IAQG 9101 Coordination Draft Modified

9101: 2008
Issued
AEROSPACE
STANDARD Revised
Quality management systems- Aviation, Space and Defense
Quality management system audits
COORDINATION DRAFT
6 June 2008
FOREWORD
To assure customer satisfaction, aviation, space, and defense organizations must produce, and continually
improve, safe, reliable products that meet or exceed customer and applicable statutory and regulatory
requirements. The globalization of the industry and the resulting diversity of regional and national requirements
and expectations have complicated this objective. Organizations have the challenge of purchasing products
from suppliers throughout the world and at all levels of the supply chain. Suppliers have the challenge of
delivering products to multiple customers having varying quality expectations and requirements.
Industry has established the International Aerospace Quality Group (IAQG), with representatives from
companies in the Americas, Asia/Pacific and Europe, to implement initiatives that make significant
improvements in quality and reductions in cost throughout the value stream. This standard has been prepared
by the IAQG.
This document standardizes the requirements for conducting and reporting of quality management system
audits. It can be used by aviation, space and defense organizations at all levels throughout the global supply
chain.
This document provides requirements for an audit and reporting process based on:
- the process and continual improvement approach defined in 9100-series standards,

- the specific aviation, space, and defense additions in 9100-series standards,
- the use of competent and qualified auditors,
- the use of common assessment tools, and
- the uniform and transparent reporting of audit results.
This document contains requirements (shall), and recommended practices (may).
REVISION SUMMARY/RATIONALE
This standard has been revised to incorporate the 2008 changes to IAQG 9100-series standard quality
management system requirements and requirements for accredited certification introduced by ISO/IEC
17021:2006.
IAQG Coordination Draft, 6 June 2008 1

TABLE OF CONTENT
FOREWORD ...................................................................................................................................................... 1
REVISION SUMMARY/RATIONALE ................................................................................................................. 1
TABLE OF CONTENT ....................................................................................................................................... 2
INTRODUCTION ................................................................................................................................................ 4
0.1 GENERAL ............................................................................................................................................... 4
0.2. AUDITING APPROACH ............................................................................................................................. 4
REQUIREMENTS............................................................................................................................................... 5
1. SCOPE ........................................................................................................................................................ 5
1.1 GENERAL ............................................................................................................................................... 5
1.2 APPLICATION ......................................................................................................................................... 5
2. NORMATIVE REFERENCES ..................................................................................................................... 6
3. TERMS AND DEFINITIONS ....................................................................................................................... 7

3.1 AUDIT CYCLE:........................................................................................................................................ 7
3.2 CONTAINMENT: ...................................................................................................................................... 7
3.3 CERTIFICATION CYCLE:........................................................................................................................... 7
3.4 EFFECTIVENESS ASSESSMENT RECORD (EAR):...................................................................................... 7
3.5 INTERNATIONAL AEROSPACE QUALITY GROUP (IAQG):........................................................................... 7
3.6 INDUSTRY CONTROLLED OTHER PARTY (ICOP): ..................................................................................... 7
3.7 NON CONFORMANCE REPORT (NCR): .................................................................................................... 7
3.8 ON LINE AEROSPACE SUPPLIER INFORMATION SYSTEM (OASIS) ............................................................ 7
3.9 OTHER PARTY:....................................................................................................................................... 7
4. AUDIT PROCESS ....................................................................................................................................... 8
4.1 GENERAL ............................................................................................................................................... 8
4.2 COMMON AUDIT ACTIVITIES .................................................................................................................... 9
4.2.1 Audit Planning............................................................................................................................. 9
4.2.2 Conducting on-site audits ....................................................................................................... 10
4.2.2.1 General.................................................................................................................................... 10
4.2.2.2 Interview with Top Management ............................................................................................. 12
4.2.2.3 Audit of System Performance and Effectiveness .................................................................... 13
4.2.2.4 Audit of Processes, their Performance and Effectiveness ...................................................... 14
4.2.2.5 Auditing Customer Satisfaction ............................................................................................... 16
4.2.2.6 Auditing Special Processes..................................................................................................... 17
4.2.2.7 Preparing Audit Conclusions ................................................................................................... 17
4.2.2.8 Audit Findings.......................................................................................................................... 18
4.2.2.9 Closing meeting....................................................................................................................... 19
4.2.3 Audit Reporting......................................................................................................................... 19
4.2.4 Nonconformity Management ................................................................................................... 20
4.3 AUDIT PHASE SPECIFIC REQUIREMENTS ............................................................................................... 21
4.3.1 Preliminary Contact/Activities ................................................................................................. 21
4.3.2 Stage 1 Audit ............................................................................................................................. 22
4.3.2.1 General.................................................................................................................................... 22
4.3.2.2 Collection of Information.......................................................................................................... 22
4.3.2.3 Review of the Organization ..................................................................................................... 23
4.3.2.4 Stage 1 Conclusions ............................................................................................................... 24
4.3.2.5 Stage 1 report.......................................................................................................................... 24
4.3.3 Stage 2 Audit ............................................................................................................................. 25
4.3.3.1 Follow-up Audit........................................................................................................................ 25
4.3.4 Surveillance ............................................................................................................................... 25
4.3.5 Re-certification.......................................................................................................................... 26
4.3.6 Special Audits ........................................................................................................................... 27
LIST OF APPENDICES.................................................................................................................................... 28
APPENDIX 1: PROCESS BASED AUDIT COMPLETENESS RECORD ...................................................................... 29
APPENDIX 2: NONCONFORMANCE REPORT....................................................................................................... 31
APPENDIX 3: AUDIT REPORT (STAGE 2, SURVEILLANCE & RE-CERTIFICATION).................................................. 32
APPENDIX 4: AUDIT TEAM MEMBER SUMMARY REPORT ................................................................................... 37
APPENDIX 5: AUDIT REPORT (STAGE 1)........................................................................................................... 39
APPENDIX 6: AUDIT PLANNING -COLLECTION OF CUSTOMER QUALITY DATA ..................................................... 44
APPENDIX 7: EFFECTIVENESS ASSESSMENT RECORD (EAR) ........................................................................... 45

INTRODUCTION
0.1 General
Auditing is one of the basic tools to assess effective implementation of, and conformance to quality
management system requirements.
In addition to determination of compliance, this standard focuses on evaluation of effectiveness.
The major purpose of an organization is not to be compliant with quality management system requirements but
to be effective in fulfilling customer expectations and delivering products that meet those expectations.
In other words: an organization cannot fulfill the requirements of the quality management system standard and
at the same time deliver products that do not fulfill customer specifications.
This audit standard supports the new requirements in the 9100-series standards (2008/2009) such as critical
items, special requirements, On-time Delivery (OTD) performance, risk management and project
management.
0.2. Auditing Approach
This standard is written to support the process approach for quality management systems as described in the
9100-series standards.
When evaluating quality management systems, there are four basic questions that should be asked in relation
to every process being evaluated:
a) is the process identified and appropriately defined?
b) are responsibilities assigned?
c) are the procedures implemented and maintained?
d) is the process effective in achieving the desired results?
The collective answers to these questions can determine the result of the evaluation.
Additionally, product quality (as delivered), customer satisfaction and quality management system
effectiveness are to be considered as interrelated. This interrelation should be reflected in the audit and the
associated results.

REQUIREMENTS
1. SCOPE
1.1 General
This standard specifies requirements on the preparation and execution of the audit process and the content
and composition of the Audit Report when determining conformance to the 9100-series standards and the
organizations ability to meet customer, regulatory and the organizations own requirements.
NOTE 1: In this standard the terms 9100-series standards comprises the following quality management
system standards as developed by the International Aerospace Quality Group (IAQG) and published by various
national standardization organizations: 9100, 9110 and 9120.
The requirements in this standard are in addition to the requirements in the standards for conformance
assessment, auditing and certification as published by International Organization for Standardization
(ISO)/International Electrotechnical Commission (IEC): ISO/IEC 17000 and ISO/IEC 17021.
When there is conflict between the standards, the requirements of this standard shall take precedence.
NOTE 2: At the moment of publication of this standard, the ISO Committee on conformity assessment,
(ISO/CASCO) is working on a new standard ISO/IEC 17021-2, Conformity assessment Requirements for
third-party certification auditing of management systems. This standard will contain additional requirements,
comparing to the existing 19011 and 17021. Awaiting publication, expected late 2010, some of the foreseen
requirements are included in this issue of 9101 as gray shaded text. After publication of ISO/IEC 17021-2,
9101 will be modified and re-issued in order to prevent duplication.
NOTE 3: This document also contains recommended practices that may be used by audit teams when
executing the audit process. Certification bodies are not mandated to use recommended practices material
when similar or equivalent methods/material are used. In such case, the certification body should be able to
demonstrate the equivalence of the method/material during the initial accreditation and periodic oversight as
described in 9104-2.
NOTE 4: Users of this standard are encouraged to use guidance material separately published by IAQG, such
as the Guidance tool for auditing aviation, space and defense quality management systems.
1.2 Application
This standard shall be used for audits of 9100-series standards by certification bodies for certification of
organizations, under the umbrella of the aviation, space and defense industry certification scheme [also known
as Industry Controlled Other Party (ICOP) scheme], as defined in the IAQG 9104-series standards.
The relevant parts of this standard (e.g. clauses 4.2.1, 4.2.2, 4.2.3 and 4.2.4) and the form templates in the
st nd
appendices may be used for internal (1 party) audits and external audits at suppliers (2 party audits).
This also applies to methodologies, guidance material and document formats (e.g. audit reports,
nonconformance reports and other documents described in appendices).
In such case the words certification body should be read as auditor or auditing organization, and the word
client should be auditee or audited organization, as appropriate.

