Domestic Passenger Vessel Accidents Are Preventable Using a Management System (Part Two)

Dr. IJ Arora:

In the first part of this two-part article, we began to consider the key commonality of accidents involving domestic vessels such as the Conception and the Spirit of Boston, namely, the absence of a fully functional management system. Here in part two, we will examine this in more depth from the perspective of the Plan-Do-Check-Act (PDCA) cycle.

Emphasizing a proactive safety culture and systematically addressing risks can greatly enhance safety in the domestic passenger vessel industry. By being vigilant and forward-thinking, companies can significantly reduce the likelihood of accidents and ensure the well-being of both crew and passengers. A comprehensive systems approach that prioritizes safety at all levels is essential for fostering a resilient maritime environment.

As a consultant with almost four decades of experience, I feel that my emphasis on fostering a proactive safety culture within the domestic passenger vessel industry is both timely and essential. The sector has historically witnessed incidents that stem not just from operational failures but from lapses in systematic risk management. The simple PDCA cycle makes risk appreciation essential and helps create a proactive management system. A proactive safety culture is not reactionary, but anticipatory. It is focused on identifying and mitigating risks before they evolve into incidents.

In domestic passenger operations, where crew and passengers coexist in dynamic and sometimes unpredictable environments, the safety culture must be leadership-driven, with management exemplifying and enforcing safety values. It must also be behavior-based, encouraging crew to speak up about near-misses or unsafe practices. An environment for quality, health, safety, and security must be built and maintained. The overall management system must be systems-supported, with procedures that make it easy to report, track, and correct hazards. A genuine safety culture is evident when every level of the organization—from executives to deckhands—considers safety an integral part of their responsibilities, not an afterthought.

Right at the start of the PDCA cycle, at the Plan stage, organizations must commit to identifying, evaluating, and mitigating risks. This is not just a best practice, but a requirement under clause 6.1 of ISO 9001:2015, which requires “… actions to address risks and opportunities.” It emphasizes understanding internal and external issues and planning actions accordingly to mitigate risk. In a similar vein, clause 8 of the ISM Code requires organizations to evaluate all identified risks to their ships, personnel, and the environment and establish appropriate safeguards. Failure to account for risks at this stage can cascade into the Do stage, with flawed procedures or untrained personnel resulting in increased chances of accidents.

In a systems approach it should be completely unacceptable to transfer uncertainty to the crew. Uncertainty in procedures, poorly defined emergency roles, or ambiguous hazard controls lead to hesitation and confusion during critical moments. The vessel crew should never be the first line of discovery for unanticipated risks. The shore-based organization must do the heavy lifting in identifying, documenting, and training for these risks. This principle aligns with clause 5 of the ISM Code, which mandates the establishment of safe practices in ship operations and a safe working environment.

Systemic safety as a shield against repetition must be created from lessons learnt. Clause 7.6 of ISO 9001 on knowledge is relevant and a requirement. As can be seen from various NTSB investigation reports, many vessel accidents share common causal factors: complacency, procedural lapses, miscommunication, or design flaws. These can be mitigated when a systems approach is employed linking technical systems, human factors, procedures, and training into one cohesive safety net. Lessons learned from past accidents are institutionalized not just in the safety management system (SMS) but in organizational memory and training routines.

Most importantly, risk appreciation must be the foundation of resilience. The ability to appreciate (not just assess) risk is what distinguishes a compliant company from a truly resilient one. Appreciating risk means embedding foresight into the organizational DNA, training teams to ask, “What if?” before a situation turns critical. This should holistically lead to and support the creation of maritime systems that do more than tick boxes—they save lives.

Applying the PDCA Cycle

Connecting these insights to the 2019 Conception tragedy not only reinforces the urgency of implementing a proactive safety culture but also illustrates precisely how systemic failures in risk appreciation, planning, and organizational accountability can lead to devastating outcomes.

As you will recall, the dive boat Conception caught fire while anchored off Santa Cruz Island, California. This resulted in the deaths of 34 people, which was the deadliest domestic maritime disaster in modern California history. The victims were asleep in a bunkroom below deck, and none of them survived. Only five crew members escaped. This tragedy was a catastrophic failure of planning, risk management, and safety culture.

The Conception disaster links clearly to a breakdown in the PDCA cycle, as follows:

  • Plan. Inadequate risk appreciation was a vital failure. There was no comprehensive risk assessment identifying the dangers of leaving charging lithium-ion batteries unattended overnight in a confined space. The lack of clearly marked and accessible escape routes was a known risk that was neither mitigated nor escalated. There was no SMS, nor was one legally required for that vessel. Still, a proactive operator would have voluntarily implemented one. As has been said, “Failing to plan is planning to fail,” and in this case, a lack of foresight into fire hazards, emergency egress, and nighttime watchkeeping was fatal.
  • Do. Lapses in implementation are apparent and have been pointed out in the NTSB report. A night watchman was required by regulation and the vessel’s certificate of inspection but was not on duty. The crew had no fire detection system below deck that could alert sleeping occupants of danger. Emergency drills and preparedness procedures were either nonexistent or insufficiently enforced.
  • Check. The investigators saw no monitoring or audit mechanisms. The vessel operator, Truth Aquatics, had no self-checking mechanism for compliance with watchkeeping requirements. There was no internal audit or reporting structure that caught repeated violations, such as skipping the night watch.
  • Act. This final stage of the PDCA cycle is intrinsically connected to leadership both ashore and at sea. However, there was almost a complete absence of any corrective action, despite past observations and near-miss warnings about battery charging risks and poor escape routes. The organization normalized deviation, operating under the illusion of safety through habit.

Failure to appreciate risk is a violation of ISO 9001 and ISM principles. The Conception incident demonstrates how not appreciating risk in the Plan stage—especially related to emerging threats like battery fires—can result in fatal vulnerabilities. Had a formal risk-based approach been followed, battery charging, watchkeeping, and egress issues would have been flagged and corrected.

