Safety Risk Management

Similar documents
Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

1.0 PURPOSE 2.0 REFERENCES

Aeronautical studies and Safety Assessment

Purpose. Scope. Process flow OPERATING PROCEDURE 07: HAZARD LOG MANAGEMENT

Federal Aviation Administration Safety & Human Factors Analysis of a Wake Vortex Mitigation Display System

New Airfield Risk Assessment / Categorisation

Safety Standards Acknowledgement and Consent (SSAC) CAP 1395

FLIGHT CREW TRAINING NOTICE

Helicopter Safety Recommendation Summary for Small Operators

FLIGHT TEST RISK ASSESSMENT THREE FLAGS METHOD

Policy for Evaluation of Certification Maintenance Requirements

Risk Management. Definitions. Principles of Risk Management. Types of Risk

Safety Assessments of ADS-B and ASAS Andrew D. Zeitlin MITRE/CAASD 7515 Colshire Dr. McLean VA USA

An atc-induced runway incursion

Risk Analysis Process Tool for Surface Loss of Separation Events

Risk Management Qualitatively on Railway Signal System

Circuit Considerations

I2102 WORKSHEET. Planned Route: Takeoff: KNSE, RWY 32 Altitude: 12,000 Route: RADAR DEPARTURE. Syllabus Notes None. Special Syllabus Requirements None

Safety Management in Multidisciplinary Systems. SSRM symposium TA University, 26 October 2011 By Boris Zaets AGENDA

Workshop to Generate Guidelines For the Implementation of: 1 - Step 1 of State Safety Program (SSP) and 2 - Phases 1 & 2 of ICAO SMS

Integrating Wildlife Hazard Management into a Safety Management System (SMS)

APPENDIX J REQUIRED NAVIGATION PERFORMANCE IMPACTS EVALUATION REPORT

DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report

SULAYMANIYAH INTERNATIONAL AIRPORT MATS

Identification and Screening of Scenarios for LOPA. Ken First Dow Chemical Company Midland, MI

EUROPEAN GUIDANCE MATERIAL ON INTEGRITY DEMONSTRATION IN SUPPORT OF CERTIFICATION OF ILS AND MLS SYSTEMS

Safety-Critical Systems

Employ The Risk Management Process During Mission Planning

Lecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016

ADVISORY MATERIAL JOINT AMJ

Marine Risk Assessment

Preliminary System Safety Analysis for the Controller Access Parameter service delivered by Mode S Enhanced Surveillance

HINDSIGHT SITUATIONAL EXAMPLE. unexpected runway crossing

PRIVATE PILOT MANEUVERS Practical Test Standards FAA-S A

Flight Profiles are designed as a guideline. Power settings are recommended and subject to change based

SYSTEM SAFETY ENGINEERING AND MANAGEMENT

Safety Risk Assessment Worksheet Title of Risk Assessment Risk Assessment Performed By: Date: Department:

Advisory Circular (AC)

COSCAP-South Asia ADVISORY CIRCULAR FOR AIR OPERATORS

1 General. 1.1 Introduction

MODEL AERONAUTICAL ASSOCIATION OF AUSTRALIA

VR-APFD Validation report for automatic responses to ACAS RA

SPR for automatic responses to ACAS RAs

So it s Reliable but is it Safe? - a More Balanced Approach To ATM Safety Assessment

VI.B. Traffic Patterns

Safety Criticality Analysis of Air Traffic Management Systems: A Compositional Bisimulation Approach

The Best Use of Lockout/Tagout and Control Reliable Circuits

SCANDINAVIAN AVIATION EDUCATION PROGRAM. Risk Management Course

COASTAL SOARING ASSOCIATION, INC. STANDARD OPERATING PROCEDURES Revised 09/17/2010

2020 Foresight A Systems Engineering Approach to Assessing the Safety of the SESAR Operational Concept

Transformational Safety Leadership. By Stanley Jules

BRITISH GLIDING ASSOCIATION SAFETY MANAGEMENT SYSTEM MANUAL

VR-TCAP Validation report for new possible altitude capture laws

Gamma-ray Large Area Space Telescope

Airbus Series Vol.2 (c) Wilco Publishing feelthere.com

Basic STPA Tutorial. John Thomas

Engine Failure after Takeoff

VI.B. Traffic Patterns

Systems Theoretic Process Analysis (STPA)

