The Sindhuratna Accident: A System Failure in the Indian Ministry of Defense

Resignation of the CNS (Chief of Naval Staff) of the Indian Navy (IN) a System Failure:

In the August 30, 2013 blog I wrote about the explosion on board the INS Sindhurakshak, a Russian built Kilo class submarine as a part of the Indian Navy submarine arm and the tragic death of 18 of its crew. My assessment of this being a system failure is now quite substantiated by the ill-fated accident on the INS Sindhuratna, another Russian built Kilo class submarine, which took the lives of two officers, and consequent resignation of Admiral DK Joshi as the CNS. I knew DK personally; we were students in the ASW specialization training in Cochin. A very fine upright officer let down by a failed system. Dr. Deming said: “a bad system will let down a good man every time”.

The ill-fated Sindhuratna was commissioned into the Indian Navy on November 19, 1988. The Russians operated the boat for about a year on trials and weapons testing before handing it over to India. On the date of  the accident the sub had effectively been in service for 26 years. These boats  are usually sent for a half-life (10 to 12 years) refit to Russia or done by the Indians in Vishakhapatnam, depending on the capacity of the dockyard. The major refit virtually rebuilds the submarine from its casing to the pressure hull. All hull valves are serviced and/or replaced and where advances have taken place new weaponry and sensors are replaced. The sub after such a refit is good for another 10 years. The pattern is similar to ships in the mercantile marine where the full term certificate is issued for 5 years (Clause 13.7 of ISM Code) and the ships maintained accordingly. Today most good ship registries as the Liberian ship registry will not register a vessel older than 20 years. However the Indian Navy squeezed out another two years of service from this boat. And finally the active life of this submarine ended in December 2013. Yet the submarine was operating…

The Achilles heel in a conventional submarine is its set of batteries. A Kilo class submarine is driven by 240 batteries, each weighing 800 kilograms. The batteries provide a service life of 200 fully charged to fully discharged cycles or exactly 4 years whichever comes first, and then they are due for change. The older batteries do not provide the juice necessary for running under water, require frequent charging, and emit excessive hydrogen and pollute the atmoshers inside quickly. The chlorine vapors and leaking electrolyte are hardly congenial to creating the safe work environment for performance as a warship (ISO 9001:2008 clause6.4).

 The Sindhuratna's batteries in use had completed their life cycle in December 2012. Lack of planning, and incorrect implementation of a system approach to managing such a vital arm of the Navy is adversely affected by a non-committed incompetent top management (TM) both at the ministerial level and at the administrative level. Even if the IN is projecting these requirements the TM still rests in the ministry where the defense minister may not even understand the nuances of the requirements. Further, interference in the safety levels occurs when the national operational requirements remain unchanged in spite of the navy’s underwater arm being  hugely depleted. This result in the IN pressurized to stretch the service life of these aged submarines with batteries which are a ticking bomb. In this particular case, it is reported that the  Sindhuratna underwent a minor refit over the last four months and it was on its first sea trial or Task 2 sea examination before it could be re-inducted into active service. It was however at sea with these batteries whose service life had expired! Batteries which should have been junked 15 months ago. Has not the IN had accidents or near misses before related to old batteries? 

So the question is why are the submarines being sailed in this state? Why were the batteries not replaced timely? Surely the CNS would have asked for these from the Ministry of Defense (MoD). The Defense Minister (DM) needs to understand the part that batteries play, even if he is just a political head, he needs the administrative organization to explain this to him and meet the Naby’s requirements. The ship didn’t get new batteries because the procurement process of the MoD failed. It perhaps did not take the CNS’s inputs correctly. When repeated accidents occur, the CNS is aware more accidents will follow because the system in the MoD has failed. He however has no recourse or face to show his men as to why he is sending them out in unsafe vessels. Thus his resignation.

A system which is failing needs to recognize the root cause of the failure. Who is responsible for this sad state of affairs? Clearly the MoD. Battery projections for the submarines are not made at the last minute. Naval Headquarters (NHQ) processes these requests timely and at least 3 to 4 years in advance. In any case battery requirements are periodic and well known to a country which has been operating submarines since 1967. The fleet is required to have a set of batteries as a reserve. It is therefore a system failure at the national level. Authorities higher than the CNS need to take responsibility and then the new incumbent should look at the system failure. There is no room for politics in such matters of national importance. If the nation’s defense forces lose faith in the system, then the loss of morale cannot be far away. “Morale is to physical as two is to one” - Napoleon. 

There is an urgent case for studying the system that runs the navy. The resignation of the CNS is a good example but not the solution.

The Recipe for a Successful Merger

Mergers and acquisitions challenge the system. The system goes through a phase where integrity of the system can be affected if meticulous planning is not carried out. While having experienced and capable personnel to lead this evolution is essential and desirable, we must not forget that "A bad system will let down a good person every time". Therefore the emphasis on looking carefully at the existing systems and then designing the new system based on the "AS-IS" of the system led by a clear policy from the Top Management is essential. Every merger brings  a sense of excitement within the organization. There is prospect of growth, not only for the organization but also for all the personnel employed. It is not surprising that not all mergers are successful. There have been many a case of failed mergers, some having failed within a few months. The value and benefits of a well implemented process based management system cannot be stressed enough. This applies equally across all industries.

A well-developed process based management system ensures that all processes are established and functioning well and will not be adversely affected as the merged organizations place the new personnel in their roles of responsibility. The authorities and responsibilities need to be well defined. The policy should be seen in the light of the revised organization and should put in place clear measurable objectives and goals. The system should help identify non-conformities (NC). Most companies fear NCs not realizing their importance. Although initially there might seem to be an increase in reported NCs in a well integrated and implemented system these NC’s will eventually lead to a culture of Preventive Action opposed to Correction & Corrective Action post an incident/accident.

Is it merely enough to have a system in place though? At QMII we work with our clients hands on to recognize the  "As-IS" of the systems and meticulously work to integrate them into a harmonized system so that the integrity of the system is not lost as the merger progresses. The lack of ‘buy-in’ by Top Management (TM) to the new system creation or the TM saving pennies at the P stage of the P-D-C-A (Plan-Do-Check-Act) cycle can have adverse consequences and are the precursor for a dysfunctional system in the future resulting in losses. The organization pays for the poor planning of the system.. It is important to have the Top Management lead the implementation of the new system and this will then filter down the ranks effectively.

For a maritime organization  a well-integrated Safety Management system complying with the ISM code ensures that all aspects of logistics services, cruise services, vessel management, ship maintenance, personnel training and commercial trading operations performed throughout the company fleet work effectively to ensure the success of the company.

This might sometimes involve developing a completely new system. However at QMII we strongly urge our clients and alumni to ‘Appreciate their Management System’. That respect for the existing system comes from avoiding templates (one fits all!) and instead going to the “As-Is” of the existing systems before integrating them. Then the gaps can be identified and effectively filled. (See our methodology). This makes it easier for all employees to ‘buy-in’ to the integrated system and leads to a successful merger!

Why should SME (Small and Medium Enterprises) implement ISO 14001?

Our senior consultant Tom Venafro has been working on EMS (Environmental Management Systems ) all his life. I was having a discussion with him and asked him, “Why should SME (Small and Medium Enterprises) implement ISO 14001?” In fact more, why are they reluctant to meet this responsibility. Are these companies even aware that just being efficient (using a system based on ISO 9001:2008) may ensure efficiency, however unless the byproducts and pollutants which are the result of a process are controlled the organizations will eventually see a declining “cash in the bank”. Going further, and learning from 9/11 we know that an efficient system should not only take care of the environment to be profitable and viable but must be secure. The implementation of  a system to protect the global supply chain based on ISO 28000 needs to be considered as an asset. Social responsibility is integral to good business today. On ISO 14001 Tom had the following views:

Small and medium business should be considering ISO 14001 EMS for their sustainability in more ways than one. Of course having a certified EMS will provide both a green "sustainable" future as well as a green "monetary" bottom line.

Aside from and implemented EMS being the right thing to do for the environment, it also reaps financial benefits.  Recycling programs means less waste to landfill, less regular waste pick-ups more money saved. The EMS will provide the framework for a company to be a good steward of the environment and help reduce its impact on the environment. This equates to more control over pollution sources and less fines from regulators and huge "cradle to grave" liability.

These items are just the tip of the iceberg. Beneath the water line the hidden benefits begin to pile up. Employee moral improves, process organization and efficiency increases. Employee awareness from a EMS seeps into employee's home lives furthering green living.  These combined activities begin to make an larger positive impact on society. This eventually trickles down to economics, meaning that the positive cumulative effect of pollution prevention contributes to keeping costs to taxpayers low.

An EMS is the guide organizations should use to trigger constructive environmental thought. For example, 14001 clause 4.4.7 Emergency Preparedness and Response is meant for an organization to consider the environmental impact that can be caused from an emergency or natural disaster. This is not a normal consideration that would not usually be made.

The standard requires that employees understand the aspects and targets the organization is trying to obtain. Most importantly, they require that employees and contractors understand the consequences of their departure from specified procedures or operational controls.

Of course the EMS has the same customer benefits in the marketplace as ISO 9001QMS does.  Customers will ask and require a certified EMS more going forward. Having an EMS is a case of "sustainability".

Does implementing a Process Based Management System put my job at risk?

Recently while working with some students in a Lead Auditor class for ISO 9001 one of the students came up with a serious concern about his being committed to ISO 9001! His questions was “With a  well-documented Process Based Management System (PBMS) in place everyone will know what I do. So how can I then ensure the security of my job?”  Over numerous classes that I have taught, this question often comes in one form or the other. This is particularly relevant when I work in other countries where jobs are hard to come by. I am sure there are others who have this job insecurity as their  company begins the process of implementing a PBMS based on a standard. Their worry is “what is in it for me?”

Clause 5.5.3 of the ISO 9001:2008 requires the management to ensure internal communications with regard to the effectiveness of the quality management system. These internal communications must explain and address the doubts of the employees. The employees must appreciate that a bad system can let down the best man every time. Without a system the blame culture will prevail and overall efficiency be adversely affected. Management will then invariably ask “Who?” – meaning blame the employee, instead of asking “How?” and or “Why”- meaning how and why did the system let down the employee. In real terms with the system the blame moves from the individual to the system. Even if the employee’s incompetence caused the deficiency the system failed in terms of ensuring competence either by incorrect hiring, or training or continued education and so on. The organization should improve the system which placed an incompetent employee in a position where he/she could not perform, instead of blaming the employee. Disheartened employees are the result of being always blamed for poor work and the results, leading to the work environment (clause 6.4) not being congenial for achieving product conformity. How can any organization achieve continual improvement (clause 8.5.1) if deficiencies are not addressed.

Employees often forget that their job security is dependent on the organization constantly improving with the continual improvement cycle to be productive and viable. Without the improvements the organization itself will go out of business and so the jobs will be lost. Investing in a system approach and addressing deficiencies by corrective action(clause 8.5.2) can against the recurrence of non-conformities. As the data base builds and the employees can get the information from the data and analyze it (clause 8.4) can they predict potential NCs (clause 8.5.3) and so add value and therefore sustain the organization to enable the organization to continue to meet the expectations of the manpower. After all benefits are an outcome of the “cash in the bank”.

As the PARs (Preventive Action Requests) start coming in and the employee participation increases the system stabilizes creating the environment for innovation. The organization immensely benefits from innovative products (story of Apple is a case in point) and is therefore able to pay its employees better. A system approach therefore not only is an investment in retaining the employees (job security) but a sure way to ensure better future prospects. The success of the organization then contributes to the well-being of the society and the ultimate prosperity of the nation. We could stretch the benefit of the system approach further and say it would meet the futuristic stability too and ensure conduct which is socially responsible (SR). 

Comments on CEO Transocean admitting to mistakes related to the tragedy of Deepwater Horizon

In a recent article in the Maritime Explorer, "Transocean Ltd. CEO Steven Newman said the company’s crew on the Deepwater Horizon “should have done more” to prevent the rig’s 2010 explosion in the Gulf of Mexico". http://www.maritime-executive.com/article/Transocean-Should-Have-Done-More-Before-Blowout-CEO-Testifies-2013-03-20/

This is indeed a pleasant change and in a way a pioneering effort for which Transocean's CEO needs to be congratulated. The maritime industry, in general, avoids taking blame. There are reasons for that wherein for example P&I clubs do not really pay unless someone is blamed. A bad system will defeat a good person every time” – W. Edwards Deming.  This reminds me of a quote from the Cain Mutiny, which in essence says, “Navy is a master plan devised by the genius for execution by idiots”.  This master plan is the system, which should be so created that there is no need to blame the individual.  Every time the system fails, the management reviews and acts to work on the procedures that comprise the system.  Improve the system enabling better protection of the individual. It is ironic that individuals who are assigned the designing and then implementing of the system often consider it a burden – little realizing that the system approach takes management away from asking, “Who” to asking, “How and Why”.  This results in further development of the system rather than blaming the individual who was simply working within the system.