2. NORMATIVE REFERENCES
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced document
(including any amendments) applies.
AS/EN/JISQ 9100* Quality Management Systems Requirements for Aviation, Space and
Defense
AS/EN 9110* Quality Management Systems Requirements for Aviation Maintenance,

Repair and Overhaul Organizations
AS/EN 9120* Quality Management Systems Requirements for Aviation, Space and
Defense Distributors
AS/EN/SJAC 9104* Requirements for Aerospace Quality Management System

Certification/Registrations Programs
AS/EN/SJAC 9104-2* Requirements for Oversight of Aerospace Quality Management system

Registration/Certification Programs
AS/EN/SJAC 9104-3* Requirements for Aerospace Auditor Competency and Training Course
ISO 9000: 2005 Quality management systems Fundamental and vocabulary
ISO 19011: 2002 Guidelines for quality and/or environmental management systems auditing
ISO/IEC 17000: 2004 Conformity assessment Vocabulary and general principles
ISO/IEC 17021: 2006 Requirements for bodies providing audit and certification of management systems
* As developed under the auspice of the International Aerospace Quality Group IAQG and published by various
Standards bodies (e.g. SAE, ASD, EN, JISQ).
NOTE 1: ISO/IEC 17021-2 is under development. See note 2 under 1. General.
NOTE 2: AS/EN/SJAC 9104 will be replace in the near future by AS/EN/SJAC 9104-1.

3. TERMS AND DEFINITIONS
For the purpose of this standard, the terms and definitions provided in ISO 9000, ISO/IEC 17000, 9100-series
standards, 9104 / 9104-2 / 91043 and the following apply.
3.1 Audit Cycle:
The first audit cycle starts with the last day of the stage 2 audit and ends with the first day of the re-certification
audit. Each subsequent audit cycle starts from the last day of the re-certification audit.
3.2 Containment:
Action to control and mitigate impact of a problem and protect the customer's operation (stop the problem
getting worse). Includes correction, immediate corrective action, immediate communication and verification
that the problem does not further degrade.
3.3 Certification cycle:
The time interval between the initial certification decision and re-certification decision or between two re-
certification decisions.
3.4 Effectiveness Assessment Record (EAR):

Document stating results and providing evidence of determination of effectiveness of a process.
3.5 International Aerospace Quality Group (IAQG):

Body of prime aerospace Original Equipment Manufacturers chartered to develop common requirements for
use by the aerospace industry for quality improvement.
3.6 Industry Controlled Other Party (ICOP):

An Aerospace scheme under IAQG management for the assessment and certification of supplier quality
systems by Other Parties in accordance with the requirements contained in 9104, this under the full Industry
management.
3.7 Non Conformance Report (NCR):
Document stating results and providing evidence of determination of nonconformity to audit criteria, including
root cause, corrective action implementation and review by the auditor.
3.8 On Line Aerospace Supplier Information System (OASIS)
Web-based IAQG database containing information on participating National aerospace Industry Associations,
Accreditation Bodies (ABs), accredited Certification Review Bodies (CRBs), authenticated aerospace
Experience Auditors, Certified Suppliers and Assessments.
3.9 Other Party:
Independent and officially accredited Organization engaged in audit and certification activities that is under
control and oversight of Aerospace Industry.

4. AUDIT PROCESS
This section consists of three primary areas: clause 4.1 identifies phases of a complete audit process; clause
4.2 provides information on the common activities that shall be used to support the audit phases; and clause
4.3 describes the specific requirements for each phase. All sections must be complied with during a complete
audit cycle.
NOTE: Although Intermediate/Special Audit is not listed as a part of the audit cycle, it is applicable after initial
certification and then when directed by special request. They are addressed in clause 4.3.6.
The audit process established to assess conformance of quality management systems to the 9100-series of
standards shall meet the requirements of ISO/IEC 17021 and the additional requirements defined by this
standard. When there is conflict, the requirements of this standard shall take precedence.
4.1 General
Audit phases
The audit process shall consist of the following phases:
a) Preliminary contact visit,

b) Stage 1 audit,
c) Stage 2 audit,
d) Surveillance audit, and
e) Re-certification audit.
Phase a, b and c are only applicable for initial audit or transfer of certification.
NOTE: Although certification is formally part of the process, requirements for certification are defined by 9104-
series.
Common activities
Audit planning, on-site auditing and audit reporting are common activities linked with phases b, c, d and e.
Nonconformity management is common for phases c, d and e.
The requirements for activities apply to each phase of the program as indicated in Figure 1.
Phase b, c and d shall be described in the audit program, established during the preliminary contact/application
phase.

Audit program
Audit
phase Preliminary Stage 1 Stage 2 Surveillance Re-certification
(4.3) Contact
Common 4.3.1 4.3.2 4.3.3 4.3.4 4.3.5
activity (4.2)
Audit planning
4.2.1
On-site
auditing
4.2.2
Audit reporting
4.2.3

Nonconformity
management
4.2.4
FIGURE 1: RELATION BETWEEN AUDIT PHASES AND COMMON AUDIT ACTIVITIES
NOTE: for each audit phase the indicated common audit activities are applicable.
4.2 Common Audit Activities
4.2.1 Audit Planning

See the requirements of ISO/IEC 17021 9.1.2 and 9.1.3, plus the related guidance in ISO 19011.
The audit team leader shall be appointed before the stage 1 audit. Possible audit team members shall be
identified. After the stage 1 audit the team composition for stage 2 shall be reviewed based on information as
received and observed during the stage 1 audit, followed by the final appointment of the team members.
Audit plans shall be based on the review of:

- the processes of the organization, including their sequence and interactions,
- the criticality of products and processes,
- product related safety issues (e.g. airworthiness issues, reporting to customer and/or authorities),
- results of internal audits,
- previous audit findings,
- the Key Performance Indicators (KPIs) and trends for quality and On time delivery,
- previous management review results,
- customer satisfaction and complaints log, including feedback requests received by the certification body
(i.e. through OASIS),
- customer specific quality management system requirements, and
- performance information available from the customers.
-
The audit activities shall be prioritized based on risk to the customer (i.e. customer concerns and / or customer
special statuses).
The composition of the audit team shall be determined. The team shall consist of sufficient members, qualified
to address the issues and findings as identified during the previous visit.

Recommended Practice
It is recommended that the audit team allow time in the audit schedule to pursue product audit trails, following
one or more critical and/or nonconforming products through its associated product realization processes.
As an input into the audit planning process, the audit team leader shall obtain information from the organization
regarding customers requiring certification (i.e. 9100/9110/9120) and the percentage of aviation, space and
defense business each represents. The audit team leader shall ensure that the percentage of audit time
planned on any one customer is commensurate with the percentage of aerospace business each customer
represents (e.g. customer X may only have 20% of the business so do not spend 80% of the time verifying
customer X's needs if customer Y has 80% of the business).
NOTE: The need to use translators, as applicable, may also impact the plan and duration.
4.2.2 Conducting on-site audits
[ISO/IEC 17021 9.1.9]
4.2.2.1 General
a) Process Approach
The audit team shall conduct quality management system audits using a process approach that focuses on
performance and effectiveness. The process approach used by the audit team shall ensure that priority is
given to:
reviewing the organizations processes, their sequence and interactions, and performance against
measures defined, with focus on the processes that directly impact the customer;
reviewing the process objectives / targets, with focus on areas where targets are not being met and on
issues which have the greatest impact on the customer(s);
reviewing what plans are in place to ensure targets are met;
reviewing what corrective action plans are in place where targets are not being met; and
pursuing audit trails to relations between customer concerns, performance against objectives and relevant
process controls.
b) Customer Approach
The audit team shall use the percentage of aviation, space and defense business each represents (see clause
4.2.1) to verify that the organization is addressing customer satisfaction appropriately with all customers. This
includes verifying that any customer specific requirements are addressed.
c) On-site Audit Activities

