Guidance on the Sharing of Safety Significant Information with EASA
Key Points: ARA.GEN.125 of the Authority Requirements and equivalent requirements in the domain of ATCO licencing, ATM/ANS and Aerodromes requires that competent authorities shall provide EASA with Safety Significant Information stemming from the occurrence reports received under Regulation (EU) 376/2014.
What is Safety Significant Information? Safety-significant information stemming from occurrence reports means a high-risk or potential high consequence safety issue that might be relevant for EASA’s safety action planning (such as EPAS) or that might require more immediate actions by EASA as Competent Authority. Such a safety issue might come from two main sources:
- Case 1: A safety analysis of occurrence data (a group of occurrences) that identifies an important or high-risk safety issue, an example is provided below; or
- Case 2: Information from an individual occurrence for cases where the Agency is the competent authority (E.g. such as for aircraft and products), again an example is below.
Why is this important? It is important that Safety Significant Information is shared with EASA to ensure that immediate actions can be identified where needed and others can be made aware of the situation.
Authority Coordinator for Safety Significant Information
Each competent authority should appoint a coordinator to act as the contact point for the exchange of Safety Significant Information between the competent authority and the Agency.
What to Include in an Analysis of a Safety Significant Information
When providing information to EASA about a Safety Significant Issues, this should include the following:
- A detailed description of the safety issue, including the scenario in which the safety issue has been identified.
- Information about the domains/ stakeholders affected by the safety issue, including types of operations and organisations.
Additionally, if possible the following should also be included:
- A risk assessment establishing the severity and probability of all the possible consequences of the safety issue (more information on risk assessment for authorities will be provided in further Safety Promotion material).
- Information about the existing safety barriers that are in place to prevent an accident occurring involving the safety issue.
- Information about any mitigating actions already in place or developed to deal with the safety issue.
- Information about any failing or weak barriers in the system and recommendations for future actions to control the risk.
- Any other information the competent authority considers essential for the Agency to properly assess the safety issue.
Case 1 – Safety Significant Information from an Analysis
This first situation covers an important or high-risk safety issue identified following a safety analysis of occurrence data (a group of occurrences).
Such a situation is especially relevant where a competent authority has identified a safety issue of concern that has been assessed as being high risk. In this case, first check if the issue is already captured in the European Plan for Aviation Safety (EPAS) and if suitable mitigations are already in place. If not, then provide more information to EASA as described. Two examples are provided below:
- Example – Safety Issue: Analysis of occurrences for Helicopter Emergency Medical Services (HEMS) highlights a number of high risk occurrences during landing in enclosed spaces.
- Example – Location Specific: Airlines have reported a small number of high risk occurrences during airport works at an airport outside Europe.
Case 2 - Occurrences Where the Agency is the Competent Authority
If a Member State competent authority receives an occurrence where the organisation responsible for addressing the occurrence is certified by EASA and not the relevant Member State (i.e. a design organisation, a production approval holder or a Third Country Part 145 organisation or ATO – not an exhaustive list) they should inform EASA using the process for reporting Safety Significant Information.
This reporting to EASA is needed in situations where the Member State competent authority has come to the conclusion that either the organisation certified by the Agency to which the occurrence relates has not been informed of the occurrence or that the occurrence has not been properly addressed by that organisation certified by the Agency. As a best practice the Member State competent authority should also check if the reporter has reported to the other organisations or authorities according to R1139/2018 and its Implementing Regulation.
Reporting by Multiple Certificate Holders
Key Points: If an organisation has more than one certificate with the same competent authority it is possible to send just one report for all certificates rather than have to provide multiple reports. The sending single reports should be agreed with the competent authority and organisations should identify a focal point for reporting that covers all certificates.
Why is this important? Occurrence reporting is complicated enough without requiring organisations with multiple certificates to send multiple reports to the same authority. This just adds to the workload for minimal additional benefits. This articles highlights ways to simplify the reporting processes in such situations.
Reporting by Multiple Certificate Holders
Where an organisation holds one or more additional organisation certificates within the scope of
Regulation (EC) No 216/2008 organisations are able to establish an integrated occurrence reporting
System that cover all the certificate(s) held. This guidance helps such organisations to understand their responsibilities and how they can discharge them as easily as possible.
When Single Reports Should be Provided for Individual Occurrences
Single reports for occurrences should only be provided if the following conditions are met:
- The report includes all relevant information from the perspective of the different certificates held by the organisation.
- The report provides information on all the relevant specific mandatory data fields and clearly identifies all certificate holders for which the report is made.
- All certificates have the same competent authority that authority has agreed to single reports being provide for all certificates.
Assigning Responsibilities within an Organisation
The organisation should assign responsibility for reporting to one or more suitably qualified persons who have clearly defined authority for coordinating action on occurrences and for initiating any necessary further investigation and follow-up activity.
If more than one person is assigned this responsibility, the organisation should identify a single person to act as the main focal point for ensuring a single reporting channel is established to the accountable manager. This should in particular apply to organisations holding one or more additional organisation certificates within the scope of Regulation (EC) No 216/2008 where the occurrence reporting system is fully integrated with that required under the other certificate(s) held.
