AGENCY:
Federal Aviation Administration (FAA), Department of Transportation (DOT).
ACTION:
Notice of availability and request for comments.
SUMMARY:
The FAA is proposing to designate certain reports, data, and information created as part of the development and implementation of safety management systems (SMS) as protected information when the information is voluntarily provided to the agency. Protected information generally is not subject to public disclosure. The designation is intended to encourage certificate holders to voluntarily share SMS-related data with the FAA and to protect the voluntarily provided information if the FAA has a need to share it with other Federal agencies with safety or security responsibilities.
DATES:
Send comments on or before November 29, 2021.
ADDRESSES:
Send comments identified by docket number FAA-2021-0733 using any of the following methods:
• Federal eRulemaking Portal: Go to http://www.regulations.gov and follow the online instructions for submitting comments.
• Fax: 202-493-2251.
• Mail: Send comments to Docket Operations, M-30; U.S. Department of Transportation (DOT), Docket Operations, M-30, West Building Ground Floor, Room W12-140, 1200 New Jersey Avenue, Washington, DC 20590.
• Hand Delivery: Deliver to Mail address above between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays.
• Privacy: In accordance with 5 U.S.C. 553(c), DOT solicits comments from the public to better inform its rulemaking process. DOT posts these comments, without edit, including any personal information the commenter provides, to http://www.regulations.gov,, as described in the system of records notice (DOT/ALL-14 FDMS), which can be reviewed at http://www.dot.gov/privacy.
• Docket: Background documents or comments received may be read at http://www.regulations.gov at any time. Follow the online instructions for accessing the docket or go to the Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays.
FOR FURTHER INFORMATION CONTACT:
Dale Whitmore, Flight Standards Service, AFS-910, Federal Aviation Administration, 800 Independence Ave. SW, Washington, DC 20591, telephone (703) 342-9253.
SUPPLEMENTARY INFORMATION:
I. Executive Summary
The FAA is proposing to designate certain reports, data, and information created as part of the development and implementation of SMSs as protected from public disclosure when the information is voluntarily provided to the agency. Part 5 of title 14 of the Code of Federal Regulations requires that certificate holders under 14 CFR part 119 authorized to conduct operations in accordance with the requirements of 14 CFR part 121 establish SMS. SMS may also be developed and implemented voluntarily by other types of certificate holders, such as, but not limited to, 14 CFR part 135 air operators, and 14 CFR part 145 repair stations, 14 CFR part 141, 142, 147 aviation training organizations, as well as certain other aviation service providers such as design and manufacturing organizations and non-certificated airports.
An SMS consists of a set of processes divided into four major components: (1) Safety policy; (2) safety risk management; (3) safety assurance; and (4) safety promotion. The intent of these systems is to enhance the decision-making capabilities of aviation service providers to address risks inherent in their operations and activities.
In accordance with the FAA's statutory authority at Title 49 U.S.C. 40123 and the FAA's implementing regulations at 14 CFR part 193, as described more fully below, the FAA is proposing that reports, data, and other information voluntarily provided to the agency in connection with the development and implementation of SMS be designated in an FAA order as protected information that is not subject to public disclosure. While this type of information enjoys some protection from disclosure in accordance with 49 U.S.C. 44735,the FAA intends this designation to further encourage certificate holders to voluntarily share SMS-related data with the FAA to protect the voluntarily provided information if the FAA has a need to share it with other Federal agencies with safety or security responsibilities.
II. Statutory Authorities
Title 49 U.S.C. 44735 offers statutory protection from disclosure under the Freedom of Information Act, pursuant to 5 U.S.C. 552(b)(3)(B), for certain reports, data, or other information that are submitted to the FAA voluntarily and that are not required to be submitted to the Administrator under any other provision of law. Section 44735(b)(4) extends the limitation on disclosure to “reports, data, or other information produced or collected for purposes of developing and implementing a safety management system acceptable to the Administrator.” Section 44735(b)(5) also extends the limitation on disclosure to “reports, analyses, and directed studies, based in whole or in part on reports, data or other information” related to the development and implementation of a safety management system (SMS).
Under 49 U.S.C. 40123, notwithstanding any other provision of law, neither the FAA Administrator nor any agency receiving information from the Administrator shall disclose voluntarily-provided safety or security related information if the Administrator finds that the disclosure of the information would inhibit the voluntary provision of that type of information and that the receipt of that type of information aids in fulfilling the Administrator's safety and security responsibilities; and withholding such information from disclosure would be consistent with the Administrator's safety and security responsibilities. This statutory provision grants the Administrator the authority to issue regulations to carry out the provision. Those regulations are found in 14 CFR part 193.
