hazard identification chapter 6 and risk management · pdf filehazard identification and risk...
TRANSCRIPT
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 1 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
CHAPTER 6
TABLE OF CONTENTS
6. Hazard Data Gathering Methods
6.1 Reactive and Proactive report 6.2 Safety Data Collection for Risk Management 6.2.1 SAMS 6.3 Hazard Identification & Risk managements 6.3.1 Hazard identification 6.3.2 Risk Assessment Technique 6.3.2 Risk Assessment ~ Tables 6.4 Risk Acceptability Matrix 6.5 Action Criteria
6.6 Risk Mitigation
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 2 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6. HAZARD DATA GATHERING METHODS
The risks and costs inherent in commercial aviation necessitate a rational process for decision-making. Implementation of risk management processes is critical to an effective safety management programme. Risks cannot always be eliminated; nor are all conceivable safety management measures economically feasible. Risk management facilitates this balancing act, beginning with hazard identification. The creation and operation of effective hazard identification programs is fundamental to effective safety management. An organization may draw from a broad menu of safety activities to identify hazards or safety issues warranting further action. The effective identification of hazards can be achieved by brainstorming, using an appropriate selection of management and staff; staff surveys and a review of pertinent accident/incident records from both internal and external sources. Hazard identification should be initially undertaken to provide a comprehensive assessment of the risks that face the Airline. Subsequently, hazard identification should be periodically reviewed. The process should also be repeated whenever there is a significant change to the organization, its staff, procedures or equipment. The line manager has the responsibility for setting in place measures to remove, or mitigate the risks of, the identified hazard. The Safety Committee will monitor the completion of this task.
To be successful, the hazard identification process must take place within a non-punitive (or just) safety culture. The Management is primarily interested in learning of potential weaknesses in the system‟s safety that could lead to an accident or otherwise compromise the efficiency of the operation. Blame is only an issue when individuals are culpable of reckless or negligent behavior. For the most part these are two distinct elements in the safety management system: one is reactive, the other proactive. The basic difference is the method of discovery: the reactive process responds to events that have already occurred, whilst the proactive method actively seeks to identify potential hazards through an analysis of the everyday activities of the company. The exception to this rule occurs when a potential hazard has been reported through the company‟s safety reporting program.
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 3 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.1 Reactive and Proactive reporting
Hazard identification may be reactive or proactive in nature. Occurrence reporting and investigations are essentially reactive. Proactive hazard identification processes actively seek feedback by observing and analyzing routine day-to-day operations. Trend monitoring is used to predict future hazards e.g, FDM and Engine Trend Monitoring. In addition to internal safety assessments and audits, the PIA management utilizes the following hazard identification inputs and methods:
6.1.1 Hazard Data Gathering methods
DESCRIPTION RESPONSIBILITY DOCUMENT
Accident Reporting Form
Pilot-in-command MOR-1 (CAA Form F.1-41) APP „A‟
Director Safety & QA MOR-1 (CAA Form F.1-41) APP „A‟
Maintenance: Chief Engineer QA CAA 055 (III) APP „B‟
Incident Reporting Form
Pilot-in-Command MOR (CAA Form F.1-41) APP „A‟
Director Safety & QA MOR (CAA Form F.1-41) APP „A‟
Engineering & Maintenance PCAA AW 114 Delay incident Reporting Form
APP „B‟
Air Safety Reporting
Cockpit crew CS/ASR/COCKPIT/001 APP „D-1‟
Confidential Reporting
Cockpit / cabin Crew CS/CORE/COCKPIT/001 APP „D-2‟
Occurrence Reporting (Additional)
E forms will be completed by the operating crew and will be handed over to the operations control.
General Manager Central Control will forward the copy of E series form to
Director Safety & QA
Punctuality & Delay Incidents Report
De-Brief Reports Bird Strike Report Near Miss Lightning Strike
APP „E-1‟ APP „E-2‟ APP „E-3‟ APP „E-4‟
SAMS- A web based application for confidential reporting
Director Safety & QA A web based application for confidential reporting both for air and ground through registered reporters
Safe Card (For Confidential Reporting of both HSE and SMS hazards)
All PIA Employees HSE-F-14 A (APP „L‟)
Safety Risk Assessment (SRA)
Safety Action Groups shall maintain (develop, update, keep record) of SRAs, a controlled copy shall be sent to Director Safety & QA for oversight, consolidation and Safety Data base Management & Facilitation.
Risk assessment can be done through different means ,like SAMS, SAG Meetings, HSE-F-02 A (APP „L‟), or any other approved document/form
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 4 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.1.2 Types of Hazard
PIA SMS program covers all types of Hazards in its reporting mechanism. Following are the examples of some hazards, but not limited to this list, which are to be reported and analysed for risk assessment and mitigation;
a) Inadequate preflight preparation and/or planning. b) Failure to obtain and/or maintain flying speed. c) Failure to maintain direction control. d) Improper level off. e) Failure to see and avoid objects or obstructions f) Mismanagement of fuel. g) Improper inflight decisions or planning. h) Misjudgment of distance and speed. i) Improper operation of flight controls j) Undocumented cannibalization of aircraft parts k) Undocumented maintenance on aircraft. l) Operation of ground equipment without authorization / permission.
Vehicles driving without permit license. m) No information/intimation of Missing tools . n) Maintenance of aircraft without consulting AMM / other relevant
documents and not following SOP‟s. o) Birds menace / droppings on Aircraft during groundings. p) Improper receiving of U/S components and loss of components. q) Unattended, U/S and consumable items outside cage. r) 50% aircraft not covered in docks. s) Tire servicing. t) Improper aircraft jacking. u) Aircraft Towing. v) Transportation of Engine for dispatch to cargo
Other than these, hazards associated with weather, intended landing sites, exceptions to TCAS alert, operations in conflicting traffic in airspace without radar coverage, flight following capabilities outside controlled airspace and hostile environment are also reported for risk analysis and mitigation
All above mentioned hazards associated with operations and maintenance are identified, analyzed and mitigated with control strategies at acceptable level through defined procedures
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 5 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.2 Safety Data Collection and Risk Management
6.2.1 By Using SAMS
Besides other conventional methods, PIA is also using SAMS for Safety management. SAMS (Safety Assessment and Management System) is a web based software tool, developed by Airbus, used for processing, measurement and analysis of identified hazards and safety reports. SAMS is a dedicated tool for the enforcement of SMS requirements which is used for hazard identification, risk assessment, and actions management. It is primarily designed for flight operations, Engineering and Maintenance along with other ground & support services.
SAMS provides PIA Safety department a platform to submit safety reports, analyse them, perform statistics, record actions taken and manage safety issues. SAMS promote the confidential reporting culture by using options to filter out the reporter‟s identification information from reports contents. It can also interact with AirFASE, extract selective data and has the ability to produce the information statistically.
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 6 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.2.2 Terms & Abbreviations associated with SAMS
TERM/ABBREVIATION DEFINITION/DESCRIPTION
SAMS Safety Assessment Management System
REPORTER Authority to create report and follow actions
OPERATOR Authority to create report, Occurrence, issue and initial assessment
ANALYST Authority to create report, Occurrence, issue, final assessment, validation and Safety judgment
GATE KEEPER In addition to analysis roles, authority to identify reporters
ADMINISTRATOR Authority to manage backhand system issues
REPORT Identified hazard with proper information
OCCURRENCE A proper filled and analysed report with allocated risk index
ISSUE Potentially severe hazard/report, repeated occurrence
ACTION To assign the responsibility for mitigation of the risk
ORC Occurrence Risk Categorization ( Impact on process)
KRC KeyWord Risk Categorization,
SIRA Safety Issue Risk Assessment
SUBMITTED Submitted report, ready to create occurrence (if required) and analysis
IN ANALYSIS Analysis in progress by the operator and analyst with allocation of risk index
VALIDATED Analyst authority for final safety judgment of an Occurrence
PROCESSED Completely processed and no longer to be analysed further
6.2.3 Key Roles and Work flow in SAMS
There are 5 key roles designed in SAMS application from reporting till risk management with their assigned roles described in subsequent sections.
