Air Traffic Organization
Safety Management System ManualApril 2019Air Traffic Organization
FOREWORDThe fundamental mission of the Air Traffic Organization (ATO) is to ensure thesafe provision of air traffic services in the National Airspace System (NAS).Thanks to its employees, the ATO operates the safest, most efficient air trafficsystem in the world.As the ATO helps build the Next Generation Air Transportation System, theresulting cross-organizational changes to the NAS require an intensive,proactive, and systematic focus on assuring safety. ATO uses the SafetyManagement System (SMS) to achieve this. The SMS constitutes the operatingprinciples that support the ATO in objectively examining the safety of itsoperations.This document is the result of an ATO-wide effort, and reflects currentinternational best practices and intra-agency lessons learned. It marks animportant next step toward a mature and integrated SMS in the FAA. Therefore,it is important that all ATO personnel work diligently to uphold and follow theprocedures and guidance in this SMS Manual to manage safety risk and helppromote a positive safety culture in the ATO and the FAA.Teri BristolChief Operating OfficerAir Traffic Organization
Contents1.Safety Management System Overview1.1 Overview1.1.1 About the SMS Manual1.1.2 Establishment and Continuous Support of the ATO SMS1.1.3 SMS Continuous Improvement1.1.3.1 Measuring NAS-Wide ATO Safety Performance1.1.4 SMS Benefits1.2 The Four Components of SMS1.2.1 SMS Components1.2.2 Safety Culture and Promotion: Valuing Safety in the ATO1.2.2.1 Overview of Safety Culture, Safety Assurance, and SRM1.2.2.2 Safety Programs and Initiatives1.3 SMS Policy1.3.1 SMS Policy Derivations1.3.1.1 ICAO SMS Policy1.3.1.2 FAA SMS Policy1.3.1.3 AOV Order1.3.1.4 ATO SMS Policy and Requirements1.3.2 Policy Compliance with SMS1.3.3 FAA Documents Related to SMS Requirements1.3.3.1 Safety Reporting1.3.3.2 Facilities and Equipment Management1.3.3.3 Hardware and Software System Development1.3.3.4 Safety Management and Risk Assessment2.Managing Safety Risk in a System of Systems2.1 SRM and Safety Assurance2.1.1 Introduction to Managing System Safety2.1.2 Safety Assessment Using the Tenets of SRM and Safety Assurance2.1.3 SRM: Proactive and Reactive Hazard and Risk Reduction2.1.4 Safety Assurance: Identifying and Closing Safety Gaps2.1.4.1 Audits and Assessments2.1.4.2 ATO Quality Assurance and Quality Control2.2 Identifying and Addressing System Vulnerabilities2.2.1 System Gaps and Hazard Defenses2.2.1.1 Overview and Causes of System Gaps2.2.1.2 Hazard Defenses2.2.2 The Human Element’s Effect on Safety2.2.3 Closing Gaps Using SRM and Safety Assurance Principles andProcesses2.2.4 Safety Order of Precedencei
3.The Safety Analysis and Risk Mitigation Process3.1 Overview3.1.1 Overview of the SRM Process3.1.2 SRM Safety Analysis Phases3.2 Scope of the SRM Process3.2.1 When to Perform a Safety Analysis3.2.2 When a Safety Analysis May Not Be Required3.2.2.1 Overview3.2.2.2 NAS Change Proposal3.2.2.3 Examples of NAS Changes Unlikely to Require a SafetyAnalysis3.3 DIAAT Phase 1: Describe System3.3.1 Overview3.3.2 Bounding and Scoping Safety Analyses3.3.2.1 Bounding Safety Analyses in an Integrated NAS3.3.2.2 Required Depth and Breadth of the Analysis3.3.2.3 Involving Other FAA LOBs3.3.2.4 Setting the Scope of the Analysis3.3.3 Defining the System / NAS Change3.3.3.1 Describe the System and the NAS Change3.3.3.1.1 Overview3.3.3.1.2 Considerations when Defining the System3.3.3.2 5M Model Method3.4 DIAAT Phase 2: Identify Hazards3.4.1 Overview3.4.2 Potential Sources of Hazards3.4.2.1 Existing Hazards3.4.2.1.1 Identified but Not in the Scope of an Ongoing NASChange3.4.2.1.2 Hazards Identified by Audits3.4.2.1.3 Hazards Identified by Top 53.4.2.1.4 Emergency Modifications3.4.2.1.5 Existing High-Risk Hazards3.4.3 Elements of Hazard Identification3.4.3.1 Techniques for Hazard Identification and Analysis3.4.3.1.1 Developing a PHL3.4.3.1.2 Developing a HAW3.4.3.1.3 Other Accepted Tools and Techniques3.4.4 Causes and System State Defined3.4.5 Addressing Hazards that Cross FAA Lines of Business3.4.5.1 Hazard Escalation and Reporting3.5 DIAAT Phase 3: Analyze Risk3.5.1 Overviewii
