DASR SMS

UNCONTROLLED WHEN PRINTED

SMS.A.10 Scope (AUS)

This Section establishes the measures to be taken to ensure that safety management is conducted. It also specifies the requirements to be met by an organisation to qualify for the issue or continuation of an approval under which the organisations application originated from. GM

GM SMS.A.10 Scope (AUS)

The requirements contained in this Part are invoked via reference from the DASR Part the organisation is seeking approval from, that is, this Part is only a requirement on an organisation once another Part within the DASR framework have included Part SMS as a specific requirement.

SMS.A.25 Safety Management System (AUS)

(a) The organisation shall establish and maintain a Safety Management System (SMS) maturity level that is acceptable to the Authority. GM

GM SMS.A.25 (a) Safety management system maturity level (AUS)

SAFETY MANAGEMENT SYSTEM

Background

1. Regulators impose regulations with the aim of providing a minimum level of protection against hazards within their domain scope. However, the effectiveness of the regulatory intent is dependent on organisational, environmental and human factor influences present in the regulated Organisations. In the aviation domain a regulated Organisation is defined as any Organisation that provides Aviation Products and/or Services; such as, Operators of Aeroplanes and Helicopters, Approved Training Organisations, Approved Maintenance Organisations, Approved Design Organisations, Air Traffic Services and Operators of Certified Aerodromes that are required to satisfy the DASR requirements. Safety

Management System (SMS) regulations assist by enhancing the traditional regulation set, by providing mechanisms by which these influences can be effectively assessed for safety implications and treated. SMS regulations also implicitly acknowledge that safety improvements are not possible beyond a rudimentary minimal level without a corresponding strengthening of the organisational safety culture.

Rationale

2. Process regulation provides a minimum level of protection against hazards that threaten safety, with overall effectiveness limited by organisational, environmental and human factors. A safety management system provides a higher level of safety by supporting and extending the protection afforded through process regulation alone.

Purpose

3. The purpose of a Safety Management System is to provide Organisations with a systematic, explicit, staged and comprehensive approach to managing risks to aviation safety, including the necessary organisational structures, accountabilities, policies and procedures. An effective Safety Management System improves the likelihood of predicting, preventing and treating hazards, errors and violations by ensuring that SMS elements are present, suitable, operating and effective. In doing so, the SMS should be seen as a capability sustainment investment, not as an overhead.

INTRODUCTION

Safety management system framework

4. DASR SMS requirements are derived from the international standards and recommended practices published by ICAO in Annex 19 to the Convention on International Civil Aviation and the guidance contained in the Safety Management Manual (SMM) (Doc 9859 third edition). This advocates an SMS as a dynamic risk management system based on quality management system principles, in a structure scaled appropriately to the organisational risk, and applied in a safety culture environment. It also defines the SMS framework as comprising four core components, as follows:

a. safety policy and safety objectives,

b. safety risk management,

c. safety assurance, and

d. safety promotion.

5. The combination of safety risk management, safety assurance and safety promotion, as enacted by safety policy and safety objectives, provide the means for an Organisation to maintain a balance between capability and safety. ICAO acknowledges that for the aviation domain to effectively

continue to progressively improve safety, many interfacing functions need to be considered as part of the broader SMS, including: operations, maintenance, design, airspace management, aerodrome services, and training development and delivery providers. Defence aviation acknowledges that a phased approach to SMS introduction is required, starting with operations and maintenance, and expanding to the latter functions discussed above as SMS implementation matures, lessons learned are adapted, and Defence makes a conscious choice to broaden SMS applicability.

6. Within Defence, Organisations may be integrated to provide more effective turn-key solutions to capability (numerous regulated Organisations operating efficiently) e.g. maintenance Organisations integrating into operational squadrons. Large commercial Organisations also display this approach when integrating a number of business units. This means that an Organisation’s implementation of their SMS will only be totally

Page 1 of 16

1UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

effective, and strive for continual safety improvement, when a level of coordination and/or integration to other interfacing Organisations also exists. These approaches align with ICAO’s Annex 19 intent, to ensure that Organisations have:

a. a richer picture of aviation safety is provided against the organisational mission;

b. efficiencies in process intent and application can be exploited across all areas of the Organisation; and

c. the likelihood of identifying real, but typically ill-defined safety concerns at the interfaces between each function and area is increased.

Safety culture

7. The safety culture of an Organisation is one of the most challenging elements of the SMS. Simply put, the safety culture is the way safety is perceived, valued and prioritised. It reflects the real commitment to safety at all levels and can be described as ‘how’ the Organisation conducts its activities to ensure safety is considered in all cases. Practices that support the creation and nurturing of a positive safety culture evolve as the Organisation continuously promotes safety as a core value.

8. Safety culture has been defined as the set of values, beliefs, norms, attitudes and practices shared by a group, concerned with minimising hazardous exposures to staff and the public. Safety culture promotes a shared attitude of concern and responsibility, and is regarded as a fusion of the following desirable sub-cultures within an Organisation:

a. Informed culture—staff are knowledgeable about the system (human, technical, organisational and environmental factors) and what factors determine the level of safety.

b. Flexible culture—organisationally characterised by shifts from conventional ‘hard-coded’ hierarchies to flatter professional outcome-based structures, better pre-empting the need to adapt processes and intents to suit changing organisational contexts.

c. Reporting culture—staff are willing to report hazards, errors and experiences, even when such reports may reflect poorly on their involvement, as the motivation to maintain a safe environment and the safety of their colleagues is considered the highest priority.

d. Learning culture—staff have the will and competence to draw safety conclusions from information, and the will to implement corrective/preventive actions.

e. Just culture—staff are encouraged to reactively and proactively self-assess and generate safety-related information, but a clear line exists between acceptable and unacceptable behaviour, i.e. individuals are both held accountable for their actions and treated fairly by

the Organisation.

9. In combination, the above sub-cultures set the boundaries for acceptable behaviour and provide a framework for decision making, thus providing

an environment for improving safety culture maturity. Further, as cultures are generated from the top down, safety culture can be positive, negative or neutral. A positive safety culture is pervasive across all SMS core components and self-sustaining in the main, and places safety at the forefront of every task conducted. Organisation’s benefit from a positive safety culture through:

a. minimising the opportunity for human error, resulting in fewer accidents and incidents, and thus reduces costs and increases capability;

b. increasing safety knowledge, and the consistency of that knowledge across all levels of the Organisation;

c. increasing motivation, trust and staff participation;

d. helping to promote communication and positive attitudes towards safety throughout the Organisation; and

e. greater integration of safety within all work practices over time.

10. Safety culture maturity exists along a continuum that reflects the standard of safety performance possible in the Organisation. Higher levels of safety performance can only exist with corresponding advancements in an Organisation’s safety culture.

Integrity Concept represented as an Adaptation of the Bow-Tie Methodology

11. The management of controls to address the threats to ‘Integrity’ are well documented and have been articulated using various models, examples of the models are the Organisational accident and Bow-Tie models. For a product or output to have integrity it must satisfy or exceed the defined requirements for that product or output. These models are used to identify the threats to the integrity of the products or outputs that are produced by an Organisation or person which must be treated to minimise the likelihood of major accidents or events that would be harmful to people, assets or the environment.

