By IJ Arora, Ph.D.

Editor’s note: This is the second of a two-part article examining the risk-based thinking lessons to be learned from maritime safety and security protocols. You can read part one here.

The International Safety Management (ISM) Code brings a framework for safety through systematic management. It was introduced by the International Maritime Organization after several major maritime accidents revealed a common problem: The causes were rarely technical alone; instead, they were failures of management systems. The ISM Code, therefore, established a simple but powerful requirement, wherein shipping organizations must implement a documented safety management system (SMS) to ensure the safe operation of ships and the protection of the environment.

The principles embedded in the ISM Code offer valuable lessons for organizations operating in any uncertain environment. Many of these principles also resonate strongly with ISO 9001, the international standard for quality management systems. Let us examine a few of those connections.

Connecting the ISM code and ISO 9001

The ISM Code is not a technical manual for operating ships. Instead, it requires organizations to establish structured processes addressing leadership responsibility, risk assessment, operational control, training and competence, incident reporting, corrective action, and continual improvement. These requirements may sound familiar to anyone working with ISO management system standards such as ISO 9001 and others following the harmonized structure. In essence, the ISM Code recognizes a fundamental truth in that safe operations are the result of disciplined management systems, not individual heroics.

Establishing an SMS based on the ISM code and principles of ISO 9001 means planning for the unexpected. One of the most relevant principles in the ISM Code is the requirement to identify potential emergency situations and establish procedures to respond to them. Ships are required to plan for events such as fire, collision, grounding, machinery failure, person in water, and/or security threats or piracy. (Note that maritime security is covered by the International Ship and Port Facility Security Code and ISO 28001 covering security management systems for the supply chain). These procedures are not theoretical. Crews regularly conduct drills so that when an emergency occurs, the response is not improvised.

Organizations often interpret risk narrowly, focusing only on operational or financial risks. The ISM Code reminds us that effective management systems anticipate unexpected and low-probability events that can disrupt operations. In quality management terms, this is the discipline of considering what could go wrong and if people know their roles if (when) it does. It also means interrogating the system to determine how the organization will handle the ramifications of the adverse event.

Leadership and responsibility are important in maritime life. Another core principle of the ISM Code is clear authority and responsibility. Sections 5.1 and 5.2 require that on board a ship, there is no ambiguity about who is responsible for the safety of the vessel. The master has overriding authority. At the same time, as per section 4, the ISM Code requires those off the ship to support the master through a defined role known as the Designated Person Ashore (DPA). This individual provides a direct link between shipboard operations and top management. This structure reflects two key leadership principles: Authority must match responsibility and top management must remain connected to operational realities.

ISO 9001 expresses the same idea in a different context. As seen in clause 5.1 (“Leadership and commitment”) and clause 5.3 (“Organizational roles, responsibilities, and authorities”) leadership is required to ensure that the quality management system is integrated into the organization’s processes and that responsibilities and authorities are clearly assigned. Without this alignment, procedures quickly become paperwork rather than operational guidance.

In the case of mariners, competence and training are systematized. The International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW) ensures that seafarers are properly trained and certified for their duties. But beyond certification, maritime safety culture emphasizes something equally important: continuous drills and practice. Crew members rehearse emergency responses repeatedly. Fire drills, abandon-ship drills, and damage-control exercises are conducted not because emergencies are frequent; instead, it is because although they are rare, they are also highly consequential. This principle translates directly into quality management. Competence is not merely about qualifications; it is about preparedness to perform under pressure. Organizations that rely solely on written procedures without practical rehearsal often discover gaps only when a crisis occurs.

Learning lessons from incidents, as seen in ISO 9001’s clause 7.1.6 (“Organizational knowledge”) is integral to the SMS, making it a critical requirement of the ISM Code requiring the reporting and investigation of nonconformities, accidents, and hazardous occurrences. The purpose is not to blame, but to learn. Each incident becomes an opportunity to ask, “What failed in the system?” “What corrective action is needed?” and/or “How do we prevent recurrence?” Again, this is entirely consistent with ISO 9001’s approach to corrective action and continual improvement. The difference in the maritime world is that the consequences of failure can be immediate and severe. As a result, the discipline around incident learning is deeply embedded in the culture.

Risk decisions at sea and in maritime organizations need consideration about all key decisions, including how and when to transit dangerous areas. These decisions are rarely simple. They require balancing safety risks, commercial pressures, and regulatory requirements, including ever-changing statutory requirements of various contracting governments. This must be seen within the contexts of operational capability and the need to ensure crew welfare. The ISM Code does not dictate the decision. Instead, it ensures that the process for making the decision is structured and informed. This is perhaps the most valuable lesson for quality professionals. Management systems do not eliminate risk; they provide a framework for making better decisions about risk.

The ISM Code as a case study for risk-based thinking

Mariners have much to teach quality professionals on the use of the system approach for considering risks. For those working in quality assurance, auditing, or conformity assessment, the maritime experience offers several enduring lessons:

• Systems matter more than individuals; therefore, while competent people are essential, reliable operations depend on structured systems.
• Leadership must remain engaged in safety or quality, and this accountability cannot be delegated away.
• Leaders must prepare for rare but high-impact events, because risk management is not only about what happens frequently.
• Practice builds readiness.
• Training and drills ensure procedures work under real conditions.

The takeaway is that there is a need to learn relentlessly from failure and use nonconformities as opportunities to strengthen the system.

The need to navigate uncertainty strengthens the importance of the ISM Code and/or ISO 9001 to inform leaders about risk and process management. For ship owners and masters, decision-making requires a complete and quick update of risks and other factors. For those who have spent a lifetime at sea, uncertainty is part of the profession. Mariners routinely navigate storms, mechanical failures, and complex navigational environments. Yet despite these uncertainties, global shipping remains remarkably reliable. More than 80 percent of world trade moves by sea, and the system functions with a level of safety and predictability that most industries take for granted.

The ISM Code, as well as ISO 9001, recognize that outcomes, whether safety or quality, depend on well-defined processes and leadership oversight. To mariners and quality professionals alike, I would advise another close look at your management system. Strengthen it. Maritime leaders ashore, like executives in the boardroom, must stay involved in assessing and mitigating risks to provide the best chance for safety, security, and success.

About the author

Inderjit (IJ) Arora, Ph.D., is the Chairman of QMII. He serves as a team leader for consulting, advising, auditing, and training regarding management systems. He has conducted many courses for the United States Coast Guard and is a popular speaker at several universities and forums on management systems. Arora is a Master Mariner who holds a Ph.D., a master’s degree, an MBA, and has a 35-year record of achievement in the military, mercantile marine, and civilian industry.