Skip to main content

Setting Up Your SMS

Before your team can start submitting reports and managing risks, you need to configure the Safety Management System. In this tutorial, you will walk through the initial setup: establishing your safety policy, configuring the risk matrix, setting up compliance tracking elements, and assigning user roles. By the end of this tutorial, your SMS module will be ready for your organization to use.
Who should do this tutorial? Safety Managers and Admins who are responsible for implementing SMS in their organization. You will need Admin or Safety Manager permissions to access the settings described here.

Before you start

Make sure you have:
  • An active PlaneConnection account with Admin or Safety Manager role
  • Logged in to your workspace in the Safety module (see the Quickstart if you need help)
Planning ahead: SMS implementation is a process, not a one-time setup. This tutorial covers the technical configuration in PlaneConnection. Your organization also needs to develop the policies, procedures, and training programs that the SMS supports. See What is SMS? and The Four Pillars of SMS for background on what a complete SMS requires.

The four pillars in PlaneConnection

PlaneConnection is organized around the four pillars of SMS as defined by FAA 14 CFR Part 5:
PillarPlaneConnection features
Safety PolicySafety policy settings, just culture policy, code of ethics, accountable executive designation
Safety Risk ManagementSafety reports, risk assessments, hazard identification, risk matrix
Safety AssuranceInvestigations, CPAs, compliance tracking, audits, safety performance indicators
Safety PromotionTraining records, safety committee, activity feed, document management
The setup steps below touch each pillar to give you a working foundation.
1
Establish your safety policy
2
Your safety policy is the cornerstone of your SMS. It states your organization’s commitment to safety and sets the tone for your safety culture.
3
  • In the sidebar, navigate to Settings > Policy.
  • On the Safety Policy page, you will see fields for:
    • Safety Policy Statement: Write your organization’s safety policy statement. This should express management’s commitment to safety, the organization’s safety objectives, and the expectation that all employees participate in safety management. The statement must be signed by your accountable executive (per 14 CFR 5.21).
    • Accountable Executive: Enter the name and title of the person who has final authority over operations and ultimate SMS responsibility. This person must control both financial and human resources for safety (per 14 CFR 5.23).
    • Safety Objectives: Define your organization’s measurable safety objectives. Examples include targets for report submission rates, investigation closure times, and CPA completion rates.
  • Click Save to store your safety policy.
    • 4
    Your safety policy statement will be visible to all users in your workspace. Write it in clear, direct language that every employee can understand — from the chief pilot to the line crew.
    5
    Configure the just culture policy
    6
    Just culture (non-punitive reporting) is required by 14 CFR 5.21(a)(4). PlaneConnection includes a dedicated just culture page that communicates your policy to all users.
    7
  • Navigate to Settings > Trust in the sidebar (or visit the Just Culture page directly).
  • Review and customize:
    • Reporting policy statement: Describe how reports are handled and what protections reporters have.
    • Acceptable behavior boundaries: Clarify the line between honest mistakes (protected) and willful misconduct (not protected).
    • Confidentiality and anonymity settings: Enable or disable anonymous reporting and confidential reporting for your organization.
  • Save your changes.
    • 8
    Configure report classification settings
    9
    PlaneConnection uses categories and types to organize safety reports. You can customize these to match your operation.
    10
  • Navigate to Settings > Classification in the sidebar.
  • Review the default report categories:
    • Flight Operations, Ground Operations, Maintenance, Weather, ATC, Human Factors, Aircraft Systems, and others
  • Add, rename, or disable categories as needed for your operation.
  • Review report types (Hazard, Incident, Near Miss, Audit Finding, Suggestion) — these are standard and typically do not need modification.
  • Save your changes.
    • 11
    Set up user roles and permissions
    12
    Your SMS needs the right people in the right roles. PlaneConnection uses role-based access control to ensure each person can do their job without accessing information they should not see.
