Call Us Today: 608-260-7468


06 Jun
regulatory training
OSHA, EPA & DOT Training in Iowa this Summer

OSHA, EPA, and DOT each have requirements for personnel that are working with chemicals, hazardous waste, or onsite emergency management activities.  Join Kestrel Management in Ankeny, Iowa this summer for the following training sessions – designed to help you meet your regulatory training requirements.

8-hr OSHA HAZWOPER Technician Refresher

Learn to recognize basic hazard classes, how to read labels and use SDS to understand risk, how to use engineering controls or PPE to prevent exposure, basic information addressing field analytical equipment, and how to correctly respond to spills and implement emergency response site plans.Cost: $165/participant

8-hr EPA RCRA Advanced Training

This course will address a variety of complex EPA hazardous waste topics, including completion of Hazardous Waste Determinations, hazardous waste documentation, generator status, evaluation of waste reduction strategies, RCRA hazardous waste coding, and preparation strategies for EPA inspections. Cost: $495/participant

8-hr DOT Hazardous Materials Training

This course is applicable for all companies that ship or prepare shipments of hazardous materials/waste for transport. It covers all topics required for DOT general awareness and security training and will meet the requirements for triennial training certification. Cost: $195/participant

24-hr OSHA HAZWOPER Training

This course is offered at the Technician level and covers broad issues pertaining to hazard recognition at work sites. Participants will learn strategies and protective measures to reduce or eliminate hazards in the work place. Cost: $495/participant

Training Details

  • All training sessions will be held at Fairfield Inn & Suites, 215 NE Delaware Avenue, Ankeny, Iowa.
  • Training is scheduled to begin at 8:00 am and end at 4:30 pm (or until material is complete).
  • Snack and lunch will be provided.
  • Participants will receive a training manual, pre-/post-competency test, exercises, and a certificate of completion, provided they receive an 80% or above on the test.
  • Registration closes 72 hours prior to the scheduled training. Kestrel has the authority to cancel training with 72-hours notice if class size is not large enough.


14 May
plan do check act
Management Systems – Back to Basics

A management system is the organizing framework that enables companies to achieve and sustain their operational and business objectives through a process of continuous improvement. A management system is designed to identify and manage risks—safety, environmental, quality, business continuity, food safety (and many others)—through an organized set of policies, procedures, practices, and resources that guide the enterprise and its activities to maximize business value.

The management system addresses:

  • What is done and why
  • How it is done and by whom
  • How well it is being done
  • How it is maintained and reviewed
  • How it can be improved

Creating an Effective and Valuable Management System

Each company’s management system reflects its unique culture, vision, and values. To be effective and valuable, the management system must be tailored and focused on how it can enhance the business performance of the organization. It must also be:

  • Useful to people in the operations
  • Intuitive—organized the way operations people think
  • Flexible—making use of methods and tools as they are developed and documented
  • Valuable from the outset—addressing the most critical risks and processes
  • Linked to the business of the business (not “pasted on”), with ownership at the operational level
  • A means to better align operational quality, safety, and environment with the business

Attributes of an effective management system are senior management expectations and guidance coupled with employee engagement. Importantly, a management system involves a continual cycle of planning, implementing, reviewing, and improving the way in which safety, quality, and environmental obligations and objectives are met. In its simplest form, this involves implementing the Plan, Do, Check, Act/Adjust (P-D-C-A) cycle for continuous improvement.

Auditing for Ongoing Compliance

The connection between management systems and compliance is vital in avoiding recurring compliance issues and in reducing variation in compliance performance. In fact, reliable and effective regulatory compliance is commonly an outcome of consistent and reliable implementation of a management system.

Conducting periodic audits is a practical way to test a management system’s implementation maturity and effectiveness. One of the many advantages of audits is that they help identify gaps so that corrective/preventive actions can be put into place and then sustained and improved through the management system.

Audits also help companies with continuous improvement initiatives; properly developed audit programs help measure results over time. To achieve best value, audits should emphasize finding patterns that can yield opportunities for learning and continual improvement, rather than “gotchas” for exceptions that are discovered.

Management System Standards

Several options are available for structuring management systems, whether they are certified by third-party registrars and auditors, self-certified, or used as internal guidance and for potential certification readiness.

The International Organization for Standardization (ISO) standards are some of the most commonly applied. The ISO standards for quality (ISO 9001), environment (ISO 14001), health & safety (ISO 45001), business continuity (ISO 22301), and food safety (FSSC 22000) have consistent elements, allowing organizations to more easily align their various management systems. Aligned management systems help companies to achieve improved and more reliable quality, environmental, and health & safety performance, while adding measurable business value.


Companies can become certified to each of the standards discussed above. Certification has a number of benefits, including the following:

  • Meet customer or supply chain requirements
  • Use outside drivers to maintain management system process discipline (e.g., periodic risk assessment, document management, compliance evaluation, internal audits, management review)
  • Take advantage of third-party assessment and recommendations
  • Improve standing with regulatory agencies (e.g., USEPA, OSHA, FDA, and state programs)
  • Demonstrate the application of industry best practice in the event of incidents/accidents requiring defense of practices

However, if there is no market or other business driver, certification can lead to unnecessary additional cost and effort regarding management system development. Certification in itself does not mean improved performance—management system structure, operation, and management commitment determine that.