1. Reporter 2. Operator 3. Analyst 4. Gate keeper 5. Administrator
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 7 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.2.3.1 Reporter
Reporter can be any person, having access to SAMS, who can identify a hazard and generate safety report. The primary function of reporter is to submit reports of potential safety hazards observed during every day work. The assigned roles and work flow of a Reporter are described as under;
Create
Safety
Report
Submit
Safety
Report
Attach
Report
Docs
Report Flow
Reporter’s Roles
· Create Safety Reports
· Access his/her Safety Reports
· Follow-up on actions assigned
When the reporter /user is creats a report, this report is not saved in SAMS data base, therefore, it has no status at the moment. For having status it has to be submitted through submit icon. After the submission, a report is considered as submitted and its source data cannot be modified anymore. It carries a unique reference number e.g (SR- 201203-001). It signifies that report is awaiting for its review and further analysis. A submitted report is available for it to be analysed and create occurrence and then actions, if needed.
In SAMS, four standard templates are being used for reporting. These templates contain all basic and standard information relevant to process/operation and situation being reported for analysis and mitigation purpose. Following are the Templates;
· Cabin Services
– Cabin reports
– Other Cabin Crew Reports
– SMS Staff report
· Engineering
– Ground Staff report
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 8 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
– Maintenance report
– Security Report
· Flight Line Operations
– Air Safety Report
– ATC Report
– Line Observation
– Other Cockpit Crew Report
· Flight Operations
– FDA Report
– Flight Ops Staff report
6.2.3.2 Operator
The safety analysis of the report starts at this stage. In addition to the reporters roles, operator can initially analyse the submitted report, create occurrence (with automated system generated unique number OC- 201203-001), based upon submitted report and assigns action to the relevant process owner. The Operator level is the first significant stage. Departmental/Divisional SAG members can only be designated as an operator with appropriate qualification and experience of relevant process. The assigned roles and work flow of an operator are described as under;
Edit Safety
Report Data &
Attach Doc
Add More &
Create
Occurrence
Start
Analysis
Submitted
Report
Operator’s Roles
In addition to Reporter’s roles, Operator
can also
· Create Occurrences
· Initial Analysis, Not the final analyst
· Actions to mitigate risks
· Create Issues
· Close assigned actions
Operator Flow
De Identified Report
Create
Actions
Create
Issue
An
aly
sis
Close Action
(Issue/
Occurrence)
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 9 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.2.3.2 (a) Risk assessment Techniques
In SAMS, for occurrence, there are two methodologies used, one is Quick ORC , and other is specific to domain/sub domain based keyword Rating of criticality. Both have the numeric values and colour coding parameters, KRC & ORC Values
ORC technique using in SAMS for establishing risk, through numeric values and colour coding, are as follows.
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 10 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
When an operator or analyst opens the submitted report, it automatically changes its status from submitted to in Analysis. Safety report is analysed at this level. Supplementary information is filled describing the reporter from an analyst point of view. Additional documents can be attached, and report risk index and occurrence risks (ORC) are defined. The operator can take actions to mitigate risks associated to the identified hazard or situation reported through safety report.
6.2.3.3 Analyst
Analyst is the most significant level in SAMS risk management process. The role of analyst can be assigned to head of Departmental/Divisional SAG or his/her nominee. Depending upon the scope of the process/operations, role of analyst can be assigned to more than one operator with appropriate qualifications and experience.
In addition to Operator‟s roles, analyst can give final safety judgment and validate the risk index (ORC). The assigned roles and work flow of an analyst are described as under;
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 11 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
Edit Safety
Report Data &
Attach Doc
Add More &
Create
Occurrence
Start
Analysis
Submitted
Report
Analyst’s Roles
In addition to Operator's roles, Analyst
can do
· Final Analysis/judgment
· Validation authority
· Close assigned actions
Analyst Flow
De Identified Report
Create
Actions
Create
Issue
An
aly
sis
Edit ORC
Validate Risk
Index
Safety
judgment
Close Action
(Issue/
Occurrence)
Supplementary information is filled describing the reporter from an analyst point of view. Additional documents can be attached, and report risk index and occurrence risks (ORC) are defined.
