Skip to main content

Run Your First Investigation

When a safety report identifies a significant hazard or incident, the next step is a formal investigation. Investigations dig deeper into what happened, why it happened, and what should change to prevent it from happening again. In this tutorial, you will walk through the full investigation process in PlaneConnection. By the end of this tutorial, you will have an investigation with documented findings, root cause analysis, and recommended Corrective and Preventive Actions (CPAs).
Who should do this tutorial? Safety Managers and investigators who are responsible for analyzing safety reports. You will need Safety Manager or Admin permissions to create and manage investigations.

Before you start

Make sure you have:
  • An active PlaneConnection account with Safety Manager or Admin role
  • At least one submitted safety report in your workspace (see Submit Your First Safety Report if you need to create one)
  • Familiarity with the SMS module navigation (see the Quickstart)

Understanding the investigation workflow

Investigations in PlaneConnection follow a structured workflow: 
Report Submitted --> Investigation Opened --> Findings Documented -->
Root Cause Analysis --> Recommendations Made --> Review & Approval --> Closed
Each investigation is linked to the originating safety report and produces findings that lead to actionable recommendations.
1
Open an investigation from a report
2
  • In the Safety module sidebar, click Reports.
  • Find the report you want to investigate. Click on it to open the report detail page.
  • On the report detail page, look for the Open Investigation button. Click it.
    • 3
    PlaneConnection creates a new investigation linked to this report. You are taken to the investigation detail page, which is your workspace for the entire investigation process.
    4
    The investigation receives an auto-generated investigation number (e.g., INV-2026-00015) and starts with a status of Open.
    5
    Not every report requires an investigation. Use your safety risk assessment to decide which reports warrant formal investigation. Reports with higher risk ratings, recurring patterns, or regulatory implications are typical candidates.
    6
    Assign an investigator
    7
    Every investigation needs a lead investigator. This is the person responsible for conducting the investigation, documenting findings, and making recommendations.
    8
  • On the investigation detail page, find the Investigator field.
  • Click the field and select an investigator from the list of workspace members. The list shows users with Safety Manager or Admin roles.
  • Save the assignment.
    • 9
    The assigned investigator receives a notification that they have been assigned to the investigation.
    10
    The investigator should not be someone directly involved in the reported event. Independence is important for objective investigation. Per 14 CFR 5.73, investigations should assess safety performance without bias.
    11
    Document the investigation summary
    12
    The investigation detail page includes a Summary section where you document the scope and methodology of the investigation.
    13
  • In the Summary section, describe:
    • What is being investigated: A clear statement of the event or hazard under investigation
    • Scope: What aspects of the operation, system, or process are being examined
    • Methodology: The investigation approach (e.g., interviews, document review, data analysis, site inspection)
  • Save your summary.
    • 14
    This summary provides context for anyone reviewing the investigation later and is part of your SMS record per 14 CFR 5.97.
    15
    Add findings
    16
    Findings are the specific facts, observations, and conclusions you discover during the investigation. Each finding is documented separately with a category classification.
    17
  • Scroll to the Findings section of the investigation page.
  • Click Add Finding.
  • For each finding, provide:
    • Description: A factual statement of what you found. Be specific and objective. Example: “The pre-departure checklist did not include a step for verifying ground power disconnection.”
    • Category: Classify the finding. Common categories include:
      • Procedural — gaps or deficiencies in procedures or SOPs
      • Training — knowledge or skill gaps
      • Equipment — hardware or system deficiencies
      • Environmental — physical environment factors
      • Human Factors — human performance issues (using the SHELL model)
      • Organizational — management or cultural factors
  • Repeat for each finding. A thorough investigation typically produces multiple findings.
    • 18
    Write findings as objective statements of fact, not opinions or recommendations. Recommendations come in the next step. A good finding is: “The crew did not receive recurrent training on the icing SOP in the past 14 months.” A poor finding is: “The crew should have known the icing SOP.”
    19
    Perform root cause analysis
    20
    Root cause analysis (RCA) goes beyond the immediate facts to identify the underlying systemic causes. PlaneConnection supports RCA documentation within the investigation.
    21
  • Navigate to the Root Cause Analysis section (or tab) within the investigation.
  • Document your root cause analysis:
    • Contributing factors: List the factors that combined to create the conditions for the event. Consider human factors, organizational factors, procedural factors, and environmental factors.
    • Root cause(s): Identify the fundamental cause(s) that, if addressed, would prevent recurrence. Root causes are typically systemic — they relate to procedures, training programs, oversight processes, or organizational culture.
    • Analysis method: Note the RCA method you used (e.g., 5 Whys, Bow-Tie Analysis, HFACS, Reason’s Swiss Cheese Model).
  • Save your analysis.
    • 22
    The purpose of root cause analysis is prevention, not blame. Per ICAO Annex 13 principles, investigation is about understanding what happened and why, so you can prevent it from happening again. Focus on systemic issues, not individual performance.
    23
    Recommend Corrective and Preventive Actions
    24
    Based on your findings and root cause analysis, recommend CPAs — specific actions that will address the root causes and prevent recurrence.
    25
  • Scroll to the Recommendations section of the investigation.
  • Click Add Recommendation.
  • For each recommendation, provide:
    • Title: A concise description of the recommended action. Example: “Update pre-departure checklist to include ground power verification step.”
    • Description: Detail what needs to happen, why it addresses the root cause, and any implementation considerations.
    • Type: Classify as Corrective (fixes the immediate issue) or Preventive (prevents similar issues in the future).
    • Priority: Set the urgency — High, Medium, or Low.
  • Add as many recommendations as the investigation supports.
    • 26
    Each recommendation can later be converted into a formal CPA that is tracked through implementation and verification.
    27
    Good recommendations are SMART: Specific, Measurable, Achievable, Relevant, and Time-bound. Instead of “Improve training,” recommend “Develop and deliver recurrent icing SOP training to all Part 135 pilots by Q2 2026.”
    28
    Submit for review
    29
    Once you have documented findings, completed root cause analysis, and made recommendations, the investigation is ready for review.
    30
  • At the top of the investigation page, change the status to In Review.
  • The investigation enters the review workflow. Depending on your organization’s configuration, this may require approval from a senior safety manager or the accountable executive.
  • Reviewers can:
    • Approve the investigation and its recommendations
    • Request revisions with comments
    • Approve and immediately create CPAs from the recommendations
    • 31
    After approval, the investigation status changes to Closed and the recommended CPAs enter the CPA tracking workflow.

    Investigation timeline

    As you work through the investigation, PlaneConnection automatically records a timeline of all activity:
    • When the investigation was opened
    • When the investigator was assigned
    • When findings were added or modified
    • When the status changed
    • When the investigation was approved or closed
    This timeline provides an audit trail for regulatory compliance (14 CFR 5.97) and helps your organization demonstrate due diligence during FAA surveillance.

    Next steps

    Conduct Your First Risk Assessment

    Perform a formal risk assessment to evaluate hazards identified during investigation.

    What is Just Culture?

    Understand the non-punitive reporting philosophy that underpins effective investigation.