VOLUME 10 SAFETY ASSURANCE SYSTEM POLICY AND PROCEDURES
CHAPTER 1 General
Section 1 Safety Assurance System
10-1-1-1 GENERAL. This chapter explains the policy, concepts,
principles, roles and responsibilities, acronyms, and definitions for the Safety
Assurance System (SAS).
A. Purpose. The purpose of this section is to provide an overview
of SAS, including statutory background, key concepts, and principles.
B. Scope. This section applies to all SAS users.
A. Statutory Authority. Title 49 of the United States Code (49
U.S.C.) and Title 14 of the Code of Federal Regulations (14 CFR) provide the
statutory and regulatory authority for SAS, respectively. Title 49 U.S.C. is
broad in scope and contains the codified provisions of the Federal Aviation
Act of 1958 (FA Act), which prescribes the powers and authorities of the Federal
Aviation Administration (FAA). Title 14 CFR is prescriptive in nature and contains
specific requirements to obtain a certificate holder operating or air agency
certificate and standards for conducting related operations. SAS is not a separate
safety standard and does not impose additional requirements on certificate holders.
The SAS policy and procedure provide aviation safety inspectors (ASI) with standardized
protocols to evaluate certificate holder programs required by regulations to
be approved or accepted. The following requirements in 49 U.S.C., Subtitle VII,
Chapter 447, Safety Regulation, are applicable to SAS:
1) Title 49 U.S.C., Section 44702, Issuance of Certificates.
“When issuing a certificate under this chapter, the Administrator shall consider
the duty of an air carrier to provide service with the highest possible degree
of safety in the public interest.”
2) Title 49 U.S.C., Section 44705, Air Carrier Operating Certificates.
“The Administrator of the Federal Aviation Administration shall issue an air
carrier operating certificate to a person desiring to operate as an air carrier
when the Administrator finds, after investigation, that the person properly
and adequately is equipped and able to operate safely under this part and regulations
and standards prescribed under this part.”
3) Title 49 U.S.C., Section 44707, Examining and Rating Air Agencies.
The Administrator is authorized to provide for the examination and rating of
air agencies, such as civilian flight schools, repair stations, and other air
agencies. The Administrator is also authorized to issue certificates for these
flight schools, repair stations, and air agencies.
B. Policy Statement of the FAA as it Pertains to Promoting Aviation
Safety for Certificate Holders. SAS is a system safety approach to oversight
based on our policy. The FAA follows a regulatory policy, which recognizes the
obligation of the certificate holder to maintain the highest possible degree
of safety. SAS implements our policy by providing safety controls (i.e., regulations
and application) of business organizations and individuals who fall under FAA
regulations. Under SAS, our primary responsibilities are to:
· Verify an applicant can operate safely and comply with the regulations
and standards before issuing a certificate and approving or accepting programs;
· Conduct periodic reviews to verify that a certificate holder continues
to meet regulatory requirements when the environment changes; and
· Validate the performance of a certificate holder’s approved and
accepted programs for the purpose of Continued Operational Safety (COS).
C. SAS Concepts and Principles.
1) Definitions of Safety and Risk. Safety is the state in which
the risk of harm to people or property damage is reduced to and maintained at
or below an acceptable level through a continuing process of hazard identification
and risk management (RM). In this context, a certificate holder’s duty is to
provide service with the highest degree of safety in the public interest. The
certificate holder must identify hazards in its operating environment and manage
the associated risks. Similarly, a certificate holder’s ability to manage risk
is an important part of our determination to ensure that the certificate holder
is equipped to operate safely under 49 U.S.C. and the regulations and standards
prescribed by 14 CFR.
2) System Safety. The goal of system safety is to optimize safety
by the identification of hazards within an environment and to eliminate or control
their associated risk. We do this by performing Design Assessments (DA) and
Performance Assessments (PA) based on system safety principles. Certificate
holders fulfill their responsibilities by designing operating systems that manage
hazard-related risks and by providing service with the highest degree of safety
in the public interest. These concepts are fundamental to SAS. The FAA uses
a risk-based, data-supported system approach to conduct oversight that validates
the certificate holder’s ability to manage risk and to achieve safety objectives.
3) Safety Attributes. The key to safety is managing safety-critical processes.
This is a responsibility of a certificate holder in meeting the regulatory obligations.
Every Data Collection Tool (DCT) question is based on one of the Safety Attributes
listed in Table 10-1-1A, Safety Attributes. Safety attributes provide a foundation
for the DCTs so that principal inspectors (PI) can make informed decisions about
the certificate holder’s operating systems (1) before approving or accepting
them when required to do so by the regulations, and (2) during recurring PAs.
4) Risk. The combination of predicted severity and the likelihood
of the potential effect of a hazard.
