Wednesday, November 29, 2017

When SMS Becomes Personal

Safety Management System is not new to aviation but started in 1903 at the moment of the first flight. Back then SMS was all reactive and safety was not improved until an accident had happened.
When SMS is directed from the bow.
For the first 100 years or so of aviation history, SMS in aviation was reactive and reactively improved safety processes after the fact. Over time, aviation industry leaders believed the airplane could not reach its full commercial potential without federal action to improve and maintain safety standards. With the implementation of a landmark legislation in 1926 the issuance and enforcement of air traffic rules, licensing pilots, certifying aircraft, establishing airways, and operating and maintaining aids to air navigation became available.

Despite this, in 1926 and 1927 there were a total of 24 fatal commercial airline crashes, a further 16 in 1928, and 51 in 1929, which remains the worst year on record at an accident rate of about 1 for every 1,000,000 miles flown. Based on the current numbers flying, this would equate to over 7,000 fatal incidents per year. Aviation was not considered to be a safe mode of transportation.

SMS is to know what options to balance.
In 1956 one of the worse accidents mid-air accidents happened over the Grand Canyon, with the result of creating more rules to prevent identical accidents. There was no indication of wrongdoing, or non-compliance with regulations by cancelling IFR and flying 1000-on top. Shortly before 10 a.m., both pilots reported to different communications stations that they would be crossing over the canyon at the same position at 10:31 a.m. The Air Traffic Controller was not required to issue a traffic conflict advisory to either pilot and was, in fact, prohibited from doing so. It was the sole responsibility of the pilots to avoid other aircraft in uncontrolled airspace.

Air safety regulation as we know it today has been shaped by aircraft disasters that have happened in the past. Any given aviation disaster can be attributed to human failure, technical failure, extreme weather, or sabotage. Over time all these factors were as good as eliminated from aircraft accidents. Aviation had become the safest mode of transportation available. In search to further improve safety, the Safety Management System in aviation was implemented as a regulatory requirement to address human factors. Since all other systems had been improved, the time was right to improve the human factors system.

However, when the SMS was seen as the last link to create the utopia of safety in aviation it became the failure of aviation safety. SMS in itself could not and cannot fail, since it is a parallel system and an observing system of applied processes and not a system of operational control, but a system and tool to manage operational control. When applied correctly, SMS is the tool to discover flaws and apply corrections and not a tool to create the utopia of safety.

There are several articles written and surveys conducted placing a negative view of the Safety Management System. When SMS is looked upon as the one solution to bring utopia of safety into flying it will fail in the eyes of the beholder. In addition, if biased and personal opinions are applied, an effective SMS could easily be described as a disaster to safety.  This is simply because an effective SMS describes and paints a picture of how safe the operations are and to what confidence level an operator can support safety by data. When these articles and surveys describe SMS as being un-safe, or not useful at all, their statements are describing the operations itself and not the SMS. SMS is a system analyzing personal behavior and it becomes easier to attack the messenger than accept the facts of personal behavior that SMS had already discovered. When SMS becomes personal it sets the stage for operational failure and not the failure of the SMS.

Wednesday, November 15, 2017

Possibility or Probability

That there is a possibility does not imply that there is a probability.
Possibilities are variables while probabilities are facts. Probabilities vary due to the effect of possibilities. A possibility is often applied to safety as a fact with an undisputed path for an event to occur. Possibility is the expression of a desire for an event to occur, while probability is an analysis of facts to establish a likelihood level of an event to occur. When possibilities are applied to regulatory compliance operations gradually become a system failure, or a dysfunctional operation, while with the application of probabilities the operations improves their safety, or functional systems and operates with an effective SMS.

There is a possibility that all marbles remain in the bowl, but a low probability.
Probabilities are levels of the likelihood of one possibility, or the confidence level of a prediction that an event will occur in the future.
There is only one possibility applied, but this possibility is applied to the different criteria of likelihood. Likelihood is defined in many shapes and forms. One method is to define the likelihood of ten independent levels based on a time-frame between events.

Likelihood levels could be defined as follows:
A) Inconceivable
Times between intervals are imaginary, theoretical, virtual, or fictional.
B) Rarely
Times between intervals are beyond factors applied for calculation of problem-solving in operation.
C) Remotely
Times between intervals are separated by breaks, or spaced greater than normal operations could foresee.
D) Randomly
Times between intervals are without definite aim, direction, rule, or method.
E) Variable
Times between intervals are indefinable.
F) Occasionally
Times between intervals are inconstant.
G) Often
Times between intervals are protracted and infrequent.
H) Frequently
Times between intervals are reliable and dependable.
I) Regularly
Times between intervals are short, constant and dependable.
J) Systematically
Times between intervals are methodical, planned and dependable, without defining the operational system or processes involved.