Each on-site audit, except for follow-up (see clause 4.3.3.1) and special audits (see clause 4.3.6), shall include:
an opening and closing meeting with the organizations management and, as appropriate those responsible
for the functions or processes to be audited,
an interview with top management (see clause 4.2.2.2),
a review of changes since the previous visit,
an audit of the quality management system performance and effectiveness (see clause 4.2.2.3),
an audit of the organizations processes, their performance and effectiveness, as identified in the audit plan
(see 4.2.2.4),
an audit of follow-up actions from previous audits, and
an audit of requirements from new aviation, space and defense customers since the last audit
d) Opening Meeting
An opening meeting shall be held with the clients management and, where appropriate, those responsible for
the functions or processes to be audited. The purpose of an opening meeting is to confirm the audit plan, to
provide a short explanation of how the audit activities will be undertaken, to confirm communication channels,
and to provide an opportunity for the client to ask questions.
The meeting shall be formal and records of the attendance shall be kept. The meeting shall be conducted by
the audit team leader, and the following items shall be included:
a) introduction of the participants, including an outline of their roles;
b) confirmation of the type of audit, objectives, scope and criteria;
c) confirmation of the audit plan and other relevant arrangements with the client, such as the date and time for
the closing meeting, interim meetings between the audit team and the clients management, and any late
changes;
d) confirmation of formal communication channels between the audit team and the client;
e) confirmation that the resources and facilities needed by the audit team are available;
f) confirmation of matters relating to confidentiality;
g) confirmation of relevant work safety, emergency and security procedures for the audit team;
h) confirmation of the availability, roles and identities of any guides and where relevant observers;
i) the method of reporting, including any grading of audit findings; and,
j) information about the conditions under which the audit may be prematurely terminated.
Dependent on the type of the audit the following items should included as applicable:
a) confirmation of the status of findings of the previous review or audit;
b) methods and procedures to be used to conduct the audit, including advising the client that the audit
evidence is based on a sample of the information available and therefore there is an element of uncertainty
in auditing;
c) confirmation of the language to be used during the audit, where relevant;
d) confirmation that, during the audit, the client will be kept informed of audit progress.
e) Site Tour
The audit team leader may decide to conduct a site tour to address significant changes in scope or facilities
since the last visit or to familiarize team members with the organizations activities. The audit team shall record
and retain key observations for use during the audit.
It is recommended that the process approach to auditing should not be driven by a clause or a section
structured questionnaire or checklist.
Checklists and/or questionnaires may be used as a tool:
a) a reference or memory jogger for the auditor;
b) a repository for auditor notes not a mandatory objective evidence repository; and
c) a record of conformance status and audit plan completion.
Certification body tools that accomplish the same objectives are acceptable but, shall become part of the
audit file/record.
Checklists may be used to assure that the organizations processes cover the requirements of the quality
management system standard.

4.2.2.2 Interview with Top Management
There shall be an interview with top management to audit:

a) establishment and continued relevance of the organizations quality policy and objectives,
b) quality management system design / planning,
c) top management commitment, and
d) quality management system performance and effectiveness, including their perception.
Top management should participate and not merely be represented (e.g. by the quality manager).
It is important to change the focus of attention from the quality manager to the top management of
the organization.
An auditor with limited auditing experience should not be assigned to interview top management.
The timing of the top management interview should be planned, to ensure convenience and
punctuality.
During the interview, the audit team should seek evidence of their commitment.
The audit team can, by utilizing appropriate business terminology for the top management, ask
relevant questions that :
a) seek to obtain evidence of top managements awareness of and commitment to quality and its
relevance to the organization's overall objectives and quality management system, and
b) establish evidence of conformity to the 9100-series standard requirements for top management
responsibility.
The use of open-ended questions is encouraged, including the integration of recent performance
data as collected during previous visits (e.g. the stage 1 audit).
Examples of questions to gather evidence on compliance of the management commitment with
clause 5.1 of the 9100-series requirements could be:
what is the purpose, direction, mission and vision of the organization?
what aspects (elements / goals) of its long term strategy has the quality management system
been designed to deliver?
how does top management measure the effectiveness of the quality management system?
is the quality management system effective? and
what are the key metrics/measures used by top management to determine this?
The audit team should constantly be looking for opportunities to corroborate the responses
received from top management during the interview(s). This includes :
a) determining if top management are involved in management reviews ;
b) evaluating the commitment and involvement of Top Management in the establishment,
implementation, monitoring and updating of the quality policy; and
c) analyzing if top management is involved in continual improvement
See also ISO 9001 Auditing Practices Group Guidance on:

How to audit top management processes, as published jointly by ISO/CASCO and the
International Accreditation Forum (IAF).

4.2.2.3 Audit of System Performance and Effectiveness
Each on-site audit, except for follow-up and special audits, shall include an audit of:
a) the handling of customer complaints, customer feedback data (e.g. periodic performance reports received
from customers), other customer data (e.g. results of customer surveys) and stakeholder feedback (e.g.
feedback from regulatory authorities, other interested parties);
b) internal and external audits of the quality management system, including their associated records;
c) the control of process and product nonconformities, including corrective actions and the effectiveness of
corrective actions taken;
d) preventive actions and the effectiveness of actions taken;
e) management review, including associated records (i.e. inputs, outputs, actions taken);
f) (internal) performance monitoring, measurement, reporting and reviews against key stakeholder and
internal performance objectives and targets, including review of continual improvement activities and
associated records;
g) the organizations current performance against targets (including customer specific targets) and its
associated records of corrective actions taken where targets are not being met; and
h) the status and effectiveness of the organizations process performance improvement activities and their
outcomes related to product quality.
NOTE 1: Evaluation of the effectiveness of the quality management system should consider how well the
system is deployed, as demonstrated by the measures defined by the organization to meet customer
satisfaction and company objectives.
Feedback from the customer is one of the primary performance indicators that can be used to judge the
overall effectiveness of the quality management system. It is important, therefore, for the auditor to verify that
a) the organizations customer communication channels promote an adequate awareness of the process
by which customers can provide feedback
b) inputs to the customer feedback process include relevant, representative and reliable data,
c) this data is analyzed effectively, and
d) the output from this process provides useful information to the management review and other quality
management system processes, to enhance customer satisfaction and drive continual improvement.
See also ISO 9001 Auditing Practices Group Guidance on:
Auditing customer feedback processes, as published jointly by ISO/CASCO and IAF.
Other indicators that can be used to review the overall effectiveness of the quality management system are
measurements of the quality and On-time delivery of the products supplied by the organization, e.g. :
if the target for On-time Delivery was 90%, and the actual figure is 70%, the overall system and (some of)
the processes linked with OTD are not effective,
targeted levels of (internal and external) Product Defect rate and customer returns,
Auditors should assess if top management has defined methods for measurement of the organization's overall
performance in order to determine whether planned objectives and targets have been achieved.

4.2.2.4 Audit of Processes, their Performance and Effectiveness
The audit team shall audit processes as identified in the audit plan in adequate depth and detail to give
confidence that the organizations process(es) are capable of meeting process key performance indicators
(KPI), including any customer specific targets.
The audit team shall determine, as appropriate for each organization, if:
a) their processes are identified and appropriately defined (see NOTE below),
b) the process sequence and interactions are defined.
Additionally determine for each process if:
c) input/output, process activities, and resources are described,
d) responsibilities are assigned and responsible functions are identified,
e) process controls are defined,
f) the availability of resources and information necessary to operate and support is ensured,
g) each process is monitored, measured and analyzed against planned results (= determination of process
effectiveness),
NOTE 1: Planned results can be related to outputs or to the process activities itself.
h) actions are implemented as needed to achieve planned results and to promote continual improvement, and
i) the process is effective in achieving the desired results; verify performance information available (e.g.
percentage of nonconforming parts/products, percentage on-time delivery, etc).
NOTE 2: The following process categories are distinguished: core product realization processes, support
processes and management processes. The first category is specific for each organization.
The other categories are common to all types of organizations (e.g. continual improvement, nonconformity
management, monitoring and measurement, ).
The audit team shall focus on the processes that directly impact the customer(s) and on low performing
processes, based on performance data. The audit team shall audit these processes to determine not merely
process compliance, but also evaluate their effectiveness
The results shall be recorded on the Effectiveness Assessment Record: see Appendix 7.
When preparing and auditing a process, identify and ask questions on:
what is the process?
what is it trying to achieve?
is the process defined (i.e. inputs, outputs, resources and controls defined)?
who is the customer of the process?
what is the desired level of performance?
what are the measures (e.g. KPIs)?
do these reflect specified customer targets/performance requirements?
what is the current level of performance?
where performance is not being achieved, are improvement plans in place?
do they include applicable customer specific requirements?
are responsibilities of process owners and process performers defined?
is the process implemented as defined?
There is not one single process mapping method. There are many tools on the market that can be
used for process analysis, including am process elements (i.e. turtle diagram, octopus diagram,
SIPOC method).

