Safety Risk Management: A Guide for EASA Part-145 Organisations

aircraft in a part-145 maintenance hangar

Follow RAVEN on Social Media! ✈️✈️✈️
Get aviation career insights and a stream of aviation learning content

Safety Management Systems (SMS) is currently a very hot topic amongst EASA Part-145 (Aircraft Maintenance) Organisations, as it needs to be implemented by 2nd December, 2024. In another article, we have seen the first pillar of an SMS: Safety Policy & Objectives. Safety Risk Management is the second pillar of an SMS framework as proposed in ICAO Annex 19.  Risk Management is perhaps one of the major features distinguishing Safety Management System from a traditional Quality Management System. Safety Risk Management introduces the PROACTIVE and PREDICTIVE elements giving the opportunity to implement mitigation measures and thus controlling and lowering the possibility a particular risk materializes.

When embraced by the maintenance organisation, safety risk management allows the organisation to keep the delicate balance between going bankrupt due to lack of business or going bankrupt due to a major accident by staying in what is frequently referred to as the Safety Zone.

Hazard Identification

The first element to Safety Risk Management is Hazard Identification. A hazard can be thought of as a dangerous substance, operational activity or condition that when materializes it may cause loss of life, damage to equipment and property, loss of livelihoods and services as well as environmental damage. It hold the potential to stop the organisation from functioning properly.

Hazards are an inevitable part of aircraft maintenance activities, however, their manifestation and possible adverse consequences can be addressed through mitigation strategies which aim to contain the potential for the hazard to result in an unsafe condition.

Some typical examples of Hazards in a Maintenance and Repair Organisation are:

  • Fire in the Hangar;
  • Aircraft coming off jacks during aircraft lifting operations;
  • Aircraft / tow truck detachment during towing activities;
  • Aircraft Fuel tank access related Hazards (explosion, loss of lives, Claustrophobia);
  • Fall from heights;
  • X-RAY Radiation hazard during NDT activities;
  • Lack of hangar space in peak maintenance season;
  • Lack of Human resources and fatigue related hazards;
  • Financial related risks;

There are various sources which can be used to identify Hazards. The Safety Reporting Scheme (Ref: 145.A.202) should be the formal means of collecting, recording, analysing, acting on and generating feedback about hazards, events and the associated risks that may affect safety. Hazard identification should include in particular hazards that may be linked to human factors and hazards that may stem from the organisation set-up or the existence of complex operational and maintenance arrangements. Refer to AMC1 145.A.200(a)(3) for more details.

Once hazards are identified they should be recorded and kept in a hazard Log register. The hazard log is a live tool and should be frequently reviewed and kept up to date. Several IT Tools are available on the market designed to support with the logging and management of hazards and their associated risks. Having said that, a well control and organised spread sheet will also be able to do the job and the tool selected should reflect the particular needs and complexity of an organisation.

Safety Risk Assessment

Once a hazard is identified it needs to be risk assessed. Risk is composed of 2 elements which are:

  • The Severity of the consequences when a Hazard materializes
  • The Probability a hazard materializes

So a Safety Risk Assessment (SRA) is the product of Severity and Probability. Safety Management procedures should specify how to assess a Risk. Typical industry practices include the use of a matrix as shown in Figure 1 below. Have a go at finishing the matrix!

Note: The colour codes of the matrix show the risk appetite / risk tolerability of an organisation.

Red: Not Tolerable / Yellow: Tolerable with Mitigation / Green: Tolerable with or without mitigation

The Safety Risk Assessment matrix is a tool supporting the decision making process in relation to a risk and defines also the risk tolerability by an organisation. One needs also to consult any information published by the competent airworthiness authorities when developing risk management related processes. A case in point is Safety Information and Advisory Notice (SIAN) No 07/22 as published by TM-CAD who is the competent authority for Malta.

Risk Mitigation

Within an SMS, risks are typically classified into 3 categories:

  • Risks acceptable as is
  • Risks needing mitigation measures
  • Risks that cannot be tolerated.

Having said that, each organisation is to identify the classification methodology of risks and should specify in SMS procedures the levels of management who have the authority to make decisions regarding the tolerability of safety risks.

Safety Risk Mitigation involves putting safety nets to lower the probability of a risk occurring. In practice, experience show that in most of the cases there is little to be done to change risk severity as this is an inherent property of the hazard (example one cannot influence the consequence of a fall from height when working on the Vertical Tail Plane), however, it is indeed possible to lower the probability of a risk materializing. This is accomplished by implementing Risk mitigation measures which in many cases involves developing, improving or changing tools, processes, procedures and training programmes. The mitigation measures should be documented and their implementation status tracked during the Safety Review Board (SRB) and/or Safety Action Group (SAG) meetings.

A second risk assessment is to be performed taking into account the identified mitigation measures to ensure that the risk level is brought down to a level acceptable by the organisation.

Risk Mitigation measures are to be frequently reviewed to ensure their effectiveness in controlling the associated risk and update or change mitigation measures in case of any situational changes and developments.


The number one function of any company is business success. At the end of the day investors and business owners need to have a return on their investment and a loss making business is short lived. A properly implemented SMS supports this philosophy.

Through Safety Risk Management the organisation is able to review and mitigate risks that if left unchecked may significantly damage the operations and reputation of an aircraft maintenance and repair organisation and it is for this reason that business decision making processes are to be supported and backed-up with Safety Risk Assessments.

Related Articles


Your email address will not be published. Required fields are marked *