Quality
Resilience Engineering: When Your Quality System Stops Trying to Prevent
Every Storm — and Starts Learning to Sail Through Them
The Illusion of the Fortress
For three decades, quality professionals have been building walls.
Thicker specifications. Tighter tolerances. More inspection points.
Additional sign-offs. We constructed fortresses around our processes,
convinced that if we made the walls high enough and the gates strong
enough, nothing bad could get in.
And then 2020 happened.
Actually, no — that’s too dramatic and too specific. The truth is
more mundane and more persistent. Something unexpected happens every
single week in every factory on earth. A supplier ships material with a
certificate that doesn’t match the chemistry. A machine’s servo motor
degrades six months before its scheduled replacement. A key operator
calls in sick on the day you’re running the most demanding customer’s
order. A software update changes a calibration constant in your
measurement system and nobody notices for eleven days.
These aren’t catastrophes. They’re Thursday.
The fortress model of quality management assumes a stable world. It
assumes that if you identify every risk, control every parameter, and
train every person, nothing will go wrong. And in a stable world, that
assumption works reasonably well. But the world is not stable. It never
was. We just pretended it was because our tools were built for that
pretense.
Quality Resilience Engineering is the discipline of
designing quality systems that don’t just resist disruption — they
absorb it, adapt to it, and recover from it. It’s the difference between
a building that’s designed never to shake and a building that’s designed
to shake without falling down. One of those approaches works. The other
one works until the earthquake comes.
Why Prevention Alone Is Not
Enough
Let me be clear about something before we go further: prevention is
still the most powerful lever in quality management. I’m not arguing
against it. If you can prevent a defect from occurring, prevent it.
Every time. Without exception.
But prevention has limits, and those limits are determined by the
predictability of the threats you face. You can prevent what you can
foresee. You can control what you can measure. You can standardize what
repeats. These are the domains where traditional quality tools — FMEA,
control plans, SPC, poka-yoke — excel.
The problem is that a significant and growing portion of the threats
to your quality come from outside those domains. They come from:
- Unprecedented combinations of otherwise-normal
variations that interact in ways nobody predicted - External disruptions — supply chain shocks,
regulatory changes, workforce shortages, technology failures - Slow drift — the gradual, invisible degradation of
process discipline, measurement accuracy, or organizational
attention - Emergent behaviors — complex systems doing things
that no individual component would do on its own
You can’t FMEA your way out of a pandemic. You can’t control-chart
your way through a supplier bankruptcy. You can’t poka-yoke a workforce
that loses 40% of its experience in twelve months due to turnover.
What you can do is build a system that continues to deliver
acceptable quality even when the unexpected happens. That’s
resilience.
The Four Pillars of
Quality Resilience
Resilience engineering, as applied to quality management, rests on
four interconnected capabilities. Think of them as the four questions
your quality system must be able to answer when something goes wrong
that it wasn’t designed for.
Pillar 1:
Anticipation — Seeing It Before It Arrives
Anticipation is not the same as prediction. Prediction says “this
specific event will happen at this specific time.” Anticipation says
“something unusual is developing, and I need to pay attention.”
Resilient quality systems have a heightened sensitivity to weak
signals — the early indicators that the environment is changing in ways
that might stress the system. These signals are easy to miss because
they often appear in the gaps between your normal monitoring:
- Subtle shifts in process behavior that haven’t yet
crossed control limits but show concerning patterns - Changes in supplier communication patterns — slower
responses, more qualified answers, increased use of contingency
clauses - Informal feedback from operators who notice that
“something feels different” even though measurements say everything is
fine - External indicators — industry news, regulatory
rumblings, economic signals that might affect your supply chain or
customer requirements
The practical tool here is what I call a Quality Horizon
Scan — a structured, periodic review specifically designed to
look beyond your current dashboards. It asks not “what is our defect
rate this month?” but “what is changing in our environment that our
current metrics might not capture?”
Pillar 2:
Absorption — Taking the Hit Without Collapsing
When a disruption arrives, your first goal is to keep delivering
acceptable quality while the system is under stress. This is absorption
— the ability to maintain critical functions even when parts of the
system are degraded.
In structural engineering, buildings in earthquake zones use flexible
joints that allow movement without fracture. In quality systems, the
equivalent is redundancy, flexibility, and graceful
degradation.
