Domestic Passenger Vessel Accidents Are Preventable Using a Management System (Part Two)

Dr. IJ Arora:

In the first part of this two-part article, we began to consider the key commonality of accidents involving domestic vessels such as the Conception and the Spirit of Boston, namely, the absence of a fully functional management system. Here in part two, we will examine this in more depth from the perspective of the Plan-Do-Check-Act (PDCA) cycle.

Emphasizing a proactive safety culture and systematically addressing risks can greatly enhance safety in the domestic passenger vessel industry. By being vigilant and forward-thinking, companies can significantly reduce the likelihood of accidents and ensure the well-being of both crew and passengers. A comprehensive systems approach that prioritizes safety at all levels is essential for fostering a resilient maritime environment.

As a consultant with almost four decades of experience, I feel that my emphasis on fostering a proactive safety culture within the domestic passenger vessel industry is both timely and essential. The sector has historically witnessed incidents that stem not just from operational failures but from lapses in systematic risk management. The simple PDCA cycle makes risk appreciation essential and helps create a proactive management system. A proactive safety culture is not reactionary, but anticipatory. It is focused on identifying and mitigating risks before they evolve into incidents.

In domestic passenger operations, where crew and passengers coexist in dynamic and sometimes unpredictable environments, the safety culture must be leadership-driven, with management exemplifying and enforcing safety values. It must also be behavior-based, encouraging crew to speak up about near-misses or unsafe practices. An environment for quality, health, safety, and security must be built and maintained. The overall management system must be systems-supported, with procedures that make it easy to report, track, and correct hazards. A genuine safety culture is evident when every level of the organization—from executives to deckhands—considers safety an integral part of their responsibilities, not an afterthought.

Right at the start of the PDCA cycle, at the Plan stage, organizations must commit to identifying, evaluating, and mitigating risks. This is not just a best practice, but a requirement under clause 6.1 of ISO 9001:2015, which requires “… actions to address risks and opportunities.” It emphasizes understanding internal and external issues and planning actions accordingly to mitigate risk. In a similar vein, clause 8 of the ISM Code requires organizations to evaluate all identified risks to their ships, personnel, and the environment and establish appropriate safeguards. Failure to account for risks at this stage can cascade into the Do stage, with flawed procedures or untrained personnel resulting in increased chances of accidents.

In a systems approach it should be completely unacceptable to transfer uncertainty to the crew. Uncertainty in procedures, poorly defined emergency roles, or ambiguous hazard controls lead to hesitation and confusion during critical moments. The vessel crew should never be the first line of discovery for unanticipated risks. The shore-based organization must do the heavy lifting in identifying, documenting, and training for these risks. This principle aligns with clause 5 of the ISM Code, which mandates the establishment of safe practices in ship operations and a safe working environment.

Systemic safety as a shield against repetition must be created from lessons learnt. Clause 7.6 of ISO 9001 on knowledge is relevant and a requirement. As can be seen from various NTSB investigation reports, many vessel accidents share common causal factors: complacency, procedural lapses, miscommunication, or design flaws. These can be mitigated when a systems approach is employed linking technical systems, human factors, procedures, and training into one cohesive safety net. Lessons learned from past accidents are institutionalized not just in the safety management system (SMS) but in organizational memory and training routines.

Most importantly, risk appreciation must be the foundation of resilience. The ability to appreciate (not just assess) risk is what distinguishes a compliant company from a truly resilient one. Appreciating risk means embedding foresight into the organizational DNA, training teams to ask, “What if?” before a situation turns critical. This should holistically lead to and support the creation of maritime systems that do more than tick boxes—they save lives.

Applying the PDCA Cycle

Connecting these insights to the 2019 Conception tragedy not only reinforces the urgency of implementing a proactive safety culture but also illustrates precisely how systemic failures in risk appreciation, planning, and organizational accountability can lead to devastating outcomes.

As you will recall, the dive boat Conception caught fire while anchored off Santa Cruz Island, California. This resulted in the deaths of 34 people, which was the deadliest domestic maritime disaster in modern California history. The victims were asleep in a bunkroom below deck, and none of them survived. Only five crew members escaped. This tragedy was a catastrophic failure of planning, risk management, and safety culture.

The Conception disaster links clearly to a breakdown in the PDCA cycle, as follows:

  • Plan. Inadequate risk appreciation was a vital failure. There was no comprehensive risk assessment identifying the dangers of leaving charging lithium-ion batteries unattended overnight in a confined space. The lack of clearly marked and accessible escape routes was a known risk that was neither mitigated nor escalated. There was no SMS, nor was one legally required for that vessel. Still, a proactive operator would have voluntarily implemented one. As has been said, “Failing to plan is planning to fail,” and in this case, a lack of foresight into fire hazards, emergency egress, and nighttime watchkeeping was fatal.
  • Do. Lapses in implementation are apparent and have been pointed out in the NTSB report. A night watchman was required by regulation and the vessel’s certificate of inspection but was not on duty. The crew had no fire detection system below deck that could alert sleeping occupants of danger. Emergency drills and preparedness procedures were either nonexistent or insufficiently enforced.
  • Check. The investigators saw no monitoring or audit mechanisms. The vessel operator, Truth Aquatics, had no self-checking mechanism for compliance with watchkeeping requirements. There was no internal audit or reporting structure that caught repeated violations, such as skipping the night watch.
  • Act. This final stage of the PDCA cycle is intrinsically connected to leadership both ashore and at sea. However, there was almost a complete absence of any corrective action, despite past observations and near-miss warnings about battery charging risks and poor escape routes. The organization normalized deviation, operating under the illusion of safety through habit.

