Stop Work Authority and the ISM Code

A QMII alumni recently sought my opinion in interpreting the ISM Code with an interesting question.  I am sharing my reply in generic terms for the benefit of my blog readers:

Does the ISM Code refer to a policy to Time Out For Safety (TOFS) or Stop Work Authority (SWA)? A reference of the same to the ISM code being implied by the the United States Department of Justice

A stop work policy basically requires any crew member on board to self-assess and if he/she feels an operation is unsafe the crew member can stop it until further investigated and cleared by the safety officer/TM. Although there is no specific mention of a stop work policy in the ISM Code, it has its genesis in Clause 1.2.2.1 and Clause 2.1 of the Code. In interpreting the ISM code implementation from the company point of view the objectives & functional requirements are squarely the company responsibility. If a company has any doubts about the implementation of any policy likely to result in a lapse, it is imperative that it make policies which clear this doubt.  

Clause 2.1 in the tail end carries the sting asking “…how the objectives given in paragraph 1.2 will be achieved”.  It is thus, in my opinion, incumbent upon the company to provide a policy on and encourage the  stop work policy requirement to ensure the safety of operations and a safe work environment. 

I may add that, in general the ISM Code in itself is brief, flexible and open to interpretation by the company and Flag State. IMO itself in Resolution A.1022(26) provides the guidelines on interpreting the Code. These must be read in conjunction with the code. In the introduction to the Resolution paragraph 3 requires the Administration to ensure companies amplify on clause 1.2. The next paragraph requires the “development of a safety culture…” implying amplifying instructions, as for example TOFS, should be provided by the company.

As companies mature to the development of the safety culture by welcoming NCs (Non-Conformities) as the driving factor for Correction and Corrective Action (based on RCA- Root CauseAnalysis), the interpretation of the clause 9.2 of the ISM Code requiring “measures intended to prevent recurrence” would necessitate the culture which again encourages the stop work policy.

Security and Training – Intrinsically connected

A Process-Based approach to security based on training

One could conclude that the process-based approach where implemented correctly should ensure efficiency and lead to ‘cash in the bank’*. The ‘people>processes>system approach’ *  based on the international standard ISO 9001has been well tried, as the global economy has come closer necessitating standardization of procedures to ensure systems don’t conflict and adversely affect efficiency. Economy today is globally dependent and the process approach brings a system approach to it. Using the approach, one would think organizations would ensure continual improvement, innovate and grow the organization. The process approach as envisaged in the ISO 9001 however leaves out the risk aspects, pollution and the by-products of a process! To stay in business therefore the organizations implement the global standard ISO 14001 encompassing the Environmental Management System (EMS) requirements in addition to the Quality Management System requirements (QMS).

Consequent to the tragedy of 9/11, the post 2001 scenario underwent a negative sea change. Lack of security could wipe away the business totally! It is not that security was not a concern pre-2001; however, the vulnerability of the very symbols of American economic power changed the international equations, which adversely affected the business continuity. If the only superpower on earth was vulnerable and unable to protect its economic center from terrorists then it required a drastic change in the priorities of the business if they were to remain viable. It changed the priorities of the government’s worldwide. For a business to remain sustainable, ensure continuity it was not just essential to be process based and ensure pollution control, environmental protection, be risk based and catering to the by-products, but also of the utmost importance to ensure security of the business. Security became a prime concern. All investment in business can be lost in a moment if a security breach takes place.

The maritime industry is intrinsically involved with the world economy, in that more than 90% of world trade is by vessels trading the globe. The maritime world had its process approach to safety and pollution prevention covered by the SOLAS convention published and implemented as the mandatory ISM Code. Pollution aspects of vessels are specifically addressed by the MARPOL convention. The security uncertainty post 9/11, quickly lead to the implementation of the mandatory ISPSCode for all internationally trading vessels and for the ports where these vessels came in. With the implementation of the ISPS Code, the maritime assets are protected.

The global supply chain is however, not limited to the maritime assets! The concept of maritime asset protection needed to be broadened, as the assets were vulnerable to breach both ‘up-stream’ and ‘down-stream’ of the ISPS Code. Breach of security anywhere in the global supply chain could have catastrophic consequences on the global economy. The introduction of the global standard ISO 28000 filled this vacuum and provided the requirements for implementing procedures to create a system to protect the global supply chain.

