KEMENTERIAN PERHUBUNGAN

DIREKTORAT JENDERAL PERHUBUNGAN UDARA

PERATURAN DIREKTUR JENDERAL PERHUBUNGAN UDARA

NOMOR: KP 443 TAHUN 2015

TENTANG

PEDOMAN TEKNIS OPERASIONAL BAGIAN 175-03 (ADVISORY CIRCULARPART 175-03) PENERAPAN SISTEM MANAJEMEN KESELAMATAN PADA

PENYELENGGARA PELAYANAN INFORMASI AERONAUTIKA

(IMPLEMENTATION SAFETY MANAGEMENT SYSTEM (SMS) IN AERONAUTICALINFORMATION SERVICE PROVIDER)

DENGAN RAHMAT TUHAN YANG MAHA ESA

DIREKTUR JENDERAL PERHUBUNGAN UDARA,

Menimbang : a. bahwa dalam sub bagian 175.120 Peraturan MenteriPerhubungan Nomor PM 60 Tahun 2015 tentangPeraturan Keselamatan Penerbangan Sipil Bagian 175(Civil Aviation Safety Regulation Part 175) TentangPelayanan Informasi Aeronautika (AeronauticalInformation Service) mengatur Penyelenggara PelayananInformasi Aeronautika harus memiliki dan

melaksanakan Sistem Manajemen Keselamatan;

b. bahwa berdasarkan pertimbangan sebagaimanadimaksud pada huruf a, dipandang perlu menetapkanPedoman Teknis Operasional Bagian 175-03 (AdvisoryCircular Part 175-03) Penerapan Sistem ManajemenKeselamatan Pada Penyelenggara Pelayanan InformasiAeronautika (Implementation Safety Management System(SMS) In Aeronautical Information Service Provider),dengan Peraturan Direktur Jenderal PerhubunganUdara;

Mengingat : 1. Undang-undang Nomor 1 Tahun 2009 tentangPenerbangan (Lembaran Negara Tahun 2009 Nomor 1Tambahan Lembaran Negara Republik Indonesia Nomor4956);

2. Peraturan Presiden Nomor 47 Tahun 2009 tentangPembentukan Organisasi Kementerian NegaraSebagaimana diubah terakhir dengan Peraturan PresidenNomor 13 Tahun 2014;

3. Peraturan Presiden Nomor 24 Tahun 2010 tentangKedudukan, Tugas, dan Fungsi Kementerian Negaraserta Susunan Organisasi, Tugas, dan Fungsi Eselon IKementerian Negara sebagaimana telah diubah denganPeraturan Presiden Nomor 14 Tahun 2014;

4. Peraturan Menteri Perhubungan Nomor KM 13 Tahun2009 tentang Peraturan Keselamatan Penerbangan SipilBagian 143 (Civil Aviation Safety Regulation Part 143)tentang Sertifikasi dan Persyaratan Pengoperasian BagiPenyelenggara Pelatihan Pelayanan Lalu LintasPenerbangan (Certification And Operating RequirementsFor ATS Training Provider);

5. Peraturan Menteri Perhubungan Nomor KM 14 Tahun2009 tentang Peraturan Keselamatan Penerbangan SipilBagian 170 (Civil Aviation Safety Regulation Part 170)tentang Peraturan Lalu Lintas Penerbangan (Air TrafficRules);

6. Peraturan Menteri Perhubungan Nomor PM 60 Tahun2010 tentang Organisasi dan Tata Kerja KementerianPerhubungan sebagaimana diubah terakhir denganPeraturan Menteri Perhubungan Nomor PM 68 Tahun2013;

7. Peraturan Menteri Perhubungan Nomor PM 49 Tahun2011 tentang Peraturan Keselamatan Penerbangan SipilBagian 172 (Civil Aviation Safety Regulation Part 172)tentang Penyelenggara Pelayanan Lalu LintasPenerbangan (Air Traffic Service Provider);

8. Peraturan Menteri Perhubungan Nomor PM 60 Tahun2015 tentang Peraturan Keselamatan Penerbangan SipilBagian 175 (Civil Aviation Safety Regulation Part 175)Tentang Pelayanan Informasi Aeronautika (AeronauticalInformation Service);

MEMUTUSKAN :

Menetapkan : PERATURAN DIREKTUR JENDERAL PERHUBUNGAN UDARATENTANG PEDOMAN TEKNIS OPERASIONAL BAGIAN 175-03

(ADVISORY CIRCULAR PART 175-03) PENERAPAN SISTEMMANAJEMEN KESELAMATAN PADA PENYELENGGARA

PELAYANAN INFORMASI AERONAUTIKA (IMPLEMENTATIONSAFETY MANAGEMENT SYSTEM (SMS) IN AERONAUTICALINFORMATION SERVICE PROVIDER).

Pasal 1

Ketentuan Pedoman Teknis Operasional Bagian 175-03(Advisory Circular Part 175-03) Penerapan Sistem ManajemenKeselamatan Pada Penyelenggara Pelayanan InformasiAeronautika (Implementation Safety Management System(SMS) In Aeronautical Information Service Provider),sebagaimana tercantum dalam lampiran dan merupakan bagiantidak terpisahkan dari Peraturan.

Pasal 2

Direktur Navigasi Penerbangan mengawasi pelaksanaanperaturan ini.

Pasal 3

Peraturan ini berlaku pada tanggal ditetapkan.

Ditetapkan di JakartaPada tanggal 18 Juni 2015

DIREKTUR JENDERAL PERHUBUNGAN UDARA,

ttd

SUPRASETYO

SALINAN Peraturan ini disampaikan kepada :

1. Menteri Perhubungan;

2. Sekretaris Jenderal, Inspektur Jenderal, Para Kepala Badan di IingkunganKementerian Perhubungan;

3. Para Direktur di Lingkungan Ditjen Perhubungan Udara;4. Para Kepala Otoritas Bandar Udara;5. Para Kepala Bandar Udara di lingkungan Ditjen Perhubungan Udara;6. Kepala Balai Besar Kalibrasi Penerbangan;7. Kepala Balai Teknik Penerbangan;8. Direktur Utama Perum LPPNPI.

