Safety Management System for Certificated Airports, 62008-62023 [2010-25338]

Download as PDF 62008 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules Pilatus Aircraft Ltd. Pilatus PC–6 Service Bulletin No. 57–005, REV No. 1, dated November 19, 2007; Pilatus Aircraft Ltd. Pilatus PC–6 Service Bulletin No. 57–005, dated August 30, 2007; Pilatus Aircraft Ltd. Pilatus PC–6 Service Bulletin No. 57–004, dated April 16, 2007; and Chapter 57–00–02 of Pilatus Aircraft Ltd. Pilatus PC–6 Aircraft Maintenance Manual, dated November 30, 2008, for related information. Issued in Kansas City, Missouri, on September 30, 2010. John Colomy, Acting Manager, Small Airplane Directorate, Aircraft Certification Service. [FR Doc. 2010–25289 Filed 10–6–10; 8:45 am] BILLING CODE 4910–13–P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 139 [Docket No. FAA–2010–0997; Notice No. 10– 14] RIN 2120–AJ38 Safety Management System for Certificated Airports Federal Aviation Administration (FAA), DOT. ACTION: Notice of proposed rulemaking (NPRM). AGENCY: This action would require each certificate holder to establish a safety management system (SMS) for its entire airfield environment (including movement and non-movement areas) to improve safety at airports hosting air carrier operations. An SMS is a formalized approach to managing safety by developing an organization-wide safety policy, developing formal methods of identifying hazards, analyzing and mitigating risk, developing methods for ensuring continuous safety improvement, and creating organization-wide safety promotion strategies. When systematically applied in an SMS, these activities provide a set of decisionmaking tools that airport management can use to improve safety. This proposal would require a certificate holder to submit an implementation plan and implement an SMS within timeframes commensurate with its class of Airport Operating Certificate (AOC). DATES: Send your comments on or before January 5, 2011. ADDRESSES: You may send comments identified by Docket Number FAA– 2010–0997 using any of the following methods: • Federal eRulemaking Portal: Go to http://www.regulations.gov and follow jdjones on DSK8KYBLC1PROD with PROPOSALS-1 SUMMARY: VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 the online instructions for sending your comments electronically. • Mail: Send Comments to Docket Operations, M–30; U.S. Department of Transportation, 1200 New Jersey Avenue, SE., West Building Ground Floor, Room W12–140, West Building Ground Floor, Washington, DC 20590– 0001. • Hand Delivery: Take comments to Docket Operations in Room W12–140 of the West Building Ground Floor at 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. • Fax: (202) 493–2251. For more information on the rulemaking process, see the SUPPLEMENTARY INFORMATION section of this document. Privacy: We will post all comments we receive, without change, to http:// www.regulations.gov, including any personal information you provide. Using the search function of our docket web site, anyone can find and read the comments received into any of our dockets, including the name of the individual sending the comment (or signing the comment for an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477–78) or you may visit http:// DocketsInfo.dot.gov. Docket: To read background documents or comments received, go to http://www.regulations.gov at any time and follow the online instructions for accessing the docket or go to Docket Operations in Room W12–140 of the West Building Ground Floor at 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. FOR FURTHER INFORMATION CONTACT: For technical questions concerning this proposed rule, contact Keri Spencer, Office of Airports Safety and Standards, Airports Safety and Operations Division, Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267–8972; fax (202) 493–1416; e-mail keri.spencer@faa.gov. For legal questions, contact Robert Hawks, Office of the Chief Counsel, Regulations Division, Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591; telephone (202) 267–7143; fax (202) 267–7971; e-mail: rob.hawks@faa.gov. SUPPLEMENTARY INFORMATION: Later in this preamble under the Additional Information section, we discuss how you can comment on this proposal and how we will handle your comments. Included in this discussion is related PO 00000 Frm 00011 Fmt 4702 Sfmt 4702 information about the docket, privacy, and the handling of proprietary or confidential business information. We also discuss how you can get a copy of this proposal and related rulemaking documents. Authority for This Rulemaking The FAA’s authority to issue rules regarding aviation safety is found in Title 49 of the United States Code. Subtitle I, section 106 describes the authority of the FAA Administrator. Subtitle VII, Aviation Programs, describes in more detail the scope of the agency’s authority. The FAA is issuing this rulemaking under the authority described in subtitle VII, part A, subpart III, section 44706, ‘‘Airport operating certificates.’’ Under that section, Congress charges the FAA with issuing airport operating certificates that contain terms that the Administrator finds necessary to ensure safety in air transportation. This proposed rule is within the scope of that authority because it requires all holders of an airport operating certificate to develop, implement, and maintain an SMS. The development and implementation of an SMS ensures safety in air transportation by assisting airports in proactively identifying and mitigating safety hazards. Background The FAA is committed to continuously improving safety in air transportation. As the demand for air transportation increases, the impacts of additional air traffic and surface operations, changes in air traffic procedures, and airport construction can heighten the risks of aircraft operations. While the FAA’s use of prescriptive regulations and technical operating standards has been effective, such regulations may leave gaps best addressed through improved management practices. As the certificate holder best understands its own operating environment, it is in the best position to address many of its own safety issues. While the FAA would still conduct regular inspections, SMS’s proactive emphasis on hazard identification and mitigation, and on communication of safety issues, provides certificate holders robust tools to improve safety. The International Civil Aviation Organization (ICAO) defines SMS as a ‘‘systematic approach to managing safety, including the necessary organizational structures, accountabilities, policies, and E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules jdjones on DSK8KYBLC1PROD with PROPOSALS-1 procedures.’’ 1 In 2001, ICAO adopted a standard in Annex 14 that all member states establish SMS requirements for airport operators. The FAA supports conformity of U.S. aviation safety regulations with ICAO standards and recommended practices. The agency intends to meet the intent of the ICAO standard in a way that complements existing airport safety regulations in 14 CFR part 139. Additional information regarding these amendments, as well as ICAO’s guidance on establishing an SMS framework, may be found at http:// www.icao.int/anb/safetymanagement/. Safety Management System Components An SMS provides an organization’s management with a set of decisionmaking tools that can be used to plan, organize, direct, and control its business activities in a manner that enhances safety and ensures compliance with regulatory standards. These tools are similar to those management already uses to make production or operations decisions. An SMS has four key components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. Definitions of these are as follows and further detailed in the proposal discussion. Safety Policy. Safety Policy provides the foundation or framework for the SMS. It outlines the methods and tools for achieving desired safety outcomes. Safety Policy also details management’s responsibility and accountability for safety. Safety Risk Management (SRM). As a core activity of SMS, SRM uses a set of standard processes to proactively identify hazards, analyze and assess potential risks, and design appropriate risk mitigation strategies. Safety Assurance. Safety Assurance is a set of processes that monitor the organization’s performance in meeting its current safety standards and objectives as well as contribute to continuous safety improvement. Safety Assurance processes include information acquisition, analysis, system assessment, and development of preventive or corrective actions for nonconformance. Safety Promotion. Safety Promotion includes processes and procedures used to create an environment where safety objectives can be achieved. Safety promotion is essential to create an organization’s positive safety culture. Safety culture is characterized by knowledge and understanding of an organization’s SMS, effective 1 See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859–AN/474 (2nd ed. 2009). VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 communications, competency in job responsibilities, ongoing training, and information sharing. Safety Promotion elements include training programs, communication of critical safety issues, and confidential reporting systems. National Transportation Safety Board Recommendations The National Transportation Safety Board (NTSB) first recommended safety management systems for the maritime industry in 1997. Since then, a number of NTSB investigations have cited organizational factors contributing to accidents and have recommended SMS as a way to prevent future accidents and improve safety. The NTSB first offered an SMS recommendation to the FAA after its investigation of the October 14, 2004, accident of Pinnacle Airlines Flight 3701. Pinnacle Airlines Flight 3701 was on a repositioning flight between Little Rock National Airport and MinneapolisSt. Paul International Airport when both engines flamed out after a pilot-induced aerodynamic stall. The pilots were unable to regain control, and the aircraft crashed in a residential area south of Jefferson City, Missouri. The NTSB’s investigation revealed ‘‘the accident was the result of poorly performing pilots who intentionally deviated from standard operating procedures and basic airmanship.’’ 2 The NTSB further stated ‘‘operators have the responsibility for a flight crew’s cockpit discipline and adherence to standard operating procedures’’ and offered an SMS as a means to help air carriers ensure safety.3 The NTSB formally recommended the FAA ‘‘require all 14 CFR part 121 operators establish Safety Management System programs.’’ 4 Three years after the Pinnacle Airlines accident, the NTSB investigated the inflight fire, emergency descent, and crash of a Cessna 310R in Sanford, Florida, and issued another SMS recommendation. The NTSB determined the probable causes of the accident ‘‘were the actions and decisions by NASCAR’s corporate aviation division’s management and maintenance personnel to allow the accident airplane to be released for flight with a known and unresolved discrepancy, and the accident pilots’ decision to operate the airplane with that known 2 NTSB Accident Report AAR–07/01, ‘‘Crash of Pinnacle Airlines Flight 3701 Bombardier CL–600– 2B19, N8396A, Jefferson City, Missouri, October 14, 2004,’’ at 53 (Jan. 9, 2007) . 3 Id. at 61. 4 Id. at 75; see also NTSB Safety Recommendation Letter (Jan. 23, 2007) (NTSB Recommendation A– 07–10). PO 00000 Frm 00012 Fmt 4702 Sfmt 4702 62009 discrepancy.’’ 5 As in the Pinnacle Airlines accident, the NASCAR pilot and aviation organization failed to follow standard operating procedures (SOPs). The NTSB stated ‘‘an effective SMS program formalizes a company’s SOPs and establishes methods for ensuring that those SOPs are followed.’’ 6 The NTSB recommended the FAA ‘‘develop a safety alert for operators encouraging all 14 CFR part 91 business operators to adopt SMS programs that include sound risk management practices.’’ 7 While the NTSB has not formally recommended the FAA require an SMS for certificated airports, the FAA has concluded those same organizational factors apply to all regulated sectors of the aviation industry. Airports operate in similar environments as air carriers and business flight operators where adherence to standard operating procedures, proactive identification, mitigation of hazards and risks, and effective communications are crucial to continued operational safety. Accordingly, certificated airports could realize similar SMS benefits as an aircraft operator. The FAA envisions an SMS would provide an airport with an added layer of safety to help reduce the number of near-misses, incidents, and accidents. An SMS also would ensure that all levels of airport management understand safety implications of airfield operations. FAA SMS Pilot Studies and Research Projects The FAA initiated a number of collaborative efforts studying SMS application at U.S. certificated airports. These efforts included developing advisory guidance, researching airport SMS recommended practices, and conducting airport pilot studies. Advisory Circulars and Research Studies The FAA, on February 28, 2007, issued Advisory Circular (AC) 150/ 5200–37, Introduction to Safety Management Systems for Airport Operators. This AC provides an introduction to SMS and general guidelines for an airport SMS. While compliance with this AC is voluntary, numerous airports have used it in implementing their SMS. 5 NTSB Accident Report AAR–09/01, ‘‘In-flight Fire, Emergency Descent and Crash in a Residential Area Cessna 310R, N501N, Sanford, Florida, July 10, 2007,’’ at iv (Jan. 28, 2009). 6 Id. at 19. 7 Id. at 25; see also NTSB Safety Recommendation Letter (Feb. 18, 2009) (NTSB Recommendation A– 09–16). E:\FR\FM\07OCP1.SGM 07OCP1 62010 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules The Airports Cooperative Research Program (ACRP) 8 approved two projects to prepare guidance on airport SMS. In September 2007, MITRE Corporation published the first report, SMS for Airports Volume 1: Overview. This report describes SMS benefits, ICAO requirements, and SMS application at U.S. airports. The second project, ACRP’s SMS for Airports Volume 2: Guidebook, was completed in October 2009 and provides practical guidance on development and implementation of an airport SMS. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Pilot Studies Beginning in April 2007, the FAA conducted a pilot study to evaluate SMS development at certificated airports of varying size and complexity. The study also compared current part 139 requirements and typical SMS requirements. The first round of pilot studies included over 20 airports. The FAA later established a second round of pilot studies on SMS development at smaller airports with a Class II, III, or IV AOC.9 All participating airports conducted a gap analysis or benchmark study examining differences between their FAA-approved Airport Certification Manual (ACM), part 139 requirements, and a typical airport SMS. Using these results, the participating airports then developed a separate SMS Manual and Implementation Plan using AC 150/ 5200–37 and the FAA Airport SMS Pilot Study Participant’s Guide. While pilot study airports were not required to implement an SMS, many chose to do so. As a result of these pilot studies, participating airports and the FAA made some key findings. First, the FAA concluded that compliance with part 139 is essential to ensuring a safe and standardized airport system. However, part 139 compliance does not by itself sufficiently address the risk management, assurance, reporting, safety data management, communications, or training needs of modern airports. The FAA further concluded an SMS can help an airport achieve performance-based systems safety. The gap analyses revealed that aspects of part 139 can serve as building blocks for an SMS. For example, at least one pilot study airport recognized its existing part 139 compliance program incorporated some SMS concepts. Additionally, the majority of participating airports have an 8 The Transportation Research Board (TRB) manages ACRP. 9 For definitions of classes of AOCs, see 14 CFR 139.5. VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 organizational safety policy statement, but these statements may be informal or inadequate or focus on employee rather than on operational safety. The gap analysis also uncovered that less formal safety policies are often not effectively communicated to employees. The majority of pilot study airports indicated an existing organizational structure to manage safety (such as a standing safety committee), but there is rarely one person with overall responsibility and authority for operational safety. Several airports admitted to relatively inactive safety committees. Second, several airports indicated they have safety risk management programs or policies in place (e.g., part 139 self-inspection program), but most described their hazard identification processes as reactive rather than proactive. These airports concluded their existing programs could be improved to meet the intent of the SMS SRM. While § 139.327 requires an airport to identify hazards or discrepancies during its self inspection, this requirement does not realize the potential of safety management through identifying and recording all safety hazards, conducting risk assessments, and developing mitigation strategies. Some airports indicated they did not have adequate accident or incident reporting procedures. Still others with reporting procedures indicated the procedures lacked solid analytical techniques to identify airport hazards and uncover underlying safety issues. Third, almost all pilot study airports indicated compliance with part 139 through some auditing system. However, most of these airports also indicated the audits are not carried out systematically to determine whether the airport is meeting safety goals and objectives. Few certificated airports indicated formal procedures to systematically review safety-related data. All pilot study airports have record-keeping and retrieval systems in place, but each indicated room for improvement. Improved systems would allow for trend and other data analysis to proactively identify operational hazards and potentially prevent future incidents or accidents. Finally, almost all pilot study airports indicated they currently conduct safety training, but some indicated there is no organizational approach to safety training. Several airports indicated their informal safety communications do not properly disseminate information (such as risk management data) throughout the organization or to other stakeholders. In general, the airports acknowledged more formalized training and communications programs, such as PO 00000 Frm 00013 Fmt 4702 Sfmt 4702 those required under Safety Promotion, would be beneficial. Benefits The FAA has determined that an SMS requirement would improve safety at part 139 certificated airports. The FAA reached this conclusion based on detailed study of ICAO’s Annex 14 requirements, review of NTSB’s recommendations, and the airport SMS pilot studies. Airports should realize benefits from increased communication, training, and reporting. Some airports may realize financial benefits through reduced insurance costs associated with proactive hazard identification and safety risk analysis. A properly functioning airport SMS would help an airport ensure: • Individuals are trained on the safety implications of working on the airside of the airport; • Proactive hazard identification and analysis systems are in place; • Data analysis, tracking, and reporting systems are available for trend analysis and to gain lessons learned; and • Timely communication of safety issues to all stakeholders. The FAA envisions an airport’s SMS would uncover previously unknown hazards and risks, providing an airport the opportunity to proactively mitigate risk. Over time, these efforts should prevent accidents and incidents, thereby reducing the direct and indirect costs and risks of airport operations. Several airports have seen benefits by voluntarily implementing SMS or applying SMS principles in their operations. For example, a large international airport holding a Class I AOC reduced insurance costs after implementing SMS principles. A smaller domestic airport holding a Class IV AOC has seen a major improvement in operational safety after implementing its SMS. Discussion of the Proposal The FAA proposes to require all certificate holders develop and implement an SMS for the movement and non-movement areas of the airport (i.e., airfield and ramp). The FAA proposes to add subpart E to part 139, which would include: (1) A new § 139.401 that would require all holders of an AOC to have an approved airport SMS; (2) a new § 139.402 that would prescribe the components of an airport SMS; and (3) a new § 139.403 that would prescribe the implementation requirements for an airport SMS. E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules The proposal also would add to § 139.5 the following definitions: Accountable executive; Airport safety management system; Hazard; Nonmovement area; Risk; Risk analysis; Risk mitigation; Safety assurance; Safety policy; Safety promotion; and Safety risk management (SRM). Many of the definitions are from existing international standards and FAA guidance materials. These definitions are applicable to the following discussion. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Regulation of the Non-Movement Area Under this proposal, an airport would implement its SMS throughout the airport environment, including the movement and non-movement areas (including runways, taxiways, run-up areas, ramps, apron areas, and onairport fuel farms). The FAA acknowledges the proposal extends the scope of part 139 by including the nonmovement areas, but the FAA has concluded that ensuring safety in air transportation requires that an SMS applies to any place that affects safety during aircraft operations. Many pilot study airports concluded it was difficult to apply SMS concepts to only the movement area because aircraft and airport airside personnel routinely flow between movement and non-movement areas. The airports also found a large number of safety incidents occur in the non-movement area and believe applying SMS to this area may reduce that number. The FAA does not intend to require airports to extend their SMS to the landside environment such as terminal areas. Nevertheless, an airport may voluntarily expand its SMS to all airside and landside environments. Flexibility The FAA envisions an SMS as an adaptable and scalable system. An organization can develop an SMS to meet its unique operating environment. For those reasons, this proposal would allow an airport the maximum amount of flexibility to develop and achieve its safety goals. Accordingly, the FAA would prescribe only the general framework of an SMS. The FAA learned through the pilot studies there are circumstances when a certificate holder may want flexibility in maintaining SMS documentation. For example, some airport operators manage multiple airports (have multiple AOCs), and some may want to expand SMS beyond the FAA-regulated areas (such as for landside or terminal operations.) In allowing maximum flexibility, a certificate holder may maintain a separate SMS Manual in addition to the VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 ACM or may maintain SMS documentation directly in the ACM. If a certificate holder develops a separate manual, it would cross-reference the SMS requirements in its FAA-approved ACM. Accordingly, the FAA proposes amending § 139.203 to require the FAAapproved ACM contain the policies and procedures for development, implementation, operation, and maintenance of the certificate holder’s SMS. The FAA also proposes to amend § 139.103 to require two copies of the SMS manual, or SMS portion of the ACM, accompany an AOC application. Minimum Elements of SMS In a new § 139.402, the FAA would require each airport SMS include the four SMS components: Safety Policy, SRM, Safety Assurance, and Safety Promotion. These components are equivalent to ICAO’s SMS pillars. To support each of these components, the FAA proposes a certificate holder implement a number of elements. Together the components and elements provide the general framework for an organization-wide safety management approach to airport operations. To make these components and elements effective, a certificate holder would develop processes and procedures appropriate to the airport’s operating environment. The FAA understands that a certificate holder could comply with these requirements through a variety of means. The FAA intends these proposed requirements to be scalable to the size and complexity of the certificate holder. The FAA invites comments on how the FAA could clarify or improve the scalability of this proposal. The FAA envisions a certificate holder using an operational SMS to: • Actively engage airport management in airfield safety; • Ensure formal documentation of hazards and analytical processes are used to analyze, assess, and mitigate risks; • Proactively look for safety issues through analysis and use of lessons learned; and • Train individuals accessing the airside environment on SMS and operational safety. The following details SMS components and elements as specifically applied to a part 139 airport certificate holder. Safety Policy This proposal would require a certificate holder to establish a safety policy that: • Identifies the accountable executive; • Identifies and communicates the safety organizational structure; PO 00000 Frm 00014 Fmt 4702 Sfmt 4702 62011 • Identifies the lines of safety responsibility and accountability; • Establishes and maintains a safety policy statement; • Ensures the safety policy statement is available to all employees; • Establishes and maintains safety objectives; and • Establishes and maintains an acceptable level of safety for the organization. This proposal would require an airport to identify an accountable executive. The FAA understands that airport operations and organizational structures vary widely. Accordingly, the FAA would not prescribe a particular job title. Nevertheless, the accountable executive must be a high-level manager who can influence safety-related decisions and has authority to approve operational decisions and changes because an effective SMS requires highlevel management involvement in safety decisionmaking. Accordingly, the FAA proposes the international standard definition for an accountable executive (i.e., requiring the accountable executive to be an individual with ultimate responsibility and accountability, full control of the human and financial resources required to maintain the SMS, and final authority over operations and safety issues).10 The FAA acknowledges it may be difficult for U.S. airports to identify an accountable executive meeting that international standard, but it believes an acceptable accountable executive would be the highest approving authority at the airport for operational decisions and changes. The FAA invites comments concerning the definition of accountable executive for certificated airports. Additionally, we would require a certificate holder to identify its safety organizational structure and management responsibility and accountability for safety issues. The importance to identifying who in airport management is responsible for safety ensures resources are allocated to balance safety and service. For example, an airport would identify each manager accountable for safety and that manager’s responsibilities under the airport SMS. Each airport employee should know who is the contact point for a particular safety issue. An airport would decide how managers’ safety responsibilities and accountabilities are communicated. It could use an organizational chart or other means that identify lines of communication and decisionmaking. In some organizations, with multiple departments responsible 10 See ICAO, Safety Management Manual, at 8.4.5 & 8.4.6 ICAO Doc. 9859–AN/474 (2nd ed. 2009). E:\FR\FM\07OCP1.SGM 07OCP1 jdjones on DSK8KYBLC1PROD with PROPOSALS-1 62012 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules for part 139 compliance, an airport may have multiple line managers responsible for the safety of different airport areas (e.g., an operations manager for airfield operational safety issues or a maintenance manager for maintenance safety issues). The safety organizational structure should allow every employee to understand how safety issues progress through the organization. This safety organizational structure also would ensure that senior management is aware of the daily activities of these departments and has an active role in airport safety. Currently, § 139.203 requires certificated airports to have lines of succession of airport operator responsibility. These lines may provide a foundation for establishing the airport’s accountable executive and delineation of responsibility for SMS functions. This proposal would require a certificate holder’s safety policy statement be included in SMS documentation. The ‘‘accountable executive’’ would issue this statement because management’s commitment to safety should be expressed formally. The safety policy statement would outline the methods and processes used to achieve desired safety outcomes. The statement typically would contain the following: • A commitment by senior management to implement SMS; • A commitment to continual safety improvement; • The encouragement for employees to report safety issues without fear of reprisal; • A commitment to provide the necessary safety resources; and • A commitment to make safety the highest priority. Some airports may be able to adapt a safety policy statement from existing policy statements. Others may supplement existing policies that focus on occupational safety issues (for example, the airport strives to have zero employee injuries). Other airports may have informal safety objectives that could be formalized into a safety policy statement. Finally, this proposal would require an airport to establish safety objectives relevant to its operating environment. These objectives should improve overall airport safety. Some examples of safety objectives may include a reduction in the amount of Foreign Object Debris (FOD) related damage, a reduction in the number of Vehicle/Pedestrian Deviations (VPDs), timely issuance of airfield condition Notices to Airmen (NOTAMs), and continued conformance with part 139 requirements. Setting VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 these objectives and metrics would aid the airport, stakeholders, and the FAA in verifying achievement or progress towards an airport’s improvement of safety. Safety Risk Management (SRM) This proposal would require a certificate holder to establish an SRM process to identify hazards and their associated risks within the airport’s operations. Under SRM, the airport would be required to: • Identify safety hazards; • Ensure that mitigations are implemented where appropriate to maintain an acceptable level of safety; • Provide for regular assessment of safety level achieved; • Aim to make continuous improvement to the airport’s overall level of safety; and • Establish and maintain a process for formally documenting identified hazards, their associated analyses, and management’s acceptance of the associated risks. A comprehensive SMS using SRM would provide management a tool for identification of hazards and risks and prioritization of their resolution. While each certificate holder’s SRM processes may be unique to the airport’s operations and organizational structure, the FAA would require it to incorporate SRM’s five steps: (1) Describing the system; (2) Identifying the hazards; (3) Analyzing the risk associated with those hazards; (4) Assessing the risk associated with those hazards; and (5) Mitigating the risk of identified hazards when necessary. This proposal would require a certificate holder to use SRM processes to analyze risk associated with hazards discovered during daily operations and for changes to operations. Changes in airport operations could introduce new hazards into the airfield environment, such as adding new tenants or air carriers at the airport. These could be discovered, tracked, and mitigated using an existing or newly-created hazards tracking system. However, some system descriptions set the boundaries for hazard identification by considering the operating environment in which hazards are identified. Operational changes may overlap with SRM requirements under the FAA Air Traffic Organization’s SMS. Examples of these changes include runway extensions or the construction of new taxiways. In these cases, the FAA expects that the certificate holder would participate in the FAA’s risk analysis instead of PO 00000 Frm 00015 Fmt 4702 Sfmt 4702 performing an independent risk analysis under its SMS. The first step of SRM is describing the system. This step entails describing the operating environment in which the hazards will be identified. System description serves as the boundaries for hazard identification. For airports, operational, procedural, conditional, or physical characteristics are included in the system description. A system description could answer the following questions: • Are there visual or instrument meteorological conditions; • Is it a time of low or high peak traffic; • Are there closed or open runways; or • Is the airfield under construction or normal operations? The second step of SRM identifies hazards in a systematic way based on the system described in the first step. All possible sources of system failure should be considered. Depending on the nature and size of the system under consideration, these should include: • Equipment (for example, construction equipment on a movement surface), the operating environment (for example, weather conditions, season, time of day); • Human factors (for example, shift work); • Operational procedures (for example, staffing levels); • Maintenance procedures (for example, nightly movement area inspections by airport electricians); and • External services (for example, ramp traffic by fixed-base operator (FBO) or law enforcement vehicles). A certificate holder should implement hazard identification processes and procedures that reflect its management structure and complexity. There are many ways to accomplish this hazard identification, but all must use the following four elements: (1) Operational expertise; (2) Training in SMS (and, if possible, hazard analysis techniques); (3) A simple, but well-defined, hazard analysis tool; and (4) Adequate documentation of the process. Many airports already have hazard identification processes in place to ensure part 139 compliance. For example, part 139 currently requires an airport operator to conduct a daily inspection, unless otherwise stated in the FAA-approved ACM. A certificate holder could use hazard reports obtained through the airport’s safety reporting system, which is detailed later in this discussion. The airport also would keep track of E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules jdjones on DSK8KYBLC1PROD with PROPOSALS-1 incidents and accidents occurring in the airport’s movement and non-movement areas to identify potential operational hazards. Many airports already track incidents and accidents in the movement area. One of the most important aspects of hazard identification is systematically documenting and tracking potential hazards. This documented data allows meaningful analysis of operational safety-related trends on the airfield and of overall airport system safety. After identifying hazards, a certificate holder would complete the third step of SRM, hazard analysis. For each hazard, the certificate holder would consider the worst credible outcome (harm), which is the most unfavorable consequence that is realistically possible, based on the system described. For the worst credible outcome, the certificate holder would determine the likelihood and severity of that outcome using quantitative or qualitative methods. VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 A certificate holder would define its levels of likelihood and severity. ICAO and the FAA have developed sample definitions and levels of likelihood and severity for use in categorizing hazards.11 An example is a five-point table for severity and likelihood. The categorization of severity includes definitions for catastrophic, hazardous, major, minor, or negligible. The categorization of likelihood includes definitions for frequent, occasional, remote, improbable, and extremely improbable. A certificate holder should develop tables commensurate with its operational needs and complexity. For example, a less complex airport with few operations may find it effective to have fewer levels of gradation. However, a larger airport with a variety of operations may require a five-point or larger table to be most effective. Based 11 See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859–AN/474 (2nd ed. 2009); see also FAA Advisory Circular 150/5200–37, Introduction to Safety Management System for Airport Operators (Feb. 28, 2007). PO 00000 Frm 00016 Fmt 4702 Sfmt 4702 62013 on these definitions, a likelihood and severity of occurrence is selected for each hazard. The fourth step of SRM, risk assessment, uses the likelihood and severity assessed in step three, and compares it to the organization’s acceptable levels of safety risk. One of the easiest techniques for comparison is through the use of a predictive risk matrix. A predictive risk matrix (like figure 1) graphically depicts the various levels of severity and likelihood as they relate to the levels of risk (for example, low, medium, or high). On a typical risk matrix, severity and likelihood are placed on opposing axes (i.e., x- and y-axis on a grid). For example, a higher severity would be plotted further to the right on the x-axis, and a higher likelihood would be plotted further up the y-axis. The severity and likelihood assessed during the third step of SRM can then be plotted on the risk matrix grid for each of the hazards assessed. BILLING CODE 4910–13–P E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules The other feature of a predictive risk matrix is its depiction of the certificate holder’s acceptable level of safety risk, in other words the highest level of safety risk it will accept in its operational environment. Typically, the risk matrix VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 depicts three levels of risk: low, medium, and high. A high risk generally would be unacceptable. A medium risk may be acceptable provided mitigations are in place and verified before operations can continue. A low risk may PO 00000 Frm 00017 Fmt 4702 Sfmt 4702 be acceptable without additional mitigation. When a hazard’s likelihood and severity are plotted on the risk matrix, the certificate holder can see whether the hazard’s safety risk is acceptable to E:\FR\FM\07OCP1.SGM 07OCP1 EP07OC10.000</GPH> jdjones on DSK8KYBLC1PROD with PROPOSALS-1 62014 jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules the organization. Generally, as the likelihood and severity increase, the risk increases. Each certificate holder would determine its acceptable level of risk and other levels of risk when establishing its predictive risk matrix. For example, a hazard with an assessed likelihood of frequent and severity of catastrophic usually would be plotted in the high risk portion of the matrix. A hazard with an assessed likelihood of extremely improbable and assessed severity of minor usually would be plotted in the low risk portion of the matrix. These levels of risk would be based on the certificate holder’s acceptable level of risk and may vary from airport to airport. Under the fourth step of SRM, a certificate holder would plot the likelihood and severity of each hazard assessed during the third step on its predictive risk matrix. The certificate holder would see the level of risk for each hazard and could determine whether that level of risk is acceptable. The certificate holder would use this information to determine whether it must mitigate those risks. Ultimately, the certificate holder would formally accept the risk or approve the mitigation plan as required by its SMS. In the final step of SRM, mitigation of risk, the certificate holder would take steps to reduce the risk of the hazard to an acceptable level for any hazard determined in the fourth step to present an unacceptable risk. These efforts may include removing the hazard or implementing alternative strategies to reduce the hazard’s risks. Additionally, a certificate holder could mitigate the risk of a hazard if that risk is acceptable but could be reduced with mitigation. If a hazard has no associated risk or a low risk, an airport may not have to proceed with this step of SRM for the hazard. If step five is required, the certificate holder would monitor the mitigations put in place to ensure that they actually decrease the level of risk to an acceptable level. A certificate holder could use the hazard reporting system, which is discussed later, to track identified hazards and their mitigations deployed under SRM. Under an SMS, a certificate holder would document each of the SRM steps including the identified hazards, the risk analysis and assessment, any proposed mitigations, and management’s acceptance of risk. These records can be kept either electronically or in paper-format. This documentation ensures safety-related decisions are consistent with safety policies and goals and provides historical information that can be used to make future safetyrelated decisions. VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 This proposal would require a certificate holder to retain these documents and records for the longer of either 36 consecutive calendar months after the risk analysis of identified hazards or 12 consecutive calendar months after implementing mitigation measures. The timelines associated with the retention of those documents ensure they are kept for a time period that provides the airport historical data to conduct meaningful analysis under SRM, to review during Safety Assurance activities, and for the FAA to review for compliance during inspections. These record retention requirements are consistent with other retention requirements under part 139. While these are minimum retention requirements, certificate holders may retain their documents for longer time periods. A Practical Example of SRM The airport in this example has one runway and conducts daily selfinspections according to its FAAapproved ACM. An operations agent conducting the airport’s daily selfinspection finds foreign object debris (FOD) of substantial size and weight at a taxiway-runway intersection adjacent to an uncontrolled ramp. The operations agent removes the FOD and notes it on the inspection checklist. During a routine review of airport inspections, the operations manager notices that FOD has been collected at this same taxiway-runway intersection during multiple inspections. Under the airport’s SRM process, such an event and trend triggers a formal SRM analysis. The operations manager, who has sufficient training and understands the airport’s SMS and operating environment, conducts the analysis. Using SRM documentation procedures and templates, the manager carefully describes the system. At this particular airport, the airport is approved for lowvisibility operations which occur twenty-five percent of the calendar year. The manager then identifies all hazards associated with the FOD. The manager identifies FOD damage to aircraft and/or ingestion into aircraft engines as potential hazards based on the system description. The manager considers the worst credible outcome of FOD damage and FOD ingestion into aircraft engines based on the location of the FOD in the airport environment. Using the selfinspection records, the manager discerns the FOD usually is found closer to the runway than to the taxiway and in some instances on the runway between the centerline and edge lines. PO 00000 Frm 00018 Fmt 4702 Sfmt 4702 62015 Additionally, the weight and location of the FOD could present a danger to aircraft traversing the runway or taxiway. The manager determines that the worst credible outcome could result in loss of control of the aircraft, an aborted take-off, and/or an aircraft accident. Using the likelihood and severity definitions provided as part of the airport’s SMS, the manager’s knowledge of the airport environment, and outside resources (such as industry research or other documents with relevant quantitative statistical analysis), the manager assesses the likelihood and severity of the hazard. In this case, the manager determines the severity of such a hazard could be catastrophic (such as an aircraft accident with fatalities or serious injuries), and the likelihood is improbable. Referring to the airport’s risk matrix, the manager plots the assessed likelihood and severity, and the hazard falls within the high risk portion of the matrix. According to the airport’s SMS, the manager must take some sort of action to mitigate the occurrence of FOD in this taxiwayrunway intersection. The operations manager has identified numerous risk mitigation strategies. The manager could increase the number of targeted inspections for the area. The manager could conduct further analysis to determine the root-cause of the FOD, which could result from a lack of training, improper maintenance, or other factors that may be mitigated over time. The manager also could communicate with tenants who operate in the area to warn them of the FOD hazard. In this case, the manager chooses all three mitigation strategies with targeted inspections implemented immediately. Over time, the manager will investigate root cause, will update the airport’s FOD prevention training, and will communicate the FOD hazard to tenants. The manager completes the five SRM steps and documents the processes and determinations on the appropriate templates following the airport’s SRM guidelines. Finally, the manager adds an entry to the hazard reporting system to follow up in two weeks to review the self-inspection and targeted inspection reports to verify whether mitigations are working. Safety Assurance This proposal would require a certificate holder to ensure safety risk mitigations developed through the airport’s SRM process are adequate, and the airport’s SMS is functioning effectively. The key outcome of safety E:\FR\FM\07OCP1.SGM 07OCP1 jdjones on DSK8KYBLC1PROD with PROPOSALS-1 62016 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules assurance is continuous improvement of the airport’s operational safety. The proposal would require the certificate holder to: • Develop and implement a means for monitoring safety performance; • Establish and maintain a hazard reporting system that provides a means for reporter confidentiality; and • Develop and implement a process for reporting pertinent safety information and data to the accountable executive on a regular basis. Safety performance monitoring and measurement is one way an organization can verify its SMS’s effectiveness. ICAO also offers a variety of safety performance monitoring and measurement methods including hazard reports, safety studies, safety reviews, audits, safety surveys, and internal safety investigations.12 While some certificate holders may not find added value in implementing or using all of these information sources, a certificate holder may benefit from using an internal audit or assessment to monitor performance. Documents created under the airport’s SMS should be reviewed periodically to verify whether the airport’s SMS processes and procedures are being followed, whether trends exist that have not been identified, and whether SRM mitigations are being implemented and are effective. The certificate holder would determine whether this review is completed by airport personnel or by a third party. The proposal also would require a certificate holder to establish and maintain a hazard reporting system. A certificate holder’s SRM processes and hazard identification procedures likely would not catch all potential airfield hazards. Some hazards may be identified by other employees, airfield tenants, or pilots. Therefore, an airport’s SRM would include a system for hazard reporting. A certificate holder may develop the best system for its operating environment, whether a call-in line, a web-based system, or a drop box. The certificate holder would train all employees on the existence of the system and how a report flows through the system to management. The FAA proposes that airports develop a confidential hazard reporting system. ICAO’s SMS model envisions a non-punitive reporting system. Based on information obtained during the pilot studies, a U.S. airport may be unable to prevent punishment of non-airport employees (for example, tenant employees). Therefore, the FAA has concluded that requiring a confidential 12 See ICAO, Safety Management Manual, at 9.6.4 ICAO Doc. 9859–AN/474 (2nd ed. 2009). VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 hazard reporting system will protect the reporter’s identity and achieve the goal of protection from reprisal. For some airports, the required data tracking, data reporting, and assessment programs already exist in other formats. Many airports have functional occupational safety programs in place with reporting, inspection, and training requirements. An airport can use these programs to build its operational SMS. The FAA envisions an airport using safety assurance to enhance the airport’s ability to spot trends and identify safety issues before they result in a near-miss, incident, or accident. An example of safety assurance may involve the performance of the airport in reducing the number of runway incursions. Effective safety assurance processes would require review and investigation of previous incidents and accidents as well as analysis of current policies, procedures, training, and equipment for potential weaknesses. In addition, the safety assurance process would review the efficacy of previously implemented safety strategies to ensure they are functioning as predicted and have not introduced any new systemic