Ninety percent of the US homeland imports come in by sea. Inspecting such a large quantity has colossal challenges. Only about 3 to 5% of the containers coming, for example are inspected! It is a daunting task for the USCG and CBP. The CBP initiative in terms of C-TPAT relies on partnership with the industry and encourages those trading with the US to make their security systems compliant with these requirements. It is essentially a process-based approach to security aligned and based on the ISO 28000.

Just the planning and implementation of the security requirements is not sufficient. Individual responsibility is integral to security and when combined with the system approach can pay dividends. All the standards be it ISO 9001, ISO 14001 or ISO 28000 or as applicable in the maritime world: ISM Code, ISPS Code or the MARPOL convention, each requires a system approach. It is vital to the success of this approach that the top managements (TM) are conscious of their responsibilities. Other stakeholders, be they owners, operators, auditors, statutory or regulatory bodies, flag State Administrations do their bit, but TM remains totally responsible for security.

This alignment of TM responsibility being paramount has another variance in the security scenario. I think this vital difference needs recognition by all parties involved in the security of the global supply chain. The major difference is epitomized (particularly for the maritime industry) in Clause A/ 19.1.3 of the ISPS Code. The clause is often considered just advisory in the verification process. However, the sting in the clause is applicable to the entire body of security. The clause virtually requires the Flag State to 'guarantee' full proof security following verification by the Administration! No other international or maritime standard requires this assurance from a regulator. All security related industries, not just the maritime industry (who in any case have no choice!) must take cue from this clause as it leads to a fresh interpretation of security responsibilities for all stakeholders in the global (particularly maritime) supply chain. The auditors, inspectors, the involved organization, regulators et al take due responsibility for the security.  To broaden the implications of the thought behind the clause each entity looking at the security aspect must be fully satisfied and guarantee 100% security. No deficiencies/ NCs (Non-Conformities) are acceptable. Howsoever minor the NC it must be addressed promptly. The strength of the global supply chain is defined by the weakest link in it, and as such, the deficiencies need to be completed before any verification certificate is given.

The challenge and requirements are then clear. The question is how is this to be ensured? Perhaps by getting the best available equipment? Hiring top-notch security personnel? Will just the participation of competent professional manpower and best of surveillance equipment do the magic? Alternatively, perhaps the putting in place of the correct procedures to complete the system is the guarantee of an impregnable security system.

                   

What it requires, I think, firstly is the total TM commitment, to ensure and motivate their teams by care and coordination to ensure the security system works. The security policy published by the TM should be totally in keeping with the actual security requirements of the organization and based on an in-depth study of the threat perceptions. The policy if well thought over and reflecting the actual of the organizations security threats will then lead to measurable objectives and goals for the security team. The team then can have the organization and procedures aligned and resourced to meet these objectives. Once the procedures are ready and introduced the vital phase of training and training alone will determine the outcome of the desired results. Both prevention in terms of preparing for a security eventuality and the response in consequence to a security tragedy will require the systematic P-D-C-A (Plan-Do-Check-ACT cycle)* approach. A good security plan based on a through security assessment (SA) as it moves to the working phase/ Implementation stage (Do) requires aware leaders leading their team through constant training.

Drills to practice and work the security procedures and build the required confidence level will require regular, well-planned training. Drills must exercise each security element of the global supply chain. The success in drills will then need to be bridged by training to ensure each element in the global supply chain (for that matter the domestic supply chain too) is exercised. The more innovative and realistic these drills and exercises the greater will be the confidence level of the management and employees (as also all stakeholders) in their ability to both prepare and be able to react to a breech in security of the supply chain or any of its elements.

SA is essential and integral to a security plan (SP). However, emphasis on carrying out a detailed and thorough threat perception as a must ‘pre-cursor’ to SA before a SP is made should be part of the system ensuring security. Each security drill and exercise should encompass the elements of ‘lessons learnt’ at each level, finally leading to the TM review. TM must remain involved and committed to the security ensuring continual improvement is taking place and innovation encouraged. It must be remembered that the terrorist organizations recruit and train a very motivated work force on their well-tried methods! These terrorists are often two steps ahead of the security measures the industry takes and are ever ready to circumvent security. The security of the global supply chain can only be ensured by the training system being innovative, proactive and capable of recognizing potential threats to the security. Following up on NC by correction and corrective action is essential, but an indicator of the organization being a step behind the ‘bad elements’. Following up on NCs against the security system at its best can be defined as reactive. The security team will be effective; the security system will function as planned when the indicators point to the capability of the system to predict potential security breaches (NCs) by analyzing security threats and trends from available security warnings, threat perceptions. The occurrence of a NC always costs the organization, however small or catastrophically. However, there is a cost associated.  With good training, the team with its involvement and commitment can recognize the potential NCs and add value to the system protecting the global supply chain and each element in it. The security system must therefore drill and exercise the team members to ensure competence and provide them the ability and confidence level to understand the security system so well that analysis of indicators is carried out with professionalism and correct TM decisions taken to secure the global economy from unscrupulous elements.

