KEMENTERIAN PERHUBUNGAN

DIREKTORAT JENDERAL PERHUBUNGAN UDARA

PERATURAN DIREKTUR JENDERAL PERHUBUNGAN UDARA

NOMOR: KP 443 TAHUN 2015

TENTANG

PEDOMAN TEKNIS OPERASIONAL BAGIAN 175-03 (ADVISORY CIRCULAR

PART 175-03) PENERAPAN SISTEM MANAJEMEN KESELAMATAN PADA
PENYELENGGARA PELAYANAN INFORMASI AERONAUTIKA
(IMPLEMENTATION SAFETY MANAGEMENT SYSTEM (SMS) IN AERONAUTICAL
INFORMATION SERVICE PROVIDER)

DENGAN RAHMAT TUHAN YANG MAHA ESA

DIREKTUR JENDERAL PERHUBUNGAN UDARA,

Menimbang : a. bahwa dalam sub bagian 175.120 Peraturan Menteri

Perhubungan Nomor PM 60 Tahun 2015 tentang
Peraturan Keselamatan Penerbangan Sipil Bagian 175
(Civil Aviation Safety Regulation Part 175) Tentang
Pelayanan Informasi Aeronautika (Aeronautical
Information Service) mengatur Penyelenggara Pelayanan
Informasi Aeronautika harus memiliki dan
melaksanakan Sistem Manajemen Keselamatan;

b. bahwa berdasarkan pertimbangan sebagaimana

dimaksud pada huruf a, dipandang perlu menetapkan
Pedoman Teknis Operasional Bagian 175-03 (Advisory
Circular Part 175-03) Penerapan Sistem Manajemen
Keselamatan Pada Penyelenggara Pelayanan Informasi
Aeronautika (Implementation Safety Management System
(SMS) In Aeronautical Information Service Provider),
dengan Peraturan Direktur Jenderal Perhubungan
Udara;

Mengingat : 1. Undang-undang Nomor 1 Tahun 2009 tentang

Penerbangan (Lembaran Negara Tahun 2009 Nomor 1
Tambahan Lembaran Negara Republik Indonesia Nomor
4956);
2. Peraturan Presiden Nomor 47 Tahun 2009 tentang
Pembentukan Organisasi Kementerian Negara
Sebagaimana diubah terakhir dengan Peraturan Presiden
Nomor 13 Tahun 2014;
 3. Peraturan Presiden Nomor 24 Tahun 2010 tentang
Kedudukan, Tugas, dan Fungsi Kementerian Negara
serta Susunan Organisasi, Tugas, dan Fungsi Eselon I
Kementerian Negara sebagaimana telah diubah dengan
Peraturan Presiden Nomor 14 Tahun 2014;

4. Peraturan Menteri Perhubungan Nomor KM 13 Tahun

2009 tentang Peraturan Keselamatan Penerbangan Sipil
Bagian 143 (Civil Aviation Safety Regulation Part 143)
tentang Sertifikasi dan Persyaratan Pengoperasian Bagi
Penyelenggara Pelatihan Pelayanan Lalu Lintas
Penerbangan (Certification And Operating Requirements
For ATS Training Provider);

5. Peraturan Menteri Perhubungan Nomor KM 14 Tahun

2009 tentang Peraturan Keselamatan Penerbangan Sipil
Bagian 170 (Civil Aviation Safety Regulation Part 170)
tentang Peraturan Lalu Lintas Penerbangan (Air Traffic
Rules);
6. Peraturan Menteri Perhubungan Nomor PM 60 Tahun
2010 tentang Organisasi dan Tata Kerja Kementerian
Perhubungan sebagaimana diubah terakhir dengan
Peraturan Menteri Perhubungan Nomor PM 68 Tahun
2013;

7. Peraturan Menteri Perhubungan Nomor PM 49 Tahun

2011 tentang Peraturan Keselamatan Penerbangan Sipil
Bagian 172 (Civil Aviation Safety Regulation Part 172)
tentang Penyelenggara Pelayanan Lalu Lintas
Penerbangan (Air Traffic Service Provider);

8. Peraturan Menteri Perhubungan Nomor PM 60 Tahun

2015 tentang Peraturan Keselamatan Penerbangan Sipil
Bagian 175 (Civil Aviation Safety Regulation Part 175)
Tentang Pelayanan Informasi Aeronautika (Aeronautical
Information Service);

MEMUTUSKAN :

Menetapkan : PERATURAN DIREKTUR JENDERAL PERHUBUNGAN UDARA

TENTANG PEDOMAN TEKNIS OPERASIONAL BAGIAN 175-03
(ADVISORY CIRCULAR PART 175-03) PENERAPAN SISTEM
MANAJEMEN KESELAMATAN PADA PENYELENGGARA
PELAYANAN INFORMASI AERONAUTIKA (IMPLEMENTATION
SAFETY MANAGEMENT SYSTEM (SMS) IN AERONAUTICAL
INFORMATION SERVICE PROVIDER).
 Pasal 1

Ketentuan Pedoman Teknis Operasional Bagian 175-03

(Advisory Circular Part 175-03) Penerapan Sistem Manajemen
Keselamatan Pada Penyelenggara Pelayanan Informasi
Aeronautika (Implementation Safety Management System
(SMS) In Aeronautical Information Service Provider),
sebagaimana tercantum dalam lampiran dan merupakan bagian
tidak terpisahkan dari Peraturan.

Pasal 2

Direktur Navigasi Penerbangan mengawasi pelaksanaan

peraturan ini.

Pasal 3

Peraturan ini berlaku pada tanggal ditetapkan.

Ditetapkan di Jakarta
Pada tanggal 18 Juni 2015

DIREKTUR JENDERAL PERHUBUNGAN UDARA,

ttd

SUPRASETYO

SALINAN Peraturan ini disampaikan kepada :

1. Menteri Perhubungan;
2. Sekretaris Jenderal, Inspektur Jenderal, Para Kepala Badan di Iingkungan
Kementerian Perhubungan;
3. Para Direktur di Lingkungan Ditjen Perhubungan Udara;
4. Para Kepala Otoritas Bandar Udara;
5. Para Kepala Bandar Udara di lingkungan Ditjen Perhubungan Udara;
6. Kepala Balai Besar Kalibrasi Penerbangan;
7. Kepala Balai Teknik Penerbangan;
8. Direktur Utama Perum LPPNPI.

