Hand in Hand
New audit approach accompanies revised AS&D standard
by L.L. "Buddy" Cressionnie
Beginning July 1, all aviation, space and defense (AS&D) quality management system (QMS) certification body audits will be conducted according to a newly released AS&D QMS standard using the International Aerospace Quality Group’s IAQG 9101:2009—Quality Management Systems Audit Requirements for AS&D Organizations.
In the Americas, the AS&D QMS standards were published as follows:
- AS9100:2009, Rev. C—Requirements for AS&D Organizations, published January 2009.
- AS9110:2009, Rev. A—Requirements for Aviation Maintenance Organizations, published June 2009.
- AS9120:2009, Rev. A—Requirements for AS&D Distributors, published June 2009.
The 30-month transition period for these revisions began Jan. 1, 2010. Since then, several transitions tasks have been completed (see Figure 1). Among them, all certification body auditors—aerospace auditors and aerospace experienced auditors—were required to attend and pass the IAQG-sanctioned training prior to performing audits for the 2009 versions of AS9100, AS9110 and AS9120.
The sanctioned training developed by Plexus included e-training modules for each of the AS&D QMS standards and four-day, instructor-led training. The goal of the training is to educate auditors on the AS&D QMS standards and the AS9101 audit method, as well as to reduce auditor variation.
Let’s be clear
The IAQG teams responsible for each standard have deployed support materials, including press releases presentations about changes, frequently asked questions, clarifications and reference articles that can be found on the IAQG website at www.iaqg.org.
Several of these clarifications involve IAQG 9101:2009 and address frequent questions organizations have asked while transitioning to an AS&D QMS, such as:
New 7.1.X clause exclusions. It is possible to take a permissible exclusion of these clauses located in section 7 as long as the requirements in clause 1.2 have been satisfied. The IAQG 9100 team’s expectation is that some level of project planning, risk management, configuration management and controlling work transfers occur in every AS&D organization.
Project management. Clause 7.1.1 is not about managing improvement or maintenance projects. It pertains to how a company plans and manages its product realization activities. These activities are frequently called "program management," which is not an ISO-defined term. Instead, the IAQG team used the ISO-accepted project management terminology.
As clause 7.1.1 indicates, the requirement includes how the organization plans and manages product realization in a structured and controlled manner to meet requirements at an acceptable risk, and within resources and schedule constraints.
Risk management. This requirement was deliberately placed in clause 7.1.2 to be an iterative part of product realization planning, like all clause 7.1 requirements, because it pertains to product risks across product life cycle processes noted in section 7.1
Configuration management. Additional information on the new AS9100 clause 7.1.3 bullet items can be found in ISO 10007:2003, an internationally accepted standard on configuration management that provides additional insights and information.2 The IAQG Supply Chain Management Handbook also includes configuration management guidance and best practices in chapter 11.3.3
Work transfer. The concept of work transfer in clause 7.1.4 is similar to the outsourcing requirement in clause 4.1. Work transfers and outsourcing activities are often controlled by the purchasing process. Adequate planning is required when work is transferred from one organizational facility to another. If these facilities are within the same QMS, this transfer activity can present less risk.
If the transfer is to a sister company and involves an interwork transfer, the activity requires additional planning. This could also include work performed at a company facility and at a customer location.
The IAQG Supply Chain Management Handbook includes recently released how-to and best practice documentation on several new AS9100:2009 concepts, including risk management, configuration management, work transfer and special requirements or critical items.
More effective audits
AS9101, which is mandatory for use during third-party management audits, was completely rewritten and now addresses AS9100, AS9110 and AS9120. The primary theme of the AS9101 rewrite was to evaluate process effectiveness and conformity with requirements.
ISO 9000:2005 defines effectiveness as the extent to which planned activities are realized and planned results achieved.4 A process effectiveness assessment report will be used to document product realization processes, which include process details, process effectiveness methods and evaluations of process effectiveness.
The checklist nature of AS9101, along with scoring and key requirements designations, has been removed from the revised version. Certification bodies will either continue to use their own audit documentation record or the AS9101 objective evidence record. A QMS process matrix form has been developed to correlate the processes to the requirements in AS9100, AS9110 and AS9120 to demonstrate clause coverage.