Tenth USA/Europe Air Traffic Management Research and Development Seminar

1309 Hazard Assessment Fundamentals

Go around manoeuvre How to make it safer? Capt. Bertrand de Courville

Recommendations for the Risk Assessment of Buffer Stops and End Impact Walls

Unit 5: Prioritize and Manage Hazards and Risks STUDENT GUIDE

Surrogate UAV Approach and Landing Testing Improving Flight Test Efficiency and Safety

HANDLINGSENSE LEAFLET 1 TWIN PISTON AEROPLANES

ESSENTIAL SAFETY RESOURCES

A study on the relation between safety analysis process and system engineering process of train control system

North Coast Outfitters, LTD. Model SR901RT Multi-Purpose Utility Table SAFETY ASSESSMENT REPORT (SAR)

Mountain Fury Mountain Search Flying Course Syllabus Fourth Sortie : High Altitude Search

AUSTRALIA ARGENTINA CANADA EGYPT NORTH SEA U.S. CENTRAL U.S. GULF. SEMS HAZARD ANALYSIS TRAINING September 29, 2011

Continuous Descent Final Approach

OPERATIONS MANUAL PART A INSTRUCTIONS AND TRAINING REQUIREMENTS FOR THE AVOIDANCE OF CONTROLLED FLIGHT INTO TERRAIN AND POLICIES FOR THE USE OF GPWS

COLLISION RISK ANALYSIS IN AIR TRAFFIC CONTROL

FedRAMP Plan of Actions and Milestones (POA&M) Template Completion Guide. Version 2.0

Managing for Liability Avoidance. (c) Lewis Bass

RNAV/RNP Operations & VNAV Approaches

C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS

A study evaluating if targeted training for startle effect can improve pilot reactions in handling unexpected situations. DR. MICHAEL GILLEN, PH.D.

Safety of railway control systems: A new Preliminary Risk Analysis approach

10 December 2010 GUIDANCE FOR WATERTIGHT DOORS ON PASSENGER SHIPS WHICH MAY BE OPENED DURING NAVIGATION

NORMAL TAKEOFF PILOT TRAINING MANUAL KING AIR 200 SERIES OF AIRCRAFT

Advisory Circular (AC)

A Method Quantitatively Evaluating on Technical Progress of Students in Ship Handling Simulator Training ABSTRACT

NIFA CRM / LOFT CONTESTANT BRIEFING

NMT SAFE STUDY APPROACH

Questions & Answers About the Operate within Operate within IROLs Standard

FLIGHT OPERATIONS PANEL

Hazard Identification

VII.H. Go-Around/Rejected Landing

How to Define Your Systems and Assets to Support Reliability. How to Define Your Failure Reporting Codes to Support Reliability

A GUIDE TO WRITING A RISK ASSESSMENT FOR A BMAA EVENT

S-TEC. Pilot s Operating Handbook

SYSTEM SAFETY REQUIREMENTS

Revision Number Revision Date Insertion Date/Initials 1 st Ed. Oct 26, 00 2nd Ed. Jan 15, 08

Safe High Pressure Water Washing (HPWW) Requirement

Project Report. South Kirkwood Road Traffic Study. Meadows Place, TX October 9, 2015

Using what we have. Sherman Eagles SoftwareCPR.

