background image

22 

14 CFR Ch. I (1–1–24 Edition) 

§ 3.205 

modifying, suspending, or revoking any 
certificate or part of a certificate 
issued by the FAA. 

§ 3.205

Effect of Transportation Secu-

rity Administration notification on 
applications by individuals for a 
certificate or any part of a certifi-
cate. 

(a) When the TSA notifies the FAA 

that an individual who has applied for 
a certificate or any part of a certificate 
issued by the FAA poses, or is sus-
pected of posing, a risk of air piracy or 
terrorism or a threat to airline or pas-
senger safety, the FAA will hold the in-
dividual’s certificate applications in 
abeyance pending further notification 
from the TSA. 

(b) When the TSA notifies the FAA 

that the TSA has made a final security 
threat determination regarding an in-
dividual, the FAA will deny all the in-
dividual’s certificate applications. Al-
ternatively, if the TSA notifies the 
FAA that it has withdrawn its security 
threat determination, the FAA will 
continue processing the individual’s 
applications. 

PART 5—SAFETY MANAGEMENT 

SYSTEMS 

Subpart A—General 

Sec. 
5.1

Applicability. 

5.3

General requirements. 

5.5

Definitions. 

Subpart B—Safety Policy 

5.21

Safety policy. 

5.23

Safety accountability and authority. 

5.25

Designation and responsibilities of re-

quired safety management personnel. 

5.27

Coordination of emergency response 

planning. 

Subpart C—Safety Risk Management 

5.51

Applicability. 

5.53

System analysis and hazard identifica-

tion. 

5.55

Safety risk assessment and control. 

Subpart D—Safety Assurance 

5.71

Safety performance monitoring and 

measurement. 

5.73

Safety performance assessment. 

5.75

Continuous improvement. 

Subpart E—Safety Promotion 

5.91

Competencies and training. 

5.93

Safety communication. 

Subpart F—SMS Documentation and 

Recordkeeping 

5.95

SMS documentation. 

5.97

SMS records. 

A

UTHORITY

: Pub. L. 111–216, sec. 215 (Aug. 1, 

2010); 49 U.S.C. 106(f), 106(g), 40101, 40113, 
40119, 41706, 44101, 44701–44702, 44705, 44709– 
44711, 44713, 44716–44717, 44722, 46105. 

S

OURCE

: 80 FR 1326, Jan. 8, 2015, unless oth-

erwise noted. 

Subpart A—General 

§ 5.1

Applicability. 

(a) A certificate holder under part 119 

of this chapter authorized to conduct 
operations in accordance with the re-
quirements of part 121 of this chapter 
must have a Safety Management Sys-
tem that meets the requirements of 
this part and is acceptable to the Ad-
ministrator by March 9, 2018. 

(b) A certificate holder must submit 

an implementation plan to the FAA 
Administrator for review no later than 
September 9, 2015. The implementation 
plan must be approved no later than 
March 9, 2016. 

(c) The implementation plan may in-

clude any of the certificate holder’s ex-
isting programs, policies, or procedures 
that it intends to use to meet the re-
quirements of this part, including com-
ponents of an existing SMS. 

[80 FR 1326, Jan. 8, 2015, as amended at 80 FR 
1584, Jan. 13, 2015] 

§ 5.3

General requirements. 

(a) Any certificate holder required to 

have a Safety Management System 
under this part must submit the Safety 
Management System to the Adminis-
trator for acceptance. The SMS must 
be appropriate to the size, scope, and 
complexity of the certificate holder’s 
operation and include at least the fol-
lowing components: 

(1) Safety policy in accordance with 

the requirements of subpart B of this 
part; 

(2) Safety risk management in ac-

cordance with the requirements of sub-
part C of this part; 

VerDate Sep<11>2014 

09:06 Jun 28, 2024

Jkt 262046

PO 00000

Frm 00032

Fmt 8010

Sfmt 8010

Y:\SGML\262046.XXX

262046

jspears on DSK121TN23PROD with CFR

background image

23 

Federal Aviation Administration, DOT 

§ 5.23 

(3) Safety assurance in accordance 

with the requirements of subpart D of 
this part; and 

(4) Safety promotion in accordance 

with the requirements of subpart E of 
this part. 

(b) The Safety Management System 

must be maintained in accordance with 
the recordkeeping requirements in sub-
part F of this part. 