In this article, however,the CEO talks of both good people and a good system. I agree with the good people bit. In any case if analysis reveals that the employees lacked competence or were negligent it would again point to the system, meaning the weak HR (Human Resources) procedures which hired incompetent personnel. So it is always the system which lets down the organization. So my objection and suggestion to Transocean (for that matter any maritime organization) is not to say that their system too was “wonderful” but to re-look at the system and analyze how the system let down the personnel they selected. I have a quote which I use when I work with organizations as I develop their systems as a consultant and that is “the only bad NC (Non Conformity) is the one you do not know about”. The system therefore should be created with the environment matched to encourage NCs to be reported. After all corrective action and correction are NC driven. And as the NCs collected contribute to the data base increase, they will provide the information which can be analyzed and trends obtained to predict potential NCs. The company becomes a mature organization when it can predict potential NCs before they occur. Potential NCs are data driven. Therefore Transocean needs to work towards that end. So, yes the CEO has indeed taken a very positive step by accepting the deficiencies and will no doubt now look ahead to going back to the Plan stage of the P-D-C-A cycle (Plan Do Check and ACT) and review the system.

Should Auditors seek to find Non-Conformities?

Is the audit not complete unless a NC has been found?

“During a recent internal audit an employee performing a certain job, listed her actions slightly out of order from the written instruction.  The change did not affect the outcome in any way - it was basically comparable to making a pot of coffee and choosing to add the water first, even though the instruction says to add the coffee first.  Half of our team felt that it was a 'non-conformity' and the other half felt it was not. ” 

This is an interesting situation that was posed to me after a recent QMS LA (ISO 9001) course I led. I thought of sharing it on my blog as it touches on the principles of auditing, wherein auditors should look for conformity and not non conformity.  The answer lies in the difference between an auditor and a registrar. A good auditor, audits with no subjective opinion and does not go looking for NCs. Good Auditors go looking for conformity. When a preliminary audit conveys the impression of a NC an auditor should still give the Auditee the chance to show conformity. An auditor should not be there to "fix the Auditee", somehow give NCs and so on. Please refer clause 8.2.2 of ISO 9001 with regard to internal audits. The clause requires the organization to conduct "internal audits at planned intervals to determine whether the quality management system" "conforms to the planned arrangements" - it does not say go find how it does not conform! The clause requires the system to be "effectively implemented" not how it is not effective or not implemented. Sure if it is a NC it should be reported, as the only bad NC is the one we do not know about.

In this case, since the employee knows what she has to do, this should not be a NC. In any case knowing everything verbatim is never the intent unless it is a requirement as in the case of a nuclear reactor where actions in an incorrect sequence could cause a catastrophe.

Food Safety chain failure due to Poor Auditing or a victim of Top management Failure

The food related diseases have pointed to the failures in the food supply chain. Regrettably, the managements of these companies have without hesitation, pointed the finger at poor auditing, and further and even more to lack of appropriate requirements and guidelines! This is not surprising – considering that, the owners of the Titanic were very prompt in attributing blame to their Master! Concordia after Costa Concordia repeated history by blaming the Master! BP holds either Transocean responsible or the operators or anyone else but themselves!

When managements shirk away from their commitment to continual improvement of their system, (ISO 9001:2008 Clause 5.1) and chose to depend on auditors to improve the system it is a potent mixture for the death of the organization. If the industry was correct it might be a good idea then to have auditors as CEO's and let them run the companies and sole all the worlds’ corporate problems. We would then be surrounded by ENRON type debacles!

It is the managements who must retain the customer focus (Clause 5.2) and do all that is necessary to improve the system that runs the business and provide safe and wholesome food. The outbreak of food borne diseases is not an auditing failure- it is a management failure. Addressing auditing instead of the management failures would be like treating the symptom and not the root causes. The management must take on the responsibility for providing a quality policy (Clause 5.3) backed by their commitment (not the auditors commitment).The top management must set the measurable objectives leading to regular reviews to improve the system.

That the entire food chain starting from raw material to delivery of the finished product is the responsibility of the organization should leave no doubt. The failure of the chain is then is then a Top Management (TM) failure. Forgetting or mixing up that auditors and auditing are one of the many tools who provide input to the management to make decisions. When food organizations (for that matter any organization) leaves its decisions or passes its responsibilities to auditors that organization is doomed to failure (Clause 5.6.3). These defaulting companies get the audits and the results thereof. If they pay to ensure the system fails, it is their decision. Immature organizations forget that a deficiency (NC or CAR) is the starting point of correction and Corrective Action (CA). As the companies put in place a mature system they further appreciate the need to go beyond treating symptoms. Correction and CA will continue to cost the organization. Food chains will improve and meet the customer requirements when their reviews inclusive of audit inputs provide the data which can thence analyzed and interpreted to get the information to recognize potential problems and address them (Clause 8.4 & 8.5.3 of ISO 9001:2008).

