Safety management systems

Security management: Performs, directs and coordinates an organization in relation to all security activities.

( The definition is done according to IEC 60300-2, Dependability management - Part 2 Guidelines for dependability management, EN ISO 9000 quality management standard and VDI 4003 Reliability Management. )

Safety management is synonymous with risk management (RM) and defined as follows: "RM is the organization for the systematic identification, analysis, evaluation and monitoring of risks. " Use of the term security management in the art ( in the German language ) can be explained by the widespread use of of the concept of security in the art ( see section elements of the safety management ).

  • 3.1 Chemical Industry
  • 3.2 petrochemicals
  • 3.3 Railway Systems
  • 3.4 Nuclear Technology
  • 3.5 Civil Aviation
  • 3.6 Maritime

History of the development of safety management systems

Safety Management Systems (SMS) are used in all industrial sectors with potential threats to the application. The need for the introduction and use of SMS resulted practically from accident analyzes, which exposed about the error possibilities of technology and personnel addition, serious shortcomings in the organization as key causes of accidents. The following significant events this accident gave rise: Chemicals - Sevesounglück Seveso (1976 ), Nuclear Technology - Chernobyl (1986 ), Space - Challenger (1986 ), petrochemicals - Piper Alpha ( 1988), train - Eschede (1998).

In aviation, this process is referred to as "the evolution of safety thinking", which has developed the knowledge about the main causes of accidents species over time by the technical factors (1950), Human Factors (1970 ) to the organizational factors (1980). The development of methods of reliability engineering for the evaluation of technical systems (technical factors ) began around 1950.

The Chernobyl accident in 1986, which revealed organizational deficiencies in the form of rule violations to a considerable extent, the importance of the influence quantity safety culture has been recognized on the accident and complements the range of the above causes of accidents species. The oil spill in the Gulf of Mexico from 2010 showed once again the importance of this effect size.

The Swiss supervisory authority HSK is the close correlation between safety culture and safety management out:

" Safety culture and safety management are very closely related. Despite this relationship but there is a significant difference between the two terms. While safety culture itself can not be seen directly observable only by their effects, the safety management can be directly observed and - are described - on paper. Can thus be concluded indirectly to the safety culture of the plant from the presence of a safety management system whose explicit description and determination of its effectiveness. "

In aviation, the need for the introduction of safety management systems (SMS) as follows is justified:

"Safety management is based on the premise that there are always security risks and human errors. The SMS gives rise to processes that improve communication about these risks and the measures to reduce them. The level of safety and the safety culture of an organization thereby improving the long term. "

The essential elements of the SMS in the various industrial sectors are broadly comparable, with the basis of specific industry experience selectively different priorities are set (see Section: Applications of safety management ).

Elements of the safety management

Security concept

A central component of a safety management system is a safety concept. Here all the relevant conditions, the defined security goals of the company and measures are described and defined to achieve these goals. The safety concept is in accordance with the basis for the planning and implementation of individual security measures dar. goal the creation and implementation of a security policy is the achievement of planned levels of safety and minimizing identified risks.

Security Policy

The security policy includes goals and guidelines for safety in enterprises. The safety policy shall be consistent with the mission statement of the company and are represented by the corporate management and communicated to employees.

Safety analysis

The safety analysis is part of the activities of the security management in an organization or a company. Objective of security analysis is to detect threats, assess their probability and potential, and from assess the risk to the organization, for example according to standard ISO 27001.

Means of the safety analysis are both technical ( including vulnerability scanning and penetration testing ), as well as process-oriented way ( discussions with responsible personnel or data protection, documentation, analysis or business process analysis).

Safety Report

The safety report shall be prepared by the operator of the facility and shall contain the following elements (example from the field of chemistry):

  • Approach to the prevention of major accidents;
  • Description of the safety management system and its application;
  • Identification of major accident hazards and the necessary steps for their prevention and mitigation of their consequences for man and the environment (eg by means of a hazard and risk analysis / safety analysis);
  • Presentation of the design, construction, operation and maintenance of the systems of the plant, which are associated with the risk of serious accidents, and that the systems are sufficiently secure and reliable;
  • Description of the internal emergency plans and particulars of external emergency plans, the necessary measures should be taken as a serious accident;
  • Indication of the information that is provided to the competent authority.