12. An adaptation of the Bow-Tie model was developed to provide a high level view of the numerous aviation threats and their corresponding controls (in this context the term control can be substituted for the term barrier). Additionally, the Bow-Tie was built upon the management techniques,

treating the threats to the integrity, of Product and Process. A pictorial representation of the adapted Bow-Tie is provided at Figure 1.

13. In the Bow-Tie model the aviation threats were grouped into three threat groups, that of Product Behaviour Process (i.e. three integrity threat lines

of the Bow-Tie). The resulting three components (written in a positive context) of integrity are as follows:

a. product integrity - the product/output/function satisfies a defined set of standards/requirements;

b. behavioural (person) integrity - the quality of a person, possessing and steadfastly adhering to high moral principles or professional standards; and

c. process integrity - an established set of actions to be followed to ensure a consistent outcome.

14. Placed along these three integrity threat lines are preventative controls. These controls represent activities put in place to prevent loss of integrity. Each control can be considered an attestation within the regulatory framework. All attestations of acceptability must be founded on suitably identified standards. This allows for identification of whether the product, behaviour or process being tested is of a suitable standard.

Page 2 of 16

2

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

15. To ensure that there is consistency within the model five distinct controls within each of the product, behaviour and process integrity threat lines were identified. The five threat line controls are:

a. define the standard,

b. progressively inspect,

c. assess against the standard,

d. identify deficiencies and rectifications, and

e. attestation of acceptability / accountable action.

16. On the Behavioural Integrity threat line there is an additional control which is titled “compounding factors”. These compounding factors can influence inactions on part of the person or group of persons which could ultimate effect the products/outputs fitness. Examples of these compounding factors are as follows:

a. Human (e.g. shift work, sleep, inconsistent mental application);

b. Environmental (e.g. hot, cold, windy, wet, dark, etc); and

c. Cultural (e.g. deliberate non-conformance to procedures, Caustic management) within the organisational domain.

Figure 1 - Pictorial representation of the adapted Bow-Tie

1. The product, behaviour and process integrity need to be monitored to ensure there is no loss of integrity. Both Behavioural and Process integrity are inward looking and both generally support the product integrity outcomes. From a Risk Management point of view the use of the Product-Behaviour-Process basic Bow-Tie concept can be applied to many situations and can also be applied both qualitatively and quantitatively.

(b) The organisation’s SMS shall include the key components of;

1. an Organisation’s safety policy and objectives, AMC GM – General GM - MAOC GM - M GM - 21 GM - 145

GM SMS.A.25 (b) (1) Safety policy and objectives (AUS) - DASR 145

There is no specific DASR 145 guidance material for "Organisation’s safety policy and objectives"

Refer GM - General

GM SMS.A.25 (b) (1) Safety policy and objectives (AUS) - DASR 21

There is no specific DASR 21 guidance material for "Organisation’s safety policy and objectives"

Refer GM - General

GM SMS.A.25 (b) (1) Safety policy and objectives (AUS) - DASR M

There is no specific DASR M guidance material for "Organisation’s safety policy and objectives"

Refer GM - General

Page 3 of 16

3UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

GM SMS.A.25 (b) (1) Safety policy and objectives (AUS) - MAOC

There is no specific MAOC guidance material for "Organisation’s safety policy and objectives"

Refer GM - General

GM SMS.A.25 (b) (1) Safety policy and objectives (AUS) - General

1. Management’s commitment to safety should be formally expressed in a statement of the Organisation’s safety policy. This should reflect the Organisation’s philosophy of safety management and become the foundation on which the Organisation’s SMS is built. The safety policy outlines the methods and processes that the Organisation will use to achieve desired safety outcomes, and it serves as a reminder as to ‘how we do business here’. The creation of a positive safety culture begins with the issuance of a clear, unequivocal direction through a Safety Policy.

2. The safety policy should be a written document that is issued under the authority of the highest level of management of the Organisation (the Accountable Manager) and communicated to all staff. A sample corporate safety policy statement is included within AMC SMS.A.25 (b) (1) Safety Policy and Objectives (AUS).at Appendix I. This statement presents a tangible indication of the Accountable Manager’s commitment to safety.

3. With respect to the Accountable Manager, it is normally intended to mean the Chief Executive Officer or senior military commander of an Organisation, who by virtue of position has overall (including in particular resource allocation) responsibility for running the Organisation. The Accountable Manager may be the Accountable Manager for more than one Organisation and is not required to be

necessarily knowledgeable on technical matters. When the Accountable Manager is not the Chief Executive Officer or senior military commander, the Authority will need to be assured that such an Accountable Manager has direct access to the Chief Executive Officer or senior military commander and has a sufficiency of ‘maintenance resources’ allocation,

4. In preparing a safety policy, the Accountable Manager should consult widely with key staff members in charge of safety critical areas. Consultation ensures that the document is relevant to staff and gives them a sense of ownership in it. Corporate safety policy must also be consistent with relevant DASR regulations.

Accountable Managers and other key safety personnel accountabilities

5. The Organisation should nominate an individual who will be accountable to the Authority for the implementation and on-going management of the SMS, and the safety performance of the Organisation. While the Accountable Manager remains accountable, SMS functions may be subdivided to other key safety management personnel, provided the safety responsibilities of each individual in the Organisation are clearly defined through the Organisation’s safety policy.

6. The safety accountabilities of the Accountable Manager include ensuring:

a. commitment of Organisation’s personnel to their individual and collective safety responsibilities;

b. provision of the resources necessary for effective safety management;

c. awareness of the Organisation’s SMS at all levels of the Organisation;

d. promotion and demonstration of commitment to the safety policy through their active and visible participation in SMS processes;

e. defined standards for acceptable safety behaviour;

f. active encouragement of safety reporting, with explicit support of a ‘just culture’ as part of the overall safety culture of the Organisation;

g. an appropriate process by which safety culture can be measured and improvements planned;

h. periodic review of the safety policy to ensure it remains relevant and appropriate to the Organisation; and

i. commitment to continuous improvement of SMS performance.

Management commitment

7. The Organisation should develop a succinct safety policy and safety objectives statement that demonstrates genuine management commitment to, and responsibility for, the SMS. Senior management should develop and resource an organisational structure that is capable of supporting the agreed SMS functions. It should clearly depict safety accountabilities and lines of communication for safety issues, and recognise the commitment to the safety contributions required by all staff. The creation of a positive safety culture begins with the issuance of clear, unequivocal direction, an indication of the types of behaviours that are unacceptable, and the conditions under which disciplinary action would not apply.

Appointment and responsibilities of key safety personnel

8. The appointment of key safety personnel is vital to the effective functioning of an SMS. The number, type, skills, composition and appointment approach of these members will differ greatly depending on the size, nature and complexity of the business undertaken. Despite the Accountable Manager being accountable to the Authority for the safety performance of the Organisation, safety management functions need to be tailored to the business scope of the Organisation, for example:

a. Large or complex Organisations. Large Organisations would be expected to have a dedicated safety department, led by dedicated Safety Manager whose duties may encompass SMS management. There would be scope within the department to

appoint deputies and additional staff as required. Note that the safety manager may be identified by different titles in different Organisations.

