Main QSS Settings

Configure cross-module settings that apply across Quality, Safety, Security, DG, and Ad Hoc modules.

Set up and manage shared taxonomies, hazards, causal factors, external entities, compliance types, risk matrices, tolerabilities, notification types, and other system-wide QSS configurations.

1 Overview

What this page does

The Main QSS Settings page provides system-wide configuration settings that apply across all Quality, Safety, Security, Dangerous Goods, and Ad Hoc modules. Use this page to define shared taxonomies, hazards, causal factors, external entities, and cross-module risk assessment tools. These settings ensure consistency across all QSS functions.

Who uses this page

QSS administrators, SMS coordinators, SeMS coordinators, compliance managers, and users with system-wide QSS management permissions.

What you see here

Settings Tabs

This page is organized into tabs for different cross-module configuration areas:

  • Taxonomy: Define classification structures and hierarchies
  • Hazards: Configure hazard categories and types
  • Causal Factors: Set up root cause categories and factors
  • Compliance Types: Define cross-module compliance classifications
  • External Entities: Manage external organizations and contacts
  • Tolerabilities: Configure shared risk tolerability levels
  • Risk Matrix: Set up cross-module risk assessment matrices
  • Notification Types: Define tag types for notifications
  • Audit Resource Types: Configure audit resource categories
  • Report Settings: Manage global report configuration
  • Audit/MoC Settings: Configure audit and MoC defaults
  • Impacted Factors/Parties: Set up risk impact categories
Key Concepts
  • Cross-Module: Settings that apply to all QSS modules (Safety, Security, DG, etc.)
  • Taxonomy: Structured classification system for organizing QSS data
  • Hazard: Source of potential harm or unsafe condition
  • Causal Factor: Underlying cause or contributing factor in incidents
  • External Entity: Organization, authority, or third party relevant to QSS
  • Tolerability: Acceptable level of risk across all modules

2 Settings Tabs

The following sections describe each settings tab and its purpose. Click on a tab below to jump to its documentation.

Taxonomy
Core

Define classification structures and hierarchies for organizing QSS data
Hazards
Important

Configure hazard categories and types for risk identification
Causal Factors
Important

Set up root cause categories and contributing factors for investigations
Compliance Types
Core

Define cross-module compliance classifications (embeds reusable component)
External Entities
Core

Manage external organizations, authorities, and third-party contacts
Tolerabilities
Important

Configure shared risk tolerability levels and colour coding (embeds reusable component)
Risk Matrix
Important

Set up cross-module risk assessment matrices (embeds reusable component)
Notification Types
Optional

Define tag types for notifications and categorization
Audit Resource Types
Optional

Configure audit resource categories and tracking (feature flag dependent)
Report Settings
Core

Manage global report configuration and defaults
Audit/MoC Settings
Core

Configure audit and Management of Change defaults
Impacted Factors/Parties
Important

Set up risk impact categories for assessments

3 Taxonomy Tab

Overview

The Taxonomy tab allows you to define structured classification systems for organizing QSS data. Taxonomies provide hierarchical categories that help users classify incidents, findings, and other QSS items consistently across the system.

What are Taxonomies?

Taxonomies are classification structures that organize data into hierarchical categories. They help maintain consistency in how incidents, findings, and other items are categorized throughout the QSS system.

Example: A taxonomy for incident types might include categories like "Ground Operations" with subcategories like "Fueling," "Baggage Handling," and "Aircraft Positioning."

View and Navigate Taxonomies

  1. Navigate to Main QSS Settings
  2. Select the Taxonomy tab
  3. Browse the hierarchical taxonomy structure
  4. Expand categories to view subcategories and items

Add Taxonomy Category

  1. Click Add Category
  2. Enter category name and description
  3. Select parent category (if creating a subcategory)
  4. Set sort order for display sequence
  5. Click Save

Add Taxonomy Item

  1. Select a category to add an item to
  2. Click Add Item
  3. Enter item name, code (optional), and description
  4. Set sort order
  5. Click Save

Edit Taxonomy Items

  1. Locate the taxonomy item in the hierarchy
  2. Click the edit icon next to the item
  3. Update name, description, or sort order
  4. Click Save

Deactivate Taxonomy Items

  1. Locate the taxonomy item
  2. Click the deactivate icon
  3. Confirm deactivation when prompted
  4. Deactivated items are hidden from selection but preserve historical data

Usage

Taxonomies are used throughout the QSS system for:

  • Categorizing incidents and hazards in reports
  • Classifying findings and observations in audits
  • Organizing corrective actions
  • Filtering and searching QSS records
  • Generating reports and analytics

Permissions

Requires QSS Administrator or System Administrator role to manage taxonomies.

4 Hazards Tab

Overview

The Hazards tab allows you to configure hazard categories and types for risk identification and assessment. Hazards represent sources of potential harm or unsafe conditions that can lead to incidents or accidents.

What are Hazards?

A hazard is any source of potential harm, danger, or unsafe condition that could lead to injury, damage, or loss. Hazards are identified, assessed, and managed as part of the Safety Management System (SMS).

Examples: Bird strike risk, fuel contamination, runway incursion, maintenance error, crew fatigue, adverse weather conditions.

