Figure 1. The Domains of Safety Abstract. Numerous studies have shown that organizational factors are contributors to major accidents, in particular, catastrophes, such as Chernobyl and Challenger. Organizational safety, as distinguished from industrial and system safety, can be viewed in a systems engineering context. Case histories of these and other disasters are reviewed with a focus on the organizational aspects. First, the systems engineering concept of the development and support systems, that is, the engineering and support organizations, as categories of enabling systems dictates that these systems be considered concurrently with the operational system in establishing the total system requirements. Secondly, the systems engineering processes of requirements development and synthesis enable the creation of an organizational system which meets the total system requirements for safety. Finally, systems of verification are addressed, both externally mandated systems as well as internally conducted audits. INTRODUCTION Not all catastrophic accidents are organizational in origin, nor do all organizational errors result in catastrophic accidents. Nevertheless, extensive studies have found that the root cause of many accidents is organizational and deserve remedies. While the causes of major catastrophes have been extensively studied, remedies from a systems engineering perspective are yet in a seminal stage of development. (Reason, 1997) presents one of the most exhaustive case history studies of “organizational accidents” 1 and their causes. Reason introduces the concept of latent conditions to describe these causes. (Paté-Cornell, 1990) applies lessons learned from the studies of “organizational errors” to the development of offshore platforms and other disasters. (Werner, 2001) studies the cultural factors leading to major accidents. Finally, (Stephens, 1997) discusses a single case history, the 1947 Texas City disaster to show how 1 The term catastrophe is used in this paper to distinguish between accidents with extensive loss of life and property and individual accidents in the industrial safety context. a combination of organizational errors contributed to the largest industrial accident in US history. (Perrow, 1999) focuses on the complexity of systems and how this complexity makes it more difficult for organizations to control these systems. While all of these studies examine the causes of these accidents in detail and list key “needs” to address the causes, in general they leave it to others to develop specific requirements and system (organizational) architectures to achieve system safety. All of these factors are inherent in a systems engineering (SE) analysis which is the subject of this paper. It is not the intent to list all of the concrete verifiable requirements or to suggest a specific system architecture. However, it is the intent to show that such a task can be and should be accomplished to achieve a safety-oriented organization. SAFETY TYPES Writers on the subject of safety often distinguish among three categories of safety: system safety, industrial safety, and organizational safety. Although there are overlaps among these categories, they provide a useful basis for discussion. These three types of safety are illustrated in the Venn diagram of Figure 1. Organizational Safety: A Systems Engineering Perspective Scott Jackson The Boeing Company Long Beach, California Industrial Safety Organizational Safety System Safety 1