Yup, can confirm that the concept of gatekeepers is common in the corporate FOQA world, both 91 and 135. I believe most countries in Europe require 135 operations to have a qualified program before landing there. So the portion of a 135 OpSpec that addresses the program can define how the program is operated: how the data review process happens and who’s responsible (if possible, don’t include
what will be analyzed because it changes over time).
FOQA alerts are not uncommon; think of them like ASAP reports from a different source. Every report should not warrant a management investigation, and frankly, a “casual data analyst” can reach an unusual conclusion from raw data.
One program I am familiar with produces PDF reports of alerts on a quarterly basis (which have been reviewed before publication). The reports contain your operation’s occurrence rates versus a larger population, as well one-page as detail information about each, and FOQA can be managed by a single person. This can go a long way towards populating a risk matrix and answering “how are we doing?” and “where can we change?” (none of which would be helped by acting on anything less than the most-severe specific occurrence), which becomes feed for the safety risk management process of an SMS manager.
The size of the 91 operation depends on how many hats an individual might wear: SMS manager, gatekeeper
and director of ops would be a stretch.