GAH-Quality, Ethics, and IT/HIPAA

Introduction

Quality, IT/HIPAA, and ethics are essential areas in the healthcare sector, which attract immense attention from various stakeholders in the industry. The government, through amendment acts, sets the regulations to protect patients in area involving quality of healthcare, charges of services, and confidentiality. In addition, through various agencies, ensures that the concerned stakeholders in the industry uphold the set standards. Medical facilities, on the other hand, set standards to ensure that the quality of service meets the government requirements and meet the customer demands. Hospitals also must follow the existing ethical guidelines to uphold the dignity of customers and adopt efficient IT security measures to safeguard patients’ information. A medical facility, must observe quality, IT/HIPAA, and ethical requirements to avoid a backlash from customers and conflicts with the government.  

Quality

The proposed hospital, to ensure high standards defines quality as healthcare that maximizes output, while utilizing minimum resources for the benefit of the patient. Additionally, the facility expresses quality as coordinated care between departments and outpatient settings to minimize negative responses from the patients. Therefore, GAH will develop a culture of delivering cheap but high quality services for inpatients and outpatients across all the departments.

            Some of the expected problems in quality service delivery are expected to emanate from the inability of systems to address shortcomings within them. In most cases, issues result from below par performance metrics and/or biasedness of test procedures. Therefore, it becomes extremely hard for facilities to evaluate performance; hence, improve or uphold quality standards. In this regard, Golden Age Hospital will put adequate efforts to ensure that performance metrics reveal the facility’s nature and level of service delivery.

            One of the criteria that the facility will adopt to minimize quality issues will include picking definite points, with guaranteed measurability to function as metrics. In addition, Golden Age Hospital will develop performance standards and conduct consistent updates of measures to comply with emerging quality requirements. The hospital will also establish a team for quality assurance to evaluate quality of services delivered and recommend performance factors and metric changes.

            Golden Age Hospital will also conduct educational surveys to gather information about the institution. Such information is expected to assist the facility create an environment conducive for employee participation; hence, increase their desire to perform beyond the quality bar. In addition, the surveys will give insights about the employee’s expectations from their leaders; hence, enable them adopt a ‘lead by example style’. With such techniques of approach of quality of service, the hospital is expected to meet the federal, state, and customer requirements; hence, boost promote business.

Figure 1: A Training and Facilities Quality of Service Reference

Figure 2: A Staffing, Equipment, and TQM Quality of Service Reference

IT/HIPAA

HIPAA, (Health Insurance Portability and Accountability Act), also regarded to as the Public Law 104-191, possesses two primary objectives of providing continuous health cover and minimize cost and administrative burdens. The law standardizes the financial and administrative transactions’ electronic transmission. HIPAA also intends to combat fraud, abuse, waste in healthcare delivery and insurance and assure long-term access to health insurance and care services. The law is reviewed annually to ensure emerging concerns in the health sector are addressed and seal loopholes, which might be used by facilities to compromise service delivery.

            Golden Age hospital will ensure that it complies with HIPAA transaction standards for the federal government to allow delivery of services to the elderly patients. In addition, the hospital will incorporate all the annual amendments to the law, which will be conducted within a six months window, to ensure full compliance and make standards adherence an ongoing process. Golden Age Hospital will emphasize on meeting the HIPAA guide to guarantee protection of PHI (Protected Health Information), which includes information about provision of healthcare, health status, or payments from covered entities that can be associated to particular person. Therefore, the facility will consider physical and electronic means of protecting customer information. In this regard, the hospital will acquire stand-alone Information Technology products to enhance appropriate encryption of communication to reduce chances of patient data compromise.

Ethics

As noted earlier, the security of patients’ information is essential; hence, the facility will put immense emphasis to prevent, or identify any compromise to sensitive data to minimize or eliminate impacts of attacks. However, there exist two challenges expected in ensuring that encryption techniques adhere to guidelines, which arise from verification of particular users and message encryption. Notably, there exists a difficulty of confirming that particular information belongs to an individual, which may lead to exposure of patient’s data to unintended parties. Additionally, there exist numerous message encryption standards in the field of health IT, which may not be fully known to a facility’s management. Therefore, a hospital will always fall short of certain standards regarding message encryption. However, Golden Age Hospital will always review recent standards and make efforts to implement them. In addition, the hospital will password authentication dedicated to established user tokens will be utilized to enhance identification of encryption to the message sender and receiver.

Conclusion and Recommendation

Since quality, ethics, and HIPAA/IT are essential areas that healthcare facilities should put adequate emphasis to ensure compliance, with the industry’s standards and meet customer expectation, Golden Age Hospital will consider adopting recommendations stipulated below-

1. The facility should develop an awareness culture of matters concerning standards to ensure continuous delivery of quality care.
2. The hospital should consider accommodating regular reviews of the industry policies and standards to ensure up to date quality assurance measures and improve compliance.
3. Golden Age Hospital should ensure data protection by following IT professionals’ guidelines that are related to data protection standards in the IT industry, to uphold security of customer information; hence, improve satisfaction.
4. The hospital should also Incorporate IT industry best practices to reduce chances of  patient data compromise , since, most of the transactions involved in covered healthcare industry involves electronic transmission of information; hence, requires Information security measures.

Golden Hospital by adopting the above recommendations will be ensured of minimum or no Information security incidences, which can lead to compromise of patient information. The hospital will also be assured of high quality services, which will guarantee customer satisfaction; hence, improve business. Finally, the facility will incur minimal losses in terms of court fines emanating from customers having compromised information.

References

Decision Making at General Motors Company

General Motors Company is an auto multinational corporation with headquarters in Detroit, Michigan, United States of America. The company designs, builds, and sells crossovers, cars, automobile parts, and trucks in the United States and all over the world including South America, Asia, and Europe, among others. Therefore, the company has factories and outlets all over the globe. In addition, According to Law (2017) the company sells through joint ventures and dealers in many parts of the world. Since the great economic recession of 2008-2009, General Motors has learnt to use managerial accounting to make critical decisions on where to produce and how to distribute products in the world.

The past one decade has seen General Motors relocate production from one region to another due to the market dynamics or the political atmosphere. Additionally, in the past, the company has allocated varying amounts of financial resources to its production lines all over the world. For instance, in January, 2017, the company decided to invest additional one billion dollars in its United States based factories and relocate some parts production from Mexico to the US. The the allocation was an addition to the about three million announced in 2016 (Linder & Williander, 2017).

The decision was arrived due to the criticism to the company and other automakers made by the then president elect Donald Trump; hence, had no financial implications. The then president elect had criticized GM and other manufacturers for locating factories outside the United States of America; hence, denying the Americans a big number of job opportunities that come along with such factories. However, General Motors has come out to explain the decision to relocate from Mexico to the US and increase their investment to the factories based in the country (Law, 2017).

Activity and Time Utilized

The management of the General Motors Co has decided to relocate production of some parts from Mexico to the United States. According to Law (2017), some of the production parts that will be relocated include axle production for the next generation of trucks and pickups. Linder & Williander (2017) explain that the relocation process will also involve an additional investment of approximately one billion dollars in its factories in the United States. However, the additional investment is not inclusive of the relevant and non-relevant cost associated with the relocation process. The management’s decision was a response to criticism by the then president-elect Donald Trump, which created pressure for the company to relocate and create more jobs in the United States. Law (2017) highlights the decision as a way of improving relations with United States, which is one of the company’s lucrative markets across the globe.

According to Linder & Williander (2017), the process of evaluating relocation of a company’s production activities is cumbersome, as it requires review of the process itself, relevant, and non-relevant cost. Therefore, to come up with relevant implications, it requires carefulness and ample time to produce accurate results. It took six months to review the process of relocation of General Motors Co from Mexico to the United States.

Inputs Utilized

The process utilized various resources, which included finances, personnel, and information. According to Linder & Williander (2017), for the process to run smoothly and produce accurate results, it required information on the company’s profile, market, and reason for relocation. The process also required experts in finance, marketing, and motor production among others. In terms of finances, the direct and indirect financial cost of the process was approximately $ 0.8Million.

Results and its Implications

Relevant Costs involved

The company will incur some relevant costs if it relocates production of some parts form Mexico to the United States. First of all, the company will incur the cost of relocating the production plant, which includes the cost of establishing a new plant. Further, the company has to comply with the tax and labor laws of the United States, which are different from those in Mexico. According to Law (2017), in the United States, the company is expected to pay higher license fees, taxes, and pay more to its employees because labor is more expensive in the country. Besides, the company will incur the cost of recruiting new employees to comply with the labor laws in the United States, which require a company to consider locals first if the skills are readily available. Therefore, employees who will be laid off will demand benefits from the company.

Non-relevant Costs Involved

The salary and allowances of the directors and the Chief Executive Office will remain the same whether the company relocates or not. Additionally, non-relevant cost include the cost of advertisement to reach the global market because the company sells all over the world, therefore, it contracts both international and local media, which will not be affected by relocation (Linder & Williander, 2017).  

Conclusion

Labor cost and taxes are quite higher in the United States compared to Mexico. Therefore, the company is expected to incur more in production. Besides, the company will have to incur the cost of establishing a new plant in the United States. However, if the company relocates, it will improve its relations with the United States, which is one of its stable markets in the world. Finally, the salaries of the top management and advertisement cost will remain the same whether the company relocates or not.

References

Law, C. M. (2017). Restructuring the global automobile industry. Taylor & Francis.

Linder, M., & Williander, M. (2017). Circular business model innovation: inherent uncertainties. Business Strategy and the Environment, 26(2), 182-196.

Digital Intelligence Architecture for Data-Driven

Cyber Security in Manufacturing

PhD Research

Initial Review Report

Academic Year: 2017 – 2018

TABLE OF CONTENTS

LIST OF FIGURES. iv

LIST OF TABLES. v

LIST OF ABBREVIATIONS. vi

1 Instruction. 1

2 Research Motivation. 2

3 Aim and Objective. 5

3.1 Aim: 5

3.2 Objective: 5

4 Research Questions. 7

5 Literature Review.. 8

5.1 Section Heading (use Heading 2) 8

5.1.1 Subsection Heading (use Heading 3) 8

5.2 Section Heading (use Heading 2) 10

5.2.1 Subsection Heading (use Heading 3) 10

5.3 Section Heading (use Heading 2) 12

5.3.1 Subsection Heading (use Heading 3) 12

6 Research Methodology. 14

Research methodology flow chart, is very important. 14

7 Scope and Limitations. 17

8 Research Gap. 18

9 Research Documentations (I will do it) 21

9.1 Work Plan. 21

9.1.1 Subsection Heading (use Heading 3) 21

9.2 Section Heading (use Heading 2) 21

9.2.1 Subsection Heading (use Heading 3) 21

REFERENCES. 23

LIST OF FIGURES

Figure 1: Digital Cyber Security Architecture (Williams 2014). 10

Figure 2: AVOIDIT structure (Williams 2014) 11

LIST OF TABLES

Table 1‑1 A table caption. 2

LIST OF ABBREVIATIONS

IT	Information Technology
AI	Artificial Intelligence
IOT	Internet of Things

1 Introduction

Currently, the entire manufacturing industry is subject to huge paradigm shifts and facing fresh opportunities, which are based on technical and business perspectives. According to Herterich* etal (2015), conventionally, manufacturing firms have focused on selling tangible products; however, the organisations have also been offering product-related services throughout the lifecycle of products. In the past few years, most of the firms have increased revenues by providing product related services, specifically in areas of maintenance, repair, and Overhaul.

Increase demand for the service dominant paradigm to replace the traditional good dominant logic has brought a better understanding of recent business models in the conventionally goods driven industries among scholars. Due to the increased revenue realized from servitization, the services focused is becoming more important. In addition, a demand for full-service offerings that are integrated and increased focus on performance rather than just selling and providing maintenance is being observed.

Leitão, Colombo and Karnouskos (2016) also notes that since, traditionally, manufacturing companies are made up of electrical and mechanical components; hence, breakdowns lead to downtowns and become highly costly to the firms, a shift towards digital technologies. Currently, most of the industrial and consumer products possess sensors and connectivity, which enhance transformation of the service-oriented businesses or create new hybrid business models in the manufacturing industry where a high demand for equipment, reliability, and capabilities cutting across and transcending the conventional product boundaries exists.

According to Williams (2014), adopting such technological capabilities (indicated above) has immense results; for instance, by reducing product downtown through condition monitoring, and incorporating preventive and predictive maintenance. However, Leitão, Colombo and Karnouskos (2016) notes that pervasive digital technologies are a huge threat to the digitized service oriented business that highly relies on technology to thrive. Therefore, current paradigm shift from the traditional product driven to the service-oriented manufacturing industry requires robust cyber-security techniques to survive; otherwise, a single cyber-attack can lead immense losses due to huge recovery costs, or a total collapse of the business.

According to Williams (2014), previous studies have inadequately covered cyber-attack threat to the manufacturing industries. For instance, there exists limited information regarding effective techniques that can be utilized to quantify cyber-attack effects and determine cyber security requirements in a manufacturing system. However, Ani and Tiwari (2017) argues that data driven techniques possess immense potential to develop robust cyber-security defence mechanisms for the manufacturing systems.

Ani and Tiwari (2017) indicates that automated manufacturing systems depend on and output a lot of data, which if, utilized effectively can assist in detecting cyber-attacks before they cause damage to the system. In addition, data for automated manufacturing systems can be used analyse effects of cyber-attacks on such systems, thereby, identifying effective response techniques. According to Venter (2014), also, the increase in use of digital technology in the manufacturing industry has attracted the use of artificial intelligence (AI) techniques, to speed up processes and increase efficiency.

Use of (AI) techniques, whereby machines systems can learn from the existing data and perform some action(s) without direct control of human beings, also requires that similar techniques be applied on cyber security, to ensure that threats detection and response in case of attacks can be performed in the same speed as the process. Leitão, Colombo and Karnouskos (2016) insists that failure to use robust AI techniques to improve cyber security in manufacturing industries can lead dangerous attacks because automated systems function at very high speed; hence, detecting and responding to attacks manually becomes in effective or impossible. Therefore, digital intelligence for data driven cyber security is a necessary component of automated service oriented manufacturing systems. 

2 Research Motivation

Considering, the paradigm shift, in the manufacturing industry, from the product-focused to service-oriented manufacturing organizations due to immense potential that the latter possesses, the study will focus on some particular requirements of the modern manufacturing companies. In addition, acknowledging that service driven manufacturing heavily relies on automated process, which pose a high risk of cyber-attacks, the proposed research will focus on understanding cyber-security in the state of art manufacturing corporations.

Specifically, the emergence of robust technologies such as the Internet of Things (IOT) and Big-Data, which introduce new opportunities and risks such as improved AI and cyber-attacks respectively, is one of the motivations, whereby service-oriented manufacturing corporations will perceived in the context of such information technology capabilities. In this regard, ways to develop digital intelligence architecture, which rely on data to provide improved cyber security in the manufacturing sector, will be explored in the proposed study. Specifically, the proposed research will examine the possibility of using data driven techniques to quantify requirements of cyber security, develop efficient defence mechanisms, create adaptive and autonomous response techniques, and assess the damage of cyber-attacks in the manufacturing companies.

3 Aim and Objective

3.1 Aim:

Develop a digital intelligence architecture for data-driven cyber security of a manufacturing system.

3.2 Objective:

1. To determine effective techniques for quantifying the effect of cyber-attack on a manufacturing system.
2. To identify cyber security requirements in a manufacturing enterprise.
3. To outline an effective defence architecture for securing manufacturing system.
4. To develop an adaptive and autonomous cyber-attack security response architecture for manufacturing system.
5. To validate the framework and model in (3) and (4).

