Domestic Passenger Vessel Accidents Are Preventable Using a Management System (Part One)

Dr. IJ Arora:

Think of any accident, mishap, or tragedy involving a passenger vessel through history (or in recent times) and then look at the post-event investigation report. If you do this, you will find one shortcoming common to these tragedies: a poor appreciation of risk and the practical nonexistence of a management system. Occasionally, in slightly less disastrous events, you may see the existence of a system, but it is usually poorly implemented.

This two-part article considers the domestic passenger vessel industry in the United States, where there have been several tragedies. I hope (although hope is not a plan) that this work will inspire the industry to look at the proper implementation of management systems. In trying to narrow the discussion, we will analyze and learn lessons from the 2019 sinking of the Conception and to a limited extent the 2023 fire aboard the Spirit of Boston cruise ship. I will mention a few other incidents as well to make the connection and bring out the failure of the various systems that broke down.

A systems-based approach in analyzing accidents in the domestic U.S. passenger vessel industry involves looking at the various components and process interactions that could potentially lead to incidents. This can include factors such as crew training, vessel design, regulatory compliance, maintenance practices, and emergency preparedness. However, the major factor is usually the absence of a management system (or a badly designed and/or poorly implemented one). This is a tragedy in the making.

I am studying these accidents to demonstrate how a systems approach could have helped prevent many of these mishaps. The reluctance to implement an effective management system pains me, not to mention primary investigation agencies like the National Transportation Safety Board (NTSB), the United States Coast Guard (USCG), and other responsible bodies.

Note that I am not discussing technical processes here. Yes, those often fall short of the mark as well, but the bigger issue is the failure to apply simple systematic thinking based on existing management system standards. This reluctance to work systematically surprises me. I’ve recently expressed my views on the Baltimore Bridge collapse, the implosion of the Titan submersible, the collision between an American Airlines flight and a military helicopter over the Potomac, and the Boeing 737 Max inspection failures. In all cases, I cannot understand why a simple, cost-effective action such as properly implementing a management system should be such a critical weakness within so many different organizations. It is a leadership flaw, for (as W. Edwards Deming said) “A bad system will let down a good person every time!”

Titanic and Herald of Free Enterprise

When discussing this topic, many will think back to the Titanic tragedy which goes back more than 100 years. This is of course perhaps the most well-known sinking of all time, so I will not rehash the details, which are easily available online. However, I do want to mention that events like the sinking of the Titanic create the ultimate push—it caused a reaction and, ultimately, the creation of a workable system to help save lives and the vessels themselves. Depending on owners, operators, and masters, to use their judgment and do the right thing at the time of crisis was no longer enough. What the Titanic demonstrated was that the industry needed enforceable regulations and requirements. The result was the Safety of Life at Sea (SOLAS) Convention, which formalized a systematic approach to safety.

Before studying incidents occurring in U.S. domestic waters, I also want to mention the tragedy of the Herald of Free Enterprise, which occurred on March 6, 1987, at Zeebrugge, Belgium. The Herald of Free Enterprise was a roll-on/roll-off ferry owned by the Townsend Thoresen company. On that day, the ship capsized shortly after leaving port and 193 people lost their lives. It had departed with its bow doors open, allowing seawater to flood the car deck. Within minutes, the ship was lying on its side in shallow water.

The tragedy exposed severe deficiencies in the company’s safety culture and operational practices. Justice Barry Sheen was appointed to head the official inquiry into the disaster. His report, published in October 1987, was scathing and unprecedented in its criticism of the ferry operator, management, and the broader safety practices in the maritime industry. Justice Sheen’s report identified a “… disease of sloppiness and negligence at every level of the hierarchy.” This became one of the most quoted phrases from the report. Sheen emphasized that the disaster was not due to a single act of negligence but rather a “… catalogue of failures…” including the failure to ensure the bow doors were closed, poor communication between crew and bridge, inadequate safety procedures, and the absence of proper checks before sailing.

The report placed heavy blame on the senior management, asserting that safety was not a high priority for the company. It also noted that management failed to implement procedures that could have prevented such a tragedy.

It is indeed shocking and surprising that even today, decades later, investigations reports are still pointing out these same drawbacks. Lessons learned seem to be forgotten. I particularly wanted to focus on this incident because Justice Sheen’s report was a turning point in maritime safety regulation. It directly influenced the creation of the ISM Code under the International Maritime Organization (IMO), which mandated formal safety procedures and accountability in international shipping operations.

Conception

The Conception was a dive boat that caught fire off the coast of California, resulting in the deaths of 34 people in 2019.

Investigations into this disaster revealed several deficiencies, including inadequate fire safety procedures, lack of a proper emergency escape route, and insufficient crew training. There were also issues related to the vessel’s sleeping arrangements, where most of the passengers were asleep below deck at the time of the fire.

A systems approach would emphasize the need for comprehensive safety protocols, regular training for crew members, proper vessel design for evacuation, and effective regulatory oversight to ensure the robust implementation of safety measures.

Spirit of Boston

This incident involved a fire that broke out on the dining cruise ship Spirit of Boston while docked in 2022.

The fire was linked to a potential electrical malfunction, but it highlighted issues related to maintenance practices and emergency response protocols.

By applying a systems approach, stakeholders could focus on root cause analysis, looking into how maintenance schedules, crew training, and emergency responses are integrated and managed.

Overall recommendations for the systems approach

There are several important elements to consider in favor of the systems approach, as follows:

  • Interdisciplinary collaboration. Promoting collaboration among various stakeholders, including regulatory bodies, ship management companies, and safety experts, to share information and best practices
  • Root cause analysis. Encouraging investigations that go beyond the immediate causes of accidents to identify systemic failures that could contribute to unsafe conditions
  • Regular training and drills. Implementing continuous training and emergency drills for crew members to ensure readiness, competence and enhance situational awareness
  • Maintenance and safety protocols. Establishing stringent protocols for vessel maintenance and safety checks, with thorough documentation and compliance checks
  • Regulatory oversight. Advocating for robust regulatory frameworks that require adherence to safety standards and proactive risk management strategies
  • Cultural change. Fostering a safety-first culture within organizations that prioritize safety above operational pressures

We can see in these two recent incidents that, as with the case of the Herald of Free Enterprise, a systems approach enables a comprehensive understanding of the complexities involved in maritime operations, leading to better prevention measures and enhanced safety outcomes in the passenger vessel industry.

Other examples

Over the years, the NTSB has investigated numerous accidents involving passenger vessels. A few notable examples follow:

  • Estonia. Although this accident occurred in European waters, its implications affected international passenger shipping, including practices adopted in the United States. The Estonia sank in the Baltic Sea in 1994, resulting in the deaths of 852 people. The investigation revealed that the key issues were related to vessel design, including hull integrity and cargo securing. This incident led to enhanced safety regulations regarding passenger vessel construction and operational safety protocols.
  • Andrew J. McHugh. This collision involving the ferry Andrew J. McHugh and another vessel occurred in the narrow Houston Ship Channel, leading to the deaths of 17 passengers in 1980. The key factors included poor visibility, navigational errors, and inadequate communication between vessels. Subsequent recommendations from the NTSB aimed at improving navigational practices and vessel traffic control in critical areas.
  • Benson. The Benson, a tour boat in New York, capsized during a sudden storm. A total of 10 people died in this 2000 incident. The investigation pointed out questionable weather assessment practices and inadequate safety measures for handling sudden weather changes. The NTSB recommended better training for crew members regarding weather evaluation and emergency response.
  • Dawn Princess. A fire aboard this cruise ship in the South Pacific led to emergency evacuations in 2003. Although there were no fatalities, more than 150 passengers were affected. The fire was linked to flaws in electrical systems. The NTSB emphasized improved fire safety systems and crew training on firefighting and evacuation protocols.
  • Emotion. This fishing vessel capsized near Alaska in 2010, resulting in several fatalities. The investigation pointed out structural problems and issues with the vessel’s stability while loaded. Recommendations focused on vessel stability assessments and the importance of adherence to safety regulations during fishing operations.
  • Explorer. In 2007, the Explorer ran aground off the coast of the Antarctic Peninsula, leading to evacuations. All passengers were saved, but the incident raised alarms about navigational practices and inappropriate response to weather changes. The NTSB highlighted the need for enhanced navigational training and real-time communication.

For each of these incidents, a systems approach would involve comprehensive training programs for crew related to emergency preparedness, rigorous maintenance and operational checks, research and implementation of advanced technologies for navigation and safety, and collaboration among regulatory bodies to create uniform safety standards that encompass all aspects of vessel operation. These historical examples underscore the importance of a proactive stance on maritime safety, highlighting that every component of the system must work together to prevent accidents and improve safety outcomes in the passenger vessel industry.

A poor approach that fails to be proactive can significantly contribute to accidents such as these. When risks are not systematically identified and appreciated, several detrimental consequences can arise. Without a systematic approach to risk assessment, potential hazards may go unnoticed, increasing the likelihood of incidents. Vessels may not be adequately equipped to handle specific risks, such as extreme weather or equipment failures. There is a requirement for safety protocols, adequate training, and improvement of communications.

On the other hand, a reactive approach undermines effective communication within the organization and between vessels. Without established systems for reporting and discussing risks, lessons learned from previous incidents may be ignored.

The other factors are regulatory compliance lapses. In the absence of a proactive culture, vessels may not adhere to regulatory requirements consistently or may develop a compliance mindset that prioritizes minimum standards over comprehensive safety practices. Neglecting lessons learned from past incidents is another flaw. A failure to learn from past accidents can lead to repetitive mistakes. If organizations do not analyze historical incidents and implement changes based on those insights, they risk encountering similar situations again and again.

In the second part of this article, we will discuss the importance of using the Plan-Do-Check-Act cycle in embracing a safety management system.

To read Part 2 of the article – Click here

Note – The above article was recently published in an Exemplar Global publication – ‘The Auditor’

Click here to read the article.

ISO 13485: QMS Requirements of Medical Devices for Regulatory Purposes

by Dr. IJ Arora

ISO 13485:2016 is a standard that addresses quality management system requirements for those within the medical device industry. It is based on the systems-based approach found in ISO 9001:2015, but because it emphasizes requirements for regulatory purposes, it does not align with ISO’s harmonized structure (HS). In many ways, ISO 13485 does align with the HS, particularly in the structure and foundational principles of quality management.

The introduction of ISO 13485 explicitly states that the standard is aligned with ISO 9001, and this connection is important for understanding how the two standards relate to each other. I am a bit surprised as to why ISO 13485 isn’t fully harmonized with the HS as defined in Annex SL, which is the specific document within ISO standards that outlines the HS. I believe that if this standard were aligned to the HS, it would make implementation much less laborious for all involved.

The ISO 9001 foundation

The 2015 version of ISO 9001, which is presently under revision, provides a good basis for all standards. As mentioned, ISO 13485 has its roots in ISO 9001, which is why the key QMS principles (e.g., customer focus, leadership, process approach, continual improvement, and evidence-based decision making) central to ISO 9001 are also embedded in ISO 13485.

ISO 13485 includes several core concepts and clauses from ISO 9001. Clause 4 on quality management systems (e.g., structure, documentation requirements, and the scope of the QMS); cause 5 on management responsibility (e.g., top management involvement, resource allocation, and internal audits); and clause 8 relating to measurement, analysis, and improvement (e.g., monitoring, corrective actions, and continual improvement), are just some of these examples.

As I study, teach, consult, and audit using ISO 13485, I wonder why the standard Is not fully harmonized with similar standards as laid out in Annex SL. In consulting, I feel the pain of organizations that must meet regulatory requirements and so tend to overlook the process-based management system (PBMS) approach as the fundamental to the plan-do-check-act (PDCA) cycle. This regulatory focus is one reason why, although ISO 13485 shares many similarities with ISO 9001, it is not fully aligned with the HS. ISO 13485 places a strong emphasis on compliance with regulatory requirements specific to the medical device industry. The standard’s clauses addressing design and development, post-market surveillance, risk management, and traceability requirements are all far more extensive than those found in ISO 9001. Annex SL focuses more on general management practices and less on industry-specific regulatory controls. The detail and specificity required for medical device safety and compliance often necessitates a structure that goes beyond the framework of the HS.

Overcoming differences

Different scopes and audiences are also a consideration in that, while ISO 9001 is a general quality management standard applicable across industries, ISO 13485 is designed specifically for organizations that manufacture medical devices. These organizations must meet stringent regulatory requirements that go beyond what ISO 9001 addresses. Because of this, ISO 13485 requires more detailed processes related to product lifecycle management, post-market activities, risk management, and regulatory controls, which aren’t adequately covered under the more generalized HS. ISO 13485 includes a much stronger emphasis on managing the product’s entire lifecycle, from design and development to post-market activities (e.g., complaint handling and vigilance). Although ISO 9001 mentions product realization, ISO 13485 goes into much greater depth, including extensive requirements for design control and risk management. These elements reflect the higher level of scrutiny needed in the medical device industry, where safety and compliance are paramount.