Redundancy means having backup options for critical
quality functions. It doesn’t mean duplicating everything — that’s
expensive and often impractical. It means identifying the points in your
quality system where a single failure would be catastrophic and ensuring
there’s a fallback:
- Alternative qualified suppliers for critical materials
- Cross-trained personnel who can step into key quality roles
- Backup measurement methods for critical characteristics
- Manual workarounds for automated quality systems
Flexibility means your quality system can adapt its
procedures without abandoning its principles. Can your inspection plan
adapt when a key measurement system goes down? Can your production
schedule flex when a supplier shipment is delayed without compromising
your quality gates? Can your operators adjust their methods when
material properties are at the edge of specification?
Graceful degradation means that when the system is
stressed, quality declines gradually rather than catastrophically. The
worst outcome isn’t a slight increase in defect rates — it’s a sudden,
complete collapse of quality control. Resilient systems are designed so
that failures reduce capability in stages, giving you time to
respond.
Pillar 3:
Recovery — Getting Back to Normal (and Better)
Recovery is the process of restoring full quality capability after a
disruption. But resilient systems don’t just recover to where they were
— they recover to somewhere better. Every disruption is a stress test,
and every stress test reveals information about your system’s
vulnerabilities.
The key practices for effective recovery:
Rapid Diagnosis: When quality degrades, you need to
understand why quickly. This means having diagnostic frameworks that
work even when the cause is unprecedented. Traditional root cause
analysis tools like 5-Why and Ishikawa diagrams still work, but they
need to be applied with an awareness that the cause might be something
you’ve never seen before.
Adaptive Response: Your corrective action procedures
need to be flexible enough to address novel problems. If your CAPA
system is designed around known failure modes, it will struggle with
unknown ones. Build in the ability to create new response categories and
escalation paths on the fly.
Learning Integration: After recovery, conduct a
resilience review — not just a root cause investigation. Ask not only
“what went wrong?” but “how did our system respond? What absorbed the
shock well? Where did it crack? What would we do differently next
time?”
Pillar 4:
Adaptation — Evolving Based on Experience
The final pillar is the most important and the most neglected.
Adaptation means changing your quality system based on what you’ve
learned from disruptions — not just fixing the specific failure, but
upgrading the system’s overall resilience.
This is where most organizations fall short. They investigate the
failure, implement a corrective action, close the CAPA, and go back to
business as usual. The next disruption finds them just as vulnerable as
before, just in a different way.
True adaptation requires:
- Updating your risk models to incorporate the new
failure mode you just experienced — and similar ones you haven’t - Redesigning vulnerable process nodes based on what
the disruption revealed about your weakest points - Sharing lessons across the organization so that a
resilience insight gained in one area benefits all areas - Investing in the capabilities that failed — whether
that’s measurement technology, personnel training, supplier
relationships, or data systems
A Practical
Framework: The Quality Resilience Canvas
Let me give you a practical tool. I call it the Quality Resilience
Canvas, and you can use it to assess and improve the resilience of any
quality system.
The canvas has six sections, and you should fill it out
collaboratively with your quality team, production leadership, and key
support functions:
1. Critical Quality Functions: List the quality
activities that must continue no matter what. Not everything is critical
— be ruthless about prioritization. What must absolutely,
unconditionally keep working?
2. Threat Landscape: What disruptions could stress
these critical functions? Don’t just list known risks — imagine
combinations, cascading failures, and external shocks. Think in
scenarios, not checklists.
3. Absorption Capacity: For each critical function,
what is your current ability to absorb disruption? Where are your single
points of failure? Where is your redundancy? How far can the system flex
before quality breaks?
4. Detection Speed: How quickly would you know that
a critical function is under stress? What are your leading indicators?
Where are your blind spots?
5. Recovery Pathways: If a critical function fails,
what is your path back? How long would it take? What resources would you
need? Who makes the decisions?
6. Adaptation Mechanisms: How does your system learn
from disruptions? Where do resilience insights go? How do they become
system improvements?
Fill this out honestly. The gaps are where your vulnerabilities
live.
The Metrics of Resilience
You can’t improve what you don’t measure, but measuring resilience
requires different metrics than measuring traditional quality
performance. Here are the metrics that matter:
Time to Detect — How long does it take from the
moment a disruption begins to affect quality until your system registers
that something is wrong? Shorter is better, obviously, but the real
insight comes from tracking this metric over time and understanding
which types of disruptions you detect quickly and which ones sneak up on
you.
Time to Contain — Once detected, how long does it
take to stop the quality impact from spreading? This measures your
absorption capacity in real-time. A resilient system contains quality
impacts within minutes or hours, not days.
Time to Recover — How long to restore full quality
capability? This is your recovery speed. Track it not just as an average
but as a distribution — the outliers tell you where your recovery
pathways are weakest.