III. Description of Safety Management System Data Subject to the Proposed Part 193 Program
A. SMS Description
As summarized above, an SMS consists of a set of processes divided into four major components: (1) Safety policy; (2) safety risk management; (3) safety assurance; and (4) safety promotion. The principal components are safety risk management and safety assurance. Safety policy provides overarching safety philosophy and establishes safety responsibilities in the organization's management and staff. The safety promotion component provides for training and competencies necessary for safety risk management and safety assurance as well as communication of critical safety information to the certificate holder's workforce.
The safety risk management component consists of processes to analyze systems, identify potential hazards in those systems, analyze and assess risk associated with those systems, and, where necessary, develop risk controls. These processes are required any time the organization proposes to develop and implement new systems or procedures or to revise existing ones. Open exchange of information on these actions would be highly advantageous to the certificate holder and to FAA oversight organizations tasked with evaluating and approving, accepting, or certificating these systems and changes.
The safety assurance component is used to assess the effectiveness of risk controls developed under the safety risk management component and to provide a means of detecting new or otherwise unaddressed hazards. The safety assurance component includes processes for monitoring, auditing, and evaluating a carrier certificate holder's technical and operational processes. It also includes processes for internal investigations of accidents, incidents, and potential regulatory noncompliance. The latter element also provides a structured means of interacting with the FAA on compliance issues.
The safety assurance component further includes a requirement for confidential employee reporting on the part of all employee groups within the certificate holder. It also requires a safety assessment process, including management reviews by senior management, including the top-level accountable executive of the certificate holder.
Open exchange of information from these processes and open dialogue on the contents of the information greatly enhances the ability of the certificate holder and FAA oversight to assure effective compliance with regulations as well as safety issues outside of the scope of existing regulations.
B. Summary of SMS Part 193 Program
1. Who may participate: Certificate holders under 14 CFR part 119 authorized to conduct operations in accordance with the requirements of 14 CFR part 121 are required to have an SMS that meets the requirements of 14 CFR part 5 and, to such extent, may participate. A certificate holder subject to other provisions of 14 CFR may participate if that certificate holder (i) is required to develop and implement an SMS that meets the requirements as identified in 14 CFR part 5; or (ii) that certificate holder voluntarily develops and implements an SMS that is accepted by the FAA, and maintains the SMS in acceptable active status under the SMS Voluntary Program (SMSVP) standard or under another FAA-sponsored SMS voluntary program.
Active status refers to the organization's continuing to conform to the regulations or voluntary program standards as assessed by the FAA organization responsible for their oversight.
The SMSVP standard is derived from and functionally equivalent to 14 CFR part 5 and is published in FAA Order 8900.1.
2. Data covered from protection from disclosure will not include reports or other data involving possible criminal activity, substance abuse, improper use of controlled substances and/or alcohol, or intentional falsification. In addition, any record, document, or report required for the FAA to determine statutory or regulatory compliance that the FAA specifically requests is not considered protected.
For example, under 14 CFR 119.59(e), the failure by any certificate holder to make such information available to the Administrator upon request is grounds for legal enforcement action.
3. How persons may participate: A certificate holder participates by having an SMS that is applicable to that certificate holder as described in paragraph A., above, and by voluntarily sharing information from the SMS with the FAA.
4. Duration of this information sharing program: This program will continue in effect as long as a certificate holder maintains the SMS that is applicable to that certificate holder as described in paragraph A, above.
IV. Proposed Findings
Based on the following findings and pursuant to the FAA's authority under 49 U.S.C. 40123 and 14 CFR 193.7, the FAA proposes to designate voluntarily provided information associated with the processes described in 14 CFR part 5 as protected from disclosure in accordance with 14 CFR part 193, including but not limited to information set forth in the Appendix 1:
Appendix 1 cites the processes and associated data requirements under 14 CFR part 5.
1. Summary of why the FAA finds that the information will be provided voluntarily.
The FAA anticipates that information from a certificate holder's SMS will be provided to the FAA voluntarily to facilitate ongoing compliance and oversight processes such as approval, acceptance, and certification of proposed actions on the part of the organization. As a result of this proposed designation, certificate holders will be reassured that information they voluntarily provide from their SMS will receive further protection from disclosure, including when the FAA shares the information with other Federal agencies with safety or security responsibilities.
2. Description of the type of information that may be voluntarily provided under the program and a summary of why the FAA finds that the information is safety or security related.