4 Research Questions

RQ1: How can the extent of damage from a cyber-attack to a manufacturing system be quantified?

RQ2: Can the cyber security needs of a manufacturing enterprise be accurately ascertained from data-driven vulnerability assessments?

RQ3: How can defence mechanisms be adopted effectively to secure a manufacturing system?

RQ4: Can response to cyber-attacks on manufacturing systems be adaptive and autonomous?

5 Literature Review

This section will involve reviewing of the existing literature related to cyber security in the manufacturing sector to identify the possibility of using data driven techniques to prevent, and effectively responding to cyber-attacks incidences. Peer reviewed journal articles are considered the best sources provide information related to business continuity in the manufacturing industry.

5.1 Theories Related to Data Driven Strategies and Cyber Security

There exists several theories related to cyber security, which are very helpful in understanding the requirements of cyber security that include risk mitigation approaches, defence mechanisms, and attack response strategies, among others. An in-depth discussion of such theories is provided below.

5.1.1 Game Theory for Cyber Security

According to Keegan (2014), information technology and infrastructure has made significant milestones in the recent past, thereby providing fresh opportunities; however, complete security is yet to be achieved in the cyberspace. While there exist effective security solutions, they are ad hoc (focus on particular problems, which they designed to address) and do not possess a framework for quantitative decision-making; therefore, they fail to adequately respond to dynamic scenario.

With regard to the above information, Babiceanu and Seker (2016) proposed a holistic approach to the issue of cyber security, whereby, defense architecture based on game theory were found to possess immense potential regarding information system security. Boyson (2014) explains game theory as mathematical language to describe strategic interactions and possible outcomes. Strategies based on game theory to information and cyber security issues is attracting immense interest to establish the nature of warfare between attackers and defenders. Williams (2014) explains that game theoretic techniques are used conduct tactical analysis of existing options to respond to a cyber-threat. Leitão, Colombo and Karnouskos (2016) also notes that varying games have been built in a bid to illustrate different demands for effective information warfare approaches.

The department of computer science, Memphis University, proposed one of the game theory based solutions, known as GIDA (Game Inspired Defence Architecture). The department proposed a semi-autonomous architecture for cyber-security that was supposed to leverage a game theory to fight cyber-attacks. In the architecture, the system administrator was supposed to take a “carrot and stick” strategy to prevent an adversary.

The carrot a stick strategy is policy providing punishment and rewards to induce the adversary behaviour. A game model was the brain of the GIDA, which was supposed to choose the countermeasure after an in-depth analysis reward and cost. The game model was not attack or countermeasure specific. The department also envisioned wrapping a self-testing software module over particular parts of the system, consisting of, trade-off among the security, performance, and cost.

The solution envisioned by Memphis University also was supposed to be a distributed architecture having three parts: an administrative console, a group of game agents including the central coordinator, and a dynamic honey net. The three parts interacted in a semi-autonomous manner to offer a means of identifying, evaluating, and acting upon net flows. Particularly, the honey net offered a way of redirecting malicious flows to the honey pots instantiated dynamically to observe malicious activity and its forensic data. The administrative console was designed to offer a user interface, which allowed network state data correlation, conduct forensic of the data related to the honeypot, offer a messaging channel, and configure varying parts of the system.

Figure 1: Digital Cyber Security Architecture (Williams 2014).

According to Williams (2014), AVOIDIT is cyber security concept using a game theory, particularly a cyber-attack taxonomy offering attack vectors classification to enhance defenders with the dissemination of defence mechanisms. Memphis University utilizes five classifiers in the characterization of an attack’s nature that are classification by the target of attack, attack vector, operational impact, defence and informational impact. The solution is presented in a tree-like structure, for proper classification of common vulnerabilities, and vectors of attack utilized to launch cyber-attacks. The design of AVOIDIT was expected to provide a base for cyber security community and enhance continuous growth as defences and attacks become more complicated.

Memphis University expected AVOIDIT to become a repository schema for knowledge management system (KMS) in a local network. KMS exploits the ability of utilizing knowledge from experts and previous data to come up with a system where sharing of information in the entire organization is possible. The objective of the concept is to come up with an organization, that is, attack resilient in all of its functional areas. Knowledge management was expected to enhance accurate flow of attack data within the organization. The knowledge management system for the AVOID it classifier was designed to utilize a GIDA (Game Theoretic Inspired Architecture) system for the investigation of action attacker and defender action space determination applicability. KMS for AVOIDIT was expected to enhance integration of attack information into GIDA to enhance easy location of relevant defence approaches by the game agents.

Figure 2: AVOIDIT structure (Williams 2014)

5.1.2 Deterrence Theory and Cyberspace

During the cold war, the preferred popular framework for military doctrine and analysis to explain nuclear weapons influence and to conclude that nuclear powers, would not conflict with each other due to the fear of the consequences. Since then, the theoretical framework to cyberspace, as cyber deterrence. While the domains have some similar characteristics; for instance, the offensive advantage, acknowledging the difficulty and costliness of defence, there exist significant differences.

Deterrence theory dates back to the 1920s and 30s when the first flight bombers were regarded as unstoppable using the defensive mechanisms. Strategists thought that huge attacks on one’s city would only be prevented, if the opponents feared counterattacks with similar magnitude, which is known as deterrence by punishment. Convincing the opponents that their objective will be denied, in case they attack is another approach of deterrence, also known as deterrence by denial.

According to Kim and Im (2014), deterrence theory occurs in two approaches, whereby the first one is build robust defence mechanisms, which might make attackers to stand down, knowing the cost of attacking is higher compared to the benefits realized. The second approach focuses on retaliation, when an attack occurs. However, Leitão, Colombo and Karnouskos (2016) argues that the approach is not very popular in the cyber space due to the problem of identifying the source of attack.

Williams (2014) also adds that the problem of unmasking the source is a major obstacle to the applicability of the approach because digital domain naturally lenders itself to anonymity. Therefore, Williams (2014) indicates that the issue of unmasking the source attracts the third component of deterrence in the cyber space, which is known as attribution. The attribution approach of deterrence postulates a three-pronged strategy, acknowledging that responses vary between non-state and state actors. According to Madan and Banik (2014), cyber and land possess immense similarities in that entry barriers are minimal, there are numerous players, and there exists a concealment loophole. However, Ani and Tiwari (2017) indicates that cyber is also different from land in that the geographic separation between the attacker and the defender can be very large. Hence, combining the geographic separation problem and the issue of concealment, results to an immense difficulty in the attribution approach, which may diminish the fear of retaliation in the cyber world. Therefore, the first line of approach should be developing a robust defence, which is a combination of strong software and hardware to make attacks almost impossible. The second approach should be dealing with the few possible attacks in a retaliatory manner.

5.2 Quantifying the Damage of Cyber Attacks

 Cyber breaches might be the most expensive threats to companies; however, there exists few firms, which can estimate the cyber risks exposure. According to Linton, Boyson and Aje (2014), most of the companies rely on qualitative methods such as ‘heat maps’, which provide a low or high description of risks, using vague estimates, whereby the frequent small and rare large losses are lumped up together. Williams (2014) notes that such kind of an approach cannot assist managers to accurately estimate the cost of risks; hence, establishing where to invest in terms of cyber security is not possible. Therefore; in most cases, corporations adopt the wrong cyber security capabilities and obtain inadequate insurance protection to the cyber risks.

Pomponiu and Thing (2017) notes that there exists no organization which can eliminate cyber risks; hence, business have to adopt the correct choices concerning cyber threats, acknowledging that risk mitigation is critical. Cassandras (2016) indicates that, although, cyber risks estimation may never become an accurate science, the understanding of the reasons that cyber risks forecasts are inefficient is improving.

According to Qatar et al. (2017), accurate estimation of the cyber risks is the most critical asset a company can possess. Qatar et al. (2017) also notes that cyber risks fall into two categories that are those related to services shutdown, and that compromise data that range from corporate secrets, bank accounts, to sensitive data. Kim, Tong and Thomas (2015) also notes that estimating cyber risks highly depends on the type of business; for instance, a utility company’s biggest risk might be a nuclear outage, while insurer firm may be hacking or losing data.

Qatar et al. (2017) also notes that understanding lower and upper boundaries of risks requires gathering of the general business, operational, and technical data, which can be modelled against the possible risks. Keegan (2014) notes that, utilizing external and internal data related to business and operations, companies can be able to estimate probable and maximum losses for a period of one to three years, in similar manner as estimating future revenues. In addition, Rongping and Yonggang (2014), notes that companies can also estimate the percentage of customers that they will lose in future due to cyber-attacks, or the level of stock valuation due to bad reputation in case of a an attack. Organizations can also use past incidences to identify applications with the highest risks.

Therefore, although challenging, quantifying of cyber risks is feasible using data oriented techniques. Most companies, especially in the manufacturing industries should drop the inaccurate qualitative techniques and adopt data related methods of risks analysis. Using data related techniques companies can budget for the future attacks because they can achieve a smaller margin of error in estimating the costs of future attacks compared to the past.

5.3 Ascertaining Cyber Security Requirements

According Keegan (2014), the current methodologies for assessing risk fail to fit real in the wild attack data, while the post attack risk mitigation techniques are have more impacts, are highly dangerous to the organization, and increasingly costly compared to pre disaster mitigation techniques. With the current techniques that are based on (CVSS) Common Vulnerability Scoring System possessing several fatal flaws, new mechanisms, probably data driven techniques, are required.

Babiceanu and Seker (2016) notes that for an organization to utilize the plethora of data to adopt intelligent decisions, which reduce the risk to infrastructure and applications, there are several things that must be done to enhance action ability and value ability of such information. One such action is correlating and cleaning the vulnerability scanner data whereby the False Positives are extracted from the vulnerability assessment results by testing out probable exploits while utilizing multiple sources of data to flag possible False Negatives. When the best solution is established for each security layer; the probability of landing on a specific vulnerability multiple times and identified by varying sources increases. In addition, chances of having multiple vulnerabilities being flagged on multiple fields of the same category increases; hence, the developer can solve a number of problems using one fix.

The next step of making data valuable and actionable is correlating between disparate data sources, which involves techniques such as data mining vulnerability assessment, reviewing of results, and penetration testing. Since the ultimate goal is to come up with an automated and intelligent solution that can solve multiple security issues, action number three involves relating asset groups of risks to each other. Action 3 enhances understanding of existing risks to a particular platform through mapping of the platform’s assets together, including related security vulnerabilities.  Rongping and Yonggang (2014) indicates that developing of intelligent systems for cyber security using the steps described above, heavily relies on data, whereby the understanding of the requirements is highly understood. For instance, step one, which involves removing of False Negatives, increases the understanding of system requirements, whereby the relevant on ones are separated with the least relevant, while step three improves the understanding of cyber-security platforms requirements through mapping of vulnerability and risks involved.

5.4 Adaptive and Autonomous Response to Cyber Attacks

According to Venter (2014), the modern organization faces numerous vulnerabilities across the networked applications and infrastructure; however, only a few vulnerabilities cause most of internet breaches. The real-time risk, which a specific vulnerability poses to a company, is highly critical compared to its density, volume, and previous rankings. Leitão, Colombo and Karnouskos (2016) insists that cyber security teams in an organization not only need the results of raw scanning, but also are required to establish, which vulnerabilities compose a real threat.

Williams (2014) indicates that serious cyber security teams assess risk across the entire asset layers such as host and networks, applications, and databases. Williams (2014) also explains that most organizations dealing with a considerable large environment are not struggling with managing data from vulnerability penetration test, assessment, and modelling of threats to fix critical sections first.

According to Leitão, Colombo and Karnouskos (2016), there exist no cyber-security threat defence mechanism that can guarantee total security free of attacks. Therefore, adaptive and autonomous techniques to respond to attacks when they happen are required, whereby; the time taken to recover from disasters should be as minimum as possible. Venter (2014) also insists that response mechanisms should be able to learn from an attack to prevent similar attacks in future. Such response mechanisms get better in terms of efficiency as they encounter more and more attacks.  

6 Research Methodology

The study will be conducted using five steps, which are phase 1, 2, 3, 4, and 5. Phase 1 will be aimed at understanding the context of the study, whereby qualitative methods will be used to gather information about the study. A review of previous studies regarding digital intelligence architecture for improving cyber security in manufacturing sector will be analysed to establish the nature of the existing techniques of quantifying cyber-attacks.

The review of previous research will be aimed at revealing the cyber-security requirements in the modern service oriented manufacturing, whereby, the existing techniques of identifying such requirements will be analysed. The nature of the current defence and response mechanisms will also be targeted by the review of the past studies. Phase 2 of the study will involve a comparison of the existing level of cyber security with the expected security standards in the manufacturing industry to identify the nature of required systems.

Phase 3 will involve using of mixed approach of research whereby qualitative and quantitative methods of research will be used to collect data regarding the best solutions cyber security threats in the manufacturing industries. Data collection will done using various tools such as interviews, questionnaires, observation, among others will utilized to collect data from carefully selected samples. Specifically, employees from at least twenty corporations from the manufacturing industries will be randomly chosen to participate in the study.

Phase four of the study will involve using statistical tools such as SPSS and MS excel to analyse the collected data. An in depth analysis of the collected is expected to reveal the necessary requirements of coming up with a Digital cyber-security architecture, with a clear description the architecture including the manner in which it will be expected to function. The last Phase of the study will involve comparing the proposed digital Cyber Security Architecture with the current security issues in the manufacturing industry; hence, estimating the performance of such an architecture.

7 Scope and Limitations

Manufacturing industry is highly changing from the conventional good oriented organizations to the service focused companies, whereby sophisticated information techniques are being used to support manufacturing processes. Due to increased use of information technology techniques, cyber risk are also increasing with the increase in automation. Therefore, it is expected that during the period of research, changes will continue to occur; hence, by the end of the study, facts collected might be null and void.

8

9 Research Documentations (I will do it)

9.1 Work Plan

9.1.1 Subsection Heading (use Heading 3)

9.2 Section Heading (use Heading 2)

9.2.1 Subsection Heading (use Heading 3)

REFERENCES

Leitão, P., Colombo, A.W. and Karnouskos, S 2016, ‘Industrial automation based on cyber-physical systems technologies: Prototype implementations and challenges,’ Computers in Industry, 81, pp.11-25.

Kim, K.C. and Im, I 2014, ‘Research letter: Issues of cyber supply chain security in Korea,’ Technovation, 34(7), pp.387-388.

Herterich, M.M., Uebernickel, F. and Brenner, W 2015, ‘The impact of cyber-physical systems on industrial services in manufacturing,’ Procedia CIRP, 30, pp.323-328.

Linton, J.D., Boyson, S. and Aje, J 2014, ‘The challenge of cyber supply chain security to research and practice–An introduction’.

Venter, H.S 2014, ‘Security issues in the security cyber supply chain in South Africa,’ Technovation, 7(34), pp.392-393.

Williams, C 2014, ‘Security in the cyber supply chain: Is it achievable in a complex, interconnected world?,’ Technovation, 34(7), pp.382-384.

Rongping, M. and Yonggang, F 2014, ‘Security in the cyber supply chain: A Chinese perspective,’ Technovation, 7(34), pp.385-386.

Ani, U.P.D., He, H. and Tiwari, A 2017, ‘Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective,’ Journal of Cyber Security Technology, 1(1), pp.32-74.

Keegan, C 2014, ‘Cyber security in the supply chain: A perspective from the insurance industry,’ Technovation, 7(34), pp.380-381.

Boyson, S 2014, ‘Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems,’ Technovation, 34(7), pp.342-353.