The auditors and regulatory bodies can only do that much in the absence of uncommitted managements (read TM).

TITANIC TO COSTA CONCORDIA – USING THE ISM CODE IN THE TRUE SPIRIT OF THE SYSTEM APPROACH

Time, like an ever-rolling stream keeps moving.  Technology advances.  Civilization brings more and more rules.  Every tragedy from the Titanic to the Herald of Free Enterprise to the recent sinking of the Costa Concordia demonstrates one thing that does not change – human nature has its weaknesses.  Technology, to an extent, can produce the best of missiles but the man behind the launching mechanism retains the control and continues to be relevant.  Better educated, exposed and aware, perhaps, but still vulnerable to human frailties.  When organizations adopt the system approach, they set in place an atmosphere of continual improvement.

“A bad system will defeat a good person every time” – W. Edwards Deming.  This reminds me of a quote from the Cain Mutiny, which in essence says, “Navy is a master plan devised by the genius for execution by idiots”.  This master plan is the system, which should be so created that there is no need to blame the individual.  Every time the system fails, the management reviews and acts to work on the procedures that comprise the system.  Improve the system enabling better protection of the individual.

It is ironic that individuals who are assigned the designing and then implementing of the system often consider it a burden – little realizing that the system approach takes management away from asking, “Who” to asking, “How and Why”.  This results in further development of the system rather than blaming the individual who was simply working within the system.

In the maritime world, the P&I clubs may well be paying the insurance dues only after an individual is blamed, but the ISM Code in contradiction does not encourage the blame culture.  Good management personnel understand this.  Both the ISM Code and the process-based management system standard, ISO 9001, take management away from the blame culture and require continual improvement of the system.

Management, which can connect the clauses 4, 5, 8 and 9 of the ISM Code will understand and appreciate the fundamentals of the Code.  These members of management will reap dividends in terms of “cash in the bank”.  The term, “cash in the bank”, coined by QMII over 25 years ago, implies fewer to no accidents, resulting in greater customer satisfaction and an increase to the bottom line.  In the maritime world, the difference between a detention and a catastrophe really is the cost the company pays – the loss in revenue, the cash in the bank lost.  It implies loss of life, which in bare terms costs the organization.  Loss of a vessel can ruin the company.

If it is as simple as the correct implementation of the process-based approach, then why does management not get it?  Is it because the maritime industry is so drowned in day-to-day activities that it is more concerned with avoiding being detained, somehow getting away from Port State Control (PSC) scrutiny, to be unable to implement the ISM Code in the real sense?  Alternatively, is it that the old-fashioned top management (after all, those who go into management are a generation or two behind those who actually go to sea and operate the vessels) are not fully exposed to the true meaning of the system approach?

This analysis is not new.  Justice Sheen investigating the loss of the Herald of Free Enterprise found a “disease of sloppiness” and negligence at every level of the corporate hierarchy.  What did that mean?  It meant the system was not working.  In present-day man-made tragedies, we, too, conclude the system is not working.

Shore management and those at sea should already know the value of a correctly implemented process-based management system (ISM Code in conjunction with ISO 9001:2008).  The implementation of the Safety Management System (SMS) to prevent detention is not acceptable.  It should be one of the benefits of a good system. Aligning the system to just meet auditor requirements or take measures to prevent PSC actions is weakening the system.  The system will do that, however, the system should have a more honest, larger purpose where it welcomes nonconformities (NC)to enable management (both at sea and ashore) to fulfill their obligations under the ISM Code (clause 9).  Correction of NCs, followed by Root Cause Analysis does not end the cycle.

I have drawn this graph above to show the benefits of respecting NCs (CARs). As the data base builds information can be obtained from the data to objectively analyze it and get the trends and predict potential NCs. When a system is first implemented, the number of NCs will increase. This is because the system is now recording the deficiencies. As the data base builds the analytical ability of the system is able to get the desired information for the managements to resource the system (be it in hardware, equipment, training or manpower) and most importantly to recognize potential NCs. This then positively affects the bottom line as now we are tackling potential NC and not being reactive to NCs. There is a point in the system development of an organization where the NCs drop and the PARs (Preventive Action Requests) increase indicative of the employees having matured and embraced the system. This is the place where the management also sees innovative ideas coming up and the management taking a more socially responsible role.