Recommended Practice (continued)
The gap between the planned and the achieved performance level is a measure for the
effectiveness of a process.
When the desired level of performance is being achieved:

is the performance being achieved by accident/ luck or through a controlled and capable
process (i.e. is it repeatable and sustainable)?
how was the process planned, does the process design allow performance objectives to be
met?
does the process design meet 9100-series standard requirements?
o what about robustness?
o does it take into account previous performance results?
audit the process to verify that it is being carried out as defined/designed:
o are the methods being applied in the field?
o on the shop floor, at the work station?
ensure that the organizations process definition accurately reflects/describes reality;
conduct interviews, process witnessing, records review, etc with process performers at
appropriate locations (e.g. where the process occurs);
effectively incorporate into the process based audit samples of the relevant customer specific
requirements.
When the desired level of performance is not being achieved, continue with your process review:
what action plans are in place to improve the current performance?
how is performance being improved?
what governance is in place to drive/monitor the improvement effort?
NOTE: see also the Effectiveness Assessment Record template in appendix 7.

4.2.2.5 Auditing Customer Satisfaction
The audit team shall assess if customer satisfaction is based on customer provided non-conformance data,
corrective action requests, satisfaction surveys results and complaints, regarding product quality, on time
delivery, service provision, but also responsiveness to requests, etc.
Recommended practice
Customer feedback is a process. It needs to be audited as a process, not as a clause of the standard.
An evaluation also needs to be performed on the way in which the process is managed (see 9100 series
standards, clause 4.1.c), and its ability to provide meaningful information with which to judge the overall
effectiveness of the quality management system. The way in which the organization obtains this feedback
(the method) is up to the organization to define.
The auditor should therefore be aware of the many factors that can affect the organizations approach, and
should recognize that there is no fixed recipe. Due consideration should be given to factors such as:
organization size and complexity
degree of sophistication of products and customers
risks associated with the product
diversity of customer base
The auditor needs to be aware of the specific characteristics of the organizations products that are likely to
impact customer satisfaction. Throughout the audit, the auditor should be alert for indications that may
suggest customer satisfaction or dissatisfaction which could serve as input into the audit of the customer
feedback process. Good sources of such information may include, for example:
goods returned by the customer;
warranty claims;
revised invoices;
credit notes;
articles in the media;
direct observation of, or communication with the customer (e.g. in a service organization).
See also ISO 9001 Auditing Practices Group Guidance:
Auditing customer feedback processes, published jointly by ISO/CASCO and the IAF.

4.2.2.6 Auditing Special Processes
If a organization operates special processes (reference 9100/9110, clause 7.5.2), the audit team shall audit the
validation, as well as, the monitoring and measuring of these processes.
NOTE: When an organization declares that special processes are excluded from the scope of certification, an
evaluation of the justification of this exclusion must be completed by the audit team during stage 1 of the initial
audit.
a) Validation of special processes

For each special process, the validation records shall be verified, including a comparison between actual and
planned results, and the established arrangements for the
a) defined criteria for review and approval of the processes,
b) defined criteria for the acceptance of processed product,
c) approval of equipment and qualification of personnel,
d) use of specific methods and procedures,
e) requirements for records (reference clause 4.2.4 of 9100 and 9110), and
f) revalidation
b) Monitoring and Measurement of Special Processes

The audit team shall determine if there are customer requirements on special processes (during stage 1) and
sample for each of the processes the most important characteristics. For these characteristics, the audit team
shall audit the monitoring and measuring equipment used (e.g. calibration, accuracy) and the method for
recording the results. Where this is a requirement, the traceability between the process (e.g. batch or charge
identification) and the resulting products shall be verified.
For outsourced special processes, the audit team shall verify if the supplier control covers these subjects
accordingly. In addition, the audit team shall review if customer designated sources are used when required.
NOTE 1: Special processes are managed by using qualified personnel, and controlling physical or chemical
special process characteristics [e.g, temperature, time (process duration), pressure, (chemical) composition of
materials (product or process treatment, e.g. surface)].
rd
NOTE 2: Sometimes an audit has been performed by a specialized independent 3 party (e.g. Nadcap). In
such case the audit team may take the results of the audit by this independent organization into account.
4.2.2.7 Preparing Audit Conclusions

Preparing audit conclusions
Prior to the closing meeting, the audit team shall:
a) review the audit findings, and any other appropriate information collected during the audit, against the audit
objectives;
b) agree upon the audit conclusions, taking into account the uncertainty inherent in the audit process;
c) identify any necessary audit follow-up; and
d) confirm the appropriateness of the audit programme or identify any modification required (e.g. scope, audit
time or timing, surveillance frequency, competence)

4.2.2.8 Audit Findings
Identifying and recording audit findings

Audit findings and their supporting audit evidence shall be recorded and reported, and indicate conformity or
nonconformity with audit criteria. In case of conformity, opportunities for improvement may be identified.
Objective evidences assessed during audit shall be recorded on the audit team member summary report: see
appendix 4.
Audit findings which are nonconformities in accordance the definitions given in 9104-1 shall not be reported as
opportunities for improvement.
Conformity with audit criteria shall be summarized to indicate locations, functions or processes that were
audited.
A finding of nonconformity shall be recorded against criteria, contain a clear statement of the nonconformity
and identify in detail the objective evidence on which the nonconformity is based. Nonconformities shall be
discussed with the client to ensure that the evidence is accurate and that the nonconformities are understood.
The conditions for resolving nonconformities and their potential impact upon the certified status shall be made
clear.
When nonconformities are identified, the audit team shall categorize the nonconformity major/minor according
to the definitions in 9104-1. Also the need for containment shall be reviewed by the audit team. Any
containment action and correction may be reviewed during the audit
The Non Conformance Report (NCR) form in Appendix 2 shall be used to record nonconformities.
Each Non Conformance Report shall contain only one nonconformity. Multiple instances of the same
nonconformity shall be considered as one nonconformity.
The identified nonconformities shall not be closed during the same on-site audit in which it was raised.
The audit team leader shall attempt to resolve any diverging opinions concerning audit evidence or findings,
and unresolved points shall be recorded.
Remember, a nonconformity is the non-fulfillment of a requirement, so if the auditor cannot identify a
requirement, then the auditor cannot raise a nonconformity.
There are three parts to a well-documented nonconformity:

a) the statement of nonconformity:
The statement of nonconformity should:
be self-explanatory and be related to the system issue;
be unambiguous, linguistically correct, and as concise as possible; and
not be a restatement of the audit evidence, or be used in lieu of audit evidence.
NOTE: The statement of nonconformity drives the root cause analysis, correction and corrective action by the
organization, so it needs to be precise.
b) the audit evidence to support auditor findings;
The audit evidence should be documented in sufficient detail, to enable the audited organization to find and
confirm exactly what the auditor observed.
c) a record of the requirement against which the nonconformity is detected.

It is important that the auditor identifies and records the specific requirement relating to the nonconformity
clearly, for example, by writing-out the exact text of the requirement from the standard that is applicable to the
audit evidence. This may also apply to other sources of requirements.

If all three parts of the nonconformity are well documented, the auditee, or any other knowledgeable person,
will be able to read and easily understand the nonconformity. This will also serve as a useful record for future
reference.
Important NOTE: If there is no audit evidence there is no nonconformity. If there is evidence it must be
documented as a nonconformity, instead of being soft graded with another classification (e.g. observations,
opportunities for improvement, recommendations). In the longer term, neither the organization, its
customers, nor the certification body benefit by the use of softer classifications, as this risks the nonconformity
being given a lower priority for corrective action.
4.2.2.9 Closing meeting
Conducting the closing meeting

At the conclusion of the audit, a closing meeting shall be held with the clients management and, where
appropriate, those responsible for the functions or processes audited.
The purpose of the meeting is to present the results of the audit and conclusions on the effectiveness of the
management system.
The closing meeting shall be formal and records of the attendance shall be kept. The meeting shall be
conducted by the audit team leader, and the following items shall be included:
a) presentation of the audit findings in such a manner that they are understood and acknowledged by the client;
NOTE Acknowledgement does not necessarily mean that the audit findings have been accepted by the client.
b) the certification body process for handling nonconformities including any consequences relating to the status
of the client's certification;
c) the timeframe for the client to present a plan for correction and corrective action for any nonconformities
identified during the audit;
d) the certification body's post audit activities;
e) information about the complaint handling and appeal processes;
f) the audit team recommendation regarding certification;
g) confirmation of formal communication channels between the certification body and the client for post audit
activities;
h) the method of reporting, including any grading of audit findings; and
i) advising the client that the audit evidence collected was based on a sample of the information; thereby
introducing an element of uncertainty.
Any diverging opinions regarding the audit findings or conclusions between the audit team and the client shall
be discussed and resolved where possible. Any diverging opinions that are not resolved shall be recorded and
referred to the certification body.
4.2.3 Audit Reporting

[ISO/IEC 17021 9.1.10]
A matrix (see Appendix 1) shall be completed by the audit team for each visited site to demonstrate which
processes and quality management system clauses have been audited. The completed matrix sheet shall be
part of the Audit report.
Individual clauses and sub-clauses of chapter 7 of the 9100 standard series may be identified as Not
Applicable (N/A). Exclusions shall be reported in the Audit Report.
Use of Not Evaluated (N/E) shall not be used in an initial or re-certification audit.
At the conclusion of each certification, surveillance and re-certification audit a report shall be compiled
containing the information and using the standard templates as defined in Appendix 1, 3 and 5.

