Skip to main content

Conduct Your First Risk Assessment

Risk assessment is the core of Safety Risk Management (SRM), the second pillar of SMS. It is the process of identifying hazards, evaluating the risk they pose, and determining whether controls are needed. In this tutorial, you will walk through creating a formal risk assessment in PlaneConnection using the ICAO standard 5x5 risk matrix. By the end of this tutorial, you will have a documented risk assessment with a hazard, a risk rating, and controls — all stored in your SMS records.
Who should do this tutorial? Safety Managers who perform risk assessments as part of the SRM process. Pilots and crew may also participate in risk assessment during safety meetings or as part of pre-flight risk evaluation. You will need Safety Manager or Admin permissions to create risk assessments.

Before you start

Make sure you have:
  • An active PlaneConnection account with Safety Manager or Admin role
  • Familiarity with the SMS module navigation (see the Quickstart)
When is a risk assessment required? Per 14 CFR 5.51, you must apply Safety Risk Management when designing new systems, making changes to existing systems, after identifying hazards through safety assurance, when existing risk controls are found to be ineffective, or when external changes affect your operations.

Understanding the 5x5 risk matrix

PlaneConnection uses the ICAO standard 5x5 risk matrix. Risk is calculated as the combination of two factors: Severity — How bad could the outcome be?
LevelLabelDescription
1NegligibleNo injury, no damage
2MinorSlight injury or slight damage
3MajorSignificant injury, minor aircraft damage
4HazardousSerious injury, major aircraft damage
5CatastrophicMultiple fatalities, aircraft destroyed
Likelihood — How likely is the outcome to occur?
LevelLabelDescription
AImprobableAlmost inconceivable
BRemoteVery unlikely but possible
COccasionalUnlikely but may occur
DProbableWill occur sometimes
EFrequentLikely to occur often
The combination of severity and likelihood produces one of three risk zones:
ZoneColorRequired action
AcceptableGreenAccept the risk. Document the decision.
Tolerable (ALARP)YellowReduce risk As Low As Reasonably Practicable. Implement controls.
UnacceptableRedDo not proceed without risk controls. Immediate action required.

