RESILIENCE ENGINEERING
Four Abilities of a Resilient System
Hollnagel · Woods · Leveson · Wreathall · Aviation Safety Theory

Resilience Engineering treats safety as an active accomplishment, not an absence. A resilient organisation is one that can respond to what happens, monitor what could happen, anticipate what might, and learn from what has. These four abilities — not just the avoidance of accidents — are what keep a complex system within the boundaries of safe performance.

Overview of the framework

Resilience Engineering emerged from a 2004 Söderköping meeting that produced the field-defining book Resilience engineering: Concepts and precepts (Hollnagel, Woods, & Leveson, 2006). The core thesis is that in complex socio-technical systems, safety cannot be designed in once and assumed thereafter. Instead, an organisation must continually maintain the capacity to adjust its performance to cope with expected and unexpected conditions. Woods (2015) distils this into four concepts of resilience, the most operational of which — resilience as adaptive capacity — is captured in Hollnagel's four abilities.

The four abilities form a cycle. Respond: knowing what to do when something happens, including events outside the design envelope. Monitor: knowing what to look for — the leading indicators of trouble, including one's own adaptations. Anticipate: understanding what might happen next and preparing for it, including future surprises. Learn: extracting the right lessons from both success and failure, feeding back into the other three abilities. Hollnagel's Resilience Analysis Grid (RAG) operationalises the four abilities as a diagnostic questionnaire.

ADAPTIVE CAPACITY ANTICIPATE what might happen MONITOR what could happen LEARN from what has happened RESPOND to what happens RAG Resilience Analysis Grid
Figure 1 · Four abilities of a resilient system. The Resilience Analysis Grid (RAG) operationalises each ability as a set of diagnostic questions.

When to use it

Typical applications

  • Diagnosing organisational readiness for novel or rare events (pandemics, supply-chain shocks, cyber incidents).
  • Designing training, staffing, and automation that preserve degraded-mode capability.
  • Building leading indicators that track adaptive capacity, not just accident rates.
  • Complementing SMS by asking what could go wrong, not only what did.

Aviation relevance

  • ATM and airline operational contingency planning (weather events, volcanic ash, geopolitical disruption).
  • Crew and ATC resilience training beyond scripted non-normals.
  • Fatigue, rostering, and staffing decisions that preserve slack for anticipation and response.
  • Single-pilot and reduced-crew automation design — who retains adaptive capacity when things go wrong?

Benefits

  • Positive definition of safety. Names what we want, not just what we want to avoid — a lever for investment in capability.
  • Forward-looking. Anticipation is first-class; the organisation is encouraged to look at future surprises, not only historical incidents.
  • Integrates with Safety-II. Provides the operational content behind the Safety-II reframing.
  • Operationalisable. The Resilience Analysis Grid turns concepts into workshop questions, interview prompts, and scorecards.
  • Addresses slack and capacity. Makes visible the resources (time, people, skills, equipment) that resilience actually requires.
  • Scales across levels. Applies to crew, operation, company, and regulator.
  • Counterweight to efficiency drift. Frames adaptive capacity as an asset, not cost to be optimised away.
  • Connects to HRO and ETTO. Gives a shared vocabulary across major streams of safety theory.

Limitations

  • Still maturing as a practice. Fewer ready-made techniques than classical Safety-I.
  • Measurement is hard. Proxies for "capacity to respond to surprise" are inherently indirect.
  • Risk of loose use. "Resilience" has become a buzzword; without the four-abilities discipline, it can mean anything.
  • Cultural and investment demand. Real adaptive capacity is expensive — time, redundancy, slack — in ways that clash with cost-pressure.
  • Does not replace hazard analysis. Organisations still need bow-ties, STPA, and FMEA for identified risks; resilience covers the rest.
  • Debate with traditional reliability. Some engineers argue resilience metrics are vague compared with MTBF-style figures.
In short Resilience Engineering treats safety as the ability to adjust — before, during, and after events. Use the four abilities (respond, monitor, anticipate, learn) as a practical diagnostic for how ready your operation is for the future it can't yet describe, and the RAG as a way to turn that diagnostic into data.

References (APA 7)

Hollnagel, E., Woods, D. D., & Leveson, N. (Eds.). (2006). Resilience engineering: Concepts and precepts. Ashgate.

Hollnagel, E., Pariès, J., Woods, D. D., & Wreathall, J. (Eds.). (2011). Resilience engineering in practice: A guidebook. Ashgate.

Hollnagel, E. (2011). Epilogue: RAG — The Resilience Analysis Grid. In E. Hollnagel, J. Pariès, D. D. Woods, & J. Wreathall (Eds.), Resilience engineering in practice (pp. 275–296). Ashgate.

Woods, D. D. (2015). Four concepts for resilience and the implications for the future of resilience engineering. Reliability Engineering & System Safety, 141, 5–9.

Patriarca, R., Bergström, J., Di Gravio, G., & Costantino, F. (2018). Resilience engineering: Current status of the research and future challenges. Safety Science, 102, 79–100.

Hollnagel, E. (2018). Safety-II in practice: Developing the resilience potentials. Routledge.

Further reading

Madni, A. M., & Jackson, S. (2009). Towards a conceptual framework for resilience engineering. IEEE Systems Journal, 3(2), 181–191.

Nemeth, C. P., & Hollnagel, E. (Eds.). (2014). Resilience engineering in practice, volume 2: Becoming resilient. Ashgate.

Rankin, A., Lundberg, J., Woltjer, R., Rollenhagen, C., & Hollnagel, E. (2014). Resilience in everyday operations: A framework for analyzing adaptations in high-risk work. Journal of Cognitive Engineering and Decision Making, 8(1), 78–97.

Righi, A. W., Saurin, T. A., & Wachs, P. (2015). A systematic literature review of resilience engineering. Reliability Engineering & System Safety, 141, 142–152.