Written by Baines Simmons Principal Consultant, Duane Kritzinger
The UK MAA have recently released revision 8 of RA1205, which regards Air System Safety Cases. The Safety Case owners now need to ensure compliance with RA1205, and this seems to be driving renewed interest in the role of Def Stan 00-056.
The UK MoD first promulgated Def Stan 00-056 back in 1991 and have since enforced it contractually on all providers of products, services and/or systems to the UK MoD. The title of this standard is “Safety Management Requirements for Defence System”, and the focus of the document has always been on managing the Risk to Life (RtL) associated with the operation of military systems (inclusive of aircraft, tanks, submarines, and hanger facilities) as driven by the general guidance provided by the UK’s Health & Safety Executive (HSE).
Since its inception, Def Stan 00-056 has caused much consternation and contractual arguments – not least of which in the aviation industry. Reasons include, but are not limited, to the 00-056 expectations of:
· Multiple Safety Cases without linking them together in a system hierarchy or relating them to the distinct obligation in of each stakeholder in the supply chain.
· Conducting risk assessments without standardising the criteria nor providing any indication how a stakeholder far removed from the sharp end (e.g. the maintainer of an avionic box) could possibly determine the probability and severity of an accident.
· The safety deliverables of industry (i.e. providers of products, services and/or systems to the UK MoD) whilst ignoring the absolute importance of the Safety Case command and control function of the stakeholder who actually needs to manage risk on the sharp end (a matter which the revision 7of RA1205 tried to address).
· Conducting risk assessment in the initial airworthiness domain (using the risk matrix of RA1205) without explaining how it relates to the design safety target or RA1230.
I first came across Def Stan 00-056 at Issue 2 back in 1997 and, after a few years of stakeholder wrangling on how to apply it to the aviation safety domain, this directly led to my drive to publish (in 2006) “Aircraft System Safety: Military and Civil Aeronautical Applications”. One of the aims of this (now slightly dated, but still relevant) book was to provide some clarity on the following 00-056 pertinent topics:
· The importance of distinguishing between hazards, causes and accident (Ch6)
· The application of a single set of risk criteria to the above (Ch4)
· That there should only ever be one though-life Safety Case (Ch9)
· How industry System Safety Assessments (Ch8) relate to the Safety Case (Ch9)
Since then, 00-056 has undergone a few more revisions and the present status is shown below:
In the airworthiness domain Part 1 of Def Stan 00-056 could be understood as follows:
Part 2 of Def Stan 00-056 contains Guidance Material to Part 1… with even more “shall” statements than before). Most importantly, Annexes D to K contain the contractual Data Item Descriptions (DIDs), i.e. the 8 safety deliverables entitled:
· Command Summary
· Information Set Summary
· Safety Audit Plan Safety Audit Report
· Safety Case Safety Assessment
· Hazard Log Report
· Safety Management Plan Progress Report
The DID’s raise at least two considerations:
· Astute readers would have immediately noticed that the intent of 00-056 is to support the Safety Case… it is not a Safety Management System (SMS) resembling ICAO Annex 19 (although there are common elements).
· The DIDs are not clear on who does what and when and, most importantly, does not emphasise the fact that service providers should coordinate and tailor their safety management activities to interface/support/underpin the Safety Case.
In our Def Stan 00-056 course (TR105) we speculate that the two considerations could be (not shall be) addressed via the following stakeholder interface diagram:
The illustration above is neither right nor wrong. The challenge for each programme is to clearly define/illustrate it in such a manner to reflect their peculiar circumstances and contractual relationships (i.e. who does what and when and how to coordinate to achieve the desired result in the most cost-effective manner (e.g. as explored in my most recent whitepaper, “Hazard Identification and Risk Management challenges throughout the Supply Chain”). A key driver is a sound Safety Case strategy. Unfortunately, Safety Cases (which incidentally in the airworthiness domain is an UK MoD unique concept) have historically not had the best of reputations… as can be seen from an extract from an UK MAA presentation below:
For the last few years, RA 1205 has been the UK MAA’s regulation governing Safety Cases. At Rev 7 it was updated to also reflect a dedicated “Manual of Ais System Safety Cases”:
The challenge now is for each “Senior Responsible Owner (SRO)” [RA 1205(2)] to generate an RA1205 compliant Safety Case. Until such time, all contractors who provide products, services and/or systems to the SRO will continue to struggle complying with Def Stan 00-056 because of the lack of top-down direction/command/control such a Safety Case will demand. However, in the airworthiness domain, all stakeholders can prepare and negotiate their obligations and interrelationships if they have a firm grasp of the following topics as a minimum:
· The intent and content of 00-056 (see TR105)
· The relationship between the Safety Case and supporting System Safety Assessments
· The intent of an SMS (see TS01, TS02 and TS90) Safety Audits for DIDs 3&4 (see TQ06 or TQ11)
· Risks Management and Hazard Logs for DID 6 (see TS90)
· Using Bow Ties for the visualization of risk management activity and hazard identification (see TS101)
· Safety Culture as per Def Stan 00-056 Part 1 para 6
Love it or hate it, Def Stan 00-056 is here to stay for the foreseeable future. It is thus recommended that:
· A response to an Invitation to Tender (ITT) will demand 00-056 compliance. Problem is that the tender response is then evaluated by someone who often does not understand the practical implications of where you sit in the supply chain (or how far removed you are from the ADH). I would thus caution anyone asked to contract against it from accepting it without a significant review and appropriate costing.
· All providers of products, services and/or systems to the UK MoD need to make sure they understand the intent and remember it is a “standard” not a “regulation”. I would thus encourage that Service Providers use the opportunity of 00-056 courses (such as our TR105 course) to get DE&S, DT, QSEP and the MAA around the same table so as to agree realistic expectations of who does what, when and why withing the scope of the contract.