Salinan sesuai dengan aslinya

KEPALA BAGIAN HUKUM DAN HUMAS

S>
[EMI PAMURAHARJO
Pembina Tk I (IV/b)
NIP. 19660508 199003 1 001
 AMENDMENT RECORD

Amendment Amendment
Inserted By Pages
Number Dates
 Lampiran Peraturan Direktur Jenderal Perhubungan Udara
Nomor : KP 443 TAHUN 2015
Tanggal : 18 JUNI 2015

PEDOMAN TEKNIS OPERASIONAL BAGIAN 175-03

{ADVISORY CIRCULAR PART 17503) PENERAPAN
SISTEM MANAJEMEN KESELAMATAN PADA
PENYELENGGARA PELAYANAN INFORMASI
AERONAUTIKA (IMPLEMENTATION SAFETY
MANAGEMENT SYSTEM (SMS) IN AERONAUTICAL
INFORMATION SERVICE PROVIDER)

<
 TABLE OF CONTENT

Amendment Records i

Table of Content ii

CHAPTER I INTRODUCTION 1

CHAPTER II REFERENCES AND ASSOCIATED DOCUMENT 2

CHAPTER III TERM AND DEFINITIONS 3

CHAPTER IV SAFETY POLICY 7

4.1 Purpose, Form and Content of the Safety Policy for AIS 7
4.2 Basic Safety Management Principles 7
4.3 Safety Activities and Deliverables 8

CHAPTER V ORGANISATION OF MANAGEMENT OF SAFETY IN AIS 10

5.1 Purpose and Objectives 10
5.2 Safety Management Function in AIS Provider 10
5.2.1 The Key Feature and Responsibilities of the Safety Management.. 10
5.2.2 Safety Manager Independence and Establishment of Clear Safety
Accountability and Responsibility 11
5.2.3 Safety Accountability H
5.2.4 Example of Safety Manager Job Description 12
CHAPTER VI SAFETY ACHIEVEMENT 13
6-! Purpose and Scope of Safety Achievement to Manage Safety in AIS 13
6.1.1 Safety as a Function of Data Quality 13
6.2 Competency 14
6.3 Safety Assessment 15
6.3.1 Scope of Safety Assessment 15
6.3.2 Basis for the Safety Assessment 15
6.3.3 Safety Key Performance Indicators 17
6-4 (Safety) Occurrence Reporting and Investigation 18
6.4.1 (Safety) Occurrence Reporting 18
6.4.2 Investigation 18
6.5 Management of Safety Documentation 19
6.6 Control of External Service 20
6-7 Safety Management Elements in the Continuous Improvement
Process 21

CHAPTER VII SAFETY ASSURANCE 22

7.1 Purpose and Scope of Safety Assurance 22
7.2 Legal Requirement on Safety Assurance 22
7.3 Safety Monitoring 23
7.3.1 Methods 23
7.3.2 Outputs 23
7.3.3 Indicator and Targets for Safety Monitoring 23
7.4 Safety Records 24
7.4.1 The Role of Safety Records !!!!!.].!...!!!!!.!!!!!!.!.."!.!!.!! 24
7.4.2 Requirements Related to Safety Records 24
7.4.3 Example of Safety Records 24
7.4.4 Responsibilities Related to Safety Records 25
CHAPTER VIII SAFETY PROMOTION 26
8.1 General 26
8.2 Safety Training 27
8.3 Safety Communication 27
8.4 Safety Lesson Dissemination 27
8.5 Safety Improvement 28

LIST OF TABLE

TABLE 1. Summary ofAction and Responsibilities in Respect to the Safety

Policy g

TABLE 2. Example of Data Quality Attributes and Their Possible Definitions .. 14

TABLE 3. Example of Requirements for Quality Attributes 14
TABLE 4. Example ofa Cross Reference Matrix to Identify Elements Affected
By the Change and Interdependencies 16

in
 CHAPTER I

INTRODUCTION

1.1 The purpose of this document is provide guidance on the

implementation of Safety Management System (SMS) for Aeronatuical
Information Service (AIS) Provider. It has been developed to give
sufficient understanding on SMS concepts and the development of
management policies and processes to implement and maintain an
SMS that meets CASR Part 175 - Aeronautical Information Services
requirements and MOS 175-04 - Aeronatical Information Service
Provider. Therefore, AIS providers are encouraged to refer to this
document as their principal source of guidance on SMS.
1.2 The contents of this Manual are reviewed on an as required basis, but
not less than annually. Deputy Director for Management of
Aeronautical Information is responsible for coordinating requests for
changes and amendments to the Manual.

1.3 The approving officer and issuing authority for this Manual and
subsequent amendments is Director General of Civil Aviation.
1.4 Deputy Director for Management of Aeronautical Information is
responsible for the maintenance and distribution of this Manual.
 CHAPTER II

REFERENCES AND ASSOCIATED DOCUMENT

The following Regulations and Documents are:

a. CASR Part 175 -Aeronautical Information Services (AIS);
b. MOS 175-04 - Aeronautical Information Service (AIS) Providers
c. Annex 19 - Safety Management System (SMS);
d. Doc 9859 - Safety Management Manual (SMM); and
e. CASR SMS - Ministerial Decree Number KM 20 year 2009.
 CHAPTER III

TERM AND DEFINITIONS

Accident. An occurrence associated with the operation of an aircraft

which, in the case of a manned aircraft, takes place between the time any
person boards the aircraft with the intention of flight until such time as all
such persons have disembarked, or in the case of an unmanned aircraft,
takes place between the time the aircraft is ready to move with the purpose
of flight until such time as it comes to rest at the end of the flight and the
primary propulsion system is shut
down, in which:

a) a person is fatally or seriously injured as a result of:

— being in the aircraft, or
—direct contact with any part of the aircraft, including parts which
have become detached from the aircraft, or
— direct exposure to jet blast,

except when the injuries are from natural causes, self-inflicted or inflicted
by other persons, or when the injuries are
to stowaways hiding outside the areas normally available to the passengers
and crew; or

b) the aircraft sustains damage or structural failure which:

—adversely affects the structural strength, performance or flight
characteristics of the aircraft, and
—would normally require major repair or replacement of the affected
component,

except for engine failure or damage, when the damage is limited to a single
engine, (including its cowlings or accessories), to propellers, wing tips
antennas, probes, vanes, tires, brakes, wheels, fairings, panels, landing
gear doors, windscreens, the aircraft skin (such as small dents or puncture
holes), or for minor damages to main rotor blades, tail rotor blades, landing
gear, and those resulting from hail or bird strike (including holes in the
radome); or

c) the aircraft is missing or is completely inaccessible

Accuracy. A degree of conformance between the estimated or measured
value and the true value.

