The Inspector General of the Department of Transportation has recently published, without fanfare, its report stating that the ATOS safety program started in 1998 has failed in its effort to implement a comprehensive safety and inspection process within the major Part 121 air carriers in our country. The report states, among other things, that FAA inspectors failed to complete more than 200 key inspections on time.
Now, one must recall that this ATOS system was introduced in 1998 as the safety system to end all safety systems. ATOS was designed to be a systematic approach to aircraft maintenance and safety. It was comprised of 96 elements, categorized as high, medium, or low in criticality. The high elements were supposed to be assessed twice a year, medium elements once a year, and low element items every three years … simple enough, but it was necessary to access the data through something called ACAT, the Air Carrier Assessment Tool, which was a system set up for the inspectors to periodically reassess all of the elements to see how safety risks were being handled and where the high risk areas were. Unfortunately, the system has never worked the way it was designed. The inspectors could not use it effectively, and the air carriers were mired in paperwork, and they still are, to get anything like a system safety approach. Well what else is new?
Final DOT audit report
On Dec. 18, 2010, DOT released its final audit report on ATOS effectiveness and in essence concluded it is a failure. It said:
1. The FAA did not perform timely ATOS inspections of policies and procedures for the air carriers’ most critical maintenance systems;
2. FAA inspectors did not effectively assess whether critical maintenance systems were performing as intended;
3. The FAA finally completed including all Part 121 air carriers in ATOS in 2007, almost 10 years after initiation, but effective implementation of ATOS was hindered due to inspectors’ frustrations with adapting ATOS principles to smaller air carrier operations, citing problems with redundant inspection checklist questions, air carrier staffing limitations, and insufficient data to support the ATOS “data driven” approach.
Although the IG is highly critical of the FAA’s approach and the work of the inspectors in the report, it goes on to say that the FAA is hindered in its ability to effectively target inspector resources to the areas of greatest need. But, DOT will make recommendations to the FAA to improve its data, training, and risk assessment processes for ATOS, in an attempt to salvage something out of it.
Further observations by the IG
The most important items of concern include adherence to airworthiness directives (ADs), which are mandated by federal law, and major repairs and alterations. Inspectors have admitted that inspections regarding ADs for example, considered to be of high criticality, had not in fact taken place over a passage of some five to seven years! Most of us in this business consider ADs of significant importance to require almost immediate attention to determine risk and then perhaps request delays in completion.
FAA inspectors in some cases stated that they missed inspection intervals (for airworthiness directives) due to confusion over the FAA’s guidance on when ATOS design assessments should be completed. Even after the confusion was supposed to have been cleared up, inspections were still not completed on time. The FAA even reduced the number of maintenance program inspections and this still did not allow inspectors the time to comply with the inspection intervals. Most observers consider ADs immediate attention items. (Unlike other mandates these are required by federal law and failure to complete them could be considered a crime. If FAA inspectors were proved complicit in avoiding completion of ADs on time, they could be considered co-conspirators in such cases.)
If such failures had occurred in private industry, heads would roll big time. Indeed, you may recall the Southwest and American Airlines recent past failures to complete certain required maintenance items, revealed by whistleblowers. Some FAA inspectors’ heads did roll within those companies. However, there was no evidence of government employee heads rolling. In some cases the most we saw was employee transfers to other locations, in order to hush up well-deserved criticism.
Other safety programs: Self-disclosures: AC 00-58
Voluntary disclosure of aviation safety discrepancies in airline operations are covered under AC 00-58. This safety program was instituted by the FAA to aid in detecting failures of airline maintenance to find and disclose errors. It is designed to encourage self-disclosure in return for immunity in some but not all cases. The key element is that the safety errors must be disclosed before the FAA detects the errors, in order to provide immunity.
In the airline cases described however, errors were disclosed after the FAA found them. In these cases the AC calls for sanctions, which were not imposed. This disclosure program for the most part receives no followup, as required in the AC, and can also be considered by many as another failure for this and other significant reasons, including airline privacy.
ASAP: AC 120-66
The aviation safety action program (ASAP) was designed to collect safety information by data collection of otherwise unobtainable information. It was designed as a voluntary program. The reason that this program met so much opposition is that it required the collection of otherwise proprietary maintenance performance information and made it available to FAA examiners and maybe other airline competitors. It became so controversial that some airlines opted out and refused to participate. With some additional guarantee of privacy some have re-joined but the doubt always remains as to who will have access to this proprietary information. Yet another failure?
For example, after the 1995 American Airlines crash in Cali, Colombia, AAL refused to disclose internal safety information to litigants in the discovery phase of the cases that had been filed to recover damages. American argued that without firm guarantees that such data be protected from disclosure to lawyers and others, all air carriers will think twice about participating in such programs as ASAP. This argument will continue to be a serious impediment to the collection of safety data by the FAA. There is no law that says airlines have to divulge their private information through the FAA in this manner.
The FAA has agreed to include such aviation self-critical data analysis in the overall protections contained in the air carrier voluntary disclosure program (AC 00-58). This program protects records submitted to the FAA by airlines from Freedom of Information Act (FOIA) requests. The FAA recognizes that such disclosures would interfere with the FAA’s ability to collect such information in the future and therefore impact aviation safety efforts. However, courts have gone both ways on this issue when the self-critical analysis privilege is raised in defense of refusals to provide information in litigation.
CASP: FAR 121.373
The continuous analysis and surveillance program (CASP) has been around for a long time and requires airlines to manage and run a program that contains monthly maintenance meetings that cover every aspect of the maintenance and operations facets of the airline.
The FAR states: “Each certificate holder shall establish and maintain a system for the continuing analysis and surveillance of the performance and effectiveness of its inspection program and the program covering other maintenance, preventive maintenance, and alterations and for the correction of any deficiency in those programs …”
By itself, this is no small task. It requires a department or group of people to daily track maintenance effectiveness, discrepancies, and inspection programs and prepare a regular monthly report for submission to management and FAA inspectors. At a regular meeting all department heads are supposed to join together and review the total collected data and discuss the various ways to meet any problems and schedules.
This mandated safety program is probably the single most successful one of all and it has been spelled out in the FAR for many years. FAA inspectors are encouraged to attend the meeting and review and discuss the monthly report prepared by the CASP staff at the airline.
Other safety reporting requirements
All Part 121 and 135 certificate holders have numerous other safety reporting requirements that include among others: mechanical interruption reports, mechancial reliability reports, service difficulty reports, and NTSB accident reports.These are just some of the reporting requirements for air carriers, but the point is that with all of the above safety systems that seem to be partially or totally flawed, do we need any more?
Stephen P. Prentice is an attorney whose practice involves FAA-NTSB issues. He has an Airframe and Powerplant certificate and is an ATP rated pilot. He is a USAF veteran. Send comments to [email protected].