Safety Management Systems for Part 121 Certificate Holders, 68224-68245 [2010-28050]

Agencies

• Federal Aviation Administration
• DEPARTMENT OF TRANSPORTATION

[Federal Register Volume 75, Number 214 (Friday, November 5, 2010)]
[Proposed Rules]
[Pages 68224-68245]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-28050]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Parts 5 and 119

[Docket No. FAA-2009-0671; Notice No. 10-15]
RIN 2120-AJ86


Safety Management Systems for Part 121 Certificate Holders

AGENCY: Federal Aviation Administration (FAA), Department of 
Transportation (DOT).

ACTION: Notice of proposed rulemaking (NPRM).

-----------------------------------------------------------------------

SUMMARY: The FAA proposes to require each certificate holder operating 
under 14 CFR part 121 to develop and implement a safety management 
system (SMS) to improve the safety of their aviation related 
activities. A safety management system is a comprehensive, process-
oriented approach to managing safety throughout an organization. An SMS 
includes an organization-wide safety policy; formal methods for 
identifying hazards, controlling, and continually assessing risk; and 
promotion of a safety culture. SMS stresses not only compliance with 
technical standards but increased emphasis on the overall safety 
performance of the organization.

DATES: Send your comments on or before February 3, 2011.

ADDRESSES: You may send comments identified by Docket Number FAA- 2009-
0671 using any of the following methods:
     Federal eRulemaking Portal: Go to https://www.regulations.gov and follow the instructions for sending your 
comments electronically.
     Mail: Send comments to Docket Operations, M-30, U.S 
Department of Transportation, 1200 New Jersey Avenue, SE., West 
Building Ground Floor, Room W12-140, Washington, DC 20590-0001.
     Fax: Fax comments to Docket Operations at (202) 493-2251.
     Hand Delivery: Bring comments to Docket Operations in Room 
W12-140 of the West Building (Ground Floor) at 1200 New Jersey Avenue, 
SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except Federal holidays. For more information on the rulemaking 
process, see the SUPPLEMENTARY INFORMATION section of this document.
    Privacy: We will post all comments we receive, without change, to 
https://www.regulations.gov, including any personal information you 
provide. Using the search function of our docket Web site, anyone can 
find and read the comments received into any of our dockets, including 
the name of the individual sending the comment (or signing the comment 
for an association, business, labor union, etc.). You may review DOT's 
complete Privacy Act Statement in the Federal Register published on 
April 11, 2000 (65 FR 19477-78), or you may visit https://DocketsInfo.dot.gov.
    Docket: To read background documents or comments received, go to 
https://www.regulations.gov at any time or to Docket Operations in Room 
W12- 140 of the West Building Ground Floor at 1200 New Jersey Avenue, 
SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except Federal holidays.

FOR FURTHER INFORMATION CONTACT: Scott Van Buren, Chief System Engineer 
for Aviation Safety, Office of Accident Investigation and Prevention 
(AVP), Federal Aviation Administration, 800 Independence Avenue, SW., 
Washington, DC 20591; telephone: (202) 494-8417; facsimile: (202) 267-
3992; e-mail: scott.vanburen@faa.gov. For legal questions, contact Anne 
Bechdolt, Regulations Division, Office of the Chief Counsel, Federal 
Aviation Administration, 800 Independence

[[Page 68225]]

Avenue, SW., Washington, DC 20591; telephone: (202) 267-3073; 
facsimile: (202) 267-7971; e-mail: anne.bechdolt@faa.gov.

SUPPLEMENTARY INFORMATION: Later in this preamble under the Additional 
Information section, we discuss how you can comment on this proposal 
and how we will handle your comments. Included in this discussion is 
related information about the docket, privacy, and the handling of 
proprietary or confidential business information. We also discuss how 
you can get a copy of related rulemaking documents.

Authority for This Rulemaking

    The FAA's authority to issue rules on aviation safety is found in 
Title 49 of the United States Code. This rulemaking is promulgated 
under the authority described in 49 U.S.C. 44701(a)(5), which requires 
the Administrator to promulgate regulations and minimum standards for 
other practices, methods, and procedures necessary for safety in air 
commerce and national security.
    In addition, the Airline Safety and Federal Aviation Administration 
Extension Act of 2010 (the Act), Public Law 111-216, sec. 215 (August 
1, 2010), requires the FAA to conduct rulemaking to ``require all part 
121 air carriers to implement a safety management system.'' The 
rulemaking must consider, at a minimum, including an aviation safety 
action program (ASAP), flight operational quality assurance program 
(FOQA), a line operations safety audit (LOSA), and an advanced 
qualification program (AQP) as part of the SMS. The FAA must issue a 
notice of proposed rulemaking within 90 days of the passing of the Act, 
and a final rule within 24 months of the passing of the Act, requiring 
all part 121 air carriers to implement a safety management system.

Table of Contents

I. Executive Summary
II. Background
    A. What is a Safety Management System?
    B. Why is an SMS necessary?
    C. Congressional Mandate
    D. International Harmonization
    E. NTSB Recommendations
    F. FAA Aviation Safety (AVS) SMS Actions
III. Discussion of the Proposal
    A. General Requirements
    B. Safety Policy
    C. Safety Risk Management
    D. Safety Assurance
    E. Safety Promotion
    F. SMS Documentation and Recordkeeping
IV. Regulatory Notices and Analyses

I. Executive Summary

    This proposal would require certificate holders authorized to 
conduct operations under 14 Code of Federal Regulations (CFR) part 121 
to develop and implement a Safety Management System (SMS) of their 
aviation safety-related activities. An SMS includes an organization-
wide safety policy; formal methods for identifying hazards, 
controlling, and continually assessing risk; and promotion of a safety 
culture. When systematically applied, an SMS provides a set of 
decision-making tools that certificate holders can use to improve 
safety.
    The FAA is proposing this rule as part of its efforts to 
continuously improve safety in air transportation. The FAA proposes to 
add the SMS rule, a performance-based regulation, to existing 
regulations and technical operating standards to deal with gaps best 
addressed through improved management practices. SMS's proactive 
emphasis on hazard identification and mitigation, and on communication 
of safety issues, would provide certificate holders robust tools to 
improve safety.
    The International Civil Aviation Organization (ICAO), in its March 
2006 amendments to Annex 6 part I,\1\ which addresses operation of 
airplanes in international commercial air transport, establishes a 
standard for member states to mandate that each of these operators 
establish an SMS. In addition, the National Transportation Safety Board 
(NTSB) has recommended the FAA pursue rulemaking to require all 14 CFR 
part 121 operators to implement an SMS.\2\ Congress, in the Airline 
Safety and Federal Aviation Administration Extension Act of 2010 (Pub. 
L. 111-216, August 1, 2010), directed the FAA to issue a notice of 
proposed rulemaking within 90 days of enactment, and a final SMS rule 
by July 30, 2012. If this proposal is adopted, U.S. aviation safety 
regulations would be in conformance with ICAO standards, would fully 
address NTSB recommendations, and would comply with the statutory 
requirement.
---------------------------------------------------------------------------

