Largely based on ISO 9001, AS9100 is easiest to understand if you first have a firm grasp of the original quality standard. The International Aerospace Quality Group has taken the 9001 standard and added requirements specific to the aerospace industry. As we dive in to the specific requirements of the aerospace standard, we’ll dissect the ways in which you will be amping up the 9001 requirements to meet this high demand for excellence.
Just like ISO 9001, AS9100 is divided into ten clauses to guide you, section by section, down the path to certification. Since the first three clauses serve to introduce and inform the organization about the standard, the real work on requirements doesn’t start until clause 4. As we move through each section, we will highlight the specific requirements that direct the AS9100 standard.
Section 4: Context of the Organization
The goal of section four is to determine, evaluate, and review both internal and external issues as well as relevant interested parties while also establishing the scope of the QMS and its processes.
A full understanding of the issues that affect a business is crucial to improved and long-term quality management. By setting boundaries and determining how the QMS applies to work being done, companies will establish the context of the organization and align their process with the company’s vision.
4.1 – The first requirement of section four is to understand the organization and its context. Through careful review of internal and external issues (i.e. positive or negative influences from technical, competitive, or economic environments) companies will define and monitor the way in which their company is currently addressing potential improvement areas while also planning and preparing for improved practices to achieve goals.
4.2 – Next, organizations will work to understand the needs and expectations of interested parties. From suppliers to staff, community members to customers, relevant interested parties include any person who could be impacted by the QMS and its efforts. After defining the group, companies will identify their needs and expectations and the way in which they will monitor, review, and address potential concerns.
4.3 – Moving on, companies will develop the scope of the QMS and how it applies to their process. Having determined the issues and interested parties, they will establish the statement used to communicate the specifics of the QMS and how it applies to their business. This scope must be documented and made available upon request.
4.4 – Section 4.4 is where companies will see the first additions that make the standard specific to the aerospace industry. As with 9001, organizations will work through the Plan, Do, Check, Act (PDCA) cycle, which is the systematic definition of processes and their intended goals. It helps to manage processes by establishing plans, implementing practices, monitoring results, and then working toward continuous improvement. For each process included in the QMS, organizations are required to define all inputs, outputs, sequences, interactions, methods of control, resources, responsibilities/authorities, risks, and opportunities. Specific to 9100, companies must address customer requirements, and establish and maintain documentation related to the following:
- description of relevant interested parties
- the scope of the QMS including boundaries and applicability
- descriptions of the processes needed for the QMS to function and how they apply to the organization
- the sequence and interaction of processes
- responsibilities and authorities for each process
It is possible to capture all of this needed documentation through quality manual or documented procedure, and the processes included should be carefully evaluated for continuous improvement.
Section 5: Leadership
Leadership involvement is critical for the successful implementation of any ISO standard. They are responsible for ensuring the effectiveness of the system, meeting customer requirements, establishing and enforcing a quality policy, and assigning roles and responsibilities to the team.
5.1 – Top management will be required to participate in and contribute to the effectiveness of the QMS through the development of a quality policy, objectives, and the implementation of the QMS. As they work to support employees, they must also maintain customer focus to enhance satisfaction and address risks related to meeting customer requirements. As an addition to the standard 9001 guidance, AS9100 requires that companies track and record data relating to goals for conformity and on-time delivery. If the numbers show that goals are not being met, the leadership team is responsible for implementing changes.
5.2 – Leadership is also responsible for establishing and communicating the quality policy that serves to align the company’s core values with the overall vision. The policy will help provide the framework for the intended goals and will set the intention of working toward continual improvement, requirement satisfaction, and safety.
Lastly, as leadership groups work to define the roles and responsibilities of their team as they relate to the QMS, they must also ensure the team fully understands the requirements the company is trying to meet and how their work, specifically, contributes to the company’s success. An added requirement of the AS9100 standard is the appointment of a specific management representative whose primary goal is to establish and maintain the QMS and have the freedom within the organization to access top management whenever necessary.
Section 6: Planning
Section six exactly mirrors the requirements in ISO 9001 and doesn’t include any additions for the AS9100 standard. This section asks companies to make plans for addressing risks and opportunities to achieve their quality objectives, and also addresses how companies will meet their quality objectives and make changes to their management system.