risks. Safety assurance also prescribes data collection and analytical methods that help a certificate holder transition from a reactive approach to a more predictive approach to aviation safety. In this example, failure analysis can be used to anticipate future failures before they occur. Therefore, Safety Assurance provides management tools and data to ensure that the SMS is properly functioning and that mitigations developed through SRM processes are having their intended effect. Safety Promotion This proposal would require a certificate holder to establish processes and procedures to foster a safety culture. These processes and procedures include providing formal safety training to all employees with access to the airfield, and developing and maintaining formal means for communicating important safety information. As previously stated, part 139 currently prescribes numerous training and communications requirements that can be used in developing an SMS. Under an SMS, these requirements would be enhanced and extended to more individuals operating on the airport because everyone has a role in promoting safety. For example, instead of training just those airport employees on part 139 technical requirements (such as airfield driver training), an airport would ensure that all employees with access to the movement and nonmovement areas receive training on PO 00000 Frm 00019 Fmt 4702 Sfmt 4702 operational safety and on the airport’s SMS. The FAA proposes the SMS training requirement would apply to airport employees based on information obtained during the pilot studies. However, the FAA believes greater benefits may be achieved if that training requirement were applied to all individuals with access to the movement and non-movement areas, and it is considering that broader SMS training requirement. The FAA invites comments concerning the practical and economic implications of applying the training requirements to all individuals accessing the movement and nonmovement area. The FAA also believes that through the safety promotion component of SMS, an airport’s management will promote the growth of a positive safety culture through: • Publication of senior management’s stated commitment to safety to all employees; • Visible demonstration of management’s commitment to the SMS; • Communication of the safety responsibilities for the airport’s personnel specific to their function within the airport; • Clear and regular communication of safety policy, goals, objectives, standards, and performance to all employees of the organization; • A confidential and effective employee reporting and feedback system; • Use of a safety information system that provides an accessible efficient means to retrieve information; and • Allocation of resources essential to implement and maintain the SMS. An airport could demonstrate its commitment to safety promotion in several ways. An airport could allocate sufficient resources for the initial and recurrent training of its staff. Likewise, an airport could communicate the results of risk analysis and mitigations for reported hazards. Any training records created as part of the certificate holder’s safety promotion processes and procedures would be retained and available for inspection for 24 consecutive calendar months. This retention period is consistent with that for other training records under existing § 139.301. The FAA proposes that any other communications created as part of safety promotion would be retained for 12 consecutive calendar months. As previously discussed, the FAA recognizes that certificate holders may have systems and processes in place that partially meet the proposed SMS requirements. The FAA believes these systems and processes can easily be E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules jdjones on DSK8KYBLC1PROD with PROPOSALS-1 incorporated into an SMS and does not intend duplicative burdens. The FAA requests comments on systems and processes currently in use that would not be compatible with the proposed requirements. The FAA also requests comments specifically identifying how the FAA could clarify or improve the incorporation of existing systems and processes into an SMS. Proposed Implementation Plan Requirements The FAA proposes to require all certificate holders and applicants for an AOC to submit an implementation plan that accurately describes how the airport will meet the requirements of Subpart E and provides timeframes for implementing the various SMS components and elements within the airport’s organization and operations. While the FAA is not requiring an airport to conduct a gap analysis before implementing an SMS, this implementation plan would require a certificate holder to proactively review its current organizational framework and determine how it conforms to airport SMS requirements. This proposal also would require a certificate holder to establish target dates for meeting the requirements of Subpart E well before compliance with Subpart E would be required. Further, the implementation plan must determine an overall SMS implementation timeline as well as dates for completion of updates to the ACM and, where applicable, the SMS Manual. The proposal takes a two-pronged approach to implementation based on the scale of operations at the certificated airport and provides ample time for airports to conform to the SMS requirement. The FAA learned during the first pilot study that many larger airports were able to complete their gap analysis and develop the SMS Manual and Implementation Plan within six months. However, during the second pilot study with smaller certificated airports, many airports were not able to successfully complete their gap analysis and manual within that timeframe. Based on this experience, the FAA has determined that six months is adequate time for Class I airports to develop a plan of how the airport will develop and implement an SMS. Similarly, the FAA has determined that nine months is adequate time for Class II, III, and IV airports to develop an implementation plan. These implementation plans should detail the steps the airport will take to develop an SMS taking into account the unique operating environment of the airport. Based on projections from the pilot study airports, VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 the FAA has determined that the implementation process should be completed within 18 months for a Class I airport and within 24 months for a Class II, III, and IV airport. Based on findings from the pilot study, the FAA has determined that all components of an SMS are interrelated and must be implemented at the same time for an SMS to be effective. The FAA requests comments on the proposed implementation requirements and timeframes. If you believe the FAA should adopt a phased-in approach for the SMS components, please provide specific recommendations for how the requirements could be phased in and analysis of the effect on implementation costs and corresponding postponement of safety benefits. The FAA also proposes to remove paragraph (c) of § 139.101 because the implementation schedule for submitting a new Airport Certification Manual (ACM) under that section is no longer applicable. Further, the FAA intends to publish any accompanying Advisory Circulars prior to the final rule and widely communicate the requirements to airports through the various industry organizations and FAA airport conferences. FAA’s Role and Oversight An SMS is not a substitute for compliance with FAA regulations or FAA oversight activities. Rather, an SMS would ensure compliance with safety-related statutory and regulatory requirements. An SMS enhances the FAA’s ability to understand the safety of airport operations throughout the year, and not just when an FAA inspector is physically on the airfield. During an airport’s periodic inspection, the FAA envisions an inspector reviewing the certificate holder’s ACM to ensure that the SMS requirements are clearly identified and detailed in the ACM or referenced SMS Manual. The inspector would verify through airport records, interviews, and other means that the SMS is being communicated, training is being provided, and senior management is actively engaged in the management and oversight of the SMS. The FAA intends this review as an evaluation of whether a certificate holder’s SMS is functioning as it is intended to function rather than as a means for us to second guess a certificate holder’s decisions. However, if during the course of an inspection, these processes are determined to have failed in discovering discrepancies with part 139 or have created new discrepancies, the FAA would take appropriate action to ensure the airport PO 00000 Frm 00020 Fmt 4702 Sfmt 4702 62017 corrects these non-compliant conditions. The following examples detail possible inspector activity, but this proposal does not limit any FAA inspection authority. An FAA inspector may review safety meeting minutes and sign-in sheets to verify whether members of the airport’s management team are regularly attending. Additionally, an FAA inspector may request to see SRM documentation to determine whether acceptance of a given risk is being performed by the appropriate level of management. An inspector may also verify whether mitigations are being implemented, which is a clear indicator of the effectiveness of the airport’s SRM and safety assurance components. As for verification of safety promotion, the inspector may review training records, training curricula, and the methods of communicating critical safety information throughout the airport organization and to key stakeholders. If a certificate holder decided to extend the umbrella of its SMS to landside operations beyond the scope of this proposal, the FAA’s oversight and inspection authority would extend only to those areas envisioned by this proposal. The FAA has determined that an SMS is a valuable set of tools for improving safety at airports. However, an SMS does not replace part 139 requirements. An SMS would serve as an enhancement to those technical standards already required under part 139, and the FAA will continue to inspect according to part 139 standards. Additionally, the FAA will promulgate prescriptive regulations as appropriate. Safety management systems for the aviation industry are still developing. However, the FAA believes now is the time to begin developing and implementing SMS requirements because of their benefits to aviation safety. The FAA recognizes that future rulemaking may be required to capture safety developments, connect to related regulations, and avoid duplication of SMS requirements for various industry sectors. The FAA is considering rulemaking that would establish SMS requirements for other segments of the aviation industry. The FAA requests comments on the interaction between this proposed rule and potential future rulemakings. The FAA also requests comments on which portions of this proposed rule should be adopted for any potential SMS requirements. Finally, the FAA requests comments on whether there are other issues or principles not E:\FR\FM\07OCP1.SGM 07OCP1 62018 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules included in this proposal that the FAA should consider in issuing a final rule. Rulemaking Analyses and Notices Paperwork Reduction Act This proposal contains a revision of a currently approved collection of information (OMB–2120–0675) subject to review by the Office of Management and Budget (OMB) under the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)). The title, description, and number of respondents, frequency of the collection, and estimate of the annual total reporting and recordkeeping burden are shown below. Title: Safety Management System for Certificated Airports. Summary: The FAA proposes to revise current part 139 to require certificated airports to establish a safety management system (SMS). An SMS is a formalized approach to managing safety that includes an organizationwide safety policy, formal methods of identifying potential hazards, formal methods for analyzing and mitigating potential hazards, and an organizationwide emphasis on promoting a safety culture. Use of: Each airport would be able to develop its SMS based on its own unique operating environment. Because airport management can tailor its system, the FAA expects an SMS comprised of four key components: Safety Policy, Safety Risk Management, Safety Assurance, and Safety Promotion. An airport would establish and maintain records that document Safety Risk Management processes; report pertinent safety information and data on a regular basis; record training by each individual that includes, at a minimum, a description and date of training received; and, set forth an implementation plan. The following information lists estimated initial and annual hours respondents would need to comply with the proposed part 139 SMS reporting and recordkeeping and cost requirements: Proposed part 139 section Description Initial burden hours Annual burden hours 139.203 ..................... 139.301 ..................... Airport Safety Management Documentation and Implementation Plan ........................... Records: to include the hazard reporting system, the records database, training records, promotional material. 784,552 ........................ ........................ 21,847 562 currently certificated airports × 1,396 hours per airport to document an airport’s SMS and implementation plan = 784,552 total hours. Record Keeping (Annual) 5 minutes to update training records per employee × 72,800 estimated employees for all 562 airports = 6,067 hours per year, 30 minutes to record a potential hazard × an estimated 1 potential hazard per week = 13,676 hours per year. 1 hour to create promotional material per airport: promotional material estimated to be distributed quarterly = 4 hours × 562 airports = 2,104 hours per year. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 6, 067 hours (update training records) 13,676 hours (record potential hazards) + 2,104 hours (create promotional material) 21,847 hours per year. Estimated total initial SMS cost burden: $10,983,728. Estimated total SMS document burden: 784,552 hrs. Clerical Labor (784,552 hrs. × $14 per hr). Total Labor Costs: $10,983,728. Estimated total annual recordkeeping cost burden: $305,858. Estimated total annual recordkeeping burden: 21,847 hrs. Clerical Labor (21,847 hrs. × $14 per hr). Total Labor Costs: $305,858. Individuals and organizations may submit comments on the information collection requirement by January 5, VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 2011, to the address listed in the section of this document. ADDRESSES International Compatibility In keeping with the U.S. obligations under the Convention on International Civil Aviation, it is FAA policy to conform to International Civil Aviation Organization (ICAO) Standards and Recommended Practices to the maximum extent practicable. The FAA has reviewed the corresponding ICAO Standards and Recommended Practices and has identified no differences with these proposed regulations. Regulatory Evaluation, Regulatory Flexibility Determination, International Trade Impact Assessment, and Unfunded Mandates Assessment Changes to Federal regulations must undergo several economic analyses. First, Executive Order 12866 directs that each Federal agency shall propose or adopt a regulation only upon a reasoned determination that the benefits of the intended regulation justify its costs. Second, the Regulatory Flexibility Act of 1980 (Pub. L. 96–354) requires agencies to analyze the economic impact of regulatory changes on small entities. Third, the Trade Agreements Act (Pub. L. 96–39) prohibits agencies from setting standards that create unnecessary obstacles to the foreign commerce of the United States. In developing U.S. standards, this Trade Act requires agencies to consider international standards and, where appropriate, that they be the basis of U.S. standards. Fourth, the Unfunded Mandates Reform Act of 1995 (Pub. L. PO 00000 Frm 00021 Fmt 4702 Sfmt 4702 104–4) requires agencies to prepare a written assessment of the costs, benefits, and other effects of proposed or final rules that include a Federal mandate likely to result in the expenditure by State, local, or tribal governments, in the aggregate, or by the private sector, of $100 million or more annually (adjusted for inflation with base year of 1995). This portion of the preamble summarizes the FAA’s analysis of the economic impacts of this proposed rule. We suggest readers seeking greater detail read the full regulatory evaluation, a copy of which we have placed in the docket for this rulemaking. In conducting these analyses, FAA has determined that this proposed rule: (1) Has benefits that justify its costs; (2) is an not an economically ‘‘significant regulatory action’’ but is a ‘‘significant regulatory action’’ for other reasons as defined in section 3(f) of Executive Order 12866; (3) is ‘‘significant’’ as defined in DOT’s Regulatory Policies and Procedures; (4) would not have a significant economic impact on a substantial number of small entities; (5) would not create unnecessary obstacles to the foreign commerce of the United States; and (6) would not impose an unfunded mandate on state, local, or tribal governments, or on the private sector by exceeding the threshold identified above. These analyses are summarized below. Total Benefits and Costs of This Rule This notice of proposed rulemaking would require certificated airports to establish a safety management system (SMS). An SMS is a formalized E:\FR\FM\07OCP1.SGM 07OCP1 EP07OC10.001</GPH> SMS Document (Initial Burden) Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules approach to managing safety, which includes an organization-wide safety policy, formal methods of identifying potential hazards, formal methods for analyzing and mitigating potential hazards, and an organization-wide emphasis on promoting a safety culture. An SMS for airports is comprised of four key components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. These components would help airports effectively integrate the formal risk control procedures into normal operational practices thus improving safety at airports throughout the United States air transportation system that host air carrier operations. The estimated cost of this proposed rule is $ 248 million ($172 million in present value) with potential estimated benefits ranging from $ $170,341,000 ($104,498,600 present value) up to $255,512,000 ($161,441,600 present value). Accounting for the funded survey sample bias, scalability of SMS and qualitative benefits, the FAA expects that overall the proposed rule would have benefits greater than costs. Who is potentially affected by this rule? • Part 139 Certificated Airports. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Assumptions • All costs and benefits are presented in 2009 dollars. • All costs and benefits are estimated over a 10-year period from 2012 through 2021. • The present value discount rate of 7 percent is applied as required by the Office of Management and Budget. Benefits of This Rule The objective of SMS is to proactively manage safety, to identify potential hazards or risks and implement measures to mitigate those risks. In that respect, the FAA envisions airports being able to use all of the components of SMS to enhance the airport’s ability to spot trends, and identify safety issues before they result in a near-miss, incident, or accident. Over the 10-year period of analysis, the potential benefits of potentially averted accidents range from $170 to $256 million. The FAA also suspects that there are many benefits of SMS, which were unable to be quantified. For example, one of the smaller pilot study airports used their Safety Risk Management (SRM), or formal process, to identify and manage a hazard. The airport identified that loosely controlled passenger traffic was accessing the ramp area. Although, no passenger to date had been injured on the ramp, the airport had experienced ‘‘close-calls’’. In VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 completing their hazard and risk analysis, the airport determined that the lack of current control presented an unacceptable high risk for the organization. The airport immediately took action to identify feasible mitigation strategies including dedicated passenger walkways, notification of passengers on airport procedures prior to ramp access, and tasking of additional staff to ramp areas for increased control and oversight of passenger traffic during peakoperations. Moreover, the FAA believes that the benefits of SMS, over the 10year period of analysis, are much greater than what is currently quantified. Costs of This Rule The rule if enacted would require certificated U.S. airports to establish a safety management system (SMS) based on the four components: Safety Policy, Safety Risk Management (SRM), Safety Assurance, and Safety Promotion. These components include costs to document an airport’s SMS and implementation plan, new staff, new equipment and materials, and training. The costs vary based on the size of the airport. In total this proposed rule is estimated to cost airports $248 million over 10 years. Regulatory Flexibility Determination The Regulatory Flexibility Act of 1980 (Pub. L. 96–354) (RFA) establishes ‘‘as a principle of regulatory issuance that agencies shall endeavor, consistent with the objectives of the rule and of applicable statutes, to fit regulatory and informational requirements to the scale of the businesses, organizations, and governmental jurisdictions subject to regulation. To achieve this principle, agencies are required to solicit and consider flexible regulatory proposals and to explain the rationale for their actions to assure that such proposals are given serious consideration.’’ The RFA covers a wide-range of small entities, including small businesses, not-forprofit organizations, and small governmental jurisdictions. Agencies must perform a review to determine whether a rule will have a significant economic impact on a substantial number of small entities. If the agency determines that it will, the agency must prepare a regulatory flexibility analysis as described in the RFA. However, if an agency determines that a rule is not expected to have a significant economic impact on a substantial number of small entities, section 605(b) of the RFA provides that the head of the agency may so certify and a regulatory flexibility analysis is not required. The certification must include a statement providing the PO 00000 Frm 00022 Fmt 4702 Sfmt 4702 62019 factual basis for this determination, and the reasoning should be clear. The proposed rule will affect all part 139 airports. Under this rule airports would be required to establish a safety management system to proactively manage safety at the airport. A substantial number of part 139 airports will meet the Small Business Administration definition of a small entity, which includes small governmental jurisdictions as governments of cities, counties, towns, townships, villages, school districts, or special districts with populations of less than 50,000. The requirements of the rule are scalable by airport. They have the ability to choose low cost options. Moreover, many smaller airports expect little to no added cost, given the size of their operations. These airports have fewer operations and employees which are associated with a lower number of reportable incidents, and with fewer incidents these airports can choose inexpensive options. Options, such as an EXCEL or ACCESS for data tracking, a suggestion box for the hazard reporting system, and easy to create memorabilia for promotional material are compliance examples reported by many of these airports. The cost of these items is minimal at roughly $300 per airport. Small airports also have the option of hiring new staff, but the FAA expects that given the size of these airports no additional staff will be needed to meet the requirements of this rule. Thus while there are a substantial number of small entities, the rule would not create a significant economic impact to these airports. Therefore, the FAA certifies this proposed rule, if promulgated, would not have a significant impact on a substantial number of small entities. The FAA solicits comments regarding this determination. Specifically, the FAA requests comments on whether the proposed rule creates any specific compliance costs unique to small entities. Please provide detailed economic analysis to support any cost claims. The FAA also invites comments regarding other small entity concerns with respect to the proposed rule. International Trade Impact Assessment The Trade Agreements Act of 1979 (Pub. L. 96–39), as amended by the Uruguay Round Agreements Act (Pub. L. 103–465), prohibits Federal agencies from establishing standards or engaging in related activities that create unnecessary obstacles to the foreign commerce of the United States. Pursuant to these Acts, the establishment of standards is not considered an unnecessary obstacle to E:\FR\FM\07OCP1.SGM 07OCP1 62020 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules the foreign commerce of the United States, so long as the standard has a legitimate domestic objective, such the protection of safety, and does not operate in a manner that excludes imports that meet this objective. The statute also requires consideration of international standards and, where appropriate, that they be the basis for U.S. standards. The FAA has assessed the potential effect of this proposed rule and determined that it will have only a domestic impact and therefore would not create unnecessary obstacles to the foreign commerce of the United States. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 Unfunded Mandates Assessment Title II of the Unfunded Mandates Reform Act of 1995 (Pub. L. 104–4) requires each Federal agency to prepare a written statement assessing the effects of any Federal mandate in a proposed or final agency rule that may result in an expenditure of $100 million or more (in 1995 dollars) in any one year by State, local, and tribal governments, in the aggregate, or by the private sector; such a mandate is deemed to be a ‘‘significant regulatory action.’’ The FAA currently uses an inflation-adjusted value of $143.1 million in lieu of $100 million. This proposed rule does not contain such a mandate; therefore, the requirements of Title II of the Act do not apply. Executive Order 13132, Federalism The FAA has analyzed the proposal under the principles and criteria of Executive Order 13132, Federalism. Most airports subject to this proposal are owned, operated, or regulated by a local government body (such as a city or council government), which, in turn, is incorporated by or as part of a State. Some airports are operated directly by a State. This proposal would have low costs of compliance compared with the resources available to airports, and it would not alter the relationship between certificate holders and the FAA as established by law. Accordingly, the FAA has determined that this action would not have a substantial direct effect on the States, on the relationship between the national Government and the States, or on the distribution of power and responsibilities among the various levels of government. Therefore, the FAA has determined that this rulemaking does not have federalism implications. The FAA will mail a copy of the NPRM to each state government specifically inviting comment. Environmental Analysis FAA Order 1050.1E defines FAA actions that are categorically excluded VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 from preparation of an environmental assessment or environmental impact statement under the National Environmental Policy Act (NEPA) in the absence of extraordinary circumstances. The FAA has determined this proposed rulemaking action qualifies for the categorical exclusion identified in Chapter 3, paragraph 312d and involves no extraordinary circumstances. Regulations That Significantly Affect Energy Supply, Distribution, or Use The FAA has analyzed this NPRM under Executive Order 13211, Actions Concerning Regulations that Significantly Affect Energy Supply, Distribution, or Use (May 18, 2001). We have determined that it is not a ‘‘significant energy action’’ under the executive order because it is not likely to have a significant adverse effect on the supply, distribution, or use of energy. Additional Information Comments Invited The FAA invites interested persons to participate in this rulemaking by submitting written comments, data, or views. We also invite comments relating to the economic, environmental, energy, or federalism impacts that might result from adopting the proposals in this document. The most helpful comments reference a specific portion of the proposal, explain the reason for any recommended change, and include supporting data. To ensure the docket does not contain duplicate comments, please send only one copy of written comments, or if you are filing comments electronically, please submit your comments only one time. We will file in the docket all comments we receive, as well as a report summarizing each substantive public contact with FAA personnel concerning this proposed rulemaking. Before acting on this proposal, we will consider all comments we receive on or before the closing date for comments. We will consider comments filed after the comment period has closed if it is possible to do so without incurring expense or delay. We may change this proposal in light of the comments we receive. Throughout the proposal discussion, the FAA specifically identifies specific issues related to SMS and guiding principles associated with SMS on which it seeks specific comment. These specific questions are enumerated here to facilitate comment. Please include the question number in your responses to the following questions: PO 00000 Frm 00023 Fmt 4702 Sfmt 4702 1. Are there interactions between this proposal and potential future rulemakings involving SMS issues? To what extent should the proposal here take into account the possibility of future rulemakings on similar topics? Would it be better to wait for experience under any final rule in this proceeding before judging whether it can or should serve as a precedent for any other SMS requirements? 2. Are there other principles that the FAA should consider in crafting a final rule on airport SMS that are not embodied in this proposal? 3. To what extent will the regulatory burdens proposed by the proposed rule flow through to persons or businesses other than the ones included in the economic analysis? If such flow-through exists, will it increase total societal costs, and if so, by how much? If costs do flow through to others, are costs correspondingly reduced to persons ‘‘upstream’’? Please provide detailed economic analysis to support any claims of increased costs or cost-offsets, rather than mere assertions. 4. The FAA intends for this and any future SMS rules to be fully scalable, based on the size and complexity of the organization implementing SMS. Do commenters have suggestions for how the FAA could clarify or improve the scalability of this proposal? Please provide detailed suggestions to expand implementation flexibility within the proposal. 5. Would the cost-effectiveness of the rule be improved if the requirements are phased in? Which specific provisions should be phased in? Please provide specific recommendations for a phase-in period, including analysis of the effect on costs to industry and the corresponding postponement of safety benefits. 6. What should the FAA specifically consider when defining ‘‘accountable executive’’ to adequately address the unique operating environment of certificated airports? 7. Should the FAA consider expanding the SMS training requirements to all individuals (rather than just airport employees) accessing the movement and non-movement areas? What are the specific practical and economic implications of such a requirement? Proprietary or Confidential Business Information Do not file in the docket information that you consider to be proprietary or confidential business information. Send or deliver this information directly to the person identified in the FOR FURTHER INFORMATION CONTACT section of this E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules document. You must mark the information that you consider proprietary or confidential. If you send the information on a disk or CD–ROM, mark the outside of the disk or CD–ROM and also identify electronically within the disk or CD–ROM the specific information that is proprietary or confidential. Under 14 CFR 11.35(b), when we are aware of proprietary information filed with a comment, we do not place it in the docket. We hold it in a separate file to which the public does not have access, and we place a note in the docket that we have received it. If we receive a request to examine or copy this information, we treat it as any other request under the Freedom of Information Act (5 U.S.C. 552). We process such a request under the DOT procedures found in 49 CFR part 7. Availability of Rulemaking Documents You can get an electronic copy using the Internet by— (1) Searching the Federal eRulemaking Portal (http:// www.regulations.gov); (2) Visiting the FAA’s Regulations and Policies Web page at http:// www.faa.gov/regulations_policies/; or (3) Accessing the Government Printing Office’s Web page at http:// www.gpoaccess.gov/fr/index.html. You can also get a copy by sending a request to the Federal Aviation Administration, Office of Rulemaking, ARM–1, 800 Independence Avenue, SW., Washington, DC 20591, or by calling (202) 267–9680. Make sure to identify the docket number or notice number of this rulemaking. You may access all documents the FAA considered in developing this proposed rule, including economic analyses and technical reports, from the internet through the Federal eRulemaking Portal referenced in paragraph (1). List of Subjects in 14 CFR Part 139 Air carriers, Airports, Aviation safety, Reporting and recordkeeping requirements. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 The Proposed Amendment In consideration of the foregoing, the Federal Aviation Administration proposes to amend chapter I of Title 14, Code of Federal Regulations as follows: VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 62021 or harm. Risk analysis can be either a quantitative or qualitative analysis; however, the inability to quantify or the 1. The authority citation for part 139 lack of historical data on a particular continues to read as follows: hazard does not preclude the need for Authority: 49 U.S.C. 106(g), 40113, 44701– analysis. 44702, 44709, 44719. Risk mitigation means any action taken to reduce the risk of a hazard’s 2. Amend § 139.5 by adding the effect. definitions of Accountable executive, Airport Safety Management System * * * * * (SMS), Hazard, Non-movement area, Safety assurance means the process Risk, Risk analysis, Risk mitigation, management functions that evaluate the Safety assurance, Safety policy, Safety continued effectiveness of implemented promotion, and Safety risk management risk mitigation strategies; support the in alphabetical order to read as follows: identification of new hazards; and function to systematically provide § 139.5 Definitions. confidence that an organization meets or Accountable executive means a single, exceeds its safety objectives through identifiable person who, irrespective of continuous improvement. other functions, has ultimate Safety policy means the statement and responsibility and accountability, on documentation adopted by a certificate behalf of the certificate holder, for the holder defining its commitment to implementation and maintenance of the safety and overall safety vision. Airport Safety Management System. The Safety promotion means the Accountable Executive has full control combination of safety culture, training, of the human and financial resources required to implement and maintain the and communication activities that Airport Safety Management System. The support the implementation and operation of an SMS. Accountable Executive has final Safety risk management means a authority over operations conducted under the Airport’s Operating Certificate formal process within an SMS and has final responsibility for all safety composed of describing the system, identifying the hazards, analyzing, issues. assessing, and mitigating the risk. * * * * * * * * * * Airport Safety Management System (SMS) means an integrated collection of § 139.101 [Amended] processes and procedures that ensures a 3. Amend § 139.101 by removing formalized and proactive approach to paragraph (c). system safety through risk management. 4. Amend § 139.103 by revising * * * * * paragraph (b) to read as follows: Hazard means any existing or potential condition that can lead to § 139.103 Application for certificate. injury, illness, death, or damage to or * * * * * loss of a system, equipment, or property. (b) Submit with the application, two * * * * * copies of an Airport Certification Non-movement area means the area, Manual, Safety Management System other than that described as the Implementation Plan (as required by movement area, used for the loading, § 139.103(b)), and Safety Management unloading, parking, and movement of System Manual (where applicable) aircraft on the airside of the airport prepared in accordance with subparts C (including without limitation ramps, and E of this part. apron areas, and on-airport fuel farms). 5. Amend § 139.203 by redesignating * * * * * paragraph (b)(29) as (b)(30) and adding Risk means the composite of a new paragraph (b)(29) to read as predicted severity and likelihood of the follows: worst credible outcome (harm) of a § 139.203 Contents of Airport Certification hazard. Manual. Risk analysis means the process * * * * whereby a hazard is characterized for its * likelihood and the severity of its effect (b) * * * PART 139—CERTIFICATION OF AIRPORTS PO 00000 Frm 00024 Fmt 4702 Sfmt 4702 E:\FR\FM\07OCP1.SGM 07OCP1 62022 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules REQUIRED AIRPORT CERTIFICATION MANUAL ELEMENTS Airport certificate class Manual elements Class I * * * * * 29. Policies and procedures for the development, implementation, operation, and maintenance of the Airport’s Safety Management System, as required under subpart E of this part ........................................................................................................................................ * * * 6. Amend § 139.301 by revising paragraph (b)(1) and adding new paragraphs (b)(9) and (b)(10) to read as follows: § 139.301 Records. * * * * * (b) * * * (1) Personnel training. Twenty-four consecutive calendar months for personnel training records, as required under §§ 139.303, 139.327, and 139.402. * * * * * (9) Safety risk management documentation. Thirty-six consecutive calendar months or twelve consecutive calendar months, as required under § 139.402(b). (10) Safety communications. Twelve consecutive calendar months for safety communications, as required under § 139.402(d). * * * * * 7. Add subpart E to part 139 to read as follows: Subpart E—Airport Safety Management System Sec. 139.401 General requirements. 139.402 Components of Airport Safety Management System. 139.403 Airport Safety Management System implementation. Subpart E—Airport Safety Management System jdjones on DSK8KYBLC1PROD with PROPOSALS-1 § 139.401 General requirements. (a) Each certificate holder, or applicant for an Airport Operating Certificate, must develop and maintain an Airport Safety Management System that is approved by the Administrator. (b) The scope of an Airport Safety Management System must encompass aircraft operation in the movement area, aircraft operation in the non-movement area, and other airport operations addressed in this part. (c) Each required certificate holder must describe its compliance with the requirements identified in § 139.402 either: (1) Within a separate section of the certificate holder’s Airport Certification VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 * § 139.402 Components of Airport Safety Management System. An approved Airport Safety Management System must include: (a) Safety Policy. A Safety Policy that, at a minimum: (1) Identifies the accountable executive. (2) Establishes and maintains a safety policy statement signed by the accountable executive. (3) Ensures the safety policy statement is available to all employees and tenants. (4) Identifies and communicates the safety organizational structure. (5) Describes management responsibility and accountability for safety issues. (6) Establishes and maintains safety objectives and the certificate holder’s acceptable level of safety. (7) Defines methods, processes, and organizational structure necessary to meet safety objectives. (b) Safety Risk Management. Safety Risk Management processes and procedures for identifying hazards and their associated risks within airport operations and for changes to those operations covered by this part that at a minimum: (1) Establish a system for identifying safety hazard. (2) Establish a systematic process to analyze hazards and their associated risks by: (i) Describing the system; (ii) Identifying hazards; (iii) Analyzing the risk of identified hazards and/or proposed mitigations; Frm 00025 Fmt 4702 Sfmt 4702 Class III * X X * Manual titled Airport Safety Management System; or (2) Within a separate Airport Safety Management System Manual. If the certificate holder chooses to use a separate Airport Safety Management System Manual, the Airport Certification Manual must incorporate by reference Airport Safety Management System Manual. (d) FAA Advisory Circulars contain methods and procedures for the development of an Airport Safety Management System. PO 00000 Class II Class IV * X * X * (iv) Assessing the level of risk associated with identified hazards; and (v) Mitigating the risks of identified hazards, when appropriate. (3) Provide for regular assessment to ensure that safety objectives identified under paragraph (a)(6) of this section are being met. (4) Establish and maintain records that document the certificate holder’s Safety Risk Management processes. (i) The records shall provide a means for airport management’s acceptance of assessed risks and mitigations. (ii) Records associated with the certificate holder’s Safety Risk Management processes must be retained for the longer of: (A) Thirty-six consecutive calendar months after the risk analysis of identified hazards under paragraph (b)(2)(iv) of this section has been completed; or (B) Twelve consecutive calendar months after mitigations required under paragraph (b)(2)(v) of this section have been implemented. (c) Safety Assurance. Safety Assurance processes and procedures to ensure mitigations developed through the certificate holder’s Safety Risk Management processes and procedures are adequate, and the Airport’s Safety Management System is functioning effectively and meeting the safety objectives established under paragraph (a)(6) of this section. Those processes and procedures must, at a minimum: (1) Provide a means for monitoring safety performance. (2) Establish and maintain a hazard reporting system that provides a means for reporter confidentiality. (3) Report pertinent safety information and data on a regular basis to the accountable executive. Reportable data includes without limitation: (i) Performance with safety objectives established under paragraph (a)(6) of this section; (ii) Safety critical information distributed in accordance with paragraph (d)(2)(ii) of this section; (iii) Status of ongoing mitigations required under the Airport’s Safety Risk E:\FR\FM\07OCP1.SGM 07OCP1 Federal Register / Vol. 75, No. 194 / Thursday, October 7, 2010 / Proposed Rules Management processes as described under paragraph (b)(2)(v) of this section; and (iv) Status of a certificate holder’s schedule for implementing the Airport Safety Management System as described under paragraph (b)(2) of this section. (d) Safety Promotion. Safety Promotion processes and procedures to foster an airport operating environment that encourages safety. Those processes and procedures must, at a minimum: (1) Provide formal safety training to each employee and tenant with access to airport areas regulated under this part that is appropriate to the individual’s role. (2) Maintain a record of all training by each individual under this section that includes, at a minimum, a description and date of training received. Such records must be retained for 24 consecutive calendar months after completion of training. (3) Develop and maintain formal means for communicating important safety information that, at a minimum: (i) Ensures that all personnel are aware of the SMS and their safety roles and responsibilities; (ii) Conveys critical safety information; (iii) Provides feedback to reporters using the airport’s hazard reporting system required under § paragraph (c)(2) of this section; and (iv) Disseminates safety lessons learned to relevant personnel or other stakeholders. (4) Maintain records of communications required under this section for 12 consecutive calendar months. jdjones on DSK8KYBLC1PROD with PROPOSALS-1 § 139.403 Airport Safety Management System implementation. (a) Each certificate holder required to develop and maintain an Airport Safety Management System under this subpart must submit an implementation plan on or before: (1) [6 months after effective date of final rule] for Class I airports. (2) [9 months after effective date of final rule] for Class II, III, and IV airports. (b) An implementation plan must provide: (1) A proposal on how the certificate holder will meet the requirements prescribed in this subpart; and (2) A schedule for implementing SMS components and elements prescribed in § 139.402. (d) Each certificate holder must submit its amended Airport Certification Manual and Airport Safety Management System Manual, if applicable, to the FAA for approval in VerDate Mar<15>2010 14:39 Oct 06, 2010 Jkt 223001 accordance with its implementation plan but not later than: (1) [18 months after effective date of final rule] for Class I airports. (2) [24 months after effective date of final rule] for Class II, III, and IV airports. Issued in Washington, DC, on September 30, 2010. Michael J. O’Donnell, Director, Office of Airport Safety and Standards. [FR Doc. 2010–25338 Filed 10–6–10; 8:45 am] BILLING CODE 4910–13–P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission 18 CFR Part 35 [Docket No. RM10–23–000] Transmission Planning and Cost Allocation by Transmission Owning and Operating Public Utilities September 29, 2010. Federal Energy Regulatory Commission, DOE. ACTION: Notice of proposed rulemaking; request for reply comments. AGENCY: On June 17, 2010, the Commission issued a Notice of proposed rulemaking (75 FR 37884) proposing to amend the transmission planning and cost allocation requirements established in Order No. 890 to ensure that Commissionjurisdictional services are provided on a basis that is just, reasonable and not unduly discriminatory or preferential. With respect to transmission planning, the proposed rule would provide that local and regional transmission planning processes account for transmission needs driven by public policy requirements established by state or federal laws or regulations; improve coordination between neighboring transmission planning regions with respect to interregional facilities; and remove from Commission-approved tariffs or agreements a right of first refusal created by those documents that provides an incumbent transmission provider with an undue advantage over a nonincumbent transmission developer. Neither incumbent nor nonincumbent transmission facility developers should, as a result of a Commission-approved tariff or agreement, receive different treatment in a regional transmission planning process. Further, both should share similar benefits and obligations SUMMARY: PO 00000 Frm 00026 Fmt 4702 Sfmt 4702 62023 commensurate with that participation, including the right, consistent with state or local laws or regulations, to construct and own a facility that it sponsors in a regional transmission planning process and that is selected for inclusion in the regional transmission plan. With respect to cost allocation, the proposed rule would establish a closer link between transmission planning processes and cost allocation and would require cost allocation methods for intraregional and interregional transmission facilities to satisfy newly established cost allocation principles. The Commission is providing interested persons an opportunity to file reply comments on the proposed rule. DATES: Reply comments to the proposed rule published June 30, 2010 (75 FR 37884) are due November 12, 2010. ADDRESSES: You may submit reply comments, identified by Docket No. RM10–23–000, by any of the following methods: • Agency Web Site: http:// www.ferc.gov. Documents created electronically using word processing software should be filed in native applications or print-to-PDF format and not in a scanned format. • Mail/Hand Delivery: Commenters unable to file comments electronically must mail or hand deliver an original and 14 copies of their comments to: Federal Energy Regulatory Commission, Office of the Secretary, 888 First Street, NE., Washington, DC 20426. FOR FURTHER INFORMATION CONTACT: Russell Profozich (Technical Information), Office of Energy Policy and Innovation, Federal Energy Regulatory Commission, 888 First Street, NE., Washington, DC 20426. Telephone: (202) 502–6478, E-mail: russell.profozich@ferc.gov. John Cohen (Legal Information), Office of the General Counsel, Federal Energy Regulatory Commission, 888 First Street, NE., Washington, DC 20426, Telephone: (202) 502–8705, E-mail: john.cohen@ferc.gov. SUPPLEMENTARY INFORMATION: Notice Establishing Reply Comment Period On September 28, 2010, Western Independent Transmission Group filed a motion to establish a period for filing reply comments to the Commission’s Notice of Proposed Rulemaking issued June 17, 2010, in the above-docketed proceeding.1 The period for filing initial comments in this proceeding ran through September 29, 2010. Upon 1 131 E:\FR\FM\07OCP1.SGM FERC ¶ 61,253 (2010). 07OCP1

