Notice2021-23522
Safety Management System Data
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
October 29, 2021
Issuing agencies
Transportation DepartmentFederal Aviation Administration
Abstract
The FAA is proposing to designate certain reports, data, and information created as part of the development and implementation of safety management systems (SMS) as protected information when the information is voluntarily provided to the agency. Protected information generally is not subject to public disclosure. The designation is intended to encourage certificate holders to voluntarily share SMS-related data with the FAA and to protect the voluntarily provided information if the FAA has a need to share it with other Federal agencies with safety or security responsibilities.
Full Text
<html>
<head>
<title>Federal Register, Volume 86 Issue 207 (Friday, October 29, 2021)</title>
</head>
<body><pre>
[Federal Register Volume 86, Number 207 (Friday, October 29, 2021)]
[Notices]
[Pages 60080-60084]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2021-23522]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
[Docket No.: FAA-2021-0733]
Safety Management System Data
AGENCY: Federal Aviation Administration (FAA), Department of
Transportation (DOT).
ACTION: Notice of availability and request for comments.
-----------------------------------------------------------------------
SUMMARY: The FAA is proposing to designate certain reports, data, and
information created as part of the development and implementation of
safety management systems (SMS) as protected information when the
information is voluntarily provided to the agency. Protected
information generally is not subject to public disclosure. The
designation is intended to encourage certificate holders to voluntarily
share SMS-related data with the FAA and to protect the voluntarily
provided information if the FAA has a need to share it with other
Federal agencies with safety or security responsibilities.
DATES: Send comments on or before November 29, 2021.
ADDRESSES: Send comments identified by docket number FAA-2021-0733
using any of the following methods:
<bullet> Federal eRulemaking Portal: Go to <a href="http://www.regulations.gov">http://www.regulations.gov</a> and follow the online instructions for submitting
comments.
<bullet> Fax: 202-493-2251.
<bullet> Mail: Send comments to Docket Operations, M-30; U.S.
Department of Transportation (DOT), Docket Operations, M-30, West
Building Ground Floor, Room W12-140, 1200 New Jersey Avenue,
Washington, DC 20590.
<bullet> Hand Delivery: Deliver to Mail address above between 9
a.m. and 5 p.m., Monday through Friday, except Federal holidays.
<bullet> Privacy: In accordance with 5 U.S.C. 553(c), DOT solicits
comments from the public to better inform its rulemaking process. DOT
posts these comments, without edit, including any personal information
the commenter provides, to <a href="http://www.regulations.gov">http://www.regulations.gov</a>, as described in
the system of records notice (DOT/ALL-14 FDMS), which can be reviewed
at <a href="http://www.dot.gov/privacy">http://www.dot.gov/privacy</a>.
<bullet> Docket: Background documents or comments received may be
read at <a href="http://www.regulations.gov">http://www.regulations.gov</a> at any time. Follow the online
instructions for accessing the docket or go to the Docket Operations in
Room W12-140 of the West Building Ground Floor at 1200 New Jersey
Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday through
Friday, except Federal holidays.
FOR FURTHER INFORMATION CONTACT: Dale Whitmore, Flight Standards
Service, AFS-910, Federal Aviation Administration, 800 Independence
Ave. SW, Washington, DC 20591, telephone (703) 342-9253.
SUPPLEMENTARY INFORMATION:
I. Executive Summary
The FAA is proposing to designate certain reports, data, and
information created as part of the development and implementation of
SMSs as protected from public disclosure when the information is
voluntarily provided to the agency. Part 5 of title 14 of the Code of
Federal Regulations requires that certificate holders under 14 CFR part
119 authorized to conduct operations in accordance with the
requirements of 14 CFR part 121 establish SMS. SMS may also be
developed and implemented voluntarily by other types of certificate
holders, such as, but not limited to, 14 CFR part 135 air operators,
and 14 CFR part 145 repair stations, 14 CFR part 141, 142, 147 aviation
training organizations, as well as certain other aviation service
providers such as design and manufacturing organizations and non-
certificated airports.
An SMS consists of a set of processes divided into four major
components: (1)
[[Page 60081]]
Safety policy; (2) safety risk management; (3) safety assurance; and
(4) safety promotion. The intent of these systems is to enhance the
decision-making capabilities of aviation service providers to address
risks inherent in their operations and activities.
