Aviation Safety Software Blog by SMS Pro

Best Practices for Designing Your SMS for Aviation Service Providers

Written by Tyler Britton | May 30, 2018 8:58:00 AM

What Is SMS Design

In aviation safety, SMS design is the framework upon which operations run safely.

SMS design is encapsulated in the Safety Risk Management pillar of the 4 Pillars of SMS. Implementing the design of your SMS will be the first major accomplishment of your safety program.

Following the SRM process, your design has five stages for design:

  • Describing the context of your operations and resources, such as:
    • Safety policy
    • Safety procedures
    • Checklists
    • Promotional strategies
    • Other elements of your chosen model (i.e., SHELL or 5M)
  • Documenting all identified hazards;
  • Analyzing and documenting mitigation strategies, which should include, for example, each hazard:
    • Associated potential risk occurrences
    • Root causes
    • Initiating factors
  • Ranking each hazard and each possible risk occurrence via a risk assessment
  • Documenting all risk controls

The design of your SMS, which includes a large amount of documentation, will encompass all of the working materials and resources that you will use to identify and mitigate concerns.

Related SMS Design Articles

Use Implementation Plan Checklists

Implementation plan checklists are an extremely effective tool for task-managing your SMS design. This is how your organization can:

  • Be educated about mandatory SMS requirements;
  • Tier your SMS design into logical stages;
  • Offer a roadmap for SMS design;
  • Ensure that each important area of SMS design is addressed;
  • Track progress on SMS design implementation;
  • Set targeted finish dates for each design task; and
  • Review the design progress as a team.

Implementation plan checklists are a way to organize the design of your SMS and ensure that logical steps are taken to implement its design. They will keep you from “getting lost” while designing and implementing your SMS.

Divide Your Safety Program Into Multiple Systems

Your SMS will, at the very least, be comprised of at least one system. Larger organizations will be made of multiple systems. When designing your SMS, you need to understand and describe your system.

Describing your system is synonymous with designing your system. In other words:

  • If you can describe your system, you have designed it; and
  • If you have designed your system, you can describe it.

This is why “describing your system” is such an important part of designing it. You should break your organization into logical systems that are separate from each other. In this way, you will design your SMS into logical parts.

For example, your organization may have different systems for:

  • Your organization’s different locations, such as:
    • United States locations
    • Canadian locations
    • U.K. locations
  • Your organization’s different divisions, such as:
    • Flight Ops
    • Ground Ops
    • Maintenance

Divide your company into whatever number of systems makes the most sense for implementing your design.

Pick a Model to Analyze Your Safety System(s)

Models offer a consistent way to analyze your system the same way each time. The most common models are:

When you use your model to describe your system(s), you will analyze your resources and the context of your operations from several viewpoints. In the case of the SHELL model, these viewpoints are the context and resources pertaining to:

  • Software;
  • Hardware;
  • Environment; and
  • Liveware.

In the case of the 5M model, the context and resources are described via:

  • Man;
  • Medium;
  • Machine;
  • Management; and
  • Mission.

These bullet points encompass the entirety of your operations and ensure that your design takes into account the entire context of your SMS.

Related Analyzed Your Safety System Articles

Update SMS Design Regularly

Many of you will be familiar with the graphic to the right. It describes the interaction of your Safety Risk Management process (design) and your Safety Assurance process (performance). As you monitor performance, you will need to update your design.

When your performance monitoring process detects areas of poor performance, non Acceptable Level of Safety, or something new (like a new hazard), you will need to update your design. Updating your design will also ensure that your SMS documentation matches safety performance.

Use a Hazard Risk Register

A hazard-risk register shows you all hazards, all risks, and all control measures.

In highly developed systems, your hazard-risk register will also show you the number of associated issues relating to these hazards, risks, and/or control measures.

A hazard risk register is the culmination of your SMS design, showing the most important parts of your SMS design that relate directly to mitigation and safety.

Define Probability, Severity, and Acceptable Level of Safety

You need to define each level of probability and acceptability for your risk assessments.

Severity levels are given as letters, usually from A to E. Each letter should have various criteria that define that level of severity. Probability levels are given as numbers, usually from 1 to 5. Each number should have various criteria for each level of probability.

When assessing hazards, risks, and reported issues, you will assess them by using your definitions of probability and severity to create a composite number/letter that ranks them.

Acceptable Level of Safety (ALoS) in Aviation SMS is how you define the maximum level of risk probability/severity assessment that you are willing to accept as acceptable.

For example, you may define every risk as green/yellow as acceptable, but orange/red as unacceptable.

How well-designed is your SMS? Take this free SMS quality quiz to compare your SMS against a best-in-class SMS.

Last updated in April 2024.