Skip to content
ACTION PLANS · CAP · THE CLOSURE MODULE

Closing it is a signature.Not a button.

Every corrective action links back to the finding that raised it, and carries an owner, a verifier and a due date. It can’t close until the verifier signs that the fix actually worked — and the person who did the work can’t be the one who signs it off. If the fix failed, it reopens for the Safety Action Group.

ACTION PIPELINE
SAMPLE
PAST DUEOVERDUE2OPEN14IN PROGRESS27VERIFY6CLOSED142SIGNATURE GATEOWNER IS NOT VERIFIER
CAP-2026-0042Recurrent training refresh — cabin crew door operations
OWNERJane A.VERIFIERMark T.DUE2026-05-12
EFFECTIVENESS GATE · WAITING ON VERIFIER
ACTIONS / 30D
23
+4 vs prev
ON-TIME CLOSURE
91%
+3% / 30d
AVG CYCLE
11d
−2d / 30d
01THE EFFECTIVENESS GATE

Two people.
One signed closure.

The owner submits the evidence; a different person checks it against the original finding and signs that the fix worked. The action stays open until they do. Closing it early isn’t a setting someone can flip — the workflow won’t allow it.

OWNERVERIFIERACTION ASSIGNEDowner acceptsEVIDENCE UPLOADEDowner submitsHAND-OFFEFFECTIVENESS GATEverifier signsOWNER IS NOT VERIFIERCLOSEDchain locks
OWNER
VERIFIER
SIGNATURE GATE
SAMPLE FLOW · OWNER IS NOT THE VERIFIER
02THE HIERARCHY OF CONTROLS

Strongest fix first.
A reminder is the last resort.

A re-brief is the easiest action to write and the first to fade. The platform asks you to reach higher — remove the hazard, guard it, or change the procedure — before settling for a control that leans on people remembering.

STRONGEST · MOST DURABLEWEAKEST · RELIES ON PEOPLE
01
Remove the hazard
Design out the step that caused the event — strongest, most durable.
02
Swap for something safer
Replace the tool, fluid or task with a lower-risk alternative.
03
Guard or engineer it
A physical guard, an interlock, a checklist gate that catches the error.
04
Change the procedure
New limitation, revised SOP, a sign-off added to the workflow.
05
Brief or protect the crew
Re-brief, recurrent training, protective equipment — the weakest, relies on people remembering.
03WHEN THE FIX DIDN’T WORK

A failed fix reopens.
It doesn’t disappear.

If the verifier decides the action didn’t actually fix the problem, it can’t be marked closed. It reopens and goes to the Safety Action Group, so the same hazard isn’t signed off twice on a fix that never held.

REOPENS — DOES NOT CLOSEVERIFIER REVIEWchecks the fixINEFFECTIVEfix did not holdSAFETY ACTION GROUPreopens for review
04FIVE MOMENTS IN THE LIFE OF AN ACTION

Five moments.
From raised to signed.

  • When a finding opens an action.
    Every action remembers what it’s fixing.

    An action is always linked back to the occurrence, hazard or audit finding that raised it. Open the action and the original problem is one click away — so nobody fixes the symptom and forgets the cause.

  • When you write the fix.
    The strongest control first, not a quick reminder.

    The platform asks how you are removing the hazard before it lets you settle for “re-brief the crew”. Design it out, guard it, or change the procedure — a one-off reminder is the weakest answer, and it shows.

  • When the owner thinks they’re done.
    The person who did the work can’t sign it off.

    The owner submits their evidence; a different person — the verifier — checks it against the original finding and decides whether it actually worked. One record, two people, by design, not by good manners.

  • When the fix didn’t work.
    A failed action doesn’t quietly close.

    If the verifier judges the action ineffective, it does not close. It reopens and goes to the Safety Action Group for review — so a fix that looked good on paper but failed in practice gets a fresh pair of eyes.

  • When the regulator asks for the trail.
    The whole chain exports in one click.

    Source finding, owner, verifier, evidence, signature, dates. The record is the audit pack — no screenshots, no stitching PDFs together the night before the audit.

CAP · THE CLOSURE MODULE

Walk one action through.
From finding to signed gate.

Open a sample finding, set an owner and a verifier, watch the due date approach, and sign the effectiveness gate — with the founder, on your own data shape, in 30 minutes.