3.5.2 Controls3.5.3 Defining a Credible Hazard Effect3.5.4 Defining Risk3.5.4.1 How to Define and Determine Risk3.5.4.2 Determining Severity3.5.4.2.1 Assessing Severity of NAS Equipment HazardEffects3.5.4.2.2 Using the NAS Equipment Worst Credible SeverityTable3.5.4.3 Determining Likelihood3.5.4.3.1 Likelihood versus Frequency3.5.4.3.2 What to Consider When Defining Likelihood3.5.4.3.3 Calculating Likelihood with Quantitative Data3.5.4.3.4 Determining Likelihood When No Data AreAvailable3.6 DIAAT Phase 4: Assess Risk3.6.1 Overview3.6.2 Risk Levels and Definitions3.6.2.1 High Risk3.6.2.2 Medium Risk3.6.2.3 Low Risk3.6.3 Plotting Risk for Each Hazard3.7 DIAAT Phase 5: Treat Risk3.7.1 Overview3.7.2 Risk Management Strategies3.7.2.1 Risk Control3.7.2.2 Risk Avoidance3.7.2.3 Risk Transfer3.7.2.4 Risk Assumption3.7.3 Documenting Safety Requirements3.7.4 Determining Predicted Residual Risk4.Developing Safety Performance Targets and Monitoring Plans4.1 Developing Safety Performance Targets4.2 Developing the Monitoring Plan4.2.1 Monitoring Activities4.2.2 Frequency and Duration Monitoring4.3 Post-SRM Monitoring4.3.1 Monitoring and Current Risk4.3.2 Predicted Residual Risk Is Not Met4.3.3 Predicted Residual Risk Is Met4.3.4 Residual Risk4.3.5 Monitoring and Tracking of Changes Added to the Operating NASiii
5.Preparing, Performing, and Documenting a Safety Analysis5.1 Overview5.1.1 Safety Analysis Process Flow5.2 Preparing a Safety Analysis5.2.1 Planning and Initial Decision-Making5.2.1.1 Scope5.2.1.2 Detecting Potential for Hazards5.2.2 Preparing for In-Depth Safety Analyses5.2.2.1 SRM Panel Facilitator5.2.2.2 SRM Panel Co-Facilitator5.2.2.3 Facilitation by AJI Safety Case Leads5.2.2.4 Pre-SRM Panel Assessment of the Scope of the Analysis5.2.2.5 Involving AOV during a Safety Analysis5.2.2.6 SRM Panel Membership5.2.2.6.1 Overview5.2.2.6.2 SRM Panel Guidance for Bargaining UnitParticipation5.2.2.6.3 Participation on SRM Panels Outside of a ServiceUnit or the ATO5.2.2.6.4 Primary SRM Panel Roles5.2.2.6.5 Examples of Skills and Backgrounds for SRMPanel Members5.3 Performing a Safety Analysis5.3.1 SRM Documents5.3.2 Administering the SRM Panel Meeting5.3.3 Factors that Jeopardize Safety Assessment Results5.3.4 SRM Panel Deliberations5.4 Safety Risk Management Documentation5.4.1 Hazard Analysis Worksheet5.4.2 Monitoring Plan5.4.3 SRM Documents5.4.3.1 Safety Finding With Hazards5.4.3.2 Safety Finding Without Hazards5.4.4 Writing the SRM Document5.4.4.1 Executive Summary5.4.4.2 SRM Document Signatures5.4.4.3 Current System5.4.4.4 Description of Change / Existing Safety Issue5.4.4.5 Rationale for a Safety Finding Without Hazards (If NoHazards Are Identified)5.4.4.6 Hazard and Risk Analysis (If Hazards Are Identified)5.4.4.7 Monitoring Plan (If Hazards Are Identified)5.4.4.8 Dissentioniv
5.4.4.9 SRM Panel Attendees5.4.4.10 Appendices5.4.5 SMTS5.4.5.1 Implementation Dates in SMTS5.5 Special SRM Efforts/Considerations5.5.1 Deactivation, Removal, or Decommissioning of NAS Equipment5.5.2 Emergency Modifications5.5.3 Existing High-Risk Hazards5.5.4 Documentation, Review, and Approval Process for Waivers toSeparation Minima5.5.4.1 Initiate the Request for a New Waiver or Waiver Renewal5.5.4.2 Waiver Development Guidance: Identify AppropriateHazards5.5.4.3 Relationship between the Waiver Request and the SRMDocument5.5.4.3.1 Waiver Renewals5.5.4.3.2 Waiver Approval6.Risk Acceptance and Safety Documentation Review6.1 Risk Acceptance and Approval and Overview6.2 Scope of NAS Changes6.2.1 Local Implementation6.3 Approving Safety Requirements6.3.1 Appropriate Signatories6.3.2 Endorsing Implementation of Safety Requirements6.3.2.1 Safety Requirements Not Planned for Implementation6.3.2.2 Safety Requirements Planned for Implementation6.3.2.3 Safety Recommendations6.4 Risk Acceptance6.4.1 Authority to Accept Safety Risk6.4.2 Risk Acceptance Outside of the Air Traffic Organization6.5 SRM Document Concurrence6.6 SRM Document Approval6.6.1 Service Unit SRM Documentation Approval or Concurrence6.6.2 AJI Review and Approval6.6.2.1 AJI Participation in System Acquisition Safety Analyses6.6.3 AOV Approval and Acceptance6.6.3.1 Items Requiring AOV Approval6.6.3.2 Items Requiring AOV Acceptance6.6.4 Coordination of SRM Documentation6.7 Revising an SRM Documentv
7.ATO Audit and Assessment Programs7.1 Audit and Assessment Programs7.1.1 Overview7.1.2 Air Traffic Compliance Verification Evaluation Program7.1.3 Difference between ATC Facility Audits and Assessments7.1.4 National Airspace System Technical Evaluation Program7.1.5 Independent Operational Assessments7.1.6 Independent Assessments7.2 Safety Data Reporting, Tracking, and Analysis7.2.1 Purpose of Safety Data Collection and Evaluation7.2.2 AJI’s Role in Safety Data Collection and Evaluation7.2.3 Safety Data Collection and Reporting Processes7.3 Safety Incident and Accident Reporting and Analysis7.4 Reported Safety Data about Serviceability of Equipment, Systems, andFacilities7.5 Voluntary Data Reporting7.5.1 Unsatisfactory Condition Report7.5.2 Aviation Safety Hotline7.5.3 Administrator’s Hotline7.5.4 Air Traffic Safety Action Program / Technical Operations Safety ActionProgram8.Safety Data and Information Repositories8.1 Overview9.Definitions and Acronyms9.1 Definitions9.2 Acronymsvi