    \1\ A copy of Annex 6 has been placed in the docket for this 
rulemaking.
    \2\ Recommendation A-07-10, dated January 23, 2007. This 
recommendation was issued in connection with the NTSB's 
investigation of Pinnacle Airlines flight 3701, which occurred on 
October 14, 2004.
---------------------------------------------------------------------------

    The FAA anticipates a final rule would become effective 60 days 
after publication of the final rule in the Federal Register. The agency 
proposes to require current certificate holders to submit an SMS 
implementation plan for approval within six months of that effective 
date. The FAA solicits comments on the 60-day effective date, as well 
as the timeframe for submission of an SMS plan. The implementation plan 
would have to ensure the certificate holder's SMS would be fully 
operational within three years of the effective date. New applicants 
for certification to conduct operations under part 121 would be 
required to demonstrate prior to certification that they have an SMS 
that meets the requirements set forth in this proposal.
    Under this proposal, the FAA would require each air carrier to 
develop an SMS that includes the four SMS components set forth in Annex 
6: Safety Policy, Safety Risk Management, Safety Assurance, and Safety 
Promotion. To support each component, the FAA proposes a certificate 
holder implement a number of processes and procedures. Together, the 
four components and corresponding processes and procedures provide the 
general framework for an organization-wide safety management approach 
to air carrier operations.
    The FAA projects that the compliance cost supporting each component 
would come from the initial development and documentation of the SMS, 
implementation and continuous operating costs to include the 
modification or purchasing of new equipment/software, additional staff 
and promotional materials, and training. Because SMS is inherently 
scalable, costs depend on the size of the carrier and the type of 
operations that it provides. Further, operators may have existing 
quality management systems or other voluntary programs, which may lower 
the estimated compliance costs. These components would also help air 
carriers effectively integrate formal risk control procedures into 
normal operational practices thus improving safety for all U.S. part 
121 operators. Total benefits are estimated at $1,143.1 million ($500.8 
million present value) and total costs are estimated at $710.8 million 
($375.5 million present value).

[[Page 68226]]

[GRAPHIC] [TIFF OMITTED] TP05NO10.000

II. Background

    The FAA is committed to continuously improving safety in air 
transportation. Increased demand for air transportation, the impact of 
additional air traffic, changes in business models, advances in new 
technology, new routes, and transition of personnel can heighten the 
risk in air carrier operations. While the FAA's use of existing 
regulations and technical operating standards has been effective, these 
regulations may leave gaps best addressed through improved safety 
management practices. As the air carrier best understands its own 
unique operating environment, it is in the best position to identify 
these gaps and institute the proper controls to reduce or eliminate 
risk to its operations. The FAA would still set the safety standards, 
conduct inspections and maintain oversight. However, SMS's proactive 
emphasis on hazard identification and risk control, as well as 
communication and training of safety issues, would provide certificate 
holders conducting operations under 14 CFR part 121 with the necessary 
tools to improve safety within their organizations. SMS processes will 
also make the application of regulations more meaningful to achieve 
greater safety benefit.
    Therefore, the FAA, in continuing to develop a comprehensive and 
integrated framework for safety management, is proposing a standardized 
set of requirements for the development and implementation of SMS. This 
proposal includes the four key components of an SMS as set forth in 
ICAO Annex 6.

A. What is a Safety Management System?

    An SMS is an organization-wide approach to managing safety risk and 
assuring the effectiveness of safety risk controls. It would provide an 
air carrier with a set of decision-making processes and procedures that 
it would use to plan, organize, direct, and control its business 
activities in a manner that enhances safety and ensures compliance with 
regulatory standards. It includes an organization-wide safety policy; 
formal methods for identifying hazards, controlling, and continually 
assessing risk; and promotion of a safety culture. An SMS incorporates 
these procedures into normal, day-to-day business processes. SMS 
processes seek to identify potential organizational breakdowns and 
necessary process improvements allowing management to address a safety 
issue before a noncompliant or unsafe condition results. These tools 
are similar to those that management already uses to make operational 
decisions, such as adding new aircraft to its fleet or adding a new 
route. Using an SMS, however, is not a substitute for compliance with 
FAA regulations or FAA oversight activities. Rather, an SMS would, at 
its foundation, ensure compliance with safety-related statutory and 
regulatory requirements and allow certificate holders to address 
hazards unique to their operations.
    There are four essential components of an SMS. These are based on 
the ICAO SMS framework and FAA guidance in Advisory Circular 120-92A, 
Safety Management Systems for Aviation Service Providers (August 12, 
2010).\3\
---------------------------------------------------------------------------

    \3\ Additional information on ICAO's SMS standards and guidance 
may be found at https://www.icao.int/anb/safetymanagement. Copies of 
the ICAO standards and the ICAO SMS manual have been placed in the 
docket for this rulemaking.
---------------------------------------------------------------------------

    The safety policy is the foundation of the organization's safety 
management system. It clearly states the organization's safety 
objectives and sets forth the policies, procedures, and organizational 
structures necessary to accomplish the safety objectives. The safety 
policy clearly delineates management and employee responsibilities for 
safety throughout the organization. It also ensures that management is 
actively engaged in the oversight of the company's safety performance 
by requiring regular review of the safety policy by a designated 
accountable executive.
    The second component, safety risk management, requires development 
of processes and procedures to provide an understanding of the 
carrier's operational systems to allow individuals to identify hazards 
associated with those systems. Once hazards are identified, other 
procedures must be developed under safety risk management to analyze 
and assess the risk resulting from these hazards, as well as to 
institute controls to reduce or eliminate the risks from these hazards.
    The third component, safety assurance, ensures the performance and 
effectiveness of safety risk controls established under safety risk 
management. Safety assurance is also designed to ensure that the 
organization meets or exceeds its safety objectives through the 
collection, analysis, and assessment of data regarding the 
organization's performance.
    The fourth component of an SMS is safety promotion. Safety 
promotion requires a combination of training and communication of 
safety information to employees to enhance the organization's safety 
performance. How an organization seeks to comply with this component 
depends on the size and scope of the organization. It may include 
formal safety training for employees, a formal means of communicating 
safety information, and a means for employees to raise safety concerns 
without fear of retribution.

B. Why is an SMS necessary?

    The commercial air carrier accident rate in the United States has 
decreased substantially over the past 10 years.\4\

[[Page 68227]]

This has been accomplished through a growing body of regulations, FAA 
oversight activities, and voluntary industry safety initiatives. 
However, over the past 10 years, the FAA has identified a more recent 
trend involving hazards that were revealed during incident and accident 
investigations. Many of these hazards could have been mitigated or 
eliminated earlier had a structured, organization-wide approach to 
managing air carrier's operations been in place. For example, FAA's 
Office of Accident Investigation and Prevention identified 172 
accidents involving part 121 operators from fiscal year (FY) 2001 
through FY 2010 that could have been mitigated if air carriers had 
implemented a safety management system to identify hazards in their 
daily operations and developed methods to control the risk. The 
following two accidents are representative of the 172 accidents 
reviewed by the FAA and discussed in the Initial Regulatory Evaluation. 
Summaries of these two accidents are included to illustrate the 
potential mitigations that could have resulted with SMS.
---------------------------------------------------------------------------

    \4\ NTSB Aviation Accident Statistics: https://www.ntsb.gov/aviation/Table5.htm, https://www.ntsb.gov/aviation/Table6.htm, and 
https://www.ntsb.gov/aviation/Table7.htm.
---------------------------------------------------------------------------

    On January 8, 2003, Air Midwest flight 5481 crashed immediately 
after lift-off in Charlotte, North Carolina. The aircraft was destroyed 
by impact and post impact fire, resulting in twenty-one fatalities and 
one injury to a person on the ground. This accident occurred shortly 
after outsourced maintenance was completed on the airplane's elevator 
control system. The accident investigation revealed that the elevator 
controls were improperly rigged during maintenance. The crew was not 
aware of this unsafe condition. The following is an example of how 
maintenance hazards could have been identified and their associated 
risks mitigated if the carrier had implemented an SMS.
    In this instance, the formal safety risk management analysis would 
have been triggered by the air carrier's plan to have aircraft 
maintenance performed at uncertificated repair facility using 
maintenance technicians provided by a third party sub-contractor. 
First, the air carrier's maintenance management would have conducted a 
thorough system analysis, reviewing its current maintenance program, 
including all relevant policies, processes, and procedures. It would 
have identified the personnel, procedures, equipment, and facilities 
necessary to perform the work and assessed whether the maintenance 
facility, its management, and the third party mechanics met those 
requirements. It also would have identified the personnel necessary to 
conduct oversight for the air carrier at the maintenance facility. 
Following the system analysis, the air carrier's maintenance management 
would have identified the following system hazards: (1) The maintenance 
facility was not a certificated repair station and therefore lacked the 
controls associated with regulatory certification; (2) the facility, 
its management and the actual workforce were provided by separate 
contractors; (3) the inadequate number of experienced air carrier 
maintenance representatives and their lack of authority under the 
contract to oversee the performance of the maintenance. The maintenance 
management team would have reported these issues to the management 
representative and the accountable executive.
    The air carrier's maintenance management, in assessing the risk of 
these and other hazards, would have considered the worst credible 
outcome of the performance of the maintenance at that facility under 
those conditions. Those risks may have been determined to be 
unacceptable and appropriate risk controls would have been implemented. 
Such risk control options may have included contracting with a 
certificated part 145 repair station, revising the maintenance 
procedures and associated job aids for its maintenance and inspection 
programs, having additional experienced maintenance representatives of 
the air carrier, with appropriate contract authorities, stationed at 
the repair facility to monitor the performance of maintenance tasks and 
inspections. Also, through the SMS safety assurance processes, the air 
carrier would have evaluated the safety performance of its risk 
controls through its continuous analysis and surveillance system (CASS) 
to verify that the controls were effective. Errors in specific 
maintenance tasks or inspections may have been spotted by the on site 
air carrier maintenance representatives or through a confidential 
employee reporting system if any of these concerns were raised with 
regard to the maintenance activities. These reports would have been 
utilized to steer changes in existing policies or in more effective 
contracting and execution of maintenance. Using the SMS safety 
promotion component, the air carrier could have made these critical 
maintenance issues known to its entire maintenance workforce, including 
air carrier management. This would have increased awareness of hazards 
and enhanced the safety of the overall maintenance program for the air 
carrier.
    A second example is Comair flight 5191. On August 27, 2006, at 
approximately 6 a.m., Comair flight 5191 crashed during takeoff from 
Blue Grass Airport, Lexington, Kentucky, en route to Atlanta, Georgia. 
The flightcrew received and acknowledged a clearance from the tower to 
take off from runway 22 but instead, they positioned the airplane on 
runway 26 and commenced the takeoff. The airplane ran off the end of 
the runway and impacted the airport perimeter fence, trees, and 
terrain. The pilot in command (PIC), flight attendant, and 47 
passengers were killed. The second-in-command pilot sustained serious 
injuries. The airplane was destroyed by impact forces and a post-crash 
fire. The flightcrew believed that they had taxied the airplane to 
runway 22 when they had actually taxied onto runway 26 and initiated 
the takeoff roll. The flightcrew's noncompliance with standard 
operating procedures, including the PIC's abbreviated taxi briefing, 
combined with both pilots' non-pertinent conversation most likely 
created an atmosphere in the cockpit that enabled the crew's errors. 
The following is an example of how hazards relating to the flight 
operations of this accident could have been identified and the 
associated risks mitigated if the carrier had implemented an SMS.
    In this instance, the SMS safety assurance component would have 
triggered a formal safety risk management analysis. Under the SMS 
safety assurance process, periodic audits of flight crew performance, 
such as Line Operations Safety Audits (LOSA), may have revealed 
systemic failures of crew coordination concepts and failures to follow 
standard procedures. Additionally, reports from a confidential employee 
reporting system like Aviation Safety Action Program (ASAP) would have 
indicated that deficiencies in flightcrew performance. LOSA audits or 
other structured operational checking procedures, combined with reports 
from a confidential employee reporting system regarding flight crew 
performance, would have indicated that the existing controls, such as 
operational procedures and preflight checklists were not effective, or 
flightcrew training and evaluation programs were ineffective.
    Under a formal SMS safety risk management process, the management 
representative would have ensured that the flight operations management 
team conducted a system analysis, reviewing its operational control and 
flight operations procedures, the operating environment (runway 
conditions, airport configuration), as well as the personnel and 
equipment required for the safe operation of the airplane. The system 
analysis would have led to a

[[Page 68228]]

discovery of hazards and possible errors that could be made at runway 
intersections, like the incorrect selection of the appropriate 
departure runway. The flight operations management team would have 
reported these issues to the management representative and the 
accountable executive.
    Upon completion of the risk assessment, the flight operations 
management team could have developed risk controls, such as revising 
the checklists to require the positive verification of the airplane 
alignment on the correct runway and additional crew resource management 
training to enhance the crewmembers' situational awareness. These 
procedures could be incorporated into the company's flight manuals, 
checklists, and training curriculum. Once in place, the effectiveness 
of the risk controls would have been continuously monitored under the 
safety assurance processes.
    From the SMS safety promotion component, the information gained 
through the safety risk management and safety assurance processes such 
as the employee reporting system, could be provided back to crews in 
the form of awareness tools such as company newsletters, bulletins to 
pilots, and other communications media.

