Isago Sms Guidelines Gosm Ed 6 June

Guidelines on auditing a
Safety Management System

June 2017
NOTICE
DISCLAIMER: The information contained in this

publication is subject to constant review in the light
of changing government requirements and
regulations. No subscriber or other reader should
act on the basis of any such information without
referring to applicable laws and regulations and/or
without taking appropriate professional advice.
Although every effort has been made to ensure
accuracy, the International Air Transport
Association shall not be held responsible for any
loss or damage caused by errors, omissions,
misprints or misinterpretation of the contents
hereof. Furthermore, the International Air
Transport Association expressly disclaims any
and all liability to any person or entity, whether a
purchaser of this publication or not, in respect of
anything done or omitted, and the consequences
of anything done or omitted, by any such person
or entity in reliance on the contents of this publi-
cation.
© International Air Transport Association. All

Rights Reserved. No part of this publication may
be reproduced, recast, reformatted or transmitted
in any form by any means, electronic or me-
chanical, including photocopying, recording or any
information storage and retrieval system, without
the prior written permission from:
Senior Vice President

Safety and Flight Operations
International Air Transport Association
800 Place Victoria
P.O. Box 113
Montreal, Quebec
CANADA H4Z 1M1
Table of Contents
Foreword .................................................................................................................................................................................. ii
Use of this Document .............................................................................................................................................................. iv
Section 1 – Safety Management in ISAGO .............................................................................................................................. 1
1.1 Introduction .................................................................................................................................................................... 1
1.2 SMS Implementation...................................................................................................................................................... 1
1.3 ISAGO Audit Scope ....................................................................................................................................................... 2
Section 2 – SMS Audit Aims, Focus & Planning....................................................................................................................... 4
2.1 Audit Aims ..................................................................................................................................................................... 4
2.2 Audit Focus.................................................................................................................................................................... 4
2.3 Audit Planning................................................................................................................................................................ 5
2.4 The Safety Office ........................................................................................................................................................... 6
Section 3 – SMS Audit by GOSARP ........................................................................................................................................ 7
3.1 Introduction .................................................................................................................................................................... 7
3.2 Organization & Accountability ........................................................................................................................................ 7
3.2.1 The Accountable Executive ...................................................................................................................................... 7
3.3 Safety Policy & Objectives ............................................................................................................................................. 8
3.3.1 SMS......................................................................................................................................................................... 8
3.3.2 (The Safety) Manager .............................................................................................................................................. 8
3.3.3 Safety Roles & Responsibilities ................................................................................................................................ 9
3.3.4 Corporate Safety Policy (Safety Objectives) ............................................................................................................. 9
3.3.5 Safety Reporting Policy ...........................................................................................................................................10
3.3.6 Emergency Response Plan (ERP) ..........................................................................................................................11
3.3.7 SMS Documentation (SMS Manual) ........................................................................................................................11
3.3.8 SMS Implementation Plan.......................................................................................................................................12
3.4 Safety Risk Management ..............................................................................................................................................12
3.4.1 Hazard Identification ...............................................................................................................................................13
3.4.2 Safety Reporting System ........................................................................................................................................13
3.4.3 Safety Risk Assessment & Mitigation ......................................................................................................................14
3.4.4 Accident/incident Investigation & Reporting.............................................................................................................15
3.4.5 Ground Damage Reporting .....................................................................................................................................15
3.5 Safety Assurance ..........................................................................................................................................................15
3.5.1 Safety Assurance Program .....................................................................................................................................16
3.5.2 Safety Performance Metrics ....................................................................................................................................16
3.5.3 Management of Change..........................................................................................................................................17
3.5.4 Continuous Improvement of the SMS ......................................................................................................................17
3.5.5 Management Safety Decision Making .....................................................................................................................18
3.6 Safety Promotion ..........................................................................................................................................................18
3.6.1 Safety Awareness ...................................................................................................................................................18
3.6.2 Safety Information ...................................................................................................................................................18
3.6.3 Safety Training........................................................................................................................................................19
3.7 SMS Checklist ..............................................................................................................................................................20
Section 4 – Audit Summary Report - Assessment of the SMS ................................................................................................22
4.1 Introduction ...................................................................................................................................................................22
4.2 Audit SMS Summary.....................................................................................................................................................22
Appendix A – QA Provisions & SMS Training Tables ..............................................................................................................24
i
Foreword
A Safety Management System (SMS) 1 is a framework of policies, processes, procedures and techniques
for use by an organization to monitor and continuously improve its safety performance. Improvements
are made by making informed decisions on the management of operational safety risks. Annex 19 to the
Convention on International Civil Aviation (ICAO Annex 19, Safety Management) details the global
regulations for SMS that are applicable to specified air operators, air traffic service providers and certified
airports and other operational services.
The principle method of safety management prescribed by ICAO is similar for all types of operator and
service provider, based on a common framework of processes and procedures contained in 4 discrete
components that are further sub-divided into a total of 12 elements, as illustrated in figure 1 below.
Figure 1 – The 4 Components of the ICAO SMS Framework (Annex 19)
Guidance on the ICAO SMS regulations and their implementation is provided in ICAO Doc 9859, Safety
Management Manual.
The ICAO SMS regulations do not currently apply to ground service providers (Providers) but those
applicable to aircraft operations encompasses ground operations where aircraft safety is concerned.
Ground handling personnel are mentioned in the regulations in the context of reporting safety events or
issues. Providers therefore play an important role in safety management at an airport. Furthermore, by
implementing SMS, Providers would gain considerable credibility from air operators, airports and
regulatory authorities worldwide by acknowledging the contribution and influence that ground operations
has in improving the safety of aircraft operations and the airport environment in general.
IATA has already recognized the global regulations and the importance placed on the implementation of
SMS by aircraft operators. The IATA Operational Safety Audit (IOSA) program is an internationally
1 A systematic approach to managing safety, including the necessary organizational structures, accountabilities, policies and procedures.
(ICAO Annex 19)
ii
recognized and accepted evaluation system designed to assess the operational management and control
systems of an airline. All IATA members are IOSA registered and must remain registered to maintain
IATA membership. The IOSA standards are published in the IOSA Standards Manual (ISM). The current
edition, ISM Edition10, includes standard, ORG 1.1.102, that establishes the management of the safety
risks associated with aircraft operations.
The IATA Safety Audit for Ground Operations (ISAGO) is an industry audit and registration scheme aimed
primarily at creating safer ground operations and cost benefits by reducing the risk of aircraft damage,
reducing delays, and eliminating redundant audits by airlines. The GOSM Ed 5 and Ed 6 included a
review of the existing SMS provisions, elevating some to Standard level as the first and second phase of
a SMS Strategy (SMS Implementation - Strategic Plan for Upgrading ISAGO SMS Provisions 2nd Edition
September 2017). The strategy upgrades all SMS recommended practices to Standard level over a three
year period.
Auditing the SMS, internally by the Provider and by an external body (such as in the case of ISAGO), is
an essential activity as part of assurance that the SMS is, or could be made to be, effective and meets
expectations.
A specific focus on making safety management the principle component of the Organization and
Management Section of the GOSM, as well paving the way for the introduction of the ISAGO new
operational audit model in 2017, will require further refinement and amendment of the SMS provisions,
to reduce duplication, account for any changes in global regulations and define more clearly the ISAGO
audit scope and content. The annual review of the GOSM will therefore include a review of these auditing
guidelines.
2ORG 1.1.10 The Operator shall have an SMS that is implemented and integrated throughout the organization to ensure management of the
safety risks associated with aircraft operations.
Note: Conformity with this ORG standard is possible only when the Operator is in conformity with all standards that are identified by the [SMS]
symbol.
iii
Use of this Document
The GOSARPs are the basis for an ISAGO audit of a Provider. This document provides guidelines on
what to look for when auditing the SMS of a Provider, as a whole, against the SMS GOSARPs contained
in Section 1, Organization and Management (ORM) of the GOSM. Suggested recommended actions,
questions, checklists and audit summary text are also provided. It is not a definitive guide and hopefully
not a condescending one.
The guidelines do not replace formal auditing procedures and should be considered as an aid to the
Auditor Actions described in the GOSM, checklists and incorporated in Q5AIMS. More detailed
checklists (and hence more appropriate for a well-established SMS) may be found in the ICAO Doc
9859, Safety Management Manual. Refer also to ACI SMS Handbook Step A.
The IOSA SMS standards and associated guidance material that is developed would provide useful
reference material complementary to the ISAGO provisions.
The ORM is now a section including the previous three sections (ORM-H, ORM-HS and ORM-S). The
SMS related GOSARPs have also been included in the new ORM. This document will be updated, as
necessary, when changes are made to the GOSARPs and audit procedures, or through practical
experience. Suggestions for improvements are always welcome.
iv
Section 1 – Safety Management in ISAGO
1.1 Introduction
From the start it is important to keep in mind that a SMS is foremost a decision making tool. The SMS
provides the organization with information on operational and other safety risks, such that actions to
eliminate, mitigate and/or control the safety risks can be determined and, if accepted by the decision-
makers, implemented. A SMS does not normally provide immediate solutions. Although immediate action
could (and probably should) be needed to address an unexpected unsafe situation, the SMS is not
intended to cater for these situations.
Instead, processes and procedures gather safety data and information, and, once there is sufficient or
relevant data and information, formal assessments are conducted and, if necessary, measures are
implemented to prevent an identified hazardous condition escalating into an accident scenario. Done
properly, this takes time and effort. Where significant effort would be needed, such as in terms of people,
finance, equipment or change, the SMS provides senior management with the information to make
informed decisions on what to do and, if necessary, when. These decisions, when accepted as necessary,
are then translated into safety action plans to implement safety risk controls and as safety objectives. The
ultimate aim of the audit of the SMS should therefore be (in addition to assessing the organization’s
implementation and conformity with the SMS GOSARPs) whether the SMS is, or will be, effective in
achieving the safety objectives of the Provider.
Installing a SMS doesn’t happen overnight. Gradual implementation in an easy-to-do manner seems to
be the way that many aviation organizations are going about it. The IATA Strategic Plan for Upgrading
ISAGO SMS Provisions applies the same principle in a structured schedule of upgrading the SMS
GOSARPs over a three year period. The audit guidelines in this document do not differentiate between
a standard and a recommended practice as their implementation is essentially the same. Until required
and implemented, the audit would therefore have to take appropriate account of a Provider that is not
able to demonstrate full conformance with a specific GOSARP and the consequences on other
GOSARPs. Until all SMS GOSARPs are at standard level, an important feature of the audit would be an
assessment of a Provider’s implementation of the SMS (see 4.1).
1.2 SMS Implementation