Page 4 of 16

4UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

b. Medium-sized Organisations. A medium-sized Organisation could be expected to have a dedicated Safety Manager who might also hold responsibilities within other contributing management systems, and possibly some dedicated safety employees. There would be scope for deputies to be appointed when required.

c. Small or non-complex Organisations. Small Organisations could be expected to allocate Safety Manager responsibilities to one or more of its employees as the primary secondary duty, given the Organisation’s limited SMS complexity.

Other safety-related personnel may include:

a. members of safety committees,

b. safety investigators,

c. safety training facilitators, and

d. emergency response coordinators.

Relevant third party relationships and interactions

9. This section of the SMS explains the manner in which the Organisation manages interactions with all Organisations and personnel external to the Organisation. The provision of a product or service often involves third parties (Headquarters, service providers, contractors and suppliers) in areas such as ground handling, ground support, component repair, training, planning, asset movement, painting, non-destructive testing (NDT), design, maintenance, etc. An SMS assures that the level of safety provided by the Organisation is not eroded by the inputs, services and supplies provided by external Organisations.

10. The Organisation holds overall responsibility for the safety of services provided by any third parties. The ‘work scope’ instrument should specify the safety standards to be met. The instrument management authority then has the responsibility for ensuring that the third party understands and complies with the safety standards prescribed.

Emergency response coordination

11. The purpose of emergency response coordination is to ensure that there is an orderly and efficient transition from emergency to normal operations. Organisation operations, including the assignment of emergency responsibilities and delegations of authority. An Emergency Response Plan (ERP) would provide the means to coordinate emergency efforts. The overall objectives are to minimise

harm to personnel, continue the safe delivery of capability, and then return to normal operations as soon as possible.

12. An ERP is an integral part of the SMS, and is activated in the event of defined occurrences. The ERP is designed to ensure the

following is in place prior to the occurrence:

a. the orderly and efficient transition from emergency to normal operations,

b. the delegation of emergency authority,

c. the assignment of emergency responsibilities,

d. the authorisation of key personnel for actions contained in the plan,

e. the definition and management of appropriate initial and recurrency training for personnel assigned to emergency roles,

f. the required coordination of efforts to cope with the emergency,

g. the safe continuation of operations or return to normal operations as soon as possible, and

h. the plans and coordinated actions to ensure the risks attributable to a major safety event can be managed and minimised.

13. Organisation’s need not develop a new ERP if their defined emergency operations are already covered by a suitable existing plan. They may leverage off a corporate ERP, or a site ERP, provided they identify the interfaces to that plan, their responsibilities within it, and what circumstances would cause it to be activated. Like all facets of an SMS, the ERP will depend on the size, nature and complexity of the business undertaken, and the emergency scenarios that are relevant to the Organisation. The ERP will need to be periodically exercised to test its effectiveness.

Safety management system documentation

14. The purpose of formal SMS documentation is to describe the Organisation’s SMS, as defined by the elements of these DASR’s, and communicate it internally to staff, and externally to interfacing Organisations. Documentation provides the authoritative basis for the establishment, and improvement of, the Organisation’s level of safety. Tailored to Organisation size, scope, complexity and risk context, SMS documentation captures SMS components, management, procedures and activities, including relevant integration for effectiveness and efficiency; and provides traceability. It also clarifies how the Organisation’s safety management activities link to the Organisation’s safety policy.

Gap analysis

15. Prior to developing an SMS implementation plan, a gap analysis should be conducted to compare the Organisation’s extant safety management processes with the requirements of the ICAO-based SMS framework. Most established Organisations are expected to already have implemented many SMS requirements due to their Organisation’s need to comply with the Defence Aviation Safety Manual, civil or military airworthiness regulations, or industry best-practice. The gap analysis facilitates Organisation specific definition of a tailored SMS implementation, reflective of the Organisation’s business context.

Safety management system plan

Page 5 of 16

5

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

16. The most important document in an SMS is the SMS plan. The SMS plan—ensures that the safety policy is implemented and maintained at all levels of the Organisation, and to develop targets to match safety objectives. As part of an Organisation’s initial or on-going Authority certification, the Organisation needs to have developed, and demonstrated adherence to an SMS plan that covers all elements of the regulation. This can be a stand-alone document, or included within another relevant Organisation management plan.

17. Initially the document may need to be structured as a SMS implementation plan, with intended SMS scope, tasks required to be implemented, and phasings, to capture how the Organisation will develop an effective SMS. Over time, as SMS processes are embedded and become functional within the Organisation, the implementation plan will transition naturally to become the SMS plan.

Phased approach to safety management system implementation

18. Every Organisation should ensure that its SMS is tailored for its organisational mission, irrespective of Organisation size, nature, complexity and risk context. There is no ‘one size fits all’ SMS approach, however in most cases all elements required by the regulations need to be evident. Notwithstanding it has been determined by the Authority that design Organisation do not require an ERP.

19. Where one or more Organisations exist within a larger business group, each Organisation may leverage off a single, corporate level SMS. A dedicated department of the group may provide any or all of the safety management functions for all Organisations under its umbrella.

20. Larger or more diverse Organisations may need several safety management levels and/or safety committee structures to effectively focus on strategic as well as tactical safety issues. Conversely, small Organisations may not need dedicated safety staff, instead relying on a number of employees to perform the multiple functions required—SMS management may therefore be more simplified. In very small Organisation’s, maintaining independence in safety assurance functions may not be possible, in which case it would be

acceptable for safety assurance and investigation functions to be conducted by other parties with the requisite competencies.

21. Following the gap analysis, a time-phased approach to SMS implementation is favoured. The bigger the Organisation and scope of

activities, the longer the period required. The phased approach recognises that the implementation and sustainment of a fully mature SMS can only be achieved over successive years, permitting the SMS to gradually mature with each phase. A time-phased approach also recognises that continuous SMS improvement is not possible without corresponding advancement towards a ‘generative safety culture’. Other benefits of a phased approach to SMS implementation include:

a. the provision of a manageable series of steps to follow in implementing the SMS, including allocation of resources;

b. effectively balancing workloads associated with SMS implementation against capability generation;

c. the ability to more easily report SMS implementation progress;

d. the need to allow implementation of the SMS framework in various sequences, depending upon the Organisation’s current level of SMS maturity;

e. the initial availability of data and processes to support reactive, proactive and predictive safety risk management practices;

f. the need for a methodical process to ensure an effective and sustainable SMS implementation; and

g. to avoid ‘cosmetic compliance’, whereby a realistic implementation of an effective SMS is sought.

22. An example of a phased approach to SMS implementation is provided in Appendix II —Example of Phased SMS implementation, to be tailored by each Organisation dependent on its gap analysis results. As part of the initial Organisation certification process of DASR SMS completion of Phases 1 and 2 is required.

AMC SMS.A.25 (b) (1) Safety Policy and Objectives (AUS)

A SMS structure, inclusive of its associated elements, is identified below.

