Advisory Circular (AC) No. 107-001

Advisory Circulars logo

Guidance on Safety Management Systems Development

Table of Contents


  1. Up to date documentation is essential if the organization is to operate in a safe and efficient manner in accordance with current aviation safety regulations and standards. For this reason an operator's SMS documentation must address the following elements:

    1. The identification of applicable regulations, standards and exemptions.

    2. Consolidated documentation describing each component of the SMS, the interrelationship between the elements and the implementation process for required changes to documentation.

    3. Records management policy and procedures.

    The following paragraphs provide detail as to how this can be accomplished.

5.1 Identification and Maintenance of Applicable Regulations and Standards

  1. The organization must have a process for documenting the regulations, standards and exemptions by which it is regulated for the various activities it conducts. This documentation may reside in the approved manual or the organization's safety management program documentation as appropriate, but must be available to employees. The important thing is to position the documentation in a manner that promotes its usage.

  2. It is the organization's responsibility to maintain current regulatory and organization documentation. When changes to documentation are required the organization must have a documented process in place to ensure these changes are implemented.

  3. The process should provide for early identification of amendments. This will allow the organization to be proactive in addressing any required changes to documents and procedures.

  4. To address these situations the organization must have processes in place to:

    1. Identify any changes within the organization that could affect the organization's documentation, and amend the documentation as appropriate. A process to address changes within the organization could consist of a trigger to review documentation at any time a change to the organization's operations or structure occurs or is planned to occur. Specific events or dates could trigger processes for periodic reviews of regulatory information and the organization's documentation. These dates could be selected to augment other activities.

    2. Periodically review regulatory information to ensure the most current information is available.

    3. Periodically review documentation such as the approved manual or safety management program documentation to ensure compliance with current regulations.

    4. Documents required by regulation must conform to specific standards for compliance with those regulations. In an organization with a SMS, a corporate documentation strategy stemming from a clear policy with clear procedures for document development, management, control and revision will substantially contribute to the functionality and effectiveness of the system.

5.2 SMS Documentation

  1. Documentation in the context of a SMS has two components: the description of the SMS itself, and other corporate documentation, all of which must ultimately reflect the SMS philosophy in practice.

  2. One way of accomplishing this is by developing a corporate SMS policy manual. This could contain a description of the SMS itself, and provide detail that could be incorporated by reference into other company manuals to minimize repetition. These components are not addressed separately here since the integration of safety management into the whole of the organization is the objective, and becomes the normal way of doing business.

  3. The approach detailed in 5.2.(1) is only one way of accomplishing the documentation requirements. Companies may also incorporate their SMS requirements into existing approved documentation if this method works better for them. No matter which approach is taken, the document must be meaningful, explicit and utilised by the SMS user.

  4. SMS documentation should provide the policy, procedures and details of the SMS processes. A process loop alone does not give sufficient detail to provide a repeatable and auditable series of steps for the user. The following definitions apply to this document:

    1. Policy means a high level overall plan that outlines goals and objectives of an organization;

    2. Procedure means a specified way to carry out an activity or process;

    3. Process means a group of interrelated or interacting activities that convert inputs into outputs.


      A complete SMS documentation package should contain all three of these elements. This doesn't mean they have to be located in the same manual it simply means for documentation to be comprehensive all three elements must be complete.

  5. In cases where the SMS documentation is located in several manuals it should be noted that a table of concordance indicating where documentation can be found should be included in the approved manual. A brief description of the documentation should also be included. It should also be noted that when an organisation chooses an all-inclusive format for SMS documentation or to incorporate documentation by reference these documents are still considered to be approved and should be submitted to your principal inspector for approval as required.

  6. SMS documentation should include a description of each component of the SMS including policy and procedures that explain the SMS processes. This step is essential if the organization's personnel, and the regulator, are to understand how the whole system is integrated.

  7. A SMS is a way of managing risk in the entire organization and must address all facets of the organization. The absence of a corporate documentation strategy may lead to a conflict in the level of documentation surrounding processes dictated by the SMS regulation and processes not included in the SMS regulation.

  8. Safety management must be integrated into everyday business; it cannot be an add-on. Unlike most industrial processes that have an attainable target, safety can always be improved, and risks managed more effectively. In order to achieve that goal, a corporate policy for documentation review and amendment is essential. As well, the business advantages inherent in a SMS can only be maximized if the non-regulated elements of the corporate whole are integrated into the SMS.

  9. To that end, a corporate SMS policy manual (SMSPM), although not a regulatory requirement, can be utilized to facilitate and incorporate SMS into the organization. Employee involvement in the development of the manual and the policy and procedures therein can be a valuable first step in fostering a sense of ownership and commitment to a positive safety culture. Where a company creates a stand-alone SMS manual, it should be noted that it must be incorporated by reference in all applicable approved manuals and must be approved by TC.

  10. A SMSPM should provide clear policy guidelines for the standardization of process fundamentals for regulated activities, and be specific enough to allow the non-regulated elements of the organization to contribute to and benefit from the organizational enhancements.