Babiceanu, R.F. and Seker, R 2016, ‘Big Data and virtualization for manufacturing cyber-physical systems: A survey of the current status and future outlook,’ Computers in Industry, 81, pp.128-137.

Madan, B.B. and Banik, M 2014, ‘Attack tolerant architecture for big data file systems,’ ACM SIGMETRICS Performance Evaluation Review, 41(4), pp.65-69.

Pomponiu, V. and Thing, V.L 2017, ‘A Deep Convolutional Neural Network for Anomalous Online Forum Incident Classification.’

Kim, J., Tong, L. and Thomas, R.J 2015, ‘Subspace Methods for Data Attack on State Estimation: A Data Driven Approach,’ IEEE Trans. Signal Processing, 63(5), pp.1102-1114.

Cassandras, C.G, 2016,’ ‘Smart Cities as Cyber-Physical Social Systems,’ Engineering, 2(2), pp.156-158.

Qatar, S., Anwar, Z., Rahman, M.A., Al-Shaer, E. and Chu, B.T 2017, ‘Data-driven analytics for cyber-threat intelligence and information sharing,’ Computers & Security, 67, pp.35-58.

Agency Assessment

The International Student Organization is a body that provides a common platform for international students to promote interaction among them, and with the American Students. The body also aims at fostering understanding about the various diverse cultures in the world, and more so to give the international students the opportunity to experience the diverse culture of the American societies. The International Students Organization understands the challenges experienced by the newly admitted international students into American universities. Therefore, according to Hughes & Wearing, (2016), the organization assists the new incoming learners to adjust to the new environment, which is quite different from home life.

Furthermore, besides the organizations mission, there are various activities coordinated between the organization and other clubs, departments, and other associations, which aim at bridging the gap between American students and the international students. According to Riet et al., (2015), the main goal of these activities is to address issues that affect international students so that they can achieve academic goals and other goals in life.

The Intervention Program

According to Hornstein, (2015), various studies have revealed that the biggest challenge faced by the majority of the international students is their lack of social life. International students coming from different parts of the world are challenged by adjusting to the American culture, which is different from theirs’. Most of the international students have challenges having conversations in English, which is the language of the natives. Besides, some have problems adjusting to the climate, food, and the general way of life of the American people. According to Gladys, (2016), some international students cannot find their way through the city or campus, and due to their inexperience, they cannot are unable to ask for directions or help. Besides, they find it difficult to associate with other students, which affect their social life and academic performance.

According to Elizabeth, (2017), it is prudent to develop an intervention program that will help the international students adjust to the American universities, and the general society. The International Student Organization has developed a program that involves conducting field trips around the area surrounding universities, including the major city around. The participating students will be divided into teams that will carry out a scavenger hunt. This activity is meant to improve the students’ understanding of the American society, which will enhance how they interact with the people.

Assessing the Capacity of International Student Organization

Elements of the Organization

The International Student Organization has a positive agenda for the international students. The organizations mission is to promote the interaction of the international students among themselves, and with their American counterparts. The organization aim at promoting the understanding of the diverse world cultures, as well as enabling the international student adjust to the American way of life. The main goal is to address the problems of the international students, which will help them achieve their goal, including academic excellence.

According to Elizabeth, (2017), the elements of the organization’s mission indicated its interest in the welfare of the international students. The organization has a positive agenda for the social group, which is a basic element of achieving a social agenda. Besides, the overall goal of promoting academic excellence is realistic because, international students study overseas to achieve a kind of academic excellence, which they could not realize at home. Hughes & Wearing, (2016) postulate that the success of a program that promotes a social agenda depend on the target group and the overall goal of an organization. If the overall goal of the organization marches the main interest of the target group, there is a big possibility that the program will achieve the goal. Therefore, the mission and the main goal of the organization is an aspect that will motivate the support and the participation of the international students and local students, which opens the opportunities for external support in terms of finances and expertise.

Membership and Rights

The membership of the organization is drawn from all undergraduate students, who are encouraged to be active and participate in the organizations activities. The organization does not discriminate members on the bases of race, color, physical disability, sexual orientation, sex, nation of origin, and religious, cultural, or political beliefs. Every undergraduate student within the American universities is at liberty to join the organization, vote, and contest for leadership. Hornstein, (2015) postulate that an organization that promotes equality is capable of mobilizing resources and participation for a course. The organization’s aspect of promoting equality and acceptance of all members is in right direction in motivating students to participate in its activities.

Participation of students from diverse origins will provide a rich platform for diverse views on how to promote the success of the programs initiated by the organization. According to Hughes & Wearing, (2016), the diverse ideas from the students will bring creativity and innovation on how to promote the welfare of the international students, which will lead to positive results. Diversity brings new information and learning, which will help the program participants in making progressive decisions as far as this program is concerned. The organization is therefore a resourceful entity that can succeed in promoting a social agenda.

Leadership

The organization’s leadership consists of an executive board that comprises the President, the Vice President, the Secretary, and the Treasurer. The board members are elected through a secret ballot. Besides, the organization has an open and fair procedure for those who wish to contest for elections. Members can also remove non-performing leaders from office. The organizations requirements for contesting include knowledge of students issues and active participation in the organizations activities, which is the reason a student cannot contest if he or she has not attained at least one semester of membership.

Various management experts including Riet et al., (2015), argue that leadership is at the center of an organizations success, therefore, there must be a procedure that ensures that competent leaders get the opportunity to lead. The organization has developed such procedure to ensure competent leaders are elected. It is therefore likely for competent leaders to mobilize and manage resources necessary for a social course. However, Gladys, (2016) notes that the organization lacks the procedure to ensure that professional students on social sciences are given the opportunity to manage a social program. If the organization is not successful at acquiring external expertise, they may not design the program in manner that it would be easy to identify indicators of success, which are important in monitoring and evaluating the success of the program.

Resource and Networking Assessment

According to Elizabeth, (2017), the organization has a pool of resources ranging from the young, knowledgeable, and energetic student studying diverse courses. In addition, they have the expertise of the professors who they can consult for guidance. The membership contributions also bring more than half a million dollars into the organization, which is enough money to conduct a social agenda. Besides, according to Hornstein, (2015), the organization has a network of support from the public and the private sector. Most of the organization’s programs are funded and supported by organizations, such as Graduates International, Golden Key International Honour Society, Plan International, and Pepsi among others. For instant, in 2015, Graduates International provided expertise and finances to conduct trips for international students across five cities of the United States.

Assessing Previous Programs

Most of the programs conducted by the International Students Organization have succeeded. According to Hughes & Wearing, (2016), the programs have succeeded because the organization has the resources and networks that enhance its capacity. For example, the English Pal Program in 2011 succeeded because the organization had resources, leadership, and networking capacity. The Golden Key International Honour Society was the main partner in this program, and they contributed finances, expertise, and motivated members to promote their welfare. Besides, the organization has a City Trip Date for 2016, where they are selling tickets to mobilize finance for this program.

Conclusion

The International Students Organization has the capacity to conduct an intervention program to improve the welfare of its members. The wide range of resources and network is an indication that the organization can promote a social program. Besides, the organizations previous success is an indication that they can conduct a social program without failure. However, the organization should look for a way of promoting learning for its members especially those doing the social sciences courses by involving them in the management of its social programs.

References

Elizabeth, J (2017). The Social Science in Management. Journal of Social sciences. 19, 89-240

Gladys, W. (2016). Elements of a Comprehensive Social Program. Journal of Program Management, 45, 134-298

Hornstein, H. A. (2015). The integration of project management and organizational change management is now a necessity. International Journal of Project Management, 33(2), 291-298.

Hughes, M., & Wearing, M. (2016). Organisations and management in social work: everyday action for change. Sage.

Riet, P., Rossiter, R., Kirby, D., Dluzewska, T., & Harmon, C. (2015). Piloting a stress management and mindfulness program for undergraduate nursing students: Student feedback and lessons learned. Nurse education today, 35(1), 44-49.

Implementation of Safety Management System in Flight Operations

Table of Contents

1.0.     Introduction. 5

1.1.     Background of the System Management Systems (SMSs) 11

1.2.     ICAO Components of Safety Management Systems. 12

1.2.1.      Safety Policy. 12

1.2.2.      Safety Promotion. 14

1.2.3.      Safety Risk Management (SRM) 16

1.2.4.      Safety Assurance. 18

1.3.     Quality Management Systems and Safety Management Systems. 19

1.3.1.      Misconceptions. 20

1.4.     Safety Management System Implementation. 21

1.5.     Benefits of Adopting Safety Management Systems. 23

2.0.     Work Environment 24

3.0.     Work Requested. 25

3.1.     The Broader Project 25

3.2.     Initial Subject 26

3.3.     Technical and commercial interest 30

3.4.     Team and the resources description. 30

4.0.     State of the Art 31

4.1.     Context Analysis. 31

4.1.1.      Previous Research. 31

4.1.1.1.       Gain Workgroup B: Survey on Flight Data Analysis. 32

4.1.2.      FAA Pilot Studies. 34

4.1.3.      FAA Policy Formulation. 35

4.1.4.      Overview of NPRMs. 36

4.1.5.      Flight operational quality assurance (FOQA) 37

4.2.     Regulations. 40

4.3.     Summary. 41

4.4.     State of the Art 43

6.0.     Project Handling. 48

6.1.     Project plan. 48

6.2.     Summary of Work Management 52

6.3.     Implementation Plan and the SMS Manual 52

7.0.  Evaluated Solutions. 54

7.1. Web Based SMS Solution (SMS PRO^TM ) 54

7.2. In House SMS Solution from a Single Developer 55

7.3. In House Unique Solutions. 56

8.0. Adopted Solution. 57

8.1. Web Hosted Solutions (SMS PRO^TM ) 57

8.1.1. Technical Solution Presentation. 57

9.0. Justification of the Solution. 61

9.1.  Cost 62

9.2.  Efficiency. 62

8.3. Sustainability. 63

8.4. Implementation Ease. 63

8.5. Ease of Reuse. 63

10.0.  Critical View Point 64

9.1. Project Limitations. 64

9.2. Future research. 64

11.0. Implementation. 65

12.0.       Conclusion. 66

13.0.       Glossary. 68

14.0.       References. 70

Abstract

Safety Management System programs are an essential component of Flight Operations Safety Management whereby they provide the necessary tools for data collection, analysis, and reporting. Proper SMS programs also offer Flight Operations Quality Assurance tools, which assist in evaluating the performance of mechanisms put in place to offer Flight operation safety. International bodies such as IATA and ICAO have put in place standards for developing and implementing functioning SMS in their member States.

 FAA, a federal agency mandated with promoting Flight Operations Safety in the United States, in line with international bodies such as ICAO has developed standards that should be implemented by every aviation stakeholder in efforts to promote safety in the industry. Although requirements by international and local bodies exist in the United State of America, Aviation stakeholders such as airlines have come with sophisticated strategies of developing and implementing SMSs, Therefore, Flight Operations Safety is highly improved in the country with some stakeholders having implemented strategies beyond FAA and ICAO requirements.

In that regard, Delta Air in 2016, knowing the benefits of SMSs programs and lacking a functional system, Contracted Sky Prime Aviation Services, to evaluate their Flight Operations Safety System. In addition, Sky Prime Aviation Services was supposed to recommend new methods of promoting the airlines flight operations safety and assist in implementation. The company being one of the leading companies globally in flight operations safety provided exemplary services in coming up with one of the best SMS program for Delta and assisted in successful implementation of the program.

1.0.            Introduction

Safety Management System is a proactive formalized strategy for risk management and safety enhancement. According to Transportation Research Board, (2009) there exist several benefits associated with successful implementation of SMS in the Aviation industry, which include the general improvement of flight operations safety. However, Ziglar, (2010) postulates that; although SMS possess the benefit of enhancing safety in the aviation industry, the manner in which Safety management Systems are implemented highly determines whether they are beneficial to an organization or they are a source of drawbacks.

According to Transportation Research Board, (2009) the perceived benefits of SMS and regulations by various aviation bodies have led to the adoption of the safety improvement tool by a big number of countries in the world. One of the regulations regarding SMS was communicated in the Notice of Proposed Rule Marking (NPRM) issued on 5^th October 2010 by FAA, which was titled ‘SMS at Certificated Airports.’ NPRM required Safety Management Systems be implemented in all of the Federal CFR part 139 Certificated airports and including airlines operating in these facilities in America (Transportation Research Board, 2009).

After the International Civil Aviation Organization urged FAA to verify the issues raised by various stakeholders regarding NPRM and Safety Management Systems, and with the assistance of TRB (Transportation Research Board) the body initiated pilot studies and another study focusing on the implementation of SMS. The studies by FAA elicited many comments from various stakeholders, which the agency is still working on in efforts to derive sense from them. With all CFR part 139 certificated airports (and airlines operating in the facilities) having to implement SMS programs as per the NPRM requirement, concerns and questions have been emanating from airlines employees, operators, and the entire aviation industry.

One of the areas of SMS, which has been generating a lot of debate in the United States and other parts of the World, is Quality Assurance. Specifically Flight Operation Quality Assurance has been a major source of debate with some stakeholders lauding the component and others expressing concerns. However, some segments feel that FOQA has been in existence even before NPRM and hence the association between the two programs does not add up (Howell, 2017).

According to Howell, (2017), the presence of FOQA in airlines can be traced back to the 1990s whereby some ports and airlines implemented some forms of Flight Data Monitoring. Howell indicates that the earliest airlines to adopt FOQA were the largest carriers, which was a means of enhancing air safety. Howell notes that FDM started gaining some form of formalization in the late 90s when ICAO passed a resolution to initiate regulation regarding SMS including FOQA. ICAO resolution resulted to increased adoption of FOQA as a compulsory requirement for the member states.     

Since NPRM, FOQA, and SMS in general have been in existence for a considerable long duration of time, and generates a lot of debate, it is therefore imperative to examine the performance of the programs. A comprehensive analysis of the programs’ performance can aid in identifying the best approaches to improve them and hence boost overall safety in the aviation industry. According to (FAA FOQA AC, 2011), the primary purpose of SMS in the airlines and airlines is to boost flight operation safety; therefore, if the programs cannot effectively meet their core role, they become an unnecessary cost to the organization. Therefore, in such an instance, the programs should be improved or replaced.

One organization, which had such a problem, is Delta Air in the United States whereby the company’s flight operations safety were inefficient and were prone to risks and hazards. In 2016, Delta Air contracted Sky Prime Aviation Service to evaluate the corporation’s SMS program and come up with a means of improving the flight operation safety. Sky Prime Company offered exemplary services by suggesting the best solution for the airline and assisting in the implementation of the solution. Further, the company offered efficient services including professionals, and technology to manage the process of need analysis, evaluation of possible solutions, implementation of the most efficient program, and providing the necessary training together with the solution developer they had helped in choosing.

Relevant Literature

According to Federal Aviation Administration (2011), aviation is currently one of the safest means of transport around the globe. However, FAA notes that accidents and incidences still occur hence it is critical to identify that it is impossible to eliminate accidents and incidences. FAA insists that the most essential thing is to put efforts in devising an action course to inhibit most of the accidents. According to Merriam-Webster (2012), “Safety is a condition of being safe from causing or undergoing injury, hurt, or loss.” Safety is also defined as a device that is designed to inhibit hazardous or inadvertent operation” (Merriam-Webster, 2012).