POWER-OFF 180 ACCURACY APPROACH AND LANDING

Universal Atmospheric Hazard Criteria

Transcription:

ATO Safety Risk Management Presented By: Michael Falteisek Air Traffic Organization-Office of Safety Manager, Safety Risk Management 1

What Is the FAA s Safety Management System? SMS Definition* An integrated collection of processes, procedures, policies, and programs that are used to assess, define, and manage the safety risk in the provision of ATC and navigational services * AOV Safety Oversight Circular 08-06, ATO Safety Management System (SMS) Definitions 2

SMS Components FETY CU ULTURE ORGA ANIZATIO ONAL SA SRM Identify hazards Analyze, assess, knowingly accept, and mitigate risk Monitoring gp plans Safety Policy Safety Promotion Identified New Hazards NAS Changes Needed Safety Risk Mitigations Monitoring Safety Communications Safety Assurance SMS Implementation Plan Monitor NAS & mitigations through: Audits & Evals Investigations Data Analyses ORGAN NIZATION NAL SAF ETY CUL LTURE 3

SMS in the FAA ATO Formal system approach to managing the safety risk of Air Traffic Control (ATC) and navigation services Provides consistent processes and documentation in managing safety risk Provides a standardized methodology to identify and address safety hazards that occur within the National Airspace System (NAS) or in which some element of the NAS is a contributing factor FAA Flight Plan Goal 4

SMS Historical Highlights 5

Safety Risk Management 6

Risk Assessment of ALL Changes ASSESS THE RISK Baseline as of March 14, 2005 SAFE? NAS Continuous Monitoring CHANGE Impact to Safety? Maintain and Improve the Safety of the NAS National Airspace System: Is comprised of airspace; airports; aircrafts; pilots; air navigation facilities; air traffic control (ATC) facilities; communication, surveillance, navigation, and supporting technologies and systems; operating rules, regulations, policies, and procedures; and the people p who implement, sustain, or operate the system components 7

Safety Risk Management and the ATO Safety Risk Management Describe System Identify Hazards Analyze Risk Assess Risk Treat Risk Airspace Change New Procedure New System TECH OPS PERSONNEL Airport Change Mods. 8

SRM Decision Process Preliminary Safety Analysis Change Proposed Does It Affect the NAS? Could Further Yes Yes Is Risk Yes This Introduce Risk Level Safety Yes Level Acceptable Safety Risk Analysis Acceptable? Documented in Into the Conducted SRMD NAS? No No No No Further Analysis Necessary No Further Safety Analysis Necessary Risk Level Unacceptable Documented in SRMD Decision Documented in SRMDM 9

SRM Process Describe System Identify Hazards Analyze Risk Define scope and objectives Define stakeholders Identify criteria and plan for risk management effort (including any modeling/ simulation potentially required) Describe system/change (use, environment, and intended function, including planned future configuration) Identify hazards (what can go wrong?) that exist in the context of the NAS change Use structured approach Be comprehensive (and do not dismiss hazards prematurely) Employ lessons learned and experience supplemented by checklists For each hazard: Identify existing mitigations/controls Determine risk (severity and likelihood) of outcome Q ualitative or quantitative (preferred) Assess Risk Rank hazards according to the severity and likelihood of their risk Select hazards for detailed risk treatment (based on risk) Treat Risk Identify feasible mitigation options Develop risk treatment plans Implement and verify Monitor 10

Severity Definitions Effect On: ATC Services Flight Crew Minimal 5 Conditions resulting in a minimal reduction in ATC services, or a loss of separation resulting in a Category D Runway Incursion (RI) 1, or proximity event Minor 4 Conditions resulting in a slight reduction in ATC services, or a loss of separation resulting in a Category C RI 1, or Operational Error (OE) 2 Hazard Severity Classification Major 3 Conditions resulting in a partial loss of ATC services, or a loss of separation resulting in a Category B RI 1, or OE 2 Hazardous 2 Conditions resulting in a total loss of ATC services, (ATC Zero) or a loss of separation resulting in a Category A RI 1 or OE 2 Catastrophic 1 Conditions resulting in a collision between aircraft, obstacles or terrain Flightcrew receives Potential for Pilot PD due to response to Near mid-air collision Conditions TCAS Traffic Advisory (TA) informing of nearby traffic, or, Pilot Deviation (PD) where loss of Deviation (PD) due to TCAS Preventive Resolution Advisory (PRA) advising crew not to deviate from present vertical profile, TCAS Corrective Resolution Advisory (CRA) issued advising crew to take vertical action to avoid developing conflict with (NMAC) results due to proximity of less than 500 feet from another aircraft or a report is filed by pilot or flight crew member that a collision loss, multiple airborne separation falls within the same parameters of a Category D OE 2 or proximity Event Minimal effect on operation of aircraft or, PD where loss of airborne separation falls within the same parameters of Category C (OE) 2, or Reduction of functional capability of aircraft but does not impact overall safety e.g. normal procedures as per AFM traffic, or, PD where loss of airborne separation falls within the same parameters of a Category B OE 2, or, Reduction in safety margin or functional capability of the aircraft, requiring crew to follow abnormal procedures as per AFM hazard existed between two or more aircraft Reduction in safety margin and functional capability of the aircraft requiring crew to follow emergency procedures as per AFM resulting in a midair collision (MAC) or impact with obstacle or terrain resulting in hull fatalities, or fatal injury 11

