What you need to know about the changes to the 9100 series of standards
by L.L. "Buddy" Cressionnie
As aviation, space and defense (ASD) organizations transition to the 9100:2016 series of standards, it is important to understand why we have ASD standards and use transition guidance provided by the industry to understand the requirements and expectations.
Why ASD standards?
The ASD industry is highly regulated and for good reason—quality and safety go hand in hand. From the onset, the goal of the ASD industry has been to achieve a level of quality resulting in user and regulator confidence around the world.
The International Aerospace Quality Group (IAQG) took on this challenge and developed a common industry standard: the 9100 standard (referred to as AS9100 in the Americas, EN9100 in Europe and JISQ9100 in Asia/Pacific). Almost 20 years later, 9100 is still going strong and IAQG released its latest revision, 9100:2016, last fall. In addition to 9100, the 9100 series of standards includes 9110:2016 for maintenance organizations, 9120:2016 for distributors, 9115:2017 for deliverable software and 9101:2016 for quality management system (QMS) auditing.
ASD industry regulatory agencies around the world vary considerably, but one thing they all have in common is they recognize the 9100 series as the basis for a robust QMS. A few U.S. regulatory agencies include the Federal Aviation Administration (FAA), NASA and the Department of Defense (DoD).
Over the past 20 years, these regulatory agencies have accepted the 9100 series to fulfill their requirement to have a QMS. But the ASD industry doesn’t stop there. It continuously strives to exceed these and other industry requirements.
To be responsive to regulatory agencies and relevant interested parties, the IAQG organized relationship growth strategy streams. These streams ensure the voice of the customer is considered during all aspects of IAQG work including standard development, certification scheme and best practices. These relationship growth strategy streams include:
- Civil authorities—production: Works with the international airworthiness authorities to enable local design, production and certification with global acceptance.
- International space forum: Works to achieve standards and a certification scheme that can be effectively and efficiently used by space organizations.
- Defense relationship: Coordinates between NATO and defense organizations to harmonize or adopt common standards.
- Maintenance, repair and overhaul (MRO): Works with the ASD industry toward recognition of IAQG standards and effective industry use, application and certification to improve aviation safety, product quality and efficiency of the MRO industry.
- Trade associations relationship: Establishes relationships with other aviation industry trade associations whose purpose and objectives overlap IAQG's.
Here are some examples of how the U.S. regulatory agencies mentioned earlier have accepted and are engaged in the 9100 series standards:
- FAA—Accepts the 9100 series to fulfill its regulatory requirement to have a QMS. FAA personnel are engaged with IAQG through the civil authorities—production relationship growth stream and participate in the IAQG certification scheme.
- NASA—Requires its external providers to comply with the 9100 series to fulfill its regulatory requirement to have a QMS. NASA personnel are engaged with IAQG through the international space forum, which has assigned engagement on IAQG writing teams, the certification scheme and the strategy working group.
- DoD—Flows down the use of the 9100 standard as a contractual requirement to defense suppliers to meet Federal Acquisition Regulation (FAR) requirements and Defense FAR requirements. Contract oversight of DoD requirements is performed by Defense Contract Management Agency (DCMA) personnel. DCMA is engaged with IAQG through the defense relationship growth stream. DCMA personnel also are involved on IAQG writing teams and in the certification scheme.
Having a common QMS standard helps the ASD industry and its suppliers meet regulatory requirements while ensuring quality and safety are paramount in every product and service delivered.
The 9100:2016 transition timeline has started the mandatory assessment of the revision. A lot has happened since fall 2016, including the 9100:2016 series release, auditor training, certification body approval and, of course, organizational implementation.
All 9100 series audits will be based on the new 9100:2016 series starting June 2017 to ensure full implementation by Sept. 15, 2018, when the 2009 revision will be sunset. So why start the audits so early?
Transitioning to the 2016 revision requires a certification decision and, therefore, also requires a transition audit with additional audit days and implementation and closure of any issued nonconformities, certification body verification, and technical review of all associated documentation and audit reports to make the certification decision.
The September 2018 deadline was selected to coincide with the ISO 9001:2015 transition so organizations with dual certification don’t have to transition first to ISO 9001:2015 and then to the 9100:2016 series of standards.
IAQG has published a significant amount of deployment support material to help certified organizations with the transition.1 This information includes presentations, webinars, correlation matrixes, frequently asked question documents, a gap assessment worksheet, guidance materials and links to ISO 9001:2015 support materials.2
These are the main changes organizations can expect to find during their transition:
Additional focus on escape prevention requirement. The requirement to prevent the delivery of nonconforming products and services to the customer was reinforced in the 2016 standard revision because the industry continues to see a high level of escapes to the customer. An organization is required to show effective controls to prevent the delivery of nonconforming products and services to the customer and robust corrective actions when escapes are encountered.
Risk-based thinking versus risk management understanding. Risk management always has been required by the 9100 standard. The first release of 9100 in 1999 required a contract or order to be reviewed to ensure that any risk associated with the new technology or short delivery time scales was evaluated.
The 9100:2009 series of standards further required formalized product risk management processes to be applied to product realization activities. Organizations are required to plan, implement and control a process for risk management. Risk management includes requirements for assigning responsibilities, defining risk criteria, identifying and assessing risk, mitigation actions and acceptance. These requirements have been carried forward to 9100:2016, subclause 8.1.1—Operational risk management.