Section 1Safety Management System Overview1.1 Overview1.1.1 About the SMS ManualThe Safety Management System (SMS) is a formalized and proactive approach to systemsafety. It directly supports the mission of the Federal Aviation Administration (FAA), which is “toprovide the safest, most efficient aerospace system in the world.” The Air Traffic Organization(ATO) SMS is an integrated collection of principles, policies, processes, procedures, andprograms used to identify, analyze, assess, manage, and monitor safety risk in the provision ofair traffic management and communication, navigation, and surveillance services.This SMS Manual informs ATO employees and contractors about the goal of the ATO SMS,describes the interrelationship among the four components of the SMS, and instructs readers onthe process of identifying safety hazards and mitigating risk in the National Airspace System(NAS). Use this document and its complements, such as the Safety Risk ManagementGuidance for System Acquisitions, ATO Safety Guidance documents, and other FAA safetydocuments, to carry out the safety mission of the FAA and requirements of the SMS.1.1.2 Establishment and Continuous Support of the ATO SMSSafety, the principal consideration of all ATO activities, is defined as the state in which the riskof harm to persons or property damage is acceptable. Managing and ensuring the safety ofoperations using the SMS has long been a focus of air navigation service providers worldwide,with the International Civil Aviation Organization having provided the guiding principles and themandate for member organizations to have an SMS. The ATO’s SMS efforts support the FAAsafety mission, which emphasizes continuous improvement of safety and the integration ofsafety management activities across FAA organizations, programs, and Lines of Business.Efforts to develop and implement complex, integrated Next Generation Air TransportationSystem systems to improve the safety and efficiency of air travel in the United States makeclear the relevance of the SMS.1.1.3 SMS Continuous ImprovementThe SMS is the framework that the ATO uses to measure and help ensure the safety of itsoperations. In an evolving NAS, it is necessary to continuously seek improvement in ATOprocesses and policies that support ATO safety efforts and, by extension, support the SMS.The ATO and external organizations conduct audits and assessments to measure anddetermine compliance with the policies and procedures used to manage safety in the NAS. Byassessing SMS maturity, the ATO is able to identify gaps in SMS performance, opportunities forimprovement, and areas in which to focus new policy development.1.1.3.1 Measuring NAS-Wide ATO Safety PerformanceAs part of the effort to support the FAA Strategic Initiatives, and to help the FAA achieve theNext Level of Safety, the ATO has developed the System Risk Event Rate as a measure of itssafety performance. The System Risk Event Rate metric, a 12-month rolling rate that comparesthe number of high-risk losses of standard separation to the number of total losses ofseparation, is based on Risk Analysis Events. Risk Analysis Events are losses of standardseparation in which less than two-thirds of the required separation is maintained. Risk AnalysisEvents are identified and assessed as part of the Risk Analysis Process, which considerscausal factors and pilot and controller performance when assessing the severity andrepeatability of the event(s) that occurred. Through the Risk Analysis Process, Risk AnalysisEvents replace the long-standing measures of safety performance in the ATO, allowingrelationships to be drawn between events and potential causes. From performance of individualfacilities up to the NAS-wide system level, the Risk Analysis Process helps focus ATO safety1.1 SMSM 201509Originally published September 2015Uncontrolled copy when downloaded1
