Title 14 Part 5
Title 14 → Chapter I → Subchapter A → Part 5
Electronic Code of Federal Regulations e-CFR
Title 14 Part 5
PART 5—SAFETY MANAGEMENT SYSTEMS
§5.97 SMS records.
Authority: Pub. L. 111-216, sec. 215 (Aug. 1, 2010); 49 U.S.C. 106(f), 106(g), 40101, 40113, 40119, 41706, 44101, 44701-44702, 44705, 44709-44711, 44713, 44716-44717, 44722, 46105.
Source: 80 FR 1326, Jan. 8, 2015, unless otherwise noted.
(a) A certificate holder under part 119 of this chapter authorized to conduct operations in accordance with the requirements of part 121 of this chapter must have a Safety Management System that meets the requirements of this part and is acceptable to the Administrator by March 9, 2018.
(b) A certificate holder must submit an implementation plan to the FAA Administrator for review no later than September 9, 2015. The implementation plan must be approved no later than March 9, 2016.
(c) The implementation plan may include any of the certificate holder's existing programs, policies, or procedures that it intends to use to meet the requirements of this part, including components of an existing SMS.
[80 FR 1326, Jan. 8, 2015, as amended at 80 FR 1584, Jan. 13, 2015]
§5.3 General requirements.
(a) Any certificate holder required to have a Safety Management System under this part must submit the Safety Management System to the Administrator for acceptance. The SMS must be appropriate to the size, scope, and complexity of the certificate holder's operation and include at least the following components:
(1) Safety policy in accordance with the requirements of subpart B of this part;
(2) Safety risk management in accordance with the requirements of subpart C of this part;
(3) Safety assurance in accordance with the requirements of subpart D of this part; and
(4) Safety promotion in accordance with the requirements of subpart E of this part.
(b) The Safety Management System must be maintained in accordance with the recordkeeping requirements in subpart F of this part.
(c) The Safety Management System must ensure compliance with the relevant regulatory standards in chapter I of Title 14 of the Code of Federal Regulations.
Hazard means a condition that could foreseeably cause or contribute to an aircraft accident as defined in 49 CFR 830.2.
Risk means the composite of predicted severity and likelihood of the potential effect of a hazard.
Risk control means a means to reduce or eliminate the effects of hazards.
Safety assurance means processes within the SMS that function systematically to ensure the performance and effectiveness of safety risk controls and that the organization meets or exceeds its safety objectives through the collection, analysis, and assessment of information.
Safety Management System (SMS) means the formal, top-down, organization-wide approach to managing safety risk and assuring the effectiveness of safety risk controls. It includes systematic procedures, practices, and policies for the management of safety risk.
Safety objective means a measurable goal or desirable outcome related to safety.
Safety performance means realized or actual safety accomplishment relative to the organization's safety objectives.
Safety policy means the certificate holder's documented commitment to safety, which defines its safety objectives and the accountabilities and responsibilities of its employees in regards to safety.
Safety promotion means a combination of training and communication of safety information to support the implementation and operation of an SMS in an organization.
Safety Risk Management means a process within the SMS composed of describing the system, identifying the hazards, and analyzing, assessing and controlling risk.
Subpart B—Safety Policy
§5.21 Safety policy.
(a) The certificate holder must have a safety policy that includes at least the following:
(1) The safety objectives of the certificate holder.
(2) A commitment of the certificate holder to fulfill the organization's safety objectives.
(3) A clear statement about the provision of the necessary resources for the implementation of the SMS.
(4) A safety reporting policy that defines requirements for employee reporting of safety hazards or issues.
(5) A policy that defines unacceptable behavior and conditions for disciplinary action.
(6) An emergency response plan that provides for the safe transition from normal to emergency operations in accordance with the requirements of §5.27.
(b) The safety policy must be signed by the accountable executive described in §5.25.
(c) The safety policy must be documented and communicated throughout the certificate holder's organization.
(d) The safety policy must be regularly reviewed by the accountable executive to ensure it remains relevant and appropriate to the certificate holder.
§5.23 Safety accountability and authority.
(a) The certificate holder must define accountability for safety within the organization's safety policy for the following individuals:
(1) Accountable executive, as described in §5.25.
(2) All members of management in regard to developing, implementing, and maintaining SMS processes within their area of responsibility, including, but not limited to:
(i) Hazard identification and safety risk assessment.
(ii) Assuring the effectiveness of safety risk controls.
(iii) Promoting safety as required in subpart E of this part.
(iv) Advising the accountable executive on the performance of the SMS and on any need for improvement.
(3) Employees relative to the certificate holder's safety performance.
(b) The certificate holder must identify the levels of management with the authority to make decisions regarding safety risk acceptance.
§5.25 Designation and responsibilities of required safety management personnel.
(a) Designation of the accountable executive. The certificate holder must identify an accountable executive who, irrespective of other functions, satisfies the following:
(1) Is the final authority over operations authorized to be conducted under the certificate holder's certificate(s).
(2) Controls the financial resources required for the operations to be conducted under the certificate holder's certificate(s).
(3) Controls the human resources required for the operations authorized to be conducted under the certificate holder's certificate(s).
(4) Retains ultimate responsibility for the safety performance of the operations conducted under the certificate holder's certificate.
(b) Responsibilities of the accountable executive. The accountable executive must accomplish the following:
(1) Ensure that the SMS is properly implemented and performing in all areas of the certificate holder's organization.
(2) Develop and sign the safety policy of the certificate holder.
(3) Communicate the safety policy throughout the certificate holder's organization.
(4) Regularly review the certificate holder's safety policy to ensure it remains relevant and appropriate to the certificate holder.
(5) Regularly review the safety performance of the certificate holder's organization and direct actions necessary to address substandard safety performance in accordance with §5.75.
(c) Designation of management personnel. The accountable executive must designate sufficient management personnel who, on behalf of the accountable executive, are responsible for the following:
(1) Coordinate implementation, maintenance, and integration of the SMS throughout the certificate holder's organization.
(2) Facilitate hazard identification and safety risk analysis.
(3) Monitor the effectiveness of safety risk controls.
(4) Ensure safety promotion throughout the certificate holder's organization as required in subpart E of this part.
(5) Regularly report to the accountable executive on the performance of the SMS and on any need for improvement.
§5.27 Coordination of emergency response planning.
Where emergency response procedures are necessary, the certificate holder must develop and the accountable executive must approve as part of the safety policy, an emergency response plan that addresses at least the following:
(a) Delegation of emergency authority throughout the certificate holder's organization;
(b) Assignment of employee responsibilities during the emergency; and
(c) Coordination of the certificate holder's emergency response plans with the emergency response plans of other organizations it must interface with during the provision of its services.
Subpart C—Safety Risk Management
A certificate holder must apply safety risk management to the following:
(a) Implementation of new systems.
(b) Revision of existing systems.
(c) Development of operational procedures.
(d) Identification of hazards or ineffective risk controls through the safety assurance processes in subpart D of this part.
§5.53 System analysis and hazard identification.
(a) When applying safety risk management, the certificate holder must analyze the systems identified in §5.51. Those system analyses must be used to identify hazards under paragraph (c) of this section, and in developing and implementing risk controls related to the system under §5.55(c).
(b) In conducting the system analysis, the following information must be considered:
(1) Function and purpose of the system.
(2) The system's operating environment.
(3) An outline of the system's processes and procedures.
(4) The personnel, equipment, and facilities necessary for operation of the system.
(c) The certificate holder must develop and maintain processes to identify hazards within the context of the system analysis.
§5.55 Safety risk assessment and control.
(a) The certificate holder must develop and maintain processes to analyze safety risk associated with the hazards identified in §5.53(c).
(b) The certificate holder must define a process for conducting risk assessment that allows for the determination of acceptable safety risk.
(c) The certificate holder must develop and maintain processes to develop safety risk controls that are necessary as a result of the safety risk assessment process under paragraph (b) of this section.
(d) The certificate holder must evaluate whether the risk will be acceptable with the proposed safety risk control applied, before the safety risk control is implemented.
Subpart D—Safety Assurance
§5.71 Safety performance monitoring and measurement.
(a) The certificate holder must develop and maintain processes and systems to acquire data with respect to its operations, products, and services to monitor the safety performance of the organization. These processes and systems must include, at a minimum, the following:
(1) Monitoring of operational processes.
(2) Monitoring of the operational environment to detect changes.
(3) Auditing of operational processes and systems.
(4) Evaluations of the SMS and operational processes and systems.
(5) Investigations of incidents and accidents.
(6) Investigations of reports regarding potential non-compliance with regulatory standards or other safety risk controls established by the certificate holder through the safety risk management process established in subpart C of this part.
(7) A confidential employee reporting system in which employees can report hazards, issues, concerns, occurrences, incidents, as well as propose solutions and safety improvements.
(b) The certificate holder must develop and maintain processes that analyze the data acquired through the processes and systems identified under paragraph (a) of this section and any other relevant data with respect to its operations, products, and services.
[80 FR 1326, Jan. 8, 2015, as amended at 82 FR 24010, May 25, 2017]
§5.73 Safety performance assessment.
(a) The certificate holder must conduct assessments of its safety performance against its safety objectives, which include reviews by the accountable executive, to:
(1) Ensure compliance with the safety risk controls established by the certificate holder.
(2) Evaluate the performance of the SMS.
(3) Evaluate the effectiveness of the safety risk controls established under §5.55(c) and identify any ineffective controls.
(4) Identify changes in the operational environment that may introduce new hazards.
(5) Identify new hazards.
(b) Upon completion of the assessment, if ineffective controls or new hazards are identified under paragraphs (a)(2) through (5) of this section, the certificate holder must use the safety risk management process described in subpart C of this part.
§5.75 Continuous improvement.
The certificate holder must establish and implement processes to correct safety performance deficiencies identified in the assessments conducted under §5.73.
Subpart E—Safety Promotion
§5.91 Competencies and training.
The certificate holder must provide training to each individual identified in §5.23 to ensure the individuals attain and maintain the competencies necessary to perform their duties relevant to the operation and performance of the SMS.
§5.93 Safety communication.
The certificate holder must develop and maintain means for communicating safety information that, at a minimum:
(a) Ensures that employees are aware of the SMS policies, processes, and tools that are relevant to their responsibilities.
(b) Conveys hazard information relevant to the employee's responsibilities.
(c) Explains why safety actions have been taken.
(d) Explains why safety procedures are introduced or changed.
Subpart F—SMS Documentation and Recordkeeping
§5.95 SMS documentation.
The certificate holder must develop and maintain SMS documentation that describes the certificate holder's:
(a) Safety policy.
(b) SMS processes and procedures.
§5.97 SMS records.
(a) The certificate holder must maintain records of outputs of safety risk management processes as described in subpart C of this part. Such records must be retained for as long as the control remains relevant to the operation.
(b) The certificate holder must maintain records of outputs of safety assurance processes as described in subpart D of this part. Such records must be retained for a minimum of 5 years.
(c) The certificate holder must maintain a record of all training provided under §5.91 for each individual. Such records must be retained for as long as the individual is employed by the certificate holder.
(d) The certificate holder must retain records of all communications provided under §5.93 for a minimum of 24 consecutive calendar months.