In the example of Flight 907, the TCAS system, pilot to comply with the rules. Anyone who conditions. That’s why it’s so important the air tra昀케c controller working on duty, and the works closely with safety systems knows to consider how humans interact with decisions and actions of the crew of Flight 907 that mistakes happen and that can result the systems in order for an optimal safety all represented slices of cheese. However, each in dangerous consequences under certain strategy.2 slice was subject to inherent 昀氀aws (holes) which undermined the reliability and e昀昀ectiveness of those controls, and nearly all aligned to result in a catastrophic system failure. Swiss Cheese Model When investigating an incident like this, one might consider how to adjust the size or position of the holes in each individual system to make them stronger and/or adding more systems in place (layers of cheese) to ultimately make the overall system stronger. For example, this incident helped lead to revisions to the TCAS rulebook in 2003. Originally, TCAS was regarded as a back-up system to ATC. Now, there are clear guidelines for pilots to always follow the guidance of TCAS if TCAS and ATC instructions are con昀氀icting. Hazards Accident/ However, even this control in isolation isn’t Losses perfect; it has holes, because it relies on the © CORITY SOFTWARE INC. 7