9/18/20

 

8900.1 CHG 722

VOLUME 10  SAFETY ASSURANCE SYSTEM POLICY AND PROCEDURES

CHAPTER 7  RISK MANAGEMENT PROCESS AND SYSTEM ANALYSIS TEAM

Section 2  Safety Assurance System: Initiate a New Hazard

10-7-2-1    GENERAL.

A.    Purpose. This section describes the process to initiate and manage a new hazard and the associated risk.

B.    Scope. In the Initiate a New Hazard process, the principal inspector (PI) will:

    Identify a hazard;

    Determine if the hazard requires National Safety Analysis (NSA) support;

    Select action details;

    Select hazard details;

    Review the NSA initial hazard classification;

    Select the hazard mitigation;

    Determine if the hazard mitigation works; and

    Close the new hazard.

10-7-2-3    RESERVED.

10-7-2-5    BACKGROUND.

Indicates new/changed information.

A.    Overview. Hazard identification is a key component of the Safety Assurance System (SAS). PIs can identify safety issues throughout the SAS process. A new hazard is defined as one where current directives do not adequately control the associated risk, or risk controls do not exist to effectively mitigate risk, such as new or emerging technology that did not previously exist in the National Airspace System (NAS). When a new hazard is identified, PIs may add the action “Identify New Hazard (Request NSA Support)” during the Certificate Holder Assessment Tool (CHAT); Data Collection; or the Analysis, Assessment, and Action (AAA) process. These processes enable a PI to request national-level support to address a safety issue.

Indicates new/changed information.

B.    Participants. The PI, Office Manager (OM), and the Safety Analysis Program Office (SAPO) are the primary participants of the new hazard process. When appropriate, the PI may include aviation safety inspectors (ASI), Operations Research Analysts (ORA), and Data Quality Reviewers (DQR) to assist with historical and statistical information. The SAPO coordinates with Flight Standards (FS) policy divisions that provide subject matter expertise on safety issues.

10-7-2-7    INITIATE A NEW HAZARD.

Figure 10-7-2A.  Initiate a New Hazard Flowchart

Figure 10-7-2A. Initiate a New Hazard Flowchart

10-7-2-9    PROCEDURES.

Indicates new/changed information.

A.    A Hazard is Identified (see flowchart process step 10-7-2-9A). A hazard is defined as a condition that could foreseeably cause or contribute to an aircraft accident, as defined in Title 49 of the Code of Federal Regulations (49 CFR) part 830, § 830.2. A PI may identify hazards with the CHAT, the Action part of AAA, or Data Collection. The PI should consider the following actions when identifying a hazard: initiating a risk management process (RMP) or identifying a new hazard. The “Identify New Hazard (Request NSA Support)” option is used for a new systemic or potentially systemic safety issue that could impact multiple certificate holders. A new hazard is defined as one where current directives do not adequately control the associated risk, or risk controls do not exist to effectively mitigate risk, such as new or emerging technology that did not previously exist in the NAS. If the PI selects “Add Action” and “Identify New Hazard (Request NSA Support),” then that hazard will be tracked on the Action Item Tracking Tool (AITT). An RMP is used when the certificate holder knowingly or unknowingly accepts, or generates, an undesirable level of risk, and the PI takes action to ensure that the certificate holder is effectively managing these risks in their operation.

B.    Does the Hazard Require NSA Support? (see flowchart process step 10-7-2-9B).

Indicates new/changed information.

IF:

THEN:

The PI identifies hazards involving the certificate holder knowingly or unknowingly accepting, or generating, an undesirable level of risk,

The PI initiates an RMP. See Volume 10, Chapter 7, Section 1 for the RMP.

The PI identifies a new systemic or potentially systemic safety issue that could impact multiple certificate holders. A new hazard is defined as one where current directives do not adequately control the associated risk, or risk controls do not exist to effectively mitigate risk, such as new or emerging technology that did not previously exist in the NAS.

The PI uses the NSA functional analysis to initiate the “Identify New Hazard (Request NSA Support)” action in the automation. This action requests national level support and must be coordinated with your manager.

C.    Action Details (see flowchart process step 10-7-2-9C). This section is used to describe why this action is being taken. The default due date is the last day of the next quarter. If the due date is changed from the default due date, then add a reason in the “Due Date Change” comment box. The NSA response default due date is 15 calendar-days. Attach any supporting documentation as required.

Indicates new/changed information.

D.    Hazard Details (see flowchart process step 10-7-2-9D). This section is used to describe the hazard. This assists in risk analysis and provides targets for action plans. Enter the hazard title and description in the appropriate boxes. Complete the other fields, such as “Location” and “Related Make, Model, and Series (M/M/S).” The point of contact (POC) field includes a drop-down list with the office personnel. The PI may request the Frontline Manager (FLM) to assign a POC to assist with the new hazard process. The POC assists the PI in managing the new hazard and can be assigned action items. However, only the PI can open and close the new hazard process.