Business Value

There are a number of reasons to implement a management system. A properly designed and implemented management system brings value to organizations in a number of ways:

  • Risk management
    • Identify risks
    • Set priorities for improvement, measurement, and reporting
    • Provide great opportunity to identify, share, and learn best practices, while recognizing operational differences
  • Protection of people
    • Send people home the way they arrived at work
    • Protect the public and the environment
  • Compliance assurance
    • Improve and sustain regulatory compliance
  • Business value
    • Continually improve quality, environmental, and safety performance across the organization (employee, public, equipment, infrastructure)
    • Reduce incident costs and accrued liabilities
    • Protect assets
  • Reliability
    • Assure processes, methods, and practices are in place, documented, and consistently applied
    • Reduce variability in processes and performance
  • Employee engagement
    • Help employees to find and use current versions of all procedures and documents
    • Provide a ready reference for field management to structure location-specific procedures
    • Enable the effective transfer of standards, methods, and know-how in employee training, new job assignments, and promotions
07 May
Safety Culture
Why Safety Culture Matters

A recent episode of The Daily, a podcast from The New York Times, discussed the safety culture of the Boeing manufacturing plant in Charleston, South Carolina—the plant that builds the 737 MAX 8, the aircraft involved in two fatal crashes worldwide in the last six months.

Concerns About Culture

The Boeing 737 MAX 8 was grounded by the FAA on March 11, 2019 amid concerns that recently introduced flight control software contributed to both crashes. The subsequent scrutiny on the company brought attention to the safety culture of the Charleston plant.

Interviews in the podcast suggest common characteristics of a negative safety culture were present at Boeing. For example, there was reportedly significant pressure to meet production deadlines, including financial incentives for meeting hourly production goals. Some managers allegedly took defective parts and installed them on aircraft to meet these deadlines. One such incident described on the podcast episode included an attempt to rub off the red paint that is applied to defective parts to prevent installation. Related to defective parts, managers were reportedly pressured to reduce the number of parts damaged by employees during manufacturing. A former quality manager interviewed in the episode alleges that this pressure led to damaged parts being installed rather than reported to management or quality control.

Safety culture is often defined informally as “the way we do things around here” when it comes to safety practices. Essentially, safety culture is the product of the shared values, beliefs, norms, and organizational practices in a company about working safely. An organization’s safety culture is ultimately reflected in the way safety is managed in the workplace. The culture breaks down when the disregard for safety becomes “management practice.”

Characteristics of a Strong Safety Culture

A strong safety culture has several characteristics in common. Kestrel’s research into the topic of safety culture has identified two traits that are particularly important to an effective safety culture: leadership and employee engagement. Best-in-class safety cultures have robust systems in place to ensure that each of these traits, among others, is mature, well-functioning, and fully ingrained into the standard practices of the organization.

Organizations with strong safety cultures typically exhibit many of the following attributes:

  • Communication. Communication is most effective when it comprises a combination of top-down and bottom-up interaction. Senior management sets the strategic goals and vision for the company’s safety program. It is vital that all levels of management (senior, middle, supervisory) communicate the strategy clearly to the workers who carry out the company’s mission. It is equally important that workers provide feedback on a practical level about what’s working and what’s not.
  • Commitment. When it comes to safety, actions truly speak louder than words. A lack of commitment, as demonstrated by action (or lack thereof), comes across loud and clear to staff. For example, requiring staff to work excessive hours or use defective parts to meet productivity goals sends a clear message that productivity is more important than safety.
  • Caring. Caring is about doing whatever is necessary to ensure employees return home safely every night. It involves showing concern for the personal safety of individuals, not just making a commitment to the overall idea of safety.
  • Cooperation. Safety works best if management and workers are on the same team. Cooperation means working together to develop a strong safety program (e.g., management involving line workers in creating safety policies and procedures). It means management seeks feedback from workers about safety issues—and uses that feedback to make improvements. And it means there is no blame when incidents occur.
  • Coaching. Coaching each other—peer to peer, supervisor to employee, even employee to management—is an important way to keep everyone on track. Coaching involves non-judgmentally providing feedback for improvements and, correspondingly, accepting and incorporating that feedback as constructive criticism.
  • Procedures. There should be documented, clear procedures for every task. This not only prevents disagreement about what is required, it also shows commitment when things are put in writing. Procedures should be designed jointly by management and workers for practicality and to encourage improved cooperation, communication, and buy-in.
  • Training. Training is a more formal, documented process for ensuring that employees follow safety processes and procedures. Formal training should happen frequently enough for employees to feel prepared to safely do their jobs.
  • Tools. All equipment and tools should be in good repair, free of debris, and functioning as designed. Inadequate tools directly impact safety/protection and indirectly impact perception of management commitment. Boeing’s alleged practices send a clear message that safety is not as important as productivity.
  • Personnel. There must be enough workers to do each task safely. The company should not sacrifice individual safety because of being understaffed (i.e., requiring shortcuts/overtime to meet production goals).
  • Trust. Trust in the safety program, in senior management, and in each other is built when each of these characteristics is present and treated as a company-wide priority.

Benefits of a Best-in-Class Safety Culture

Strong safety performance is a cornerstone of any business. When these characteristics come together to create a best-in-class safety culture, everyone wins:

  • Fewer accidents, losses, and disruptions
  • Improved employee morale
  • Increased productivity
  • Lower workers compensation and insurance claims
  • Improved compliance with OSHA regulations
  • Improved reputation to attract new customers and employees and retain existing ones
  • Better brand and shareholder value
23 Apr
Business Continuity Plan
Business Continuity: Building a Resilient Organization

When business is disrupted, the costs can be substantial. Unfortunately, every organization is at risk from potential operational disruptions—natural disasters, fire, sabotage, information technology (IT) viruses, data loss, acts of violence. Recent world events have further challenged organizations to prepare to manage previously unthinkable situations that may threaten the future of the business.

Securing Company Assets

This goes beyond the mere Emergency Response Plan or disaster recovery activities that have been previously implemented. Organizations must now engage in a more comprehensive process to secure their companies’ assets (e.g., people, technology, products, and services). Today’s threats require implementation of an ongoing, interactive process that assures the continuation of the organization’s core business activities and data center(s) before, during, and, most importantly, after a major crisis event.

