AS9100:2016 Requirements

10 Clauses in AS9100

Just like ISO 9001, AS9100 is divided into ten clauses to guide you, section by section, down the path to certification. Since the first three clauses serve to introduce and inform the organization about the standard, the real work on requirements doesn’t start until clause 4. As we move through each section, we will highlight the specific requirements that direct the AS9100 standard.

The goal of section four is to determine, evaluate, and review both internal and external issues as well as relevant interested parties while also establishing the scope of the QMS and its processes.

A full understanding of the issues that affect a business is crucial to improved and long-term quality management. By setting boundaries and determining how the QMS applies to work being done, companies will establish the context of the organization and align their process with the company’s vision.

4.1 – The first requirement of section four is to understand the organization and its context. Through careful review of internal and external issues (i.e. positive or negative influences from technical, competitive, or economic environments) companies will define and monitor how their company is currently addressing potential improvement areas while also planning and preparing for improved practices to achieve goals.

4.2 – Next, organizations will work to understand the needs and expectations of interested parties. From suppliers to staff, community members to customers, relevant interested parties include any person who could be impacted by the QMS and its efforts. After defining the group, companies will identify their needs and expectations and how they will monitor, review, and address potential concerns.

4.3 – Moving on, companies will develop the scope of the QMS and how it applies to their process. Having determined the issues and interested parties, they will establish the statement used to communicate the specifics of the QMS and how it applies to their business. This scope must be documented and made available upon request.

4.4 – Section 4.4 is where companies will see the first additions that make the standard specific to the aerospace industry. As with 9001, organizations will work through the Plan, Do, Check, Act (PDCA) cycle, which is the systematic definition of processes and their intended goals. It helps to manage processes by establishing plans, implementing practices, monitoring results, and then working toward continuous improvement. For each process included in the QMS, organizations are required to define all inputs, outputs, sequences, interactions, methods of control, resources, responsibilities/authorities, risks, and opportunities. Specific to 9100, companies must address customer requirements, and establish and maintain documentation related to the following:

• description of relevant interested parties
• the scope of the QMS including boundaries and applicability
• descriptions of the processes needed for the QMS to function and how they apply to the organization
• the sequence and interaction of processes
• responsibilities and authorities for each process

It is possible to capture all of this needed documentation through a quality manual or documented procedures, and the processes included should be carefully evaluated for continuous improvement.

As they work to support employees, they must also maintain customer focus to enhance satisfaction and address risks related to meeting customer requirements. An addition to the standard 9001 guidance, AS9100 requires that companies track and record data relating to goals for conformity and on-time delivery. If the numbers show that goals are not being met, the leadership team is responsible for implementing changes.

5.2 – Leadership is also responsible for establishing and communicating the quality policy that serves to align the company’s core values with the overall vision. The policy will help provide the framework for the intended goals and will set the intention of working toward continual improvement, requirement satisfaction, and safety.

Lastly, as leadership groups work to define the roles and responsibilities of their team as they relate to the QMS, they must also ensure the team fully understands the requirements the company is trying to meet and how their work, specifically, contributes to the company’s success. An added requirement of the AS9100 standard is the appointment of a specific management representative whose primary goal is to establish and maintain the QMS and have the freedom within the organization to access top management whenever necessary.

Once identified, they will create action plans to address or retain the risks, and then evaluate the effectiveness of their actions through monitoring and observation.

6.2 – The quality objectives established through the implementation of the QMS should relate to the company’s growth goals, align with its quality policy, apply to the products and services offered, and work toward the benefit and satisfaction of customers and other regulatory bodies. Companies must be sure to establish measurable objectives, monitor them closely, and communicate their performance to interested parties as necessary. Planning must include not only the objective, but the path to achieving those objectives, including specific tasks, resources needed, responsible parties, timelines, and evaluation of results.

6.3 – Lastly, it is required to document and plan for changes that could impact the QMS and the pursuit of all quality objectives. The same documentation is needed related to tasks, resources, and responsible parties, and companies must take care to ensure the integrity of the QMS is never compromised.

7.1 – Resources needed to support a company’s QMS include people, technology, equipment, environment, monitoring and measuring tools, and knowledge of the organization, including standards and experiences that are not documented (i.e. tribal knowledge). Specific to the AS9100 standard, companies are required to have a process for calibrating and verifying the equipment used to monitor and measure their progress and must include the type of equipment used, a unique identification method, the location of the piece of equipment, the calibration or verification process, the frequency of which the process is tested, and the acceptable criteria for testing to be approved.

