Aviation Hazard Risk Management Using Issue Manager
Use Issue Manager to conduct risk assessments, classify issues, manage corrective actions, conduct investigations and more.
Hazard risk management is the identification, assessment, and prioritization
of risks to the company, whether positive or negative. These processes
are followed by coordinated and economical application of resources to
minimize, monitor, and control the probability and/or impact of
unfortunate events or to maximize the realization of opportunities.
Risks can come from accidents, natural causes and disasters as well
as deliberate attacks from an adversary. Several risk management
standards have been developed by professionals from many industries.
Methods, definitions and goals vary widely according to whether the risk
management method is in the context of security, compliance,
industrial processes, or public health and safety.
Strategies to manage risk include transferring the risk to another
party, avoiding the risk, reducing the negative effect of the risk, and
accepting some or all of the consequences of a particular risk. Certain
aspects of many of the risk management practices have come under
criticism for having no measurable improvement on risk or improvement in
Hazard Risk Management Process
For the most part, managing reported issues in SMS Pro consist of the
following elements, performed, more or less, in the following order.
- Report threats, events or regulatory noncompliance (Identify)
- Assess the vulnerability of critical assets
- Determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
- Classify the reported events
- Identify ways to reduce those risks (Corrective Actions)
- Prioritize risk reduction measures based on a strategy and implement
- Communicate the risk (Lessons Learned)
- Analyze data to focus resources
Hazard Risk Management Using SMS Pro Should:
- Create value
- Be an integral part of organizational processes
- Be part of decision making
- Explicitly address uncertainty
- Be systematic and structured
- Be based on the best available information
- Be tailored to your organization
- Take into account human factors
- Be transparent and inclusive
- Be dynamic, iterative and responsive to change
- Be capable of continual improvement and enhancement
Viewing Hazard Risk Management Information
Reported issues may come from several sources, including:
- Web (secured customizable and pre-defined) reporting forms
- Public issue reporting via unsecured Web forms
- Paper reports entered by data entry personnel on behalf of submitter
- Email reports
- System Audits
- Individual issue-item audits
- Gap Analysis
Hazard Risk Management Email Notifications
Once reported, safety managers are notified of the reported issue via
email. Issue reporters also typically receive emails thanking them for
reporting the issue, thereby closing the feedback loop. Issue reporters
also generally have permissions to return to the Issue Manager and
inspect the status of their reported issues. This keeps users engaged
and develops a sense of commitment.
Which users are notified for particular events is configured in Setup
>> Customize Settings >> User Role Setup.
- When a new issue is reported for their division
- When a new issue is reported for ANY division
- When reported issues are classified as High Risk
- When High Risk issues are closed
Hazard Risk Management Security
Depending on users' roles, they will have a different view of the Issue Manager.
Available Tabs for SMS User
What issues users sees also is determined by the system
configuration in Setup >> Customize Settings >> User Role
Setup. They should be able to see their reported issues.
To extend their permissions, by selecting "View Own Division" in Setup >>
Customize Settings >> User Role Setup, users can see all reported
issues in their division.
Similarly, general SMS Users can also be
configured to see ALL reported issues for ALL divisions. However, this
is not a generally accepted practice, except in the most transparent
Note: Unless otherwise configured, SMS Users see only their reported issues. You should not allow general SMS Users to delete reported issues. This functionality should be reserved for only the SMS Admin.
Available Tabs for Department Heads (All but Assess & Classify)
Manage (Corrective Actions)
Costs (Manage Costs & Cost Benefit Analysis)
Note: Since Risk Assessment and Classification should be performed only by trained personnel, Dept. Heads do not get access to the Assess and Classify Tabs. When Dept Heads need this access, they should also be given the role of Safety Manager. However, policy should dictate who has the responsibility and authority to classify and perform risk assessments on reported issues.
Available Tabs for Safety Managers (All but Manage)
Costs (Manage Costs & Cost Benefit Analysis)
Note: Safety Managers facilitate the SMS program. They typically do not possess the authority to assign resources and set deadlines for corrective actions. While ALL users can recommend corrective actions (reporters, safety managers and Dept Heads), only Dept Heads have authority to "accept" corrective actions, assign resources to complete corrective actions, and ultimately sign-off on acceptable completion of corrective actions.
Available Tabs for SMS Admin
Note: SMS Admin should also have the permission to delete reported issues. While this permission can be given to any user role in Setup >> Customize Settings >> User Role Setup, we recommend that only SMS Admins be given this power.
Available Tabs for System Administrator
System Administrators need to be assigned to a division. Otherwise, they will not be able to see any of the tabs.