SMS for Small Organizations: Considerations for Regulators

SMS for Small

Organizations:
Considerations for
Regulators

May 2021
1|Page
SMS for Small Organizations: Considerations for Regulators

This paper was prepared by the Safety Management International Collaboration Group (SM ICG). The
purpose of the SM ICG is to promote a common understanding of Safety Management System
(SMS)/State Safety Program (SSP) principles and requirements, facilitating their application across the
international aviation community. In this document, the term “organization” refers to a product or
service provider, operator, business, and company, as well as aviation industry organizations; and the
term “authority” refers to the regulator authority, Civil Aviation Authority (CAA), National Aviation
Authority (NAA), and any other relevant government agency or entity with oversight responsibility.

The current core membership of the SM ICG includes the Aviation Safety and Security Agency (AESA) of
Spain, the National Civil Aviation Agency (ANAC) of Brazil, the Civil Aviation Authority of the Netherlands
(CAA NL), the Civil Aviation Authority of New Zealand (CAA NZ), the Civil Aviation Authority of Singapore
(CAAS), Civil Aviation Department of Hong Kong (CAD HK), the Civil Aviation Safety Authority (CASA) of
Australia, the Direction Générale de l'Aviation Civile (DGAC) in France, the Ente Nazionale per l'Aviazione
Civile (ENAC) in Italy, the European Aviation Safety Agency (EASA), the Federal Office of Civil Aviation
(FOCA) of Switzerland, the Finnish Transport Safety Agency (Trafi), the Irish Aviation Authority (IAA),
Japan Civil Aviation Bureau (JCAB), the United States Federal Aviation Administration (FAA) Aviation
Safety Organization, Transport Canada Civil Aviation (TCCA), United Arab Emirates General Civil Aviation
Authority (UAE GCAA), and the Civil Aviation Authority of United Kingdom (UK CAA). Additionally, the
International Civil Aviation Organization (ICAO) is an observer to this group.

Members of the SM ICG:

• Collaborate on common SMS/SSP topics of interest
• Share lessons learned
• Encourage the progression of a harmonized SMS/SSP
• Share products with the aviation community
• Collaborate with international organizations such as ICAO and civil aviation authorities that have
implemented or are implementing SMS and SSP

For further information regarding the SM ICG please contact:

Claudio Trevisan Andrew Larsen Eugene Huang
EASA TCCA FAA, Aviation Safety
+49 221 89990 6019 (613) 993-9158 (202) 267-7577
claudio.trevisan@easa.europa.eu andrew.larsen@tc.gc.ca eugene.huang@faa.gov

Neverton Alves de Novais Charles Galea

ANAC CASA
+55 61 3314 4606 + 07 3144 7487
Neverton.Novais@anac.gov.br Charles.Galea@casa.gov.au

SM ICG products can be found on SKYbrary at: http://bit.ly/SMICG

To obtain an editable version of this document, contact smicg.share@gmail.com.

SMS for Small Organizations: Considerations for Regulators

Introduction

Regulator's Guidance for Dealing with Small Organizations

Implementing SMS
The introduction of safety management systems (SMS) across the aviation industry
brings some specific challenges for small organizations. Indeed, some small
organizations may feel that SMS is too complex or too costly to implement.
We hope to help you with some thoughts on how, as a regulator, you can help small
organizations to get their SMS in place and how you can assess a small organization’s
SMS.
Throughout this guidance, we consider an organization with between five and twenty
staff as a Small organization, and one with less than five staff as Very Small but you will
still need to define this for your organizations. We advise small organizations that SMS
can be boiled down to a very simple concept:
• Actively look for safety issues in your operations, products, or services;
• Develop corrective actions to reduce the risks those safety issues present; and
• Monitor to be sure that you have appropriately controlled those risks.
An SMS does not have to be complicated to be effective.
This guidance for regulators should be read in conjunction with the Safety Management
International Collaboration Group (SM ICG) SMS Guidance for Small Organizations.