C. Congressional Mandate

    In addition to the FAA's accident review indicating a need for SMS, 
Congress recognized the need for air carriers to implement safety 
management systems. On August 1, 2010, The Airline Safety and Federal 
Aviation Administration Extension Act of 2010 (the Act), Public Law 
111-216, was signed. The Act requires the FAA to conduct rulemaking to 
``require all part 121 air carriers to implement a safety management 
system.'' Public Law 111-216, sec. 215.
    The Act also requires the FAA to consider mandating as part of the 
SMS rulemaking, the following voluntary programs: ASAPs, flight 
operational quality assurance systems (FOQAs), LOSAs, and advanced 
qualification programs (AQPs). The FAA has reviewed these programs and 
finds they would be useful to meet the requirements to regularly review 
the safety performance of the organization (Sec.  5.25(b)(5)), to 
monitor the effectiveness of safety risk controls (Sec.  5.25(c)(2)), 
and to monitor and measure the organization's safety performance (Sec.  
5.71). However, based on the following, the FAA has determined that it 
would not be appropriate to require all of these programs for all 
certificate holders conducting operations under 14 CFR part 121.
    Aviation Safety Action Program (ASAP). ASAP is an employee 
reporting system that certificate holders may use to gather information 
from employees on safety compliance and performance issues. ASAP 
programs are intended for air carriers that operate under part 121 and 
major domestic repair stations certificated under part 145. The goal of 
ASAP is to enhance aviation safety voluntary reporting of safety issues 
and events that come to the attention of employees. The program 
encourages an employee to voluntarily report safety issues even though 
they may involve a potential violation(s) of Title 14 of the Code of 
Federal Regulations.
    As of September 27, 2010, there are 90 certificate holders 
conducting operations under part 121. Approximately two-thirds of these 
certificate holders have implemented some type of ASAP program. While 
ASAP originally was limited to pilots and flight engineers, some air 
carriers have expanded the program to include its flight attendants, 
dispatchers, and mechanics. One carrier has an ASAP for ground service 
personnel. The program is a valuable way to bring employees into a 
proactive safety effort and can be a means of building trust throughout 
the organization. Single ASAP reports can generate safety risk 
management action if they reveal a hazard of high severity and high 
likelihood. Further, analysis of the aggregate ASAP data can also 
reveal trends that lead to safety risk management action. ASAP reports 
often serve as an indicator that risk controls are effective, or they 
may reveal that risk controls are not effective. Reports accepted into 
ASAP are protected from disclosure under the provisions of 14 CFR part 
193, Protection of Voluntarily Submitted Information.
    ASAP programs typically only cover selected employee groups. Even 
the largest air carriers do not have ASAPs that encompass all of their 
employees. Typically, each employee group ASAP has an event review 
committee (ERC) designed to take in data from employees, analyze the 
data, and develop corrective actions. The ERC consists of members of 
the air carrier's management team, the FAA's certificate management 
organization, and if applicable, the employee group's representative. 
The ERC considers each ASAP report for acceptance or denial, and if 
accepted, analyzes the report to determine the necessary controls to 
put into effect. ASAP is a good example of a confidential employee 
reporting system that an air carrier may develop to comply with the 
provisions of the proposed rule. Small carriers would likely not 
require such an expansive and complex system. Rather, a simpler 
employee reporting system may meet the needs of the smaller carriers. 
Further, the proposed SMS requirement for a confidential employee 
reporting system spans all employee groups. Thus, even a medium to 
large air carrier may be overly burdened by such a requirement if its 
current ASAPs do not cover all of its employees who perform aviation-
safety related activities. In this case, the air carrier could use its 
existing ASAPs and develop simpler tools or procedures to allow the 
employees who are not currently covered under its ASAPs to report 
safety issues or concerns.
    If the FAA were to require the use of ASAPs, the information 
submitted through ASAP would no longer be considered voluntary. As 
such, the protections under part 193 would no longer apply. One major 
concern of industry regarding a requirement for SMS is the possible 
disclosure of critical safety information. Industry is concerned that 
if information submitted through ASAP or any other employee reporting 
system is subject to disclosure, this would likely have a negative 
impact on the willingness of employees to disclose the data. The loss 
of these protections under 14 CFR part 193, therefore, would likely 
impede the air carrier's ability to gather this critical information 
for analysis. Thus, the FAA has determined that ASAP may be one means 
for compliance with certain provisions of the SMS, but would not be 
necessary to mandate for all air carriers. FAA seeks comments on how 
air carriers that are currently voluntarily implementing ASAP programs 
could integrate these programs into an SMS plan, and the incremental 
costs and benefits of doing so.
    Flight Operational Quality Assurance (FOQA). FOQA provides the air 
carrier with accurate operational performance information covering all 
flights by multiple aircraft types such that single events can be 
analyzed or overall patterns of aircraft performance can be seen and 
analyzed. FOQA programs provide actual data that can be analyzed in the 
aggregate to determine trends specific to aircraft types, local flight 
path locations, and overall flight performance trends for the air 
carrier industry. FOQA information has proven effective in showing the 
need for changing air carrier operating procedures for specific 
aircraft fleets, and for changing air traffic control practices at 
certain airports with unique traffic pattern limitations. 41 of 90 part 
121 carriers have voluntarily implemented FOQA programs, including 22 
of 30 part 121 operators

[[Page 68229]]

with a fleet of more than 50 airplanes. The 22 includes seven of the 
top eight largest passenger-carrying airlines, which each operate more 
than 200 airplanes. To have an FAA approved FOQA program, an air 
carrier must meet the requirements described in AC 120-82, Flight 
Operational Quality Assurance.\5\
---------------------------------------------------------------------------