Salinan sesuai dengan aslinyaKEPALA BAGIAN HUKUM DAN HUMAS

S>[EMI PAMURAHARJO

Pembina Tk I (IV/b)NIP. 19660508 199003 1 001

AMENDMENT RECORD

Amendment

Number

Amendment

Dates

Inserted By Pages

Lampiran Peraturan Direktur Jenderal Perhubungan Udara

Nomor : KP 443 TAHUN 2015

Tanggal : 18 JUNI 2015

PEDOMAN TEKNIS OPERASIONAL BAGIAN 175-03

{ADVISORY CIRCULAR PART 17503) PENERAPANSISTEM MANAJEMEN KESELAMATAN PADA

PENYELENGGARA PELAYANAN INFORMASI

AERONAUTIKA (IMPLEMENTATION SAFETYMANAGEMENT SYSTEM (SMS) IN AERONAUTICAL

INFORMATION SERVICE PROVIDER)

<

TABLE OF CONTENT

Amendment Records i

Table of Content ii

CHAPTER I INTRODUCTION 1

CHAPTER II REFERENCES AND ASSOCIATED DOCUMENT 2

CHAPTER III TERM AND DEFINITIONS 3

CHAPTER IV SAFETY POLICY 74.1 Purpose, Form and Content of the Safety Policy for AIS 74.2 Basic Safety Management Principles 74.3 Safety Activities and Deliverables 8

CHAPTER V ORGANISATION OF MANAGEMENT OF SAFETY IN AIS 105.1 Purpose and Objectives 105.2 Safety Management Function in AIS Provider 105.2.1 The Key Feature and Responsibilities of the Safety Management.. 105.2.2 Safety Manager Independence and Establishment of Clear Safety

Accountability and Responsibility 115.2.3 Safety Accountability H5.2.4 Example of Safety Manager Job Description 12

CHAPTER VI SAFETY ACHIEVEMENT 136-! Purpose and Scope of Safety Achievement to Manage Safety in AIS 136.1.1 Safety as a Function of Data Quality 136.2 Competency 146.3 Safety Assessment 156.3.1 Scope of Safety Assessment 156.3.2 Basis for the Safety Assessment 156.3.3 Safety Key Performance Indicators 176-4 (Safety) Occurrence Reporting and Investigation 186.4.1 (Safety) Occurrence Reporting 186.4.2 Investigation 186.5 Management of Safety Documentation 196.6 Control of External Service 206-7 Safety Management Elements in the Continuous Improvement

Process 21

CHAPTER VII SAFETY ASSURANCE 227.1 Purpose and Scope of Safety Assurance 227.2 Legal Requirement on Safety Assurance 227.3 Safety Monitoring 237.3.1 Methods 237.3.2 Outputs 237.3.3 Indicator and Targets for Safety Monitoring 237.4 Safety Records 247.4.1 The Role of Safety Records !!!!!.].!...!!!!!.!!!!!!.!.."!.!!.!! 247.4.2 Requirements Related to Safety Records 247.4.3 Example of Safety Records 247.4.4 Responsibilities Related to Safety Records 25

CHAPTER VIII SAFETY PROMOTION 268.1 General 268.2 Safety Training 278.3 Safety Communication 278.4 Safety Lesson Dissemination 278.5 Safety Improvement 28

LISTOF TABLE

TABLE 1. Summary ofAction and Responsibilities in Respect to the SafetyPolicy g

TABLE 2. Example of Data Quality Attributes and Their Possible Definitions .. 14TABLE 3. Example of Requirements for Quality Attributes 14

TABLE 4. Example ofa Cross Reference Matrix to Identify Elements AffectedBy the Change and Interdependencies 16

in

CHAPTER I

INTRODUCTION

1.1 The purpose of this document is provide guidance on theimplementation of Safety Management System (SMS) for AeronatuicalInformation Service (AIS) Provider. It has been developed to givesufficient understanding on SMS concepts and the development ofmanagement policies and processes to implement and maintain anSMS that meets CASR Part 175 - Aeronautical Information Servicesrequirements and MOS 175-04 - Aeronatical Information ServiceProvider. Therefore, AIS providers are encouraged to refer to thisdocument as their principal source of guidance on SMS.

1.2 The contents of this Manual are reviewed on an as required basis, butnot less than annually. Deputy Director for Management ofAeronautical Information is responsible for coordinating requests forchanges and amendments to the Manual.

1.3 The approving officer and issuing authority for this Manual andsubsequent amendments is Director General of Civil Aviation.

1.4 Deputy Director for Management of Aeronautical Information isresponsible for the maintenance and distribution of this Manual.

CHAPTER II

REFERENCES AND ASSOCIATED DOCUMENT

The following Regulations and Documents are:a. CASR Part 175 -Aeronautical Information Services (AIS);b. MOS 175-04 - Aeronautical Information Service (AIS) Providersc. Annex 19 - Safety Management System (SMS);d. Doc 9859 - Safety Management Manual (SMM); ande. CASR SMS - Ministerial Decree Number KM 20 year 2009.

CHAPTER III

TERM AND DEFINITIONS

Accident. An occurrence associated with the operation of an aircraftwhich, in the case of a manned aircraft, takes place between the time anyperson boards the aircraft with the intention of flight until such time as allsuch persons have disembarked, or in the case of an unmanned aircraft,takes place between the time the aircraft is ready to move with the purposeof flight until such time as it comes to rest at the end of the flight and theprimary propulsion system is shut

down, in which:

a) a person is fatally or seriously injured as a result of:— being in the aircraft, or—direct contact with any part of the aircraft, including parts which

have become detached from the aircraft, or— direct exposure to jet blast,

except when the injuries are from natural causes, self-inflicted or inflictedby other persons, or when the injuries areto stowaways hiding outside the areas normally available to the passengersand crew; or

b) the aircraft sustains damage or structural failure which:—adversely affects the structural strength, performance or flight

characteristics of the aircraft, and—would normally require major repair or replacement of the affected

component,

except for engine failure or damage, when the damage is limited to a singleengine, (including its cowlings or accessories), to propellers, wing tipsantennas, probes, vanes, tires, brakes, wheels, fairings, panels, landinggear doors, windscreens, the aircraft skin (such as small dents or punctureholes), or for minor damages to main rotor blades, tail rotor blades, landinggear, and those resulting from hail or bird strike (including holes in theradome); or

c) the aircraft is missing or is completely inaccessible

Accuracy. A degree of conformance between the estimated or measuredvalue and the true value.