Regarding safety in the aviation industry, an evolution has been experienced over the years whereby safety systems in the industry initially were reactive. According to Stolzer et al., (2011), reactive systems operate in manner that accidents occur triggering people’s reactions whereby they come up with curative mechanisms. The approach has been regarded as the fly-crash-fix-fly approach (Federal Aviation Administration, 2009b)

.Contrary to the previous reactive measures, current safety systems are evolving towards becoming more proactive which is evident in programs such SMS. In future programs are expected to be more predictive and hence, more efficient in ensuring safety in the aviation industry (Stolzer et al., 2011).

Figure 1: Safety Evolution Since 1950 to 2010 (FAA, 2009b)

Figure 2: Safety Systems: Past, present, and Future (FAA, 2009b)

FAA Definition of SMS

According to Aviation Safety Organization (ASO), which was created by FAA to inform the public about Safety Management System and FAA, SMS is a structured process, which requires institutions to manage safety using a similar priority level as that of other key business processes management (Federal Aviation Administration, 2010a). However, FAA defines SMS as a formal top-down strategy to manage safety risk that consists of a systemic method of safety management, which includes the required organizational structures, policies, accountabilities, and procedures” (Federal Aviation Administration, 2010a). According to Stolzer et al. (2011), SMS is created to inhibit accidents from happening and mitigating effect of those that do occur, through use of a step-wise procedure that includes a robust teamwork and culture to guarantee the safest airlines possible.

ICAO and Flight Operations Safety

International Civil Aviation Organization holds planning and ensuring that air transport all over the world is safe responsibilities. In Nov 2005, ICAO arrived at a decision to amend annex 14: Vol 1, Aerodrome Design, and Operations, thereby requiring member countries to adopt Safety Management Systems (ICAO, 2013). United States of America being a Member state had, therefore, to comply with the demand. In the U.S, the organization mandated with SMS implementation is the FAA through the Airline Safety and Operations Department. The department particularly holds the responsibility for flight operations safety and certification, safety, and operation practices that include aircraft rescue and firefighting, and wildlife hazards mitigation; promotion of emergency operations, management of emergencies, and controlling damage at civil ports, the federal activities at the ports and restoring them after a natural disaster or an attack.   

In 2005, After ICAO demanded that all member countries implement a Safety Management System; the U.S started preparing an advisory curricular, the Federal Aviation Administration’s form of distributing information to the public on adopted policies or guiding to the respective entities. The circular was released on 28^th Feb 2007, which was titled “Introduction to Safety Management System (SMS) for airline operators” (Federal Aviation Administration, 2009c). The intention of the Advisory Circular was to introduce Safety Management System to the aviation industry mostly the airlines. The AC provided information to all stakeholders in the aviation industry on SMS and offered opportunities and guidance for participating in pilot studies. One of the core points in the Advisory Circular was that Safety Management System design coincided with 14 CFR part 139 and addressed portions not covered by section 139. However, SMS was not intended to duplicate section 139 requirements. For instance, one of the major difference between SMS and 14 CFR section 139 is that SMS analyzes new risks, which the regulation does not. Addressing new risks was considered a huge part of enabling the aviation industry to inhibit incidences and accidents from reoccurring.

Table: 14 CFR part 139 Vs. SMS (Federal Aviation Administration, 2011)

1.1.            Background of the System Management Systems (SMSs)

Throughout the aviation industry, Safety management System (SMS) is becoming a standard. Various local and international bodies such as International Civil Aviation Organization (ICAO), Joint Planning, and Development Office (JPDO), among others, recognize SMS. The relevance of SMS today is evident in its application as a standard across various critical industries such as security, quality, environment, and occupational safety and health.

Regulators’ and Service/product providers’ (Certificate holders) Safety management systems integrate safety assurance concepts and modern safety risk management into repeatable, proactive systems. Formal SMSs approach safety management as a rudimental business process, which is considered in a similar manner as the rest of business management. In aviation, identifying the role of an organization in accident prevention; SMSs assist certificate holders by providing a structure for decision-making in the process of safety risk management (Federal Aviation Administration, 2011).

SMSs also provide a means of revealing the safety management capability prior to the occurrence of a system failure. Provision of improved confidence in risk controls via safety assurance is another functionality of the systems. Further SMSs provide an effective interface for sharing knowledge between the certificate holder and the regulator. Finally, the systems offer a framework for safety promotion to enhance a sound safety culture.

What is Safety Management Systems?

 System and technology improvements have greatly contributed to safety in the aviation industry. However, a big component of ensuring safety in flight operations regards attitude and paying attention to the surrounding through the input of employees, data, among others, in realization that numerous opportunities exist to prevent an accident. According to ICAO, (2013), the recognition is the initial step in moving from a reactive to predictive thinking.

According to ICAO, (2013) safety management concerns decision making, therefore, SMS is a tool for decision makers and not a conventional safety program distinct from operational and business decision-making.

1.2.            ICAO Components of Safety Management Systems

The components of the decision-making tools are safety policy, safety risk management, safety assurance, and safety promotion.

1.2.1.      Safety Policy

Safety policy identifies the commitment of senior management to enhance safety in flight operations whereby the component defines processes, methods, and organizational structure required to meet the safety objectives. Safety policy is a statement by the senior management, which includes;

• A commitment that the safety management system will be implemented
• Assurance that safety performance is monitored in the same manner as financial performance by the executive
• Workers are motivated to report potential safety problems without fear of reprisal
• Executive is committed to provide the required resources
• Adoption of clear standards for safety acceptable practices

The policy statement provides a detailed description of the entire organization operations and consists the duties, responsibilities, and relationships between all the participants in an organization. The statement particularly consists of the inclusion of top management in the safety management system. Including the top management is a critical component to the success of the SMS. Moreover, the statement defines the procedural framework that provides a description of the responsibilities of all the departments, which includes measurement and change of processes in the system if needed, and training (Federal Aviation Administration, 2011).

The structure of the organization is the next element of safety policy. Implementing a safety management system an airline requires an appointment of at least one individual to oversee the project and the process of implementation. Organizational structure enhances the company to identify the employees’ responsibilities. The organizational structure is an aspect of safety management system since it is required for workers to follow the appropriate procedures for the company.

The element of safety policy pillar, which emphasis on procedure assists in identifying the manner in which hazards are established. The organization structure element is as dynamic as a new method of logging water damage in the terminal; therefore, changes have to be adopted. When adopting changes, it is important that they are appropriately communicated all over the organization and availability is open to every individual. In case of an incidence or accident, the part outlines the proper protocol in such a situation. Moreover, the procedure element indicates, people to contact, the manner in which individuals are contacted, and provide ease of access to every individual (Federal Aviation Administration, 2011).    

1.2.2.      Safety Promotion

The second pillar of safety management systems, which was defined by the Federal Aviation Association (FAA) as a combination of safety culture, data sharing activities, and training that enhances implementation and operation of a Safety Management System in an institution (Federal Aviation Administration, 2011). The component consists of communication, training, and culture. Apart from the organization’s management, employees should also prioritize safety management systems, hence, apart from releasing a policy statement, which advises the organization on their safety commitment, management must also be actively involved. The involvement of the top management and the rest of the organization affect the safety culture of the institution in a direct manner (Federal Aviation Administration, 2011). Therefore, it is critical for the managers to maintain and show a positive attitude about safety management systems. Rather than the management team, participating in SMS at the initial stages only, it is critical that they maintain commitment since they are a rudimental and necessary requirement of creating a positive culture on safety. Assessing the current safety culture is another critical step for an organization, which in some instances can be complicated. The step demands an assessment of the existing organization culture to establish the required direction for future growth (FAA, 2012).

Safety promotion regards nurturing safety culture, which has been one of the challenging and hardest elements of the Safety Management System adoption process. Under the safety promotion pillar, creating a safety culture is the first element, which involves getting individuals to change behaviors or introducing new things. The aspect of changing the individual or introducing new concepts is what constitutes to the complexity or difficultness of the safety culture element. Individuals are a set in a manner in which they behave and are always resistant to changes; hence, the integration process of the safety management system is critical to enhance their acceptance. According to Federal Aviation Administration, (2009c) employees like to be involved in things and hence feel a component of them. Success of any program requires that the top management be included and believe in the in the initiative. Belief in the program is crucial, as there is no employee desires to work for the management, which does not obey or support the introduced principle or believe in the initiative. Involvement of the institution’s top management assists in convincing the workers that they also need to be part of the programs. Communication, which is also a safety promotion pillar, is therefore critical at this instance to ensure that every person gets the necessary information about the new changes (EASA, 2014).

The second element of safety promotion pillar is training, which is an imperative element since it enhances demonstration of the safety management system by the organization. Training employees comes after the Safety Culture promotion step whereby all the workers are trained on the organization’s policies, particular situations response procedures, and their responsibilities and roles with regard to SMS. Additionally, it is essential to identify that this element involves implementation and recurrent training as well (EASA, 2014).

Communication, which is the final element of safety promotion pillar of SMS, is necessary for the success of a program or an organization. The element involves written elements such as the policy statement, and a demonstration of commitment by management, which encourages the workers to be involved and hence seek more information about the new changes.

According to National Archives and Records Administration (2012), the communication process enhances growth in numerous areas such as identifying the source of issues, ways of resolving them, and the lessons from the situation for every participant to ensure that such problems do not recur. National Archives and Records Administration, argues that it is essential that communication is open and employee must feel that they are making an impact to the operation since the value of information is determined by the ability of the employees or organization to learn from it.

Ziglar, (2010) postulates that safety promotion pillar is the SMS’s foundation whereby all the elements influence one another in a profound manner; therefore, absence of a concrete foundation will render a SMS unsuccessful. In most cases, organizations have their procedures, organizational structure, and policies in place; therefore, they are just required to revamp and harmonize them, hence developing a manual for safety. However, appropriate training and communicating with the entire workforce can be cumbersome. Inefficiencies in the safety promotion pillars translate to a jeopardy of the Safety Management System at an institution. Therefore, an organization must possess excellent training, safety manual, and communication prior to proceeding to the final pillars of SMS.

1.2.3.      Safety Risk Management (SRM)

The Safety Risk Management (SRM) component of SMS establishes the requirement for, and adequacy of, new or revised risk controls, based on a risk acceptance assessment. SRM, which is the third pillar of Safety Management System, provides a description of the operation processes across the institution boundaries and every department, establishes the core indicators of performance and quantifies them regularly, assesses risk, and mitigates it (risk) through exercise of controls (Ziglar, 2010).

According to Federal Aviation Administration, (2009c) the ideology of risk management concerns operational systems management, whereby the Safety Risk Management pillar, analyses the systems, establishes risks, and performs an analysis of the identified risks and assessment of hazards. Moreover, the pillar includes acceptance of risk, analyzing of causality, and risks control and the operation of the system. SRM indicates particular systems in place at an airline and consists of the elements below;-

• Hazards identification
• Risk analysis and Assessment
• Risk control

Hazard identification is the first element of the Safety Risk Management pillar. The pillar enhances an individual or the organization to dig deep and perceive the hazards faced by the airline. In most of the cases, it is difficult for individuals to look at the hazards without biasness. Therefore, the airline or the organization should have an audit done by an external source. After identifying all the hazards, the next step is to perform a risk assessment. According to ICAO, (2013) in a Safety Management System, the hazards identified are documented after which they are analyzed to establish the needed action, which can assist in reducing or eliminating the safety risk.

Measuring the risk severity is done using a Risk Management Matrix. Risk assessment process includes addressing of the occurrence likelihood and the severity of consequences.  For instance, if the condition of a runway caused an aircraft go off (the runway), then the incidence would be considered a hazard. If the frequency of the hazard is found to be high and the severity great, then mitigation is required (Ziglar, 2010).

The last element of SRM is mitigating and tracking of risk whereby a comprehensive analysis of the mitigated risks is required to establish that the reason for mitigation is the actual cause of the hazard. Federal Aviation Administration, (2011) asserts that completion of the process is done through a system, which enables neutralization of the risk; hence, enhance safe operations. Federal Aviation Administration further indicates that Safety Management System also involves tracking of problems on top of error identification and mitigation. Therefore, whenever a system is installed to eliminate recurrence of a hazard, constant monitoring is required to maintain effective risk mitigation.

1.2.4.      Safety Assurance

The safety assurance part of SMS evaluates the implemented risk control strategies’ continued effectiveness whereby it identifies whether the approaches support identification of new hazards. According to FAA, (2012) safety assurance are functions for process management, which offer confidence, that services/products for organization satisfy or exceed the safety requirements, in a systematic manner. Fundamentally, safety assurance is a pillar for boosting morale since it assures the institution that efforts for identifying, mitigating, tracking hazards are generating the desired results.

After adopting, process, policies (from the safety policy pillar), assessments, controls, and measures (from Risk Management Pillar) the organization must conduct regular reviews to establish achievement of safety objectives (Ziglar, 2010).

The parts of the safety assurance pillar are the Management of safety risk and safety assurance relationship, decision-making information, external audits, internal audits, voluntary and regulatory programs integration, internal evaluations, analysis and assessment, and environment monitoring. Therefore, there are three elements of safety assurance, which are external audits, internal audits, and the corrective action.

The airline auditor conducts internal audit, which entails formal and informal audits across departments in the entire organization and is the first element of safety Assurance. According to Stolzer et al., (2011), the audits should be regular and unscheduled or scheduled to ensure that they provide reliable information. Ziglar, (2010) postulates that internal auditing assist an airline to utilize their workers to conduct the audit. According to Stolzer et al., (2011), utilizing of the airline employees has both positive and negative effects. Transportation Research Board, (2009) indicates that among the positive effects is that the employees are familiar with airline’s procedures and polices hence they quickly identify the hazards. Ziglar, (2010) also notes that one of the negative effects of using the employees in conducting the audits is that they can be biased or overlook matters, which can land the airline into trouble, or simply the failure to identify an hazard while they can see it. Therefore, due to the shortcomings of internal audits the external audits are necessary.

The external audits form the second component of Safety Assurance Pillar, which copies internal audits. However, external audits possess one uniqueness, which is that they must be conducted by an external-independent organization. Involvement of such an organization enhances unbiased risk identification approaches; however, the airline incurs extra cost for contracting the agency. Ziglar, (2010) notes that in some instances, airlines dislike use of external auditors because they identify issues that were not previously identified.

Corrective action, the last element of Safety Assurance pillar, focuses on bearing consequences. The purpose of the element is to provide checks and balances to the pillar, which ensure that in case of an accident or incidence, individuals responsible incur proper penalties being enforced. Moreover, corrective actions are utilized to ensure addressing of hazards.  

1.3.            Quality Management Systems and Safety Management Systems

According to Federal Aviation Administration, (n.d.) there exist numerous similarities between quality management systems (QMS) and Safety Management Systems (SMS), which create confusion between the two tools. However, the tools are different and distinct whereby their application along with events’ investigation distinguishes them. Howell, (2017) postulates that a product can conform to the ISO standards in terms of quality but still be unsafe. Therefore, management teams and other decision makers in the aviation industry should be keen not to implement QMS for SMS.

1.3.1.      Misconceptions

Many Misunderstandings about SMS exists, even when the concept has been in existence for a considerably long time, particularly in differentiating the management systems for regulators and service/product providers. Some of the existing misconceptions include that SMS is a replacement for the system safety. Contrary, SMS applies the concepts of system safety and includes the ideas of formal system safety management. The tool builds an avenue for a more effective interface between service or product providers and the organizations performing oversight roles. Therefore, safety management system is the next logical step in the evolution of system safety (Ziglar, 2010).