How Complex is the Small Organization?

It is important that you define what constitutes a Small organization. It is not just the
size of the organization that matters, but the risk and complexity of the activity.
Complexity considerations include:
• Operating environment (mountainous terrain, arctic operations, offshore
operations, etc.);
• Number of types of operations (passenger operations, cargo, aerial work,
Emergency Medical Services, etc.);
• Fleet complexity —number of aircraft or aircraft types;
• Number of locations (bases);
• Maintenance —number of ratings, types of product ratings, specialized work,
technologies employed, number of customers and sub-contractors;
• Types of products and parts designed/manufactured;
• Number of aircraft movements (aerodromes and Air Navigation Service
Providers(ANSPs));
• Surrounding terrain and levels of equipment at aerodromes;
• Density and complexity of traffic for ANSPs;
• Extent of contracted activities; and
• Number of runways and taxiways at aerodromes.
SMS for Small Organizations: Considerations for Regulators

Several regulators have produced guidance material covering SMS for small
organizations (referred to in Appendix 1), which may be useful.
The SM ICG page on SKYbrary has some useful links to additional SMS material in the
SMS for Small Organizations article, located under the Guidance/Tools heading. This
will include guidance, tools, forms, and templates that can be customized for an
organization. Any SM ICG member will be able to give you access to a customizable
version of the templates and tools.
The following material contains some guidance on how you might approach the
assessment of a small organization’s SMS.
The key to successful SMS in small organizations is to minimize the regulatory burden.
The harder it is for an organization to achieve compliance, the less likely it will be to
embrace SMS. This still requires compliance with the requirements, but achieving
compliance is made as easy as possible.
The more willing an organization is to adopt SMS, the more effective that SMS is likely
to be.
SMS for Small Organizations: Considerations for Regulators

The ICAO SMS Framework from a Regulator’s Perspective

The following section highlights some of the additional considerations that the Regulator
needs to follow when evaluating an SMS based on the ICAO SMS Framework.
1. Safety Policy and Objectives
A small organization’s policy and objectives can (and should) be set out very simply; do
not expect a detailed document.
1.1 Management Commitment and Responsibility
Consider whether the management commitment statement really is a statement of
commitment. One way to test this is by asking whether managers know what is in the
policy.
1.2 Safety Accountabilities and Responsibilities
Consider whether the nominated Accountable Executive has the ultimate accountability
for the SMS and whether safety related responsibilities are clearly identified,
documented, and communicated throughout the organization.
1.3 Appointment of Key Safety Personnel
Consider whether someone has been appointed to look after the day-to-day running of
the SMS and whether the person has been trained. It is unlikely that small
organizations will have the resources for this to be a full-time appointment.
1.4 Coordination of Emergency Response Planning
Consider whether the emergency response plan (ERP) has been coordinated with other
organizations that may be affected and with the emergency services, and whether it
covers the likely emergencies.
1.5 SMS documentation
A small organization should not be expected to have an extensive SMS manual. It may
not even have a specific SMS manual as long as its safety processes and procedures
are documented.

2. Safety Risk Management

You would expect people across the organization to be aware of the organization’s
biggest risks and what actions are in place to mitigate them.
2.1 Hazard Identification
Consider whether the organization has a simple process to actively look for safety
issues. Does it identify safety issues from occurrence or incident reports? Does the
organization encourage good reporting? Is there a Hazard Log, and more important, is
it used?
SMS for Small Organizations: Considerations for Regulators

2.2 Safety Risk Assessment and Mitigation

Consider the process for identifying what could happen as a result of each safety issue
and assessing the consequence and likelihood. Is there a risk assessment tool and is it
used? Is it appropriate? Does the process determine acceptable risks? A risk matrix
may be useful, but in a Very Small organization, it may not be necessary.

