee,chaired by the accountable executive and composed of seniormanagers, including line managers responsible for functional areasas well as those from relevant administrative departments.
SRC have functions to :
1) Provides the platform to achieve the objectives of resourceallocation.
2) Assess the effectiveness and efficiency of risk mitigationstrategies.
DGCA Inspector should review that the SRC meeting existed to :
1) Monitors the effectiveness of the SMS;2) Monitors that any necessary corrective action is taken in a timely
manner;
3) Monitors safety performance against the organization's safetypolicy and objectives;
4) Monitors the effectiveness of the organization's safetymanagement processes which support the declared corporatepriority of safety management as another core business process;
8
SI 19-05
September 2017
5) Monitors the effectiveness of the safety supervision ofsubcontracted operations; and
6) Ensures that appropriate resources are allocated to achievesafety performance beyond that required by regulatorycompliance.
The SRC is strategic and deals with high-level issues related topolicies, resource allocation and organizational performancemonitoring. Once a strategic direction has been developed by theSRC, implementation of safety strategies must be coordinatedthroughout the organization. This can be accomplished by creating asafety action group (SAG). SAGs are composed of line managers andfront-line personnel and are normally chaired by a designated linemanager. SAGs are tactical entities that deal with specificimplementation issues per the direction of the SRC.
DGCA Inspector should review that the SAG has capabilities to :
1) Oversee operational safety performance within the functionalareas of the organization and ensures that appropriate safetyrisk management activities are carried out with staff involvementas necessary to build up safety awareness;
2) Coordinate the resolution of mitigation strategies for theidentified consequences of hazards and ensures that satisfactoryarrangements exist for safety data capture and employeefeedback;
3) Assess the safety impact related to the introduction ofoperational changes or new technologies;
4) Coordinate the implementation of corrective action plans andensures that corrective action is taken in a timely manner;
5) Review the effectiveness of previous safety recommendations;and
6) Oversee safety promotion activities as necessary to increaseemployee awareness of safety issues and to ensure that they areprovided appropriate opportunities to participate in safetymanagement activities.
d) Coordination ofemergency response planning
The applicability of emergency response planning extends toproviders ofaviation products that may be attributable to, or affectedby, an aviation safety occurrence.
The product provider's processes are generally called - contingencyproduct support and include emergency airworthiness action, alertservices, and aircraft accident on-site support. The product providerneed not change the name of these product support processes toERP processes; however, they must be noted appropriately in theorganization's SMS documentation.
SI 19-05
September 2017
An emergency response plan (ERP) documents actions to be taken byall responsible personnel during aviation-related emergencies.
The purpose of an ERP is to:
1) Ensure that there is an orderly and efficient transition fromnormal to emergency operations, including assignment ofemergency responsibilities and delegation of authority.Authorization for action by key personnel is also contained in theplan, as well as the means to coordinate efforts necessary to copewith the emergency.
2) The overall objective is to save lives, the safe continuation ofoperations and the return to normal operations as soon aspossible.
To be effective, an ERP should:
1) Be appropriate to the size, nature and complexity of theorganization;
2) Be readily accessible to all relevant personnel and otherorganizations where applicable;
3) Include checklists and procedures relevant to specific emergencysituations;
4) Have quick-reference contact details of relevant personnel;5) Be regularly tested through exercises;
6) Be periodically reviewed and updated when details change, etc.
DGCA Inspector should review that ERP Manual Content should
take account of such considerations as:
1) Governing policies.
The ERP should provide direction for responding to emergencies,such as governing laws and regulations for investigations,agreements with local authorities, company policies andpriorities.
2) Organization.
The ERP should outline management's intentions with respect tothe responding organizations by:
a) Designating who will lead and who will be assigned to theresponse teams;
b) Defining the roles and responsibilities of personnel assignedto the response teams;
c) Clarifying the reporting lines of authority;d) Setting up an emergency management centre (emc);e) Establishing procedures for receiving a large number of
requests for information, especially during the first few daysafter a major accident;
f) Designating the corporate spokesperson for dealing with themedia;
10
SI 19-05
September 2017
g) Defining what resources will be available, including financialauthorities for immediate activities;
h) Designating the company representative to any formalinvestigations undertaken by state officials;
i) Defining a call-out plan for key personnel.
An organizational chart could be used to show organizational.
3) Notifications.
The plan should specify who in the organization should benotified of an emergency, who will make external notificationsand by what means. The notification needs of the followingshould be considered:
a) Management;
b) State authorities (search and rescue, the regulatoryauthority, the accident investigation board, etc.);
c) Local emergency response services (aerodrome authorities,fire fighters, police, ambulance, medical agencies, etc.);
d) Relatives of victims (a sensitive issue that, in many states, ishandled by the police);
e) Company personnel;
f) Media; and
g) Legal, accounting, insurers, etc.
4) Initial response.
Depending on the circumstances, an initial response team maybe dispatched to the accident or crisis site to augment localresources and oversee the organization's interests. Factors to beconsidered for such a team include:
a) Who should lead the initial response team?b) Who should be included on the initial response team?c) Who should speak for the organization at the accident site?d) What would be required by way of special equipment,
clothing, documentation, transportation, accommodation,etc.?
5) Additional assistance.
Employees with appropriate training and experience can provideuseful support during the preparation, exercising and updatingof an organization's ERP. Their expertise may be useful inplanning and executing such tasks as:a) Acting as passengers or customers in exercises;b) Handling survivors or external parties;c) Dealing with next of kin, authorities, etc.
6) Emergency management centre (EMC).
An EMC (normally on standby mode) may be established at theorganization's headquarters once the activation criteria have
11
SI 19-05
September 2017
been met. In addition, a command post (CP) may be establishedat or near the crisis site. The ERP should address how thefollowing requirements are to be met:
a) Staffing (perhaps for 24 hours a day, 7 days per week, duringthe initial response period);
b) Communications equipment (telephones, facsimile, internet,etc.);
c) Documentation requirements, maintenance of emergencyactivity logs;
d) Impounding related company records;e) Office furnishings and supplies; andf) Reference documents (such as emergency response checklists
and procedures, company manuals, aerodrome emergencyplans and telephone lists).
The services of a crisis centre may be contracted from an airlineor other specialist organization to look after the service provider'sinterests in a crisis away from home base. Company personnelwould normally supplement such a contracted centre as soon aspossible.
7) Records.
In addition to the organization's need to maintain logs of eventsand activities, the organization will also be required to provideinformation to any State investigation team. The ERP shouldaddress the following types of information required byinvestigators:
a) all relevant records about the product or service concerned;b) lists of points of contact and any personnel associated with
the occurrence;
c) notes of any interviews (and statements) with anyoneassociated with the event;
d) any photographic or other evidence.
8) Accident site.
For a major accident, representatives from many jurisdictionshave legitimate reasons for accessing the site: for example,police; fire fighters; medics; aerodrome authorities; coroners(medical examining officers) to deal with fatalities; State accidentinvestigators; relief agencies such as the Red Cross and even themedia. Although coordination of the activities of thesestakeholders is the responsibility of the police and/or KNKT, theservice provider should clarify the following aspects of activitiesat the accident site:
a) Nominating a senior company representative at the accidentsite if:
i) At home base;
ii) Away from home base;
12
SI 19-05
September 2017
iii) Offshore or in a foreign state;b) Management of surviving victims;c) The needs of the relatives of victims;
d) Security of the wreckage;
e) Handling of human remains and personal property of thedeceased;
f) Preservation of evidence;
g) Provision of assistance (as required) to the investigationauthorities;
h) Removal and disposal of the wreckage; etc.
9) News media.
How the company responds to the media may affect how well thecompany recovers from the event. Clear direction is requiredregarding, for example:
a) what information is protected by statute (FDR data, CVR andATC recordings, witness statements, etc.);
b) who may speak on behalf of the parent organization at headoffice and at the accident site (public relations manager, chiefexecutive officer or other senior executive, manager, owner);
c) prepared statements for immediate response to mediaqueries;
d) what information may be released (what should be avoided);e) the timing and content of the company's initial statement;f) provisions for regular updates to the media.
10) Formal investigations.
Guidance for company personnel dealing with KNKT and policeshould be provided.
11) Family assistance.
