Will the System Be Safe?

How do you know whether a new system will be safe? As chapter 8 showed, automating parts of human work may make a system safer, but they may not. The Alaska Airlines 261 accident discussed in chapter 2 illustrates how difficult it is to know whether a system is going to be safe during its operational lifetime. In the case of the DC-9 trim system, bridging the gap between producing a system and running it proved quite difficult. Certifying that the system was safe, or airworthy, when it rolled out of the factory with zero flying hours was one thing. Certifying that it would stay safe during a projected lifetime proved to be quite another. Alaska 261 shows how large the gulf between making a system and maintaining it can be.