VOLUME 10 SAFETY ASSURANCE SYSTEM POLICY AND PROCEDURES
CHAPTER 1 GENERAL
Section 1 Safety Assurance System
10-1-1-1 GENERAL. This chapter explains the policy, concepts, principles,
roles and responsibilities, acronyms, and definitions for the Safety Assurance System (SAS).
A. Purpose. The purpose of this section is to provide an overview of
SAS, including statutory background, key concepts, and principles.
B. Scope. This section applies to all SAS users.
A. Statutory Authority. Title 49 of the United States Code (49 U.S.C.)
and Title 14 of the Code of Federal Regulations (14 CFR) provide the statutory
and regulatory authority for SAS, respectively. Title 49 U.S.C. is broad in
scope and contains the codified provisions of the Federal Aviation Act of 1958
(FA Act), which prescribes the powers and authorities of the Federal Aviation
Administration (FAA). Title 14 CFR is prescriptive in nature and contains specific
requirements to obtain a certificate holder Operating or Air Agency Certificate
and standards for conducting related operations. SAS is not a separate safety
standard and does not impose additional requirements on certificate holders.
The SAS policy and procedures provide aviation safety inspectors (ASI) with
standardized protocols to evaluate certificate holder programs required by regulations
to be approved or accepted. The following requirements in 49 U.S.C. Subtitle
VII, Chapter 447, Safety Regulation, are applicable to SAS:
1) Title 49 U.S.C. § 44702, Issuance of Certificates. “When issuing
a certificate under this chapter, the Administrator shall consider the duty of an air carrier to provide
service with the highest possible degree of safety in the public interest.”
2) Title 49 U.S.C. § 44705, Air Carrier Operating Certificates.
“The Administrator of the Federal Aviation Administration shall issue an air carrier
operating certificate to a person desiring to operate as an air carrier when
the Administrator finds, after investigation, that the person properly and adequately
is equipped and able to operate safely under this part and regulations and standards
prescribed under this part.”
3) Title 49 U.S.C. § 44707, Examining and Rating Air Agencies. The
Administrator is authorized to provide for the examination and rating of air agencies, such
as civilian flight schools, repair stations, and other air agencies. The Administrator
is also authorized to issue certificates for these flight schools, repair stations, and air agencies.
B. Policy Statement of the FAA as it Pertains to Promoting Aviation Safety
for Certificate Holders. SAS is a system safety approach to oversight based
on FAA policy. The FAA follows regulatory policy, which recognizes the obligation
of the certificate holder to maintain the highest possible degree of safety.
SAS implements our policy by providing safety controls (i.e., regulations and
application) of business organizations and individuals who fall under FAA regulations.
Under SAS, our primary responsibilities are to:
1) Verify an applicant can operate safely and comply with the regulations
and standards before issuing a certificate and approving or accepting programs.
2) When the environment changes, conduct assessments to verify/validate
the certificate holder’s programs continue to meet regulatory requirements.
3) Validate the performance of a certificate holder’s approved and accepted
programs for the purpose of Continued Operational Safety (COS).
4) Identify regulatory noncompliance or safety issues and correct them
as effectively, quickly, and efficiently as possible.
5) Use the most effective means to return an individual or entity that holds an FAA
certificate, approval, authorization, or license to full compliance and to prevent reoccurrence.
C. SAS Concepts and Principles.
1) Definitions of Safety and Risk. Safety is the state in which
the risk of harm to people or property damage is reduced to and maintained at an acceptable level through
a continuing process of hazard identification and risk management (RM). Risk
is the combination of predicted severity and the likelihood of the potential
effect of a hazard. Therefore, the certificate holder must identify hazards
in their operating environments and manage associated risks. Similarly, the
certificate holder’s ability to manage risk is an important part of the FAA’s
determination that they are equipped to operate safely under 49 U.S.C.
and the regulations and standards prescribed by 14 CFR.
2) System Safety. The goal of system safety is to optimize safety by the identification
of hazards within an environment and to eliminate or control their associated
risk. The FAA uses a risk-based, data-supported system approach to conduct oversight
that validates the certificate holder’s ability to manage risk and to achieve
safety objectives. We do this by performing Design Assessments (DA) and Performance
Assessments (PA) based on system safety principles. These concepts are fundamental to SAS.
3) Safety Attributes. The key to safety is managing safety-critical
processes. This is a responsibility of a certificate holder in meeting the regulatory
obligations. Every Data Collection Tool (DCT) question is based on one of the
Safety Attributes listed in Table 10-1-1A, Safety Attributes. Safety Attributes
provide a foundation for the DCTs so that principal inspectors (PI) can make
informed decisions about the certificate holder’s operating systems (1) before
approving or accepting them when required to do so by the regulations, and (2) during recurring PAs.