Failure to appreciate risk is a violation of ISO 9001 and ISM principles. The Conception incident demonstrates how not appreciating risk in the Plan stage—especially related to emerging threats like battery fires—can result in fatal vulnerabilities. Had a formal risk-based approach been followed, battery charging, watchkeeping, and egress issues would have been flagged and corrected.

Mitigating risks with an SMS

Although not mandated for this class of vessel, the absence of an SMS and risk-based approach violated the spirit of the ISM Code. Clause 8 calls for evaluating all risks and preparing for emergencies. The lack of a nighttime watch, poor escape design, and no contingency procedures represent failures in both design and culture.

The failure to appreciate hazards and risks by the organization on shore was passed to the crew and passengers, who paid for it with their lives. Passengers had no idea there was no overnight watch, a basic safety expectation. The crew was not empowered with procedures or tools to manage an emergency, placing them in an impossible position once the fire began. I therefore emphasize “companies cannot pass uncertainty to those on board.” The burden of risk must be identified, mitigated, and managed ashore, before the ship even leaves port. All that was required was a proper management system, resourced and implemented effectively and efficiently.

By not having an SMS, organizations are ensuring that there is no safety net in case the worst occurs! A comprehensive, systems-based approach could have identified the risk of charging batteries and flammable materials in confined quarters and ensured continuous watchkeeping practices were in place. The SMS would have required mandated drills, escape route evaluations, and fire detection systems. Simple internal audits would have perhaps given the management the inputs to ensure continual improvement and planned a system to ensure compliance. This would have embodied the PDCA cycle, where each stage feeds the next with learning, foresight, and action.

Conclusion

My final thought on lessons written in loss and tragedy are that having a system is the least those charged with entertaining people can do to guarantee that lives are not lost. The Conception tragedy in particular is a grim testament to what happens when safety is assumed rather than engineered. The call for a systems approach rooted in proactive risk appreciation is exactly the kind of thinking needed to prevent another such disaster.

My argument for the mandated or voluntary adoption of an SMS in the domestic passenger vessel sector draws on evidence from NTSB investigations and international best practices. Domestic passenger vessels, though subject to U.S. Coast Guard inspection regimes, are often not required to implement a formal SMS. This omission has led to repeated safety lapses where identifiable risks were not systematically mitigated. As we have seen, the consequences of such lapses can often be fatal.

It is time for the overall national policy to encourage the U.S. Coast Guard to extend SMS requirements to large domestic passenger vessels and establish tiered SMS models scalable by vessel type and operation. To the industry czars my recommendations are to encourage industry bodies to provide incentives and recognition for SMS adopters and promote voluntary adoption through education and resource support. To the organizations and companies operating in the domestic U.S. waters, I suggest these company-level actions:

  • Begin voluntary SMS implementation aligned with ISO or ISM principles.
  • Train personnel in the PDCA methodology.
  • Perform internal audits and hazard reviews regularly.

The tragedy of the Conception and the other incidents we have discussed reveal that compliance alone does not ensure safety. Only a structured, systems-based approach can prevent recurrence. It is time for the domestic passenger vessel industry to adopt SMS—not only as a regulatory checkbox but as a foundational safety ethos.

Note – The above article (Part 2) was recently published in an Exemplar Global publication – ‘The Auditor’

Click here to read the article.

Click here to read part 1 of the article

Domestic Passenger Vessel Accidents Are Preventable Using a Management System (Part One)

Dr. IJ Arora:

Think of any accident, mishap, or tragedy involving a passenger vessel through history (or in recent times) and then look at the post-event investigation report. If you do this, you will find one shortcoming common to these tragedies: a poor appreciation of risk and the practical nonexistence of a management system. Occasionally, in slightly less disastrous events, you may see the existence of a system, but it is usually poorly implemented.

This two-part article considers the domestic passenger vessel industry in the United States, where there have been several tragedies. I hope (although hope is not a plan) that this work will inspire the industry to look at the proper implementation of management systems. In trying to narrow the discussion, we will analyze and learn lessons from the 2019 sinking of the Conception and to a limited extent the 2023 fire aboard the Spirit of Boston cruise ship. I will mention a few other incidents as well to make the connection and bring out the failure of the various systems that broke down.

A systems-based approach in analyzing accidents in the domestic U.S. passenger vessel industry involves looking at the various components and process interactions that could potentially lead to incidents. This can include factors such as crew training, vessel design, regulatory compliance, maintenance practices, and emergency preparedness. However, the major factor is usually the absence of a management system (or a badly designed and/or poorly implemented one). This is a tragedy in the making.

I am studying these accidents to demonstrate how a systems approach could have helped prevent many of these mishaps. The reluctance to implement an effective management system pains me, not to mention primary investigation agencies like the National Transportation Safety Board (NTSB), the United States Coast Guard (USCG), and other responsible bodies.

