Design Organisation Approval: The Integration of Safety Management and Organisation Performance

Tuesday, February 6, 2024

Written by Baines Simmons Principal Consultant, Duane Kritzinger

Recent engagements with clients have led to me to consider this challenge facing our industry, and I wanted to share my views. When it comes to our Design Organisation Handbook (or Exposition as it is referred to in EMAR 21), I have long had the mantra that the objective of the DOH (or DOE) is to set the organisation up for success. If its purpose is to ensure design organisational performance, then compliance is a result (it doesn’t often work the other way round). Simon Sinek, in his popular Ted Talks video on the golden circles, has a similar mantra whereby he states that profit is a result, not a purpose – thus we need to shape our environment by meeting the intent of the regulation in a way that works for us.

ICAO Annex 19
The introduction of ICAO Annex 19 (Safety Management System) has provided a stimulus for Regulators (such as EASA) to move towards a “Performance Based Environment”. One of the intents of this initiative is for the Regulators to prioritise its resources where it is needed most – those projects or organisations that bring risk to the table. This is a good thing! It means we, in industry, can crack on with what we are good at with a reduced level of involvement (LOI) or oversight from the regulator (depending on novelty, complexity and criticality too, of course). However, we must first realise that we cannot separate compliance and safety from organisational performance – they go hand-in-hand. An underperforming organisation is more likely to bring risk to the table by either error of omission or commission (e.g. due to time constraints, commercial pressures or gaps in competence).

The dependency between safety and organisational performance is neatly summarised in para 2.12.1 of the EASA Opinion 06/2016, which states that there is the “potential of SMS not only to address the risks of major occurrences, but also to identify and tackle production inefficiencies, improve communication, foster a better company culture, and control more effectively contractors and suppliers”. It furthermore declares the intent that “…by considering SMS as something implemented not solely to prevent incidents and accidents but to ensure the success of as many elements of an organisation’s business as possible, any investment in safety should be seen as an investment in productivity and organisational success”.

From a DOA perspective, the above philosophy was introduced into EASA Part 21 via two phases (or “subject areas” as EASA refers to it in Task MDM.060) and is illustrated below. Astute readers will notice that, chronologically, the successful implementation of Phase 2 is required before we can extract full benefit out of Phase 1.

The purpose of this blog is to discuss the performance of the organisation. Now, we know that EASA has a “Performance Dashboard” (whereby they will evaluate the performance of Design Organisations), but this is an EASA tool used to satisfy their objectives (i.e. compliance to EASA regulations). Pro-active organisations should self-evaluate how well their Management System both ensures and assures the performance to their own objectives. Note that, internally, these objectives may be extended to include Financial objectives, Occupational Health & Safety obligations, REACH obligations, Quality Approval objectives (e.g. AS9100), as well contractual obligations. Together, these form the “Regulatory Environment” within which the organisation has to navigate. The move towards performance-based regulation is driving a sharper focus in organisations on how to address the integration of business and compliance activities more effectively.

The need to evaluate organisational performance is not new, it is only becoming more explicit now.  It has always been implicit in the EASA regulatory framework work. For instance:

In the Basic Regulation (216/2008), Annex 1 para 3.a.2 stated that “the organisation must implement and maintain a management system to ensure compliance with these essential requirements for airworthiness and aim for continuous improvement of this system”.  The underlying texts appears multiple times in the new version of the Basic Regulation (2018/1139)

21.A.139(e)) requires Production Organisations to “monitor compliance with, and adequacy of, the documented procedures of the quality system” (still in EMAR 21.A.239(b)(2)),

21.A.239(e) requires Design Organisations to “independently monitor the compliance with, and adequacy of, the documented procedures of the system” (still in EMAR 21.A.239(a)(3)).

Many organisations are now taking a proactive stance to set themselves up for success, enabling them to assure themselves and their stakeholders that they have the Capacity, Competence and Capability to provide Consistent results (I call these the “explosive C-4 needed for success”).

So, if you are starting on this journey, what is your first step? The regulator will not tell you what to do, but will be moving towards a performance based approach. Well, we propose it is all about building strong foundations rooted in an organisational set up that clearly reflects the lines of accountability and responsibility. Our approach to use our SMARRT TOOLKIT ( to, inter alia.

Assess where you are on your PSOE journey

  • Improve your decision-making and prioritisation on where you need to focus effort with reliable measures and reporting mechanisms
  • Establish clear areas of ownership and demonstration
  • Ensure effective delegation to process owners so that performance becomes the heart of the organisation.

SMS is not a silo - the intent is to integrate it with business as usual. Safety management should be something that all managers would commit to because it makes good business sense. This means we need to integrate compliance and safety with business processes and operations so that they are not regarded as separate and parallel activities with separate lines of costs and resourcing. This approach is not new, it has already been trialled in the regulations pertaining to operators.

If we get it right, (i.e. full harmonization or our management systems), then we can increase stakeholder confidence by demonstrating how we are performing financially/efficiently whilst simultaneously meeting our compliance obligations, thereby lowering organisational risk.

The written word (e.g. procedures) does not produce SMS outputs. When it comes to organisational performance, the question has changed from “Are we compliant?” to the far more robust and intrusive questions of “How well are we managing compliance?”, “How well are we controlling our business?” and “Where are we weak/vulnerable?”. Only once we can answer these questions can we move away from a re-active management system to a pro-active (and dare I say predictive) Safety Management System.

When it comes to adopting the ICAO Annex 19 requirements into the EASA regulatory framework, Part 21 was last to the table. However, Baines Simmons can provide Design and Production Organisations with the opportunity to learn from the mistakes made, and challenges overcome, during initial SMS implementation into the operational environment.