The ERP should also include guidance on the organization'sapproach to assisting crisis victims or customer organizations.This guidance may include such things as:
a) State requirements for the provision of assistance services;b) travel and accommodation arrangements to visit the crisis
site;
c) programme coordinator and point(s) of contact forvictims/ customers;
d) provision of up-to-date information;e) temporary assistance to victims or customers.
12) Post-occurrence review.
Direction should be provided to ensure that, following theemergency, key personnel carry out a full debrief and record allsignificant lessons learned which may result in amendments tothe ERP and associated procedures.
13
SI 19-05
September 2017
DGCA Inspector should review that ERP Checklist is available. Thesechecklists can form an integral part of the company's operatio nsmanual or emergency response manual. To be effective, checklistsmust be regularly:
1) Reviewed and updated (for example, currency ofcall-out lists andcontact details); and
2) Tested through realistic exercises.
An ERP is a paper indication ofintent. Training is required to ensurethat these intentions are backed by operational capabilities. Sincetraining has a short -shelf life, regular drills and exercises areadvisable.
There are three type of exercise:
1) Desktop exercises such as the call-out and communications plan2) On-site activities such as involving other agencies, need to be
exercised at regular intervals. Such exercises have the advantageof demonstrating deficiencies in the plan which can be rectifiedbefore an actual emergency.
3) Full-scale emergency exercise for certain service providers suchas airports, the periodic testing of the adequacy of the plan andthe conduct of a full-scale emergency exercise may bemandatory.
e) SMS Documentation
DGCA Inspector should review that the SMS documentation coversall elements and processes of the SMS and normally includes:
a. Aconsolidated description of the SMS components and elementssuch as:
a) Document and records management;b) Regulatory SMS requirements;c) Framework, scope and integration;d) Safety policy and safety objectives;e) Safety accountabilities and key personnel;f) Voluntary hazard reporting system;g) Incident reporting and investigation procedures;h) Hazard identification and risk assessment processes;i) Safety performance indicators;j) Safety training and communication;k) Continuous improvement and SMS audit;1) Management of change; andm) Emergency or operations contingency planning;
b. A compilation of current SMS related records and documentssuch as:
a) Hazards report register and samples of actual reports;b) Safety performance indicators and related charts;c) Record of completed or in-progress safety assessments;
14
SI 19-05
September 2017
d) SMS internal review or audit records;e) Safety promotion records;f) Personnel SMS/safety training records;g) SMS/safety committee meeting minutes; andh) SMS implementation plan (during implementation process).
c. SAFETY RISK MANAGEMENT
1) Review Hazard Identification
DGCA Inspector should be aware that a number of conditions maytrigger more in depth and far reaching hazard identification activitiessuch as :
a) Instances where the organization experiences an unexplainedincrease in aviation safety-related events or regulatory noncompliance;
b) Significant operational changes, including anticipated changes to keypersonnel or other major system components; and
c) Significant organizational changes, including anticipated growth andcontraction, corporate mergers or acquisitions.
DGCA Inspector must understand that :
a) Hazards may be the result of systems that are deficient in theirdesign, technical function, human interface or interactions with otherprocesses and systems.
b) Hazards may also result from a failure of existing processes orsystems to adapt to changes in the service provider's operatingenvironment.
c) Potential Hazard can be identified before operational by carefulanaysis during planning, design and implementation phase.
d) Hazards may be discovered during the operational life cycle, throughemployee reports or incident investigations.
e) Hazards may exist in ongoing aviation activities or be inadvertentlyintroduced into an operation whenever changes are introduced to theaviation system.
f) Hazard identification is based on a combination of reactive, proactiveand predictive safety data collection methods.
g) Hazard Identification may include the use of group brainstormingsessions in which subject-matter experts conduct detailed analysisscenarios.
15
SAFETY INFORMATION MANAGEMENT SYSTEM
RISK MANAGEMENT DOCUMENTATION
-MOR
— twcwttwt r*-p©fts
— Acocfent imports
Aiss-ess th*
3«<( prtontsi*
PmacCve m»ihod
— Svvvys-A**»S
— Vofwn&iry Kara rd
-FOA
- Dw»ct ofc**n<3*©««yst#m9
m^»g3tK>n
actions
SI 19-05
September 2017
3
ZD
disseminate
- 8 u) efcn -i
- Safety ••fKyts
Figure 1. Hazard documentation and follow-up risk management process
Figure 1 above illustrates the hazard documentation and follow-up riskmanagement process. Hazards are constantly identified through variousdata sources. The service provider is expected to identify hazards,eliminate these hazards or to mitigate the associated risks. In the caseof hazards identified in products or services delivered throughsubcontractors, mitigation could be the service provider's requirementfor such organizations to have an SMS or an equivalent process forhazard identification and risk management.
Hazards may be identified through proactive and predictivemethodologies or as a result ofaccident or incident investigations. Thereare a variety of data sources of hazard identification that may be bothinternal and external to the organization.
DGCA Inspector must verify that the internal hazard identification datasources include:
a) Normal operation monitoring schemes (e.g. Flight data analysis foraircraft operators);
b) Voluntary and mandatory reporting systems;c) Safety surveys;d) Safety audits;
e) Feedback from training; and
f) Investigation and follow-up reports on accidents/incidents.
Guidance on voluntary and confidential hazard reporting systems isprovided in Appendix D in this Staff Instruction.
DGCA Inspector must verify that external data sources for hazardidentification include:
a) Industry accident reports;b) State mandatory incident reporting systems;c) State voluntary incident reporting systems;
16
SI 19-05
September 2017
d) State oversight audits; ande) Information exchange systems.
The type of technologies used in the hazard identification process willdepend upon the size and complexity of the service provider and itsaviation activities.
2) Review Safety Risk Assessment And Mitigation
h
For feedback purpote*.record the hazard
idertificatien and
safety risk assessmentand mitigaton
r—••11J
Asafety concernis percewed
1'
Identify hazards/consequences and
1 assess risw—i
Ti Define the lend
of probability
»
Define the te/el& seventy
Defne the level of rsk • 1
1
*
YES «— k the nsk level acceptable? —*• wo
i
Take action tnd
continue *ie operation
Take action tnd
continue tie operation YES Can the «k be efminaied'> NO
Tale action to
mtijate the risk
Tak r action and
continue *« operation
YES
YES
£Can the-isk be intimated*
Can the residual mk (ifany)be accepted7 * NO
Cancel At
operation
Figure 2. The safety risk management process
Figure 2 above presents the safety risk management process in itsentirety. The process starts with the identification of hazards and theirpotential consequences. The safety risks are then assessed in terms ofprobability and severity, to define the level of safety risk (safety riskindex). If the assessed safety risks are deemed to be tolerable,appropriate action is taken and the operation continues.
DGCA Inspector must be aware that if the safety risks are assessed asintolerable, the following questions become relevant:
a) Can the hazards and related safety risk(s) be eliminated? If theanswer is yes, then action as appropriate is taken and documented.If the answer is no, the next question is:
b) Can the safety risk(s) be mitigated? If the answer is no, relatedactivities must be cancelled. If the answer is yes, mitigation action asappropriate is taken and the next question is:
c) Do any residual safety risks exist? If the answer is yes, then theresidual risks must be assessed to determine their level oftolerability as well as whether they can be eliminated or mitigated asnecessary to ensure an acceptable level of safety performance.
17
SI 19-05
September 2017
Safety risk assessment involves an analysis of identified hazards that
includes two components:
a) The severity of a safety outcome; and
b) The probability that it will occur.
Once risks have been assessed, the service provider will engage in adecision-making process to determine the need to implement riskmitigation measures. This decision-making process involves the use of a
risk categorization tool that may be in the form of an assessment matrix.An example of a safety risk (index) assessment matrix is provided inFigure below.
Risk
probability
Risk severity
Catastrophic
A
Hazardous
B
Majoi
c
Minof
D
Negligible
E
Frequent 55A
(RED)
5B
(RED)
5C
(RED)
5D
(YELLOW
5E
(YELLOW)
Occasional 44A
(RED)4B
(RED)4C
(yellow;
4D
(YELLOW
4E
(YELLOW)
Remote 33A
(RED)
3B
(YELLOW)3C
(YELLOW)3D
(YELLOW3E
(GREEN)
Improbable 22A
(YELLOW)
2B
(YELLOW)2C
(YELLOW)
2D
(GREEN)2E
(GREEN)
Extremely Aimprobable *
1A
(GREEN)IB
(GREEN)
1C
(GREEN)
ID
(GREEN)IE
(GREEN
Figure 3. Example of a safety risk (index) assessment matrix
DGCA Inspector must verify that the service provider use the matrixabove to categorized risk according to an assessment of their potentialseverity and probability.