Indicates new/changed information.
1)    Potential Consequence. Although not required, the “Potential Consequence” field is important. It specifies the possible negative outcome(s) if nothing is done to mitigate the hazard. Select the potential negative consequence(s) from the list. It is helpful to enter additional descriptive information about the potential consequences in the text box. This section is used to describe why this action is being taken and should include any supporting documents.
Indicates new/changed information.
2)    Submit to NSA. The “Submit to NSA” button must be selected for the SAPO to process the “Identify New Hazard” action in the automation.
Indicates new/changed information.

E.    Initial Hazard Classification (NSA) (see flowchart process step 10-7-2-9E). The SAPO evaluates the new hazard and responds with an overall risk value. The NSA may also determine that national action may need to be taken, such as developing a new Data Collection Tool (DCT), rulemaking, or Airworthiness Directives (AD). When the SAPO completes analysis of the new hazard, the record is identified as “NSA Responded” and returned to the PI.

F.    Hazard Mitigation (see flowchart process step 10-7-2-9F). Select the risk mitigation approach from the drop-down menu. The options are Mitigate, Monitor, and Transfer. Enter a justification in the text box. See Table 10-7-2A, Hazard Mitigation Options, for a description of the hazard mitigation options.

Table 10-7-2A.  Hazard Mitigation Options

Indicates new/changed information. Indicates new/changed information.

Mitigation Options

Description

Mitigate

An action plan designed to reduce the level of risk or the likelihood of the occurrence. If the action is within the scope of the FS office’s authority, then identify actions the certificate holder must take in order to reduce the level of risk. These actions then become specific targets for risk control to eliminate or reduce the negative effects.

Monitor

An action plan to keep under systematic review. Observe and check the certificate holder/applicant’s progress or quality over a period of time.

Transfer

An action plan that transfers risk from one party to another. If the action is outside of the FS office’s authority, then determine the appropriate Federal Aviation Administration (FAA) organization that has the authority, responsibility, and accountability to take corrective action for the identified hazard. Use this approach to address risks that may require actions such as rule changes, new or revised ADs, policy changes, and safety recommendations. Once the action plan has been transferred, the new hazard can be closed. You may follow up on the status of transferred items.

Indicates new/changed information.

G.    Did the Hazard Mitigation Work? (see flowchart process step 10-7-2-9G). If the PI determines the action items are complete, or data indicates that the action plan has eliminated the hazard or reduced the associated risk to acceptable levels, then the PI validates the effectiveness of the action plan. The PI evaluates the effectiveness of the approach by verifying the hazard has been eliminated or determining the risk has been mitigated to an acceptable level. After evaluating the results of the action plan, the PI decides whether to close the new hazard or add action items. If the PI decides to add additional action items and not close the new hazard, then see Step 10-7-2-9C, Action Details. If the PI determines the action plan worked, then see Step 10-7-2-9H, Closure Justification. Use the following information as a guide to evaluate the effectiveness of the action plan:

1)    Evaluate the status of the hazard by verifying that the certificate holder addressed the risk factors that contributed to or caused the hazard to occur.
2)    Verify the certificate holder reduced the level of risk posed by the hazard.
3)    Determine if the action plan addressed each risk factor. Describe changes in the risk factors based on the action taken and analyze the related data to determine if the controls were effective.

H.    Closure Justification (see flowchart process step 10-7-2-9H). Choose the new severity and likelihood values from the drop-down menu. If the level of risk is acceptable, then close the new hazard with justification. If the level of risk is not acceptable, then return to Step 10-7-2-9C, Action Details.

Table 10-7-2B.  Risk Matrix Table

Indicates new/changed information.

Risk Matrix

Likelihood

The estimated probability or frequency of a hazard’s effect or outcome.

Severity

The consequence or impact of a hazard’s effect or
outcome in terms of degree of loss or harm.

 

High

(One or more fatalities, severe injuries and/or severe damage)

Medium

(Moderate injuries and/or substantial damage)

Low

(Minor injuries and/or light damage)

Frequent

Expected to occur routinely (more than 10 times per year)

12

(Red)

10

(Red)

8

(Yellow)

Probable

Expected to occur often (occurs between 4–9 times per year)

11

(Red)

7

(Yellow)

5

(Yellow)

Occasional

Expected to occur infrequently (occurs 1–3 times per year)

9

(Yellow)

4

(Yellow)

2

(Green)

Remote

Expected to occur infrequently (occurs one time every 1‑3 years).

6

(Yellow)

3

(Green)

1

(Green)

10-7-2-11 through 10-7-2-29 RESERVED.