    \5\ The FOQA program is described in AC 120-82, Flight 
Operational Quality Assurance (https://rgl.faa.gov/Regulatory_and_Guidance_Library/rgAdvisoryCircular.nsf/key/AC%20120-82).
---------------------------------------------------------------------------

    Since 2005, ICAO Annex 6 part I has included a provision that 
commercial air carriers operating airplanes having a maximum gross 
takeoff weight in excess of approximately 59,400 lb. ``* * * should 
establish and maintain a flight data analysis programme as part of its 
safety management system.'' Flight Data Analysis Program (FDAP) is a 
general term encompassing a number of means by which routine flight 
operations data may be acquired, recorded, analyzed, and shared. FOQA 
is one such program. FOQA requires extensive flight data recording 
systems which facilitate rapid transfer of recorded data, de-
identification of that data, and agreements between pilot organizations 
and the carriers which define how this information may be used. 
Further, FOQA requires comprehensive analysis of the information 
provided by technically competent staff using specialized equipment to 
derive useful safety enhancement opportunities. Although all operators 
meet the current regulatory requirements for flight data recording, 
many of the recorders used do not meet all the FOQA specifications. The 
part 121 fleet is diverse in terms of size, complexity, and age, as 
well as the size of the companies that operate them. Many of the older 
aircraft would require extensive modifications to adapt them to the 
technical requirements of a FOQA program. The investment and expense of 
implementing and maintaining such a system exceeds the financial 
capability of many smaller carriers.
    Since the FOQA voluntary program requirements were established, 
technological advancements in lightweight self-contained flight data 
monitoring and recording systems have been developed that may provide 
alternative, cost effective means for accomplishing the same purpose as 
a FOQA. An air carrier may wish to acquire these tools rather than 
those necessary for FOQA and develop its own procedures to collect 
flight operational data for analysis. An air carrier may also choose a 
combination of tools, such as preflight risk assessment checklists and 
existing flight data recorders, to collect information on flight 
operational data. There are a number of ways to collect this 
information and the FAA does not believe it is appropriate to prescribe 
the exact method for collection and analysis of this type of data. The 
air carrier should develop and implement the processes and procedures 
suitable to the complexity and needs of its organization to identify 
hazards and assess risk to its operation. In addition, like ASAP, the 
FAA has determined that it is appropriate to protect certain 
information collected under FOQA from disclosure. If the FAA were to 
require FOQA this protection would be lost. Thus, while FOQA is an 
excellent tool for some air carriers and may be used as a process or 
procedure in the air carrier's SMS, this proposal would not require it 
for all certificate holders conducting operations under part 121. FAA 
seeks comments on how air carriers that are currently voluntarily 
implementing FOQA programs could integrate these programs into an SMS 
plan, and the incremental costs and benefits of doing so.
    Line Operations Safety Audit (LOSA). The Line Operations Safety 
Audit (LOSA) is a voluntary safety audit focused on the discovery, 
mitigation, and management of human error in aviation operations. LOSA 
audits are mainly conducted for crewmembers and are performed in actual 
in-flight conditions. Thus, they provide a real-time assessment of 
system operations. During the flight, trained observers record any 
potential threats to safety, how a flightcrew handled the hazard and 
any errors the flightcrew committed in managing a threat. They may also 
document behaviors known to cause accidents or incidents.
    Under LOSA programs, the certificate holder collects the data 
concerning the flightcrew's performance. While an air carrier may elect 
to share the results of a LOSA with the FAA, there is no requirement to 
do so. Data obtained from the LOSA can be used to modify the air 
carrier's training or other operational programs or procedures and 
shape basic organizational strategies to prevent accidents and 
incidents. The certificate holder may use the audit results to create 
better safety practices by improving operational processes and 
documentation, such as revising checklists, flight operations manuals, 
quick reaction handbooks, and developing training curricula for flight, 
maintenance, and ramp personnel.
    In order to implement a LOSA program, significant resources are 
required. The air carrier would need to develop and produce the program 
and its associated materials. The following elements are part of LOSA: 
(1) Training check airmen or other observers on how to conduct the 
observations and data collection, (2) developing and maintaining 
schedules for LOSA observations, (3) staff time for observer preflight 
preparation, (4) in-flight observation, (5) post-flight briefing, (6) 
data transfer and entry, (7) information management software costs 
(software and staff time for data entry and database management), and 
(8) development and administration of data analysis processes. LOSA 
programs may be very complex and expensive. Air carriers that have not 
implemented a voluntary LOSA may be using audit tools that are more 
appropriately scaled to the size of their operation. Because there may 
be other, more effective means for conducting these audits, the FAA 
does not believe it is necessary to limit an air carrier to conducting 
audits and collecting data through a specific program like LOSA. 
Rather, the FAA has determined that participating in a LOSA program, 
may be one acceptable means to comply with the requirements of this 
proposal. FAA seeks comments on how air carriers that are currently 
voluntarily implementing LOSA programs could integrate these programs 
into an SMS plan, and the incremental costs and benefits of doing so.
    Advanced Qualification Program (AQP). AQP is an alternative method 
for developing training and testing materials for pilots, flight 
attendants, and aircraft dispatchers based on instructional systems 
design, advanced simulation equipment, and comprehensive data analysis 
to continuously validate curriculums. Although the FAA considers AQP to 
be an effective voluntary alternative for compliance with minimum 
training and qualification requirements, the FAA does not believe that 
it is appropriate to require all air carriers to train under AQP as 
part of their SMS processes and procedures. The FAA recognizes that AQP 
may not be appropriate for every certificate holder. The AQP is a 
voluntary program established to allow a greater degree of regulatory 
flexibility in the approval of innovative training programs. Based on a 
documented analysis of operational requirements, a certificate holder 
under AQP may propose to depart from the traditional practices with 
respect to what, how, when, and where training and testing is 
conducted. Detailed AQP documentation requirements, data collection, 
and analysis provide the FAA and the operator with the tools

[[Page 68230]]

necessary to adequately monitor and administer an AQP. (See 14 CFR Part 
121, subpart Y, paragraphs 121.901-121.925).
    As mentioned above, AQP may not be appropriate for all certificate 
holders. Some air carriers may prefer the structured requirements of a 
traditional training program to the analytically-driven AQP program. 
Other air carriers that use contract training facilities may not find 
AQP to be a suitable alternative to traditional training requirements. 
The FAA also acknowledges that to get the most benefit from AQP, a 
stable work force and route structure is necessary. Therefore, for 
those air carriers that have a higher turnover in their pilot ranks or 
conduct supplemental operations where the routes may vary, AQP may not 
be appropriate. Thus, this proposal would not require all air carriers 
to implement AQP as the method for training its flightcrew members, 
flight attendants, aircraft dispatchers, and other operations 
personnel. FAA seeks comments on how air carriers that are currently 
voluntarily implementing AQP programs could integrate these programs 
into an SMS plan, and the incremental costs and benefits of doing so.