Mitigating risks with an SMS

Although not mandated for this class of vessel, the absence of an SMS and risk-based approach violated the spirit of the ISM Code. Clause 8 calls for evaluating all risks and preparing for emergencies. The lack of a nighttime watch, poor escape design, and no contingency procedures represent failures in both design and culture.

The failure to appreciate hazards and risks by the organization on shore was passed to the crew and passengers, who paid for it with their lives. Passengers had no idea there was no overnight watch, a basic safety expectation. The crew was not empowered with procedures or tools to manage an emergency, placing them in an impossible position once the fire began. I therefore emphasize “companies cannot pass uncertainty to those on board.” The burden of risk must be identified, mitigated, and managed ashore, before the ship even leaves port. All that was required was a proper management system, resourced and implemented effectively and efficiently.

By not having an SMS, organizations are ensuring that there is no safety net in case the worst occurs! A comprehensive, systems-based approach could have identified the risk of charging batteries and flammable materials in confined quarters and ensured continuous watchkeeping practices were in place. The SMS would have required mandated drills, escape route evaluations, and fire detection systems. Simple internal audits would have perhaps given the management the inputs to ensure continual improvement and planned a system to ensure compliance. This would have embodied the PDCA cycle, where each stage feeds the next with learning, foresight, and action.

Conclusion

My final thought on lessons written in loss and tragedy are that having a system is the least those charged with entertaining people can do to guarantee that lives are not lost. The Conception tragedy in particular is a grim testament to what happens when safety is assumed rather than engineered. The call for a systems approach rooted in proactive risk appreciation is exactly the kind of thinking needed to prevent another such disaster.

My argument for the mandated or voluntary adoption of an SMS in the domestic passenger vessel sector draws on evidence from NTSB investigations and international best practices. Domestic passenger vessels, though subject to U.S. Coast Guard inspection regimes, are often not required to implement a formal SMS. This omission has led to repeated safety lapses where identifiable risks were not systematically mitigated. As we have seen, the consequences of such lapses can often be fatal.

It is time for the overall national policy to encourage the U.S. Coast Guard to extend SMS requirements to large domestic passenger vessels and establish tiered SMS models scalable by vessel type and operation. To the industry czars my recommendations are to encourage industry bodies to provide incentives and recognition for SMS adopters and promote voluntary adoption through education and resource support. To the organizations and companies operating in the domestic U.S. waters, I suggest these company-level actions:

  • Begin voluntary SMS implementation aligned with ISO or ISM principles.
  • Train personnel in the PDCA methodology.
  • Perform internal audits and hazard reviews regularly.

The tragedy of the Conception and the other incidents we have discussed reveal that compliance alone does not ensure safety. Only a structured, systems-based approach can prevent recurrence. It is time for the domestic passenger vessel industry to adopt SMS—not only as a regulatory checkbox but as a foundational safety ethos.

Note – The above article (Part 2) was recently published in an Exemplar Global publication – ‘The Auditor’

Click here to read the article.

Click here to read part 1 of the article

How to Retain Auditor Training Knowledge When You Can’t Apply It Immediately 

Completing an auditor training course is an exciting milestone. You walk away with frameworks, methodologies to create checklists, audit question techniques, and—if you’re like most professionals—a head buzzing with new knowledge. Ideally, you’d jump right into an audit and apply your skills, reinforcing what you’ve learned while it’s still fresh. But what if that opportunity doesn’t come right away? 

At QMII, we recognize this common challenge among our alumni. Let’s explore effective strategies to bridge the gap between training and practice—so that knowledge doesn’t fade but instead becomes a solid foundation for your future audit work. 

1. Simulate Real-World Scenarios 

Action: Design mock audits for yourself or with peers. 

Even without access to an organization’s system, you can simulate an audit process by reviewing publicly available quality manuals, environmental reports, or sample procedures including your own. Pretend you’re preparing for an audit: write an audit plan, create checklists, additional documentation you would request and practice conducting document reviews. 

Tip: Use scenarios from your training or past experience and ask yourself: 

  • What would I ask as an auditor? 
  • What evidence would I seek? 
  • What risks could be present? 

2. Start a Learning Journal 

Action: Reflect on key concepts, standards clauses, and audit techniques by writing them down in your own words. 

Journaling isn’t just for reflection, it’s a brain-anchoring technique. When you write out what you remember and how you would apply it, you’re reinforcing neural pathways tied to that knowledge. 

Include: 

  • Summaries of ISO clause requirements. 
  • How you would handle nonconformities. 
  • Sample non-conformities within your organization and write down your assessment of them as also the effectiveness of corrective actions. 

3. Teach Others What You Learned 

Action: Participate in knowledge-sharing sessions. 

There’s no better way to solidify your understanding than teaching others. Reach out to other auditors in your organization and discuss applicability and interpretation of a clause. Participate and contribute to discussions on LinkedIn forums. Search the web for interpretation of clauses and see the differences as opined by various different personnel. 

Bonus: You’re also building your credibility and visibility as an auditor. 

4. Stay Active in the QMII Alumni Network 

Action: Engage with blog articles, LinkedIn posts, ask questions, and share insights. 

QMII’s alumni network offers a treasure trove of experience. Staying engaged keeps you in the loop on best practices and might even lead to mentoring or shadowing opportunities. React to blogs written by QMII, contribute articles for QMII blog, comment on QMII posts and connect to QMII alumni. 

Don’t hesitate to: 

  • Ask others how they’re maintaining their skills. 
  • Request mock audit partnerships. 
  • Share resources and templates you’ve created. 

5. Continue the Learning Loop 

Action: Sign up for webinars, read audit case studies, and revisit your course materials regularly. 

