The system description seems to be the “elephant in the living room,” i.e., you know it is there but you are not sure what to do about it.
The system description is the most important step in the development of a safety management system. Unfortunately, nearly every organization “alleging” to have an SMS skips it.
Why do I say alleging to have an SMS? As you read this article, it will become clear an effective SMS is dependent upon identifying system vulnerabilities and ensuring they are under organizational control.
What is a system
|“The system description is the foundation on which an effective SMS is built.”|
Before we dive into the system description, let’s make sure we understand the definition of a system.
A system, in its simplest form, is a collection of parts (components) working together for a common purpose (element).
Examples of systems in which we are all familiar include:
- Transportation System – a collection of the equipment (cars, buses, trains, boats, aircraft, spacecraft, etc.), structures (highways, waterways, railways, airways, etc.), and logistics (distribution, maintenance, storage, disposal, etc.) with the purpose or moving persons and goods.
- Aviation System – a collection of aviation related components (equipment, structures, and logistics) with the purpose of moving persons or goods by air.
- Aircraft Systems – a collection of subsystems (propulsion, flight control, navigation, etc.) with the purpose of providing continued airworthiness of the aircraft.
- Flight Control System – a collection of components and subsystems (control surfaces, cockpit controls, connecting linkages, and the necessary operating mechanisms) with the purpose of controlling an aircraft’s direction in flight.
System Components and Elements
From the examples above, it is easy to see that systems are composed of their defining components and elements. For example, flight control system components include control surfaces, cockpit controls, connecting linkages, and necessary operating mechanisms.
In addition to components, every system has a set of elements that define its purpose or influences.
We will discuss four system elements in this article:
- System Input
- System Output
- System Boundary
- System Interface
Continuing with the flight control system, input occurs at the cockpit controls. As stated in the example above, the system output is controlling the aircraft’s direction of flight.
The system boundary is the point that marks the limits of a system. The boundary is influenced by entities, such as ownership, control, and function. We’re not going to dive into this now, other than to make one critically important point: where systems begin and end is relative to one’s interaction with the system.
What one individual considers a system, another might describe as a subsystem or a collection of components. For example, the flight control system in high-end business jets has several complex subsystem linkages, such as hydraulics, electrical, avionics, etc.
The system interface is a shared boundary between two separate components (or subsystems) in which there is an exchange of information (inputs/outputs). The exchange can be between software, computer hardware, peripheral devices, humans and combinations of these.
Why the system description concept has been so hard to grasp
The context of source material made available has very little to do with aircraft operator or service provider systems.
Most guidance material, available from ICAO, regulatory agencies, the various alphabet organizations (IBAC, NBAA, ACSF, et.al.), and the myriad of SMS vendors has been derived from ICAO DOC 9859 – Safety Management Manual. DOC 9859 is guidance material applicable to regulatory agencies, for the development of State safety programs. In the case of the United States, the recently adopted FAR Part 5, FSIMS 8900.1, AC 120-92B, and other policy documents have roots in DOC 9859.
The organizational conundrum
Various SMS advocates have made an effort to connect the State processes described in DOC 9859 to organizationally specific requirements. Although the processes are similar, the system elements are considerably different.
The failure to distinguish fundamental differences, between State and organizational SMS performance expectations, has led to significant misperceptions in SMS requirements. Many organizations have not properly identified their specific performance requirements. Without defined requirements, organizations are unable to track and evaluate the performance of an individual process, let alone the SMS as a whole.
Many organizations have turned to SMS templates, with generic requirements, in an effort to implement an SMS. This has led to collecting data that is not link to specific organizational objectives. These template SMS may very well be measuring items of little significance while missing the opportunity to capture important safety information.
Why the system description is important
The system description is the foundation of an effective SMS. It is the system description that gives the SMS its direction.
As we have already discovered, systems encompass multiple components exchanging information at the interface between the shared boundaries. Vulnerabilities at these boundary interfaces are the point where hazards exist.
In the case of an aircraft operator, each of the key operational activities, such as, scheduling, planning, flight execution, and maintenance, has specific performance expectation. To accomplish its objective, the trip planning requires input from the trip scheduling process. That input runs through a series of tasks (supporting processes) to provide an output. The output from trip planning becomes an input for the flight execution process.
The system description is a roadmap that details day-to-day activities. It provides understanding necessary for identifying and managing risks associated with operational activities. Defining and tracking the requirements of process handoffs makes errors and vulnerabilities obvious.
The benefits of a well-documented system description include:
- dentification of performance requirements for key and supporting processes.
- Identification of performance measures for determining the effectiveness of activities.
- Identification of controls required to manage defined performance goals.
- Development of performance indicators to determine if controls are meeting expectations.
- Documentation of baseline for change management and continuous improvement.
Future articles will discuss the method for documenting the system description and how to extract specific metrics.
For immediate assistance with developing or correcting your SMS activities, please contact Jeff Whitman via the Air Safety Group website at www.AirSafetyGroup.com/contact/.