Aeronautical data. A representation of aeronautical facts, concepts or

instructions in a formalized manner suitable for communication
interpretation or processing.
 Aeronautical information. Information resulting from the assembly,
analysis and formatting of aeronautical data.

Aeroplane. Apower-driven heavier-than-air aircraft, deriving its lift in flight

chiefly from aerodynamic reactions on surfaces which remain fixed under
given conditions of flight.

Aircraft. Any machine that can derive support in the atmosphere from the
reactions of the air other than the reactions of the air against the earth's
surface

AIRAC. An acronym (aeronautical information regulation and control)

signifying a system aimed at advance notification, based on common
effective dates, of circumstances that necessitate significant changes in
operating practices.

Aeronautical information service (AIS). A service established within the

defined area of coverage responsible for the provision of aeronautical data
and aeronautical information necessary for the safety, regularity and
efficiency of air navigation.

Cyclic Redundancy Check (CRC). Amathematical algorithm applied to the

digital expression of data that provides a level of assurance against loss or
alteration of data.

Data Quality. A degree or level of confidence that the data provided meets
the requirements of the data user in terms of accuracy, resolution and
integrity.

Feature. Abstraction of real world phenomena (ISO 19101*).

Feature attribute. Characteristic ofa feature (ISO 19101*).
Helicopter. A heavier-than-air aircraft supported in flight chiefly by the
reactions of the air on one or more power-driven rotors on substantially
vertical axes.

Human Factors Principles. Principles which apply to aeronautical design,

certification, training, operations and maintenance and which seek safe
interface between the human and other system components by proper
consideration to human performance.

Incident. An occurrence, other than an accident, associated with the

operation of an aircraft which affects or could affect the safety of operation.
Integrity (Aeronautical Data). A degree of assurance that an aeronautical
data and its value have not been lost nor altered since the data origination
or authorized amendment.
 Integrity classification (aeronautical data). Classification based upon the
potential risk resulting from the use of corrupted data. Aeronautical data
are classified as:
a) Routine data: there is a very low probability when using corrupted
routine data that the continued safe flight and landing of an aircraft
would be severely at risk with the potential for catastrophe;
b) Essential data: there is a low probability when using corrupted essential
data that the continued safe flight and landing of an aircraft would be
severely at risk with the potential for catastrophe; and
c) Critical data: there is a high probability when using corrupted critical
data that the continued safe flight and landing of an aircraft would be
severely at risk with the potential for catastrophe.

Operational personnel. Personnel involved in aviation activities who are in

a position to report safety information

Quality. Degree to which a set of inherent characteristics fulfils

requirements (ISO 9000*).

Resolution. A number of units or digits to which a measured or calculated

value is expressed and used.

Safety. DGCA in which risks associated with aviation activities, related to,
or in direct support of the operation of aircraft, are reduced and controlled
to an acceptable level.

Safety management system (SMS). A systematic approach to managing

safety, including the necessary organizational structures, accountabilities,
policies and procedures.

Safety performance. Aservice provider's safety achievement as defined by

its safety performance targets and safety performance indicators
Safety performance indicator. A data-based parameter used for
monitoring and assessing safety performance

Safety performance target. The planned or intended objective for safety

performance indicator(s) over a given period.

Safety risk. The predicted probability and severity of the consequences or

outcomes of a hazard.

Serious injury. An injury which is sustained by a person in an accident

and which:
a) requires hospitalization for more than 48 hours, commencing within
seven days from the date the injury was received; or
b) results in a fracture of any bone (except simple fractures of fingers
toes or nose); or

c) involves lacerations which cause severe haemorrhage, nerve, muscle

or tendon damage; or
d) involves injury to any internal organ; or
e) involves second or third degree burns, or any burns affecting more
than 5 per cent of the body surface; or
f) involves verified exposure to infectious substances or injurious
radiation.

State safety programme (SSP). An integrated set of regulations and

activities aimed at improving safety

Traceability. Ability to trace the history, application or location of that which is

under consideration (ISO 9000*).

Validation. Confirmation, through the provision of objective evidence, that the

requirements for a specific intended use or application have been fulfilled (ISO
9000*).

Verification. Confirmation, through the provision of objective evidence, that

specified requirements have been fulfilled (ISO 9000*).
 CHAPTER IV

SAFETY POLICY

4.1 Purpose, form and content of the safety policy for AIS
i. This policy must define the AIS provider's fundamental approach
to the management of safety and must confirm its commitment
at all levels to the fulfilment of its mission statements. It is the
first important milestone when implementing safety management
objectives that define the value of safety in the overall business
and performance of the AIS provider.

ii. The safety policy should set the general direction and aspirations
for the establishment of safety management and improved safety
performance in the AIS provider organisation.

iii. The safety policy should take the form of a ment of the AIS
provider's approach to achieving acceptable or tolerable safety
and should describe the generic approaches on which the
management of safety is built and operated. The safety policy
could form part ofthe quality policy or be a separate policy in the
case of a separate safety management system.

iv. A typical safety policy document would consist of a policy

statement reflecting the AIS provider's individual approach to the
management of safety. This would be further expanded to
include a number of basic safety management principles to be
followed, such as commitment to safety, safety priority, and
safety responsibility, planning for safety, safety management,
safety standards, safety achievement, safety assurance and
safety promotion.