Support to Design Approval Holders Investigations Between Organisations
Key Points: As well as reporting to competent authorities, effective mitigations also rely on reporting and investigation processes between organisations. Such reporting should take place when occurrence has an impact on, or is related to, an aircraft component covered by a separate design approval/authorisation (TC, STC, or ETSO) or for specific ATM and Aerodromes occurrences. Effective inter-organisation reporting relies on knowing where the interfaces exist, who to contact in advance of an occurrence taking place and the various responsibilities between the organisations involved.
Why is this important? Reporting to competent authorities is important but does not give all relevant parties a full picture of the situation around a safety issue. In some cases, there are other organisations that need to be aware of the occurrence and also that need to get involved in supporting the investigation. This article helps to improve understanding of where such inter organisation reporting is needed and what is involved.
Support to Design Holders’ Investigations Between Organisations
The process of occurrence reporting is often considered as a hierarchical activity where the organisations report upwards to their competent authorities. However, it is also important to consider the requirements for reporting between organisations should be considered. Such reporting is important to support the investigation process and subsequent mitigating actions.
Reporting between organisations depends on a range of factors including the organisation’s interfaces with other organisations, their respective safety policies and procedures, as well as the extent of contracting in accordance with ORA.GEN.205.
When Should Reporting Between Organisations Take Place?
Reporting between organization should take place when:
- It can be determined that the occurrence has an impact on, or is related to, an aircraft component covered by a separate design approval/authorisation (TC, STC, or ETSO). In this case the holders of such approval/authorisation should be informed. Any operator reporting to the design approval holder should actively support any investigations that may be initiated by that organisation. This support could include responding to information requests and making available affected components, parts or appliance. The operator should in addition consider reporting to the continuing airworthiness management organisation managing its aircraft or to the organisation maintaining its aircraft.
- For occurrences involving ATM, Aerodromes or bird/wildlife strikes, the organisation should also notify the appropriate air navigation services (ANS) provider, aerodrome operator or ground handling service provider that may also be involved in the occurrence.
How to Ensure Effective Reporting Between Organisations?
To ensure effective reporting between organisations it is important that:
- You know which organisations you interface with and have an established link/ connection with them to facilitate reporting.
- Clearly articulate the relevant Safety Issue/s that have been identified.
- Agree which organisation is responsible for taking further actions, if required, and informing the competent authority.
What Procedures for Reporting Between Organisations Should Include?
Procedures for reporting between organisations should include the detail provided below. Such procedures should be included in the organisation’s management system documentation.
- The scope of inter organisation reporting, considering the organisation’s interfaces with other organisations, including organisations contracted in accordance with ORA.GEN.205.
- A description of the reporting mechanism, including reporting forms, means, and deadlines.
- Safeguards to ensure confidentiality of the reporter and protection of personal data.
- The responsibilities of the organisations and personnel involved in reporting, including the associated reporting to the competent authority.
Guidance on Reporting System Compliance with Regulation (EU) 376/2014
Key Points: Many questions are received about what compliance with Regulation (EU) 376/2014 actually means. This article provides some basic information on some of the key areas where questions are received. This covers subjects such as the definitions of mandatory and voluntary reporting, the responsibilities for handling occurrences, reporting timescales, ECCAIRS/ ADREP compatibility and Just Culture.
Why is this important? Occurrence reporting underpins safety management principles and is an important source of information to feed the European Plan for Aviation Safety (EPAS). It is easy to get confused by the legal requirements for reporting and lose sight of its true purpose. This articles provides some simple information to help organisations to better understand Regulation (EU) 376/2014.
What Does a Compatible Occurrence Reporting System Look Like?
Many people ask what they have to do to have a compliant occurrence reporting system. This is what this article is all about. We have included the relevant references to the specific Articles of Regulation (EU) No 376/2014 are included to help understanding. In some cases there will be additional articles to provide more detailed information, go to the Occurrence Reporting home page to find the menu of all the articles available. If something is missing that you would like the answer to, let us know by sending an email to the EASA Safety Promotion Team (safetypromotion [at] easa [dot] europa [dot] eu) or give us feedback through our social media channels.
Covering Mandatory and Voluntary Reporting
Articles 4 and 5 of Regulation (EU) No 376/2014 requires that a reporting system caters for both mandatory and voluntary reporting. The simplest definition of these are:
- The mandatory reporting system covers occurrences listed in Implementing Regulation (EU) 2015/1018 and also the reporting of additional items qualifying for mandatory reporting that are defined in the EASA Implementing Rules.
- The voluntary reporting system facilitates the collection of occurrences not captured by the mandatory system but that represent an actual or potential hazard to aviation safety.
The Responsible Person for Independently Handling Occurrences
Organisations should designate one or more people to independently handle the collection, evaluation, processing, analysis and storage of details of occurrences with regard to data collection and hazard identification. In most cases this will be the safety or quality department of your organisation. It is worth noting that:
- In agreement with their competent authority, small organisations can use simplified mechanisms to ensure the collection, evaluation, processing, analysis and storage of details of occurrences. This could include sharing those tasks with other similar organisations.