Creating a Resilient Organization

Business continuity planning helps ensure that companies have the resources and information needed to maintain service, reliability, and resiliency under adverse conditions. While companies can’t plan for everything, they can take steps to understand and effectively manage events that might compromise their products/services, supply chain, quality, security, and future as an organization.

A Business Continuity Plan ensures that all involved parties understand who makes decisions, how the decisions are implemented, and what the roles and responsibilities of participants are when an incident occurs. Through business continuity planning, companies are able to:

  • IDENTIFY the human, property, and operational impacts of potential business threats
  • EVALUATE the potential severity of associated risks
  • ESTIMATE the likelihood of business threats occurring
  • CREATE timelines for restoration and strategies that proactively mitigate the most pressing business threats, take advantage of opportunities that lie ahead, and provide for a more resilient and sustainable future

Systematic Approach

A sound Business Continuity Program relies on a systematic approach to identify and critically evaluate risks/opportunities, as outlined below. This approach broadens the scope of issues beyond mere emergency response and allows companies to budget for and secure the necessary resources to support critical business activities before, during, and after a major crisis event. Ultimately, following this process helps companies to stay in business through a time of crisis.


Sustaining Business for the Long Term

Sustainability is about staying in business for the long term, and today, business continuity is key to sustaining business over time. That is because a well-developed and implemented Business Continuity Plan:

  • Keeps employees and the community safe when an incident occurs
  • Protects the organization’s important assets (e.g., people, technology, products, services)
  • Reduces disruption to critical functions in order to limit financial impacts due to loss of product/service
  • Reduces adverse publicity, loss of credibility, and loss of customers
  • Reduces legal liability and regulatory exposure
  • Reduces the risk of losing critical business data (e.g., historical, operational, customer, regulatory compliance)
  • Provides for an orderly and timely recovery by allowing critical decisions to be made in a non-crisis mode
  • Helps companies mitigate risks and focus on the future

Guiding Standards

ISO 22301: Societal Security – Business Continuity Management Systems is specifically designed to help organizations protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. Like other ISO standards, ISO 22301 applies the Plan-Do-Check-Act/Adjust model to developing, implementing, and continually improving a Business Continuity Management System. Following this internationally recognized standard allows organizations to leverage their existing management systems and ensure consistency with any other ISO management system standards that may already be in place (e.g., ISO 14001 – environment, ISO 9001 – quality, ISO 45001 – safety, ISO 22000 – food safety).

The American Society for Industrial Security (ASIS) Business Continuity Management System Standard, National Fire Protection Association (NFPA) 1600: Standard on Disaster/Emergency Management and Business Continuity Programs, and Office of the Comptroller of the Currency (OCC) federal banking requirements for business continuity provide further industry-specific guidance on business continuity management.

21 Apr
business decision making
Using Data Analysis for Business Decisions

Today’s business managers face greater complexities than ever when it comes to making business decisions. For every business decision, there are a number of factors that impact the associated risks. Fortunately, the use of statistics, predictive analytics, and data mining has become increasingly useful in taking the “gut feel” out of making important and often complex business decisions.

Data-Driven Decisions

Most people are familiar with common descriptive statistical techniques, like measures of central tendency (e.g., mean, median, mode) or variability (e.g., interquartile range, standard deviation). More advanced data mining and predictive analytical techniques are increasingly being used to explore and investigate past performance to gain insight for future business decision making.

Data mining draws on large amounts of data to identify patterns, which are often classified as opportunities or risks. Predictive analytics encompasses a variety of statistical techniques that are used to analyze historical data to predict the most probable future events. A few examples of these include the following:

  • Discriminant Analysis – a machine learning model where a computer program “learns” a pre-existing data set that includes attributes and outcomes for each individual, and then predicts probable outcomes for individuals in the new data set based on attributes.
  • Linear Regression – creates an equation so that one variable can be predicted based on the known values of other variables.
  • Logistic Regression – a machine learning model where a computer program “learns” a pre-existing data set that includes attributes and a binary (“yes/no”) outcome for each individual, then predicts “yes/no” outcome for each individual in a new data set, along with a probability associated with the decision.
  • Decision trees – machine learning model where a computer program “learns” a pre-existing data set that includes attributes and outcomes (not necessarily binary) for each individual, then predicts outcomes for each individual in a new data set, along with confidence in the decision; also identifies the attributes that are most helpful for making predictions (i.e., those that are best able to discriminate between outcomes).
  • Neural networks – similar to decision tree, but more effective if finding the connections between attributes is a concern.

Together, this information can help decision makers to predict the outcome(s) of a decision before it is made—and make smarter decisions based on data instead of gut feelings. The following case studies demonstrate the value that statistics provide when it comes to making important business decisions.

Case Study: Wildfire Risk Index

For a large transportation organization, wildfires have historically presented a unique challenge. The company has worked diligently over the past several years to control its fire risk through research and a number of assessments. To help further minimize the wildfire risk, the company turned to past data and is working with Kestrel to develop a comprehensive Wildfire Risk Index to:

  1. Quantify the operational risks of wildfires (i.e., identify environmental conditions, determine areas of concern)
  2. Make informed business decisions to help minimize identified risks

Creating the Index requires a significant amount of data from both internal and external resources, including traffic, weather, geography, internal fire incidents, and others. This information is used in several components contained within two main models that create the Wildfire Risk Index. These model components are relatively simple when used on their own. The complexity arises when combining the various models and their components into a single Wildfire Risk Index that reasonably reflects relative risks, while considering all variables.