7.2 – Once resources have been identified, companies must then measure and ensure the competence of their staff. If a staff member does not meet the competence criteria, action must be taken to either help that person become competent or to have that person reassigned and replaced by a competent party. Periodic reviews must be performed to continually monitor staff competence and training, reviews, and evidence of competence must be recorded and retained.

7.3 – As in ISO 9001, AS9100 requires employees to be aware of the important components of the QMS as well as the impact they make. They should be familiar with the quality policy and the company’s overall quality goals. For AS9100 certification, employees are also responsible for being aware of QMS documentation, including information on implemented changes. They should be able to tell an auditor how their tasks relate and contribute to the overall success of the QMS, the product or service, the safety of the product or service they provide, and, finally, the importance of ethical behavior in corporate culture.

7.4 – The identification of both internal and external communications related to the QMS is also a requirement pulled from the ISO 9001 standard and replicated for AS9100. The release of information related to the function or outcome of the QMS must be carefully planned, and companies should determine what, when, who, and how the information will be shared.

7.5 – Document and record control is the last focal point of section seven and includes the meticulous organization of all documents and records determined by the company to be necessary for its successful operation. Each document or record must be appropriately identified and described within the QMS, and attention should be given to ensure the formatting of documents is consistent. Companies must also control the review and approval process of all documents and records tied to the QMS. This tight control of recorded information ensures that it will be protected from improper use and corruption, available when needed, and properly distributed and stored. AS9100 adds to the 9001 standards by requiring companies to also prevent the unintended use of outdated information through careful storage and security and also requires companies to define a process for protecting all information in an electronic form through automated backups and a controlled editing process.

8.1 – Beginning with planning and control, companies work toward meeting requirements needed to develop their product or service. They must consider all aspects of the creation of their output including safety, production, inspection, reliability, packaging, and recycling. Once these requirements have been established, they must then develop acceptance criteria and plan which controls and resources are needed at each step in the process to meet those criteria and maintain control.

Manage Operational Risk

They must establish practices that ensure conformity and evaluate the impact of risk through the transfer of work. Additionally, they are asked to manage operational risk through the assignment of responsibilities to specific parties in their company, evaluating likelihood, consequences, risk acceptance, product realization, action management, and risk mitigation. Furthermore, they must consider factors of configuration management which help to ensure the identification and control of product or service attributes throughout their lifecycle. It also creates standards to control product identity and traceability and manage the documented information to validate and accept outputs.

Two of the most crucial requirements of the AS9100 standard relate to product safety and the prevention of counterfeit parts. Companies must plan and implement control processes to ensure that their outputs are safe, both through development and performance, and should include hazard identification, risk management, staff training, and the analysis and reporting of safety-related events. To address the risk of counterfeit parts, companies must create and implement processes to prevent their use and control the acquisition of externally provided products.

8.2 – Moving forward, companies need to address the requirements specific to their product or service. A key factor in this step is communication with customers to determine if and how the product or service is meeting the customer’s requirements. Companies must include documentation related to services, contracts, orders, changes, handling, and contingency actions. After determining the specific requirements of their deliverable, including special requirements that are customer-specific, they must then communicate with their customers to determine acceptable limits. The additions of AS9100 relate to risks associated with the determination of special requirements, operational risks related to technology, delivery timeframes, ability, and capacity. The added requirements also address the negotiations between provider and customer to determine actions to be taken if a requirement cannot be met.

Each Step should be Carefully Tracked and Documented

Each step of the process – from inputs and regulatory requirements to verification and authorization – should be carefully tracked and documented. AS9100 takes further steps to control the design process by placing requirements on product/service identification, testing, maintenance, and service of the deliverable after completion. AS9100 also requires companies to focus on the impact of improperly utilized obsolete materials, processes, and components and further stresses the need for step-by-step authorization through the production process.

Document the Control of Measuring Devices

A high amount of importance is placed on the review of each design stage, with planning and testing documentation required to prove conformance to objectives and parameters. Additionally, companies must include records and documentation of how testing is performed at each step and how it is determined that criteria have been met. They must also work to document the control of measuring devices used for testing in each identified operational condition. Key characteristics must be identified and outputs must be approved with authorization.

All records of development including parts lists, drawings, configurations, characteristics, materials lists, assembly data, and packaging must be defined and retained in records for the product. If changes are made in the design, companies are required to communicate with their customers how they will be affected and also to control change through the approved configuration management process.