View Hazard Categories

  1. Navigate to Main QSS Settings
  2. Select the Hazards tab
  3. Browse the list of hazard categories
  4. Expand categories to view individual hazard types

Add Hazard Category

  1. Click Add Hazard Category
  2. Enter category name (e.g., "Flight Operations," "Ground Operations," "Maintenance")
  3. Provide a description of the category scope
  4. Set sort order
  5. Click Save

Add Hazard Type

  1. Select a hazard category
  2. Click Add Hazard
  3. Enter hazard name and description
  4. Optionally add hazard code or reference
  5. Set severity classification if applicable
  6. Click Save

Edit Hazards

  1. Locate the hazard in the list
  2. Click the edit icon
  3. Update hazard details
  4. Click Save

Deactivate Hazards

  1. Locate the hazard
  2. Click the deactivate icon
  3. Confirm deactivation
  4. Deactivated hazards are removed from new selections but preserved in historical records

Usage

Hazards are used for:

  • Identifying and reporting hazards in safety reports
  • Conducting risk assessments and evaluations
  • Tracking hazard trends and patterns
  • Implementing hazard controls and mitigations
  • Supporting SMS hazard management processes

Permissions

Requires QSS Administrator or System Administrator role.

5 Causal Factors Tab

Overview

The Causal Factors tab allows you to set up root cause categories and contributing factors for investigations. Causal factors help investigators identify why incidents occurred and what underlying issues need to be addressed.

What are Causal Factors?

Causal factors are the underlying causes or contributing factors that lead to incidents, accidents, or non-compliance. They help identify systemic issues beyond immediate causes.

Common categories: Human factors, organizational factors, technical/equipment factors, environmental factors, procedural factors.

View Causal Factor Structure

  1. Navigate to Main QSS Settings
  2. Select the Causal Factors tab
  3. Browse causal factor categories
  4. Expand categories to view specific factors

Add Causal Factor Category

  1. Click Add Category
  2. Enter category name (e.g., "Human Factors," "Organizational Factors")
  3. Provide category description
  4. Set sort order
  5. Click Save

Add Causal Factor

  1. Select a category
  2. Click Add Factor
  3. Enter factor name and detailed description
  4. Add examples or guidance for investigators (optional)
  5. Set sort order
  6. Click Save

Edit Causal Factors

  1. Locate the causal factor
  2. Click the edit icon
  3. Update factor details and description
  4. Click Save

Deactivate Causal Factors

  1. Locate the factor
  2. Click the deactivate icon
  3. Confirm deactivation
  4. Deactivated factors remain in historical investigation records

Usage

Causal factors are used for:

  • Conducting root cause analysis in investigations
  • Identifying systemic issues and trends
  • Developing effective corrective actions
  • Supporting just culture principles
  • Analyzing incident patterns and common causes

Permissions

Requires QSS Administrator or System Administrator role.

6 Compliance Types Tab

Main QSS Settings (cross-module) Context: These compliance types are used in main qss settings (cross-module) reports, audits, and findings to categorise items according to regulatory requirements and company policies.
Cross-Module Impact: Changes to compliance types affect all QSS modules (Quality, Safety, Security, and Dangerous Goods).

Overview

The Compliance Types tab allows administrators to manage the list of compliance categories used throughout the Main QSS Settings (cross-module) module. Compliance types categorise findings and non-conformances according to regulatory requirements, internal policies, and industry standards.

What You See Here

Page Controls
  • Active/Deactivated views: Radio buttons to switch between active and deactivated compliance types
  • Search: Filter compliance types by name
  • Add button: Create new compliance types
  • Compliance types table: View and manage all compliance types with sorting and level controls
Key Concepts
  • Compliance type: A category that classifies findings based on regulatory or policy requirements
  • Level: The priority order in which compliance types are displayed (drag arrows to reorder)
  • Corrective action requirement: Whether findings of this type must have corrective actions assigned
  • Active vs deactivated: Active types are available for new findings; deactivated types remain linked to existing items

Add a New Compliance Type

To create a new compliance type:

  1. Click the Add new compliance type button at the top right of the page
  2. In the window that opens, complete the following fields:
    • Compliance name (required) - The name of the compliance category (e.g., "SACAA Regulations", "Company Policy", "ICAO Standards")
    • Must have corrective action (checkbox) - Tick this if findings of this type always require corrective actions
    • Corrective action plan submission deadline - Number of days within which the corrective action plan must be submitted (0 = immediate, leave blank for no deadline)
    • Corrective action implementation deadline - Number of days within which the corrective action must be implemented (0 = immediate, leave blank for no deadline)
    • Corrective action submission type - Choose between:
      • Always Combined - Plans and implementation are always submitted together
      • Always Separate - Short-term and long-term actions are submitted and reviewed separately
  3. Click Submit to save the compliance type
  4. The new compliance type appears in the Active table at the bottom of the priority list
Note: Negative values for deadlines are not allowed. Use 0 for immediate deadlines, or leave blank for no specific deadline.

Edit a Compliance Type

To modify an existing compliance type:

  1. Locate the compliance type in the Active table
  2. Click the Edit button (pencil icon) in the row
  3. Update the fields in the window that opens
  4. Click Submit to save your changes
Warning: Changing corrective action requirements affects how findings are processed. Ensure changes align with your Main QSS Settings (cross-module) procedures.