The ultimate output of the Wildfire Risk Index is a single number that quantifies the relative risk of wildfire by location and by month. This information will help the company to:

  1. Identify the areas of greatest risk.
  2. Focus resources on those areas.
  3. Make more informed decisions regarding operations—like when to plan hot work and when and where to perform vegetation control—to help prevent future incidents.

Case Study: Incident Data

For a large petroleum refining organization, safety and environmental incidents present a significant risk to operations. In order to reduce incident frequency, the company has implemented a robust safety management system, which includes frequent audits and inspections. Despite the company’s best efforts, however, incidents have continued to occur.

To further improve safety and environmental performance, Kestrel is working with the company to conduct detailed reviews of previous incidents using Kestrel’s proprietary Human Performance Reliability (HPR) approach. This approach identifies and classifies the human factors contributing to incidents, as well as the controls associated with those human factors (engineered, administrative, and/or PPE). Once the reviews are finished, the results are statistically analyzed to generate a prioritized list of human factors to be addressed. Kestrel’s Human Factors Integration Tool (HFIT™) software then generates a list of existing controls associated with the top human factors, as well as a list of missing controls that could be created and implemented.

The ultimate output of the incident review process is to help the company identify the human factors contributing to incidents, create or improve associated controls, manage operational risks, and protect the health and safety of workers and the surrounding environment.


These examples demonstrate how predictive analytics can be used to support decision making. The versatility of predictive analytics, combined with the variety of statistical techniques available, can be applied to help companies analyze a wide variety of problems and gain insight for future business decision making.

04 Apr
SMS Best Practice Tips
Making Your SMS Work for You

A Safety Management System (SMS) is a systematic organization of policies, processes, programs, procedures, and records. Like other management systems, an SMS is built on the Plan, Do, Check, Act/Adjust (PDCA) cycle. Ideally, safety-related activities are planned, done, checked (through auditing, inspections, investigations), and finally reviewed by both local and executive management to facilitate continuous improvement (i.e., adjust).

Keys to a Successful SMS

The primary purpose of an SMS is to effectively manage safety-related risks. But how does an organization ensure that its SMS—new or existing—actually does this? Kestrel has compiled the following best practice tips for implementing an effective SMS:

  1. All employees with management or supervisory responsibilities must be visibly and conspicuously committed to safety and the SMS. Management demonstrates leadership and promotes commitment to improving safety performance through active and visible participation. It is up to management to routinely demonstrate that this is not just the “flavor of the month” but the organization’s way of doing business. (Choudhry, Fang & Ahmed, 2008; Hansen, 2006; Lyon & Hollcroft, 2006; OSHA, 2015)
  2. Employees are engaged in the SMS—emotionally and cognitively. Employees must understand how the SMS works and believe in the value that it offers them and the organization. (Wachter & Yorio, 2014; Moraru, Babut & Cioca, 2011)
  3. The SMS is integrated into other business objectives and aligned with other in-place management systems (e.g., quality, environmental). The SMS should support the company’s goals and objectives. Aligning and integrating with other systems further improves efficiency, consistency, and understanding. This also provides the flexibility needed to function in a dynamic business environment. (Hansen, 2006)
  4. There are clearly defined safety policies and principles. Policies should be established, communicated, and updated, as necessary. (Hansen, 2006)
  5. The SMS establishes challenging objectives, goals, and plans. High standards of performance that are tracked and measured ultimately lead to performance improvements. (Hansen, 2006; OSHA, 2015)
  6. Contractors and other third parties are effectively managed. Contractors, suppliers, and others must be assessed and monitored for their capabilities and performance. Clear performance standards should be established to ensure that these third parties meet needs and uphold safety management expectations. (Hansen, 2006; OSHA, 2015)
  7. The SMS ensures compliance with legal and other requirements. The SMS should help the organization to measure and verify compliance with applicable legal and regulatory requirements. (Hansen, 2006)
  8. There is effective communication about the SMS, including clearly defined roles and responsibilities. Employees need to understand the purpose of the SMS and their roles in achieving related goals and objectives. (Hansen, 2006; OSHA, 2015)
  9. Staff receive continuous safety training and development opportunities. Safe operations rely on well-trained employees and contractors who understand the SMS and how to perform their jobs in the safest ways possible. (Choudhry, Fang & Ahmed, 2008; Moraru, Babut & Cioca, 2011; Lyon & Hollcroft, 2006; OSHA, 2015)
  10. The organization is committed to hazard identification, risk assessment, and implementing effective controls. Identifying, assessing, and prioritizing hazards can mitigate risks to employees, customers, contractors, and the general public. Procedures should be put into place to continually identify workplace hazards and evaluate risks. Doing so must be a continuous process with periodic inspections to identify new hazards. (Hansen, 2006; OSHA, 2015)
  11. The organization conducts injury and incident investigations, produces reports, and follows through on corrective actions. Effective incident investigations provide the opportunity to learn about and improve safety performance. Investigations should identify the root cause and contributing factors, determine and track corrective actions, and share lessons learned across the organization to prevent recurrence. Perhaps most importantly, the organization should refrain from using the investigation to figure out who to blame for the incident. Fault-finding, rather than fact-finding, leads to mistrust and a negative safety culture. (Singh, 2014; OSHA, 2015)
  12. Audits provide the opportunity for ongoing re-evaluation and to demonstrate a strong commitment to continuous improvement. The SMS must be regularly reviewed to ensure that it is delivering consistent, desired performance. Planning and implementing internal audits helps verify whether safety processes and activities are meeting goals and creating the desired outcomes. Audits also help determine the effectiveness of the SMS and uncover new opportunities to systematically guide the PDCA continual improvement process. Sharing best practices and lessons learned further promotes ongoing improvement. (Hansen, 2006; Choudhry, Fang & Ahmed, 2008)
  13. Risk-based, data-driven decision-making is informed by both leading and lagging indicators. While lagging indicators provide valuable information for SMS improvement, leading indicators provide that information without waiting until someone gets hurt. Advanced statistical techniques and predictive analytics can help predict where and when an incident will happen based on leading indicators. Organizations can make drastic safety performance improvements by making a strategic, sustainable investment in gathering and analyzing leading indicators.
  14. Implementation is guided from the top down; buy-in is obtained in all levels of the organization. Ownership of the SMS resides with the safety department and executive management, while ownership of implementation and performance resides with all departments and operations. Safety should be continually reinforced as a line-organization responsibility. (OSHA, 2015; Choudhry, Fang & Ahmed, 2008; Moraru, Babut & Cioca, 2011)
  15. The SMS builds on and improves what already exists. The SMS should fit within the organization’s existing business structure and be tailored to the organization’s needs, operations, risks, processes, culture, and existing strengths.

SMS Benefits

For organizations that are able to implement a strong SMS, there can be many benefits. For example, the Health and Safety Executive in the UK (Greenstreet Berman Ltd, 2006) published six case studies in 2006 illustrating the benefits of implementing an SMS. Some of the business benefits identified in these case studies included the following:

  • 50% reduction in absenteeism
  • Static or decreased insurance premiums
  • Access to wider market based on improved safety outcomes

Another case study published in 2010 describes Newell Rubbermaid’s SMS success, as the company realized an 80% reduction in recordables and an 81% reduction in workers compensation costs after implementing a proactive SMS (Zahn, 2010).

In general, most organizations that adhere to the best practices described above may realize:

  • Improved health and safety performance and compliance
  • Greater operational efficiency
  • Reduced injuries and injury-related costs
  • Lower insurance premiums by demonstrating to insurers that risk is effectively controlled
  • Better morale when employees see employers actively looking after their health and safety
  • Improved reputation that comes with the public noticing the organization’s responsible attitude toward employees
  • Improved business efficiency and, correspondingly, reduced costs


26 Mar
Drones 101 Top 6 Tips
Drones 101: Tips for Managing Your Drone Program

This is the fifth article in Kestrel’s Drones 101 series.

As we’ve discussed in our Drones 101 series, both large and small companies can establish safe and reliable drone programs; however, lack of planning will (at best) add up to a short-lived drone program or (at worst) cause your company undue risk or injury.

In short, buying and operating UAS equipment without a plan in place can lead to:

  • Sunk costs
  • Delayed success
  • Safety incidents
  • Service delays
  • Employee injury
  • Loss of financial backing legal and regulatory issues

On the flip side, when implemented appropriately, using drones often results in a solution that is:

  • Faster – Significantly reduce manhours to complete work (e.g., inspections, audits, monitoring) without requiring plant shutdown.
  • Safer — Eliminate the need for humans to complete high-risk activities (e.g., climbing towers, entering confined spaces, inspecting disaster zones).
  • More accurate — Gather comprehensive and reliable data with less room for human error and less variability.

Top Tips

Here are Kestrel’s top six tips for managing a successful drone program:

  1. Establish a plan and budget to accurately track and communicate costs and determine your return on investment.
  2. Establish standard processes, procedures, and communication protocols to ensure end users, company, and management teams understand expectations and obligations.
  3. Engage a cross-functional team, which may include program management, field operations, engineering and maintenance, human resources, legal, information technology, etc. to effectively manage all aspects of your UAS program.
  4. Create a UAS program operations manual that lays out expectations and company-approved applications of UAS technology.
  5. Set metrics and evaluation methods for the UAS program overall and its impacts on the core business. This will help show the value of your UAS program.
  6. Follow the classic management system plan-do-check-act cycle to drive continual improvement in not only the drone program, but in the core business, as well.

Learn more about Kestrel’s UAS Program Management services. Be sure to check out the entire Drones 101 series:

11 Mar
Drones 101 UAS Program Management
Drones 101: UAS Program Management

This is the fourth article in Kestrel’s Drones 101 series.

Drones can reduce risk in commercial operations, but it is important to acknowledge that they can also introduce risk through damage to property, safety incidents, loss of UAS assets, and legal and regulatory issues. And without a planned, organized UAS program, your risks increase significantly.

Why UAS Programs Fail

Why do some drone programs fail? Both large and small companies can establish safe and reliable drone programs, but a solid foundation early in the process is essential for success. Lack of planning will (at best) add up to a short-lived drone program or (at worst) cause your company undue risk or injury.

In short, buying and operating UAS equipment without a plan in place can lead to:

  • Sunk costs
  • Delayed success
  • Safety incidents
  • Service delays
  • Employee injury
  • Loss of financial backing legal and regulatory issues

Foundations of a Drone Program

A solid, sustainable UAS program starts with consideration of a handful of essential elements, as discussed below.

Financial Resources. Your program needs to consider cost. Not only will you need to create a budget for approval, but you will want to be aware of and able to accurately communicate costs and have a basis for arriving at a return on your investment. A good approach is to categorize your costs into one-time capital costs; recurring costs related to equipment, software and pilots; and costs for expansion.

Financial Resources UAS ProgramIncidentally, the cost to take the Part 107 Airmen Knowledge Test is $150 per attempt. A prep course online will run about $200 -$300.  To stay current, pilots are required to take a test every two years, which also costs $150 per attempt

 The key point is to understand your costs, budget for them, and put the drone program in the best position to be funded as needed.

Cross-Functional Strategy

Ideally, you want a team of people with different functional expertise working toward the common goal of helping the company achieve the benefits associated with a drone program. Consider involving individuals in program management, operations management, legal/compliance, human resources, information technology, and others.