The risk assessment matrix may be customized to reflect the context ofeach service provider's organizational structure and aviation activitiesand may be subject to agreement by DGCA. Based on this matrixexample, risks reflected as being unacceptable (red and yellowcategories) must be mitigated so as to reduce their severity and/orprobability.
After safety risks have been assessed, appropriate mitigation measurescan be implemented. Mitigation measures may include a number ofalternatives including, but not limited to :
a) modifications to existing operating procedures, training programmesor equipment used in the delivery of aviation products or services.
18
SI 19-05
September 2017
b) include the introduction of new operating procedures, trainingprogrammes, technologies or supervisory controls.
c) involve deployment or re-deployment of the three traditional aviationsafety defences — technology, training and regulation.
The three generic safety risk mitigation approaches include:
a) Avoidance
The activity is suspended either because the associated safety risksare intolerable or deemed unacceptable vis-a-vis the associatedbenefits.
b) Reduction
Some safety risk exposure is accepted, although the severity orprobability associated with the risks are lessened, possibly bymeasures that mitigate the related consequences.
c) Segregation of exposure
d) Action is taken to isolate the potential consequences related to thehazard or to establish multiple layers of defences to protect againstthem.
Once the mitigation has been approved and implemented, anyassociated impact on safety performance provides feedback to theservice provider's safety assurance process. This is necessary to ensurethe integrity, efficiency and effectiveness of the defences under the newoperational conditions.
Each risk mitigation exercise is to be documented progressively. Thismay be accomplished using a variety of applications ranging from basicspreadsheets or tables to customized commercial risk mitigationsoftware. Completed risk mitigation documents should be approved bythe appropriate level of management. For an example of a basic hazardrisk mitigation worksheet, refer to AC SMS.
d. SAFETY ASSURANCE
Safety assurance consists of processes and activities undertaken by theservice provider to determine whether the SMS is operating according toexpectations and requirements.
The safety assurance process complements that of quality assurance, witheach having requirements for analysis, documentation, auditing andmanagement reviews to assure that certain performance criteria are met.While quality assurance typically focuses on the organization's compliancewith regulatory requirements, safety assurance specifically monitors theeffectiveness of safety risk controls.
1) Review Safety performance monitoring and measurement
DGCA Inspector must verify that the service provider develop safetyperformance indicator by analysing data collected from safety reportingsystem (Voluntary and Mandatory Reporting System).
Mandatory incident reporting systems require the reporting of certaintypes of events (e.g. serious incidents, runway incursions). Criteria and
19
SI 19-05
September 2017
scope of reportable occurrences is in CASR 830 & Service Difficulties
Report. Mandatory reporting systems tend to collect more information
related to high-consequence technical failures than other aspects ofoperational activities.
DGCA Inspector must inspect the effectiveness of voluntary reportingsystem. To be effective, Voluntary Reporting System must :
a) Readily accessible to operational personnel.b) Educate operational personnel on the benefits of safety reporting
systems
c) Provide positive feedback regarding remedial actions taken inresponse to the report.
Guidance to review voluntary and confidential reporting systems isprovided in Appendix D to this chapter.
The final output of a safety performance monitoring and measurementprocess is the development of safety performance indicators based onanalysis of data collected through the sources referenced above.
The monitoring and measurement process involves the use of selectedsafety performance indicators, corresponding safety performance targetsand alert levels.
DGCA Inspector shall verify the service provider's safety performance inreference to the safety performance indicators and safety performancetargets and alert levels of the SMS.
Guidance to review safety performance indicators and their target andalert settings are addressed in appendix E of this Staff Instruction.
2) Review the management of change
Change may affect the appropriateness or effectiveness of existing safetyrisk mitigation strategies. In addition, new hazards, and related safetyrisks may be inadvertently introduced into an operation wheneverchange occurs. Such hazards should be identified so as to enable theassessment and control of any related safety risks. Safety reviews, asdiscussed in the discussion on safety performance monitoring andmeasurement, can be valuable sources of information to supportdecision-making processes and manage change effectively.
The organization's management of change process should take intoaccount the following three considerations:
a) Criticality. Criticality assessments determine the systems, equipmentor activities that are essential to the safe operation of aircraft. Whilecriticality is normally assessed during the system design process, it isalso relevant during a situation of change. Systems, equipment andactivities that have higher safety criticality should be reviewedfollowing change to make sure that corrective actions can be taken tocontrol potentially emerging safety risks.
20
SI 19-05
September 2017
b) Stability of systems and operational environments. Changes may beplanned and under the direct control of the organization. Suchchanges include organizational growth or contraction, the expansionof products or services delivered, or the introduction of newtechnologies. Unplanned changes may include those related toeconomic cycles, labour unrest, as well as changes to the political,regulatory or operating environments.
c) Past performance. Past performance of critical systems and trendanalyses in the safety assurance process should be employed toanticipate and monitor safety performance under situations ofchange. The monitoring of past performance will also assure theeffectiveness of corrective actions taken to address safety deficienciesidentified as a result of audits, evaluations, investigations or reports.
DGCA Inspector must review that :
a. SMS Manual has procedur to identify changes due to organizationalexpansion or contraction; changes to internal systems, processes orprocedures that support delivery of the products and services; andchanges to the organization's operating environment.
b. Service provider conduct periodic reviews of the system descriptionand the baseline hazard analysis to determine their continued validityregarding change management necessitates.
3) Continuous improvement of the SMS
Internal evaluations and independent audits of the SMS areimplemented to measure continous improvement of SMS by monitoringsafety performance indicator
DGCA Inspector must ensure that service provider has implemented :
a) Internal Evaluation involve assessment of the service provider'saviation activities that can provide information useful to theorganization's decision-making processes.
b) Internal audits involve the systematic and scheduled examination ofthe service provider's aviation activities, including those specific toimplementation of the SMS.
c) External audits of the SMS may be conducted by relevant authoritiesresponsible for acceptance of the service provider's SMS. audits maybe conducted by industry associations or other third parties selectedby the service provider.
e. SAFETY PROMOTION
1) Review Training And Education
Management Commitment to SMS could be shown or indicated byproviding training and education to a appropriate staff, regardless oftheir level in the organization.
DGCA Inspector must ensure that Safety training and educationcurricula should consist of the following:
21
SI 19-05
September 2017
a) Organizational safety policies, goals and objectives;b) Organizational safety roles and responsibilities related to safety;c) Basic safety risk management principles;d) Safety reporting systems;
e) Safety management support (including evaluation and auditprogrammes);
f) Lines of communication for dissemination of safety information;g) A validation process that measures the effectiveness of training; andh) Documented initial indoctrination and recurrent training
requirements.
Safety training within an organization must ensure that personnel arecompetent to perform their safety-related duties. Training proceduresshould specify initial and recurrent safety training standards foroperational personnel, managers and supervisors, senior managers andthe accountable executive.
DGCA Inspector must ensure that :
a) service provider's SMS training documentation should specifyresponsibilities for development of training content and scheduling aswell as training records management.
b) Safety training for senior managers should include content related tocompliance with national and organizational safety requirements,allocation of resources and active promotion of the SMS includingeffective inter-departmental safety communication. In addition, safetytraining for senior managers should include material on establishingsafety performance targets and alert levels.
c) The safety training programme may include a session designedspecifically for the accountable executive. This training sessionshould be at a high level providing the accountable executive with anunderstanding of the SMS and its relationship to the organization'soverall business strategy.
2) Review Safety Communication
Safety communication therefore aims to:
a) Ensure that staff are fully aware of the SMS;b) Convey safety-critical information;c) Raise awareness of corrective actions; and
d) Provide information regarding new or amended safety procedures.
DGCA Inspector must ensure that :
a) The service provider should communicate the organization's SMSobjectives and procedures to all operational personnel.
b) The service provider should regularly communicate informationregarding the safety performance trends and specific safety issuesthrough bulletins and briefings. Safety performance will be moreefficient if operational personnel are actively encouraged to identifyand report hazards.