1. Organisation’s safety policy and objectives. The Organisation’s safety policy and safety objectives will define the Organisation’s safety policy and convey its expectations, objectives, commitments, and accountabilities to its employees and must include the following:

a. a nominated Accountable Manager who will be accountable to the Authority for the Organisation’s SMS and demonstrate the following:

i. The Accountable Manager has been appointed with full responsibility and ultimate accountability for the SMS to ensure it is properly implemented and performing effectively, and has control of the financial and human resources

required for the proper implementation of an effective SMS. The Accountable Manager is fully aware of their SMS roles and responsibilities in respect of the safety policy, safety standards and safety culture growth required in the Organisation.

ii. Safety accountabilities, authorities, roles and responsibilities are defined and documented throughout the Organisation and safety management is shared across the Organisation.

b. the Accountable Manager’s commitment to the SMS and demonstrate the following:

i. There is a safety policy statement (see example at Appendix I to AMC SMS.A.25 (b) (1)) that is signed by the Accountable Manager and includes:

Appendix I to AMC SMS.A.25 (b) (1) Safety Policy and Objectives (AUS)

Sample Safety Policy Statement

Page 6 of 16

6UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

1. Safety is the first priority in all our activities. We are committed to implementing, developing and improving strategies, management systems and processes to ensure that all our aviation activities uphold the highest level of safety performance and meet national and international standards. In order to achieve this, our safety objectives are set down in this policy statement

2. Our commitment is to:

a. Develop and embed a safety culture in all our aviation activities that recognises the importance and value of effective aviation safety management and acknowledges at all times that safety is paramount;

b. Clearly define for all staff their accountabilities and responsibilities for the development and delivery of aviation safety strategy and performance;

c. Minimise the risks associated with aircraft operations so far as is reasonably practicable;

d. Ensure that externally supplied systems and services that impact upon the safety of our operations meet appropriate safety standards;

e. Actively develop and improve our safety processes to conform to world-class standards;

f. Comply with and, wherever possible, exceed legislative and regulatory requirements and standards, including but not necessarily limited to those mandated by Defence;

g. Ensure that all staff are provided with adequate and appropriate aviation safety information and training, are competent in safety matters and are only allocated tasks commensurate with their skills;

h. Ensure that sufficient skilled and trained resources are provided and available to manage safety and implement safety strategy and policy;

i. Establish and measure our safety performance against realistic objectives and/or targets;

j. Achieve the highest levels of safety standards and performance in all our aviation activities;

k. Continually improve our safety performance levels;

l. Conduct safety and management reviews and ensure that relevant action is taken;

m. Actively encourage, promote, reward and give feedback in response to safety reporting amongst our staff; and

n. Ensure that aviation safety is maximised through the application of an effective SMS, which is integral to all our aviation activities.

- a commitment towards aviation safety

- a commitment to all Defence aviation regulatory requirements

- a commitment to provide appropriate resources for safety management

- a commitment to continuous improvement in the Organisation's safety levels

- a commitment to the ongoing development of the Organisation's safety management system.

- the Organisation’s safety objectives

- active encouragement of safety reporting

ii. The Accountable Manager promotes and demonstrates their commitment to their safety policy through active and visible participation in the safety management system, and by ensuring that this system is based on their safety policy.

iii. The safety policy is reviewed periodically to ensure it remains current.

iv. A disciplinary policy has been defined that clearly identifies the conditions under which punitive action would be considered (e.g. illegal activity, negligence or wilful misconduct), and is used by the Organisation.

v. There is evidence of decision making, actions and behaviours that reflect a positive safety culture.

c. the appointment and responsibilities of key safety personnel and demonstrate the following:

i. A competent person with the appropriate knowledge, skills and experience has been nominated to manage the operation of the SMS, and fulfils the required job functions and responsibilities.

Page 7 of 16

7UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

ii. There is a direct reporting line between the Safety Manager and the Accountable Manager, and the Accountable Manager and other key safety personnel are made aware of agreed safety information.

iii. Sufficient resources have been allocated to manage the SMS including manpower for safety investigation, analysis, auditing and promotion, and personnel in key safety roles are kept trained / current.

d. relevant third party relationships and interactions and demonstrate the following:

i. Potential aviation safety hazards and associated risks from third party contractors and suppliers are continuously risk managed, assured and promoted.

ii. Documented procedures are in place to establish and manage third party interfaces.

e. the coordination of emergency responses and demonstrate the following:

i. An Emergency Response Plan (ERP), if required, that reflects the size, nature and complexity of the operation has been developed, defining the procedures, roles, responsibilities and actions of the various Organisation’s and key personnel, and is periodically tested.

ii. The Organisation has a process to inform all personnel of the ERP requirements, and all personnel are aware of their responsibilities.

f. SMS documentation and demonstrate the following:

i. There is documentation that describes the safety management system and the interrelationships between all of its elements, and it is readily available to all personnel.

ii. SMS documentation is regularly reviewed and updated with appropriate version control in place.

iii. The SMS documentation describes the means for the storage of SMS related records.

2. safety risk management, AMC GM – General GM - MAOC GM - M GM - 21 GM - 145

GM SMS.A.25 (b) (2) Safety risk management (AUS) - DASR 145

There is no specific DASR 145 guidance material for "safety risk management"

Refer GM - General

GM SMS.A.25 (b) (2) Safety risk management (AUS) - DASR 21

1. This GM, which must be read in conjunction with SMS-General guidance, is applicable to organisations holding an MDOA for Defence aircraft or aeronautical product, and presents information related to both Part 21 J MDOA holder responsibilities and MTC holder responsibilities per DASR 21.A.44. This GM is only concerned with the characteristics of an SMS that satisfy an organisation’s obligations under SMS.A.25 (b) for aircraft designs (i.e. product characteristicsrather than process and behaviour).

PURPOSE AND OBJECTIVES OF AN SMS FOR AIRCRAFT DESIGN

2. The purpose of an SMS for aircraft design (ie product) is to ensure that all hazards in new Defence aircraft designs or latent hazards in in-service aircraft are identified and controlled, and that control measures are periodically reviewed for effectiveness. An effective SMS also assists design organisations to satisfy their obligations under Commonwealth WHS legislation.

3. The SMS should achieve the following objectives:

a. hazards in new designs are identified and eliminated, or the associated risk is analysed, evaluated and reduced so far as is reasonably practicable;

b. hazards identified in-service are eliminated, or the associated risk is analysed, evaluated and reduced so far as is reasonably practicable;

c. hazards and associated risks are tracked and managed throughout the aircraft’s lifecycle, using a closed loop hazard tracking system;

d. hazards, and associated risk controls, are clearly articulated to all stakeholders to ensure that a risks are managed in-service; and

e. residual risks are communicated to the appropriate management authority to support risk retention determinations.

4. The responsibility for implementing SMS procedures resides with design organisations for ‘new’ designs, and the MTC holder (or MTCH delegate) for identification and control of latent hazards, in-service review of hazards, associated risks and risk control effectiveness and facilitation of risk retention.

