Reports
Operator’s Manual for Human Factors in Aviation Maintenance
DOT/FAA/AM-15/2. Avers, Katrina B.; Johnson, William B.; Ma, Maggie J.; Rankin, William L.; Drury, Colin G; Allen, James W.; Brys, J.J. U.S. Federal Aviation Administration (FAA) Office of Aerospace Medicine. January 2015. 28 pp. Figures, illustrations, photos.
This manual examines seven topics in human factors that “contribute to the goal of creating and reinforcing a safety culture where employees practice safe habits, both at work and at home.”
The seven topics — discussed in one chapter each — are hazard identification, procedural compliance and documentation, human factors training (evolution and reinforcement), fatigue risk management, human factors health and safety programs, human factors issues in design and installation, and measuring impact and return on investment.
Each chapter follows the same format — introducing the topic; describing why it is important, how to implement the program component and how to know that the component is effective; and key references and links.
In the introduction, the authors said their goal was to present “information they wish they had known years ago.” The manual was designed with recognition that its readers already are aware of the importance of human factors but could benefit from suggestions for setting up or overseeing human factors programs.
“Base your human factors activity on the identified requirements and resources of your organization,” the introduction said, adding that human factors programs are critical elements of safety management systems (SMS) and corporate safety cultures. “One size does not fit all.”
For example, the manual’s recommendations include implementation of a hazard identification process, described as part of a major component of an SMS.
“Incorrectly performed maintenance, due to workplace hazards, has been the second leading primary cause (after pilot error) of commercial aircraft hull loss accidents over the past several decades,” the report said.
- A hazard identification process can be one of three types:
- A reactive process, in which events are investigated to determine what hazards caused them and what corrective actions might reduce the likelihood of similar events in the future;
- A proactive process, in which employees report hazards, which are then investigated for risk and any unacceptable risk is mitigated; and,
- A predictive process such as a line operations safety audit (LOSA) for pilots, which identifies workplace performance issues that should be addressed.
All three processes share several basic implementation requirements, including selecting a manager or department to be responsible for the process; ensuring that labor and management, and perhaps the regulator, are cooperating in the process; writing policies and procedures for the implementation process; and developing and implementing a “reasonable, consistently applied company disciplinary policy and/or [implementing] a just culture,” the manual said.
The final chapter discusses methods of evaluating the effectiveness of human factors programs and procedures, which sometimes can be difficult to quantify.
“Human factors programs and some safety interventions are not mandated by regulation,” the manual said. “Therefore, they must have demonstrable safety and cost impact.”
Calculating return on investment (ROI) “offers the means to provide the justification in the financial and safety terms necessary to convince corporate personnel regarding the safety impact and value of [human factors] and other safety initiatives,” the manual said.
The document included a step-by-step discussion of how to calculate ROI, and added that maintenance and safety managers can determine whether the plan is working by noting how often ROI is discussed by maintenance managers, how often ROI calculations are performed and how often ROI is used to judge the value of a safety or human factors intervention.
Safety Management Systems (SMS) Guidance for Organisations
CAP 795. U.K. Civil Aviation Authority (CAA). February 2015. 24 pp. Figures, tables.
This document is intended as a guide to operators in the development of management policies and processes required to implement an SMS. It is intended for use by air operator certificate holders, continuing airworthiness management organizations, maintenance organizations, air navigation service providers, airports and approved training organizations.
“There is not a ‘one-size-fits-all’ model for SMS that will cater for all types of organisations,” the document says. “Organisations should tailor their SMS to suit the size, nature and complexity of the operation, and the hazards and associated risks inherent with its activities.” (The publication notes that CAA also has published a separate document — CAP 1059, Safety Management Systems: Guidance for Small, Non-Complex Organisations).
The document is divided into six chapters, including a discussion of safety policy and the objectives and presentation of concepts of safety risk management, safety assurance and safety promotion.
In its instructions, the document notes that many organizations already will have in place some elements of an SMS, “so carrying out a gap analysis is the first step.” The CAA website <caa.co.uk> includes the Phase 1 SMS evaluation framework — one version for complex organizations and a second, simpler version for non-complex organizations — which can be used as the basis of the initial assessment of an SMS, the publication says.
Any identified gaps should be factored into an implementation plan, which should be developed “to allow prioritising of the different elements over a period of time,” the publication says. “Building an SMS overnight will be far too challenging and a step-by-step approach will deliver a more effective SMS in the end.”
After an SMS is in place, safety assurance — in the form of “safety performance monitoring, measurement and review; the management of change; and continuous improvement of the safety system” — provides critical follow-up through evaluations of the safety performance of the organization, the publication says.
Safety assurance involves, in part, the establishment of safety performance indicators (SPIs) to measure performance.
“Safety objectives need to have been established before setting SPIs,” the document says. “This allows the safety performance of the organization to be measured against its safety policies and objectives.”
Safety objectives should address the organization’s most significant risks and should be formally identified after the organization has defined what it hopes to achieve. After the safety objectives are in place and the SPIs have been established, safety audits should be used to ensure the soundness of the SMS, the document says, noting that “safety and cultural surveys should be carried out as a matter of routine, to provide assurance to managers of safe operational activity.”
All workers should receive relevant safety training, the document adds, and safety communication programs should ensure full awareness of the SMS and the organization’s safety culture.
Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems
GAO-15-221. U.S. Government Accountability Office (GAO). January 2015. 46 pp. Appendixes, figure.
This report, developed by the GAO in response to questions from members of the U.S. Congress, concluded that, despite efforts by the U.S. Federal Aviation Administration (FAA) to protect its air traffic control system against cyber-based threats, “significant security control weaknesses” remain.
These weaknesses “threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system (NAS),” the GAO report said, adding that the agency had identified problems with controls that were designed to prevent and detect unauthorized access to computer resources.
The FAA also failed to implement an agency-wide information security program required by a 2002 federal law, the report said.
“FAA’s implementation of its security program was incomplete,” the report said. “For example, it did not always sufficiently test security controls to determine that they were operating as intended, resolve identified security weaknesses in a timely fashion, or complete or adequately test plans for restoring system operations in the event of a disruption or disaster. Additionally, the group responsible for incident detection and response for NAS systems did not have sufficient access to security logs or network sensors on the operational network, limiting FAA’s ability to detect and respond to security incidents affecting its mission-critical systems.”
The report said that the problems existed in part because of the lack of an integrated and comprehensive system for managing information security risks.
The report included 17 recommendations calling on the FAA to fully implement the information security program and an integrated approach to information-security risk management. In a separate report, the GAO recommended 168 specific actions aimed at accomplishing the same goals. The FAA agreed with the recommendations, the
report said.