22
SI 19-05
September 2017
c) The service provider should convey the lessons learned frominvestigations and case histories or experiences, both internally andfrom other organizations, are distributed widely.
Examples of organizational communication initiatives include:
a) dissemination of the SMS manual;
b) safety processes and procedures;c) safety newsletters, notices and bulletins; and
d) websites or email.
3. TASK OUTCOMES
a. Complete the Task
Completion of this task will result in one of the following:
1) Sending a letter to the operator documenting all deficiencies and
initiating an enforcement investigation, if necessary2) A satisfactory inspection with no deficiencies;
b. Document the Task
File all supporting paperwork in the DAAO office file.
4. FUTURE ACTIVITIES
Schedule and conduct follow up inspections as applicable.
23
CHAPTER III
GAP ANALYSIS & SMS IMPLEMENTATION PLAN
SI 19-05
September 2017
1. INTRODUCTION
Objective. This chapter provides guidance for evaluating Gap Analysis andSMS Implementation Plan
General. CASR Parts 19 requires that Service provider implements SMS onthe basis of national requirements and international Standards and
Recommended Practices (SARPs), the system description and the results of thegap analysis
2. PROCEDURES
a. Review Applicable Information
Before the inspection, the DGCA Inspector should carefully review :1) CASR 19 and CASR pertinent to the organization (CASR 121, CASR 135,
CASR 145,CASR 141, CASR 142, CASR 147 etc)2) CASR 830
3) SMS Manual
b. Review Gap Analysis
Gap analysis is needed to compare the service provider's existing safetymanagement processes and procedures meet requirements contained in the
SMS framework. The gap analysis facilitates development of an SMSimplementation plan by identifying the gaps that must be addressed to fullyimplement an SMS.
DGCA Inspector must ensure that :
1) Service provider assess their existing process by answering list of gapanalysis question in this appendix B of this Staff Instruction.
2) Once the gap analysis has been completed and fully documented, theresources and processes that have been identified as missing orinadequate will form the basis of the SMS implementation plan.
c. Review SMS implementation plan
DGCA Inspector must ensure that :
1) Service provider's SMS implementation plan is developed in consultationwith the accountable executive and managers responsible for thedelivery of products and services related to, or in support of, the safeoperation of aircraft.
2) Accountable executive of Service Provider shall endorses the SMSimplementation plan.
3) The SMS implementation plan includes timelines and milestonesconsistent with the requirements identified in the gap analysis process,
24
SI 19-05
September 2017
the size of the service provider and the complexity of its products orservices.
4) The SMS implementation plan should address coordination withexternal organizations or contractors where applicable.
5) The service provider's implementation plan shall be documented indifferent forms, varying from a simple spreadsheet to specialized projectmanagement software.
The implementation plan should address gaps through completion ofspecific actions and milestones according to the stated timeline. Assignmentof each task assures accountability throughout the implementation process.
The plan should be reviewed regularly and updated as necessary. A formatexample of an SMS implementation plan/schedule is in Appendix C of thisStaff Instruction.
Full implementation of all components and elements of the SMS frameworkmay take up to five years, depending on an organization's maturity andcomplexity. SMS implementation, including guidance for a phasedapproach, is discussed in Appendix A of this Staff Instruction.
3. TASK OUTCOMES
a. Complete the Task
Completion of this task will result in one of the following:1) Sending a letter to the operator documenting all deficiencies and
initiating an enforcement investigation, if necessary.2) A satisfactory inspection with no deficiencies.
b. Document the Task
File all supporting paperwork in the DAAO office file.
4. FUTURE ACTIVITIES
Schedule and conduct follow up inspections as applicable.
25
SI 19-05
September 2017
APPENDIX A
PHASED IMPLEMENTATION APPROACH
The objective of this section is to introduce an example of the four SMSimplementation phases. The implementation of an SMS is a systematic process.
The reasons for a phased approach to SMS implementation include:
1.
2.
4.
The provision of a manageable series of steps to follow in implementing anSMS, including allocation of resources;
The need to allow implementation of SMS framework elements in varioussequences, depending upon the results of each service provider's gap analysis;The initial availability of data and analytic processes to support reactive,
proactive and predictive safety management practices; and
The need for a methodical process to ensure effective and sustainable SMS
implementation.
The phased approach recognizes that implementation of a fully mature SMS is amulti-year process. A phased implementation approach permits the SMS to
become more robust as each implementation phase is completed. Fundamentalsafety management processes are completed before moving to successive phasesinvolving processes of greater complexity.
Phased approach explained as followed
fffc— f (12 month**) nna&e 2 (12 /TJOftrSa/ />*l>o* 3 (1 8 rnantho) />»»«« 4 f18 /iwi&io}
1 SMS element 1 1 fl) 1. SMS Gharr-en* I I (Ml 1 5M5 Clement 2 I OJ 1 SMS Cternenl i I (M)
a> •denftfy the SMS accountable y estabfeah the safety pofaey and a) eetabtiob a voluntary hazard • ) e«narice ?»•« exi»or*gexecutive:: obtectrvea, reporuna procedure dfsctttbnary procedures poticv
wrth due ccfna»deraaon oft>. e*t»htt*n nh s m s
implementation team.
7 SMS, Fl«Twn( 1 ? 7 SMS FW-mmnl 7 7 i r»iMt#-oh<*~v«t wm« nr
wai*afcaa from deti*>erate ora deAne oafa-Ty nic*ncig-«>*vv«n* a) ootOiUtoh oo#e<y no4* r^roo-o vtoioAorka
CI define Che scope of the SMS. resporrsibi*ftes andecoo-u«n*afc*8l6ie» *c*o*»
management pix*adores2 3M3 Dcniart 2 1 <»>
m perform an SMS gap relevant departnients of the 3 SMS Element 31 0)analysis organtzatton.
a) establish occurrence
at mregnww nazaras oeneneatrom cKXurrenoe invesngation
2 SMS Element 1 S<!> t» estabfcsh an SMS.»satetycoordination mechanianV
reporting and invesegatoan
procedures.
reiport'* *«h the votunaarynazarcJ reoorfrio svstem
a> develop an SMS oonwnittM.wnptomarrtaaon pkarv to oetsttel*en a aafaty data t>> tnto^mta hazard hdamM c-alton
CI estabash departmemav collection and processing andrtsk rnartagement3 SMS Element 1.3.
applicablesystem for hirfln-^oneeqwericje
outeomee.
pren",e<*#'cs with the
aubcontroctor*» or cwrtomer's•o ewaowsn a Key peraorvorcce SMS wvnere appacaote
resporkstbie tor the 3 SMS Element 1 * C) develop htgn-conaeouervceadnwaitraaon and SPts and associated targets 3 SMS Element 3 1 t»1majntenance of the SMS a» estabte&h an emerctertcv
reeponae ptanand alert aetting*
a) enhance the safety data4 •>MS Fkwnwir A 1 (*>'
4 SMS Element 1.5(H)4 '-.U*:, FbOTtOTt 9 ?•
»y«*enr» lo nclude lower-a] emtaMah an SMS troinintj a} e-atabritch a msuvoaemen* of Sorwo^uwMe evonts.
programme for personnel as mrttate progre sai*« change procedure thaiW»U I pituitLy fOf UM> SMS <J«?-*«*UUM<W*« It of Ml SMS «>OuOwk •***«» y iwt t»> ObvisM' Owwi-u* iwem«i meimp*wnentobon learn. docuTTYttWrnanual aftd other
auppomng oocumencaraonasaeasnient r>Pi* and associated
targets^alert secbngaS SMS Element 4.2 (i) 5 SMS Element 3 3 (i)
4 SMS Element 3 3 (a)ej •nfftate SMS/matery aj e«taibJt<tn an Internal Quality
communtcaion chanrw**
b)
audrt programme,
e-stabtisn an external ouaMy
..ll
Dl
.11
•
eatabnah SMS auditprogrammM or >nt«graC*i
them unto e»*&tmg rsema ande*terrw»F ttudft progr«nwiiie».
ewtaotian other operational
SMS revie^aurveypTocjrarnrnes wheremnrwnnriate
SMS EUntaMII * 1 {Ml
OMMjre Oh»at the SMS t >ww<uprograHTime for afl relevantparsonnef naa Oaan
comp+eted
SMS Element 4.2 «):
fioTr«n*e ««*My infnrr%%«hr»oshannjg and exchange«f*enr»eaY and «K*en>eay
SMS Element 1.5: SMSaooumomaoon iPruies not) >-»*i**>*.>-*-»-,--•»»- .»»>.„>-.,,„»>»>„.»„.. ... ..,»....„,.i^.....»