Severity Definitions (cont d) Effect On: Minimal 5 Minor 4 Hazard Severity Classification Major 3 Hazardous 2 Catastrophic 1 Flying Public Minimal injury or discomfort to passenger(s) Physical discomfort to passenger(s) (e.g. extreme braking action; clear air turbulence causing unexpected movement of aircraft causing injuries to one or two passengers out of their seats) Minor 3 injury to greater than zero to less or equal to 10% of passengers Physical distress on passengers (e.g. abrupt evasive action; severe turbulence causing unexpected aircraft movements) Minor 3 injury to greater than 10% of passengers Serious 4 injury to passenger(s) Fatalities, or fatal 5 injury to passenger(s) 1 As defined in 2005 Runway Safety Report 2 As defined in FAA Order 7210.56 Air Traffic Quality Assurance and N JO 7210.663-Operational Error Reporting, Investigation, and Severity Policies 3 Minor Injury - Any injury that is neither fatal nor serious. 4 Serious Injury - Any injury which: (1) requires hospitalization for more than 48 hours, commencing within 7 days from the date the injury was received; (2) results in a fracture of any bone (except simple fractures of fingers, toes, or nose); (3) causes severe hemorrhages, nerve, muscle, or tendon damage; (4) involves any internal organ; or (5) involves second- or third-degree burns, or any burns affecting more than 5 percent of the body surface. 5 Fatal Injury - Any injury that results in death within 30 days of the accident. 12

Frequent A Probable B Remote C Extremely Remote D Extremely Improbable E Likelihood Definitions NAS Systems & ATC Operational NAS Systems ATC Operational Flight Procedures Quantitative Qualitative ATC Service/ Individual NAS Level Per Facility Item/System System NAS-wide Probability of occurrence per Expected to Expected to Expected to Continuously operation/ operational hour is occur about once occur more occur more experienced equal to or greater than every 3 months than once per than every Probability of occurrence 1x10-3 in the system for an item week 1-2 days per operation/ operational Probability of occurrence per Expected to Expected to Expected to Expected to hour is equal to or greater operation/ operational hour is occur about once occur occur about occur about than 1x10-5 less than 1x10-3, but equal to per year for an frequently in once every several times or greater than 1x10-5 item the system month per month Probability of occurrence per Expected to Probability of occurrence operation/ operational hour is less than or equal to 1x10-5 but equal to or greater than 1x10-7 Expected to occur several times in life cycle of an item occur Expected to Expected to numerous occur about occur about times in once every once every system life year few months cycle per operation/ operational hour is less than or equal to 1x10-5 but equal to or greater than 1x10-7 Probability of occurrence per Expected to Probability of occurrence Unlikely to occur, Expected to Expected to operation/ operational hour is occur several eral per operation/ operational less than or equal to 1x10-7 but possible in occur about occur about times in the hour is less than or equal an item s life once every once every but equal to or greater than system life to 1x10-7 but equal to or 1x10-9 cycle 10-100 years 3 years cycle greater than 1x10-9 So unlikely that it Unlikely to Expected to Expected to Probability of occurrence per can be assumed occur, but occur less occur less Probability of occurrence operation/ operational hour is that it will not possible in than once than once per operation/ operational less than 1x10-9 occur in an system life every 100 every 30 hour is less than 1x10-9 item s life cycle cycle years years 13