D. International Harmonization

    In March 2006, ICAO amended Annex 6 part I--which addresses the 
operation of airplanes in international commercial air transport. 
Member states agreed to establish an SMS requirement for air carriers. 
The SMS, as outlined in this Annex, includes processes to identify 
safety hazards and ensure the implementation of risk controls and 
corrective actions necessary to maintain safety performance. The Annex 
also aims for improvement of the overall safety performance of the 
organization, with clearly defined lines of safety accountability 
throughout the operator's organization. Member states agreed to 
initiate compliance with amendments to Annex 6 part I by January 1, 
2009.\6\ If adopted, the provisions in this rule would conform to these 
ICAO agreements.
---------------------------------------------------------------------------

    \6\ On December 15, 2008, the FAA filed a difference to the SMS 
standard because the agency had not formally initiated rulemaking.
---------------------------------------------------------------------------

    ICAO provides that each ICAO member state is the judge of whether 
its national SMS rules provide an acceptable level of safety. The FAA 
solicits comments on whether the SMS rules proposed in this NPRM could 
serve as a suitable basis for achieving an international harmonized 
regime.

E. National Transportation Safety Board (NTSB) Recommendations

    The NTSB first recommended safety management systems in 1997, 
through recommendations aimed at improving safety in the maritime 
industry. Since then, a number of NTSB investigations related to other 
modes of transportation, including aviation, have cited organizational 
factors contributing to accidents and have recommended SMS as a way to 
prevent future accidents and improve safety. The NTSB first offered an 
SMS recommendation for part 121 air carriers (A-07-10) to the FAA after 
its investigation of the October 14, 2004 accident of Pinnacle Airlines 
flight 3701.
    Pinnacle Airlines flight 3701 was on a repositioning flight between 
Little Rock National Airport and Minneapolis-St. Paul International 
Airport when both engines flamed out after a pilot-induced aerodynamic 
stall at high altitude. The pilots were unable to regain control, and 
the aircraft crashed in a residential area south of Jefferson City, 
Missouri. The NTSB's investigation revealed ``the accident was the 
result of poorly performing pilots who intentionally deviated from 
standard operating procedures and basic airmanship.'' The NTSB further 
stated ``operators have the responsibility for a flightcrew's cockpit 
discipline and adherence to standard operating procedures'' and offered 
an SMS as a means to help air carriers ensure safety. The NTSB formally 
recommended the FAA ``require all 14 CFR part 121 operators establish 
Safety Management System programs.'' NTSB Safety Recommendation A-07-10 
(January 23, 2007). That recommendation recognized that ``air carriers 
need to ensure safety through a formalized system safety process. One 
such process is a safety management system program, which incorporates 
proactive safety methods for air carriers to identify hazards, mitigate 
risk, and monitor the extent that the carriers are meeting their 
objectives.'' Id. at p. 12. The NTSB recommended the FAA pursue 
rulemaking to require commercial operators to implement an SMS. In 
discussing this recommendation, the NTSB noted it would evaluate any 
rulemaking proposal based on ICAO's minimum requirement: ``(a) 
Identifies safety hazards; (b) ensures that remedial action necessary 
to maintain an acceptable level of safety is implemented; (c) provides 
for continuous monitoring and regular assessment of the safety level 
achieved; and (d) aims to make continuous improvement to the overall 
level of safety.'' Id. Adoption of this proposal would address this 
NTSB recommendation.

F. FAA Aviation Safety (AVS) SMS Actions

    Guidance Materials. This rulemaking would also codify existing FAA 
SMS guidance material. In June 2006, FAA Flight Standards published 
Advisory Circular, AC 120-92, Introduction to Safety Management Systems 
for Air Operators based on the Joint Planning and Development Office 
(JPDO) SMS Standard.\7\ The FAA also used this work to develop internal 
guidance, using SMS principles, and incorporated them in FAA Order 
8000.369, Safety Management System Guidance and FAA Order VS 8000.367, 
Aviation Safety (AVS) Safety Management System Requirements. AC 120-92 
was revised in August 2010 to become AC 120-92A to reflect the ICAO 
framework. This proposal is based on the guidance material in AC-120-
92A and FAA Orders, as well as the ICAO SMS framework and guidance in 
the ICAO Safety Management Manual.\8\ Copies of these documents are 
available in the docket for this rulemaking.
---------------------------------------------------------------------------

    \7\  https://www.jpdo.gov/library/InformationPapers/JPDO_SMS_SPC_v1_4.pdf.
    \8\ See ICAO, Safety Management Manual, at 6.5.3 ICAO Doc. 9859-
AN/474 (2nd ed. 2009) (https://www.icao.int/anb/safetymanagement/DOC_9859_FULL_EN.pdf).
---------------------------------------------------------------------------

    SMS Pilot Project. To assist operators choosing to implement SMS 
voluntarily, the FAA initiated an SMS Pilot Project. The program, which 
currently includes 26 part 121 air carriers of varying sizes and 
complexities, allows these certificate holders and their FAA oversight 
organizations to learn the means of applying SMS to their unique 
management and environmental conditions and to demonstrate their 
commitment to comply with international standards. The SMS pilot 
projects have provided experience in implementation and oversight 
processes. Lessons the FAA has learned from the pilot projects include 
findings in the areas of management involvement, training requirements, 
gap analysis and implementation planning, and the development of risk 
tools.
    Advanced Notice of Proposed Rulemaking (ANPRM). In addition to the 
pilot project, the FAA also issued an ANPRM on July 23, 2009 (74 FR 
36414), soliciting comments on the appropriate applicability and scope 
of a potential SMS rule. The ANPRM requested information from air 
carriers, operators conducting charters, maintenance repair stations, 
and design and manufacturing organizations on their experiences with 
SMS; the costs associated with