The ultimate measurement of QMS effectiveness is customer satisfaction. Therefore, performance measurement and customer feedback will be used as inputs for process-oriented audits. According to AS9101 clause 22.214.171.124, QMS performance and effectiveness include reviews of the following:
- Processing and handling of customer complaints and feedback data.
- Results and actions from internal and external QMS audits.
- Stakeholder feedback, including feedback from regulatory authorities or other interested parties.
- Process and product nonconformities, including corrective actions and evaluation of the effectiveness of actions taken.
- Preventive actions, which include evaluating the effectiveness of actions taken.
- Management review, including associated records.
- Internal performance monitoring, measurement and reporting against stakeholder and internal performance objectives and targets.
- The organization’s current performance against targets.
- The organization’s process performance improvement activities and outcomes related to product quality.
What hasn’t changed in the revised AS9101 is the need to determine the organization’s QMS conformity to statutory and regulatory requirements, customer requirements and AS&D QMS standard requirements. Any nonconformities discovered during the audit must be documented on a provided nonconformity report.
Based on information collected during the audit, the auditor will need to draw conclusions on conformity and the effectiveness of the organization’s QMS. These conclusions will be documented on AS9100, AS9110 and AS9120 standard audit reports that will be used for stage one and two initial certifications, surveillance audits, recertification audits and special audits stemming from customer or interested party requests, scope changes or certification transfers.
What it all means
So what does the AS9101 revision mean to organizations that want to be certified to the new AS&D QMS standards? It requires them to:
- Demonstrate conformity to the standard.
- Identify processes and show process sequence and interaction.
- Explain process measurements identified, including who reviews the data, how targets are defined, how it’s determined whether targets are met, whether the measures are actionable and how the data are used.
- Show actions taken when performance targets are not met.
The AS&D industry continues to grow by about 2,000 certified organizations per year (see Figure 2). By upgrading to the new standards, these organizations will improve QMS performance, enhance product realization planning and mitigate risks. The standards will be more effectively assessed using an improved robust auditing scheme that drives improvements and a process mindset as detailed in AS9101.
The improvements in the AS9101 revision include emphasizing the process management approach within organizations; shifting resources from completing questionnaires to determining and documenting conformity and process performance and effectiveness; and providing useful information to stakeholders concerning process performance and history.
AS9101 represents a significant advancement for aerospace auditing. Although auditing for effectiveness has always been an expectation of the standard and customers, the reality is that most auditors focus on process conformity to procedural requirements, while overlooking process results.
Customers have long complained about certified suppliers with performance issues, including problems with on-time delivery or product quality. This standard addresses those issues and organizational performance with an approach that has not been used before.
- International Aerospace Quality Group, IAQG 9101:2009—Quality Management Systems Audit Requirements for AS&D Organizations.
- For more resource materials on risk management, see chapter 11.2 in the IAQG Supply Chain Management Handbook at www.sae.org/iaqg/handbook/scmhtermsofuse.htm.
- International Organization for Standardization, ISO 10007:2003—Quality management systems—Guidelines for configuration management.
- International Aerospace Quality Group, IAQG Supply Chain Management Handbook, www.sae.org/iaqg/handbook/scmhtermsofuse.htm.
- International Organization for Standardization, ISO 9000:2005—Quality management systems—Fundamentals and vocabulary.
L.L. "Buddy" Cressionnie is the Americas requirement, as well as the International and Americas lead, for the IAQG 9100 team and a voting member of the U.S. Technical Advisory Group to ISO/TC 176. He represents the Lockheed Martin Corp. in these roles, where he works in the aeronautics business area as a senior manager over quality and mission success processes. Cressionnie is an ASQ senior member with quality manager and quality auditor certifications. He is also a RABQSA-certified aerospace experienced auditor and International Register of Certified Auditors lead auditor for ISO 9001 and ISO 14001. Cressionnie has an MBA from Texas Christian University in Ft. Worth and a bachelor’s degree in industrial and systems engineering from the University of Florida in Gainesville.