By IJ Arora, Ph.D.

Editor’s note: This is the first of a two-part article examining the risk-based thinking lessons to be learned from maritime safety and security protocols. Part two will be appearing next week.

For centuries, individuals have sailed the sea, perhaps for their livelihood, perhaps for adventure, or perhaps for reasons of their own. Christopher Columbus, Ferdinand Magellan, James Cook, and countless others changed the world.

Today, sailing through international waters to meet the basic needs of the world brings challenges. Without merchant ships, tankers, bulk carriers, and container vessels, the global supply chain stops. Doesn’t the world owe these mariners all due safety and security?

I am a former seafarer who commanded submarines in the Indian Navy and then continued my career as a master in the merchant marine. Today, I am a subject matter expert in issues related to maritime safety and security. Given this background, I feel compelled to analyze what I hear and read about current events and provide a structure whereby the merchant marine industry might better prepare for any and all eventualities. The International Safety Management (ISM) Code, the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW), and ISO 9001 all provide process-based approaches that can be used by those in this industry for planning and risk mitigation.

Most of us do not have to deal with high-risk challenges at sea. For those who do, however, there are guidelines they can use. As one example, the ISM Code provides some lessons into anticipating the unexpected and planning for these risks in a systematic manner.

In this article I will touch on how portions of the ISM Code connects to elements of ISO 9001 and provide input that might be useful to maritime leadership in ensuring quality assurance and conformity assessment based on risk and considering the context in which these organizations operate. This is guidance that applies to any of us, on the water or in a facility or factory.

Similarities between the ISM Code and ISO 9001

For professional mariners, a simple rule applies: Conditions that appear routine can change without warning. The ISM Code emphasizes preparedness for emergencies and abnormal situations. Section 8.1 requires the organization to establish procedures to identify, describe, and respond to potential emergency situations aboard the ship. In other words, the ISM Code requires organizations to plan not only for technical failures or weather hazards, but also for security risks and unexpected external threats. Navies may refer to this as an operational assessment, but (in Shakespearean language) a risk by any other name would still be a risk.

ISO 9001 expresses a comparable idea through the requirement for risk-based thinking. As emphasized in clause 6.1.1, the organization shall determine the risks and opportunities that need to be addressed to give assurance that the quality management system can achieve its intended results.

From a management systems perspective, the broader lesson is clear: Organizations must plan for situations that may appear unlikely until they occur. For a ship’s captain or master, that planning may involve security drills, contingency routing, and coordination with naval authorities. For a quality manager or organizational leader, it may involve supply chain disruption, cybersecurity incidents, or geopolitical shocks. Ultimately, the decision on whether to sail should be based on a proper risk assessment. Events at sea sometimes remind us, in stark terms, why disciplined safety and command systems matter. What makes an incident significant in the context of this discussion is the reminder of just how quickly circumstances can change at sea.

Within ISO 9001, the context of the organization (clauses 4.1 and 4.2) leads to risk appreciation (clause 6.1). All of this must be integral parts of the maritime management system, at sea or ashore.

This is precisely why the ISM Code emphasizes preparedness for emergencies and abnormal situations as per section 8.1. Good organizations connect real maritime events with risk-based thinking. They understand that commercial interests must mesh with the emergency planning sections in the ISM Code. This understanding is also found in ISO 9001, specifically in clause 6 (“Planning”) and clause 8 (“Operation”).

Expecting the unexpected

My own appreciation for disciplined systems thinking was shaped long before the ISM Code was widely implemented in commercial shipping. During my years in the Indian Navy, I had the privilege of commanding vessels, first on F-class boats and later through service on a Charlie II-class submarine. Submarines operate in an environment where uncertainty is not theoretical and the margin for error is extremely small. Any failure in equipment, communication, or procedure can quickly become critical. What keeps submarines safe is not individual brilliance on the part of a captain or crew. That is part of it, of course, but even more important is the relentless adherence to procedures and constant preparation for contingencies. Before every patrol, the crew repeatedly rehearses emergency actions such as flooding drills, fire drills, loss of propulsion, and loss of power. Each crew member knows precisely where to go, what valve to operate, and what sequence of actions to follow. These procedures are not simply found in written manuals. They are practiced until they become instinctive.

At that time, we did not describe this discipline in terms of “process-based management systems,” but that is exactly what it was. The system existed to ensure that when the unexpected occurred, as it inevitably does at sea, the crew would not rely on improvisation alone. The response would already be embedded in the system and in themselves. Years later, when I sailed as a master in the merchant marine and then began to work with ISO management systems, I recognized the same principles expressed in a different language. ISO 9001 requires organizations to establish, implement, and maintain the processes needed for the quality management system and their interactions, as per clause 4.4 (“Quality Management System and its Processes”). Section 1.2 of the ISM Code similarly requires organizations to ensure safe practices in ship operation and a safe working environment. Different industries, different terminology, but the underlying idea is identical: Safety, quality, and reliability are the result of preparation and training, not simply reacting well to emergencies.

I can confirm through my experience that this reflection is not merely theoretical. It comes from first-hand experience wherein I led teams and where preparation truly mattered. This background gives me a clear perspective on risk, command responsibility, and disciplined procedures under uncertainty. This perspective can make a very compelling bridge between maritime safety management (ISM/STCW) and organizational quality systems (ISO 9001).

As we consider dangerous situations on or in the water, we can see what the ISM Code and ISO 9001 (in addition to other maritime protocols and ISO standards) can teach us about risk in uncertain times. In today’s volatile world, commercial shipping once again finds itself navigating geopolitical tension. News headlines remind us that vessels may need to transit waters where the risks are not merely commercial, but also matters of safety and survival. For those who have spent a career at sea, such circumstances are not entirely unfamiliar. The maritime profession has long recognized that uncertainty is inherent to operations. Ships sail through storms, equipment failures, and occasionally conflict zones. Yet despite these uncertainties, shipping remains one of the safest and most reliable global industries. This is not an accident. Much of that safety culture comes from the ISM Code, supported by training standards such as STCW. These frameworks provide reliable, structured guidance on how organizations anticipate risk, prepare crews, and maintain operational control.

In the next part of this two-part article, we will further discuss the framework of maritime systems and how they relate to risk and ISO 9001.

About the author

Inderjit (IJ) Arora, Ph.D., is the Chairman of QMII. He serves as a team leader for consulting, advising, auditing, and training regarding management systems. He has conducted many courses for the United States Coast Guard and is a popular speaker at several universities and forums on management systems. Arora is a Master Mariner who holds a Ph.D., a master’s degree, an MBA, and has a 35-year record of achievement in the military, mercantile marine, and civilian industry.