Agencies

[Federal Register Volume 75, Number 194 (Thursday, October 7, 2010)]
[Proposed Rules]
[Pages 62008-62023]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-25338]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 139

[Docket No. FAA-2010-0997; Notice No. 10-14]
RIN 2120-AJ38


Safety Management System for Certificated Airports

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Notice of proposed rulemaking (NPRM).

-----------------------------------------------------------------------

SUMMARY: This action would require each certificate holder to establish 
a safety management system (SMS) for its entire airfield environment 
(including movement and non-movement areas) to improve safety at 
airports hosting air carrier operations. An SMS is a formalized 
approach to managing safety by developing an organization-wide safety 
policy, developing formal methods of identifying hazards, analyzing and 
mitigating risk, developing methods for ensuring continuous safety 
improvement, and creating organization-wide safety promotion 
strategies. When systematically applied in an SMS, these activities 
provide a set of decision-making tools that airport management can use 
to improve safety. This proposal would require a certificate holder to 
submit an implementation plan and implement an SMS within timeframes 
commensurate with its class of Airport Operating Certificate (AOC).

DATES: Send your comments on or before January 5, 2011.

ADDRESSES: You may send comments identified by Docket Number FAA-2010-
0997 using any of the following methods:
     Federal eRulemaking Portal: Go to http://www.regulations.gov and follow the online instructions for sending your 
comments electronically.
     Mail: Send Comments to Docket Operations, M-30; U.S. 
Department of Transportation, 1200 New Jersey Avenue, SE., West 
Building Ground Floor, Room W12-140, West Building Ground Floor, 
Washington, DC 20590-0001.
     Hand Delivery: Take comments to Docket Operations in Room 
W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue, 
SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except Federal holidays.
     Fax: (202) 493-2251.

For more information on the rulemaking process, see the SUPPLEMENTARY 
INFORMATION section of this document.
    Privacy: We will post all comments we receive, without change, to 
http://www.regulations.gov, including any personal information you 
provide. Using the search function of our docket web site, anyone can 
find and read the comments received into any of our dockets, including 
the name of the individual sending the comment (or signing the comment 
for an association, business, labor union, etc.). You may review DOT's 
complete Privacy Act Statement in the Federal Register published on 
April 11, 2000 (65 FR 19477-78) or you may visit http://DocketsInfo.dot.gov.
    Docket: To read background documents or comments received, go to 
http://www.regulations.gov at any time and follow the online 
instructions for accessing the docket or go to Docket Operations in 
Room W12-140 of the West Building Ground Floor at 1200 New Jersey 
Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through 
Friday, except Federal holidays.

