VOLUME 10 SAFETY ASSURANCE SYSTEM POLICY AND PROCEDURES
CHAPTER 1 GENERAL
Section 1 Safety Assurance System
10-1-1-1 GENERAL. This chapter explains the policy, concepts, principles, roles and responsibilities, acronyms, and definitions
for the Safety Assurance System (SAS).
A. Purpose. The purpose of this section is to provide an overview of SAS, including statutory background, key concepts, and principles.
B. Scope. This section applies to all SAS users.
A. Statutory Authority. Title 49 of the United States Code (49 U.S.C.) and Title 14 of the Code of Federal Regulations (14
CFR) provide the statutory and regulatory authority for SAS, respectively. Title 49 U.S.C. is broad in scope and contains the codified provisions of the
Federal Aviation Act of 1958 (FA Act), which prescribes the powers and authorities of the Federal Aviation Administration (FAA). Title 14 CFR is
prescriptive in nature and contains specific requirements to obtain a certificate holder operating or air agency certificate and standards for conducting related
operations. SAS is not a separate safety standard and does not impose additional requirements on certificate holders. The SAS policy and procedures provide aviation
safety inspectors (ASI) with standardized protocols to evaluate certificate holder programs required by regulations to be approved or accepted. The following
requirements in 49 U.S.C. Subtitle VII, Chapter 447, Safety Regulation, are applicable to SAS:
1) Title 49 U.S.C. § 44702, Issuance of Certificates. “When issuing a certificate under this chapter, the Administrator
shall consider the duty of an air carrier to provide service with the highest possible degree of safety in the public interest.”
2) Title 49 U.S.C. § 44705, Air Carrier Operating Certificates. “The Administrator of the Federal Aviation
Administration shall issue an air carrier operating certificate to a person desiring to operate as an air carrier when the Administrator finds, after investigation,
that the person properly and adequately is equipped and able to operate safely under this part and regulations and standards prescribed under this part.”
3) Title 49 U.S.C. § 44707, Examining and Rating Air Agencies. The Administrator is authorized to provide for the examination
and rating of air agencies, such as civilian flight schools, repair stations, and other air agencies. The Administrator is also authorized to issue certificates
for these flight schools, repair stations, and air agencies.
B. Policy Statement of the FAA as it Pertains to Promoting Aviation Safety for Certificate Holders. SAS is a system safety
approach to oversight based on FAA policy. The FAA follows regulatory policy, which recognizes the obligation of the certificate holder to maintain the highest
possible degree of safety. SAS implements our policy by providing safety controls (i.e., regulations and application) of business organizations and individuals who
fall under FAA regulations. Under SAS, our primary responsibilities are to:
1) Verify an applicant can operate safely and comply with the regulations and standards before issuing a certificate and approving
or accepting programs.
2) Conduct periodic reviews to verify that a certificate holder continues to meet regulatory requirements when the environment changes.
3) Validate the performance of a certificate holder’s approved and accepted programs for the purpose of Continued Operational
4) Identify regulatory noncompliance or safety issues and correct them as effectively, quickly, and efficiently as possible.
5) Use the most effective means to return an individual or entity that holds an FAA certificate, approval, authorization, or
license to full compliance and to prevent recurrence.
C. SAS Concepts and Principles.
1) Definitions of Safety and Risk. Safety is the state in which the risk of harm to people or property damage is reduced to and
maintained at or below an acceptable level through a continuing process of hazard identification and risk management (RM). Risk is the combination of predicted
severity and the likelihood of the potential effect of a hazard. In this context, an air carrier’s duty is to provide service with the highest degree of
safety in the public interest, which means that the air carrier must identify hazards in its operating environment and manage associated risks. Similarly, an air
carrier’s ability to manage risk is an important part of the FAA’s determination to ensure that the air carrier is equipped to operate safely under
49 U.S.C. and the regulations and standards prescribed by 14 CFR.
2) System Safety. The goal of system safety is to optimize safety by the identification of hazards within an environment and to
eliminate or control their associated risk. We do this by performing Design Assessments (DA) and Performance Assessments (PA) based on system safety principles.
Certificate holders fulfill their responsibilities by designing operating systems that manage hazard-related risks and by providing service with the highest degree
of safety in the public interest. These concepts are fundamental to SAS. The FAA uses a risk-based, data-supported system approach to conduct oversight that
validates the certificate holder’s ability to manage risk and to achieve safety objectives.
3) Safety Attributes. The key to safety is managing safety-critical processes. This is a responsibility of a certificate holder
in meeting the regulatory obligations. Every Data Collection Tool (DCT) question is based on one of the Safety Attributes listed in Table 10-1-1A, Safety Attributes.
Safety Attributes provide a foundation for the DCTs so that principal inspectors (PI) can make informed decisions about the certificate holder’s operating
systems (1) before approving or accepting them when required to do so by the regulations, and (2) during recurring PAs.
4) Hazard. A hazard is a condition that could foreseeably cause or contribute to an aircraft accident, as defined in Title 49 of
the Code of Federal Regulations (49 CFR) part 830, § 830.2.