[[Page 68231]]

implementing SMS in their organization; and recommendations for 
documentation, recordkeeping, data collection and sharing, and training 
requirements necessary for implementation of an SMS. The FAA received 
89 comments in response to the ANPRM from a variety of commenters, 
including air carriers, aircraft design and manufacturing 
organizations, service facilities, trade associations, and private 
citizens.
    Seven part 121 operators and six trade associations representing 
the 121 operators or their employees submitted comments in response to 
the ANPRM. Each of the seven 121 operators said it has an SMS or a 
system with some SMS components. Six of the seven operators reported 
positive results after applying SMS to their operations. Operators 
reported improving their safety performance and regulatory compliance 
by improving their ability to detect possible nonconformities to 
policies and regulations before an accident or serious incident occurs. 
One commenter stated that by implementing SMS the organization has 
``seen some successes in reducing risk, decreasing operating costs, and 
managing safety through a structured process.''
    An SMS requires that organizations identify hazards and address the 
risk associated with the products or services they provide. It also 
requires documenting the decisions made to address safety risk. 
Commenters expressed concern that this information could be 
misinterpreted or mischaracterized and they stressed the need to 
protect SMS data.
    A majority of the commenters recommended the FAA issue a 
performance-based regulation, consistent with the ICAO framework, which 
would allow organizations flexibility in how they meet the standards, 
and enable them to integrate their existing systems into an SMS rather 
than requiring a stand-alone system. Commenters also said the 
requirements should be scalable to accommodate organizations that vary 
in size, complexity, structure, and focus. Some commenters recognized a 
need for SMS for part 135 operators and part 145 repair stations, and 
design and manufacturing organizations based on the ICAO requirements 
for these sectors of the industry. This rulemaking, however, focuses 
only on certificate holders conducting operations under part 121.
    Aviation Rulemaking Committee (ARC). On February 12, 2009, the FAA 
chartered the SMS ARC to solicit recommendations from industry experts 
on the scope of this rulemaking. The ARC is comprised of 
representatives from air carriers, maintenance organizations, and 
design and manufacturing organizations and associations. On March 31, 
2010, the ARC submitted its report to the FAA with the recommendations 
summarized in the paragraphs below.
    The ARC recommended that the FAA SMS regulations and guidance be 
closely aligned and consistent with the ICAO SMS framework to allow for 
ease of acceptance of an organization's SMS by a foreign civil aviation 
authority. The ARC also recommended that the SMS rule apply to 
organizations subject to 14 CFR parts 21, 119, 121, 125, 135, 141, 142, 
and 145 as listed in the ANPRM, as well as 14 CFR part 91, subpart K, 
to ensure consistency of applicability with ICAO's SMS Framework. 
Furthermore, it suggested that an SMS regulation should acknowledge and 
permit incorporation of existing voluntary and regulatory (e.g., CASS) 
safety management efforts that fit, or that could be adapted to fit, 
the SMS construct. For air carriers, such programs include aviation 
safety action programs, flight operational quality assurance programs, 
line operations safety audits, and quality management systems. To avoid 
duplicative practices, the ARC stressed the importance of allowing 
organizations to build upon these existing systems and processes rather 
than requiring them to build a whole new safety system. For example, 
rather than mandate a separate manual outlining the air carrier's SMS, 
the air carrier should have the option of either developing a new 
manual or including it in the manual required by Sec.  121.133. This 
flexibility would allow the certificate holder to document the SMS in 
the way that best fits its operations while still providing the FAA 
appropriate insight into the organization's SMS for assessment and 
oversight. In addition, the ARC asserted that SMS should not be an add-
on to the organization's operational system but rather part of the 
operational system.
    In acknowledging a potential significant impact of an SMS rule on 
small businesses, the ARC stressed the importance of creating a 
regulatory framework that is scalable and flexible to accommodate a 
broad range of organizations, from small operators and manufacturers to 
large organizations holding multiple types of FAA certificates or 
approvals. This would ensure that the level of SMS-required complexity 
imposed on a small organization would not interfere with the company's 
ability to pursue its business, or impose a degree of SMS data analysis 
that would result in insufficient time left to develop, implement and 
monitor risk mitigation procedures. It also recommended the FAA 
consider alternative strategies for SMS implementation, such as 
continuing with the voluntary program for operators that engage in 
international commercial activity.
    The ARC was also concerned with the protection of SMS safety 
information and proprietary data. Therefore, it noted that there should 
be protection of safety information and proprietary data from 
disclosure and use for other purposes. Safety information is vitally 
important to an SMS. Without the development, documentation, and 
sharing of safety information SMS benefits will not be fully realized. 
According to the ARC, protecting safety information from use in 
litigation (discovery), Freedom of Information Act (FOIA) requests, and 
FAA enforcement action is necessary to ensure the availability of this 
information, which is essential to SMS. The ARC recommended either a 
new regulation or a revision and strengthening of existing part 193, 
Protection of Voluntarily Submitted Information, to include SMS 
information. Further, the ARC recommended that the FAA establish policy 
or regulation which provides limits on enforcement action applicable to 
information that is identified or produced by an SMS.
    The ARC recommended that the FAA ensure that sufficient planning, 
policy and guidance, and workforce training be in place prior to SMS 
implementation to accommodate efficient, timely, objective and 
consistent assessment and oversight of SMS. To accomplish this, the ARC 
also suggested a phased promulgation of extending the applicability of 
a set of general SMS requirements to different populations. For 
example, the ARC recommended extending the set of general requirements 
to part 121 operators first, followed by part 135 operators and part 
145 repair stations conducting maintenance for part 121 and part 135 
operators, and extending the requirements to regulated entities under 
part 21 as part of the last phase of implementation. The ARC noted that 
this phased promulgation would allow earlier deployment of new 
regulations in the area of greatest operational exposure and greatest 
implementation experience, while allowing the necessary time for the 
development of sector-specific guidance and operation of pilot programs 
for remaining certificate and approval holders. For example, the design 
and manufacturing community has less experience in applying SMS than 
many commercial operators that are participating in SMS

[[Page 68232]]

pilot projects with AFS. The ARC has recommended that the FAA sponsor 
an SMS pilot program within the design and manufacturing sector to 
further develop implementation experience.
    In addition to the phased promulgation of the applicability of SMS 
requirements, the ARC also recommended a phased implementation of SMS 
requirements within individual companies. For example, the first stage 
of implementation would require an implementation plan to be completed 
six months after the effective date of a final rule, with the next 
level focusing on implementing safety risk management processes. The 
next level would focus on the proactive and predictive processes in 
safety assurance.
    A copy of the ARC's recommendations is available for review in the 
docket for this rulemaking.