Section 1Safety Management System Overviewinitiatives on significant causes, events, and hazards that necessitate remedial action, thus,advancing risk-based decision-making initiatives.1.1.4 SMS BenefitsATO processes and tools that support the SMS help: Provide a common framework to proactively and reactively identify and address safetyhazards and risks associated with NAS equipment, operations, and procedures; Encourage intra-agency stakeholders to participate in solving the safety challenges of anincreasingly complex NAS; Reduce isolated analysis and decision-making using integrated safety managementprinciples; Improve accountability for safety through defined managerial roles and responsibilitiesand Safety Risk Management processes; Integrate Safety Assurance processes that enable the ATO to effectively measure safetyperformance; Promote a continuous cycle of assessing, correcting/mitigating, and monitoring thesafety of air navigation services; Foster a positive safety culture that can help improve system safety; and Measure the performance and support the improvement of the SMS.1.1 SMSM 201509Originally published September 2015Uncontrolled copy when downloaded2
Section 11.2Safety Management System OverviewThe Four Components of SMS1.2.1 SMS ComponentsThe four components of the Safety Management System (SMS) combine to create a systemicapproach to managing and ensuring safety. These components are: Safety Policy: The documented organizational policy that defines management’scommitment, responsibility, and accountability for safety. Safety Policy identifies andassigns responsibilities to key safety personnel. Safety Risk Management (SRM): A process within the SMS composed of describingthe system; identifying the hazards; and analyzing, assessing, and controlling risk. SRMincludes processes to define strategies for monitoring the safety risk of the NationalAirspace System (NAS). SRM complements Safety Assurance. Safety Assurance: A set of processes within the SMS that verify that the organizationmeets or exceeds its safety performance objectives and that function systematically todetermine the effectiveness of safety risk controls through the collection, analysis, andassessment of information. Safety Promotion: The communication and distribution of information to improve thesafety culture and the development and implementation of programs and/or processesthat support the integration and continuous improvement of the SMS within the AirTraffic Organization (ATO). Safety Promotion allows the ATO to share and provideevidence of successes and lessons learned.Figure 1.1 represents the relationship of the four SMS components in an integrated model. Theintegration and interaction of the four components is essential to managing the SMS effectivelyand fostering a positive safety culture.1.2 SMSM 201509Originally published September 2015Uncontrolled copy when downloaded3
Section 1Safety Management System OverviewFigure 1.1: The Integrated Components of the SMS1.2.2Safety Culture and Promotion: Valuing Safety in the ATO1.2.2.1 Overview of Safety Culture, Safety Assurance, and SRMSafety culture is defined as the way safety is perceived and valued in an organization. Itrepresents the priority given to safety at all levels in the organization and reflects the realcommitment to safety. The ATO uses its SMS to promote a positive safety culture throughpolicies that align safety goals with organizational standards, training, voluntary reporting, andbest practices.A strong safety culture helps ensure that personnel are trained and competent to perform theirduties and that continual training and updates on safety progress are provided. Promotingstrong safety values means that all ATO employees share lessons learned from investigationsand experiences, both internally and from other organizations.SRM and Safety Assurance are the performance-oriented components and results of the SMS,but programs and work that contribute to the Safety Promotion component are vital to achievingpositive safety outcomes throughout the ATO. The tenets of Safety Promotion are used tofoster a positive safety culture in which ATO employees understand why safety is important andhow they affect it, providing a sense of purpose to safety efforts. Each employee must considerthe potential effect their decisions may have on safety and is responsible for understanding thesignificance of his or her job as it relates to safety. SMS training identifies the importance of the1.2 SMSM 201509Originally published September 2015Uncontrolled copy when downloaded4
