Safety has traditionally been defined as a condition where the number of adverse outcomes was as low as possible (Safety-I). From a Safety-I perspective, the purpose of safety management is to make sure that the number of accidents and incidents is kept as low as possible, or as low as is reasonably practicable. This means that safety management must start from the manifestations of the absence of safety and that - paradoxically - safety is measured by counting the number of cases where it fails rather than by the number of cases where it succeeds. This unavoidably leads to a reactive approach based on responding to what goes wrong or what is identified as a risk - as something that could go wrong. Focusing on what goes right, rather than on what goes wrong, changes the definition of safety from 'avoiding that something goes wrong' to 'ensuring that everything goes right'. More precisely, Safety-II is the ability to succeed under varying conditions, so that the number of intended and acceptable outcomes is as high as possible. From a Safety-II perspective, the purpose of safety management is to ensure that as much as possible goes right, in the sense that everyday work achieves its objectives. This means that safety is managed by what it achieves (successes, things that go right), and that likewise it is measured by counting the number of cases where things go right. In order to do this, safety management cannot only be reactive, it must also be proactive. But it must be proactive with regard to how actions succeed, to everyday acceptable performance, rather than with regard to how they can fail, as traditional risk analysis does. This book analyses and explains the principles behind both approaches and uses this to consider the past and future of safety management practices. The analysis makes use of common examples and cases from domains such as aviation, nuclear power production, process management and health care. The final chapters explain the theoret