4) Hazard. A hazard is a condition that could foreseeably cause or contribute
to an aircraft accident, as defined in Title 49 of the Code of Federal Regulations (49 CFR) part 830, § 830.2.
Table 10-1-1A. Safety Attributes
A clearly identified individual who is accountable for ensuring financial and human resources
to ensure the safety and quality performance of the certificate holder.
Title 14 CFR part
5.25(a), (b), and (c)
A clearly identifiable, qualified, and knowledgeable individual who effectively plans, directs,
and controls resources; changes procedures; and makes key determinations including safety risk acceptance decisions.
Methods or practices that are written or unwritten, regulatory or nonregulatory,
designed into a process that a certificate holder/applicant uses to accomplish a desired result.
Note: Unwritten methods refer to certificate holders/applicants that are not required by regulation to have documented procedures.
Technical process standards through applicable specific regulatory requirements (SRR),
advisory circulars (AC), and FAA Order 8900.1 guidance.
the SMSVP Standard require procedures relevant to the SMS be documented under §
this is not considered a procedure for the purposes of this attribute.
The checks and restraints that exist within a process that ensure the potential
effects of risks are reduced to an acceptable level.
A method to monitor and measure the outputs and performance of a process, and
to identify problems, or potential problems, in order to take corrective action.
Interactions between processes that must be managed in order to ensure desired outcomes.
There are no references for this attribute.
An individual’s understanding of how his or her role contributes to the overall safety of the organization.
D. Focus on a Certificate Holder’s Organization and Processes. The FAA
issues certificates, monitors compliance, investigates noncompliance, administers
sanctions, and focuses on a certificate holder’s organization and process management.
We monitor outputs and outcomes, but place emphasis on the certificate holder’s
ability to develop a safe process and to correct deficiencies. DAs supply objective
evidence that a certificate holder/applicant’s design processes are either adequate
or inadequate. PAs supply objective evidence of either the adequacy or inadequacy
of the output of the certificate holder/applicant’s design.
E. Open System Perspective. A successful open system adapts to the needs
of the environment and its resources. Safe operation in the aviation environment
requires constant adaptation. Certificate holders must provide systems that
defend against the hazards in the operating environments, including adapting
to changes. DCTs are used to collect information on risks and on the certificate
holder’s ability to control them.
F. Data Sharing. The FAA is responsible for reaching an assessment of
a certificate holder’s or applicant’s qualification to hold an Operating Certificate
and to comply with regulations and standards. A qualified ASI may accomplish
and validate a DA with information provided by the certificate holder, applicant,
or third party, such as the Department of Defense (DOD) or Department of Transportation
(DOT), or any of the authorities associated with a Bilateral Aviation Safety
Agreement (BASA). Data sharing and open communication optimize the oversight
system and leverage resources to advance safety.
G. Primary Stakeholder and Beneficiary. The U.S. public is the primary
stakeholder and beneficiary of SAS. The FAA carries out the safety mission required
by statute in the interest of the public. ASIs are responsible for determining,
on behalf of the public, that certificate holders can provide service with the
highest possible degree of safety.
H. Unauthorized or Improper Use. Information contained in SAS and the associated policy
is intended for FAA internal use only. Unauthorized or improper use of this
information, including the sharing of information outside of the FAA, may result
in disciplinary action, as well as civil and criminal penalties.
I. Security Risks. Security is an important feature of the SAS automation.
If a SAS user detects a security breach or there is an indication of a security
risk, the SAS user should immediately notify the office SAS Security Auditor.
Some examples of a security breach or a risk include:
1) Unauthorized or unintended activity or misuse by authorized database
users, database administrators, or network/systems managers, or by unauthorized
users or hackers (e.g., inappropriate access to sensitive data, metadata,
or functions within databases; or inappropriate changes to the database programs,
structures, or security configurations).
2) Malware infections causing incidents such as unauthorized access,
leakage, or disclosure of personal or proprietary data; deletion of, or damage
to, the data or programs; interruption or denial of authorized access to the
database; attacks on other systems; and the unanticipated failure of database services.
3) Overloads, performance constraints, and capacity issues resulting
in the inability of authorized users to use databases as intended.
4) Design flaws and programming bugs in databases and the associated
programs and systems, creating various security vulnerabilities (e.g., unauthorized
privilege escalation), data loss/corruption, performance degradation, etc.
5) Data corruption and/or loss caused by the entry of invalid data or
commands, mistakes in database or system administration processes, sabotage/criminal damage, etc.
10-1-1-7 through 10-1-1-29 RESERVED.