Note that I am not discussing technical processes here. Yes, those often fall short of the mark as well, but the bigger issue is the failure to apply simple systematic thinking based on existing management system standards. This reluctance to work systematically surprises me. I’ve recently expressed my views on the Baltimore Bridge collapse, the implosion of the Titan submersible, the collision between an American Airlines flight and a military helicopter over the Potomac, and the Boeing 737 Max inspection failures. In all cases, I cannot understand why a simple, cost-effective action such as properly implementing a management system should be such a critical weakness within so many different organizations. It is a leadership flaw, for (as W. Edwards Deming said) “A bad system will let down a good person every time!”

Titanic and Herald of Free Enterprise

When discussing this topic, many will think back to the Titanic tragedy which goes back more than 100 years. This is of course perhaps the most well-known sinking of all time, so I will not rehash the details, which are easily available online. However, I do want to mention that events like the sinking of the Titanic create the ultimate push—it caused a reaction and, ultimately, the creation of a workable system to help save lives and the vessels themselves. Depending on owners, operators, and masters, to use their judgment and do the right thing at the time of crisis was no longer enough. What the Titanic demonstrated was that the industry needed enforceable regulations and requirements. The result was the Safety of Life at Sea (SOLAS) Convention, which formalized a systematic approach to safety.

Before studying incidents occurring in U.S. domestic waters, I also want to mention the tragedy of the Herald of Free Enterprise, which occurred on March 6, 1987, at Zeebrugge, Belgium. The Herald of Free Enterprise was a roll-on/roll-off ferry owned by the Townsend Thoresen company. On that day, the ship capsized shortly after leaving port and 193 people lost their lives. It had departed with its bow doors open, allowing seawater to flood the car deck. Within minutes, the ship was lying on its side in shallow water.

The tragedy exposed severe deficiencies in the company’s safety culture and operational practices. Justice Barry Sheen was appointed to head the official inquiry into the disaster. His report, published in October 1987, was scathing and unprecedented in its criticism of the ferry operator, management, and the broader safety practices in the maritime industry. Justice Sheen’s report identified a “… disease of sloppiness and negligence at every level of the hierarchy.” This became one of the most quoted phrases from the report. Sheen emphasized that the disaster was not due to a single act of negligence but rather a “… catalogue of failures…” including the failure to ensure the bow doors were closed, poor communication between crew and bridge, inadequate safety procedures, and the absence of proper checks before sailing.

The report placed heavy blame on the senior management, asserting that safety was not a high priority for the company. It also noted that management failed to implement procedures that could have prevented such a tragedy.

It is indeed shocking and surprising that even today, decades later, investigations reports are still pointing out these same drawbacks. Lessons learned seem to be forgotten. I particularly wanted to focus on this incident because Justice Sheen’s report was a turning point in maritime safety regulation. It directly influenced the creation of the ISM Code under the International Maritime Organization (IMO), which mandated formal safety procedures and accountability in international shipping operations.

Conception

The Conception was a dive boat that caught fire off the coast of California, resulting in the deaths of 34 people in 2019.

Investigations into this disaster revealed several deficiencies, including inadequate fire safety procedures, lack of a proper emergency escape route, and insufficient crew training. There were also issues related to the vessel’s sleeping arrangements, where most of the passengers were asleep below deck at the time of the fire.

A systems approach would emphasize the need for comprehensive safety protocols, regular training for crew members, proper vessel design for evacuation, and effective regulatory oversight to ensure the robust implementation of safety measures.

Spirit of Boston

This incident involved a fire that broke out on the dining cruise ship Spirit of Boston while docked in 2022.

The fire was linked to a potential electrical malfunction, but it highlighted issues related to maintenance practices and emergency response protocols.

By applying a systems approach, stakeholders could focus on root cause analysis, looking into how maintenance schedules, crew training, and emergency responses are integrated and managed.

Overall recommendations for the systems approach

There are several important elements to consider in favor of the systems approach, as follows:

  • Interdisciplinary collaboration. Promoting collaboration among various stakeholders, including regulatory bodies, ship management companies, and safety experts, to share information and best practices
  • Root cause analysis. Encouraging investigations that go beyond the immediate causes of accidents to identify systemic failures that could contribute to unsafe conditions
  • Regular training and drills. Implementing continuous training and emergency drills for crew members to ensure readiness, competence and enhance situational awareness
  • Maintenance and safety protocols. Establishing stringent protocols for vessel maintenance and safety checks, with thorough documentation and compliance checks
  • Regulatory oversight. Advocating for robust regulatory frameworks that require adherence to safety standards and proactive risk management strategies
  • Cultural change. Fostering a safety-first culture within organizations that prioritize safety above operational pressures

We can see in these two recent incidents that, as with the case of the Herald of Free Enterprise, a systems approach enables a comprehensive understanding of the complexities involved in maritime operations, leading to better prevention measures and enhanced safety outcomes in the passenger vessel industry.

