25
Federal Aviation Administration, DOT
§ 5.73
§ 5.53
System analysis and hazard
identification.
(a) When applying safety risk man-
agement, the certificate holder must
analyze the systems identified in § 5.51.
Those system analyses must be used to
identify hazards under paragraph (c) of
this section, and in developing and im-
plementing risk controls related to the
system under § 5.55(c).
(b) In conducting the system anal-
ysis, the following information must be
considered:
(1) Function and purpose of the sys-
tem.
(2) The system’s operating environ-
ment.
(3) An outline of the system’s proc-
esses and procedures.
(4) The personnel, equipment, and fa-
cilities necessary for operation of the
system.
(c) The certificate holder must de-
velop and maintain processes to iden-
tify hazards within the context of the
system analysis.
§ 5.55
Safety risk assessment and con-
trol.
(a) The certificate holder must de-
velop and maintain processes to ana-
lyze safety risk associated with the
hazards identified in § 5.53(c).
(b) The certificate holder must define
a process for conducting risk assess-
ment that allows for the determination
of acceptable safety risk.
(c) The certificate holder must de-
velop and maintain processes to de-
velop safety risk controls that are nec-
essary as a result of the safety risk as-
sessment process under paragraph (b)
of this section.
(d) The certificate holder must evalu-
ate whether the risk will be acceptable
with the proposed safety risk control
applied, before the safety risk control
is implemented.
Subpart D—Safety Assurance
§ 5.71
Safety performance monitoring
and measurement.
(a) The certificate holder must de-
velop and maintain processes and sys-
tems to acquire data with respect to its
operations, products, and services to
monitor the safety performance of the
organization. These processes and sys-
tems must include, at a minimum, the
following:
(1) Monitoring of operational proc-
esses.
(2) Monitoring of the operational en-
vironment to detect changes.
(3) Auditing of operational processes
and systems.
(4) Evaluations of the SMS and oper-
ational processes and systems.
(5) Investigations of incidents and ac-
cidents.
(6) Investigations of reports regard-
ing potential non-compliance with reg-
ulatory standards or other safety risk
controls established by the certificate
holder through the safety risk manage-
ment process established in subpart C
of this part.
(7) A confidential employee reporting
system in which employees can report
hazards, issues, concerns, occurrences,
incidents, as well as propose solutions
and safety improvements.
(b) The certificate holder must de-
velop and maintain processes that ana-
lyze the data acquired through the
processes and systems identified under
paragraph (a) of this section and any
other relevant data with respect to its
operations, products, and services.
[80 FR 1326, Jan. 8, 2015, as amended at 82 FR
24010, May 25, 2017]
§ 5.73
Safety performance assessment.
(a) The certificate holder must con-
duct assessments of its safety perform-
ance against its safety objectives,
which include reviews by the account-
able executive, to:
(1) Ensure compliance with the safety
risk controls established by the certifi-
cate holder.
(2) Evaluate the performance of the
SMS.
(3) Evaluate the effectiveness of the
safety risk controls established under
§ 5.55(c) and identify any ineffective
controls.
(4) Identify changes in the oper-
ational environment that may intro-
duce new hazards.
(5) Identify new hazards.
(b) Upon completion of the assess-
ment, if ineffective controls or new
hazards are identified under paragraphs
(a)(2) through (5) of this section, the
certificate holder must use the safety
VerDate Sep<11>2014
09:06 Jun 28, 2024
Jkt 262046
PO 00000
Frm 00035
Fmt 8010
Sfmt 8010
Y:\SGML\262046.XXX
262046
jspears on DSK121TN23PROD with CFR
26
14 CFR Ch. I (1–1–24 Edition)
§ 5.75
risk management process described in
subpart C of this part.
§ 5.75
Continuous improvement.
The certificate holder must establish
and implement processes to correct
safety performance deficiencies identi-
fied in the assessments conducted
under § 5.73.
Subpart E—Safety Promotion
§ 5.91
Competencies and training.
The certificate holder must provide
training to each individual identified
in § 5.23 to ensure the individuals attain
and maintain the competencies nec-
essary to perform their duties relevant
to the operation and performance of
the SMS.
§ 5.93
Safety communication.
The certificate holder must develop
and maintain means for commu-
nicating safety information that, at a
minimum:
(a) Ensures that employees are aware
of the SMS policies, processes, and
tools that are relevant to their respon-
sibilities.
(b) Conveys hazard information rel-
evant to the employee’s responsibil-
ities.
(c) Explains why safety actions have
been taken.
(d) Explains why safety procedures
are introduced or changed.
Subpart F—SMS Documentation
and Recordkeeping
§ 5.95
SMS documentation.
The certificate holder must develop
and maintain SMS documentation that
describes the certificate holder’s:
(a) Safety policy.
(b) SMS processes and procedures.
§ 5.97
SMS records.
(a) The certificate holder must main-
tain records of outputs of safety risk
management processes as described in
subpart C of this part. Such records
must be retained for as long as the con-
trol remains relevant to the operation.
(b) The certificate holder must main-
tain records of outputs of safety assur-
ance processes as described in subpart
D of this part. Such records must be re-
tained for a minimum of 5 years.
(c) The certificate holder must main-
tain a record of all training provided
under § 5.91 for each individual. Such
records must be retained for as long as
the individual is employed by the cer-
tificate holder.
(d) The certificate holder must retain
records of all communications provided
under § 5.93 for a minimum of 24 con-
secutive calendar months.
VerDate Sep<11>2014
09:06 Jun 28, 2024
Jkt 262046
PO 00000
Frm 00036
Fmt 8010
Sfmt 8010
Y:\SGML\262046.XXX
262046
jspears on DSK121TN23PROD with CFR