Safety report is completely analysed at this level and final safety judgment is made with the authority of validation.
6.2.3.4 Gate Keeper
In PIA, the primary role of gate keeper is to have the oversight of the SAMS process, from reporting of Hazards till the mitigation of risks with assigned actions. In addition to roles of analyst, gate keeper has the authority of identify a reporter‟s The gate keeper shall hold the monthly meeting with all analysts on regular basis.
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 12 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.2.3.5 Administrator
Administrator‟s role is to maintain the hard ware and software issues of SAMS alongwith maintenance and updation of server and data base. Administrator has to liaison with SAMS backhand support service provider, allocation of authority/access rights as per the corporations laid down procedures.
6.2.3.6 Issue (Creation and management)
In SAMS, Issues can also be created depending upon the potential severity and history of reoccurrence or with the combination of both. Hazard identification can expose Safety Issues, Furthermore, in SAMS, link with AirFASE database can also established and expose Safety Issues.
The Risk assessment technique used in SAMS for issue management is based upon ICAO Risk assessment Guidelines (Both for probability and severity), Note: For further details, SOP for Qualification & Regularization of Roles in SAMS and SAMS user guide/ training material can be referred
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 13 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.2.3 SAMS Work Flow Management (A Complete Process Map)
SAMS WORK FLOW MANAGEMENT
Ga
tek
ee
pr
Op
era
tor
/ A
na
lys
tR
ep
ort
er
Create
Safety
Report
Submit
Safety
Report
Cancel
Safety
report
Follow-up
Safety Report
Analyst
Follow-up
Safety Report
To be analyzed
Analyze
Safety
Report
Create
Occurrence
Follow-up
Actions Status
Create
Actions Processed
Safety
Reports
Request
Identified
Data
Request
Identified
Data
Analyse
Satistics and
reports
Follow-up Safety
issues to be
Analyzed
Create
Safety
Issue
Close
Safety
issue
Analyze
Safety
Issue
To Send the
request to
gatekeeper, the
operator create
an Action
Follow-up re
identification
requests through
record
Process Re
identification
request
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 14 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.3 Other Means of Hazard Identification and Risk management
6.3.1 Hazard Identification Sources of hazard identification can be from the voluntary reporting system (SAMS, confidential reporting, safe card, Investigation outcomes, safety survey results, safety case outcomes, pksafe, pksms and audit findings) which are proactive in nature. They can also be through accidents/ incident occurrence reporting forms which is reactive in nature and they can also be through Flight Data Monitoring, Maintenance Data Monitoring and investigation findings. Persons/Groups responsible to carry out risk identification have been mentioned in given table.
6.3.2 Risk Assessment Technique
All identified hazards are to be critically assessed and ranked in order of their risk potential. They may be assessed subjectively by experienced personnel, or they may be assessed using more formal analytical techniques. All Departmental/Divisional heads are responsible for ensuring that area managers in their jurisdiction utilize modern techniques to identify hazards associated, for every task ( both routine and non-routine)) performed in their area of responsibility; these hazards need to be recorded in the data bank, analyzed critically in terms of their severity and probability and prioritized for subsequent address. The reporting forms listed at Hazard Reporting and at various appendices, form part of the Airlines‟ pro-active data collection program.
Hazard reports through SAMS are analyzed by designated analysts of relevant operational areas in SAG meetings or special risk assessment sessions. Those hazards have the cross functional implications can be assessed or analyzed in cross functional sessions/meetings.
In SAMS, risk index obtained through an predefined automated criteria/parameters based upon industry practices.
6.3.3 Risk Assessment ~ Tables
In Risk Assessment, there are two main factors to consider: the likelihood of the occurrence (table 6.3.4.A) and the severity of the consequences ((Table 6.3.5.B)) should there be an occurrence. In assessing risks, the defenses that have been put in place to protect against such hazards need to be evaluated. These defenses can, through their absence, misuse, poor design, or conditions contribute to the occurrence or increase the risks. Through such a risk assessment process, a determination can be made as to whether the defenses are adequate. If the defenses are not adequate, then steps should be taken to increase the defenses to eliminate or mitigate the hazard.