DP and a Maritime Company are fined by MCA (Maritime and Coast Guard Agency) in UK- Comment

I received this input from one of the Managers (DP) who attended a QMII DP (Designated Person) class I taught:

“The UK Maritime and Coastguard Agency (MCA) issued a press notice stating that a foreign shipping company and its designated person ashore (DPA) have been ordered to pay £13,152.50 in fines and costs after pleading guilty to breaches of the International Safety Management (ISM) Code. On 19 June 2012, a port state control (PSC) inspector issued a Prohibition Notice requiring entries into ballast tanks be made in accordance with the Code of Safe Working Practices. The PSC inspector returned on 20 August 2012 and noted that improper ballast tank entries were still being made and that the DPA had been present during those entries. (3/13/13).” 

I totally agree that a harsh view should be taken whenever there are clear indications of a system failure. Clause 1.1.10 of the ISM Code clearly defines a MNC (Major Non Conformity), and has a sting at the tail end of the clause mentioning the systematic implementation in the implementation of the ISM Code. The PSC (Port State Control) holding the company responsible and taking a serious view of this lapse is understandable. Entry into enclosed space should be per procedures and any check list the company has incorporated in the SMS. This is sad, that knowing the number people who lose lives due to lack of procedures or not following procedures when entering contaminated spaces and enclosed spaces, companies still compromise and take short cuts. The purpose of the check list under clause 7 of the ISM Code would be lost if it was not to be followed.  It makes it worse when the procedures are not followed even with the DP present. The link emphasized in the clause 4 of the ISM Code is in itself weak! It is not an individual failing but a system failure. What about the Master’s responsibility and commitment? Whenever there is a system failure it amounts to a MNC. And so no surprise that PSC came down hard on the company. I would not have blamed the DP (Designated Person) though. Blame culture leads to weakness in the system. After all if the company has a irresponsible DP, it is indicative of the company culture and the environment they have created which encourages individuals to not follow the system. It may perhaps point to the failure of the hiring system where they perhaps picked a DP with no understanding of the system approach. In each case it is a system failure. The PSC should have penalized the company, and in its objective evidence indicated the presence of the DP as the reason for the seriousness of the lapse.  I will not be surprised if additionally the vessel was also detained. Clause 1.2.2 in its entirety is applicable. When companies do not follow and implement their own objectives they not only contravene the ISM Code but also show a lack of social responsibility.

Should Auditors seek to find Non-Conformities?

Is the audit not complete unless a NC has been found?

“During a recent internal audit an employee performing a certain job, listed her actions slightly out of order from the written instruction.  The change did not affect the outcome in any way - it was basically comparable to making a pot of coffee and choosing to add the water first, even though the instruction says to add the coffee first.  Half of our team felt that it was a 'non-conformity' and the other half felt it was not. ” 

This is an interesting situation that was posed to me after a recent QMS LA (ISO 9001) course I led. I thought of sharing it on my blog as it touches on the principles of auditing, wherein auditors should look for conformity and not non conformity.  The answer lies in the difference between an auditor and a registrar. A good auditor, audits with no subjective opinion and does not go looking for NCs. Good Auditors go looking for conformity. When a preliminary audit conveys the impression of a NC an auditor should still give the Auditee the chance to show conformity. An auditor should not be there to "fix the Auditee", somehow give NCs and so on. Please refer clause 8.2.2 of ISO 9001 with regard to internal audits. The clause requires the organization to conduct "internal audits at planned intervals to determine whether the quality management system" "conforms to the planned arrangements" - it does not say go find how it does not conform! The clause requires the system to be "effectively implemented" not how it is not effective or not implemented. Sure if it is a NC it should be reported, as the only bad NC is the one we do not know about.

In this case, since the employee knows what she has to do, this should not be a NC. In any case knowing everything verbatim is never the intent unless it is a requirement as in the case of a nuclear reactor where actions in an incorrect sequence could cause a catastrophe.