In the 9100:2016 series of standards, the risk-based thinking concept has been expanded throughout the QMS, as emphasized by the addition of "actions to address risk and opportunities" to ISO 9001:2015, subclause 6.1. Risk-based thinking promotes proactive thinking throughout the QMS. The requirements in ISO 9001:2015, subclause 6.1, specify that an organization shall plan actions to address risks. Formal risk management methods or a documented risk management process is not required, except as denoted in subclause 8.1.1.
The intent of risk management and risk-based thinking is to:
- Change an organization’s culture and mindset to be proactive.
- Focus on priorities and what adds value to an organization.
- Ensure alignment of resources to issues and risks.
- Ensure greater knowledge of risks and improved preparedness.
- Increase the probability of reaching objectives
while reducing the probability of negative results.
Product safety applicability. Product safety, as it relates to an end user’s experience with the product, has always been implicit in the 9100 series of standards. Some lower-tiered supply chain organizations might think product safety doesn’t apply to them because those organizations don’t know how their customers use their supplied products.
If an organization doesn’t know how its products are used, it should find out from its customers so it can understand the potential product safety implications. Based on an organization’s knowledge of the parts it produces, how can the product be manufactured to meet engineering and product conformity requirements?
Remember that product safety is related to the operation of the product. It is not about Occupational Safety and Health Administration-related personnel safety. Product safety risk assessments should proactively identify risks that potentially affect product safety and address them before they generate adverse effects.
Guidance for implementing product safety requirements can be found in the note of subclause 8.1.3. Possible implementation activities include:
- Assessing hazards and managing associated risks (see subclause 8.1.1).
- Managing safety critical items.
- Analyzing and reporting occurred events affecting safety.
these events and training employees.3
"Counterfeit part" doesn’t apply only to electronic parts. IAQG’s definition of "counterfeit part" is:
"An unauthorized copy, imitation, substitute, or modified part (for example, material, part, component), which is knowingly misrepresented as a specified genuine part of an original or authorized manufacturer.
Note: Examples of a counterfeit part can include, but are not limited to, the false identification of marking or labeling, grade, serial number, date code, documentation or performance characteristics."4
Organizations must assess their risks associated with counterfeit or suspect counterfeit parts and implement appropriate controls. The note in subclause 8.1.4 suggests, for example:
- Training appropriate employees in the awareness and prevention of counterfeit parts, including procurement, receiving inspection, inspection and design personnel.
- Applying a parts obsolescence monitoring program for the service life of the product.
- Implementing controls for acquiring externally provided products from original or authorized manufacturers, authorized distributors or other approved sources.
- Requiring that parts and components are traceable to their original or authorized manufacturers.
- Verifying and testing methods to detect counterfeit parts.
- Monitoring counterfeit parts reporting from external sources.
- Quarantining and reporting suspect or detected counterfeit parts so they are not reintroduced into the supply chain.
Testing raw materials is back from revision B. The testing of raw materials requirement in 9100B was removed in the 9100:2009 series of standards due to the introduction of risk management. Unfortunately, risk management was not applied by all organizations to incoming critical raw materials as anticipated. Therefore, the requirement to validate the accuracy of test reports for raw materials identified as a significant operational risk (that is, critical items) has been introduced. The testing of raw materials in revision B applied to all raw materials, but the 9100:2016 series requirement has been streamlined and focused depending on risk.
Human factors and human error are only "as applicable." 9100:2016 introduces the concept of human factors and human error in three places:
- Subclause 7.1.4 requires the work environment to be sufficient to ensure an organization’s processes achieve product and service conformity. Organizations and auditors should determine whether the environment is negatively affecting the organization’s ability to achieve product and service conformity by examining measures and employee turnover data.
- Subclause 8.5.1.g ensures that organizations implement actions to prevent human error. Actions include limiting excessive working hours, providing appropriate training and instructions, automating processes, requiring double electronic entry of critical information, making available devices to avoid incorrect tooling, avoiding distractions, job rotation, requiring completion of information before submission and mistake-proofing techniques. These techniques will improve product and service conformity by changing how work is completed.
- Subclause 10.2.1.b.2 ensures the consideration of human factors in the corrective action process during an organization’s causal analysis. If human factors are not considered, the true root causes usually can’t ensure the nonconformity won’t recur. When the root cause is identified as worker error or workmanship, additional analysis is required to determine why the worker erred.
The new 9100 series of standards provides organizations an opportunity to examine their QMSs as they address the new requirements while ensuring their system effectiveness in achieving planned results and improved levels of customer satisfaction. IAQG can serve as a resource for any implementation questions about the 9100 series.
- International Aerospace Quality Group (IAQG), "IAQG 9100—Quality management systems—Requirements for aviation, space and defense organizations," www.sae.org/iaqg/organization/9100.htm.
- IAQG, "Requirements," www.sae.org.
- IAQG, AS9100—Quality management systems—Requirements for aviation, space and defense organizations, subclause 8.1.3.
- IAQG International Dictionary, "Counterfeit part," www.sae.org.
L.L. "Buddy" Cressionnie is the Americas requirement IAQG 9100 team lead and a voting member of U.S. Technical Advisory Group to ISO/TC 176. Cressionnie is an ASQ senior member with manager of quality/organizational excellence and quality auditor certifications. He also is an Exemplar Global-certified aerospace auditor and International Register of Certified Auditors lead auditor for ISO 9001 and ISO 14001. Cressionnie has an MBA from Texas Christian University in Fort Worth and a bachelor’s degree in industrial and systems engineering from the University of Florida in Gainesville.