Reorder Compliance Types

Compliance types are displayed in priority order (Level) in dropdown lists throughout the system. To change the order:

  1. Locate the compliance type you want to move in the Active table
  2. Click the up arrow to move it higher in the priority list
  3. Click the down arrow to move it lower in the priority list
  4. The Level number updates automatically

Deactivate a Compliance Type

When a compliance type is no longer needed:

  1. Locate the compliance type in the Active table
  2. Click the Deactivate button (ban icon)
  3. The compliance type moves to the Deactivated view

What happens when you deactivate: The compliance type is removed from dropdown lists and cannot be selected for new findings. However, it remains linked to any existing findings, audits, or reports that already reference it.

Reactivate a Compliance Type

To restore a previously deactivated compliance type:

  1. Switch to the Deactivated view using the radio buttons
  2. Locate the compliance type in the table
  3. Click the Activate button (plus icon)
  4. The compliance type returns to the Active table

Fields Reference

The Active compliance types table shows:

Column Description Editable
(Arrows) Controls to move compliance type up or down in priority order Yes (click arrows)
Level Display order number (1 = highest priority). Updates automatically when reordering No (changed via arrows)
Edit Button to open the edit window N/A
Compliance name The name of the compliance type Yes (via Edit)
Corrective action Shows ✓ (green check) if corrective actions are required, or ✗ (red cross) if optional Yes (via Edit)
Period for plan Deadline for submitting corrective action plan (days). Shows "Immediate" for 0 days, "N/A" if not set Yes (via Edit)
Period for implementation Deadline for implementing corrective action (days). Shows "Immediate" for 0 days, "N/A" if not set Yes (via Edit)
Submission Type Shows "Always Combined" or "Always Separate" submission workflow Yes (via Edit)
Deactivate Button to deactivate this compliance type N/A

Usage Throughout the System

Compliance types are used in:

  • Findings: When creating a finding during an audit or investigation, users select the applicable compliance type
  • Corrective actions: The compliance type determines corrective action requirements and deadlines
  • Reports and exports: Findings can be filtered and grouped by compliance type
  • Dashboards: Metrics and charts display compliance type breakdowns

Permissions

To view and manage compliance types, you must have the Main QSS Settings (cross-module) Settings - Full Access permission. Users without this permission see an access notification instead of the settings page.

Best Practices

Tips
  • Order compliance types by importance or frequency of use. The most commonly used types should appear first in the list
  • Use clear, descriptive names that make sense to all users. Avoid abbreviations unless they are widely understood
  • Deactivate rather than delete. This preserves historical data while preventing future use

7 External Entities Tab

Overview

The External Entities tab allows you to manage external organizations, regulatory authorities, and third-party contacts relevant to QSS operations. External entities can conduct audits on your organization, be audited by your organization, or receive findings and requests for information (RFIs) that require responses through a dedicated external user portal.

What are External Entities?

External entities are organizations, authorities, or third parties outside your organization that interact with your QSS processes. They may conduct audits on you, be audited by you, or receive and respond to findings and RFIs.

Examples: Civil aviation authorities (SACAA, KCAA, EASA, FAA), audit bodies (BARS, IATA), suppliers, maintenance organizations, service providers.

Key Capabilities
  • Organise entities using nested folder structures
  • Configure audit relationships (who audits whom)
  • Assign findings and RFIs to external users
  • Grant portal access for external users to respond
  • Send automated email notifications with login credentials

Organising External Entities with Folders

You can create a hierarchical structure to organise your external entities by creating folder-like parent entities that contain nested child entities.

Example Folder Structure

Suppliers Folder (no checkboxes)
ABC Maintenance Ltd Can be audited ✓
XYZ Aviation Services Can be audited ✓
Authorities Folder (no checkboxes)
SACAA Can conduct audits ✓
EASA Can conduct audits ✓
BARS Can conduct audits ✓

Understanding Audit Checkboxes

When creating or editing an external entity, you can configure two audit-related options that define the entity's role in your audit processes:

Can Conduct Audits

When to tick this checkbox: The external entity performs audits on your organisation.

What it enables: When creating an audit, you can select this entity as the "Entity conducting audit" with your internal organisation as the "Entity being audited."

Process: You manually create the audit, add checklist items where they had findings, record their findings, and assign your internal staff to address those findings.

Can Be Audited

When to tick this checkbox: Your organisation performs audits on this external entity.

What it enables: When creating an audit, you can select this entity as the "Entity being audited" with your internal organisation as the "Entity conducting audit."

Usage: Conduct audits on suppliers, service providers, or other third parties as part of your quality management processes.

Create a Folder (Parent Entity)

  1. Navigate to Main QSS Settings
  2. Select the External Entities tab
  3. Click Add External Entity (or the add button)
  4. Enter a Name for the folder (e.g., "Suppliers", "Authorities", "Service Providers")
  5. Leave both checkboxes unticked (Can conduct audits, Can be audited)
  6. Set the Sort Order if needed
  7. Click Save

Add an External Entity Inside a Folder

  1. Expand the folder entity you created
  2. Click the Add button within that folder
  3. Enter the Entity Name (e.g., "SACAA", "ABC Maintenance Ltd")
  4. Tick the appropriate checkbox(es):
    • Tick Can conduct audits if this entity audits your organisation (e.g., regulatory authorities)
    • Tick Can be audited if you audit this entity (e.g., suppliers, service providers)
    • You can tick both if the relationship is bidirectional
  5. Set the Sort Order
  6. Click Save

Manage External Users

External entities can have associated users who can log in to a separate external user portal to view and respond to findings and RFIs assigned to them.

Add External Users to an Entity

  1. Locate the external entity in the list
  2. Click the Manage Users button or icon for that entity
  3. In the window that opens, click Add User
  4. Enter the user details:
    • First Name: Required
    • Surname: Required
    • Email: Required (must be unique across all external users)
    • Job Title: Optional
  5. Click Save

Assign Findings and RFIs to External Entities

When creating or editing a finding or RFI, you can assign it to an external entity. This enables external users to view and respond to the request through their dedicated portal.

How to Assign to External Entities

  1. When creating a Finding or RFI, look for the respondent/responsible person selection
  2. Select External as the respondent type
  3. Choose the External Entity from the dropdown
  4. The system automatically populates active external users from that entity
  5. Select the specific External User(s) who should respond
  6. Complete and save the finding or RFI

Email Notifications to External Users

Musket automatically sends email notifications to external users at two key points: when findings or RFIs are initially assigned to them, and as automated reminders for items that are due or overdue.

Initial Assignment Email

When it's sent: Immediately when a finding or RFI is submitted and assigned to external users.

What triggers it: When you create and submit (not save as draft) a finding or RFI with external users assigned.

What it contains:

  • Login credentials (username and password)
  • Portal login link
  • Details about THIS specific request
  • Request code, requester, and due date
Automated Reminder Emails

When sent: System sends periodic automated reminders for pending requests.

Reminder triggers:

  • Overdue: Past the due date
  • Due soon: Within next 7 days
  • Monthly: Due within 30 days

What it contains:

  • Summary table of ALL pending requests
  • Portal login link
  • Note: Does NOT include login credentials

External User Portal Access

External users access a separate, dedicated portal to view and respond to findings and RFIs assigned to them. This portal is completely separate from your internal Musket application.

How External Users Log In

  1. External user receives an email notification with their email address (username) and password
  2. User clicks the portal login link in the email or navigates to the external user portal URL
  3. User enters their email address and password on the login page
  4. Upon successful login, user is directed to their corrective actions dashboard

What External Users Can See and Do

View Assigned Requests

External users see a screen similar to the internal "My Portal - Findings & Requests" page, but they can only see:

  • Findings and RFIs specifically assigned to them
  • Their own previous submissions and responses
  • Status of their assigned requests
Respond to Requests

External users can:

  • Submit corrective action plans
  • Provide requested information for RFIs
  • Upload supporting documents and evidence
  • Add comments and updates
  • Communicate back to internal users

Edit External Entities

  1. Locate the entity in the External Entities tab
  2. Click the Edit button or icon
  3. Update the Name, Sort Order, or checkbox settings
  4. Click Save

Deactivate External Entities and Users

You can deactivate external entities and their users without deleting them. Deactivated entities and users are hidden from new selections but preserved in historical records.

Deactivate an External Entity

  1. Locate the external entity
  2. Click the Deactivate icon or button
  3. Confirm deactivation when prompted
  4. Deactivated entities won't appear in dropdowns but remain in historical data

Deactivate an External User

  1. Open the Manage Users window for the entity
  2. Click Deactivate next to the user you want to deactivate
  3. Confirm deactivation
  4. Deactivated users cannot log in to the external portal and won't receive new assignments

Permissions

To access and manage external entities, users need the following permission:

  • Quality Safety Security → Settings - Full (This is the main QSS Settings permission, not the individual Quality/Safety/Security/DG/Ad-hoc section settings)

Summary of External Entity Workflow

  1. Create folder structure: Add external entities without checkboxes to act as folders
  2. Add entities inside folders: Create nested entities with appropriate audit checkboxes ticked
  3. Add external users: Create user accounts for people who need portal access
  4. Assign findings/RFIs: When creating findings or RFIs, select "External" and choose the entity and specific users
  5. Automatic email sent: External users receive email with login credentials and portal link
  6. External users log in: Users access the separate external portal using email and password
  7. Users respond: External users view assigned requests and submit responses through the portal
  8. Internal users review: Your team reviews responses and closes out findings/RFIs as needed

8 Tolerabilities Tab

Main QSS Settings (cross-module) Context: These tolerability levels are used in main qss settings (cross-module) risk assessments to indicate whether a risk is acceptable, tolerable, or intolerable.
Cross-Module Impact: Changes to tolerability levels affect all risk assessments across Safety, Security, and Dangerous Goods modules.

Overview

The Tolerabilities tab allows administrators to define and manage risk tolerance levels used throughout the system. Tolerability levels indicate whether a risk is acceptable to the organisation, requires mitigation, or is unacceptable and must be eliminated or avoided.