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 15 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
The departmental SAGs can define more relevant severity & likelihood definitions based on relevance to the risk type. However, if any such tables are made the it must be communicated to Director Safety &QA for approval.
The PIA method for estimation of the likelihood of a hazard occurring is based on the following table:
6.3.4 (A) Likelihood
PROBABILITY OF OCCURRENCE
Qualitative definition
Meaning Value
Frequent Likely to occur many times (has occurred frequently)
5
Occasional Likely to occur sometimes (has occurred infrequently)
4
Remote Unlikely to occur, but possible (has occurred rarely) 3
Improbable Very unlikely to occur (not known to have occurred) 2
Extremely improbable
Almost inconceivable that the event will occur 1
TABLE - 6.3.4 A
The above table specifies the likelihood as qualitative categories, but also includes numerical values for the probabilities associated with each category. In some cases, data may be available which will allow direct numerical estimates of the likelihood of failure to be made. (For example, for the hardware elements of a system, extensive data is often available on historical component failure rates). The estimation of the likelihood of occurrence of hazards associated with human error will generally involve a greater degree of subjective assessment (and it should be borne in mind that even when assessing hardware, there is always the possibility of failures due to human error, for example, incorrect maintenance procedures).
The following table (Table 6.3.5.B) specifies the severity of the consequences of occurrences. The table also includes the numerical values assigned to severities associated with each category.
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 16 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.3.5 (B)Severity Scale
SEVERITY OF OCCURRENCES
Aviation definition
Meaning (Consider both potential or historical aspects) Value
Catastrophic · Equipment destroyed
· Multiple deaths A
Hazardous
· A large reduction in safety margins, physical distress or a work load such that the operators cannot be relied upon to perform their tasks accurately or completely.
· Serious injury(resulting in permanent disability, loss of limb etc) to a number of people
· Major equipment damage.
B
Major
· A significant reduction in safety margins, a reduction in the ability of the operators to cope with adverse operating conditions as a result of increase in work load, or as a result of conditions impairing their efficiency.
· Serious incident.
· Injury to person(s).
C
Minor
· Nuisance.
· Operating limitations.
· Use of emergency procedures.
· Minor incident.
D
Negligible · Little consequences.
E
TABLE - 6.3.5 B
6.3.6 Safety risk severity is defined as the possible consequences of an unsafe event or condition, taking as reference the worst foreseeable situation. The assessment of the severity of the consequences of the hazard if its damaging potential materializes during operations aimed at delivery of services can be assisted by questions such as:
I. How many lives may be lost (employees, passengers, bystanders
and the general public)?
II. What is the likely extent of property or financial damage (direct
property loss to the operator, damage to aviation infrastructure, third-
party collateral damage, financial and economic impact for Airline)?
III. What is the likelihood of environmental impact (spillage of fuel or
other hazardous product, and physical disruption of the natural
habitat)?
IV. What are the likely political implications and/or media interest?
6.3.7 Based on the considerations emerging from the replies to questions such as those listed in above, the severity of the possible consequences of an unsafe
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 17 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
event or condition, taking as reference the worst foreseeable situation, can be assessed using a safety risk severity table. Table 6.3.7 (A) presents a typical safety risk severity table, also a five-point table. It includes five categories to denote the level of severity of the occurrence of an unsafe event or condition, the meaning of each category, and the assignment of a value to each category. As with the safety risk probability table, this table is an example presented for educational purposes only.
The acceptability of a risk is dependent on both its likelihood and the severity of its consequences. The product of two factors “Likelihood (L) & Severity (S) “determines the overall significance of risk.
The hazards in tolerable region should be reviewed. Risks in this category are not automatically classed as tolerable. Every case must be reviewed taking into account the benefits which will result from implementation of the proposed changes as well as the risk. In general the PIA philosophy is to follow “ALARP” or reducing the risk to “as low as reasonably practicable”.