- The occurrence reporting system should collect safety-relevant data, proposals and information that covers both mandatory and voluntary reporting. From this pool of safety relevant information and data collected the organisation should then determine whether a mandatory report is required or whether a voluntary report may be adequate
Reporting Timescales – What Does 72 Hours Mean?
Mandatory occurrences should be provided to the competent authority no later than 72 hours after becoming aware of the occurrence. Practically, this means that:
- The reference to “becoming aware of” an occurrence means that someone in the organisation identifies the occurrence as falling into the category of a mandatory occurrence report.
- In the case of design or production organisations the 72-hour period starts at the point when the unsafe condition is identified.
- In the case of automated data collection systems the 72-hour period starts when the person responsible for the analysis of the data detected the reportable occurrence.
- The 72-hour timeline does not apply to voluntary occurrences, which are to be reported in a timely manner (cf. Article 5 (5) & (6)).
Data Quality Checking Processes
Data quality checking processes should ensure that the information collected and the data stored in the database(s) are consistent and processes should be in place to check the following:
- Data entry errors should be identified and resolved.
- Checking completeness of data and mandatory data fields.
- The ECCAIRS/ ADREP taxonomy is used correctly to code occurrences.
- Checking consistency between initial reports and any follow up reports about an occurrence.
ECCAIRS/ ADREP Compatible Databases
The storage of occurrence should use formats that are compatible with ECCAIRS software and ADREP taxonomy (cf. Article 7(4)), please contact your competent authority directly for advice and assistance.
Organisations that are able to report through an ECCAIRS software compatible reporting system provided by their competent authority are deemed to be automatically compliant with the reporting system requirements in Article 7(4) and do not need to have their own ECCAIRS software compatible reporting system. The purpose of this is to minimise manual data entry.
The Application of the Safety Risk Management Process
The Safety Risk Management process should perform the following functions. (A dedicated article will be provided to cover this subject in more detail)
- Identify safety hazards/ issues associated with occurrences or groups of occurrences reported to the competent authority (cf. Article 13(1)).
- Analyse the related risks in terms of probability and severity of the outcome, as well as assess risks in terms of tolerability to the organisations activities.
- Based on the result of the risk assessment the process should determine the need for mitigation action/s required to improve aviation safety (cf. Article 13(2)).
- Monitor the timely implementation and effectiveness of any mitigation action required (cf. Article 13(2)).
What Happens When an Actual or Potential Risk is Identified?
Where an actual or potential aviation safety risk is identified as a result of their analysis of occurrences or group of occurrences the following actions should take place:
- Inform the competent authority about the preliminary results of the risk assessment and any associated mitigations within 30 days from being made aware of the occurrence.
- Once the final results of the risk analysis is known, inform the competent authority no later than 3 months from the date of notification of the occurrence to the authority (cf. Article 13(4)).
Just Culture and Protection of Information
Organisations should have clear processes in place within their safety policies for Just Culture and to ensure occurrence report information is adequately protected. These policies should involve consultation with staff representatives to ensure mutual agreement on their contents. A further article specifically on Just Culture and how this can be practically implemented will also be provided shortly.
- Just Culture rules are intended to ensure that employees and contracted personnel that report (or are mentioned in occurrence reports) are not subject to any prejudice based on the information in the report, unless an exception applies (c. Article 16(10)).
- Staff representatives may be nominated either by the union(s) or by the staff themselves.
- The names of those involved in the report should be protected.
Guidance on the Coordination of Occurrence Reporting
Key Points: In situations where a Member State has more than one competent authority for occurrence reporting and/or oversight, the responsibilities between them should be clear and communicated to reporters. It is important that information is shared between those authorities and there should be no duplication of reporting requirements.
Why is this important? The purpose of this article helps NAAs, Accident Investigation Bodies and other related State organisations to coordinate the management of occurrence reports collected under Regulation (EU) No 376/2014, as part of the State Safety Programme.
Competent Authority for Occurrence Reporting
Regulation (EU) No 376/2014 allows for Member States to designate different competent authorities to manage occurrences reported for “Mandatory reporting” (Article 4) and “Voluntary reporting” (Article 5). These may also be different from those designated for the oversight of persons and organisations in accordance with Regulation (EU 2018/1139and its various implementing rules that apply.
In such situations, it is important that:
- The areas of competence of each competent authority involved should be clearly defined at National Level.
- Proper coordination should be established between the different authorities involved to ensure effective oversight of all persons and organisations subject to Regulation (EU) 2018/1139and its implementing rules, within their respective remits.
- It is important that any occurrence reports addressed to the competent authority responsible for the oversight of persons and organisations in accordance with Regulation (EU) 2018/1139and its implementing rules should be shared with the competent authority established for managing occurrence reports within Regulation (EU) No 376/2014 and vice versa.
- To help individual reporters and reporting organisations the respective roles of each competent authority established in a member state should be publicised at National Level.
- Regardless of the organisational set-up in terms of competent authorities designated under Regulations (EU) No 376/2014, (EU) 2018/1139, and their implementing rules, there should be no duplication of the reporting obligations for individuals or organisations subject to those Regulations.