For new aviation safety managers, creating safety management system (SMS) documentation is a critical yet challenging task, particularly when it comes to record-keeping procedures. In aviation safety risk management, well-documented record-keeping ensures traceability, supports regulatory compliance, and facilitates audits by the Federal Aviation Administration (FAA).
Without clear procedures for who maintains records and how they are accessed, organizations risk non-compliance, disorganized audits, and compromised safety.
This evergreen guide provides a step-by-step approach to documenting record-keeping procedures, helping aviation safety managers build a robust, regulatory-compliant SMS.
The FAA mandates that aviation organizations—airlines, airports, and maintenance facilities—implement an SMS under 14 CFR Part 5. Record-keeping is a core component, as outlined in Advisory Circular 120-92B, ensuring that risk assessments, mitigations, and safety performance data are documented and accessible for audits.
Effective record-keeping demonstrates compliance with FAA’s Order 8040.4C, supports continuous improvement, and provides evidence of a proactive safety culture.
This guide outlines best practices for documenting record-keeping procedures, specifying who maintains records, and ensuring accessibility during regulatory SMS audits. Designed for new safety managers, it simplifies the process while ensuring regulatory compliance.
Before documenting procedures, familiarize yourself with FAA SMS record-keeping requirements. Key points include:
Scope of Records: Maintain records of hazard identifications, risk assessments, mitigations, safety performance indicators (SPIs), training, and audits.
Retention Period: Retain records for at least 5 years, per FAA guidelines.
Accessibility: Ensure records are readily available for FAA auditors and authorized personnel.
Traceability: Records must link to specific SMS processes, such as risk management or safety assurance.
Review the FAA’s SMS Voluntary Program for additional guidance. Understanding these requirements ensures your record-keeping procedures align with regulatory expectations.
Document the categories of records your SMS will include. Common record types in aviation SMS include:
Hazard and Risk Records: Hazard reports, risk matrix assessments, and mitigation plans.
Safety Performance Records: SPIs, incident data, and audit findings.
Training Records: Employee training schedules, materials, and attendance logs.
Audit and Review Records: Internal and external audit reports, corrective action plans.
Safety Communication Records: Safety meeting minutes, employee feedback.
For each category, specify:
Purpose: Why the record is maintained (e.g., to track risk mitigation effectiveness).
Format: Digital (e.g., SMS Pro software) or physical (e.g., paper logs).
Retention Period: Minimum 5 years, or longer if required by organizational policy.
Document these categories in your SMS manual to provide a clear framework.
Clearly define who is responsible for maintaining each type of record. This ensures accountability and prevents gaps in documentation.
Assign roles based on expertise and authority. Examples include:
Safety Manager: Oversees all SMS records, ensures compliance, and coordinates audits.
Safety Officer: Maintains hazard and risk assessment records.
Training Coordinator: Manages training records and ensures completion.
Operations Supervisor: Tracks SPIs and incident data.
IT Administrator: Manages digital record systems and backups.
In your SMS manual, include a table or list specifying:
Role: E.g., Safety Officer.
Record Type: E.g., Risk assessments.
Tasks: E.g., Collect, review, and store risk assessment forms; ensure accuracy and completeness.
Frequency: E.g., Weekly updates, monthly reviews.
For example: “The Safety Officer maintains hazard reports in the SMS database, ensuring all entries are complete within 48 hours of submission.”
Create clear, repeatable procedures for maintaining records. These procedures should cover creation, storage, updating, and retention.
Specify how records are generated. For example:
Hazard Reports: Employees submit reports via an SMS Pro portal, which the Safety Officer reviews and logs.
Risk Assessments: Use a standardized template (e.g., hazard description, risk level, mitigation actions) to document assessments.
Define storage methods:
Digital Storage: Use SMS software (e.g., SMS Pro or ABC) or a secure database with access controls.
Physical Storage: Store paper records in locked, fireproof cabinets, if applicable.
Backup Systems: Implement regular backups (e.g., daily cloud backups) to prevent data loss.
Outline how records are updated to reflect changes, such as new mitigations or audit findings. Use version control to track revisions, documenting:
Date of Update: When the record was modified.
Reason for Update: E.g., “Updated mitigation plan after incident review.”
Responsible Party: Who made the change.
Document retention periods (minimum 5 years) and disposal procedures. For example:
Digital Records: Archive after 5 years; delete securely after 7 years if no longer needed.
