SMS Risk Assessment and Mitigation

SMS #2 Element of Safety Risk Management

An airline or airport's SMS program must develop and maintain formal processes to ensure analysis, assessment and control of safety risks in operations to an acceptable level.

The risk management process starts with the identification of hazards and their potential harm. Safety risks are next assessed in terms of probability and severity, to define the level of safety risk. Whenever assessed safety risks are deemed to be tolerable, appropriate action is taken and the operation continues. Completed hazard identifications and safety risk assessments and mitigation processes are documented and approved as appropriate and forms part of the safety information management system.

Compliance is indicated when:

  • There is a structured process for the management of risk that includes the assessment of risk associated with identified hazards, expressed in terms of severity and probability;
  • There are criteria for evaluating the level of risk the organization is willing to accept;
  • The organization has risk control strategies that include hazard elimination, risk control, risk avoidance, risk acceptance, risk mitigation, and where applicable an action plan;
  • Mitigating actions resulting from the risk assessment, including timelines and allocation of responsibilities are documented;
  • Risk management is routinely applied in decision making processes;
  • Effective and robust mitigations and controls are implemented;
  • Risk assessments and risk ratings are appropriately justified; and
  • Senior management has visibility of medium and high risk hazards and their mitigation and controls.

This element is satisfied when there is a formal process that ensures analysis, assessment and control of the safety risks in operations to an acceptable level.


SMS Pro modules used to support this requirement


Best Practices

  • There is evidence that risks are being managed to as low as reasonably practical;
  • The organization uses its risks management results to develop best practice guidelines that it shares with the industry; and
  • The risk management processes are reviewed and improved on a periodic basis.