8.4 – Section eight then tackles the control of externally provided processes, products, and services requiring companies to responsibly source the tools needed to complete their processes. They are also required to hold their suppliers accountable for the same level of quality they are pursuing. These requirements help companies regulate the quality of their deliverable by ensuring conformance to controls on the front end.

Develop, Implement, and Record any Controls

AS9100 has a long list of additions relating to the close control of external resources. They relate to approval status, the scope of approval, performance reviews, defined handling documentation requirements, actions to be taken if a supplier is out of conformance, and verification activities to prove compliance. Ultimately, the standard encourages companies to develop, implement, and record any controls the organization deems necessary to protect themselves from the threat of sub-par sourced products. Lastly, it requires companies to clearly communicate their requirements and fully explain their goals for quality, service conformity, and product safety to their suppliers.

8.5 – AS9100 adds specific requirements related to production and service provision, directing companies to closely monitor the conditions in which their activities are performed. Proper documentation is again, key, and companies should keep records of verified equipment, human error prevention tactics, process inspections, competency measures, infrastructure, and activity validation. This allows companies to further control their outputs and guarantee they conform to appropriate standards. Also included in these requirements are provisions around post-delivery issues, such as client or customer care, property preservation, change control, and traceability.

8.6 – When products or services are ready to be released and delivered, companies pursuing AS9100 certification must prove that requirements have been met through production, providing documentation to demonstrate the qualification of the deliverable.

This requires companies to make plans to evaluate the effect of the nonconforming output, resulting in records that include a full description of the issue, the corrective action identified, agreed-upon compromises, and authorizations.

Section 9: Performance Evaluation

The analysis and evaluation of the performance and effectiveness of the QMS requires companies to implement practices and standards for measurement. They must choose which results will be measured (how, when, and by whom), select methods for monitoring customer satisfaction, implement effective internal audits, and conduct regularly planned management reviews.

9.1 – The measurement, analysis, and evaluation of QMS performance should be carefully considered. Companies should take care to ensure they are collecting the right information through the right methods at the proper time. By developing company dashboards with key performance indicators, they can easily circulate vital performance information to top management regularly, increasing awareness and providing a method of quick identification of problem areas. AS9100 also requires companies to include information monitoring of customer satisfaction, on-time delivery, and complaints along with requested corrective action. This additional monitoring can help companies develop and implement plans that address common customer-related deficiencies. The overall goal of the QMS is to increase customer satisfaction, and, in the aerospace industry, that is especially crucial.

9.3 – Lastly, section 9 requires companies to monitor key performance indicators, customer feedback, and audit results through regularly-scheduled management review meetings. Participation from top management is crucial. During this review of the QMS, leadership can define trends in feedback, review nonconformance and corrective action status, evaluate supplier performance, and monitor the effectiveness of their action on risks and opportunities. AS9100 puts a specific focus on on-time delivery metrics as well as risk management decisions, requiring documentation of all performance measurements and risk assessments. These meetings should result in effective action items related to improvement, resource requirements, risks, opportunities, and needed changes to the QMS and its processes. Close records should be kept of each meeting for easy reference of proof during a certification audit.

Section 10: Improvement

The AS9100 standard concludes with requirements related to continued opportunities for improvement of processes, documentation, nonconformance management and corrective action, and overall QMS function.

10.1 – Generally speaking, the standard requires companies to identify opportunities for improvement through corrective action or improvement projects. The goal of these improvements should be directly related to meeting customer requirements and improving customer satisfaction.

10.2 – The standard requires that nonconformances be addressed in one of three ways – through control of the issue, correction of the process, or acceptance of the consequences. If correction is needed, companies must follow the corrective action process, identifying the root cause and creating effective change for measurable improvement. In the AS9100 standard, companies are required to create flow-down corrective action processes when an external provider is responsible for the nonconformance. Additionally, AS9100 adds the requirement for companies to document all information that defines the nonconformance and corrective action process.

10.3 – In the very last section of the standard, companies are required to work toward the continual improvement of their quality management system. Benchmarking, performance metrics, internal audits, and management reviews will all provide data to drive improvement activities. AS9100 adds the requirement of thorough documentation and record-keeping of all improvement processes, including the definition of responsibilities, authorities, and approvals.

For information on pursuing AS9100 certification, contact info@thecoresolution.com or call 866.354.0300.