SMS a—Mi 4 1 and 4 2. SMS trainm© education and communication (P*w*se»
Atate f — 7?w nrnp/ernenCsfion pemorf rndvcaeecf is on approjtimaoan The acinar r/Tipte/nenfaGon p*(7oc» 4 fJepe/xJenf on trte ^rope cm* actiorrar^OtMrmrt *v *mnh **4*m+nt afto*-****-* iwf ime fUTe-smmpMrtry «V f**» nsQjtswr/irinn
Atofc T-— 7h« CA*G e*»f!r*jw-»f numbers *»t*QOifo<* oon-c-spw** fo frNe fO AG G **G <S*Cme*X rmrn&cr* GvtKtnXt i r*»5Tr> «3 a>, a.^ »^v* c,i im#c**c tn«r er»cetornanf has been sutxtMc*»<i to focafetafe *h* phexa&d impAe/nenfafran approaC*t
Figure 4. Four phases of SMS implementation
26
APPENDIX B
GAP ANALYSIS QUESTIONS
SI 19-05
September 2017
No. Aspect to be analysed or question to be answered Answer Status of implementation
Component 1 — SAFETY POLICY AND OBJECTIVES
Element 1.1 — Management commitment and responsibility
1.1-1 Is there a safety policy in place? DYes
DNo
• Partial
1.1-2 Does the safety policy reflect senior management's commitmentregarding safety management?
DYes
DNo
• Partial
1.1-3 Is the safety policy appropriate to the size, nature and complexityof the organization?
DYes
• No
D Partial
1.1-4 Is the safety policy relevant to aviation safety? DYes
DNo
• Partial
1.1-5Is the safety policy signed by the accountableexecutive?
DYes
DNo
D Partial
1.1-6 Is the safety policy communicated, with visibleendorsement, throughout the [Organization]?
DYes
DNo
D Partial
1.1-7 Is the safety policy periodically reviewed toensure it remains relevant and appropriate tothe [Organization]?
DYes
D No
D Partial
Element 1.2 — Safety accountabilities
1.2-1 Has [Organization] identified an accountable executive who,irrespective of other functions, shall have ultimate responsibilityand accountability, on behalf of the [Organization], for theimplementation and maintenance of the SMS?
DYes
D No
D Partial
1.2-2 Does the accountable executive have full control of the financial
and human resources required for the operations authorized to
be conducted under the operations certificate?
DYes
DNo
D Partial
1.2-3 Does the Accountable Executive have final authority over allaviation activities of his organization?
DYes
D No
D Partial
1.2-4 Has [Organization] identified and documented the safetyaccountabilities of management as well as operational personnel,with respect to the SMS?
DYes
DNo
D Partial
1.2-5 Is there a safety committee or review board for the purpose ofreviewing SMS and safety performance?
DYes
D No
D Partial
27
SI 19-05
September 2017
1.2-6 Is the safety committee chaired by the accountable executive orby an appropriately assigned deputy, duly substantiated in theSMS manual?
DYes
DNo
D Partial
1.2-7 Does the safety committee include relevant operational ordepartmental heads as applicable?
DYes
DNo
D Partial
1.2-8 Are there safety action groups that work in conjunction with thesafety committee (especially for large/complex organizations)?
DYes
DNo
D Partial
Element 1.3 — Appointment of key safety personnel
1.3-1 Has [Organization] appointed a qualified person to manage andoversee the day-to-day operation of the SMS?
DYes
DNo
D Partial
1.3-2 Does the qualified person have direct access or reporting to theaccountable executive concerning the implementation andoperation of the SMS?
DYes
D No
D Partial
1.3-3 Does the manager responsible for administering the SMS holdother responsibilities that may conflict or impair his role as SMSmanager.
DYes
D No
D Partial
1.3-4 Is the SMS manager's position a senior management position notlower than or subservient to other operational or productionpositions
DYes
DNo
D Partial
Element 1.4 — Coordination of emergency response planning
1.4-1 Does [Organization] have an emergency response/contingencyplan appropriate to the size, nature and complexity of theorganization?
DYes
D No
D Partial
1.4-2 Does the emergency/contingency plan address all possible orlikely emergency/crisis scenarios relating to the organization'saviation product or service deliveries?
DYes
D No
D Partial
1.4-3 Does the ERP include procedures for the continuing safeproduction, delivery or support of its aviation products or servicesduring such emergencies or contingencies?
DYes
DNo
D Partial
1.4-4 Is there a plan and record for drills or exercises with respect tothe ERP?
DYes
D No
D Partial
1.4-5 Does the ERP address the necessary coordination of itsemergency response/contingency procedures with theemergency/response contingency procedures of otherorganizations where applicable?
DYes
D No
D Partial
1.4-6 Does [Organization] have a process to distribute andcommunicate the ERP to all relevant personnel, includingrelevant external organizations?
DYes
DNo
D Partial
1.4-7 Is there a procedure for periodic review of the ERP to ensure itscontinuing relevance and effectiveness?
DYes
D No
D Partial
Element 1.5 — SMS documentation
28
SI 19-05
September 2017
1.5-1 Is there a top-level SMS summary or exposition document whichis approved by the accountable manager and accepted by the
CAA?
DYes
DNo
D Partial
1.5-2 Does the SMS documentation address the organization's SMS
and its associated components and elements?
DYes
DNo
D Partial
1.5-3 Is [Organization] SMS framework in alignment with the regulatorySMS framework?
DYes
DNo
D Partial
1.5-4 Does [Organization] maintain a record of relevant supportingdocumentation pertinent to the implementation and operation of
the SMS?
DYes
DNo
D Partial
1.5-5 Does [Organization] have an SMS implementation plan to
establish its SMS implementation process, including specifictasks and their relevant implementation milestones?
DYes
D No
D Partial
1.5-6 Does the SMS implementation plan address the coordination
between the service provider's SMS and the SMS of external
organizations where applicable?
DYes
D No
D Partial
1.5-7 Is the SMS implementation plan endorsed by the accountableexecutive?
DYes
DNo
D Partial
Component 2 — SAFETY RISK MANAGEMENT
Element 2.1 — Hazard identification
2.1-1 Is there a process for voluntary hazards/threats reporting by allemployees?
DYes
DNo
D Partial
2.1-2 Is the voluntary hazard/threats reporting simple, available to all
personnel involved in safety-related duties and commensurate
with the size of the service provider?
DYes
D No
D Partial
2.1-3 Does [Organization] SDCPS include procedures forincident/accident reporting by operational or productionpersonnel?
DYes
DNo
D Partial
2.1-4 Is incident/accident reporting simple, accessible to allpersonnel involved in safety-related duties and commensuratewith the size of the service provider?
DYes
DNo
D Partial
2.1-5 Does [Organization] have procedures for investigation of allreported incident/accidents?.
DYes
D No
D Partial
2.1-6 Are there procedures to ensure that hazards/threats identified
or uncovered during incident/accident investigation processesare appropriately accounted for and integrated into theorganization's hazard collection and risk mitigation procedure?
DYes
D No
D Partial
2.1-7 Are there procedures to review hazards/threats from relevant
industry reports for follow-up actions or risk evaluation whereapplicable?
DYes
D No
D Partial
29
SI 19-05
September 2017
Element 2.2 — Safety risk assessment and mitigation
2.2-1 Is there a documented hazard identification and risk mitigation(HIRM) procedure involving the use of objective risk analysis
tools?
DYes
D No
D Partial
2.2-2 Is the risk assessment reports approved by departmental
managers or at a higher level where appropriate?DYes
D No
D Partial
2.2-3 Is there a procedure for periodic review of existing risk mitigationrecords?
DYes
DNo
D Partial
2.2-4 Is there a procedure to account for mitigation actions whenever
unacceptable risk levels are identified?
DYes
D No
D Partial
2.2-5 Is there a procedure to prioritize identified hazards for riskmitigation actions?