In accordance with the FAA's statutory authority at Title 49 U.S.C.
40123 and the FAA's implementing regulations at 14 CFR part 193, as
described more fully below, the FAA is proposing that reports, data,
and other information voluntarily provided to the agency in connection
with the development and implementation of SMS be designated in an FAA
order as protected information that is not subject to public
disclosure. While this type of information enjoys some protection from
disclosure in accordance with 49 U.S.C. 44735,the FAA intends this
designation to further encourage certificate holders to voluntarily
share SMS-related data with the FAA to protect the voluntarily provided
information if the FAA has a need to share it with other Federal
agencies with safety or security responsibilities.
II. Statutory Authorities
Title 49 U.S.C. 44735 offers statutory protection from disclosure
under the Freedom of Information Act, pursuant to 5 U.S.C.
552(b)(3)(B), for certain reports, data, or other information that are
submitted to the FAA voluntarily and that are not required to be
submitted to the Administrator under any other provision of law.
Section 44735(b)(4) extends the limitation on disclosure to ``reports,
data, or other information produced or collected for purposes of
developing and implementing a safety management system acceptable to
the Administrator.'' Section 44735(b)(5) also extends the limitation on
disclosure to ``reports, analyses, and directed studies, based in whole
or in part on reports, data or other information'' related to the
development and implementation of a safety management system (SMS).
Under 49 U.S.C. 40123, notwithstanding any other provision of law,
neither the FAA Administrator nor any agency receiving information from
the Administrator shall disclose voluntarily-provided safety or
security related information if the Administrator finds that the
disclosure of the information would inhibit the voluntary provision of
that type of information and that the receipt of that type of
information aids in fulfilling the Administrator's safety and security
responsibilities; and withholding such information from disclosure
would be consistent with the Administrator's safety and security
responsibilities. This statutory provision grants the Administrator the
authority to issue regulations to carry out the provision. Those
regulations are found in 14 CFR part 193.
III. Description of Safety Management System Data Subject to the
Proposed Part 193 Program
A. SMS Description
As summarized above, an SMS consists of a set of processes divided
into four major components: (1) Safety policy; (2) safety risk
management; (3) safety assurance; and (4) safety promotion. The
principal components are safety risk management and safety assurance.
Safety policy provides overarching safety philosophy and establishes
safety responsibilities in the organization's management and staff. The
safety promotion component provides for training and competencies
necessary for safety risk management and safety assurance as well as
communication of critical safety information to the certificate
holder's workforce.
The safety risk management component consists of processes to
analyze systems, identify potential hazards in those systems, analyze
and assess risk associated with those systems, and, where necessary,
develop risk controls. These processes are required any time the
organization proposes to develop and implement new systems or
procedures or to revise existing ones. Open exchange of information on
these actions would be highly advantageous to the certificate holder
and to FAA oversight organizations tasked with evaluating and
approving, accepting, or certificating these systems and changes.
The safety assurance component is used to assess the effectiveness
of risk controls developed under the safety risk management component
and to provide a means of detecting new or otherwise unaddressed
hazards. The safety assurance component includes processes for
monitoring, auditing, and evaluating a carrier certificate holder's
technical and operational processes. It also includes processes for
internal investigations of accidents, incidents, and potential
regulatory noncompliance. The latter element also provides a structured
means of interacting with the FAA on compliance issues.
The safety assurance component further includes a requirement for
confidential employee reporting on the part of all employee groups
within the certificate holder. It also requires a safety assessment
process, including management reviews by senior management, including
the top-level accountable executive of the certificate holder.
Open exchange of information from these processes and open dialogue
on the contents of the information greatly enhances the ability of the
certificate holder and FAA oversight to assure effective compliance
with regulations as well as safety issues outside of the scope of
existing regulations.
B. Summary of SMS Part 193 Program
1. Who may participate: Certificate holders under 14 CFR part 119
authorized to conduct operations in accordance with the requirements of
14 CFR part 121 are required to have an SMS that meets the requirements
of 14 CFR part 5 and, to such extent, may participate. A certificate
holder subject to other provisions of 14 CFR may participate if that
certificate holder (i) is required to develop and implement an SMS that
meets the requirements as identified in 14 CFR part 5; or (ii) that
certificate holder voluntarily develops and implements an SMS that is
accepted by the FAA, and maintains the SMS in acceptable active status
\1\ under the SMS Voluntary Program (SMSVP) standard \2\ or under
another FAA-sponsored SMS voluntary program.
---------------------------------------------------------------------------
\1\ Active status refers to the organization's continuing to
conform to the regulations or voluntary program standards as
assessed by the FAA organization responsible for their oversight.
\2\ The SMSVP standard is derived from and functionally
equivalent to 14 CFR part 5 and is published in FAA Order 8900.1.
---------------------------------------------------------------------------
2. Data covered from protection from disclosure will not include
reports or other data involving possible criminal activity, substance
abuse, improper use of controlled substances and/or alcohol, or
intentional falsification. In addition, any record, document, or report
required for the FAA to determine statutory or regulatory compliance
that the FAA specifically requests is not considered protected.\3\
---------------------------------------------------------------------------
\3\ For example, under 14 CFR 119.59(e), the failure by any
certificate holder to make such information available to the
Administrator upon request is grounds for legal enforcement action.
---------------------------------------------------------------------------
3. How persons may participate: A certificate holder participates
by having an SMS that is applicable to that certificate holder as
described in paragraph A., above, and by voluntarily sharing
information from the SMS with the FAA.
4. Duration of this information sharing program: This program will
continue in effect as long as a certificate holder maintains the SMS
that is applicable to that certificate holder as described in paragraph
A, above.
[[Page 60082]]
IV. Proposed Findings
Based on the following findings and pursuant to the FAA's authority
under 49 U.S.C. 40123 and 14 CFR 193.7, the FAA proposes to designate
voluntarily provided information associated with the processes
described in 14 CFR part 5 as protected from disclosure in accordance
with 14 CFR part 193, including but not limited to information set
forth in the Appendix 1: \4\
---------------------------------------------------------------------------
\4\ Appendix 1 cites the processes and associated data
requirements under 14 CFR part 5.
---------------------------------------------------------------------------
1. Summary of why the FAA finds that the information will be
provided voluntarily.
The FAA anticipates that information from a certificate holder's
SMS will be provided to the FAA voluntarily to facilitate ongoing
compliance and oversight processes such as approval, acceptance, and
certification of proposed actions on the part of the organization. As a
result of this proposed designation, certificate holders will be
reassured that information they voluntarily provide from their SMS will
receive further protection from disclosure, including when the FAA
shares the information with other Federal agencies with safety or
security responsibilities.
2. Description of the type of information that may be voluntarily
provided under the program and a summary of why the FAA finds that the
information is safety or security related.
Certificate holders under 14 CFR part 119 authorized to conduct
operations in accordance with the requirements of 14 CFR part 121 may
voluntarily provide information that is associated with the processes
described in 14 CFR part 5, including but not limited to information
set forth in Appendix 1. For example, voluntary provided information
includes records of the outputs of safety risk management and safety
assurance processes, training records of employees performing risk
management and assurance processes, and safety objectives upon which
safety performance assessments are based.
Other certificate holders may voluntarily provide information that
is associated with the processes described in the voluntary SMS program
standards applicable to the specific certificate holder. Such standards
are identical to those set forth in 14 CFR part 5.
3. Summary of why the FAA finds that the disclosure of the
information would inhibit persons from voluntarily providing that type
of information.
Safety risk management and safety assurance data contains details
of an organization's internal processes, the risks that they face, and
the decisions and actions taken to address them. Disclosure of these
data could harm the certificate holder in terms of publicity and
litigation. These considerations could inhibit the willingness of
certificate holders to interact openly with the FAA on collaborative
approaches to solution of safety problems. While this type of
information enjoys some protection from disclosure in accordance with
49 U.S.C. 44735, the FAA is exercising its authority to broaden
protection from disclosure under 49 U.S.C. 40123 including in
circumstances when the FAA needs to share information with other
Federal agencies with safety or security responsibilities.
4. Summary of why the receipt of that type of information aids in
fulfilling the FAA's safety and security responsibilities.
The FAA finds that receipt of SMS information aids in fulfilling
the FAA's safety and security responsibilities. Because of its capacity
to provide early identification of needed safety improvements, an SMS
offers significant potential for incident and accident avoidance. For
example, SMS data concerning technical or operational events could
potentially identify common causal factors in producing such incidents.