III. Discussion of the Proposal

A. General Requirements

    Applicability. The FAA proposes to add a new part 5 to title 14 of 
the CFR, creating the general framework for an SMS that a part 121 air 
carrier may adapt to fit the needs of its operation. The new part 5 is 
modeled after the International Civil Aviation Organization (ICAO) 
framework in Annex 6, Operation of Aircraft, which was adopted in March 
2006 and is designed for broad application. It is also consistent with 
the ARC's recommendations to use the ICAO framework and develop SMS 
requirements that are scalable and flexible to accommodate all business 
models. Therefore, the proposed requirements are meant to be applicable 
to organizations of various sizes and complexities, as well as 
adaptable to fit the different types of organizations in the air 
transportation system and operations within an individual company. The 
proposed SMS construct is also consistent with AC-120-92A, Safety 
Management Systems for Aviation Service Providers, and FAA Order 
8000.367, Aviation Safety (AVS) Safety Management System (SMS) 
Requirements.
    Although this proposal extends only to part 121 operators, the FAA 
has developed these general requirements with the intent that in the 
future, they could be applied to other FAA-regulated entities, such as 
part 135 operators, part 145 repair stations, and part 21 aircraft 
design and manufacturing organizations and approval holders, consistent 
with ICAO requirements.\9\ This proposal also acknowledges the SMS 
ARC's recommendation for phased promulgation of SMS regulations to 
apply SMS requirements to certificate holders under different parts of 
title 14 of the CFR in successive phases. The FAA solicits comments on 
possible future application of these general requirements.
---------------------------------------------------------------------------

    \9\ Amendment 33 to Annex 6 part 1 addresses part 121, 135, and 
145 operations. It has a compliance date of November 18, 2010 and 
was announced in State Letter AN 11/1.3.19-06/34 24 (March 2006). 
Amendment 101 to Annex 8 addresses Design and Manufacturing. It has 
a compliance date of November 14, 2013 and was announced in State 
Letter AN 3/5.6-09/21 (April 3, 2009).
---------------------------------------------------------------------------

    In addition, it is not the FAA's intent that this rule would result 
in contractors or subcontractors, or entities not directly regulated by 
the FAA, being required to develop an SMS. Current processes require 
air carriers to ensure that the employees or businesses with whom they 
contract to conduct training or maintenance activities on their behalf 
are qualified, capable, and have the necessary equipment and facilities 
to perform the work. This proposal would not expand these existing 
requirements. However, the FAA seeks specific comment on the potential 
impact of a trickle down effect of this proposal to these entities.
    Scalable and Flexible. The proposed SMS regulation is designed as a 
performance based regulation. It requires a number of processes (for 
safety policy, safety risk management, safety assurance, and safety 
promotion) which are flexible, and can be tailored to provide relevant, 
yet robust management systems for each carrier. The SMS provides a 
framework for safety decision making by requiring structured processes 
for gathering and using information necessary to make sound management 
decisions. Because the part 121 air carrier population is extremely 
diverse in complexity related to both aircraft fleet sizes and numbers 
of employees, this proposal was designed to accommodate a variety of 
business models and sizes.
    The components of SMS are scalable relative to the size and 
complexity of the operator. For instance, the objective of safety risk 
management is the same regardless of the size of the carrier. That 
objective is to understand the operations and the tools and processes 
used to accomplish the work. While specialists in information 
technology and statistical analysis may be necessary in large, 
sophisticated carriers' operations, the safety risk management steps 
could be accomplished by the management and employees of even the 
smallest organization. For smaller operators, this process need not 
employ sophisticated techniques or be overly detailed. For example, a 
whiteboard, pencil, and paper, may be all that are needed to consider, 
analyze, and record the characteristics of the systems. Likewise, 
recording and tracking the results of the safety risk management 
process need not be extensive or overly sophisticated. They may be 
captured with paper records or simple electronic files using common 
word processing or spreadsheet applications.
    The safety assurance processes can also be scaled to the size and 
complexity of the operator. Its purpose is to provide key managers with 
only the information that they need to assure that the risk controls 
they have implemented remain valid and their processes are on track. An 
organization would determine what audit tools are needed to acquire 
only the information that it needs to maintain compliance with CFRs and 
company policies and procedures, e.g., airplane inspection intervals, 
open Minimum Equipment List (MEL) items, pilot training, and checking 
intervals, and dates and other key information. Internal evaluation and 
management review processes are used to evaluate the performance of 
major systems (i.e., flight operations, training, maintenance, 
inspection, and engineering, etc.). All part 121 carriers have a 
Continuing Analysis and Surveillance system (CASS) required by 14 CFR 
121.373. Most companies have Internal Evaluation Programs based on 
guidance in AC 120-59A, Air Carrier Internal Evaluation Programs, and 
other audit structures. These existing programs would likely satisfy 
the safety assurance requirements in this proposal. In very small 
companies, these may be performed personally by senior managers, 
specialist personnel, the Director of Safety, or the Chief Inspector 
required by 14 CFR 119.65. Analysis of audits, evaluations, employee 
reports, and internal investigations may be as simple as reading 
narratives, simple trend analysis of problems, and discussion among key 
management personnel.
    The safety management system may be adapted and scalable based on 
the complexity of the air carrier's operations. For example, some air 
carriers may have multiple certificates, authorizing them to conduct 
flight operations and also perform aircraft maintenance for other 
organizations. These air carriers may only want to implement one SMS 
that encompasses all of these aviation-related safety activities, and 
some may want to expand SMS to encompass all activities of the 
business. As another example, some certificate holders only have a few 
aircraft and service a limited area. These certificate holders may 
choose to

[[Page 68233]]

implement a smaller, simpler SMS consistent with requirements, but 
sized and designed for their operation. The FAA invites comments on how 
air carriers may approach the design and implementation of their SMS.
    The previous discussion indicates that certificate holders could 
comply with the proposed SMS requirements through a variety of means. 
The FAA intends these proposed requirements to be scalable and flexible 
to the size and complexity of the certificate holder's organization. In 
addition, the FAA also recognizes that certificate holders may already 
have systems and processes in place that meet the proposed SMS 
requirements. The FAA believes these systems and processes could easily 
be incorporated into an SMS and does not intend to create duplicative 
burdens. The FAA requests comments specifically identifying how the FAA 
could clarify or improve the incorporation of existing systems and 
processes into an SMS to improve the efficiency, scalability, and 
flexibility of this proposal.
    Compliance with other Regulatory and Statutory Requirements. The 
SMS requirements, as described in this section, would not be considered 
a substitute for compliance with existing technical and performance 
standards. Technical and performance standards would still be 
considered the baseline for safety performance. These general 
requirements for SMS would require air carriers to be able to 
demonstrate their capability to assess and control risk in their highly 
variable individual operational environments. While several air 
carriers currently may be in the process of implementing, or have 
implemented an SMS in accordance with FAA guidance material, these air 
carriers would need to ensure their system meets the regulatory 
requirements set forth in this proposal, and follow the same process 
for acceptance as an air carrier who is implementing SMS for the first 
time. The SMS may be adapted and scaled based on the complexity of