22
14 CFR Ch. I (1–1–24 Edition)
§ 3.205
modifying, suspending, or revoking any
certificate or part of a certificate
issued by the FAA.
§ 3.205
Effect of Transportation Secu-
rity Administration notification on
applications by individuals for a
certificate or any part of a certifi-
cate.
(a) When the TSA notifies the FAA
that an individual who has applied for
a certificate or any part of a certificate
issued by the FAA poses, or is sus-
pected of posing, a risk of air piracy or
terrorism or a threat to airline or pas-
senger safety, the FAA will hold the in-
dividual’s certificate applications in
abeyance pending further notification
from the TSA.
(b) When the TSA notifies the FAA
that the TSA has made a final security
threat determination regarding an in-
dividual, the FAA will deny all the in-
dividual’s certificate applications. Al-
ternatively, if the TSA notifies the
FAA that it has withdrawn its security
threat determination, the FAA will
continue processing the individual’s
applications.
PART 5—SAFETY MANAGEMENT
SYSTEMS
Subpart A—General
Sec.
5.1
Applicability.
5.3
General requirements.
5.5
Definitions.
Subpart B—Safety Policy
5.21
Safety policy.
5.23
Safety accountability and authority.
5.25
Designation and responsibilities of re-
quired safety management personnel.
5.27
Coordination of emergency response
planning.
Subpart C—Safety Risk Management
5.51
Applicability.
5.53
System analysis and hazard identifica-
tion.
5.55
Safety risk assessment and control.
Subpart D—Safety Assurance
5.71
Safety performance monitoring and
measurement.
5.73
Safety performance assessment.
5.75
Continuous improvement.
Subpart E—Safety Promotion
5.91
Competencies and training.
5.93
Safety communication.
Subpart F—SMS Documentation and
Recordkeeping
5.95
SMS documentation.
5.97
SMS records.
A
UTHORITY
: Pub. L. 111–216, sec. 215 (Aug. 1,
2010); 49 U.S.C. 106(f), 106(g), 40101, 40113,
40119, 41706, 44101, 44701–44702, 44705, 44709–
44711, 44713, 44716–44717, 44722, 46105.
S
OURCE
: 80 FR 1326, Jan. 8, 2015, unless oth-
erwise noted.
Subpart A—General
§ 5.1
Applicability.
(a) A certificate holder under part 119
of this chapter authorized to conduct
operations in accordance with the re-
quirements of part 121 of this chapter
must have a Safety Management Sys-
tem that meets the requirements of
this part and is acceptable to the Ad-
ministrator by March 9, 2018.
(b) A certificate holder must submit
an implementation plan to the FAA
Administrator for review no later than
September 9, 2015. The implementation
plan must be approved no later than
March 9, 2016.
(c) The implementation plan may in-
clude any of the certificate holder’s ex-
isting programs, policies, or procedures
that it intends to use to meet the re-
quirements of this part, including com-
ponents of an existing SMS.
[80 FR 1326, Jan. 8, 2015, as amended at 80 FR
1584, Jan. 13, 2015]
§ 5.3
General requirements.
(a) Any certificate holder required to
have a Safety Management System
under this part must submit the Safety
Management System to the Adminis-
trator for acceptance. The SMS must
be appropriate to the size, scope, and
complexity of the certificate holder’s
operation and include at least the fol-
lowing components:
(1) Safety policy in accordance with
the requirements of subpart B of this
part;
(2) Safety risk management in ac-
cordance with the requirements of sub-
part C of this part;
VerDate Sep<11>2014
09:06 Jun 28, 2024
Jkt 262046
PO 00000
Frm 00032
Fmt 8010
Sfmt 8010
Y:\SGML\262046.XXX
262046
jspears on DSK121TN23PROD with CFR
23
Federal Aviation Administration, DOT
§ 5.23
(3) Safety assurance in accordance
with the requirements of subpart D of
this part; and
(4) Safety promotion in accordance
with the requirements of subpart E of
this part.
(b) The Safety Management System
must be maintained in accordance with
the recordkeeping requirements in sub-
part F of this part.