6.1 – To start, companies must first utilize risk-based thinking to plan for and address the potential risks and opportunities their company may face as they work to meet customer requirements. Once identified, they will create action plans to address or retain the risks, and then evaluate the effectiveness of their actions through monitoring and observation.
6.2 – The quality objectives established through the implementation of the QMS should relate to the company’s growth goals, align with their quality policy, apply to the products and services offered, and work toward the benefit and satisfaction of customers and other regulatory bodies. Companies must be sure to establish objectives that are measurable, monitor them closely, and communicate on their performance to interested parties as necessary. Planning must include not only the objective, but the path to achieving those objectives, including specific tasks, resources needed, responsible parties, timelines, and evaluation of results.
6.3 – Lastly, it is required to document and plan for changes that could impact the QMS and the pursuit of all quality
objectives. The same documentation is needed related to tasks, resources, and responsible parties, and companies must take care to ensure the integrity of the QMS is never compromised.
Section 7: Support
The development of an AS9100-caliber QMS system requires a great deal of resources, including people, infrastructure, environment, equipment, and organization. Companies must work with their entire team and educate them on the importance of their role in the pursuit of certification. This section requires companies not only to determine the resources needed for QMS support, but also demands insurance of job competence in staff, awareness of QMS information, development of communication plans, and careful control of documents and records.
7.1 – Resources needed to support a company’s QMS include people, technology, equipment, environment, monitoring and measuring tools, and knowledge of the organization, including standards and experiences that are not documented (i.e. tribal knowledge). Specific to the AS9100 standard, companies are required to have a process for calibrating and verifying the equipment used to monitor and measure their progress and must include the type of equipment used, a unique identification method, location of the piece of equipment, the calibration or verification process, the frequency of which the process is tested, and the acceptable criteria for testing to be approved.
7.2 – Once resources have been identified, companies must then measure and ensure the competence of their staff. If a staff member does not meet the competence criteria, action must be taken to either help that person become competent or to have that person reassigned and replaced by a competent party. Periodic reviews must be performed to continually monitor staff competence and training, reviews, and evidence of competence must be recorded and retained.
7.3 – As in ISO 9001, AS9100 requires employees to be aware of the important components of the QMS as well as the impact they make. They should be familiar with the quality policy and the company’s overall quality goals. For AS9100 certification, employees are also responsible for being aware of QMS documentation, including information on implemented changes. They should be able to tell an auditor how their tasks relate and contribute to the overall success of the QMS, the product or service, the safety of the product or service they provide, and, finally, the importance of ethical behavior in corporate culture.
7.4 – The identification of both internal and external communications related to the QMS is also a requirement pulled from the ISO 9001 standard and replicated for AS9100. Release of information related the function or outcome of the QMS must be carefully planned, and companies should determine what, when, who, and how information will be shared.
7.5 – Document and record control is the last focal point of section seven and includes the meticulous organization of all documents and records determined by the company to be necessary for its successful operation. Each document or record must be appropriately identified and described within the QMS, and attention should be given to ensure formatting of documents is consistent. Companies must also control the review and approval process of all documents and records tied to the QMS. This tight control of recorded information ensures that it will be protected from improper use and corruption, available when needed, and properly distributed and stored. AS9100 adds to the 9001 standard by requiring companies to also prevent the unintended use of outdated information through careful storage and security, and also requires companies to define a process for protecting all information in an electronic form through automated backups and a controlled editing process.
Section 8: Operation
The most robust section of the standard, AS9100 adds numerous requirements to the operation aspect of QMS system development. This is the section of the standard that dictates the processes needed to produce products or services that meet the quality objectives set forth by the company. It lays out the company-specific duties related to control of processes, requirements for product or services, design and development processes, insurance of conforming inputs, condition controls, product and service verification, and identification and control of nonconforming outputs.
8.1 – Beginning with planning and control, companies work toward meeting requirements needed to develop their product or service. They must consider all aspects of the creation of their output including safety, production, inspection, reliability, packaging, and recycling. Once these requirements have been established, they must then develop acceptance criteria and plan which controls and resources are needed at each step in the process to meet those criteria and maintain control.
The AS9100 standard lists various additions to the requirements related specifically to planning and control. The additions address prevention of counterfeit parts through verification, product safety, maintenance of products/service, and process inspections. They lay groundwork for companies utilizing products or services from external providers and require the establishment of controls to prevent the delivery of nonconforming outputs. Companies pursuing the aerospace certification must also plan and manage acceptable risk within their resources and processes through project planning and program management. They must establish practices that ensure conformity and evaluate the impact of risk through transfer of work. Additionally, they are asked to manage operational risk through the assignment of responsibilities to specific parties in their company, evaluating likelihood, consequences, risk acceptance, product realization, action management, and risk mitigation. Furthermore, they must consider factors of configuration management which help to ensure the identification and control of product or service attributes throughout their lifecycle. It also creates standards to control product identity and traceability and manage the documented information to validate and accept outputs.
Two of the most crucial requirements of the AS9100 standard relate to product safety and the prevention of counterfeit parts. Companies must plan and implement control processes to ensure that their outputs are safe, both through development and performance and should include hazard identification, risk management, staff training, and the analysis and reporting of safety-related events. To address the risk of counterfeit parts, companies must create and implement processes to prevent their use and control the acquisition of externally provided products.
8.2 – Moving forward, companies need to address the requirements specific to their product or service. A key factor in this step is communication with customers to determine if and how the product or service is meeting the customer’s requirements. Companies must include documentation related to services, contracts, orders, changes, handling, and contingency actions. After determining the specific requirements of their deliverable, including special requirements that are customer-specific, they must then communicate with their customers to determine acceptable limits. The additions of AS9100 relate to risks associated with the determination of special requirements, operational risks related to technology, delivery timeframes, ability, and capacity. The added requirements also address the negotiations between provider and customer to determine actions to be taken if a requirement cannot be met.
8.3- The design and development of a product or service only applies to companies who own the designs of their deliverables. It is important to establish whether or not you own this process because it is the most complex piece in the development of your QMS.
Companies who own the design and development of their product or service are required to define all design stages, responsibilities, authorities, validation, resources, customer involvement, control levels, and documented information needed to demonstrate the process’ conformance to the AS9100 requirements.
Each step of the process – from inputs and regulatory requirements to verification and authorization – should be carefully tracked and documented. AS9100 takes further steps to control the design process by placing requirements on product/service identification, testing, maintenance and service of the deliverable after completion. AS9100 also requires companies to focus on the impact of improperly utilized obsolete materials, processes, and components and further stresses the need for step by step authorization through the production process.
A high amount of importance is placed on the review of each design stage, with planning and testing documentation required to prove conformance to objectives and parameters. Additionally, companies must include records and documentation of how testing is performed at each step and how it is determined that criteria have been met. They must also work to document the control of measuring devices used for testing in each identified operational condition. Key characteristics must be identified and outputs must be approved with authorization.
All records of development including parts lists, drawings, configurations, characteristics, materials lists, assembly data, and packaging must be defined and retained in records for the product. If changes are made in design, companies are required to communicate with their customers how they will be affected and also to control change through the approved configuration management process.
8.4 – Section eight then tackles the control of externally provided processes, products, and services requiring companies to responsibly source the tools needed to complete their processes. They are also required to hold their suppliers accountable for the same level of quality they are pursuing. These requirements help companies regulate the quality of their deliverable by ensuring conformance to controls on the front end.
AS9100 has a long list of additions relating to the close control of the external resources. They relate to approval status, scope of approval, performance reviews, defined handling documentation requirements, actions to be taken in the event that a supplier is out of conformance, and verification activities to prove compliance. Ultimately, the standard encourages companies to develop, implement, and record any controls the organization deems necessary to protect themselves from the threat of sub-par sourced product. Lastly, it requires companies to clearly communicate their requirements and fully explain their goals for quality, service conformity, and product safety to their suppliers.
8.5 – AS9100 adds specific requirements related to production and service provision, directing companies to closely monitor the conditions in which their activities are performed. Proper documentation is again, key, and companies should keep records of verified equipment, human error prevention tactics, process inspections, competency measures, infrastructure, and activity validation. This allows companies to further control their outputs and guarantee they conform to appropriate standards. Also included in these requirements are provisions around post-delivery issues, such as client or customer care, property preservation, change control, and traceability.
