Although mandatory in most high-risk industries, the safety management system (SMS) is often criticized as burdensome and complex. Through its requirement to formalize all main activities, the SMS is perceived as bureaucratic and a vehicle for pure compliance and Safety I (one). Furthermore, the SMS is often detached from an organization’s core activities, goes against local practice and does not deliver the safe performance that was hoped for. By comparing the model behind SMS with specific requirements for process capability, this paper identifies a safety fractal that reflects the basic requirements that are needed to control safety related activities at all levels within an organization. It is further argued that the constituent elements of this safety fractal are particularly suitable to organize resilient performance, provided that resilience is explicitly identified as the safety strategy to follow and, as such, consequently implemented. This approach is then positioned against common safety management concepts as management system maturity, leadership and safety culture, leading to a systematic and a more comprehensive view on how to measure safety performance and resilience.