[bumby]

I think we're miscommunicating what is meant by "procedural" vs. "engineering" mitigation.

Procedural is meant as an administrative action as opposed to a designed engineering action.

Think of a hazardous system that has software involved with controlling a pressure hazard. A procedural mitigation may be to have an operator monitor system pressure and push a non-software shut-off emergency button if the system overpressurizes. Even though it's an emergency, it's still a procedural mitigation. An engineering mitigation, on the other hand, may have mechanical pressure relief devices in place to mitigate the hazard. Whether or not it's an "emergency" just relates to the severity and time criticality of the hazard, not the mechanism of mitigation.

In safety design the hierarchy of hazard control preference is generally engineering controls, followed by procedural controls, followed by PPE as the least desirable control scheme.

Which distract from dealing with the other causes of the accidents.

One of the common flaws in mishap investigation is jumping to “solving” proximate causes at the expense of finding the root cause. This is applicable to MCAS as well if that isn’t the root cause (although my hunch is MCAS will be closer to the root issue than pilot actions). As long as people aren’t pointing to the AD as the “fix” I think there’s not a problem with it being an interim measure