Aviation Safety Software Blog by SMS Pro

All Corrective Preventative Actions Not Created Equal: Initial Mitigating Actions

Written by Tyler Britton | Dec 4, 2017 10:55:00 AM

What Are Corrective Preventative Actions (CPAs)

In aviation safety management systems (SMS), reported safety issues and audit findings are run through an operator's documented risk management process. During this process, additional mitigation measures must be applied to safety concerns whenever the risk is either:

  • Not acceptable;
  • Acceptable with mitigation; or
  • Not as low as reasonably practical (ALARP).

Corrective actions and preventative actions (CPA) are used to correct, detect or prevent any undesirable element that is treated in your SMS' documented risk management processes.

After the initial risk analysis and risk assessment, the SMS management team creates CPAs in response to safety concerns that enter the SMS. Again, these safety concerns enter the SMS typically as a result of your SMS' safety assurance (SA) monitoring activities. Management's sole goal is to bring adverse elements of your SMS into an acceptable level of safety (ALoS) using mitigation strategies. These mitigation strategies are the CPAs in this discussion. You might also see CPAs called CAPAs (Corrective Actions, Preventative Actions).

Related Articles on Corrective and Preventive Actions in Aviation SMS

CPA Performance Indicative of SMS Continuous Improvement

CPAs are the critical element of continuous improvement. This is why, for example, the fifth element in the FAA’s Safety Assurance process is interchangeably called “Continuous Improvement” and “Corrective/Preventative Actions.”

CPAs can be a mitigative element of proactive risk management processes, including:

  • Inspections;
  • Audits;
  • Safety case reviews; or
  • Change management processes.

CPAs can also be a mitigative element of an SMS' reactive risk management processes:

  • Hazard occurrence (safety incident);
  • Risk occurrence (safety accident); or
  • New oversight agency regulation.

CPAs are most often created and managed by subject matter experts (SMEs). These operational SMEs are most often department heads and process owners that maintain risk acceptance authority over the respective area of operations.

CPAs can be created in a team setting, such as in safety committee review meetings; however, there are many times when "the fire must be put out first," and there is no time to conduct an in-depth risk analysis while waiting for the safety committee to hold their "quarterly" meeting.

In cases where you need to put out the fire, initial mitigation actions are meant to deal with an emergency or to bring the organization back into operational compliance. The objective is to rescue any injured stakeholders and to "stop the pain." After the smoke clears, then management can focus on a careful:

  • risk analysis,
  • risk assessment;
  • review risk controls for effectiveness; and
  • decide to implement additional mitigation strategies or to continue monitoring the system.

Different Types of Corrective Preventative Actions

There are three main (parent) types of CPAs:

  • Corrective actions – used to “fix” safety concerns;
  • Preventative actions – used to prevent the occurrence of safety concerns
  • Detective actions – used to identify safety concerns before they pose a threat (hazard occurrence)

That being said, in real-world environments, CPAs are more often a combination of these parent types, such as:

  • Corrective/Detective;
  • Preventative/Detective;
  • Corrective/Detective/Preventative;
  • And so on.

Moreover, corrective preventative actions can be classified as:

  • Long term: passive, long-term fixes to the SMS (such as a new bird flock detection device, job checklist, etc.)
  • Short term: temporary changes to fix the SMS (SMS training, policy review, official warning, etc.)
  • Initial mitigating actions: Important actions taken immediately in response to urgent safety issues, in order to mitigate the risk/threat (damage control, emergency response, etc.).

Most people have heard of short/long-term CPA types, but initial mitigating actions (may go by other names) are an emerging classification of CPAs in SMS implementations. Another term that is used to classify CPAs by duration or where the CPAs fit into the SMS risk management process is "Immediate," which the operators define the same as "Initial Mitigating Action."

Related Aviation SMS Risk Mitigation Articles

What Are Initial Mitigation Actions

Initial mitigating CPAs are a special classification for CPAs to denote corrective/preventative actions taken in immediate response to high-risk safety concerns. The purpose of this CPA classification is to:

  • Identify the “critically” important, high-priority CPAs;
  • Document CPAs for auditors that should be considered with a higher priority than other CPAs (i.e., key performance indicators vs other performance indicators); and
  • Communicate to the person assigned the CPA that this CPA is a top priority.