4.2 Basic safety management principles

i. At the same time the AIS provider's senior management should

undertake to provide the necessary resources for the effective
management of safety.

ii. The safety responsibility principle requires all of the AIS/AIM

Provider's staff to have individual responsibility for their own
actions with regard to safety, and requires the management to be
responsible for the safety performance of the organisation. Clear
and correctly allocated safety accountabilities and
responsibilities are a prerequisite for achieving the organisation's
safety objectives and for implementing effective management of
safety and an effective safety improvement process. The
responsibilities/accountabilities should be specified in the
relevant job/task description and manuals.
 iii. Planning for safety is an important prerequisite for proactive
safety management implementation. It allows the AIS provider's
safety performance to be defined and strategies, approaches and
concrete plans to be identified for the achievement of an
acceptable or tolerable level of safety of the services provided. It
allows the organisation's safety objective to be defined, and the
necessary means and resources for their achievement to be
identified.

iv. The safety achievement principle is an essential domain for the

management of safety and should comprise a set of
organisational arrangements, processes and systematic actions
(e.g. risk assessment, error reporting and investigation, etc.) to
be deployed in order to enable the AIS provider's safety
management objectives to be achieved.

v. The safety assurance principle should specify means, processes,

procedures and resources to demonstrate compliance with the
safety requirements and deliver the evidence required about the
level of safety achieved (e.g. safety surveys, safety records, etc.).
Also, the safety assurance methods used by an AIS provider
should support the identification of safety problems and the
establishment of recommendations for safety improvement. The
objective of this principle is to implement dedicated surveillance
and documenting procedures and processes in order to ensure
that the risks are being properly managed.

vi. The safety promotion principle covers the means, processes and
procedures that allow for communication of safety matters
among operational personnel and AIS provider management. It
ensures that safety lessons and key messages are disseminated
throughout the AIS provider organisation, that the
communication of safety matters is encouraged and that changes
are systematically made in order to improve safety.
4.3 Safety activities and deliverables

i. The safety policy should be written and documented under the

authority of the senior level of management of the AIS provider
approved by the DGCA (if required) and communicated to all
staff of the AIS provider.

ii. A properly communicated safety policy is a prerequisite for the

creation and development of a positive safety culture within the
AIS provider.

iii. The safety policy should be disseminated within the AIS

provider's organisation as widely as possible, by means of
internal communication channels, safety awareness workshops,
internal briefings, induction training, etc.
 111

IV. The ultimate goal of communicating the safety policy within the
AIS provider organization should be that the AIS provider's
personnel are aware of:
a. The scope of the document;
b. The importance of the management of the safety objectives;
c.
The goals of the safety policy and the management of safety;
d. The principles of the management of safety;
e. The need for safety management objectives to be afforded
the highest priority over commercial, operational,
environmental or social pressures.

v.
An AIS provider should set up a procedure to design a genuine
safety policy document and to periodically review it with a view to
updating it as necessary. The revisions are required in order to
ensure that the policy is aligned with the organisation's strategic
objectives, continuous improvement and evolution. The policy
also needs to be consistent with other policies, and its content
should not contradict other policies of the organisation.
VI. The following table summarises actions and responsibilities in
relation to the safety policy.

Safety Person AIS/AIM Addressee Records Endorse

activities/ responsible safety ment
deliverable for initiative/ function approval
production involvement
Safety policy AIS top Support All Staff Quality CEO
Production, management (Safety)
review and Manage
signature ment
Manual
Posters Safety Disseminati All Staff n/a n/a
Manager on

Communica AIS Support All Staff Activity Safety

tion provider report Departm
initiatives senior ent
management,
Safety
Manager

Table 1: Summary of actions and responsibilities in respect to

The safety policy
 CHAPTER V

ORGANISATION FOR THE MANAGEMENT OF SAFETY

IN AIS

5.1 Purpose and objective

The purpose of the safety management function in the AIS provider

organisation is to ensure the development and maintenance of the
safety management objectives defined by CASR 175.
The objective of the safety management function in AIS is to provide
and maintain the framework and allocate the necessary resources for
effective and proactive safety management that will enable the AIS
provider to meet its safety objectives.

5.2 Safety management function in the AIS Provider

A safety management function in the AIS provider should include in

general:
a. An entity (or entities - depending on the size of the organisation)
responsible for the development, implementation and
maintenance of the safety management objectives, defining the
safety accountabilities and responsibilities and developing the
processes and procedures of the AIS provider for the management
of safety;
b. Personnel with safety responsibilities.

5.2.1 The Key Features and Responsibilities of the Safety Management

a. Independence: function in the AIS provider Independence the
function needs to be independent of line management and should
ensure the connection with the SMS of the ANSP (where
appropriate);

b. Communication: the communication skills must be a key feature

for the function. It is most important that the function establishes
communication lines throughout the AIS provider.
Communication should be open on all levels;

c. Knowledge: the function needs to have comprehensive knowledge

of safety in the AIS provider and be able to answer any questions
that arise;

d. Verification and validation: the function should be a place where

the rest of the AIS provider can go to for verification and
validation of assessments, investigations and surveys on the
processes.

10
 The function should efficiently cover every aspect of the AIS provider
and should be responsible for:
a. The development, implementation and maintenance of the safety
management objectives;
b. The definition of the safety accountabilities and responsibilities;
and
c. The development of the processes and procedures for the
management of safety

5.2.2 Safety Manager Independence and Establishment of Clear Safety

Accountability and Responsibility
Several important considerations must be taken into account by the
AIS providers when establishing this safety management objective:
a. To appoint a safety manager
An independent and credible member of the management team,
who, irrespective of other duties, has the responsibility and
authority to supervise and maintain safety management
processes and procedures, but also to develop and support the
implementation of such processes and procedures on initial
deployment of the safety management objectives.

The safety manager must be wholly independent of the executive

management of the AIS provider and be responsible direct to the
same senior manager as all the executive managers are. If this
cannot be achieved in a very small organisation, then credible
evidence must be supplied that safety management
responsibilities are carried out independently and free of any
responsibility to another manager for any other job function.
b. To establish clear safety accountabilities and responsibilities
for all personnel involved in safety-related tasks
This includes unambiguous definition and allocation of
accountabilities and responsibilities for all matters of operational
safety.