Table 10-1-1A. Safety Attributes
A clearly identified person who is responsible for ensuring financial and human resources to ensure the safety and quality
performance of a process.
A clearly identifiable, qualified, and knowledgeable person who has authority to effectively plan, direct, and control resources;
change procedures; and make key determinations, including safety risk acceptance decisions.
Methods or practices including checks and restraints that are written or unwritten and regulatory or nonregulatory, designed
into a process that a certificate holder/applicant uses to accomplish a desired result. “Unwritten methods” refer to certificate
holders/applicants that are not required by regulation to have documented procedures.
Developing and maintaining the need for, and adequacy of, new or revised risk controls into a process to ensure mitigation of
Monitoring and measuring the outputs and safety performance of a process and identifying problems, or potential problems, in order
to take corrective action.
Interactions between processes that must be managed in order to ensure desired outcomes.
The measure of understanding an individual has of how his or her performance of safety-related duties contributes to the
safety performance of the element.
D. Focus on a Certificate Holder’s Organization and Processes. The FAA issues certificates, monitors
compliance, investigates noncompliance, administers sanctions, and focuses on a certificate holder’s organization and process management. We monitor outputs and
outcomes, but place emphasis on the certificate holder’s ability to develop a safe process and to correct deficiencies. DAs supply objective evidence that a
certificate holder/applicant’s design processes are either adequate or inadequate. PAs supply objective evidence of either the adequacy or inadequacy of the output
of the certificate holder/applicant’s design.
E. Open System Perspective. A successful open system adapts to the needs of the environment and its resources. Safe operation
in the aviation environment requires constant adaptation. Certificate holders must provide systems that defend against the hazards in the operating environments,
including adapting to changes. DCTs are used to collect information on risks and on the certificate holder’s ability to control them.
F. Data Sharing. The FAA is responsible for reaching an assessment of a certificate holder’s or applicant’s qualification
to hold an operating certificate and to comply with regulations and standards. A qualified ASI may accomplish and validate a DA with information provided by the
certificate holder, applicant, or third party, such as the Department of Defense (DOD) or Department of Transportation (DOT), or any of the authorities associated
with a Bilateral Aviation Safety Agreement (BASA). Data sharing and open communication optimize the oversight system and leverage resources to advance safety.
NOTE: If PIs or certification project managers (CPM) provide the certificate holder or applicant with information collected or stored in
SAS to help illustrate an observation, the information must be summarized. DO NOT provide screenshots from SAS automation or data from ASI comments to those outside
the agency. This information is protected by the Freedom of Information Act (FOIA). See subparagraph H below for more information on FOIA.
G. Primary Stakeholder and Beneficiary. The U.S. public is the primary stakeholder and beneficiary of SAS. The FAA carries out the
safety mission required by statute in the interest of the public. ASIs are responsible for determining, on behalf of the public, that certificate holders can provide
service with the highest possible degree of safety.
H. Freedom of Information Act (FOIA). Records are processed under FOIA in accordance with DOT and Government-wide directives and
guidance. FAA Order
Freedom of Information Act Program (FOIA), provides guidance that governs processing requests for FAA records under FOIA.
I. Security Risks. Security is an important feature of the SAS automation. If a SAS user detects a security breach or there is an
indication of a security risk, the SAS user should immediately notify the office SAS Security Auditor. Some examples of a security breach or a risk include:
1) Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers,
or by unauthorized users or hackers (e.g., inappropriate access to sensitive data, metadata, or functions within databases; or inappropriate changes to the database
programs, structures, or security configurations).
2) Malware infections causing incidents such as unauthorized access, leakage, or disclosure of personal or proprietary data; deletion
of, or damage to, the data or programs; interruption or denial of authorized access to the database; attacks on other systems; and the unanticipated failure of
3) Overloads, performance constraints, and capacity issues resulting in the inability of authorized users to use databases as intended.
4) Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities
(e.g., unauthorized privilege escalation), data loss/corruption, performance degradation, etc.
5) Data corruption and/or loss caused by the entry of invalid data or commands, mistakes in database or system administration
processes, sabotage/criminal damage, etc.
J. Master List of Functions (MLF) Element and Program Tracking and Reporting Subsystem (PTRS). For data mining and regional reporting,
it is highly recommended to record the related MLF element in the “Local Use” field for the PTRS items listed below (e.g., if the ASI conducts an observation
related to Weight and Balance (W&B), enter Element 4.4.5).
a) Operations: 1702, 1703, 1761.
b) Maintenance: 3702, 3703, 3761.
c) Avionics: 5702, 5703, 5761.
a) Operations: 1711, 1712.
b) Maintenance: 3711, 3712.
c) Avionics: 5711, 5712.
a) Operations: 1725.
b) Maintenance: 3720.
c) Avionics: 5720.
4) Extended Operations (ETOPS) Events: 4633, 6633.
10-1-1-7 through 10-1-1-29 RESERVED.