8.6 – When products or services are ready to be released and delivered, companies pursuing AS9100 certification must prove that requirements have been met through production, providing documentation to demonstrate the qualification of the deliverable.
8.7 – Finally, section 8 of the standard sets requirements related to the control of nonconforming outputs. Regardless of the sources of the nonconformance – whether from the original supplier, generated by the company’s process, or reported by the consumer – companies must take action to address the affected deliverable through correction, retainment, information, or concession. The additional requirements of AS9100 direct companies to implement “use-as-is” or repair dispositions after approval by authorized parties. This requires companies to make plans to evaluate the effect of the nonconforming output, resulting in records that include a full description of the issue, the corrective action identified, agreed-upon compromises, and authorizations.
Section 9: Performance Evaluation
The analysis and evaluation of the performance and effectiveness of the QMS requires companies to implement practices and standards for measurement. They must choose which results will be measured (how, when, and by whom), select methods for monitoring customer satisfaction, implement effective internal audits, and conduct regularly planned management reviews.
9.1 – The measurement, analysis, and evaluation of QMS performance should be carefully considered. Companies should take care to ensure they are collecting the right information through the right methods at the proper time. By developing company dashboards with key performance indicators, they can easily circulate vital performance information to top management on a regular basis, increasing awareness and providing a method of quick identification of problem areas. AS9100 also requires companies to include information monitoring of customer satisfaction, on-time delivery, and complaints along with requested corrective action. This additional monitoring can help companies develop and implement plans that address common customer-related deficiencies. The overall goal of the QMS is to increase customer satisfaction, and, in the aerospace industry, that is especially crucial.
9.2 – Internal audits are also required of the AS9100 QMS development and the program must define the scope, practices, auditor responsibilities, and frequency of audits. Used to measure the degree of conformity to requirements both before the external certification audit and as a tool to maintain compliance, these audits include the evaluation of all customer and regulatory requirements your system should be addressing. Through this process, companies can easily identify and address nonconformances and work toward continuous improvement.
9.3 – Lastly, section 9 requires companies to monitor key performance indicators, customer feedback, and audit results through regularly-scheduled management review meetings. Participation from top management is crucial. During this review of the QMS, leadership can define trends in feedback, review nonconformance and corrective action status, evaluate supplier performance, and monitor the effectiveness of their action on risks and opportunities. AS9100 puts specific focus on on-time delivery metrics as well as risk management decisions, requiring documentation of all performance measurements and risk assessments. These meeting should result in effective action items related to improvement, resource requirements, risks and opportunities, and needed changes to the QMS and its processes. Close records should be kept of each meeting for easy reference of proof during a certification audit.
Section 10: Improvement
The AS9100 standard concludes with requirements related to continued opportunities for improvement of processes, documentation, nonconformance management and corrective action, and overall QMS function.
10.1 – Generally speaking, the standard requires companies to identify opportunities for improvement through corrective action or improvement projects. The goal of these improvements should be directly related to meeting customer requirements and improving customer satisfaction.
10.2 – The standard requires that nonconformances be addressed in one of three ways – through control of the issue, correction of the process, or acceptance of the consequences. If correction is needed, companies must follow the corrective action process, identifying root cause and creating effective change for measurable improvement. In the AS9100 standard, companies are required to create flow-down corrective action processes when an external provider is responsible for the nonconformance. Additionally, AS9100 adds the requirement for companies to document all information that defines the nonconformance and corrective action process.
10.3 – In the very last section of the standard, companies are required to work toward the continual improvement of their quality management system. Benchmarking, performance metrics, and internal audits and management reviews will all provide data to drive improvement activities. AS9100 adds the requirement of thorough documentation and record keeping of all improvement processes, including the definition of responsibilities, authorities, and approvals.
Choosing to pursue ISO certification in any industry means that companies willingly submit to the stringent and sometimes complex requirements set forth by the standard. In the aerospace industry, these requirements directly impact the safety, continuity, and, obviously, quality of the company’s deliverable. By complying with the standard, companies set themselves apart as committed, responsible businesses who are willing to go above and beyond to guarantee that their product will meet objectives and satisfy their customers’ needs.
For information on pursuing AS9100 certification, contact firstname.lastname@example.org or call 866.354.0300.