The Swiss Cheese Model of Accident Causation

human factors

The Swiss Cheese Model of accident causation - Also known as swiss cheese model risk management- was first provided by Professor/James Reason, in 1990, at the University of Manchester. He recognized that accidents in complex systems occur through the concatenation of multiple factors, where each may be necessary but, they are only jointly sufficient to produce the accident.

Aviation safety before applying the Swiss Cheese Model

During the period from 1970-to 1990, the frequency of aviation accidents had significantly declined - in comparison with the previous decades - due to technological advances and enhancements to safety regulations. 

With the continuing application of improvements in aviation safety, the safety practices extended to include human factors. But, at that time, human factors in the accident investigations focused on individual errors and violations without fully considering the operational and organizational context (failures in the management and organization of safety).

The Swiss Cheese Model is a model of how accidents could be seen as the result of interrelations between real-time unsafe acts by front-line operators and latent conditions.

In this article, I will give you basic information about Swiss Cheese Model and how it explains the multi layers factors that may lead to an accident causation.

A Basic Fact of the Swiss Cheese Model

Thank you, Professor. James Reason, during the mid-1990s, in aviation, safety began to be viewed from a systemic perspective and began encompassing organizational factors besides human factors and technical factors. However, this perspective considered the impact of such factors as organization culture and policies on the effectiveness of safety risk controls.

Understanding the new accident causation model help aviation safety experts gain  a proactive sense to identify what types of failures or errors generally may cause accidents. Furthermore, what actions are needed to address these failures before they have the chance to occur again?.

 Swiss Cheese Model

The Swiss cheese model has become the dominant paradigm for analyzing human errors and aviation accidents & incidents. It illustrates that accidents involve successive breaches of multiple defenses. These breaches are triggered by many enabling factors such as equipment failures or operational errors.


The Swiss-Cheese Model contends that complex systems - such as Aviation- are well defended by layers of defenses (otherwise known as barriers). A single-point failure is rarely consequential.

Breaches in safety defenses can be a delayed consequence of decisions made at the higher levels of the organization, which may remain dormant until their effects or damaging potential is activated by certain operating conditions (known as latent conditions).


However, under such specific circumstances, human failures - or Active Failures - at the operational level act to breach the final layers of safety defense. The Swiss-Cheese Model proposes that all accidents include a combination of both active failures and latent conditions -Latent failures.


Active Failures and Latent Failures

The distinction between the hands-on human failures and those made by other aspects of the organization is described by The Swiss-Cheese Model as active and latent failures.

Active Failures

Active Failures have an immediate consequence and are usually made by front-line people such as ground support equipment operators, maintenance technicians, and aircraft pilots. These immediately preceded and are the direct cause of the accident.


Latent Failures

Latent failures are those aspects of the organization which can immediately predispose Active Failures. Common examples of latent failures include (HSE, 1999):

  • Poor design of plant and equipment;
  • Ineffective training;
  • Inadequate supervision;
  • Ineffective communications; and
  • Uncertainties in roles and responsibilities.


Latent Failures are important for accident prevention, for two reasons:

1. If not resolved, the probability of repeat (or similar) accidents remains high, regardless of what other action is taken.

2. As one latent failure often influences several potential errors, removing Latent Failures can be a very cost-effective route to accident prevention.


Is it complicated to understand the Swiss Cheese Model? Let me facilitate this by explaining the classification of Human Failures.


Classification of Human Failures (Active Failures)

The term human failures can include a great variety of human behavior. Therefore, in attempting to define human Failures, different classification systems have been developed to describe their nature. Identifying, why these Failures occur will ultimately assist in reducing the likelihood of such errors occurring.

Regarding the classification of Active Failures, Reason distinguishes between intentional and unintentional Errors. Intentional errors are described as violations. Unintentional errors are classified as either slips/lapses or mistakes.

1- Human Errors

A- Skilled-Based Error

-  Slips and Lapses

 These occur in routine tasks with a person who knows the process well, and holds experience in his work:

They are action errors that occur at the time of performing the task;

They often involve missing a step out of a sequence or applying steps in the wrong order and frequently arise from a lapse of attention;

Operating the wrong control through a lapse in attention or accidentally selecting the wrong gear are typical examples.


B- Mistakes

They are decisions that are found to be wrong, although, at the time, the person would have believed them to be correct. There are two types of mistakes (HSE, 1999).

-  Rule-based mistakes

It occurs when the operation at hand is governed by a series of rules. The mistake occurs when an inappropriate action is tied to a particular event.


- Knowledge-based mistakes

Knowledge-based mistakes occur in entirely novel situations when you are beyond your skills, beyond the provision of the rules. And you have to rely entirely on adapting your basic knowledge and experience to deal with a new problem.


2- Violations

Violations are any deliberate deviation from the rules, procedures, instructions, and regulations which are necessary for the safe or efficient operation and maintenance of a plant or equipment. Breaches in these rules could be accidental/unintentional, or deliberate.

Violations occur for many reasons and are seldom willful acts of sabotage or vandalism. The majority stem from a genuine desire to perform work satisfactorily given the constraints and expectations that exist. Violations are divided into three categories: routine, situational and exceptional (HSE,1999).


A- Routine Violations

Are violations where breaking the rule, or procedure has become the normal way of working. The violating behavior is normally automatic and unconscious. But the violation is recognized as such by the individual(s) if questioned. It can be due to cutting corners and saving time. Or be due to a belief that the rules are no longer applicable.

B- Situational Violations

Occur because of limitations in the employee's immediate workspace or environment. These include the design and condition of the work area, time pressure, number of staff, supervision, equipment availability, and design and factors outside the organization's control, such as weather and time of day. These violations often occur when a rule is impossible or extremely difficult to work to in a particular situation.


C- Exceptional Violations

Violations that are rare and happen only in particular circumstances, often when something goes wrong. They occur to a large extent at the knowledge-based level. The individual in attempting to solve a novel problem violates a rule to achieve the desired goal.


Swiss Cheese Model Example

In this example, I will represent the threats to safety by the holes in the slices.

Slice 1: Management level

Expanding the operation network decision was taken three months ago (Expanding the operation network with the current human power and current maintenance capabilities).

Slice 2: Reliable Maintenance

The airline suffers from a " Missing Component" of reliable maintenance.

Slice 3: Unsafe Acts

Undocumented Procedures.

Slice 4: Human Failures

Flight crew deliberately deviating from standard operating procedures followed by a lack of communication, leading to a loss of situational awareness coupled with a non-assertive behavior causing an incident or accident.


Do you think the accident is the flight crew's responsibility? or Many contributing factors that led to this accident.



Human Error is more than front-line personnel error. Everyone can make errors no matter how well trained and motivated they are.

It is important, for accident investigators and safety experts to distinguish between active and latent failures. Active Failures are those hands-on front-line personnel errors that immediately precede an accident. Latent failures are the factors or circumstances within an organization (which increase the likelihood of Active Failures). Latent Failures lie hidden until they are triggered in the future.

Further reading :

-           ICAO Doc 9859- Safety Management Manual

-           Reason J (1990) Human Error, Cambridge University Press

-           HSE (1999), Reducing Error and Influencing Behaviour, HS(G)48, HSE Books

Maged Saeed AL-Hadabi

I’m Instructor / Maged Saeed Al-Hadabi. ​ Air Cargo / IATA Dangerous Goods Regulations / Safety Management System Senior Instructor, Auditor [ Yemen Airways] . Approved IATA DGR/ SMS Instructor by Yemen Civil Aviation Authority.

Previous Post Next Post

Contact Form