(c) The Safety Management System
must ensure compliance with the rel-
evant regulatory standards in chapter I
of Title 14 of the Code of Federal Regu-
lations.
§ 5.5
Definitions.
Hazard means a condition that could
foreseeably cause or contribute to an
aircraft accident as defined in 49 CFR
830.2.
Risk means the composite of pre-
dicted severity and likelihood of the
potential effect of a hazard.
Risk control means a means to reduce
or eliminate the effects of hazards.
Safety assurance means processes
within the SMS that function system-
atically to ensure the performance and
effectiveness of safety risk controls
and that the organization meets or ex-
ceeds its safety objectives through the
collection, analysis, and assessment of
information.
Safety Management System (SMS)
means the formal, top-down, organiza-
tion-wide approach to managing safety
risk and assuring the effectiveness of
safety risk controls. It includes sys-
tematic procedures, practices, and poli-
cies for the management of safety risk.
Safety objective means a measurable
goal or desirable outcome related to
safety.
Safety performance means realized or
actual safety accomplishment relative
to the organization’s safety objectives.
Safety policy means the certificate
holder’s documented commitment to
safety, which defines its safety objec-
tives and the accountabilities and re-
sponsibilities of its employees in re-
gards to safety.
Safety promotion means a combina-
tion of training and communication of
safety information to support the im-
plementation and operation of an SMS
in an organization.
Safety Risk Management means a proc-
ess within the SMS composed of de-
scribing the system, identifying the
hazards, and analyzing, assessing and
controlling risk.
Subpart B—Safety Policy
§ 5.21
Safety policy.
(a) The certificate holder must have
a safety policy that includes at least
the following:
(1) The safety objectives of the cer-
tificate holder.
(2) A commitment of the certificate
holder to fulfill the organization’s safe-
ty objectives.
(3) A clear statement about the pro-
vision of the necessary resources for
the implementation of the SMS.
(4) A safety reporting policy that de-
fines requirements for employee re-
porting of safety hazards or issues.
(5) A policy that defines unacceptable
behavior and conditions for discipli-
nary action.
(6) An emergency response plan that
provides for the safe transition from
normal to emergency operations in ac-
cordance with the requirements of
§ 5.27.
(b) The safety policy must be signed
by the accountable executive described
in § 5.25.
(c) The safety policy must be docu-
mented and communicated throughout
the certificate holder’s organization.
(d) The safety policy must be regu-
larly reviewed by the accountable exec-
utive to ensure it remains relevant and
appropriate to the certificate holder.
§ 5.23
Safety accountability and au-
thority.
(a) The certificate holder must define
accountability for safety within the or-
ganization’s safety policy for the fol-
lowing individuals:
(1) Accountable executive, as de-
scribed in § 5.25.
(2) All members of management in
regard to developing, implementing,
and maintaining SMS processes within
their area of responsibility, including,
but not limited to:
(i) Hazard identification and safety
risk assessment.
(ii) Assuring the effectiveness of safe-
ty risk controls.
VerDate Sep<11>2014
09:06 Jun 28, 2024
Jkt 262046
PO 00000
Frm 00033
Fmt 8010
Sfmt 8010
Y:\SGML\262046.XXX
262046
jspears on DSK121TN23PROD with CFR
24
14 CFR Ch. I (1–1–24 Edition)
§ 5.25
(iii) Promoting safety as required in
subpart E of this part.
(iv) Advising the accountable execu-
tive on the performance of the SMS
and on any need for improvement.
(3) Employees relative to the certifi-
cate holder’s safety performance.
(b) The certificate holder must iden-
tify the levels of management with the
authority to make decisions regarding
safety risk acceptance.
§ 5.25
Designation and responsibilities
of required safety management per-
sonnel.
(a)
Designation of the accountable exec-
utive. The certificate holder must iden-
tify an accountable executive who, ir-
respective of other functions, satisfies
the following:
(1) Is the final authority over oper-
ations authorized to be conducted
under the certificate holder’s certifi-
cate(s).
(2) Controls the financial resources
required for the operations to be con-
ducted under the certificate holder’s
certificate(s).
(3) Controls the human resources re-
quired for the operations authorized to
be conducted under the certificate
holder’s certificate(s).