Recovery Quality Level — When you recover, do you
recover to the same level, or do you actually improve? This measures
your adaptation effectiveness. If your post-recovery performance is
consistently better than pre-disruption performance, you have a truly
adaptive system.
Resilience Drill Performance — Periodically simulate
disruptions and measure your team’s response. Just like fire drills test
evacuation procedures, resilience drills test your quality system’s
ability to handle the unexpected. The performance trends from these
drills are your leading indicator of real-world resilience.
The Human Factor:
Resilience Lives in People
Here’s something that the frameworks and canvases and metrics can
obscure: resilience is fundamentally a human capability. Systems don’t
adapt. People adapt. And the quality of your resilience depends on the
quality of your people — not just their technical skills, but their
mindset.
Resilient quality organizations cultivate specific human
capabilities:
Situational Awareness: The ability to perceive
what’s happening, understand what it means, and project what might
happen next. This isn’t a talent — it’s a skill that can be developed
through practice, scenario training, and deliberate reflection on past
events.
Decision-Making Under Uncertainty: When the
unexpected happens, you don’t have time for complete analysis. Resilient
teams have practiced making good decisions with incomplete information.
They have decision frameworks they can deploy quickly, and they have the
confidence to act without perfect knowledge.
Communication Under Stress: Disruptions create
information chaos. Everyone has a different piece of the puzzle, and the
pieces don’t automatically come together. Resilient teams have
communication protocols that work when normal channels are overwhelmed —
clear escalation paths, structured update formats, and designated
coordination roles.
Adaptive Expertise: This is the ability to apply
your knowledge in novel situations, not just familiar ones. It’s what
separates the technician who can follow a procedure from the expert who
can modify a procedure intelligently when the situation demands it.
Developing adaptive expertise requires exposure to varied situations,
reflective practice, and mentorship.
Collective Efficacy: The shared belief that “we can
handle this.” Teams with high collective efficacy don’t panic when the
unexpected happens — they mobilize. This belief is built through shared
experiences of successfully navigating challenges, and it’s one of the
most valuable assets your quality organization can have.
Building Your Resilience
Roadmap
If you’re convinced that resilience engineering deserves a place in
your quality strategy, here’s how to start:
Month 1: Assess. Conduct a Quality Resilience Canvas
workshop with your leadership team. Map your critical functions,
identify your biggest vulnerabilities, and be brutally honest about your
current absorption and recovery capabilities.
Month 2: Prioritize. You can’t make everything
resilient at once. Use your canvas results to identify the highest-risk,
highest-impact vulnerabilities. Focus on the critical quality functions
where a disruption would be most damaging and where your current
defenses are weakest.
Months 3-4: Build Absorption. For your priority
areas, develop redundancy, flexibility, and graceful degradation. This
might mean qualifying backup suppliers, cross-training key personnel,
developing manual workarounds for automated systems, or creating
decision trees for common disruption scenarios.
Months 5-6: Build Recovery. Develop and document
recovery pathways for your priority areas. Train your teams on these
pathways. Conduct tabletop exercises where you walk through disruption
scenarios and practice the recovery process.
Months 7-8: Build Adaptation. Establish resilience
reviews as a standard practice after any significant quality disruption.
Create a mechanism for capturing and sharing resilience insights across
the organization. Update your risk models and process designs based on
what you learn.
Months 9-12: Test and Refine. Conduct resilience
drills — simulated disruptions that test your system’s response. Measure
your resilience metrics. Identify gaps and close them. Repeat.
The Paradox of Resilience
Here’s the deepest insight in resilience engineering, and it’s
counterintuitive: the organizations that are best at handling
disruptions are often the ones that have experienced the most of
them.
Not because suffering builds character, but because experience builds
capability. Every disruption you navigate successfully teaches your
organization something about its own strengths and weaknesses. Every
recovery creates new knowledge about what works and what doesn’t. Every
adaptation makes the system stronger for the next challenge.
The goal of resilience engineering is not to create an organization
that never experiences disruption. That’s the fortress fantasy, and it
will fail. The goal is to create an organization that gets stronger
every time it faces the unexpected — an organization that doesn’t just
survive storms but learns to sail in them.
Your quality system shouldn’t be a wall. It should be a sailor.
Peter Stasko is a Quality Architect with 25+ years of experience
transforming quality systems from reactive cost centers into strategic
competitive advantages. He has led quality transformations across
automotive, electronics, and industrial manufacturing, and believes that
the best quality system is one that makes your organization anti-fragile
— stronger for having been tested.