5) Hazard. A hazard is a condition that could foreseeably cause or contribute
to an aircraft accident, as defined in Title 49 of the Code of Federal Regulations
(49 CFR) part 830, § 830.2.
Table 10-1-1A. Safety Attributes
A clearly identifiable, qualified, and knowledgeable
person who is accountable for the quality of a process.
A clearly identifiable, qualified, and knowledgeable
person who has the authority to set up and change a process.
Written or unwritten methods, regulatory or
nonregulatory, which a certificate holder/applicant uses to accomplish
a particular process.
Checks and restraints designed into a process
to ensure a desired result.
Used to validate a process and identify problems
or potential problems in order to correct them.
Interactions between processes that must be
managed in order to ensure desired outcomes.
D. Focus on a Certificate Holder’s Organization and Processes. The FAA issues
certificates, monitors compliance, investigates noncompliance, administers sanctions,
and focuses on a certificate holder’s organization and process management. We
monitor outputs and outcomes, but place emphasis on the certificate holder’s
ability to develop a safe process and to correct deficiencies. DAs supply objective
evidence that a certificate holder/applicant’s design processes are either adequate
or inadequate. PAs supply objective evidence of either the adequacy or inadequacy
of the output of the certificate holder/applicant’s design.
E. Open System Perspective. A successful open system adapts to
the needs of the environment and its resources. Safe operation in the aviation
environment requires constant adaptation. Certificate holders must provide systems
that defend against the hazards in the operating environments, including adapting
to changes. DCTs are used to collect information on risks and on the certificate
holder’s ability to control them.
F. Data Sharing. The FAA is responsible for reaching an assessment
of a certificate holder’s or applicant’s qualification to hold an operating
certificate and to comply with regulations and standards. A qualified ASI may
accomplish a DA with information provided by the certificate holder, applicant,
or third party, such as the Department of Defense (DOD) or Department of Transportation
(DOT), or the European Aviation Safety Agency (EASA), as long as a qualified
ASI validates the data. Data sharing and open communication optimizes the oversight
system and leverages resources to advance safety.
NOTE: If PIs or certification project managers (CPM) provide the certificate
holder or applicant with information collected or stored in SAS to help illustrate
an observation, the information must be summarized. DO NOT provide screen shots
from SAS automation or data from ASI comments to those outside the agency. This
information is protected by the Freedom of Information Act (FOIA). See subparagraph
H for more information on FOIA.
G. Primary Stakeholder and Beneficiary. The U.S. public is the
primary stakeholder and beneficiary of SAS. The FAA carries out the safety mission
required by statute in the interest of the public. ASIs are responsible for
determining on behalf of the public that certificate holders can provide service
with the highest possible degree of safety.
H. Freedom of Information Act (FOIA). Records are processed under
FOIA in accordance with DOT and Government-wide directives and guidance. The
current edition of FAA Order
Freedom of Information Act Program (FOIA), provides guidance that
governs processing requests for FAA records under FOIA.
I. Security Risks. Security is an important feature of the SAS automation. If a SAS user detects
a security breach or there is an indication of a security risk, the SAS user
should immediately notify the office SAS Security Auditor. Some examples of
a security breach or a risk include:
1) Unauthorized or unintended activity or misuse by authorized
database users, database administrators, or network/systems managers, or by
unauthorized users or hackers (e.g., inappropriate access to sensitive data,
metadata, or functions within databases, or inappropriate changes to the database
programs, structures, or security configurations).
2) Malware infections causing incidents such as unauthorized
access, leakage, or disclosure of personal or proprietary data; deletion of
or damage to the data or programs; interruption or denial of authorized access
to the database; attacks on other systems; and the unanticipated failure of
3) Overloads, performance constraints, and capacity issues resulting
in the inability of authorized users to use databases as intended.
4) Design flaws and programming bugs in databases and the associated
programs and systems, creating various security vulnerabilities (e.g., unauthorized
privilege escalation), data loss/corruption, performance degradation, etc.
5) Data corruption and/or loss caused by the entry of invalid
data or commands, mistakes in database or system administration processes, sabotage/criminal
J. Master List of Functions (MLF) Element and Program Tracking and Reporting
Subsystem (PTRS). For data mining and regional reporting, it is highly recommended
to record the related MLF element in the “Local Use” field for the PTRS items
listed below (e.g., if the ASI conducts an observation related to Weight and
Balance (W&B), enter Element 4.4.5).
a) Operations: 1702, 1703, 1761.
b) Maintenance: 3702, 3703, 3761.
c) Avionics: 5702, 5703, 5761.
a) Operations: 1711, 1712.
b) Maintenance: 3711, 3712.
c) Avionics: 5711, 5712.
a) Operations: 1725.
b) Maintenance: 3720.
c) Avionics: 5720.
4) Extended Operations (ETOPS) Events: 4633, 6633.
10-1-1-7 through 10-1-1-29 RESERVED.