Safety – Freedom from Unacceptable Risk of Harm

Safety

Safety in aviation and industry is the condition where risks associated with operations or systems are reduced and maintained at or below an acceptable level, as determined through ongoing hazard identification, risk assessment, and mitigation. According to the International Civil Aviation Organization (ICAO) Annex 19, safety is “the state in which the possibility of harm to persons or property is reduced to, and maintained at or below, an acceptable level through a continuing process of hazard identification and risk management.”

Safety is not static; it evolves with changes in technology, operations, and societal expectations. In aviation, safety applies to all activities: flight operations, maintenance, air traffic control, ground handling, and infrastructure. The phrase “freedom from unacceptable risk of harm” recognizes that zero risk is unattainable. The goal is to manage risks systematically, focusing on those that pose the greatest threat and allocating resources efficiently.

The acceptability of risk is defined by regulatory requirements (ICAO, EASA, FAA), industry best practices, and societal expectations. ICAO’s Safety Management Manual (Doc 9859) emphasizes that safety is achieved when residual risks—the risks remaining after mitigation—are considered tolerable by stakeholders, including regulators and the public.

Aviation organizations follow structured risk management frameworks (e.g., ICAO SMS, ISO 31000) to guide safety decisions. These frameworks include processes for hazard reporting, incident analysis, and continuous improvement. Embedding safety into organizational culture ensures all levels—from executives to front-line staff—prioritize safety in their actions.

Risk

Risk is the combination of the likelihood (probability) and severity (consequence) of an undesirable event. In aviation, risk is present in all operations, from routine flights to maintenance and ground handling. Quantifying or qualifying risk involves evaluating both how likely a hazardous event is and how severe its consequences might be.

Risk assessment allows organizations to prioritize actions, focusing on hazards that pose the greatest threat. For example, bird strike risk is assessed by the frequency of birds in flight paths (likelihood) and the potential consequences (severity) such as aircraft damage or injuries.

Risk can be measured quantitatively (e.g., accident rates per million operations) or with qualitative risk matrices, categorizing risks as low, medium, or high. ICAO Doc 9859 recommends using risk matrices that plot likelihood against severity, aiding decision-making.

Effective risk management requires understanding risk sources, potential pathways to harm, and available controls. Risk is managed at strategic (policy), tactical (planning), and operational (real-time) levels and is integrated into aircraft design, certification, and procedures.

Distinguishing “perceived risk” from “actual risk” is crucial. Data-driven analysis ensures risk assessments reflect reality, not just perceptions.

Acceptable Risk

Acceptable risk is a risk level that, after evaluation and mitigation, is deemed tolerable by regulators, organizations, or society. Although some residual risk remains, it must be low enough to be justified by the benefits of the activity.

Per ICAO Annex 19 and Doc 9859, acceptable risk is risk managed to a level “as low as reasonably practicable” (ALARP) and is acceptable to society or stakeholders in exchange for the benefits. Regulatory agencies may specify accident rate thresholds, system redundancies, or other criteria for acceptable risk.

Acceptable risk evolves with technology and expectations. For example, the introduction of new warning systems can redefine what risk levels are acceptable in certain flight phases.

Organizations must document their criteria for risk acceptance, ensuring transparency. Acceptance of residual risk typically requires management authorization.

Tolerable Risk

Tolerable risk is a risk level that, while not desirable, is permissible given the context—provided there is ongoing effort to reduce it when practicable. The ALARP principle underpins this: risks should be lowered as far as reasonably practicable, considering costs and benefits.

Regulations, industry benchmarks, and internal policies set tolerable risk thresholds. For instance, mid-air collision risk is managed through airspace controls, collision avoidance systems, and pilot training.

Tolerable risk is dynamic; it changes as new hazards emerge and technology evolves. Clear communication and regular reassessment keep tolerable risk levels relevant and understood.

Unacceptable Risk

Unacceptable risk is any risk exceeding established thresholds for acceptability or tolerability. When identified, immediate action is required to eliminate or reduce the risk, or to halt the activity.

Unacceptable risks present significant threats to life, property, or the environment, and cannot be justified even after all controls are applied. For example, operating an aircraft with critical unrectified faults or in weather conditions beyond safe limits would be unacceptable.