Receipt of this information provides the FAA with an improved basis for
modifying procedures, policies, and regulations in order to improve
safety and efficiency. Other programs (e.g., ASAP, FOQA, VDRP) provide
some of this information from participating organizations. However, SMS
is more comprehensive, covering significant gaps that may exist, even
where these programs are in place. Moreover, SMS serves as an
integrated system, which will incorporate any existing programs.
As noted above, this information is protected from disclosure in
accordance with 49 U.S.C. 44735. However, broader protection under 49
U.S.C. 40123 further encourages submission of information to aid the
FAA in fulfilling its safety and security responsibilities, including
where the FAA shares the information with other Federal agencies with
safety or security responsibilities.
5. Summary of why withholding such information from disclosure
would be consistent with the FAA's safety and security
responsibilities, including a statement as to the circumstances under
which, and a summary of why, withholding such information from
disclosure would not be consistent with the FAA's safety and security
responsibilities, as described in 14 CFR 193.9.
The FAA finds that withholding SMS information provided to the FAA
is consistent with the FAA's safety responsibilities. The SMS
specifically provides that corrective action will be taken when
necessary.\5\ Corrective action under the SMS can be accomplished
without disclosure of protected information.
---------------------------------------------------------------------------
\5\ See 14 CFR 5.73(b) for situations where new hazards or
ineffective risk controls are found as a result of safety
performance assessments and 14 CFR 5.75 for other safety performance
deficiencies.
---------------------------------------------------------------------------
In order to explain the need for changes in FAA policies,
procedures, and regulations, the FAA may disclose de-identified (e.g.,
the identity of the source of the information and the names of the
certificate holder, the employee, and other persons redacted) summary
information that has been extracted from reports under the SMS data.
The FAA may disclose de-identified, summarized SMS information that
identifies a systemic problem in the aviation system, when other
persons need to be advised of the problem so that they can take
corrective action. The FAA may disclose de-identified aggregate
statistical information concerning SMS activities. The FAA may disclose
independently obtained information relating to any event disclosed in
SMS data.
6. Summary of how the FAA will distinguish information protected
under part 193 from information the FAA receives from other sources.
All voluntarily submitted SMS data must be clearly labeled as such.
It must be clearly labeled as follows in order to be protected under
this designation: ``WARNING: The information in this document/system is
protected from disclosure under 49 U.S.C. 40123 and/or Sec. 44735,
and/or 14 CFR part 193.'' To ensure that the FAA appropriately applies
these protections from disclosure, the FAA will take steps to ensure
that the information that a certificate holder voluntarily provides
through its SMS is segregated from any required information that the
certificate also provides through its SMS.
V. Proposed Designation
Accordingly, the Federal Aviation Administration hereby proposes to
designate the above described information submitted from a certificate
holder's SMS to be protected under 49 U.S.C. 40123 and 14 CFR part 193.
VI. Comments Invited
Interested persons are invited to comment on the proposed
designation by submitting such written data, views, or arguments as
they may desire. Comments relating to the
[[Page 60083]]
environmental, energy, federalism, or economic impact that might result
from adopting the proposal in this notice are also invited. Substantive
comments should be accompanied by cost estimates, where appropriate.
Comments should identify the notice number and should be submitted to
the docket address specified above.
The FAA will file in the docket all comments it receives, as well
as a report summarizing each substantive public contact with FAA
personnel concerning this proposed designation. Before taking action on
this proposed designation, the FAA will consider all comments it
receives on or before the closing date for comments. The FAA will
consider comments filed after the comment period has closed if it is
possible to do so without incurring expense or delay. The Agency may
change this proposal in light of the comments it receives.
VII. Availability of This Proposed Designation
An electronic copy of designation documents may be obtained from
the internet by--
<bullet> Searching the Federal eRulemaking Portal (<a href="http://www.regulations.gov">http://www.regulations.gov</a>);
<bullet> Accessing the Government Publishing Office's web page at
<a href="https://www.govinfo.gov">https://www.govinfo.gov</a>.
All documents the FAA considered in developing this proposed
designation, may be accessed from the internet through the Federal
eRulemaking Portal referenced in item (1) above.