(c) The Safety Management System 

must ensure compliance with the rel-
evant regulatory standards in chapter I 
of Title 14 of the Code of Federal Regu-
lations. 

§ 5.5

Definitions. 

Hazard  means a condition that could 

foreseeably cause or contribute to an 
aircraft accident as defined in 49 CFR 
830.2. 

Risk  means the composite of pre-

dicted severity and likelihood of the 
potential effect of a hazard. 

Risk control means a means to reduce 

or eliminate the effects of hazards. 

Safety assurance means processes 

within the SMS that function system-
atically to ensure the performance and 
effectiveness of safety risk controls 
and that the organization meets or ex-
ceeds its safety objectives through the 
collection, analysis, and assessment of 
information. 

Safety Management System (SMS) 

means the formal, top-down, organiza-
tion-wide approach to managing safety 
risk and assuring the effectiveness of 
safety risk controls. It includes sys-
tematic procedures, practices, and poli-
cies for the management of safety risk. 

Safety objective means a measurable 

goal or desirable outcome related to 
safety. 

Safety performance means realized or 

actual safety accomplishment relative 
to the organization’s safety objectives. 

Safety policy means the certificate 

holder’s documented commitment to 
safety, which defines its safety objec-
tives and the accountabilities and re-
sponsibilities of its employees in re-
gards to safety. 

Safety promotion means a combina-

tion of training and communication of 
safety information to support the im-
plementation and operation of an SMS 
in an organization. 

Safety Risk Management means a proc-

ess within the SMS composed of de-
scribing the system, identifying the 
hazards, and analyzing, assessing and 
controlling risk. 

Subpart B—Safety Policy 

§ 5.21

Safety policy. 

(a) The certificate holder must have 

a safety policy that includes at least 
the following: 

(1) The safety objectives of the cer-

tificate holder. 

(2) A commitment of the certificate 

holder to fulfill the organization’s safe-
ty objectives. 

(3) A clear statement about the pro-

vision of the necessary resources for 
the implementation of the SMS. 

(4) A safety reporting policy that de-

fines requirements for employee re-
porting of safety hazards or issues. 

(5) A policy that defines unacceptable 

behavior and conditions for discipli-
nary action. 

(6) An emergency response plan that 

provides for the safe transition from 
normal to emergency operations in ac-
cordance with the requirements of 
§ 5.27. 

(b) The safety policy must be signed 

by the accountable executive described 
in § 5.25. 

(c) The safety policy must be docu-

mented and communicated throughout 
the certificate holder’s organization. 

(d) The safety policy must be regu-

larly reviewed by the accountable exec-
utive to ensure it remains relevant and 
appropriate to the certificate holder. 

§ 5.23

Safety accountability and au-

thority. 

(a) The certificate holder must define 

accountability for safety within the or-
ganization’s safety policy for the fol-
lowing individuals: 

(1) Accountable executive, as de-

scribed in § 5.25. 

(2) All members of management in 

regard to developing, implementing, 
and maintaining SMS processes within 
their area of responsibility, including, 
but not limited to: 

(i) Hazard identification and safety 

risk assessment. 

(ii) Assuring the effectiveness of safe-

ty risk controls. 

VerDate Sep<11>2014 

09:06 Jun 28, 2024

Jkt 262046

PO 00000

Frm 00033

Fmt 8010

Sfmt 8010

Y:\SGML\262046.XXX

262046

jspears on DSK121TN23PROD with CFR

background image

24 

14 CFR Ch. I (1–1–24 Edition) 

§ 5.25 

(iii) Promoting safety as required in 

subpart E of this part. 

(iv) Advising the accountable execu-

tive on the performance of the SMS 
and on any need for improvement. 

(3) Employees relative to the certifi-

cate holder’s safety performance. 

(b) The certificate holder must iden-

tify the levels of management with the 
authority to make decisions regarding 
safety risk acceptance. 

§ 5.25

Designation and responsibilities 

of required safety management per-
sonnel. 

(a) 

Designation of the accountable exec-

utive. The certificate holder must iden-
tify an accountable executive who, ir-
respective of other functions, satisfies 
the following: 

(1) Is the final authority over oper-

ations authorized to be conducted 
under the certificate holder’s certifi-
cate(s). 

(2) Controls the financial resources 

required for the operations to be con-
ducted under the certificate holder’s 
certificate(s). 

(3) Controls the human resources re-

quired for the operations authorized to 
be conducted under the certificate 
holder’s certificate(s). 