Preventing detention too often becomes the Master’s primary responsibility to the shore based management.  For PSC activities not to reveal NCs is a daily short-term goal.  Actually, this is counterproductive to the expectation of the Code and the system approach in general.  It encourages “hood winking” the PSC officers.  In my experience at sea and in my interaction with seafarers I have come across incidents of seafarers being paid ‘bonuses’ to get a clean audit report. If management takes that path, true safety cannot be achieved.  The PSC officers are stakeholders in maritime safety at sea.  Why have the PSC officers come in?  They meet a public outcry and demand following the numerous tragedies over the years.  They detain vessels in order to prevent disaster at sea from occurring.  What would the management prefer – a catastrophe or a detention?  Which is less expensive?

In the selection of Top Management (TM) at sea, be it the Captain, the Chief Engineer or the Hotel Captain (on passenger vessels from the Titanic to Costa Concordia) – if the Master does not perform or does not conduct him-self professionally or as per expectations, whose fault is it?  Management ultimately picks the crews.  The hiring procedure needs to be targeted.  Those at sea are performing to the best of their abilities and working hard; it is their profession and life.  We must never forget that they are performing as per the selection criteria that management has set!  Often for seafarers the relationship with the vessel is from ‘gangway to gangway’. How does a company go about ensuring that its seafarers are equally invested in the success of the system? Some say that retention of seafarers is the answer. But is a high retention percentage indicative of a good ISM culture? The answer again lies in a better management system.  The Culture should filter top down. The blaming of individuals should shift to blaming the system in order to encourage a more open system.  There should be no fear in exposing NCs.

The only bad nonconformity is the one we do not know about.  A system should be created which welcomes nonconformities.  A detention is a NC, which has saved an organization from a likely catastrophe.  Detentions are expensive; therefore, the need to create an SMS in the true spirit so it ensures NCs are detected internally, well in time, enabling management to take corrective action to determine the root cause.  To do that after each mishap, management should not jump to the CHECK stage of the Plan-Do-Check-Act (PDCA) cycle.  

They should instead go back to the ACT stage and carry out better management reviews, leading to better planning followed by correct implementation (DO) of the system.  The system approach, correctly implemented, will lead to a system, which will work.  Moreover, when the system works, one of the many benefits will be few to no detentions.  The ISM Code is the basis for such a system.  An investment in a correctly designed system and the implementation together with active participation by management will ensure requirements are met.  When requirements are met, there will not be any detentions. Let us not prepare for audits, detentions and PSC exams.  That principle is incorrect.  Let management encourage those at sea, and those who manage the vessels from shore, (as the Superintendents, Port Captains, DPs and CSOs, etc.) to work together in the interest of a system which functions and leads to safety at sea.

The sinking of the Costa Concordia has brought into focus several SMS-related failures, from which timely and correct lessons must be learned to prevent the recurrence of similar catastrophic events.  These accidents will shape industry’s culture and motivate industry stakeholders to make vessel operations safer in an effort to continue to sustain the shipping business and ultimately create “cash in the bank”.

The ISM Code recognizes that human error is the cause of the majority of accidents.  The Code requires delineating responsibilities of the ship and shore side management, creating the system and then addressing the coordination of the ship-to-shore support.  If about eighty percent of marine incidents are caused by human error, companies then have the responsibility to create true organizational management systems, which help humans, prevent and mitigate such incidents.  The management system is documented to the extent necessary for effective planning, prevention, operation and control.  The most important parts of any management system are not documented as they involve leadership, care and coordination.

The fish-bone diagram above  indicates the principled working of a system. The inputs are worked on using the system to produce the desired output. The passengers coming on board will need the entire work spectrum indicated in the fish-bone diagram to work together under the Top Management exercising care and coordination for the output to be positive. For the satisfied passengers, to continue to patronize the company because, their expectations have been met in terms of the holiday, safety, and security and pollution prevention.

The fish bone diagram above has the vital rib – Care and Coordination – implying active and constant participation of the top management. The PDCA cycle at the Act stage (please see diagram above) requires the TM to act based on the review of the system. Audits are not meant to deliver changes or improve the system. If audits and auditors could improve a system, then auditors would be the CEOs of the shipping companies! It is the management that improves their systems. For this, they must understand their systems and lead the implementation of the system by example.  To do this, management must admit they also need to be trained.

