Resilience Engineering represents a new way of thinking about safety. Whereas established risk management approaches are based on hindsight and emphasise error tabulation and calculation of failure probabilities, Resilience Engineering looks for ways to enhance the ability of organisations to create processes that are robust yet flexible, to monitor and revise risk models, and to use resources proactively in the face of disruptions or ongoing production and economic pressures. In Resilience Engineering failures do not stand for a breakdown or malfunctioning of normal system functions, but rather represent the converse of the adaptations necessary to cope with the real world complexity. Individuals and organisations must always adjust their performance to the current conditions; and because resources and time are finite it is inevitable that such adjustments are approximate. Success has been ascribed to the ability of groups, individuals, and organisations to anticipate the changing shape of risk before damage occurs; failure is simply the temporary or permanent absence of that. In resilience engineering, assuring safety does not mean tighter monitoring of performance, more counting of errors, or reducing violations, since that may well be based on a faulty assumption: that safety should be defined as the absence of something because systems are already safe. The corrolary of this wrong assumption is that safety-critical systems need protection from unreliable humans-by more procedures, tighter monitoring, automation. We are not custodians of already safe systems. These systems always have to meet multiple opposing goals at the same time, and always with limited resources. It's only people who can reconcile these conflicting demands, who can hold together such inherently imperfect systems. People, at all levels of an organization, create safety through practice. So safety is not about the absence of something. It is about the presence of something.