FOR FURTHER INFORMATION CONTACT: For technical questions concerning 
this proposed rule, contact Keri Spencer, Office of Airports Safety and 
Standards, Airports Safety and Operations Division, Federal Aviation 
Administration, 800 Independence Avenue, SW., Washington, DC 20591; 
telephone (202) 267-8972; fax (202) 493-1416; e-mail 
keri.spencer@faa.gov. For legal questions, contact Robert Hawks, Office 
of the Chief Counsel, Regulations Division, Federal Aviation 
Administration, 800 Independence Avenue, SW., Washington, DC 20591; 
telephone (202) 267-7143; fax (202) 267-7971; e-mail: 
rob.hawks@faa.gov.

SUPPLEMENTARY INFORMATION: Later in this preamble under the Additional 
Information section, we discuss how you can comment on this proposal 
and how we will handle your comments. Included in this discussion is 
related information about the docket, privacy, and the handling of 
proprietary or confidential business information. We also discuss how 
you can get a copy of this proposal and related rulemaking documents.

Authority for This Rulemaking

    The FAA's authority to issue rules regarding aviation safety is 
found in Title 49 of the United States Code. Subtitle I, section 106 
describes the authority of the FAA Administrator. Subtitle VII, 
Aviation Programs, describes in more detail the scope of the agency's 
authority.
    The FAA is issuing this rulemaking under the authority described in 
subtitle VII, part A, subpart III, section 44706, ``Airport operating 
certificates.'' Under that section, Congress charges the FAA with 
issuing airport operating certificates that contain terms that the 
Administrator finds necessary to ensure safety in air transportation. 
This proposed rule is within the scope of that authority because it 
requires all holders of an airport operating certificate to develop, 
implement, and maintain an SMS. The development and implementation of 
an SMS ensures safety in air transportation by assisting airports in 
proactively identifying and mitigating safety hazards.

Background

    The FAA is committed to continuously improving safety in air 
transportation. As the demand for air transportation increases, the 
impacts of additional air traffic and surface operations, changes in 
air traffic procedures, and airport construction can heighten the risks 
of aircraft operations. While the FAA's use of prescriptive regulations 
and technical operating standards has been effective, such regulations 
may leave gaps best addressed through improved management practices. As 
the certificate holder best understands its own operating environment, 
it is in the best position to address many of its own safety issues. 
While the FAA would still conduct regular inspections, SMS's proactive 
emphasis on hazard identification and mitigation, and on communication 
of safety issues, provides certificate holders robust tools to improve 
safety.
    The International Civil Aviation Organization (ICAO) defines SMS as 
a ``systematic approach to managing safety, including the necessary 
organizational structures, accountabilities, policies, and

[[Page 62009]]

procedures.'' \1\ In 2001, ICAO adopted a standard in Annex 14 that all 
member states establish SMS requirements for airport operators. The FAA 
supports conformity of U.S. aviation safety regulations with ICAO 
standards and recommended practices. The agency intends to meet the 
intent of the ICAO standard in a way that complements existing airport 
safety regulations in 14 CFR part 139. Additional information regarding 
these amendments, as well as ICAO's guidance on establishing an SMS 
framework, may be found at http://www.icao.int/anb/safetymanagement/.
---------------------------------------------------------------------------

    \1\ See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859-
AN/474 (2nd ed. 2009).
---------------------------------------------------------------------------

Safety Management System Components

    An SMS provides an organization's management with a set of 
decision-making tools that can be used to plan, organize, direct, and 
control its business activities in a manner that enhances safety and 
ensures compliance with regulatory standards. These tools are similar 
to those management already uses to make production or operations 
decisions. An SMS has four key components: Safety Policy, Safety Risk 
Management (SRM), Safety Assurance, and Safety Promotion. Definitions 
of these are as follows and further detailed in the proposal 
discussion.
    Safety Policy. Safety Policy provides the foundation or framework 
for the SMS. It outlines the methods and tools for achieving desired 
safety outcomes. Safety Policy also details management's responsibility 
and accountability for safety.
    Safety Risk Management (SRM). As a core activity of SMS, SRM uses a 
set of standard processes to proactively identify hazards, analyze and 
assess potential risks, and design appropriate risk mitigation 
strategies.
    Safety Assurance. Safety Assurance is a set of processes that 
monitor the organization's performance in meeting its current safety 
standards and objectives as well as contribute to continuous safety 
improvement. Safety Assurance processes include information 
acquisition, analysis, system assessment, and development of preventive 
or corrective actions for nonconformance.
    Safety Promotion. Safety Promotion includes processes and 
procedures used to create an environment where safety objectives can be 
achieved. Safety promotion is essential to create an organization's 
positive safety culture. Safety culture is characterized by knowledge 
and understanding of an organization's SMS, effective communications, 
competency in job responsibilities, ongoing training, and information 
sharing. Safety Promotion elements include training programs, 
communication of critical safety issues, and confidential reporting 
systems.

National Transportation Safety Board Recommendations

    The National Transportation Safety Board (NTSB) first recommended 
safety management systems for the maritime industry in 1997. Since 
then, a number of NTSB investigations have cited organizational factors 
contributing to accidents and have recommended SMS as a way to prevent 
future accidents and improve safety. The NTSB first offered an SMS 
recommendation to the FAA after its investigation of the October 14, 
2004, accident of Pinnacle Airlines Flight 3701.
    Pinnacle Airlines Flight 3701 was on a repositioning flight between 
Little Rock National Airport and Minneapolis-St. Paul International 
Airport when both engines flamed out after a pilot-induced aerodynamic 
stall. The pilots were unable to regain control, and the aircraft 
crashed in a residential area south of Jefferson City, Missouri. The 
NTSB's investigation revealed ``the accident was the result of poorly 
performing pilots who intentionally deviated from standard operating 
procedures and basic airmanship.'' \2\ The NTSB further stated 
``operators have the responsibility for a flight crew's cockpit 
discipline and adherence to standard operating procedures'' and offered 
an SMS as a means to help air carriers ensure safety.\3\ The NTSB 
formally recommended the FAA ``require all 14 CFR part 121 operators 
establish Safety Management System programs.'' \4\
---------------------------------------------------------------------------

    \2\ NTSB Accident Report AAR-07/01, ``Crash of Pinnacle Airlines 
Flight 3701 Bombardier CL-600-2B19, N8396A, Jefferson City, 
Missouri, October 14, 2004,'' at 53 (Jan. 9, 2007) .
    \3\ Id. at 61.
    \4\ Id. at 75; see also NTSB Safety Recommendation Letter (Jan. 
23, 2007) (NTSB Recommendation A-07-10).
---------------------------------------------------------------------------

    Three years after the Pinnacle Airlines accident, the NTSB 
investigated the in-flight fire, emergency descent, and crash of a 
Cessna 310R in Sanford, Florida, and issued another SMS recommendation. 
The NTSB determined the probable causes of the accident ``were the 
actions and decisions by NASCAR's corporate aviation division's 
management and maintenance personnel to allow the accident airplane to 
be released for flight with a known and unresolved discrepancy, and the 
accident pilots' decision to operate the airplane with that known 
discrepancy.'' \5\ As in the Pinnacle Airlines accident, the NASCAR 
pilot and aviation organization failed to follow standard operating 
procedures (SOPs). The NTSB stated ``an effective SMS program 
formalizes a company's SOPs and establishes methods for ensuring that 
those SOPs are followed.'' \6\ The NTSB recommended the FAA ``develop a 
safety alert for operators encouraging all 14 CFR part 91 business 
operators to adopt SMS programs that include sound risk management 
practices.'' \7\
---------------------------------------------------------------------------

    \5\ NTSB Accident Report AAR-09/01, ``In-flight Fire, Emergency 
Descent and Crash in a Residential Area Cessna 310R, N501N, Sanford, 
Florida, July 10, 2007,'' at iv (Jan. 28, 2009).
    \6\ Id. at 19.
    \7\ Id. at 25; see also NTSB Safety Recommendation Letter (Feb. 
18, 2009) (NTSB Recommendation A-09-16).
---------------------------------------------------------------------------

    While the NTSB has not formally recommended the FAA require an SMS 
for certificated airports, the FAA has concluded those same 
organizational factors apply to all regulated sectors of the aviation 
industry. Airports operate in similar environments as air carriers and 
business flight operators where adherence to standard operating 
procedures, proactive identification, mitigation of hazards and risks, 
and effective communications are crucial to continued operational 
safety. Accordingly, certificated airports could realize similar SMS 
benefits as an aircraft operator. The FAA envisions an SMS would 
provide an airport with an added layer of safety to help reduce the 
number of near-misses, incidents, and accidents. An SMS also would 
ensure that all levels of airport management understand safety 
implications of airfield operations.

FAA SMS Pilot Studies and Research Projects

    The FAA initiated a number of collaborative efforts studying SMS 
application at U.S. certificated airports. These efforts included 
developing advisory guidance, researching airport SMS recommended 
practices, and conducting airport pilot studies.

Advisory Circulars and Research Studies

    The FAA, on February 28, 2007, issued Advisory Circular (AC) 150/
5200-37, Introduction to Safety Management Systems for Airport 
Operators. This AC provides an introduction to SMS and general 
guidelines for an airport SMS. While compliance with this AC is 
voluntary, numerous airports have used it in implementing their SMS.

[[Page 62010]]

    The Airports Cooperative Research Program (ACRP) \8\ approved two 
projects to prepare guidance on airport SMS. In September 2007, MITRE 
Corporation published the first report, SMS for Airports Volume 1: 
Overview. This report describes SMS benefits, ICAO requirements, and 
SMS application at U.S. airports. The second project, ACRP's SMS for 
Airports Volume 2: Guidebook, was completed in October 2009 and 
provides practical guidance on development and implementation of an 
airport SMS.
---------------------------------------------------------------------------

    \8\ The Transportation Research Board (TRB) manages ACRP.
---------------------------------------------------------------------------

Pilot Studies

    Beginning in April 2007, the FAA conducted a pilot study to 
evaluate SMS development at certificated airports of varying size and 
complexity. The study also compared current part 139 requirements and 
typical SMS requirements.
    The first round of pilot studies included over 20 airports. The FAA 
later established a second round of pilot studies on SMS development at 
smaller airports with a Class II, III, or IV AOC.\9\
---------------------------------------------------------------------------

    \9\ For definitions of classes of AOCs, see 14 CFR 139.5.
---------------------------------------------------------------------------

    All participating airports conducted a gap analysis or benchmark 
study examining differences between their FAA-approved Airport 
Certification Manual (ACM), part 139 requirements, and a typical 
airport SMS. Using these results, the participating airports then 
developed a separate SMS Manual and Implementation Plan using AC 150/
5200-37 and the FAA Airport SMS Pilot Study Participant's Guide. While 
pilot study airports were not required to implement an SMS, many chose 
to do so. As a result of these pilot studies, participating airports 
and the FAA made some key findings.
    First, the FAA concluded that compliance with part 139 is essential 
to ensuring a safe and standardized airport system. However, part 139 
compliance does not by itself sufficiently address the risk management, 
assurance, reporting, safety data management, communications, or 
training needs of modern airports. The FAA further concluded an SMS can 
help an airport achieve performance-based systems safety.
    The gap analyses revealed that aspects of part 139 can serve as 
building blocks for an SMS. For example, at least one pilot study 
airport recognized its existing part 139 compliance program 
incorporated some SMS concepts. Additionally, the majority of 
participating airports have an organizational safety policy statement, 
but these statements may be informal or inadequate or focus on employee 
rather than on operational safety. The gap analysis also uncovered that 
less formal safety policies are often not effectively communicated to 
employees.
    The majority of pilot study airports indicated an existing 
organizational structure to manage safety (such as a standing safety 
committee), but there is rarely one person with overall responsibility 
and authority for operational safety. Several airports admitted to 
relatively inactive safety committees. Second, several airports 
indicated they have safety risk management programs or policies in 
place (e.g., part 139 self-inspection program), but most described 
their hazard identification processes as reactive rather than 
proactive. These airports concluded their existing programs could be 
improved to meet the intent of the SMS SRM. While Sec.  139.327 
requires an airport to identify hazards or discrepancies during its 
self inspection, this requirement does not realize the potential of 
safety management through identifying and recording all safety hazards, 
conducting risk assessments, and developing mitigation strategies.
    Some airports indicated they did not have adequate accident or 
incident reporting procedures. Still others with reporting procedures 
indicated the procedures lacked solid analytical techniques to identify 
airport hazards and uncover underlying safety issues.
    Third, almost all pilot study airports indicated compliance with 
part 139 through some auditing system. However, most of these airports 
also indicated the audits are not carried out systematically to 
determine whether the airport is meeting safety goals and objectives. 
Few certificated airports indicated formal procedures to systematically 
review safety-related data. All pilot study airports have record-
keeping and retrieval systems in place, but each indicated room for 
improvement. Improved systems would allow for trend and other data 
analysis to proactively identify operational hazards and potentially 
prevent future incidents or accidents.
    Finally, almost all pilot study airports indicated they currently 
conduct safety training, but some indicated there is no organizational 
approach to safety training. Several airports indicated their informal 
safety communications do not properly disseminate information (such as 
risk management data) throughout the organization or to other 
stakeholders. In general, the airports acknowledged more formalized 
training and communications programs, such as those required under 
Safety Promotion, would be beneficial.

Benefits

    The FAA has determined that an SMS requirement would improve safety 
at part 139 certificated airports. The FAA reached this conclusion 
based on detailed study of ICAO's Annex 14 requirements, review of 
NTSB's recommendations, and the airport SMS pilot studies. Airports 
should realize benefits from increased communication, training, and 
reporting. Some airports may realize financial benefits through reduced 
insurance costs associated with proactive hazard identification and 
safety risk analysis.
    A properly functioning airport SMS would help an airport ensure:
     Individuals are trained on the safety implications of 
working on the airside of the airport;
     Proactive hazard identification and analysis systems are 
in place;
     Data analysis, tracking, and reporting systems are 
available for trend analysis and to gain lessons learned; and
     Timely communication of safety issues to all stakeholders.

The FAA envisions an airport's SMS would uncover previously unknown 
hazards and risks, providing an airport the opportunity to proactively 
mitigate risk. Over time, these efforts should prevent accidents and 
incidents, thereby reducing the direct and indirect costs and risks of 
airport operations.
    Several airports have seen benefits by voluntarily implementing SMS 
or applying SMS principles in their operations. For example, a large 
international airport holding a Class I AOC reduced insurance costs 
after implementing SMS principles. A smaller domestic airport holding a 
Class IV AOC has seen a major improvement in operational safety after 
implementing its SMS.

Discussion of the Proposal

    The FAA proposes to require all certificate holders develop and 
implement an SMS for the movement and non-movement areas of the airport 
(i.e., airfield and ramp). The FAA proposes to add subpart E to part 
139, which would include:
    (1) A new Sec.  139.401 that would require all holders of an AOC to 
have an approved airport SMS;
    (2) a new Sec.  139.402 that would prescribe the components of an 
airport SMS; and
    (3) a new Sec.  139.403 that would prescribe the implementation 
requirements for an airport SMS.

[[Page 62011]]

    The proposal also would add to Sec.  139.5 the following 
definitions: Accountable executive; Airport safety management system; 
Hazard; Non-movement area; Risk; Risk analysis; Risk mitigation; Safety 
assurance; Safety policy; Safety promotion; and Safety risk management 
(SRM).
    Many of the definitions are from existing international standards 
and FAA guidance materials. These definitions are applicable to the 
following discussion.

Regulation of the Non-Movement Area

    Under this proposal, an airport would implement its SMS throughout 
the airport environment, including the movement and non-movement areas 
(including runways, taxiways, run-up areas, ramps, apron areas, and on-
airport fuel farms). The FAA acknowledges the proposal extends the 
scope of part 139 by including the non-movement areas, but the FAA has 
concluded that ensuring safety in air transportation requires that an 
SMS applies to any place that affects safety during aircraft 
operations.
    Many pilot study airports concluded it was difficult to apply SMS 
concepts to only the movement area because aircraft and airport airside 
personnel routinely flow between movement and non-movement areas. The 
airports also found a large number of safety incidents occur in the 
non-movement area and believe applying SMS to this area may reduce that 
number.
    The FAA does not intend to require airports to extend their SMS to 
the landside environment such as terminal areas. Nevertheless, an 
airport may voluntarily expand its SMS to all airside and landside 
environments.