Certificate holders under 14 CFR part 119 authorized to conduct operations in accordance with the requirements of 14 CFR part 121 may voluntarily provide information that is associated with the processes described in 14 CFR part 5, including but not limited to information set forth in Appendix 1. For example, voluntary provided information includes records of the outputs of safety risk management and safety assurance processes, training records of employees performing risk management and assurance processes, and safety objectives upon which safety performance assessments are based.
Other certificate holders may voluntarily provide information that is associated with the processes described in the voluntary SMS program standards applicable to the specific certificate holder. Such standards are identical to those set forth in 14 CFR part 5.
3. Summary of why the FAA finds that the disclosure of the information would inhibit persons from voluntarily providing that type of information.
Safety risk management and safety assurance data contains details of an organization's internal processes, the risks that they face, and the decisions and actions taken to address them. Disclosure of these data could harm the certificate holder in terms of publicity and litigation. These considerations could inhibit the willingness of certificate holders to interact openly with the FAA on collaborative approaches to solution of safety problems. While this type of information enjoys some protection from disclosure in accordance with 49 U.S.C. 44735, the FAA is exercising its authority to broaden protection from disclosure under 49 U.S.C. 40123 including in circumstances when the FAA needs to share information with other Federal agencies with safety or security responsibilities.
4. Summary of why the receipt of that type of information aids in fulfilling the FAA's safety and security responsibilities.
The FAA finds that receipt of SMS information aids in fulfilling the FAA's safety and security responsibilities. Because of its capacity to provide early identification of needed safety improvements, an SMS offers significant potential for incident and accident avoidance. For example, SMS data concerning technical or operational events could potentially identify common causal factors in producing such incidents. Receipt of this information provides the FAA with an improved basis for modifying procedures, policies, and regulations in order to improve safety and efficiency. Other programs ( e.g., ASAP, FOQA, VDRP) provide some of this information from participating organizations. However, SMS is more comprehensive, covering significant gaps that may exist, even where these programs are in place. Moreover, SMS serves as an integrated system, which will incorporate any existing programs.
As noted above, this information is protected from disclosure in accordance with 49 U.S.C. 44735. However, broader protection under 49 U.S.C. 40123 further encourages submission of information to aid the FAA in fulfilling its safety and security responsibilities, including where the FAA shares the information with other Federal agencies with safety or security responsibilities.
5. Summary of why withholding such information from disclosure would be consistent with the FAA's safety and security responsibilities, including a statement as to the circumstances under which, and a summary of why, withholding such information from disclosure would not be consistent with the FAA's safety and security responsibilities, as described in 14 CFR 193.9.
The FAA finds that withholding SMS information provided to the FAA is consistent with the FAA's safety responsibilities. The SMS specifically provides that corrective action will be taken when necessary. Corrective action under the SMS can be accomplished without disclosure of protected information.
See 14 CFR 5.73(b) for situations where new hazards or ineffective risk controls are found as a result of safety performance assessments and 14 CFR 5.75 for other safety performance deficiencies.
In order to explain the need for changes in FAA policies, procedures, and regulations, the FAA may disclose de-identified ( e.g., the identity of the source of the information and the names of the certificate holder, the employee, and other persons redacted) summary information that has been extracted from reports under the SMS data. The FAA may disclose de-identified, summarized SMS information that identifies a systemic problem in the aviation system, when other persons need to be advised of the problem so that they can take corrective action. The FAA may disclose de-identified aggregate statistical information concerning SMS activities. The FAA may disclose independently obtained information relating to any event disclosed in SMS data.
6. Summary of how the FAA will distinguish information protected under part 193 from information the FAA receives from other sources.
All voluntarily submitted SMS data must be clearly labeled as such. It must be clearly labeled as follows in order to be protected under this designation: “WARNING: The information in this document/system is protected from disclosure under 49 U.S.C. 40123 and/or § 44735, and/or 14 CFR part 193.” To ensure that the FAA appropriately applies these protections from disclosure, the FAA will take steps to ensure that the information that a certificate holder voluntarily provides through its SMS is segregated from any required information that the certificate also provides through its SMS.
V. Proposed Designation
Accordingly, the Federal Aviation Administration hereby proposes to designate the above described information submitted from a certificate holder's SMS to be protected under 49 U.S.C. 40123 and 14 CFR part 193.
VI. Comments Invited
Interested persons are invited to comment on the proposed designation by submitting such written data, views, or arguments as they may desire. Comments relating to the environmental, energy, federalism, or economic impact that might result from adopting the proposal in this notice are also invited. Substantive comments should be accompanied by cost estimates, where appropriate. Comments should identify the notice number and should be submitted to the docket address specified above.