DYes
D No
D Partial
2.2-6 Is there a programme for systematic and progressive review of allaviation safety-related operations, processes, facilities andequipment subject to the HIRM process as identified by theorganization?
DYes
DNo
D Partial
Component 3 — SAFETY ASSURANCE
Element 3.1 — Safety performance monitoring and measurement
3.1-1 Are there identified safety performance indicators for measuringand monitoring the safety performance of the organization'saviation activities?
DYes
DNo
D Partial
3.1-2 Are the safety performance indicators relevant to theorganization's safety policy as well as management's high-levelsafety objectives/goals?
DYes
DNo
D Partial
3.1-3 Do the safety performance indicators include alert/target settingsto define unacceptable performance regions and plannedimprovement goals?
DYes
D No
D Partial
3.1-4 Is the setting of alert levels or out-of-control criteria based onobjective safety metrics principles?
DYes
D No
D Partial
3.1-5 Do the safety performance indicators include quantitativemonitoring of high-consequence safety outcomes (e.g. accidentand serious incident rates) as well as lower-consequence events(e.g. rate of non-compliance, deviations)?
DYes
D No
D Partial
3.1-6 Are safety performance indicators and their associatedperformance settings developed in consultation with, and subjectto, the civil aviation authority's agreement?
DYes
D No
D Partial
3.1-7 Is there a procedure for corrective or follow-up action to be takenwhen targets are not achieved and alert levels are exceeded/breached?
DYes
DNo
D Partial
3.1-8 Are the safety performance indicators periodically reviewed? DYes
DNo
D Partial
30
SI 19-05
September 2017
Element 3.2 — The management of change
3.2-1 Is there a procedure for review of relevant existing aviation
safety-related facilities and equipment (including HIRM records)whenever there are pertinent changes to those facilities or
equipment?
i
DYes
D No
D Partial
3.2-2 Is there a procedure for review of relevant existing aviation
safety-related operations and processes (including any HIRMrecords) whenever there are pertinent changes to those
operations or processes?
DYes
D No
D Partial
3.2-3 Is there a procedure for review of new aviation safety-relatedoperations and processes for hazards/risks before they arecommissioned?
DYes
DNo
D Partial
3.2-4 Is there a procedure for review of relevant existing facilities,
equipment, operations or processes (including HIRM records)
whenever there are pertinent changes external to theorganization such as regulatory/industry standards, best
practices or technology?
DYes
D No
D Partial
Element 3.3 — Continuous improvement of the SMS
3.3-1 Is there a procedure for periodic internal audit/assessment of the
SMS?
DYes
D No
D Partial
3.3-2 Is there a current internal SMS audit/assessment plan? DYes
DNo
D Partial
3.3-3 Does the SMS audit plan include the sampling ofcompleted/existing safety risk assessments?
DYes
DNo
D Partial
3.3-4 Does the SMS audit plan include the sampling of safetyperformance indicators for data currency and their target/alert
settings performance?
DYes
D No
D Partial
3.3-5 Does the SMS audit plan cover the SMS interface with
subcontractors or customers where applicable?
DYes
D No
D Partial
3.3-6 Is there a process for SMS audit/assessment reports to besubmitted or highlighted for the accountable manager's attentionwhere appropriate.
DYes
DNo
D Partial
Component 4 — SAFETY PROMOTION
Element 4.1 — Training and education
4.1-1 Is there a programme to provide SMS training/familiarization topersonnel involved in the implementation or operation of the
SMS?
DYes
DNo
D Partial
4.1-2 Has the accountable executive undergone appropriate SMSfamiliarization, briefing or training?
DYes
D No
D Partial
4.1-3 Are personnel involved in conducting risk mitigation provided with
appropriate risk management training or familiarization?
DYes
DNo
D Partial
31
SI 19-05
September 2017
No. Aspect to be analysed or question to be answered Answer Status of implementation
4.1-4 Is there evidence of organization-wide SMS education orawareness efforts?
DYes
D No
D Partial
Element 4.2 — Safety communication
4.2-1 Does [Organization] participate in sharing safety information withrelevant external industry product and service providers ororganizations, including the relevant aviation regulatory
organizations?
DYes
D No
D Partial
4.2-2 Is there evidence of a safety (SMS) publication, circular or
channel for communicating safety (SMS) matters to employees?
DYes
D No
D Partial
4.2-3 Are [Organization] SMS manual and related guidance materialaccessible or disseminated to all relevant personnel?
DYes
DNo
D Partial
32
SI 19-05
September 2017
APPENDIX C
EXAMPLE OF AN SMS IMPLEMENTATION PLAN/SCHEDULE
GAQ
Ret Gap analysis questionAnswer
(Yes/No/Partial) Description of gapActionAask required
to fill the gapAssigned taskgroup/person
SMS
document
reference
Status of
action/task
(OpenAVIP/Closed)
11-1 Is there a safety policy In
place?
Partial The existing safety
policy addresses OSHE
only
a) enhance the existing
safety policy to
include aviation
SMS objectives and
policies or develop a
separate aviation
safety policy;
b) have the safety
policy approved andsigned by the
accountable
executive
Task
Group 1
Chapter 1,
Section 1 3
Open
etc.
Table 1 Example SMS gap analysis and implementation task identification plan
ActionAask required
to nil the gapSMS
document
ret.
Assignedtask
group/
person
Status
of
action/
task
Scnedvle/timeJme
10
10
2Q
10
3Q
10
40
10
1Q
11
20
11
30
11
40
11
10
12
2Q
12
3Q
12
4Q
12 etc
1.1-1 a) Enhance the existingsafety policy to includeaviation SMS objectivesand policies or develop a
separate aviation safetypolicy
Chapter 1.
Section 1.3.
Task
Group I
Open
1.1-1 b) Require tr»e safety policyto be approved andsigned by theaccountable executive
etc
Table 02 Example SMS implementation schedule
33
SI 19-05
September 2017
APPENDIX D
GUIDANCE TO REVIEW VOLUNTARY AND CONFIDENTIAL REPORTING
SYSTEMS
An organization's voluntary and confidential reporting system should, asminimum, define:
1. The objective of the reporting system;
DGCA Inspector must ensure that objective is to enhance the safety of serviceprovider's aviation activities through the collection of reports on actual orpotential safety deficiencies that would otherwise not be reported throughother channels. The nature of reporting system will be voluntary, non-punitiveand confidential.
2. The scope of the aviation sectors/areas covered by the system;
DGCA Inspector must ensure that the reporting system covers areas such as :
a. Flight operations;
b. Hangar aircraft maintenance;
c. Workshop component maintenance;
d. Technical fleet management;
e. Inventory technical management;
f. Engineering planning;
g. Technical services;
h. Technical records;
i. Line maintenance.
Note : The Ares covered depend on size, nature & complexity of the serviceprovider's organization
3. Who can make a voluntary report;
Person who can make a volutary report will be depend on size nature 8s
complexity of the service provider's organization such as :
a. Flight and cabin crew members;
b. Air traffic controllers;
c. Licensed aircraft engineers, technicians or mechanics;
d. Employees of maintenance, design and manufacturing organizations;
e. Airport ground handling operators;
f. Aerodrome employees;
g. General aviation personnel.
4. When to make such a report;
34
SI 19-05
September 2017
There are 3 (three) reasons why people wants to report such as :
a. The reporter wishes for others to learn and benefit from the incident or
hazard but are concerned about protecting his/her identity;b. There is no other appropriate reporting procedure or channel; andc. The reporter has tried other reporting procedures or channels without the
issue having been addressed.
5. How the reports are processed;
DGCA inspectors must ensure that the reports will be processed as follows:
1. The service provider's system pays particular attention to protect thereporter's identity;
2. Every report will be read and validated by the safety manager;3. The safety manager may contact the reporter to make sure he understands
the nature and circumstances of the occurrence/hazard reported and/orto obtain the necessary additional information and clarification;
4. Complete and coherent data will be de-identify and put it into database.Only de-identified data will be used if any input from third party isrequired;
5. Feedback will be provided and sent to the reporter;6. The manager will complete the process within ten (10) working days and
may need more time if discussion with the reporter or consulting the thirdparty is required;
7. Every report will be read and followed through by either the manager orthe alternate manager;
8. Only relevant de-identified reports and extracts may be shared within thecompany as well as with external aviation stakeholders as deemed
appropriate. This will enable all concerned personnel and departmentswithin the company as well as appropriate external aviation stakeholdersto review their own operations and support the improvement of aviationsafety as a whole;
9. If the report suggests a situation or condition that poses an immediate orurgent threat to aviation safety, the report will be handled with priority.After de-identification, the report will be referred to the relevantorganizations or authorities as soon as possible to enable them to take thenecessary safety actions;
6. Contacting the manager;
The service provider will set up the manager position who would be able andopen to discussion before making report. This manager and alternate managerwill be able to be contacted during office hours at dedicated telephonenumbers.
35
SI 19-05
September 2017
APPENDIX E
GUIDANCE TO REVIEW THE SAFETY PERFORMANCE INDICATORS
Tables 1 to 2 (safety indicator examples) provide examples of State aggregatesafety performance indicators (SPIs) and their corresponding alert and target levelsetting criteria. The SMS SPIs are reflected on the right-hand side of the tables.The SSP safety performance indicators on the left-hand side of the tables areshown.
Before agreement/acceptance of SMS Safety Indicator DGCA Inspector must
ensure that :
1. SMS Safety Indicator necessary correlate and congruent between with SSPsafety indicators.
2. SMS SPIs should be developed by product and service providers inconsultation with their respective regulatory organizations.
3. The corresponding alert and target level criteria for each indicator are to beaccounted and documented as example as shown below :
a. The alert level setting is based on basic safety metrics standard deviationcriteria.
1) The Excel spreadsheet formula is =STDEVP.
2) For the purpose of manual standard deviation calculation, the formulais:
|E O - vYu =
N
Where:
X is the value of each data point;
N is the number of data points andu is the average value of all the data points.
b. The target setting is a desired percentage improvement is 5% over theprevious year's data point average. This example chart is generated by thedata sheet shown in Table 3
c. When an alert is triggered (potential high risk or out-of-control situation),appropriate follow-up action is expected, such as further analysis todetermine the source and root cause of the abnormal incident rate and any
necessary action to address the unacceptable trend. Point as considerationwhen evaluate the Alert Level are :
1) Alert level setting:
The alert level for a new monitoring period (current year) is based on thepreceding period's performance (preceding year), namely its data pointsaverage and standard deviation. The three alert lines are average + 1 SD,average + 2 SD and average + 3 SD.
36
SI 19-05
September 2017
2) Alert level trigger:An alert (abnormal/unacceptable trend) is indicated if any of theconditions below are met for the current monitoring period (currentyear):— any single point is above the 3 SD line— 2 consecutive points are above the 2 SD line— 3 consecutive points are above the 1 SD line.
3) Target level setting (planned improvement):
The target level setting may be less structured than the alert levelsetting, e.g. target the new (current year) monitoring period's averagerate to be say 5% lower (better) than the preceding period's averagevalue.
4) Target achievement:
At the end of the current year, if the average rate for the current year isat least 5% or more lower than the preceding year's average rate, thenthe set target of 5% improvement is deemed to have been achieved.
5) Alert and target levels — validity period:
Alert and target levels should be reviewed/reset for each new monitoringperiod, based on the equivalent preceding period's average rate and SD,as applicable.
d. The data sheet in Table 4 is used to generate the safety performanceindicator chart shown in Table 4. The same can be used to generate anyother safety performance indicator with the appropriate data entry andsafety performance indicator descriptor amendment.
e. Such a summary may be compiled at the end of each monitoring period toprovide an overview of the SMS performance as shown in Table 5 (exampleof an SMS performance summary provides a summary of all the operators'SMS safety indicators, with their respective alert and target level outcomesannotated)
f. If a more quantitative performance summary measurement is desired,appropriate points may be assigned to each Yes/No outcome for eachtarget and alert outcome. Example:
High-consequence indicators:Alert level not breached [Yes (4), No (0)]Target achieved [Yes (3), No (0)]
Lower-consequence indicators:Alert level not breached [Yes (2), No (0)]Target achieved [Yes (1), No (0)]
This may allow a summary score (or percentage) to be obtained to indicatethe overall SMS safety performance at the end of any given monitoringperiod.
37
d. Table 1
SI 19-05
September 2017
e. Examples of safety performance indicators for air operators
SSPsafety indicators (aggregate State) SMS safety performanceindicators(individua service provider)
High-consequence indicators Lower-consequence indicators High-consequence indicators Lower-consequenceindicators
(occurrence/outcome- jased) (event/activity-basedj (occurrence/outcome-based) (event/activity-based)
Safetyindicator
Alert level
criteria
Target levelcriteria
I
Safety indicatorAlert level
criteria
Targetlevel
criteria
Safetyperformance
indicator
Alert level ' Target levelcriteria criteria
Safetyperformance
indicator
Alert level
criteria
Targetlevel
criteria
Air operators (air operators of the State only)
CAA Average % (e.g. 5%) CAA CAA Average + % (e.g. 5%) Operator Average % (e.g.
aggregate ♦ 1/2/3 improveme aggregate aggregate air 1/2/3 SD improveme combined fleet ; 1/2/3 5%)
air SD nt between air operator operator (annual or jntbetween monthly incident SD improve
operator (annual or each annual yearly 2 yearly reset) each rate (e.g. per (annual ment
yearly 2 yearly reset) annual surveillanceco
co Runway annual 1 000 FH) or 2 betwee
Runway mean rate audit 2 TO Excursion mean rate yearly n each
Excursion LEI % or •a -a Occurance reset) annual
Occurance findings rate V)
c C(e.g. per 1 mean
(e.g. per 1 (findings per Ot_J
O 000 FH) rate
000 FH) audit)
CAA Average % (e.g. 5%) CAA CAA Average + % (e.g. 5%) Operator internal Iaggregate ♦ 1/2/3 improveme aggregate air aggregate air 1/2/3SD improveme QMS/SMS annual
air SD nt between operator operator (annual or nt between audit LEI % or
operator (annual or each annual line yearly 2 yearly reset) each findings rate
yearly 2 yearly reset) annual station Abnormal annual (findings per
Abnormal mean rate inspectionco o Runway mean rate audit) o
X)o
•0
Runway LEI % or § TO Contact rate e EContact findings rate •a
CD•a (e.g. per *9
rate (e.g. (findings per c'v5c 1 000 FH) C c
per inspection) o o ou
o
1 000 FH)
CAA CAA annual CAA Average + 1% (e.g. 5%) Operator
aggregate foreign air aggregate air 1/2/3 SD improveme voluntary
air operator ramp operator (annual or nt between hazard report
operator surveillance yearly 2 yearly reset) each rate (e.g. per 1
yearly inspection Controlled annual 000 FH)
Controlled average LEI % o o Flight into mean rate o•0
o•0
Flight into (for each c E Terrain rate E 2Terrain foreign -a
a;2 (e.g. per
01-a 2
rate (e.g. operator) C a 1 000 FH) '55c
'vtC
pero
u (J u
1 000 FH)
CAA aggregate Average + % (e.g. 5%) Operator DGR Average % (e.g.operator DGR 1/2/3 SD improveme incident report ♦ 1/2/3 5%)
incident report (annual nt between rate (e.g. per 1 SD improve
rate (e.g. per or 2 each 000 FH) (annual ment
1 000 FH) yearlyreset)
annual
mean rate
or 2
yearlyreset)
betwee
n each
annual
mean
rate
etc.