Requirement of a separate safety department is another misconception about SMS. Many may think that while larger organizations may possess specialist employees such as Safety Director, auditors and analysts for safety and quality, among others, in a similar manner they can employ attorneys, accountants and other categories of specialists for safety management system. However, this school of thought is a misconception because SMS is a set of management practices, which does not require additional organizational ‘stovepipe’ or ‘layer.’ The tool primary focus is on the functional expectations by operational departments; hence, the allocation of resources should be appropriate for the organization’s size. According to Ziglar, (2010), participants in a pilot project established that the resources for SMS are essential to successfully champion for development and implementation for the tool. 

The assumption that SMS will require an Aviation Safety Action Program (ASAP) is another misconception about the tool. While the tool requires voluntary employee programs, there exist no particular programs, which are mandatory for a successful development and implementation of SMS. Therefore, management teams in the aviation industry should not rush to implement programs such as ASAP prior to the implementation of SMSs and should instead mobilize workers to participate in the relevant programs (Howell, 2017).

Among the misconceptions is also a thinking by the regulators that an SMS nullifies their roles. Whether the regulators view the service/product providers as adversaries, hence a threat to their duties, they should maintain their position of providing an effective oversight for safety. The regulators should understand that an SMS provides a clear set of product/service providers’ requirements to show case their management capability. However, regulators will always be responsible for emphasizing of adherence to technical standards and continue with the work of validating service/product providers’ attainment of them (Ziglar, 2010).

1.4.            Safety Management System Implementation

Several approaches for the implementation of new programs or tasks exist, which can assist an airline to adopt a Safety Management System (SMS). In this regard, some foreign airlines have successfully implemented SMSs utilizing the strategies, which are:

• Phased Methodology Approach
• Evolutionary Style and
• Fast Track Adoption

The Evolutionary approach implementation takes a duration of several years to complete but enhances gradual development and nurturing the safety culture, which is necessary for an effective and successful Safety Management System. Although the method is not popular in some countries such as the United States of America, it is one of the most efficient strategies for implementing a SMS. According to FAA, (2012) integrating a Safety Management System over a considerably long period enhances full understanding of the SMS by the airline, development of a concrete SMS program, and embracing of the SMS by the workers.

Phased Methodology Approach on the other hand focuses on achieving milestones by setting fixed durations of time. Among the benefits of the approach is providing deadlines by which things must be done and enhancing addressing of issues before proceeding from one pillar to next in the SMS. The final approach of implementing an SMS is Fast track adoption, which is the least preferred strategy because the airline bears the mandate and every process implementation starts immediately. The strategy assists the airline to satisfy FAA (Federal Aviation Authority) and ICAO regulations. However, the approach does not enhance appropriate integration and is highly aggressive; hence hamper organization and safety culture. According to Transportation Research Board, (2009) Fast Track Adoption is not the desirable approach for SMS or any new program implementation.  

According to FAA, (2012), numerous foreign ports have implemented successful Safety management programs and are reaping a lot of benefits. In the implementation of the Safety Management Systems abroad, the Civil Aviation Authorities (CAAs), which are, the versions of the Federal Aviation Authority (FAA) in foreign countries, allowed the ports to utilize varying strategies. Gap and procedure analysis were the main strategies utilized by the airlines, which helps the ports to identify the existing procedures and perform gap analysis; hence, assist in revealing deficiencies. Evolutionary Style was the most preferred approach because the airlines thought that it worked efficiently compared to other methods.

The approach enabled the foreign ports to nurture every component without rushing therefore achieving immense effectiveness. Data collection is another procedure of implementing Safety Management System programs, which is regarded as the backbone of SMS. The procedure enables standardization of databases across the board. The Hazard-reporting System is also an SMS implementation procedure that enhances open and confidential reporting; hence, providing the workers with a means of issues reporting without being scolded or singled out (FAA, (2012).

According to Howell, (2017) the integrity of an approach is very critical in ensuring that Safety Management Systems work as expected. Therefore, external agencies such as the NTSB (National Transportation Board) should conduct reviews occasionally to ensure employee protection by ensuring that their identity is sealed hence protecting them from being victimized for creating or reporting tension.

Numerous ports such as in the United Kingdom, Australia, Canada, Switzerland, Singapore, Kuwait, Ireland, Hong Kong, Italy, among other places established Safety Management Systems as the most effective system to ensure that incidences and accidents rates do not rise hence correlating with the anticipated increase in the international air traffic. In a similar manner, ports such as Wales, Copenhagen Denmark, Cardiff, among others, have expressed their intention of utilizing Safety Management Systems rules to enable their safety records.

1.5.            Benefits of Adopting Safety Management Systems

According to Howell, (2017), it is critical to identify that since risks and hazards will always exist in the environment of the airlines and airlines, proactive management is required to establish and control the safety problems before causing damages. Howell, (2017) argues that despite the fact that SMSs cannot assist an airline or an airline to eliminate all the risks, they possess numerous benefits. First, it is good to note that the Safety Management System should not be burdening to the workers thus should be incorporated to day-to-day activities of the employee. 

Transportation Research Board indicates that one of the benefits of SMS is enhancing accidents and injuries analysis and offer feedback for improving efficiency and safety of the entire airline. According to the Transportation Research Board (TRB), the Safety Management Approach assists in loss reduction, productivity improvement, and the strategy in general terms is good for business.

Cost reduction is another benefit of implementing a SMS whereby, although adopting the program and conducting regular training requires resources, SMS significantly reduces cost by assisting the airline employees to detect the initial signals of accidents and incidences. FAA, (2012) also indicates that another benefit of an SMS is improving the organization’s morale and communication among individuals and management. Moreover, a Safety Management System enhances ports to have formal processes and meetings; thereby developing a safety culture by improving the awareness of staff regarding safety and risks and enables maximization of the safety investment effect by making sure that the greatest priority requirements are established. According to Ziglar, (2010) other benefits include learning from errors, creation of good organizational practices regarding safety, and the general improvement of practices. Numerous Airlines have started implementing Flight operations quality assurance programs for capturing, storing, and analyzing the recorded data. The major objective of FOQA is to enhance the general unit or organization’s safety, improve the effectiveness of maintenance, and minimize cost of operation.

2.0.            Work Environment

Sky Prime Aviation services is a private multinational company with a main base in Saudi Arabia. The firm offers numerous services in aviation industry such as airport management, project management, Technical Support and maintenance, Consultancy, and ground support services. The company also provides flight operations safety services including consultancy and project management. In this regard, the company has a department dedicated to flight operations safety services

In 2016, attached to the corporation as an intern flight operations systems engineer in the department of Flight Operations Safety Services, my roles included-

• Assisting in Flight operations safety consultancy services to clients
• Assisting in Safety Management Systems Programs implementation
• Assisting in Flight Operations Safety project management

Specifically, the company is popular for implementation of working SMS programs for airlines. For instance, the company installed an excellent SMS program for Delta airline in the United States of America, which helped the company to minimize incidences and accidents in flight operations, in 2016. Implementation of SMS programs includes installation of the necessary Safety Management System tools such as FDMs, reporting tools, and human factor tools, among others. The Flight Operations Safety Department combines efforts with the client’s relevant departs and solution developers to conduct safety analysis, evaluate available solutions, recommend the most efficient, implementation of the recommended solution, and conduct follow-on services among others.

This page is intentionally left blank

3.0.            Work Requested

3.1.            The Broader Project

In 2016, Delta airline contracted Sky Prime Aviation Services for an evaluation of safety operations to establish the organization’s compliance with the regulating bodies and the level of performance of flight operations safety programs implemented by the company in the United States. Work requested involved analysis of the existing measures laid by Delta Air and then proposing the best solution by evaluating the possible solution to the flight operations safety issues established and assisting the corporation in implementing the best.

3.2.            Initial Subject

To resolve Safety Operations requirements by the regulating agencies compliance and other minor issues, Delta Air Contracted Sky Prime Aviation Services to implement a comprehensive of Safety Management System with integrated analytical tools. The proposed system was supposed to include a clear policy statement for the airline and safety promotions elements. The program was also supposed to specify the departments to be involved in the safety managements as stipulated by FAA SMS program requirements. In addition, the program was supposed to specify the methods and duration of conducting internal and external audits for safety promotion.

Some of the tools that the program was supposed to include to enhance safety risk management and quality assurance are explained below:

1.  Flight Safety Event Reporting Tools

The foundational safety data management and analysis system, which enhances the process of safety management and is most prioritized by airlines, is formed by this category of analytical tools. There exist two categories utilized to achieve the above objective. One of the categories consists of special-purpose for flight safety event reporting management and information from airline safety reports analysis. The second type comprises of tools utilized to conduct statistical and trend analysis of safety report data.

• Safety Report Management and Analysis Systems

The systems possess the ability to store and display a broad range of various categories of safety reports including CSRs, ASRs and the audit reports. The systems offer some ability to enhance the process of safety event investigation, capture corrective actions, which may include assigned to particular persons and the action’s status. The capability may consist automatic sending of messages or acknowledging the people assigned follow-ups or who submitted reports. The system also generally offers some trend analysis, with chart creation capabilities or tracks the rate of particular categories of events over time. The systems also possess the ability to choose subsets of data for analysis and display.

Some systems in this category also provide some functions to enhance events classification to predefined categories, or to assign each event a risk level. Some systems may also provide capability to filter the information in the database of events to establish the previous reports’ subsets, which may possess similar characteristic and extract information that is relevant to the current report. 

• Trend Analysis and General statistical Analysis Tools

The tools offer capabilities for the analysis of statistical data from the data management systems and present that information informs of charts and tables for utilization and presentations. Most of these tools are provide general-purpose analysis and they include statistical analysis packages, spreadsheets, and are not specifically for airline Flight Safety use, but they offer robust analysis capabilities critical for this application. Some other tools can be designed to work with particular safety databases or Safety report management systems. Although the tools are utilized with specials programs such as the Airline Safety Report Management Systems, and in some instances they can be used in the analysis of the safety report data, which is stored in customized databases that are maintained utilizing software for general-purpose management. Minute airlines can utilize statistical analysis programs or spreadsheets for storage and management of information submitted on hard copy safety reports for continuous analysis using the tools. 

• Flight Data Monitoring Analysis and Visualization Tools

FDM is another type of analytical tools that airlines acquire which are imperative to enhance meaningful utilization of flight data. To enhance a recording of a wide range of parameters and improve Data Storage Media removal, FDMs use of quick access recorders. According to FAA FOQA AC, (2011) the tools are cost intensive; hence, the QARs may exceed an organization’s budget. FDMs can also utilize limited data set from the ‘black boxes’ or digital flight data recorders. In both of the cases, FDMs are capital and workforce intensive, where the resources are used in equipping and maintaining QARs and aircraft, retrieving and downloading data, and processing and analyzing of the data.

• Human Factors Analysis Tools  

With a strong event reporting and analysis system installed, and the airline has identified and FDM program, the next region to address in a more systematic manner is the human factor data analysis. Coming up with a meaningful human factors capabilities demands a source that can provide enough materials to analyze.  The required data can come from the structured follow-up interviews whereby people are required to file events reports or from programs for confidential human factors reporting.

 Generally, it is extremely hard to undertake useful human factor analysis of the reports containing events data, which is not structured. Events reports should contain data structured in such a way that the human factor problems and processes of data collection are required to establish considerations such as performed actions’ sequence, available information and the process of decision-making, workload and competing actions, design issues and training, flight crew communications, among others to enhance meaningful human factor analysis.

Types of Safety Data that the Solution was supposed to focus on are highlighted below-

1. Occurrence Reports

The SMS solution was also required to provide a formal reporting process for all or some of the categories of incidences, accidents, or any other form of occurrences reports, which included-

1. Confidential Human Factors Reports (HFR)
2. Cabin Safety Report (CSR)
3. Error Maintenance Reports
4. Occupational Safety and Health Report (OHSR)
5. Air Safety Report (ASR)
6. Ground Damage Report (GDR)
7. Airworthiness Issues Report
8. Hazard Report
9. Digital Flight Data
10. Safety Audits and Assessment

In addition, the required program was supposed to be the best, in terms of cost, whereby the adopted solution was supposed to be the cheapest considering functionality. The requested solution was also supposed to improve flight operations safety, hence, a highly efficient options was required. Moreover, the adopted solution was required to be sustainable, whereby the cost of maintenance was supposed to be low such that the airline could afford. Delta also required a program that was easy to implement whereby time of implementation was supposed to be as minimum as possible. Integrating the desired program with the existing airline operations was supposed to be easy and cost of implementation low. In addition, the preferred system was supposed to attract minimum or no resistance from the workers. The tools of the required solution were also expected to be highly reusable in case an upgrade was to be required in future.

3.3.            Technical and commercial interest

In implementing an efficient safety management system, Delta Air, was expected to reduce a lot of wastage in safety management systems whereby overlapping tasks were expected to eliminated. Eliminating overlapping tasks, the company would ensure that unnecessary confusion, which could lead to accidents or incidences were also eliminated. The company was expected to benefit from reducing unnecessary cost incurred on hiring third parties to manage safety operations. Implementing a sophisticated SMS tools also meant that the company would meet all the international and local requirements on safety, which would make the firm law abiding.

3.4.            Team and the resources description

The project required combination of the contractor and the client flight operations related employees, the project management departments, and any other relevant stakeholders. Team members included the project manager, Team leader, departmental heads, engineers, and supportive staff. Carrying out the project also required financial support from the client, which was estimated to be US$ 30 million. The contractor was supposed to provide technical support including machines, technology, and professionals to help in carrying out of the project. The project management team was to be headed by two project managers, one from Sky Prime, and the Other from Delta Air.

This page is intentionally left blank

4.0.            State of the Art

In the process of identifying the context of the project, a review of previous study was conducted to understand the existing regulations and establish a clear understanding of the required programs in the United States.  Studies by FAA and Workgroup B were reviewed, whereby one focused on the effects and the other on the evolution process of regulations and Flight Operations Safety. The reviews established the facts introduced below as the context of the project.

4.1.            Context Analysis  

4.1.1.      Previous Research

In a bid to acquire more information about the necessary tools to implement along with the SMS program and the evolving process of flight operations management with time. The two studies are reported below-

4.1.1.1.            Gain Workgroup B: Survey on Flight Data Analysis

In efforts to identify the role of analytical tools in promoting flight operations safety in the aviation industry, Gain Work group conducted two surveys. In addition, Gain Workgroup conducted numerous visits to the flight safety offices. In the first survey in 2001, GWB conducted interviews with flight safety departments’ personnel from different sizes of organizations, nationality, and operations. The second survey was a follow-up survey, which was conducted in 2004 to create a better understanding of the issues established in 2001. The second survey involved questionnaires to be completed by Flight Safety Department personnel without personal interviews. The second survey involved a much bigger sample size than the initial one in 2001.

Generalizing the finding of the two studies beyond the samples used, the results suggested that most of the airlines had identified a process for data collection and analysis of air safety reports. Moreover, the studies identified that most of the airlines had developed acquired and initiated implementation of safety report management and analysis tools to enhance the process. According to a report by WGB, the first survey established that about sixty percent of the participating airlines had begun implementation of flight data monitoring programs. The second survey depicted an increase of those airlines to seventy percent. The results confirmed the perceived increase in the use of flight data monitoring programs at the time.

The 2001 survey indicated low prevalence in confidential human factors reporting programs with less about a third of the participating airlines having such programs. Although the second survey indicated an increase of those airlines to sixty five percent, confidential human factors reporting programs were not very popular at the time of the studies. Use of analytical tools mirrored the categories of data available within a particular airline, with most of the participants consisting of some form of Flight Safety Report Management systems. The Safety Report Management Systems also consisted of FDMs with the necessary analytical tools for management of human factors reports like procedural analysis tools and Aircrew incidence reporting systems.

