The SMS Framework
Every Safety Management System is built on four interconnected pillars defined by ICAO and adopted by the FAA in 14 CFR Part 5. These pillars are not independent silos — they form a continuous cycle where policy sets the direction, risk management addresses hazards, assurance verifies that controls are working, and promotion ensures everyone in the organization understands and participates in safety. Understanding how these pillars relate to each other is essential. An SMS with strong risk management but weak assurance will implement controls that slowly degrade without anyone noticing. An SMS with excellent promotion but undefined policy will have enthusiastic employees with no clear safety objectives to work toward.Pillar 1: Safety Policy
Safety Policy establishes the organization’s commitment to safety and defines who is responsible for what. It is the foundation on which the other three pillars rest. At its core, Safety Policy requires three things: an accountable executive with final authority over both operations and safety, a written policy statement that defines safety objectives and a code of ethics, and a non-punitive reporting policy that encourages employees to report hazards without fear of retaliation. The accountable executive cannot delegate ultimate SMS responsibility. This person must control the financial and human resources needed for safety — ensuring that safety is not treated as an unfunded mandate. PlaneConnection captures this organizational structure in the Settings area, where you define your safety policy, designate key personnel, and configure your reporting policies.The non-punitive reporting policy required by 14 CFR 5.21 is sometimes called a “just culture” policy. It distinguishes between honest mistakes (which should be reported freely) and reckless behavior (which may warrant disciplinary action). See the Just Culture page for a deeper discussion.
Pillar 2: Safety Risk Management (SRM)
Safety Risk Management is the systematic process of identifying hazards, analyzing their associated risks, and developing controls to reduce risk to acceptable levels. The SRM process follows a defined sequence: analyze the system under review, identify hazards within that system, assess the risk of each hazard by evaluating severity and likelihood, and then develop controls for any risks that exceed your organization’s acceptable threshold. The result is documented in a risk register that tracks each hazard, its assessed risk level, the controls in place, and any residual risk. SRM is not a one-time exercise. It must be applied whenever you introduce new operations, change existing procedures, discover hazards through reporting or monitoring, or find that existing controls are ineffective. In PlaneConnection, the Risks section provides the risk register and assessment tools, while Reports and Investigations feed hazard identification into the SRM process. The Management of Change module ensures that operational changes trigger formal risk assessments before implementation.Pillar 3: Safety Assurance (SA)
Safety Assurance answers a critical question: are the controls you put in place actually working? This pillar encompasses continuous monitoring of safety performance, internal audits, investigation of incidents and events, and a process for continuous improvement. Safety Assurance closes the loop on Safety Risk Management — once you implement a control, assurance processes verify its effectiveness over time. PlaneConnection supports Safety Assurance through several interconnected features. The Compliance module tracks your organization’s adherence to Part 5 requirements and flags gaps. The Safety Performance Indicators (SPIs) dashboard monitors key metrics over time, surfacing trends before they become problems. Corrective and Preventive Actions (CPAs) track remediation with verification steps to confirm that fixes actually work. The Safety Committee module documents meetings, action items, and decisions for the audit trail.Safety Assurance is where many organizations struggle. It is not enough to set up an SMS and declare it complete — you must actively monitor, audit, and improve your system on an ongoing basis. The FAA will evaluate whether your SA processes are functioning during surveillance activities.
Pillar 4: Safety Promotion
Safety Promotion is about building and maintaining a positive safety culture through training and communication. Even a technically sound SMS will fail if the people in the organization do not understand it, trust it, or participate in it. This pillar has two components. First, competency and training: every person in the organization must understand their role within the SMS, know how to report hazards, and be trained on relevant safety procedures. Second, safety communication: lessons learned from investigations must be shared, safety performance data must be disseminated, and the organization must actively encourage dialogue about safety. In PlaneConnection, the Training module tracks completion of SMS training across the organization. The Activity feed provides a timeline of safety events visible to relevant personnel. The Documents section serves as the repository for safety policies, procedures, and bulletins. The Safety AI Assistant can help draft communications, summarize investigation findings, and answer questions about your SMS data.How PlaneConnection Maps to the Pillars
| Pillar | PlaneConnection Modules |
|---|---|
| Safety Policy | Settings (policy, personnel, organization), Safety Committee |
| Safety Risk Management | Reports, Investigations, Risks, Management of Change |
| Safety Assurance | Compliance, CPAs, Performance Indicators, SmartScore, Audits |
| Safety Promotion | Training, Documents, Activity Feed, Emergency Response, Safety AI |