Other examples

Over the years, the NTSB has investigated numerous accidents involving passenger vessels. A few notable examples follow:

  • Estonia. Although this accident occurred in European waters, its implications affected international passenger shipping, including practices adopted in the United States. The Estonia sank in the Baltic Sea in 1994, resulting in the deaths of 852 people. The investigation revealed that the key issues were related to vessel design, including hull integrity and cargo securing. This incident led to enhanced safety regulations regarding passenger vessel construction and operational safety protocols.
  • Andrew J. McHugh. This collision involving the ferry Andrew J. McHugh and another vessel occurred in the narrow Houston Ship Channel, leading to the deaths of 17 passengers in 1980. The key factors included poor visibility, navigational errors, and inadequate communication between vessels. Subsequent recommendations from the NTSB aimed at improving navigational practices and vessel traffic control in critical areas.
  • Benson. The Benson, a tour boat in New York, capsized during a sudden storm. A total of 10 people died in this 2000 incident. The investigation pointed out questionable weather assessment practices and inadequate safety measures for handling sudden weather changes. The NTSB recommended better training for crew members regarding weather evaluation and emergency response.
  • Dawn Princess. A fire aboard this cruise ship in the South Pacific led to emergency evacuations in 2003. Although there were no fatalities, more than 150 passengers were affected. The fire was linked to flaws in electrical systems. The NTSB emphasized improved fire safety systems and crew training on firefighting and evacuation protocols.
  • Emotion. This fishing vessel capsized near Alaska in 2010, resulting in several fatalities. The investigation pointed out structural problems and issues with the vessel’s stability while loaded. Recommendations focused on vessel stability assessments and the importance of adherence to safety regulations during fishing operations.
  • Explorer. In 2007, the Explorer ran aground off the coast of the Antarctic Peninsula, leading to evacuations. All passengers were saved, but the incident raised alarms about navigational practices and inappropriate response to weather changes. The NTSB highlighted the need for enhanced navigational training and real-time communication.

For each of these incidents, a systems approach would involve comprehensive training programs for crew related to emergency preparedness, rigorous maintenance and operational checks, research and implementation of advanced technologies for navigation and safety, and collaboration among regulatory bodies to create uniform safety standards that encompass all aspects of vessel operation. These historical examples underscore the importance of a proactive stance on maritime safety, highlighting that every component of the system must work together to prevent accidents and improve safety outcomes in the passenger vessel industry.

A poor approach that fails to be proactive can significantly contribute to accidents such as these. When risks are not systematically identified and appreciated, several detrimental consequences can arise. Without a systematic approach to risk assessment, potential hazards may go unnoticed, increasing the likelihood of incidents. Vessels may not be adequately equipped to handle specific risks, such as extreme weather or equipment failures. There is a requirement for safety protocols, adequate training, and improvement of communications.

On the other hand, a reactive approach undermines effective communication within the organization and between vessels. Without established systems for reporting and discussing risks, lessons learned from previous incidents may be ignored.

The other factors are regulatory compliance lapses. In the absence of a proactive culture, vessels may not adhere to regulatory requirements consistently or may develop a compliance mindset that prioritizes minimum standards over comprehensive safety practices. Neglecting lessons learned from past incidents is another flaw. A failure to learn from past accidents can lead to repetitive mistakes. If organizations do not analyze historical incidents and implement changes based on those insights, they risk encountering similar situations again and again.

In the second part of this article, we will discuss the importance of using the Plan-Do-Check-Act cycle in embracing a safety management system.

To read Part 2 of the article – Click here

Note – The above article was recently published in an Exemplar Global publication – ‘The Auditor’

Click here to read the article.

Understanding ISM Code Compliance for Maritime Operators

ISM

Having spent over 15 years in the maritime and compliance world, and a further decade working with various international Flag Administrations, I’ve seen firsthand the shift from traditional shipping operations to a more safety- and systems-driven industry. One of the major forces behind that transformation? The International Safety Management (ISM) Code. For maritime operators today, ISM Code compliance isn’t just about ticking boxes, it’s about embedding a culture of safety, responsibility, and continual improvement into every layer of their operation.

What is the ISM Code?

There is a saying that regulations are written in blood. The ISM Code was born out of hard lessons learned from major marine accidents. The major event that acted as a catalyst in its development was the MV Hearld of Free Enterprise. Introduced by the International Maritime Organization (IMO) under the SOLAS convention, the code mandates that every shipping company operating SOLAS compliant vessels implement a Safety Management System (SMS), a system that governs practices for the safe operation of ships and prevention of marine pollution.

I remember when the ISM Code first rolled out in the ’90s. Many shipowners were skeptical, and some even resistant. Back then, I was sailing with a company who was navigating the early implementation. The real challenge was shifting the mindset, from reactive firefighting to proactive risk management. From a documentation exercise to a shift in the way operations were done. That’s where I learned: policies are easy to write, but real compliance starts with people.

Why ISM Code Compliance Matters More Than Ever

Today, ISM Code compliance is not optional—it’s foundational. For operators navigating increasingly complex global regulations, it offers several key benefits:

  • Safety First: The SMS serves as a blueprint for safe operations at sea. I’ve seen it reduce incidents dramatically when implemented properly.
  • Environmental Responsibility: With public scrutiny and environmental regulations tightening, having structured pollution control measures is non-negotiable.
  • Credibility & Trust: In one of my past sailing tenures with a major operator, ISM compliance helped secure long-term contracts with charterers. Clients want to work with companies that can prove they’re managing risks responsibly.
  • Operational Clarity: When roles, responsibilities, and procedures are clearly outlined, decision-making becomes faster and more consistent.