Audit skills are built not just on knowledge, but on judgment, observation, and communication. You can sharpen these even while waiting for your first official audit assignment. 

Suggested activities

  • Attend QMII webinars or ISO updates. 
  • Subscribe to quality-focused newsletters. 
  • Read ISO audit case studies and identify what went wrong—and why. 

6. Request to Observe Internal Audits 

Action: If you’re part of an organization, ask to shadow an experienced auditor. 

Even if you’re not leading, observing an audit helps you internalize the structure, flow, and behavioral nuances of auditing. Jot down observations on auditor behavior, techniques, and interaction styles. Create your own checklists and then compare it to that prepared by the lead auditor. Discuss the differences after the audit. 

If your organization doesn’t have an active program, this is a great opportunity to propose starting one—a value-added initiative from a proactive auditor-in-training. 

Final Thoughts: Don’t Let the Gap Become a Gully 

Skills fade when left idle, but they flourish with even light engagement. Whether it’s through simulation, teaching, journaling, or community interaction, there are numerous ways to keep your audit knowledge sharp and ready. 

At QMII, we believe that continual improvement isn’t just for organizations, it’s a personal practice. Stay connected, stay curious, and keep that audit mindset active until your next assignment arrives. 

Have your own tips for retaining training knowledge? 
Join the conversation by commenting on this blog or drop us a line—we’d love to feature your story! 

Human Error or a Bigger Problem? When to Dig Deeper

by Julius DeSilva

In the world of process improvement and problem-solving, human “user” error can often become the go-to explanation when things go wrong. A mis-entered data point, a forgotten step in a procedure, or a misconfigured setting—blaming the user is quick and easy. But how do you know when an issue is bigger than just user error?

Understanding when to dig deeper and identify systemic flaws is critical. By integrating structured approaches like Root Cause Analysis (RCA) and the PDCA (Plan-Do-Check-Act) cycle, organizations can shift from a reactive blame culture to a proactive, continual improvement mindset that eliminates recurring problems at their source.

The Prevalence of User Error in Different Industries

Human error has been identified as a significant contributor to operational failures across multiple sectors:

  • Cybersecurity: According to the World Economic Forum, 95% of cybersecurity breaches result from human error.
  • Manufacturing: A study by Vanson Bourne found that 23% of unplanned downtime in manufacturing is due to human error, making it a key contributor to production inefficiencies. The American Society for Quality (ASQ) reports that 33% of quality-related problems in manufacturing are due to human error.
  • Healthcare: The British Medical Journal (BMJ) estimates that medical errors—many due to human factors—cause approximately 250,000 deaths per year in the U.S. alone.
  • Aviation & Transportation: The Federal Aviation Administration (FAA) attributes 70-80% of aircraft incidents to human error, but deeper analysis often reveals process design issues, poor training, or missing safeguards.

These statistics reinforce a key point: Human error isn’t always the root cause—it’s often a symptom of a deeper, systemic issue.

Recognizing When to Look Beyond User Error

Here’s how to tell when an issue isn’t just a one-time mistake but a signal that the system itself needs improvement:

  1. Recurring Issues Across Multiple Users – If multiple employees are making the same mistake, the problem likely isn’t individual human error—it’s a flaw in the process, system design, or training. For example, if multiple operators incorrectly configure a machine setting, it might indicate confusing controls, inadequate training, or unclear documentation rather than simple user mistakes.
  2. Workarounds and Process Deviations – If employees consistently find alternative ways to complete a task, the system may not be designed for real-world conditions. If workers routinely bypass a safety feature because it “slows them down,” the process needs reevaluation; either through retraining, redesign, or better automation. At QMII, we always reinforce building a system for the users, built on the as-is of how work is done and then making incremental improvements.
  3. High Error Rates Despite Training – If errors persist even after proper training, the issue might be process complexity, unclear instructions, or a lack of intuitive system design. If employees consistently make minor mistakes, the system interface or workflow rules might need simplification rather than just retraining staff.
  4. Error Spikes in High-Stress Situations – Mistakes often increase under time pressure, fatigue, or stress. This suggests a workload or process issue rather than simple carelessness. In a maritime environment, high error rates during critical operations could signal staffing shortages, inefficient safety interlocks, or poor user interfaces on devices.

Instead of just fixing errors after they happen, organizations should use the PDCA (Plan-Do-Check-Act) cycle to continually improve processes and reduce the probability of recurring failures.

The PLAN-DO-CHECK-ACT Approach

PLAN – Identify the context and potential risks

  1. Identify the context of the process including the competence of personnel, user environment, complexity and influencing factors.
  2. Apply Failure Mode and Effects Analysis (FMEA) to predict where failures are likely to happen before they occur.
  3. Identify and involve representatives of users through the development of FMEAs and the process.
  4. When predicting controls and resources, determine the feasibility of implementing and providing them.
  5. Simplify procedures, redesign workflows, or introduce automation to eliminate failure points.

DO – Implement the Process and Improvements

  1. Implement the process and test it to check its effectiveness. In the initial stages more frequent monitoring and measurement will be required. The periodicity between checks can be reduced as the process matures.
  2. Provide user training and assess its effectiveness. When errors occur retrain personnel, but only if training is truly the issue—don’t use training as a Band-Aid for bad system design.
  3. Look beyond documented “standard-operating” procedures. As an example: The company implements a visual step-by-step guide near machines to ensure operators follow a standard calibration process.

CHECK – Evaluate the Results

  1. Track performance data to see if the changes have reduced errors.
  2. Get user feedback to ensure the new system is intuitive and efficient. For example, Error rates drop by 40%, but operators still struggle with a specific step—prompting another refinement.

ACT – Standardize & Scale

  1. If the improvement is successful, integrate it as the new standard process.
  2. Scale the change across other departments or sites where similar issues might exist. For example, the company implements the same calibration guide and training approach across all locations, preventing similar errors company-wide.