It is necessary to obtain an overall assessment of the safety risk. This is achieved by combining the safety risk probability and safety risk severity tables into a safety risk assessment matrix, an example of which is presented in Table 6.3.7 (A). For example, a safety risk probability has been assessed as occasional (4). The safety risk severity has been assessed as hazardous (B). The composite of probability and severity (4B) is the safety risk of the consequences of the hazard under consideration. Extending the discussion said above it can be seen, through this example, that a safety risk is just a number or alphanumerical combination and not a visible or tangible component of the natural world. The color coding in the matrix in Table 6.3.7 (A) reflects the tolerability regions in the inverted triangle in Figure 6.3.7 (B).
The safety risk index obtained from the safety risk assessment matrix must then be exported to a safety risk tolerability matrix that describes the tolerability criteria. The criterion for a safety risk assessed as 4B is, according to the tolerability table in Figure 6.3.7.(B), “unacceptable under the existing circumstances”. In this case, the safety risk falls in the intolerable region of the inverted triangle
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 18 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
SAFETY RISK TOLERABILITY TABLES
Table 6.3.7 (A)
Figure 6.3.7(B)
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 19 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.4 Risk Acceptability Matrix
As per PIA SMS program, risk acceptability index/sequence would be as under
Risk Assessment Index Suggested Action Criteria
Risk Index in Intolerable region (Red )
Un acceptable under the existing circumstances requires immediate action and/or stopping of operations by the concerned authorities.
Risk Index in tolerable (yellow
region)
Risk Control/Mitigation is required. Further Management Decision on cost vs benefit. Implementation of decisions shall also be on priority basis.
Risk Index in Acceptable region
(Green)
Acceptable, management may review impact in context of any potential change in environment..
Table 6.3.7(C)
Figure 6.3.7(D)
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 20 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
6.5 Action Criteria
Departmental Safety Action Group SAGs shall initiate actions based on existing risk levels to bring it down to an acceptable level. For this the respective SAG shall prepare a set of possible suggested controls along with their estimated cost, implementation duration and expected impact on existing risk level. The concerned authority shall evaluate amongst the given options, or may suggest a new option for risk review. The concerned management shall take a decision based as appropriate which may be a long term or short term strategy as suited. The minutes initiated in this context shall carry a tag line of immediate action required, on priority basis or standard minute to relate with the Action Criteria. For implementation of approved controls, the respective SAG shall follow-up the matter and verify the implemented controls. Verification shall be done by an independent person not directly involved in the implementation of the decision. Progress report shall also be reviewed and communicated to the departmental/divisional head on regular basis.
6.6 Risk mitigation
As analyzed, if the risk does not meet the pre-determined acceptability criteria, an attempt should always be made to reduce it to acceptable region, or if this is not possible, to a level as low as reasonably practicable, using appropriate mitigation procedures. The identification of appropriate risk mitigation measures requires a good understanding of the hazard and the factors contributing to its occurrence, since any mechanism which will be effective in reducing risk will have to modify one or more of these factors.
Risk mitigation measures may work through reducing the probability of occurrence, or the severity of the consequences, or both. Achieving the desired level of risk reduction may require the implementation of more than one mitigation measure. The possible approaches to risk mitigation include:
a) Revision of the system design; b) Modification of operational procedures; c) Changes to staffing arrangements; and d) Training of personnel to deal with the hazard.
The effectiveness of any proposed risk mitigation measures must be assessed by first examining closely whether the implementation of these measures might introduce any new hazards. In that case, the foregoing steps must be repeated by re-estimating hazard severity, the likelihood of the hazard occurring and then evaluating the risk. Once the system is implemented, particular attention should be paid, when evaluating the results of safety performance monitoring, to verifying that the mitigation measures are working as intended.
HAZARD IDENTIFICATION AND RISK MANAGEMENT
Chapter 6 Page 21 of 22
Corporate Safety Management System
Manual Doc # SMS/M/01
Issue 4
Rev 0
Date 07th July 2014
Controlled Document – Do not copy without prior permission of Director Safety & QA
Important Note:
Hazard Identification & Risk Management in context of SMS shall focus on Operational Safety hazards that may have a direct impact on operational safety of the airline and performance of personnel in safety critical positions.