GUIDANCE |
System
Safety Management Program / Section 2
(Revised 12/2004)
2.0 FAA Safety Risk Management Policy (Revised 12/2004) This section describes the System Risk Management policies and guidance used within the FAA. The overarching documents are FAA Order 8040.4, Safety Management System (SMS) guidance, and Acquisition Management System (AMS) policy. 2.1 FAA Order 8040.4 Safety Risk Management
(Revised 12/2004)
2.1.1 Safety Risk Management (Revised 12/2004)
2.2 Acquisition Management System (AMS) Policies (Revised 12/2004) The AMS policy contains the following paragraphs in 2.9.12:
This SSMP and the Integrated Safety Plan are an integral part of the Integrated Program Plan (IPP) statement of work and requirements that are available to the IA to satisfy the requirement to institute a repeatable disciplined process for conducting SRM in the acquisition of systems for the entire lifecycle. It includes provisions for hazard identification, classification of risk, risk control, and acceptance. (Revised 01/2004) 2.3 Safety Management System Guidance4 (Added 10/2004) The Safety Management System (SMS) provides a systematic and integrated method for managing safety of ATC and navigation services in the NAS. The SMS requires that all organizations that have a role in air traffic service provision, including those external to the Air Traffic Organization (ATO), identify and mitigate safety risk. Documentation such as safety risk management documents (SRMDs), safety incident reports, and safety inspection and evaluation reports, provide managers with needed information regarding safety hazards and risks associated with systems (hardware and software), procedures5, and airspace designs. In many instances, formal SRM is already part of engineering, acquisition, and management processes, and safety data monitoring is an every day activity in many organizations. In these cases, the SMS integrates existing safety management processes, documentation, and daily activities. As the SMS is implemented, organizations will integrate SRM principles and processes into their national, regional, and local activities and processes. The Air Traffic Safety Service Unit will facilitate SMS implementation and is responsible for managing SMS processes and documents, facilitating SMS training, providing safety risk management expertise when necessary, auditing SRM processes, and evaluating the SMS. The SMS provides a common framework to assess safety risks of changes to the NAS. The SMS addresses all aspects of ATC and navigation services, including: airspace changes, air traffic procedures and standards, airport procedures and standards, and new and modified equipment (hardware/software). The SMS facilitates cross-functional safety risk management among the ATC service providers and ensures intra-agency stakeholder participation in solving the safety challenges of an increasingly complex NAS. The SMS helps reduce the number of isolated safety decisions, which at times, result in wasted time and resources. 2.4 SMS and the AMS Process (Added 10/2004) The AMS process primarily applies to the acquisition of new systems and is robust enough to follow those new systems through the JRC process, including the In-Service Decision and deployment. It also can address changes or modifications during rebaselining activities. The SMS incorporates all AMS safety provisions but expands its guidance to allow the SRM process to address changes to air traffic operations, maintenance, airspace and procedures development, airports, new systems, and modifications to existing systems (hardware and software). The SMS requires that SRM practices be applied when proposed changes to the NAS have significant hazards associated with them (e.g., modifying existing or implementing new operations, procedures and/or hardware and software systems). The SMS requires that SRM be performed early in the planning or change proposal process. It is conducted when proposed changes to the NAS (e.g., modifying existing or implementing new operations, procedures, and/or hardware and software systems) result in hazards that introduce risk, which must be mitigated. Thus, SRM is a fundamental component of the AMS and the SMS — it ensures that safety-related changes are documented and resolved, whether the change is to a component, a system, or the NAS itself. As the SMS is implemented, organizations will integrate SRM principles and processes into their national, regional, and local activities and processes. The ATO Safety Service Unit, led by the Vice President for Safety, will facilitate SMS implementation and is responsible for managing SMS processes and documents, facilitating SMS training, providing safety risk management expertise when necessary, interfacing with the Air Traffic Safety Oversight Service (AOV), and auditing SRM processes.6 2.5 SRM Process (Added 10/2004) As depicted in the SMS manual, a systematic SRM process proceeds through five general phases. These five phases are:
Chapter 4 of the SMS manual contains a full description of the process. 3 Under the previous organization, ASD-103, the Chief Engineer for Safety, was available to provide technical support to accomplish saftey risk management. That person and staff remain available during the ATO implementation phase. Support eventually will be provided by the CSES, assigned System Safety Engineers (SSE), and the ATO Safety Service Unit. 4 The SMS is a function of the Air Traffic Organization's Vice President for Safety. 5 See Appendix C in the SMS Manual for a discussion on using the SMS process to assess risk incident to changes in ATC procedures. 6 See Chapter 11 of the SMS manual for a complete description of the roles and responsibilities of the Air Traffic Safety Oversight Service (AOV), located within AVR. |