Conclusion: From Blame to Solutions

While human error is a reality, it’s often a symptom of a deeper process flaw, not the root cause. Those involved in conducting a root cause analysis process or investigation process, must ask “How did the system fail the individual” and “Why did the system fail the individual”. By shifting from a blame mindset to a continual improvement approach, organizations can:

  • Reduce costly errors and downtime
  • Improve employee engagement (less frustration = higher productivity)
  • Enhance conformity and compliance
  • Increase process reliability and efficiency

Monitoring the system will continue for as the context changes the controls implemented may not be as effective as before. A proactive system will not guarantee that things never go wrong. When they do, however, the key is to dig deeper. Using tools like PDCA, FMEA, and RCA will help in identifying long-term solutions to recurring problems. Because in most cases, fixing the system is better than blaming the human.

The Role of Management Systems in the Tragic Collision Over the Potomac

by Dr. IJ Arora


A significant tragedy occurred in Washington D.C. on January 29, 2025, with the deadly collision between a U.S. military Black Hawk helicopter and a regional jet flying for American Airlines. The resulting crash caused the loss of 67 precious lives and pointed to a multilayered failure of safety mechanisms.

In a short article like this it is not my intent to explore the reasons for this event, and I have neither the expertise nor the authority to investigate, anyway. The U.S. National Transportation Safety Board (NTSB) and other relevant agencies will do that in a most professional manner. However, I do have a degree of experience relating to the systems approach for managing processes at large and complex organizations. I feel called to share my perspective on this disaster with a systems approach in mind.

Proactive appreciation for risk

Hindsight, it has been said, is 20/20. I am aware that I’m writing this after the tragedy has already occurred. However, management systems should be proactive, where data drives the understanding and mitigation of risk. As a practitioner and advocate of process-based management systems, I believe that well-implemented procedures give an organization the best chance to produce conforming products and services.

A systems approach, based on ISO 9001’s subclause 4.4., which relates to quality management system processes, could have played a role in preventing an incident of this type. Subclause 4.4.1 states, in part, “The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions….”

Following this requirement is no guarantee of safe and successful outcomes, but it is surely the best bet. I had similar thoughts on the tragedy of the implosion of the Titan submersible and the Baltimore Bridge collapse. The core principles of ISO 9001, especially risk-based thinking, continual improvement, and process interaction, align well with safety imperatives, particularly safety management for the aviation industry. The systems approach is a fundamental that organizations often neglect at their (and their customers’) peril.

ISO 9001—and for that matter, the aerospace standard AS9100—is built on risk-based thinking. A structured process aligned with the risk management standard ISO 31000 and aviation safety management systems are required by ISO 9001 subclause 6.1, regarding actions for addressing risks and opportunities, and subclause 8.1 concerning operation planning and controls. Conformance with these requirements can help identify and mitigate collision risks between civil and military aircraft.

Process interaction and communication are vital in such situations.  A failure in communication between air traffic control, military operations, and civilian aviation may have contributed to the crash. Of course, we will wait for the full report from the NTSB investigation. However, it is never too late (or for that matter, too early) to be proactive and implement a process approach to ensure that all stakeholders follow well-defined communication and coordination protocols.

PDCA, SWOT, and FMEA

Being proactive requires an appreciation of risk at the Plan stage of the Plan-Do-Check-Act (PDCA) cycle. Note that preventive actions and continual improvement are integral to the system approach.

The media have reported on the details of numerous previous aviation incidents. Analyzing near-miss incidents and integrating lessons learned into improved procedures could enhance safety protocols. Human factors and process redundancy must be considered in a systematic manner. Human errors (e.g., miscommunication, misinterpretation of airspace usage, etc.) can be minimized with automated systems and via decision-making redundancy checks.

In principle, the process approach found in ISO 9001 emphasizes addressing process issues as opposed to blaming individuals. However, in the aviation field, the human factor is important; clause 10.2.1 b2 of AS9100 expresses the importance of this concept. The industry-specific interpretation of requirements as seen in this standard provides a robust framework (via a clause structure) to design an efficient management system. This, together with auditing and compliance requirements, gives leadership confidence that their system can and will produce conforming products and services.

Further to this point, regular audits of flight coordination between civilian and military aviation could highlight gaps before they lead to accidents. As such, integrating ISO 9001 with AS9100 and AS9110 (the aerospace quality standard specifically designed for maintenance, repair, and operations) as well as ISO 45001 covering the management of operational health and safety will provide a solution to proactively address risks in the context of the aviation industry. This would cover all interested parties, as per clauses 4.1 and 4.2 of ISO 9001. Although aviation already has strict regulatory frameworks (e.g., FAA, ICAO, etc.), the structured process management systems required by ISO 9001 and AS9100 can complement these frameworks by embedding the statutory and legal requirements into the management system.

If the organizations involved focus on how specific elements of ISO 9001 can be applied to aviation safety, particularly in preventing collisions, I would first recommend that they look at risk-based thinking as seen in clause 6.1, addressing actions related to risks and opportunities. This can partially be accomplished by undergoing a strengths, weaknesses, opportunities, and threats (SWOT) analysis. ISO 9001 emphasizes risk assessment and mitigation throughout processes.

In aviation, a structured risk-based approach would identify potential hazards (e.g., conflicting flight paths, miscommunication, system failures, etc.). The system would also assess risk severity and likelihood of occurrence and probability of detection, using tools like a failure modes and effects analysis (FMEA). Controls could be implemented (e.g., enhanced air traffic control coordination, better radar tracking, AI-driven airspace monitoring, etc.). For example, aviation safety bodies could require all civilian and military flights to undergo a real-time risk assessment check before takeoff, considering airspace congestion, weather, and military training exercises.