Responsibility and accountability are closely related concepts.

Safety responsibility is delegated within the area of job
responsibilities, provided such delegation is documented.
Safety accountabilities define to whom the responsible person
needs to demonstrate the satisfactory discharge of their safety
responsibilities.

5.2.3 Safety Accountability

a. The accountability for safety in the AIS provider lies with the line
management that owns the risk, and the overall accountability
lies of course with the CEO. However, everybody is responsible for
the specific job they are employed to do. The difference between
accountability and responsibility can be difficult to understand,
and in some languages there is just one word for both concepts!
But if you are accountable for something, you are legally

11
 responsible for it, and can be held legally accountable, which
means you can be punished by the law.

b. The safety director/safety manager and the safety department

are support staff for the line management and are not
accountable or responsible for the safety of the organisation. It is
those who own the risk who are responsible for safety and that
should always be the line management.

c. Principal accountabilities for the safety director/safety manager

would be:
1) To promote and support development of the safety
management objectives. Therefore, somebody needs to be
assigned to do the job, and that would in most
circumstances be the safety manager;

2) To establish a communication framework within the

AIS/AIM provider which facilitates effective safety
management, i.e. clear lines of top-down and bottom-up
communication on safety between the safety manager, line
managers, senior management and line personnel;

3) To allocate the appropriate resources to safety management,

consistent with the organisation's safety policy, ensuring
that appropriate funding is available for the necessary
technical infrastructure, process maintenance, human
resources and personnel training;

4) To ensure the appropriate training and competency

assessment for all personnel assigned safety management
tasks.

d. There is no single solution for the establishment of a Coherent

safety management structure. The size of the organisation, its
mission, complexity of operations, operating environment and its
organisational safety culture will all influence the structure and
functioning ofits safety management system.
e. Any changes to the organisational structure should be assessed
to determine whether or not they might affect safety
responsibilities and accountabilities. Any necessary amendments
to previous responsibilities and accountabilities should be
properly documented.

5.2.4 Example of the Safety Manager Job Description

A sample job description for a Safety Manager is provided in ICAO
Doc 9859 "Safety Management Manual" and has the following outline-
a. Overall purpose
b. Dimensions
c. Nature and scope
d. Qualifications
e. Authority

12
 CHAPTER VI

SAFETY ACHIEVEMENT

6.1 Purpose and Scope of Safety Achievement to Manage Safety in

AIS

Safety achievement in AIS is the result of processes and/or methods

applied to attain the safety requirements of CASR 175. It should
comprise of several components:
a. Competency;
b. Safety assessment;
c. (Safety-) occurrence reporting and investigation;
d. Management of safety documentation;
e. Control of external services.

6.1.1 Safety as a Function of Data Quality

i.
The management of safety relies on a spectrum of organisational
arrangements, methods and processes to manage proactively the
risk.

n.
It was previously recognised that the major safety risk in AIS is
to introduce erroneous data in the data chain that might affect
the safety of operations. Therefore by ensuring that the quality of
data produced by the AIS satisfies the established requirements
for its intended use it will mitigate that risk and all the safety
activities should concentrate on achieving this objective.
in. Accordingly the objective of safety achievement in AIS is to
ensure that data are of a quality in accordance with their
intended use and their criticality. CASR175 has defined three
criticality categories: critical data, essential data and routine
data. High-quality data guarantee a high safety standard.
IV.
To ensure data quality for the whole data chain, AIS providers
have to fulfil the requirements laid out in CASR 175. The quality
of data can be characterised by using the following quality
attributes (this list is not exhaustive and the AIS providers could
identify additional quality attributes which might affect the
safety):

ATRIBUTE DEFINITIONS
Accuracy A degree of conformance between the estimated
or measured value and the
true value

Resolution
A number of units or digits to which a measured
or calculated value is
expressed and used
Integrity A degree of assurance that an aeronautical data
and its value has not been lost or altered since
the data origination or authorized amendment

13
 Consistensy A degree of assurance that aeronautical data
across redundant or distributed databases is in
synch with each other (equivalent).
Assurance Level The level of assurance that data is made available
to the next intended user prior to its effective
start date/time and not removed before its
effective end date/time.

Tracebility Ability to trace the history, application or location

of what which is under consideration.

Timeliness The degree of assurance that aeronautical data is

available when it is required.

Currency The degree to which aeronautical data represents

reality from the required point in time i.e. DGCA
of information of being up-to-date or not
outdated.
Plausibility The degree of assurance that aeronautical data is
seemingly valid and correct.

Format The organisation of information according to

preset specifications. A defined way of coding
information adhering to a given data model for
storage or transfer.

Completeness

Table 2: Examples of data quality attributes and their possible

Definitions

v. The fulfilment of all these requirements must be verified and

validated.

Element Accuracy Integrity Timeliness Format Resolution

RWY lm Critically AIRAC AIXM I/100sec
THR surveyed

Table 3: Example of requirements for quality attributes

6.2 Competency

It should be ensured by a set of organisational arrangements that all

staff involved throughout the aeronautical data chain are adequately
trained and have the necessary skills, competency and authorisation
to perform the range of data processing tasks they are assigned to.
Ihis could be supported by:

14
 a. Establishing a minimum set of skills and competencies for staff
acting in the aeronautical data chain;
b. Establishing processes to ensure that each member of staff
responsible for tasks in the provision of aeronautical data or
information has been briefed or trained and retains the acquired
knowledge and skills;
c. Retaining a sufficient level of qualified and competent staff;
d. Ensuring that shortfalls are identified and mitigated;
e. Implementing a continuous training process.
6.3 Safety Assessment

The objective of the safety assessment in AIS is to provide a proactive

mechanism for identifying potential hazards and finding a way of
controlling risks associated with degradation and decrease of data
quality. The AIS provider should ensure that the safety assessment is
undertaken prior to implementation of any change potentially
affecting safety and data quality, in order to demonstrate that the
change meets an acceptable level ofsafety and quality attributes.
6.3.1 Scope of the Safety Assessment

As a minimum the impact of the change on the following elements

should be addressed in a safety assessment
a. People;
b. Procedure;
c. Equipement.

