The Safety Management System (SMS) is one of the cornerstones of the safety regulatory framework that helps to ensure a high level of railway safety. All those operating the railway system, i.e. railway undertakings and infrastructure managers, bear full responsibility for the safety of the system, each for their own part, and the establishment of a properly functioning SMS is identified as the appropriate way to fulfil this responsibility.
The purpose of the SMS is to ensure that the organisation achieves its business objectives in a safe manner and complies with all of the safety obligations that apply to it. These safety obligations must always be fulfilled in today’s ever changing and complex railway environment.
An applicant for a single safety certificate or a safety authorisation must design its SMS in a manner to comply with the requirements set out in Article 9 of Directive (EU) 2016/798 in order to ensure the safe management of its operations. To that end, it has to demonstrate compliance with the requirements set out in Annex I or Annex II of the CSM on SMS.
These requirements are arranged to give a complete picture of the organisation’s safety management system following a Plan, Do, Check, Act (PDCA) cycle. The applicant will need to consider each individual requirement as well as how they fit together to form a coherent SMS which controls the relevant risks.
Adopting a structured approach enables the identification of hazards and the continuous management of risks related to an organisation’s own activities, with the aim of preventing accidents. This approach takes into account the shared risks at the interfaces with other actors of the railway system (mainly railway undertakings, infrastructure managers and entities in charge of maintenance but also any other actors having a potential impact on the safe operation of the rail system.
Implementing all relevant elements of a SMS will provide an organisation with the necessary confidence that it controls and will continue to control all the risks associated with its activities, under all conditions.
Mature organisations thereby recognise that an efficient control of risk can only be achieved through a process that brings together three critical dimensions: a technical component with the used tools and equipment, a human component of front line people with their skills, training and motivation and an organisational component consisting of procedures and methods defining the relationship of tasks.
The SMS integrates into the business processes of the organisation. It is not a paper-based system specifically developed for demonstrating compliance with the regulatory framework.
The SMS should be a living set of arrangements which grows in maturity and develops as the organisation which it serves does so.
The elements of the SMS can be observed to apply a Plan-Do-Check-Act (PDCA) cycle.