DESIGN ORGANISATION RESPONSIBILITIES

5. A design organisation’s SMS should enable and support the identification of hazards, and the analysis, management and communication of technical risk inherent in a new design or design change. The SMS should include:

a. hazard identification techniques tailored to suit the specific design activity being undertaken;

b. risk analysis techniques commensurate with the scope of the design and the potential impact on airworthiness;

Page 8 of 16

8

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

c. risk control techniques that comply with mitigation approaches using the design order of precedence, and the WHS hierarchy of controls;

d. procedures for documenting hazards, risks and associated risk controls using a hazard log that includes, as a minimum, details of:

i. the hazard,

ii. the likelihood and consequences of the hazard and associated risk level,

iii. the risk controls that have been implemented and are required to be maintained to reduce the risk so far as is

reasonably practicable,

iv. the review period applicable to each risk control, and

v. the organisations responsible for implementing each risk control.

e. procedures for disclosing, in Instructions for Continuing Airworthiness (ICA), any risk controls required to ensure continued compliance with the type-certification basis; and

f. procedures for risk control and communication, including:

i. where a risk control must be implemented outside of the design organisation, communicating the requirement to implement the control to the responsible organisation;

ii. where the design organisation assesses that a design deficiency does not result in a non-compliance with the basis (ie the level of safety is not impacted), advising the MTC applicant (for new Defence aircraft), the MTC holder organisation or MTCH delegate as applicable; and

iii. where the design organisation cannot confirm that a design deficiency remains compliant with the type-certification basis, communicating the associated risk and proposed risk controls to the MTC applicant (for new Defence aircraft), the MTC holder organisation or MTCH delegate as applicable, for their approval

6. MTC HOLDER (OR MTCH DELEGATE) RESPONIBILITIES

7. The MTC holder (or MTCH delegate) has specific responsibilities for ensuring that the aircraft design remains compliant with the type-certification basis and that hazards are appropriately managed. The MTC holder (or MTCH delegate) should therefore ensure that the following SMS outcomes for aircraft design are achieved. Note that MTCH delegates will discharge many of the responsibilities described below through the MDOA holder that has been contracted to fulfil MTC holder obligations under 21.A.44.

Identification of latent hazards and establishment of risk controls.

8. The MTC holder (or MTCH delegate) should ensure that the SMS includes:

a. interface arrangements with operations and continuing airworthiness organisations to gather relevant data associated with system failures, malfunctions and defects (eg defect reports, ASORs, MASORs, unserviceability statistics, and so on) per DASR 21.A.3;

b. analysis of the data by the applicable design organisation to determine if the system remains compliant with the aircraft/system type-certification basis (eg have underpinning assumptions regarding levels of reliability been undermined?);

c. procedures for establishing risk controls where the data reveals that a shortfall against the type certification basis exists; and

d. procedures for risk communication, including:

i. advising relevant risk management authorities of risk assessment outcomes for new or changed hazards identified in-service; and

ii. communicating hazards, associated risks and risk controls to all relevant stakeholders.

In-service review of hazards, associated risk and risk controls.

9. The determination that a risk has been reduced so far as is reasonably practicable is always influenced by the particular circumstance. From a technical perspective, if the circumstances change (e.g. improvements in technology that make previously impractical controls practical or the risk context changes), the basis of the determination that risk has been reduced so far as reasonably practicable may be invalidated. Periodic review of risk controls is therefore required.

10. The MTC holder (or MTCH delegate) should ensure that the SMS includes processes for:

a. periodically evaluating and confirming the effectiveness of extant technical risk controls;

b. assessing any changes to the risk context (eg operational role/environment) that may impact extant risk analyses and risk control effectiveness; and

c. communicating any changes in the effectiveness of risk controls to the aircraft operators and the responsible design organisation.

Facilitation of initial and on-going risk retention.

11. The MTC holder (or MTCH delegate) is responsible for facilitating risk retention due to design deficiencies by acting as the risk retention authority within delegated limits and/or ensuring that data required to support informed risk retention decisions are communicated to the appropriate risk retention authority.

12. The MTC holder (or MTCH delegate) should ensure that the SMS includes:

a. arrangements for design organisation communication of residual risk to the MTC holder (or MTCH delegate); and

b. procedures for:

Page 9 of 16

9

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

i. confirming that all design risk controls that reduce the risk so far as is reasonably practicable have been implemented;

ii. enacting risk retention by the MTC holder (or MTCH delegate) within the limits of delegated authority;

iii. where the MTC holder (or MTCH delegate) cannot enact risk retention, communicating the risk to the appropriate risk retention authority; and

iv. communicating deficiencies to the Authority to support a determination of the impact on the type-certification basis (and MTC) and resolution actions required.

Authority implementation guidance.

13. An Airworthiness Advisory Circular (AAC) that provides further guidance on implementing an SMS that satisfies the requirements of

DASR SMS.A.25 (b) for Part 21 organisations will be published by Sep 16.

GM SMS.A.25 (b) (2) Safety risk management (AUS) - DASR M

There is no specific DASR M guidance material for "safety risk management"

Refer GM - General

GM SMS.A.25 (b) (2) Safety risk management (AUS) - MAOC

There is no specific MAOC guidance material for "safety risk management"

Refer GM - General

GM SMS.A.25 (b) (2) Safety risk management (AUS) - General

Safety Risk Management

1. Organisation’s needs to ensure that the risks to aviation safety posed by their Aviation Activities, and the interface of those Aviation Activities to other organisational functions, are controlled to meet agreed safety performance targets. This process is known as safety

risk management and includes hazard identification, safety risk assessment and the implementation and monitoring of appropriate safety risk controls.

2. Safety risk management is the core component of an SMS and systematically identifies risks that exist within the context of the delivery of an Organisation’s products or services. Safety risks could be identified reactively, proactively or predictively, and a mature SMS caters equally for all three.

3. At the micro level, hazards may result from product, process or behaviours that are deficient in design, training, function, or human interfaces with other processes or systems. At the macro level, hazards may also result from latent failures of product, process, or organisational systems to account for human performance nuances, or failures to adequately adapt to changes in the Organisation’s operating context. Generally it will always be easier to adapt the system to human performance nuances, rather than the other way around.

4. The Safety Risk Management processes are triggered into action when proposed new systems or changes to systems are being considered. The level of safety Risk Management documentation required will be based on the complexity of the new system or change to an existing system. Note that a system could be people, hardware, software, information, procedures, facilities, services, and other support facets which are directly related to an Organisation’s aviation safety activities.

5. Additional guidance on Safety Risk Management processes including the So Far As is Reasonably Practicable (SFARP) concept may be found in the following service specific governance requirements:

a. Joint Directive 30/2015 – The Management of Risk in Defence

b. Defence Work Health and Safety (WHS) Manual

c. AAP 6730.001 – Air Force Safety Manual

d. ArmySAFE Manual

e. ABR 6303 – Navy Safety Systems Manual

f. AAP 6734.001 – Defence Aviation Safety Manual (DASM).

Hazard identification

6. Hazard identification forms the basis of safety risk management. Hazards in an Organisation can be classified into a number of groups, two of which are—aviation safety hazards and personal injury safety hazards. Prior to implementing an SMS required by this

DASR, it is important to understand the difference between the two. They give rise to different risks with different consequences, and therefore the management of personal injury safety risks does not indicate appropriate management of aviation safety risks. In the context of an Organisation, some hazards can generate an aviation safety risk and/or a personal safety risk, both of which need to be managed.

Page 10 of 16

10

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

7. Aviation safety hazards could potentially compromise flight safety, e.g. human factors. Aviation safety hazards have the potential to significantly and adversely affect capability by causing multiple fatalities and major damage to aviation assets, i.e. an aircraft crash.

8. Personal injury safety hazards on the other hand, affect individuals but have limited potential to impact flight safety. Personal safety hazards typically lead to incidents such as slips, trips, falls, hearing damage, manual handling injuries, and radiation burns.