Safety indicators

Safety indicators ( Safety Performance Indicators ) are derived from the system operating parameters that are easy to detect and track. They give a clear picture about the security status of the system operation. The management put them in an early stage indications of a possible deterioration of the system is operated so that corrective action can be initiated before an unacceptable risk occurs.

Application areas of safety management

Chemical Industry

As a consequence of the chemical accident in the northern Italian town of Seveso in 1976, was published in 1982 1980 by the European Commission, the first Major Accidents Directive (Seveso I Directive ). The accidents at Bhopal (1984) and Guadalajara, Mexico ( 1992) led in 1996 to an update in the Seveso II Directive, in which the establishment of a safety management system of operators is required for the first time.

In Annex III of the Seveso II Directive, the principles are: The concept for the prevention of accidents must be made out in writing and set out in a safety report; it includes the overall aims and principles of action with respect to the control of the hazards of accidents that are to come in a safety management system for application.

The safety management system should include the following elements ( text slightly shortened):

  • Organization and personnel - the roles and responsibilities, training and training needs.
  • Identifying and assessing the risks of accidents and to estimate the probability and severity of such incidents.
  • Monitoring of the operation - procedures and instructions for safe operation, including maintenance of the equipment.
  • Management of change - procedures for planning modifications to existing systems.
  • Planning for emergencies - identify foreseeable emergencies, test and review the alert and emergency response plans.
  • Monitoring the performance of the safety management system - notification of incidents and near- incidents, failure of protective measures.
  • Systematic review of the effectiveness and suitability of the safety management system.

Safety report and safety management system are to undergo at least every 5 years to review. In the Twelfth Ordinance Implementing the Federal Pollution Control Act, the Seveso II Directive was transposed into German law.


The explosion of the oil platform Piper Alpha on July 6, 1988, at the 167 people were killed, led to a fundamental realignment of the safety measures in the petrochemical industry.

Lord Cullen concluded in its accident investigation (1990 ) concluded that the prevailing security regime in the offshore industry ( Present offshore regime) is insufficient and the approval process ( in UK) requires a fundamental renewal. Every offshore company should have a formal safety management system (SMS), in which the safety objectives (safety objectives ) of the company stated and is firmly placed in safety standards, how these security objectives achieved and demonstrated. Task of security management is to ensure the security objectives for both the system design and the operation of the system. The realized SMS is demonstrate to the responsible authority.

In detail, the SMS will contain the following elements:

  • Create an organizational structure
  • Standards for the management staff
  • Training for operation and emergencies
  • Safety analysis
  • Design guidelines (design procedures ).
  • Procedures for operation, maintenance, changes and emergencies
  • Safety management of subcontractors regarding their work
  • Including the operating staff and the subcontractors in the safety management
  • Reporting of accidents and incidents to events, event analysis and action tracking
  • Monitoring and auditing the operation of the SMS
  • Systematic reassessment of SMS in relation to the experience of the operator and the industry.

In the British Standard Occupational Health and Safety Management System (BS 8800, 1996) the elements of the SMS were taken and specified.

Railway Systems

Directive 2004/49/EC of the European Parliament and of the Council on Railway Safety in the Community ( Directive on railway safety ) the essential elements of the safety management system are:

  • A safety policy approved by the company directors and communicated to all staff;
  • Business-related qualitative and quantitative objectives for the conservation and improvement of safety and plans for achieving these goals;
  • Procedures to meet existing, new and altered technical and operational standards type;
  • Procedures for conducting risk assessments and the use of risk control measures in the event that imposes new risks on the infrastructure or operation change of the operating conditions or new material;
  • Training programs for the personnel and procedures to ensure that staff competence is maintained and tasks carried out accordingly;
  • Arrangements for the provision of sufficient information within the organization and, where appropriate, between organizations use the same infrastructure;
  • Procedures and formats for the documentation of security information and the designation of procedure for configuration of vital safety information;
  • Procedures to ensure that accidents, incidents, near - misses and other dangerous occurrences are reported, investigated and evaluated and that necessary preventive measures are taken;
  • Provision of action, alerts and information plans in consultation with the competent authorities;
  • Provisions for recurrent internal auditing of the safety management system.

