Safety Management System for Certificated Airports, 62008-62023 [2010-25338]

Download as PDF 62008 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules Pilatus Aircraft Ltd. Pilatus PC–6 Service Bulletin No. 57–005, REV No. 1, dated November 19, 2007; Pilatus Aircraft Ltd. Pilatus PC–6 Service Bulletin No. 57–005, dated August 30, 2007; Pilatus Aircraft Ltd. Pilatus PC–6 Service Bulletin No. 57–004, dated April 16, 2007; and Chapter 57–00–02 of Pilatus Aircraft Ltd. Pilatus PC–6 Aircraft Maintenance Manual, dated November 30, 2008, for related information. Issued in Kansas City, Missouri, on September 30, 2010. John Colomy, Acting Manager, Small Airplane Directorate, Aircraft Certification Service. [FR Doc. 2010–25289 Filed 10–6–10; 8:45 am] BILLING CODE 4910–13–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 139 [Docket No. FAA–2010–0997; Notice No. 10– 14] RIN 2120–AJ38 Safety Management System for Certificated Airports Federal Aviation Administration (FAA), DOT. ACTION: Notice of proposed rulemaking (NPRM). AGENCY: This action would require each certificate holder to establish a safety management system (SMS) for its entire airfield environment (including movement and non-movement areas) to improve safety at airports hosting air carrier operations. An SMS is a formalized approach to managing safety by developing an organization-wide safety policy, developing formal methods of identifying hazards, analyzing and mitigating risk, developing methods for ensuring continuous safety improvement, and creating organization-wide safety promotion strategies. When systematically applied in an SMS, these activities provide a set of decisionmaking tools that airport management can use to improve safety. This proposal would require a certificate holder to submit an implementation plan and implement an SMS within timeframes commensurate with its class of Airport Operating Certificate (AOC). DATES: Send your comments on or before January 5, 2011. ADDRESSES: You may send comments identified by Docket Number FAA– 2010–0997 using any of the following methods: • Federal eRulemaking Portal: Go to https://www.regulations.gov and follow jdjones on DSK8KYBLC1PROD with PROPOSALS-1 SUMMARY: VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 the online instructions for sending your comments electronically. • Mail: Send Comments to Docket Operations, M–30; U.S. Department of Transportation, 1200 New Jersey Avenue, SE., West Building Ground Floor, Room W12–140, West Building Ground Floor, Washington, DC 20590– 0001. • Hand Delivery: Take comments to Docket Operations in Room W12–140 of the West Building Ground Floor at 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. • Fax: (202) 493–2251. For more information on the rulemaking process, see the SUPPLEMENTARY INFORMATION section of this document. Privacy: We will post all comments we receive, without change, to https:// www.regulations.gov, including any personal information you provide. Using the search function of our docket web site, anyone can find and read the comments received into any of our dockets, including the name of the individual sending the comment (or signing the comment for an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477–78) or you may visit https:// DocketsInfo.dot.gov. Docket: To read background documents or comments received, go to https://www.regulations.gov at any time and follow the online instructions for accessing the docket or go to Docket Operations in Room W12–140 of the West Building Ground Floor at 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. FOR FURTHER INFORMATION CONTACT: For technical questions concerning this proposed rule, contact Keri Spencer, Office of Airports Safety and Standards, Airports Safety and Operations Division, Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267–8972; fax (202) 493–1416; e-mail keri.spencer@faa.gov. For legal questions, contact Robert Hawks, Office of the Chief Counsel, Regulations Division, Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267–7143; fax (202) 267–7971; e-mail: rob.hawks@faa.gov. SUPPLEMENTARY INFORMATION: Later in this preamble under the Additional Information section, we discuss how you can comment on this proposal and how we will handle your comments. Included in this discussion is related PO 00000 Frm 00011 Fmt 4702 Sfmt 4702 information about the docket, privacy, and the handling of proprietary or confidential business information. We also discuss how you can get a copy of this proposal and related rulemaking documents. Authority for This Rulemaking The FAA’s authority to issue rules regarding aviation safety is found in Title 49 of the United States Code. Subtitle I, section 106 describes the authority of the FAA Administrator. Subtitle VII, Aviation Programs, describes in more detail the scope of the agency’s authority. The FAA is issuing this rulemaking under the authority described in subtitle VII, part A, subpart III, section 44706, ‘‘Airport operating certificates.’’ Under that section, Congress charges the FAA with issuing airport operating certificates that contain terms that the Administrator finds necessary to ensure safety in air transportation. This proposed rule is within the scope of that authority because it requires all holders of an airport operating certificate to develop, implement, and maintain an SMS. The development and implementation of an SMS ensures safety in air transportation by assisting airports in proactively identifying and mitigating safety hazards. Background The FAA is committed to continuously improving safety in air transportation. As the demand for air transportation increases, the impacts of additional air traffic and surface operations, changes in air traffic procedures, and airport construction can heighten the risks of aircraft operations. While the FAA’s use of prescriptive regulations and technical operating standards has been effective, such regulations may leave gaps best addressed through improved management practices. As the certificate holder best understands its own operating environment, it is in the best position to address many of its own safety issues. While the FAA would still conduct regular inspections, SMS’s proactive emphasis on hazard identification and mitigation, and on communication of safety issues, provides certificate holders robust tools to improve safety. The International Civil Aviation Organization (ICAO) defines SMS as a ‘‘systematic approach to managing safety, including the necessary organizational structures, accountabilities, policies, and E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules jdjones on DSK8KYBLC1PROD with PROPOSALS-1 procedures.’’ 1 In 2001, ICAO adopted a standard in Annex 14 that all member states establish SMS requirements for airport operators. The FAA supports conformity of U.S. aviation safety regulations with ICAO standards and recommended practices. The agency intends to meet the intent of the ICAO standard in a way that complements existing airport safety regulations in 14 CFR part 139. Additional information regarding these amendments, as well as ICAO’s guidance on establishing an SMS framework, may be found at https:// www.icao.int/anb/safetymanagement/. Safety Management System Components An SMS provides an organization’s management with a set of decisionmaking tools that can be used to plan, organize, direct, and control its business activities in a manner that enhances safety and ensures compliance with regulatory standards. These tools are similar to those management already uses to make production or operations decisions. An SMS has four key components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. Definitions of these are as follows and further detailed in the proposal discussion. Safety Policy. Safety Policy provides the foundation or framework for the SMS. It outlines the methods and tools for achieving desired safety outcomes. Safety Policy also details management’s responsibility and accountability for safety. Safety Risk Management (SRM). As a core activity of SMS, SRM uses a set of standard processes to proactively identify hazards, analyze and assess potential risks, and design appropriate risk mitigation strategies. Safety Assurance. Safety Assurance is a set of processes that monitor the organization’s performance in meeting its current safety standards and objectives as well as contribute to continuous safety improvement. Safety Assurance processes include information acquisition, analysis, system assessment, and development of preventive or corrective actions for nonconformance. Safety Promotion. Safety Promotion includes processes and procedures used to create an environment where safety objectives can be achieved. Safety promotion is essential to create an organization’s positive safety culture. Safety culture is characterized by knowledge and understanding of an organization’s SMS, effective 1 See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859–AN/474 (2nd ed. 2009). VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 communications, competency in job responsibilities, ongoing training, and information sharing. Safety Promotion elements include training programs, communication of critical safety issues, and confidential reporting systems. National Transportation Safety Board Recommendations The National Transportation Safety Board (NTSB) first recommended safety management systems for the maritime industry in 1997. Since then, a number of NTSB investigations have cited organizational factors contributing to accidents and have recommended SMS as a way to prevent future accidents and improve safety. The NTSB first offered an SMS recommendation to the FAA after its investigation of the October 14, 2004, accident of Pinnacle Airlines Flight 3701. Pinnacle Airlines Flight 3701 was on a repositioning flight between Little Rock National Airport and MinneapolisSt. Paul International Airport when both engines flamed out after a pilot-induced aerodynamic stall. The pilots were unable to regain control, and the aircraft crashed in a residential area south of Jefferson City, Missouri. The NTSB’s investigation revealed ‘‘the accident was the result of poorly performing pilots who intentionally deviated from standard operating procedures and basic airmanship.’’ 2 The NTSB further stated ‘‘operators have the responsibility for a flight crew’s cockpit discipline and adherence to standard operating procedures’’ and offered an SMS as a means to help air carriers ensure safety.3 The NTSB formally recommended the FAA ‘‘require all 14 CFR part 121 operators establish Safety Management System programs.’’ 4 Three years after the Pinnacle Airlines accident, the NTSB investigated the inflight fire, emergency descent, and crash of a Cessna 310R in Sanford, Florida, and issued another SMS recommendation. The NTSB determined the probable causes of the accident ‘‘were the actions and decisions by NASCAR’s corporate aviation division’s management and maintenance personnel to allow the accident airplane to be released for flight with a known and unresolved discrepancy, and the accident pilots’ decision to operate the airplane with that known 2 NTSB Accident Report AAR–07/01, ‘‘Crash of Pinnacle Airlines Flight 3701 Bombardier CL–600– 2B19, N8396A, Jefferson City, Missouri, October 14, 2004,’’ at 53 (Jan. 9, 2007) . 3 Id. at 61. 4 Id. at 75; see also NTSB Safety Recommendation Letter (Jan. 23, 2007) (NTSB Recommendation A– 07–10). PO 00000 Frm 00012 Fmt 4702 Sfmt 4702 62009 discrepancy.’’ 5 As in the Pinnacle Airlines accident, the NASCAR pilot and aviation organization failed to follow standard operating procedures (SOPs). The NTSB stated ‘‘an effective SMS program formalizes a company’s SOPs and establishes methods for ensuring that those SOPs are followed.’’ 6 The NTSB recommended the FAA ‘‘develop a safety alert for operators encouraging all 14 CFR part 91 business operators to adopt SMS programs that include sound risk management practices.’’ 7 While the NTSB has not formally recommended the FAA require an SMS for certificated airports, the FAA has concluded those same organizational factors apply to all regulated sectors of the aviation industry. Airports operate in similar environments as air carriers and business flight operators where adherence to standard operating procedures, proactive identification, mitigation of hazards and risks, and effective communications are crucial to continued operational safety. Accordingly, certificated airports could realize similar SMS benefits as an aircraft operator. The FAA envisions an SMS would provide an airport with an added layer of safety to help reduce the number of near-misses, incidents, and accidents. An SMS also would ensure that all levels of airport management understand safety implications of airfield operations. FAA SMS Pilot Studies and Research Projects The FAA initiated a number of collaborative efforts studying SMS application at U.S. certificated airports. These efforts included developing advisory guidance, researching airport SMS recommended practices, and conducting airport pilot studies. Advisory Circulars and Research Studies The FAA, on February 28, 2007, issued Advisory Circular (AC) 150/ 5200–37, Introduction to Safety Management Systems for Airport Operators. This AC provides an introduction to SMS and general guidelines for an airport SMS. While compliance with this AC is voluntary, numerous airports have used it in implementing their SMS. 5 NTSB Accident Report AAR–09/01, ‘‘In-flight Fire, Emergency Descent and Crash in a Residential Area Cessna 310R, N501N, Sanford, Florida, July 10, 2007,’’ at iv (Jan. 28, 2009). 6 Id. at 19. 7 Id. at 25; see also NTSB Safety Recommendation Letter (Feb. 18, 2009) (NTSB Recommendation A– 09–16). E:\FR\FM\07OCP1.SGM 07OCP1 62010 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules The Airports Cooperative Research Program (ACRP) 8 approved two projects to prepare guidance on airport SMS. In September 2007, MITRE Corporation published the first report, SMS for Airports Volume 1: Overview. This report describes SMS benefits, ICAO requirements, and SMS application at U.S. airports. The second project, ACRP’s SMS for Airports Volume 2: Guidebook, was completed in October 2009 and provides practical guidance on development and implementation of an airport SMS. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Pilot Studies Beginning in April 2007, the FAA conducted a pilot study to evaluate SMS development at certificated airports of varying size and complexity. The study also compared current part 139 requirements and typical SMS requirements. The first round of pilot studies included over 20 airports. The FAA later established a second round of pilot studies on SMS development at smaller airports with a Class II, III, or IV AOC.9 All participating airports conducted a gap analysis or benchmark study examining differences between their FAA-approved Airport Certification Manual (ACM), part 139 requirements, and a typical airport SMS. Using these results, the participating airports then developed a separate SMS Manual and Implementation Plan using AC 150/ 5200–37 and the FAA Airport SMS Pilot Study Participant’s Guide. While pilot study airports were not required to implement an SMS, many chose to do so. As a result of these pilot studies, participating airports and the FAA made some key findings. First, the FAA concluded that compliance with part 139 is essential to ensuring a safe and standardized airport system. However, part 139 compliance does not by itself sufficiently address the risk management, assurance, reporting, safety data management, communications, or training needs of modern airports. The FAA further concluded an SMS can help an airport achieve performance-based systems safety. The gap analyses revealed that aspects of part 139 can serve as building blocks for an SMS. For example, at least one pilot study airport recognized its existing part 139 compliance program incorporated some SMS concepts. Additionally, the majority of participating airports have an 8 The Transportation Research Board (TRB) manages ACRP. 9 For definitions of classes of AOCs, see 14 CFR 139.5. VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 organizational safety policy statement, but these statements may be informal or inadequate or focus on employee rather than on operational safety. The gap analysis also uncovered that less formal safety policies are often not effectively communicated to employees. The majority of pilot study airports indicated an existing organizational structure to manage safety (such as a standing safety committee), but there is rarely one person with overall responsibility and authority for operational safety. Several airports admitted to relatively inactive safety committees. Second, several airports indicated they have safety risk management programs or policies in place (e.g., part 139 self-inspection program), but most described their hazard identification processes as reactive rather than proactive. These airports concluded their existing programs could be improved to meet the intent of the SMS SRM. While § 139.327 requires an airport to identify hazards or discrepancies during its self inspection, this requirement does not realize the potential of safety management through identifying and recording all safety hazards, conducting risk assessments, and developing mitigation strategies. Some airports indicated they did not have adequate accident or incident reporting procedures. Still others with reporting procedures indicated the procedures lacked solid analytical techniques to identify airport hazards and uncover underlying safety issues. Third, almost all pilot study airports indicated compliance with part 139 through some auditing system. However, most of these airports also indicated the audits are not carried out systematically to determine whether the airport is meeting safety goals and objectives. Few certificated airports indicated formal procedures to systematically review safety-related data. All pilot study airports have record-keeping and retrieval systems in place, but each indicated room for improvement. Improved systems would allow for trend and other data analysis to proactively identify operational hazards and potentially prevent future incidents or accidents. Finally, almost all pilot study airports indicated they currently conduct safety training, but some indicated there is no organizational approach to safety training. Several airports indicated their informal safety communications do not properly disseminate information (such as risk management data) throughout the organization or to other stakeholders. In general, the airports acknowledged more formalized training and communications programs, such as PO 00000 Frm 00013 Fmt 4702 Sfmt 4702 those required under Safety Promotion, would be beneficial. Benefits The FAA has determined that an SMS requirement would improve safety at part 139 certificated airports. The FAA reached this conclusion based on detailed study of ICAO’s Annex 14 requirements, review of NTSB’s recommendations, and the airport SMS pilot studies. Airports should realize benefits from increased communication, training, and reporting. Some airports may realize financial benefits through reduced insurance costs associated with proactive hazard identification and safety risk analysis. A properly functioning airport SMS would help an airport ensure: • Individuals are trained on the safety implications of working on the airside of the airport; • Proactive hazard identification and analysis systems are in place; • Data analysis, tracking, and reporting systems are available for trend analysis and to gain lessons learned; and • Timely communication of safety issues to all stakeholders. The FAA envisions an airport’s SMS would uncover previously unknown hazards and risks, providing an airport the opportunity to proactively mitigate risk. Over time, these efforts should prevent accidents and incidents, thereby reducing the direct and indirect costs and risks of airport operations. Several airports have seen benefits by voluntarily implementing SMS or applying SMS principles in their operations. For example, a large international airport holding a Class I AOC reduced insurance costs after implementing SMS principles. A smaller domestic airport holding a Class IV AOC has seen a major improvement in operational safety after implementing its SMS. Discussion of the Proposal The FAA proposes to require all certificate holders develop and implement an SMS for the movement and non-movement areas of the airport (i.e., airfield and ramp). The FAA proposes to add subpart E to part 139, which would include: (1) A new § 139.401 that would require all holders of an AOC to have an approved airport SMS; (2) a new § 139.402 that would prescribe the components of an airport SMS; and (3) a new § 139.403 that would prescribe the implementation requirements for an airport SMS. E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules The proposal also would add to § 139.5 the following definitions: Accountable executive; Airport safety management system; Hazard; Nonmovement area; Risk; Risk analysis; Risk mitigation; Safety assurance; Safety policy; Safety promotion; and Safety risk management (SRM). Many of the definitions are from existing international standards and FAA guidance materials. These definitions are applicable to the following discussion. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Regulation of the Non-Movement Area Under this proposal, an airport would implement its SMS throughout the airport environment, including the movement and non-movement areas (including runways, taxiways, run-up areas, ramps, apron areas, and onairport fuel farms). The FAA acknowledges the proposal extends the scope of part 139 by including the nonmovement areas, but the FAA has concluded that ensuring safety in air transportation requires that an SMS applies to any place that affects safety during aircraft operations. Many pilot study airports concluded it was difficult to apply SMS concepts to only the movement area because aircraft and airport airside personnel routinely flow between movement and non-movement areas. The airports also found a large number of safety incidents occur in the non-movement area and believe applying SMS to this area may reduce that number. The FAA does not intend to require airports to extend their SMS to the landside environment such as terminal areas. Nevertheless, an airport may voluntarily expand its SMS to all airside and landside environments. Flexibility The FAA envisions an SMS as an adaptable and scalable system. An organization can develop an SMS to meet its unique operating environment. For those reasons, this proposal would allow an airport the maximum amount of flexibility to develop and achieve its safety goals. Accordingly, the FAA would prescribe only the general framework of an SMS. The FAA learned through the pilot studies there are circumstances when a certificate holder may want flexibility in maintaining SMS documentation. For example, some airport operators manage multiple airports (have multiple AOCs), and some may want to expand SMS beyond the FAA-regulated areas (such as for landside or terminal operations.) In allowing maximum flexibility, a certificate holder may maintain a separate SMS Manual in addition to the VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 ACM or may maintain SMS documentation directly in the ACM. If a certificate holder develops a separate manual, it would cross-reference the SMS requirements in its FAA-approved ACM. Accordingly, the FAA proposes amending § 139.203 to require the FAAapproved ACM contain the policies and procedures for development, implementation, operation, and maintenance of the certificate holder’s SMS. The FAA also proposes to amend § 139.103 to require two copies of the SMS manual, or SMS portion of the ACM, accompany an AOC application. Minimum Elements of SMS In a new § 139.402, the FAA would require each airport SMS include the four SMS components: Safety Policy, SRM, Safety Assurance, and Safety Promotion. These components are equivalent to ICAO’s SMS pillars. To support each of these components, the FAA proposes a certificate holder implement a number of elements. Together the components and elements provide the general framework for an organization-wide safety management approach to airport operations. To make these components and elements effective, a certificate holder would develop processes and procedures appropriate to the airport’s operating environment. The FAA understands that a certificate holder could comply with these requirements through a variety of means. The FAA intends these proposed requirements to be scalable to the size and complexity of the certificate holder. The FAA invites comments on how the FAA could clarify or improve the scalability of this proposal. The FAA envisions a certificate holder using an operational SMS to: • Actively engage airport management in airfield safety; • Ensure formal documentation of hazards and analytical processes are used to analyze, assess, and mitigate risks; • Proactively look for safety issues through analysis and use of lessons learned; and • Train individuals accessing the airside environment on SMS and operational safety. The following details SMS components and elements as specifically applied to a part 139 airport certificate holder. Safety Policy This proposal would require a certificate holder to establish a safety policy that: • Identifies the accountable executive; • Identifies and communicates the safety organizational structure; PO 00000 Frm 00014 Fmt 4702 Sfmt 4702 62011 • Identifies the lines of safety responsibility and accountability; • Establishes and maintains a safety policy statement; • Ensures the safety policy statement is available to all employees; • Establishes and maintains safety objectives; and • Establishes and maintains an acceptable level of safety for the organization. This proposal would require an airport to identify an accountable executive. The FAA understands that airport operations and organizational structures vary widely. Accordingly, the FAA would not prescribe a particular job title. Nevertheless, the accountable executive must be a high-level manager who can influence safety-related decisions and has authority to approve operational decisions and changes because an effective SMS requires highlevel management involvement in safety decisionmaking. Accordingly, the FAA proposes the international standard definition for an accountable executive (i.e., requiring the accountable executive to be an individual with ultimate responsibility and accountability, full control of the human and financial resources required to maintain the SMS, and final authority over operations and safety issues).10 The FAA acknowledges it may be difficult for U.S. airports to identify an accountable executive meeting that international standard, but it believes an acceptable accountable executive would be the highest approving authority at the airport for operational decisions and changes. The FAA invites comments concerning the definition of accountable executive for certificated airports. Additionally, we would require a certificate holder to identify its safety organizational structure and management responsibility and accountability for safety issues. The importance to identifying who in airport management is responsible for safety ensures resources are allocated to balance safety and service. For example, an airport would identify each manager accountable for safety and that manager’s responsibilities under the airport SMS. Each airport employee should know who is the contact point for a particular safety issue. An airport would decide how managers’ safety responsibilities and accountabilities are communicated. It could use an organizational chart or other means that identify lines of communication and decisionmaking. In some organizations, with multiple departments responsible 10 See ICAO, Safety Management Manual, at 8.4.5 & 8.4.6 ICAO Doc. 9859–AN/474 (2nd ed. 2009). E:\FR\FM\07OCP1.SGM 07OCP1 jdjones on DSK8KYBLC1PROD with PROPOSALS-1 62012 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules for part 139 compliance, an airport may have multiple line managers responsible for the safety of different airport areas (e.g., an operations manager for airfield operational safety issues or a maintenance manager for maintenance safety issues). The safety organizational structure should allow every employee to understand how safety issues progress through the organization. This safety organizational structure also would ensure that senior management is aware of the daily activities of these departments and has an active role in airport safety. Currently, § 139.203 requires certificated airports to have lines of succession of airport operator responsibility. These lines may provide a foundation for establishing the airport’s accountable executive and delineation of responsibility for SMS functions. This proposal would require a certificate holder’s safety policy statement be included in SMS documentation. The ‘‘accountable executive’’ would issue this statement because management’s commitment to safety should be expressed formally. The safety policy statement would outline the methods and processes used to achieve desired safety outcomes. The statement typically would contain the following: • A commitment by senior management to implement SMS; • A commitment to continual safety improvement; • The encouragement for employees to report safety issues without fear of reprisal; • A commitment to provide the necessary safety resources; and • A commitment to make safety the highest priority. Some airports may be able to adapt a safety policy statement from existing policy statements. Others may supplement existing policies that focus on occupational safety issues (for example, the airport strives to have zero employee injuries). Other airports may have informal safety objectives that could be formalized into a safety policy statement. Finally, this proposal would require an airport to establish safety objectives relevant to its operating environment. These objectives should improve overall airport safety. Some examples of safety objectives may include a reduction in the amount of Foreign Object Debris (FOD) related damage, a reduction in the number of Vehicle/Pedestrian Deviations (VPDs), timely issuance of airfield condition Notices to Airmen (NOTAMs), and continued conformance with part 139 requirements. Setting VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 these objectives and metrics would aid the airport, stakeholders, and the FAA in verifying achievement or progress towards an airport’s improvement of safety. Safety Risk Management (SRM) This proposal would require a certificate holder to establish an SRM process to identify hazards and their associated risks within the airport’s operations. Under SRM, the airport would be required to: • Identify safety hazards; • Ensure that mitigations are implemented where appropriate to maintain an acceptable level of safety; • Provide for regular assessment of safety level achieved; • Aim to make continuous improvement to the airport’s overall level of safety; and • Establish and maintain a process for formally documenting identified hazards, their associated analyses, and management’s acceptance of the associated risks. A comprehensive SMS using SRM would provide management a tool for identification of hazards and risks and prioritization of their resolution. While each certificate holder’s SRM processes may be unique to the airport’s operations and organizational structure, the FAA would require it to incorporate SRM’s five steps: (1) Describing the system; (2) Identifying the hazards; (3) Analyzing the risk associated with those hazards; (4) Assessing the risk associated with those hazards; and (5) Mitigating the risk of identified hazards when necessary. This proposal would require a certificate holder to use SRM processes to analyze risk associated with hazards discovered during daily operations and for changes to operations. Changes in airport operations could introduce new hazards into the airfield environment, such as adding new tenants or air carriers at the airport. These could be discovered, tracked, and mitigated using an existing or newly-created hazards tracking system. However, some system descriptions set the boundaries for hazard identification by considering the operating environment in which hazards are identified. Operational changes may overlap with SRM requirements under the FAA Air Traffic Organization’s SMS. Examples of these changes include runway extensions or the construction of new taxiways. In these cases, the FAA expects that the certificate holder would participate in the FAA’s risk analysis instead of PO 00000 Frm 00015 Fmt 4702 Sfmt 4702 performing an independent risk analysis under its SMS. The first step of SRM is describing the system. This step entails describing the operating environment in which the hazards will be identified. System description serves as the boundaries for hazard identification. For airports, operational, procedural, conditional, or physical characteristics are included in the system description. A system description could answer the following questions: • Are there visual or instrument meteorological conditions; • Is it a time of low or high peak traffic; • Are there closed or open runways; or • Is the airfield under construction or normal operations? The second step of SRM identifies hazards in a systematic way based on the system described in the first step. All possible sources of system failure should be considered. Depending on the nature and size of the system under consideration, these should include: • Equipment (for example, construction equipment on a movement surface), the operating environment (for example, weather conditions, season, time of day); • Human factors (for example, shift work); • Operational procedures (for example, staffing levels); • Maintenance procedures (for example, nightly movement area inspections by airport electricians); and • External services (for example, ramp traffic by fixed-base operator (FBO) or law enforcement vehicles). A certificate holder should implement hazard identification processes and procedures that reflect its management structure and complexity. There are many ways to accomplish this hazard identification, but all must use the following four elements: (1) Operational expertise; (2) Training in SMS (and, if possible, hazard analysis techniques); (3) A simple, but well-defined, hazard analysis tool; and (4) Adequate documentation of the process. Many airports already have hazard identification processes in place to ensure part 139 compliance. For example, part 139 currently requires an airport operator to conduct a daily inspection, unless otherwise stated in the FAA-approved ACM. A certificate holder could use hazard reports obtained through the airport’s safety reporting system, which is detailed later in this discussion. The airport also would keep track of E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules jdjones on DSK8KYBLC1PROD with PROPOSALS-1 incidents and accidents occurring in the airport’s movement and non-movement areas to identify potential operational hazards. Many airports already track incidents and accidents in the movement area. One of the most important aspects of hazard identification is systematically documenting and tracking potential hazards. This documented data allows meaningful analysis of operational safety-related trends on the airfield and of overall airport system safety. After identifying hazards, a certificate holder would complete the third step of SRM, hazard analysis. For each hazard, the certificate holder would consider the worst credible outcome (harm), which is the most unfavorable consequence that is realistically possible, based on the system described. For the worst credible outcome, the certificate holder would determine the likelihood and severity of that outcome using quantitative or qualitative methods. VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 A certificate holder would define its levels of likelihood and severity. ICAO and the FAA have developed sample definitions and levels of likelihood and severity for use in categorizing hazards.11 An example is a five-point table for severity and likelihood. The categorization of severity includes definitions for catastrophic, hazardous, major, minor, or negligible. The categorization of likelihood includes definitions for frequent, occasional, remote, improbable, and extremely improbable. A certificate holder should develop tables commensurate with its operational needs and complexity. For example, a less complex airport with few operations may find it effective to have fewer levels of gradation. However, a larger airport with a variety of operations may require a five-point or larger table to be most effective. Based 11 See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859–AN/474 (2nd ed. 2009); see also FAA Advisory Circular 150/5200–37, Introduction to Safety Management System for Airport Operators (Feb. 28, 2007). PO 00000 Frm 00016 Fmt 4702 Sfmt 4702 62013 on these definitions, a likelihood and severity of occurrence is selected for each hazard. The fourth step of SRM, risk assessment, uses the likelihood and severity assessed in step three, and compares it to the organization’s acceptable levels of safety risk. One of the easiest techniques for comparison is through the use of a predictive risk matrix. A predictive risk matrix (like figure 1) graphically depicts the various levels of severity and likelihood as they relate to the levels of risk (for example, low, medium, or high). On a typical risk matrix, severity and likelihood are placed on opposing axes (i.e., x- and y-axis on a grid). For example, a higher severity would be plotted further to the right on the x-axis, and a higher likelihood would be plotted further up the y-axis. The severity and likelihood assessed during the third step of SRM can then be plotted on the risk matrix grid for each of the hazards assessed. BILLING CODE 4910–13–P E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules The other feature of a predictive risk matrix is its depiction of the certificate holder’s acceptable level of safety risk, in other words the highest level of safety risk it will accept in its operational environment. Typically, the risk matrix VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 depicts three levels of risk: low, medium, and high. A high risk generally would be unacceptable. A medium risk may be acceptable provided mitigations are in place and verified before operations can continue. A low risk may PO 00000 Frm 00017 Fmt 4702 Sfmt 4702 be acceptable without additional mitigation. When a hazard’s likelihood and severity are plotted on the risk matrix, the certificate holder can see whether the hazard’s safety risk is acceptable to E:\FR\FM\07OCP1.SGM 07OCP1 EP07OC10.000</GPH> jdjones on DSK8KYBLC1PROD with PROPOSALS-1 62014 jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules the organization. Generally, as the likelihood and severity increase, the risk increases. Each certificate holder would determine its acceptable level of risk and other levels of risk when establishing its predictive risk matrix. For example, a hazard with an assessed likelihood of frequent and severity of catastrophic usually would be plotted in the high risk portion of the matrix. A hazard with an assessed likelihood of extremely improbable and assessed severity of minor usually would be plotted in the low risk portion of the matrix. These levels of risk would be based on the certificate holder’s acceptable level of risk and may vary from airport to airport. Under the fourth step of SRM, a certificate holder would plot the likelihood and severity of each hazard assessed during the third step on its predictive risk matrix. The certificate holder would see the level of risk for each hazard and could determine whether that level of risk is acceptable. The certificate holder would use this information to determine whether it must mitigate those risks. Ultimately, the certificate holder would formally accept the risk or approve the mitigation plan as required by its SMS. In the final step of SRM, mitigation of risk, the certificate holder would take steps to reduce the risk of the hazard to an acceptable level for any hazard determined in the fourth step to present an unacceptable risk. These efforts may include removing the hazard or implementing alternative strategies to reduce the hazard’s risks. Additionally, a certificate holder could mitigate the risk of a hazard if that risk is acceptable but could be reduced with mitigation. If a hazard has no associated risk or a low risk, an airport may not have to proceed with this step of SRM for the hazard. If step five is required, the certificate holder would monitor the mitigations put in place to ensure that they actually decrease the level of risk to an acceptable level. A certificate holder could use the hazard reporting system, which is discussed later, to track identified hazards and their mitigations deployed under SRM. Under an SMS, a certificate holder would document each of the SRM steps including the identified hazards, the risk analysis and assessment, any proposed mitigations, and management’s acceptance of risk. These records can be kept either electronically or in paper-format. This documentation ensures safety-related decisions are consistent with safety policies and goals and provides historical information that can be used to make future safetyrelated decisions. VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 This proposal would require a certificate holder to retain these documents and records for the longer of either 36 consecutive calendar months after the risk analysis of identified hazards or 12 consecutive calendar months after implementing mitigation measures. The timelines associated with the retention of those documents ensure they are kept for a time period that provides the airport historical data to conduct meaningful analysis under SRM, to review during Safety Assurance activities, and for the FAA to review for compliance during inspections. These record retention requirements are consistent with other retention requirements under part 139. While these are minimum retention requirements, certificate holders may retain their documents for longer time periods. A Practical Example of SRM The airport in this example has one runway and conducts daily selfinspections according to its FAAapproved ACM. An operations agent conducting the airport’s daily selfinspection finds foreign object debris (FOD) of substantial size and weight at a taxiway-runway intersection adjacent to an uncontrolled ramp. The operations agent removes the FOD and notes it on the inspection checklist. During a routine review of airport inspections, the operations manager notices that FOD has been collected at this same taxiway-runway intersection during multiple inspections. Under the airport’s SRM process, such an event and trend triggers a formal SRM analysis. The operations manager, who has sufficient training and understands the airport’s SMS and operating environment, conducts the analysis. Using SRM documentation procedures and templates, the manager carefully describes the system. At this particular airport, the airport is approved for lowvisibility operations which occur twenty-five percent of the calendar year. The manager then identifies all hazards associated with the FOD. The manager identifies FOD damage to aircraft and/or ingestion into aircraft engines as potential hazards based on the system description. The manager considers the worst credible outcome of FOD damage and FOD ingestion into aircraft engines based on the location of the FOD in the airport environment. Using the selfinspection records, the manager discerns the FOD usually is found closer to the runway than to the taxiway and in some instances on the runway between the centerline and edge lines. PO 00000 Frm 00018 Fmt 4702 Sfmt 4702 62015 Additionally, the weight and location of the FOD could present a danger to aircraft traversing the runway or taxiway. The manager determines that the worst credible outcome could result in loss of control of the aircraft, an aborted take-off, and/or an aircraft accident. Using the likelihood and severity definitions provided as part of the airport’s SMS, the manager’s knowledge of the airport environment, and outside resources (such as industry research or other documents with relevant quantitative statistical analysis), the manager assesses the likelihood and severity of the hazard. In this case, the manager determines the severity of such a hazard could be catastrophic (such as an aircraft accident with fatalities or serious injuries), and the likelihood is improbable. Referring to the airport’s risk matrix, the manager plots the assessed likelihood and severity, and the hazard falls within the high risk portion of the matrix. According to the airport’s SMS, the manager must take some sort of action to mitigate the occurrence of FOD in this taxiwayrunway intersection. The operations manager has identified numerous risk mitigation strategies. The manager could increase the number of targeted inspections for the area. The manager could conduct further analysis to determine the root-cause of the FOD, which could result from a lack of training, improper maintenance, or other factors that may be mitigated over time. The manager also could communicate with tenants who operate in the area to warn them of the FOD hazard. In this case, the manager chooses all three mitigation strategies with targeted inspections implemented immediately. Over time, the manager will investigate root cause, will update the airport’s FOD prevention training, and will communicate the FOD hazard to tenants. The manager completes the five SRM steps and documents the processes and determinations on the appropriate templates following the airport’s SRM guidelines. Finally, the manager adds an entry to the hazard reporting system to follow up in two weeks to review the self-inspection and targeted inspection reports to verify whether mitigations are working. Safety Assurance This proposal would require a certificate holder to ensure safety risk mitigations developed through the airport’s SRM process are adequate, and the airport’s SMS is functioning effectively. The key outcome of safety E:\FR\FM\07OCP1.SGM 07OCP1 jdjones on DSK8KYBLC1PROD with PROPOSALS-1 62016 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules assurance is continuous improvement of the airport’s operational safety. The proposal would require the certificate holder to: • Develop and implement a means for monitoring safety performance; • Establish and maintain a hazard reporting system that provides a means for reporter confidentiality; and • Develop and implement a process for reporting pertinent safety information and data to the accountable executive on a regular basis. Safety performance monitoring and measurement is one way an organization can verify its SMS’s effectiveness. ICAO also offers a variety of safety performance monitoring and measurement methods including hazard reports, safety studies, safety reviews, audits, safety surveys, and internal safety investigations.12 While some certificate holders may not find added value in implementing or using all of these information sources, a certificate holder may benefit from using an internal audit or assessment to monitor performance. Documents created under the airport’s SMS should be reviewed periodically to verify whether the airport’s SMS processes and procedures are being followed, whether trends exist that have not been identified, and whether SRM mitigations are being implemented and are effective. The certificate holder would determine whether this review is completed by airport personnel or by a third party. The proposal also would require a certificate holder to establish and maintain a hazard reporting system. A certificate holder’s SRM processes and hazard identification procedures likely would not catch all potential airfield hazards. Some hazards may be identified by other employees, airfield tenants, or pilots. Therefore, an airport’s SRM would include a system for hazard reporting. A certificate holder may develop the best system for its operating environment, whether a call-in line, a web-based system, or a drop box. The certificate holder would train all employees on the existence of the system and how a report flows through the system to management. The FAA proposes that airports develop a confidential hazard reporting system. ICAO’s SMS model envisions a non-punitive reporting system. Based on information obtained during the pilot studies, a U.S. airport may be unable to prevent punishment of non-airport employees (for example, tenant employees). Therefore, the FAA has concluded that requiring a confidential 12 See ICAO, Safety Management Manual, at 9.6.4 ICAO Doc. 9859–AN/474 (2nd ed. 2009). VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 hazard reporting system will protect the reporter’s identity and achieve the goal of protection from reprisal. For some airports, the required data tracking, data reporting, and assessment programs already exist in other formats. Many airports have functional occupational safety programs in place with reporting, inspection, and training requirements. An airport can use these programs to build its operational SMS. The FAA envisions an airport using safety assurance to enhance the airport’s ability to spot trends and identify safety issues before they result in a near-miss, incident, or accident. An example of safety assurance may involve the performance of the airport in reducing the number of runway incursions. Effective safety assurance processes would require review and investigation of previous incidents and accidents as well as analysis of current policies, procedures, training, and equipment for potential weaknesses. In addition, the