Connect occurrence, CAPA,
SPI and SRP.

See the highlighted block above the contents list. The rest of this article walks through each layer of the loop.

Occurrence reporting is foundational to a Safety Management System. ICAO Annex 19, EU Regulation 376/2014, EASA Part-ORO and FAA Part 5 all require it. Most airlines have it. None of them run a safety system on it alone.

An occurrence record captures discrete data: time, place, type, severity, reporter, classification. It answers what happened. It does not on its own answer four questions safety leaders need to act on weekly:

• Which barriers held and which failed?
• Is this event part of a pattern across the operation?
• What does the Safety Risk Profile look like this week?
• Are the corrective actions we have closed actually effective?

Each of these answers requires linking the occurrence to other artefacts. Without the linkage, the safety team is left with a queue. With the linkage, the team has a running safety system. The platform shape that ships the linkage as one model — rather than four databases connected by APIs — is the bar this article describes.

CAPA (Corrective and Preventive Action) is the action layer that closes the loop between detecting a safety issue and improving the system. The CAPA pipeline runs open → in progress → verify → closed, with effectiveness verification as a hard gate before closure.

Origin.A CAPA arises from one of three triggers: an occurrence's classification implicates a hazard or barrier; an audit finding identifies a gap; an SPI breach reveals a trend. In a connected system, the origin is recorded as a link, not a free-text note.

Owner and verifier. Every CAPA has a typed owner (a named person, not a department) and a named verifier (different from the owner). The owner closes the action; the verifier signs effectiveness.

Effectiveness verification.The gate that separates a CAPA from a checklist. The verifier reads the operational evidence — subsequent occurrences, audit re-tests, training records — and signs whether the action achieved its intended outcome. If yes, the CAPA closes and the related barrier's effectiveness is restored. If no, the CAPA reopens with a revised approach.

Downstream propagation.When a CAPA closes successfully, the relevant barrier's effectiveness state updates. The SPI counter for the top events that depend on the barrier reflects the change. The Safety Risk Profile entry for the relevant hazard refreshes. The accountable manager sees the change in the next safety review board pack without anyone re-running an export.

Safety Performance Indicators (SPIs) are the measurement layer that detects when the operation is moving outside the expected envelope. ICAO Doc 9859 Section 4 defines the discipline; an operator's SPI library applies it.

What an SPI looks like.Numeric. Time-bound. Tied to a hazard or top event. With an alert threshold (when investigation triggers) and a target (where the operation should be). “Unstable approaches per 1000 sectors” is an SPI. “Improve safety culture” is not.

Leading vs lagging. Most airlines run a mix. Lagging SPIs count realised events (occurrences, near-misses) and are easy to define. Leading SPIs count precursors (training expiries, audit findings, procedure deviations detected by FOQA) and are harder to define but more useful operationally. A balanced library has both.

Ownership. Every SPI has a named owner who reviews it at the safety review board cadence. SPIs without owners drift, and an SPI that nobody owns is a metric, not an indicator.

How SPI connects upstream and downstream. Upstream: an occurrence is classified and ticks the SPI counter for the related top event. Downstream: an SPI threshold breach updates the Safety Risk Profile entry for the hazard and triggers an investigation that may open a CAPA. The SPI is the measurement layer between events and oversight.

The Safety Risk Profile (SRP) is the oversight layer the accountable manager reads. It is not a synonym for the risk register; it is the live operational picture rendered on top of all the other artefacts.

What the SRP holds.Every hazard, with its current risk state, derived from the bowtie barriers' effectiveness, the SPI counters that track its top events, the recent occurrences linked to it, and the open CAPA in scope. The SRP is a rendered view, not a hand-curated document.

Cadence.Read weekly by the accountable manager and the safety review board. The current eAviora platform is designed so the SRP view is live the moment a record changes — no overnight batch required.

What changes the SRP. A new occurrence that bypasses a barrier. An audit finding that degrades a barrier. An SPI threshold breach. A CAPA closure with effectiveness signed. A training expiry on a barrier-relevant competency. The SRP is the audit of the operational graph; the operational graph is the audit of the underlying records.

Why this matters. The accountable manager exercises oversight through the SRP. An SRP that is six weeks stale is a story; an SRP that updates in near real-time is a system. The regulator audits the story; the operation runs on the system.

eAviora is the AI-native aviation safety intelligence platform designed around exactly this loop. The four artefacts share one operational graph. Cross-module propagation is structural, not narrative.

In practice:

• Occurrence intake routes to classification (AI proposal, human approval) and links to a hazard.
• The hazard's top events appear in bowtie diagrams. Each barrier's effectiveness is derived from open audit findings, recent occurrence-driven bypasses, and relevant training records.
• The SPI counters for the top events update the moment an occurrence is classified. Threshold breaches surface as alerts.
• CAPA arises from occurrence findings, audit findings and SPI breaches. Effectiveness verification is enforced as a hard gate before closure.
• The Safety Risk Profile aggregates SPI state, barrier health, open CAPA and recent occurrences for the accountable manager.

The relevant surfaces: SMS module, Actions (CAPA), Safety analytics. See the Buyer's Guide or contact us to discuss your operation.