  11. At the end of the developmental process, corporate documentation will provide the guidance for the continuous improvement that is at the heart of a mature SMS. Without core documentation that guides each functional manager in the growth of their own area's development, these processes could evolve in a diverse manner, perhaps with negative consequences for interoperability and safety.

  12. Should an organization choose to incorporate their SMS policies and procedures directly into the approved manual they may do so. The intent is to document the SMS in an effective manner and to store it in a document that will actually be used on a daily basis.
5.2.1 Gap Analysis
  1. An important initial step in the implementation of a SMS is the gap analysis to determine the outstanding elements between the existing corporate structure and a structure that will meet SMS regulatory requirements and embrace best practices and continuous improvement. It is a good idea to conduct a pre-documentation analysis and define the process in the implementation strategy. The process should:

    1. Identify organizational silos and determine whether the communications links in all directions are effective. An SMS should break down any isolation of silos and improve efficiency through elimination of "not my responsibility" syndromes;

    2. Identify and codify interdependencies. Managers can be unaware of the extent of networking employees are required to do to complete tasks. The process mapping exercise should involve all employees involved in the completion of all organizational activities, whether regulated or not;

    3. Clarify and codify communications requirements. The interactions will require integrated procedures between managed units. These clear and unambiguous communications requirements must be resident in the operating procedures for each functional unit with a part to play in a given process. There must be universal understanding that the onus is on the sender of a message to ensure that the message is received and understood. There's no point in one unit mapping a process if another with a key role to play is 'winging' it;

    4. Identify fiefdoms, protected turf and sacred cows. These must be disestablished and removed. There is no room in an SMS for hidden agendas, nor any person or process that is not subject to scrutiny.

  2. It is possible that the processes most difficult to document and codify will be the ones that do not cause any difficulty because they operate smoothly. This is usually dependent on persons who have been accomplishing the task for a lengthy period of time, and for who the process has become automatic and routine. These tasks, whether associated with previous regulatory requirements or not, must be captured in process detail, to enable the internal audit function to be effective, to permit organizational and fault analysis and ultimately to ease succession when required.
5.2.2 Training Policy Documentation

Training documentation is mandated for persons employed in activities regulated under CARs. In order to ensure a corporate approach to documentation processes, however, the organization's policy with regard to training documentation should reside in the management policy document. This means that training documentation for persons whose jobs were not previously regulated would be dealt within the corporate policy framework, and enables more efficient internal audit processes as well as trend analysis for continuous improvement.

5.2.3 Commonality Issues of Documentation

The requirement for risk assessment guidelines and matrices should be developed and applied consistently within each functional area. While customization to meet specific needs is understood, the basis for the tools should be common, for example, to ensure that inter-departmental safety audits can be carried out by persons to whom the audited department's tools and processes seem fundamentally the same as their own.

5.2.4 Documentation Summary

Recalling the discussion of the Plan, Do, Check, Act cycle, the following summary highlights how this can be applied in building and utilizing effective SMS documentation:

  1. No undocumented processes. None. Every task in the organization is described, every job description detailed, every process described and recorded. (Plan)

  2. Use the documented procedures. Always. Everybody. If management takes shortcuts, the employees will feel justified in doing the same. This takes leadership as well as management. (Do)

  3. Audit and review to make sure that those procedures are documented and everyone uses them. An unworkable, unrealistic or unreasonable procedure will be bypassed or replaced in the work context. Make sure that procedures are documented so they can be used, supported and enforced. In the final analysis, this step will be broken into two parts, checking the existing system (Check) and improving the system by making changes where required (Act).

5.3 Records Management

Among the many fundamental corporate processes is the requirement for record keeping. While regulation directs the recording and retention of certain information, a corporate philosophy that addresses the importance of record keeping can embrace the regulatory elements and use the momentum to reinforce precision in other business documentation. This should include event reports, investigations, etc.

5.4 How do you know if your SMS is working?

Component 2 - Documentation Yes/No
Element 2.1 - Identification and Maintenance of Applicable Regulations  
A documented procedure has been established and maintained for identifying applicable regulatory requirements (Parts IV, VI, VIII only)  
Regulations, Standards and exemptions are periodically reviewed to ensure that the most current information is available (Parts IV, VI, VIII only)  
Element 2.2 - SMS Documentation  
There is consolidated documentation that describes the safety management system and the interrelationship between all of its elements  
The information resides or is incorporated by reference into approved documentation, such as DAPM/EPM, Company Operations Manual, Maintenance Control Manual, Airport Operations Manual, as applicable, and where these approved documents are not required by regulation, the organization includes the information in a separate, controlled document  
Element 2.3 - D2.3 Records Management  
The organization has a records system that ensures the generation and retention of all records necessary to document and support operational requirements, and is in accordance with applicable regulatory requirements  
The system shall provide the control processes necessary to ensure appropriate identification, legibility, storage, protection, archiving, retrieval, retention time, and disposition of records.  

Previous Page

Next page

Date modified: