This conflict in the middle east and economic and human loss in the Straits of Hormuz has brought the merchant mariner in focus. The mercantile marine since times gone has played such an important role. These are sailors sailing the oceans, perhaps for their livelihood, perhaps for adventure and many such reasons, however this is certain the Columbuses, and the likes of Captain Cook changed the world. Affected the economies. In dangerous times like sailing through a war zone to meet the basic needs of the world, brings challenges. We realize this with the Iran war as we see merchant ships, tankers, bulk carriers, container vessels and the rest in the war zone. Without them the global supply chain stops. Yet how safe are they. Does the world owe them safety, security. Can they themselves as mariner, Masters and ship owners exercise some due diligence?
For me personally as an ex sea farer who commanded submarines in the Indian navy and then sailed as a merchant mariner in the mercantile marine as Master and now as a SME (subject matter expert) in maritime safety, security and related issues I felt compelled this morning to see if I could analyze what I hear, read and provide a mantra whereby maritime industry could better prepare themselves. Does the ISM Code and STCW convention and ISO 9001 with the process-based management system approach as primary standards be used to plan better.
Most of us do not have to deal with such life-and-death decisions as whether to risk transiting the Strait of Hormuz. However, for those who must traverse these waters, are there guidelines they can use. The ISM Code can provide some lessons into anticipating the unexpected and planning for these risks in a systematic manner. In this article I touch how portions of the Code might connect to elements of ISO 9001 and provide inputs that might be useful to maritime leadership in ensuring quality assurance and conformity assessment based on risk and in the context of the organization.
Let me start with the sinking of the IRIS Dena. I start with this recent incident to convey that warships or mercantile marine, the maritime environment can be best prepared for fast developing circumstances by keeping the process-based management system (PBMS) approach as the basis for all planning. On 4 March 2026, the Iranian Navy frigate IRIS Dena was torpedoed and sunk by a U.S. Navy submarine in the Indian Ocean near the southern coast of Sri Lanka. The vessel sank within minutes after being struck, leaving at least 87 sailors dead and dozens missing, while 32 survivors were rescued by the Sri Lankan Navy. The attack was particularly notable for naval historians. It was reportedly the first time since the second world war that a U.S. submarine had sunk an enemy surface warship with a torpedo[1].
What makes the incident significant for our discussion is not the geopolitics, but the reminder of how quickly circumstances can change at sea. The Dena had recently taken part in multinational naval exercises hosted by India and was sailing in international waters near Sri Lanka when the strike occurred. For professional mariners, the lesson is familiar, conditions that appear routine can change without warning. The ISM Code is not applicable to navy, but is there a harm in understanding the principles? After all this is precisely why the ISM Code emphasizes preparedness for emergencies and abnormal situations.
Clause 8.1 of the ISM Code requires that the company should establish procedures to identify, describe and respond to potential emergency shipboard situations. The Navies have their own doctrine. Yes, one wonders if risks are systematically appreciated can better decisions be made. In other words, the Code requires organizations to plan not only for technical failures or weather hazards, but also for security risks and unexpected external threats. Sure, a navy may call it an operational assessment, or by any name. Yet (in Shakespearean language) a risk would remain a risk if called by another name. ISO 9001 expresses a comparable idea through the requirement for risk-based thinking. The organization shall determine the risks and opportunities that need to be addressed to give assurance that the quality management system can achieve its intended results as emphasized in ISO 9001:2015, Clause 6.1.1.
From a management systems perspective, the broader lesson is clear. Organizations must plan for situations that may appear unlikely until they occur. For a ship’s captain, that planning may involve security drills, contingency routing, and coordination with naval authorities. For a quality manager or organizational leader, it may involve supply chain disruption, cybersecurity incidents, or geopolitical shocks. Finally, the decision on sailing should be based on the risk assessment. Events at sea sometimes remind us, in stark terms, why disciplined safety and command systems matter. What makes the incident significant for our discussion is not the geopolitics, but the reminder of how quickly circumstances can change at sea as they did for Dena.
For professional mariners, the lesson is similar and familiar. Conditions that appear routine can change without warning. The context of the organization (ISO 9001 clause 4.1 & 4.2) leading to risk appreciation clause 6.1, must be an integral part of the maritime management system, at sea or ashore. This is precisely why the ISM Code emphasizes preparedness for emergencies and abnormal situations. The company should establish procedures to identify, describe and respond to potential emergency shipboard situations per ISM Code, Section 8.1. From a management systems perspective, the broader lesson is clear. Organizations must plan for situations that may appear unlikely until they occur. Good organizations connect real maritime events with risk-based thinking, understand that commercial interests apart they must see why emergency planning clauses in ISM are not theoretical and are reinforced by ISO 9001 Clause 6 (Planning) and clause 8 (Operational control).
My own appreciation for disciplined systems thinking was shaped long before the ISM Code was widely implemented in commercial shipping. During my years in the Indian Navy, I had the privilege of commanding submarines, first F-class boats and later service on a Charlie II submarine. Submarines operate in an environment where uncertainty is not theoretical. The margin for error is extremely small. A failure in equipment, communication, or procedure can quickly become critical. What keeps submarines safe is not individual brilliance on the part of a captain or crew. That too, but most importantly the relentless adherence to procedures and constant preparation for contingencies. Before every patrol, the crew rehearses emergency actions repeatedly as flooding drills, fire drills, loss of propulsion, loss of power. Each crew member knows precisely where to go, what valve to operate, and what sequence of actions must follow. These procedures are not simply written manuals. They are practiced until they become instinctive.
At the time, we did not describe this discipline in terms of “process-based management systems,” but that is exactly what it was. The system existed to ensure that when the unexpected occurred, as it inevitably does at sea. The crew would not rely on improvisation alone. The response would already be embedded in the system. Years later, when I sailed as Master in the merchant marine and later worked with ISO management systems, I recognized the same principle expressed in a different language. ISO 9001 requires organizations to establish, implement and maintain the processes needed for the quality management system and their interactions. Refer ISO 9001 clause 4.4. The ISM Code similarly requires companies to ensure safe practices in ship operation and a safe working environment (ISM Code, clause 1.2). Different industries. Different terminology. But the underlying idea is identical. Safety, quality, and reliability are not the result of reacting well to emergencies.
These thoughts are the result of preparing for them long before they occur. I can confirm with my experience that this reflection is not merely theoretical. It comes from my first-hand experience wherein I led teams where preparation truly mattered. My background, commanding submarines and later sailing as Master in the merchant marine gives me a clear perspective on risk, command responsibility, and disciplined procedures under uncertainty. This perspective can make a very compelling bridge between maritime safety management (ISM/STCW) and organizational quality systems (ISO 9001).
The connection as we look at the dangerous situations at sea particularly in the Hormuz Staits is to see what the ISM Code and ISO 9001 (as also other maritime and ISO standards) can teach maritime leaders about risk in uncertain times. In today’s volatile world, commercial shipping once again finds itself navigating geopolitical tension. News headlines remind us that vessels may need to transit waters such as the Red Sea or the Strait of Hormuz where the risks are not merely commercial, but they can become matters of safety and survival. For those who have spent a career at sea, such circumstances are not entirely unfamiliar. The maritime profession has long recognized that uncertainty is inherent to operations. Ships sail through storms, equipment failures, and occasionally conflict zones. Yet despite these uncertainties, shipping remains one of the safest and most reliable global industries. This is not an accident. Much of that safety culture comes from the International Safety Management (ISM) Code, supported by training standards such as the STCW Convention. These frameworks provide structured guidance on how organizations anticipate risk, prepare crews, and maintain operational control.
Most professionals in quality assurance or conformity assessment will never face the life-and-death decisions that a ship’s master may face when deciding whether to transit a dangerous waterway. However, the principles embedded in the ISM Code offer valuable lessons for organizations operating in any uncertain environment. Many of these principles also resonate strongly with ISO 9001, the international standard for quality management systems. Let us examine a few of those connections.
The ISM Code brings a framework for safety through systematic management. The ISM Code was introduced by the International Maritime Organization (IMO) after several major maritime accidents revealed a common problem: the failures were rarely technical alone. They were failures of management systems. The Code therefore established a simple but powerful requirement, wherein shipping companies must implement a documented Safety Management System (SMS) to ensure safe operation of ships and protection of the environment. This requirement may sound familiar to anyone working with ISO management systems. Like ISO 9001 and other standards in the harmonized structure (HS). The ISM Code is not a technical manual for operating ships. Instead, it requires organizations to establish structured processes addressing, leadership responsibility, risk assessment, operational control, training and competence, incident reporting and corrective action and Continual improvement. In essence, the Code recognizes a fundamental truth in that safe operations are the result of disciplined management systems, not individual heroics.
The use of the SMS based on the ISM code and principles of ISO 9001 ensures planning for the unexpected. One of the most relevant principles in the ISM Code is the requirement to identify potential emergency situations and establish procedures to respond to them. Ships are required to plan for events such as fire, collision, grounding, machinery failure, man overboard and or security threats or piracy (maritime security is covered by the ISPS Code and ISO 28001). These procedures are not theoretical. Crews regularly conduct drills so that when an emergency occurs, the response is not improvised. In essence, the Code recognizes a fundamental truth that the safe operations are the result of disciplined management systems, not individual heroics.
Planning for the unexpected is one of the most relevant principles in the ISM Code. There is the requirement to identify potential emergency situations and establish procedures to respond to them. Crews regularly conduct drills so that when an emergency occurs, the response is not improvised. Organizations often interpret risk narrowly, focusing only on operational or financial risks. The ISM Code reminds us that effective management systems anticipate the unexpected and low-probability events that can disrupt operations. In quality management terms, this is the discipline of asking what could go wrong, how prepared are we, do people know their roles if it does?
Leadership and responsibility are important in maritime life. Another core principle of the ISM Code is clear authority and responsibility. ISM Code clause 5.1 and 5.2 seen with ISO 9001 Clause 5.1 and 5.3, require that on board a ship, there is no ambiguity about who is responsible for the safety of the vessel. The Master has the overriding authority. At the same time, the Code requires the company ashore to support the Master through a defined role known as the Designated Person Ashore (DPA) clause 4 of the ISM code. This individual provides a direct link between shipboard operations and top management. This structure reflects two key leadership principles, authority must match responsibility and top management must remain connected to operational realities. ISO 9001 expresses the same idea in a different context. Leadership is required to ensure that the quality management system is integrated into the organization’s processes and that responsibilities and authorities are clearly assigned. Without this alignment, procedures quickly become paperwork rather than operational guidance.
Competence and training in case of the mariners are systematized. The STCW Convention (Standards of Training, Certification and Watchkeeping) ensures that seafarers are properly trained and certified for their duties. But beyond certification, maritime safety culture emphasizes something equally important continuous drills and practice. Crew members rehearse emergency responses repeatedly. Fire drills, abandon ship drills, and damage control exercises are conducted not because emergencies are frequent, but precisely because they are rare and high consequence. This principle translates directly into quality management, competence is not merely about qualifications, it is about preparedness to perform under pressure. Organizations that rely solely on written procedures without practical rehearsal often discover gaps only when a crisis occurs.
Learning lessons from Incidents (ISO 9001 clause 7.1.6) is integral to the SMS, making it a critical requirement of the ISM Code requiring the reporting and investigation of non-conformities, accidents, and hazardous occurrences. The purpose is not blame, but learning. Each incident becomes an opportunity to ask, what failed in the system, what corrective action is needed, how do we prevent recurrence? Again, this is entirely consistent with ISO 9001’s approach to corrective action and continual improvement. The difference in the maritime world is that the consequences of failure can be immediate and severe. As a result, the discipline around incident learning is deeply embedded in the culture.
Risk decisions at sea and in maritime organizations need consideration about the decision a shipping company might face today whether to transit a high-risk region such as the Strait of Hormuz. The decision is rarely simple. It requires balancing safety risks, commercial pressures, regulatory requirements including daily changing statutory requirements of various contracting governments specially those controlling the war zone. This must be seen with the operational capability and the need to ensure crew welfare. The ISM Code does not dictate the decision. Instead, it ensures that the process for making the decision is structured and informed. This is perhaps the most valuable lesson for quality professionals. Management systems do not eliminate risk. They provide a framework for making better decisions about risk.
A war zone has much to be learnt from. Nevertheless, quality professionals can use their learning based on their use of the system approach by considering risks. For those working in quality assurance, auditing, or conformity assessment, the maritime experience offers several enduring lessons. Systems matter more than individuals and therefore, competent people are essential, but reliable operations depend on structured systems. Leadership must remain engaged in safety or quality, and this accountability cannot be delegated away from top management. The leaders must prepare for rare but high-impact events risk management is not only about what happens frequently. Practice builds readiness. Training and drills ensure procedures work under real conditions. Therefore, the need to learn relentlessly from failure, use nonconformities as opportunities to strengthen the system. Management systems do not eliminate risk. They provide a framework for making better decisions about risk.
Navigating uncertainty strengthens the need to see what the ISM Code can teach leaders about risk and process management. These geopolitical tensions bring to maritime organizations the need to reassess risks faced by commercial shipping. Headlines remind us that vessels may transit waters such as the Red Sea or the Strait of Hormuz under heightened threat conditions. For ship owners and masters, such decisions require a complete and quick update of risks and other factors. For those who have spent a lifetime at sea, uncertainty is part of the profession. Mariners routinely navigate storms, mechanical failures, and complex navigational environments. Occasionally they must also consider security threats or conflict zones. Yet despite these uncertainties, global shipping remains remarkably reliable. Over 80 percent of world trade moves by sea, and the system functions with a level of safety and predictability that most industries take for granted.
These small but essential thoughts from the ISM Code are the philosophy to success in challenging times, “Every company should develop, implement and maintain a Safety Management System (SMS).” Refer ISM Code, clause 1.4 and the definition of the SMS as a, structured and documented system enabling company personnel to effectively implement the company safety and environmental protection policy, as per ISM Code, clause 1.4. Both standards recognize that outcomes, whether safety or quality depend on well-defined processes and leadership oversight.
To the mariners in the straits or those intending to cross the war zone, relook at your management system. Strengthen it. Maritime leadership ashore should stay involved in assessing risks to give the best shot at safety.
—
This article was written by IJ, Principal Consultant at QMII. With extensive experience in ISO standards, auditing, and organizational transformation, IJ has guided global organizations in strengthening their management systems. His approach focuses on aligning ISO implementation with strategic business objectives to drive long-term performance improvement.