FAA-ATO Safety Risk Matrix Severity Minimal Minor Major Hazardous Catastrophic Likelihood 5 4 3 2 1 Frequent A Probable B Remote C Extremely Remote D Extremely * Improbable E High Risk Medium Risk Low Risk * Unacceptable with Single Point and/or Common Cause Failures 14

Risk Classification High Risk: Unacceptable Risk Change cannot be implemented unless hazard s associated risk mitigated so that risk reduced to medium or low level Tracking, monitoring, and management are required Hazards with catastrophic effects caused by: Single point events or failures, Common cause events or failures, or Undetectable latent events in combination with single point or common cause events are considered high risk, even if possibility of occurrence is extremely improbable Medium Risk: Acceptable Risk Minimum acceptable safety objective Change may be implemented but tracking, monitoring, and management are required Low Risk: Acceptable Risk Acceptable without restriction or limitation Hazards not required to be actively managed, but must be documented 15

Reduced Vertical Separation Minimum 16

Example-RVSM RVSM reduces the vertical separation for FL290 through FL410 from the traditional 2,000-foot minimum to 1,000-foot separation RVSM creates exclusionary airspace and only approved aircraft may operate within the stratum. This airspace change adds six additional flight levels, which create benefits for Air Traffic Service (ATS) providers and aircraft operators. The additional flight levels enable aircraft to safely fly more optimal profiles, gain fuel savings, and increase airspace capacity. 17

RVSM Conventional Vertical Separation Minimum Reduced Vertical Separation Minimum 18

Risk Analysis The feasibility of reducing Vertical Separation Minimum (VSM) above Flight Level (FL) 290, while maintaining an equivalent level of safety, is dependent d on operational judgment and a thorough h assessment of associated risks. The total t risk associated with RVSM is a derivative of two factors: the technical risk due to aircraft height-keeping performance and the operational risk due to any vertical deviation of aircraft from their cleared flight levels due to error by the flight crew or Air Traffic Control (ATC). The overall collision risk within RVSM airspace is assessed against a Target Level of Safety (TLS) of 5x10-9 fatal accidents per flying hour. 19

Hazard Analysis Large Height Deviation Hazard Bow-Tie One of the hazards identified for (the implementation of) RVSM is a Large Height Deviation (LHD). Any deviation from the assigned or anticipated altitude (that altitude that the controller believes the aircraft to be at, or the pilot believes he/she is to be at, or that the aircraft is climbing or descending to) of 300 feet or greater constitutes a large height deviation. 20

RVSM Bow Tie A simplified overview of the LHD hazard, with some of the high-level causes identified on the left side in rectangles. These causes can then be broken down further into subcauses. To the right of the hazard, the system states associated with the hazard are identified. In essence, Figure I.3 summarizes the two main identified potential outcomes, namely Mid-Air Collision and Loss of Separation. The effects have then been rated for severity in accordance with Table 3.3, indicating four catastrophic potential outcomes and four minor potential outcomes 21

RVSM The probability of a Mid- Air Collision in the WATRS Region was extracted from the Safety Risk Management: Worst Credible Outcome Likelihood Values for Midair Collisions (MACs) and Controlled Flights into Terrain (CFITs), August 24, 2005, by using the MAC Probability Value in an En Route environment. Note: The validity and completeness of (available) data or representative SMEs play a major role in the validity of the calculated likelihoods for the different scenarios. 22