Potential solutions

Process interaction and communication (as seen in ISO 9001’s clause 4.4.1 b regarding understanding process interactions) would systematically improve the system. Aviation operations involve multiple stakeholders, such as airlines, air traffic controllers, military operations, ground crews, etc. A process approach would ensure defined standard operating procedures for communication between civilian and military aviation. These could include real-time data sharing using standardized digital platforms and/or automated conflict-resolution systems that detect and alert pilots and controllers regarding possible mid-air conflicts. An integrated civil-military coordination dashboard could be established, where both parties have real-time visibility on flight plans, airspace restrictions, and emergency deviations.

Risk appreciation and continual improvement (as seen in ISO 9001’s clause 10.2 regarding nonconformity and corrective action, clause 10.3 on continual improvement, and clause 5.1.2 regarding customer focus) require organizations to analyze failures, investigate causes, and take corrective actions. In aviation safety, this could mean automated reporting and analysis of near-miss incidents and regular safety audits to evaluate procedural weaknesses and machine learning-based predictive analytics to foresee and prevent future crashes.

When a near-miss incident occurs, such a system could automatically trigger a root cause analysis and recommend safety adjustments for all stakeholders. Human factors and redundancy (as seen in clause 7.1.6 regarding organizational knowledge) promote knowledge management and human reliability strategies. In aviation, this could mean mandatory cross-training for military and commercial pilots on shared airspace procedures. AI-assisted decision-making tools that provide secondary verification for pilots and controllers could be a positive outcome of data analysis.

Data drives risk and trends. A digital co-pilot system could use AI to continuously monitor air traffic conflicts and intervene if human errors are detected. Auditing and compliance (as seen in clause 9.2 regarding internal auditing) would provide objective and independent inputs by regular safety audits of flight coordination. Air traffic control systems could ensure compliance with standardized airspace usage protocols, identification of gaps in inter-agency communication, and implementation of best practices from previous incident investigations. A shared civil-military aviation audit framework could ensure uniform compliance with risk management policies, reducing the chance of airspace conflicts.

I am not a technical subject matter expert in the aviation industry. My expertise is in looking at systems. My 30 years of experience suggests the importance of strengthening the Plan stage of the PDCA cycle. Things go wrong at the Do stage (i.e., implementation), however, if the plan itself is deficient and not coordinated, the implementation can and perhaps will go wrong.

By integrating ISO 9001 principles into aviation safety proactively and appreciating the risks, management can prevent mid-air conflicts. Process-driven coordination ensures better civil-military collaboration. Automated monitoring and auditing could improve response times to emerging threats.

Sadly, this tragedy once again bears out the wisdom of W. Edwards Deming when he said that a bad system will beat a good person every time.

Note – The above article was recently featured in Exemplar Global’s publication ‘The Auditor”. Click here to read it.

Are Provider Audits Mandated through ISO 9001?

by- Dr. IJ Arora

In relation to outsourced processes, the query (to paraphrase William Shakespeare) is, “To audit or to not audit?”

Take, as an example, the necessities from the principle process-based control machine usual, ISO 9001:2015. One would possibly imagine the machine way as equipped in clauses 4.4.1a thru 4.4.1h and conclude that tracking and regulate are had to recognize the dangers of the inputs and make sure persistent growth. The usual is supposed to be interpreted, and so not anything prescriptive is predicted. But, the query stays as to how organizations would possibly regulate the processes and ensure they’re assembly goals. Clause 5.2, “Coverage,” resulting in clause 6.2, “Goals,” supplies a touch that proof will have to be amassed of measurable goals being met. But, how can we get the inputs to attract a conclusion? The inputs are essential, and due to this fact there’s a want to decide the to be had accumulate and regulate knowledge.

In all probability the solution may also be discovered within the auditing serve as. By means of enforcing a strong provider analysis activity, together with audits as wanted, organizations can beef up the standard control machine and construct sturdy, dependable relationships with providers. Notice that requirements similar to ISO 9001:2015 don’t particularly mandate audits, but the intent of registration to a typical is to regulate the group’s processes. if now not auditing, then what different mechanisms can organizations use to regulate an outsourced activity and decrease dangers to their finish consumers?

Exerting regulate

Clause 8.4.2 of ISO 9001:2015 offers with the sort and extent of controls that a company should practice to externally equipped processes, merchandise, and products and services. The important thing sides on this dialogue come with making sure conformity, the kinds of controls wanted, and the level of those controls. Conformity has at its core the main to make sure that those exterior provisions don’t negatively have an effect on the group’s skill to constantly ship conforming services to its consumers. This implies the group should have mechanisms in position to make sure that the standard of the exterior inputs meet the group’s necessities and in the end fulfill buyer necessities.

Kinds of controls might be interpreted as acting a point of regulate, in all probability through auditing, even supposing auditing isn’t a selected requirement. The choice and analysis of the controls can be according to organising standards for deciding on and comparing exterior suppliers (e.g., a strong high quality control machine of their very own, previous efficiency, registration, and many others.) and/or undertaking thorough checks of doable providers (e.g., audits, questionnaires, web site visits, and many others.). As well as, you will need to installed position sturdy contractual agreements with exterior providers that come with transparent and measurable necessities, explicit key efficiency signs (KPIs), and acceptance standards for the needs of tracking and size. This may come with monitoring provider efficiency towards agreed-upon KPIs, examining knowledge to spot tendencies and spaces for growth, undertaking common efficiency critiques and comments classes, acting root purpose research and corrective and preventive movements when problems are known, and appreciating dangers through being proactive and the use of preventive measures.

The level of this regulate would rely at the criticality of the externally equipped activity, product, or provider to the group’s general high quality. For top-risk pieces, extra stringent controls (e.g., extra common audits or extra rigorous inspections) could be essential as, as an example, within the aerospace trade. In essence, clause 8.4.2 emphasizes the significance of proactive measures to make sure that exterior inputs don’t compromise the group’s skill to ship high quality services to its consumers.