safety assurance process would review the efficacy of previously implemented safety strategies to ensure they are functioning as predicted and have not introduced any new systemic risks. Safety assurance also prescribes data collection and analytical methods that help a certificate holder transition from a reactive approach to a more predictive approach to aviation safety. In this example, failure analysis can be used to anticipate future failures before they occur. Therefore, Safety Assurance provides management tools and data to ensure that the SMS is properly functioning and that mitigations developed through SRM processes are having their intended effect. Safety Promotion This proposal would require a certificate holder to establish processes and procedures to foster a safety culture. These processes and procedures include providing formal safety training to all employees with access to the airfield, and developing and maintaining formal means for communicating important safety information. As previously stated, part 139 currently prescribes numerous training and communications requirements that can be used in developing an SMS. Under an SMS, these requirements would be enhanced and extended to more individuals operating on the airport because everyone has a role in promoting safety. For example, instead of training just those airport employees on part 139 technical requirements (such as airfield driver training), an airport would ensure that all employees with access to the movement and nonmovement areas receive training on PO 00000 Frm 00019 Fmt 4702 Sfmt 4702 operational safety and on the airport’s SMS. The FAA proposes the SMS training requirement would apply to airport employees based on information obtained during the pilot studies. However, the FAA believes greater benefits may be achieved if that training requirement were applied to all individuals with access to the movement and non-movement areas, and it is considering that broader SMS training requirement. The FAA invites comments concerning the practical and economic implications of applying the training requirements to all individuals accessing the movement and nonmovement area. The FAA also believes that through the safety promotion component of SMS, an airport’s management will promote the growth of a positive safety culture through: • Publication of senior management’s stated commitment to safety to all employees; • Visible demonstration of management’s commitment to the SMS; • Communication of the safety responsibilities for the airport’s personnel specific to their function within the airport; • Clear and regular communication of safety policy, goals, objectives, standards, and performance to all employees of the organization; • A confidential and effective employee reporting and feedback system; • Use of a safety information system that provides an accessible efficient means to retrieve information; and • Allocation of resources essential to implement and maintain the SMS. An airport could demonstrate its commitment to safety promotion in several ways. An airport could allocate sufficient resources for the initial and recurrent training of its staff. Likewise, an airport could communicate the results of risk analysis and mitigations for reported hazards. Any training records created as part of the certificate holder’s safety promotion processes and procedures would be retained and available for inspection for 24 consecutive calendar months. This retention period is consistent with that for other training records under existing § 139.301. The FAA proposes that any other communications created as part of safety promotion would be retained for 12 consecutive calendar months. As previously discussed, the FAA recognizes that certificate holders may have systems and processes in place that partially meet the proposed SMS requirements. The FAA believes these systems and processes can easily be E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules jdjones on DSK8KYBLC1PROD with PROPOSALS-1 incorporated into an SMS and does not intend duplicative burdens. The FAA requests comments on systems and processes currently in use that would not be compatible with the proposed requirements. The FAA also requests comments specifically identifying how the FAA could clarify or improve the incorporation of existing systems and processes into an SMS. Proposed Implementation Plan Requirements The FAA proposes to require all certificate holders and applicants for an AOC to submit an implementation plan that accurately describes how the airport will meet the requirements of Subpart E and provides timeframes for implementing the various SMS components and elements within the airport’s organization and operations. While the FAA is not requiring an airport to conduct a gap analysis before implementing an SMS, this implementation plan would require a certificate holder to proactively review its current organizational framework and determine how it conforms to airport SMS requirements. This proposal also would require a certificate holder to establish target dates for meeting the requirements of Subpart E well before compliance with Subpart E would be required. Further, the implementation plan must determine an overall SMS implementation timeline as well as dates for completion of updates to the ACM and, where applicable, the SMS Manual. The proposal takes a two-pronged approach to implementation based on the scale of operations at the certificated airport and provides ample time for airports to conform to the SMS requirement. The FAA learned during the first pilot study that many larger airports were able to complete their gap analysis and develop the SMS Manual and Implementation Plan within six months. However, during the second pilot study with smaller certificated airports, many airports were not able to successfully complete their gap analysis and manual within that timeframe. Based on this experience, the FAA has determined that six months is adequate time for Class I airports to develop a plan of how the airport will develop and implement an SMS. Similarly, the FAA has determined that nine months is adequate time for Class II, III, and IV airports to develop an implementation plan. These implementation plans should detail the steps the airport will take to develop an SMS taking into account the unique operating environment of the airport. Based on projections from the pilot study airports, VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 the FAA has determined that the implementation process should be completed within 18 months for a Class I airport and within 24 months for a Class II, III, and IV airport. Based on findings from the pilot study, the FAA has determined that all components of an SMS are interrelated and must be implemented at the same time for an SMS to be effective. The FAA requests comments on the proposed implementation requirements and timeframes. If you believe the FAA should adopt a phased-in approach for the SMS components, please provide specific recommendations for how the requirements could be phased in and analysis of the effect on implementation costs and corresponding postponement of safety benefits. The FAA also proposes to remove paragraph (c) of § 139.101 because the implementation schedule for submitting a new Airport Certification Manual (ACM) under that section is no longer applicable. Further, the FAA intends to publish any accompanying Advisory Circulars prior to the final rule and widely communicate the requirements to airports through the various industry organizations and FAA airport conferences. FAA’s Role and Oversight An SMS is not a substitute for compliance with FAA regulations or FAA oversight activities. Rather, an SMS would ensure compliance with safety-related statutory and regulatory requirements. An SMS enhances the FAA’s ability to understand the safety of airport operations throughout the year, and not just when an FAA inspector is physically on the airfield. During an airport’s periodic inspection, the FAA envisions an inspector reviewing the certificate holder’s ACM to ensure that the SMS requirements are clearly identified and detailed in the ACM or referenced SMS Manual. The inspector would verify through airport records, interviews, and other means that the SMS is being communicated, training is being provided, and senior management is actively engaged in the management and oversight of the SMS. The FAA intends this review as an evaluation of whether a certificate holder’s SMS is functioning as it is intended to function rather than as a means for us to second guess a certificate holder’s decisions. However, if during the course of an inspection, these processes are determined to have failed in discovering discrepancies with part 139 or have created new discrepancies, the FAA would take appropriate action to ensure the airport PO 00000 Frm 00020 Fmt 4702 Sfmt 4702 62017 corrects these non-compliant conditions. The following examples detail possible inspector activity, but this proposal does not limit any FAA inspection authority. An FAA inspector may review safety meeting minutes and sign-in sheets to verify whether members of the airport’s management team are regularly attending. Additionally, an FAA inspector may request to see SRM documentation to determine whether acceptance of a given risk is being performed by the appropriate level of management. An inspector may also verify whether mitigations are being implemented, which is a clear indicator of the effectiveness of the airport’s SRM and safety assurance components. As for verification of safety promotion, the inspector may review training records, training curricula, and the methods of communicating critical safety information throughout the airport organization and to key stakeholders. If a certificate holder decided to extend the umbrella of its SMS to landside operations beyond the scope of this proposal, the FAA’s oversight and inspection authority would extend only to those areas envisioned by this proposal. The FAA has determined that an SMS is a valuable set of tools for improving safety at airports. However, an SMS does not replace part 139 requirements. An SMS would serve as an enhancement to those technical standards already required under part 139, and the FAA will continue to inspect according to part 139 standards. Additionally, the FAA will promulgate prescriptive regulations as appropriate. Safety management systems for the aviation industry are still developing. However, the FAA believes now is the time to begin developing and implementing SMS requirements because of their benefits to aviation safety. The FAA recognizes that future rulemaking may be required to capture safety developments, connect to related regulations, and avoid duplication of SMS requirements for various industry sectors. The FAA is considering rulemaking that would establish SMS requirements for other segments of the aviation industry. The FAA requests comments on the interaction between this proposed rule and potential future rulemakings. The FAA also requests comments on which portions of this proposed rule should be adopted for any potential SMS requirements. Finally, the FAA requests comments on whether there are other issues or principles not E:\FR\FM\07OCP1.SGM 07OCP1 62018 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules included in this proposal that the FAA should consider in issuing a final rule. Rulemaking Analyses and Notices Paperwork Reduction Act This proposal contains a revision of a currently approved collection of information (OMB–2120–0675) subject to review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)). The title, description, and number of respondents, frequency of the collection, and estimate of the annual total reporting and recordkeeping burden are shown below. Title: Safety Management System for Certificated Airports. Summary: The FAA proposes to revise current part 139 to require certificated airports to establish a safety management system (SMS). An SMS is a formalized approach to managing safety that includes an organizationwide safety policy, formal methods of identifying potential hazards, formal methods for analyzing and mitigating potential hazards, and an organizationwide emphasis on promoting a safety culture. Use of: Each airport would be able to develop its SMS based on its own unique operating environment. Because airport management can tailor its system, the FAA expects an SMS comprised of four key components: Safety Policy, Safety Risk Management, Safety Assurance, and Safety Promotion. An airport would establish and maintain records that document Safety Risk Management processes; report pertinent safety information and data on a regular basis; record training by each individual that includes, at a minimum, a description and date of training received; and, set forth an implementation plan. The following information lists estimated initial and annual hours respondents would need to comply with the proposed part 139 SMS reporting and recordkeeping and cost requirements: Proposed part 139 section Description Initial burden hours Annual burden hours 139.203 ..................... 139.301 ..................... Airport Safety Management Documentation and Implementation Plan ........................... Records: to include the hazard reporting system, the records database, training records, promotional material. 784,552 ........................ ........................ 21,847 562 currently certificated airports × 1,396 hours per airport to document an airport’s SMS and implementation plan = 784,552 total hours. Record Keeping (Annual) 5 minutes to update training records per employee × 72,800 estimated employees for all 562 airports = 6,067 hours per year, 30 minutes to record a potential hazard × an estimated 1 potential hazard per week = 13,676 hours per year. 1 hour to create promotional material per airport: promotional material estimated to be distributed quarterly = 4 hours × 562 airports = 2,104 hours per year. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 6, 067 hours (update training records) 13,676 hours (record potential hazards) + 2,104 hours (create promotional material) 21,847 hours per year. Estimated total initial SMS cost burden: $10,983,728. Estimated total SMS document burden: 784,552 hrs. Clerical Labor (784,552 hrs. × $14 per hr). Total Labor Costs: $10,983,728. Estimated total annual recordkeeping cost burden: $305,858. Estimated total annual recordkeeping burden: 21,847 hrs. Clerical Labor (21,847 hrs. × $14 per hr). Total Labor Costs: $305,858. Individuals and organizations may submit comments on the information collection requirement by January 5, VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 2011, to the address listed in the section of this document. ADDRESSES International Compatibility In keeping with the U.S. obligations under the Convention on International Civil Aviation, it is FAA policy to conform to International Civil Aviation Organization (ICAO) Standards and Recommended Practices to the maximum extent practicable. The FAA has reviewed the corresponding ICAO Standards and Recommended Practices and has identified no differences with these proposed regulations. Regulatory Evaluation, Regulatory Flexibility Determination, International Trade Impact Assessment, and Unfunded Mandates Assessment Changes to Federal regulations must undergo several economic analyses. First, Executive Order 12866 directs that each Federal agency shall propose or adopt a regulation only upon a reasoned determination that the benefits of the intended regulation justify its costs. Second, the Regulatory Flexibility Act of 1980 (Pub. L. 96–354) requires agencies to analyze the economic impact of regulatory changes on small entities. Third, the Trade Agreements Act (Pub. L. 96–39) prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States. In developing U.S. standards, this Trade Act requires agencies to consider international standards and, where appropriate, that they be the basis of U.S. standards. Fourth, the Unfunded Mandates Reform Act of 1995 (Pub. L. PO 00000 Frm 00021 Fmt 4702 Sfmt 4702 104–4) requires agencies to prepare a written assessment of the costs, benefits, and other effects of proposed or final rules that include a Federal mandate likely to result in the expenditure by State, local, or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation with base year of 1995). This portion of the preamble summarizes the FAA’s analysis of the economic impacts of this proposed rule. We suggest readers seeking greater detail read the full regulatory evaluation, a copy of which we have placed in the docket for this rulemaking. In conducting these analyses, FAA has determined that this proposed rule: (1) Has benefits that justify its costs; (2) is an not an economically ‘‘significant regulatory action’’ but is a ‘‘significant regulatory action’’ for other reasons as defined in section 3(f) of Executive Order 12866; (3) is ‘‘significant’’ as defined in DOT’s Regulatory Policies and Procedures; (4) would not have a significant economic impact on a substantial number of small entities; (5) would not create unnecessary obstacles to the foreign commerce of the United States; and (6) would not impose an unfunded mandate on state, local, or tribal governments, or on the private sector by exceeding the threshold identified above. These analyses are summarized below. Total Benefits and Costs of This Rule This notice of proposed rulemaking would require certificated airports to establish a safety management system (SMS). An SMS is a formalized E:\FR\FM\07OCP1.SGM 07OCP1 EP07OC10.001</GPH> SMS Document (Initial Burden) Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules approach to managing safety, which includes an organization-wide safety policy, formal methods of identifying potential hazards, formal methods for analyzing and mitigating potential hazards, and an organization-wide emphasis on promoting a safety culture. An SMS for airports is comprised of four key components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. These components would help airports effectively integrate the formal risk control procedures into normal operational practices thus improving safety at airports throughout the United States air transportation system that host air carrier operations. The estimated cost of this proposed rule is $ 248 million ($172 million in present value) with potential estimated benefits ranging from $ $170,341,000 ($104,498,600 present value) up to $255,512,000 ($161,441,600 present value). Accounting for the funded survey sample bias, scalability of SMS and qualitative benefits, the FAA expects that overall the proposed rule would have benefits greater than costs. Who is potentially affected by this rule? • Part 139 Certificated Airports. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Assumptions • All costs and benefits are presented in 2009 dollars. • All costs and benefits are estimated over a 10-year period from 2012 through 2021. • The present value discount rate of 7 percent is applied as required by the Office of Management and Budget. Benefits of This Rule The objective of SMS is to proactively manage safety, to identify potential hazards or risks and implement measures to mitigate those risks. In that respect, the FAA envisions airports being able to use all of the components of SMS to enhance the airport’s ability to spot trends, and identify safety issues before they result in a near-miss, incident, or accident. Over the 10-year period of analysis, the potential benefits of potentially averted accidents range from $170 to $256 million. The FAA also suspects that there are many benefits of SMS, which were unable to be quantified. For example, one of the smaller pilot study airports used their Safety Risk Management (SRM), or formal process, to identify and manage a hazard. The airport identified that loosely controlled passenger traffic was accessing the ramp area. Although, no passenger to date had been injured on the ramp, the airport had experienced ‘‘close-calls’’. In VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 completing their hazard and risk analysis, the airport determined that the lack of current control presented an unacceptable high risk for the organization. The airport immediately took action to identify feasible mitigation strategies including dedicated passenger walkways, notification of passengers on airport procedures prior to ramp access, and tasking of additional staff to ramp areas for increased control and oversight of passenger traffic during peakoperations. Moreover, the FAA believes that the benefits of SMS, over the 10year period of analysis, are much greater than what is currently quantified. Costs of This Rule The rule if enacted would require certificated U.S. airports to establish a safety management system (SMS) based on the four components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. These components include costs to document an airport’s SMS and implementation plan, new staff, new equipment and materials, and training. The costs vary based on the size of the airport. In total this proposed rule is estimated to cost airports $248 million over 10 years. Regulatory Flexibility Determination The Regulatory Flexibility Act of 1980 (Pub. L. 96–354) (RFA) establishes ‘‘as a principle of regulatory issuance that agencies shall endeavor, consistent with the objectives of the rule and of applicable statutes, to fit regulatory and informational requirements to the scale of the businesses, organizations, and governmental jurisdictions subject to regulation. To achieve this principle, agencies are required to solicit and consider flexible regulatory proposals and to explain the rationale for their actions to assure that such proposals are given serious consideration.’’ The RFA covers a wide-range of small entities, including small businesses, not-forprofit organizations, and small governmental jurisdictions. Agencies must perform a review to determine whether a rule will have a significant economic impact on a substantial number of small entities. If the agency determines that it will, the agency must prepare a regulatory flexibility analysis as described in the RFA. However, if an agency determines that a rule is not expected to have a significant economic impact on a substantial number of small entities, section 605(b) of the RFA provides that the head of the agency may so certify and a regulatory flexibility analysis is not required. The certification must include a statement providing the PO 00000 Frm 00022 Fmt 4702 Sfmt 4702 62019 factual basis for this determination, and the reasoning should be clear. The proposed rule will affect all part 139 airports. Under this rule airports would be required to establish a safety management system to proactively manage safety at the airport. A substantial number of part 139 airports will meet the Small Business Administration definition of a small entity, which includes small governmental jurisdictions as governments of cities, counties, towns, townships, villages, school districts, or special districts with populations of less than 50,000. The requirements of the rule are scalable by airport. They have the ability to choose low cost options. Moreover, many smaller airports expect little to no added cost, given the size of their operations. These airports have fewer operations and employees which are associated with a lower number of reportable incidents, and with fewer incidents these airports can choose inexpensive options. Options, such as an EXCEL or ACCESS for data tracking, a suggestion box for the hazard reporting system, and easy to create memorabilia for promotional material are compliance examples reported by many of these airports. The cost of these items is minimal at roughly $300 per airport. Small airports also have the option of hiring new staff, but the FAA expects that given the size of these airports no additional staff will be needed to meet the requirements of this rule. Thus while there are a substantial number of small entities, the rule would not create a significant economic impact to these airports. Therefore, the FAA certifies this proposed rule, if promulgated, would not have a significant impact on a substantial number of small entities. The FAA solicits comments regarding this determination. Specifically, the FAA requests comments on whether the proposed rule creates any specific compliance costs unique to small entities. Please provide detailed economic analysis to support any cost claims. The FAA also invites comments regarding other small entity concerns with respect to the proposed rule. International Trade Impact Assessment The Trade Agreements Act of 1979 (Pub. L. 96–39), as amended by the Uruguay Round Agreements Act (Pub. L. 103–465), prohibits Federal agencies from establishing standards or engaging in related activities that create unnecessary obstacles to the foreign commerce of the United States. Pursuant to these Acts, the establishment of standards is not considered an unnecessary obstacle to E:\FR\FM\07OCP1.SGM 07OCP1 62020 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules the foreign commerce of the United States, so long as the standard has a legitimate domestic objective, such the protection of safety, and does not operate in a manner that excludes imports that meet this objective. The statute also requires consideration of international standards and, where appropriate, that they be the basis for U.S. standards. The FAA has assessed the potential effect of this proposed rule and determined that it will have only a domestic impact and therefore would not create unnecessary obstacles to the foreign commerce of the United States. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Unfunded Mandates Assessment Title II of the Unfunded Mandates Reform Act of 1995 (Pub. L. 104–4) requires each Federal agency to prepare a written statement assessing the effects of any Federal mandate in a proposed or final agency rule that may result in an expenditure of $100 million or more (in 1995 dollars) in any one year by State, local, and tribal governments, in the aggregate, or by the private sector; such a mandate is deemed to be a ‘‘significant regulatory action.’’ The FAA currently uses an inflation-adjusted value of $143.1 million in lieu of $100 million. This proposed rule does not contain such a mandate; therefore, the requirements of Title II of the Act do not apply. Executive Order 13132, Federalism The FAA has analyzed the proposal under the principles and criteria of Executive Order 13132, Federalism. Most airports subject to this proposal are owned, operated, or regulated by a local government body (such as a city or council government), which, in turn, is incorporated by or as part of a State. Some airports are operated directly by a State. This proposal would have low costs of compliance compared with the resources available to airports, and it would not alter the relationship between certificate holders and the FAA as established by law. Accordingly, the FAA has determined that this action would not have a substantial direct effect on the States, on the relationship between the national Government and the States, or on the distribution of power and responsibilities among the various levels of government. Therefore, the FAA has determined that this rulemaking does not have federalism implications. The FAA will mail a copy of the NPRM to each state government specifically inviting comment. Environmental Analysis FAA Order 1050.1E defines FAA actions that are categorically excluded VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 from preparation of an environmental assessment or environmental impact statement under the National Environmental Policy Act (NEPA) in the absence of extraordinary circumstances. The FAA has determined this proposed rulemaking action qualifies for the categorical exclusion identified in Chapter 3, paragraph 312d and involves no extraordinary circumstances. Regulations That Significantly Affect Energy Supply, Distribution, or Use The FAA has analyzed this NPRM under Executive Order 13211, Actions Concerning Regulations that Significantly Affect Energy Supply, Distribution, or Use (May 18, 2001). We have determined that it is not a ‘‘significant energy action’’ under the executive order because it is not likely to have a significant adverse effect on the supply, distribution, or use of energy. Additional Information Comments Invited The FAA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, or federalism impacts that might result from adopting the proposals in this document. The most helpful comments reference a specific portion of the proposal, explain the reason for any recommended change, and include supporting data. To ensure the docket does not contain duplicate comments, please send only one copy of written comments, or if you are filing comments electronically, please submit your comments only one time. We will file in the docket all comments we receive, as well as a report summarizing each substantive public contact with FAA personnel concerning this proposed rulemaking. Before acting on this proposal, we will consider all comments we receive on or before the closing date for comments. We will consider comments filed after the comment period has closed if it is possible to do so without incurring expense or delay. We may change this proposal in light of the comments we receive. Throughout the proposal discussion, the FAA specifically identifies specific issues related to SMS and guiding principles associated with SMS on which it seeks specific comment. These specific questions are enumerated here to facilitate comment. Please include the question number in your responses to the following questions: PO 00000 Frm 00023 Fmt 4702 Sfmt 4702 1. Are there interactions between this proposal and potential future rulemakings involving SMS issues? To what extent should the proposal here take into account the possibility of future rulemakings on similar topics? Would it be better to wait for experience under any final rule in this proceeding before judging whether it can or should serve as a precedent for any other SMS requirements? 2. Are there other principles that the FAA should consider in crafting a final rule on airport SMS that are not embodied in this proposal? 3. To what extent will the regulatory burdens proposed by the proposed rule flow through to persons or businesses other than the ones included in the economic analysis? If such flow-through exists, will it increase total societal costs, and if so, by how much? If costs do flow through to others, are costs correspondingly reduced to persons ‘‘upstream’’? Please provide detailed economic analysis to support any claims of increased costs or cost-offsets, rather than mere assertions. 4. The FAA intends for this and any future SMS rules to be fully scalable, based on the size and complexity of the organization implementing SMS. Do commenters have suggestions for how the FAA could clarify or improve the scalability of this proposal? Please provide detailed suggestions to expand implementation flexibility within the proposal. 5. Would the cost-effectiveness of the rule be improved if the requirements are phased in? Which specific provisions should be phased in? Please provide specific recommendations for a phase-in period, including analysis of the effect on costs to industry and the corresponding postponement of safety benefits. 6. What should the FAA specifically consider when defining ‘‘accountable executive’’ to adequately address the unique operating environment of certificated airports? 7. Should the FAA consider expanding the SMS training requirements to all individuals (rather than just airport employees) accessing the movement and non-movement areas? What are the specific practical and economic implications of such a requirement? Proprietary or Confidential Business Information Do not file in the docket information that you consider to be proprietary or confidential business information. Send or deliver this information directly to the person identified in the FOR FURTHER INFORMATION CONTACT section of this E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules document. You must mark the information that you consider proprietary or confidential. If you send the information on a disk or CD–ROM, mark the outside of the disk or CD–ROM and also identify electronically within the disk or CD–ROM the specific information that is proprietary or confidential. Under 14 CFR 11.35(b), when we are aware of proprietary information filed with a comment, we do not place it in the docket. We hold it in a separate file to which the public does not have access, and we place a note in the docket that we have received it. If we receive a request to examine or copy this information, we treat it as any other request under the Freedom of Information Act (5 U.S.C. 552). We process such a request under the DOT procedures found in 49 CFR part 7. Availability of Rulemaking Documents You can get an electronic copy using the Internet by— (1) Searching the Federal eRulemaking Portal (https:// www.regulations.gov); (2) Visiting the FAA’s Regulations and Policies Web page at https:// www.faa.gov/regulations_policies/; or (3) Accessing the Government Printing Office’s Web page at https:// www.gpoaccess.gov/fr/. You can also get a copy by sending a request to the Federal Aviation Administration, Office of Rulemaking, ARM–1, 800 Independence Avenue, SW., Washington, DC 20591, or by calling (202) 267–9680. Make sure to identify the docket number or notice number of this rulemaking. You may access all documents the FAA considered in developing this proposed rule, including economic analyses and technical reports, from the internet through the Federal eRulemaking Portal referenced in paragraph (1). List of Subjects in 14 CFR Part 139 Air carriers, Airports, Aviation safety, Reporting and recordkeeping requirements. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 The Proposed Amendment In consideration of the foregoing, the Federal Aviation Administration proposes to amend chapter I of Title 14, Code of Federal Regulations as follows: VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 62021 or harm. Risk analysis can be either a quantitative or qualitative analysis; however, the inability to quantify or the 1. The authority citation for part 139 lack of historical data on a particular continues to read as follows: hazard does not preclude the need for Authority: 49 U.S.C. 106(g), 40113, 44701– analysis. 44702, 44709, 44719. Risk mitigation means any action taken to reduce the risk of a hazard’s 2. Amend § 139.5 by adding the effect. definitions of Accountable executive, Airport Safety Management System * * * * * (SMS), Hazard, Non-movement area, Safety assurance means the process Risk, Risk analysis, Risk mitigation, management functions that evaluate the Safety assurance, Safety policy, Safety continued effectiveness of implemented promotion, and Safety risk management risk mitigation strategies; support the in alphabetical order to read as follows: identification of new hazards; and function to systematically provide § 139.5 Definitions. confidence that an organization meets or Accountable executive means a single, exceeds its safety objectives through identifiable person who, irrespective of continuous improvement. other functions, has ultimate Safety policy means the statement and responsibility and accountability, on documentation adopted by a certificate behalf of the certificate holder, for the holder defining its commitment to implementation and maintenance of the safety and overall safety vision. Airport Safety Management System. The Safety promotion means the Accountable Executive has full control combination of safety culture, training, of the human and financial resources required to implement and maintain the and communication activities that Airport Safety Management System. The support the implementation and operation of an SMS. Accountable Executive has final Safety risk management means a authority over operations conducted under the Airport’s Operating Certificate formal process within an SMS and has final responsibility for all safety composed of describing the system, identifying the hazards, analyzing, issues. assessing, and mitigating the risk. * * * * * * * * * * Airport Safety Management System (SMS) means an integrated collection of § 139.101 [Amended] processes and procedures that ensures a 3. Amend § 139.101 by removing formalized and proactive approach to paragraph (c). system safety through risk management. 4. Amend § 139.103 by revising * * * * * paragraph (b) to read as follows: Hazard means any existing or potential condition that can lead to § 139.103 Application for certificate. injury, illness, death, or damage to or * * * * * loss of a system, equipment, or property. (b) Submit with the application, two * * * * * copies of an Airport Certification Non-movement area means the area, Manual, Safety Management System other than that described as the Implementation Plan (as required by movement area, used for the loading, § 139.103(b)), and Safety Management unloading, parking, and movement of System Manual (where applicable) aircraft on the airside of the airport prepared in accordance with subparts C (including without limitation ramps, and E of this part. apron areas, and on-airport fuel farms). 5. Amend § 139.203 by redesignating * * * * * paragraph (b)(29) as (b)(30) and adding Risk means the composite of a new paragraph (b)(29) to read as predicted severity and likelihood of the follows: worst credible outcome (harm) of a § 139.203 Contents of Airport Certification hazard. Manual. Risk analysis means the process * * * * whereby a hazard is characterized for its * likelihood and the severity of its effect (b) * * * PART 139—CERTIFICATION OF AIRPORTS PO 00000 Frm 00024 Fmt 4702 Sfmt 4702 E:\FR\FM\07OCP1.SGM 07OCP1 62022 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules REQUIRED AIRPORT CERTIFICATION MANUAL ELEMENTS Airport certificate class Manual elements Class I * * * * * 29. Policies and procedures for the development, implementation, operation, and maintenance of the Airport’s Safety Management System, as required under subpart E of this part ........................................................................................................................................ * * * 6. Amend § 139.301 by revising paragraph (b)(1) and adding new paragraphs (b)(9) and (b)(10) to read as follows: § 139.301 Records. * * * * * (b) * * * (1) Personnel training. Twenty-four consecutive calendar months for personnel training records, as required under §§ 139.303, 139.327, and 139.402. * * * * * (9) Safety risk management documentation. Thirty-six consecutive calendar months or twelve consecutive calendar months, as required under § 139.402(b). (10) Safety communications. Twelve consecutive calendar months for safety communications, as required under § 139.402(d). * * * * * 7. Add subpart E to part 139 to read as follows: Subpart E—Airport Safety Management System Sec. 139.401 General requirements. 139.402 Components of Airport Safety Management System. 139.403 Airport Safety Management System implementation. Subpart E—Airport Safety Management System jdjones on DSK8KYBLC1PROD with PROPOSALS-1 § 139.401 General requirements. (a) Each certificate holder, or applicant for an Airport Operating Certificate, must develop and maintain an Airport Safety Management System that is approved by the Administrator. (b) The scope of an Airport Safety Management System must encompass aircraft operation in the movement area, aircraft operation in the non-movement area, and other airport operations addressed in this part. (c) Each required certificate holder must describe its compliance with the requirements identified in § 139.402 either: (1) Within a separate section of the certificate holder’s Airport Certification VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 * § 139.402 Components of Airport Safety Management System. An approved Airport Safety Management System must include: (a) Safety Policy. A Safety Policy that, at a minimum: (1) Identifies the accountable executive. (2) Establishes and maintains a safety policy statement signed by the accountable executive. (3) Ensures the safety policy statement is available to all employees and tenants. (4) Identifies and communicates the safety organizational structure. (5) Describes management responsibility and accountability for safety issues. (6) Establishes and maintains safety objectives and the certificate holder’s acceptable level of safety. (7) Defines methods, processes, and organizational structure necessary to meet safety objectives. (b) Safety Risk Management. Safety Risk Management processes and procedures for identifying hazards and their associated risks within airport operations and for changes to those operations covered by this part that at a minimum: (1) Establish a system for identifying safety hazard. (2) Establish a systematic process to analyze hazards and their associated risks by: (i) Describing the system; (ii) Identifying hazards; (iii) Analyzing the risk of identified hazards and/or proposed mitigations; Frm 00025 Fmt 4702 Sfmt 4702 Class III * X X * Manual titled Airport Safety Management System; or (2) Within a separate Airport Safety Management System Manual. If the certificate holder chooses to use a separate Airport Safety Management System Manual, the Airport Certification Manual must incorporate by reference Airport Safety Management System Manual. (d) FAA Advisory Circulars contain methods and procedures for the development of an Airport Safety Management System. PO 00000 Class II Class IV * X * X * (iv) Assessing the level of risk associated with identified hazards; and (v) Mitigating the risks of identified hazards, when appropriate. (3) Provide for regular assessment to ensure that safety objectives identified under paragraph (a)(6) of this section are being met. (4) Establish and maintain records that document the certificate holder’s Safety Risk Management processes. (i) The records shall provide a means for airport management’s acceptance of assessed risks and mitigations. (ii) Records associated with the certificate holder’s Safety Risk Management processes must be retained for the longer of: (A) Thirty-six consecutive calendar months after the risk analysis of identified hazards under paragraph (b)(2)(iv) of this section has been completed; or (B) Twelve consecutive calendar months after mitigations required under paragraph (b)(2)(v) of this section have been implemented. (c) Safety Assurance. Safety Assurance processes and procedures to ensure mitigations developed through the certificate holder’s Safety Risk Management processes and procedures are adequate, and the Airport’s Safety Management System is functioning effectively and meeting the safety objectives established under paragraph (a)(6) of this section. Those processes and procedures must, at a minimum: (1) Provide a means for monitoring safety performance. (2) Establish and maintain a hazard reporting system that provides a means for reporter confidentiality. (3) Report pertinent safety information and data on a regular basis to the accountable executive. Reportable data includes without limitation: (i) Performance with safety objectives established under paragraph (a)(6) of this section; (ii) Safety critical information distributed in accordance with paragraph (d)(2)(ii) of this section; (iii) Status of ongoing mitigations required under the Airport’s Safety Risk E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules Management processes as described under paragraph (b)(2)(v) of this section; and (iv) Status of a certificate holder’s schedule for implementing the Airport Safety Management System as described under paragraph (b)(2) of this section. (d) Safety Promotion. Safety Promotion processes and procedures to foster an airport operating environment that encourages safety. Those processes and procedures must, at a minimum: (1) Provide formal safety training to each employee and tenant with access to airport areas regulated under this part that is appropriate to the individual’s role. (2) Maintain a record of all training by each individual under this section that includes, at a minimum, a description and date of training received. Such records must be retained for 24 consecutive calendar months after completion of training. (3) Develop and maintain formal means for communicating important safety information that, at a minimum: (i) Ensures that all personnel are aware of the SMS and their safety roles and responsibilities; (ii) Conveys critical safety information; (iii) Provides feedback to reporters using the airport’s hazard reporting system required under § paragraph (c)(2) of this section; and (iv) Disseminates safety lessons learned to relevant personnel or other stakeholders. (4) Maintain records of communications required under this section for 12 consecutive calendar months. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 § 139.403 Airport Safety Management System implementation. (a) Each certificate holder required to develop and maintain an Airport Safety Management System under this subpart must submit an implementation plan on or before: (1) [6 months after effective date of final rule] for Class I airports. (2) [9 months after effective date of final rule] for Class II, III, and IV airports. (b) An implementation plan must provide: (1) A proposal on how the certificate holder will meet the requirements prescribed in this subpart; and (2) A schedule for implementing SMS components and elements prescribed in § 139.402. (d) Each certificate holder must submit its amended Airport Certification Manual and Airport Safety Management System Manual, if applicable, to the FAA for approval in VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 accordance with its implementation plan but not later than: (1) [18 months after effective date of final rule] for Class I airports. (2) [24 months after effective date of final rule] for Class II, III, and IV airports. Issued in Washington, DC, on September 30, 2010. Michael J. O’Donnell, Director, Office of Airport Safety and Standards. [FR Doc. 2010–25338 Filed 10–6–10; 8:45 am] BILLING CODE 4910–13–P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission 18 CFR Part 35 [Docket No. RM10–23–000] Transmission Planning and Cost Allocation by Transmission Owning and Operating Public Utilities September 29, 2010. Federal Energy Regulatory Commission, DOE. ACTION: Notice of proposed rulemaking; request for reply comments. AGENCY: On June 17, 2010, the Commission issued a Notice of proposed rulemaking (75 FR 37884) proposing to amend the transmission planning and cost allocation requirements established in Order No. 890 to ensure that Commissionjurisdictional services are provided on a basis that is just, reasonable and not unduly discriminatory or preferential. With respect to transmission planning, the proposed rule would provide that local and regional transmission planning processes account for transmission needs driven by public policy requirements established by state or federal laws or regulations; improve coordination between neighboring transmission planning regions with respect to interregional facilities; and remove from Commission-approved tariffs or agreements a right of first refusal created by those documents that provides an incumbent transmission provider with an undue advantage over a nonincumbent transmission developer. Neither incumbent nor nonincumbent transmission facility developers should, as a result of a Commission-approved tariff or agreement, receive different treatment in a regional transmission planning process. Further, both should share similar benefits and obligations SUMMARY: PO 00000 Frm 00026 Fmt 4702 Sfmt 4702 62023 commensurate with that participation, including the right, consistent with state or local laws or regulations, to construct and own a facility that it sponsors in a regional transmission planning process and that is selected for inclusion in the regional transmission plan. With respect to cost allocation, the proposed rule would establish a closer link between transmission planning processes and cost allocation and would require cost allocation methods for intraregional and interregional transmission facilities to satisfy newly established cost allocation principles. The Commission is providing interested persons an opportunity to file reply comments on the proposed rule. DATES: Reply comments to the proposed rule published June 30, 2010 (75 FR 37884) are due November 12, 2010. ADDRESSES: You may submit reply comments, identified by Docket No. RM10–23–000, by any of the following methods: • Agency Web Site: https:// www.ferc.gov. Documents created electronically using word processing software should be filed in native applications or print-to-PDF format and not in a scanned format. • Mail/Hand Delivery: Commenters unable to file comments electronically must mail or hand deliver an original and 14 copies of their comments to: Federal Energy Regulatory Commission, Office of the Secretary, 888 First Street, NE., Washington, DC 20426. FOR FURTHER INFORMATION CONTACT: Russell Profozich (Technical Information), Office of Energy Policy and Innovation, Federal Energy Regulatory Commission, 888 First Street, NE., Washington, DC 20426. Telephone: (202) 502–6478, E-mail: russell.profozich@ferc.gov. John Cohen (Legal Information), Office of the General Counsel, Federal Energy Regulatory Commission, 888 First Street, NE., Washington, DC 20426, Telephone: (202) 502–8705, E-mail: john.cohen@ferc.gov. SUPPLEMENTARY INFORMATION: Notice Establishing Reply Comment Period On September 28, 2010, Western Independent Transmission Group filed a motion to establish a period for filing reply comments to the Commission’s Notice of Proposed Rulemaking issued June 17, 2010, in the above-docketed proceeding.1 The period for filing initial comments in this proceeding ran through September 29, 2010. Upon 1 131 E:\FR\FM\07OCP1.SGM FERC ¶ 61,253 (2010). 07OCP1