What Tolerability Levels Mean

Key Concepts
  • Tolerability: The acceptance threshold for a risk based on its likelihood and severity
  • Acceptable risk: Low risk that requires no immediate action (typically green)
  • Tolerable risk: Moderate risk that requires monitoring and possible mitigation (typically yellow)
  • Intolerable risk: High risk that requires immediate action to reduce or eliminate (typically red)
  • Sort order: The sequence in which tolerability levels appear in dropdowns and reports
How It Works
  • Risk matrix integration: Each cell in a risk matrix is assigned a tolerability level
  • Colour coding: Tolerability levels have colours that appear in risk assessments for quick visual reference
  • Decision making: Tolerability guides whether to accept a risk, apply controls, or avoid the activity
  • SMS compliance: Aligns with Safety Management System risk acceptance principles

What You See Here

Page Controls
  • Active/Deactivated views: Radio buttons to switch between active and deactivated tolerability levels
  • Add button: Create new tolerability levels
  • Tolerabilities table: View and manage all tolerability levels with reordering controls

View Existing Tolerability Levels

The Active table displays all available tolerability levels with the following columns:

Column Description
(Arrows) Controls to move tolerability level up or down in sort order
Edit Button to open the edit window
Name The name of the tolerability level (e.g., "Acceptable", "Tolerable", "Intolerable")
Colour The colour assigned to this level (shown with background colour applied)
Description Icon button that displays the full description in a popover when clicked
Deactivate Button to deactivate this tolerability level

Add a New Tolerability Level

To create a new risk tolerance level:

  1. Click the Add tolerability level button
  2. In the window that opens, complete the following fields:
    • Name (required) - The tolerability level name (e.g., "Acceptable", "Tolerable", "Intolerable", "As Low As Reasonably Practicable")
    • Color (required) - Select from:
      • Green - Typically for acceptable/low risks
      • Yellow - Typically for tolerable/moderate risks
      • Red - Typically for intolerable/high risks
      • Other - Opens a colour picker to select any custom colour (use for additional levels like orange, blue, etc.)
    • Description - Explain what this tolerability level means and when it should be used (e.g., "Risk is intolerable and must be eliminated or avoided")
  3. Click Submit to save the tolerability level
  4. The new level appears at the bottom of the Active table
Note: When you select "Other" as the colour, a colour picker appears allowing you to choose any hex colour code. Preset colours are available for quick selection.

Edit an Existing Tolerability Level

To modify a tolerability level:

  1. Locate the tolerability level in the Active table
  2. Click the Edit button (pencil icon)
  3. Update the name, colour, or description as needed
  4. Click Submit to save your changes
Warning: Changing a tolerability level's colour affects how existing risk assessments display. The risk rating itself does not change, but the visual representation updates.

Reorder Tolerability Levels

The sort order determines how tolerability levels appear in dropdown lists and reports. To change the order:

  1. Locate the tolerability level in the Active table
  2. Click the up arrow to move it higher in the sort order
  3. Click the down arrow to move it lower in the sort order
  4. The sort order updates automatically

Common sorting: Organisations typically order from lowest to highest risk (e.g., Acceptable → Tolerable → Intolerable) or from highest to lowest (e.g., Intolerable → Tolerable → Acceptable).

Deactivate a Tolerability Level

When a tolerability level is no longer needed:

  1. Locate the tolerability level in the Active table
  2. Click the Deactivate button (ban icon)
  3. The tolerability level moves to the Deactivated view
Note: You cannot deactivate a tolerability level that is currently assigned to cells in any active risk matrix. Remove it from risk matrices first.

What happens when you deactivate: The tolerability level is removed from selection lists and cannot be assigned to new risk matrix cells. Existing risk assessments that used this level remain unchanged.

Reactivate a Tolerability Level

To restore a previously deactivated tolerability level:

  1. Switch to the Deactivated view using the radio buttons
  2. Locate the tolerability level in the table
  3. Click the Activate button (plus icon)
  4. The tolerability level returns to the Active table at the bottom of the sort order

Integration with Risk Matrices

Tolerability levels and risk matrices work together:

  • Matrix configuration: When creating or editing a risk matrix, you assign a tolerability level to each combination of probability and severity
  • Colour coding: The tolerability level's colour appears as the background colour of the matrix cell
  • Risk assessment display: When users perform risk assessments, the system shows the risk rating with the corresponding tolerability colour
  • Prerequisites: You must define tolerability levels before creating risk matrices, as matrices reference these levels

Usage in Risk Assessments

Tolerability levels are used to:

  • Guide decision making: Determine whether a risk requires immediate action, monitoring, or is acceptable as-is
  • Prioritise resources: Focus efforts on intolerable risks before addressing tolerable or acceptable ones
  • Meet regulatory requirements: Demonstrate systematic risk management aligned with SMS principles
  • Visual communication: Use colour coding for quick identification of risk levels in reports and dashboards
  • Approval workflows: Some tolerability levels may require higher-level approval (configured per matrix)

Permissions

To view and manage tolerability levels, you must have the Main QSS Settings (cross-module) Settings - Full Access permission. Users without this permission see an access notification instead of the settings page.

Best Practices

Tips
  • Use standard tolerability terminology consistent with your SMS framework (e.g., ICAO, SACAA guidelines)
  • Keep the number of tolerability levels manageable (typically 3-5). Too many levels make risk decisions complicated
  • Use intuitive colours: green for acceptable, yellow/orange for tolerable, red for intolerable
  • Write clear descriptions that explain decision criteria. This ensures consistent risk evaluation across your organisation

9 Risk Matrix Tab

Main QSS Settings (cross-module) Context: These risk matrices are used in main qss settings (cross-module) risk assessments to evaluate the likelihood and severity of hazards.
Cross-Module Impact: Changes to risk matrices affect Safety, Security, and Dangerous Goods modules that perform risk assessments.

