EASA Management System Assessment Tool (MSAT) Guidance on Collecting Data

Posted by on in Regulatory
  • Font size: Larger Smaller
  • Hits: 72

Sofema Online (SOL) www.sofemaonline.com considers key elements of Data Collection to support the use of the EASA Management System Assessment Tool.

Introduction Collecting Data

The safety data that an organisation should collect, should depend on the type of operations it performs, and its degree of digitalization (e.g. automated data-capturing systems).

  • • Filtered information will support the assessment of risks for data-rich organisations whereas organisations lacking data will rely more on expert judgement, risks known in the same profiling sector, or data pools (e.g., collaborative approach, risk sector profile);
  • • Data-rich organisations will be inclined to buy software supported by a robust risk assessment methodology to classify the risks in a more analytical, coherent approach.
  • • The volume of occurrence reports (voluntary and mandatory) as well as means and resources to manage them will depend on the safety culture; open-reporting culture, just culture; the magnitude of the operations and their criticality;

Note - The EASA domain safety risk portfolios, EPAS28 volume III, Annual Safety Reviews as per article 13 of Regulation (EU) 376/201430 or any other sector risk profiles (held by Authorities or Industry) could be used to identify specific risks in different activities in the absence of large numbers of occurrence reports for small entities;

  • • Additionally, small organisations should listen as much as possible to workshops, conferences, and events or read literature (e.g. risk profiling) in their domains of expertise to capture risks that may have not been properly identified by their SMS.

The volume of collected data;

  • • Databases and their management will also vary from one organisation to another.
  • • Datamining and tools

 - Dedicated resources and competencies will thus do, to a point data scientists or data-mining analysts might be needed when the volume of data is high and/or complex to manage.

 - The mechanism and the type of safety information to report to the relevant bodies will depend on the organisation’s size and structure and the process for the decision-making (e.g. which level of authority).

In the same vein, appropriate resources will be allocated to the needs of the effective MS (such as justification for a full-time safety manager, safety committees; frequency of Safety Review Board meetings, and staff dedicated to real-time monitoring);

  • • The flow, nature and volume of information to circulate up and down the organisation will shape the means of communication, training and safety promotion. For instance:

 - The safety reporting form could range from paper systems for organisations having limited IT resources to online systems for those having the means to implement them (e.g. Apps installed on the mobiles);

 - Recommendations and actions stemming from reports of safety issues could be posted online or simply displayed on notice boards;

 - Records of safety discussions and outcomes could be reduced to the minimum in very small entities where verbal communication with the staff is preferred;

  • • Frequency, content, and duration of recurrent training will be adapted to

 - The safety culture,

 - The volume/significance of the identified safety issues,

 - The evolution of the safety objectives over time,

 - The outcome of the monitoring for the effectiveness of the safety mitigation actions,

 - The audience to update,

 - The changes in regulatory requirements and

 - The ever-changing operational context (such as new procedures)

 - Timely handling of data will rely on its relevance for real-time monitoring and safety management decisions supported by Artificial Intelligence (e.g. air navigation traffic management; runways in use; HUMS and predictive maintenance inspection; real-time safety management);

 - Focus on the risks at the interfaces will significantly depend on the criticality of the subcontracted tasks and the magnitude of the supply chain.

 - Communication of changes and communication at the interfaces will certainly be more demanding in a large organisation or for an organisation contracting many activities.

Management System & Safety System Documentation – should be clear, and concise but sufficiently detailed to ensure adequate management of risks. They should be consistent, complete, in context and control. However, in small entities, they should not generate “red tape”.

  • • MS documentation
  • • Hazard log;
  • • Records of risk assessments;
  • • Decisions,
  • • Actions,
  • • Ownership and monitoring etc.

Management System / Safety System – Level of Engagement

It is the ultimate responsibility of the organisation to demonstrate to its overseeing authority that its Management System is appropriately designed and suitable to effectively deliver as expected.

An operating SMS does not necessarily need to be complicated, time-consuming and expensive to be effective and demonstrate that the significant risks are under control and that the organisation is safety data-rich to make the right managerial decisions.

Instead of focusing on ‘size’ and ‘complexity’, the organisation and the overseeing authority should concentrate on the scalability, suitability, and effectiveness of that Management System.

When using this EASA MS assessment tool, it is the responsibility of the assessor to select the right elements and criteria of this guidance tool so that the questions raised during the conduct of the assessment are relevant to the attributes of the organisation and do not encourage an overly complicated MS.

The degree of urgency to reach a certain level of safety based on deficiencies, feedback from the compliance monitoring system, cultural aspects, changes to timely manage or any immediate/pressing safety issue, may impact the resources to timely achieve the safety objectives.

Note - ‘Human performance’ and ‘human resources’ may be critical for organisations of all sizes, although the related issues may depend on the context and the size: small organisations will be more impacted by retirement, transfer of knowledge, sickness, stressful environment, whereas large organisations experiencing major changes or significant growth would face major challenges;

The implementation of Industry Standards or International Standards directly relevant to the organisation’s activities shall be also considered in the design and functioning of the Management System such as

  • • Quality Management System (e.g. ISO 91xx),
  • • SMS (ICAO Annex 19),
  • • Risk Management System (e.g. ISO 31000),
  • • ISMS (Information Security Management System – see EASA Opinion 03/202131),
  • • Environment Management system (e.g. ISO14001),
  • • Occupational and Health Management System,
  • • Financial Management System.

A fully-fledged Management System can allow streamlined processes and substantial gain when commonalities between different elements of a Management System exist (such as deficiencies’ investigation, reporting system, risks having an impact on each other, coherent and integrated risk assessment methodology, governance, responsibilities, resources, and competencies).

Next Steps

Please see Sofema Aviation Services (www.sassofia.com) and Sofema Online (www.sofemaonline.com) or email team@sassofia.com for questions, comments or suggestions.

Last modified on
Tagged in: Aviation SMS EASA Management Management System Assessment Tool MSAT