A new GOSARP was introduced in GOSM Edition 5 (ORM 3.1.8 –) requiring the Provider to have an SMS
implementation plan. The SMS implementation plan should detail the way the Provider will structure its
entire organization (including all stations), resources and processes to effectively manage safety in
operations.
Considering that a safety and quality control program, with some risk assessment procedures, may
already be in place, certain aspects can be directly transferable to the SMS. It would therefore be prudent
of the Provider to follow the ICAO guidance and conduct a gap analysis to identify what changes or new
processes would be needed to comply with the ISAGO SMS implementation strategy. The
implementation plan should therefore show which SMS elements (or equivalent processes) are already
implemented, and those in the process of being or planned to be implemented. The plan should also
describe how the SMS will be based at a corporate (headquarters) level and implemented throughout the
organization.
1
Recommendation – Obtain a copy of the Provider’s SMS Implementation Plan
prior to the audit to determine the audit scope and expectations for the SMS
aspects.
It is possible that implementation progress rates may vary within a Provider, especially at stations as part
of an international organization and where local regulations may have an impact. If encountered, these
factors will have to be taken into consideration when determining the scope of the audit and the
assessment of the overall implementation of the SMS in an organization.
The SMS implementation plan should, in the way that GOSARP recommended practices are treated, give
a good indication of the Provider’s commitment and recognition of current safety practices in aviation that
are becoming the norm if not a requirement for an organization to conduct business. Credit, in the audit
report, should therefore be given when a recommended practice is implemented by the Provider as if it
were a standard. Where the SMS is already implemented, and functioning and the Provider is measuring
its effectiveness, then ORM 3.1.8 might be assessed as not applicable (N/A).
Whilst conformance with each individual GOSARP should be assessed, the SMS functions may be
integrated with other management systems and/or distributed throughout the organization. The
requirement to have a SMS (ORM 1.1.3) is not, however, met until all the SMS GOSARPs are
implemented.
1.3 ISAGO Audit Scope

The extent of the SMS activities to be included in the audit is outlined in the framework (Figure 1) as
specified in ICAO Annex 19, Safety Management, and is captured in the GOSARPs. The amount of
activity, once implemented (see also 3.3.1), would depend to a large degree upon the size of the
organization or the extent of its operations.
In many States there are civil aviation regulations that require the establishment of an SMS within aircraft
and airport operators. The services provided by Providers can have a direct influence on aircraft and
airport operations and hence, even if not explicitly applicable in the regulations, the SMS of those
operators should acknowledge many of the Provider’s operational and management activities. Similarly,
the SMS of a Provider should have established links to the SMS of the airport operator and those of
customer airlines. This aspect is very important. It makes little sense for the SMSs of all the organizations
that operate on an airport (and there can be many) to be developed or work in isolation or, in the worst
case scenario, in conflict. Indeed, there could be additional safety risks created by the actions resulting
from the SMS of an individual organization without considering the safety impact on other operators and
their operations. For a typical Provider’s operation, with multiple customer airlines, this could very likely
be the outcome if there were no measures in place for collaboration on safety management.
The interface between the SMSs of Providers, aircraft and airport operators, perhaps with the air traffic
services too, may sometimes be part of an airport collaborative decision-making initiative. This is
particularly relevant to safety reporting (as already a regulatory requirement in some cases) and the
development of safety action plans (as a result of a safety risk assessment), and the development of an
emergency response plan (ERP). The actions of a Provider may also have a direct impact on safety
performance indicators, as may be set for aircraft and airport operators by the regulatory authorities.
Some of the SMS GOSARPs (especially ORM 3.1.6 and 3.3.3) include such interactions with other
organizations on the airport. It is therefore important during a SMS audit to seek evidence of the existence
and effectiveness of external relationship procedures and communications, and to be assured that it is
bi-directional.
2
Recommendation – Identify the external organizations that may need to be
contacted to verify conformance where interaction with the Provider is specified
in a process or procedure.
A similar relationship, sometimes referred to a “bridge”, would be in effect between the Provider’s
headquarters and each station(s). The SMS audit should seek evidence of effective communication,
consistent implementation of corporate processes and procedures and clear lines of safety
responsibilities between the two. The aim of the GOSM is to ensure that the Provider has a thorough and
robust corporate management of the services it provides at each station. This is why the GOSARPs often
refer to implementation throughout the organization. Implementation in a GOSARP sense means that the
process, procedure or otherwise required action or activity at a station is directed by headquarters and
there is continuous oversight at a headquarters level to ensure correct implementation. A station audit
would therefore have to use the most recent and a valid headquarters audit as a baseline reference for
the implemented processes and procedures, and the effectiveness of the bridge should be tested for
each relevant GOSARP.
It is entirely plausible that management and communications between headquarters and the stations can
become estranged. The emphasis must be on a top (headquarters)-down approach to SMS
implementation, management and oversight - not bottom (station)-up or disconnected. The SMS audit
therefore has to verify that implementation and compliance at each station is coordinated by headquarters
and checked on a regular basis.
3
Section 2 – SMS Audit Aims, Focus & Planning
2.1 Audit Aims
The aim of the headquarters audit would be to determine the extent of implementation of the SMS
throughout the organization and the effectiveness of the corporate management aspects. The audit
summary would provide a detailed description of the Provider’s conformance with the relevant SMS
GOSARPs as implemented, see 4.2.
Similarly, the aim of the station audit would be, in addition, to determine the effectiveness of the corporate
SMS at the station through assessment of the implementation of procedures, oversight and the
deployment of SMS safety risk management and safety assurance activities.
2.2 Audit Focus

The primary focus of the SMS audit should be, where implemented, to seek evidence of:
 due diligence and competence in the assigned safety roles;

 the development, implementation of and conformance with documented processes and procedures;
 effective safety reporting systems, safety communications and awareness (hopefully, reflecting a
positive safety culture);
 coordination and cooperation with other relevant SMSs at the airport, including customer airline(s);
and
 the monitoring and measurement of SMS outcomes and effectiveness (quality assurance).
A headquarters audit would be based predominantly upon an assessment of documentation. For auditing
purposes the SMS documentation should provide a complete picture of how the SMS should work and
all the SMS activities that have taken place. A fully implemented SMS should be rich with processes and
procedures, assessments, reports, and other documentation that can be assessed against corresponding
GOSARPs; checking for content, completeness, consistency and currency. It does, however, take time
to develop a ‘safety library’ of safety reports, safety assessments, action plans and documented
decisions, which should be taken into consideration. Similarly, smaller organizations or those with limited
ground operations may not produce large volumes of documentation. However, this situation should not
prevent the organization from taking account of or using safety data and information shared or made
available publicly.
GOSARPs upgraded to Standards in GOSM Edition 5 and 6 relate to administrative processes for which
documentation should be available. As a result, there should at least be verifiable evidence of some
development and, if in advance of the SMS strategy timeline, possible implementation of an internal safety
reporting system in operation. There should be documented evidence of reports and other management
oversight records that demonstrate that processes and procedures are implemented and followed.
There should also be ample opportunities to talk with the organization's personnel, from the very top level,
and test their awareness of and whether or not they actually carry out their SMS duties and
responsibilities.
A station audit would be based on an assessment of implementation. On-site, Interviews with key people
and the observation of a procedure in operation should be undertaken as the opportunity to do so arise
4
or is requested. It should also be possible to review procedures that have been developed and evidence
of being correctly followed or reports produced and acted upon as required.
2.3 Audit Planning