Overview

The Risk Matrix tab allows administrators to create and manage risk assessment matrices used throughout the system. Risk matrices combine likelihood (probability) and severity levels to calculate overall risk levels, helping organisations systematically evaluate and prioritise hazards.

Understanding Risk Matrices

Key Concepts
  • Likelihood (Probability): How likely an event is to occur (e.g., Rare, Unlikely, Possible, Likely, Almost Certain)
  • Severity (Consequence): The potential impact if the event occurs (e.g., Negligible, Minor, Moderate, Major, Catastrophic)
  • Risk Index: The combination of likelihood and severity that produces a risk rating
  • Tolerability: The acceptance level for each risk (e.g., Acceptable, Tolerable, Intolerable)
Matrix Structure
  • Rows and columns: One axis shows likelihood levels, the other shows severity levels
  • Cells: Each cell represents a specific risk level based on the likelihood-severity combination
  • Colour coding: Cells are colour-coded according to tolerability levels for quick visual reference
  • Main matrix: The system main matrix is used by default in risk assessments

What You See Here

Page Controls
  • Active/Deactivated views: Radio buttons to switch between active and deactivated risk matrices
  • Search: Filter risk matrices by name
  • Add button: Create new risk matrices
  • Risk matrices table: View and manage all risk matrices

View Existing Risk Matrices

The Active table displays all available risk matrices with the following columns:

Column Description
Edit Button to open the risk matrix editor
Name The name of the risk matrix (sortable)
System main Shows ✓ (green check) if this is the default matrix used in risk assessments, or ✗ (red cross) if not
Deactivate Button to deactivate this risk matrix

Create a New Risk Matrix

To build a new risk assessment matrix:

Step 1: Set Up the Matrix

  1. Click the Add new risk matrix button
  2. In the window that opens, complete the basic settings:
    • Risk matrix name (required) - A descriptive name (e.g., "SMS Risk Matrix", "Security Threat Matrix")
    • Main Risk Matrix? - Tick this to make it the system default (only one can be main)

Step 2: Configure Matrix Layout

Customise how the matrix displays:

  • Is Probability Ascending? - Tick to show lowest probability first, untick for highest first
  • Is Severity Ascending? - Tick to show lowest severity first, untick for highest first
  • Is Probability In Row? - Tick to show probability as rows and severity as columns, untick to reverse
  • Use Numbers For Probability? - Tick to display probability levels as numbers (1, 2, 3...) instead of letters (A, B, C...)
  • Use Numbers For Severity? - Tick to display severity levels as numbers instead of letters
  • Probability Label - Custom axis label (e.g., "Likelihood", "Frequency")
  • Severity Label - Custom axis label (e.g., "Consequence", "Impact")

Step 3: Define Probability Levels

  1. Click the button at the bottom to add a probability level
  2. For each level, enter:
    • Name - The probability name (e.g., "Rare", "Unlikely", "Possible", "Likely", "Almost Certain")
    • Description - A definition or frequency (e.g., "May occur once per year")
  3. The Level is assigned automatically (A, B, C... or 1, 2, 3... depending on your settings)
  4. Add as many probability levels as needed (typically 3-5)
  5. To remove a level, click the button

Step 4: Define Severity Levels

  1. Click the button on the right to add a severity level
  2. For each level, enter:
    • Name - The severity name (e.g., "Negligible", "Minor", "Moderate", "Major", "Catastrophic")
    • Description - A definition of impact (e.g., "Results in minor injury requiring first aid")
  3. The Level is assigned automatically
  4. Add as many severity levels as needed (typically 3-5)
  5. To remove a level, click the button

Step 5: Assign Tolerability to Each Cell

For each combination of probability and severity in the matrix:

  1. Each cell shows a dropdown labelled Tolerability
  2. Select the appropriate tolerability level for that risk combination (e.g., Acceptable, Tolerable, Intolerable)
  3. The cell background colour changes to match the tolerability level
  4. The risk rating shown in brackets combines the probability and severity levels (e.g., "Tolerable (A1)", "Intolerable (E5)")
Note: You must configure tolerability levels in the Tolerabilities tab before they appear in the dropdown. Tolerabilities define colour coding and acceptance thresholds.

Step 6: Save the Matrix

  1. Review the complete matrix layout
  2. Ensure all cells have a tolerability assigned
  3. Click Submit to save the risk matrix
  4. The new matrix appears in the Active table

Edit an Existing Risk Matrix

To modify a risk matrix:

  1. Locate the risk matrix in the Active table
  2. Click the Edit button (pencil icon)
  3. The matrix editor opens showing the current configuration
  4. Make changes to any settings, levels, or tolerabilities
  5. Click Submit to save your changes
Warning: Editing a risk matrix affects all future risk assessments. Existing assessments that reference this matrix will display updated level names but retain their original risk ratings.

Set the Main (Default) Risk Matrix

To make a risk matrix the system default:

  1. Edit the risk matrix you want to set as main
  2. Tick the Main Risk Matrix? checkbox
  3. Click Submit
  4. The system automatically removes the main status from other matrices
  5. Only one matrix can be the main matrix at a time

What the main matrix does: When users perform risk assessments, the main matrix is pre-selected by default. Users can still choose alternative matrices if needed.