Agencies

[Federal Register Volume 75, Number 194 (Thursday, October 7, 2010)]
[Proposed Rules]
[Pages 62008-62023]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-25338]

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 139

[Docket No. FAA-2010-0997; Notice No. 10-14]
RIN 2120-AJ38

Safety Management System for Certificated Airports

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Notice of proposed rulemaking (NPRM).

-----------------------------------------------------------------------

SUMMARY: This action would require each certificate holder to establish
a safety management system (SMS) for its entire airfield environment
(including movement and non-movement areas) to improve safety at
airports hosting air carrier operations. An SMS is a formalized
approach to managing safety by developing an organization-wide safety
policy, developing formal methods of identifying hazards, analyzing and
mitigating risk, developing methods for ensuring continuous safety
improvement, and creating organization-wide safety promotion
strategies. When systematically applied in an SMS, these activities
provide a set of decision-making tools that airport management can use
to improve safety. This proposal would require a certificate holder to
submit an implementation plan and implement an SMS within timeframes
commensurate with its class of Airport Operating Certificate (AOC).

DATES: Send your comments on or before January 5, 2011.

ADDRESSES: You may send comments identified by Docket Number FAA-2010-
0997 using any of the following methods:
Federal eRulemaking Portal: Go to https://www.regulations.gov and follow the online instructions for sending your
comments electronically.
Mail: Send Comments to Docket Operations, M-30; U.S.
Department of Transportation, 1200 New Jersey Avenue, SE., West
Building Ground Floor, Room W12-140, West Building Ground Floor,
Washington, DC 20590-0001.
Hand Delivery: Take comments to Docket Operations in Room
W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue,
SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday,
except Federal holidays.
Fax: (202) 493-2251.