The content of the audit report including findings shall give a true and fair view of the conformity status of the
quality management system in order to allow customers or potential customers to draw adequate conclusions
in their supplier selection and surveillance processes.
The audit summary shall reflect the seriousness of nonconformities (i.e. number, criticality, impact).
The certification body shall leave copies of all information pertaining to the audit results (e.g. check lists,
findings, supporting documents, or other correspondence) with the audit organization for the purpose of
sharing information with their customers.
Certification body tools such as check lists or questionnaires (see Recommended practice associated to
4.2.2.1) and auditor notes shall become part of the audit file/records.
When compiling an audit report, the guidelines defined in ISO19011 clause 6.6.1 should be considered.
Audit reports may be tailored to suit the business terminology of the audit organization.
Audit reports should be issued within the agreed time period. If this is not possible, the reasons for the delay
should be communicated to the audited organization and a new issue date agreed upon.
If the audit team consists of more than one auditor, individual summary reports may be of benefit to assist the
audit team leader in compiling the overall report. The documents defined in Appendix 4 should be considered
for use, to enable the capture of findings by each audit team member (e.g. coverage of the 9100-series
standard clauses, departments subject to audit, processes covered, summary findings).
The use of a process based audit questionnaire is recommended for those auditors who are less
experienced, however their use remains optional. Certification bodies may choose to develop and use its own
questionnaire.
Audit reports may be tailored to suit the business terminology of the audit organization.
4.2.4 Nonconformity Management

[ISO/IEC 17021 9.1.11 to 9.1.15]
The certification body shall have enforceable arrangements to ensure that the client undertakes appropriate
correction and corrective action for all nonconformities.
The certification body shall ensure that the client has effectively identified the cause of all nonconformities and
shall verify the effectiveness of any correction and corrective actions taken. Details of the evidence obtained to
support the resolution of nonconformities shall be recorded. Verification of effectiveness of correction and
corrective action may be carried out based on a review of documentation provided by the client, or where
necessary, through verification on-site.
The evidence for the review and verification for the resolution of nonconformities shall be recorded.
The certification body shall require the organization to record the containment and corrective action(s) on the
Non Conformance Report (see Appendix 2).
a) Containment
The certification body shall require the organization to determine and report the specific containment actions
including correction within 7 days after audit. The certification body shall review the containment actions
including correction within the next 14 days.

b)Corrective Action
The certification body shall require the organization to report the root cause and the corrective action
implemented to eliminate the reported nonconformity. The certification body shall review the
root cause analysis and corrective actions submitted by the organization to determine if these are acceptable.
Evaluation of the corrective action plan and associated corrective actions relating to a nonconformity shall not
be performed during the audit at which the nonconformity was raised.
If the submission is not acceptable, the certification body shall resolve any areas requiring further clarification
with the organization. This activity shall be completed within 90 days from the end of the on-site audit.
The certification body shall issue a report to the organization after verification of corrective actions is complete.
The report shall provide details of verification for each nonconformity identified.
st nd
NOTE: 1 and 2 party auditors may use the same approach as described above.
If there is an indication that the organization does not properly control and/or implement corrective actions,
the auditor should verify the corrective action process (reference 9100-series standard clause 8.5.2). In
that case it is likely that this process is ineffective and justifies the issue of nonconformity.
4.3 Audit Phase Specific Requirements
4.3.1 Preliminary Contact/Activities

An information exchange between the client and the certification body shall take place prior to the development
of an audit program. The information to be exchanged is defined in clauses 8.6 and 9.2.1 of ISO/IEC 17021.
Additionally, the certification body and the client shall agree on any language issues (audit and audit reporting,
certificate content).
The certification body shall require from the organization to provide the following:
- The revenue for aviation, space and defense industry, and the total revenue;
- The number of employees working for aviation, space and defense and the total workforce; and
- The names of the major customers in the aviation, space and defense industry supply chain.
All activities to be included in the scope of certification shall be relevant to the scope of the applicable 9100
series standard for aviation, space and defense customers.
NOTE: see guidance on applicability in 9100 clause 1.2.
Limited access
Organizations may on occasion deny auditors access to proprietary or classified information and/or areas due
to the competitive sensitivity or national security regulations invoked in customer contracts. The certification
body shall require from the organization information if any activities, programs, specifications and/or areas are
not accessible because of restrictive or confidential nature.
The scope of certification shall not include processes that were not audited to sufficient depth to verify
organizations conformance. They may, however, be included if the product processes can be proven to be
similar to processes that can be assessed and the same quality management system procedures and controls
are invoked and audited internally.
In the audit report exclusions for these programs, customers and/or activities shall be stated with supporting
justification provided.
The certification body shall appoint an audit team leader that has sufficient knowledge about the activities of
the intended scope of certification to determine if auditors with specific competences and/or additional
technical experts are needed.

To optimize the benefit of the certification audit program, the certification body shall take account of additional
requirements from the client and the clients customer(s) which are not in conflict with the provisions of
ISO/IEC 17021.
Throughout the certification cycle, the certification body shall ensure that audit time is identified in accordance
with clause 9.1.4 of ISO/IEC 17021.This may have influence on the audit duration.
Where the information provided by client is not sufficient, clarification and additional information shall be
sought.
The certification body shall prepare a draft audit program which identifies the audit activities required to be
conducted throughout the certification cycle. This shall be communicated to the client.
Modifications to the audit program shall be communicated to and agreed with the client.
The audit duration for stage 1 and stage 2 shall be determined by the audit team leader. The audit time for
stage 2 shall be reviewed after the stage 1 audit.
4.3.2 Stage 1 Audit

[ISO/IEC 17021 9.2.3.1]
4.3.2.1 General
The stage 1 audit shall:
be performed by the audit team leader established for the initial audit, and
include an on-site visit by the audit team leader, except for 9120 where stage 1 audit may be conducted off-
site, based on considerations such as the size, location, risk and previous knowledge, etc of the
organization.
For organizations with more than one site but with a single quality management system, the stage 1 visit shall
include the identified central function with the authority for administration, control, audit, review and
maintenance of the single quality management system . Also included shall be a relevant number of
representative sites, including all sites with different technologies and dissimilar activities. This will give the
audit team sufficient information in order to identify the complexity, risk and scale of the activities covered by
the quality management system subject to certification, any differences between sites and to what extent each
site produce or provide substantially the same kind of products or services according to the same procedures
and methods.
The stage 1 visit shall include a tour of the site facilities. This will enable the audit team leader or audit team to
gain a greater understanding of the organizations processes, equipment, areas, products and state of
readiness in preparation for the stage 2 visit.
4.3.2.2 Collection of Information
Following acceptance of the audit program by the client and to enable the audit program to be confirmed, the
audit team shall, during the stage one audit activity, collect sufficient information to enable the certification
body:
- to determine if additional expertise or auditors are required to assemble a competent audit team(s).
- to identify any additional audit activities necessary to fulfill the requirements for initial certification.

The lead auditor shall require the organization to provide the necessary information and documentation for
review, including the following:
description of processes showing the sequence and interactions, including the identification of outsourced
processes;
NOTE: the processes can be depicted in various ways [e.g. process maps, Turtle diagrams, Supplier-Input-
Process-Output-Customer (SIPOC) schemes];
key performance indicators and performance trends for the previous 12 months;
evidence that all requirements of the applicable 9100 series standard(s) are addressed by the
organizations processes;
quality manual, including interactions with support functions on site or remote locations;
evidence of one full cycle of internal audits, including all internal and external quality management system
requirements, organization procedures and processes;
management review results from the previous 12 months;
list of all aviation, space and/or defense and other customers requiring 9100-series compliance and an
indication of how much business each customer represents; and their customer specific quality
management system requirements, if applicable;
evidence of customer satisfaction and complaint summary, including verification of customer reports,
scorecards and special status.
NOTE: Examples of customer specific quality management system requirements are: First Article Inspection
Requirements (e.g. 9102), quality records to be created and maintained by the organization, coordination of
document changes, defined key characteristics, approval of design changes by the customer, flow down of
requirements to sub-tiers, customer notification of production process changes, traceability and handling of
nonconformities, applicability of other IAQG quality management system standards in contracts, e.g. 9115,
9131, etc.
If possible, certification bodies should acquire access to the performance data of the organization available in
customer databases.
4.3.2.3 Review of the Organization

