How San Francisco International Digitized Safety Management System (SMS)

A photo of the outside of the terminal of San Francisco International Airport (SFO).

Serena Sheetz, SMS Development Coordinator for San Francisco International Airport (SFO), took time on May 10th to discuss how SFO digitized their safety management system (SMS), specifically their risk management solution.

Implementing and developing the vision of what SMS at SFO could become began in 2015. They decided that the focus would be on the airside SMS environment and identified three key components:

  • Alignment with 139 regulation
  • Ability to scale to other Airport entities
  • SMS awareness already integrated in team

It wasn’t until 2016 when the SMS began collecting hazard requests that it became clear SFO needed technology to help; emails, phone calls and drop by’s were no longer doing the trick. Serena shared that she had hundreds of post-it notes lining the back of her office and realized that they needed to get smarter about tracking and documentation. They needed to make sure that requests were not falling through the cracks.

To obtain the technology necessary to digitize their process, SFO issued an RFP in 2017 and began working with Veoci a year later. Serena credited the success to having a team with a strong culture of making safety a priority. This allowed an easy transition to SMS as it was already a part of how business was being done; the momentum was already there.

How Veoci Works For SFO

Serena started with a piece of advice: make the SMS process work for your organization, not the other way around.

More than likely, Serena continued, you and your team are already doing things that capture the necessary information. There is no need to make a complete overhaul since the FAA has structured the regulation so that organizations can satisfy requirements in a way unique to them. She acknowledged that some may find this to be too ambiguous but encouraged listeners to see it rather as offering the necessary flexibility to scale SMS appropriately to every organization.

SFO also made their own risk matrix that was then integrated into their risk assessments. The 4×4 risk matrix is aligned with leadership levels which allows for assignments to be clear. Serena shared that she and the team struggled with defining the “likelihood” of things (the x-axis) so they came up with qualitative descriptions as they didn’t have quantitative data to justify the explanations. The y-axis, or the consequences with severities, was also decided upon and once the matrix was complete it was integrated into the workflow process.

SFO's risk matrix that informs SMS operations.


For SFO, when a safety hazard report comes in through Veoci, it first goes to an initial risk assessment (IRA) where the risk matrix is utilized and then to an interim risk assessment acknowledgement where leadership becomes involved. If there is mitigation needed the report goes to a mitigation implementation review and then a final review. However, if there is no mitigation needed, it is sent to the hazard closeout approval and then to the final review step.

The SFO SMS workflow.

When it comes to the hazards that are reported, Serena shared that about 90% end up having mitigation strategies aligned. Some reports are able to be mitigated quickly, even a hazard that has a high risk can have strategies applied that can rapidly reduce the severity. An immediate pattern and challenge she discovered was when many hazards ended up having multiple mitigation strategies.

If  there is a hazard that demands several mitigation methods it can be tricky to make sure all of the work is getting done. To help Serena and her team there are steps that track the progress within the IRA. At the mitigation approval step, depending on the assigned risk, the hazard gets assigned out to the appropriate approving leader. The leader then has three actions to choose from: approve, escalate or reject. SFO was able to customize how the leader was assigned as well as the actions they are able to choose from.

Branches of the SFO SMS workflow.

A Demo of SFO’s Risk Register

Serena also shared SFO’s Risk Register Dashboard which provides all stakeholders a common operating picture. It is a centralized view of all of the hazard reports’ high level information such as their status, the IRA and IRA source, as well as their current and residual risk levels can be easily seen.

Users can then drill down further into each report. Each hazard has its own dedicated Room that is launched when it is created. Each Room holds the hazard’s details, the mitigation work that is being done as well as all documentation can be found. These customizable and shareable spaces are available to anyone who is part of responding to the hazard and also allows them to upload pictures, files or updates when necessary.

The reported hazards can also be viewed on a map. They can be color coordinated to associate the hazard’s risk level and is a great way to be able to visualize where hazards are as well as identify any trends that might be occurring.

How Veoci Can Work For Your Organization

Alex Nguyen, Solutions Manager for Veoci’s Airports vertical has been helping Serena and SFO with implementation and building their process out since 2018.

After Serena showed all of the work she and her team have done and continue to do, Alex performed a demonstration to show the potential of what you can use Veoci for. The demo begins at 33:10.

The following are the questions posed during the webinar:

21:21 Q: Is the responsible executive a specified person, or simply the executive that would be responsible for some particular hazard remediation?

A from Serena: You can define who the responsible executive in your organization is. So that’s your choice. And it will be somebody who has a key role in overseeing SMS activities, and is responsible and has the authority to enact SMS work on the outside environment as far as the regulation goes.

21:52 Q: When you issued the RFP, what were some of the business requirements that were included?

A from Serena: So when we issued the RFP in 2017, we actually did it as a joint solution with our Airside Ops and Emergency Management Team. We were all looking to upgrade on the technology that we had supporting us and particularly with 139, we were using a home built solution that was not sustainable for the future. So we partnered internally with some of those other teams that needed to find a technology solution. We authored the RFP, in conjunction with members of our ITT team and then it was released. And we went through a process of doing vendor interviews, and ultimately selected Veoci.

24:09 Q: Does SFO handle safety reporting through this platform as well?

A from Serena: We call it our hazard reporting. So we currently have three different triggers for risk assessments. One can be a hazard report that comes in through the Veoci portal. Usually it’s a hazard report from an airfield safety officer, they’re the most common folks that are using that portal. And then the other triggers, we use our construction project on the airfield, or if there’s going to be any changes to our rules and regulations on the airfield environment. Those are all the triggers that we use to start this process and jump into that IRA. So depending on what you want to set up that works for your organization, you can define what those triggers might be and what works for you.

25:00 Q: Are there any other aspects of SMS that are digitized in Veoci that you didn’t cover today? 

A from Serena: One of the things that we do is we track a lot of  tasks associated with mitigation work. And so if there’s a big project associated with implementing some kind of mitigations, you can break down responsibilities: this person is going to do this, and this person’s gonna do this, and this and this. So we use that feature a lot, and we can put timelines to it. And I can say, “Hey, Joe, when is this thing gonna get done? When do you think this is going to be done?” And he might say, “Next week” or “Next year,” or whatever that timeline is right. We can then record that timeline into that task, and I know to follow up with that person and say, “Hey, did we get this done? Did this happen?” “Oh, man, I haven’t done it yet. I’ll catch you by Monday.” or “Oh, I did get it done. Let me send you the picture of what got installed out on the airfield.” And then we recorded it as completed. So using that task feature is really helpful for managing the details of how mitigation might be implemented.

The other thing we do is assurance work. So after mitigations have been completely implemented, sometimes we assign review periods to them and say, okay this is something we want to check on in six months and see if it’s working to the extent that we thought it was. Or maybe it’s a year, or maybe it’s we’re going to let this ride out for 18 months, and we want to make sure we follow up on it and make sure that it’s still sustainable and  still reflecting the risk value that we thought it would be. The other thing we use the assurance component for is performing regular audits on our risk register. We look and see what’s open, what’s active, what still needs to be addressed, see why there is a delay, and assign timelines and little reminders of when we want to trigger ourselves to follow up on something.

45:55 Q:  Is there a way that the public could submit hazard reports or is this ability limited to SFO or an organization’s employees?

A from Alex: This portal here, this is all public, even this QR code. You can scan this QR code and submit without being logged in or being a user. So that’s what we’re talking about here, having a public space, so that non users can go in and submit their hazard reports or submit safety concerns into our system, and then it goes through that normal process that Serena talked about. This way you can have your tenants or you can have passengers who are walking around and if they see something they can report it.

46:50 Q: Can Veoci create a pipeline with another product to then capture the information into Veoci?

A from Alex: That’s a great question. I talked about before having the ability to integrate this process with your existing process, and that could be other systems. We have what they call API’s. So as something’s filled out in say, Origami, the Origami system can send this information to us, or even vice versa. Maybe we’re the initial reporting, and then we push information out. And that’s the same for anything that you might have out there that has that integration feature, that web service. We can connect things together and kind of pull everything or push everything out to all the different sources that you have. It’s just a matter of identifying what the capabilities are of the system you’re using as far as getting the information to us. I mean, there’s ways we do it that are not just through that full on web integration, for instance, maybe you send us a standardized email, and we’ll take it and then we’ll push it into our system. There’s a number of ways to go about it.

48:05 Q: Are there plans to create some more templates for airports (especially smaller airports), to get a starting point for their SMS?

A from Alex: The goal is to have something very, very stripped down to start with, because as we mentioned before, we don’t know the full details of what all the Cert Inspectors are looking for. Because we understand organizations want to simply give the basics of what is being looked for. So there will be something stripped down that we’ll be able to provide the folks to start with, but obviously the ability for us to update it and transform it to however or whatever the certain Specters are looking for, you’ll be able to update it to that point.But because of the beauty of the system, we are able to adapt from any from large hubs to non hubs and so on.

49:46 Q: Is the system able to eliminate duplicates? Essentially if the same kind of situation is reported, or multiple sources,

A from Alex: So that’s where there’s that human aspect. There’s only so much we can do to help eliminate duplicates, as far as maybe they mark something in a similar location, we can identify that and say, “Hey, there was another report that was flagged here.” But a lot of it does fall in the hands of somebody reviewing it and identifying whether it’s a duplicate of another entry. We can however at least provide details, right, if they did provide location, we can say, here’s a list of other hazards reported in that specific location for them to review. And then from there, they can reject that hazard report, because it’s a duplicate.

A from Serena: Yeah, we faced that and what we ended up doing was we created a different kind of route for those, what we call supplemental reports. So if we already have a hazard reported with that condition, and another report comes in related to it, then we have a printout report that gets integrated into that master hazard, if you will. So that’s how we negotiated it. I actually just had something happen this last week, there was an incident that occurred where we had put a mitigation strategy in place. So I’m going to be following up on the details of that incident and kind of see, you know, what more could be done around this are?. But I don’t want to open up a new hazard, because we already have that hazard that we’re tracking with that mitigation. So this is more detailed information, hopefully to help us better improve that area.

51:50 Q: If someone from the public submits a hazard, are they able to be updated at the end of the process to know what corrective actions were taken?

A from Alex: Yes, absolutely. So we’ve set it up, where if you’ve provided your contact information, we send out notifications of where it’s at in the current process, and then when it’s actually completed, we let them know and provide the details for it. So you can set all that up in the system to keep them posted. We do that for SFO, we notify the folks that submit the report the details of where their hazard is because of course folks want to know, if I’m putting this in, is something actually being done with it? So we keep them updated with the process.

A from Serena: I would also advocate that that’s a key component to a successful SMS is providing that feedback loop. People want to trust and believe that the reports they’re making, that something’s actually getting done. And even though sometimes it might take time to do that work, if they get periodic updates of “Oh, my hazard has moved through the process,” or “Oh, my hazard just got acknowledged by the leadership,” they’re getting that feedback and that insight. It makes them more likely to submit hazard reports in the future and know that they are supported by their leadership in raising these safety concerns. So I think that feedback loop is really important and in the old days, when I had my post it notes system, it was me tracking down the person and going insane with my phone and my emails. So now it’s automated  when it moves from a certain step to a certain step, we have that trigger in place where hey, this is a step where we’re going to notify that original reporter and let them know, “Your report is now at this milestone.”

54:14 Q: Serena, how many safety suggestions or reports do you get on a daily basis? And how many people are responsible for reviewing the hazard submissions and assigning the corrective actions?

A from Serena: Well, that’s a great question because we didn’t know what that would be in the very beginning, right? We’re really afraid if we open this up everybody is going to report everything. But again, I’ll bring you back to our vision and that initial focus is, this is for us, we’re in the airside environment. So our SMS is focused out there and I kind of think of it as I love the saying hug one leg of the elephant at a time, right? Ultimately the goal will be for us to scale our SMS airport wide. But right now the focus is still on that airside environment, and I’m hugging just that one leg of the elephant.

So my SMS here at SFO is not typically getting things from the public yet, we have not opened a public portal that we have plans to. And we also are not getting things involved with SMS like, more what I would consider traditional OSHA related things for example, maybe complaints about ventilation in an area, or a trip and fall hazards. Those are handled through our safety, health and wellness team, not through our SMS. Now, over time, we have visions here to kind of incorporate both arms of the business into one holistic system. But for now, SMS is still focused on that airside environment. So I’ll preface that, that there, I think the number of hazard reports you might get would really change on how you choose to scale and focus your SMS.

For us, in the airside environment, I would say we probably get anywhere from one to five hazard reports a month. And it can really vary immensely. And then, in addition to receiving those hazard reports, like I said, we do risk assessments on construction, and changes to airside rules and regulations. So if those other triggers go off, then we’re also running risk assessments on that. The construction portfolio of this actually makes up what we’re doing bulk of our risk assessment work on, it’s about, 40% of construction and then there’s about maybe 35% coming in from airfield safety officers and then the rest would be like a rules and regs type of policy changed or, or some here’s and there’s. Sometimes we do risk assessments on terminal projects, that will be changes to the terminal environment. So we do that as well but that’s typically not a normal trigger for us, so there’s kind of this other area too.

It’s not, I mean, an overwhelming amount, I wouldn’t say we get like 20 a day, that would feel probably really overwhelming. And the other ones we do get I even mentioned, sometimes it is duplicates. But we take note of that, right, and we combine those into one centralized location. Especially if there’s multiple airfield safety officers that have the same concern because, well, if there were a lot of them identifying this, there must be something that’s really concerning. So we take that into account too. And also and then when you think about staffing or how this gets organized, we have a small team here, our safety and compliance team is eight folks total. And we have three folks specifically, including myself dedicated to SMS, and then the broader team, some folks come part time and work SMS, and some folks are kind of in and out of positions here. So we’re a large hub, we have a formalized safety and compliance team. And I think that helps keep the momentum for that SMS evolution happening. But of course, a small hub would have to structure that differently, probably with different kinds of resources.

Q: Is this system integrated in any other airport system and what are the challenges doing so?

A from Alex: For integrations we can have a two-way integration where Veoci would be able to communicate back and forth with the other systems via REST API. We would have to understand what the integration capabilities are for your existing systems that you want to integrate. More often than not, other systems will have to build an API and also configure the integration which would incur additional cost. On the Veoci side, all of our solutions are ready out of the box with an API and will just need to be configured for the Integration.

Q: Who has the authority to lower a risk? Is it a one-person responsibility?

A from Alex: The airport decides who has access to make decisions in this process. It is generally configured so a role is responsible for all or specific levels of risk. A role can be one individual or a team. This would all be discussed during the implementation process.

Terms       Privacy      Sitemap

© 2011 - 2023 Veoci Inc. All Rights Reserved. Veoci is a registered trademark of Veoci Inc.