Flexibility

    The FAA envisions an SMS as an adaptable and scalable system. An 
organization can develop an SMS to meet its unique operating 
environment. For those reasons, this proposal would allow an airport 
the maximum amount of flexibility to develop and achieve its safety 
goals. Accordingly, the FAA would prescribe only the general framework 
of an SMS.
    The FAA learned through the pilot studies there are circumstances 
when a certificate holder may want flexibility in maintaining SMS 
documentation. For example, some airport operators manage multiple 
airports (have multiple AOCs), and some may want to expand SMS beyond 
the FAA-regulated areas (such as for landside or terminal operations.) 
In allowing maximum flexibility, a certificate holder may maintain a 
separate SMS Manual in addition to the ACM or may maintain SMS 
documentation directly in the ACM. If a certificate holder develops a 
separate manual, it would cross-reference the SMS requirements in its 
FAA-approved ACM. Accordingly, the FAA proposes amending Sec.  139.203 
to require the FAA-approved ACM contain the policies and procedures for 
development, implementation, operation, and maintenance of the 
certificate holder's SMS. The FAA also proposes to amend Sec.  139.103 
to require two copies of the SMS manual, or SMS portion of the ACM, 
accompany an AOC application.

Minimum Elements of SMS

    In a new Sec.  139.402, the FAA would require each airport SMS 
include the four SMS components: Safety Policy, SRM, Safety Assurance, 
and Safety Promotion. These components are equivalent to ICAO's SMS 
pillars. To support each of these components, the FAA proposes a 
certificate holder implement a number of elements. Together the 
components and elements provide the general framework for an 
organization-wide safety management approach to airport operations. To 
make these components and elements effective, a certificate holder 
would develop processes and procedures appropriate to the airport's 
operating environment. The FAA understands that a certificate holder 
could comply with these requirements through a variety of means. The 
FAA intends these proposed requirements to be scalable to the size and 
complexity of the certificate holder. The FAA invites comments on how 
the FAA could clarify or improve the scalability of this proposal.
    The FAA envisions a certificate holder using an operational SMS to:
     Actively engage airport management in airfield safety;
     Ensure formal documentation of hazards and analytical 
processes are used to analyze, assess, and mitigate risks;
     Proactively look for safety issues through analysis and 
use of lessons learned; and
     Train individuals accessing the airside environment on SMS 
and operational safety.

The following details SMS components and elements as specifically 
applied to a part 139 airport certificate holder.

Safety Policy

    This proposal would require a certificate holder to establish a 
safety policy that:
     Identifies the accountable executive;
     Identifies and communicates the safety organizational 
structure;
     Identifies the lines of safety responsibility and 
accountability;
     Establishes and maintains a safety policy statement;
     Ensures the safety policy statement is available to all 
employees;
     Establishes and maintains safety objectives; and
     Establishes and maintains an acceptable level of safety 
for the organization.
    This proposal would require an airport to identify an accountable 
executive. The FAA understands that airport operations and 
organizational structures vary widely. Accordingly, the FAA would not 
prescribe a particular job title. Nevertheless, the accountable 
executive must be a high-level manager who can influence safety-related 
decisions and has authority to approve operational decisions and 
changes because an effective SMS requires high-level management 
involvement in safety decisionmaking. Accordingly, the FAA proposes the 
international standard definition for an accountable executive (i.e., 
requiring the accountable executive to be an individual with ultimate 
responsibility and accountability, full control of the human and 
financial resources required to maintain the SMS, and final authority 
over operations and safety issues).\10\ The FAA acknowledges it may be 
difficult for U.S. airports to identify an accountable executive 
meeting that international standard, but it believes an acceptable 
accountable executive would be the highest approving authority at the 
airport for operational decisions and changes. The FAA invites comments 
concerning the definition of accountable executive for certificated 
airports.
---------------------------------------------------------------------------

    \10\ See ICAO, Safety Management Manual, at 8.4.5 & 8.4.6 ICAO 
Doc. 9859-AN/474 (2nd ed. 2009).
---------------------------------------------------------------------------

    Additionally, we would require a certificate holder to identify its 
safety organizational structure and management responsibility and 
accountability for safety issues. The importance to identifying who in 
airport management is responsible for safety ensures resources are 
allocated to balance safety and service. For example, an airport would 
identify each manager accountable for safety and that manager's 
responsibilities under the airport SMS. Each airport employee should 
know who is the contact point for a particular safety issue. An airport 
would decide how managers' safety responsibilities and accountabilities 
are communicated. It could use an organizational chart or other means 
that identify lines of communication and decisionmaking. In some 
organizations, with multiple departments responsible

[[Page 62012]]

for part 139 compliance, an airport may have multiple line managers 
responsible for the safety of different airport areas (e.g., an 
operations manager for airfield operational safety issues or a 
maintenance manager for maintenance safety issues). The safety 
organizational structure should allow every employee to understand how 
safety issues progress through the organization. This safety 
organizational structure also would ensure that senior management is 
aware of the daily activities of these departments and has an active 
role in airport safety.
    Currently, Sec.  139.203 requires certificated airports to have 
lines of succession of airport operator responsibility. These lines may 
provide a foundation for establishing the airport's accountable 
executive and delineation of responsibility for SMS functions.
    This proposal would require a certificate holder's safety policy 
statement be included in SMS documentation. The ``accountable 
executive'' would issue this statement because management's commitment 
to safety should be expressed formally. The safety policy statement 
would outline the methods and processes used to achieve desired safety 
outcomes. The statement typically would contain the following:
     A commitment by senior management to implement SMS;
     A commitment to continual safety improvement;
     The encouragement for employees to report safety issues 
without fear of reprisal;
     A commitment to provide the necessary safety resources; 
and
     A commitment to make safety the highest priority.
    Some airports may be able to adapt a safety policy statement from 
existing policy statements. Others may supplement existing policies 
that focus on occupational safety issues (for example, the airport 
strives to have zero employee injuries). Other airports may have 
informal safety objectives that could be formalized into a safety 
policy statement.
    Finally, this proposal would require an airport to establish safety 
objectives relevant to its operating environment. These objectives 
should improve overall airport safety. Some examples of safety 
objectives may include a reduction in the amount of Foreign Object 
Debris (FOD) related damage, a reduction in the number of Vehicle/
Pedestrian Deviations (VPDs), timely issuance of airfield condition 
Notices to Airmen (NOTAMs), and continued conformance with part 139 
requirements. Setting these objectives and metrics would aid the 
airport, stakeholders, and the FAA in verifying achievement or progress 
towards an airport's improvement of safety.

Safety Risk Management (SRM)

    This proposal would require a certificate holder to establish an 
SRM process to identify hazards and their associated risks within the 
airport's operations. Under SRM, the airport would be required to:
     Identify safety hazards;
     Ensure that mitigations are implemented where appropriate 
to maintain an acceptable level of safety;
     Provide for regular assessment of safety level achieved;
     Aim to make continuous improvement to the airport's 
overall level of safety; and
     Establish and maintain a process for formally documenting 
identified hazards, their associated analyses, and management's 
acceptance of the associated risks.
    A comprehensive SMS using SRM would provide management a tool for 
identification of hazards and risks and prioritization of their 
resolution. While each certificate holder's SRM processes may be unique 
to the airport's operations and organizational structure, the FAA would 
require it to incorporate SRM's five steps:
    (1) Describing the system;
    (2) Identifying the hazards;
    (3) Analyzing the risk associated with those hazards;
    (4) Assessing the risk associated with those hazards; and
    (5) Mitigating the risk of identified hazards when necessary.
    This proposal would require a certificate holder to use SRM 
processes to analyze risk associated with hazards discovered during 
daily operations and for changes to operations. Changes in airport 
operations could introduce new hazards into the airfield environment, 
such as adding new tenants or air carriers at the airport. These could 
be discovered, tracked, and mitigated using an existing or newly-
created hazards tracking system. However, some system descriptions set 
the boundaries for hazard identification by considering the operating 
environment in which hazards are identified. Operational changes may 
overlap with SRM requirements under the FAA Air Traffic Organization's 
SMS. Examples of these changes include runway extensions or the 
construction of new taxiways. In these cases, the FAA expects that the 
certificate holder would participate in the FAA's risk analysis instead 
of performing an independent risk analysis under its SMS.
    The first step of SRM is describing the system. This step entails 
describing the operating environment in which the hazards will be 
identified. System description serves as the boundaries for hazard 
identification. For airports, operational, procedural, conditional, or 
physical characteristics are included in the system description. A 
system description could answer the following questions:
     Are there visual or instrument meteorological conditions;
     Is it a time of low or high peak traffic;
     Are there closed or open runways; or
     Is the airfield under construction or normal operations?
    The second step of SRM identifies hazards in a systematic way based 
on the system described in the first step. All possible sources of 
system failure should be considered. Depending on the nature and size 
of the system under consideration, these should include:
     Equipment (for example, construction equipment on a 
movement surface), the operating environment (for example, weather 
conditions, season, time of day);
     Human factors (for example, shift work);
     Operational procedures (for example, staffing levels);
     Maintenance procedures (for example, nightly movement area 
inspections by airport electricians); and
     External services (for example, ramp traffic by fixed-base 
operator (FBO) or law enforcement vehicles).
    A certificate holder should implement hazard identification 
processes and procedures that reflect its management structure and 
complexity. There are many ways to accomplish this hazard 
identification, but all must use the following four elements:
    (1) Operational expertise;
    (2) Training in SMS (and, if possible, hazard analysis techniques);
    (3) A simple, but well-defined, hazard analysis tool; and
    (4) Adequate documentation of the process.
    Many airports already have hazard identification processes in place 
to ensure part 139 compliance. For example, part 139 currently requires 
an airport operator to conduct a daily inspection, unless otherwise 
stated in the FAA-approved ACM.
    A certificate holder could use hazard reports obtained through the 
airport's safety reporting system, which is detailed later in this 
discussion. The airport also would keep track of

[[Page 62013]]

incidents and accidents occurring in the airport's movement and non-
movement areas to identify potential operational hazards. Many airports 
already track incidents and accidents in the movement area.
    One of the most important aspects of hazard identification is 
systematically documenting and tracking potential hazards. This 
documented data allows meaningful analysis of operational safety-
related trends on the airfield and of overall airport system safety.
    After identifying hazards, a certificate holder would complete the 
third step of SRM, hazard analysis. For each hazard, the certificate 
holder would consider the worst credible outcome (harm), which is the 
most unfavorable consequence that is realistically possible, based on 
the system described. For the worst credible outcome, the certificate 
holder would determine the likelihood and severity of that outcome 
using quantitative or qualitative methods.
    A certificate holder would define its levels of likelihood and 
severity. ICAO and the FAA have developed sample definitions and levels 
of likelihood and severity for use in categorizing hazards.\11\ An 
example is a five-point table for severity and likelihood. The 
categorization of severity includes definitions for catastrophic, 
hazardous, major, minor, or negligible. The categorization of 
likelihood includes definitions for frequent, occasional, remote, 
improbable, and extremely improbable. A certificate holder should 
develop tables commensurate with its operational needs and complexity. 
For example, a less complex airport with few operations may find it 
effective to have fewer levels of gradation. However, a larger airport 
with a variety of operations may require a five-point or larger table 
to be most effective. Based on these definitions, a likelihood and 
severity of occurrence is selected for each hazard.
---------------------------------------------------------------------------

    \11\ See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 
9859-AN/474 (2nd ed. 2009); see also FAA Advisory Circular 150/5200-
37, Introduction to Safety Management System for Airport Operators 
(Feb. 28, 2007).
---------------------------------------------------------------------------

    The fourth step of SRM, risk assessment, uses the likelihood and 
severity assessed in step three, and compares it to the organization's 
acceptable levels of safety risk.
    One of the easiest techniques for comparison is through the use of 
a predictive risk matrix. A predictive risk matrix (like figure 1) 
graphically depicts the various levels of severity and likelihood as 
they relate to the levels of risk (for example, low, medium, or high). 
On a typical risk matrix, severity and likelihood are placed on 
opposing axes (i.e., x- and y-axis on a grid). For example, a higher 
severity would be plotted further to the right on the x-axis, and a 
higher likelihood would be plotted further up the y-axis. The severity 
and likelihood assessed during the third step of SRM can then be 
plotted on the risk matrix grid for each of the hazards assessed.
BILLING CODE 4910-13-P

[[Page 62014]]

[GRAPHIC] [TIFF OMITTED] TP07OC10.000

    The other feature of a predictive risk matrix is its depiction of 
the certificate holder's acceptable level of safety risk, in other 
words the highest level of safety risk it will accept in its 
operational environment. Typically, the risk matrix depicts three 
levels of risk: low, medium, and high. A high risk generally would be 
unacceptable. A medium risk may be acceptable provided mitigations are 
in place and verified before operations can continue. A low risk may be 
acceptable without additional mitigation.
    When a hazard's likelihood and severity are plotted on the risk 
matrix, the certificate holder can see whether the hazard's safety risk 
is acceptable to

[[Page 62015]]

the organization. Generally, as the likelihood and severity increase, 
the risk increases. Each certificate holder would determine its 
acceptable level of risk and other levels of risk when establishing its 
predictive risk matrix. For example, a hazard with an assessed 
likelihood of frequent and severity of catastrophic usually would be 
plotted in the high risk portion of the matrix. A hazard with an 
assessed likelihood of extremely improbable and assessed severity of 
minor usually would be plotted in the low risk portion of the matrix. 
These levels of risk would be based on the certificate holder's 
acceptable level of risk and may vary from airport to airport.
    Under the fourth step of SRM, a certificate holder would plot the 
likelihood and severity of each hazard assessed during the third step 
on its predictive risk matrix. The certificate holder would see the 
level of risk for each hazard and could determine whether that level of 
risk is acceptable. The certificate holder would use this information 
to determine whether it must mitigate those risks. Ultimately, the 
certificate holder would formally accept the risk or approve the 
mitigation plan as required by its SMS.
    In the final step of SRM, mitigation of risk, the certificate 
holder would take steps to reduce the risk of the hazard to an 
acceptable level for any hazard determined in the fourth step to 
present an unacceptable risk. These efforts may include removing the 
hazard or implementing alternative strategies to reduce the hazard's 
risks. Additionally, a certificate holder could mitigate the risk of a 
hazard if that risk is acceptable but could be reduced with mitigation. 
If a hazard has no associated risk or a low risk, an airport may not 
have to proceed with this step of SRM for the hazard.
    If step five is required, the certificate holder would monitor the 
mitigations put in place to ensure that they actually decrease the 
level of risk to an acceptable level. A certificate holder could use 
the hazard reporting system, which is discussed later, to track 
identified hazards and their mitigations deployed under SRM.
    Under an SMS, a certificate holder would document each of the SRM 
steps including the identified hazards, the risk analysis and 
assessment, any proposed mitigations, and management's acceptance of 
risk. These records can be kept either electronically or in paper-
format. This documentation ensures safety-related decisions are 
consistent with safety policies and goals and provides historical 
information that can be used to make future safety-related decisions.
    This proposal would require a certificate holder to retain these 
documents and records for the longer of either 36 consecutive calendar 
months after the risk analysis of identified hazards or 12 consecutive 
calendar months after implementing mitigation measures. The timelines 
associated with the retention of those documents ensure they are kept 
for a time period that provides the airport historical data to conduct 
meaningful analysis under SRM, to review during Safety Assurance 
activities, and for the FAA to review for compliance during 
inspections. These record retention requirements are consistent with 
other retention requirements under part 139. While these are minimum 
retention requirements, certificate holders may retain their documents 
for longer time periods.