The audit of a SMS would normally consist of:
 A review of documented processes, procedures, reports, assessments and records;

 An assessment of evidence of implementation of processes and procedures;
 Interviews with key safety personnel; and
 Observations of operational procedures (at a station).
While the use of computer networks (internet, intranet etc.) should render the physical location of
documentation (and its development or management) of little consequence, the verification of use and
access to SMS documentation and document management systems might depend upon the location of
the Provider’s headquarters and station(s). The organization could be spread across several countries,
and activities could vary from place to place. The documentation could also be held locally in a different
language and translation/interpretation services may need to be considered.
Interviews with the nominated key safety personnel are needed to verify conformance with corresponding
GOSARPs, that the SMS processes and procedures are implemented and used correctly, and that
everyone is aware of their SMS roles and responsibilities. Some of these personnel may be located at a
station; hence the headquarters audit should identify these personnel for when the station audit is
conducted.
Recommendation – Establish where, if different, the management and
administration of each SMS function is conducted and the location of key safety
personnel.
There are few, if any, SMS activities that can be observed in the same way as a ground operations
procedure. Even if, say, a safety assessment was taking place during the audit, there would be little
benefit in observing it. It would be more worthwhile seeking evidence that the safety assessments were
recorded properly and have produced tangible outcomes in accordance with the SMS safety risk
management and safety assurance GOSARPs. In this respect, there should be a record of the risk
assessment activity, discussions that took place and any decisions made by management.
The headquarters documentation review could, by way of records of safety events and safety risk
management/safety assurance actions, reveal the extent of the SMS activities at each station. Based on
reasoned judgment, queries could be raised and explored if one station appears to be less safe than
others, or if there is a marked difference in the number of safety reports generated at each station or how
safety issues are operationally addressed. This situation could indicate a lack of conformity with
processes and procedures at the headquarters or the station, and raised with the Provider for immediate
clarification or attention. If the reason for the anomalies is an issue at a station, the next planned audit at
that station should verify that corrective action has been successfully completed by the Provider. A
finding, however, has to be raised if the Provider’s oversight of effective SMS implementation is at fault.
Where a Provider has an extensive network of stations, perhaps 20 or more, a pragmatic approach should
be taken during the headquarters audit when assessing conformity of implementation and headquarters
oversight. A sample of stations may be chosen as a rational indication that GOSARP conformance at the
other stations is likely to be at least as good as those in the sample. In this respect, the number and
5
location of stations chosen by the auditor for the sample should consider the Provider’s ISAGO history
(in terms of results) and if potential weaknesses or failures of management oversight of station activities
are apparent. Where station sampling is used, justification, including the methodology and evidence used,
must be documented by the auditor in the headquarters audit report.
2.4 The Safety Office

Depending upon the size of the organization, the administrative aspects of the SMS (such as safety risk
management) may be undertaken by a dedicated team, perhaps a centralized Safety Office, managed
by a person normally with the title Safety Manager. This will probably mean that a station will play only a
participative role and therefore all the documentation needed for review would be accessible from the
Safety Office. The Safety Manager would be a key person in the audit.
It would be unusual for more than one Safety Office to exist in an organization but there could be more
than one Safety Manager, dependent upon the delegation of responsibilities and possibly one at each
station if the operation is large enough. The roles and responsibilities of the Safety Office and Safety
Manager(s) have to be clearly defined. The Safety Office may be located anywhere provided that effective
lines of communication with operational subject matter experts and responsibility for establishing safety
action plans are in place.
The Safety Office is also the place where safety issues (safety reports) identified at a station should be
forwarded to for processing, including review and recording, and analysis and distribution as necessary.
The Safety Office is where the administrative center of the organization and the “safety library” exist.
The Safety Office would normally be responsible for the following:
 safety reports are received and, with other safety information, are processed according to the
procedures
 safety risk assessment outcomes are handled correctly and efficiently
 actions to control safety risks are implemented and monitored
 safety performance is monitored and measured
 reviews of the SMS performance take place.
The Safety Office may also be responsible for the dissemination of safety information and facilitator of
safety training.
As the SMS becomes more established the Safety Office should increase its presence and its influence
over the safety activities throughout the organization. In future, the Safety Office and the Safety Manager
might become the focal point for the ISAGO SMS audit.
6
Section 3 – SMS Audit by GOSARP
3.1 Introduction
This section aims to provide, where perhaps necessary, some guidance on the audit of each SMS
GOSARP.
The SMS GOSARPs follow a similar format to that of the ICAO SMS framework illustrated in Figure 1. Of
the four ICAO SMS framework components, the safety policy and objectives aspects are mostly
administrative and may not change significantly over a period of time. The fourth framework component,
safety promotion, is also administrative in nature but will most likely have regular tangible outcomes and
outputs that can be audited.
The two main SMS functional areas, involving routine activities, are safety risk management and safety
assurance. These are two functions expected to be administered by the Safety Office or, in kind, by a
person with safety responsibilities at the station. If addressed at the station (or the Safety Office is located
at the station) the audit should verify that the associated GOSARPs (ORM 3.2 and 3.3) are implemented
and that there is effective management control by the Provider at a headquarters level.
Documentation is needed in nearly all cases to verify conformance with the corresponding GOSARPs but,
in general, interviews with the nominated key safety personnel may be useful and, where practicable,
observations may take place.
3.2 Organization & Accountability

Although only one GOSARP in this part of the ORM is directly linked to SMS, all the GOSARPs have an
association and therefore the SMS should be taken into consideration in the context of a management
system.
3.2.1 The Accountable Executive
ORM 1.1.2 The Provider shall identify one senior management official as the Accountable Executive who is
accountable for performance of the management system as specified in ORM 1.1.13 and:
(i) Irrespective of other functions, has ultimate responsibility and accountability on behalf of the Provider for the
implementation and maintenance of the safety management system (SMS) throughout the organization;
(ii) Has the authority to ensure the allocation of resources necessary to manage safety risks to ground operations;
(iii) Has overall responsibility and is accountable for ensuring operations are conducted in accordance with
applicable regulations and standards of the Provider. [SMS]
3 ORM 1.1.1 The Provider shall have a management system that ensures:
i. Management key policies, systems, programs, processes, procedures and/or plans are determined and implemented throughout the
organization;
ii. Lines of accountability for operational safety and security are defined throughout the organization;
iii. Resources necessary to conduct Operations in accordance with standards of the Provider, applicable regulations and requirements
of the customer airline(s) are granted at all times (GM)
7
A SMS is designed to be driven from the highest level of the organization, with clearly defined roles,
responsibilities and lines of authority and communication. At the top is the person nominated as the
Accountable Executive. An interview with this person, if possible, would be useful to ascertain the
management commitment, verify senior management involvement (in decision making) and awareness of
the SMS and its outcomes. The interview should establish whether the level of commitment typically
indicated in safety policies is in fact put into place. The answers given to simple questions can reveal a lot
and prepare the auditor for the rest of the audit.
Question – Is the Accountable Executive made fully aware of the level
of operational safety of the organization, including all the stations?
Question – What has been done to address safety issues, improve
safety and improve the SMS?
The Accountable Executive is the only person with accountability for the safety performance of the
organization and therefore should be fully aware of the SMS outputs and effectiveness.
Recommendation – Ask the Accountable Executive what the Provider’s top, say,
3 safety risks are and verify that they are represented by safety performance
indicators/targets (and possibly safety risk mitigation plans).
If it is not possible to arrange an interview, verify through documentation and questioning those persons
with SMS responsibilities that the Accountable Executive takes an active role in the SMS and for allocating
resources. The Accountable Executive should not be just a signature.
3.3 Safety Policy & Objectives