The FAA will file in the docket all comments it receives, as well as a report summarizing each substantive public contact with FAA personnel concerning this proposed designation. Before taking action on this proposed designation, the FAA will consider all comments it receives on or before the closing date for comments. The FAA will consider comments filed after the comment period has closed if it is possible to do so without incurring expense or delay. The Agency may change this proposal in light of the comments it receives.
VII. Availability of This Proposed Designation
An electronic copy of designation documents may be obtained from the internet by—
• Searching the Federal eRulemaking Portal ( http://www.regulations.gov );
• Accessing the Government Publishing Office's web page at https://www.govinfo.gov.
All documents the FAA considered in developing this proposed designation, may be accessed from the internet through the Federal eRulemaking Portal referenced in item (1) above.
Any person may obtain a copy of this document by submitting a request to the Federal Aviation Administration, Air Transportation Division, AFS-200, 800 Independence Ave. SW, Washington, DC 20591, or by calling (202) 267-8166. Communications must identify the docket number and title of this designation.
Issued in Washington, DC, on October 21, 2021.
Robert C. Carty,
Acting Executive Director, Flight Standards Service.
Appendix 1
Processes per 14 CFR part 5 and Flight Standards SMS Voluntary Program (SMSVP) Standard.
Part 5 and, therefore, the SMSVP Standard are process-based standards. That is, these standards require certificate holders or SMSVP participants, as appropriate, to implement certain processes but without prescriptive requirements for the configuration, methods, or organizational structures to support these processes. § 5.97 requires records of the “outputs” of Safety Risk Management (SRM) and Safety Assurance (SA) processes.
Additional information can be obtained in the Federal Register Vol. 80, No. 5, Jan 8, 2015, Final Rule: Safety Management Systems for Domestic, Flag, and Supplemental Operations Certificate Holders, Paragraph Q.
The table below summarizes the process requirements in subparts C (SRM) and D (SA). Additionally, § 5.97 requires certificate holders/participants to maintain records of training required under § 5.91 and safety communications required under § 5.93.
This summary includes known data in a properly designed and performing SMS. The exact data elements and media is at the discretion of the certificate holder/participant, as accepted by the FAA.
| Part 5 ref | Process or process-related information | Comments |
|---|---|---|
| Policy Related to Processes | ||
| 5.21(a)(1), 5.95 | Safety Objectives | 5.73(a) refers to assessments, “against (CH's) safety objectives”. |
| Safety Risk Management Processes (Records of Outputs Required per 5.97(a)) | ||
| 5.53(c) | Hazard Identification | |
| 5.55(a) | Risk Analysis | |
| 5.55(b) | Risk Assessment (acceptability decision) | Process for acceptability decisions including tools ( e.g., matrix). |
| 5.55(c) | Risk Control | |
| 5.55(d) | Risk Control Effectiveness | Pre-implementation evaluation of estimated effectiveness. |
| Safety Assurance Processes (Records of Outputs Required per 5.97(b)) | ||
| 5.71(a)(1) | Monitoring of operational processes | May have FOQA relationship where used. |
| 5.71(a)(2) | Monitoring of operational environment | |
| 5.71(a)(3) | Auditing of operational processes and systems | May have LOSA relationships where used. |
| 5.71(a)(4) | Evaluation of SMS and operational processes | May have IEP relationship where integrated. |
| 5.71(a)(5) | Investigations of incidents and accidents | |
| 5.71(a)(6) | Investigations of reports regarding potential noncompliance | May have Compliance Philosophy and/or VDRP implications. |
| 5.71(a)(7) | Confidential Employee Reporting System | May be additional requirements where ASAP is involved. |
| 5.71(b) | Performance Monitoring and Measurement Analysis | |
| 5.73(a) | Safety Performance Assessment Process (including): | |
| Management Review and assessments of: | ||
| (1) Compliance with risk controls | ||
| (2) Performance of the SMS | ||
| (3) Effectiveness of risk controls | ||
| (4) Changes in operational environment | ||
| (5) new hazards | ||
| 5.75 | Corrective Action Process | |
| Training Requirements | ||
| 5.91 | Employee training as required | |
| C ommunication Related to Process Outputs | ||
| 5.93 | Communication | |
| • Employee awareness of SMS | ||
| • Hazard information to employees | ||
| • Explanation of why actions have been taken | ||
| • Explanation of why safety procedures are introduced or changed |
[FR Doc. 2021-23522 Filed 10-28-21; 8:45 am]
BILLING CODE 4910-13-P