CitadelAero

What Is an Aviation Safety Management System (SMS)?

An SMS is the structured, organisation-wide way an aviation business manages safety. Here's what that means in practice.

Definition: what an SMS actually is

A Safety Management System (SMS) is a systematic approach to managing safety, including the organisational structures, accountabilities, policies, and procedures an aviation organisation uses to identify hazards and control risk. Rather than treating safety as a box-ticking exercise, an SMS makes it a continuous, data-driven management process — the same way a business manages finance or quality.

The concept is defined by the International Civil Aviation Organization (ICAO) and adopted by national regulators worldwide. It applies not just to airlines, but to aerodromes, maintenance organisations, training organisations, and other certificated aviation businesses.

Why is an SMS required?

Under ICAO Annex 19, member states must require their aviation service providers to implement an SMS. In Europe this is enforced through EASA regulations (such as Part-ORO for air operators, Part-145 for maintenance, and Part-ORA for training organisations); other authorities like the UK CAA, FAA, and GCAA have equivalent requirements.

The underlying reason is simple: most accidents are preceded by hazards and minor events that were visible in advance. An SMS exists to surface those signals — through reporting and analysis — and act on them before they line up into an accident.

The four components of an SMS

ICAO defines an SMS around four components (often called the four pillars), each broken down into elements:

  • Safety Policy and Objectives — management commitment, accountabilities, and the safety policy itself.
  • Safety Risk Management — identifying hazards and assessing, mitigating, and accepting risk.
  • Safety Assurance — monitoring performance, auditing, and managing change to confirm the SMS is working.
  • Safety Promotion — training, competence, and communication that build a positive safety culture.

What running an SMS looks like day to day

In practice, an SMS is a set of connected, repeatable processes: staff report occurrences and hazards; those reports are investigated and risk-scored; risks are recorded, mitigated, and reviewed; audits check the organisation against its procedures; corrective actions are tracked to a verified close; and training keeps everyone current. Management reviews the data and acts on it.

The hard part isn't understanding the framework — it's keeping all of that connected and current. Spreadsheets and shared drives make it almost impossible to maintain a live, defensible record, which is why most organisations move to dedicated SMS software.

Common questions

Is an SMS the same as a safety policy?

No. A safety policy is one element of an SMS — the documented commitment from management. The SMS is the whole system: policy, risk management, assurance, and promotion, plus the processes and records that make them work.

Who needs an SMS?

Under ICAO Annex 19 and national regulations, certificated aviation organisations — including airlines, aerodromes, maintenance (Part-145) organisations, and approved training organisations — are required to implement an SMS.

Keep reading

The four pillars of an SMSICAO Annex 19 explainedSafety Reporting

See how CitadelAero runs your SMS

One platform for safety reporting, risk, compliance, and training — all 14 modules, every plan.

Talk to sales Explore the platform