8900.1 CHG 374

VOLUME 17  Safety management system


Indicates new/changed information.

Section 1  Safety Assurance System: Description and Methods

17-2-1-1    GENERAL.

A.    Purpose. This chapter provides guidance for Federal Aviation Administration (FAA) Flight Standards Service (AFS) personnel on the acceptance of Title 14 of the Code of Federal Regulations (14 CFR) part 121 certificate holders’ Safety Management Systems (SMS), as required by 14 CFR part 5, §§ 5.1(a) and 5.3(a).

B.    Scope. This chapter explains “what” a Certificate Management Team (CMT) should evaluate regarding a certificate holder’s SMS and “how” it should evaluate and record the acceptance of the SMS.

17-2-1-3    REGULATORY REQUIREMENT. Part 5 requires a certificate holder authorized to conduct operations in accordance with the requirements of part 121 to have an SMS that meets the requirements of part 5 and is acceptable to the Administrator by March 9, 2018.

Indicates new/changed information.

17-2-1-5    SMS ACCEPTANCE TOOLS. Use Safety Assurance System (SAS) Custom Data Collection Tools (C DCT).

A.    System Attributes. Because an SMS is a complete system, system attributes have been identified for each question in the C DCTs.

B.    National SMS Implementation.

1)    SAS C DCT Operations and Airworthiness. To aid inspectors in the completion of validation activities, there are 4 C DCTs for design assessment and 11 C DCTs for design demonstration validation. These C DCTs are available in SAS automation as national templates. Names and titles are listed below.
2)    SMS C DCTs Available in SAS.

·    SMS—Safety Policy Design Validation.

·    SMS—Safety Risk Management (SRM) Design Validation.

·    SMS—Safety Assurance Design Validation.

·    SMS—Safety Promotion Design Validation.

·    SMS—Safety Policy Design Demonstration.

·    SMS—Emergency Preparedness/Response Design Demonstration.

·    SMS—SRM (Process/Department Owner) Design Demonstration.

·    SMS—Safety Communications Design Demonstration.

·    SMS—Records Retention Process Design Demonstration.

·    SMS—SRM (Organizational) Design Demonstration.

·    SMS—Accountable Executive Review Design Demonstration.

·    SMS—Continuous Improvement Process Design Demonstration.

·    SMS—Investigation Process Design Demonstration.

·    SMS—Audit Process Design Demonstration.

·    SMS—Evaluation Process Design Demonstration.

17-2-1-7    HOW TO EVALUATE A CERTIFICATE HOLDER’S SMS FOR ACCEPTANCE. This paragraph provides standardized guidance for the evaluation process. The CMT and the certificate holder or applicant may come to an agreement upon any type of SMS that suits the certificate holder’s unique business needs, provided that the result meets the requirements of part 5.

A.    Follow the Certificate Holder’s Implementation Plan. The certificate holder’s implementation plan should describe how it intends to comply with part 5 requirements. This may include plans for new systems, processes, or procedures, as well as incorporation of existing programs and processes.

1)    The Certificate Holder’s Approved Implementation Plan.
a)    Following approval of an implementation plan, the certificate holder will begin to develop and implement its SMS. For part 5 requirements with which it is not yet compliant, the certificate holder will describe its intended compliance action(s), name the organization/group and/or individual(s) responsible for the action(s), and provide an estimated completion date for compliance.
b)    Adjustment of estimated completion dates during the implementation process is expected, especially during the first year or two. As the certificate holder proceeds with its SMS implementation, it may need to reconsider various facets of its SMS and make revisions. Such revisions may necessitate delay of estimated completion dates. Some extension of estimated completion dates may be considered acceptable, but an excessive number of delays in estimated completion dates may impact the CMT’s ability to effectively review and evaluate the certificate holder’s proposed SMS. Changes to the certificate holder’s approved implementation plan must be submitted to the CMT as soon as is practical, and may or may not be approved.

NOTE:  It should be made clear to the certificate holder that CMT approval of modified estimated completion dates in no way negates the certificate holder’s responsibility to have an SMS that meets the requirements of part 5 and is acceptable to the Administrator by March 9, 2018.

2)    Determine that the Certificate Holder Complies with Part 5 Requirements.
a)    The CMT will evaluate certificate holder documentation to ensure the design of the certificate holder’s SMS is in compliance with part 5 requirements.
b)    Examples of documentation include:

·    References to an organizational manual that describes the policy, procedures, controls, interfaces, etc. of the process that complies with part 5 requirements.

·    Other documents, such as training materials, records, interviews, observations, correspondence (e.g., emails or memos), organizational charts, or meeting minutes.