The Core Objectives of the ISM Code

The ISM Code objectives listed in clause 1.2 remain as relevant now as when the code was first introduced. Clause 1.2 is about outcomes, not just documents. It’s about creating a system that actually prevents harm, not just reacts to it.

For me, ISM Code compliance under Clause 1.2 isn’t just about passing an audit, it’s about building a culture where every person onboard understands their role in safeguarding lives, the vessel, and the environment. It requires integrating risk assessments into planning, ensuring safe working practices, maintaining the ship properly, and always being prepared for emergencies.

I always emphasize these objectives when training ship and shore staff. It’s not about overwhelming them with paperwork, it’s about aligning them with a purpose. The code provides the structure; we provide the commitment.

Key Elements of ISM Code Compliance

A fully compliant SMS includes:

  • Safety and Environmental Protection Policy
  • Defined Roles and Responsibilities
  • Safe Operating Procedures
  • Emergency Preparedness
  • Reporting and Analysis of Incidents
  • Internal Audits and Continuous Improvement

One of the best implementations I facilitated was for a regional bulk carrier. We not only developed the vessel SMS but aligned office procedures, and built an SMS that didn’t just sit in a manual, it lived on the bridge, in the boardroom and in the daily practices of personnel.

The Compliance Process for Maritime Operators

Getting compliant involves more than a checklist. Here’s a simplified roadmap:

  1. Gap Analysis – Review what you already do and what the code expects. Does it reflect the operational reality or is it a fictional system?
  2. SMS Development/Update – Build or refine your safety management system. Comprehensive reviews when done after many years can lead to a reduction in documentation by over 20 percent.
  3. Training & Awareness – Everyone onboard and ashore must know their part. How do they contribute to the effectiveness of the system.
  4. Certification – Obtain the Document of Compliance (DOC) and Safety Management Certificate (SMC) through audits.
  5. Ongoing Monitoring – Regular internal audits and management reviews keep the system alive and evolving.

Common Challenges in ISM Code Compliance

Let’s be real, compliance has its hurdles:

  • Top-down Disconnect: Without leadership buy-in, the SMS becomes a box-ticking exercise.
  • Crew Resistance: “We’ve always done it this way” is a common attitude.
  • Training Gaps: If your crew doesn’t understand the ‘why’ behind procedures, they won’t follow them.
  • Audit Fatigue: Poor recordkeeping and rushed preparation can derail audits.

My advice? Keep it simple. Make procedures practical, not bureaucratic. Involve the crew in developing routines. That’s how you make compliance sustainable.

The Future of ISM Code Compliance and Technology’s Role

The maritime industry is changing fast. Digital tools are making compliance easier and smarter:

  • Cloud-based SMS systems offer real-time updates and reduce paperwork.
  • Remote audits became mainstream during the pandemic—and they’re here to stay. Where a full remote audit is not feasible consider hybrid audits.
  • Data analytics can identify patterns in incidents and help prevent them.
  • Mobile apps for onboard reporting are empowering seafarers to be active players in the compliance process.

Look at mistake proofing of the system. So even if a human wanted to make an error the system would prevent it.

In Conclusion, ISM Code compliance isn’t just about certificates. It’s about creating a safety culture that protects your people, your assets, and the environment. For maritime operators willing to invest the effort, the returns in safety, efficiency, and reputation are well worth it.

If you’re a maritime operator looking to simplify or strengthen your ISM safety management system, I’m happy to share more from my experiences. As someone who’s walked ship decks, sat in boardrooms, worked with Flag Administrations and led audits, I believe that compliance done right isn’t a burden—it’s a competitive advantage.

The Role of Management Systems in the Tragic Collision Over the Potomac

by Dr. IJ Arora


A significant tragedy occurred in Washington D.C. on January 29, 2025, with the deadly collision between a U.S. military Black Hawk helicopter and a regional jet flying for American Airlines. The resulting crash caused the loss of 67 precious lives and pointed to a multilayered failure of safety mechanisms.

In a short article like this it is not my intent to explore the reasons for this event, and I have neither the expertise nor the authority to investigate, anyway. The U.S. National Transportation Safety Board (NTSB) and other relevant agencies will do that in a most professional manner. However, I do have a degree of experience relating to the systems approach for managing processes at large and complex organizations. I feel called to share my perspective on this disaster with a systems approach in mind.

Proactive appreciation for risk

Hindsight, it has been said, is 20/20. I am aware that I’m writing this after the tragedy has already occurred. However, management systems should be proactive, where data drives the understanding and mitigation of risk. As a practitioner and advocate of process-based management systems, I believe that well-implemented procedures give an organization the best chance to produce conforming products and services.

A systems approach, based on ISO 9001’s subclause 4.4., which relates to quality management system processes, could have played a role in preventing an incident of this type. Subclause 4.4.1 states, in part, “The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions….”

Following this requirement is no guarantee of safe and successful outcomes, but it is surely the best bet. I had similar thoughts on the tragedy of the implosion of the Titan submersible and the Baltimore Bridge collapse. The core principles of ISO 9001, especially risk-based thinking, continual improvement, and process interaction, align well with safety imperatives, particularly safety management for the aviation industry. The systems approach is a fundamental that organizations often neglect at their (and their customers’) peril.