During the stage 1 audit, the subjects as listed under 4.3.2.2 plus the following issues shall be addressed, as
applicable:
number of employees (i.e. full time, part time, contract, temporary) dedicated to aerospace;
number of shifts and shift patterns, specific to production and/or maintenance;
evidence of one full cycle of internal audits;
identification of high risk process/products;
risk management, and associated tools [e.g. Failure Mode and Effect Analysis(FMEA)];
identification of special processes performed or subcontracted;
regulatory requirements/authority approvals/recognitions;
additional requirements on configuration management;
project/program management;
continual improvement activities;
On time and quality delivery performance metrics;
identification of special requirements/critical items (including key characteristics);
First Article Inspection (FAI) requirements, e.g. if 9102 is invoked in contracts;
Foreign Object Debris/Damage (FOD) programs;
special work environments [e.g. Electronic Static Discharge Sensitive (ESDS), clean room];
customer presence at organization (e.g. resident representatives, regular meetings, reason(s) for
presence);
customer satisfaction and complaints status including customer reports and scorecards;
any customer special quality management system/Approved Supplier List approval statuses (e.g. limited
approvals, probation, suspension, withdrawal);
customer restricted areas/proprietary information/confidentiality;
exclusions from 9100-series standards (limited to clause 7) and supporting justification;

export limitations/controls [e.g. International Traffic in Arms Regulations (ITAR), Export Administration
Regulation (EAR)];
customer delegated inspection and delegated Materials Review Board (MRB); and
customer authorized Direct ship/Direct delivery
4.3.2.4 Stage 1 Conclusions

The lead-auditor shall use the result of the above review and any additional information obtained from the site
tour to:
determine the quality management system implementation status;
determine the organizations readiness for the stage 2 audit;
identify any areas of concern and potential nonconformities that could be classified as a nonconformity if not
resolved before the stage 2 audit;
develop a plan for the stage 2 audit, including additional quality management system requirements from the
organizations aviation, space and defense customers;
verify the proposed scope of certification (and its applicability to the IAQG scheme), and where necessary
communicate to the organization why the proposed scope should be modified;
verify and adjust, as needed, the information used for audit day calculation;
adjust the composition of the audit team for the stage 2 audit, including addition of any technical experts or
translators that may be needed; and
identify any changes required to the contract and communicate to the organization and back to the
certification body accredited office.
4.3.2.5 Stage 1 report
A copy of the stage 1 audit results shall be given to the organization at the time of the stage 1 audit completion
or at an agreed to time soon afterwards. The report shall identify issues to resolve prior to stage 2 audit
activities.
The audit findings shall be recorded in the stage 1 Audit report format as in Appendix 5.
For all potential nonconformities identified during stage 1, including those related to documentation review, the
certification body shall require from the organization a corrective action plan to be available before the
beginning of the stage 2 audit.
Recommend Practice
The recommended interval between a successful stage 1 and stage 2 visits should normally be six weeks
but no longer than three months. However, when planning the interval between stage 1 and stage 2 visits,
certification bodies must consider:
the needs and ability of the organization to resolve any areas of concern that may be identified during
the stage 1 visit, and
the continued relevance of the work accomplished during the stage 1 visit.
Certification bodies must make the organization aware of the implications of having an interval either
shorter or longer than the norm.
Certification bodies may use a standardized form to collect information from the customers of the
organization (see Appendix 6: Collection of Customer Quality Data before Auditing an Organization).

4.3.3 Stage 2 Audit
[ISO/IEC 17021 9.2.3.1]
Stage 1 and 2 audits shall not be performed on the same or consecutive days (back to back).
During the on-site stage 2 audit all elements of the quality management system and all organizations
processes that are part of the quality management system shall be audited for compliance and effectiveness
(see also Appendix 1).
During the opening meeting, the audit team leader shall reconfirm with the organization the issues as
discussed during the stage 1 visit (see clause 4.3.2 Stage 1 Audit).
The audit team leader shall:
a) decide on conducting a facility tour to address substantial changes in scope or facilities since the last visit;
and
b) revise planning as required, by any changes at the organization that could impact the audit since the stage
1 audit (e.g. reorganization, new customer complaint).
4.3.3.1 Follow-up Audit
The certification body shall ensure that the client has effectively identified the cause of all
nonconformities and shall verify the effectiveness of any correction and corrective actions taken. Details of the
evidence obtained to support the resolution of nonconformities shall be recorded.
Verification of effectiveness of correction and corrective action may be carried out based on a review of
documentation provided by the client, or where necessary, through verification on-site.
The evidence for the review and verification for the resolution of nonconformities shall be
recorded.
Verification activities shall be carried out by the audit team leader.

Verification shall always be carried out on site if the nonconformity was not related to documentation only.
4.3.4 Surveillance
[ISO/IEC 17021 9.3]
All elements of the applicable quality management system standard and all organizations processes that are
part of the quality management system shall be audited during the surveillance audits within one certification
cycle.
The audit method(s) to be used (e.g. specific problem-, area-, product- or sub-process-audits), shall be based
on the outcome of the audit teams review of system performance data.
The composition of the audit team needs to be determined, based on the audit plan for the surveillance visit.
The certification body accredited office shall define a risk mitigation scheme that addresses the consecutive
use of the same auditors at the same organization. This risk mitigation scheme shall include the use of past
audit report data/conclusions with comparison to the organizations customer performance data.
Audit plans for surveillance shall be based on continuing operational control of process and on product
performance indicators and performance trends for the previous 12 months (both for quality and On-time-
Delivery). Repeated nonconformities on the lack of actual performance data or operational control shall be
reason for suspension of the certification.

Obtaining information on organization performance is key in planning surveillance activities, Sources of
performance information can be internal as well as external. Insight to low performing processes, operational
effectiveness and customer satisfaction can help form the scope of the audit (on areas that need attention).
Information to collect can include customer report cards, customer complaints (e.g. rejection tags, request for
corrective actions), internal metrics (e.g.Cost of Quality, delivery scores, core processes metrics).
Insight to the internal health of an organization and its performance (internal/external to the organization), can
assist in selecting the appropriate audit methods and tools an auditor could use:
if a organizations internal measures indicate high rework/repair/scrap costs, the auditor may elect to use a
reverse audit method conducting a product related audit
if there is leading indication of late deliveries, the auditor could use a 5 Why method to understand why there
are late deliveries, source of constraints causing it, linkage to the quality management system and assess
those areas of the quality management system identified as a source of constraints.
if there the indication that low performance is related to a part of the organization only (e.g. a specific
process, program, or department, the auditor could use a program requirements audit or a sub-process
audit, looking in detail to the activities in the program or sub-processes.
NOTE: a 5 Why approach can be accomplished with the organization before going onsite.
The certification body shall use the Online Aerospace Supplier Information System (OASIS) customer
feedback requests to assist with audit planning for surveillance and re-certification audits.
In such case, the certification body shall react as requested in the feedback request and shall inform the
requester on the action status, using OASIS functionality.
For surveillance audits, the audit team leader shall advise within the report whether recorded nonconformities
should be reason for suspension of the existing certificate.
4.3.5 Re-certification
[ISO/IEC 17021 9.4]
The re-certification audit should be planned minimum 3 months before the expiry date of the current certificate.
The Scope of certification shall be verified prior to each re-certification audit.
Any change of approval status issued by a customer shall be reviewed by the audit team on the impact on the
certification status.
During the re-certification audit all processes and quality management system elements shall be audited (same
as initial stage 2 audit).
All nonconformities shall be closed and verified by the audit team before a recommendation for re-certification
can be made.

4.3.6 Special Audits
Although technically not a part of the initial certification audit, special audits do become a part of the
certification cycle and may be performed at anytime during the certification period:
a) on request by a customer or other interested party when a serious issue is identified;

b) in response to an organizations request to change their scope of certification (commonly known as
extensions to scope) or certified sites; or
c) in case of transfer of certification from one certification body to another
.
NOTE: in this case the pre-transfer review of the existing certification (ref. IAF Mandatory Document MD
2:2007 Issue 1 for the Transfer of Accredited Certification of Management Systems) shall include a visit to the
site(s) of the prospective client by the audit team leader. Items listed in clause 4.2.1 shall be evaluated,
including a review of previous certification audits performed by their previous certification body.
These audits will be coordinated with the organization prior to the visit. The organization must be given
information about the reason and subject of the visit.
An audit plan must be completed and submitted to the organization prior to arrival. The requester (see under a)
must be notified in advance of the audit dates.

LIST OF APPENDICES
Appendix 1: Table for verification of the completeness of the process oriented auditing versus 9100 series
standard requirements
Appendix 2: Nonconformance Report (NCR) form
Appendix 3: Audit Report (Stage 2, Surveillance & Re-certification audits)
Appendix 4: Audit Team Member Summary Report
Appendix 5: Stage 1 Audit report
Appendix 6: Audit Planning -Collection of Customer Quality Data
Appendix 7: Effectiveness Assessment Record
NOTE : The attached templates contain some examples,indicated as italic text for guidance and instruction .
This text shall be removed before using the templates in actual situations.