The first component of the SMS framework mainly addresses the administrative aspects of the SMS that
would also mainly be within the scope of the headquarters audit.
3.3.1 SMS
ORM 1.1.3 The Provider should have an SMS that is implemented and integrated throughout the organization to ensure
management of the safety risks associated with ground operations. [SMS]
Note: Within 2019, this recommended practice will be upgraded to a standard. Conformity with ORM 1.1.3 is
possible only when the Provider is in conformity with all standards and recommended practices that are identified
by the [SMS] symbol.
All components and elements of the SMS framework have to be in place for the SMS to function properly.
Conformance with this GOSARP would depend upon conformance with all other SMS GOSARPs. In many
cases this will not be the case; hence, the reason why this GOSARP has a standard upgrade date of 2019,
after all the other GOSARPs have been upgraded too, and the requirement for the SMS implementation
plan (ORM 3.1.8). Note that it is intended that ORM 3.1.8 will be removed once the IATA strategic
implementation plan is completed.
3.3.2 (The Safety) Manager
ORM 1.1.4 The Provider shall appoint a manager who is responsible for the implementation, maintenance and the
day-to-day administration and operation of the SMS at the corporate level and throughout the organization on
behalf of the AE. [SMS]
8
Another key safety role is that of the Manager assigned to administer the SMS – usually called the Safety
Manager. The role and responsibilities of this person (or persons depending upon if the role is spread
across several stations) should be clearly defined and there should be documented evidence of the person
performing the role. If more than one Safety Manager (or other defined job title) exists then there should be
defined lines of authority and communication such that there is no ambiguity or interference with performing
the safety responsibilities within the organization.
Question – Ask the Safety Manager or person responsible at a station
the same questions suggested to the Accountable Executive.
Question – Can the Safety Manager explain the organization’s safety
hierarchy and the lines of responsibility?
The Safety Manager should be able to demonstrate that the SMS policy and objectives, and the associated
processes and procedures are implemented at all stations. The Safety Manager should also be able to
provide evidence of the way that safety reports and safety information is processed (through the safety risk
management process) and that records and other documentation is controlled.
Recommendation – As time allows, trace a safety report through the safety risk
management process (see 3.4). Wherever possible, choose at least one that
results in a safety recommendation that required a management decision, and
mitigation measures with documented performance indicators and targets.
3.3.3 Safety Roles & Responsibilities
ORM 1.6.1 The Provider shall define the safety responsibilities of management and non-management personnel
throughout the organization and specify the levels of management with the authority to make decisions that affect
the safety of ground operations. [SMS]
.
Other key safety roles would probably be those of station personnel with direct management or supervisory
responsibilities for ground operations. Apart from documented details of the roles and responsibilities of
named persons, there should be evidence of their involvement in safety risk management and safety
assurance activities, usually as an operational expert. An interview should test the awareness and
knowledge of the assigned roles and responsibilities, and confirm recent activity.
Recommendation – Look for evidence of the named persons responsible for
ground operational safety involvement in the implementation and monitoring of
safety risk mitigation or control activities.
3.3.4 Corporate Safety Policy (Safety Objectives)
ORM 1.2.2 The Provider shall have a corporate safety policy that:
(i) Reflects the organizational commitment regarding safety;
(ii) Includes a statement about the provision of the necessary resources for the implementation of the safety
policy;
(iii) Includes safety reporting procedures as specified in ORM 3.2.2;
(iv) Indicates which types of behaviors are unacceptable and includes the circumstances under which disciplinary
action would not apply as specified in ORM 3.1.5;
(v) Is signed by the Accountable Executive of the organization;
(vi) Is communicated, with visible endorsement, throughout the organization;
(vii) Is periodically reviewed to ensure it remains relevant and appropriate to the Provider. [SMS]
Conformance is determined mostly as a straightforward verification exercise. Documentation should be in

conformity to all seven items listed in the GOSARP.
9
It should be clear from the safety policy that it is relevant to the Provider and there should be evidence of
implementation. Implementation in this sense means that it is clear that safety activities exist or actions are
taken directly as a result of the policy.
Question – Is the safety policy generic (indicating a possible lack of
detail/sincerity) or contains policies specific to the organization, or to a
station?
Resources (ORM 1.2.2(ii)) would usually be in the form of funding, people and equipment. Time, allocated
to undertake SMS activities could also be included. A typical indication of inadequate resourcing is where
SMS activities are delayed or if safety recommendations are postponed. Another indicator of inadequate
resourcing is where key safety personnel posts remain vacant for a prolonged period of time or are assigned
to people with inadequate credentials and time to undertake the extra responsibilities.
Recommendation – Examine the CVs and SMS training records of key
personnel.
For ORM 1.2.2(iii) see ORM 3.1.5 and ORM 3.2.2.
A behavior policy (ORM 1.2.2(vii)) should be clear, comprehensive and communicated to all employees.
There could be evidence provided of an example where the policy was invoked and action was taken but
be careful to respect sensitive information. Note that a non-punitive behavior policy may require approval
from a regulatory body. For example, in aviation there are instances where a mandatory report is required
but the organization may be authorized to investigate and, subject to the outcome, address the issue without
recourse to the regulatory authority.
Periodic review of the safety policy (ORM 1.2.2(vii)) would normally be covered by ORM 3.4.1 (the Quality
Assurance program – see Appendix A) but may also depend upon the implementation of ORM 3.3.4. It is
typical for a two-year review period to apply.
Although not explicitly required as a GOSARP at this time, the Provider’s safety objectives should be
documented with the safety policy. There is, however, inference of the requirement for safety objectives in
ORM 2.1.3 and 3.1.8 in documentation and the implementation plan respectively. In any case, safety
objectives should be linked to the safety policy and the safety assurance component.
Question – Are safety objectives relevant to the organization stated (or
related to safety mitigation activities)?
Safety objectives should be derived as a consequence of ORM 3.3.2. The safety objectives should reflect
any high level safety performance indicators and targets that the Provider sets and, once the safety
assurance component is fully functional, may include significant safety objectives, i.e. set as a direct result
of the Provider’s safety risk management and related to an assessment or, perhaps, set by a regulatory
authority as part of a national issue or safety campaign.
Recommendation – Look for evidence of the safety objectives incorporating an
objective that reflects an established safety performance indicator(s) associated
with a significant safety risk mitigation or control activity.
3.3.5 Safety Reporting Policy
ORM 3.1.5 The Provider shall have a corporate safety reporting policy that encourages personnel to report
hazards to ground operations and, in addition, defines the Provider's policy regarding disciplinary action, to
include:
(i) Types of operational behaviors that are unacceptable;
(ii) Conditions under which disciplinary action would not be taken by the Provider. [SMS]
10
The safety reporting policy supports the policy outlined in ORM 1.2.2(iii) and the behavior policy in ORM
1.2.2(iv) but has to specifically address safety reporting. In this respect, the policy should outline clearly
what should be reported, by whom and when. The behavior policy should reflect the “non-punitive”
requirement in ORM 3.2.2.
The safety reporting policy should also address the data protection aspects of ORM 3.2.2(iv), which may
be subject to applicable national regulations or guidelines.
Question – Is the Provider aware of the data protection regulatory
guidance provided by ICAO in Annex 19?
3.3.6 Emergency Response Plan (ERP)