6.3.2 Basis for the Safety Assessment

The following non-exhaustive pre-requisites for the safety assessment

process should be specified within the initial set-up of the
management of safety:
a. data quality attribute requirements
Should characterise a data quality attribute. Ideally at least one
measurable value should be defined for each quality attribute,
e.g. an accuracy of 1 m, meta-data availability, CRC value.
b. quality assurance processes
Describe the mechanism for verification of compliance with the
data quality attributes requirements. During the assessment it
should be checked whether a change has an impact on the
measurement ofdata and/or whether new checks are required.
c. existing safety assessment procedures
Describe the mechanism of the safety assessment processes

15
 ———

d. documented safety management processes

Provide the same information to all parties involved.

A cross reference matrix could be used to identify the elements

affected by the change.

Example: If a procedure is changed, then it should be checked

whether there is any interference with data quality attributes and
whether interdependencies exist.

Equipment Procedure People/role Information Existing

interface data etc
Accuracy
Resolution
Integrity
Consistensy
Assurance
Level
Tracebility
Timeliness
Cunency
Plausibility
Format
Completeness
>

Table 4: Example of a cross reference matrix to identify

Elements affected by the change and
Interdependencies

While every organisation has its own assessment methods, the safety
assessment should consist of the following process steps:
a. Identification of what may be affected by the change (processes,
equipment, quality attributes, people ...), including the scope and
definition of the change and all relevant uses for the eronautical
data item or dataset;

b. Conduct hazard identification and analysis, including the

identification of likelihood and severity of potential hazards and
possible interdependencies (e.g. brainstorming, simulation, task
analysis, scenario driven analysis etc.);

c. Assessment of risks (identification whether the risk is acceptable

or not and who has the authority to decide);
d. Specify mitigation measures;

e. Implement and put into effect mitigation measures which should

be supported by the management.

16
 f. Check that mitigation measures are effectively implemented (e.g.
through the safety key performance indicators) and if they
introduce any new hazard.

It is important to note that the safety assessments in AIS cannot be

conducted solely by the operational personnel of AIS or solely by the
safety experts. It is therefore of paramount importance to ensure that
the safety assessment in AIS is conducted by the operational
personnel of AIS and is supported by safety experts.

6.3.3 Safety Key Performance Indicators

i. In order to be able to verify quality attributes it is recommended

that key performance indicators which are based on requirements
for each of the quality attributes be defined and that limits be
specified.

ii. Accordingly, each quality attribute should be linked to (a)

requirement(s). Requirements should be defined in such a way
that compliance with the requirements can be measured.
Compliance should be expressed in terms of limits (i.e. targets,
warning and action limits should be specified).

iii. Adherence to the limits defined should be evaluated permanently

and evidence for maintaining compliance with the requirements
should include a statement that the required level of quality
attributes has been met. If deviations are observed, occurrence
reporting, investigation, reporting and lesson dissemination
should be initiated.

iv. By using such a measuring system, information about the safety

situation can be obtained and thus we can speak in terms of
"safety key performance indicators". As a prerequisite, the
requirements for data quality attributes should be in line with
safety objectives and the criticality of the data. This means that
the higher the criticality of a certain datum is, the more
demanding should be the related requirements and accordingly
the targets, warning and action limits.

v. The safety key performance indicators should be evaluated and

maintained in terms of changes even if no mitigation measures
for the change have been specified, e.g. in order to ensure that a
change does not degrade data quality.

17
 _ .

6.4 (Safety) Occurrence Reporting and Investigation

6.4.1 (Safety) Occurrence Reporting

i. A reporting system is a set of organisational arrangements and

systematic actions designed to facilitate the collection of
information on actual (potential) safety deficiencies and to ensure
lesson dissemination inside the AIS provider's organisation. It
should lead to a more systematic visibility of (safety) occurrences
and their causes and will act as an effective contribution to data
quality. The reporting system should be based on trust, ensure
confidentiality and follow a non-punitive policy ("just culture"),
which it is recommended should become an integral component
of the safety policy.

ii. The focus of (safety) occurrences reporting will be on:

a. Data items
b. Data errors
c. Data processing (input, maintenance, withdrawal and
deletion of data)
d. Data attributes, linked requirements and targets, warning
and action limits
e. Failures or malfunctions of the system

iii. The occurrence reporting procedure should include:

a. A definition of reported elements, e.g.:
1) Inability to provide AIS service
2) Failure of Communication function
3) Failure of Data Processing and Distribution function
4) AIS system security
b. A voluntary reporting system, encouraging personnel to
report a typical situations which they believe have
significance for safety, e.g. unusual occurrences, unusual
system behaviour, etc.
c. Definition of the systems and channels available for
reporting, e.g. written reports, automated reporting
mechanisms (logged technical system data).
d. Definition of the responsibilities in (safety) occurrence
reporting
e. Definition of reporting rules

6.4.2 Investigation

i. The purpose of investigation in AIS activities is to prevent (safety)

occurrences concerning aeronautical data themselves and
(safety) occurrences which may lead to hazards where
aeronautical data are used. This includes the gathering and
analysis of information, the drawing of conclusions, including
the determination of causes and, where appropriate, the making
of (safety) recommendations.

18
 ii. Therefore investigation procedure should include:
a. A definition of the investigation procedure, including rules,
where investigation needs to be carried out
b. Key roles and responsibilities should be defined (e.g. notifier,
investigator, safety manager, contributors ...)
c. Procedures for factual data gathering
d. A (safety) occurrence analysis procedure and risk
assessment, taking into account previous occurrences
e. A link to lesson dissemination and improvement procedures
f. Remedial actions and follow-up recommendations
g. Attention to human factors (focusing on data handling)
h. A feedback mechanism (to the reporter and persons affected
by occurrence/investigation)

6.5 Management of Safety Documentation

i Safety documentation is maintained and collected by AIS

providers to demonstrate to all stakeholders that procedures are
well defined and that operations have been and continue to be
undertaken in a safe manner.

ii The main goal of documentation and records management is to

guarantee access, accuracy, exactness, reliability, security and
quick availability of all useful information.

iii The tasks involved in meeting these objectives concern the

definition, organisation and implementation of rules in relation
to:
a. document identification
b. document drawing-up and presentation
c. document verification
d. document authorisation
e. document distribution
f. document evolution and updating
g. document filing

iv Safety records are archived for the purpose of making further

reference to them. Referencemeans:
a. Elaborating statistical data, e.g. for safety monitoring
purposes; and
b. Establishing cross references between the various types of
records such as use of safety occurrence records to support
safety assessments.

v The meaningful use of records as described above can be

achieved only provided the data stored are appropriately
maintained.