Any person may obtain a copy of this document by submitting a
request to the Federal Aviation Administration, Air Transportation
Division, AFS-200, 800 Independence Ave. SW, Washington, DC 20591, or
by calling (202) 267-8166. Communications must identify the docket
number and title of this designation.
Issued in Washington, DC, on October 21, 2021.
Robert C. Carty,
Acting Executive Director, Flight Standards Service.
Appendix 1
Processes per 14 CFR part 5 and Flight Standards SMS Voluntary
Program (SMSVP) Standard.
Part 5 and, therefore, the SMSVP Standard are process-based
standards.\6\ That is, these standards require certificate holders
or SMSVP participants, as appropriate, to implement certain
processes but without prescriptive requirements for the
configuration, methods, or organizational structures to support
these processes. Sec. 5.97 requires records of the ``outputs'' of
Safety Risk Management (SRM) and Safety Assurance (SA) processes.
---------------------------------------------------------------------------
\6\ Additional information can be obtained in the Federal
Register Vol. 80, No. 5, Jan 8, 2015, Final Rule: Safety Management
Systems for Domestic, Flag, and Supplemental Operations Certificate
Holders, Paragraph Q.
---------------------------------------------------------------------------
The table below summarizes the process requirements in subparts
C (SRM) and D (SA). Additionally, Sec. 5.97 requires certificate
holders/participants to maintain records of training required under
Sec. 5.91 and safety communications required under Sec. 5.93.
This summary includes known data in a properly designed and
performing SMS. The exact data elements and media is at the
discretion of the certificate holder/participant, as accepted by the
FAA.
------------------------------------------------------------------------
Process or process-
Part 5 ref related information Comments
------------------------------------------------------------------------
Policy Related to Processes
------------------------------------------------------------------------
5.21(a)(1), 5.95.......... Safety Objectives.... 5.73(a) refers to
assessments,
``against (CH's)
safety objectives''.
------------------------------------------------------------------------
Safety Risk Management Processes (Records of Outputs Required per
5.97(a))
------------------------------------------------------------------------
5.53(c)................... Hazard Identification
5.55(a)................... Risk Analysis........
5.55(b)................... Risk Assessment Process for
(acceptability acceptability
decision). decisions including
tools (e.g.,
matrix).
5.55(c)................... Risk Control.........
5.55(d)................... Risk Control Pre-implementation
Effectiveness. evaluation of
estimated
effectiveness.
------------------------------------------------------------------------
Safety Assurance Processes (Records of Outputs Required per 5.97(b))
------------------------------------------------------------------------
5.71(a)(1)................ Monitoring of May have FOQA
operational relationship where
processes. used.
5.71(a)(2)................ Monitoring of
operational
environment.
5.71(a)(3)................ Auditing of May have LOSA
operational relationships where
processes and used.
systems.
5.71(a)(4)................ Evaluation of SMS and May have IEP
operational relationship where
processes. integrated.
5.71(a)(5)................ Investigations of
incidents and
accidents.
5.71(a)(6)................ Investigations of May have Compliance
reports regarding Philosophy and/or
potential VDRP implications.
noncompliance.
5.71(a)(7)................ Confidential Employee May be additional
Reporting System. requirements where
ASAP is involved.
5.71(b)................... Performance
Monitoring and
Measurement Analysis.
5.73(a)................... Safety Performance
Assessment Process
(including):
Management Review and
assessments of:
(1) Compliance with
risk controls.
(2) Performance of
the SMS.
(3) Effectiveness of
risk controls.
(4) Changes in
operational
environment.
(5) new hazards......
5.75...................... Corrective Action
Process.
------------------------------------------------------------------------
[[Page 60084]]
Training Requirements
------------------------------------------------------------------------
5.91...................... Employee training as
required.
------------------------------------------------------------------------
Communication Related to Process Outputs
------------------------------------------------------------------------
5.93...................... Communication........
<bullet> Employee
awareness of SMS.
<bullet> Hazard
information to
employees.
<bullet> Explanation
of why actions have
been taken.
<bullet> Explanation
of why safety
procedures are
introduced or
changed.
------------------------------------------------------------------------
[FR Doc. 2021-23522 Filed 10-28-21; 8:45 am]
BILLING CODE 4910-13-P
</pre></body>
</html>Indexed from Federal Register on October 29, 2021.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.