With that said, I believe that these differences don’t prevent ISO 13485 from being organized according to the HS format. The standard would not only help medical device manufacturers’ management systems conform with specific regulatory requirements but also meet the obligations for continual improvement. After all, registered organizations in the aerospace and automobile industries already do just that via sector-specific management system standards that are harmonized with ISO 9001.

The structural differences in the clauses found in ISO 13485 and the standards adopting the HS are not too far apart. Although ISO 13485 is aligned with ISO 9001, it diverges when it comes to specifics that are unique to the medical device sector and regulatory requirements.

ISO 13485’s clause 7, “Product Realization” includes additional elements, such as design controls and regulatory compliance requirements, that are critical in the medical device industry. Post-market surveillance and complaint handling are central to ISO 13485, but the HS doesn’t go to the level of detail necessary for medical device manufacturers.

ISO 13485 emphasizes the need for continuous monitoring of device performance, even after they are on the market, ensuring any issues are identified and addressed in a timely manner. I believe ISO 9001’s subclause 9.1.2, “Customer Feedback,” can be updated to incorporate this requirement.

Risk management is a vital consideration. ISO 13485 integrates risk management into the standard in a way that is far more structured and pervasive than what is found in ISO 9001. ISO 13485 has a more detailed approach to identifying, assessing, and mitigating risks throughout the lifecycle of medical devices. However, these added requirements could be added to subclause 6.1.1 (““Actions to Address Risks and Opportunities”) or subclause 8.1.1 (“Operation Planning and Control”) found in the HS.

ISO 13485 includes specific requirements for design and development processes, which are critical in medical devices due to their complexity and potential risk to patient safety. The HS doesn’t provide this level of detail for other types of products or industries.

Identifying similarities

Notwithstanding the differences between ISO 13485 and the standards that align with the HS, there are also some key similarities. As with ISO 9001, ISO 13485 is built around seven quality management principles: customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making, and relationship management. Continual Improvement of the quality management system is part of both standards, emphasizing the need for a strong focus on monitoring, auditing, corrective actions, and reviews. Document control is another similarity. Both ISO 13485 and ISO 9001 stress the importance of clear and accurate documentation to ensure that quality management processes are defined, monitored, and maintained effectively.

In keeping itself separate from the HS, ISO 13485’s clause structure, despite being based on ISO 9001, serves to meet the unique needs of the medical device industry. The decision not to fully harmonize the standard with the structure seen in Annex SL likely stems from the need to ensure a tailored regulatory focus. ISO 13485 is aligned with a variety of regulatory frameworks across different countries and regions (e.g., FDA, EU MDR, TGA, etc.). These regulations require specific processes that go beyond the generic, high-level harmonized framework provided by Annex SL to facilitate combined/ integrated management systems. The structure of ISO 13485 allows for a more detailed, industry-specific approach to product safety, efficacy, risk management, and compliance. Product lifecycle control is an essential part of the medical device industry, and it has a complex lifecycle that includes design controls, manufacturing processes, and post-market activities that require more attention than the HS would provide.

Looking at a few additional clauses reveals that ISO 13485 follows a specific structure that allows it to emphasize the unique aspects of medical device quality management while maintaining consistency with other ISO standards.

For example, Clause 1, “Scope,” is relatively straightforward and outlines the scope of the standard, which is specific to organizations that design, manufacture, and maintain medical devices. The clause also highlights exclusions (for example, aspects not applicable to the organization), which is quite typical in a quality management standard.

Clause 2, “Normative References,” lists the documents referenced within ISO 13485, which is typical for any ISO management system standard. The important point here is that ISO 13485 requires compliance with relevant regulations and standards, particularly those in the medical device sector.

Clause 3, “Terms and Definitions,” is crucial because the terminology in the medical device industry can be very specifically. Definitions clarify terms that might have different meanings in other industries (e.g., what qualifies as a “medical device,” “design verification,” or “post-market surveillance”). This ensures uniformity and understanding across the industry.

Clause 4, “Quality Management System (QMS),” describes the basic requirements for establishing and maintaining a QMS, which is a fundamental aspect of ISO 13485. This clause outlines the need for a quality policy, the establishment of objectives, and the requirement to continually improve the QMS. These are common in all ISO standards but are tailored here to fit the needs of the medical device industry.

Clause 5, “Management Responsibility,” covers executive involvement as a key theme. In ISO 13485, it emphasizes top management’s responsibility for ensuring that quality objectives are met. This clause also requires that management provide resources for quality activities and review the performance of the QMS regularly, ensuring alignment with regulatory requirements and customer needs.

Clause 6, “Resource Management,” could have been aligned to clause 7, “Support,” found in the HS. This clause in ISO 13485 requires the organization to manage resources effectively, which includes personnel training and competence (a critical area in the medical device industry). This ensures that employees have the skills needed to produce safe and effective devices. It also covers infrastructure and the control of the work environment, ensuring that conditions are suitable for maintaining product quality.

Clause 7, “Product Realization,” diverges further from the HS. Product realization in the medical device sector involves the entire lifecycle of the device—from planning, design, development, and manufacturing to service and post-market activities. This clause is extensive and includes requirements for design controls, risk management, validation, and traceability, all of which are critical in the medical device industry. The detailed focus on design and development, verification and validation, and product monitoring ensures that all aspects of a medical device’s journey, from conception to post-market surveillance, are covered.

Clause 8, “Measurement, Analysis, and Improvement,” requires organizations to evaluate the effectiveness of their QMS through regular monitoring, measurement, and audits. It also focuses on corrective and preventive actions (CAPA) to improve quality. Preventive action in the HS has not been thrown out like the proverbial baby with the bath water. It has instead been replaced by requirement to appreciate risk. For medical devices, complaints and nonconformance reporting are key to ensuring ongoing safety and compliance. ISO 13485 could also have gone from preventive action to risk.

Post-market surveillance and vigilance is a requirement of the medical device standard. Unlike many other ISO standards, ISO 13485 places significant emphasis on post-market surveillance, which is the process of monitoring the performance of medical devices once they are in use. This is a major distinguishing factor from other ISO standards. Manufacturers are required to establish processes for post-market feedback, complaint handling, and field safety corrective actions (FSCA), which are essential for identifying and managing risks after the product is on the market.

In conclusion, I would opine and agree that although ISO 13485 is indeed based on ISO 9001, it diverges from the HS identified in Annex SL because the unique needs of the medical device industry—such as regulatory compliance, product lifecycle management, and patient safety—require a more detailed and specialized approach than the HS can provide. The clause structure of ISO 13485 reflects these specific requirements, making it a robust and industry-specific standard that ensures the safety and quality of medical devices while maintaining alignment with the foundational principles of quality management in ISO 9001.