(4) Retains ultimate responsibility 

for the safety performance of the oper-
ations conducted under the certificate 
holder’s certificate. 

(b) 

Responsibilities of the accountable 

executive.  The accountable executive 
must accomplish the following: 

(1) Ensure that the SMS is properly 

implemented and performing in all 
areas of the certificate holder’s organi-
zation. 

(2) Develop and sign the safety policy 

of the certificate holder. 

(3) Communicate the safety policy 

throughout the certificate holder’s or-
ganization. 

(4) Regularly review the certificate 

holder’s safety policy to ensure it re-
mains relevant and appropriate to the 
certificate holder. 

(5) Regularly review the safety per-

formance of the certificate holder’s or-
ganization and direct actions necessary 
to address substandard safety perform-
ance in accordance with § 5.75. 

(c) 

Designation of management per-

sonnel. The accountable executive must 

designate sufficient management per-
sonnel who, on behalf of the account-
able executive, are responsible for the 
following: 

(1) Coordinate implementation, 

maintenance, and integration of the 
SMS throughout the certificate hold-
er’s organization. 

(2) Facilitate hazard identification 

and safety risk analysis. 

(3) Monitor the effectiveness of safe-

ty risk controls. 

(4) Ensure safety promotion through-

out the certificate holder’s organiza-
tion as required in subpart E of this 
part. 

(5) Regularly report to the account-

able executive on the performance of 
the SMS and on any need for improve-
ment. 

§ 5.27

Coordination of emergency re-

sponse planning. 

Where emergency response proce-

dures are necessary, the certificate 
holder must develop and the account-
able executive must approve as part of 
the safety policy, an emergency re-
sponse plan that addresses at least the 
following: 

(a) Delegation of emergency author-

ity throughout the certificate holder’s 
organization; 

(b) Assignment of employee respon-

sibilities during the emergency; and 

(c) Coordination of the certificate 

holder’s emergency response plans with 
the emergency response plans of other 
organizations it must interface with 
during the provision of its services. 

Subpart C—Safety Risk 

Management 

§ 5.51

Applicability. 

A certificate holder must apply safe-

ty risk management to the following: 

(a) Implementation of new systems. 
(b) Revision of existing systems. 
(c) Development of operational proce-

dures. 

(d) Identification of hazards or inef-

fective risk controls through the safety 
assurance processes in subpart D of 
this part. 

VerDate Sep<11>2014 

09:06 Jun 28, 2024

Jkt 262046

PO 00000

Frm 00034

Fmt 8010

Sfmt 8010

Y:\SGML\262046.XXX

262046

jspears on DSK121TN23PROD with CFR

background image

25 

Federal Aviation Administration, DOT 

§ 5.73 

§ 5.53

System analysis and hazard 

identification. 

(a) When applying safety risk man-

agement, the certificate holder must 
analyze the systems identified in § 5.51. 
Those system analyses must be used to 
identify hazards under paragraph (c) of 
this section, and in developing and im-
plementing risk controls related to the 
system under § 5.55(c). 

(b) In conducting the system anal-

ysis, the following information must be 
considered: 

(1) Function and purpose of the sys-

tem. 

(2) The system’s operating environ-

ment. 

(3) An outline of the system’s proc-

esses and procedures. 

(4) The personnel, equipment, and fa-

cilities necessary for operation of the 
system. 

(c) The certificate holder must de-

velop and maintain processes to iden-
tify hazards within the context of the 
system analysis. 

§ 5.55

Safety risk assessment and con-

trol. 

(a) The certificate holder must de-

velop and maintain processes to ana-
lyze safety risk associated with the 
hazards identified in § 5.53(c). 

(b) The certificate holder must define 

a process for conducting risk assess-
ment that allows for the determination 
of acceptable safety risk. 

(c) The certificate holder must de-

velop and maintain processes to de-
velop safety risk controls that are nec-
essary as a result of the safety risk as-
sessment process under paragraph (b) 
of this section. 

(d) The certificate holder must evalu-

ate whether the risk will be acceptable 
with the proposed safety risk control 
applied, before the safety risk control 
is implemented. 

Subpart D—Safety Assurance 

§ 5.71

Safety performance monitoring 

and measurement. 