Indicates new/changed information.
c)    To assist with the recording of evaluations, CMTs may utilize the SAS Design C DCTs, per Volume 10, Chapter 5, Data Collection, Data Reporting, and Data Review and Volume 10, Chapter 6, Analysis, Assessment, and Action. The results of CMT evaluations should be maintained in accordance with these procedures. There is no requirement to attach copies of certificate holder documents to the C DCTs. See further discussion below.
d)    SAS C DCTs can be opened and closed as needed for maximum flexibility of data collection.
Indicates new/changed information.
e)     The certificate holder may implement the same SMS processes in different departments or areas of functional responsibility within its organization. For example, the certificate holder may have an SRM process at the corporate level, at the maintenance division level, and within an engine repair department. This may be the same process (e.g., SRM) that has been implemented at the same carrier at three different levels of the organization: corporate, division, and department. Evaluate the manner in which the SRM process is implemented at each level. Do not assume that an SRM process implemented at the corporate level reflects equivalent implementation of this process at other levels. A certificate holder is under no obligation to implement SRM or any other SMS process at multiple levels of its organization, nor is there an obligation for an SMS to apply to non-aviation-safety-related processes. SRM process development is a certificate holder’s responsibility; CMT evaluation should focus on establishment and utilization of the SRM process. When a certificate holder implements an SMS, the CMT will not provide assistance or evaluation on processes beyond part 5 requirements.
f)    A principal inspector (PI)-generated SAS C DCT may be constructed from questions available in SMS C DCTs.
Indicates new/changed information.
g)    Certificate holders who have implemented an SMS on their own may present their entire SMS to the CMT for part 5 acceptance. Evaluation of an entire SMS, even for a small certificate holder, is a time- and resource-intensive activity for the CMT. The CMT should develop an evaluation plan and monitor progress against it. The plan should include the evaluation process steps, assign responsibility for evaluating sections of the SMS to individual CMT inspectors, and set a realistic schedule for completing the evaluation. For assistance in developing an evaluation plan, see Volume 3, Chapter 1, Section 1, subparagraph 3-4F, Phase Four Planning. The CMT should monitor progress and take appropriate action (e.g., add/reduce resources, extend or contract the timeline) for the evaluation schedule to ensure that the SMS is adequately evaluated within a reasonable time. Should noncompliance issues be found, the CMT should provide timely feedback to the certificate holder and hold that evaluation step open until it is satisfied. The schedule should be amended accordingly. Within SAS, the Action Item Tracking Tool (AITT) is a viable tool to track initial noncompliance issues that have been discovered.
h)    The number and frequency of SAS C DCTs used is up to the CMT and the PIs. A well-maintained validation plan that guides the use of the tools will ensure that CMTs have appropriately evaluated all SAS C DCT questions to ensure a certificate holder’s SMS component has been satisfactorily assessed. When all requirements of part 5 have been satisfactorily validated, the CMT manager can accept the certificate holder’s SMS.
See paragraph 17-2-1-9, Accepting a Certificate Holder’s SMS, for acceptance procedures.
Indicates new/changed information.

B.    Unsatisfactory Submissions. Section 5.1(a) requires a certificate holder to “have a Safety Management System that meets the requirements of this part and is acceptable to the Administrator by March 9, 2018.” Unsatisfactory submissions by the certificate holder do not imply that the CMT is obligated to accept the submissions if they do not comply with part 5, even if the deadline for acceptance is drawing near. Appropriate records of submissions and discrepancy findings, (e.g., SAS C DCT, AITT) by the CMT should be maintained, as should evidence of evaluation timeliness on the part of the CMT. Differences of opinions between the certificate holder and the CMT on the acceptability of specific SMS applications should be referred through the normal chain of authority, beginning with the respective FAA Regional Office (RO) and then the Flight Standards National Field Office (AFS-900). The Safety Management System Program Office (SMSPO) is available at all stages of the SMS implementation and validation process to provide technical assistance to the CMT.

Indicates new/changed information.

17-2-1-9    ACCEPTING A CERTIFICATE HOLDER’S SMS. Procedures for acceptance of the certificate holder’s SMS implementation should follow guidance contained in Volume 3, Chapter 1, The General Process for Approval or Acceptance of Air Operator Applications.

Indicates new/changed information.

A.    Recording Acceptance of SMS Implementation. Once the CMT has determined that the certificate holder’s SMS is satisfactorily implemented, the CMT manager (e.g., office, unit, or frontline) who is the approving entity for all collective decisions of the team will accept (per Volume 3, Chapter 1, Section 1, paragraph 3-6, Phase Five) the certificate holder’s SMS in a timely manner and ensure that SMS acceptance information is entered into the Program Tracking and Reporting Subsystem (PTRS) as follows:

1)    Use activity code 1045.
2)    Enter “SMSACCEPT” in the “National Use” box.
Indicates new/changed information.

B.    SMS Acceptance Failures. Failure of the certificate holder to implement an SMS by March 9, 2018 should be addressed in the same way as a noncompliance with any other 14 CFR requirement. The CMT should document and justify any rejection(s) of the certificate holder’s SMS per Volume 3, Chapter 1, Section 1, subparagraph 3-3B, Incomplete or Unacceptable Proposal, and/or office policy. The documented results of SAS C DCT evaluations may be helpful in the development of this justification (see subparagraph 17-2-1-7B, Unsatisfactory Submissions).

17-2-1-11 through 17-2-1-25 RESERVED.