What Is Formally Documenting in Aviation SMS
Formally documenting your SMS means creating an “official” record of your SMS. Official records are simply aspects of your SMS that you document and save to use later, such as during review or provide to an auditor. Aspects of your SMS that you formally document will fall into two categories:
- SMS design, which is encompassed in your:
- Operational Risk Profile/Hazard Register, which is a manual/document where you list the hazards, risks, and controls pertinent to your operations; and
- Safety Policy, which is a document where you list your company policies, procedures, and other documentation required by your aviation compliance authority.
- SMS performance, which is encompassed in actions taken to evaluate/mitigate risk such as:
- Safety issue management,
- Reviews (SMS audits, inspections),
- Change management operations, and
- Other performance monitoring activities.
When you formally document these aspects of your SMS, they should be organized for easy access and retrieval.
Important Part of Formal Documentation
An important part of the idea of “formal” documentation entails that:
- You DON’T document EVERYTHING;
- You DO document the important actions taken that will need to be scrutinized later; and
- You DO document metadata, such as:
- Relevant dates of documentation,
- Names of people who performed actions (if applicable), and
- Justification for why a certain action was taken.
Three good rules regarding documentation are:
- If you will need to review the information later, then formally document it;
- If the information will help you understand context (when/where/why), then formally document it; and
- If an auditor will ask about it, then formally document it.
Here are important ways to formally document aviation SMS programs.
Controls Described in Your System Are Active
In your Operational Risk Profile, which is a major part of your SMS manual, you will need to list and briefly describe each safety risk control that is actively being used to mitigate a hazard(s) and other risk(s) in your operations. Formally documenting your risk controls entails listing:
- The unique name of your risk control;
- Status of the risk control:
- In process, or
- The type of risk control:
- Technical, or
- The method of risk control - either one or a combination of the following:
- Detective, and/or
- How it mitigates risk, such as:
- Risk Transfer,
- Risk Avoidance,
- Risk Separation, and
- Risk Duplication.
- What problem it addresses; and
- Risk control effectiveness review information, such as dates and notes of risk review.
It’s also very important that all listed controls:
- Are current – no dated risk controls or risk controls that are no longer function well; and
- Are accurate – each risk control’s description matches how it works in real life
You Have an Operational Risk Profile/Hazard Risk Register
An operational risk profile demonstrates your dedication to safety. It is the ultimate piece of documentation for demonstrating your SMS performance. It’s simply a document that lists:
- All identified hazards;
- Probably risks for each hazard;
- Risk assessments for each identified risk;
- Risk controls used to mitigate risk; and
- Ownership (where applicable) of hazards/controls.
Your operational risk profile should be:
- Updated as new hazards and risks are identified;
- Updated as new controls are implemented/retired/changed; and
- Reviewed and inspected for currency.
An operational risk profile is a tremendously powerful tool for managing safety. Robust operational risk profiles may include additional information such as:
- Effectiveness of risk controls; or
- Number of times a hazard/risk was associated with an issue.
All SMS Resources Used Are Documented in System Manual
Something that many aviation safety management systems fail to formally document correctly are SMS resources that are used to mitigate risk. SMS resources are simply all of the tools available the organization uses to maintain Acceptable Level of Safety during operations.
It’s helpful to document your resources and organize them by their type by using a model, such as:
Using these models, you describe how your operations mitigate risk in a number of ways, such as the following using the SHELL model:
- Any computer Software that you use to:
- Control machine operations (aircraft, equipment, etc.),
- Manage your SMS (policies, procedures, issue management, etc.), and
- Monitor performance and operations.
- Any Hardware that you use to mitigate risk, such as:
- And so on.
- Environmental resources you use to mitigate risk, such as:
- Budget information,
- Compliance authority resources, or
- Permissible weather factors.
- Livewire resources (i.e., human resources) you use to mitigate risk, such as:
- Chain of commands, or
- User roles.
Again, not EVERYTING needs to be documented here, but only the resources that are important to mitigate risk and manage your SMS.
Managed Issues Include Log of Important Actions Taken
Finally, an extremely important part of formally documenting your SMS includes logging important actions taken when managing issues. During an SMS audit, auditors will surely spot check different issues that you have managed. One of the most common reasons aviation service providers receive a finding is because they couldn’t explain WHAT or WHY certain actions were taken.
Formally logging actions taken simply means that for each issue you document important actions such as:
- Risk assessments, including justification;
- Issue classification(s), such as root causes, main hazard, etc.;
- Corrective actions;
- Important notes;
- Analysis activities; and
- Review/validation dates/notes
For more information about formal documentation, the following resource should prove useful:
Published November 2018. Last updated September 2019.