Skip to main content
An investigation is a structured process to determine the facts, conditions, and circumstances of a safety event, identify root causes, and recommend corrective or preventive actions (CPAs). Investigations are initiated from safety reports and are a core component of Safety Assurance under 14 CFR Part 5 Subpart D.

Investigation Statuses

StatusDatabase ValueDescription
OpenopenInvestigation has been created and assigned.
In Progressin_progressActive investigation work is underway.
Findings Completefindings_completeAll findings and root causes have been documented.
ClosedclosedInvestigation is complete. All outputs are finalized.

Status Lifecycle

Detailed Status Definitions

Open

The investigation record has been created and an investigator or investigation team has been assigned. The scope, linked reports, and initial facts are being established. Available actions: Assign investigator, link reports, define scope, begin work. Who can transition: Lead investigator, safety manager.

In Progress

Active investigation work is underway. This includes evidence collection, interviews, timeline reconstruction, and analysis. The investigation remains in this status for the duration of active work. Available actions: Record evidence, add findings, document interviews, update timeline, perform root cause analysis. Who can transition: Lead investigator, safety manager.

Findings Complete

All findings and root causes have been documented. Recommended CPAs have been drafted. The investigation is awaiting review and approval by the safety manager before closure. Available actions: Review findings, approve or return for additional work, create CPAs from recommendations. Who can transition: Safety manager, admin.

Closed

The investigation is complete. All findings are finalized, root causes are documented, and recommended CPAs have been created. The investigation record is read-only. Available actions: None. The record is immutable. Who can transition: Safety manager, admin.

Investigation Roles

RoleResponsibilities
InvestigatorCollects evidence, conducts interviews, documents facts, performs analysis. Can be assigned to one or more investigations.
Lead InvestigatorCoordinates the investigation team, manages scope and timeline, authors the investigation report, submits findings for review. Responsible for root cause analysis.
Safety ManagerAssigns investigations, reviews findings, approves closure, ensures CPAs are generated and tracked. Has oversight of all investigations within the tenant.

Investigation Outputs

Findings

A finding is a factual statement about a condition, event, or practice identified during the investigation. Each finding includes:
FieldDescription
titleBrief description of the finding.
descriptionDetailed narrative of what was found.
categoryClassification (e.g., procedural, training, equipment, environmental, organizational).
contributing_factorWhether this finding is a contributing factor to the event. Boolean.
evidenceReferences to supporting evidence (documents, photos, interview records).

Root Cause

The root cause is the fundamental reason the event occurred. PlaneConnection supports multiple root cause analysis methodologies:
MethodDescription
5 WhysIterative questioning to trace cause chains.
Fishbone (Ishikawa)Categorized cause-and-effect diagram.
SHELL ModelHuman factors analysis (Software, Hardware, Environment, Liveware).
Bow-TieThreat and barrier analysis connecting causes to consequences.
Each investigation must document at least one root cause before advancing to findings_complete. Investigations produce recommended Corrective and Preventive Actions. Each recommendation includes:
FieldDescription
titleShort description of the recommended action.
descriptionDetailed description of what should be done.
typecorrective (addresses existing deficiency) or preventive (prevents future occurrence).
prioritylow, medium, high, or critical.
When approved, recommendations are converted into CPA records that enter the CPA lifecycle.

Linked Records

An investigation can be linked to:
  • One or more safety reports — the originating events.
  • One or more CPAs — the resulting actions.
  • Risk assessments — associated hazard evaluations.

Regulatory Alignment

Part 5 SectionRequirementInvestigation Component
5.71(a)(4)Employee safety reportingLinked safety reports
5.73Safety performance assessmentFindings and root cause analysis
5.75Continuous improvementRecommended CPAs
5.97SMS recordsInvestigation records retained per policy

Record Retention

Investigation records, including all findings, evidence references, root cause analyses, and CPA recommendations, must be retained for a minimum of 5 years per 14 CFR 5.97.