ISO 9001—and for that matter, the aerospace standard AS9100—is built on risk-based thinking. A structured process aligned with the risk management standard ISO 31000 and aviation safety management systems are required by ISO 9001 subclause 6.1, regarding actions for addressing risks and opportunities, and subclause 8.1 concerning operation planning and controls. Conformance with these requirements can help identify and mitigate collision risks between civil and military aircraft.

Process interaction and communication are vital in such situations.  A failure in communication between air traffic control, military operations, and civilian aviation may have contributed to the crash. Of course, we will wait for the full report from the NTSB investigation. However, it is never too late (or for that matter, too early) to be proactive and implement a process approach to ensure that all stakeholders follow well-defined communication and coordination protocols.

PDCA, SWOT, and FMEA

Being proactive requires an appreciation of risk at the Plan stage of the Plan-Do-Check-Act (PDCA) cycle. Note that preventive actions and continual improvement are integral to the system approach.

The media have reported on the details of numerous previous aviation incidents. Analyzing near-miss incidents and integrating lessons learned into improved procedures could enhance safety protocols. Human factors and process redundancy must be considered in a systematic manner. Human errors (e.g., miscommunication, misinterpretation of airspace usage, etc.) can be minimized with automated systems and via decision-making redundancy checks.

In principle, the process approach found in ISO 9001 emphasizes addressing process issues as opposed to blaming individuals. However, in the aviation field, the human factor is important; clause 10.2.1 b2 of AS9100 expresses the importance of this concept. The industry-specific interpretation of requirements as seen in this standard provides a robust framework (via a clause structure) to design an efficient management system. This, together with auditing and compliance requirements, gives leadership confidence that their system can and will produce conforming products and services.

Further to this point, regular audits of flight coordination between civilian and military aviation could highlight gaps before they lead to accidents. As such, integrating ISO 9001 with AS9100 and AS9110 (the aerospace quality standard specifically designed for maintenance, repair, and operations) as well as ISO 45001 covering the management of operational health and safety will provide a solution to proactively address risks in the context of the aviation industry. This would cover all interested parties, as per clauses 4.1 and 4.2 of ISO 9001. Although aviation already has strict regulatory frameworks (e.g., FAA, ICAO, etc.), the structured process management systems required by ISO 9001 and AS9100 can complement these frameworks by embedding the statutory and legal requirements into the management system.

If the organizations involved focus on how specific elements of ISO 9001 can be applied to aviation safety, particularly in preventing collisions, I would first recommend that they look at risk-based thinking as seen in clause 6.1, addressing actions related to risks and opportunities. This can partially be accomplished by undergoing a strengths, weaknesses, opportunities, and threats (SWOT) analysis. ISO 9001 emphasizes risk assessment and mitigation throughout processes.

In aviation, a structured risk-based approach would identify potential hazards (e.g., conflicting flight paths, miscommunication, system failures, etc.). The system would also assess risk severity and likelihood of occurrence and probability of detection, using tools like a failure modes and effects analysis (FMEA). Controls could be implemented (e.g., enhanced air traffic control coordination, better radar tracking, AI-driven airspace monitoring, etc.). For example, aviation safety bodies could require all civilian and military flights to undergo a real-time risk assessment check before takeoff, considering airspace congestion, weather, and military training exercises.

Potential solutions

Process interaction and communication (as seen in ISO 9001’s clause 4.4.1 b regarding understanding process interactions) would systematically improve the system. Aviation operations involve multiple stakeholders, such as airlines, air traffic controllers, military operations, ground crews, etc. A process approach would ensure defined standard operating procedures for communication between civilian and military aviation. These could include real-time data sharing using standardized digital platforms and/or automated conflict-resolution systems that detect and alert pilots and controllers regarding possible mid-air conflicts. An integrated civil-military coordination dashboard could be established, where both parties have real-time visibility on flight plans, airspace restrictions, and emergency deviations.

Risk appreciation and continual improvement (as seen in ISO 9001’s clause 10.2 regarding nonconformity and corrective action, clause 10.3 on continual improvement, and clause 5.1.2 regarding customer focus) require organizations to analyze failures, investigate causes, and take corrective actions. In aviation safety, this could mean automated reporting and analysis of near-miss incidents and regular safety audits to evaluate procedural weaknesses and machine learning-based predictive analytics to foresee and prevent future crashes.

When a near-miss incident occurs, such a system could automatically trigger a root cause analysis and recommend safety adjustments for all stakeholders. Human factors and redundancy (as seen in clause 7.1.6 regarding organizational knowledge) promote knowledge management and human reliability strategies. In aviation, this could mean mandatory cross-training for military and commercial pilots on shared airspace procedures. AI-assisted decision-making tools that provide secondary verification for pilots and controllers could be a positive outcome of data analysis.

Data drives risk and trends. A digital co-pilot system could use AI to continuously monitor air traffic conflicts and intervene if human errors are detected. Auditing and compliance (as seen in clause 9.2 regarding internal auditing) would provide objective and independent inputs by regular safety audits of flight coordination. Air traffic control systems could ensure compliance with standardized airspace usage protocols, identification of gaps in inter-agency communication, and implementation of best practices from previous incident investigations. A shared civil-military aviation audit framework could ensure uniform compliance with risk management policies, reducing the chance of airspace conflicts.