Auditing supplies most of these inputs if the audit is appropriately deliberate and done. For instance, with approval, this stage of regulate might be completed through far flung cameras or the presence of the group’s inspectors on the provider’s amenities. The purpose is to care for the client focal point (clause 5.1.2) and include a risk-based way. The level of regulate will have to be proportionate to the related dangers. Power growth includes that the group will have to often evaluation and reinforce its processes for exterior controls.

Subsequently, even if clause 8.4 (particularly subclauses 8.4.1, 8.4.2, and eight.4.3) does now not explicitly mandate provider audits, it strongly implies their significance. Subsequently, a robust focal point on regulate should be interpreted. Clause 8.4 emphasizes the want to regulate externally equipped processes, merchandise, and products and services. Auditing is a a very powerful instrument for comparing a provider’s skill to fulfill high quality necessities and care for regulate over their processes.

Mitigating menace

To verify ok menace control, one should imagine if the provider’s efficiency at once impacts the group’s skill to ship high quality merchandise or products and services. Audits assist establish and mitigate doable dangers related to the use of exterior suppliers. Power growth is the most important consequence of auditing and offers precious comments on provider efficiency. This allows the group to spot spaces for growth of their processes and their practices round provider variety and provider control. Subsequently, even if now not strictly mandated, provider audits are extremely really useful for organizations in the hunt for to successfully put into effect ISO 9001 and make sure the standard in their services. The important thing issues can be:

  • Chance-based way. Auditing efforts will have to be desirous about providers that pose the easiest menace to the group’s high quality goals.
  • Number of analysis strategies. Audits are only one manner of provider analysis. Different strategies come with efficiency tracking, comments research, and web site visits.
  • Documentation. Care for transparent documentation of all provider analysis actions, together with audit findings, corrective movements, and growth plans.

When taking into consideration the outsourcing of a activity, the group should assess and decide the factors through which providers are decided on. Via systematic analysis, a company can put into effect a rigorous provider variety activity that comes with:

  • Detailed questionnaires to collect knowledge at the provider’s high quality control machine, processes, and features
  • Reference exams made through contacting earlier consumers to evaluate the provider’s efficiency and reliability
  • On-site visits to watch the provider’s operations and assess their amenities, apparatus, and body of workers
  • A risk-based way matrix to prioritize providers according to the possible impact at the group’s high quality goals

In making plans bids, growing contractual agreements, or different processes involving outsourcing, the next will have to be regarded as:

  • Transparent specs. Outline transparent and measurable necessities for the outsourced services or products.
  • Efficiency metrics. Determine KPIs to trace provider efficiency, similar to on-time supply, defect charges, and buyer delight.
  • Contractual consequences. Come with clauses for non-compliance with contractual tasks, similar to past due deliveries or subpar high quality.

The procedures for tracking and measuring outsourced processes should be nicely idea out and will have to be carried out when tendering a freelance. Consider, including necessities due to this fact is continuously tricky. Imagine the next:

  • Common efficiency evaluation. Behavior common efficiency critiques with providers to trace their efficiency towards agreed-upon KPIs.
  • Knowledge research. Analyze knowledge on provider efficiency, similar to defect charges, supply instances, and buyer proceedings to spot tendencies and spaces for growth.
  • Comments mechanisms. Determine a machine for gathering and examining comments from interior and exterior consumers relating to provider efficiency.

Whether or not a company prefers to audit or use different way of controlling the outsourced activity, a well-thought-out collaboration and verbal exchange plan will have to be made, taking into consideration:

  • Open verbal exchange channels. Care for open and common verbal exchange channels with providers to deal with issues, percentage knowledge, and collaborate on growth tasks.
  • Joint drawback fixing. Paintings collaboratively with providers to spot and unravel problems associated with high quality, supply, or different efficiency issues.

Power growth is integral to any excellent control machine. As a abstract I’d recommend the next:

  • Common critiques and updates. Often evaluation and replace your provider control processes to verify they continue to be efficient and aligned with converting industry wishes.
  • Provider construction. Enforce methods to assist providers reinforce their high quality control programs and function.

By means of enforcing a mixture of those mechanisms, organizations can successfully regulate outsourced processes, decrease dangers, and make sure that they obtain fine quality services from their providers.

Clause 9.2.1 of ISO 9001 does certainly recommend that auditing outsourced processes is excellent follow. This clause states that organizations will have to habits interior audits to guage the effectiveness of the standard control machine. The scope of interior audits generally comprises all related processes and actions inside the group. How this pertains to outsourced processes is the place the requirement turns into open to interpretation. Despite the fact that it does now not explicitly state “provider audits,” the clause means that comparing the effectiveness of processes which might be outsourced is a part of assessing the total effectiveness of the QMS. If the outsourced processes considerably have an effect on the group’s skill to fulfill buyer necessities, then the ones processes will have to be integrated within the scope of interior audits.

Dr. IJ Arora’s article was published in the Exemplar Global Publication “The Auditor”. Click here to read the featured article.

The Baltimore Bridge Collapse—Another Case of a Failed Management System

By – Dr. IJ Arora

Can good management systems make organizations immune to disasters? The Baltimore bridge (or, more precisely, the Francis Scott Key Bridge) collapsed in 2023 because the container vessel MV Dali collided with it. This was a tragedy, perhaps caused by the failure of several management systems, the ship, the port, the state, and whoever else was involved.