9. Hazards can be identified reactively, proactively and predictively from a range of sources. Obviously the more proactive and predictive hazard identification and control is present, the less we will be bound to continue learning from incidents and accidents. Other possible sources include, but are not limited to:

a. Reactive hazard identification.

i. Mandatory incident, serious incident, and accident reporting and the investigations that have arisen for these occurrences.

b. Proactive hazard identification.

i. voluntary and confidential hazard reporting,

ii. brain-storming using experienced personnel,

iii. development of risk scenarios and controls for all activities,

iv. surveys and audits,

v. in-process task observations,

vi. feedback from training, and

vii. maintenance program completion reviews.

c. Predictive hazard identification.

i. Objective performance improvement health indicators,

ii. trend analyses of the hazard and incident database, and

iii. data mining, information sharing and exchange systems (to similar/related Organisations, regulators, etc).

10. Where risks are identified, safety controls are generated and tracked to completion to minimise recurrence.

11. Human factors. Hazards arising from human factors are inherent in any Organisation. These hazards should be captured using both proactive hazard identification tools (such as bow-tie analysis), and through the analysis of incident investigation reports.

Risk assessment and treatment

Risk assessment and treatment involves the systematic, rational and thoughtful manner in which to assess and prioritise identified risks. The risk lists which this process generates then provide the corporate lessons learned for future staff to better understand.

Bow-tie hazard analyses may be useful for Organisations to gain a systematic and rich understanding of the full spectrum of preventive and recovery controls applicable (or absent), and their adequacy. However, all risk management outcomes, residual risk and risk acceptance, as adapted from AS/NZS ISO 31000:2009—Risk Management–Principles and Guidelines needs to be documented and be made available to the Authority upon request. Note that risk treatments also need to be assessed, to ensure that the treatment does not inadvertently introduce unknown risks. Defence aviation needs to eliminate or otherwise minimise risk to safety so far as is reasonably practicable as required by the Work Health and Safety Act 2011.

Risks also need to be reviewed at regular intervals, at least yearly, to ensure extant safety risk treatments remain effective.

AMC SMS.A.25 (b) (2) Safety Risk Management (AUS)

1. Safety risk management. The Organisation’s safety risk management system will enable development of structured processes to

understand the critical characteristics of its systems and environment and apply this knowledge to identify aviation safety hazards, analyse and assess risk and develop risk controls (using the hierarchy of controls) and must include the following:

a. Hazard identification. The Organisation will develop and maintain a process that ensures that aviation safety hazards in the aviation environment are identified. Aviation safety hazards will be identified from the analysis of critical design and performance factors, processes, and aviation activities in sufficient detail to determine associated level of risk and risk acceptability and should demonstrate the following:

i. Aviation safety hazard identification shall be based on a combination of reactive, proactive and predictive methods of

ongoing safety data collection and shall be the formal means of collecting, recording, acting on aviation safety hazards.

ii. Aviation safety hazards are periodically reviewed.

b. Safety Risk Assessment and Mitigation. The Organisation will develop and maintain a process that ensures analysis, assessment, and control of the safety risks in aviation system activities and should demonstrate the following:

i. There is a structured process for the assessment of risk that includes identified aviation safety hazards, expressed in terms of severity and probability (likelihood), and there is criteria for evaluating the level of risk the Organisation is willing to acknowledge.

ii. The Organisation uses a documented process that applies the hierarchy of controls and then implements the applicable controls.

iii. Controls resulting from risk assessments, including timelines and allocation of responsibilities are documented and actioned.

iv. Risk management is routinely applied in decision making processes.

v. The Accountable Manager and other key safety management personnel have visibility and are advised of the medium and high risk aviation safety hazards, including their mitigation and controls.

Page 11 of 16

11UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

3. safety assurance, and AMC GM – General GM - MAOC GM - M GM - 21 GM - 145

GM SMS.A.25 (b) (3) Safety assurance (AUS) - DASR 145

There is no specific DASR 145 guidance material for "safety assurance"

Refer GM - General

GM SMS.A.25 (b) (3) Safety assurance (AUS) - DASR 21

There is no specific DASR 21 guidance material for "safety assurance"

Refer GM - General

GM SMS.A.25 (b) (3) Safety assurance (AUS) - DASR M

There is no specific DASR M guidance material for "safety assurance"

Refer GM - General

GM SMS.A.25 (b) (3) Safety assurance (AUS) - MAOC

There is no specific MAOC guidance material for "safety assurance"

Refer GM - General

GM SMS.A.25 (b) (3) Safety assurance (AUS) - General

1. Safety assurance processes systematically provide confidence that organisational products and/or services meet or exceed safety requirements. It determines whether the SMS is operating, and continuously improving, according to agreed requirements.

Organisations need to continually monitor their internal processes as well as their environment to detect changes or deviations that may introduce emerging safety risks, or degrade the effectiveness and efficiency of existing safety risk treatments. In addition to internal monitoring, Organisations need to incorporate findings from external audits/assessments. These external assurance and evaluation functions provide an element of independence to complement the internal program, and collectively provide the basis for continuous improvement. Changes or deviations identified can then be addressed through the Organisation’s safety risk management process and corrective actions raised against findings. In addition, safety assurance provides stakeholders an indication of the level of safety performance of the system.

Safety Management System–Quality Management System integration considerations

2. The SMS and QMS share many common principles, with safety assurance emphasis being on the assurance and reporting that safety risk controls are in place, practised, and remain effective. This affords Organisations the opportunity to consider integrating some requirements or execution methodologies without compromising the outcomes of either system. Integration has subtle benefits, such as more robust and consistent management processes and resource maximisation.

3. The safety assurance process complements that of quality assurance, with each requiring specific performance criteria to be met. While quality assurance typically focuses on the Organisation’s performance against business processes, safety assurance specifically monitors the performance of the agreed SMS. The complementary relationship between the two allows opportunities for

the integration of any number of supporting processes. Such integration can provide synergies and increase efficiencies.

4. Quality management focuses on continual improvement through the assurance of product/service quality, and the repeatable means

to achieve it. Safety management instead focuses on the mechanisms required for the identification and mitigation of safety risks. To be effective, an SMS integrates quality management principles, risk management principles and human factors’ principles into Organisation processes.

5. The integration of the quality assurance functions with safety management is a marker of a more mature SMS, and along with the integration of other safety related governance regimes is expected to be a requirement of future regulatory development. Pre-positioning of organisational structures to gain early access to these benefits is encouraged.

Safety performance monitoring and measurement

6. As stated previously the safety objectives define what the Organisation hopes to accomplish with its SMS and should address the Organisation’s most significant risks. Targets should be established to achieve each safety objective. Ideally the targets should be: Specific, Measurable, Achievable, Relevant and Time-based (SMART). To monitor how the Organisation is achieving their targets and ultimately the Organisation’s upper level objectives, associated Safety Performance Indicators (SPIs) should be developed.

7. Safety performance monitoring and measurement requires Organisations to develop a balanced series of lead and lag SPI’s to quantitatively measure the effectiveness of each of their SMS elements and their intended outcomes. The number of SPIs is not as

Page 12 of 16

12UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

important as their coverage of SMS elements. Used effectively, SPIs can both provide an early warning of failures to maintain agreed performance or requirements, and confirmation that agreed improvements have been achieved.