(4) Retains ultimate responsibility
for the safety performance of the oper-
ations conducted under the certificate
holder’s certificate.
(b)
Responsibilities of the accountable
executive. The accountable executive
must accomplish the following:
(1) Ensure that the SMS is properly
implemented and performing in all
areas of the certificate holder’s organi-
zation.
(2) Develop and sign the safety policy
of the certificate holder.
(3) Communicate the safety policy
throughout the certificate holder’s or-
ganization.
(4) Regularly review the certificate
holder’s safety policy to ensure it re-
mains relevant and appropriate to the
certificate holder.
(5) Regularly review the safety per-
formance of the certificate holder’s or-
ganization and direct actions necessary
to address substandard safety perform-
ance in accordance with § 5.75.
(c)
Designation of management per-
sonnel. The accountable executive must
designate sufficient management per-
sonnel who, on behalf of the account-
able executive, are responsible for the
following:
(1) Coordinate implementation,
maintenance, and integration of the
SMS throughout the certificate hold-
er’s organization.
(2) Facilitate hazard identification
and safety risk analysis.
(3) Monitor the effectiveness of safe-
ty risk controls.
(4) Ensure safety promotion through-
out the certificate holder’s organiza-
tion as required in subpart E of this
part.
(5) Regularly report to the account-
able executive on the performance of
the SMS and on any need for improve-
ment.
§ 5.27
Coordination of emergency re-
sponse planning.
Where emergency response proce-
dures are necessary, the certificate
holder must develop and the account-
able executive must approve as part of
the safety policy, an emergency re-
sponse plan that addresses at least the
following:
(a) Delegation of emergency author-
ity throughout the certificate holder’s
organization;
(b) Assignment of employee respon-
sibilities during the emergency; and
(c) Coordination of the certificate
holder’s emergency response plans with
the emergency response plans of other
organizations it must interface with
during the provision of its services.
Subpart C—Safety Risk
Management
§ 5.51
Applicability.
A certificate holder must apply safe-
ty risk management to the following:
(a) Implementation of new systems.
(b) Revision of existing systems.
(c) Development of operational proce-
dures.
(d) Identification of hazards or inef-
fective risk controls through the safety
assurance processes in subpart D of
this part.
VerDate Sep<11>2014
09:06 Jun 28, 2024
Jkt 262046
PO 00000
Frm 00034
Fmt 8010
Sfmt 8010
Y:\SGML\262046.XXX
262046
jspears on DSK121TN23PROD with CFR
25
Federal Aviation Administration, DOT
§ 5.73
§ 5.53
System analysis and hazard
identification.
(a) When applying safety risk man-
agement, the certificate holder must
analyze the systems identified in § 5.51.
Those system analyses must be used to
identify hazards under paragraph (c) of
this section, and in developing and im-
plementing risk controls related to the
system under § 5.55(c).
(b) In conducting the system anal-
ysis, the following information must be
considered:
(1) Function and purpose of the sys-
tem.
(2) The system’s operating environ-
ment.
(3) An outline of the system’s proc-
esses and procedures.
(4) The personnel, equipment, and fa-
cilities necessary for operation of the
system.
(c) The certificate holder must de-
velop and maintain processes to iden-
tify hazards within the context of the
system analysis.
§ 5.55
Safety risk assessment and con-
trol.
(a) The certificate holder must de-
velop and maintain processes to ana-
lyze safety risk associated with the
hazards identified in § 5.53(c).
(b) The certificate holder must define
a process for conducting risk assess-
ment that allows for the determination
of acceptable safety risk.
(c) The certificate holder must de-
velop and maintain processes to de-
velop safety risk controls that are nec-
essary as a result of the safety risk as-
sessment process under paragraph (b)
of this section.
(d) The certificate holder must evalu-
ate whether the risk will be acceptable
with the proposed safety risk control
applied, before the safety risk control
is implemented.
Subpart D—Safety Assurance
§ 5.71
Safety performance monitoring
and measurement.
(a) The certificate holder must de-
velop and maintain processes and sys-
tems to acquire data with respect to its
operations, products, and services to
monitor the safety performance of the
organization. These processes and sys-
tems must include, at a minimum, the
following:
(1) Monitoring of operational proc-
esses.
(2) Monitoring of the operational en-
vironment to detect changes.
(3) Auditing of operational processes
and systems.
(4) Evaluations of the SMS and oper-
ational processes and systems.
(5) Investigations of incidents and ac-
cidents.
(6) Investigations of reports regard-
ing potential non-compliance with reg-
ulatory standards or other safety risk
controls established by the certificate
holder through the safety risk manage-
ment process established in subpart C
of this part.
(7) A confidential employee reporting
system in which employees can report
hazards, issues, concerns, occurrences,
incidents, as well as propose solutions
and safety improvements.
(b) The certificate holder must de-
velop and maintain processes that ana-
lyze the data acquired through the
processes and systems identified under
paragraph (a) of this section and any
other relevant data with respect to its
operations, products, and services.
[80 FR 1326, Jan. 8, 2015, as amended at 82 FR
24010, May 25, 2017]
§ 5.73
Safety performance assessment.
(a) The certificate holder must con-
duct assessments of its safety perform-
ance against its safety objectives,
which include reviews by the account-
able executive, to:
(1) Ensure compliance with the safety
risk controls established by the certifi-
cate holder.
(2) Evaluate the performance of the
SMS.
(3) Evaluate the effectiveness of the
safety risk controls established under
§ 5.55(c) and identify any ineffective
controls.
(4) Identify changes in the oper-
ational environment that may intro-
duce new hazards.
(5) Identify new hazards.
(b) Upon completion of the assess-
ment, if ineffective controls or new
hazards are identified under paragraphs
(a)(2) through (5) of this section, the
certificate holder must use the safety
VerDate Sep<11>2014
09:06 Jun 28, 2024
Jkt 262046
PO 00000
Frm 00035
Fmt 8010
Sfmt 8010
Y:\SGML\262046.XXX
262046
jspears on DSK121TN23PROD with CFR
26
14 CFR Ch. I (1–1–24 Edition)
§ 5.75
risk management process described in
subpart C of this part.
§ 5.75
Continuous improvement.
The certificate holder must establish
and implement processes to correct
safety performance deficiencies identi-
fied in the assessments conducted
under § 5.73.
Subpart E—Safety Promotion
§ 5.91
Competencies and training.
The certificate holder must provide
training to each individual identified
in § 5.23 to ensure the individuals attain
and maintain the competencies nec-
essary to perform their duties relevant
to the operation and performance of
the SMS.
§ 5.93
Safety communication.
The certificate holder must develop
and maintain means for commu-
nicating safety information that, at a
minimum:
(a) Ensures that employees are aware
of the SMS policies, processes, and
tools that are relevant to their respon-
sibilities.
(b) Conveys hazard information rel-
evant to the employee’s responsibil-
ities.
(c) Explains why safety actions have
been taken.
(d) Explains why safety procedures
are introduced or changed.
Subpart F—SMS Documentation
and Recordkeeping
§ 5.95
SMS documentation.
The certificate holder must develop
and maintain SMS documentation that
describes the certificate holder’s:
(a) Safety policy.
(b) SMS processes and procedures.
§ 5.97
SMS records.
(a) The certificate holder must main-
tain records of outputs of safety risk
management processes as described in
subpart C of this part. Such records
must be retained for as long as the con-
trol remains relevant to the operation.
(b) The certificate holder must main-
tain records of outputs of safety assur-
ance processes as described in subpart
D of this part. Such records must be re-
tained for a minimum of 5 years.
(c) The certificate holder must main-
tain a record of all training provided
under § 5.91 for each individual. Such
records must be retained for as long as
the individual is employed by the cer-
tificate holder.
(d) The certificate holder must retain
records of all communications provided
under § 5.93 for a minimum of 24 con-
secutive calendar months.
VerDate Sep<11>2014
09:06 Jun 28, 2024
Jkt 262046
PO 00000
Frm 00036
Fmt 8010
Sfmt 8010
Y:\SGML\262046.XXX
262046
jspears on DSK121TN23PROD with CFR