RVSM Likelihood Climb/descent without ATC clearance 2.3483x10-5 ATC failure to record, coordinate, etc. on FL and/or other clearances 1.5655x10-5 Hear-back read-back failure OR Hazard LHD High Traffic Load 05 0.5 2.3483x10-5 +1.5655x10-5 +4.6967x10-5 = 8.6105x10-5 Low Traffic Load 0.5 Adverse Weather 0.3288 Non-Adverse Weather 0.6712 Adverse Weather 0.3288 Non-Adverse Weather 0.6712 Mid-Air Collision 1 5.3x10-7 Loss of Separation 2.3483x10-5 Mid-Air Collision i 5.3x10-7 Loss of Separation 2.3483x10-5 4 1 4 8.6105x10-5 05 0.5 03288 0.3288 5.3x10-7 = 7.5025x10-12 8.6105x10-5 0.5 0.3288 2.3483x10-5 = 3.3239x10-10 8.6105x10-5 05 0.5 06712 0.6712 5.3x10-7 = 1.5315x10-11 8.6105x10-5 0.5 0.6712 2.3483x10-5 = 6.7863x10-10 Mid-Air Collision 8.6105x10-5 0.5 0.3288 1 5.3x10-7 5.3x10-7 = 7.5025x10-12 Loss of Separation 8.6105x10-5 0.5 0.3288 4 2.3483x10-5 2.3483x10-5 = 3.3239x10-10 Mid-Air Collision 1 8.6105x10-5 0.5 0.6712 5.3x10-7 5.3x10-7 = 1.5315x10-11 Loss of Separation 4.6967x10-5 4 8.6105x10-5 0.5 0.6712 2.3483x10-5 2.3483x10-5 = 6.7863x10-10 23

Example 0f Documenting Hazard No. & Seg. H001 S1,S2 Hazard Description Message is misleading to one or more aircraft a. corrupted blate b. c. spontaneously generated d. misdirected e. out of sequence S2: f. 4D-Trajectory inconsistent bt between A/G g. Executed Flight Path is not compliant with the cleared constraints (e.g., incorrectly executed) Causes System State Existing Controls & Requirements Possible Effects Severity/ Rationale Likelihood / Rationale Current Risk En Route and E1: INITIATING FAILURE 1 1E Terminal airspace CONTROLS CATASTROPHIC MEDIUM The communication system corrupts the message a. Ground user interface failure [F1:HW,SW] b. Ground System Processing failure [F2:HW,SW] --Error checking failure [F2,F6] --Incorrect correlation processing [F2,F6] -- Source data: Incorrect Correlation Data [F2,F6] --Failure Fil to provide update (obsolete info) [F2,F6] DCL issued at surface, potential hazardoccurs after takeoff phase High density traffic Instrument Meteorological Conditions (IMC) under Instrument Flight Rules (IFR) conditions Aircraft on a converging or collision course after an initiating failure No credit for ENV upfront R-P1: System shall comply with RTCA SC-214 CPDLC Operational Safety and PerformanceRequirements Requirements. [F1-F7] F7] R-H1 System shall conform with the FAA Human Factors Design Standard (HFDS) [F1,F2] R-F1: System shall notify the controllers of failures that have an operational impact. [F1,F2] EC-28: Controller procedures exist for determining the position of an aircraft before issuing taxi instructions or takeoff clearance (FAA Order 7110.65 3-1-7. POSITION DETERMINATION). If the corruption is in a clearance, this could result in the acceptance and execution of an erroneous clearance. Flight crew receives misdirected message A clearance is transmitted and reaches an unintended aircraft. The aircrew does not realize that the clearance is not for them and accepts the clearance. Flight crew does not receive intended message Detected by controller and resolved with tactical (voice) communications, (e)) resulting in slight increase in workload. Detected with short time to converging routes, could result in moderate or high operational error. Based on the worst case scenario, if there is MisleadingACL resulting in an erroneous digital ACL msg. and it is undetected by flight crew and ATC during critical phase of flight in IMC conditions, and aircraft trajectory i/ is/remains i on conflict flit path, and conflict is undetected by ATC, and flight crew see & avoid fails, then the outcome could be an aircraft accident resulting in loss of life/serious injury. E EXTREMELY IMPROBABLE End-to-End error checking algorithmexist exist, timestamp (PM-CPDLC, FANS1/A+) It is extremely improbable that multiple human and/or system cause and detection errors and traffic geometries will combine to result in an aircraft accident. En route analysis, (ACL)=8,896 transactions per ATSU OP-HR Allocation Representation example: E1= End-to-End initiating failure rate < Remote per msg RTCA OPA CPDLC Failure of integrity = ~1E-6/transaction Recommended Safety Requirements S2 TBO operations with RTCA ENV-B aircraft counts: PHA-SR-3 The ground automation system shall provide automated conflict detection and resolution in HPA. E7: Either Flight crewor vehicle operator detects and avoids conflict 24