Aeronautical data. A representation of aeronautical facts, concepts orinstructions in a formalized manner suitable for communicationinterpretation or processing.

Aeronautical information. Information resulting from the assembly,analysis and formatting of aeronautical data.

Aeroplane. Apower-driven heavier-than-air aircraft, deriving its lift in flightchiefly from aerodynamic reactions on surfaces which remain fixed undergiven conditions of flight.

Aircraft. Any machine that can derive support in the atmosphere from thereactions of the air other than the reactions of the air against the earth'ssurface

AIRAC. An acronym (aeronautical information regulation and control)signifying a system aimed at advance notification, based on commoneffective dates, of circumstances that necessitate significant changes inoperating practices.

Aeronautical information service (AIS). A service established within thedefined area of coverage responsible for the provision of aeronautical dataand aeronautical information necessary for the safety, regularity andefficiency of air navigation.

Cyclic Redundancy Check (CRC). Amathematical algorithm applied to thedigital expression of data that provides a level of assurance against loss oralteration of data.

Data Quality. A degree or level of confidence that the data provided meetsthe requirements of the data user in terms of accuracy, resolution andintegrity.

Feature. Abstraction ofreal world phenomena (ISO 19101*).

Feature attribute. Characteristic ofa feature (ISO 19101*).

Helicopter. A heavier-than-air aircraft supported in flight chiefly by thereactions of the air on one or more power-driven rotors on substantiallyvertical axes.

Human Factors Principles. Principles which apply to aeronautical design,certification, training, operations and maintenance and which seek safeinterface between the human and other system components by properconsideration to human performance.

Incident. An occurrence, other than an accident, associated with theoperation of an aircraft which affects or could affect the safety of operation.

Integrity (Aeronautical Data). A degree of assurance that an aeronauticaldata and its value have not been lost nor altered since the data originationor authorized amendment.

Integrity classification (aeronautical data). Classification based upon thepotential risk resulting from the use of corrupted data. Aeronautical dataare classified as:

a) Routine data: there is a very low probability when using corruptedroutine data that the continued safe flight and landing of an aircraftwould be severely at risk with the potential for catastrophe;

b) Essential data: there is a low probability when using corrupted essentialdata that the continued safe flight and landing of an aircraft would beseverely at risk with the potential for catastrophe; and

c) Critical data: there is a high probability when using corrupted criticaldata that the continued safe flight and landing of an aircraft would beseverely at risk with the potential for catastrophe.

Operational personnel. Personnel involved in aviation activities who are ina position to report safety information

Quality. Degree to which a set of inherent characteristics fulfilsrequirements (ISO 9000*).

Resolution. A number of units or digits to which a measured or calculatedvalue is expressed and used.

Safety. DGCA in which risks associated with aviation activities, related to,or in direct support of the operation of aircraft, are reduced and controlledto an acceptable level.

Safety management system (SMS). A systematic approach to managingsafety, including the necessary organizational structures, accountabilities,policies and procedures.

Safety performance. Aservice provider's safety achievement as defined byits safety performance targets and safety performance indicators

Safety performance indicator. A data-based parameter used formonitoring and assessing safety performance

Safety performance target. The planned or intended objective for safetyperformance indicator(s) over a given period.

Safety risk. The predicted probability and severity of the consequences oroutcomes of a hazard.

Serious injury. An injury which is sustained by a person in an accidentand which:

a) requires hospitalization for more than 48 hours, commencing withinseven days from the date the injury was received; or

b) results in a fracture of any bone (except simple fractures of fingerstoes or nose); or

c) involves lacerations which cause severe haemorrhage, nerve, muscleor tendon damage; or

d) involves injury to any internal organ; ore) involves second or third degree burns, or any burns affecting more

than 5 per cent of the body surface; orf) involves verified exposure to infectious substances or injurious

radiation.

State safety programme (SSP). An integrated set of regulations andactivities aimed at improving safety

Traceability. Ability to trace the history, application or location of that which isunder consideration (ISO 9000*).

Validation. Confirmation, through the provision of objective evidence, that therequirements for a specific intended use or application have been fulfilled (ISO9000*).

Verification. Confirmation, through the provision of objective evidence, thatspecified requirements have been fulfilled (ISO 9000*).

CHAPTER IV

SAFETY POLICY

4.1 Purpose, form and content of the safety policy for AIS

i. This policy must define the AIS provider's fundamental approachto the management of safety and must confirm its commitmentat all levels to the fulfilment of its mission statements. It is thefirst important milestone when implementing safety managementobjectives that define the value of safety in the overall businessand performance of the AIS provider.

ii. The safety policy should set the general direction and aspirationsfor the establishment of safety management and improved safetyperformance in the AIS provider organisation.

iii. The safety policy should take the form of a ment of the AISprovider's approach to achieving acceptable or tolerable safetyand should describe the generic approaches on which themanagement of safety is built and operated. The safety policycould form part ofthe quality policy or be a separate policy in thecase of a separate safety management system.

iv. A typical safety policy document would consist of a policystatement reflecting the AIS provider's individual approach to themanagement of safety. This would be further expanded toinclude a number of basic safety management principles to befollowed, such as commitment to safety, safety priority, andsafety responsibility, planning for safety, safety management,safety standards, safety achievement, safety assurance andsafety promotion.

4.2 Basic safety management principles

i. At the same time the AIS provider's senior management shouldundertake to provide the necessary resources for the effectivemanagement of safety.

ii. The safety responsibility principle requires all of the AIS/AIMProvider's staff to have individual responsibility for their ownactions with regard to safety, and requires the management to beresponsible for the safety performance of the organisation. Clearand correctly allocated safety accountabilities andresponsibilities are a prerequisite for achieving the organisation'ssafety objectives and for implementing effective management ofsafety and an effective safety improvement process. Theresponsibilities/accountabilities should be specified in therelevant job/task description and manuals.

iii. Planning for safety is an important prerequisite for proactivesafety management implementation. It allows the AIS provider'ssafety performance to be defined and strategies, approaches andconcrete plans to be identified for the achievement of anacceptable or tolerable level of safety of the services provided. Itallows the organisation's safety objective to be defined, and thenecessary means and resources for their achievement to beidentified.

iv. The safety achievement principle is an essential domain for themanagement of safety and should comprise a set oforganisational arrangements, processes and systematic actions(e.g. risk assessment, error reporting and investigation, etc.) tobe deployed in order to enable the AIS provider's safetymanagement objectives to be achieved.

v. The safety assurance principle should specify means, processes,procedures and resources to demonstrate compliance with thesafety requirements and deliver the evidence required about thelevel of safety achieved (e.g. safety surveys, safety records, etc.).Also, the safety assurance methods used by an AIS providershould support the identification of safety problems and theestablishment of recommendations for safety improvement. Theobjective of this principle is to implement dedicated surveillanceand documenting procedures and processes in order to ensurethat the risks are being properly managed.

vi. The safety promotion principle covers the means, processes andprocedures that allow for communication of safety mattersamong operational personnel and AIS provider management. Itensures that safety lessons and key messages are disseminatedthroughout the AIS provider organisation, that thecommunication of safety matters is encouraged and that changesare systematically made in order to improve safety.

4.3 Safety activities and deliverables

i. The safety policy should be written and documented under theauthority of the senior level of management of the AIS providerapproved by the DGCA (if required) and communicated to allstaff of the AIS provider.

ii. A properly communicated safety policy is a prerequisite for thecreation and development of a positive safety culture within theAIS provider.

iii. The safety policy should be disseminated within the AISprovider's organisation as widely as possible, by means ofinternal communication channels, safety awareness workshops,internal briefings, induction training, etc.

IV.

v.

VI.

111

The ultimate goal of communicating the safety policy within theAIS provider organization should be that the AIS provider'spersonnel are aware of:a. The scope of the document;

The importance of the management of the safety objectives;The goals of the safety policy and the management of safety;The principles of the management of safety;The need for safety management objectives to be affordedthe highest priority over commercial, operational,environmental or social pressures.

An AIS provider should set up a procedure to design a genuinesafety policydocument and to periodically review it with a view toupdating it as necessary. The revisions are required in order toensure that the policy is aligned with the organisation's strategicobjectives, continuous improvement and evolution. The policyalso needs to be consistent with other policies, and its contentshould not contradict other policies of the organisation.

The following table summarises actions and responsibilities inrelation to the safety policy.

b.

c.

d.

e.

Safetyactivities/deliverable

Person

responsiblefor initiative/production

AIS/AIMsafety

function

involvement

Addressee Records Endorse

ment

approval

Safety policyProduction,review and

signature

AIS topmanagement

Support All Staff Quality(Safety)Manage

ment

Manual

CEO

Posters SafetyManager

Disseminati

on

All Staff n/a n/a

Communica

tion

initiatives

AIS

providersenior

management,

SafetyManager

Support All Staff Activityreport

SafetyDepartm

ent

Table 1: Summary of actions and responsibilities in respect toThe safety policy

CHAPTER V

ORGANISATION FOR THE MANAGEMENT OF SAFETYIN AIS

5.1 Purpose and objective

The purpose of the safety management function in the AIS providerorganisation is to ensure the development and maintenance of thesafety management objectives defined by CASR 175.The objective of the safety management function in AIS is to provideand maintain the framework and allocate the necessary resources foreffective and proactive safety management that will enable the AISprovider to meet its safety objectives.

5.2 Safety management function in the AIS Provider

A safety management function in the AIS provider should include ingeneral:

a. An entity (or entities - depending on the size of the organisation)responsible for the development, implementation andmaintenance of the safety management objectives, defining thesafety accountabilities and responsibilities and developing theprocesses and procedures of the AIS provider for the managementof safety;

b. Personnel with safety responsibilities.

5.2.1 The Key Features and Responsibilities of the Safety Management

a. Independence: function in the AIS provider Independence thefunction needs to be independent of line management and shouldensure the connection with the SMS of the ANSP (whereappropriate);

b. Communication: the communication skills must be a key featurefor the function. It is most important that the function establishescommunication lines throughout the AIS provider.Communication should be open on all levels;

c. Knowledge: the function needs to have comprehensive knowledgeof safety in the AIS provider and be able to answer any questionsthat arise;

d. Verification and validation: the function should be a place wherethe rest of the AIS provider can go to for verification andvalidation of assessments, investigations and surveys on theprocesses.

10

The function should efficiently cover every aspect of the AIS providerand should be responsible for:a. The development, implementation and maintenance of the safety

management objectives;b. The definition of the safety accountabilities and responsibilities;

and

c. The development of the processes and procedures for themanagement of safety

5.2.2 Safety Manager Independence and Establishment of Clear SafetyAccountability and Responsibility

Several important considerations must be taken into account by theAIS providers when establishing this safety management objective:a. To appoint a safety manager

An independent and credible member of the management team,who, irrespective of other duties, has the responsibility andauthority to supervise and maintain safety managementprocesses and procedures, but also to develop and support theimplementation of such processes and procedures on initialdeployment of the safety management objectives.

The safety manager must be wholly independent of the executivemanagement of the AIS provider and be responsible direct to thesame senior manager as all the executive managers are. If thiscannot be achieved in a very small organisation, then credibleevidence must be supplied that safety managementresponsibilities are carried out independently and free of anyresponsibility to another manager for any other job function.

b. To establish clear safety accountabilities and responsibilitiesfor all personnel involved in safety-related tasks

This includes unambiguous definition and allocation ofaccountabilities and responsibilities for all matters of operationalsafety.

Responsibility and accountability are closely related concepts.Safety responsibility is delegated within the area of jobresponsibilities, provided such delegation is documented.Safety accountabilities define to whom the responsible personneeds to demonstrate the satisfactory discharge of their safetyresponsibilities.

5.2.3 Safety Accountability

a. The accountability for safety in the AIS provider lies with the linemanagement that owns the risk, and the overall accountabilitylies of course with the CEO. However, everybody is responsible forthe specific job they are employed to do. The difference betweenaccountability and responsibility can be difficult to understand,and in some languages there is just one word for both concepts!But if you are accountable for something, you are legally

11

responsible for it, and can be held legally accountable, whichmeans you can be punished by the law.

b. The safety director/safety manager and the safety departmentare support staff for the line management and are notaccountable or responsible for the safety of the organisation. It isthose who own the risk who are responsible for safety and thatshould always be the line management.

c. Principal accountabilities for the safety director/safety managerwould be:

1) To promote and support development of the safetymanagement objectives. Therefore, somebody needs to beassigned to do the job, and that would in mostcircumstances be the safety manager;

2) To establish a communication framework within theAIS/AIM provider which facilitates effective safetymanagement, i.e. clear lines of top-down and bottom-upcommunication on safety between the safety manager, linemanagers, senior management and line personnel;

3) To allocate the appropriate resources to safety management,consistent with the organisation's safety policy, ensuringthat appropriate funding is available for the necessarytechnical infrastructure, process maintenance, humanresources and personnel training;

4) To ensure the appropriate training and competencyassessment for all personnel assigned safety managementtasks.

d. There is no single solution for the establishment of a Coherentsafety management structure. The size of the organisation, itsmission, complexity ofoperations, operating environment and itsorganisational safety culture will all influence the structure andfunctioning ofits safety management system.

e. Any changes to the organisational structure should be assessedto determine whether or not they might affect safetyresponsibilities and accountabilities. Any necessary amendmentsto previous responsibilities and accountabilities should beproperly documented.

5.2.4 Example of the Safety Manager Job Description

A sample job description for a Safety Manager is provided in ICAODoc 9859 "Safety Management Manual" and has the following outline-a. Overall purposeb. Dimensionsc. Nature and scoped. Qualificationse. Authority

12

6.1

CHAPTER VI

SAFETY ACHIEVEMENT

Purpose and Scope of Safety Achievement to Manage Safety inAIS

Safety achievement in AIS is the result of processes and/or methodsapplied to attain the safety requirements of CASR 175. It shouldcomprise of several components:a. Competency;

Safety assessment;(Safety-) occurrence reporting and investigation;Management of safety documentation;Control of external services.

b.

c.

d.

e.

6.1.1 Safety as a Function of Data Quality

i.

n.

in.

IV.

The management of safety relies on a spectrum of organisationalarrangements, methods and processes to manage proactively therisk.

It was previously recognised that the major safety risk in AIS isto introduce erroneous data in the data chain that might affectthe safety of operations. Therefore by ensuring that the quality ofdata produced by the AIS satisfies the established requirementsfor its intended use it will mitigate that risk and all the safetyactivities should concentrate on achieving this objective.

Accordingly the objective of safety achievement in AIS is toensure that data are of a quality in accordance with theirintended use and their criticality. CASR175 has defined threecriticality categories: critical data, essential data and routinedata. High-quality data guarantee a high safety standard.

To ensure data quality for the whole data chain, AIS providershave to fulfil the requirements laid out in CASR 175. The qualityof data can be characterised by using the following qualityattributes (this list is not exhaustive and the AIS providers couldidentify additional quality attributes which might affect thesafety):

ATRIBUTE

AccuracyDEFINITIONS

A degree of conformance between the estimatedor measured value and thetrue value

Resolution

Integrity

A number of units or digits to which a measuredor calculated value isexpressed and used

A degree of assurance that an aeronautical dataand its value has not been lost or altered sincethe data origination or authorized amendment

13

Consistensy

Assurance Level

Tracebility

Timeliness

Currency

Plausibility

Format

Completeness

A degree of assurance that aeronautical dataacross redundant or distributed databases is insynch with each other (equivalent).

The level of assurance that data is made availableto the next intended user prior to its effectivestart date/time and not removed before itseffective end date/time.

Ability to trace the history, application or locationof what which is under consideration.

The degree of assurance that aeronautical data isavailable when it is required.

The degree to which aeronautical data representsreality from the required point in time i.e. DGCAof information of being up-to-date or notoutdated.

The degree of assurance that aeronautical data isseemingly valid and correct.

The organisation of information according topreset specifications. A defined way of codinginformation adhering to a given data model forstorage or transfer.

Table 2: Examples of data quality attributes and their possibleDefinitions

v. The fulfilment of all these requirements must be verified andvalidated.

Element Accuracy Integrity Timeliness Format ResolutionRWY

THR

lm

surveyedCritically AIRAC AIXM I/100sec

Table 3: Example of requirements for quality attributes

6.2 Competency

It should be ensured by a set of organisational arrangements that allstaff involved throughout the aeronautical data chain are adequatelytrained and have the necessary skills, competency and authorisationto perform the range of data processing tasks they are assigned to.Ihis could be supported by:

14

a. Establishing a minimum set of skills and competencies for staffacting in the aeronautical data chain;

b. Establishing processes to ensure that each member of staffresponsible for tasks in the provision of aeronautical data orinformation has been briefed or trained and retains the acquiredknowledge and skills;

c. Retaining a sufficient level of qualified and competent staff;d. Ensuring that shortfalls are identified and mitigated;e. Implementing a continuous training process.

6.3 Safety Assessment

The objective of the safety assessment in AIS is to provide a proactivemechanism for identifying potential hazards and finding a way ofcontrolling risks associated with degradation and decrease of dataquality. The AIS provider should ensure that the safety assessment isundertaken prior to implementation of any change potentiallyaffecting safety and data quality, in order to demonstrate that thechange meets an acceptable level ofsafety and quality attributes.

6.3.1 Scope of the Safety Assessment

As a minimum the impact of the change on the following elementsshould be addressed in a safety assessmenta. People;b. Procedure;c. Equipement.

6.3.2 Basis for the Safety Assessment

The following non-exhaustive pre-requisites for the safety assessmentprocess should be specified within the initial set-up of themanagement of safety:

a. data quality attribute requirements

Should characterise a data quality attribute. Ideally at least onemeasurable value should be defined for each quality attribute,e.g. an accuracy of 1 m, meta-data availability, CRC value.

b. quality assurance processes

Describe the mechanism for verification of compliance with thedata quality attributes requirements. During the assessment itshould be checked whether a change has an impact on themeasurement ofdata and/or whether new checks are required.

c. existing safety assessment procedures

Describe the mechanism of the safety assessment processes

15

———

d. documented safety management processes

Provide the same information to all parties involved.

A cross reference matrix could be used to identify the elementsaffected by the change.

Example: If a procedure is changed, then it should be checkedwhether there is any interference with data quality attributes andwhether interdependencies exist.

Equipment Procedure People/role Information

interface

Existingdata etc

Accuracy

Resolution

IntegrityConsistensyAssurance

Level

TracebilityTimeliness

CunencyPlausibilityFormat

Completeness>

Table 4: Example of a cross reference matrix to identifyElements affected by the change andInterdependencies

While every organisation has its own assessment methods, the safetyassessment should consist of the following process steps:a. Identification of what may be affected by the change (processes,

equipment, quality attributes, people ...), including the scope anddefinition of the change and all relevant uses for the eronauticaldata item or dataset;

b. Conduct hazard identification and analysis, including theidentification of likelihood and severity of potential hazards andpossible interdependencies (e.g. brainstorming, simulation, taskanalysis, scenario driven analysis etc.);

c. Assessment of risks (identification whether the risk is acceptableor not and who has the authority to decide);

d. Specify mitigation measures;

e. Implement and put into effect mitigation measures which shouldbe supported by the management.

16

f. Check that mitigation measures are effectively implemented (e.g.through the safety key performance indicators) and if theyintroduce any new hazard.

It is important to note that the safety assessments in AIS cannot beconducted solely by the operational personnel of AIS or solely by thesafety experts. It is therefore of paramount importance to ensure thatthe safety assessment in AIS is conducted by the operationalpersonnel of AIS and is supported by safety experts.

6.3.3 Safety Key Performance Indicators

i. In order to be able to verify quality attributes it is recommendedthat key performance indicators which are based on requirementsfor each of the quality attributes be defined and that limits bespecified.

ii. Accordingly, each quality attribute should be linked to (a)requirement(s). Requirements should be defined in such a waythat compliance with the requirements can be measured.Compliance should be expressed in terms of limits (i.e. targets,warning and action limits should be specified).

iii. Adherence to the limits defined should be evaluated permanentlyand evidence for maintaining compliance with the requirementsshould include a statement that the required level of qualityattributes has been met. If deviations are observed, occurrencereporting, investigation, reporting and lesson disseminationshould be initiated.

iv. By using such a measuring system, information about the safetysituation can be obtained and thus we can speak in terms of"safety key performance indicators". As a prerequisite, therequirements for data quality attributes should be in line withsafety objectives and the criticality of the data. This means thatthe higher the criticality of a certain datum is, the moredemanding should be the related requirements and accordinglythe targets, warning and action limits.

v. The safety key performance indicators should be evaluated andmaintained in terms of changes even if no mitigation measuresfor the change have been specified, e.g. in order to ensure that achange does not degrade data quality.

17

_.

6.4 (Safety) Occurrence Reporting and Investigation

6.4.1 (Safety) Occurrence Reporting

i. A reporting system is a set of organisational arrangements andsystematic actions designed to facilitate the collection ofinformation on actual (potential) safety deficiencies and to ensurelesson dissemination inside the AIS provider's organisation. Itshould lead to a more systematic visibility of (safety) occurrencesand their causes and will act as an effective contribution to dataquality. The reporting system should be based on trust, ensureconfidentiality and follow a non-punitive policy ("just culture"),which it is recommended should become an integral componentof the safety policy.

ii. The focus of (safety) occurrences reporting will be on:a. Data items

b. Data errors

c. Data processing (input, maintenance, withdrawal anddeletion of data)

d. Data attributes, linked requirements and targets, warningand action limits

e. Failures or malfunctions of the system

iii. The occurrence reporting procedure should include:a. A definition of reported elements, e.g.:

1) Inability to provide AIS service2) Failure of Communication function3) Failure of Data Processing and Distribution function4) AIS system security

b. A voluntary reporting system, encouraging personnel toreport a typical situations which they believe havesignificance for safety, e.g. unusual occurrences, unusualsystem behaviour, etc.

c. Definition of the systems and channels available forreporting, e.g. written reports, automated reportingmechanisms (logged technical system data).

d. Definition of the responsibilities in (safety) occurrencereporting

e. Definition of reporting rules

6.4.2 Investigation

i. The purpose of investigation in AIS activities is to prevent (safety)occurrences concerning aeronautical data themselves and(safety) occurrences which may lead to hazards whereaeronautical data are used. This includes the gathering andanalysis of information, the drawing of conclusions, includingthe determination of causes and, where appropriate, the makingof (safety) recommendations.

18

ii. Therefore investigation procedure should include:a. A definition of the investigation procedure, including rules,

where investigation needs to be carried outb. Key roles and responsibilities should be defined (e.g. notifier,

investigator, safety manager, contributors ...)c. Procedures for factual data gatheringd. A (safety) occurrence analysis procedure and risk

assessment, taking into account previous occurrencese. A link to lesson dissemination and improvement proceduresf. Remedial actions and follow-up recommendationsg. Attention to human factors (focusing on data handling)h. A feedback mechanism (to the reporter and persons affected

by occurrence/investigation)

6.5 Management of Safety Documentation

i Safety documentation is maintained and collected by AISproviders to demonstrate to all stakeholders that procedures arewell defined and that operations have been and continue to beundertaken in a safe manner.

ii The main goal of documentation and records management is toguarantee access, accuracy, exactness, reliability, security andquick availability of all useful information.

iii The tasks involved in meeting these objectives concern thedefinition, organisation and implementation of rules in relationto:

a. document identification

b. document drawing-up and presentationc. document verificationd. document authorisatione. document distribution

f. document evolution and updatingg. document filing

iv Safety records are archived for the purpose of making furtherreference to them. Referencemeans:a. Elaborating statistical data, e.g. for safety monitoring

purposes; and

b. Establishing cross references between the various types ofrecords such as use of safety occurrence records to supportsafety assessments.

v The meaningful use of records as described above can beachieved only provided the data stored are appropriatelymaintained.