ORM 3.1.6 The Provider should have a corporate emergency response plan (ERP) that includes provisions for:
(i) The central management and coordination of all the Provider's activities should it be involved in or it is
necessary to respond or react to an aircraft accident or other type of adverse event that could result in fatalities,
serious injuries, considerable damage and/or a significant disruption to operations;
(ii) The appropriate coordination or be compatible with the ERPs of other applicable organizations relevant to the
event. [SMS]
Note: Within 2018, this recommended practice will be upgraded to a standard.
The Provider's ERP should describe in a suitable document who does what, when and how for all perceived
emergency situations. The ERP should address the emergency procedures that maintain operational safety
from the time that an emergency is declared until normal operations are resumed. ERP should also address
security events.
The ERP should be made available and be known to all relevant personnel. Named persons or those in
named posts should be interviewed to test their knowledge and understanding of the ERP and their roles
and responsibilities. Personnel should also be trained and equipped to deal with their roles and
responsibilities.
While the Provider should develop its own ERP, specifying what its staff should do, it is highly likely that
the Provider’s station personnel will play a participative or perhaps a coordination role in the ERP of the
airport with some supervisory roles and functions (particularly for passenger handling). Look for the
association of the Provider with the ERP or other such contingency plans of the customer airline(s) and,
importantly, that of the airport authority. There should be evidence of collaboration in the ERP development
as required in ORM 3.1.6(ii).
Recommendation – Confirm that the Provider actively participates in the
development, maintenance and testing of the ERP of the airport.
3.3.7 SMS Documentation (SMS Manual)
ORM 2.1.3 The Provider shall have SMS documentation that includes a description of:
(i) The safety policy and objectives, SMS requirements, SMS processes and procedures, the accountabilities,
authorities and responsibilities for processes and procedures, and the SMS outputs;
(ii) Its approach to the management of safety, which is contained in a manual as a means of communication
throughout the organization. [SMS]
A SMS Manual is the recommended method of collating and documenting all the administrative SMS
policies, processes, procedures when developed. ICAO and regulatory authorities produce guidelines on
the typical content of the manual. There should be a full description of the Provider’s SMS that details what
it entails, its objectives, and the roles and safety responsibilities throughout the organization. There should
11
also be a description of how safety management activities are coordinated between the organization’s
corporate and station entities. A diagram (organizational chart) of the roles and reporting lines would be
useful. There should also be details of the corporate safety policies (management commitment to provide
resources and conformance with regulations and standards); the safety reporting system; staff behavior
and punitive actions; personnel training and safety communications.
The SMS Manual may have referenced sub-parts or other documents. It is possible that the SMS Manual
and other documents are not paper-based, but are digital files or recorded and visible only on an
internet/intranet based application. This should not make any difference but obviously the way in which a
document review is conducted could differ, perhaps in a positive way as digital media is more efficiently
transferable or transportable.
Other SMS documentation would include safety reports, safety risk management records of assessments
and decisions, safety assurance reports, internal reviews, training material and records, safety
notices/communications and other SMS products and outcomes.
In reviewing the documentation, the auditor should look not only for conformance with the GOSARP but
also for completeness and continuity of the content/information. Whatever the format, the documentation
must show evidence of document/version control or being part of a document/record management system
(as per ORM 2.1.1)4 and distribution (as per ORM 1.4.1)5.
The distance between the corporate and station locations should not result in the organizations failure to
comply with its own processes and procedures, and this is an important aspect to test when conducting a
station audit.
3.3.8 SMS Implementation Plan

ORM 3.1.8 The Provider shall have an SMS implementation plan, formally endorsed by the organization that
defines the Provider's approach to the management of safety in a manner that meets the organization's safety
objectives. [SMS]
See 1.2.
3.4 Safety Risk Management

The second component of the SMS framework addresses the management of safety risks and is associated
with GOSARPs specified in the sub-paragraphs of ORM 3.2. Safety risk management involves
administrative processes and procedures that provide for the identification and assessment of hazards
(usually raised in safety reports) that may result in a recommendation of mitigating action to reduce the
safety risk to a tolerable/acceptable level.
Where a Safety Office exists, it should be possible to conduct the audit of the safety risk management
aspects in one location. All the documentation – details of the procedures, safety reports, assessment
results and recommendations – should be available there. If not, the documentation should in any case be
4 ORM 2.1.1 The Provider shall have a system for the management and control of the internal and external documentation and/or data used
directly in the conduct or support of operations. Such system shall comprise the elements specified in Table 1.1 and shall include
documentation provided to external entities, if applicable.
5 ORM 1.4.1 The Provider shall have a communication system that:
(i) Enables and ensures an exchange of information that is relevant to the conduct of ground operations;
(ii) Ensures changes that affect operational responsibilities or performance are communicated as soon as feasible to applicable management
and front line personnel.
12
accessible within the Provider’s document control system. Operational personnel may be enlisted to assist
in conducting assessments and therefore should be familiar with the processes or procedures involved.
Continuity is a key aspect of the safety risk management function. An audit may take an example safety
report and “follow” it through the process of hazard identification, safety risk assessment and, as necessary,
the development of recommended risk reduction actions. There should be a record and description of each
step taken, the decisions made and their rationales. If a significant action is recommended (i.e. one that
involves budgeting, resources and planning) and is referred to senior management, the audit of the process
could be extended to the concluding events covered by the SMS safety assurance function, whereby the
action is implemented, monitored and measured. The documentation for these activities may only be
available on request, at the Safety Office or at the relevant station; however, the documentation should be
consistent.
3.4.1 Hazard Identification

ORM 3.2.1 The Provider should have a hazard identification program that is implemented and integrated
throughout the organization to include:
(i) A combination of reactive and proactive methods for safety data collection;
(ii) Processes for safety data analyses that identify existing hazards and predict future hazards to operations.
[SMS]
There are a number of techniques and tools available to identify hazards from safety data and safety
information derived from safety reporting systems, safety reports, external sources, etc. The audit should
verify that there is a process in place for the collection of the safety data and information and procedures
for the use of whatever hazard identification technique or tool is used. In addition, personnel involved in
safety data and information gathering and hazard identification should be adequately trained (see 3.6.3).
Safety data analysis that predict future hazards refers mainly to processes that analyze performance data
and trends. For example, an operation may be subject to a continuous safety monitoring program to identify
hazardous aspects (latent conditions) that as isolated events may be acceptable but in combination and
under certain circumstances could result in an accident (the “Swiss cheese” model).
3.4.2 Safety Reporting System

ORM 3.2.2 The Provider shall have a non-punitive operational safety reporting system that is implemented
throughout the organization in a manner that:
(i) Encourages personnel to report any incident or hazard to ground operations, identify safety hazards, expose
safety deficiencies or raise safety concerns;
(ii) Complies with applicable mandatory reporting regulations and requirements;
(iii) Includes analysis and management action as necessary to address safety issues identified through the
reporting system;
(iv) Specifies the measures to protect safety data from being used for any purpose other than the improvement of
safety and SMS. [SMS]
.
An effective safety reporting system is arguably the most important element of the SMS. Without it, there
would be little or no safety data directly relevant to the Provider’s ground operations to base safety risk
management on. Even so, the type and amount of safety reports that are received would be dependent
upon many factors - operational, logistical and cultural - and meaningful data (such that might show trends
or latent conditions) may take some time to accumulate. Nevertheless, the safety reporting system
documentation should describe what it is, its purpose and method of operation. There should be records of
each safety report submitted and, in other processes, what happened to it. Ideally, there would be evidence
13
of the safety report using a taxonomy that was consistent with that of the safety reporting systems of the
other organizations on the airport or the regulatory authority.
The safety reporting policy (as outlined in 3.3.5) should encourage the reporting of reactive (has happened),
proactive (may happen) and, possibly, predictive (looks likely with an estimated degree of certainty to
happen) events or situations. Conformance with ORM 3.2.2(i) would include evidence of the processing of
mandatory safety reports through the appropriate internal channels.
Question – Is there a means of submitting voluntary or confidential
reports?
Internal mandatory safety reports may also be mandatory in a legal or regulatory sense. Verification that
the Provider’s safety reporting system complies with local requirements would show conformance with ORM
3.2.2(ii).
ORM 3.2.2(iii) is also related to and may be addressed by ORM 3.2.3.
Verification of a process and/or procedure to implement the safety data protection policy (see 3.3.5), to
protect the reporter or dissemination of the safety data, would demonstrate conformance with ORM
3.2.2(iv).
A selection of safety reports should be examined to verify compliance with the safety reporting policy and
procedures.
3.4.3 Safety Risk Assessment & Mitigation

ORM 3.2.3 The Provider should have a safety risk assessment and mitigation program that includes processes
implemented and integrated throughout the organization to ensure:
(i) Hazards are analyzed to determine corresponding safety risks to ground operations;
(ii) Safety risks are assessed to determine the requirement for risk mitigation action(s);
(iii) When required, risk mitigation actions are developed and implemented in operations. [SMS]
NoteWithin 2019, this recommended practice will be upgraded to a standard.
Conformance with ORM 3.2.3(i) would be demonstrated by the implementation of a process and/or
procedure that addresses the outcome of the hazard identification process (ORM 3.2.1) and the
determination of the operational consequences and safety risks.
Conformance with ORM 3.2.3(ii) would be demonstrated by the implementation of a process and/or
procedure for the analysis of the outcome of ORM-H/HS/S 3.2.3(i) and develops recommendations for a
management decision on the implementation of safety risk mitigation.
Conformance with ORM 3.2.3(iii) would be demonstrated by the implementation of a process and/or
procedure for the development of a safety action plan for an agreed implementation of a safety risk
mitigation.
In addition to the verification of the safety risk assessment and mitigation processes and procedures,
records of the assessments, meeting reports and decisions taken should be examined.
The outcome of a safety risk assessment should result in either a recommendation that no further action is
necessary (the safety risk is tolerable/acceptable) or that some form of mitigation measure is needed (to
make the safety risk tolerable/acceptable). Evidence should be sought to verify that the decision was taken
in accordance with the Provider’s procedure and criteria.
Question – Are the recommendations accompanied by a project-based
(SMART) action plan?
14
3.4.4 Accident/incident Investigation & Reporting
ORM 3.2.4 The Provider should have a process:
(i) To conduct and/or participate in an investigation of an incident/accident where its services were involved, to
include reporting of events, in accordance with requirements of the costumer airline(s), the Airport Authority, and/or
State, as applicable;
(ii) For identifying and investigating irregularities and other non-routine operational occurrences that might be
precursors to an accident or incident. [SMS]
Conformance with ORM 3.2.4(i) requires the Provider to specify what it does, when required, in the event
of an investigation. The process or procedure(s) should outline the roles and responsibilities of key
personnel, including for coordination with other organizations that may be involved or leading the
investigation. The audit should verify not only the relevance and implementation of the procedure(s) but
also that these personnel are identified and fully aware of what they will have to do (or not have to do if that
is the case). There may be differences in the procedures according to State or airport, and with respect to
an airline if relevant.
Conformance with ORM 3.2.4(ii) should be verified by evaluation of the procedure(s) and any recorded
instance of where the outcome of an investigation may have had safety implications (perhaps safety
recommendations or lessons learnt) for the Provider.
3.4.5 Ground Damage Reporting

ORM 3.2.10 The Provider should have a process to ensure aircraft ground damages are reported, if not prohibited
by the customer airline(s), to IATA for inclusion in the Ground Damage Database (GDDB). Such reports should be
submitted in accordance with the formal IATA ground damage reporting structure. [SMS]
.
Sharing of safety information is a fundamental aspect of SMS. Many others may benefit from the
experiences or misfortunes of a Provider. The safety information may prove useful in predicting trends or
potential safety risks, and could prove the effectiveness of the SMS in a safety assurance sense. Instances
of ground damage should always be reported at least to the Provider concerned. The report should then,
subject to whatever measures are needed to protect the identity of the reporter, be shared with other
interested parties, including the airline concerned.
IATA is one the interested parties and conformity with ORM 3.2.10 requires the Provider to submit a report
to the Ground Damage Database. The audit should verify that this process is in place and occurs unless
there is an exception applied where an airline specifically prohibits such action. A valid signed contract
between the Provider and IATA should be available and, unless evidence of a prohibition from each
customer airline is provided; evidence of submissions (not internal reports) to IATA (in the prescribed
format) should be verified. Conformance may also be not applicable where the Provider performs only cargo
operations (no transport to and from the aircraft) or only check-in and boarding activities (no boarding bridge
maneuver activities).
Recommendation – Confirm with IATA that an alleged GDDB report has been
submitted by the Provider.
3.5 Safety Assurance

The third component of the SMS framework addresses the monitoring of implemented actions to mitigate
safety risks, assessment of the effectiveness of the SMS and general management of potential safety
issues associated with change.
15
Although the functional aspects of safety assurance might be performed by the Safety Office or other
administrative personnel, the data or information provided would normally be provided by operational
personnel or specific operational monitoring activities.
3.5.1 Safety Assurance Program
ORM 3.3.1 The Provider should have a safety assurance program, including a detailed audit planning process
and sufficient resources that provides for the auditing and evaluation of the effectiveness of the management
system and ground operations at all stations to ensure the Provider is:
(i) Complying with applicable safety regulations and requirements of the customer airline(s);
(ii) Identifying hazards to operations;
(iii) Monitoring effectiveness of safety risk controls;
(iv) Verifying safety performance in reference to the safety performance indicators and safety performance
targets. [SMS]
In a similar manner to that of existing quality assurance GOSARPs, the SMS safety assurance program
comprises internal processes and procedures for the evaluation of the safety risk management function
and monitoring an implemented safety risk management recommendation.
Conformance with ORM 3.3.1(i) would be demonstrated by records of periodic or on-demand assessments
of internal procedures with external requirements, which may have changed during the course of ISAGO
certification or since the last audit. This aspect should also confirm the interaction that the Provider has with
all external parties at the airport.
Conformance with ORM 3.3.1(ii) would be demonstrated by records of periodic assessments of the
effectiveness of the hazard identification process in ORM 3.2.1.
Conformance with ORM 3.3.1(iii) would be demonstrated by records of periodic assessments of the
appropriateness of the in-progress or completed safety action plans for the implementation of safety risk
controls developed in ORM 3.2.3(iii).
Conformance with ORM 3.3.1(iv) would be demonstrated by an examination of the process or procedure
for the development of the safety performance metrics (safety indicators, targets etc.) and the periodic
measurement of the metrics with respect to the in-progress or completed safety action plans for the
implementation of safety risk controls developed in ORM 3.2.3(iii). A procedure should also be in place in
the event of loss of safety performance or failure to meet a specified safety performance target, which might
be to re-initiate the safety risk management process.
3.5.2 Safety Performance Metrics
ORM 3.3.2 The Provider should have processes for setting performance objectives and measures as a means to
monitor the operational safety performance of the organization and to validate the effectiveness of safety risk
controls. [SMS]
The development of safety performance metrics is a consequence of the implementation of safety risk
controls, which in the case of ground operations, where interaction with other operations is likely, could be
developed in collaboration with the airport or the airline. If such collaboration exists, and hopefully it does,
the safety performance metrics may not be developed specifically or only by the Provider. However, the
contribution made by the Provider in monitoring and assessing safety performance is a useful indicator for
assessing the effectiveness of the SMS.
16
Question – Has an external organization (airport, airline or regulatory
body) requested an input or information relating to the safety performance
metrics?
Question – Are the safety performance metrics realistic? Has there been
any change made as a result of a review?
Established safety performance metrics should be translated into safety objectives for the organization, see
3.3.4.
3.5.3 Management of Change

ORM 3.3.3 The Provider should have a process to identify changes within or external to the organization that
have the potential to affect the level of safety risk of ground operations, identify, and to manage the safety risks
that may arise from such changes. [SMS]
A process or procedures should be in place to detect and assess any change that may occur within or
external to the organization that has the potential to affect operational safety.
The process should identify the means of detection (monitoring, assessment etc.) and action to be taken.
Records of change monitoring activities and decision making meetings should be examined.
Change management should also address changes in organizational structure, personnel and cultural
issues.
3.5.4 Continuous Improvement of the SMS

ORM 3.3.4 The Provider should have processes to review and ensure continual improvement of the SMS
throughout the organization to include:
(i) Identification of the cause(s) of substandard performance of the SMS;
(ii) Determination of the implications of substandard performance of the SMS in operations;
(iii) Elimination or mitigation of such cause(s) of substandard performance. [SMS]
This GOSARP follows a typical 3-step quality assurance process to review and seek improvements. In this
respect conformance would be demonstrated by the application of an internal quality assurance program
to assess the SMS throughout the organization.
Prior to SMS many aviation operators evolved their quality activities to include safety assurance. The
processes and procedures are similar and it is possible to integrate some safety and quality (and security)
assurance activities. This integration is scalable to the size and complexity of the organization, and would
be of particular advantage for a small, non-complex organization. There are also similarities with Workplace
or Occupational Health and Safety in which integration may occur. Integration is acceptable provided that
there are clear roles and lines of responsibilities for safety management in conformance with the relevant
GOSARPs.
Recommendation – Determine the extent to which the SMS incorporates QA
procedures and GOSARPs. There should be correlation.
17
3.5.5 Management Safety Decision Making
ORM 3.3.5 The Provider should have a process for management consideration of and decision-making to ensure
significant issues arising from:
(i) The safety risk assessment and mitigation program, and;
(ii) The safety assurance program are subject to management review in accordance with ORM 3.3.4 and ORM
1.5.1, as applicable. [SMS]
As stated, the SMS is foremost a management decision making tool. It follows that there should be a
GOSARP that requires the Provider to have in place a process or procedure for management review of the
SMS outcomes, specifically the safety risk management and safety assurance functions. GOSARP ORM-
1.5.16 is the requirement for a periodic review of the effectiveness of a management system, which would
include the SMS, and complementary to ORM 3.3.4 if implemented in full.
Conformance would be demonstrated by examination of the processes and records of meetings, decisions
taken etc. The decision making aspect should clearly indicate who made the decision and why.
3.6 Safety Promotion

The fourth component of the SMS framework provides processes and procedures for the communication
of safety information and the training of personnel.
3.6.1 Safety Awareness