The correct implementation of the SMS, based on the ISM Code, will ensure that ships operate safely.  The Code addresses the key provisions such as SMS objectives, safety and environmental protection policy, company responsibility and authority, designated person, master’s responsibility and authority, resources and personnel, shipboard operations, emergency preparedness, reports and analysis of nonconformities, accidents and hazardous occurrences, maintenance of the ship and equipment, documentation, company verification, and review and evaluation.  All of the provisions of the Code are designed to work interactively and in harmony with each other to enable the management system to be effective.  However, none of this can deliver the desired results without the total involvement and commitment of the company’s top management. Blaming individuals will only correct one person and not the system.  To improve the system, the root cause should be considered.  The management must take the blame for having a poor hiring process and lead the change by re-designing that process.  When the Captain at sea fails in his role, management must read it as the process having failed, not having been designed correctly.  It requires going back to the PLAN stage of the PDCA cycle.

One of the main risks that any shipping company encounters is the potential disconnect that can occur when the procedures in the SMS are not being followed by shore side personnel, seagoing officers and crew.  The worst that can happen to a company is when those ashore believe that the procedures are being followed, when in actuality, due to, for example, over documentation or lack of awareness and training, they are not.  Seafarers in our courses share experiences of over-documentation in certain companies where the ‘paper’ eventually takes more importance that the actual procedure. This disconnect again is indicative of a system not functioning.  It is indicative of a cookie cutter system based on generic templates (a common culture in the maritime industry).  The designing of a system must be based on the “As-Is” or current state.  If consultants are used to assist in designing the system, beware of those who promise to do it cheaply sitting in their offices and providing master solutions!  If you accept these, then as TM you have already sown the seed of a weed.  Do not expect it to give you roses!  Good investment at the PLAN stage of the PDCA cycle is vital, in terms of both money and time.  Investment in designing the correct system based on the existing state is vital to the success of the system.

Any major marine incident investigation, like the Costa Concordia, should focus on the ability of a company to effectively implement their SMS procedures and whether or not there were any gaps in how the SMS procedures were applied.

If a company believes it has a perfect system and rests on its laurels, it is doomed to failure.

ISO 28000: Using the International Standard in the ever deteriorating global security environment and its impact on the homeland security.

In his introduction to the National Strategy for Global Supply Chain Security, published on January 23, 2012, the President has clearly emphasized the United States commitment to ensuring “efficient and secure transit of goods through the global supply chain system”.  Any disruption to the supply chain can adversely affect the economy of our nation or for that matter any nation.  Our homeland cannot be safe if the global supply chain remains vulnerable.  Adopting the process-based management system (PBMS) approach to global supply chain security can guarantee the rejection of the misconception that security and efficiency are not possible together.

ISO 28000 is a generic security management standard based on the PDCA cycle (Plan, Do, Check, Act) already extensively employed by businesses globally to bring in efficiency, continual improvement and innovation using the international standard ISO 9001.  Companies, which are already compliant with the ISO 9001 standard, are in a ready state to incorporate the additional requirements of ISO 28000.  Where companies are not compliant with ISO 9001 and considering ISO 28000 as the initial standard to adopt the PBMS approach, they prepare themselves to benefit from the approach when they further widen their scope.  The adoption of the Customs and Borders Protection (CBP) initiative, C-TPAT by companies within the US and those trading with the US benefit as the C-TPAT initiative is based on the ISO 28000 standard and can therefore be implemented in a seamless manner.

Those companies which are considering a process-based approach to management for the first time, not only ensure the security of the global supply chain but also then prepare their systems for gaining the benefits of efficiency, continual improvement and innovation to their management systems.  Apart from C-TPAT, the other international initiatives similar to ISO 28000 include the World Customs Organization (WCO), which has adopted the Framework of Standards to Secure and Facilitate Global Trade, SAFE Framework security requirements, International Maritime Organization (IMO) / Safety of Life at Sea (SOLAS) security requirements (as included in Chapter XI-1 & 2) leading to the International Ship and Port Facility security requirements, EU Authorized Economic Operator
(AEO) security requirements.

At one time, just ensuring efficiency based on ISO 9001 was an option for companies to remain in business and to operate profitably.  However with time, to stay in business the companies had to take care of the risks, pollutants and adverse effects to the environment from the by-products of their processes.  ISO 14001 (Environmental Management System – EMS) took care of this.  However, following the tragedy of 9/11, this was not sufficient and protection of the business from security breaches became vital to ensure business continuity and profitability.  In 2001 – 2002 following the tragedy, it was the maritime community who realized their vulnerabilities and took the initiative to protect the maritime assets by adopting the IMO’s ISPS Code (International Ship and Port Facility).  This protection of the maritime assets, however, left the supply chain vulnerable to security breaches both upstream and downstream.  ISO 28000 fills this gap and brings the PBMS approach to the security of the entire global supply chain.