I am not a technical subject matter expert in the aviation industry. My expertise is in looking at systems. My 30 years of experience suggests the importance of strengthening the Plan stage of the PDCA cycle. Things go wrong at the Do stage (i.e., implementation), however, if the plan itself is deficient and not coordinated, the implementation can and perhaps will go wrong.

By integrating ISO 9001 principles into aviation safety proactively and appreciating the risks, management can prevent mid-air conflicts. Process-driven coordination ensures better civil-military collaboration. Automated monitoring and auditing could improve response times to emerging threats.

Sadly, this tragedy once again bears out the wisdom of W. Edwards Deming when he said that a bad system will beat a good person every time.

Note – The above article was recently featured in Exemplar Global’s publication ‘The Auditor”. Click here to read it.

Controlling Sub-Sea Infrastructure


The recent implosion of the Titan, a sub-sea submersible used for taking elite, high-paying tourists to see the wreck of the Titanic, brought the safety protocols of both vessels into focus. There were no statutory requirements for regulating the Titan and neither were there any when the Titanic sank in 1912! As a reactive measure, the maritime community came up with the Safety of Life at Sea (SOLAS) Convention soon after the sinking of the Titanic. Ironically, after the Titan submersible imploded, we have come to realize there are no requirements covering this vessel. Perhaps with time, the involved counties will react.

The question is, why was nothing done proactively? Tourists go up in hot air balloons all the time. Is there any statutory requirement that these tourist companies must meet? Is there even a requirement to have a management system in place so that these companies work systematically, appreciate the risks in the context of the organization, and plan their operations keeping risks in mind? It is true that entrepreneurs do not like regulations and consider requirements a hindrance in a free business environment. And yet the Titanic, which was declared to be “unsinkable,” did, in fact, sink! In the United States, the domestic towing vessel industry functioned without statutory requirements until recently. The industry avoided regulation, but tragedies occurred, and now the industry is regulated under the U.S. regulatory framework. A process-based management system is the best systematic structure to produce conforming products and services, ensure continual improvement, and implement the statutory requirements if available.

The intent of this article is to proactively start a discussion on the need for regulating sub-sea infrastructure to reduce its affect on the marine transportation system. The phrase “sub-sea infrastructure” refers to equipment and technology placed on or anchored to the ocean floor. This infrastructure may include, but is not limited to, cables for telecommunication, cables for power transmission, pipelines for transmission of fluids, and other stationary equipment for scientific research.

The growth of sub-sea infrastructure is a global phenomenon. As an example, is in the interest of all nations, and particularly here in United States, to promote wind farms, which are a source of renewable energy. When these wind farms are placed in selected geographical locations along the continental shelf, they need sub-sea cables. But are there any laws controlling the systematic development of the industry to enable an effective marine transportation system and its protection of maritime community interests and environmental interests? Is there a central agency responsible for this coordination to allow for a balanced approach to risks? The amount of cabling piling up needs management and oversight.

Sub-sea infrastructure, the definition of the problem

Numerous industries have a stake in sub-sea infrastructure. Examples include oil and gas, telecommunications, fishing, scientific research, and perhaps military/defense applications such as sonar and other arrays and obstacles. This infrastructure is a requirement, but it also faces various challenges including those that can lead to accidents, environmental damage, and possible breaches in national security. All these bring out very significant concerns related to sub-sea infrastructure and the lack of comprehensive and globally accepted standards, requirements, obligations, and assurance mechanisms. It is not that organizations such as the United States Coast Guard, the National Oceanic and Atmospheric Administration, the Bureau of Safety and Environmental Enforcement, the U.S. Army Corps of Engineers, the Environmental Protection Agency, and other federal and state agencies do not look at these issues.

Nevertheless, it remains a concern that there is no single agency or overarching requirement to provide a framework to the industry on harmonized implementation of requirements. This lack of harmonization can mean inconsistencies in design, installation, and maintenance practices which may not address risks uniformly. This can generate consequential risks, leading to increased accidents, mechanical failures, and costs to the industry and the nation.

Recent tragedies and accidents

Recent tragedies and accidents involving sub-sea infrastructure have been limited, and yet must not lead to complacency by the agencies involved. The few that have occurred indicate the challenges and trends pointing to the need for proactive requirements. The recent tragedies include:

  • Deepwater Horizon. The potential consequences and challenges inherent in deep-water oil drilling were brought out by the Deepwater Horizon tragedy in 2010. The oil rig explosion in the Gulf of Mexico caused a massive oil spill and resulted in the loss of 11 lives. Although not technically a sub-sea incident, it highlighted a series of failures in design, maintenance, and company oversight—all factors pointing to the importance of robust safety standards and requirements, and the implementation thereof. The Deepwater Horizon incident was not directly related to sub-sea infrastructure; however, it heightened the risks associated with offshore oil and gas production and the potential for catastrophic environmental damage.
  • Nord Stream 1 and Nord Stream 2. Occurring in September 2022, the damage to these gas pipelines in the Baltic Sea highlighted concerns around sub-sea infrastructure. These pipelines transport natural gas from Russia to Europe; in this incident, they sustained multiple leaks. The exact cause of the damage is unclear, though deliberate sabotage was suspected and is still under investigation. Regardless of the ultimate findings, this incident exposed the vulnerabilities of sub-sea infrastructure to sabotage, and the potential for significant environmental and economic consequences are real. Intentional attacks to the sub-sea infrastructure have the potential for widespread disruption of energy supplies. Apart from the Nord Stream, there have been other sub-sea incidents affecting the gas and oil industry. In 2021 a fire broke out on a sub-sea production control umbilical off the coast of Brazil, causing significant damage to the underwater equipment and resulting in a major oil spill.
  • English Channel Internet Disruption. In 2021, a ship dragging its anchor on the seabed in the English Channel cut the three main internet cables to the Channel Islands. Although this only resulted in slower broadband speeds in this instance, there remains the possibility that it could have resulted in a complete outage.