A Practical Example of SRM

    The airport in this example has one runway and conducts daily self-
inspections according to its FAA-approved ACM. An operations agent 
conducting the airport's daily self-inspection finds foreign object 
debris (FOD) of substantial size and weight at a taxiway-runway 
intersection adjacent to an uncontrolled ramp. The operations agent 
removes the FOD and notes it on the inspection checklist. During a 
routine review of airport inspections, the operations manager notices 
that FOD has been collected at this same taxiway-runway intersection 
during multiple inspections. Under the airport's SRM process, such an 
event and trend triggers a formal SRM analysis.
    The operations manager, who has sufficient training and understands 
the airport's SMS and operating environment, conducts the analysis. 
Using SRM documentation procedures and templates, the manager carefully 
describes the system. At this particular airport, the airport is 
approved for low-visibility operations which occur twenty-five percent 
of the calendar year.
    The manager then identifies all hazards associated with the FOD. 
The manager identifies FOD damage to aircraft and/or ingestion into 
aircraft engines as potential hazards based on the system description.
    The manager considers the worst credible outcome of FOD damage and 
FOD ingestion into aircraft engines based on the location of the FOD in 
the airport environment. Using the self-inspection records, the manager 
discerns the FOD usually is found closer to the runway than to the 
taxiway and in some instances on the runway between the centerline and 
edge lines. Additionally, the weight and location of the FOD could 
present a danger to aircraft traversing the runway or taxiway. The 
manager determines that the worst credible outcome could result in loss 
of control of the aircraft, an aborted take-off, and/or an aircraft 
accident.
    Using the likelihood and severity definitions provided as part of 
the airport's SMS, the manager's knowledge of the airport environment, 
and outside resources (such as industry research or other documents 
with relevant quantitative statistical analysis), the manager assesses 
the likelihood and severity of the hazard. In this case, the manager 
determines the severity of such a hazard could be catastrophic (such as 
an aircraft accident with fatalities or serious injuries), and the 
likelihood is improbable. Referring to the airport's risk matrix, the 
manager plots the assessed likelihood and severity, and the hazard 
falls within the high risk portion of the matrix. According to the 
airport's SMS, the manager must take some sort of action to mitigate 
the occurrence of FOD in this taxiway-runway intersection.
    The operations manager has identified numerous risk mitigation 
strategies. The manager could increase the number of targeted 
inspections for the area. The manager could conduct further analysis to 
determine the root-cause of the FOD, which could result from a lack of 
training, improper maintenance, or other factors that may be mitigated 
over time. The manager also could communicate with tenants who operate 
in the area to warn them of the FOD hazard.
    In this case, the manager chooses all three mitigation strategies 
with targeted inspections implemented immediately. Over time, the 
manager will investigate root cause, will update the airport's FOD 
prevention training, and will communicate the FOD hazard to tenants.
    The manager completes the five SRM steps and documents the 
processes and determinations on the appropriate templates following the 
airport's SRM guidelines. Finally, the manager adds an entry to the 
hazard reporting system to follow up in two weeks to review the self-
inspection and targeted inspection reports to verify whether 
mitigations are working.

Safety Assurance

    This proposal would require a certificate holder to ensure safety 
risk mitigations developed through the airport's SRM process are 
adequate, and the airport's SMS is functioning effectively. The key 
outcome of safety

[[Page 62016]]

assurance is continuous improvement of the airport's operational 
safety. The proposal would require the certificate holder to:
     Develop and implement a means for monitoring safety 
performance;
     Establish and maintain a hazard reporting system that 
provides a means for reporter confidentiality; and
     Develop and implement a process for reporting pertinent 
safety information and data to the accountable executive on a regular 
basis.
    Safety performance monitoring and measurement is one way an 
organization can verify its SMS's effectiveness. ICAO also offers a 
variety of safety performance monitoring and measurement methods 
including hazard reports, safety studies, safety reviews, audits, 
safety surveys, and internal safety investigations.\12\ While some 
certificate holders may not find added value in implementing or using 
all of these information sources, a certificate holder may benefit from 
using an internal audit or assessment to monitor performance. Documents 
created under the airport's SMS should be reviewed periodically to 
verify whether the airport's SMS processes and procedures are being 
followed, whether trends exist that have not been identified, and 
whether SRM mitigations are being implemented and are effective. The 
certificate holder would determine whether this review is completed by 
airport personnel or by a third party.
---------------------------------------------------------------------------

    \12\ See ICAO, Safety Management Manual, at 9.6.4 ICAO Doc. 
9859-AN/474 (2nd ed. 2009).
---------------------------------------------------------------------------

    The proposal also would require a certificate holder to establish 
and maintain a hazard reporting system. A certificate holder's SRM 
processes and hazard identification procedures likely would not catch 
all potential airfield hazards. Some hazards may be identified by other 
employees, airfield tenants, or pilots. Therefore, an airport's SRM 
would include a system for hazard reporting. A certificate holder may 
develop the best system for its operating environment, whether a call-
in line, a web-based system, or a drop box. The certificate holder 
would train all employees on the existence of the system and how a 
report flows through the system to management.
    The FAA proposes that airports develop a confidential hazard 
reporting system. ICAO's SMS model envisions a non-punitive reporting 
system. Based on information obtained during the pilot studies, a U.S. 
airport may be unable to prevent punishment of non-airport employees 
(for example, tenant employees). Therefore, the FAA has concluded that 
requiring a confidential hazard reporting system will protect the 
reporter's identity and achieve the goal of protection from reprisal.
    For some airports, the required data tracking, data reporting, and 
assessment programs already exist in other formats. Many airports have 
functional occupational safety programs in place with reporting, 
inspection, and training requirements. An airport can use these 
programs to build its operational SMS.
    The FAA envisions an airport using safety assurance to enhance the 
airport's ability to spot trends and identify safety issues before they 
result in a near-miss, incident, or accident. An example of safety 
assurance may involve the performance of the airport in reducing the 
number of runway incursions. Effective safety assurance processes would 
require review and investigation of previous incidents and accidents as 
well as analysis of current policies, procedures, training, and 
equipment for potential weaknesses. In addition, the safety assurance 
process would review the efficacy of previously implemented safety 
strategies to ensure they are functioning as predicted and have not 
introduced any new systemic risks.
    Safety assurance also prescribes data collection and analytical 
methods that help a certificate holder transition from a reactive 
approach to a more predictive approach to aviation safety. In this 
example, failure analysis can be used to anticipate future failures 
before they occur. Therefore, Safety Assurance provides management 
tools and data to ensure that the SMS is properly functioning and that 
mitigations developed through SRM processes are having their intended 
effect.

Safety Promotion

    This proposal would require a certificate holder to establish 
processes and procedures to foster a safety culture. These processes 
and procedures include providing formal safety training to all 
employees with access to the airfield, and developing and maintaining 
formal means for communicating important safety information.
    As previously stated, part 139 currently prescribes numerous 
training and communications requirements that can be used in developing 
an SMS. Under an SMS, these requirements would be enhanced and extended 
to more individuals operating on the airport because everyone has a 
role in promoting safety. For example, instead of training just those 
airport employees on part 139 technical requirements (such as airfield 
driver training), an airport would ensure that all employees with 
access to the movement and non-movement areas receive training on 
operational safety and on the airport's SMS.
    The FAA proposes the SMS training requirement would apply to 
airport employees based on information obtained during the pilot 
studies. However, the FAA believes greater benefits may be achieved if 
that training requirement were applied to all individuals with access 
to the movement and non-movement areas, and it is considering that 
broader SMS training requirement. The FAA invites comments concerning 
the practical and economic implications of applying the training 
requirements to all individuals accessing the movement and non-movement 
area.
    The FAA also believes that through the safety promotion component 
of SMS, an airport's management will promote the growth of a positive 
safety culture through:
     Publication of senior management's stated commitment to 
safety to all employees;
     Visible demonstration of management's commitment to the 
SMS;
     Communication of the safety responsibilities for the 
airport's personnel specific to their function within the airport;
     Clear and regular communication of safety policy, goals, 
objectives, standards, and performance to all employees of the 
organization;
     A confidential and effective employee reporting and 
feedback system;
     Use of a safety information system that provides an 
accessible efficient means to retrieve information; and
     Allocation of resources essential to implement and 
maintain the SMS.
    An airport could demonstrate its commitment to safety promotion in 
several ways. An airport could allocate sufficient resources for the 
initial and recurrent training of its staff. Likewise, an airport could 
communicate the results of risk analysis and mitigations for reported 
hazards. Any training records created as part of the certificate 
holder's safety promotion processes and procedures would be retained 
and available for inspection for 24 consecutive calendar months. This 
retention period is consistent with that for other training records 
under existing Sec.  139.301. The FAA proposes that any other 
communications created as part of safety promotion would be retained 
for 12 consecutive calendar months.
    As previously discussed, the FAA recognizes that certificate 
holders may have systems and processes in place that partially meet the 
proposed SMS requirements. The FAA believes these systems and processes 
can easily be

[[Page 62017]]

incorporated into an SMS and does not intend duplicative burdens. The 
FAA requests comments on systems and processes currently in use that 
would not be compatible with the proposed requirements. The FAA also 
requests comments specifically identifying how the FAA could clarify or 
improve the incorporation of existing systems and processes into an 
SMS.

Proposed Implementation Plan Requirements

    The FAA proposes to require all certificate holders and applicants 
for an AOC to submit an implementation plan that accurately describes 
how the airport will meet the requirements of Subpart E and provides 
timeframes for implementing the various SMS components and elements 
within the airport's organization and operations. While the FAA is not 
requiring an airport to conduct a gap analysis before implementing an 
SMS, this implementation plan would require a certificate holder to 
proactively review its current organizational framework and determine 
how it conforms to airport SMS requirements. This proposal also would 
require a certificate holder to establish target dates for meeting the 
requirements of Subpart E well before compliance with Subpart E would 
be required. Further, the implementation plan must determine an overall 
SMS implementation timeline as well as dates for completion of updates 
to the ACM and, where applicable, the SMS Manual.
    The proposal takes a two-pronged approach to implementation based 
on the scale of operations at the certificated airport and provides 
ample time for airports to conform to the SMS requirement. The FAA 
learned during the first pilot study that many larger airports were 
able to complete their gap analysis and develop the SMS Manual and 
Implementation Plan within six months. However, during the second pilot 
study with smaller certificated airports, many airports were not able 
to successfully complete their gap analysis and manual within that 
timeframe. Based on this experience, the FAA has determined that six 
months is adequate time for Class I airports to develop a plan of how 
the airport will develop and implement an SMS. Similarly, the FAA has 
determined that nine months is adequate time for Class II, III, and IV 
airports to develop an implementation plan. These implementation plans 
should detail the steps the airport will take to develop an SMS taking 
into account the unique operating environment of the airport. Based on 
projections from the pilot study airports, the FAA has determined that 
the implementation process should be completed within 18 months for a 
Class I airport and within 24 months for a Class II, III, and IV 
airport.
    Based on findings from the pilot study, the FAA has determined that 
all components of an SMS are interrelated and must be implemented at 
the same time for an SMS to be effective. The FAA requests comments on 
the proposed implementation requirements and timeframes. If you believe 
the FAA should adopt a phased-in approach for the SMS components, 
please provide specific recommendations for how the requirements could 
be phased in and analysis of the effect on implementation costs and 
corresponding postponement of safety benefits.
    The FAA also proposes to remove paragraph (c) of Sec.  139.101 
because the implementation schedule for submitting a new Airport 
Certification Manual (ACM) under that section is no longer applicable.
    Further, the FAA intends to publish any accompanying Advisory 
Circulars prior to the final rule and widely communicate the 
requirements to airports through the various industry organizations and 
FAA airport conferences.

FAA's Role and Oversight

    An SMS is not a substitute for compliance with FAA regulations or 
FAA oversight activities. Rather, an SMS would ensure compliance with 
safety-related statutory and regulatory requirements. An SMS enhances 
the FAA's ability to understand the safety of airport operations 
throughout the year, and not just when an FAA inspector is physically 
on the airfield.
    During an airport's periodic inspection, the FAA envisions an 
inspector reviewing the certificate holder's ACM to ensure that the SMS 
requirements are clearly identified and detailed in the ACM or 
referenced SMS Manual. The inspector would verify through airport 
records, interviews, and other means that the SMS is being 
communicated, training is being provided, and senior management is 
actively engaged in the management and oversight of the SMS. The FAA 
intends this review as an evaluation of whether a certificate holder's 
SMS is functioning as it is intended to function rather than as a means 
for us to second guess a certificate holder's decisions. However, if 
during the course of an inspection, these processes are determined to 
have failed in discovering discrepancies with part 139 or have created 
new discrepancies, the FAA would take appropriate action to ensure the 
airport corrects these non-compliant conditions.
    The following examples detail possible inspector activity, but this 
proposal does not limit any FAA inspection authority. An FAA inspector 
may review safety meeting minutes and sign-in sheets to verify whether 
members of the airport's management team are regularly attending. 
Additionally, an FAA inspector may request to see SRM documentation to 
determine whether acceptance of a given risk is being performed by the 
appropriate level of management. An inspector may also verify whether 
mitigations are being implemented, which is a clear indicator of the 
effectiveness of the airport's SRM and safety assurance components. As 
for verification of safety promotion, the inspector may review training 
records, training curricula, and the methods of communicating critical 
safety information throughout the airport organization and to key 
stakeholders.
    If a certificate holder decided to extend the umbrella of its SMS 
to landside operations beyond the scope of this proposal, the FAA's 
oversight and inspection authority would extend only to those areas 
envisioned by this proposal.
    The FAA has determined that an SMS is a valuable set of tools for 
improving safety at airports. However, an SMS does not replace part 139 
requirements. An SMS would serve as an enhancement to those technical 
standards already required under part 139, and the FAA will continue to 
inspect according to part 139 standards. Additionally, the FAA will 
promulgate prescriptive regulations as appropriate.
    Safety management systems for the aviation industry are still 
developing. However, the FAA believes now is the time to begin 
developing and implementing SMS requirements because of their benefits 
to aviation safety. The FAA recognizes that future rulemaking may be 
required to capture safety developments, connect to related 
regulations, and avoid duplication of SMS requirements for various 
industry sectors.
    The FAA is considering rulemaking that would establish SMS 
requirements for other segments of the aviation industry. The FAA 
requests comments on the interaction between this proposed rule and 
potential future rulemakings. The FAA also requests comments on which 
portions of this proposed rule should be adopted for any potential SMS 
requirements. Finally, the FAA requests comments on whether there are 
other issues or principles not

[[Page 62018]]

included in this proposal that the FAA should consider in issuing a 
final rule.

Rulemaking Analyses and Notices

Paperwork Reduction Act

    This proposal contains a revision of a currently approved 
collection of information (OMB-2120-0675) subject to review by the 
Office of Management and Budget (OMB) under the Paperwork Reduction Act 
of 1995 (44 U.S.C. 3507(d)). The title, description, and number of 
respondents, frequency of the collection, and estimate of the annual 
total reporting and recordkeeping burden are shown below.
    Title: Safety Management System for Certificated Airports.
    Summary: The FAA proposes to revise current part 139 to require 
certificated airports to establish a safety management system (SMS). An 
SMS is a formalized approach to managing safety that includes an 
organization-wide safety policy, formal methods of identifying 
potential hazards, formal methods for analyzing and mitigating 
potential hazards, and an organization-wide emphasis on promoting a 
safety culture.
    Use of: Each airport would be able to develop its SMS based on its 
own unique operating environment. Because airport management can tailor 
its system, the FAA expects an SMS comprised of four key components: 
Safety Policy, Safety Risk Management, Safety Assurance, and Safety 
Promotion. An airport would establish and maintain records that 
document Safety Risk Management processes; report pertinent safety 
information and data on a regular basis; record training by each 
individual that includes, at a minimum, a description and date of 
training received; and, set forth an implementation plan.
    The following information lists estimated initial and annual hours 
respondents would need to comply with the proposed part 139 SMS 
reporting and recordkeeping and cost requirements:

---------------------------------------------------------------------------------------------