    13
  • Navigate to Settings > Members in the sidebar.
  • Review the current users in your workspace. Each user has an assigned role.
  • To invite new users, click Invite Member and enter their email address and desired role:
    RoleAppropriate for
    AdminDirectors of Operations, accountable executives, IT administrators
    Safety ManagerSMS managers, safety officers, compliance officers
    PilotAll pilots — PIC and SIC
    CrewFlight attendants, dispatchers, ground crew, maintenance staff
    ViewerObservers, auditors, insurance contacts (read-only)
  • Each invited user receives an email with instructions to create their account.
    • 14
    Assign roles based on the principle of least privilege. Pilots and crew need to submit reports and view their own data. Safety Managers need to manage the full SMS. Only Admins need access to settings and user management.
    15
    Review compliance elements
    16
    PlaneConnection includes a compliance tracker pre-loaded with all FAA 14 CFR Part 5 requirements. Each requirement is broken into trackable compliance elements.
    17
  • In the sidebar, navigate to Compliance > Elements.
  • You will see a list of compliance elements organized by Part 5 subpart:
    • Subpart A: General requirements
    • Subpart B: Safety Policy
    • Subpart C: Safety Risk Management
    • Subpart D: Safety Assurance
    • Subpart E: Safety Promotion
    • Subpart F: Documentation and Recordkeeping
  • For each element, review the status (Not Started, In Progress, Complete) and update it to reflect your current state.
  • Upload evidence documents where available — policies, procedures, training records, or other artifacts that demonstrate compliance.
  • Use the Gaps view (Compliance > Gaps) to see a summary of where your organization has gaps that need attention.
    • 18
    Compliance deadline: May 28, 2027. All Part 135 operators must submit a Declaration of Compliance by this date. Use the compliance tracker to monitor your progress and identify gaps early.
    19
    Verify your risk matrix configuration
    20
    PlaneConnection uses the ICAO standard 5x5 risk matrix by default. This matrix combines severity (1-5) and likelihood (A-E) to produce a risk rating.
    21
  • Navigate to Risks > Risk Matrix in the sidebar.
  • Review the matrix:
    • Green (Acceptable): Risk is acceptable. Document the decision and accept.
    • Yellow (Tolerable/ALARP): Reduce risk As Low As Reasonably Practicable. Controls are needed.
    • Red (Unacceptable): Do not proceed without risk controls. Immediate action required.
  • Verify that the severity labels, likelihood labels, and color thresholds match your organization’s risk appetite.
    • 22
    The default matrix follows ICAO guidance and meets FAA requirements. Most organizations can use it as-is.
    23
    Test the system with a sample report
    24
    Before rolling out SMS to your full team, submit a test report to confirm everything works:
    25
  • Navigate to Reports > New Report.
  • Submit a test report with type “Suggestion” and a title like “Test report - SMS setup verification.”
  • Confirm you receive the confirmation screen with a report number.
  • Navigate back to Reports and verify the test report appears in the list.
  • Open the report and check that all fields display correctly.
    • 26
    This verifies that report submission, storage, and display are all working in your workspace.

    After setup

    With the initial configuration complete, your SMS is ready for your team to use. Here are the next steps:
    1. Communicate the launch. Let your team know that the SMS is live. Explain the reporting process and the just culture policy.
    2. Conduct training. Ensure all personnel understand how to submit reports and what their roles are in the SMS.
    3. Start collecting reports. Encourage your team to submit reports. The more data your SMS captures, the more effective your safety analysis will be.
    4. Review and act on reports. Establish a cadence for reviewing incoming reports, opening investigations when needed, and closing out CPAs.

    Next steps

    Submit Your First Safety Report

    Learn the report submission process that your team will follow.

    Run Your First Investigation

    Learn how to investigate a safety report and document findings.

    Conduct Your First Risk Assessment

    Perform a formal risk assessment using the 5x5 matrix.

    The Four Pillars of SMS

    Deepen your understanding of the SMS framework.