Def Stan 00-56: Love it or hate it
Author: Principal Consultant, Duane Kritzinger
The UK MAA have recently published revision 7 of RA1205, which regards Safety Cases. The Safety Case owners now need to ensure compliance with RA1205, and this seems to be driving renewed interest in the roles of Def Stan 00-56.
The UK MoD first promulgated Def Stan 00-56 back in 1991 and have since enforced it contractually on all providers of products, services and/or systems to the UK MoD. The title of this standard is “Safety Management Requirements for Defense System” and the focus of the document has always been on managing the Risk to Life (RtL) associated with the operation of military systems (inclusive of aircraft, tanks, submarines and hanger facilities) as driven by the general guidance provided by the UK’s Health & Safety Executive (HSE).
Since its inception, Def Stan 00-56 has caused much consternation and contractual arguments – not least of which in the aviation industry.
Reasons include, but are not limited, to the 00-56 expectations of:
- Multiple Safety Cases without linking them together in a system hierarchy or relating them to the distinct obligation in of each stakeholder in the supply chain
- Conducting risk assessments without standardising the criteria nor providing any indication how a stakeholder far removed from the sharp end (e.g. the maintainer of an avionic box) could possibly determine the probability and severity of an accident
- The safety deliverables of industry (i.e. providers of products, services and/or systems to the UK MoD) whilst ignoring the absolute importance of the Safety Case command and control function of the stakeholder who actually needs to manage risk on the sharp end (a matter which the latest revision of RA1205 is trying to address).
- Conducting risk assessment in the in the initial airworthiness domain (using the risk matrix of RA1205) without explaining how it relates to the design safety target or RA1230.
I first came across Def Stan 00-56 at Issue 2 back in 1997 and, after a few years of stakeholder wrangling on how to apply it to the aviation safety domain, this directly led to my drive to publish (in 2006) “Aircraft System Safety: Military and Civil Aeronautical Applications”. One of the aims of this (now slightly dated, but still relevant) book was to provide some clarity on the following 00-56 pertinent topics:
- The importance of distinguishing between hazards, causes and accident (Ch6)
- The application of risk criteria to the above (Ch4)
- That there should only ever be one though-life Safety Case (Ch9)
- How industry System Safety Assessments (Ch8) relate to the Safety Case (Ch9)
Since then, 00-56 has undergone a few more revisions and the present status is shown below:
In the airworthiness domain Part 1 of Def Stan 00-56 could be understood as follows:
Part 2 of Def Stan 00-56 contains Guidance Material to Part 1 (…with many “shall” statements) in 3 sections
- Section 1: Admin & info on the history of this Part 2
- Section 2: Background data (much repetition from Part 1)
- Sections 3 & 4: Refers to Annexes, of which probably the most important is Annex C
Annex C contain the contractual Data Item Descriptions (DIDs), i.e. the safety deliverables entitled:
- Command Summary
- Information Set Summary
- Safety Audit Plan
- Safety Audit Report
- Safety Case
- Safety Assessment
- Hazard Log Repot
- Safety Management Plan
- Progress Report
The DID’s raise at least two considerations:
- Astute readers would have immediately noticed that the intent of 00-56 is to support the Safety Case….it is not a Safety Management System (SMS) resembling ICAO Annex 19 (although there are common elements)
- The DIDs are not clear on who does what and when and, most importantly, does not emphasise the fact that service providers should coordinate and tailor their safety management activities to interface/support/underpin the Safety Case. In our Def Stan 00-56 course (TR105 and its supporting module TR70M18) we speculate that this could look as follows:
The illustration above is neither right or wrong. The challenge for each programme is to clearly define/illustrate it in such a manner to reflect their peculiar circumstances and contractual relationships (i.e. who does what and when and how to coordinate to achieve the desired result in the most cost-effective manner (e.g. as explored in my most recent whitepaper, ‘Hazard Identification and Risk Management challenges throughout the Supply Chain’). A key driver is a sound Safety Case strategy. Unfortunately, Safety Cases (which incidentally in the airworthiness domain is an UK MoD unique concept) have historically not had the best of reputations ….as can be seen from an extract from an UK MAA presentation below:
For the last few years, RA 1205 has been the UK MAA’s regulation governing Safety Cases. It has recently been updated to Rev 7 and is supported by a dedicated Manual:
The challenge now is for each “Senior Responsible Owner (SR0)” [RA 1205(2)] to generate an RA1205 compliant Safety Case. Until such time, all contractors who provide products, services and/or systems to the SRO will continue to struggle complying with Def Stan 00-56 because of the lack of top down direction/command/control such a Safety Case will demand. However, in the airworthiness domain, all stakeholders can prepare and negotiate their obligations and interrelationships if they have a firm grasp of the following topics as a minimum:
- The intent and content of 00-56 (see TR105)
- The relationship between the Safety Case and supporting System Safety Assessments (see TR70)
- The intent of an SMS (see TS01, TS02, TS53 and TS90)
- Safety Audits for DIDs 3&4 (see T06, TQ10 or TQ11)
- Risks Management and Hazard Logs for DID 6 (see TS90)
- Using Bow Ties for the visualization of risk management activity and hazard identification (seeTS101 or TS107)
- Safety Culture as per Def Stan 00-56 Part 1 para 6 (see TS50)
Love it or hate it, Def Stan 00-56 is here to stay for the foreseeable future. All providers of products, services and/or systems to the UK MoD thus need to make sure they understand the intent and remember it is a “standard” not a “regulation”.