ORM 1.4.2 The Provider shall have processes for the communication of safety information throughout the
organization to ensure personnel maintain an awareness of the SMS and current operational safety issues. [SMS]
The SMS communication aspects are covered specifically in ORM 3.5 (as opposed to organization
communications in general); however, the means of communication may be the same. Whatever the
communication means, conformance is demonstrated by evidence of the intended audience receiving and
understanding or complying with the message or required action. Random samples should be requested
or interviews with selected personnel could reveal whether messages are being received and complied with
and the effectiveness of the safety communication process overall within the organization.
3.6.2 Safety Information
ORM 3.5.2 The Provider should have a means for disseminating information from:
(i) The safety risk assessment and mitigation program, and;
(ii) The safety assurance program to management and non-management operational personnel as appropriate to
ensure an organizational awareness of compliance with applicable regulatory and other safety requirements.
[SMS]
Similar to ORM 1.4.2, the Provider should be able to demonstrate the processes in place to disseminate
safety information. The outputs of the safety risk management and safety assurance functions may be of a
specialist nature, sensitive or for a specific purpose. The communication process should detail precisely
how the various SMS information is handled and examples of each should be demonstrated by the Provider.
6 ORM 1.5.1 The Provider shall have a process to review the management system at intervals not exceeding one year to ensure its continuing
suitability, adequacy and effectiveness in the management and control of ground operations. A review shall include assessing opportunities for
improvement and the need for changes to the system, including, but not limited to, organizational structure, reporting lines, authorities,
responsibilities, policies, processes, procedures and the allocation of resources.
18
Question – How often are safety communiqués transmitted?
Question – Does the organization promulgate safety performance
information to its personnel?
3.6.3 Safety Training
ORM 5.7.2 The Provider should have a program that ensures personnel throughout the organization are trained
and competent to perform SMS duties. The scope of such training should be appropriate to each individual's
involvement in the SMS as detailed:
(i) In Table 1.2 for all personnel, and
(ii) In Table 1.16 for personnel with specific assigned duties in the safety management system. [SMS]
Tables 1.2 and 1.16 are detailed at Appendix A to this document.
Personnel safety training is covered on two separate levels. All personnel within the organization should
receive basic safety awareness training and familiarization of the SMS and their safety roles and
responsibilities.
Conformance with ORM 5.7.2(i) could be demonstrated by training course records and schedules (the
content of which should cover the subjects listed in Table 1.2) and the training records of personnel with a
range of duties.
ORM 5.7.2(ii) refers to training for personnel needing specific SMS skill-sets as listed in Table 1.16.
Conformance could also be demonstrated by training records/schedules.
While generic safety training could be handled in-house, the more specific training would most likely be
delivered by expert training service providers.
19
3.7 SMS Checklist
The following checklist may help summarize the main aspects of the SMS audit. The checklist could be
used as a summary of the organization as a whole, or for a corporate/station pair where there are multiple
stations. The GOSM (6th Edition) ORM Section is used as a reference.
More detailed checklists (and hence more appropriate for a well-established SMS) may be found in the
ICAO Doc 9859, Safety Management Manual and ACI SMS Handbook Step A.
GOSARP Subject
ORM 3.1.8 There is a SMS implementation plan
ORM 1.1.3 An effective SMS is in place
ORM 1.1.2 There is a nominated Accountable Executive that has final authority over all the
aviation activities of the organization
ORM 1.1.4 There is a person/Safety Manager who performs the role of administering the
SMS
ORM 1.6.1 The SMS roles and responsibilities of all personnel are clearly defined
ORM 1.2.2 There is a safety policy statement relevant to the scope and complexity of the
organization’s operations, and there is evidence of the policies resulting in
safety activities or actions
ORM 3.1.5 There is an effective safety reporting system
ORM 3.2.2
ORM 3.1.6 Procedures are in place for an emergency response plan
ORM 2.1.3 All SMS information is recorded in an organization-wide document control
management system
ORM 3.2.1 Procedures are in place for the assessment of safety reports
ORM 3.2.3 Procedures are in place for the identification of hazards, evaluation of safety
risks, and development of recommendations for safety action plans to control
unacceptable safety risks
ORM 3.2.4 Procedures are in place for the participation in incident/accident investigations
ORM 3.2.10 Procedures are in place for the reporting of ground damage to the IATA GDDB
ORM 3.3.1 Procedures are in place for the monitoring of safety risk controls
ORM 3.3.2 Procedures are in place for setting safety performance metrics
ORM 3.3.3 Procedures are in place for the assessment of safety issues related to change
management
ORM 3.3.4 Procedures are in place for the review of SMS processes and procedures
ORM 3.3.5 Procedures are in place for the management review of SMS outputs and the
effectiveness of the SMS
ORM 1.4.2 Safety information is promulgated throughout the organization
20
ORM 3.5.2
ORM 5.7.2 All personnel receive relevant safety training
21
Section 4 – Audit Summary Report - Assessment of the
SMS
4.1 Introduction
The assessment should be produced that provides a “snap-shot” of the SMS within the organization. While
the checklists provide a high-level overview of the SMS functions that correspond to the GOSARPs,
consider again the audit focus and the 4 qualities that sum up the main objectives of a SMS:
 due diligence and competence in the roles;

 the development, implementation of and conformance with documented processes and procedures;
 coordination and cooperation with other relevant SMSs; and
 the monitoring and measurement of SMS outcomes and effectiveness.
If evidence was produced at the audit that proved that all 4 qualities were fully embedded within the
organization then it could be said that the SMS was fully functional. However, it is unlikely at this time that
an organization will have implemented all the SMS processes and procedures in full, throughout the
organization, and producing results. It is more likely that some functions of the SMS were in place and
working but, perhaps in a multi-station organization, not all in the same way or to the same extent.
The assessment should therefore also consider, and evaluate, the level of implementation of the SMS. An
indication of the level of implementation should be provided in the audit report, in terms of the extent to
which each applicable GOSARP is in conformity. A measure of conformity could be the number of
framework elements implemented in full or partially per station and whether they are effective, or some
other form of gap analysis.
4.2 Audit SMS Summary

The following text could be used as a basis for a (executive) summary of the SMS aspects of an audit
report. Where a deficiency is reported, full details should be included in the main body of the report.
Evidence was provided that [demonstrated/did not demonstrate] full conformance with the ORM SMS
GOSARPs. [A full list of non-conformities is provided in the report].
For example: The SMS is implemented at a basic level. The corporate SMS documentation
contains a full set of processes and procedures and safety roles and responsibilities have been
established; however, only the safety risk management process is currently in place and
functioning correctly, and only at some stations (station A, station B, station C and station D). The
safety risk management is partially implemented at station E and is expected to be fully functional
within 6 months. The other stations at which the Provider currently operates have yet to implement
any SMS function and the plan is to commence implementation in 20XX. Full details of the
Provider’s SMS implementation plan are included in the report.
Or
The SMS is implemented in full at station A and station B. Ground operations have only recently
commenced at station C and an implementation plan for the establishment of the corporate SMS
processes and procedures at station C has been developed. The Provider is conducting a gap
analysis to determine if and how the processes and procedures will need to be adapted to the
22
local operation. Full implementation of the SMS at station C and integration with the corporate
SMS is expected in Q3/20XX.
The SMS documentation provided was assessed as [satisfactory/unsatisfactory and details of the
identified deficiencies were notified to the Provider]. The SMS documentation [provided/did not provide]
a clear description of the:
 SMS functionality
For example: The description of SMS functionality in the corporate SMS Manual had not been
updated to include the new Safety Office that had been established in the corporate headquarters.
As a consequence virtually all of the processes and procedures for the safety risk management
and safety assurance functions were invalid and the effectiveness of the SMS could be brought
into question.
 Roles and responsibilities
For example: Evidence of job descriptions and lines of responsibility was provided to verify that all
roles and responsibilities for the SMS were identified and described in full.
 Lines of communication for SMS activities

For example: Although the implementation of the SMS is on-going and the lines of communication
are in the process of being established, there were serious deficiencies with the transition.
Evidence was found of safety instructions issued by the corporate headquarters that did not reach
the intended destination and recipient.
All staff involved in key SMS roles [demonstrated/did not demonstrate] satisfactory knowledge of their
roles and responsibilities.
For example: Despite the existence of an adequate training procedure for the induction of new
operational employees, there was no evidence, verified by questioning, of the use of the procedure
since the last audit.
A complete set of written processes and procedures [were/were not] included in the SMS
documentation.
For example: A complete set of processes and procedures were included in the SMS
documentation; however, the documentation viewed at station C was of a previous version. The
latest versions were received by the station over 3 months ago but were yet to be implemented.
------------------------------------
23
Appendix A – QA Provisions & SMS Training Tables
ORM
ORM 3.4.1 The Provider shall have a quality assurance program, including a detailed audit planning process and sufficient
resources that provides for the auditing and evaluation of the management system and ground operations at all stations to
ensure the Provider is:
i. Complying with applicable regulations and requirements of the customer airline(s);
ii. Satisfying stated operational needs;
iii. Identifying undesirable conditions and areas requiring improvement.
iv. Monitoring effectiveness of safety risk controls

