There’s a pattern in aviation safety that’s easy to miss because it doesn’t look like a failure. Nothing “breaks.”Nothing alarms.Nothing is obviously wrong. And yet, something important quietly stops working the way we assumed it would. It usually happens at the edges of the system—not in the centre where we design, analyse, and certify things—but […]
There’s a strange pattern in aviation safety work that you only really notice after a while. The catastrophic events—the ones that make reports, boards, and headlines—almost never come from something truly unknown. In hindsight, they’re usually traceable. The warning signs were there. The system “knew” in some sense. So the real question is not: why
In aviation safety engineering, it’s easy to talk as if “safety” is something that gets fully built into a system during design. It isn’t. Safety is split across two very different environments: Safety in design defines how a system should behave.Safety in operation determines how it actually behaves. Confusing the two is one of the
One of the most important—but often misunderstood—distinctions in aviation safety engineering is the difference between ensuring safety and assuring safety. The language matters because it reflects a deeper truth about how safety is actually distributed across the system. 1. Organisations ensure safety Operators, designers, maintainers, and manufacturers are responsible for creating and maintaining safety
Safety engineering is often treated like a compliance exercise—fill out the hazard logs, tick the boxes, pass the audit. But in reality, it’s something more fundamental: Safety engineering is the discipline of making failure predictable, visible, and manageable before it becomes operational reality. Whether you’re designing avionics, maintaining aircraft, or operating within a regulated system,
When people hear the word safety, they often think of something absolute and almost binary in nature, as if a system is either completely safe or fundamentally unsafe with no meaningful space in between those two states. But in engineering—especially in fields like aviation or complex system design—that idea doesn’t really hold up in practice,
Mapping System Intent to Failure States Functional Hazard Assessment (FHA) sounds formal, but at its core it’s actually a very simple idea. You’re just asking: “What is this system supposed to do… and what happens if it doesn’t do that properly?” That’s it. Everything else is just structure built around that question. Where
Swissair 111 perished because an in-flight fire started in the entertainment system wiring above the cockpit ceiling and spread through the aircraft faster than any checklist could address it. The wiring used insulation material that had passed certification tests — tested individually, in isolation, at standard conditions. Installed in a dense bundle in an enclosed
Japan Airlines Flight 123 is the deadliest single-aircraft accident in aviation history. Five hundred and twenty people died on 12 August 1985 when the aft pressure bulkhead of a Boeing 747 — improperly repaired seven years earlier after a routine tailstrike — ruptured explosively at 23,900 feet, destroying the vertical fin and severing all four
The Tenerife disaster is not the story of one mistake. It is the story of a system that had been stripped of every redundancy, every barrier, and every margin — until nothing remained between 583 people and catastrophe. On 27 March 1977, a bomb at Las Palmas airport forced dozens of aircraft to divert to