(a) The certificate holder must de-

velop and maintain processes and sys-
tems to acquire data with respect to its 
operations, products, and services to 
monitor the safety performance of the 
organization. These processes and sys-

tems must include, at a minimum, the 
following: 

(1) Monitoring of operational proc-

esses. 

(2) Monitoring of the operational en-

vironment to detect changes. 

(3) Auditing of operational processes 

and systems. 

(4) Evaluations of the SMS and oper-

ational processes and systems. 

(5) Investigations of incidents and ac-

cidents. 

(6) Investigations of reports regard-

ing potential non-compliance with reg-
ulatory standards or other safety risk 
controls established by the certificate 
holder through the safety risk manage-
ment process established in subpart C 
of this part. 

(7) A confidential employee reporting 

system in which employees can report 
hazards, issues, concerns, occurrences, 
incidents, as well as propose solutions 
and safety improvements. 

(b) The certificate holder must de-

velop and maintain processes that ana-
lyze the data acquired through the 
processes and systems identified under 
paragraph (a) of this section and any 
other relevant data with respect to its 
operations, products, and services. 

[80 FR 1326, Jan. 8, 2015, as amended at 82 FR 
24010, May 25, 2017] 

§ 5.73

Safety performance assessment. 

(a) The certificate holder must con-

duct assessments of its safety perform-
ance against its safety objectives, 
which include reviews by the account-
able executive, to: 

(1) Ensure compliance with the safety 

risk controls established by the certifi-
cate holder. 

(2) Evaluate the performance of the 

SMS. 

(3) Evaluate the effectiveness of the 

safety risk controls established under 
§ 5.55(c) and identify any ineffective 
controls. 

(4) Identify changes in the oper-

ational environment that may intro-
duce new hazards. 

(5) Identify new hazards. 
(b) Upon completion of the assess-

ment, if ineffective controls or new 
hazards are identified under paragraphs 
(a)(2) through (5) of this section, the 
certificate holder must use the safety 

VerDate Sep<11>2014 

09:06 Jun 28, 2024

Jkt 262046

PO 00000

Frm 00035

Fmt 8010

Sfmt 8010

Y:\SGML\262046.XXX

262046

jspears on DSK121TN23PROD with CFR

background image

26 

14 CFR Ch. I (1–1–24 Edition) 

§ 5.75 

risk management process described in 
subpart C of this part. 

§ 5.75

Continuous improvement. 

The certificate holder must establish 

and implement processes to correct 
safety performance deficiencies identi-
fied in the assessments conducted 
under § 5.73. 

Subpart E—Safety Promotion 

§ 5.91

Competencies and training. 

The certificate holder must provide 

training to each individual identified 
in § 5.23 to ensure the individuals attain 
and maintain the competencies nec-
essary to perform their duties relevant 
to the operation and performance of 
the SMS. 

§ 5.93

Safety communication. 

The certificate holder must develop 

and maintain means for commu-
nicating safety information that, at a 
minimum: 

(a) Ensures that employees are aware 

of the SMS policies, processes, and 
tools that are relevant to their respon-
sibilities. 

(b) Conveys hazard information rel-

evant to the employee’s responsibil-
ities. 

(c) Explains why safety actions have 

been taken. 

(d) Explains why safety procedures 

are introduced or changed. 

Subpart F—SMS Documentation 

and Recordkeeping 

§ 5.95

SMS documentation. 

The certificate holder must develop 

and maintain SMS documentation that 
describes the certificate holder’s: 

(a) Safety policy. 
(b) SMS processes and procedures. 

§ 5.97

SMS records. 

(a) The certificate holder must main-

tain records of outputs of safety risk 
management processes as described in 
subpart C of this part. Such records 
must be retained for as long as the con-
trol remains relevant to the operation. 

(b) The certificate holder must main-

tain records of outputs of safety assur-
ance processes as described in subpart 
D of this part. Such records must be re-
tained for a minimum of 5 years. 

(c) The certificate holder must main-

tain a record of all training provided 
under § 5.91 for each individual. Such 
records must be retained for as long as 
the individual is employed by the cer-
tificate holder. 

(d) The certificate holder must retain 

records of all communications provided 
under § 5.93 for a minimum of 24 con-
secutive calendar months. 

VerDate Sep<11>2014 

09:06 Jun 28, 2024

Jkt 262046

PO 00000

Frm 00036

Fmt 8010

Sfmt 8010

Y:\SGML\262046.XXX

262046

jspears on DSK121TN23PROD with CFR