When applying examples to these likelihood levels they become alive and practical in a Safety Management System.

The likelihood is inconceivable.
As an example, for each departure, there is a possibility for an airplane to experience an engine failure just after liftoff. However, the probability that this event occurs is based on data applied to a likelihood level. By applying the possibility to each level of likelihood and pick one level based on data it could be established what effect a possibility of an engine failure has on operational safety for each likelihood level. In this example the possibility is applied to a likelihood level of Randomly.

D) Randomly – an engine failure just after liftoff occurs randomly. These intervals between engine failures are without definite aim, direction, rule, or method.
However, when an engine failure is applied as a possibility only, it becomes a possibility to an inconceivable event and there could not be safety in aircraft operations.

The same scenario holds water when applying one possibility to regulatory compliance.  It could be said, and it has been said that there is a possibility for an operator to be non-compliant with one regulation and therefore a regulatory non-compliance finding could be issued. When applying one possibility without a link to likelihood all operations are non-conforming to regulatory requirements and all operations becomes non-conforming to safety.


Thursday, November 2, 2017

SMS: An Umbrella Or A Wheel

There are many names associated with the Safety Management System (SMS). A Safety Management System is often addressed as an additional layer of safety, but does not address what other layers of undefined processes this is an addition to. This statement is widely accepted as fact without analyzing the other underlined processes.  Several of steady improvements in the accident rate during the lifespan of aviation was attributable to improvements to technology, such as the introduction of more reliable engines and navigation systems. Pilot error, or human factors, were assigned as the root cause of accidents each time there was an accident. This root-cause statement included a statement that a person had failed to comply with a regulation or standard which had been arbitrary implanted by the State. 
Umbrella is a shield of protection and not s system of safety.
More than once a new regulation or standard would be arbitrary implemented after a major accident. Assigning the blame to the flight crew was an easy way out and without accountability to the operational processes.  Continuous safety improvement in aviation had become difficult when applying an approach to assign root cause of an accident to one person only. The task of continuous safety improvement had now become a task to find a flight crew member who would never be involved in a future accident. Since this is an impossible task the Safety Management System was developed to make aviation a more perfect operation with an assigned safety operational confidence level.

This new approach to manage organizational factors, human factors, supervision factors and environmental factors was looked upon as an additional layer of safety to what the aviation industry already was doing. However, the aviation industry had not been doing anything else but to comply with regulatory and standards requirements. When the SMS program was presented as an additional layer of safety, everyone assumed that by complying with this highest level of layer of a hierarchy all other regulations and standards would take care of themselves. It had become an assumption that they were self-regulated by the Safety Management System. 

While the assumption of being self-regulated is a misconception of the SMS, both the operators SMS and the aviation authority oversight system is a part of a complete package. The concept of an SMS is that the operator has processes in place for the safe operations of an aircraft or airport and processes in place to ensure regulatory compliance. When there is an audit by the aviation authority the ideal outcome is that there are zero findings, or an operational zero tolerance to compromise aviation safety.

An SMS is a formal means for operators to demonstrate their management capability to meet their obligation to operate at the highest level of safety in the public interest. While both oversight systems and are highly complementary and interactive, they are both separate and essential components of the regulatory safety management strategy. In other words, SMS is a parallel system and supporting system to the operations.

SMS is to strengthen each spoke of the wheel.
SMS has been described as an umbrella in of the operational safety management system. An umbrella is a tool that covers or protects from above. When applied to the SMS system the umbrella is an overarching system encompassing all other systems within the organization. If this was the fact, that the SMS system is an umbrella, it would take precedence over all systems within an organization. This would cause mass-confusion and inability to manage operations. With the SMS established as an umbrella, anyone can use the safety-card to disable organizational safety management.

On the other side, when the SMS system is looked at as a parallel system to operations and as a tool of a wheel with spokes it becomes manageable and practical in the application of safety. As a parallel system and a wheel of with spokes, the operator may choose to strengthen the wheel by applying more powers to one or the other spokes. SMS is not an overarching operational umbrella system. SMS is a system that is receiving data from operational practices and applying this data to each one of the spokes in the wheel to strengthen the wheel and operational confidence level of safety management.