Creating the risk assessment

2
  • In the Safety module sidebar, click Risks.
  • On the Risks page, click the New Risk Assessment button.
    • 3
    You are now on the risk assessment form.
    4
    Identify the source
    5
    Every risk assessment should be traceable to a trigger — the event or condition that prompted the assessment. The form asks you to identify the source:
    6
    Source type: Select what triggered this risk assessment:
    7
    SourceWhen to useSafety ReportThe risk was identified from a submitted safety reportInvestigationThe risk was identified during an investigationAudit FindingThe risk was identified during an internal or external auditManagement of ChangeA change to operations, equipment, or procedures requires risk evaluationProactive AnalysisThe risk was identified through proactive safety analysis
    8
    Source reference: If the source is a report or investigation, select it from the dropdown. This links the risk assessment to the originating record.
    9
    Describe the hazard
    10
    A hazard is a condition that could foreseeably cause or contribute to an aircraft accident (per 14 CFR 5.5).
    11
    Hazard description: Write a clear, specific description of the hazard. Include:
    12
  • What the hazard is
  • Where it exists (physical location, phase of flight, system, or process)
  • How it could lead to an undesirable outcome
    • 13
    Example: “Accumulation of ice on wing leading edges during flight in forecast light-to-moderate icing conditions without functioning de-icing boots.”
    14
    Hazard category: Classify the hazard. Common categories include:
    15
  • Flight Operations
  • Ground Operations
  • Maintenance
  • Aircraft Systems
  • Human Factors
  • Weather / Environment
  • ATC / Airspace
    • 16
    A well-defined hazard is specific enough that someone unfamiliar with the situation can understand the risk. Avoid vague descriptions like “weather risk.” Instead, describe the specific weather-related condition and how it affects safety.
    17
    Assess severity
    18
    Select the severity level that represents the worst credible outcome if this hazard materializes:
    19
    LevelLabelAsk yourself1NegligibleWould anyone be hurt? Would anything be damaged?2MinorWould injuries be minor? Would damage be superficial?3MajorCould someone be significantly injured? Could the aircraft sustain minor damage?4HazardousCould someone be seriously injured? Could the aircraft sustain major damage?5CatastrophicCould someone die? Could the aircraft be destroyed?
    20
    Click the severity level that applies.
    21
    Assess the worst credible outcome, not the worst conceivable or most likely outcome. The worst credible outcome is the most severe consequence that could reasonably occur, given the nature of the hazard and your operating environment.
    22
    Assess likelihood
    23
    Select the likelihood level that represents how likely the worst credible outcome is to occur:
    24
    LevelLabelAsk yourselfAImprobableHas this essentially never happened in this type of operation?BRemoteHas this happened, but very rarely?COccasionalDoes this happen from time to time?DProbableDoes this happen regularly?EFrequentDoes this happen often?
    25
    Click the likelihood level that applies.
    26
    After selecting both severity and likelihood, the form displays the resulting risk rating on the 5x5 matrix. The cell is highlighted to show you the risk zone (green, yellow, or red).
    27
    Document existing controls
    28
    Before adding new controls, document what controls already exist for this hazard. Existing controls are the safeguards, procedures, or equipment currently in place.
    29
  • In the Existing Controls section, list the controls already mitigating this risk. For example:
    • “Pilots check weather forecasts for icing conditions during pre-flight planning”
    • “Aircraft equipped with de-icing boots (when functional)”
    • “Company SOP requires diversion when icing exceeds aircraft certification”
  • Evaluate whether existing controls are sufficient. If the risk rating is in the green zone, existing controls may be adequate. If the risk is yellow or red, you need additional controls.
    • 30
    Add new risk controls (if needed)
    31
    If the risk is in the yellow (Tolerable) or red (Unacceptable) zone, you must develop additional controls to reduce the risk.
    32
  • Click Add Control.
  • For each new control, provide:
    • Control description: What is the control? Be specific. Example: “Implement mandatory pre-flight icing risk briefing using company icing decision matrix.”
    • Control type: Classify the control:
      • Engineering — physical or system changes (e.g., equipment upgrades)
      • Administrative — procedures, training, or policies (e.g., new SOP)
      • Personal Protective — protective equipment or individual measures
  • Add as many controls as needed to reduce the risk to an acceptable level.
    • 33
    The goal is to reduce risk to ALARP (As Low As Reasonably Practicable). This means implementing every control that is reasonable given your resources, operational constraints, and the severity of the risk. You must be able to justify why any remaining risk is acceptable.
    34
    Assess the residual risk
    35
    After adding controls, reassess the risk with the controls in place:
    36
  • Consider how the new controls change the severity and/or likelihood
  • Note the new risk level — this is the residual risk after controls are applied
  • The residual risk should be in the green (Acceptable) zone, or in the yellow (Tolerable) zone with documented justification for why further reduction is not practicable
    • 37
    Submit the risk assessment
    38
    Review all sections of the form:
    39
  • Source and trigger
  • Hazard description and category
  • Severity and likelihood ratings
  • Existing controls
  • New controls (if applicable)
  • Residual risk level
    • 40
    When everything is complete, click Save to create the risk assessment.
    41
    The risk assessment is now stored in your SMS records and visible on the Risks list and the Risk Matrix view.

    Viewing your risk assessments

    After creating a risk assessment, you can find it in two places: Risks list: Navigate to Risks in the sidebar to see all risk assessments in a table view. You can filter by category, risk level, and status. Risk Matrix view: Navigate to Risks > Risk Matrix to see all assessed risks plotted on the 5x5 matrix. This view gives you an at-a-glance picture of your organization’s risk landscape — where risks are concentrated and whether they are trending toward acceptable levels.

    Risk assessment records

    Per 14 CFR 5.97, risk assessment outputs must be maintained as long as the risk control remains relevant. PlaneConnection stores all risk assessments with full history, including:
    • The original hazard description
    • All severity and likelihood ratings (initial and residual)
    • All controls documented
    • The date of assessment and the person who performed it
    • Any linked reports, investigations, or CPAs
    These records are available for FAA surveillance and audit purposes.

    Next steps

    The Risk Matrix

    See the full reference for the 5x5 risk matrix, including all risk zone definitions.

    Understanding Risk Management

    Learn the theory behind Safety Risk Management and how it fits into your SMS.