Deactivate a Risk Matrix

When a risk matrix is no longer needed:

  1. Locate the risk matrix in the Active table
  2. Click the Deactivate button (ban icon)
  3. Confirm the action in the dialogue that appears
  4. The risk matrix moves to the Deactivated view
Note: You cannot deactivate the main risk matrix. Set a different matrix as main first, then deactivate.

What happens when you deactivate: The matrix is removed from selection lists and cannot be used for new risk assessments. Existing risk assessments that used this matrix remain unchanged.

Reactivate a Risk Matrix

To restore a previously deactivated risk matrix:

  1. Switch to the Deactivated view using the radio buttons
  2. Locate the risk matrix in the table
  3. Click the Activate button (plus icon)
  4. The risk matrix returns to the Active table

Usage in Risk Assessments

Risk matrices are used when:

  • Hazard assessments: When identifying and evaluating hazards in the Risk & Hazard Register
  • Safety report investigations: When assessing the risk level of reported safety occurrences
  • Security threat evaluations: When analysing security incidents and vulnerabilities
  • DG incident assessments: When evaluating dangerous goods related events
  • Audit findings: When determining the severity of non-conformances

Users select a probability level and severity level, and the system automatically calculates the risk rating and displays the corresponding tolerability.

Permissions

To view and manage risk matrices, you must have the Main QSS Settings (cross-module) Settings - Full Access permission. Users without this permission see an access notification instead of the settings page.

Best Practices

Tips
  • Use clear, consistent terminology for probability and severity levels across all matrices. This helps users understand risk assessments
  • Include descriptions for each level that define the criteria or thresholds. This ensures consistent risk evaluation
  • Align your risk matrix with industry standards or regulatory requirements for your aviation authority (e.g., SACAA, ICAO)
  • Create different matrices for different types of assessments if needed (e.g., separate matrices for safety vs security)

10 Notification Types Tab

Overview

The Notification Types tab allows you to define tag types for notifications and categorization throughout the QSS system. Notification types help organize and filter alerts, notifications, and tagged items.

What are Notification Types?

Notification types (also called tag types) are classification labels used to categorize and organize notifications, alerts, and tagged items in the QSS system. They help users quickly identify and filter relevant information.

Examples: "Urgent Action Required," "Regulatory Deadline," "Follow-up Needed," "Information Only," "System Alert."

View Notification Types

  1. Navigate to Main QSS Settings
  2. Select the Notification Types tab
  3. Browse the list of notification types

Create Notification Type

  1. Click Add Notification Type
  2. Enter type details:
    • Name: Clear, descriptive type name
    • Description: Purpose and usage guidance
    • Color: Select color for visual identification
    • Usage context: Where this type should be used
    • Priority level: Urgency or importance (if applicable)
  3. Click Save

Edit Notification Type

  1. Locate the notification type
  2. Click the edit icon
  3. Update name, description, color, or usage context
  4. Click Save

Deactivate Notification Type

  1. Locate the notification type
  2. Click the deactivate icon
  3. Confirm deactivation
  4. Deactivated types are hidden from new selections but preserved in historical notifications

Usage

Notification types are used for:

  • Categorizing system notifications and alerts
  • Tagging reports, audits, and findings for follow-up
  • Filtering notification feeds by type
  • Organizing user task lists
  • Setting notification priority and urgency

Permissions

Requires QSS Administrator or System Administrator role.

11 Audit Resource Types Tab

Overview

The Audit Resource Types tab allows you to configure audit resource categories for tracking resources used during audits. This feature helps monitor audit costs, time investment, and resource allocation.

What are Audit Resource Types?

Audit resource types are categories for tracking different resources consumed during audits, such as labor hours, travel expenses, equipment usage, and external consultant fees.

Examples: "Auditor Hours," "Travel Costs," "Equipment Rental," "External Consultant," "Training Materials."

View Audit Resource Types

  1. Navigate to Main QSS Settings
  2. Select the Audit Resource Types tab
  3. Browse the list of resource types

Add Resource Type

  1. Click Add Resource Type
  2. Enter resource details:
    • Type name: Resource category name
    • Unit of measure: Hours, dollars, kilometers, etc.
    • Category: Labor, travel, equipment, materials, etc.
    • Cost tracking: Enable/disable cost tracking
    • Description: Usage guidance
  3. Click Save

Edit Resource Type

  1. Locate the resource type
  2. Click the edit icon
  3. Update resource details
  4. Click Save

Deactivate Resource Type

  1. Locate the resource type
  2. Click the deactivate icon
  3. Confirm deactivation
  4. Deactivated types are hidden from new audits but preserved in historical records

Usage

Audit resource types are used for:

  • Tracking resources consumed in audit activities
  • Monitoring audit costs and budgets
  • Analyzing resource allocation efficiency
  • Reporting on audit program investment
  • Planning future audit resource needs

Permissions

Requires QSS Administrator or System Administrator role.

12 Report Settings Tab

Overview

The Report Settings tab allows you to manage global report configuration and defaults that apply across all QSS modules. These settings ensure consistency in report handling, numbering, and workflow.

What are Report Settings?

