How Not to Fail: The Titan Submersible Failure Modes

We’re finally at part 4 of our series on our exercise in developing an ISO9001 quality manual for the Titan Submersible. We’re far enough along at this point to be able to identify a few potential failure modes in this tragic incident.

If you’re interested in going back through these, for illustration purposes, feel free to click the link and binge-watch.

How Not to Fail: The Titan Submersible

Back Story: Quality Manual for The Titan Submersible

The Ocean Gate Expeditions company has been trying to offer deep sea submersible missions to visit the wreckage site of the Titanic.

We’re supposing that everyone knows what the Titanic is. They named their little prototype vehicle “Titan” and have touted some unique design features to make this possible.

I have a link down below for the company website. They’ve deactivated some of the pages.

On June 18, 2023, this vehicle was reported “lost,” with five people on board. The Coast Guard reported a debris field, and recovery efforts are still underway.

News Update

We-re getting word that the ship that was used to transport the vessel into the frigid waters of the North Atlantic was “too small. ” Because of this, it was forced to tow the submersible behind it, thus having it get beaten up.

There’s a link below. In a professionally run organization, a problem like this would have been discussed in the post-mission de-brief and corrected for future runs. We talked about this in the last article, if I am not mistaken.

OceanGate CEO Stockton Rush rented the Polar Prince for this year’s dives, a vessel that was cheaper than the motherships it had used for previous expeditions, according to the Times.

But the Polar Prince was too small to fit the Titan submersible on its deck. Instead, the vessel was towed for three days from St. John’s in Newfoundland, Canada, to the dive site near the Titanic’s wreckage.

Yahoo News

What We’ve Learned So Far

Far be it from me, a working ISO auditor with more than 500 audits, including places that are very dangerous, to make these unsupported statements with scant evidence.

Actually I am around organizational dysfunction a lot and sometimes your best guess is right. If evidence emerges later on that proves I was wrong then we can talk about it.

Before we finish up our Quality Manual for the Titan Submersible, here’s a table. These are the conclusions we’ve drawn going through this exercise. 

Condition	Consequences
Lack of Checks and Balances	No one can pull the plug on a mission even if they know something is wrong. Command structure is flawed. People are in denial (dangerous)
Very questionable ability to prove the scope (i.e. “take people on trips to the Titanic”)	How do you demonstrate that your vessel “works?” This was not well thought-out
“Service” misrepresented in the sales process	Market communication and other sales materials may have been BS
Design controls are ineffective	Vessel was allowed to sail with very questionable design validation and/or verification.
Non conforming outputs not controlled	Known issues from previous missions were ignored and/or allowed to continue.
No control over process inputs	Use of “obsolete” Boeing carbon fiber in the vessel? Really?
Potential resource issues	Startups never have enough resources. Need for money overrides need for safety. See above about cost cutting by using a smaller launch boat.
No independent validation of anything	The customers (victims) have to rely on the “word” of the management to make a buying decision. We know how this worked out.

There are some others that we’ll capture later on. For now, on with the quality manual.

Measurements (Clause 9.1.2 and 9.1.3)

The standard requires you to measure two things. The extent to which you are meeting your objectives, and the extent to which customers are happy. It lets you, the organization, come up with a way to do this. The reason for this is because the writers of the ISO standard don’t want you to be blindsided.

In the case of the objectives, we covered them awhile back. At the moment, they’re not looking good and there is an underlying expectation that “the organization” will fix them.

In the case of customer satisfaction, we’re also not looking too good since there is a presumed requirement for the customers to come back alive.

So we’re ready to say that the monitoring and measuring activity is unfavorable. If this were an ISO audit we would go back and look at whether a corrective action has been issued on any of these things, because that is an element of the system.

Internal Audit (Clause 9.2)

Here is the story: There’s a requirement in the ISO standard for some internal auditing process. This “internal audit” is supposed to determine whether the organization is meeting the standard, and if not, fix it.

The “internal auditor” can be an employee, but in my opinion “the organization” would be better off to hire some knowledgeable third party to help with this.

The job of the internal auditor is to go through the standard, and go through the records, if they exist, and look for areas of non conformity.

And, if any of these are found, there is a process to fix the problems. This is an internal policing activity, because of the expectation of self assessment.

If the “management” is committed to change, they have a way to do so. This is their alarm system. We have talked about alarm systems already.