Depending on how large your organization is, the team may be one or two individuals who wear many hats and juggle responsibilities. Larger organizations may expand the size and functions beyond this example. Think about how your organization might function:

  • Is your program manager and operations manager the same person?
  • Which of the following is the highest priority for your legal team: data security, regulatory compliance, or employee safety?
  • Do you have the in-house IT resources to support the technical needs of a UAS program?

You don’t necessarily have to have a large team, but you do need to consider how you’ll cover all the related functions and responsibilities.

UAS Program Operations Manual

A UAS program operations manual – whether it is a paper binder or an online resource – is a must. It’s important that you have well thought-out policies and procedures, standard practices, and emergency plans. It is just as important that all your pilots and team members are familiar with them, so everyone is operating from the same playbook.

Your operations manual should lay out expectations and company-approved applications of UAS technology. In general, it should include the following:

  • Policies, procedures, standard operating practices, safety programs
  • Identified risks, hazards, and emergency situations; mitigation measures
  • Data management and documentation requirements
  • How/when to verify federal and state regulations for UAS technology
  • Employment terms/contracts (employee, contractor, vendor)

Integrated Systems

Much like the cross-functional team we just covered, your internal business systems should include drone program-related tasks and subsystems. These should be integrated into the normal flow of business in your organization.

If your company operates under an ISO-style management system (e.g., ISO 9001, ISO 140001, or ISO 45001), you have the opportunity to align and integrate systems with your existing program and take advantage of the plan-do-check-act cycle associated with ISO management systems. Consider systems for communication, inventory management, data management, employee management, and technical support, among others.

Measurable Goals

It’s a standard exercise in any management system to set measurable goals and track progress against them. The same standard should be upheld for drone program management. Setting metrics and evaluation methods will allow you to show the value of your UAS program.

  • First, set goals for the drone program overall. This may include:
    • UAS pilot effectiveness (e.g., safety, training status, reportables, compliance)
    • Effectiveness of policies and procedures
    • ROI of the UAS program (e.g., money saved, time saved, fewer injuries, lower workers compensation rates)
  • Second, set goals to measure the impact of the drone program on your core business.
    • How will UAS enhancements change/improve existing company performance metrics?
    • For example, can you move from biannual inventory of resources to quarterly due to ease of inspections? Or monitor high-risk bridges, wind turbines, etc. every 3 months?
    • Set or adjust thresholds based on the knowledge you gain from UAS enhancements.

Plan for Continuous Improvement

Finally, you should have a plan for continuous improvement. An effective plan will follow the classic management system plan-do-check-act cycle to drive improvement in not only the drone program, but in the core business as well.

In the diagram below, drone program goals related to improved policies and procedures lead to standard operations practices. The effectiveness of these actions is evaluated, gaps are identified, and additional goals are set. As an example, let’s say one of those policies and procedures is to address how we manage flight data. A goal is set, the procedure is examined, previously unidentified risks are discovered, and mitigation measures are put in place in the policies, procedures and SOPs.

UAS Plan for Continuous ImprovementKey Takeaways

Drones can enhance your current business operations by reducing the time and safety risks involved with routine tasks, but they bring with them their own operational and regulatory considerations. To help ensure your drone program’s success:

  • Establish a solid foundation early.
  • Establish policies and procedures to reduce inefficiencies and ensure compliance.
  • Create systems to reliably track the location, status, and condition of your drone fleet – regardless of size.
  • Establish systems to track and manage the training and certification status of all employees or contractors in the UAS program.
  • Monitor and manage maintenance and repairs/replacements of the drone fleet to reduce operational risks of drone failure during flight and to ensure that employees are operating their drones safely and efficiently.
  • Develop systems to manage and organize huge quantities of data from drone flights so you can easily find footage/stills and leverage the data gathered.
  • Design and implement integrated software systems to prevent liabilities, loss of ROI, and safety risks.

Learn more about Kestrel’s UAS Program Management services. Be sure to check out the entire Drones 101 series:


05 Mar
Drones 101 sUAS Regulations
Drones 101: Regulations for sUAS

This is the third article in Kestrel’s Drones 101 series.

Drone usage is regulated by the Federal Aviation Administration (FAA). In 2016, FAA issued new rules for non-hobbyist (i.e., commercial) small Unmanned Aircraft System (sUAS) operations in 14 CFR Part 107. Part 107 covers a broad spectrum of commercial uses for drones weighing less than 55 pounds at time of takeoff and landing.

Commercial vs. Hobby

For the purposes of Part 107, commercial is considered as anything except recreational or hobby use. Whether you are making money directly with your drone or just using it as a tool within your company, Part 107 applies to drone pilots and drones used for business purposes.

Operating Requirements

Many of the rules in Part 107 are common sense; others are not. This list provides an overview of the operating requirements for complying with Part 107:

  • The remote pilot must keep the drone within visual line of sight (VLOS) at all times.
  • The operator should always avoid manned aircraft.
  • Neither the pilot nor a visual observer can be responsible for more than one sUAS at a time.
  • You are only allowed to fly during daylight hours. If you attach the proper anti-collision lighting, you may conduct operations during twilight hours. Night operations are prohibited without proper authorization from the FAA.
  • Minimum weather visibility is three miles from your control station.
  • Maximum allowable altitude is 400 feet above the ground (higher if your drone remains within 400 feet of a structure, such as when you inspect a tower or tall building).
  • Maximum speed is 100 mph (87 knots).
  • You cannot fly directly over any people unless they are directly and knowingly involved in the operation.
  • You can carry an external load if it is securely attached, does not adversely affect the flight characteristics or controllability of the aircraft, and maintains the weight limit of 55 lbs. at time of takeoff and landing.
  • The National Airspace System is divided into several categorizations and it is imperative that all UAS operators know and understand the various airspace designations.
    • Operations in Class A are prohibited unless authorizations from the FAA are secured and the operators coordinate their operation through air traffic control. sUAS operations in Class A airspace is extremely unlikely due to the altitude.
    • Class B and Class C airspace designations surround all major and minor airports. Operations in Class B and Class C airspace require prior authorization from the FAA, which can be difficult to obtain. Certain exceptions are made and, in the event that operations are approved in either of these airspaces, coordination with air traffic control and/or airport operator is required.
    • Class E airspace resides between the top limits of all the other airspace designations and the bottom of Class A airspace. Class E airspace can also be found around non-towered airports with instrument approach requirements and can require air traffic control or airport operations coordination during hours when the tower is operational. This varies, and operators should refer to their sectional maps and flight planning tools before every flight to verify their current airspace requirements.
    • Class G airspace does not require any additional approvals for operations; a majority of commercial UAS operations occur within these areas.
    • Airspace designations can change, and temporary flight restrictions are frequently established for various reasons. Operators should always refer to their sectional maps and flight planning tools before, during, and after all UAS operations.