Appendix 1: Process Based Audit Completeness Record
Instructions: To demonstrate that all clauses have been addressed [X denotes subject covered during the audit at some level or depth;, Y denotes non-conformity, N/A means Not Applicable;
N/E means Not Evaluated . For description of N/A and N/E see clause 4. Italic process names for example only, to be replaced by organizations actual process names.
Organization Name: Core Product Realization Processes
Site: (as specific to audited organization)
Main Processes e.g.Manufacturing e.g. e.g. Design
Procurement
Sub processes/areas (when applicable)
e.g.Machining
e.g.Painting
e.g. Assembly product X
e.g. contracting
e.g. supplier surveillance

Audit Team Member(s):
Process Clause
category
C 7.2.1 Determination of requirements related to the product

O
R 7.2.2 Review of requirements related to the product
E 7.2.3 Customer communication
P 7.3.1 Design and development planning

R 7.3.2-4 Design and development inputs, outputs & review
O
D 7.3.5-6 Design and development verification & validation
U 7.3.7 Control of design and development changes
C
T 7.4.1-2 Purchasing process/information
7.4.3 Verification of purchased product
R
E 7.5.1 Control of production and service provision
A 7.5.2 Validation of processes for production and service
L provision
I
7.5.3 Identification and traceability
Z
A 7.5.4 Customer property
T
7.5.5 Preservation of product
I
O 8.2.4 Monitoring and measurement of product
N
8.2.5 Evidence of conformance (9120 only)

4.2.3 Control of Documents
4.2.4 Control of Records
6 Resource management
6.1 Provision of resources
6.2 Human resources
S
U 6.3 Infrastructure
P 6.4 Work environment
P
O 7.1 Planning of product realization
R 7.1.1 Project management
T
7.1.2 Risk management
7.1.3 Configuration management
7.1.4 Control of work transfers
7.6 Control of monitoring and measuring equipment
8.3 Control of nonconforming product
4.1 QMS General requirements
4.2.1 Quality Manual
5.1 Management commitment
5.2 Customer focus
5.3 Quality policy
M 5.4 Planning
A 5.5 Responsibility, authority and communication
N
5.6 Management review
A
G 8.1 Meas., Analysis and Impr. General
E 8.2 Monitoring and measurement
M
8.2.1 Customer satisfaction
E
N 8.2.2 Internal audit
T 8.2.3 Monitoring and measurement of processes
8.4 Analysis of data
8.5 Improvement
8.5.1 Continual improvement
8.5.2 Corrective action
8.5.3 Preventive action
NOTE: 7.3 not applicable for 9120 Page 2

Appendix 2: Nonconformance Report
Auditing
Auditing Company
Name Non Conformance Report Company
Logo
Organization: NCR number:
Site: Issue date:
Section 1- Details of nonconformity:

Function/Area/Process:
Standard/Clause No(s): Category

(MA/mi):
Statement of nonconformity
Objective evidence:
Auditor : Auditee Name:

Representative
Date: Acknowledgement: Sign.:
Section 2- Auditee Planned Actions

(Attach separate sheet if necessary)
Containment action(s), including correction (fix now) with completion date(s):
Root Cause Analysis (how/why did this happen?):
Corrective Action(s) (to prevent recurrence) with completion date(s):
Auditee Representative: Date:

Auditor Review and Acceptance of Corrective Action(s): Date:
Section 3- Details of Auditor Verification of Action(s) (Implementation and effectiveness):
Section 4- NCR closed out by Auditor on (date): Approved by Audit Team Leader name/date:

Appendix 3: Audit Report (Stage 2, Surveillance & Re-certification)
Auditing Company Name AUDIT REPORT
Re-certification/ Auditing
Audit Type: () Stage 2 Surveillance Company
approval
Logo
Date(s) of Duration On site: Report
audit: (Man Days) Off site: Date:
Organization
Company Name: Contact Details
Address: Telephone:
Facsimile:
Subsidiary of: E-mail:
Web-site: www. Representative:
Audited location(s): Title:
Audit Objectives:
Audit Scope
Permitted Exclusions
from 9100/9010/9020:
Certificate/Approval Expiration Date:
Number:
Audit Team
Audit Team Leader:
Audit Team Members:
Observers/Translators:
Audit Criterion
Standards (): 9100 9110 9120 Version:
Quality Manual Reference: Revision:
Nonconformity
Total number of nonconformities raised during this audit:
Total Major: Total Minor:
Report Issue
Audit Team Leader
Name:
Auditing Company:
Audited Organization
Representative:
Report Distribution:
Page 1
This audit report is the property of the audited and the auditing orgarganization. Distribution to other companies or
individuals is authorised only by written agreement of the audited and the auditing orgarganization.
AUDIT CONCLUSIONS
Audit Summary:
General summary of the audit; overall results, including comments relating to the:
effectiveness of the quality management system, to enhance customer satisfaction by meeting
customer requirements;
ability of the organization to constantly provide product that meets customer and applicable regulatory
requirements; and
ability of the organizations quality management system to continually improve its effectiveness.
Key Issues/Concerns requiring Management Attention:

(Summarize the key issues/concerns from the audit that require management attention)
Page 2

Strengths and Good Practices:
(Summarize areas of strength and good practice)
Opportunities for Improvement:

(Summarize opportunities for improvement)
Summary of Effectiveness :
Statement of
)
Effectiveness (
realized
and results are
Planned activities
results not realized
realized but planned
Planned activities
realized
and results are not
planned activities
EAR
Process Summary
Ref #

Summary of Nonconformance :
NCR Standard Function, Category

Summary Description Clause No. Area or Major /
No. Process Minor
Page 4

Previous Audit Nonconformity Disposition
NCRs raised at last visit NCRs closed NCRs open
Comments:
Agreed Follow Up Arrangements:
Report Issue
Name:
Position:
Date:
Audit Team Leader Recommendations

The organization:
is ready for certification/approval
is ready for re-certification/re-approval
needs suspension
can continue existing certification/approval
shall close out of nonconformities before decision can be taken *
* tick applicable
NOTE: in case of follow up, outcome shall be reported in additional pages. Check text in 9101 under follow
up.
If none of above enter reason(s):
Page 5

Appendix 4: Audit Team Member Summary Report
Auditing AUDIT TEAM MEMBER SUMMARY Auditing Company

Company Logo
Name REPORT
Audit Team Member:
Date:
Audited Organization:
Area/Department:
Organization staff interviewed during this audit

Name : Position :
Summary of activities, processes and documents reviewed :
Auditor notes :
Page 1
Auditor notes (cont.) :
Nonconforming issues Identified :

Item Brief Description : NCR
#: Ref.No. :
Note : As a team member the nonconformance issues identified may be a single nonconformity or roll up to a
systemic issue identified by multiple auditors
Opportunities for Improvement :
Strengths/Good Practices
Recording completeness of the process oriented auditing for each individual auditor: see appendix 1 of 9101
Page 2
Appendix 5: Audit Report (Stage 1)
Auditing company
name STAGE 1 AUDIT REPORT Auditing
Company
Date(s) Duration Report Logo
of audit: (Man Days): Date:
Organization
Company Name: Contact Details
Telephone:
Address:
Facsimile:
Subsidiary of: e-mail:
Web Site: www. Representative:
Location(s) Visited: Title:
Preferred Language for Stage 2: Interpreter Needed (Yes/No):?
Proposed Certification Scope:
Permitted Exclusions from
9100/9010/9020:
Audit Team Leader:
Audit Criterion
Standards (): 9100 9110 9120 Version:
Quality Manual Reference: Revision:
Organization Organization Shift

Number Employees
Business Revenue Patterns
Revenue % of Total % of Total Number of Employees
F/P/T*
(optional) Revenue Workforce E/D/L/N**
Aviation
Space
Defense
*F=Full time, P=Part Time, T= Temporaray **E= Early Shift, D=Day Shift, L=Late Shift, N=Night Shift
List of Current(C)/Potential(P) Aviation, Space and Defense Major Customers
% of
Customer Address Contact
business
Page 1
High Level Process/Procedure Confirmation (S=Satisfactory, U= Unsatisfactory)
Requirement ) U(
Reference: S( ) Comments:
Evidence of a documented procedure
covering control of documents (4.2.3)
covering control of records (4.2.4)
covering internal audit (8.2.2)
Evidence and applicability of a quality
manual
Evidence of Quality Manual interaction with
support functions (on site or remote)
Evidence that all the requirements of 9100-
series standards are addressed by the
organization's processes
Evidence of the description and sequence
of processes
covering control of nonconforming product
(8.3)
covering corrective action (8.5.2)
covering preventive action (8.5.3)
Evidence of the description of process
interaction
Evidence of the identification of outsourced
processes
Evidence of management review planning
and results from previous twelve months
Evidence of internal audit planning and
results from previous twelve months
Comments (summary of above if unsatisfactory)
Key Customer Performance