8. Information sources for safety performance monitoring and measurement include:

a. proactive and predictive hazard reporting,

b. safety studies,

c. safety reviews and surveys,

d. audits, and

e. safety investigations.

9. Frequency of monitoring. Many Organisations may rely solely on audits to highlight system deterioration. However, audit intervals can be too infrequent, or may not provide an ability to collect data on all SPIs. Instead, the use of SPIs should be seen as complementing audit programs. Deficiencies uncovered by either an audit or SPI may highlight the need for a new SPI or vice versa. Inevitably, just like audit frequencies, some SPIs may have long lead or lag times. It is therefore important to establish balanced sets of SPIs that can be regularly reviewed in short, medium and long timeframes. Most importantly, each SPI needs to be defined so as to be clear as to what is being displayed, and what safety actions need to be taken as a result.

10. Reporting System. In order to be effective, the Organisation needs to establish and maintain an environment in which employees feel comfortable to report hazards, issues, and concerns, as well as occurrences, incidents, etc., and propose safety solutions and improvements. The Accountable Manager and other Key Safety Management Personnel need to encourage employees to report

safety issues and not fear reprisals from management. Policies that assure employees of fair treatment and clear standards of behaviour are an essential part of the reporting process.

11. A key aspect of the confidential reporting system is that it is confidential. Therefore, you must define methods for employee reporting and de-identification of sources without losing essential information. As you develop and employ the confidential reporting procedures and include this invaluable input in safety decision making, employees will begin to trust the system to work toward elimination of systemic problems. This, in turn, will stimulate greater participation in employee reporting of safety concerns. A segment of the reports generated within an Organisation such as accident and serious incidents, must be provided to the Authority (definitions of these to reporting categories can be found in the DASR glossary). For both Service and commercial Organisations, reporting such occurrences to an appropriate member of the Authority’s staff is considered satisfactory to meet the requirement of this guidance.

12. To be effective and supported the safety reporting system should conduct safety investigations to identify underlying causes and potential aviation safety hazards for existing and future operations. The result of the report should be provided through a feedback loop to the reporter of any actions taken (or not taken) and, where appropriate, to the rest of the Organisation.

13. Communication of safety findings. Safety findings uncovered as part of the safety assurance process or SPI reviews are only useful if acted upon to the extent necessary to optimise SMS performance. This iterative feedback and refinement facilitates continuous improvement of the SMS. Those who can act of the safety findings, or need to be informed, can be quite varied. However, including the communication of key safety findings to the Accountable Manager and other key safety management personnel is imperative to

ensure the information can be used to inform the decision making. Hence given the volume and frequency of possible findings with time, a graduated approach should be used, based on criteria which may include the safety risk of the finding, possible audience, and resources required to correct.

Management of change

14. Either self-generated or imposed, most changes at the Organisation have the ability to affect the appropriateness or effectiveness of existing safety risk controls. Additionally, whenever change occurs, the opportunity exists for new aviation safety hazards to be inadvertently introduced. Hazards resulting from any change to what is considered to be the status quo should therefore be identified and addressed through the safety risk management process. Changes from the status quo can take many forms, including, for example, internal and external safety reviews and audits, nominal staff turn-over, more frequent need for shift-work, increased operational tempo, new or changes to deployments, introduction of new technologies or processes, etc.

15. The Organisation’s documented organisational change management procedure should consider:

a. Criticality. Processes, equipment, roles and activities that have higher aviation safety criticality should be ideally reviewed prior to organisational changes, to ensure that corrective actions can be proactively taken to control potentially emerging safety risks.

b. Existence of effective indicators. SPIs should be used to anticipate and monitor SMS effectiveness as a result of the introduced organisational change. Treatments can then be evaluated and adjusted where needed.

16. As Organisations mature, incremental changes can go unnoticed and accumulate. Effective change management therefore includes periodic reviews of the Organisation system description, associated processes, and baseline hazard analyses to determine their continued validity.

Continuous improvement of the safety management system

17. Continuous improvement is measured through verification and monitoring of an Organisation’s SPIs, and is related to the maturity and effectiveness of an SMS against the agreed implementation plan. Sources of information that can feed the continuous improvement include, for example, safety investigations, internal and external audit results, documentation reviews, SPI reviews, safety surveys, DDAAFS ASOR trending, etc.

AMC SMS.A.25 (b) (3) Safety Assurance (AUS)

1. Safety assurance. The Organisation’s safety assurance system, will verify, monitor, measure, and safety performance of the Organisation, and to evaluate the effectiveness of SMS and must include the following:

Page 13 of 16

13

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

a. Safety Performance Monitoring and Measurement. The Organisation will develop and maintain a means to verify, monitor and measure the safety performance of the Organisation, and to evaluate the effectiveness of safety risks controls and should demonstrate the following:

i. Safety targets and performance indicators have been defined, promulgated and are being monitored and analysed for trends, forming part of the SMS review.

ii. Safety targets and performance indicators are reviewed and updated periodically.

iii. Risk controls are being verified and monitored to confirm they are working and effective.

iv. There is an internal safety audit programme that focuses on the safety performance of the Organisation and its services.

v. The Organisation has a reporting system to capture errors, aviation safety hazards and near misses that is simple to use and accessible to all personnel, and has identified all the major aviation safety hazards and assessed the risks related to its current activities.

vi. The safety reporting system provides effective feedback to the reporter of any actions taken (or not taken) and, where appropriate, to the rest of the Organisation.

vii. Safety investigations are carried out and identify underlying causes and potential aviation safety hazards for existing

and future operations.

viii. Personnel responsible for investigating reports are trained in investigation techniques, and use those techniques in the conduct of their investigations.

ix. Investigations establish causal/contributing factors (why it happened, not just what happened), and use the results as a source for aviation safety hazard identification in the system.

x. Information obtained from safety assurance and compliance monitoring activities feeds back into the safety risk

management process.

xi. Personnel express confidence and trust in the regulated Organisation’s reporting policy and process and safety reports are continuously raised and acted on in a timely manner

b. Management of Change. The Organisation will develop and maintain a process to identify changes within the Organisation’s working environment which may affect established processes and services. This process will be used to describe the arrangements to assure safety performance before implementing changes and should demonstrate the following:

i. The Organisation has established a process and conducts formal hazard analyses and risk assessments for major operational changes, major organisational changes and changes in key personnel.

ii. Key stakeholders are identified and involved in the change management process.

iii. The change management process requires previous risk assessments and existing hazards are reviewed for possible effect.

c. Continuous improvement of the SMS. The Organisation will develop and maintain a process to identify the causes of substandard safety performance, determine the implications of substandard safety performance, and eliminate or mitigate such causes and should include the following continuous improvement processes and should demonstrate the following:

i. A Safety Committee has been established and has necessary authority to make decisions related to the improvement and effectiveness of the SMS.

ii. The SMS is periodically reviewed such that improvements in safety performance can be demonstrated.

4. safety promotion. AMC GM – General GM - MAOC GM - M GM - 21 GM - 145

GM SMS.A.25 (b) (4) Safety Promotion (AUS) - DASR 145

There is no specific DASR 145 guidance material for "safety promotion"

Refer GM - General

GM SMS.A.25 (b) (4) Safety Promotion (AUS) - DASR 21

There is no specific DASR 21 guidance material for "safety promotion"

Refer GM - General

GM SMS.A.25 (b) (4) Safety Promotion (AUS) - DASR M

There is no specific DASR M guidance material for "safety promotion"

Refer GM - General

GM SMS.A.25 (b) (4) Safety Promotion (AUS) - MAOC

There is no specific MAOC guidance material for "safety promotion"

Refer GM - General

Page 14 of 16

14

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

GM SMS.A.25 (b) (4) Safety Promotion (AUS) - General

1. Safety promotion, both internal and external to the Organisation, includes education, training and communication. The safety promotion intent is to encourage and celebrate a positive safety culture and to create an environment that is conducive to achieving the Organisation’s safety objectives, as agreed in the SMS Implementation Plan. Safety promotion provides a sense of purpose to Organisation’s safety efforts and enables the continuous improvement process.

2. Through safety promotion an Organisation adopts a culture that goes beyond merely avoiding accidents or reducing the number of incidents and hazards, to focussing on creating an attitude to do the right thing at the right time in response to normal and emergency situations. Safety Promotion supports safety culture communication, dissemination of lessons learnt. A positive safety culture is one in

which every person, from the Accountable Manager to the newest and most junior staff member, understands his or her role in maintaining safe operations, and actively participate in controlling and minimising safety risk. A positive culture is characterised by attitudes, behaviours, beliefs, values and evidence that the Organisation is committed to agreed improvements in safety, at all levels. This is achieved through a combination of technical competence that is continually enhanced through education and training, effective safety communication, and targeted information sharing. Every leadership position in the Organisation is a catalyst for the promotion and improvement of safety culture.

3. An Organisation’s level of safety cannot be improved solely by being directed to do so, or by strict adherence to published policies. Safety promotion affects both individual and organisational culture, and supplements the Organisation’s policies, procedures and processes by providing and supporting tangible and intangible evidence, and values, to support safety efforts. Safety culture is dynamic, and needs to be constantly reinforced as the Organisation is affected by either nominal or imposed changes, eg postings, resignations and/or staff movements, reforms).

4. The Organisation needs to establish and implement processes that facilitate effective communication and feedback throughout all levels of the Organisation from the abstract safety vision and goals to discrete actions and results. Nothing can provide positive reinforcement like the communication of successes, no matter how small or large.

5. Organisations need to also encourage bottom-up communication, providing an environment that allows senior management to receive open and constructive feedback from personnel at all levels. The personnel closest to the coal-face, are most likely to be able to

proactively identify most of the undiscovered hazards, and be able to provide practical treatment options.

Training and Education

6. The Organisation needs to facilitate safety training relevant to specific issues encountered in their Organisation’s context. The provision of education and training to appropriate staff, regardless of their level in the Organisation, is an indication of management’s

commitment to an effective SMS. Safety education and training at the local level should complement core promotion and specialisation courses, and be adapted to organisational context. Generally, local education and training should ensure coverage of the following topics and the benefits expected from each, from the macro to the micro, adapted for position/rank and responsibilities at the Organisation:

a. organisational safety policies, objectives, targets, and safety performance indicators;

b. safety roles and responsibilities of all staff levels;

c. safety risk management principles;

d. reactive, proactive and predictive safety reporting systems;

e. management’s visible support of safety;

f. communication of safety-related information;

g. resource management;

h. training effectiveness validation systems;

i. training recording and re-currency requirements; and

j. continuous safety improvement methodologies

7. As each individual within an Organisation has safety responsibilities, safety education and training needs to ensure that personnel are competent to perform the safety-related duties expected. The closer to the coal-face staff are, the more safety education and training should be focused on practical implementation of safety concepts, and the outcomes expected. Conversely, the more removed from the coal-face, the more safety education and training should focus on national, corporate and organisational safety objectives and requirements, interfaces to other Organisation business systems, allocation of resources, active safety promotion and assurance, and the creation of simple, practical means for working level staff to meet Organisation SMS objectives. Given the different training coverage dependent on position/rank and seniority, there is no one-size fits all approach to safety education and training.

Safety communication

8. The purpose of safety communication is to ensure that aviation safety issues are openly, effectively and regularly discussed and disseminated within, and external to, the Organisation, to the right audience, at all levels. This includes coverage of SMS objectives, targets, safety performance indicators and trends, procedures and remedial actions as a result of feedback or safety performance.

9. Safety communication therefore aims to:

a. ensure that staff are fully aware of the scope of their SMS and their part in it;

b. convey safety-critical information and resultant actions in language the audience can relate to;

Page 15 of 16

15

UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT

c. encourage timely, relevant and clear two-way discussions;

d. raise awareness of hazards and treatment effectiveness;

e. provide transparent information regarding changes at the Organisation and their assessed safety impacts;

f. provide feedback on Organisation safety performance indicators and resultant preventive/corrective actions; and

g. share successes and lessons learned.

10. Communication can take any form that most effectively imparts the outcomes sought to the audience required. Successful safety communication strategies employ multiple means of communication, each adapted for a different type of safety information and audience. Safety information has no value unless the audience learns from it, which in its simplest form reinforces safety awareness and at its most complex, stimulates action to mitigate future risks. Visual, verbal, written or interactive communication means can be used effectively. Bulletins, briefings, safety groups, scrolling banners on web pages and hazard and incident workshops, among others, have been used successfully in the past as part of an overall coordinated safety communication strategy. Safety lessons

learned can also be gained from sharing information with, and from, other Organisations.

11. Safety communication has to be two-way, internal and external to the Organisation. Both from the leadership to staff, and vice-versa.

This will ensure that the right people are communicating and receiving feedback on the different types of safety issues at the right time, either as an action status or as new hazards.

AMC SMS.A.25 (b) (4) Safety Promotion (AUS)

1. Safety promotion. The Organisation’s safety promotion system will provide employees with effective SMS training commensurate with their safety responsibilities, and create a means to deliver organisational-wide safety communication and must include the following:

a. Training and Education. The Organisation will ensure that personnel are trained and competent to perform their SMS duties. The scope of safety training will be commensurate with the individual’s involvement in the SMS and should demonstrate the following:

i. There is a documented process to identify Safety Management training requirements so that personnel are competent to perform their duties and takes appropriate remedial action when necessary.

ii. Appropriate action is taken to measure and possibly improve the effectiveness of training.

iii. A training record is maintained for all personnel.

b. Safety Communication. The Organisation will ensure that personnel, internal and external to the organization, have current and pertinent safety information and should demonstrate the following:

i. There is a communication strategy to ensure the safety policy and safety information is communicated to all personnel with the intent that they are made aware of their individual contributions and obligations with regard to safety.

ii. Significant events and investigation outcomes associated with the Organisation are communicated to all personnel, including contracted Organisation’s where appropriate

Last modified: 28/01/2016 09:44:43

DASR NPA 2 - 13 May 2016 DRAFT ONLY - NOT FOR USE DRAFT release of DASR NPA 2

Page 16 of 16

16UNCONTROLLED WHEN PRINTED DRAFT DASR For NPA 2

DRAFT