19
6.6 Control of External Services

i. Safety and quality assurance procedures used by external

suppliers should satisfy the AIS provider's internal safety and
quality standards and safety objectives, because shortfalls could
rode the acceptable level of quality attributes.

ii. Therefore the AIS provider should ensure an adequate level of

quality attributes within those activities that fall within
management of safety and external inputs. Relevant services
should be identified and assessed to maintain an appropriate
level of quality attributes within the organisation.
iii. A major goal should be:
a. To decide which external services in terms of data originators
are relevant in terms of the level of quality attributes;
b. To determine the required level of quality attributes, and
c. To achieve and maintain those levels.

iv. The AIS provider should ensure that incoming data fulfil the
requirement in accordance with legislation. This could be
supported by audits and formal arrangements specifying
requirements which address the data originator and ensure the
appropriate level of quality attributes.

v. The obligation to control external services should not be

restricted to changes but should be an ongoing continuous
process.

20
6.7 Safety Management Elements in the Continuous Improvement
Process

Safety management elements in the continuous improvement

process.

21
 CHAPTER VII

SAFETY ASSURANCE

7.1 Purpose and Scope of Safety Assurance

i The purpose of safety assurance is:

a. To provide information of activities as regards safety;
b. To confirm conformance with an SMS and/or safety
management objectives;
c. To detect changes which may suggest an element is
approaching a point at which acceptable standards of safety
can no longer be met;
d. To record and results of processes; and
e. To obtain a basis for and help determine corrective actions.

ii The above-mentioned outputs from safety assurance processes

are provided to:
a. The staff,
b. The management,
c. The regulator

iii Safety assurance is needed for all activities related to the

processing of aeronautical data that fall within the AIS provider's
responsibility and encompasses aeronautical data and
information interfaces, people, procedures and equipment.
7.2 Legal Requirements on Safety Assurance

i. Usually, safety assurance in safety management systems (e.g.

the SMSs used by ANSPs that fulfil the common requirements for
the provision of air navigation services) comprises:
a. Safety surveys;
b. Safety monitoring;
c. Safety records.

11.
It requires the organisation to have a quality management
system that will (inter alia) set up a quality assurance
programme containing procedures designed to verify that all
operations are being conducted in accordance with applicable
requirements, standards and procedures. The above mentioned
verification can be conducted by means ofinternal quality audits
which could also identify good practices for internal
dissemination.

iii. However, the other parts of safety assurance (safety monitoring

and safety records) apply to the data process that has to fulfil the
requirements in accordance with legislation.

22
 ^ ^

7.3 Safety Monitoring

7.3.1 Methods

Safety-related activities can be monitored either in the course of the

process (directly) or after the process has been carried out (by
reviewing the results of the processes). In the case of the former, the
monitoring can be continuous or regular. In the case of the latter, the
AIS automated systems (with manual or automatic input) can provide
for useful recording of both the progress of processes and their
results.

7.3.2 Outputs

i. The outputs of safety monitoring are:

a. Records of the processes and their results;
b. Error reports

ii. The creation of records of the processes and their results should
follow the procedures of the QMS of the AIS provider (e.g.
analysis of data). The records form one of the inputs for
preventive actions, i.e. the action to eliminate the causes of
potential errors.

iii. Error reporting should follow the procedures of the QMS of the
AIS provider (e.g. control of the non-conforming products). The
procedure for error reporting should be owned by the AIS Safety
function. Error reporting, measurement and corrective actions
must fulfil the requirements in accordance with legislation and
follow the procedures as described in the (Safety) Occurrence
Reporting and Investigation section of the safety achievement
chapter.

iv. The information from these sources should be recorded (see the
chapter on safety records below) and used to improve the safety
of the associated activities. It can be used either as it is or as an
input into the indicator values.

7.3.3 Indicators and Targets for Safety Monitoring

i. Indicators used for safety monitoring are parameters that
express the progress of a process with regard to safety.
Indicators can be qualitative or quantitative.
n.
One possible way of setting up quantitative indicators for safety
monitoring is described in Chapter 6.3.3: Measurable quality
attribute requirements, including targets, warning and action
limits, serve as quantitative safety key performance indicators.

23
 iii. Indicators should prompt the management system to closer
scrutiny, leading to corrective action. The safety of the activity
cannot be managed by indicators alone. Their role is simply to
point out the more complex issues in AIS.

iv. Indicators should refer to the safety aspect of data. An example

of this is the number of errors in respective data items.
v. The data for the indicator should be gathered continuously and
reviewed periodically. The data could also be used in a system
safety assessment.

vi. The actual value of an indicator is compared to its desired value

(or range of values), i.e. a target. Missing the target is a sign to
the management system that an analysis of the process should
be carried out and that corrective action should be taken.

vii. Choosing a good indicator (or set of indicators) for a particular

process makes safety monitoring more effective. As regards the
data process, the indicators used for managing the process in a
QMS could also be used for safety monitoring.
7.4 Safety Records

7.4.1 The Role of Safety Records

The safety management processes should be supported by records.

The aim is similar to that of quality management, i.e. to offer
availability, accuracy and traceability of the evidence. Using the
procedures of QMS in safety management (e.g. control of records
continual improvement, analysis of data, monitoring and
measurement, etc.) can be to an AIS provider's advantage, as there is
no need to build a separate record control system.
7.4.2 Requirements Related to Safety Records
An AIS provider's safety management processes should:
a. Specify safety records;
b. Specify the form which safety records are to take;
c. Determine the responsibilities and roles with 'regard to safety
records.