Looking ahead

These incidents represent leading indicators of a tragedy in the making should proactive action not be taken. The critical importance of safety for sub-sea infrastructure underscores the need for a more comprehensive and rigorous approach to standards and assurance. Industry stakeholders together with regulatory bodies within the United States and global organizations such as the International Maritime Organization must work together to establish a harmonized set of safety standards, implement robust assurance mechanisms, and foster a culture of safety throughout the sub-sea industry.

The increasing reliance on sub-sea infrastructure for various industries (including wind farms) necessitates a proactive approach to safety and risk management. There is definitely a need to invest in research and development to enhance the resilience and monitoring capability of sub-sea infrastructure. The various companies in the sub-sea industry are holding their proprietary information close to the vest. This is understandable. However, these organizations are in competition with totalitarian governments, in which control of business practices is the exclusive dominion of the state. It is necessary to enhance transparency and information-sharing among industry stakeholders to facilitate better risk assessment and incident prevention.

Conclusion

Promoting a culture of safety that prioritizes risk identification, risk mitigation, and continual improvement is essential. There is no common ISO standard for sub-sea management systems. Of course, ISO 9001 is interpretable and can be used as the basis for now. Environmental protection is a challenge for a developing industry, and as such, even greater urgency is needed for statutory requirements encompassing all aspects of stakeholder interests, the marine industry in general, and the protection of the environment for generations to come.

Marine transportation remains the most important way for goods to be shipped across the world, as approximately 80 percent of the world’s goods are transported by ships. Vessels need a place to anchor in normal operating conditions as also in emergencies. A crowded seabed in harbors makes this a challenge for the entire maritime industry.

Without adequate and effective regulatory oversight, it may be too late to take action once cables and other sub-sea equipment have already been laid. Further, multiple agencies regulating the same aspects of the industry can potentially lead to bureaucratic delays.  There is therefore an urgent need to create a single statutory body to regulate the sub-sea infrastructure industry, which will greatly benefit all parties invested in the maritime transportation system.

Exemplar Global Publication “The Auditor”

Implementing Safety Management Systems for Passenger Vessels

PV SMS White Paper – FinalExcerpt below is from White Paper by ‘Implementing Safety Management Systems for Passenger Vessels’ by Dr. Inderjit (IJ) Arora (QMII), Julius Desilva (QMII) and Captain Lee Boone (USCG, Retired). To continue reading the paper click on link in text.

INTRODUCTION

All too often, major accidents are the catalyst for change in the maritime industry. Evidence of this is seen in the development and implementation of maritime conventions and codes in existence today. The International Safety Management (ISM) Code, the result of such a catalyst, was meant to change this reactive nature. The ISM Code intended to promote a safety culture wherein risks are properly considered, work is effectively planned, personal accountability is enhanced, and operations are continually improved.

Unfortunately, this target was missed in many cases and a pervasive by-product called compliance culture set in, wherein the system achieves the minimum and only to satisfy regulators. The maritime industry and regulators learned much from this experience. We know now that if the true value of safety management systems (SMS) is not realized, further implementation efforts become self-defeating. This leads to even more than normal resistance from many who have seen colleagues, shipmates and competitors negatively impacted. A carefully planned implementation strategy expanding the use of safety management systems (SMS) to domestic passenger vessels should therefore be executed to avoid these pitfalls. As Safety Management Systems for domestic passenger vessels are intended in the same way as those for SOLAS1 vessels, we must apply lessons that have been learned from similar regulatory efforts.

In this paper, recommendations are made for implementing SMSs for domestic passenger vessels (PV) based on the concepts of incentives, scalability, and collective use of resources. When implemented in the right way and for the right reasons, the value that SMSs offer passenger vessel owner/operators is maximized, while the cost of implementation is minimized.

BACKGROUND – RESISTANCE TO CHANGE

Looking at the data from the 1980’s to date, one would expect to see a decline in marine casualties starting in 1998 when the ISM code’s first compliance deadline came into effect. Initially the data shows a downward trend for a few years and then a spike starting in 2001. Those resisting change brought about by the ISM code would argue that the code had not delivered any improvements. However, the upward trend peaked in 2008 and has since seen a decline.

When a new management system is put in place, irrespective of industry, the first sign of success albeit non-intuitive, is a spike in accidents, incidents and hazardous occurrences. This leading indicator should be accepted as a positive as it demonstrates that the personnel within the system have started reporting non-conformities that went unreported before. This reporting enables corrective action to be taken in a systematic manner to prevent a similar non-conformity from occurring again.

To continue reading click here.