3. Safety Assurance
You would expect the organization to have processes in place to measure and monitor
how well the SMS is performing.
3.1 Safety Performance Monitoring and Measurement
Consider how the organization measures its safety performance. Are the performance
measures appropriate? Are they appropriate for the size of the organization? Are there
other measures that might be more effective? What auditing is being carried out to
assess the effectiveness of the SMS?
3.2 The Management of Change
Consider whether the management of change process is appropriate for the size of the
organization.
3.3 Continuous improvement of the SMS
Consider whether internal audits are required; a Very Small organization will probably
not have the resources to have an internal auditor, and engaging a contract auditor may
impose a financial burden. For Very Small organizations, an internal review (a self
assessment) may be as effective as a formal audit.
The SM ICG has developed a simple Management Review template for Small
organizations in Appendix 16 of its SMS Guidance for Small Organizations. This can be
used to summarize and document the safety assurance activities on a regular basis.

4. Safety Promotion
You would expect that the organization is promoting its safety management processes
through training and ongoing communication.
4.1 Training and Education
Consider whether the Safety Manager, if there is one, has received SMS training. Have
all the staff read the SMS manual and understood their roles within the SMS. What
training resources (DVD, pamphlets, books, etc) are available?
4.2 Safety Communication
Consider how the organization communicates its safety policy, strategies, issues,
successes, and failures. Does it hold safety briefings or meetings? How often? Are
there safety bulletins? Does the management lead by example?
SMS for Small Organizations: Considerations for Regulators

Applying a Phased Approach to SMS Implementation for

Small Organizations
The regulator should consider applying a phased approach to how it accepts the
implementation of SMS in small organizations. It should be appropriate to the amount of
small organizations it is responsible for. Learning from how the phased implementation
went with large organizations will help you adapt the implementation approach
accordingly.
Most organizations will adopt a phased approach to implementing an SMS. At the same
time, some regulators may consider mandating a phased implementation. While a
mandatory phased implementation may work with some large organizations, it may be
difficult to achieve with a lot of small organizations. A mandatory phased
implementation for small organizations should be considered with caution, particularly if
the phases are tied to strict time limits. The regulator should consider the following
before deciding to use a time-limited phased implementation:
• Setting specific dates for each phase of implementation will impact your inspector
workload. There will be an increased workload for assessing each organization’s
progress and compliance at that date. Will there be enough inspectors to
complete the assessments in a timely fashion?
• Consider the limited resources that may be available to the small organization to
achieve compliance, especially in a short timeframe. Most organizations are cost
conscious and operate with tight budgets and carefully established staff
numbers. Giving more time to implement SMS may result in a more effective
SMS, rather than producing an off-the-shelf SMS that may not be suitable to an
organization's operations.
• Consider also the potential outcomes if the small organization does not (or
cannot) meet the date for compliance. If the organization supplies an essential
service (e.g., a small remote aerodrome providing a vital communication link),
what would be the regulatory response? Suspending the certificate is probably
not an option and a financial penalty, if available, might jeopardise the safety of
the operation.
Placing too stringent implementation demands is also likely to result in “push back” from
the organization; it is likely to see SMS as another administrative burden, rather than a
positive and beneficial safety program.
A good approach is for the regulator to agree on an implementation program with each
organization that is acceptable to each party. In this way, both regulator and regulated
will be able to achieve a satisfactory result.
It is important for the regulator to provide good guidance on its expectations of small
organizations, who may find it hard to interpret the regulations to implement safety
management systems that suit their size. Phased visits may also provide an
opportunity to work with the organization to influence and provide guidance.
SMS for Small Organizations: Considerations for Regulators