7.4.3 Examples of Safety Records

Examples of the safety records relevant to AIS activities are:

a. Error reports, feedback and rectification mechanisms;
b. Safety assessment reports;
c. AIS personnel training records;
d. maintenance records (AIS equipment);
e. Statistical safety-related records;

24
 11

f. records of corrective actions (if a finding has a safety aspect);

g. "Safety management reviews" (as part of a management review)-
h. Occurrence reports to the ANSP related to the aeronautical data
errors;
i. Evidence pertaining to aeronautical data and aeronautical
information

7.4.4 Responsibilities Related to Safety Records

i. Responsibility for managing records should be established and
known for each record. The control ofrecords, their identification
and traceability should be defined in the AIS provider's QMS.
ii. Responsibility does not always have to lie with the AIS provider
(for instance, occurrence reports are likely to be stored in the
ANSP's reporting system and serve as a basis for occurrence
investigation, which may be outside the scope of the AIS
provider). However, there should be provisions in place between
the AIS provider and the record-keeper to enable the AIS provider
to make use of the recorded evidence, e.g. to obtain feedback
take corrective action, etc.

iii. Conversely, the AIS provider should inform other parts of the
ANSP if safety records contain information which is of
importance outside the AIS. The procedures for two-way
communication should be established, ideally between the
ANSP's Safety Manager and the AIS Safety function.

25
 CHAPTER VIII

SAFETY PROMOTION

8.1 General

i. Safety promotion plays a supporting, yet important, role in

achieving effective control of safety risks during service delivery.
It is one of the major components of safety management and is
an important enabler for continuous safety improvement. Safety
promotion provides the means for AIS organisations to help
minimise the safety risks. Safety promotion can help ensure that
the right environment actively supports an individual or
organisation to freely identify areas where their policies,
procedures or processes may have gaps.

ii. Safety promotion supports safety culture communication and

dissemination of lessons learned, and is an important enabler to
the continuous improvement process. The safety promotion
process includes all efforts to modify equipment, procedures,
attitudes and behaviour aimed at improving safety.
iii. Safety promotion has four main elements, notably:
a. Safety training
b. Safety communication
c. Safety lesson dissemination
d. Safety improvement

8.2 Safety Training

i. AIS providers develop and maintain a safety training programme

to help ensure that staffare trained and competent in the area of
safety. This means that processes and procedures which ensure
that staffare trained and competent to perform their duties with
safety in mind are in place. The scope of the safety training
should be appropriate to the individual's involvement in the
safety management processes and should be adapted to fit the
needs and complexity of the organisation. The provision of
appropriate training to all staff, regardless of their level in the
organisation, is an indication of management's commitment to
an effective safety management system. This also encourages
open communication of safety issues not only among AIS staff
but also with the AIS provider's management.
ii. The safety training and education may consist of the following
processes:
a. Aprocess to identify safety training requirements;
b. Aprocess that measures the effectiveness of training;
c. Initial job-specific training incorporating ' safety
management; and
d. Refresher safety training.

26
 iii. All AIS staff should receive safety awareness training regarding:
a. Safety management roles and responsibilities;
b. Safety policy;
c. Safety management objectives;
d. Safety achievement;
e. Safety assurance;
f. Safety promotion.

8.3 Safety Communication

i Safety communication is an important enabler for improved

safety performance. Therefore, an AIS provider should, as part
of its safety promotion activities, develop and maintain formal
means for safety communication in order to:
a. Ensure that all staff are fully aware of the management
system;
b. Convey safety-critical information;
c. Explain why particular safety actions are taken; and
d. Explain why safety procedures are introduced or changed.
ii Safety communication could take various forms. The means of
safety communication could include:
a. Safety bulletins, safety notices, newsletters, magazines and
E-mail distribution lists;
b. Briefings, meetings, seminars and workshops;
c. Refresher training;
d. Websites, intranet and online.

Safety communication also encompasses the promotion of

safety-related documentation and safety procedures within the
AIS organisation.

8.4 Safety Lesson Dissemination

The objective of safety lesson dissemination is to make available

to the AIS providers staff the knowledge gained from experience
and to promote its use to improve the safety of the services

11.
Lessons learned should be communicated across all relevant
areas of the organisation, thus ensuring that benefits from
lessons learned are realised by all areas and that the impact is
recognised across the business.
m.
To minimise the safety risks associated with the increasing
volume and complexity of AIS activities, AIS providers must
adopt and apply a proactive safety management practice.
IV.
Lesson dissemination is one of the attributes of the proactive and
modern approach to managing safety. It encompasses the
sharing of best practices and safety lessons learned through the
exchange of safety information (e.g. recommendations arising out
of investigations/surveys). The source of information could also
27
 be outside the organisation and might not even come from within
the aviation field.

v. The safety communication process should be used for lesson

dissemination across all relevant staff in the AIS organisations.
This may promote the involvement of the AIS staff in proposing
solutions to operational hazards and may enable the staff to
suggest different perspectives of methods for safety improvement.

vi. The processes to be established for lesson dissemination are:

a. Collection of lessons - a systematic process to collect lessons
arising from safety investigations, and other safety activities;
b. Dissemination of lessons to staff - lessons learned are
passed to all staff concerned.
Various dissemination methods could be used, such as
presentations, reports, audio-visual tools, safety
publications, etc;
c. Incorporation into training activities - relevant information
from lessons learned should be used to improve the training
programmes and contents.

8.5 Safety Improvement

i. AIS providers should actively encourage staff to identify and

report safety issues and to submit safety improvement proposals.
These proposals, if adequate, should be implemented within the
AIS organisations.

ii. Processes and methods should be introduced to facilitate

reporting and the submission by staff of proposals for safety
improvements. A systematic way of dealing with proposals
should also be defined. The originator should receive feedback on
the decision and actions taken on the proposals.

DIREKTUR JENDERAL PERHUBUNGAN UDARA,

ttd

SUPRASETYO

Salinan sesuai dengan aslinya

KEPALA BAGIAN HUKUM DAN HUMAS

irf**
HEMIPAMURAHAR.IO
PerrtbinaTkl (IV/b)
£»Pjf#p3b508 199003 1001

28