1/8/15

 

8900.1 CHG 374

Indicates new/changed information.

VOLUME 17  Safety management system

CHAPTER 3  CONTINUOUS OVERSIGHT OF A CERTIFICATE HOLDER’S SMS PROCESSES

Section 1  Description and Methods

17-3-1-1    GENERAL.

A.    Purpose. This chapter provides guidance for Federal Aviation Administration (FAA) Flight Standards Service (AFS) personnel on the continuous oversight of a Title 14 of the Code of Federal Regulations (14 CFR) part 121 certificate holder’s Safety Management System (SMS). Volume 10, Air Transportation Oversight System, provides primary guidance for part 121 certificate holder oversight. This chapter, when used in conjunction with Volume 10, provides guidance for SMS‑specific differences.

B.    Scope. This chapter explains the “what” and “how” a Certificate Management Team (CMT) should evaluate and record oversight of a certificate holder’s SMS.

17-3-1-3    REGULATORY REQUIREMENT. Title 14 CFR part 5, § 5.1(a) requires a certificate holder authorized to conduct operations in accordance with the requirements of part 121 to have an SMS by March 9, 2018 that meets the requirements of part 5 and is acceptable to the Administrator.

17-3-1-5    SMS OVERSIGHT TOOLS AND UTILIZATION.

A.    SMS Oversight.

1)    SMS oversight will be integrated into Air Transportation Oversight System (ATOS)[1] oversight activities upon acceptance of the certificate holder’s SMS. All ATOS modules and risk management (RM) will be applied to the certificate holder’s SMS per Volume 10.
2)    The Design Assessment Supplement (DAS) Constructed Dynamic Observation Report (ConDOR) will be used to evaluate the certificate holder’s Safety Risk Management (SRM) process as applied to elements of the air carrier’s system. They will be used in conjunction with appropriate SAIs for Design Assessments (DA) of these elements for those instances where SRM is required (§ 5.51). The SRM process is a certificate holder’s responsibility; CMT evaluation should focus on utilization of the SRM process.[2]
3)    The Performance Assessment Supplement (PAS) ConDOR will be used to evaluate the air carrier’s Safety Assurance (SA) practices as applied to elements of the air carrier’s systems. They will be used in conjunction with appropriate EPIs in Performance Assessments (PA) of elements of the air carrier’s system.[3]

B.    SMS Safety Attribute Inspections (SAI). Once the certificate holder’s SMS is implemented, ATOS System 8 SAIs will function in the same way as current ATOS element SAIs do. There is no change to present ATOS SAI utilization.

C.    SMS Element Performance Inspections (EPI). Currently, there are no plans to develop specific SMS EPIs as stand‑alone PAs. Rather, SMS performance questions will be added to most of the current EPIs as those EPIs are updated, changed, or modified. In the interim, a PAS ConDOR may be used to supplement current EPIs. For further PAS ConDOR discussion, see subparagraph 17‑3‑1‑5E, below.

D.    DAS ConDOR.

1)    SRM and the DAS ConDOR. In accordance with § 5.51, when a certificate holder proposes a new system or a revision to an existing system, or develops operational procedures that directly impact aviation safety, they must assess the new or changed system or procedure for potential hazards and associated risk up front. In other words, while they are developing the change, they must perform SRM and design appropriate controls for unacceptable risk. To ascertain whether the SRM process was accomplished by the certificate holder prior to implementation of a proposed change, the DAS ConDOR may be used to assist the principal inspector (PI) by asking questions about the certificate holder’s use of the SRM process (e.g., did they do it, and was it complete?).
2)    Special-Use Optional Tool. The DAS ConDOR is a special-use optional tool which will assist the CMT in evaluations of the certificate holder’s SRM processes. This should ensure that the certificate holder is applying SRM principles effectively. It should be remembered that the SRM process is a certificate holder’s responsibility. Inspector evaluation should focus on the utilization of the SRM process. There is no need to conduct a DAS ConDOR for every event the carrier engages in.
3)    Records. Certificate holders must maintain records showing that the SRM process has been completed on new or changed systems or procedures (per §5.97 (a)). SRM records do not need to be submitted to the CMT but must be available for inspection. It should be remembered that the SRM process is a certificate holder’s responsibility; CMT evaluation should focus on accomplishment and completion of the SRM process.
4)    ATOS Processes. The DAS ConDOR may be selected by PIs whenever ATOS DAs are being planned and resourced in Modules 2 and 3 of the ATOS business process. They should be considered when the CMT is involved with Comprehensive Assessment Plan (CAP) assessments (ATOS Module 2) or assigning actions during Assessment Determination and Implementation (ADI) (ATOS Modules 7 and 8). Further information on the DAS ConDOR may be found in Volume 10 and in the ATOS automation under “specific instructions” for the DAS ConDOR.

E.    PAS ConDOR.

1)    The PAS ConDOR augments appropriate ATOS Element PAs or EPIs, or it may be used as a standalone tool. Part of a complete systematic evaluation of an operational element is determining if the certificate holder is properly conducting SMS SA activities; the PAS ConDOR is an aid in conducting such evaluations.
2)    PIs may utilize the PAS ConDOR whenever ATOS PAs are being planned and resourced in Modules 2 and 3 of the ATOS business process. They should be considered when the CMT is involved with CAP assessments (ATOS Module 2) or assigning actions during ADI (ATOS Modules 7 and 8). Additionally, the PAS ConDOR may be used when the FAA identifies any regulatory nonconformance.

17-3-1-7 through 17-3-1-21 RESERVED.



[1] As ATOS is replaced by the Safety Assurance System (SAS), equivalent SAS tools and processes will be utilized in place of ATOS.

[2] FAA Order VS 8000.367A, Chapter 5, subparagraph 1c(1)(b) specifies that: “AVS services/offices must use outputs of their product/service provider organizations’ SRM functions as inputs to their acceptance or approval (i.e., certification) of new and modified designs (e.g., product designs, organizational designs, new or modified operating practices).”

[3] Order VS 8000.367A, subparagraph 1c(2)(b) specifies: “AVS services/offices must use outputs from the product/service provider organizations’ SMSs as inputs to their assurance of the safety management performance of those organizations.”