The National Transportation Safety Board (NTSB) investigation is ongoing, and will no doubt look at the part played by MV Dali, its crew, and its operator. However, my thought is that MV Dali or other ships plying the waters should have, by simple statistical probability, been considered as risks by the authorities. Between the water channel, the high number of ships sailing in and out regularly, and the bridge itself, there was likely to be an collision someday. Perhaps it was not a matter of if, but when! Therefore, should the bridge have been better designed and made safer based on these known and appreciated risks? After all, not all accidents can be completely avoided, but each tragedy has lessons learned as responsive action. The lessons become the data that drives risk identification and trends, thus making the system proactive. I am sure the NTSB is considering all this. In the meantime, without going into the ongoing investigation, there would seem to be some basics which are common indications of systemic failures. Be it the Titan submersible, or the Boeing management system,  as a subject-matter experts in  process-based management systems, I see a common cause: the failure of the system to  deliver conforming products and services.

In this short article, I want to discuss this bridge collapse in the context of the management system, considering ISO 9001:2015 generically and the requirements of ISO 55001:2024—“Asset management—Vocabulary, overview and principles” specifically. ISO 55001 was first published in 2014. It was developed as a standalone standard for asset management, building upon the principles of ISO 9001 and other relevant standards.

Could simply designing a good system based on the standard have enabled the organization to better assess the associated risks? Perhaps they were assessed, and a bridge allision was considered an extremely low-probability occurrence. If that were the case, the discussion would be on prioritization of risks.

As of the time of this writing (September 2024), the investigation into the Baltimore bridge collapse is still ongoing, and the lawsuits are starting to fly. Although the exact cause of the collapse remains under investigation, we can consider several factors that might have contributed to the incident. MV Dali experienced a series of electrical blackouts before the allision. The implementation of the vessel’s safety management system (SMS, based on the ISM Code) could be a factor. The stability, age, and condition of the bridge are, I am sure, being investigated as a potential contributing factor. Then, there is always human element. There may have been errors on the part of the ship’s crew or the bridge’s operators. Was the SMS designed to support them in such a scenario? What factors may have caused operators at all levels to perhaps not follow requirements and mitigate the risks? The NTSB’s investigation will highlight a detailed analysis of the ship’s navigation systems, the bridge’s structural integrity, and the actions of the individuals involved in this tragedy. Their final report will provide a comprehensive understanding of the incident and may include recommendations to prevent similar occurrences in the future.

However, even at this stage we can agree that bridges in general are national assets. They are valuable infrastructure that provides essential services to communities. Although it is not publicly known whether the state of Maryland specifically implemented ISO 55001 for its bridges, the principles and practices outlined in this standard could have been beneficial in managing the risks associated with the Baltimore bridge. Through the implementation of this standard (and/or ISO 9001), the authorities could have performed:

  • Risk assessments. ISO 55001 requires organizations to conduct regular risk assessments to identify potential threats and vulnerabilities. A thorough assessment of the bridge’s condition, age, and traffic load could have helped identify potential risks and inform maintenance and repair decisions, as could have changes in procedures, protection of navigation channels, and so on.
  • Lifecycle management. The standard emphasizes the importance of managing assets throughout their entire lifecycle, from planning and acquisition to maintenance and disposal. By following ISO 55001, the state could have developed a comprehensive plan for the bridge’s maintenance, upgrades, and eventual replacement.
  • Performance measurements. ISO 55001 requires organizations to establish measurable objectives or key performance indicators (KPIs) to measure the effectiveness of their asset-management activities. This could have helped the state monitor the bridge’s condition and identify any signs of deterioration.
  • Continual improvement. The standard promotes a culture of continual improvement, encouraging organizations to learn from past experiences and make necessary adjustments to their asset-management practices.

It is impossible to say definitively whether ISO 55001 would have prevented the Baltimore bridge collapse. However, the principles and practices outlined in the standard could have helped to reduce the risk inherent in such incidents. By adopting a systematic and proactive approach to asset management, organizations can improve the reliability and safety of their infrastructure. A systematic study must go beyond what the MV Dali contributed to the Baltimore bridge collapse; it is also important to consider the broader context and the potential contributions of other factors:

  • Bridge design and maintenance. The age and condition of the bridge are likely to be factors in the investigation. Older infrastructure may be more susceptible to damage or failure, especially if it has not been adequately maintained or upgraded.
  • Vessel traffic. The frequency and intensity of vessel traffic in the area can also influence the risk of allisions. The bridge is in a busy shipping channel; therefore, the likelihood of incidents was higher.
  • Safety measures. The presence or absence of safety measures such as buoys, warning systems, or restricted areas can also affect the risk of allisions. This needs to be studied and are factors the authorities would know.
  • Human elements and factors. Errors on the part of both the ship’s crew and bridge operators can contribute to accidents. Factors such as fatigue, inexperience, or inadequate training may play a role. What led to these issues? Error proofing, mistake proofing, and failure mode and effects analysis (FMEA) are tools that could be part of the effective management system.

Let us therefore consider ISO 55001 and the relevant clauses of the standard which could apply to the collapse of the Baltimore bridge.

Clause 4—Context of the organization

  • Clause 4.1—Understanding the external context, such as the age of the bridge, traffic volume, and environmental factors, is crucial for risk assessment.
  • Clause 4.2—Identifying the needs and expectations of relevant interested parties, including the public, commuters, and regulatory bodies, is essential for effective asset management.

Clause 6—Planning

  • Clause 6.2.1—The bridge’s asset management plan should have included clear objectives for its maintenance, repair, and replacement.
  • Clause 6.2.2—Specific objectives related to safety, reliability, and cost-effectiveness should have been established.
  • Clause 6.2.3—Detailed planning for maintenance, inspections, and upgrades would have been necessary to ensure the bridge’s structural integrity.

Clause 7—Support

  • Clause 7.1—Adequate resources, including funding, personnel, and expertise, should have been allocated for bridge maintenance and inspection.
  • Clause 7.2—Ensuring that personnel involved in bridge management have the necessary competence and training is essential.
  • Clause 7.3—Raising awareness among all relevant stakeholders about the importance of bridge maintenance and safety is crucial.