The standard requires there to be records of this. This allows the registrar auditor to see whether this process is effective. It also opens the company up to potential liability/ “The problem was detected in internal audit and not dealt with” would be a line of inquiry by an investigator.

Management Review (Clause 9.3)

The standard requires the “management” to review the performance of the quality systems. There is a little script in the ISO standard that consists of the required elements of the standard.

There is no requirement for a “meeting” for this, but that’s the form it usually takes. You bring in the process owners, have them say their piece about how their process is doing, and make changes if you don’t like what they say.

This may be backed up by product data or other information.

Then, your “management” is aware of the issues, and if the issues are serious enough, there is a way to fix them. Unless, of course, there isn’t. The design may be “baked in”. There may not be enough resources to solve the problems. You may have to cancel customer missions, which would be terrible for the company.

So in a professionally run organization, here is where those problems are ironed out. A determination is made as to whether a problem is serious, and what ought to be done about it.

In an ISO9001 organization, this is also documented, and the external registrar auditor is required to determine whether or not this process is “healthy..”

Improvement and Corrective Action (Clause 10.2)

The final three clauses of the standard, 10.1 through 10.3 are about improvement.

10.2 is the main one that describes something called a “corrective action.” In my limited experience in auditing a few hundred companies, this is hard.

The first thing that needs to be determined is whether there is a systemic problem, or a one-off. If the problem is systemic, such as the problems noted in the table above, there are some mechanisms to deal with the problems in a way other than sweep them under the rug.

One of these ways is to determine the underlying cause of the problem and address that first A well-developed corrective action system has this built into the rules.

AT some point, however, it requires management buy-in. If it is determined that the system of checks and balances, and change control is being short circuited by a top gun pilot, there is an expectation of change.

This goes double if there is a suspicion that the boss is the top gun pilot.

The registrar auditor is required to look at these and make a determination of whether this system is healthy as well.

If it is not healthy, and there is denial and resistance, it’s a key failure mode. It’s “failure to address a known problem” and is one of the definitions of “Entrenched Mediocrity.”

Here are some videos..

What would have prevented all of this?

Well, as we said from the beginning, lack of third-party oversight is a key issue in this case. In several of these cases we found out that there is no recognized authority on the topic of deep sea vessels. That doesn’t mean that some outside auditor would not have asked the right questions.

If you, a potential customer, saw that this outfit was ISO certified, would it have mattered? Maybe your risk would have been reduced.

There are limits, however. The ISO standard does not prevent the client from running through a stop sign. But what it also does is provide some basics, including a system of record keeping and document control that gives the “top gun pilot” some discipline.

So we can add this to our list of failures above, no third party validation, and that goes back to the original issue which is a system of checks and balances, and a command structure.

Conclusions: The ISO9001 Quality Manual for the Titan Submersible

Here we sort of have it. If these people had gone through some of these processes, and used a little common sense, things might have worked out better.

But in this case, the mission seems to have taken over.

The implementation of any quality system in any organization, requires some humility. You have to freely admit the fact that you might not be perfect. If you, the organization, have some barriers to humility, then it’s problematic.

What we’re learning, gradually, is that quality is about people, and about human emotion. How does an employee react emotionally to what is happening from a quality standpoint? Ideally, in a culture where quality is important, everyone has the same emotional reaction.

But in a case like this, where it is a startup situation, it’s easy for the passionate management to become detached from the people that work in reality.

I have no idea how this is going to turn out except to say that the lawsuits are going to start to fly soon enough.

Here is my link to Udemy course, “How Not to Fail at ISO9001”

https://www.udemy.com/course/how-not-to-fail-at-iso9001/learn/lecture/34733460#content

Here’s the link to my Quality Systems Training. You can hire me to give this training in person, complete with questions and answers, and along with a few decades worth of horror stories about product quality, dangerous products, and why people don’t do their jobs.

Quality Systems Training

 And, here’s the link to my book “How Not to Fail at ISO9001” available at Amazon.

The Spanish version is also available.

Links and References

Ship Too Small

https://news.yahoo.com/oceangate-used-mothership-too-small-103902616.html?

• corrective actions
• disaster avoidance
• internal audit
• ISO9001
• management review
• quality testing
• third party validation
• titan submersible engineering failure
• titan submersible quality issues