19

6.6 Control of External Services

i. Safety and quality assurance procedures used by externalsuppliers should satisfy the AIS provider's internal safety andquality standards and safety objectives, because shortfalls couldrode the acceptable level of quality attributes.

ii. Therefore the AIS provider should ensure an adequate level ofquality attributes within those activities that fall withinmanagement of safety and external inputs. Relevant servicesshould be identified and assessed to maintain an appropriatelevel of quality attributes within the organisation.

iii. A major goal should be:a. To decide which external services in terms of data originators

are relevant in terms of the level of quality attributes;b. To determine the required level ofquality attributes, andc. To achieve and maintain those levels.

iv. The AIS provider should ensure that incoming data fulfil therequirement in accordance with legislation. This could besupported by audits and formal arrangements specifyingrequirements which address the data originator and ensure theappropriate level of quality attributes.

v. The obligation to control external services should not berestricted to changes but should be an ongoing continuousprocess.

20

6.7 Safety Management Elements in the Continuous ImprovementProcess

Safety management elements in the continuous improvementprocess.

21

CHAPTER VII

SAFETY ASSURANCE

7.1 Purpose and Scope of Safety Assurance

i The purpose of safety assurance is:a. To provide information of activities as regards safety;b. To confirm conformance with an SMS and/or safety

management objectives;c. To detect changes which may suggest an element is

approaching a point at which acceptable standards of safetycan no longer be met;

d. To record and results of processes; ande. To obtain a basis for and help determine corrective actions.

ii The above-mentioned outputs from safety assurance processesare provided to:a. The staff,b. The management,c. The regulator

iii Safety assurance is needed for all activities related to theprocessing of aeronautical data that fall within the AIS provider'sresponsibility and encompasses aeronautical data andinformation interfaces, people, procedures and equipment.

7.2 Legal Requirements on Safety Assurance

i. Usually, safety assurance in safety management systems (e.g.the SMSs used by ANSPs that fulfil the common requirements forthe provision ofair navigation services) comprises:a. Safety surveys;b. Safety monitoring;c. Safety records.

11. It requires the organisation to have a quality managementsystem that will (inter alia) set up a quality assuranceprogramme containing procedures designed to verify that alloperations are being conducted in accordance with applicablerequirements, standards and procedures. The above mentionedverification can be conducted by means ofinternal quality auditswhich could also identify good practices for internaldissemination.

iii. However, the other parts of safety assurance (safety monitoringand safety records) apply to the data process that has to fulfil therequirements in accordance with legislation.

22

7.3 Safety Monitoring

7.3.1 Methods

Safety-related activities can be monitored either in the course of theprocess (directly) or after the process has been carried out (byreviewing the results of the processes). In the case of the former, themonitoring can be continuous or regular. In the case of the latter, theAIS automated systems (with manual or automatic input) can providefor useful recording of both the progress of processes and theirresults.

7.3.2 Outputs

i. The outputs of safety monitoring are:a. Records of the processes and their results;b. Error reports

ii. The creation of records of the processes and their results shouldfollow the procedures of the QMS of the AIS provider (e.g.analysis of data). The records form one of the inputs forpreventive actions, i.e. the action to eliminate the causes ofpotential errors.

iii. Error reporting should follow the procedures of the QMS of theAIS provider (e.g. control of the non-conforming products). Theprocedure for error reporting should be owned by the AIS Safetyfunction. Error reporting, measurement and corrective actionsmust fulfil the requirements in accordance with legislation andfollow the procedures as described in the (Safety) OccurrenceReporting and Investigation section of the safety achievementchapter.

iv. The information from these sources should be recorded (see thechapter on safety records below) and used to improve the safetyof the associated activities. It can be used either as it is or as aninput into the indicator values.

7.3.3 Indicators and Targets for Safety Monitoring

i. Indicators used for safety monitoring are parameters thatexpress the progress of a process with regard to safety.Indicators can be qualitative or quantitative.

One possible way of setting up quantitative indicators for safetymonitoring is described in Chapter 6.3.3: Measurable qualityattribute requirements, including targets, warning and actionlimits, serve as quantitative safety key performance indicators.

n.

23

^^

iii. Indicators should prompt the management system to closerscrutiny, leading to corrective action. The safety of the activitycannot be managed by indicators alone. Their role is simply topoint out the more complex issues in AIS.

iv. Indicators should refer to the safety aspect of data. An exampleof this is the number of errors in respective data items.

v. The data for the indicator should be gathered continuously andreviewed periodically. The data could also be used in a systemsafety assessment.

vi. The actual value of an indicator is compared to its desired value(or range of values), i.e. a target. Missing the target is a sign tothe management system that an analysis of the process shouldbe carried out and that corrective action should be taken.

vii. Choosing a good indicator (or set of indicators) for a particularprocess makes safety monitoring more effective. As regards thedata process, the indicators used for managing the process in aQMS could also be used for safety monitoring.

7.4 Safety Records

7.4.1 The Role of Safety Records

The safety management processes should be supported by records.The aim is similar to that of quality management, i.e. to offeravailability, accuracy and traceability of the evidence. Using theprocedures of QMS in safety management (e.g. control of recordscontinual improvement, analysis of data, monitoring andmeasurement, etc.) can be to an AIS provider's advantage, as there isno need to build a separate record control system.

7.4.2 Requirements Related to Safety Records

An AIS provider's safety management processes should:a. Specify safety records;b. Specify the form which safety records are to take;c. Determine the responsibilities and roles with 'regard to safety

records.