Systemic issues—like weak safety culture or poor oversight—can create unacceptable risks that require regulatory or organizational intervention.

Hazard identification and risk assessments are designed to detect unacceptable risks, prompting decisive action.

Hazard

A hazard is a condition, object, activity, or substance with the potential to cause harm, loss, or adverse effects. Hazards are not events themselves, but sources of potential harm.

Aviation hazards include:

• Physical (runway contamination, wildlife)
• Operational (crew fatigue, inadequate procedures)
• Technical (equipment failure)
• Organizational (insufficient training, poor management)
• Environmental (severe weather)

Identifying hazards is the first step in risk management and is achieved through reporting systems, audits, investigations, and data analysis. Tools like the Bow-Tie method visually map hazards, controls, and potential consequences.

Distinguishing hazards from risks is fundamental: a hazard is the potential source; risk is the likelihood and severity of harm if the hazard is realized.

Harm

Harm refers to injury, health impairment, property damage, or environmental impact resulting from exposure to a hazard. In aviation, harm ranges from minor injuries to catastrophic loss of life or assets.

Severity scales categorize harm (e.g., minor, moderate, major, catastrophic) to support risk assessment and prioritization.

Examples: injury from turbulence, aircraft damage due to bird strike, or environmental harm from fuel spills. Understanding harm mechanisms enables targeted safety controls, such as wildlife management to reduce bird strike harm.

Regulatory agencies require reporting and analysis of harm to guide improvements and compliance. Harm can also be psychological (trauma) or organizational (reputation damage).

Occupational Health and Safety (OHS)

Occupational Health and Safety (OHS) encompasses all measures to protect the health, safety, and welfare of employees and contractors in aviation. This includes flight crews, air traffic controllers, ground handlers, maintenance technicians, and support staff.

OHS is governed by international standards (ISO 45001), national regulations (OSHA, HSE), and industry best practices. It covers hazard identification, risk assessment, PPE, training, and incident reporting.

Workplace hazards in aviation include slips, exposure to chemicals, ergonomic risks, and psychosocial hazards (fatigue, stress). OHS programs include safety audits, health surveillance, emergency preparedness, and health promotion.

A “just culture” encourages reporting of hazards and near-misses, driving continuous improvement.

Technical Safety

Technical safety applies engineering, technological, and procedural controls to minimize risk from technical systems—aircraft, avionics, air traffic tech, airport infrastructure, etc.

It covers the entire system lifecycle: design, testing, certification, operation, maintenance, and decommissioning. Compliance with standards like IEC 61508 ensures robustness, reliability, and fail-safe operation.

Regulators require certification, redundancy, fail-safe design, and maintenance. Technical safety also extends to cybersecurity for digital systems.

Operational controls (SOPs, training) complement technical safeguards.

Process Safety

Process safety focuses on preventing catastrophic incidents involving hazardous materials or energy, such as fuel storage and de-icing operations in aviation.

Process safety employs hazard analysis, layers of protection, management of change, and emergency planning. It is critical in fuel farms, hangars, and chemical handling areas.

Compliance with standards (OSHA PSM, ICAO Annex 14) ensures safe operation, maintenance, and emergency preparedness. Incident investigation and learning are central to process safety.

Functional Safety

Functional safety ensures that systems perform safety-critical functions correctly and safely—even in the face of failures. In aviation, this applies to flight controls, avionics, fire detection, and emergency systems.

Standards like IEC 61508, DO-178C (software), and DO-254 (hardware) govern functional safety. Rigorous requirements for redundancy, fail-safe/fail-operational design, diagnostics, and thorough validation are key.

Certification demands extensive documentation and evidence of compliance. Ongoing maintenance and change management are vital to sustaining functional safety.

References:

• ICAO Annex 19 – Safety Management
• ICAO Doc 9859 – Safety Management Manual
• ISO 31000 – Risk Management
• ISO 45001 – Occupational Health & Safety Management
• IEC 61508 – Functional Safety of E/E/PE Systems
• FAA, EASA Safety Regulations

For more information or to discuss implementing a comprehensive safety management system, contact us or schedule a demo .