The measures for security management are complemented by the determination of safety indicators (accident events due to collisions, derailments, accidents at level crossings, accidents involving personal injury, suicide, vehicle fires), Indicators relating to incidents, near -misses as well as indicators of the effectiveness of safety management (with respect on the audits carried out ).

To demonstrate the effectiveness of the safety management system practiced all infrastructure managers and railway undertakings of the Safety Authority must submit a safety report every year. This information must be provided, such as the corporate safety goals were achieved, how the acquired security indicators have evolved over the results of the internal security checks and defects and malfunctions during railway operations.

The safety record of any elements of the safety management process must be in accordance with EN 50129 for the entire life cycle from creation to disposal operations carried out a system in a safety management report. In all cases, hazard analysis and risk assessment processes, as defined in EN 50126, is necessary.

Nuclear Engineering

In the nuclear power plants, the use of safety management systems has become an international standard. The essential basis for this is the report of the International Atomic Energy Agency ( IAEA) Management of Operational Safety in Nuclear Power Plants - as INSAG -13.

The report gives a detailed description of the safety management of nuclear power plants and indicates the very close relationship between safety management and safety culture, according to which both are mutually interdependent.

An organization with a strong safety culture has an effective safety management, which in turn creates the working conditions that encouraged the behavior and attitudes of the staff's safety.

The SMS is also defined accordingly:

" The safety management system includes organizational measures a company with regard to safety in order to achieve a strong safety culture and a good safety performance (safety performence ). "

From the experience with the use of SMS, the following system weaknesses were found:

  • Inadequate identification of the root causes of faults (real root causes )
  • Lack of management commitment in solving identified problems
  • Insufficient attention in the planning and implementation of corrective measures and their prioritization
  • Lack of conviction to take the staff on changes that it proposes
  • Inadequate resources for the implementation of improvement measures.

In Germany, called for the introduction of safety management systems for all nuclear power plants in 2004 by the BMU, the principles of which were described in.

Civil Aviation

The safety management system (SMS), called in civil aviation as a Safety Management System is, by the International Civil Aviation Organization (ICAO ) is compulsory and must be implemented by its 190 Contracting States, including Germany, Austria and Switzerland among others. The basic idea of ​​the SMS is to understand security as a management task, that is to detect latent risks proactively to prevent them early on. Committed errors should be reported retrospectively, thus a risk of repetition is largely resolved. ( Among the threats in aviation, see. )

The SMS concept of ICAO contains two addressees, namely einersteits the ICAO Contracting States themselves, which are each to create a separate, comprehensive safety program in State Safety Programme ( SSP). On the other hand, it is intended for airport operators, airlines, maintenance facilities and training facilities in the aviation industry, each of which introduces an in-house SMS and should be monitored by the competent authorities of the Contracting States.

In the American ACRP Reports Safety Management Systems for Airports, Volume 1: Overview and Volume 2: Guidebook can be found detailed instructions for implementation of SMS for airport operators.


A number of serious maritime accidents in the 1980s, in particular the misfortune of the Herald of Free Enterprise, manifested as triggering causes of human errors (human errors), coupled with mismanagement.

The International Maritime Organization (IMO ) drew up those in which the objectives of safety management, provision and resources for the implementation of the establishment of a safety management system (SMS) are called Guidelines on Management for the Safe Operation of Ships and for Pollution Prevention. The safety measures required to be presented in a Safety Management Manual, a copy of which should be available on board the ship. The tasks of the SMS include the reporting of accidents and dangerous situations to ereignende to the shipowner.

An investigation of the ADAC May 2012 on the safety of cruise ships with 3000 up to 7000 passengers on board came to the conclusion that for security management in 4 of 9 ships, the "poor " and in only one case, the grade "very good" were issued.