You can request a Certificate of Waiver from certain Part 107 regulations, and/or authorization to operate in restricted airspace by submitting a request directly to the FAA. There are tools that can help with this process, but waiver requests can be complicated, and most are not approved by the FAA. Kestrel can help you write effective waivers.

Low Altitude and Notification Capability (LAANC)

For access to restricted airspaces that are at low altitudes (under 400 feet), operators can use a new tool recently released by the FAA referred to as LAANC (Low Altitude Authorization and Notification Capability). LAANC aims to provide near real-time airspace authorizations for UAS operations under Part 107.

LAANC automates the application and approval process for airspace authorizations at nearly 300 air traffic facilities covering approximately 500 airports. It dramatically decreases the wait time experienced with the manual authorization process, provides greater flexibility in operational planning, and directly supports UAS integration into the airspace.

Pilot Certification

To operate a sUAS under Part 107, pilots need a remote pilot airman certificate with a small UAS rating or must be under the direct supervision of a person who holds such a certificate. This certification entails passing a two-hour Airmen Knowledge Test to become certified, and then applying for your certificate online, which includes passing a TSA background check. Operators must retake the Airmen Knowledge Test every two years to stay current.

If you already have a Part 61 pilot certificate, other than a student pilot certificate, you must have completed a flight review in the previous 24 months and you must take a sUAS online training course provided by the FAA. Pilots receive a certificate of completion, which must be renewed every 24 months.

If you are acting as pilot in command, you must:

  • Make your drone available to the FAA for inspection or testing on request, and provide any associated records required to be kept under the rule.
  • Report to the FAA within 10 days any operation that results in serious injury, loss of consciousness, or property damage (to property other than the UAS) of at least $500.

Drone laws and regulations are constantly evolving as the industry evolves.

. As an example of the ever evolving regulations, effective February 25, 2019 the FAA now requires that all sUAS display their aircraft registration number on an external surface of the aircraft. This rule was established under 14 CFR Part 48. Additional rules regarding night operations and flights over people are in the proposed rule phase and are expected to become effective by the end of April. In addition, record retention laws are forthcoming for drone footage and may vary by state.

Not surprisingly, pilots can unknowingly (and easily) violate FAA regulations. One very important task as part of your overall UAS program management strategy should be to keep current on pilot certifications, drone registrations, and regulatory changes to remain compliant.

Learn more about Kestrel’s UAS Program Management services. Be sure to check out the entire Drones 101 series:

26 Feb
Facility safety equipment
Know Where You Stand: Facility Safety

Strong safety performance is a cornerstone of any business. For many companies, it can make the difference in being qualified to work with customers and successfully expand the business.  On the other end of the spectrum, repeated safety accidents can lead to potential serious penalties and higher insurance rates for failing to comply with OSHA safety requirements.

Safe facilities, work practices, and training help to attract and retain employees and enable them to go home at the end of the shift without workplace injury or concerns. In addition, workers’ compensation rates and the ability to maintain adequate insurance both depend on an organization’s safety performance.

OSHA Safety Compliance and Inspection

Safety compliance with federal regulations is getting much more attention by the Occupational Safety and Health Administration (OSHA) due, in part, to a variety of significant accidents occurring over recent years. Many relate to the manufacturing in high risk industries where the impacts have caused injury, evacuation, environmental impacts, and significant business disruption. While not frequent, accidents like this draw attention from the public and communities, news media, regulators, and regulatory agencies. This, in turn, has increased scrutiny on all businesses, especially those in high risk industries or having a history of safety issues. When it comes to safety compliance, an organization should never be overly confident.

Increased inspections for non-compliance with safety regulations have been emphasized. OSHA tracks the types of safety violations found and their classification as “serious” or as “willful”. A serious violation is defined as “one in which there is a substantial probability that death or serious physical harm could result, and the employer knew or should have known of the hazard”. A willful violation is defined as one “committed with an intentional disregard of or plain indifference to the requirements of the Occupational Safety and Health Act and requirements”. Willful violations can also be applied to multiple plants in the same company.

The top 10 “serious” violations reported by OSHA for federal FY 2018 were:

  1. Fall Protection
  2. Scaffolding
  3. Hazard Communication
  4. Ladders
  5. Lockout/Tagout
  6. Respiratory Protection
  7. Machine Guarding
  8. Powered Industrial Trucks
  9. Fall Protection – Training Requirements
  10. Personal Protective and Life Saving Equipment – Eye and Face Protection

All of these violations can be associated with the typical equipment and practices associated with manufacturing operations or other physical plant activities for maintaining processes and equipment.

Willful violations can result in significantly greater penalties, with related fines tripled should a violation be classified as in this category, and even greater penalties for multiple plant violations under the same corporate ownership.

The top 10 “willful” violations reported by OSHA for FY 2018 were:

  1. Fall Protection
  2. Lockout/Tagout
  3. Grain Handling Facilities
  4. Requirements for Protective Systems
  5. Respiratory Protection
  6. Machine Guarding
  7. Fall Protection – Training Requirements
  8. Mechanical Power-Transmission Apparatus
  9. Hazard Communication
  10. Permit-Required Confined Spaces

A best practice recommendation is that plant management should take the opportunity to review this list and validate their understanding of the related regulations and the level of compliance at their plant(s).

Opportunities for Improvement

Each of these standards represents an opportunity for assessment and improvement for plant managers and owners in the industry. Violations in these standards can take a variety of forms, including a failure to have not only the appropriate procedures, but necessary updates, training, internal inspection and recordkeeping. Be aware that vulnerability in compliance could be associated with evolving changes, including time, process, personnel, and materials. This is also known as “management of chain” necessary for maintaining and keeping programs current with requirements.

The question for plant owners and managers is, “What should we do now to both meet the requirements and establish a plan should we be confronted with an OSHA inspection?” These represent two related activities that need to be addressed to best ensure that the company can and will achieve the best in both situations.

Taking Action

When it comes to determining the level of your existing OSHA programs against compliance issues and potential accidents, there needs to be both short-term and longer-term actions. The goal of the actions will be to provide the results of what will need to change in your OSHA compliance programs. There will be a range of results depending on how well the programs were developed, implemented, and updated. Regardless, the goal is to provide a means to assess and make this determination. We recommend taking the following short-term (if not immediate) actions:

  • Schedule a meeting with key management and safety and health staff to develop a plan to review and confirm all OSHA programs for compliance to the standard. It is not uncommon for internal audits and insurance company audits to be based on confirmation of a compliance policy and not the level of detail required in the implementation of the policy. In the meeting, a complete review of programs should be delegated, including a review of the OSHA standards themselves. This should be based on criteria, including the level of detail, training, and updates and supporting logs/records.
  • As part of this process, conduct a review of the last three years of internal and loss prevention reports, including local fire. The findings of these should be compared against review findings to verify that necessary changes have been implemented.
  • The review should include a review of the OSHA reporting and recordkeeping requirements. Again, this should be reviewed based on three years of historical records.  Not only should these records be verified to be accurate and complete, but each accident should have resulted in a corrective action of either an unsafe situation or the retraining of an employee. This information should be checked, as well, and any additional actions made to fully comply.
  • Should you have had any past OSHA inspections at your facility or if you have multiple locations, you need to ensure that proper actions were taken to close these issues. Again, it is very important to verify and assemble all of the related records.
  • You will need to require that multiple physical walk-troughs are conducted for all work, personal, and administrative areas for compliance. This should be done by updating or creating a safety inspection checklist for each section, area, and department to confirm that there are no violations in manufacturing and administrative areas alike. Note that one area often missed is the adequate spacing and egress from office cubicles and file rooms.
  • Your review should lead to the determination of corrective actions of your programs.  These corrective actions need to result in immediate “short-term” updates and implementation of your safety programs. This needs to be announced and included in the training that will need to be scheduled and documented.
  • Concurrently, a qualified person should be assigned to compare the review findings, your accident statistics and the top OSHA violations. If there are common links to programs, statistics, and OSHA violations report, an added level of scrutiny should be placed on this area and the resulting program updates.
  • Ensure that all of the basic requirements are met and in compliance, including accident/injury records, training records, inspection logs, and a log for all program updates implemented.

Inspection Readiness

Provided that the items above are done correctly will greatly reduce your risk for compliance issues and create a safer work environment for your employees for the short term. To fully verify the changes, a confirming review or audit should be completed within a 30-45-day strict timeframe, and any additional changes or training should be completed immediately. This will also put you in a much better position for an OSHA inspection should you be identified to require one. Some additional points to readiness for an OSHA inspection include the following:

  • Ensure that you have or develop a policy for a regulatory inspection that can be implemented immediately. This would cover OSHA and other possible inspections.
  • Assign a designate with responsibility for representing the company for an OSHA inspection. Until the designate is ready for an inspection, the inspector should be kept in a neutral office or conference room and away from all levels of activity.
  • The tour should be as that for any other visitor. Ensure that the inspector wears all of the required PPE at all points during the tour and is provided all of the awareness required for all personnel. The inspector should never be left alone and not allowed to disrupt the work activities in any way or at anytime.
  • Develop a list of the do’s and don’ts of information to be provided or shared with an inspector. When in doubt, decline to answer until the proper answer can be determined.  This list should include what the inspector is entitled to request and what you do and do not have to provide. Say very little and even less if asked.
  • A copy of all information, notes, photos, and videos should be kept for the company records, and the designate should ask the inspector to answer any related questions.
  • Note that if the inspection carries for multiple days, it will provide the designate to verify and communicate specific concerns for direction from senior management or counsel.
  • At the closing conference, the inspector will take time for a write-up and to determine apparent violations. During this presentation, you need to challenge any such issues and take the position that there are no violations.
  • The inspector will take several weeks to formalize the report, during which time you are not required to answer any follow-up calls.

This information presents a briefing on handling a typical OSHA inspection. Certain events could change how you handle an inspection in follow-up to an accident. Additionally, note that if you conduct an OSHA Program review and make the proper changes, you will be in much better readiness condition for an OSHA inspection. Regardless, the planning and demeanor of the designated contact for the inspection should be the same.

Owners and managers of companies need to focus on prevention and on the overall culture of the company in terms of taking the necessary steps to reduce risk and make prevention part of daily operations. Good practice is to examine the workplace broadly, identifying and assessing hazards, and developing and implementing appropriate controls. This helps ensure employees are protected in the workplace and regulatory compliance is achieved.