The supply chain globally connects the world economy today.  With the dependence on Middle East oil remaining a reality, global security of our supply chains is more critical than ever.  Terrorists and bad elements seeking to disrupt the supply chain can best be prevented by a system approach to security.  The dangers to our maritime assets in ports come from outside the ports, up and down the supply stream, so just protecting the ports is not sufficient.  The entire supply chain upstream and downstream needs planned protection using a fail-safe system.  One vessel destroyed in just the right location will affect a country’s economy for years.  One train with HAZMAT cargo destroyed in a vital location can cause great loss of life, cause mass hysteria and not only adversely affect the economy but also demoralize a nation.  Consider a remotely detonated nuclear device being exploded anywhere in the route of the long global supply chain and its impact.  In US neighborhoods, a lot of our trade from the North and South is carried out on trucks.  Securing the trucking routes can be a nightmare without a system approach.

Shipping unites the world by its complex intermodal transportation and is crucial to the world economy.  This then also makes it vulnerable to pirates and terrorists.  While the ISPS code ensures the requisite security of the maritime assets, these threats come into the ports and ships from outside.  Ninety-five percent of our imports are by sea.  The security of the ports upstream and downstream is a national necessity.  The United States also needs to consider the effects of the Panama Canal widening which will allow for new super carriers to come to our Eastern ports.  This will slow down the inspection process.  These implications will bring in nonconformities (NC) occurring over time as we receive this larger amount of shipping on our eastern shores.  Can the nation wait for the NCs to occur and then apply correction and corrective action, or should ISO 28000 be adopted across the supply chain to use the PBMS approach and ensure the security of the global supply chain?

Complexities of the supply chain cannot be managed without a system approach.  An end-to-end view of the entire operation needs to be the focus.  It will require coordination and protection carried out in a systematic manner.  The probability of a supply chain vulnerability causing harm by disruption will continue to grow without a system approach to the management of its security.  This risk can be mitigated by the adoption of the system approach fundamentals provided in this international standard .

The Value of a Correctly Implemented Management System

All shore managements and those at sea should already know: the value of a correctly implemented process-based management system (the ISM Code, read in conjunction with ISO 9001:2008). The implementation of the SMS, though, should not be to prevent detention. It should be, or could be, one of the consequences/benefits of a good system.

However, the system should have a more honest, larger purpose where it welcomes deficiencies or nonconformities (NCs) to enable management, both at sea and ashore, to fulfill their obligations under the ISM Code clause 9. Correction of NCs followed by root cause analysis does not end the cycle. The NCs in the arsenal of the management should be systematically monitored to create a database from which information is produced, fulfilling the expectations of Clause 4 of the code embodied in the responsibilities of the designated person as a link between the shore and ship. This should be analyzed to predict potential NCs and trends, and will produce safer ships, cleaner seas and result in “cash in the bank” for owners and operators. It will also enable the master to fulfill his responsibilities in a more correct manner under Clause 5.

'Cracking the code' to prevent detention, is counter-productive to the expectation of both the code and the system approach. It encourages ‘hoodwinking’ the Port State Control (PSC) and USCG etc. If management takes that path, true safety cannot be achieved. PSCs are stakeholders in safety at sea. They can highlight a disaster about to happen.What would management prefer: a catastrophe or a detention? Which is the less expensive? The Master and crew are often accused on not being committed to safety - this is most uncalled for! If the master does not perform or does not conduct himself professionally or according to expectations, whose fault is that? The management picks the crews, so the hiring procedure needs to be targeted. Those at sea perform to the best of their abilities, as per the selection criteria that the management used. The answer, again, is a better management system.

A system should be created that welcomes NCs. The only bad NC is the one we do not know about.A detention is an NC that has saved an organization from a likely catastrophe. Yes, detentions are expensive, hence the need to create a SMS that ensures NCs are detected internally, well in time, so management can take corrective action before or soon after their occurrence. To do that after each mishap the management should not jump to the ‘check’ stage of the Plan-Do-Check- Act cycle. They should instead go back to the ‘act’ stage and carry out better management reviews leading to better planning followed by correct implementation of the system. A system approach, correctly implemented, will lead to a system that will work, and when the system works one of the many benefits will be no detentions, or only rare detentions.

The ISM Code is the basis for such a system. An investment in a well-designed system and implementation along with active participation by the management will ensure requirements are met, and hence no detentions. Let us not prepare for audits and detentions and PSCs and soon. The principle is incorrect. Let us, as parties interested in safety at sea, create systems that function.