FAA-ATO Safety Risk Matrix Severity Likelihood Minimal 5 Minor 4 Major 3 Hazardous Catastrophic 2 1 Frequent TREAT THE RISK A Probable B Remote C Extremely Remote D Extremely * Improbable E High Risk Medium Risk Low Risk * Unacceptable with Single Point and/or Common Cause Failures 25

Treat Risk Describe System Identify Hazards Analyze Risk Assess Risk Effectively treating risk involves: Identifying feasible mitigation options Selecting best balanced response Developing risk treatment plans Implementing and verifying i Monitoring the hazards to ensure risk levels are achieved Treat Risk 26

Safety Order of Precedence Description Priority Definition Example Design for minimum risk 1 Design the system (e.g., operation, procedure, or equipment) to eliminate risks. If the identified risk cannot be eliminated, i reduce it to an acceptable level through selection of alternatives. Incorporate safety devices 2 If identified risks cannot be eliminated through alternative selection, reduce the risk via the use of fixed, automatic, or other safety features or devices, and make provisions for periodic functional checks of safety devices. If a collision hazard exists because of a transition to a higher Minimum En route Altitude at a crossing point, moving the crossing point to another location would eliminate the risk An automatic low altitude detector in a surveillance system Ground circuit in refueling nozzle Automatic engine restart logic Provide 3 When neither alternatives nor safety A warning in an operator s warning devices can effectively eliminate or manual adequately reduce risk, warning Engine Failure light in a devices or procedures are used to helicopter detect the condition and to produce an Flashing warning on a radar adequate warning. screen Develop elop 4 Where it is impractical to eliminate A missed approach procedurere procedures and training risks through alternative selection, safety features, and warning devices: procedures and training are used, with management approval for catastrophic or hazardous severity. Training in stall/spin recovery Procedures for loss of communications 27

SRM Document (SRMD) SRMD defines the proposed change and the SRM process used Must be completed for all changes that t affect the NAS as defined d in the ATO SMS Manual and any change that can affect the safety of the NAS Length and depth varies based on type and complexity of change Approved SRMD must be retained by change proponent and provided to ATO Office of Safety Services (upon request) and AOV (upon request) Updated or changed as project progresses Existing risk management documentation may satisfy some SRMD requirements 28

Severity Likelihood * Un acceptable w ith Single Poin t and Common Cause Failures Risk Acceptance Frequent A Probable B R emote C Extremely R emote D Extremely Improbable E No Safety Effect 5 Minor 4 Major 3 H azardous Catastrophic 2 1 * Initial High Risk* Medium or Low Initial Risk High Risk Medium Risk Low Risk Safety Risk Risk Accepted by: Risk Accepted Within: Stay Within a Service Unit Span Service Units Service Unit VP Each Affected Service Unit VP Service Unit Each Affected Service Unit Affect LOBs Outside the ATO (e.g., ARP and/or AVS) Each Affected Service Unit VP and Each Associate Administrator Each Affected Service Unit and LOB * Please note that t initial iti high h risk must be mitigated t to medium or low before acceptance 29

Hazard Tracking and Risk Resolution Describe System Identify Hazards Analyze Risk Assess Risk Treat Risk Ensuring requirements and mitigations for initial medium and high risk hazards are implemented Defining i additional safety requirements Verifying implementation Reassessing risk to ensure hazard meets risk level requirement and assessment ATO requires organizations to formally identify all hazards, and track and monitor all initial medium and high risk hazards for the lifecycle of the system or change, or until they mitigate t the risk to low 30

SRMTS The Safety Risk Management Tracking System (SRMTS) is a web-based comprehensive tool housed on the ATO Portal for the tracking of SRM efforts, hazards, risk mitigations and monitoring i the predicted residual risk. SRMTS allows users to: Improve tracking of SRM efforts, hazards and the predicted residual risk Provide a centralized document repository for SRM documentation Automate hazard analyses Improve efficiency of the application of SRM Improve reporting capabilities and trends analysis 31

PHA 32

SMS Implementation Lifecycle - Future 33

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback