How SMS Pro Satisfies FAA SMS Requirements

Subpart a General

Section 5.1

Applicability.

  • (a) A certificate holder under part 119 of this chapter authorized to conduct operations in accordance with the requirements of part 121 of this chapter must have a Safety Management System that meets the requirements of this part and is acceptable to the Administrator by January 8, 2018.

    SMS Pro has helped airlines, airports and MROs around the world satisfy CAA SMS requirements. We foresee no challenges with these FAA requirements and they pose no special surprises. SMS Pro was designed around ICAO, FAA, Transport Canada and EASA requirements. AC 120-92 and the FAA Safety Assurance documentation which followed AC 120-92.

  • (b) A certificate holder must submit an implementation plan to the FAA Administrator for review no later than September 9, 2015. The implementation plan must be approved no later than March 9, 2016.

    SMS Pro has two FAA gap analysis models: preliminary and detailed. After conducting the initial gap analysis using SMS Pro's Gap Analysis module, safety teams can prepare an SMS implementation plan using SMS Pro's Implementation Manager module. Safety teams and management can easily view the progress and update activities. Default SMS implementation plans are available for safety teams to use as is, or to customize to suite specific needs.

  • (c) The implementation plan may include any of the certificate holder's existing programs, policies, or procedures that it intends to use to meet the requirements of this part, including components of an existing SMS.

    Policies & procedures can be managed in SMS Pro's Policies & Procedures module. Automated email notifications alert managers that specific policies or procedures require review. Duties & requirements of key safety personnel can also be managed and made available to all personnel using SMS Pro's Duties & Requirements of Key Safety Personnel module. Organizational chart is also visible to all personnel using the online tool.

Section 5.3

General requirements.

  • (a) Any certificate holder required to have a Safety Management System under this part must submit the Safety Management System to the Administrator for acceptance.
    SMS Pro's Implementation Plan Manager possesses functionality for auditors to leave comments, such as documenting acceptance of each activity. Furthermore, SMS Pro is highly useful for tracking external audit findings and concerns, including automated notifications when items become overdue.

    The SMS must be appropriate to the size, scope, and complexity of the certificate holder's operation and include at least the following components:
    1. (1) Safety policy in accordance with the requirements of subpart B of this part; (Managed in Policies & Procedures module)
    2. (2) Safety risk management in accordance with the requirements of subpart C of this part; (Issue Reporting, Issue Manager, Risk Analysis Charts, Corrective Action Manager modules. More discussion will follow in subpart C).
    3. (3) Safety assurance in accordance with the requirements of subpart D of this part; (Safety Performance, Auditing, KPI Trend Monitor and more. Discussed further in subpart D).and
    4. (4) Safety promotion in accordance with the requirements of subpart E of this part. (Meeting Manager, Newsletters, Safety Surveys, Message Boards, Training & Qualifications modules. Discussed further in subpart E).
  • (b) The Safety Management System must be maintained in accordance with the recordkeeping requirements in subpart F of this part.
  • (c) The Safety Management System must ensure compliance with the relevant regulatory standards in chapter I of Title 14 of the Code of Federal Regulations.

Subpart B Safety Policy

Section 5.21

Safety policy. (Managed in SMS Pro's Policies & Procedures module)

  • (a) The certificate holder must have a safety policy that includes at least the following:
    1. (1) The safety objectives of the certificate holder.
    2. (2) A commitment of the certificate holder to fulfill the organization's safety objectives.
    3. (3) A clear statement about the provision of the necessary resources for the implementation of the SMS.
    4. (4) A safety reporting policy that defines requirements for employee reporting of safety hazards or issues.
    5. (5) A policy that defines unacceptable behavior and conditions for disciplinary action.
    6. (6) An emergency response plan that provides for the safe transition from normal to emergency operations in accordance with the requirements of Section 5.27.
      SMS Pro has utilities for the Emergency Response plan. Emergency Response Notifications automatically call selected people with configured messages. Module also will send email and SMS text to employees and external agencies.

      Emergency Response documentation can be stored in SMS Pro's version controlled document manager.
  • (b) The safety policy must be signed by the accountable executive described in Section 5.25.
  • (c) The safety policy must be documented and communicated throughout the certificate holder's organization.
    Safety Policy is visible to all employees in the Policies & Procedures module.
  • (d) The safety policy must be regularly reviewed by the accountable executive to ensure it remains relevant and appropriate to the certificate holder.
    Automated emails are sent to managers whenever policies or procedures require review. Email notifications will continue daily until the item has been reviewed.

Section 5.23

Safety accountability and authority. (Managed in Duties & Requirements of Key Safety Personnel module)

  • (a) The certificate holder must define accountability for safety within the organization's safety policy for the following individuals:
    1. (1) Accountable executive, as described in Section 5.25.
    2. (2) All members of management in regard to developing, implementing, and maintaining SMS processes within their area of responsibility, including, but not limited to:
      • (i) Hazard identification and safety risk assessment.
      • (ii) Assuring the effectiveness of safety risk controls.
      • (iii) Promoting safety as required in subpart E of this part.
      • (iv) Advising the accountable executive on the performance of the SMS and on any need for improvement.
    3. (3) Employees relative to the certificate holder's safety performance.
  • (b) The certificate holder must identify the levels of management with the authority to make decisions regarding safety risk acceptance.

Section 5.25

Designation and responsibilities of required safety management personnel.

  • (a) Designation of the accountable executive. The certificate holder must identify an accountable executive who, irrespective of other functions, satisfies the following:
    1. (1) Is the final authority over operations authorized to be conducted under the certificate holder's certificate(s).
    2. (2) Controls the financial resources required for the operations to be conducted under the certificate holder's certificate(s).
    3. (3) Controls the human resources required for the operations authorized to be conducted under the certificate holder's certificate(s).
    4. (4) Retains ultimate responsibility for the safety performance of the operations conducted under the certificate holder's certificate.
  • (b) Responsibilities of the accountable executive. The accountable executive must accomplish the following:
    1. (1) Ensure that the SMS is properly implemented and performing in all areas of the certificate holder's organization.
    2. (2) Develop and sign the safety policy of the certificate holder.
    3. (3) Communicate the safety policy throughout the certificate holder's organization.
    4. (4) Regularly review the certificate holder's safety policy to ensure it remains relevant and appropriate to the certificate holder.
    5. (5) Regularly review the safety performance of the certificate holder's organization and direct actions necessary to address substandard safety performance in accordance with Section 5.75.
  • (c)Designation of management personnel. The accountable executive must designate sufficient management personnel who, on behalf of the accountable executive, are responsible for the following:
    1. (1) Coordinate implementation, maintenance, and integration of the SMS throughout the certificate holder's organization.
    2. (2) Facilitate hazard identification and safety risk analysis.
    3. (3) Monitor the effectiveness of safety risk controls.
    4. (4) Ensure safety promotion throughout the certificate holder's organization as required in subpart E of this part.
    5. (5) Regularly report to the accountable executive on the performance of the SMS and on any need for improvement.

Section 5.27

Coordination of emergency response planning.

Where emergency response procedures are necessary, the certificate holder must develop and the accountable executive must approve as part of the safety policy, an emergency response plan that addresses at least the following:

  • (a) Delegation of emergency authority throughout the certificate holder's organization;
  • (b) Assignment of employee responsibilities during the emergency; and
  • (c) Coordination of the certificate holder's emergency response plans with the emergency response plans of other organizations it must interface with during the provision of its services.

    SMS Pro has an Emergency Response Notification module to alert teams by phone, email and text of an emergency. ERP checklists are maintained in the version controlled Document Manager module.

Subpart C Safety Risk Management

Section 5.51

Applicability.

A certificate holder must apply safety risk management to the following: (Management of Change module used here)

  • (a) Implementation of new systems.
  • (b) Revision of existing systems.
  • (c) Development of operational procedures.
  • (d) Identification of hazards or ineffective risk controls through the safety assurance processes in subpart D of this part.
    Proactive Hazard Analysis Tool (PHAT) used for identifying, cataloging and managing hazards. The output is displayed in reports and the Hazard Register module.

Section 5.3

System analysis and hazard identification. (Proactive Hazard Analysis Tool has SHELL and 5-M models to describe the system. Very detailed hazard identification, risk assessments, residual risk assessments, and complete integration into SMS Pro's risk management framework.

  • (a) When applying safety risk management, the certificate holder must analyze the systems identified in Section 5.51. Those system analyses must be used to identify hazards under paragraph (c) of this section, and in developing and implementing risk controls related to the system under Section 5.55(c).
  • (b) In conducting the system analysis, the following information must be considered:
    1. (1) Function and purpose of the system.
    2. (2) The system's operating environment.
    3. (3) An outline of the system's processes and procedures.
    4. (4) The personnel, equipment, and facilities necessary for operation of the system.
  • (c) The certificate holder must develop and maintain processes to identify hazards within the context of the system analysis.

Section 5.55

Safety risk assessment and control. (Proactive Hazard Analysis Tool (PHAT) allows for initial, residual and review risk assessments. Documentation of control, recovery and mitigation measures ensure managers can routinely review and leave remarks.

  • (a) The certificate holder must develop and maintain processes to analyze safety risk associated with the hazards identified in Section 5.53(c).
  • (b) The certificate holder must define a process for conducting risk assessment that allows for the determination of acceptable safety risk.
  • (c) The certificate holder must develop and maintain processes to develop safety risk controls that are necessary as a result of the safety risk assessment process under paragraph (b) of this section.
  • (d) The certificate holder must evaluate whether the risk will be acceptable with the proposed safety risk control applied, before the safety risk control is implemented.

Subpart D Safety Assurance

Section 5.71

Safety performance monitoring and measurement. (Safety Performance Monitor, Interactive Executive Dashboard Charts, KPI Trend Monitoring, Audit Suite, functionality for external auditors to review functionality, and full featured investigation features that are integrated into the risk management framework.

  • (a) The certificate holder must develop and maintain processes and systems to acquire data with respect to its operations, products, and services to monitor the safety performance of the organization. These processes and systems must include, at a minimum, the following:
    1. (1) Monitoring of operational processes. (Safety Performance, Executive Dashboards, Predictive Analysis Suite)
    2. (2) Monitoring of the operational environment to detect changes. (Automated alerts when configured thresholds are exceeded)
    3. (3) Auditing of operational processes and systems. (Audit Suite)
    4. (4) Evaluations of the SMS and operational processes and systems. (SMS Implementation Plan Manager for review, and Audit Suite)
    5. (5) Investigations of incidents and accidents. (Investigate tab in Issue Manager, includes Witness Statements and integrated into Lessons Learned Library).
    6. (6) Investigations of reports regarding potential non-compliance with regulatory standards or other safety risk controls established by the certificate holder through the safety risk management process established in subpart B of this part. (Audit Suite that is integrated into Issue Manager's Investigation functionality)
    7. (7) A confidential employee reporting system in which employees can report hazards, issues, concerns, occurrences, incidents, as well as propose solutions and safety improvements. (Issue Reporting module allows for confidential and anonymous reporting)
  • (b) The certificate holder must develop and maintain processes thatanalyze the data acquired through the processes and systems identified under paragraph (a) of this section and any other relevant data with respect to its operations, products, and services. (Risk Analysis Charts, Risk Analysis Trending Charts, Data Analysis & Export and Classification Report modules used for these requirements)

Section 5.73

Safety performance assessment. (Goals & Objectives module used for most of this).

  • (a) The certificate holder must conduct assessments of its safety performance against its safety objectives, which include reviews by the accountable executive, to:
    1. (1) Ensure compliance with the safety risk controls established by the certificate holder.
    2. (2) Evaluate the performance of the SMS. (Audit Suite used for internal evaluations).
    3. (3) Evaluate the effectiveness of the safety risk controls established under Section 5.55(c) and identify any ineffective controls. (Ability to link reports to detect recurring events. Thresholds can be set to alert management when risk controls are not effective).
    4. (4) Identify changes in the operational environment that may introduce new hazards. (Management of Change module used here).
    5. (5) Identify new hazards. (Management of Change module used here, and also available during investigations and the Proactive Hazard Analysis Tool (PHAT)).
  • (b) Upon completion of the assessment, if ineffective controls or new hazards are identified under paragraphs (a)(2) through (5) of this section, the certificate holder must use the safety risk management process described in subpart C of this part. (Integrated into Issue Manager and Proactive Hazard Analysis Tool).

Section 5.75

Continuous improvement.

The certificate holder must establish and implement processes to correct safety performance deficiencies identified in the assessments conducted under Section 5.73. (Goals & Objectives Manager and Predictive Analysis Suite. Key Performance Monitor useful for normalizing KPIs against industry standards).

Subpart E Safety Promotion

Section 5.91

Competencies and training.

The certificate holder must provide training to each individual identified in Section 5.23 to ensure the individuals attain and maintain the competencies necessary to perform their duties relevant to the operation and performance of the SMS.

(SMS Induction module insures SMS inductees are trained and confirmed by managers. SMS Induction also documents users when they have had initial training and also permits recurring SMS training to be administered, quizzes taken, and if passed, users induction remains active).

Section 5.93

Safety communication.

The certificate holder must develop and maintain means for communicating safety information that, at a minimum:

  • (a) Ensures that employees are aware of the SMS policies, processes, and tools that are relevant to their responsibilities.
    (SMS Induction Manager, Newsletters, Policies & Procedures modules.)
  • (b) Conveys hazard information relevant to the employee's responsibilities.
    (Newsletters and Message Board modules)
  • (c) Explains why safety actions have been taken.
    (Newsletters and Message Board modules)
  • (d) Explains why safety procedures are introduced or changed.
    (Newsletters and Message Board modules. Message Board tracks whether users have read these messages and easily allows managers to follow up.)

Subpart F SMS Documentation and Recordkeeping

Section 5.95

SMS documentation.

The certificate holder must develop and maintain SMS documentation that describes the certificate holder's:

  • (a) Safety policy. (Stored in Policies & Procedures module)
  • (b) SMS processes and procedures. (Stored in Policies & Procedures module)

Section 5.97

SMS records.

  • (a) The certificate holder must maintain records of outputs of safety risk management processes as described in subpart C of this part. Such records must be retained for as long as the control remains relevant to the operation. Records and files are stored in a centralized data repository that is backed up nightly. Data is stored at two geographically distinct locations.
  • (b) The certificate holder must maintain records of outputs of safety assurance processes as described in subpart D of this part. Such records must be retained for a minimum of 5 years. Records are held indefinitely, as long as they use SMS Pro.
  • (c) The certificate holder must maintain a record of all training provided under Section 5.91 for each individual. Such records must be retained for as long as the individual is employed by the certificate holder. Managed in both the Document Manager and Training & Qualifications modules.
  • (d) The certificate holder must retain records of all communications provided under Section 5.93 for a minimum of 24 consecutive calendar months.