This balance of maintaining core quality principles while addressing the needs of the medical device industry is why ISO 13485 has not fully adopted the HS but instead continues to incorporate elements of ISO 9001 alongside medical-device-specific regulatory needs. That it could still at the least attempt to align the primary clauses as risk to the HS would help all parties involved.

Note – The above article was recently featured in Exemplar Global’s publication called “The Auditor”. Click here to read it.

The Role of Management Systems in the Tragic Collision Over the Potomac

by Dr. IJ Arora


A significant tragedy occurred in Washington D.C. on January 29, 2025, with the deadly collision between a U.S. military Black Hawk helicopter and a regional jet flying for American Airlines. The resulting crash caused the loss of 67 precious lives and pointed to a multilayered failure of safety mechanisms.

In a short article like this it is not my intent to explore the reasons for this event, and I have neither the expertise nor the authority to investigate, anyway. The U.S. National Transportation Safety Board (NTSB) and other relevant agencies will do that in a most professional manner. However, I do have a degree of experience relating to the systems approach for managing processes at large and complex organizations. I feel called to share my perspective on this disaster with a systems approach in mind.

Proactive appreciation for risk

Hindsight, it has been said, is 20/20. I am aware that I’m writing this after the tragedy has already occurred. However, management systems should be proactive, where data drives the understanding and mitigation of risk. As a practitioner and advocate of process-based management systems, I believe that well-implemented procedures give an organization the best chance to produce conforming products and services.

A systems approach, based on ISO 9001’s subclause 4.4., which relates to quality management system processes, could have played a role in preventing an incident of this type. Subclause 4.4.1 states, in part, “The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions….”

Following this requirement is no guarantee of safe and successful outcomes, but it is surely the best bet. I had similar thoughts on the tragedy of the implosion of the Titan submersible and the Baltimore Bridge collapse. The core principles of ISO 9001, especially risk-based thinking, continual improvement, and process interaction, align well with safety imperatives, particularly safety management for the aviation industry. The systems approach is a fundamental that organizations often neglect at their (and their customers’) peril.

ISO 9001—and for that matter, the aerospace standard AS9100—is built on risk-based thinking. A structured process aligned with the risk management standard ISO 31000 and aviation safety management systems are required by ISO 9001 subclause 6.1, regarding actions for addressing risks and opportunities, and subclause 8.1 concerning operation planning and controls. Conformance with these requirements can help identify and mitigate collision risks between civil and military aircraft.

Process interaction and communication are vital in such situations.  A failure in communication between air traffic control, military operations, and civilian aviation may have contributed to the crash. Of course, we will wait for the full report from the NTSB investigation. However, it is never too late (or for that matter, too early) to be proactive and implement a process approach to ensure that all stakeholders follow well-defined communication and coordination protocols.

PDCA, SWOT, and FMEA

Being proactive requires an appreciation of risk at the Plan stage of the Plan-Do-Check-Act (PDCA) cycle. Note that preventive actions and continual improvement are integral to the system approach.

The media have reported on the details of numerous previous aviation incidents. Analyzing near-miss incidents and integrating lessons learned into improved procedures could enhance safety protocols. Human factors and process redundancy must be considered in a systematic manner. Human errors (e.g., miscommunication, misinterpretation of airspace usage, etc.) can be minimized with automated systems and via decision-making redundancy checks.

In principle, the process approach found in ISO 9001 emphasizes addressing process issues as opposed to blaming individuals. However, in the aviation field, the human factor is important; clause 10.2.1 b2 of AS9100 expresses the importance of this concept. The industry-specific interpretation of requirements as seen in this standard provides a robust framework (via a clause structure) to design an efficient management system. This, together with auditing and compliance requirements, gives leadership confidence that their system can and will produce conforming products and services.

Further to this point, regular audits of flight coordination between civilian and military aviation could highlight gaps before they lead to accidents. As such, integrating ISO 9001 with AS9100 and AS9110 (the aerospace quality standard specifically designed for maintenance, repair, and operations) as well as ISO 45001 covering the management of operational health and safety will provide a solution to proactively address risks in the context of the aviation industry. This would cover all interested parties, as per clauses 4.1 and 4.2 of ISO 9001. Although aviation already has strict regulatory frameworks (e.g., FAA, ICAO, etc.), the structured process management systems required by ISO 9001 and AS9100 can complement these frameworks by embedding the statutory and legal requirements into the management system.

If the organizations involved focus on how specific elements of ISO 9001 can be applied to aviation safety, particularly in preventing collisions, I would first recommend that they look at risk-based thinking as seen in clause 6.1, addressing actions related to risks and opportunities. This can partially be accomplished by undergoing a strengths, weaknesses, opportunities, and threats (SWOT) analysis. ISO 9001 emphasizes risk assessment and mitigation throughout processes.

In aviation, a structured risk-based approach would identify potential hazards (e.g., conflicting flight paths, miscommunication, system failures, etc.). The system would also assess risk severity and likelihood of occurrence and probability of detection, using tools like a failure modes and effects analysis (FMEA). Controls could be implemented (e.g., enhanced air traffic control coordination, better radar tracking, AI-driven airspace monitoring, etc.). For example, aviation safety bodies could require all civilian and military flights to undergo a real-time risk assessment check before takeoff, considering airspace congestion, weather, and military training exercises.

Potential solutions

Process interaction and communication (as seen in ISO 9001’s clause 4.4.1 b regarding understanding process interactions) would systematically improve the system. Aviation operations involve multiple stakeholders, such as airlines, air traffic controllers, military operations, ground crews, etc. A process approach would ensure defined standard operating procedures for communication between civilian and military aviation. These could include real-time data sharing using standardized digital platforms and/or automated conflict-resolution systems that detect and alert pilots and controllers regarding possible mid-air conflicts. An integrated civil-military coordination dashboard could be established, where both parties have real-time visibility on flight plans, airspace restrictions, and emergency deviations.

Risk appreciation and continual improvement (as seen in ISO 9001’s clause 10.2 regarding nonconformity and corrective action, clause 10.3 on continual improvement, and clause 5.1.2 regarding customer focus) require organizations to analyze failures, investigate causes, and take corrective actions. In aviation safety, this could mean automated reporting and analysis of near-miss incidents and regular safety audits to evaluate procedural weaknesses and machine learning-based predictive analytics to foresee and prevent future crashes.

When a near-miss incident occurs, such a system could automatically trigger a root cause analysis and recommend safety adjustments for all stakeholders. Human factors and redundancy (as seen in clause 7.1.6 regarding organizational knowledge) promote knowledge management and human reliability strategies. In aviation, this could mean mandatory cross-training for military and commercial pilots on shared airspace procedures. AI-assisted decision-making tools that provide secondary verification for pilots and controllers could be a positive outcome of data analysis.

Data drives risk and trends. A digital co-pilot system could use AI to continuously monitor air traffic conflicts and intervene if human errors are detected. Auditing and compliance (as seen in clause 9.2 regarding internal auditing) would provide objective and independent inputs by regular safety audits of flight coordination. Air traffic control systems could ensure compliance with standardized airspace usage protocols, identification of gaps in inter-agency communication, and implementation of best practices from previous incident investigations. A shared civil-military aviation audit framework could ensure uniform compliance with risk management policies, reducing the chance of airspace conflicts.

I am not a technical subject matter expert in the aviation industry. My expertise is in looking at systems. My 30 years of experience suggests the importance of strengthening the Plan stage of the PDCA cycle. Things go wrong at the Do stage (i.e., implementation), however, if the plan itself is deficient and not coordinated, the implementation can and perhaps will go wrong.

By integrating ISO 9001 principles into aviation safety proactively and appreciating the risks, management can prevent mid-air conflicts. Process-driven coordination ensures better civil-military collaboration. Automated monitoring and auditing could improve response times to emerging threats.

Sadly, this tragedy once again bears out the wisdom of W. Edwards Deming when he said that a bad system will beat a good person every time.

Note – The above article was recently featured in Exemplar Global’s publication ‘The Auditor”. Click here to read it.

Are Provider Audits Mandated through ISO 9001?

by- Dr. IJ Arora

In relation to outsourced processes, the query (to paraphrase William Shakespeare) is, “To audit or to not audit?”

Take, as an example, the necessities from the principle process-based control machine usual, ISO 9001:2015. One would possibly imagine the machine way as equipped in clauses 4.4.1a thru 4.4.1h and conclude that tracking and regulate are had to recognize the dangers of the inputs and make sure persistent growth. The usual is supposed to be interpreted, and so not anything prescriptive is predicted. But, the query stays as to how organizations would possibly regulate the processes and ensure they’re assembly goals. Clause 5.2, “Coverage,” resulting in clause 6.2, “Goals,” supplies a touch that proof will have to be amassed of measurable goals being met. But, how can we get the inputs to attract a conclusion? The inputs are essential, and due to this fact there’s a want to decide the to be had accumulate and regulate knowledge.

In all probability the solution may also be discovered within the auditing serve as. By means of enforcing a strong provider analysis activity, together with audits as wanted, organizations can beef up the standard control machine and construct sturdy, dependable relationships with providers. Notice that requirements similar to ISO 9001:2015 don’t particularly mandate audits, but the intent of registration to a typical is to regulate the group’s processes. if now not auditing, then what different mechanisms can organizations use to regulate an outsourced activity and decrease dangers to their finish consumers?

Exerting regulate

Clause 8.4.2 of ISO 9001:2015 offers with the sort and extent of controls that a company should practice to externally equipped processes, merchandise, and products and services. The important thing sides on this dialogue come with making sure conformity, the kinds of controls wanted, and the level of those controls. Conformity has at its core the main to make sure that those exterior provisions don’t negatively have an effect on the group’s skill to constantly ship conforming services to its consumers. This implies the group should have mechanisms in position to make sure that the standard of the exterior inputs meet the group’s necessities and in the end fulfill buyer necessities.

Kinds of controls might be interpreted as acting a point of regulate, in all probability through auditing, even supposing auditing isn’t a selected requirement. The choice and analysis of the controls can be according to organising standards for deciding on and comparing exterior suppliers (e.g., a strong high quality control machine of their very own, previous efficiency, registration, and many others.) and/or undertaking thorough checks of doable providers (e.g., audits, questionnaires, web site visits, and many others.). As well as, you will need to installed position sturdy contractual agreements with exterior providers that come with transparent and measurable necessities, explicit key efficiency signs (KPIs), and acceptance standards for the needs of tracking and size. This may come with monitoring provider efficiency towards agreed-upon KPIs, examining knowledge to spot tendencies and spaces for growth, undertaking common efficiency critiques and comments classes, acting root purpose research and corrective and preventive movements when problems are known, and appreciating dangers through being proactive and the use of preventive measures.

The level of this regulate would rely at the criticality of the externally equipped activity, product, or provider to the group’s general high quality. For top-risk pieces, extra stringent controls (e.g., extra common audits or extra rigorous inspections) could be essential as, as an example, within the aerospace trade. In essence, clause 8.4.2 emphasizes the significance of proactive measures to make sure that exterior inputs don’t compromise the group’s skill to ship high quality services to its consumers.

Auditing supplies most of these inputs if the audit is appropriately deliberate and done. For instance, with approval, this stage of regulate might be completed through far flung cameras or the presence of the group’s inspectors on the provider’s amenities. The purpose is to care for the client focal point (clause 5.1.2) and include a risk-based way. The level of regulate will have to be proportionate to the related dangers. Power growth includes that the group will have to often evaluation and reinforce its processes for exterior controls.

Subsequently, even if clause 8.4 (particularly subclauses 8.4.1, 8.4.2, and eight.4.3) does now not explicitly mandate provider audits, it strongly implies their significance. Subsequently, a robust focal point on regulate should be interpreted. Clause 8.4 emphasizes the want to regulate externally equipped processes, merchandise, and products and services. Auditing is a a very powerful instrument for comparing a provider’s skill to fulfill high quality necessities and care for regulate over their processes.

Mitigating menace

To verify ok menace control, one should imagine if the provider’s efficiency at once impacts the group’s skill to ship high quality merchandise or products and services. Audits assist establish and mitigate doable dangers related to the use of exterior suppliers. Power growth is the most important consequence of auditing and offers precious comments on provider efficiency. This allows the group to spot spaces for growth of their processes and their practices round provider variety and provider control. Subsequently, even if now not strictly mandated, provider audits are extremely really useful for organizations in the hunt for to successfully put into effect ISO 9001 and make sure the standard in their services. The important thing issues can be:

  • Chance-based way. Auditing efforts will have to be desirous about providers that pose the easiest menace to the group’s high quality goals.
  • Number of analysis strategies. Audits are only one manner of provider analysis. Different strategies come with efficiency tracking, comments research, and web site visits.
  • Documentation. Care for transparent documentation of all provider analysis actions, together with audit findings, corrective movements, and growth plans.

When taking into consideration the outsourcing of a activity, the group should assess and decide the factors through which providers are decided on. Via systematic analysis, a company can put into effect a rigorous provider variety activity that comes with:

  • Detailed questionnaires to collect knowledge at the provider’s high quality control machine, processes, and features
  • Reference exams made through contacting earlier consumers to evaluate the provider’s efficiency and reliability
  • On-site visits to watch the provider’s operations and assess their amenities, apparatus, and body of workers
  • A risk-based way matrix to prioritize providers according to the possible impact at the group’s high quality goals

In making plans bids, growing contractual agreements, or different processes involving outsourcing, the next will have to be regarded as:

  • Transparent specs. Outline transparent and measurable necessities for the outsourced services or products.
  • Efficiency metrics. Determine KPIs to trace provider efficiency, similar to on-time supply, defect charges, and buyer delight.
  • Contractual consequences. Come with clauses for non-compliance with contractual tasks, similar to past due deliveries or subpar high quality.

The procedures for tracking and measuring outsourced processes should be nicely idea out and will have to be carried out when tendering a freelance. Consider, including necessities due to this fact is continuously tricky. Imagine the next:

  • Common efficiency evaluation. Behavior common efficiency critiques with providers to trace their efficiency towards agreed-upon KPIs.
  • Knowledge research. Analyze knowledge on provider efficiency, similar to defect charges, supply instances, and buyer proceedings to spot tendencies and spaces for growth.
  • Comments mechanisms. Determine a machine for gathering and examining comments from interior and exterior consumers relating to provider efficiency.

Whether or not a company prefers to audit or use different way of controlling the outsourced activity, a well-thought-out collaboration and verbal exchange plan will have to be made, taking into consideration:

  • Open verbal exchange channels. Care for open and common verbal exchange channels with providers to deal with issues, percentage knowledge, and collaborate on growth tasks.
  • Joint drawback fixing. Paintings collaboratively with providers to spot and unravel problems associated with high quality, supply, or different efficiency issues.

Power growth is integral to any excellent control machine. As a abstract I’d recommend the next:

  • Common critiques and updates. Often evaluation and replace your provider control processes to verify they continue to be efficient and aligned with converting industry wishes.
  • Provider construction. Enforce methods to assist providers reinforce their high quality control programs and function.

By means of enforcing a mixture of those mechanisms, organizations can successfully regulate outsourced processes, decrease dangers, and make sure that they obtain fine quality services from their providers.

Clause 9.2.1 of ISO 9001 does certainly recommend that auditing outsourced processes is excellent follow. This clause states that organizations will have to habits interior audits to guage the effectiveness of the standard control machine. The scope of interior audits generally comprises all related processes and actions inside the group. How this pertains to outsourced processes is the place the requirement turns into open to interpretation. Despite the fact that it does now not explicitly state “provider audits,” the clause means that comparing the effectiveness of processes which might be outsourced is a part of assessing the total effectiveness of the QMS. If the outsourced processes considerably have an effect on the group’s skill to fulfill buyer necessities, then the ones processes will have to be integrated within the scope of interior audits.

Dr. IJ Arora’s article was published in the Exemplar Global Publication “The Auditor”. Click here to read the featured article.

The Baltimore Bridge Collapse—Another Case of a Failed Management System

By – Dr. IJ Arora

Can good management systems make organizations immune to disasters? The Baltimore bridge (or, more precisely, the Francis Scott Key Bridge) collapsed in 2023 because the container vessel MV Dali collided with it. This was a tragedy, perhaps caused by the failure of several management systems, the ship, the port, the state, and whoever else was involved.

The National Transportation Safety Board (NTSB) investigation is ongoing, and will no doubt look at the part played by MV Dali, its crew, and its operator. However, my thought is that MV Dali or other ships plying the waters should have, by simple statistical probability, been considered as risks by the authorities. Between the water channel, the high number of ships sailing in and out regularly, and the bridge itself, there was likely to be an collision someday. Perhaps it was not a matter of if, but when! Therefore, should the bridge have been better designed and made safer based on these known and appreciated risks? After all, not all accidents can be completely avoided, but each tragedy has lessons learned as responsive action. The lessons become the data that drives risk identification and trends, thus making the system proactive. I am sure the NTSB is considering all this. In the meantime, without going into the ongoing investigation, there would seem to be some basics which are common indications of systemic failures. Be it the Titan submersible, or the Boeing management system,  as a subject-matter experts in  process-based management systems, I see a common cause: the failure of the system to  deliver conforming products and services.

In this short article, I want to discuss this bridge collapse in the context of the management system, considering ISO 9001:2015 generically and the requirements of ISO 55001:2024—“Asset management—Vocabulary, overview and principles” specifically. ISO 55001 was first published in 2014. It was developed as a standalone standard for asset management, building upon the principles of ISO 9001 and other relevant standards.

Could simply designing a good system based on the standard have enabled the organization to better assess the associated risks? Perhaps they were assessed, and a bridge allision was considered an extremely low-probability occurrence. If that were the case, the discussion would be on prioritization of risks.

As of the time of this writing (September 2024), the investigation into the Baltimore bridge collapse is still ongoing, and the lawsuits are starting to fly. Although the exact cause of the collapse remains under investigation, we can consider several factors that might have contributed to the incident. MV Dali experienced a series of electrical blackouts before the allision. The implementation of the vessel’s safety management system (SMS, based on the ISM Code) could be a factor. The stability, age, and condition of the bridge are, I am sure, being investigated as a potential contributing factor. Then, there is always human element. There may have been errors on the part of the ship’s crew or the bridge’s operators. Was the SMS designed to support them in such a scenario? What factors may have caused operators at all levels to perhaps not follow requirements and mitigate the risks? The NTSB’s investigation will highlight a detailed analysis of the ship’s navigation systems, the bridge’s structural integrity, and the actions of the individuals involved in this tragedy. Their final report will provide a comprehensive understanding of the incident and may include recommendations to prevent similar occurrences in the future.

However, even at this stage we can agree that bridges in general are national assets. They are valuable infrastructure that provides essential services to communities. Although it is not publicly known whether the state of Maryland specifically implemented ISO 55001 for its bridges, the principles and practices outlined in this standard could have been beneficial in managing the risks associated with the Baltimore bridge. Through the implementation of this standard (and/or ISO 9001), the authorities could have performed:

  • Risk assessments. ISO 55001 requires organizations to conduct regular risk assessments to identify potential threats and vulnerabilities. A thorough assessment of the bridge’s condition, age, and traffic load could have helped identify potential risks and inform maintenance and repair decisions, as could have changes in procedures, protection of navigation channels, and so on.
  • Lifecycle management. The standard emphasizes the importance of managing assets throughout their entire lifecycle, from planning and acquisition to maintenance and disposal. By following ISO 55001, the state could have developed a comprehensive plan for the bridge’s maintenance, upgrades, and eventual replacement.
  • Performance measurements. ISO 55001 requires organizations to establish measurable objectives or key performance indicators (KPIs) to measure the effectiveness of their asset-management activities. This could have helped the state monitor the bridge’s condition and identify any signs of deterioration.
  • Continual improvement. The standard promotes a culture of continual improvement, encouraging organizations to learn from past experiences and make necessary adjustments to their asset-management practices.

It is impossible to say definitively whether ISO 55001 would have prevented the Baltimore bridge collapse. However, the principles and practices outlined in the standard could have helped to reduce the risk inherent in such incidents. By adopting a systematic and proactive approach to asset management, organizations can improve the reliability and safety of their infrastructure. A systematic study must go beyond what the MV Dali contributed to the Baltimore bridge collapse; it is also important to consider the broader context and the potential contributions of other factors:

  • Bridge design and maintenance. The age and condition of the bridge are likely to be factors in the investigation. Older infrastructure may be more susceptible to damage or failure, especially if it has not been adequately maintained or upgraded.
  • Vessel traffic. The frequency and intensity of vessel traffic in the area can also influence the risk of allisions. The bridge is in a busy shipping channel; therefore, the likelihood of incidents was higher.
  • Safety measures. The presence or absence of safety measures such as buoys, warning systems, or restricted areas can also affect the risk of allisions. This needs to be studied and are factors the authorities would know.
  • Human elements and factors. Errors on the part of both the ship’s crew and bridge operators can contribute to accidents. Factors such as fatigue, inexperience, or inadequate training may play a role. What led to these issues? Error proofing, mistake proofing, and failure mode and effects analysis (FMEA) are tools that could be part of the effective management system.

Let us therefore consider ISO 55001 and the relevant clauses of the standard which could apply to the collapse of the Baltimore bridge.

Clause 4—Context of the organization

  • Clause 4.1—Understanding the external context, such as the age of the bridge, traffic volume, and environmental factors, is crucial for risk assessment.
  • Clause 4.2—Identifying the needs and expectations of relevant interested parties, including the public, commuters, and regulatory bodies, is essential for effective asset management.

Clause 6—Planning

  • Clause 6.2.1—The bridge’s asset management plan should have included clear objectives for its maintenance, repair, and replacement.
  • Clause 6.2.2—Specific objectives related to safety, reliability, and cost-effectiveness should have been established.
  • Clause 6.2.3—Detailed planning for maintenance, inspections, and upgrades would have been necessary to ensure the bridge’s structural integrity.

Clause 7—Support

  • Clause 7.1—Adequate resources, including funding, personnel, and expertise, should have been allocated for bridge maintenance and inspection.
  • Clause 7.2—Ensuring that personnel involved in bridge management have the necessary competence and training is essential.
  • Clause 7.3—Raising awareness among all relevant stakeholders about the importance of bridge maintenance and safety is crucial.

Clause 8—Operation and maintenance

  • Clause 8.1—Regular inspections and monitoring of the bridge’s condition would have helped identify potential problems early on.
  • Clause 8.2—A well-defined maintenance schedule, including preventive and corrective maintenance, would have been necessary to address issues before they escalated.

Clause 9—Performance evaluation

  • Clause 9.1—Establishing KPIs to measure the bridge’s performance, such as safety records, traffic flow, and maintenance costs, would have provided valuable insights.
  • Clause 9.2—Regular monitoring and evaluation of these KPIs would have helped identify areas for improvement.

Clause 10—Improvement

  • Clause 10.2—The bridge’s management should have implemented a system for monitoring and measurement, including data collection and analysis.
  • Clause 10.3—Predictive maintenance techniques could have been used to identify potential failures before they occurred.

My objective in writing this article is help demonstrate that by applying the principles of a standard, be it generic ISO 9001 or a more specific standard (as in this case, the asset-management system standard ISO 55001) the organization (in this case the state of Maryland) could have strengthened its asset-management practices and potentially mitigated the risks associated with the Baltimore bridge collapse.

The above article was recently published in the Exemplar Global publication – ‘The Auditor’.

Excellence in Auditing Presented by Dr. IJ Arora for Exemplar Global

“How Auditing Helps Prevent Tragedy,” presented by Dr. IJ Arora with Wendy Edwards (Project Director of Exemplar Global) at the Exemplar Global’s Excellence in Auditing Expo!

Click the link here to understand the critical role auditing plays in averting potential disasters. Whether you’re in risk management, quality assurance, or simply interested in safety and security, this discussion offers valuable perspectives and actionable takeaways.

Link to the Presentation

Can Boeing Deliver a Long-Term Solution to their 737 MAX Problems?

Dr. IJ Arora

Boeing is in the spotlight again with its 737 MAX planes, which have already had a deeply troubled history. Customer focus (which is clause 5.1.2 of ISO 9001 and AS9100) seems to have been lost somewhere.

I have read several recent articles on these incidents as well as Peter Robison’s book Flying Blind: The 737 MAX Tragedy and the Fall of Boeing, all of which point to a worsening situation for Boeing. The public perception of this great American company, which has always been committed to top-class engineering and trusted products, is changing from one of respect to one of caution. Travelers are wondering, “Should I fly in a 737 MAX?”

Boeing and the aerospace industry in general have high standards for quality and product safety. In this article, I postulate whether a company’s quality management system can guarantee that nothing goes wrong for customers. Can it ensure perfection? If not, what are the alternatives—and why have one at all?

What happened and who is responsible?

For those not familiar with the 737 MAX incident in January, shortly after an Alaska Airlines flight departed from Portland, Oregon, a cabin door panel blew off. As investigations are still ongoing the causes have not yet been fully determined. Boeing also had a software issue on the 737 MAX, resulting in the crash of a Lion Air flight in 2018 and an Ethiopian Airways flight in 2019.

Here in the United States, the Federal Aviation Administration (FAA) plays a critical role in providing regulations to ensure flight safety, and also provides oversight of aircraft manufacturers, airports, and maintenance providers. In the case of the Alaska Airlines flight, it seems that the FAA failed to uphold its trusted role. The FAA’s numerous checks and balances, most of which are intended to focus on customer safety, were like aligning holes in slices of Swiss cheese. It will be interesting to see what changes this incident brings about at the FAA. Then again, can regulatory oversight guarantee safety of flight?

The AS9100 standard, which is specific to the aerospace industry, isn’t the brainchild of a single entity, but rather a collaborative effort driven by two key players:

  1. The International Aerospace Quality Group (IAQG). This international organization brings together representatives from aviation, space, and defense companies across the Americas, Asia/Pacific, and Europe. They actively participate in developing, maintaining, and updating the AS9100 standard.
  2. Standardization organizations. These bodies, such as the Society of Automotive Engineers (SAE) in the Americas and the European Association of Aerospace Industries (now the AeroSpace and Defence Industries Association of Europe), officially publish and distribute the standard.

It is important to note that AS9100 builds upon the foundation of the more general ISO 9001 quality management system standard. While ISO 9001 lays the basic framework, the IAQG adds industry-specific requirements crucial for ensuring safety and quality in the aerospace domain.

In addition to the manufacturer and the FAA, the owner/lessor of the aircraft also plays a role in ensuring the plane is properly maintained. This includes selecting a competent maintenance provider, hiring competent engineers, and having robust processes in place. With so many different stakeholders, can blame be attributed to just one when accidents happen? Furthermore, should blame be the name of the game? Perhaps not! It is important to note that the system is implemented to support each user and that all stakeholders in the value chain play their part as well.

Audits, inspections, and management systems: Are these the solution?

Behind every tragedy, casualty, and mishap is a chain of related events. The immediate suspect when these types of critical failures occur are poor inspection protocols, perhaps even the dreaded “human error.” However, this may be the low-hanging fruit and a deeper dive may identify other causal factors, such as asking if the quality audit failed.

What is the difference between an audit and an inspection? Can they replace each other or are inspections alone enough? The simple answer is no! Both are needed due to fundamental differences in approach. Audits look at the processes to ensure the management system produces conforming products and services. An efficient management system must include the following, to name a few:

  • It must be well-defined, starting with the “as-is” state of the system.
  • Risks must be identified (clause 6.1) based on the context of the organization (clauses 4.1 and 4.2).
  • A clear definition of the product must be identified.
  • Effective audits and periodic review must be undertaken by management.
  • Outsourced processes must be controlled.

Inspections play an important role by identifying defects prior to release, thus protecting not only the client/customer/user/warfighter, etc., but also the reputation of the organization itself. With that said, inspections don’t contribute to continual improvement because they focus on fixes as opposed to long-term solutions. In effect, they do not really add value since the organization has already incurred the cost of producing the defective part or product. The creators of the Toyota Production System (i.e., lean) came up with the Andon process to catch a defect as early in the process as possible so as to fix it before the problem went too far down the line.

Management systems are not just a collection of documents. To function properly, they require commitment at all levels of the organization, including top management providing the needed resources. It takes time to build a culture of quality in which shortcuts are avoided and there is no fear of speaking up. Customer focus must not be compromised. For example, release of conforming product should go through the process specifically called out by clause 8.6; any interference by top management to truncate this process would imply the loss of customer focus. Is this a possibility? Perhaps, but the investigation must reveal the truth. In this case of the Alaska Air incident both the Boeing customers and Boeing as a company have suffered. It is my hope that investigators will identify all failed parts of the system from each responsible party. These may include not only failed inspections, but also suboptimal processes. This could end up taking us back to an inadequate quality management system.

Quality management systems: Can they deliver?

Given the above, can a properly designed and well-audited management system (supported by good inspection techniques to help ensure conforming product) guarantee that nothing goes wrong with an organization’s output? My opinion is that no one can guarantee this completely. However, risk can certainly be greatly reduced when everything is implemented well. This includes the training of personnel, which correlates strongly to competence; unfortunately, this is often the first budget to get cut when resources are scarce.

When high-visibility incidents like these occur, it may be forgotten that airplanes remain the statistically safest mode of travel on earth. This is primarily due to robust quality management systems, well-adopted regulatory frameworks, and regular oversight. Humans play an important role in the success of the management system, from the commitment at the top to the buy-in by the workforce (clause 5 to clauses 7.1.3, 7.1.4, and 10.3). Taken together, this helps create an environment where quality can flourish within the organization.

Boeing may be doing a lot correctly, and yet the results could be unacceptable depending on the performance of outsourced processes (clauses 8.41/8.4.2/8.4.3). After all, the fuselages for the 737 MAX are made by Spirit AeroSystems Holdings Inc. Spirit AeroSystems is located in Wichita, Kansas; once these fuselages are manufactured, they are shipped by rail to Boeing’s facility in Renton, Washington. Therefore, not only is a major component of the 737 MAX outsourced, but the shipping and preservation of product (clause 8.5.4) also could contribute to the product’s nonconformity. Overall, Boeing remains responsible for the entire supply chain (clause 4.3), with their obligation to “ensure conformity of its products and services and the enhancement of customer satisfaction.”

Even with a solid quality management system in place, this or similar failures can occur. There is no way to assure the public of 100-percent performing (i.e., perfect) output. The fear in the minds of air travelers is valid and will remain so until an exhaustive root cause analysis of this issue is performed and those root causes are resolved. The current events beg the question: Did Boeing improve their management system after the Ethiopian Airlines 737 MAX crash? If they had bent to the oars and gone deep into their review to uncover and permanently fix the holes in their management system, this event may never have occurred. Surface corrections, or what some organizations call “fix -it” solutions, only remove the symptoms. The root causes must be addressed and resolved (clause 10.2.1). There are no shortcuts to quality.

In conclusion

It has taken years for air travelers to feel safe and unconcerned about air safety. I travel a lot internationally, and often pick an airline based on their service and comfort, but now I (as well as the broader public, I would imagine) need to consider which aircraft will transport us. It is a new fear about product safety that has its genesis in Boeing not operating its management system efficiently and losing customer focus. The worst is the erosion of public confidence in federal oversight and its intent to keep the customer safe.

I have spent my life studying similar complex problems and leading teams in helping organizations find long-term sustainable solutions. This requires bold and dynamic leadership (clauses 5.3 and 5.1) for leaders to plan and implement change. Appreciating and accepting risks (i.e., keeping the customer in focus) and moving forward is integral to true leadership. Ethics is still not a clause of ISO 9001 and AS9100, but ethical leadership is about doing the correct thing for all stakeholders.

In seminars at which I present, I often ask senior managers: “If you have a choice between following the procedure and/or doing the correct thing, what would you do as a leader?” The answer—I hope—is to do the correct thing at all times. But then, hope is not a plan. Air safety cannot be based on hope and faith. Boeing needs the leadership to redesign their system if they are to bring the public trust back for this great American company.

Hyperlink to the thing characteristic in Exemplar International e-newsletter – “The Auditor”