7.4.3 Examples of Safety Records

Examples of the safety records relevant to AIS activities are:a. Error reports, feedback and rectification mechanisms;b. Safety assessment reports;c. AIS personnel training records;d. maintenance records (AIS equipment);e. Statistical safety-related records;

24

11

f. records of corrective actions (if a finding has a safety aspect);g. "Safety management reviews" (as part of a management review)-h. Occurrence reports to the ANSP related to the aeronautical data

errors;

i. Evidence pertaining to aeronautical data and aeronauticalinformation

7.4.4 Responsibilities Related to Safety Records

i. Responsibility for managing records should be established andknown for each record. The control ofrecords, their identificationand traceability should be defined in the AIS provider's QMS.

ii. Responsibility does not always have to lie with the AIS provider(for instance, occurrence reports are likely to be stored in theANSP's reporting system and serve as a basis for occurrenceinvestigation, which may be outside the scope of the AISprovider). However, there should be provisions in place betweenthe AIS provider and the record-keeper to enable the AIS providerto make use of the recorded evidence, e.g. to obtain feedbacktake corrective action, etc.

iii. Conversely, the AIS provider should inform other parts of theANSP if safety records contain information which is ofimportance outside the AIS. The procedures for two-waycommunication should be established, ideally between theANSP's Safety Manager and the AIS Safety function.

25

CHAPTER VIII

SAFETY PROMOTION

8.1 General

i. Safety promotion plays a supporting, yet important, role inachieving effective control of safety risks during service delivery.It is one of the major components of safety management and isan important enabler for continuous safety improvement. Safetypromotion provides the means for AIS organisations to helpminimise the safety risks. Safety promotion can help ensure thatthe right environment actively supports an individual ororganisation to freely identify areas where their policies,procedures or processes may have gaps.

ii. Safety promotion supports safety culture communication anddissemination of lessons learned, and is an important enabler tothe continuous improvement process. The safety promotionprocess includes all efforts to modify equipment, procedures,attitudes and behaviour aimed at improving safety.

iii. Safety promotion has four main elements, notably:a. Safety trainingb. Safety communicationc. Safety lesson disseminationd. Safety improvement

8.2 Safety Training

i. AIS providers develop and maintain a safety training programmeto help ensure that staffare trained and competent in the area ofsafety. This means that processes and procedures which ensurethat staffare trained and competent to perform their duties withsafety in mind are in place. The scope of the safety trainingshould be appropriate to the individual's involvement in thesafety management processes and should be adapted to fit theneeds and complexity of the organisation. The provision ofappropriate training to all staff, regardless of their level in theorganisation, is an indication of management's commitment toan effective safety management system. This also encouragesopen communication of safety issues not only among AIS staffbut also with the AIS provider's management.

ii. The safety training and education may consist of the followingprocesses:

a. Aprocess to identify safety training requirements;b. Aprocess that measures the effectiveness of training;c. Initial job-specific training incorporating ' safety

management; andd. Refresher safety training.

26

iii. All AIS staff should receive safety awareness training regarding:a. Safety management roles and responsibilities;b. Safety policy;c. Safety management objectives;d. Safety achievement;e. Safety assurance;f. Safety promotion.

8.3 Safety Communication

i Safety communication is an important enabler for improvedsafety performance. Therefore, an AIS provider should, as partof its safety promotion activities, develop and maintain formalmeans for safety communication in order to:a. Ensure that all staff are fully aware of the management

system;

b. Convey safety-critical information;c. Explain why particular safety actions are taken; andd. Explain why safety procedures are introduced or changed.

ii Safety communication could take various forms. The means ofsafety communication could include:a. Safety bulletins, safety notices, newsletters, magazines and

E-mail distribution lists;b. Briefings, meetings, seminars and workshops;c. Refresher training;d. Websites, intranet and online.

Safety communication also encompasses the promotion ofsafety-related documentation and safety procedures within theAIS organisation.

8.4 Safety Lesson Dissemination

The objective of safety lesson dissemination is to make availableto the AIS providers staff the knowledge gained from experienceand to promote its use to improve the safety of the services

11.

m.

IV.

Lessons learned should be communicated across all relevantareas of the organisation, thus ensuring that benefits fromlessons learned are realised by all areas and that the impact isrecognised across the business.

To minimise the safety risks associated with the increasingvolume and complexity of AIS activities, AIS providers mustadopt and apply a proactive safety management practice.

Lesson dissemination is one of the attributes of the proactive andmodern approach to managing safety. It encompasses thesharing of best practices and safety lessons learned through theexchange of safety information (e.g. recommendations arising outof investigations/surveys). The source of information could also

27

be outside the organisation and might not even come from withinthe aviation field.

v. The safety communication process should be used for lessondissemination across all relevant staff in the AIS organisations.This may promote the involvement of the AIS staff in proposingsolutions to operational hazards and may enable the staff tosuggest different perspectives of methods for safety improvement.

vi. The processes to be established for lesson dissemination are:a. Collection of lessons - a systematic process to collect lessons

arising from safety investigations, and other safety activities;b. Dissemination of lessons to staff - lessons learned are

passed to all staff concerned.

Various dissemination methods could be used, such aspresentations, reports, audio-visual tools, safetypublications, etc;

c. Incorporation into training activities - relevant informationfrom lessons learned should be used to improve the trainingprogrammes and contents.

8.5 Safety Improvement

i. AIS providers should actively encourage staff to identify andreport safety issues and to submit safety improvement proposals.These proposals, if adequate, should be implemented within theAIS organisations.

ii. Processes and methods should be introduced to facilitatereporting and the submission by staff of proposals for safetyimprovements. A systematic way of dealing with proposalsshould also be defined. The originator should receive feedback onthe decision and actions taken on the proposals.

DIREKTUR JENDERAL PERHUBUNGAN UDARA,

ttd

SUPRASETYO

Salinan sesuai dengan aslinyaKEPALA BAGIAN HUKUM DAN HUMAS

irf**HEMIPAMURAHAR.IO

PerrtbinaTkl (IV/b)£»Pjf#p3b508 199003 1001

28