Physical Records: Shred or incinerate sensitive documents after retention period.
Include these procedures in your SMS manual with step-by-step instructions.
Related Article on Aviation SMS Manuals
FAA audits require records to be readily accessible. Document how records are accessed, by whom, and under what conditions.
Specify who can access records:
Authorized Personnel: Safety managers, safety officers, and department heads.
FAA Auditors: Provide read-only access during inspections.
External Auditors: Grant temporary access with approval from the accountable executive.
Use role-based access controls in digital systems to restrict unauthorized access.
Outline how records are retrieved:
Digital Access: Authorized users log into the SMS platform with secure credentials. Auditors receive temporary login details or supervised access.
Physical Access: Records are retrieved from locked storage by the safety manager or designated staff.
Remote Access: Ensure cloud-based systems allow secure access for off-site audits.
For example: “During FAA audits, the Safety Manager provides auditors with a read-only login to the SMS database, ensuring all records are accessible within 30 minutes.”
Periodically test access procedures to ensure records can be retrieved quickly. Document test results and any corrective actions.
Develop a standardized template to document record-keeping procedures. A sample template might include:
Record Type: E.g., Risk assessments.
Description: Purpose and content of the record.
Responsible Party: Role responsible for maintenance.
Storage Location: Digital (SMS platform) or physical (file cabinet).
Retention Period: E.g., 5 years.
Access Procedure: How the record is retrieved for audits.
Update Frequency: E.g., Monthly reviews.
Backup Procedure: E.g., Daily cloud backups.
Include this template in your SMS manual, with examples for each record type. For instance:
Record Type: Training records.
Description: Logs of employee training sessions, including dates and topics.
Responsible Party: Training coordinator.
Storage Location: SMS Pro platform.
Retention Period: 5 years.
Access Procedure: Retrieved via SMS Pro with authorized login.
Update Frequency: Updated after each training session.
Backup Procedure: Daily cloud backup.
Document how record-keeping integrates with other SMS components, such as:
Safety Reporting: Hazard reports are logged as records and linked to risk assessments.
Safety Assurance: SPIs and audit findings are recorded to monitor performance.
Safety Promotion: Training records support safety culture initiatives.
For example, document how a hazard report triggers a risk assessment record, which is then stored and monitored via SPIs. This shows the FAA that your SMS is cohesive and proactive.
Effective record-keeping requires staff competency. Develop a training program that covers:
Record Creation: How to complete templates and submit records.
Storage and Access: Using digital platforms or physical storage systems.
Audit Preparation: Retrieving records for FAA inspections.
Include practical exercises, such as completing a risk assessment record or retrieving a training log. Document the training program, including schedules, materials, and attendance records, to demonstrate FAA compliance.
Regularly review record-keeping procedures to ensure effectiveness and compliance. Document a review process that includes:
Scheduled Reviews: Conduct annual reviews of procedures and records.
Trigger-Based Reviews: Review after audits, incidents, or system upgrades.
Corrective Actions: Address gaps, such as missing records or access issues.
Document review findings and updates in the SMS manual, ensuring continuous improvement.
FAA audits evaluate SMS record-keeping for compliance and effectiveness. To prepare:
Organize Records: Ensure all records are complete, accurate, and stored correctly.
Verify Accessibility: Test access procedures to confirm records can be retrieved quickly.
Demonstrate Compliance: Provide evidence of retention periods, responsible parties, and integration with SMS processes.
Document an audit preparation checklist in your SMS manual, including steps to verify record readiness. For example: “One week before an audit, the Safety Manager reviews all risk assessment records for completeness and tests SMS platform access.”
New safety managers may face challenges in record-keeping. Avoid these mistakes:
Incomplete Records: Ensure all required details (e.g., responsible party, retention period) are documented.
Inconsistent Procedures: Use standardized templates and processes across the organization.
Limited Accessibility: Test access procedures to prevent delays during audits.
Neglecting Training: Train all relevant staff to maintain and retrieve records.
Documenting record-keeping procedures is a critical task for aviation safety managers. By
For new safety managers, the key is to follow a structured approach, leverage technology like SMS Pro software, and prioritize training and monitoring.
This process may seem complex, but with these steps, it becomes manageable. Effective record-keeping not only ensures regulatory compliance but also strengthens your organization’s safety culture. Start implementing these practices today to create a robust, audit-ready SMS.
FAA SMS Guidance
Advisory Circular 120-92B
Order 8040.4C