Apart from the set of analytical tools for management and analysis of air services reports, perform human factor report analysis, and flight data analysis, the results from the surveys indicated no further analytical capabilities. The finding maybe as a result of low staffing levels and training of the safety departments also reported by the studies.

According to the 2001 survey, most of the airlines in the sample had not more than three fulltime employees, and three airlines had part time staff only. In addition, although most of the airlines’ safety departments had received formal training, the studies identified in most of the cases it was limited to one-to-two weeks short courses on safety in aviation and attending safety seminars and workshops. The survey established that only three employees had acquired training on particular analytical tools.

The second survey indicated a changed situation whereby most of the participants had increased the level of staffing with improved formal training in their flight safety departments. The survey also indicated an increase that most of the participants had a wide range of analytical tools such as ((Risk Analysis Tools (RAT)) like Total Risk Assessing Cost Estimate (TRACE) and tools developed internally) and (root cause analysis tools such as incident cause analysis method (ICAM) and TAPROOT)), and text/data mining tools such as (PolyAnalyst and Starlight). The increased use of analytical tools depicted by the second survey may be because of the need for improved analytical capabilities and the increase in awareness.

In the first study, GWB found out that although some form of data analysis existed, it was limited in terms of identifying of incidences and implementation of corrective measures. The second survey shows an increase in the number and sophistication of analytical tools used, whereby a majority of participants reported utilization of their safety analysis result, and the extent at which the airlines attempted to evaluate overall safety levels and information exchange with other airlines. The second survey also indicated that airlines prepared periodic reports with weekly and quarterly reports being mentioned by about eighty percent of the participants. However, the study also indicated that only 55 percent of the participants gave briefings to the flight crew.

The results from the two surveys show an increase in demand of flight data analysis with time whereby airlines are pursuing more effective tools and methods to analyze data. The level of increase in data analysis techniques and tools over the two years shows that airlines are aggressive in a bid to improve flight operations safety. However, the studies shows existence of a room for improvement hence suggesting that airlines should remain constantly vigilant I establishing better method and tools for boosting flight safety operations.

4.1.2.      FAA Pilot Studies

In 2004, FAA initiated a pilot study involving twenty airlines to investigate implementation of SMS programs in the United States. FAA released a statement of work and a guidance to the airlines participating in the study. The document provided standards and timelines, which the airline and airlines had to adhere to in conducting the studies. The primary purpose of the study was to provide insights on how Safety Management systems would fair, give a guide on future methods of SMS implementation, and disseminate lessons learned.

The pilot study focused on:

1. Cost associated with SMS implementation
2. An in depth comparison of part 139 and SMS
3. Examining existing safety programs to identify SMS elements
4. Development of a Safety Program Manual
5. Possibility of implementing a full SMS program in a single department

According to FAA, (2010) the pilot study did not generate much study, which led to contracting of a consultant Joanne Landry to make sense of the study. However, while the data output of the study was limited, FAA discovered that much was not known about smaller or class IV airlines. In efforts to collect information about the smaller airlines, FAA initiated another pilot study in 2009. The second study was designed to investigate implementation of Safety Management Programs in class IV airlines.

The second pilot involved nine airlines and investigated the impacts of implementing SMS programs on different airline sizes and the expected complexities. The second study provided many lessons such as, SMS programs had the ability to improve communication, the programs were also scalable depending on complexity, and size of the airline, and the 14 CFR part 139 compliance requirements matched the Safety Management Systems.

 After the two pilot studies, FAA also conducted a follow-up study in 2010 focusing on part 139 SMS implementation. The study focused on two areas, which are Safety Assurance and Safety Risk Management, in movement and non-movement regions. The study also focused on the validity of the previous Safety Management Systems. The study was also expected to be the FAA’s reference point when further developing the SMS programs. After conducting the pilot studies, Federal Aviation department released the NPRM 2010, which defined the SMS program required in the U.S airlines.

4.1.3.      FAA Policy Formulation

In a bid to conform to the international standards and adhere to the regulations by international agencies such as ICAO, FAA has come with various mechanisms to ensure flight operations safety in the United States of America. In addition, the federal aviation administration has conducted numerous studies related to flight operation safety to improve decision-making and hence come up with better regulations and guidelines to meet the safety demands in the aviation industry.

 The studies involving stakeholders in the United States Aviation Industry have helped FAA come up with better programs to ensure safety in flight operations. Through NPRMs, FAA has issued various demands to the aviation industry regarding safety in the United States airlines. For instance, the NPRM released in 2010 demanded that all the CFR part 139 certificated airlines implement a Safety Management System program, which was expected to enhance safety in the aviation industry by reducing accidents and incidences.

4.1.4.      Overview of NPRMs

The Notice of Proposed Rule Making issued by FAA in 2010 triggered a lot of debate among the aviation stakeholders in the U.S. The resulting debate saw the agency initiate pilot studies to establish the cause of the outcry and hence identify the possible areas of improvement. The studies were intended to eliminate overlaps of the proposed Safety Management Systems and the CFR requirements. In addition, the studies were also expected to identify ways in which the SMS could work together with the federal issued CFRs in boosting safety in the aviation sector.

After conducting two pilot studies involving collection of public comments, FAA issued an Advanced Notice of Proposed Rule Making, which required all part 139 certificated airlines to implement SMS programs. In the ANPRM, FAA proposed a requirement for the CFR part 139 certificate holders to create and implement SMS programs for the movement and non-movement regions of the ports. Since the ANPRM issued in 2010, FAA has released several others related to operations in the airlines. For instance, the ANPRM on Baggage-Fee Refunds for Delayed Checked Bags, which proposed that DOT require air carriers give refunds to passengers for delaying bags with a transportation fee. 

The primary objective of NRPMs was to capture the stakeholders’ perceptions on the regulations that FAA wanted to issue in the Aviation industry. The strategy has had major impacts on the regulations issued to enhance safety operations in the aviation industry. One such impact was the shelving of the 2010 NPRM after increased controversy about the proposed demand of implementing SMS in part 139 certificated ports. After considering several public comment most of the NPRM demands have been fulfilled in the United States Airlines. The SMS proposed by FAA consisted of FOQA programs to enhance use of data from moving aircrafts to enhance safety. However, although the proposed SMS programs included Flight operations quality assurance, the FOQA programs dates back in the early 90s; hence, this was not the beginning of the tools applications in the aviation industry. Early use of FOQA programs indicates that the tool is very useful in Flight Operations Safety management hence the team saw the need to dig deeper and establish the evolution of the tools and their applications in flight operations safety management. Details about the tool’s evolution and application are indicated below- 

4.1.5.      Flight operational quality assurance (FOQA)

Flight Operational Quality Assurance also known as Flight Data Analysis or Flight Data Monitoring is a strategy used to capture, analyze, and/or visualize data from an aircraft in motion. Application of data from the analysis assists in identifying new methods of improving flight safety and increase the general efficiency of operations. FOQA has been in existence since 1990s whereby some few countries had started implementing some form of FDM.

However, the earliest airlines to use FOQA were the large carriers whereby they adopted FDM as part of their efforts to enhance air safety. In the late 1990s, ICAO passed a resolution to initiate regulations on the members states. The resolution resulted to an increased adoption of FOQA as compulsory requirement in many states in the world, since 2005, except the United States of America whereby FDM was implemented as voluntary safety system. However, FAA, which is the agency that oversees safety in the aviation industry in USA have issued various guidelines, through NPRMS, on the type of FOQA that should be implemented. The agency further uses the NPRMs to communicate the necessary changes on FOQA programs to the relevant stakeholders to accommodate the dynamic requirements of flight operations safety.

4.1.5.1.            FOQA Program Components

1. Airborne Data Recording System

The airborne data recording systems collect essential in-flight information, which include particular sources of input data and the equipment for storage of the captured information. The system consists of onboard sensors, which are used to gather data for measuring important aspects of aircraft operation. Carrying of information from the sensors is done using data buses. An interfacing technique is used to collect data using the buses. Apart from the data buses, there exists other airborne equipment in the system, which assists in processing and analyzing of collected data, display the information to pilots on the ground or during flights, and transmission of the data to a GDRAS.

• GDRAS

The GDRAS systems are used to:

-Transform data recorded from the flight to a format that is usable for processing and analysis

-Processing data

-Detection of events and ROMs being tracked and monitored

-Generation of reports and visualizing, which aid air carrier personnel to interpret occurrences

-processing of information from various format and recorder categories

3. Air/Ground Data Transfers

Transfer of data from the aircraft onboard systems to the GDRAS is one of the most costly and labor intensive aspects of a FDM program. Strict attention is required from the operators for them to establish the process that best meets the existing FOQA programs requirements. Some of the items worth consideration include-

1. Scheduling the Removal of the Recording Medium

Scheduling of the removal of the recording medium usually demands a close coordination with departments of line maintenance and operator’s maintenance control. In most cases, for the removal process to be regarded as a regular routine or work package, the operator will need to eject the medium or the device at a scheduled overnight maintenance location. The FAA I&O plan for timely analysis of data from the FOQA program, and the time for the removal must coincide with the memory capability of the recording medium and satisfy the demands of the operator. For the maintenance personnel to permit appropriate data download, particular procedures for data removal must be defined. Among the requirement of this component is that the spare recording have to be adequately maintained at the maintenance facilities to enhance replacement of the medium to the aircraft systems after download.

• Data forwarding to the GDRAS Location

The size of the route structure for the operator influences the location of data removal (which is the storage destination) in relation the GDRAS location, which can be very great. Strategies for data transfer to the GDRAS, may include:

1. Ground-Based Transformation– the method utilizes, company mail, regular mail, or private forwarding companies to transfer data to the GDRAS. When this mechanism is used, development of a tracking system is required to ensure that the removal of the recording medium is timed and verification of location and Aircraft Data Retrieval documentation can be maintained. Therefore, the tracking system prevents recording medium loss hence tracking of data acquisition into the GDRAS is possible.
2. Electronic Transmission– the Electronic transmission is a remote method of transmitting data from the maintenance location to the GDRAS utilizing milking-type machines, which interface with the aircraft or download equipment or by removing the storage media from the onboard system. Making the process more efficient demands an adequate capability of data transmission to the GDRAS from the maintenance location, a larger capital outlay. Therefore, the process requires a coordination with the department of operator’s information services. Data security issues must also be considered in the incorporation of the process.
3. Wireless Transmission-Wireless transmission is an upcoming technology, which enhances transmitting of flight data directly to a network interfacing GDRAS utilizing a wireless mechanism. Download is achieved automatically hence eliminating the need for involving maintenance. Incorporating the technology demands installation of the ground and aircraft-based data transfer systems. Moreover, in the incorporation process issues concerning data security must be highly emphasized. Finally, there is need for close coordination with the operator’s information services and engineering departments. 

4.2.            Regulations

In efforts to comply with the ICAO requirement on flight operation safety and in line with the United States Constitution, FAA has come up with various regulations and requirements defining Safety Management programs in the country, which include FOQA. Although, the FAA requires airlines implement SMS and hence FOQA programs on voluntary basis, the agency has been setting standards regarding the nature of programs adopted, implementation, and the stakeholders involved in the adoption process.

Regarding FOQA, FAA has come up with various requirements for the program even before demanding implementation of complete SMSs. For instance, the 2004 advisory curricular provided guidelines on the means of creation, implementation, and operation of FOQA programs to improve safety in the America’s aviation industry. The agency further proposed to improve FOQA programs through a NPRM in 2010. The NPRM proposed implementation of a comprehensive voluntary SMS that included a FOQA program.

Although NPRM was temporarily withheld due to a stakeholders’ outcry, and to allow time for views collection, an advanced NPRM was issued by FAA, which also recommended implementation of Safety management programs in the American part 139 certificated airlines. The programs have been since then improved through several rulings, whereby other categories of airlines have been demanded to implement the SMS programs. The FAA rulings have also issued requirements to improve the Safety Management Programs by incorporating more strategies of safety improvement. The improvements on the SMS program in most cases also included requirements for making FOQA better since it was a part of the program.

4.3.            Summary

Previous pilot studies by the Federal Aviation Administration generated immense amount of information regarding Safety Management programs. The studies created a deeper understanding of the level of SMS implementation in the American aviation industry, whereby for instance the 2004 pilot study identified that much information was not known about the Class IV airlines regarding safety management program. The second study identified the benefits of the associated costs of implementing SMS programs among other things. The studies and ICAO set flight safety standards for member states also assisted in formulation of SMS requirements in the United States. 

The existing regulations regarding Safety Management Systems from ICAO insists that flight safety is key in the Aviation industry. The agency demands that member state must implement functional SMS programs to enhance safety in the air transport sector. In a bid to adhere to the ICAO standards and information from several pilot studies, FAA has come up with several requirements on voluntary SMS programs in the United States of America. Specifically, FAA defines FOQA programs that airlines should implement to enhance safety in the airlines, including components and ways of Implementations.

The surveys by-Gain Workgroup B- indicates the relevance of flight operation data analysis and documentation. The studies reveal the growing demand on improved flight operations safety by the airlines in the U.S aviation industry. GWB surveys further reveal the critical role played by analytical tools in flight operations data analysis and application of results. The study also shows the efforts that airlines are applying in a bid to improve safety in flight operations and identify where the airlines are failing.

The information about benefits and costs associated with SMS program implementation indicates that Airlines and airlines should implement flight safety programs. Regulations from international and local bodies define the fundamental requirement for the SMS programs that airlines and airlines are supposed to implement. Agencies such as FAA communicates these requirements via NPRMs such as the one issued in 2010. In the U.S., an airlines and other relevant stakeholder must comply with the requirements when coming up with SMS programs.

Airlines and airlines in the U.S. have also realized the need to adopt safety programs and are willingly adopting programs such SMS. Various stakeholders also understand the importance of including powerful and integrated analytical tools such as FDMs in their SMS programs. Therefore, in a bid to comply with the FAA requirements and keep up with the growing demands of flight operations safety, airline must implement a functional SMS program. In addition, the SMS should include strong and integrated data analysis features such as FDM and the airlines and airlines should keep upgrading their programs to address changes in the flight operations safety demands with time.

4.4.            State of the Art

Organizational Failures

Sophisticated SMS solutions exist in the United States, which can assist airlines in boosting of flight operations safety. The solutions possess robust analytical tools including flight data analysis, which can enhance proactive safety management in the aviation sector. Most of airlines in the country have adopted such solutions whereby they keep improving them to achieve sophisticated flight operations safety. However, some of airlines like the case of  Delta Air lack proper SMS programs hence need improvements.

Previous studies in the United States indicated that some of the airlines were lagging behind in the implementation of up to date SMS programs including robust analytical tools for flight data analysis. The studies also revealed that there could be a lack of coordination between departments in charge of flight operations safety. In addition, the survey identified that some of the airline confused Quality management Systems for SMS hence implementing inefficient programs.

Regarding the flight safety personnel, it was established that some of the airlines lacked qualified Manpower to handle the increasing challenge of flight safety. Specifically, some of the airlines lacked professional safety managers and had no departments, which focused on flight safety operations. A big part of the airline also lacked appropriate safety policies whereby they were found to be inconsistent with the existing risks and hazards. Documentation of the flight safety data in a number of airlines was also disorganized and no meaningful analysis existed.

Particularly, the airlines implemented weak Safety Risk Management systems, which could not provide any help in eliminating or reducing accidents and incidences in the airlines. Safety assurance in the airlines was also found to be in an awful state. Some of the implemented safety controls were ineffective and hence, to evaluate their performance was not possible. Particularly, not a single airline had a complete, Flight Operation Quality Assurance (FOQA), program, whereby most of them lacked essential components such as effective data transmission.

Previous studies also identified that most of the airlines rarely conducted internal audits to evaluate the SMS programs due to lack of professionals in safety operations. External audits were also rare organizations focused on profit making hence considered efforts to improve safety as an additional cost. Lack of internal and external audits meant that the airline never established the level of mechanisms performance hence did not implement efficient changes.

Regulations and Program Evolution

Previous studies revisited above revealed immense information about SMS programs and the associated tools; but most importantly, they indicated that Flight Operations Safety Programs and the existing regulations evolve with time. For instance, the studies by Gain Work Group B suggested that implementation of Flight Operations Safety systems improved with time. Pilot studies by FAA also indicated clearly a change in demand by the agency on flight operations over time. The organization’s failures, and the evolving Flight Operations safety systems and regulations indicate that airlines such as Delta Air who do not upgrade their SMS programs regularly will at some-point face safety issues and fail to comply with new requirements.

Therefore, the issue at Delta was contributed by organization’s failures on Flight Safety Management, and evolving nature of SMS programs including associated tools and regulations. With the knowledge at hand, the Team proceeded to the analysis of the need of an SMS program.   

•  Need Analysis

After an in depth analysis of the project requirements, a detailed need analysis was created. The procedure used to come up with the required deliverables is shown below-

• Situation Analysis

The situation analysis was conducted, after establishing the possible origins of Delta Air Issues, using two steps whereby one focused on secondary data from documents and the other focused on primary data from an online survey conducted on Delta employees.

Step i

-A review of the documents for each of the airlines in the project was conducted where documents such as MOU, MOA Certification Manuals, Safety at the time construction Schemes, airline emergency plans, and any other risk or quality management programs were reviewed.

-Review of the FAA standards for a safe airlines and a comparison with the Delta’s Flight Operation safety measures.

Step ii

Delta Air Simple Survey

A simple survey was conducted using Delta Air Employees whereby employees were selected randomly from the flight operations department. Areas, which had registered the most incidences in the past five years, were given a higher number of participation. After identifying the correct sample, the Data was collected from these people using an online questionnaire to ensure that employees such cabin crew would participate even when on duty and to ease analysis. Statistical tools such as excel were used to analyze the data and to present the results.

• Difficulties Analysis

Analyzing difficulties of Delta’s Air Safety Management System included acquiring all levels of tenants and staff support. Essentially, implementation of a functional SMS is more involving beyond writing a Safety Manual. Therefore, the process required a concerted effort between all the managements and consultants to implement change in the organizations.

Absence of such kind of an effort meant that attempts to implement a SMS program would be met with a lot of resistance and much success would not be achieved.

• User identification- Identification of users was conducted by a review of documents whereby people holding various responsibilities such as incident reporting could be found. Efforts were also, put to identify several people holding access rights to information. In addition, emphasis to trace particular decision makers in a bid to identify top managers was also considered.

Observations

1. – Data collected from Delta Air documents when compared to the FAA requirement revealed various inconsistencies on their Flight Operations. The documents indicated weak ways of collection, storage, analysis, and reporting. For instance, some incidence report forms lacked verifiable signatures. Also, in almost all the documents, there lacked consistency of signature, whereby, there existed no specified person to undertake particular tasks. For instance, some Flight Operations Safety System Procurement Documents were signed by the CEO; therefore overriding the roles of the procurement department. Most of the certifications were also outdated with some several warning letters from FAA also identified.

-The survey indicated various issues regarding Delta Flight Operations Safety, which included poorly coordinated staff, outdated data analytical tools, poor mechanisms of response to incidences and accidents, and lack of regular training among others. The survey finding indicated that Delta needed a new Safety Management system to eliminate the detected issues.

• Difficulties-According EASA, (2014) coming up with a Safety Management System that is usable in the aviation industry and can acquire all levels of tenants and staff support, work must be done. Essentially, implementation of a functional SMS is more involving beyond writing a Safety Manual.  All such factors were found to be absent in the Delta’s case, whereby, no coordination between the relevant players was present
• –User Identification-All the efforts to find out an organized system of users achieved no success, as there was no clear outline on protocol.

The steps above were part of the general work that was used to carry out the project. The general work program used in the project is discussed below in the project-handling segment.

Work Scenarios

The disorganization in the Delta’s Flight Operation System had not led to major incidences or accidents. However, some minor incidences such as loss of baggage were occasional, as two cases had occurred two months preceding the analysis. The Sky Prime Aviation Services manager also noted that such a situation could lead to major accidents; hence huge damages to the organization.

Problem resolution Method

The best method to resolve the problem at Delta Air is the traditional waterfall model whereby the project would take six steps. Implementing the FAA SMS recommendations in a waterfall model was considered the best approach. The six steps for the model are highlighted below-

1. Initial Investigation
2. Requirement definitions
3. System design
4. Coding, testing
5. Implementation
6. Operation and support

Justification

Waterfall model was considered the best approach as it could deliver the needed solution at Delta in the shortest time possible. The method would help the airline to solve the Safety issue at once; hence, reducing the existing risks. Using the model to identify a tailor made solution was also considered the most efficient approach as it would reduce the time for delivering the project.

6.0.            Project Handling

. Information from the simple survey together withusing past experiences and an expansive study on the issue’s guidance from recognized bodies such as ICAO and FAA, assisted in coming up with a nine project plan shown below.

6.1.            Project plan

Step 1: Meeting with the airlines staff to make an agreement on the a plan of work and Scheduling

Step 2: Carry out a study to establish the Culture of safety of a sample of the organizations’ management and employee

Step 3: Create a top management Safety Commitment document

Step 4:  Identify the SMS Committee members and the Person in charge of safety management

Step 5: Gap Analysis

Step 6: Using the identified gaps to revise the work plan

Step 7: Safety Management System manual Development

Step 8: Plan of Implementation Development

Step 9: Offering follow-on work to the clients using System Risk Management, Training, Non-punitive systems for reporting provided online

Step 1: -This step consisted a meeting with Delta Air senior management teams to arrange on the project scope, development of a Work Plan that was supposed to assist in realization of the clients’ demands, and coming up with a mutually beneficial schedule. Numerous meetings with the airline’s management were carried to ensure that a proper work plan and a project scope were in place.

Step 2: Survey on Safety Culture- The study assisted to establish the existing Safety Culture of Delta Air. The survey was conducted using a sample of the organizations’ management and workers. Results from the surveys were then shared with the organization’s management at this stage. The number of participants in the study was determined using the number of incidences reported in the past two years per department. The surveys were critical in identifying the type of SMS programs required to solve the flight safety issue at Delta Air.

Step 3:  Commitment to safety by the top management- At this stage a draft Top Management Commitment to Safety was created and then the document was revised in a meeting with the Senior Management who then proceeded to sign the final copy. Later, the final copy was distributed to the organizations’ workers to enhance understanding of safety importance early in the process such that they would support a functional SMS.

Step 4: Members of the SMS Committee Safety Manager were identified

Step 4 was very critical in that it identified the people in charge of Safety who would be part of the process from start to the end. Moreover, Creating an SMS committee early in the process ensured that input could be borrowed from the Safety Management System Manual Development and the plan of implementation hence generated support.

Step 5: need Analysis

Using information in System Management System criteria, an appropriate form was created that aided in analyzing the gap for the airlines, Considering the FAA requirements.  Analysis of the Gap included a comparison of the Safety Management System manual’s sixteen parts and the plan of implementation to the airline’s system.  The gap analysis questions were created for a ‘no’ or ‘yes’ response. A ‘yes’ indicated that an organization satisfied the requirement for a specific part of SMS. A “No” response indicated that there was a need between the organization’s policies, procedures, or processes and the stated criteria. When a ‘yes’ response was encountered, the following columns on the form was used to indicate where the criteria for a specific component was met. When a ‘No response was encountered’ the same column was used to show where the procedure, process, or policy would require further development to make the organization comply with the demand.

Step 6: Work Plan revision

After identifying the needs, the airline had a clear understanding of those regions that needed more work. Consequently, it was found prudent to meet the airline management and for the work plan revision at this step.

.Step 7: Safety Management System Manual 

At this stage, knowledge for SMS manual and the gathered information were used to come up with the features of the expected Safety Management System, which were then used to create a SMS manual for the desired solution. All the resources at this stage were focused on creating the document. After creating the SMS manual, searching for a ready-made solution that matched the requirements in the documented began. Several solutions were identified whereby the most efficient one was selected. Creation of the manual was necessary to ensure that the identified solutions satisfied almost all of the airlines requirements.

 Step 8: Implementation Plan- This stage involved creating an implementation plan for the airlines. After producing the SMS manual, a plan to implement all the components of the adopted solution was created. At this stage, the airline was informed that implementation of the components required time and hence patience was critical to complete the process.  Step 8 also involved creating of the implementation phases for the solution.

Step 9: Provide Follow-on Services

After completing all the phases of the implementation, additional services such as staff training, providing awareness materials, hosting of a confidential reporting system on the cloud that were expected to enhance non-punitive safety issues reporting, and independent audits were designed and an arrangement with the chosen solution developer on how to offer them was acquired.

6.2.            Summary of Work Management

Apparently, coming up with a SMS is a complex process. The project requested involved developing and implementation of an effective SMS program including flight data analytical tools. In determining the tasks to be handled in this project, information from the simple airline’s survey played a critical role as well as references from the statement of work from the second Federal Aviation Administration SMS pilot study.

6.3.            Implementation Plan and the SMS Manual

After an in-depth analysis of the project requirements, implementation plan, and SMS manual was created.

The procedure used to come up with the deliverable is shown below-

1. A safety policy statement and an explanation on how it was to be communicated to the airlines workers
   1.  Airlines safety goals identification and description
   1.  SMS training and indoctrination, including proposed curricular outline and required resources plan (FAA, 2012). 
   1.  Documenting of the process of identifying safety system training requirements
   1.  A plan for validating training effectiveness and the process of acquiring feedback of the training including essential metrics
   1. Defining the process of safety policies and aims communication throughout the organizations with example on how to communicate information and follow-up processes included
   1.  Description and planning of workers non-punitive systems including the old and the new
   1. A chart  for the organization establishing key personnel safety responsibilities and names, including the senior management, Department heads, safety managers, and the safety committees including their chairman
   1. SRM process description including the FAA’s five phases of SRM
   1. System Risk Management use guidance and trend analysis
   1. Defined process for SRM process documentation including storage of documents
   1. Description of SRM follow-up by the senior management
   1. Description of the airlines risk management or quality management programs and how it is integrated to the SMS program
   1. A detailed strategy for documenting individual auditing processes and their results to include addressing of the system safety using the airlines self-inspection process
   1. An involving method for documenting self-inspection reviews, analysis, and results
   1. Describing the tailored SMS program integration plan into the entire airline operation (FAA, 2012)

This page is intentionally left blank

7.0. Evaluated Solutions

7.1. Web Based SMS Solution (SMS PRO^TM )

One of the considered solution to the airline’s safety operations management was a web based SMS program. Companies such as Intellex offered a complete SMS solution in form of a software hosted on the web. The software was found to assist companies in the aviation industry to comply with the international safety standards from international authorities and governing bodies such as ICAO and IATA and the geographically dependent ones as well.

The software was also created to address all the safety issues for a wide range of consumers in the aviation industry such as airports, carriers, aerospace manufacturers, Ground Handling Services providers, among others. The solutions was also found to possess the capability to assist an organization in conducting proactive SRAs (Safety Risk Assessment), managing of safety reports such as ASRs and CSRs, recording of safety incident data inflight, which have offline functionalities, Scheduling and tracking of safety audits and inspections, and meet the requirements of AS9100 in aviation manufacturing.

Advantages and Drawbacks

One of the many advantages of web-hosted solutions identified was the ability to address a wide range of issues in the aviation industry. Since the solutions were created with the global customer in mind who possesses varying requirements considering geographical regulations. Ability to implement improvements on the program is another advantage of the web-hosted solution. It was identified that companies such as Intellex could easily update their solution to include the state of the art capabilities since changes were made to the web-hosted version whereby everybody could access. Implementation was also easy because airlines were only required to create online access and start enjoying safety. The web-hosted solutions were also expected to lower the cost of maintenance because the solution provider would be required to maintain the hosted version then everybody would get access to the product.

One of the identified drawbacks of the solution was that hosting was on the web hence prone to Cyber Attacks. In the current error of Cyber Crime, it means that adopting this kind of a solution risked the airline’s data and considering that some the information hosted on the web was confidential, then this was a huge risk to consider. Website hosted solutions were also found to have some issues with implementation whereby the complete solution was readily available before the formation of clear responsibilities for the employees. Therefore, initially the tools had the potential to cause confusion hence compromise safety at the airports and airlines.

7.2. In House SMS Solution from a Developer working in Major Airlines

Implementation of a locally hosted solution from a developer working in major airlines was also considered as a solution to the problem at Delta. In this case, a solution from such a developer was to be chosen then implemented at delta. Just like the on line solution, this kind of SMS would solve issues related to managing safety reports such as ASRs and CSRs, recording of safety inflight data, among others.

Advantages and Drawbacks

The locally hosted solutions and was found to provide uniformity in the level of safety, since other airlines were using the solution; Delta would be at par with the major organizations. Therefore, tracking of the system performance was expected to easy due to the improved knowledge of parameters. Implementing changes was, also expected to be considerable easy using this kind of a solution because this would require making a single request to the developer, whereby the required changes would become clear after serving two or three organizations.

The cost of the solution was also expected to be considerable low because the developer would only require to create a single product hence make use of the ‘economies of scale’ to lower the prices because of the large customer base. The locally hosted products would also eliminate the risk of Cyber Attack.

One of the drawbacks associated with locally hosted solution is an increased cost of implementation whereby the programs would have to be installed by the airline. Integrating the solution to the rest of the airline operations was also, expected to cause some problems. Since in most cases, these were solutions are created without a single airline in mind, then the unique requirements for the airline may not be captured by such a technology.

7.3. In House Unique Solutions

Locally hosted unique solutions, was another version that was considered in this project whereby the airline would implement a unique solution considering the requirements. The airline would be allowed to outsource or develop a flight safety operations program according to their need but following the basic requirements identified in the SMS manuals.

Advantages and Drawbacks

Improvement of the integration process of the solution with the rest of the airline operations was one of the identified strengths of the category of solution. Since the airline would have a chance to develop or choose the type of solution they required, then most probably they would select a product that addressed unique requirement and, which would conform to the overall organization’s operation. The organizations would then have a chance to choose a solution that was unlikely to face a lot of resistance from the workers. Therefore, the Locally Hosted Unique Solutions would be quickly integrated with the airline operations.

Since the solutions would address unique issues at the organization, hence conducting internal audits would be easy. Further, in the Delta scenario, a program such as a locally hosted unique solution would be easily implemented because each organization would identify the most efficient implementation approach. 

One of the identified drawbacks of the Locally Hosted Unique Solutions was that they would compromise conformance of the organization with others in the industry. The local hosted solutions were also expected to become a precursor of a situation similar to the one that led to this project.

8.0. Adopted Solution

8.1. Web Hosted Solutions (SMS PRO^TM )

A web hosted SMS program was considered the best solution to the case of Delta Air, whereby the most effective software was identified in terms of cost, efficiency, sustainability, ease of use and ease of implementation. A Web Hosted Solution (SMS PRO^TM ) was found to be a perfect match for the problem at Delta. The technical presentation of the solution section will be done in the context of SMS PRO^TM  since it was the best Safety Management System program identified.

