Avoiding the Next Boeing: The Role of Document Control in Crisis Prevention

January 6, 2020

Graphic of a person being overloaded with paper documents

In October 2018, a Boeing 737 MAX flying with Lion Air from Jakarta crashed into the sea shortly after takeoff, killing all 189 people on board. In March 2019, another Boeing 737 MAX, this time with Ethiopian Airlines, crashed shortly after takeoff, killing all 157 people on board. Each plane had been delivered to the airlines only a few months earlier, making them the latest and most technology advanced aircraft in the world. At first glance, there should be no reason that these aircraft crashed under such similar circumstances.

During the investigation, the root cause of these disasters began to become clear. In 2010, Boeing had begun a redesign of the 737 aircraft to remain competitive with Airbus, which had recently announced the introduction of the upgraded A320 to compete with the 737. To ensure timely delivery of the 737 MAX and avoid losing competitive advantage to Airbus, Boeing presented the 737 MAX as being similar enough to the 737 that pilots would not need to be retrained, which would reduce the amount of time required to get the planes into service. 

In reality, it wasn’t nearly as straightforward as that. The upgrade to the 737 design included larger engines that were placed further forward on the wing. The result of this new design had a significant impact on the aerodynamics and handling of the aircraft, which included a tendency to generate more lift during certain maneuvers and creating the potential for a stall. To counter this, Boeing created a software application called the maneuvering characteristics augmentation system (MCAS). MCAS worked in tandem with sensors on the outside of the plane to determine the angle of attack of the aircraft. If the sensors determined the aircraft’s nose was too high, thereby creating the potential for a stall, MCAS would take over for the pilots and push the nose back down without the pilots even being aware of what was happening. The intention was to relieve the pilots of the cognitive burden of constantly having to correct the angle of attack by automating the task through MCAS. 

According to the crash investigations, the sensors provided false information about the angle of attack by relaying to MCAS that the nose was too high when it wasn’t. Consequently, MCAS did as it was designed to do and pushed the nose down, only now it was pushing the plane directly towards the ground. The pilots, unaware of the existence of MCAS, struggled to understand why the plane was essentially trying to crash itself. Since the incident happened so soon after takeoff and at a relatively low altitude, the pilots had little time to understand the nature of the problem before impact. 

After the crash, investigators determined that many pilots of the 737 MAX had not been told about MCAS or trained on how to respond when MCAS engaged unexpectedly. According to media reports, the 737 MAX’s flight manual mentions MCAS only in the glossary of abbreviated terms and provides no procedural information relating to how to disengage the software or troubleshoot it when problems arise. The Black Boxes recovered from the crash sites reveal the sound of pages turning in the cockpit, suggesting that the pilots were desperately scouring the manual for information about how to solve their crisis as they plummeted to the ground. (Johnson and Harris, 2019) 

The Aviation Safety Reporting System (ASRS), run by NASA, places the blame for the pilots’ inability to recover from the MCAS problem squarely on the documentation of the software. According to interviews with pilots, the documentation was “inadequate and criminally insufficient.” One pilot said, “I think it is unconscionable that a manufacturer, the FAA, and the airlines would have pilots flying an airplane without adequately training or even providing available resources and sufficient documentation to understand the highly complex systems that differentiate this aircraft from prior models.” Another pilot reported,” It is not reassuring when a light cannot be explained or understood by the pilots, even after referencing their flight manuals.”

According to coverage of the 737 MAX investigations, Boeing officials intentionally avoided disclosing detailed instructions about MCAS to pilots to avoid overwhelming them with too much information. Yet, as demonstrated by the pilot interviews quoted previously, pilots are fastidious and demanding with their documentation. They are acutely aware of the need for having access to every piece of information they might need to operate the aircraft safely and protect their passengers and crew. The failure to understand that element of the pilots’ crew resource management (CRM) is a crucial failure on the part of Boeing. 

The 737 MAX disasters are not alone in having root causes connected to documentation. The commission investigating the Deepwater Horizon disaster in 2010 wrote: “Some Transocean crews complained that the safety manual was ‘unstructured,’ ‘hard to navigate,’ and ‘not written with the end user in mind;’ and that there is ‘poor distinction between what is required and how this should be achieved…Transocean’s crews don’t always know what they don’t know. Front line crews are potentially working with a mindset that they believe they are fully aware of all the hazards when it’s highly likely that they are not.”

Clear Documentation, Safer Operations

Documentation is often neglected in many organizations. It doesn’t generate revenue, it takes time to develop and it frequently exposes process gaps or inefficiencies that some people would like to sweep under the carpet. However, as W. Edwards Deming has written, “If you can’t explain what you’re doing as a simple process, you don’t know what you’re doing.”

Further, if you can’t explain what you’re doing, then no one is going to be able to understand it. Documentation is therefore the key to deep understanding of processes and systems. It ensures that everyone knows what they need to know to perform a task safely, even under pressure and that new members to a team are indoctrinated into the deep understanding of the system that the rest of the team has by promoting uniform performance across the organization.

Documentation is not always easy to produce. In addition to having a deep understanding of the product, service or system you’re documenting, you need to have a deep understanding of your user.

  • How much information do they need?
  • How much information can you safely assume they already have? (hint: usually less than you might think)
  • Under what circumstances will they need to use this information?
  • How frequently will this information be updated?

How Intelex Document Control Software Helps Prevent Disasters

The tragic events involving Boeing’s 737 MAX illustrate how poor documentation can lead to catastrophic outcomes. In these situations, the failure to provide accurate, thorough and accessible documentation left pilots unable to react effectively in critical moments. This is where a robust document control system, like Intelex Document Control Software, can make a difference.

With Intelex Document Control Software, companies can ensure that their documentation is up-to-date, accurate and accessible across the organization. Critical features include:

  • Version control and automated updates: Ensures employees are always using the latest version of critical documents, preventing outdated information from being referenced during emergencies.
  • Centralized document storage: Facilitates easy access to documentation, so employees like pilots can quickly locate procedures or troubleshooting guides when needed.
  • Audit trails for compliance: Tracks all document revisions and ensures changes meet regulatory requirements, which can help organizations avoid legal and safety risks associated with insufficient documentation.

By using a comprehensive document control solution, companies can mitigate risks, ensure regulatory compliance and prevent situations like Boeing’s, where insufficient and inaccessible documentation contributed to disaster.

Click to watch the Intelex product demo for Document Control Software