Section 1Safety Management System OverviewSMS and how each employee and contractor fits into the mission of using the SMS to improvesafety in the ATO. For more information on SMS training, refer to the SMS website.Open communication is critical to a positive safety culture. The ATO communicates safetyobjectives to all operational personnel to improve the way safety is perceived, valued, andprioritized. In an organization with a strong safety culture, individuals and groups takeresponsibility for safety by communicating safety concerns and striving to learn, adapt, andmodify individual and organizational behavior based on lessons learned.1.2.2.2 Safety Programs and InitiativesThe ATO maintains a positive safety culture using programs and initiatives such as: Recurrent Training: Collaboratively-developed instruction for controllers, designed tomaintain and update previously learned skills while promoting a positive safety culture. Top 5: High-priority factors that contribute to the risk in the NAS. The Top 5 isdetermined based on data obtained from the Risk Analysis Process, Voluntary SafetyReporting Programs, and other databases used to log and report unsafe occurrences. Fatigue Risk Management: A group that provides operational fatigue risk expertise,guidance, and support to the ATO in developing fatigue reduction strategies and policyrecommendations to mitigate and manage operational fatigue risks in the NAS. Partnership for Safety: A joint effort between the ATO and the National Air TrafficControllers Association that encourages employees to become actively engaged inidentifying local hazards and developing safety solutions before incidents occur. Voluntary Safety Reporting Programs oAir Traffic Safety Action Program (ATSAP): A confidential system forcontrollers and other employees to voluntarily identify and report safety andoperational concerns. For more information, refer to the ATSAP website.oConfidential Information Share Program: A program for
6.4.2 Risk Acceptance Outside of the Air Traffic Organization 6.5 SRM Document Concurrence 6.6 SRM Document Approval 6.6.1 Service Unit SRM Documentation Approval or Concurrence 6.6.2 AJI Review and Approval 6.6.2.1 AJI Participation in System Acquisit
SA Learner Driver Manual Road Traffic Signs Version: Draft Page 1 of 56 2. ROAD TRAFFIC SIGNS, SIGNALS AND MARKINGS The purpose of road traffic signs is to regulate traffic in such a way that traffic flow and road traffic safety are promoted. 1. SIGNS IN GENERAL Road traffic signs can be divided into the following six main groups:
Precision Air 2355 air cart with Precision Disk 500 drill. Precision Air 2355 air cart with row crop tires attached to Nutri-Tiller 955. Precision Air 3555 air cart. Precision Air 4765 air cart. Precision Air 4585 air cart. Precision Air 4955 cart. THE LINEUP OF PRECISION AIR 5 SERIES AIR CARTS INCLUDES: Seven models with tank sizes ranging from
the destination. The traffic light system designed by Salim Bin Islam provided a design and development of a microcontroller based intelligent traffic control system. He proposed a new intelligent traffic control system that is to control the traffic system through traffic signal on the basis of current traffic density.
Traffic light controller, Real-time traffic signaling, congestion, ZigBee communication board, Google Traffic API, Agent-based traffic modeling. ABSTRACT: Controlling of traffic signals optimally helps in avoiding traffic jams as vehicle volume density changes on temporally short and spatially small scales.
2. The traffic study may include an analysis of the effectiveness and cost of the traffic calming measures included in this handbook. 3. The traffic study will include deploying traffic counters to measure the speed and volume of traffic at various points along the roadway. The traffic counters will collect data for a minimum of two weeks. 4.
Traffic signs tell you about traffic rules, hazards, where you are, how to get where you are going, and where services are located. The shape and color of these signs give clues to the type of information they provide. Traffic controls include traffic signals, traffic signs and pavement markings. Traffic control also can be provided
ANSP Air navigation services provider ASBU Aviation system block upgrade ATC Air traffic control ATFM Air traffic flow management ATM Air traffic management ATS Air traffic service BRLOS Beyond radio line-of-sight BVLOS Beyond visual line-of-sight C2 C2 Link CAA Civil aviat
58 AIR FORCE Magazine / May 2016 Acronyms & Abbreviations AABactivated 1935. Named for Lt. Col. Frederick I. Eglin, Army Air Base AAFRG (ANG), RPA operations; 309th Aerospace Army Airfield AB Air Base ABG Air Base Group ABW Air Base Wing ACC Air Combat Command ACG Air Control Group ACS Air Control Squadron ACTS Air Combat Training Squadron ACWHistory: Air Control Wing