8.1.1. Technical Solution Presentation

Program Description

SMS Pro, which was a Safety Management System software based on the web, was found to allow safety professionals to manage safety data collecting, corrective actions processes, and distribution. Specifically developed for the aviation industry,SMS PRO was found to assist in managing large volumes of data encounter while managing associated risk in the day-to-day operations in the aviation industry as well.

SMS PRO for Airlines

The software was found be applicable in large or small enterprises considering the underlying needs and the level of available infrastructure. The solution-enhanced building of a software toolkit using its modules specifically developed for aviation industry. The solution also included an alternative of using ready-made tools such as MS Access, MS Excel, File Maker Pro, and Power Point. Technologies used by the solution were highly applicable in the aviation industry segments mostly in managing flight safety operations by airline.  SMS PRO ^TM   was also found to adhere to internationally recognized organizations such as NASA, ICAO, and FAA. Incorporating values from these organizations assists in standardizing and supporting data integrity. Further, the solution was found to have a capability of assisting organizations to speed up the implementation process without having to reinvent the wheel. The (SMS PRO^TM ) also employed a preconfigured classification system, which included the most commonly used values in aviation industry around the globe at the time. Finally, the hosted solution was found to utilize the SMS literature by ICAO.

 SMS PRO^TM Technology Stack

The solution consisted of the following:-

1. SQL Server Database (SQL server 2005 to 2012)
2. Open source Content Management System from DotNetNuke
3. Modules related to aviation safety by NWDS
4. A framework for Microsoft.NET

Core Services

1. A 24 hour 7 days a week monitoring and management

ii. Management for performance

• Custom Programing
• Administration of the Production Database
• Trouble Checking
• Backup and recovery of data
• Resolving of Safety Issues
• Determination of Safety Issues
• Management of Security
• Quick Disaster recovery
• Version Management

Solution Features

Users

Some of the system users identified include the end users, System administrators, Safety manager, Auditors among others

End Users– Among the solution users includes an unlimited number of end users whereby anybody with login credentials can login on the web based solutions and perform the specific tasks. Some of the end users include cabin crew whereby they can report flight incidences and accidents through the online forms.

System Administrators– System administrators ensure that the solution is up and running without any problems. For instance, the administrators ensure that no authorized access by implementing security measures such as passwords. The System administrators also ensure any threat to the system is identified and dealt with before it causing a lot of damages. Administrators also assist in reporting system issues to the developer and provider.

Safety Managers-The work of safety managers in this kind of a system is ensure that safety operations are working as expected. For instance, the managers ensure that the necessary data regarding flight operation is collected and reports are generated. Safety managers, being an essential part of the Safety management must be given access to the system ensure that everything is running as expected. The managers ensure that relevant departments are exchanging information, essential data is collected, and the appropriate analysis is taking place.

Auditors– the auditors are given the right of access to ensure that they carry the necessary quality assurance audits. For instance, internal and external auditors access data collected from flights in motion to establish the performance of tools responsible for that activity. Auditors also access reports from the system to establish the level of analysis performed by the solution.

Purchase Options

Monthly package– developers offered a monthly package whereby airlines were supposed to pay an amount of money every month depending on the services offered. The monthly package was to ensure that airlines could easily keep track of the solution’s cost. 

Annual package– the annual package also dependent on the level of usage involved paying for the solution’s services once in a year. The solution annual package ensured that companies never faced interruptions from the solution provider interruptions.

Support

Phone– the solution provider offered hot lines for reporting critical matters such as the overall system collapse due to cyber-attacks. The system administrators were supposed to report such incidences once noted.

Email and web- the solution provided email addresses, Webchat, social media accounts for reporting any issue that was not considered very urgent such as a need for an upgrade.

Remote assistance-The solution providers also could provide on line trouble shooting of users’ problems without having to visit the airline premises.

Online Help-the providers also through live chats on their websites and avenues such as Skype offered support to resolve minor issues such as assisting an employee to complete a certain event.

Major Releases and Upgrades- release and upgrade manuals also hosted online were also a good source of supports since they offered critical information about the system use.

Training and Demos-the solution provider offered follow-on training to ensure that employees could use the system. The provider also offered services such as implementation to ensure smooth integration of the solution to the rest of the airline operations. Demos on several components of the solution operation and performance were offered online to offer the users an insight to the system.

Free Initial Setup training-after installation of the solution, the provider offered free initial training to the system users to ensure easy adoption.

Free training videos- System Pro also offered free training videos on the solution on their official website, which were accessible to anybody.

This page is intentionally left blank

9.0. Justification of the Solution

Compared with the other two alternatives, SMS PRO was found to be the best solution in terms of-

 9.1. Cost

Since the solution was hosted on the web, there was no need of acquiring a lot infrastructure to accommodate the system hence immensely reducing the cost of implementation. The manner in which the solution was hosted also meant that the provider held the responsible of maintenance hence eliminated the need of acquiring additional staff to maintain the system.

The system also being a software as a service (SaaS) also meant that the cost of acquiring using the solution was low compared to other solutions. Since one solution could be used by multiple airlines lowered the cost of use compared to the scenario whereby every airline would have to purchase their solution. Cost of upgrade and corrective measures was also lowered by the method of hosting the solution on the web. In case a solution hosted on premise was used, any upgrade or corrective activities would have to be carried manually in each of the airline hence highly increasing the cost of such activities. Carrying out some of the system training online also reduced the cost of implementing the solution.

9.2. Efficiency

The SMS PRO compared to other considered options was found to be the most efficient option available. Since airline was supposed to use services on demand meant that the organization paid for what they used hence making the solution the most cost effective among the three. Easy way of upgrading the system also reduced the time wasted during such activities. Compared to the other two on premise solution, SMS PRO was the most efficient in terms of time lost in upgrades and corrective activities. Carrying out activities such as training online also reduced this duration hence easing implementation whereby the airline started realizing the benefit of the solution within a very short time. The solution also compared to others required few work force hence reducing the cost of Flight Operation Safety Management. System Pro was also accompanied by effective ways of support, which improved system incidence handling hence increasing the time that the solution was effectively functioning.

8.3. Sustainability

System Pro was the most sustainable solution of three considered, due to its low cost of acquiring along with some other factors. Offering the solution indicated that the airlines shared some tools which highly reduced the use cost. Cheap implementation and use of the system meant that even the airline could afford the solution. Monthly packages indicated that if the company lacked the capacity to pay for the annual fee the airline could access the solution services by paying small amount of money every month. Reduced cost of upgrade and training also improved the solutions services affordability hence increasing sustainability. 

8.4. Implementation Ease

Most of the solution’s infrastructures were hosted on the web whereby the vendor performed most of the services and hence eliminating the need of every organization to acquire their infrastructure. The Airline was required to obtain SMS PRO from the internet, which assisted in creating a kit that would enhance implementing the solution.  The web hosting of infrastructure speeded up the process of implementation compared to when the organization would have been required to acquire their equipment such as servers and create the relevant teams responsible for the infrastructure. Improved means of training also speeded up the process of implementation by making the period of training shorter. Training the employees early also meant that the solution was met with minimum resistance (Howell, 2017).

8.5. Ease of Reuse

 Web hosted solutions are highly reusable compared to on premise solutions hence the solution was highly reusable compared to the other two options (Howell, 2017). The solution consists of tools, which can be used in conducting other activities such as the storage of data and processing. Since the solution is hosted on the web, implementing upgrades is easy, whereby most of the program system can be retained for a very long time.

This page is intentionally left blank

10.0.  Critical View Point

10.1.0. Project Limitations

In the analysis of the safety operations problems at Delta Air various assumptions were made, which could have affected the results. For instance, evaluation of flight operations in other airlines operating in the United States was not conducted comprehensively to ensure that the recommended solution was the best or at least at level with competitors. The analysis of the web-hosted solutions was also not conducted to ensure that the best option in the category was identified. Also, sampling of participants in the conducted survey was also not done carefully to ensure that biasness was eliminated or minimized to the least levels possible. Methods of minimizing web- hosted solutions were also not pursued to ensure that the recommended solution was highly efficient

10.2.0. Future project

Due to the limitations of the project carried out, Delta should consider proceeding with some studies to ensure that necessary changes are implemented. For instance, Delta Air should carry out a study of the existing web solutions to ensure that the best one is identified. Further, the company should ensure that means of reducing the recommended solutions drawbacks are identified and implemented within the shortest time possible.

This page is intentionally left blank

11.0. Implementation

After identifying the necessary solution that would solve most of the Delta issues, implementation phase of the project started immediately. The Implementation process was conducted using the FAA SMS implementation guide plan to ensure that all the legal and industry requirements were met. Acquiring of the necessary infrastructure and training for the project was the first step of the implementation. In this regard, Delta purchased state of the art electronics such as computers to upgrade the information technology department. The next step involved training safety operations staff was conducted by the contractor and the solution developer. After staff training, the developer implemented the necessary SMS tools under supervision of the project management team. Testing followed implementation of the tools whereby, the tools were tested against the expected performance and upon confirmation that they were functioning as expected, implementation entered the final phase of training all the Safety Operations affiliated employees at Delta Air.

Figure 3: sample Gantt chart of the implementation process (Ziglar, 2010)

Results

After, implementation of the project, Sky Prime Aviation Services in collaboration with the solution developer maintained the solution for a period of six months. In the maintenance, period any problems with the functioning of the program were rectified until the required results were achieved. Consequently, Delta Air experienced reduced rate of incidences whereby an eighty percent of reduction was experienced in the maintenance period. Further, the airline’s flight operations employees recorded improved motivation after the necessary training was conducted. Finally, the company incurred a reduced cost of quality assurance analysis due to the SMS tools implemented.

Verification/Validation of the efficiency

After, the solution was implemented and the necessary training was conducted, the process of the project validation started. The Project Management Team was converted to the validation team. Testing of all the tools in the SMS programs was conducted, whereby the solution was tested against the expected result. Correction of bugs whenever they were detected was conducted to improve performance. After, identifying that the expected solution was in place and running accordingly, the Project Management Team Completed the process by documenting the entire project

12.0. Conclusion

System Safety Management is very critical in aviation industry whereby international and national bodies mandated with the responsibility of improving flight operation safety set the required standards. Agencies such as ICAO and FAA have been Vigilant in coming up with the necessary policies to enhance flight operations safety. Consequently, safety in the aviation sector has been remarkably good with a major reduction of incidences and accidents. However, flight operations safety has been evolving to address new challenges in the sector.

The evolution of Flight Operations Safety systems has come from the past reactive strategies to the current proactive mechanisms and headed to the future predictive methods. In the past Flight Operations Safety systems responded to incidences and accidents, after they happened whereby they came up with measures to prevent the incidents and accidents from happening again. Current system on the other side are investing a lot resources in risk and hazard analysis to respond to the drastically reduce the rate of incidences and accidents.

Sophisticated flight data analytical tools have emerged which assist in collecting, analysis storage, and reporting of flight operations data. Some of these tools assist in conducting quality assurance activities to ensure that the level of SMS performance is at an all-time high. The result of these proactive mechanisms is that safety in the aviation industry has been highly improved with reduced number of incidences and accidents. Therefore, airlines, which have not adopted the necessary measures to improve flight operations safety, should establish the best ways of doing so.

For instance, the airline should consider implementing web hosted SMS solutions, which are highly cost effective, whereby they reduce implementation and maintenance costs. Web hosted solutions also offer improved efficiency and ease of implementation. Web hosted SMS solutions also offer improved sustainability by reducing the cost of use and reducing time for upgrades and training. With these kind of a solution, Delta, will easily join the bandwagon towards predictive systems whereby more risk and hazard analysis will be conducted to avoid incidences and accidents.

13.0.Glossary

• ICAO-International Civil and Aviation Organization
• FAA-Federal Aviation Authority
• SMS-Safety Management System
• NPRM –Notice of Proposed RuleMaking
• ANPRM-Advanced Notice of RuleMaking
• FOQA-Flight Operations Quality Assurance
• NWDS- NorthWest Data Solutions
• FDM-Flight Data Monitoring
• FDA-Flight Data Monitoring
• DOT-Department of Transportation
• QAR-Quality
• QMS-Quality management System
• IATA-International Air Transport Association
• (HFR)-Confidential Human Factors Reports
• (CSR)-Cabin Safety Report
• (OHSR)-Occupational Safety and Health Report
•  (ASR)-Air Safety Report
• (GDR)-Ground Damage Report
• SaaS- Software as a service
• (TRB)-Transportation Research Board

14.0.References

EASA., (2014). Easa.europa.eu. Retrieved 8 March 2017, from https://www.easa.europa.eu/

FAA, FOQA AC,. (2011). Retrieved 8 March 2017, from https://www.faa.gov/documentlibrary/media/advisory_circular/ac120-82.pdf  

FAA,. (2012). SMS Implementation Guide – Revision 3. Retrieved 8 March 2017, from https://www.faa.gov/about/initiatives/sms/specifics_by_aviation_industry_type/air_operators/media/sms_implementation_guide.pdf

Federal Aviation Administration. (2009a). Safety management systems (SMS) for airline operators: Airlines participating in the first SMS pilot program. Retrieved from http://www.faa.gov/airlines/airline_safety/safety_management_systems/participants/

Federal Aviation Administration. (2009b). Safety management systems: basics. Retrieved from http://www.faa.gov/about/initiatives/sms/explained/basis/#org_role

Federal Aviation Administration. (2009c). Safety management systems: components. http://www.faa.gov/about/initiatives/sms/explained/components

Federal Aviation Administration. (n.d.). Notice of 2^nd SMS pilot study. Retrieved from http://www.faa.gov/airlines/airline_safety/safety_management_systems/external/ pilot_studies/participants/

GACA., (2012). Gaca.gov.sa. Retrieved 8 March 2017, from https://gaca.gov.sa/web/en-gb/page/new-regulations

Howell, C. (2017). SMS Pro Aviation Safety Management Software for Airlines, Airlines, MROs, FBOs. Asms-pro.com. Retrieved 8 March 2017, from https://www.asms-pro.com/SMSPro.aspx

ICAO,. (2013). Safety Management Manual. Retrieved 8 March 2017, from http://www.icao.int/safety/SafetyManagement/Documents/Doc.9859.3rd%20Edition.alltext.en

Merriam-Webster. (2012). Safety. Retrieved fromhttp://www.merriam-webster.com/dictionary/safety 

National Archives and Records Administration (2012). Safety management systems for certificated airlines. Federal registrar: The Daily Journal of The United States Government  Retrieved from http://www.regulations.gov/#!docketDetail;D=FAA-2010-0997: Burlington, VT. Ash gate Publishing Company.

Stolzer, A. J., Halford, C. D., & Goglia, J. J. (2011). Implementing safety management systems in aviation: Burlington, VT. Ashga te Publishing Company.Transportation Research Board. (2007). ACRP report 1: safety management systems for airlines. [Volume 1: Overview]. Retrieved fromhttp://onlinepubs.trb.org/onlinepubs/acrp/acrp_rpt_001a.pdf

Transportation Research Board. (2009). ACRP report 1: safety management systems for airlines. [Volume 2: Guidebook]. Retrieved from http://onlinepubs.trb.org/onlinepubs/acrp/acrp_rpt_001b.pdf

Transportation Research Board. (2012). ACRP Synthesis 11-03/Topic S04-07: Lessonslearned from airline safety management systems pilot study. Retrieved fromhttp://apps.trb.org/cmsfeed/TRBNetProjectDisplay.asp?ProjectID=3107

Ziglar, Z. (2010). Getting your customers to complain is invaluable. Retrieved fromhttp://biznik.com/articles/getting-your-customers-to-complain-is-invaluable