ORM 3.4.2 The Provider shall have a station quality control program that provides for scheduled and unscheduled inspections and/or
evaluations of ground operations at the station for the purpose of ensuring compliance with standards of the Provider, quality assurance
program as specified in ORM 3.4.1, applicable regulations, and requirements of the customer airline(s).
ORM 3.4.3 The Provider shall have a process for addressing findings that result from audits conducted under the quality assurance program
and station quality control program, as specified in ORM 3.4.1 and ORM 3.4.2, which ensures:
(i) A determination of root cause(s);
(ii) Development of corrective action as appropriate to address findings;
(iii) Implementation of corrective action in appropriate operational area(s);
(iv) Monitoring and evaluation of corrective action to determine effectiveness.
ORM 3.4.4 The Provider shall have a process to ensure significant issues arising from the quality assurance and station quality control
program are subject to management review in accordance with ORM 1.5.1.
ORM 3.4.5 The Provider shall have a means for disseminating information from the quality assurance program and station quality control
program, as specified in ORM 3.4.1 and ORM 3.4.2, to management and non-management operational personnel as appropriate to ensure an
organizational awareness of compliance with applicable regulatory and other requirements.
ORM 3.4.6 The Provider shall ensure the quality assurance program utilizes auditors that:
(i) Have been trained and are qualified;
(ii) Are impartial and functionally independent from operational areas to be audited.
24
Table 1.2 Safety Training Specifications
Functional Groups
For the purpose of determining the applicability of airside safety training subject areas, ground handling personnel are grouped according to
operational function as follows. Note 1
Function 1: Personnel whose duties require access to airside areas.
Function 2: Personnel whose duties require operation of basic GSE (e.g., tractors, belt loaders).
Function 3: Personnel whose duties require: (1) operation of specialized equipment (e.g., aircraft movement units, container/pallet loaders,
de-icing vehicles, catering vehicles), (2) exercise of control during aircraft movement operations, or (3) performance of lead
responsibility over other personnel.
Function 4: Personnel in first level management, to include supervisors having responsibility for: (1) directing staff and/or equipment
resources, or (2) controlling an operational activity.
Function 5 Personnel in station management having responsibility for resource issues, health and safety, incident management and
budgetary control.
Function 6 Personnel with duties in ticketing, check-in and boarding activities.
Function 7 Personnel operating within Cargo warehouse
Note 1: Functional definitions may be varied as determined by local requirements or considerations
Training Subject Areas
Safety training shall address, according to assigned operational function(s).
1.1.1 Safety Philosophy
a) Company safety policy and program [SMS] All Functions
b) Employer/employee responsibilities [SMS] All Functions
1.1.2 Safety Regulations
a) International aviation regulations [SMS] All Functions
b) State aviation regulations [SMS] All Functions
c) Airport airside regulations [SMS] All Functions
d) Safe working and operating practices [SMS] All Functions
1.1.3 Hazards Note 2
a) Vehicle movements All Functions
b) Pedestrian movements All Functions
c) Aircraft movements All Functions
d) Jet engines All Functions
e) Propeller-driven aircraft and helicopters All Functions
f) Aircraft antennae and other protrusions All Functions
g) GSE Functions 2-5
h) Aircraft fuelling and fuel spills All Functions
i) Adverse and seasonal weather conditions All Functions
j) Night operations All Functions
k) Working at height All Functions
l) Slips, trips and falls All Functions
m) Noise All Functions
n) Manual handling All Functions
o) Confined Spaces All Functions
p) Office Equipment All Functions
q) Display Screen Equipment (DSE) All Functions
r) Violence (physical & verbal attack and public disorder) All Functions
s) Lone working All Functions
Note 2: Subject areas a) through s) are applicable to personnel as appropriate to specific function and types of operations conducted.
25
Table 1.2 Safety Training Specifications (cont’d)
1.1.4 Human Factors
a) Motivation and attitude All Functions
b) Human behavior Functions 4, 5
c) Communication skills All Functions
d) Stress All Functions
e) Ergonomics All Functions
f) Effects of psychoactive substances (drugs and alcohol) All Functions
g) Fatigue All Functions
h) Time pressure All Functions
i) Peer management pressure All Functions
j) Situational awareness All Functions
k) Teamwork All Functions
1.1.5 Airside Markings and Signage Functions 1 to 5
Note 3
1.1.6 Emergency Situations
a) Reporting [SMS] All Functions
b) Injuries All Functions
c) Security threats All Functions
d) Spillage Functions 1 to 5
e) Alarms and emergency stops Functions 1 to 5
f) Fuel shut-offs Functions 1 to 5
g) Ground-to-flight deck emergency hand signals Functions 1 to 5
h) Fire All Functions
i) Severe weather Functions 1 to 5
j) Aircraft stand emergency procedures Functions 1 to 5
Note 3: Subject areas a) through j) are applicable to personnel as appropriate to specific function and types of operations conducted.
1.1.7 FOD prevention Functions 1 to 5
1.1.8 Personal protection Note 4
a) Personal protective equipment All Functions
b) Occupational health and safety All Functions
c) Musculoskeletal injury prevention All Functions
d) Weather exposure Functions 1 to 5
Note 4: Subject areas a) through d) are applicable to personnel as appropriate to specific function and types of operations conducted.
1.1.9 Accidents, Incidents, Near Misses Note 5
a) Personnel injuries [SMS] All Functions
b) Damage to aircraft, GSE, facilities Functions 1 to 5
c) Reporting [SMS] All Functions
d) Investigation Functions 4, 5
e) Prevention [SMS] All Functions
f) Cost of accidents, incidents [SMS] All Functions
g) Risk assessment All Functions
Note 5: Subject areas a) through g) are applicable to personnel as appropriate to specific function and types of operations conducted.
26
Table 1.2 Safety Training Specifications (cont’d)
1.1.10 Airside Safety Supervision
a) Creating an open reporting culture [SMS] Functions 4, 5
b) Performance monitoring Functions 4, 5
c) Coordination of airside activities Functions 4, 5
d) Workload management Functions 4, 5
e) Decision making Functions 4, 5
f) Planning Functions 4, 5
Table 1.16 Specific SMS Training Specifications

Training for personnel with assigned duties in the safety management system (typically within the Safety Office) shall address the following subject
areas, as applicable to assigned function(s):
i) Safety Risk Assessment:
a) management of safety reports;
b) hazard identification;
c) hazard analysis;
d) safety risk assessment;
e) safety mitigation and risk management;
f) Development of safety action plans.

ii) Safety Assurance:
a) Development of safety performance indicators;
b) Safety performance monitoring and measurement;
c) Safety auditing methodologies and techniques.
End
27

Isago Sms Guidelines Gosm Ed 6 June

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Isago Sms Guidelines Gosm Ed 6 June

Загружено:

Авторское право:

Доступные форматы

Guidelines on auditing a

Safety Management System

DISCLAIMER: The information contained in this

© International Air Transport Association. All

Senior Vice President

Figure 1 – The 4 Components of the ICAO SMS Framework (Annex 19)

1.2 SMS Implementation

1.3 ISAGO Audit Scope

2.2 Audit Focus

 due diligence and competence in the assigned safety roles;

2.3 Audit Planning

 A review of documented processes, procedures, reports, assessments and records;

2.4 The Safety Office

3.2 Organization & Accountability

3.2.1 The Accountable Executive

3.3 Safety Policy & Objectives

Conformance is determined mostly as a straightforward verification exercise. Documentation should be in

3.3.6 Emergency Response Plan (ERP)

3.3.8 SMS Implementation Plan

3.4 Safety Risk Management

3.4.1 Hazard Identification

3.4.2 Safety Reporting System

3.4.3 Safety Risk Assessment & Mitigation

3.4.5 Ground Damage Reporting

3.5 Safety Assurance

3.5.3 Management of Change

3.5.4 Continuous Improvement of the SMS

3.6 Safety Promotion

3.6.1 Safety Awareness

 due diligence and competence in the roles;

4.2 Audit SMS Summary

 Lines of communication for SMS activities

i. Complying with applicable regulations and requirements of the customer airline(s);

ii. Satisfying stated operational needs;

iii. Identifying undesirable conditions and areas requiring improvement.

iv. Monitoring effectiveness of safety risk controls

Table 1.16 Specific SMS Training Specifications

d) safety risk assessment;

e) safety mitigation and risk management;

f) Development of safety action plans.

Вам также может понравиться