For more information on the rulemaking process, see the SUPPLEMENTARY
INFORMATION section of this document.
Privacy: We will post all comments we receive, without change, to
https://www.regulations.gov, including any personal information you
provide. Using the search function of our docket web site, anyone can
find and read the comments received into any of our dockets, including
the name of the individual sending the comment (or signing the comment
for an association, business, labor union, etc.). You may review DOT's
complete Privacy Act Statement in the Federal Register published on
April 11, 2000 (65 FR 19477-78) or you may visit https://DocketsInfo.dot.gov.
Docket: To read background documents or comments received, go to
https://www.regulations.gov at any time and follow the online
instructions for accessing the docket or go to Docket Operations in
Room W12-140 of the West Building Ground Floor at 1200 New Jersey
Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through
Friday, except Federal holidays.

FOR FURTHER INFORMATION CONTACT: For technical questions concerning
this proposed rule, contact Keri Spencer, Office of Airports Safety and
Standards, Airports Safety and Operations Division, Federal Aviation
Administration, 800 Independence Avenue, SW., Washington, DC 20591;
telephone (202) 267-8972; fax (202) 493-1416; e-mail
keri.spencer@faa.gov. For legal questions, contact Robert Hawks, Office
of the Chief Counsel, Regulations Division, Federal Aviation
Administration, 800 Independence Avenue, SW., Washington, DC 20591;
telephone (202) 267-7143; fax (202) 267-7971; e-mail:
rob.hawks@faa.gov.

SUPPLEMENTARY INFORMATION: Later in this preamble under the Additional
Information section, we discuss how you can comment on this proposal
and how we will handle your comments. Included in this discussion is
related information about the docket, privacy, and the handling of
proprietary or confidential business information. We also discuss how
you can get a copy of this proposal and related rulemaking documents.

Authority for This Rulemaking

The FAA's authority to issue rules regarding aviation safety is
found in Title 49 of the United States Code. Subtitle I, section 106
describes the authority of the FAA Administrator. Subtitle VII,
Aviation Programs, describes in more detail the scope of the agency's
authority.
The FAA is issuing this rulemaking under the authority described in
subtitle VII, part A, subpart III, section 44706, ``Airport operating
certificates.'' Under that section, Congress charges the FAA with
issuing airport operating certificates that contain terms that the
Administrator finds necessary to ensure safety in air transportation.
This proposed rule is within the scope of that authority because it
requires all holders of an airport operating certificate to develop,
implement, and maintain an SMS. The development and implementation of
an SMS ensures safety in air transportation by assisting airports in
proactively identifying and mitigating safety hazards.

Background

The FAA is committed to continuously improving safety in air
transportation. As the demand for air transportation increases, the
impacts of additional air traffic and surface operations, changes in
air traffic procedures, and airport construction can heighten the risks
of aircraft operations. While the FAA's use of prescriptive regulations
and technical operating standards has been effective, such regulations
may leave gaps best addressed through improved management practices. As
the certificate holder best understands its own operating environment,
it is in the best position to address many of its own safety issues.
While the FAA would still conduct regular inspections, SMS's proactive
emphasis on hazard identification and mitigation, and on communication
of safety issues, provides certificate holders robust tools to improve
safety.
The International Civil Aviation Organization (ICAO) defines SMS as
a ``systematic approach to managing safety, including the necessary
organizational structures, accountabilities, policies, and

[[Page 62009]]

procedures.'' \1\ In 2001, ICAO adopted a standard in Annex 14 that all
member states establish SMS requirements for airport operators. The FAA
supports conformity of U.S. aviation safety regulations with ICAO
standards and recommended practices. The agency intends to meet the
intent of the ICAO standard in a way that complements existing airport
safety regulations in 14 CFR part 139. Additional information regarding
these amendments, as well as ICAO's guidance on establishing an SMS
framework, may be found at https://www.icao.int/anb/safetymanagement/.
---------------------------------------------------------------------------

\1\ See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859-
AN/474 (2nd ed. 2009).
---------------------------------------------------------------------------

Safety Management System Components

An SMS provides an organization's management with a set of
decision-making tools that can be used to plan, organize, direct, and
control its business activities in a manner that enhances safety and
ensures compliance with regulatory standards. These tools are similar
to those management already uses to make production or operations
decisions. An SMS has four key components: Safety Policy, Safety Risk
Management (SRM), Safety Assurance, and Safety Promotion. Definitions
of these are as follows and further detailed in the proposal
discussion.
Safety Policy. Safety Policy provides the foundation or framework
for the SMS. It outlines the methods and tools for achieving desired
safety outcomes. Safety Policy also details management's responsibility
and accountability for safety.
Safety Risk Management (SRM). As a core activity of SMS, SRM uses a
set of standard processes to proactively identify hazards, analyze and
assess potential risks, and design appropriate risk mitigation
strategies.
Safety Assurance. Safety Assurance is a set of processes that
monitor the organization's performance in meeting its current safety
standards and objectives as well as contribute to continuous safety
improvement. Safety Assurance processes include information
acquisition, analysis, system assessment, and development of preventive
or corrective actions for nonconformance.
Safety Promotion. Safety Promotion includes processes and
procedures used to create an environment where safety objectives can be
achieved. Safety promotion is essential to create an organization's
positive safety culture. Safety culture is characterized by knowledge
and understanding of an organization's SMS, effective communications,
competency in job responsibilities, ongoing training, and information
sharing. Safety Promotion elements include training programs,
communication of critical safety issues, and confidential reporting
systems.

National Transportation Safety Board Recommendations

The National Transportation Safety Board (NTSB) first recommended
safety management systems for the maritime industry in 1997. Since
then, a number of NTSB investigations have cited organizational factors
contributing to accidents and have recommended SMS as a way to prevent
future accidents and improve safety. The NTSB first offered an SMS
recommendation to the FAA after its investigation of the October 14,
2004, accident of Pinnacle Airlines Flight 3701.
Pinnacle Airlines Flight 3701 was on a repositioning flight between
Little Rock National Airport and Minneapolis-St. Paul International
Airport when both engines flamed out after a pilot-induced aerodynamic
stall. The pilots were unable to regain control, and the aircraft
crashed in a residential area south of Jefferson City, Missouri. The
NTSB's investigation revealed ``the accident was the result of poorly
performing pilots who intentionally deviated from standard operating
procedures and basic airmanship.'' \2\ The NTSB further stated
``operators have the responsibility for a flight crew's cockpit
discipline and adherence to standard operating procedures'' and offered
an SMS as a means to help air carriers ensure safety.\3\ The NTSB
formally recommended the FAA ``require all 14 CFR part 121 operators
establish Safety Management System programs.'' \4\
---------------------------------------------------------------------------

\2\ NTSB Accident Report AAR-07/01, ``Crash of Pinnacle Airlines
Flight 3701 Bombardier CL-600-2B19, N8396A, Jefferson City,
Missouri, October 14, 2004,'' at 53 (Jan. 9, 2007) .
\3\ Id. at 61.
\4\ Id. at 75; see also NTSB Safety Recommendation Letter (Jan.
23, 2007) (NTSB Recommendation A-07-10).
---------------------------------------------------------------------------

Three years after the Pinnacle Airlines accident, the NTSB
investigated the in-flight fire, emergency descent, and crash of a
Cessna 310R in Sanford, Florida, and issued another SMS recommendation.
The NTSB determined the probable causes of the accident ``were the
actions and decisions by NASCAR's corporate aviation division's
management and maintenance personnel to allow the accident airplane to
be released for flight with a known and unresolved discrepancy, and the
accident pilots' decision to operate the airplane with that known
discrepancy.'' \5\ As in the Pinnacle Airlines accident, the NASCAR
pilot and aviation organization failed to follow standard operating
procedures (SOPs). The NTSB stated ``an effective SMS program
formalizes a company's SOPs and establishes methods for ensuring that
those SOPs are followed.'' \6\ The NTSB recommended the FAA ``develop a
safety alert for operators encouraging all 14 CFR part 91 business
operators to adopt SMS programs that include sound risk management
practices.'' \7\
---------------------------------------------------------------------------

\5\ NTSB Accident Report AAR-09/01, ``In-flight Fire, Emergency
Descent and Crash in a Residential Area Cessna 310R, N501N, Sanford,
Florida, July 10, 2007,'' at iv (Jan. 28, 2009).
\6\ Id. at 19.
\7\ Id. at 25; see also NTSB Safety Recommendation Letter (Feb.
18, 2009) (NTSB Recommendation A-09-16).
---------------------------------------------------------------------------

While the NTSB has not formally recommended the FAA require an SMS
for certificated airports, the FAA has concluded those same
organizational factors apply to all regulated sectors of the aviation
industry. Airports operate in similar environments as air carriers and
business flight operators where adherence to standard operating
procedures, proactive identification, mitigation of hazards and risks,
and effective communications are crucial to continued operational
safety. Accordingly, certificated airports could realize similar SMS
benefits as an aircraft operator. The FAA envisions an SMS would
provide an airport with an added layer of safety to help reduce the
number of near-misses, incidents, and accidents. An SMS also would
ensure that all levels of airport management understand safety
implications of airfield operations.

FAA SMS Pilot Studies and Research Projects

The FAA initiated a number of collaborative efforts studying SMS
application at U.S. certificated airports. These efforts included
developing advisory guidance, researching airport SMS recommended
practices, and conducting airport pilot studies.

Advisory Circulars and Research Studies

The FAA, on February 28, 2007, issued Advisory Circular (AC) 150/
5200-37, Introduction to Safety Management Systems for Airport
Operators. This AC provides an introduction to SMS and general
guidelines for an airport SMS. While compliance with this AC is
voluntary, numerous airports have used it in implementing their SMS.

[[Page 62010]]

The Airports Cooperative Research Program (ACRP) \8\ approved two
projects to prepare guidance on airport SMS. In September 2007, MITRE
Corporation published the first report, SMS for Airports Volume 1:
Overview. This report describes SMS benefits, ICAO requirements, and
SMS application at U.S. airports. The second project, ACRP's SMS for
Airports Volume 2: Guidebook, was completed in October 2009 and
provides practical guidance on development and implementation of an
airport SMS.
---------------------------------------------------------------------------

\8\ The Transportation Research Board (TRB) manages ACRP.
---------------------------------------------------------------------------

Pilot Studies

Beginning in April 2007, the FAA conducted a pilot study to
evaluate SMS development at certificated airports of varying size and
complexity. The study also compared current part 139 requirements and
typical SMS requirements.
The first round of pilot studies included over 20 airports. The FAA
later established a second round of pilot studies on SMS development at
smaller airports with a Class II, III, or IV AOC.\9\
---------------------------------------------------------------------------

\9\ For definitions of classes of AOCs, see 14 CFR 139.5.
---------------------------------------------------------------------------

All participating airports conducted a gap analysis or benchmark
study examining differences between their FAA-approved Airport
Certification Manual (ACM), part 139 requirements, and a typical
airport SMS. Using these results, the participating airports then
developed a separate SMS Manual and Implementation Plan using AC 150/
5200-37 and the FAA Airport SMS Pilot Study Participant's Guide. While
pilot study airports were not required to implement an SMS, many chose
to do so. As a result of these pilot studies, participating airports
and the FAA made some key findings.
First, the FAA concluded that compliance with part 139 is essential
to ensuring a safe and standardized airport system. However, part 139
compliance does not by itself sufficiently address the risk management,
assurance, reporting, safety data management, communications, or
training needs of modern airports. The FAA further concluded an SMS can
help an airport achieve performance-based systems safety.
The gap analyses revealed that aspects of part 139 can serve as
building blocks for an SMS. For example, at least one pilot study
airport recognized its existing part 139 compliance program
incorporated some SMS concepts. Additionally, the majority of
participating airports have an organizational safety policy statement,
but these statements may be informal or inadequate or focus on employee
rather than on operational safety. The gap analysis also uncovered that
less formal safety policies are often not effectively communicated to
employees.
The majority of pilot study airports indicated an existing
organizational structure to manage safety (such as a standing safety
committee), but there is rarely one person with overall responsibility
and authority for operational safety. Several airports admitted to
relatively inactive safety committees. Second, several airports
indicated they have safety risk management programs or policies in
place (e.g., part 139 self-inspection program), but most described
their hazard identification processes as reactive rather than
proactive. These airports concluded their existing programs could be
improved to meet the intent of the SMS SRM. While Sec. 139.327
requires an airport to identify hazards or discrepancies during its
self inspection, this requirement does not realize the potential of
safety management through identifying and recording all safety hazards,
conducting risk assessments, and developing mitigation strategies.
Some airports indicated they did not have adequate accident or
incident reporting procedures. Still others with reporting procedures
indicated the procedures lacked solid analytical techniques to identify
airport hazards and uncover underlying safety issues.
Third, almost all pilot study airports indicated compliance with
part 139 through some auditing system. However, most of these airports
also indicated the audits are not carried out systematically to
determine whether the airport is meeting safety goals and objectives.
Few certificated airports indicated formal procedures to systematically
review safety-related data. All pilot study airports have record-
keeping and retrieval systems in place, but each indicated room for
improvement. Improved systems would allow for trend and other data
analysis to proactively identify operational hazards and potentially
prevent future incidents or accidents.
Finally, almost all pilot study airports indicated they currently
conduct safety training, but some indicated there is no organizational
approach to safety training. Several airports indicated their informal
safety communications do not properly disseminate information (such as
risk management data) throughout the organization or to other
stakeholders. In general, the airports acknowledged more formalized
training and communications programs, such as those required under
Safety Promotion, would be beneficial.

Benefits

The FAA has determined that an SMS requirement would improve safety
at part 139 certificated airports. The FAA reached this conclusion
based on detailed study of ICAO's Annex 14 requirements, review of
NTSB's recommendations, and the airport SMS pilot studies. Airports
should realize benefits from increased communication, training, and
reporting. Some airports may realize financial benefits through reduced
insurance costs associated with proactive hazard identification and
safety risk analysis.
A properly functioning airport SMS would help an airport ensure:
Individuals are trained on the safety implications of
working on the airside of the airport;
Proactive hazard identification and analysis systems are
in place;
Data analysis, tracking, and reporting systems are
available for trend analysis and to gain lessons learned; and
Timely communication of safety issues to all stakeholders.

The FAA envisions an airport's SMS would uncover previously unknown
hazards and risks, providing an airport the opportunity to proactively
mitigate risk. Over time, these efforts should prevent accidents and
incidents, thereby reducing the direct and indirect costs and risks of
airport operations.
Several airports have seen benefits by voluntarily implementing SMS
or applying SMS principles in their operations. For example, a large
international airport holding a Class I AOC reduced insurance costs
after implementing SMS principles. A smaller domestic airport holding a
Class IV AOC has seen a major improvement in operational safety after
implementing its SMS.

Discussion of the Proposal

The FAA proposes to require all certificate holders develop and
implement an SMS for the movement and non-movement areas of the airport
(i.e., airfield and ramp). The FAA proposes to add subpart E to part
139, which would include:
(1) A new Sec. 139.401 that would require all holders of an AOC to
have an approved airport SMS;
(2) a new Sec. 139.402 that would prescribe the components of an
airport SMS; and
(3) a new Sec. 139.403 that would prescribe the implementation
requirements for an airport SMS.

[[Page 62011]]

The proposal also would add to Sec. 139.5 the following
definitions: Accountable executive; Airport safety management system;
Hazard; Non-movement area; Risk; Risk analysis; Risk mitigation; Safety
assurance; Safety policy; Safety promotion; and Safety risk management
(SRM).
Many of the definitions are from existing international standards
and FAA guidance materials. These definitions are applicable to the
following discussion.