i
38
SI 19-05
September 2017
f. Table 2
g. Examples of safety performance indicators for maintenance,production and design organizations (DOA/POA/MRO)
SSPsafety indicators (aggregate State) SMSsafety performance indicators (individualservice provider)
High-consequence indicators Lower-consequence indicators High-consequence indicators Lower-consequence indicators (event/activity-based)(occurren -e/outcome-based) (event/activity-based) (occurrence/outcome-based)
Safetyindicator
Alert
level
Targetlevel Safety indicator
Alert
level
Targetlevel
Safetyperformance
Alert level i Target levelcriteria criteria
Safetyperformance
Alert level
criteria
Target levelcriteria
criteria criteria criteria criteria indicator indicator
DOA/POA/MRO
CAA Aver _% (e.g. CAA MRO/POA Averag _% (e.g. 5%) MR0/P0A/D0A
aggregate age 5%) aggregate quarterly rate e + improvement internal QMS/SMSMRO + improve MRO/POA of component 1/2/3 between each annual audit LEI
quarterly 1/2/ ment /DOA technical SD annual mean % or findings ratemandatory 3SD between annual
co
BO warranty (annual or rate (findings per o o
defect (annual each surveillance E TOL
claims 2 yearly audit) 2 2reports or annual audit LEI % or CD
2 2 reset) u
3(MDR) 2 yearly mean findings rate v>
CVi
C cC5
received reset) rate (findings peraudit)
oc_>
0 ou
ou
CAA POA/DOA MR0/P0A/D0A
aggregate quarterly rate quarterly final
P0A/D0 of operational inspection/testiA products which ng
quarterly are the subject failure/rejection
rate of of ADs/ASBs rate (due to
operationa (per product internal quality1products line) issues)
which areco
co
co o
co
co
the subject•a
2•a
EaTO
•aTO 2 2
of CD
2CD
2CD
20)
20)
3CD
2ADs/ASBs Vl
Cv\C
VI
C
vi
C C
(per OCJ
o o O o O
productline)
MRO/POA MR0/P0A/D0Aquarterly rate voluntary hazardof component
co o report rate (per o o
mandatory/m TOu E operational
tm 2ajor defect CD
2CD
2 personnel per QJT3
CD
2reports raised Vi
cv\C
quarter) 1 'Bc
(due to O oO
oc_>
ol_>
internal
quality issues)
etc.
39
SI 19-05
September 2017
Table 3
Sample data sheet used to generate a high-consequence SMS safety indicatorchart (with alert and target setting criteria)
Pr»e#ding year
•HhI FH
Mim&wor'
rerMitabta/UQr? MaM
rate' Average
January 3 082 —000 0.21
February 3 727 1.00 0^27 0211
lurch 3 WO 140 026 021
April 3 870-
0 00 0.21
May 3 878 _ 000 0.21
June 3 80S -0JM 0.21
J* 3870 ICO 0J» oat
taai 3004 100 0-28 021
Scpufnbtr 3804 1.00 0-28 02!1
October 3973 2.00 050 0 21
|«i. 398S 2.00 (LSI 021
December 4 360 100 023 021
Aveopt 0_21
SO 018
Amgitl SO Average* 2 SD Average; ♦ 3 SO
03S 058 0 73
Current year ilert level -tettmg, enter* s based o«i preoedwio,jwr (Anetaoe♦ 1^2/3 50)
'Ra»aB«aBO(iiJWlOOOFHi
Current jrear
Ko«rp
Aij-ww
4rrto>«
total FH
reportable/
r*c«o>«fi
Inctomt
rafe»
Precerfnc;
ISO
FVececftog
ywar
average »
2SD
Preceding
veer
a>verag» »
3SO
Current
yw»f
targe*
average
December 4309 100 0 23 030 2M 0.73 021
January 4060 0.00 000 0.3* o.so 0.73 020
February 3 3-18 000 000 030 osa 073 020
March 3 482 200 0 57 036 0.58 0.73 020
Apn 3 546 000 0OQ 036 056 073 020
May 3 833 100 0 28 038 osa 0.73 020
June 030 0.SB 0.73 CUO
•**/ C3S> osa 0.73 020
August QJO osa 0 73 020
September 030 068 073 020
October 030 0 58 071 020
November 036 osa 073 020
Ocembe* 036 osa 0.73 020
Average
SO
Current year urge! a uy S% averagerate improvement over the average
rate ior the precedingyear, which is 0 20
40
SI 19-05
September 2017
Table 4
Example of an SMS safety performance indicator chart(with alert and target level settings)
/ \ , /PteeedAiJ fUt AlphJ Met KMAfMy
IBM rate (set i two fit.
»i*c*a«f year arwaat
a) Ale* level setting
THea1Mlrr^fwjri»wmwiltOreigpreeedng periodsperto-manc*
average and standard deration The>
average » 2 SO and average t 3 SD
t>) Men level trigger
-Z-^
Av*j Sep
(current yea/} is ojserJ an theyear), namely its data points
alert lues are average » 1 SO.
An alert(attwmal'uriacceptaiole two1) csindicate*) >any c/ the eondrtorobetow are met *at the current moreioong period (current year)
— any 5<rig1e ootnt s arxwe the 3 .SO line
— 2 cwTtecvOvepor-its are above the 2 SO trie— 3 cantiocutive ports — above SSe 1 SO fcne
When an a»ert «striggered <po4enti»l high rat or ogi-o*<*v«!rol situationj.appropriate Movmv aebanis wpeOM. such at fcrtw- analysis toostermese the source and root cause of the abnormal nodent rate and anyivX«»jry3Cvtjnt5icawM»euracc»»tat»*W»ie
or. a Kt itt to «ij jon jj #wg >« Oc! f«v Dec
tfr Currentv«jf Mpaa ****** m***7iiireeertaee incteecv. rut* ip*r i sea Ft*)
Current year target *••»*»>
cj Target level setmg (planned mprovemeor)
The target M settng may be less mmmt$m9m Ma»lmlmHa%eg target the nev/ (current year) monitoring periods average irateto besay 5%lotNr (better)than the preogckng period'satrarana <*»
4) Target iMMMt
Atthe end or #»e current year It ffie average rate fcr the current ymM t% *tlearjl 5\ or more lower run me preceding year's average rase. e>#n tie settarget o<5% (rnprDvernwre s aeemed to rtave been achieved
e) Alert and target levers — »al>Ot> perod
Aiertand target levels-should be reviewedfteset tor .acti newmorvtonngperiod, based on tw frquvnent pnvceoVig period's averagerafle and SO.as appacaMe.
41
SI 19-05
September 2017
Table 5
Example of .Alpha Airline's SMS safety performance measurement(say for the year 2010)
High-consequence safetyperformance indicator
SPt description
Alpha Airline's A320 fleet monthlyserious incident rate(e.g. per1 000FH)
Alpha Artne'sA320 fleet engine IFSDincident rate (eg per 1 000 FH)
etc
SPI description
Operator cornbtied fleet monthlyincident rate (eg per 1 000 FH|
Operator internal QMSannual auoKtLEI %or findings rate (findmgs peraudi)
Operator voluntary hazard report rate(e.g. per 1 000 FH)
Operator DGR incident report rate (egper 1 000 FH)
SPI alert level criteria(for2010)
Average ♦ 1/2r3 SO(annual or 2 yearty reset)
Average + 1/2/3 SD(annual or 2 yearty reset)
Alert level
breached
(Yes/No)
Yes
Yes
Lovrer-consequence safetyindicators
SPI alert level critena(for 2010)
Average ♦ 1/2/3 3D(annual or 2 yearty reset)
More than 25% averageLEI orany Level 1finotngor more than 5 Level 2
findings per audit
TBD
Average + 1/2/3 SD(annual or 2 yearty reset)
Alert levelbreached
(YesMo)
Yes
Yes
No
SPI targetlevel criteria(for2010)
5% tnprovement of the2010 average rate over the2009 average rate
3% tnprovement of the2010 average rate over the2009 average rate
SPI targetlevel criteria(for 2010)
52k tnprovement of the2010 average rate over the2009 average rate
5% enprovement of me2010 average rate over the2009 average rate
TBD
5% tnprovement of the2010 average rate over the2009 average rate
Targetachieved
(Yes/No)
No
Yes
Targetachieved
(Yes/NoJ
No
Yes
Yes
42
1.
2.
120-90
120-91
120-92
120-93
•^
Salinan sesuai aslinyaKEPALA BAGIAN HUKUM
AH PURNAMA SARI'embina/(IV/a)
NIP. 19680704 199503 2 001
•\ ER
APPENDIX F
LIST OF APPLICABLE FORMS
SI 19-05
September 2017
Part 121/135 AOC certification check list evaluation, surveilanceand implementation of Safety Management System
Part 141 and part 142 certification chek list evaluation,surveilance and implementation ofSafety Management System
Part 145 AMO certification chek list evaluation, surveilance andimplementation of Safety Management System
Part 147 AMTO certification chek list evaluation, surveilance andimplementation of Safety Management System
DIRECTOR GENERAL OF CIVIL AVIATION
ttd
Dr. Ir. AGUS SANTOSO M. Sc
43