How to build a safety culture in three steps

Posted on by Ben Rothke

This is an article from Aviation International News.  While it is about aviation safety; the keys points, namely about a culture, ring true for information security. 

How to build a safety culture in three steps

By: John Goglia 

April 1, 2010

There are no petri dishes where we could grow a perfect strain of safety culture and inject it into those aviation organizations that clearly seem to need it. Come to think of it, all airlines and repair stations could use a booster shot of safety culture to keep their organizations fighting the constant pressures to move aircraft and save money, often by cutting corners. But what would that perfect safety strain look like and how do we spread it top-to-bottom in a company?

It’s not an easy question to answer. Fortunately, thanks to PBS Frontline’s excellent segment “Flying Cheap” we know what a lack of safety culture looks like, at least at one airline. If you missed the segment (which investigates last year’s Colgan Air crashin Buffalo, N.Y.), watch it. It’s eye-opening, even to someone who sometimes thinks he’s seen it all. I’m still struggling to understand how a Part 121 airline could ask a pilot to be a check airman when he’s not type rated in the aircraft and has never even flown it. And I would have thought it was airline management 101 that if a captain on one of your flights has his certificate revoked by the FAA for falsifying a load manifest, you don’t send your director of ops to testify for him at the NTSB hearing. Sound incredible? Watch the show online (

After more than 40 years in aviation, and several decades working in accident investigations, first for the IAM (USAir’s mechanic’s union) and later as an NTSB Board member, I can say one thing unequivocally: an organization cannot maintain 
a safety culture unless the CEO lives and breathes safety, personally and professionally, every hour of every day. If the CEO is not totally committed to safety, there is no hope of inculcating a safety culture in the rank and file. 

If the CEO is a number cruncher with no aviation experience and no safety ethos, the drive for profits will permeate the organization, and pilots, mechanics and flight attendants, no matter how well intentioned, will be pushed to do things that cross the safety line or risk losing their jobs. Cross the line enough times and accidents happen.

So, let’s take the airline or repair station that has a committed aviation professional as CEO, who not only says “safety first” but actually means it. How do you get the rest of the organization to value safety? The sweet spot is finding the intersection between an efficient, cost-effective and on-time operation and a safe one. Easier said than done? Perhaps. But it is not at all impossible. 

These are my top three ground rules for establishing a safety culture. 

First, we need to start with the premise that manual requirements and Federal Aviation Regulations (FARs) must be followed. There can be no safe operation if manual requirements and FARs are fudged in the face of the pressure to move metal. If manual requirements need to be changed, there is a process for doing that. Doing it on the fly is not the way to run a safe operation. Ad hoc procedures lack the rigors of a formal evaluation process. (Yes, I know that maintenance manuals frequently contain errors that mechanics have long been forced to work around. But individual work-arounds are not the way to run a safe operation.)
Second, front-line workers need to be confident that their safety decisions will not be second-guessed by middle and upper managers under pressure to move airplanes. Most mid-level supervisors do not pressure their subordinates unless they are themselves getting pressured by upper management. At this point, managers reading this are probably shaking their heads saying, “What about the malingerers? How do we keep them from destroying the company?” Of course, I am well aware that malingerers exist in every profession. But I think many companies over-estimate the number of malingerers to the detriment of trusting employees to make safety decisions in the best interests of the company they work for. Bad employees can be managed without undermining the safety of an organization. 

Third, companies should track and reward employees based on safety data just as they track on-time performance. Better yet, combine the two metrics so safe and on-time performance is rewarded. So much data is tracked today that it should be relatively easy to put together safety information that can be used for this purpose. The pressure in some aviation organizations to meet a schedule at almost any cost has to be stopped. Putting the company’s money on safety, along with timeliness, will send a clear message to employees on the true organizational priorities.

These are my top three suggestions. I would welcome hearing yours. I know it is difficult to create a culture of safety in organizations where safety has been put on the back burner for too long. It might take a change in management and even a change in some employees too long indoctrinated in a move-the-airplane atmosphere. It may not happen overnight. But it’s better to start now rather than when that awful call comes in that an airplane has crashed.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs