In aviation safety, SMS design is the framework upon which operations run safely.
SMS design is encapsulated in the Safety Risk Management pillar of the 4 Pillars of SMS. Implementing the design of your SMS will be the first major accomplishment of your safety program.
Following the SRM process, your design has five stages for design:
The design of your SMS, which includes a large amount of documentation, will encompass all of the working materials and resources that you will use to identify and mitigate concerns.
Implementation plan checklists are an extremely effective tool for task-managing your SMS design. This is how your organization can:
Implementation plan checklists are a way to organize the design of your SMS and ensure that logical steps are taken to implement its design. They will keep you from “getting lost” while designing and implementing your SMS.
Your SMS will, at the very least, be comprised of at least one system. Larger organizations will be made of multiple systems. When designing your SMS, you need to understand and describe your system.
Describing your system is synonymous with designing your system. In other words:
This is why “describing your system” is such an important part of designing it. You should break your organization into logical systems that are separate from each other. In this way, you will design your SMS into logical parts.
For example, your organization may have different systems for:
Divide your company into whatever number of systems makes the most sense for implementing your design.
Models offer a consistent way to analyze your system the same way each time. The most common models are:
When you use your model to describe your system(s), you will analyze your resources and the context of your operations from several viewpoints. In the case of the SHELL model, these viewpoints are the context and resources pertaining to:
In the case of the 5M model, the context and resources are described via:
These bullet points encompass the entirety of your operations and ensure that your design takes into account the entire context of your SMS.
Many of you will be familiar with the graphic to the right. It describes the interaction of your Safety Risk Management process (design) and your Safety Assurance process (performance). As you monitor performance, you will need to update your design.
When your performance monitoring process detects areas of poor performance, non Acceptable Level of Safety, or something new (like a new hazard), you will need to update your design. Updating your design will also ensure that your SMS documentation matches safety performance.
A hazard-risk register shows you all hazards, all risks, and all control measures.
In highly developed systems, your hazard-risk register will also show you the number of associated issues relating to these hazards, risks, and/or control measures.
A hazard risk register is the culmination of your SMS design, showing the most important parts of your SMS design that relate directly to mitigation and safety.
You need to define each level of probability and acceptability for your risk assessments.
Severity levels are given as letters, usually from A to E. Each letter should have various criteria that define that level of severity. Probability levels are given as numbers, usually from 1 to 5. Each number should have various criteria for each level of probability.
When assessing hazards, risks, and reported issues, you will assess them by using your definitions of probability and severity to create a composite number/letter that ranks them.
Acceptable Level of Safety (ALoS) in Aviation SMS is how you define the maximum level of risk probability/severity assessment that you are willing to accept as acceptable.
For example, you may define every risk as green/yellow as acceptable, but orange/red as unacceptable.
How well-designed is your SMS? Take this free SMS quality quiz to compare your SMS against a best-in-class SMS.
Last updated in April 2024.