Initial mitigating actions should be completed as soon as possible to mitigate risk from identified safety issues (such as same day, one day, or two days). In SMS Pro, initial mitigating actions' deadlines are automatically set based on the reported safety concern's initial risk assessment. Consequently, safety issues that have been risk assessed as "Intolerable" or "Red" will have a shorter performance period for initial mitigating actions than for safety issues with less severe risk assessments.

In practice, CPAs that are classified as "Initial Mitigating Actions" can affect the operating environment either:

  • in the short term; or
  • the implemented CPA may be long-term mitigation.

However, this classification is irrelevant as to the duration of the mitigation – so long as the initial mitigating action(s) bring the safety concern to a manageable level of safety as soon as possible. After that, management can use “regular” CPAs to further reduce the issue into an ALoS range.

When to Use Initial Mitigating Actions for CPA Type

Initial mitigating actions should be used in response (reactive risk management) to an initial high-risk issue classification. In SMS Pro, Initial Mitigating Actions must first be configured by the SMSAdmin in the Issue Manager's Settings; otherwise, managers are able to see this option.

If you are the SMSAdmin, go to the Issue Manager, and select the "Settings" option. A popup window will appear. Go to the "Manage" tab and the first option is: Use Initial Mitigating Actions for CPA

Immediately below this configuration setting, SMSAdmins will see a warning: It sets an unchangeable deadline on the CPA based on the initial risk assessment

If your SMS Pro portal has this feature activated, the CPA management workflow will be slightly altered. There are also some important considerations that your managers must remain aware of.

When the responsible manager creates a new CPA, there will be a new option during CPA creation to select the "CPA Term" of the CPA. The new option is logically called " Initial Mitigating Action."

Whenever department heads create CPAs using this "CPA Term," users will clearly be able to see that this CPA is a high priority.

With initial mitigating actions, it’s a standard practice to set a hard due date for all CPAs of this type, such as:

  • Due same day as assignment;
  • Due within one day of assignment; or
  • Due within two days of assignment.

In SMS Pro, this hard-due date is equal to the initial closure date for the issue. Again, the point is to "complete this type of CPAs as soon as possible." Deadlines of "Initial Mitigating Actions" are not configurable by design. The purpose of this setting is to force safety teams to abide by their policies.

Once you begin classifying CPAs as this type, you can easily track performance for these critical CPAs. For example, in SMS Pro, when users choose to use initial mitigating actions, they can see On-Time Completion performance for initial mitigating actions.

This gives safety managers a strong basis for assessing critical-issue response performance.

Related Aviation SMS Risk Mitigation Articles

Important Notes About Initial Mitigating Actions

For managers who are skimming this article and didn't read the fine print, I'll leave some caveats here.

Any CPA that has been classified as an "Initial Mitigating Action" is unable to have the deadline altered. If your organization has difficulty completing corrective actions and preventive actions on time, then you may want to reconsider this optional setting.

The CPA performance monitoring thermometer at the top of the SMS Pro portal will only evaluate CPAs that are classified as Initial Mitigating Actions. If you want to use the CPA Thermometer to monitor the on-time completion performance of all CPAs, then you will not want to use this feature.

Final Thought: Implementing Initial Mitigating Actions in Your SMS

Implementing this classification type is very easy. You simply need to:

  • Document in your SMS' risk management processes when and how they will be used;
  • Communicate this new type of CPA to employees, including why it’s being implemented and how employees will know if they have been assigned this CPA type; and
  • Ensure a consistent way of clearly marking this CPA assignment type.

Adding this type of CPA to your organization provides an excellent way for you to separate the types of CPAs that are the “most important.”

To see more cool features in SMS Pro, we highly suggest you see some demo videos. This is what a best-in-class SMS program looks like:

Last updated May 2024.