Clause 8—Operation and maintenance

  • Clause 8.1—Regular inspections and monitoring of the bridge’s condition would have helped identify potential problems early on.
  • Clause 8.2—A well-defined maintenance schedule, including preventive and corrective maintenance, would have been necessary to address issues before they escalated.

Clause 9—Performance evaluation

  • Clause 9.1—Establishing KPIs to measure the bridge’s performance, such as safety records, traffic flow, and maintenance costs, would have provided valuable insights.
  • Clause 9.2—Regular monitoring and evaluation of these KPIs would have helped identify areas for improvement.

Clause 10—Improvement

  • Clause 10.2—The bridge’s management should have implemented a system for monitoring and measurement, including data collection and analysis.
  • Clause 10.3—Predictive maintenance techniques could have been used to identify potential failures before they occurred.

My objective in writing this article is help demonstrate that by applying the principles of a standard, be it generic ISO 9001 or a more specific standard (as in this case, the asset-management system standard ISO 55001) the organization (in this case the state of Maryland) could have strengthened its asset-management practices and potentially mitigated the risks associated with the Baltimore bridge collapse.

The above article was recently published in the Exemplar Global publication – ‘The Auditor’.

Are Medical Audits Improving Systems Or Only Driving Fixes? 

Is there a potential downside to medical audits wherein the audits are focused on finding and fixing problems? A recent discussion with a medical professional piqued my interest in the value of Medical Audits given that QMII, a subject matter expert in auditing, has ventured into the medical auditing field. This led to a conversation with a few additional healthcare professionals to understand a little more about medical audits, their findings and how organizations address them. My additional reading outlined a lack of effective systemic corrective action. In this article, I discuss some aspects of the medical audit process and what organizations can do to improve the process of audits and of implement corrective action.  

There are various types of medical audits including clinical audits, billing/coding audits, financial audits, operational audits and compliance audits. While there are regulations, protocols and standards against which these audits are conducted, in many cases, industry-best practices are also used as audit criteria. This brings subjectivity into the audit as ‘best practices’ knowledge may vary from auditor to auditor based on their experience. Auditing to an auditor’s experience has a major drawback not just in the medical industry but in all industries. It takes the auditors away from requirements which then results in biased inputs to the leadership that may be inaccurate.  This also leaves the auditee (the organization being audited) on the receiving end of findings for which there are no certain requirements. That is, they may make changes to their system based on the finding of one auditor only to find that another auditor objects to the very actions they implemented based on the previous auditor. 

Medical Audits and Recommendations 

In medical audits, it is common practice for auditors to provide recommendations to address findings. These recommendations are based on experience and industry-best practices. In ISO audits this is not allowed. In most industries, including the healthcare industry, there is no obligation to act upon any of the recommendations of an auditor. However, if auditors are perceived to be in a position of authority, then there is an underlying implication that the audit recommendation must be implemented. This is for fear of the nonconformity occurring again only for someone to say, “the auditor told you what to do and no action was taken”. This then also implies, audits do not delve deeply enough to identify systemic weaknesses within the processes or the workflow. 

In speaking with the medical professionals within my professional circle of friends, it was surprising to hear that in many cases the personnel being asked to address the audit findings are unaware of any root cause analysis methodologies nor have they been given any formal training in the subject. Further, they are not clear about what a CAPA is but do know that they need to provide some action to close out the finding. In such cases, is it then fair to expect effective corrective action? Perhaps, the lack of effective corrective actions perpetuated the need for auditor recommendations! 

Without proper training, it is but natural for personnel responding to audit findings to default to the recommendations of the auditor and implement those actions prescribed by the auditor as the corrective action in and of itself. Sadly, in such cases the root cause of the issue goes unaddressed. Sometimes such cases may lie in inadequate resources, technology or even lack of guidance/policy from leaders. While the aim of the audits is to identify where the process may require additional controls, all for providing better healthcare for the patient, the outcome may only be a band-aid. 

What can be done to change this? 

While change may not come overnight, there are a few key steps that can be taken to improve the audit process overall right up until corrective action and meet the end goal of providing better healthcare.  

Auditor training – Auditors must be trained to remain objective through the audit process, to focus on the requirements (criteria) of their audit, to focus on factual evidence and objectively assess it (yes, no experience!). Further they must understand the implications of providing recommendations and thus not provide any recommendations. The auditors are but to focus on assessing the effectiveness of the corrective action plan submitted and verifying the effectiveness of actions taken.  

Root Cause Analysis Training – Healthcare organizations must invest in providing their personnel with training in the different root cause analysis methodologies and how to apply it to identify the root cause(s) of a problem.  

Reinforcing that Recommendations need not be accepted/addressed – Organizations must be professional to build the courage to stand up to auditors and not accept recommendations. Auditors do not know all facets of the process from the short sample of the organization they witness. If their “advice” in the recommendations is wrong/ineffective, who then pays the price? 

Auditor Selection – ISO 19011 provides guidance on the behaviors and skills that an auditor should exhibit, and these are applicable to an auditor selected to conduct any type of audit. Auditors must be evaluated periodically to ensure they are remaining objective through an audit and working to identify the effectiveness of controls and adequacy of resources in assessing if the overall objectives have been met. To learn more about how QMII can support your organization’s audit process, click here

Julius DeSilva, Senior Vice-President

Excellence in Auditing Presented by Dr. IJ Arora for Exemplar Global

“How Auditing Helps Prevent Tragedy,” presented by Dr. IJ Arora with Wendy Edwards (Project Director of Exemplar Global) at the Exemplar Global’s Excellence in Auditing Expo!

Click the link here to understand the critical role auditing plays in averting potential disasters. Whether you’re in risk management, quality assurance, or simply interested in safety and security, this discussion offers valuable perspectives and actionable takeaways.

Link to the Presentation