Report settings are system-wide configuration options that control how reports are created, numbered, assigned, and processed throughout the QSS system. They ensure consistency across all report types.

View Report Settings

  1. Navigate to Main QSS Settings
  2. Select the Report Settings tab
  3. Review current settings configuration

Configure Report Defaults

Available configuration options:

  • Auto-assignment rules: Configure automatic report assignment based on category, location, or other criteria
  • Default notification settings: Set default notification preferences for new reports
  • Report numbering format: Configure report reference number format and sequence
  • Close-out requirements: Define mandatory fields and approvals for closing reports
  • Investigation workflow: Set investigation stage requirements and transitions
  • Notification triggers: Configure when and to whom notifications are sent

Save Settings

  1. Make changes to desired settings
  2. Review settings carefully
  3. Click Save Changes
  4. Confirm the save action when prompted

Impact on Reports

Report settings affect:

  • All safety, security, DG, and ad hoc reports
  • Report creation, assignment, and workflow
  • Notification and alert behavior
  • Report numbering and identification
  • Close-out and approval processes

Permissions

Requires QSS Administrator or System Administrator role.

13 Audit/MoC Settings Tab

Overview

The Audit/MoC Settings tab allows you to configure default settings for audits and Management of Change (MoC) processes. These settings ensure consistency in audit and MoC workflows across the system.

What are Audit/MoC Settings?

Audit/MoC settings are system-wide configuration options that control how audits and Management of Change processes are conducted, including resource tracking, close-out requirements, and workflow defaults.

View Audit/MoC Settings

  1. Navigate to Main QSS Settings
  2. Select the Audit/MoC Settings tab
  3. Review current settings

Audit-Specific Settings

Configure audit-related options:

  • Enable/disable audit resources: Turn audit resource tracking on or off
  • Default audit settings: Set default values for new audits
  • Close-out requirements: Define mandatory steps for closing audits
  • Finding approval workflow: Configure finding review and approval process
  • Audit report generation: Set default report format and sections

MoC-Specific Settings

Configure Management of Change options (brief mention):

  • Default MoC workflow: Set standard MoC process stages
  • Approval requirements: Define approval levels and authorities
  • Risk assessment integration: Enable/configure risk assessment for changes

Note: Detailed MoC settings are managed in the dedicated Management of Change Settings page.

Save Settings

  1. Make changes to desired settings
  2. Review settings carefully
  3. Click Save Changes
  4. Confirm the save action

Impact on Audits and MoC

Settings affect:

  • All quality, safety, security, and DG audits
  • Audit resource tracking and reporting
  • Audit close-out and approval workflows
  • Management of Change processes
  • Default values and configurations for new items

Permissions

Requires QSS Administrator or System Administrator role.

14 Impacted Factors/Parties Tab

Overview

The Impacted Factors/Parties tab allows you to set up categories for identifying what factors or parties are impacted by risks, incidents, or hazards. This helps in comprehensive risk assessments and impact analysis.

What are Impacted Factors/Parties?

Impacted factors/parties are categories that identify what or who could be affected by a risk, hazard, or incident. They help assess the scope and severity of potential impacts.

Examples: Personnel, passengers, aircraft, operations, reputation, environment, finances, regulatory compliance.

View Impacted Factors/Parties

  1. Navigate to Main QSS Settings
  2. Select the Impacted Factors/Parties tab
  3. Browse the list of impact categories

Add Impacted Factor/Party

  1. Click Add Impact Category
  2. Enter category name (e.g., "Personnel Safety," "Aircraft Operations," "Environmental Impact")
  3. Provide description and examples
  4. Set sort order for display sequence
  5. Click Save

Edit Impacted Factor/Party

  1. Locate the impact category
  2. Click the edit icon
  3. Update name, description, or sort order
  4. Click Save

Deactivate Impacted Factor/Party

  1. Locate the impact category
  2. Click the deactivate icon
  3. Confirm deactivation
  4. Deactivated categories are hidden from new selections but preserved in historical risk assessments

Usage

Impacted factors/parties are used for:

  • Conducting comprehensive risk assessments
  • Identifying all potential impacts of hazards
  • Prioritizing risk mitigation based on impact scope
  • Reporting on risk exposure across different areas
  • Supporting safety and security management decisions

Permissions

Requires QSS Administrator or System Administrator role.

15 Best Practices

Main QSS Settings Best Practices

Cross-Module Consistency
  • Use main settings for configurations that apply across all modules
  • Reserve module-specific settings pages for section-unique configurations
  • Ensure taxonomy and hazard structures support all QSS areas
  • Maintain consistent terminology across modules
Change Management
  • Test settings changes in a non-production environment first
  • Communicate changes to all QSS users before implementation
  • Document the reason for settings changes
  • Review impact on existing processes before saving
Data Organization
  • Keep taxonomy structures simple and intuitive
  • Use clear, descriptive names for all categories
  • Limit hierarchy depth to maintain usability
  • Regularly review and clean up unused items
Regulatory Alignment
  • Align hazard and causal factor structures with regulatory frameworks
  • Maintain external entity records for all regulatory authorities
  • Configure report settings to meet regulatory reporting requirements
  • Review settings when regulations change
Navigation
Settings

Theme

Other settings coming soon...

An unhandled error has occurred. Reload 🗙
Interactive features loading...