Regulation of the Non-Movement Area

Under this proposal, an airport would implement its SMS throughout
the airport environment, including the movement and non-movement areas
(including runways, taxiways, run-up areas, ramps, apron areas, and on-
airport fuel farms). The FAA acknowledges the proposal extends the
scope of part 139 by including the non-movement areas, but the FAA has
concluded that ensuring safety in air transportation requires that an
SMS applies to any place that affects safety during aircraft
operations.
Many pilot study airports concluded it was difficult to apply SMS
concepts to only the movement area because aircraft and airport airside
personnel routinely flow between movement and non-movement areas. The
airports also found a large number of safety incidents occur in the
non-movement area and believe applying SMS to this area may reduce that
number.
The FAA does not intend to require airports to extend their SMS to
the landside environment such as terminal areas. Nevertheless, an
airport may voluntarily expand its SMS to all airside and landside
environments.

Flexibility

The FAA envisions an SMS as an adaptable and scalable system. An
organization can develop an SMS to meet its unique operating
environment. For those reasons, this proposal would allow an airport
the maximum amount of flexibility to develop and achieve its safety
goals. Accordingly, the FAA would prescribe only the general framework
of an SMS.
The FAA learned through the pilot studies there are circumstances
when a certificate holder may want flexibility in maintaining SMS
documentation. For example, some airport operators manage multiple
airports (have multiple AOCs), and some may want to expand SMS beyond
the FAA-regulated areas (such as for landside or terminal operations.)
In allowing maximum flexibility, a certificate holder may maintain a
separate SMS Manual in addition to the ACM or may maintain SMS
documentation directly in the ACM. If a certificate holder develops a
separate manual, it would cross-reference the SMS requirements in its
FAA-approved ACM. Accordingly, the FAA proposes amending Sec. 139.203
to require the FAA-approved ACM contain the policies and procedures for
development, implementation, operation, and maintenance of the
certificate holder's SMS. The FAA also proposes to amend Sec. 139.103
to require two copies of the SMS manual, or SMS portion of the ACM,
accompany an AOC application.

Minimum Elements of SMS

In a new Sec. 139.402, the FAA would require each airport SMS
include the four SMS components: Safety Policy, SRM, Safety Assurance,
and Safety Promotion. These components are equivalent to ICAO's SMS
pillars. To support each of these components, the FAA proposes a
certificate holder implement a number of elements. Together the
components and elements provide the general framework for an
organization-wide safety management approach to airport operations. To
make these components and elements effective, a certificate holder
would develop processes and procedures appropriate to the airport's
operating environment. The FAA understands that a certificate holder
could comply with these requirements through a variety of means. The
FAA intends these proposed requirements to be scalable to the size and
complexity of the certificate holder. The FAA invites comments on how
the FAA could clarify or improve the scalability of this proposal.
The FAA envisions a certificate holder using an operational SMS to:
Actively engage airport management in airfield safety;
Ensure formal documentation of hazards and analytical
processes are used to analyze, assess, and mitigate risks;
Proactively look for safety issues through analysis and
use of lessons learned; and
Train individuals accessing the airside environment on SMS
and operational safety.

The following details SMS components and elements as specifically
applied to a part 139 airport certificate holder.

Safety Policy

This proposal would require a certificate holder to establish a
safety policy that:
Identifies the accountable executive;
Identifies and communicates the safety organizational
structure;
Identifies the lines of safety responsibility and
accountability;
Establishes and maintains a safety policy statement;
Ensures the safety policy statement is available to all
employees;
Establishes and maintains safety objectives; and
Establishes and maintains an acceptable level of safety
for the organization.
This proposal would require an airport to identify an accountable
executive. The FAA understands that airport operations and
organizational structures vary widely. Accordingly, the FAA would not
prescribe a particular job title. Nevertheless, the accountable
executive must be a high-level manager who can influence safety-related
decisions and has authority to approve operational decisions and
changes because an effective SMS requires high-level management
involvement in safety decisionmaking. Accordingly, the FAA proposes the
international standard definition for an accountable executive (i.e.,
requiring the accountable executive to be an individual with ultimate
responsibility and accountability, full control of the human and
financial resources required to maintain the SMS, and final authority
over operations and safety issues).\10\ The FAA acknowledges it may be
difficult for U.S. airports to identify an accountable executive
meeting that international standard, but it believes an acceptable
accountable executive would be the highest approving authority at the
airport for operational decisions and changes. The FAA invites comments
concerning the definition of accountable executive for certificated
airports.
---------------------------------------------------------------------------

\10\ See ICAO, Safety Management Manual, at 8.4.5 & 8.4.6 ICAO
Doc. 9859-AN/474 (2nd ed. 2009).
---------------------------------------------------------------------------

Additionally, we would require a certificate holder to identify its
safety organizational structure and management responsibility and
accountability for safety issues. The importance to identifying who in
airport management is responsible for safety ensures resources are
allocated to balance safety and service. For example, an airport would
identify each manager accountable for safety and that manager's
responsibilities under the airport SMS. Each airport employee should
know who is the contact point for a particular safety issue. An airport
would decide how managers' safety responsibilities and accountabilities
are communicated. It could use an organizational chart or other means
that identify lines of communication and decisionmaking. In some
organizations, with multiple departments responsible

[[Page 62012]]

for part 139 compliance, an airport may have multiple line managers
responsible for the safety of different airport areas (e.g., an
operations manager for airfield operational safety issues or a
maintenance manager for maintenance safety issues). The safety
organizational structure should allow every employee to understand how
safety issues progress through the organization. This safety
organizational structure also would ensure that senior management is
aware of the daily activities of these departments and has an active
role in airport safety.
Currently, Sec. 139.203 requires certificated airports to have
lines of succession of airport operator responsibility. These lines may
provide a foundation for establishing the airport's accountable
executive and delineation of responsibility for SMS functions.
This proposal would require a certificate holder's safety policy
statement be included in SMS documentation. The ``accountable
executive'' would issue this statement because management's commitment
to safety should be expressed formally. The safety policy statement
would outline the methods and processes used to achieve desired safety
outcomes. The statement typically would contain the following:
A commitment by senior management to implement SMS;
A commitment to continual safety improvement;
The encouragement for employees to report safety issues
without fear of reprisal;
A commitment to provide the necessary safety resources;
and
A commitment to make safety the highest priority.
Some airports may be able to adapt a safety policy statement from
existing policy statements. Others may supplement existing policies
that focus on occupational safety issues (for example, the airport
strives to have zero employee injuries). Other airports may have
informal safety objectives that could be formalized into a safety
policy statement.
Finally, this proposal would require an airport to establish safety
objectives relevant to its operating environment. These objectives
should improve overall airport safety. Some examples of safety
objectives may include a reduction in the amount of Foreign Object
Debris (FOD) related damage, a reduction in the number of Vehicle/
Pedestrian Deviations (VPDs), timely issuance of airfield condition
Notices to Airmen (NOTAMs), and continued conformance with part 139
requirements. Setting these objectives and metrics would aid the
airport, stakeholders, and the FAA in verifying achievement or progress
towards an airport's improvement of safety.

Safety Risk Management (SRM)

This proposal would require a certificate holder to establish an
SRM process to identify hazards and their associated risks within the
airport's operations. Under SRM, the airport would be required to:
Identify safety hazards;
Ensure that mitigations are implemented where appropriate
to maintain an acceptable level of safety;
Provide for regular assessment of safety level achieved;
Aim to make continuous improvement to the airport's
overall level of safety; and
Establish and maintain a process for formally documenting
identified hazards, their associated analyses, and management's
acceptance of the associated risks.
A comprehensive SMS using SRM would provide management a tool for
identification of hazards and risks and prioritization of their
resolution. While each certificate holder's SRM processes may be unique
to the airport's operations and organizational structure, the FAA would
require it to incorporate SRM's five steps:
(1) Describing the system;
(2) Identifying the hazards;
(3) Analyzing the risk associated with those hazards;
(4) Assessing the risk associated with those hazards; and
(5) Mitigating the risk of identified hazards when necessary.
This proposal would require a certificate holder to use SRM
processes to analyze risk associated with hazards discovered during
daily operations and for changes to operations. Changes in airport
operations could introduce new hazards into the airfield environment,
such as adding new tenants or air carriers at the airport. These could
be discovered, tracked, and mitigated using an existing or newly-
created hazards tracking system. However, some system descriptions set
the boundaries for hazard identification by considering the operating
environment in which hazards are identified. Operational changes may
overlap with SRM requirements under the FAA Air Traffic Organization's
SMS. Examples of these changes include runway extensions or the
construction of new taxiways. In these cases, the FAA expects that the
certificate holder would participate in the FAA's risk analysis instead
of performing an independent risk analysis under its SMS.
The first step of SRM is describing the system. This step entails
describing the operating environment in which the hazards will be
identified. System description serves as the boundaries for hazard
identification. For airports, operational, procedural, conditional, or
physical characteristics are included in the system description. A
system description could answer the following questions:
Are there visual or instrument meteorological conditions;
Is it a time of low or high peak traffic;
Are there closed or open runways; or
Is the airfield under construction or normal operations?
The second step of SRM identifies hazards in a systematic way based
on the system described in the first step. All possible sources of
system failure should be considered. Depending on the nature and size
of the system under consideration, these should include:
Equipment (for example, construction equipment on a
movement surface), the operating environment (for example, weather
conditions, season, time of day);
Human factors (for example, shift work);
Operational procedures (for example, staffing levels);
Maintenance procedures (for example, nightly movement area
inspections by airport electricians); and
External services (for example, ramp traffic by fixed-base
operator (FBO) or law enforcement vehicles).
A certificate holder should implement hazard identification
processes and procedures that reflect its management structure and
complexity. There are many ways to accomplish this hazard
identification, but all must use the following four elements:
(1) Operational expertise;
(2) Training in SMS (and, if possible, hazard analysis techniques);
(3) A simple, but well-defined, hazard analysis tool; and
(4) Adequate documentation of the process.
Many airports already have hazard identification processes in place
to ensure part 139 compliance. For example, part 139 currently requires
an airport operator to conduct a daily inspection, unless otherwise
stated in the FAA-approved ACM.
A certificate holder could use hazard reports obtained through the
airport's safety reporting system, which is detailed later in this
discussion. The airport also would keep track of

[[Page 62013]]

incidents and accidents occurring in the airport's movement and non-
movement areas to identify potential operational hazards. Many airports
already track incidents and accidents in the movement area.
One of the most important aspects of hazard identification is
systematically documenting and tracking potential hazards. This
documented data allows meaningful analysis of operational safety-
related trends on the airfield and of overall airport system safety.
After identifying hazards, a certificate holder would complete the
third step of SRM, hazard analysis. For each hazard, the certificate
holder would consider the worst credible outcome (harm), which is the
most unfavorable consequence that is realistically possible, based on
the system described. For the worst credible outcome, the certificate
holder would determine the likelihood and severity of that outcome
using quantitative or qualitative methods.
A certificate holder would define its levels of likelihood and
severity. ICAO and the FAA have developed sample definitions and levels
of likelihood and severity for use in categorizing hazards.\11\ An
example is a five-point table for severity and likelihood. The
categorization of severity includes definitions for catastrophic,
hazardous, major, minor, or negligible. The categorization of
likelihood includes definitions for frequent, occasional, remote,
improbable, and extremely improbable. A certificate holder should
develop tables commensurate with its operational needs and complexity.
For example, a less complex airport with few operations may find it
effective to have fewer levels of gradation. However, a larger airport
with a variety of operations may require a five-point or larger table
to be most effective. Based on these definitions, a likelihood and
severity of occurrence is selected for each hazard.
---------------------------------------------------------------------------

\11\ See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc.
9859-AN/474 (2nd ed. 2009); see also FAA Advisory Circular 150/5200-
37, Introduction to Safety Management System for Airport Operators
(Feb. 28, 2007).
---------------------------------------------------------------------------

The fourth step of SRM, risk assessment, uses the likelihood and
severity assessed in step three, and compares it to the organization's
acceptable levels of safety risk.
One of the easiest techniques for comparison is through the use of
a predictive risk matrix. A predictive risk matrix (like figure 1)
graphically depicts the various levels of severity and likelihood as
they relate to the levels of risk (for example, low, medium, or high).
On a typical risk matrix, severity and likelihood are placed on
opposing axes (i.e., x- and y-axis on a grid). For example, a higher
severity would be plotted further to the right on the x-axis, and a
higher likelihood would be plotted further up the y-axis. The severity
and likelihood assessed during the third step of SRM can then be
plotted on the risk matrix grid for each of the hazards assessed.
BILLING CODE 4910-13-P

[[Page 62014]]

[GRAPHIC] [TIFF OMITTED] TP07OC10.000

The other feature of a predictive risk matrix is its depiction of
the certificate holder's acceptable level of safety risk, in other
words the highest level of safety risk it will accept in its
operational environment. Typically, the risk matrix depicts three
levels of risk: low, medium, and high. A high risk generally would be
unacceptable. A medium risk may be acceptable provided mitigations are
in place and verified before operations can continue. A low risk may be
acceptable without additional mitigation.
When a hazard's likelihood and severity are plotted on the risk
matrix, the certificate holder can see whether the hazard's safety risk
is acceptable to

[[Page 62015]]

the organization. Generally, as the likelihood and severity increase,
the risk increases. Each certificate holder would determine its
acceptable level of risk and other levels of risk when establishing its
predictive risk matrix. For example, a hazard with an assessed
likelihood of frequent and severity of catastrophic usually would be
plotted in the high risk portion of the matrix. A hazard with an
assessed likelihood of extremely improbable and assessed severity of
minor usually would be plotted in the low risk portion of the matrix.
These levels of risk would be based on the certificate holder's
acceptable level of risk and may vary from airport to airport.
Under the fourth step of SRM, a certificate holder would plot the
likelihood and severity of each hazard assessed during the third step
on its predictive risk matrix. The certificate holder would see the
level of risk for each hazard and could determine whether that level of
risk is acceptable. The certificate holder would use this information
to determine whether it must mitigate those risks. Ultimately, the
certificate holder would formally accept the risk or approve the
mitigation plan as required by its SMS.
In the final step of SRM, mitigation of risk, the certificate
holder would take steps to reduce the risk of the hazard to an
acceptable level for any hazard determined in the fourth step to
present an unacceptable risk. These efforts may include removing the
hazard or implementing alternative strategies to reduce the hazard's
risks. Additionally, a certificate holder could mitigate the risk of a
hazard if that risk is acceptable but could be reduced with mitigation.
If a hazard has no associated risk or a low risk, an airport may not
have to proceed with this step of SRM for the hazard.
If step five is required, the certificate holder would monitor the
mitigations put in place to ensure that they actually decrease the
level of risk to an acceptable level. A certificate holder could use
the hazard reporting system, which is discussed later, to track
identified hazards and their mitigations deployed under SRM.
Under an SMS, a certificate holder would document each of the SRM
steps including the identified hazards, the risk analysis and
assessment, any proposed mitigations, and management's acceptance of
risk. These records can be kept either electronically or in paper-
format. This documentation ensures safety-related decisions are
consistent with safety policies and goals and provides historical
information that can be used to make future safety-related decisions.
This proposal would require a certificate holder to retain these
documents and records for the longer of either 36 consecutive calendar
months after the risk analysis of identified hazards or 12 consecutive
calendar months after implementing mitigation measures. The timelines
associated with the retention of those documents ensure they are kept
for a time period that provides the airport historical data to conduct
meaningful analysis under SRM, to review during Safety Assurance
activities, and for the FAA to review for compliance during
inspections. These record retention requirements are consistent with
other retention requirements under part 139. While these are minimum
retention requirements, certificate holders may retain their documents
for longer time periods.

A Practical Example of SRM

The airport in this example has one runway and conducts daily self-
inspections according to its FAA-approved ACM. An operations agent
conducting the airport's daily self-inspection finds foreign object
debris (FOD) of substantial size and weight at a taxiway-runway
intersection adjacent to an uncontrolled ramp. The operations agent
removes the FOD and notes it on the inspection checklist. During a
routine review of airport inspections, the operations manager notices
that FOD has been collected at this same taxiway-runway intersection
during multiple inspections. Under the airport's SRM process, such an
event and trend triggers a formal SRM analysis.
The operations manager, who has sufficient training and understands
the airport's SMS and operating environment, conducts the analysis.
Using SRM documentation procedures and templates, the manager carefully
describes the system. At this particular airport, the airport is
approved for low-visibility operations which occur twenty-five percent
of the calendar year.
The manager then identifies all hazards associated with the FOD.
The manager identifies FOD damage to aircraft and/or ingestion into
aircraft engines as potential hazards based on the system description.
The manager considers the worst credible outcome of FOD damage and
FOD ingestion into aircraft engines based on the location of the FOD in
the airport environment. Using the self-inspection records, the manager
discerns the FOD usually is found closer to the runway than to the
taxiway and in some instances on the runway between the centerline and
edge lines. Additionally, the weight and location of the FOD could
present a danger to aircraft traversing the runway or taxiway. The
manager determines that the worst credible outcome could result in loss
of control of the aircraft, an aborted take-off, and/or an aircraft
accident.
Using the likelihood and severity definitions provided as part of
the airport's SMS, the manager's knowledge of the airport environment,
and outside resources (such as industry research or other documents
with relevant quantitative statistical analysis), the manager assesses
the likelihood and severity of the hazard. In this case, the manager
determines the severity of such a hazard could be catastrophic (such as
an aircraft accident with fatalities or serious injuries), and the
likelihood is improbable. Referring to the airport's risk matrix, the
manager plots the assessed likelihood and severity, and the hazard
falls within the high risk portion of the matrix. According to the
airport's SMS, the manager must take some sort of action to mitigate
the occurrence of FOD in this taxiway-runway intersection.
The operations manager has identified numerous risk mitigation
strategies. The manager could increase the number of targeted
inspections for the area. The manager could conduct further analysis to
determine the root-cause of the FOD, which could result from a lack of
training, improper maintenance, or other factors that may be mitigated
over time. The manager also could communicate with tenants who operate
in the area to warn them of the FOD hazard.
In this case, the manager chooses all three mitigation strategies
with targeted inspections implemented immediately. Over time, the
manager will investigate root cause, will update the airport's FOD
prevention training, and will communicate the FOD hazard to tenants.
The manager completes the five SRM steps and documents the
processes and determinations on the appropriate templates following the
airport's SRM guidelines. Finally, the manager adds an entry to the
hazard reporting system to follow up in two weeks to review the self-
inspection and targeted inspection reports to verify whether
mitigations are working.

Safety Assurance

This proposal would require a certificate holder to ensure safety
risk mitigations developed through the airport's SRM process are
adequate, and the airport's SMS is functioning effectively. The key
outcome of safety

[[Page 62016]]

assurance is continuous improvement of the airport's operational
safety. The proposal would require the certificate holder to:
Develop and implement a means for monitoring safety
performance;
Establish and maintain a hazard reporting system that
provides a means for reporter confidentiality; and
Develop and implement a process for reporting pertinent
safety information and data to the accountable executive on a regular
basis.
Safety performance monitoring and measurement is one way an
organization can verify its SMS's effectiveness. ICAO also offers a
variety of safety performance monitoring and measurement methods
including hazard reports, safety studies, safety reviews, audits,
safety surveys, and internal safety investigations.\12\ While some
certificate holders may not find added value in implementing or using
all of these information sources, a certificate holder may benefit from
using an internal audit or assessment to monitor performance. Documents
created under the airport's SMS should be reviewed periodically to
verify whether the airport's SMS processes and procedures are being
followed, whether trends exist that have not been identified, and
whether SRM mitigations are being implemented and are effective. The
certificate holder would determine whether this review is completed by
airport personnel or by a third party.
---------------------------------------------------------------------------

\12\ See ICAO, Safety Management Manual, at 9.6.4 ICAO Doc.
9859-AN/474 (2nd ed. 2009).
---------------------------------------------------------------------------

The proposal also would require a certificate holder to establish
and maintain a hazard reporting system. A certificate holder's SRM
processes and hazard identification procedures likely would not catch
all potential airfield hazards. Some hazards may be identified by other
employees, airfield tenants, or pilots. Therefore, an airport's SRM
would include a system for hazard reporting. A certificate holder may
develop the best system for its operating environment, whether a call-
in line, a web-based system, or a drop box. The certificate holder
would train all employees on the existence of the system and how a
report flows through the system to management.
The FAA proposes that airports develop a confidential hazard
reporting system. ICAO's SMS model envisions a non-punitive reporting
system. Based on information obtained during the pilot studies, a U.S.
airport may be unable to prevent punishment of non-airport employees
(for example, tenant employees). Therefore, the FAA has concluded that
requiring a confidential hazard reporting system will protect the
reporter's identity and achieve the goal of protection from reprisal.
For some airports, the required data tracking, data reporting, and
assessment programs already exist in other formats. Many airports have
functional occupational safety programs in place with reporting,
inspection, and training requirements. An airport can use these
programs to build its operational SMS.
The FAA envisions an airport using safety assurance to enhance the
airport's ability to spot trends and identify safety issues before they
result in a near-miss, incident, or accident. An example of safety
assurance may involve the performance of the airport in reducing the
number of runway incursions. Effective safety assurance processes would
require review and investigation of previous incidents and accidents as
well as analysis of current policies, procedures, training, and
equipment for potential weaknesses. In addition, the safety assurance
process would review the efficacy of previously implemented safety
strategies to ensure they are functioning as predicted and have not
introduced any new systemic risks.
Safety assurance also prescribes data collection and analytical
methods that help a certificate holder transition from a reactive
approach to a more predictive approach to aviation safety. In this
example, failure analysis can be used to anticipate future failures
before they occur. Therefore, Safety Assurance provides management
tools and data to ensure that the SMS is properly functioning and that
mitigations developed through SRM processes are having their intended
effect.

Safety Promotion

This proposal would require a certificate holder to establish
processes and procedures to foster a safety culture. These processes
and procedures include providing formal safety training to all
employees with access to the airfield, and developing and maintaining
formal means for communicating important safety information.
As previously stated, part 139 currently prescribes numerous
training and communications requirements that can be used in developing
an SMS. Under an SMS, these requirements would be enhanced and extended
to more individuals operating on the airport because everyone has a
role in promoting safety. For example, instead of training just those
airport employees on part 139 technical requirements (such as airfield
driver training), an airport would ensure that all employees with
access to the movement and non-movement areas receive training on
operational safety and on the airport's SMS.
The FAA proposes the SMS training requirement would apply to
airport employees based on information obtained during the pilot
studies. However, the FAA believes greater benefits may be achieved if
that training requirement were applied to all individuals with access
to the movement and non-movement areas, and it is considering that
broader SMS training requirement. The FAA invites comments concerning
the practical and economic implications of applying the training
requirements to all individuals accessing the movement and non-movement
area.
The FAA also believes that through the safety promotion component
of SMS, an airport's management will promote the growth of a positive
safety culture through:
Publication of senior management's stated commitment to
safety to all employees;
Visible demonstration of management's commitment to the
SMS;
Communication of the safety responsibilities for the
airport's personnel specific to their function within the airport;
Clear and regular communication of safety policy, goals,
objectives, standards, and performance to all employees of the
organization;
A confidential and effective employee reporting and
feedback system;
Use of a safety information system that provides an
accessible efficient means to retrieve information; and
Allocation of resources essential to implement and
maintain the SMS.
An airport could demonstrate its commitment to safety promotion in
several ways. An airport could allocate sufficient resources for the
initial and recurrent training of its staff. Likewise, an airport could
communicate the results of risk analysis and mitigations for reported
hazards. Any training records created as part of the certificate
holder's safety promotion processes and procedures would be retained
and available for inspection for 24 consecutive calendar months. This
retention period is consistent with that for other training records
under existing Sec. 139.301. The FAA proposes that any other
communications created as part of safety promotion would be retained
for 12 consecutive calendar months.
As previously discussed, the FAA recognizes that certificate
holders may have systems and processes in place that partially meet the
proposed SMS requirements. The FAA believes these systems and processes
can easily be

[[Page 62017]]

incorporated into an SMS and does not intend duplicative burdens. The
FAA requests comments on systems and processes currently in use that
would not be compatible with the proposed requirements. The FAA also
requests comments specifically identifying how the FAA could clarify or
improve the incorporation of existing systems and processes into an
SMS.

Proposed Implementation Plan Requirements

The FAA proposes to require all certificate holders and applicants
for an AOC to submit an implementation plan that accurately describes
how the airport will meet the requirements of Subpart E and provides
timeframes for implementing the various SMS components and elements
within the airport's organization and operations. While the FAA is not
requiring an airport to conduct a gap analysis before implementing an
SMS, this implementation plan would require a certificate holder to
proactively review its current organizational framework and determine
how it conforms to airport SMS requirements. This proposal also would
require a certificate holder to establish target dates for meeting the
requirements of Subpart E well before compliance with Subpart E would
be required. Further, the implementation plan must determine an overall
SMS implementation timeline as well as dates for completion of updates
to the ACM and, where applicable, the SMS Manual.
The proposal takes a two-pronged approach to implementation based
on the scale of operations at the certificated airport and provides
ample time for airports to conform to the SMS requirement. The FAA
learned during the first pilot study that many larger airports were
able to complete their gap analysis and develop the SMS Manual and
Implementation Plan within six months. However, during the second pilot
study with smaller certificated airports, many airports were not able
to successfully complete their gap analysis and manual within that
timeframe. Based on this experience, the FAA has determined that six
months is adequate time for Class I airports to develop a plan of how
the airport will develop and implement an SMS. Similarly, the FAA has
determined that nine months is adequate time for Class II, III, and IV
airports to develop an implementation plan. These implementation plans
should detail the steps the airport will take to develop an SMS taking
into account the unique operating environment of the airport. Based on
projections from the pilot study airports, the FAA has determined that
the implementation process should be completed within 18 months for a
Class I airport and within 24 months for a Class II, III, and IV
airport.
Based on findings from the pilot study, the FAA has determined that
all components of an SMS are interrelated and must be implemented at
the same time for an SMS to be effective. The FAA requests comments on
the proposed implementation requirements and timeframes. If you believe
the FAA should adopt a phased-in approach for the SMS components,
please provide specific recommendations for how the requirements could
be phased in and analysis of the effect on implementation costs and
corresponding postponement of safety benefits.
The FAA also proposes to remove paragraph (c) of Sec. 139.101
because the implementation schedule for submitting a new Airport
Certification Manual (ACM) under that section is no longer applicable.
Further, the FAA intends to publish any accompanying Advisory
Circulars prior to the final rule and widely communicate the
requirements to airports through the various industry organizations and
FAA airport conferences.

FAA's Role and Oversight

An SMS is not a substitute for compliance with FAA regulations or
FAA oversight activities. Rather, an SMS would ensure compliance with
safety-related statutory and regulatory requirements. An SMS enhances
the FAA's ability to understand the safety of airport operations
throughout the year, and not just when an FAA inspector is physically
on the airfield.
During an airport's periodic inspection, the FAA envisions an
inspector reviewing the certificate holder's ACM to ensure that the SMS
requirements are clearly identified and detailed in the ACM or
referenced SMS Manual. The inspector would verify through airport
records, interviews, and other means that the SMS is being
communicated, training is being provided, and senior management is
actively engaged in the management and oversight of the SMS. The FAA
intends this review as an evaluation of whether a certificate holder's
SMS is functioning as it is intended to function rather than as a means
for us to second guess a certificate holder's decisions. However, if
during the course of an inspection, these processes are determined to
have failed in discovering discrepancies with part 139 or have created
new discrepancies, the FAA would take appropriate action to ensure the
airport corrects these non-compliant conditions.
The following examples detail possible inspector activity, but this
proposal does not limit any FAA inspection authority. An FAA inspector
may review safety meeting minutes and sign-in sheets to verify whether
members of the airport's management team are regularly attending.
Additionally, an FAA inspector may request to see SRM documentation to
determine whether acceptance of a given risk is being performed by the
appropriate level of management. An inspector may also verify whether
mitigations are being implemented, which is a clear indicator of the
effectiveness of the airport's SRM and safety assurance components. As
for verification of safety promotion, the inspector may review training
records, training curricula, and the methods of communicating critical
safety information throughout the airport organization and to key
stakeholders.
If a certificate holder decided to extend the umbrella of its SMS
to landside operations beyond the scope of this proposal, the FAA's
oversight and inspection authority would extend only to those areas
envisioned by this proposal.
The FAA has determined that an SMS is a valuable set of tools for
improving safety at airports. However, an SMS does not replace part 139
requirements. An SMS would serve as an enhancement to those technical
standards already required under part 139, and the FAA will continue to
inspect according to part 139 standards. Additionally, the FAA will
promulgate prescriptive regulations as appropriate.
Safety management systems for the aviation industry are still
developing. However, the FAA believes now is the time to begin
developing and implementing SMS requirements because of their benefits
to aviation safety. The FAA recognizes that future rulemaking may be
required to capture safety developments, connect to related
regulations, and avoid duplication of SMS requirements for various
industry sectors.
The FAA is considering rulemaking that would establish SMS
requirements for other segments of the aviation industry. The FAA
requests comments on the interaction between this proposed rule and
potential future rulemakings. The FAA also requests comments on which
portions of this proposed rule should be adopted for any potential SMS
requirements. Finally, the FAA requests comments on whether there are
other issues or principles not

[[Page 62018]]

included in this proposal that the FAA should consider in issuing a
final rule.

Rulemaking Analyses and Notices

Paperwork Reduction Act

This proposal contains a revision of a currently approved
collection of information (OMB-2120-0675) subject to review by the
Office of Management and Budget (OMB) under the Paperwork Reduction Act
of 1995 (44 U.S.C. 3507(d)). The title, description, and number of
respondents, frequency of the collection, and estimate of the annual
total reporting and recordkeeping burden are shown below.
Title: Safety Management System for Certificated Airports.
Summary: The FAA proposes to revise current part 139 to require
certificated airports to establish a safety management system (SMS). An
SMS is a formalized approach to managing safety that includes an
organization-wide safety policy, formal methods of identifying
potential hazards, formal methods for analyzing and mitigating
potential hazards, and an organization-wide emphasis on promoting a
safety culture.
Use of: Each airport would be able to develop its SMS based on its
own unique operating environment. Because airport management can tailor
its system, the FAA expects an SMS comprised of four key components:
Safety Policy, Safety Risk Management, Safety Assurance, and Safety
Promotion. An airport would establish and maintain records that
document Safety Risk Management processes; report pertinent safety
information and data on a regular basis; record training by each
individual that includes, at a minimum, a description and date of
training received; and, set forth an implementation plan.
The following information lists estimated initial and annual hours
respondents would need to comply with the proposed part 139 SMS
reporting and recordkeeping and cost requirements:

---------------------------------------------------------------------------------------------

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.