Design Organisation Approval: The integration of Safety Management and Organisation Performance
Published: 22nd October 2018
By: Duane Kritzinger
Recent engagements with clients have led to me to consider this challenge facing our industry and I wanted to share my views. When it comes to our Design Organisation Handbook (or Exposition as it is referred to in EMAR 21) I have long had the mantra that the objective of the DOH (or DOE) is to set the organisation up for success. If its purpose is to ensure design organisational performance, then compliance is a result (it doesn’t often work the other way round). Simon Sinek, in his popular Ted Talks video on the golden circles, has a similar mantra whereby he states that profit is a result, not a purpose. We need to shape our environment by meeting the intent of the regulation that works for us.
The introduction of ICAO Annex 19 (SMS) has provided a stimulus for Regulators (such as EASA) to move towards a “Performance Based Environment” (see EASA’s “A Harmonised European Approach to a Performance Based Environment” for more information). One of the intents of this initiative is for the EASA to focus its scarce resources where it is needed most – those projects or organisations who bring risk to the table. This is a good thing! It means we, in industry, can crack on with what we are good at with a reduced level of involvement (LOI) from the regulator. However, we must first realise that we cannot separate compliance and safety from organisational performance. They go hand-in-hand. An underperforming organisation is more likely to bring risk to the table by either error of omission or commission (e.g. due to time constraints, commercial pressures or gaps in competence).
The dependency between safety and organisational performance is neatly summarised in para 2.12.1 of the EASA Opinion 06/2016, which states that there is the “potential of SMS not only to address the risks of major occurrences, but also to identify and tackle production inefficiencies, improve communication, foster a better company culture, and control more effectively contractors and suppliers”. It furthermore declares the intent that “….by considering SMS as something implemented not solely to prevent incidents and accidents but to ensure the success of as many elements of an organisation’s business as possible, any investment in safety should be seen as an investment in productivity and organisational success”.
The above philosophy is being introduced into EASA Part 21 via two phases (or “subject areas” as EASA refers to it in Task MDM.060) and is illustrated on the next page. Astute readers will notice that, chronologically, the successful implementation of Phase 2 is required before we can extract full benefit out of Phase 1.
The purpose of this blog is to discuss the performance of the organisation. Now, we know that EASA is creating a “Performance Dashboard” whereby they will evaluate the performance of Design Organisations, but this is an EASA tool used to satisfy their objectives (i.e. compliance to EASA regulations). Pro-active organisations should not wait for this and should self-evaluate how well their Management System ensures and assures the performance to their own objectives. Note that, internally, these objectives may be extended to include Financial objectives, Occupational Health &Safety obligations, REACH obligations, Quality Approval objectives (e.g. AS9100), as well as contractual obligations. Together these form the “Regulatory Environment” (see our 3LOD model ) within which the organisation has to navigate. The move towards performance-based regulation is driving a sharper focus in organisations on how to address integrating business and compliance activities more effectively.
The need to evaluate organisational performance is not new, it is only becoming more explicit now. It has always been implicit in the EASA regulatory framework work. For instance:
- In the Basic Regulation (216/2018), Annex 1 para 3 stated, “the organisation must implement and maintain a management system to ensure compliance with these essential requirements for airworthiness, and aim for continuous improvement of this system”. The underlying texts appears multiple times in the new version of the Basic Regulation (2018/1139)
- 21.A.139(b)(2): requires Production Organisations to “monitor compliance with, and adequacy of, the documented procedures of the quality system”
- A.239(a)(3) requires Design Organisations to “independently monitor the compliance with, and adequacy of, the documented procedures of the system”.
Many organisations are now taking a proactive stance to set themselves up for success, enabling them to assure themselves and their stakeholders that they have the Capacity, Competence and Capability to provide Consistent results (I call these the explosive C-4 needed for success).
So, if you are starting on this journey, what is your first step? The regulator will not tell you what to do, but will be moving towards a performance based approach. Well, we propose it is all about building strong foundations rooted in an organisational set up that clearly reflects the lines of accountability and responsibility. Our approach is to map each requirement in Part 21 Subpart J to the Regulatory Compliance Management System in our SMARRT MAP and discuss how to measure the effectiveness of each.
- Improve your decision-making and prioritisation on where you need to focus effort with reliable measures and reporting mechanisms
- Establish clear areas of ownership and demonstration
- Ensure effective delegation to process owners so that performance becomes the heart of the organisation.
SMS is not a silo – its intent is to integrate with business as usual. This means we need to integrate compliance and safety with business processes and operations so that they are not regarded as separate and parallel activities with separate lines of costs and resourcing. This approach is not new, it has already been trialed in the regulations pertaining to operators.
If we get it right, (i.e. full harmonization or our management systems), then we can increase stakeholder confidence by demonstrating how we are performing financially/efficiently whilst simultaneously meeting our compliance obligations, thereby lowering organisational risk.
The written word (e.g. procedures) does not produce SMS outputs. When it comes to organisational performance, the question has changed from “Are we compliant?” to the far more robust and intrusive questions of “How well are we managing compliance?”, “How well are we controlling our business?” and “Where are we weak/vulnerable?” Only once we can answer these questions can we move away from a re-active management system to a pro-active (and dare I say predictive) Safety Management System.