Inspector Training
The regulator’s inspectors need to recognize that the SMS of a small organization is
likely to be much simpler. It may be accomplished with less documentation and
procedures than would be required for a larger organization. Inspectors should be
trained to recognise what a good but simple SMS looks like. This will help them to
accept simpler documentation and procedures that still meet the SMS requirements.
All inspectors should read any guidance material issued by the regulator about SMS
implementation in small organizations. If there is no specific guidance material issued
by the regulator, there are useful SM ICG products for small organizations on SKYbrary.
The SM ICG has produced a document on regulatory SMS Inspector Competency
Guidance that should be referred to. Assuming that inspectors have received basic
SMS training, the following additional subjects should be covered:
• Proportionality within the regulatory framework, if any;
• How to encourage small organizations to implement effective SMS;
• Challenges of SMS implementation in small organizations;
• Best practices of SMS implementation in small organizations;
• Safety culture and communication in small organizations; and
• Planning and carrying out an SMS evaluation for small organizations.
While some training could be computer-based, a facilitated training session is
recommended. This should include case study exercises, preferably undertaken in
groups. This would allow inspectors to explore the varieties of SMS they may
encounter. Instructors should emphasize that an SMS needs to fit the size, nature, and
complexity of the organization and that there is probably no single “right answer” to an
exercise.
The means of achieving compliance may differ across the industry and informal
processes may meet the intent of SMS requirements for some small organizations. The
training should emphasise that inspectors should not push particular solutions for SMS
(either their own personal views or examples from other organizations).
The training should encourage inspectors to provide advice and guidance to small
organizations during the evaluation process. This will encourage the organization to be
open in its responses. Inspectors should understand how the organization is
establishing its SMS first and then determine how suitable it is.

Information Sharing
A small organization may have difficulty in collecting internal data because of the low
level of activity (e.g., number of flights, number of movements). If a just reporting culture
is not in place, reporting may be limited because of the difficulty of ensuring anonymity
in a small organization.
SMS for Small Organizations: Considerations for Regulators

When there is little feedback on operations, reactive hazard identification is difficult to

achieve. In the same way, it may be difficult for a small organization to collect external
data, as there may be insufficient resources to monitor events encountered by other
organizations.
Sharing information between small organizations can provide a much bigger source of
safety information. Information sharing can be initiated either by the organization itself
or with the assistance of the regulator.
The regulator has an important role to play in sharing information as it has an overview
of safety issues shared by similar organizations. This could be done through regular
safety meetings with small organizations. These meetings would allow organizations to
present their safety issues and the regulator to present the results of accident and
incident investigations and to raise common issues found during SMS audits.
The regulator could also arrange meetings on particular safety topics, inviting relevant
organizations of all sizes, so that small organizations could benefit from the experience
of larger organizations. Industry associations should also be invited to safety meetings.
Because of the lack of resources, it is sometimes challenging for small organizations to
attend meetings, so arranging for them to be broadcast via video or web-based
conference could reduce travel burdens and encourage wider attendance.
The regulator could set up a common database through which operators could access
de-identified incidents reports of other organizations.
Inspectors might allocate time during audits or inspections for safety promotion,
conveying safety messages and sharing safety plan priorities, safety bulletins, and
accident and incident reports.
SMS for Small Organizations: Considerations for Regulators

Appendix 1: Regulator’s Guidance Material for Small

Organizations
Transport Canada – Advisory Circular 107-002: Safety Management System
Development Guide for Smaller Aviation Organizations
This Advisory Circular (AC) addresses each SMS element for both minimal-complexity,
one-person operations and moderate complexity organizations, with documentation
examples throughout.

UK CAA – Safety Management Systems – Guidance for Small, Non-complex

Organizations
This provides a guide to SMS, highlighting key points for small organizations. It includes
useful examples of SMS documentation and checklists.

CAA NZ – SMS Booklet 03 – Guidelines for Small Aviation Organizations

This booklet contains information designed to help small aviation organizations to
implement an effective SMS that is built-for-purpose without being difficult or resource-
intensive.

CASA SMS Book 7 – SMS for Small, Non-complex Organizations

This is a simple overview of SMS for smaller aviation organizations, such as those
involved in transport/charter, training and maintenance. It defines ‘small, non-complex’,
highlights the fact that SMS is scalable—that not all elements of an SMS will look the
same in all organizations—and that there are advantages to being small.