Trend of Quality Performance
Trend of On time Delivery
Customer previous 12 months (escapes,
Performance previous 12 months
rejections, complaints, defectives, etc.)
Unsatisfactory
Satisfactory () Satisfactory () Unsatisfactory ()
()
Comments (summary of above trends, plus any other customer performance information gathered):
Page 2
This audit report is the property of the audit client and thecertification body. Distribution to other companies or
individuals is authorised only by written agreement of the audi clinet and of thecertification body.
Customer Quality Management System Approval Status (limited, probation, suspension, withdrawal)
Customer Approval Status
Additional Aviation, Space and Defense Customer Quality Management System Requirements
Customer : Description of Additional Requirement : Document Reference :
Comments:
(Audit team leader to verify and confirm that the organization has a process for identifying, communicating
and implementing customer specific requirements)
Page 3
Key Process Information (specific process information obtained from the organization, including summary comments)
Process Comments
Process Mapping
High Risk Processes/Products
Risk Management
Special Processes (e.g. metal joining,

coating, thermal processing, bonding,
chemical treatment etc.)
Regulatory Requirements/Authority
Approval/Recognitions
Configuration Management
Project/Program Management
Continual Improvement activities
Special Requirements/Critical Items

(including Key Characteristics)
First Article Inspection (e.g. 9102)
Foreign Object Debris/Damage (FOD)

Programs
Special Work Environment (ESDS,

discharge, clean room,
temperature/humidity controls etc.)
Customer Presence in Organization
(on-site representatives, regular
meetings, reason etc.)
Restricted areas/proprietary
information/confidentiality
Export Limitations/Controls
Customer Delegated Inspection
Non Conformity Management [e.g.

Delegated Material Review Board
(MRB)]
Page 4
Potential Nonconformity:
(areas of concern that could be classified as a nonconformity during the Stage 2 audit)
Audit Team Leader Recommendations :

The organization is ready to proceed with the Stage 2 audit : Yes/No
If No enter reason(s):
Has the organization been requested to submit a corrective action plan prior to the Stage 2
Yes/No
audit
Proposed Stage 2 audit man day calculation (number of audit man days):
Proposed date(s) of the Stage 2 audit (elapsed time should be between six weeks and
three months):
Composition/competency of the audit team for the Stage 2 audit should include:
Organization Confirmation
Organization agrees that all results of the audit including report, findings, corrective actions,
checklists, auditor notes etc. are made available for customer/potential customer review as Yes/No
required :
Report Issue
Audit Team Leader
Name:
Auditing organization:
Organization
Representative:
Report Distribution:
Page 5
Appendix 6: Audit Planning -Collection of Customer Quality Data
Auditing company
name COLLECTION OF CUSTOMER QUALITY DATA Auditing company logo
AUDIT TEAM LEADER INFORMATION ORGANIZATION (SUPPLIER) INFORMATION
Name: Company / Division
Phone:
Site (s) to be Audited
(Addresses):
Fax/E-mail:
Auditing
organization:
Scope of Certification:
Sending Date:
Return Due Date: Standard to be used:
Organization identified as Customer
Company Quality Representative Fax/E-mail
Give a judgment on the following subjects

A(=good) B C D(=poor)
Quality of products
Tick A, B, C, or D as appropriate
(plus comments if any)
4 5 6 7 8
Weak elements of the Quality 1 2 1 2 3 4 5 6 1 2 3 4 1 2 3 4 5 6 1 2 3 4 5
ManagementSystem you consider
necessary to focus on during the audit
(plus comments, if any)
Easiness of communication
Responsiveness on requests
Compliance with delivery times (On
time delivery) (agreed targets and
current performance)
Do you have performance rating on this

supplier? If so, what is the most recent
rating?
(Please provide a copy of the scorecard)
Others comments (specific requests,
specific requirements applicable to
supplier, etc.)
Completion Date Name of the Company Name and Signature

Appendix 7: Effectiveness Assessment Record (EAR)
Auditing company Auditing company

name Effectiveness Assessment Record logo
1 2
Organization: Report Number:
3 4
Site: Issued Date:
5
Process Name: Process category

Core Product realization Support Management
Details of process assessed including associated interfaces:
6
9100/9110/9120 Clause(s) Reference:
7
Associated Support Process(es) Assessed:
8
Statement of Effectiveness:
The assessed process has been determined that planned activities and results are realized
The assessed process has been determined that planned activities are realized but planned results are
not realized
The process has been determined that planned activities and results are not realized
9
How was process effectiveness determined (methodology)?
10
Objective Evidence, Observed Conditions, Data, and Comments to Support Effectiveness
Determination
11 12
Audit Team Leader: Signature and Date:
Signature indicates that all relevant requirements (including requirements for support processes identified in Block #7) have been
assessed to determine effectiveness of the core or support process identified in Block #5.
Page 1
Instructions
Effectiveness Assessment Record
Rules for EAR Total
for each specific Core product realization proces one EAR Max app.. 10-12
for each Support process one EAR 9
for each Management process one EAR 8
1 Identify name of organization audited as noted, or to be noted, on the certificate or

approval.
2 Identify unique assessment report number.
3 Identify location of the audited organization as noted, or to be noted, on the certificate

or approval.
4 Indicate the date that the audit report was issued to the organization identified in Block
#1.
5 Identify the process assessed. Indicate "Core Product Realization" or "Support" or

Management, as applicable, and the name of the process. Refer to the Process
Matrix of Appendix 1. See also page 3 of Appendix 7
6 Identify the primary 9100/9110/9120 clauses(s) used for Core product
realization/Support/Management process audit. Refer to the Process Matrix of
Appendix 1.
7 Document the support process(es) audited associated with the Core product
realization /Support/ Management process identified in Block #5. Refer to the Process
Matrix of Appendix 1.
8 Indicate to what extend the audited core/support process was determined effective.
9 Describe the audit methods, tools, processes, etc. used.
10 Annotate relevant objective evidence, observed conditions, data, comments, etc., to

support the auditor's statement of effectiveness or ineffectiveness as indicated in
Block #8. Objective evidence for relevant support process requirements shall also be
recorded.
11 Print the name of the audit team leader.
12 Signature of the audit team leader and date. Signature indicates that all relevant
requirements (including requirements for support processes identified in Block #7)
have been auditor to determine effectiveness of the core/support/foundation process
NOTE 1: Indication of a MAJOR nonconformance shall result in core process determination as "ineffective".
NOTE 2: An indication of minor nonconformance(s) may result in core process determination of "effective".
Page 2
Planning of Product
Control of Nonconforming Product (8.3)

Support Processes Realization (7.1)
Control of Monitoring and Measuring

(similar for each organization)
CONTROL OF WORK TRANSFERS

Configuration Management (7.1.3)
Control of Documents (4.2.3)
Resource Management (6.0)
Project management (7.1.1)

Control of Records (4.2.4)
Risk management (7.1.2)
Devices (7.6)
Core Product realization processes
(7.1.4)
(specific for each organization)
Customer-Related Processes (7.2 ) x x x x x x

Design and Development (7.3) x x x x x x x x
Purchasing (7.4) x x x x x x x x x
Production and Service Provision (7.5) x x x x x x x x x
Monitoring and Measurement of Product (8.2.4) x x x x x x x x x
Management processes (similar for each organization)

Measuring, Analysis and Improvement NOTE 1:
Customer satisfaction (8.2.1) The Management Processes are 'linked' with both the Core as well as the
Auditing (8.2.2) Support Processes Production Realization Processes
Monitoring and measurement of processes (8.2.3) NOTE 2:
Analysis of data (8.4) The Management review proces (5.6) is strongly interrelated with the
Improvement (8.5) Improvement process (8.5)
Organization foundation
QMS Organisation & Documentation (4.1 & 4.2) NOTE 3: The Effectiveness of the organization foundation process is a
Management responsibilities (5.1-5.5) measure for the overall effectiveness of the Quality Management System
Management review (5.6)
Page 3

IAQG 9101 Coordination Draft Modified

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IAQG 9101 Coordination Draft Modified

Uploaded by

Copyright:

Available Formats

9101: 2008

Quality management systems- Aviation, Space and Defense

Quality management system audits

- the process and continual improvement approach defined in 9100-series standards,

This document contains requirements (shall), and recommended practices (may).

IAQG Coordination Draft, 6 June 2008 1

REVISION SUMMARY/RATIONALE ................................................................................................................. 1

TABLE OF CONTENT ....................................................................................................................................... 2

3. TERMS AND DEFINITIONS ....................................................................................................................... 7

IAQG Coordination Draft, 6 June 2008 3

0.2. Auditing Approach

IAQG Coordination Draft, 6 June 2008 4

IAQG Coordination Draft, 6 June 2008 5

AS/EN 9110* Quality Management Systems Requirements for Aviation Maintenance,

AS/EN/SJAC 9104* Requirements for Aerospace Quality Management System

AS/EN/SJAC 9104-2* Requirements for Oversight of Aerospace Quality Management system

ISO 9000: 2005 Quality management systems Fundamental and vocabulary

ISO/IEC 17000: 2004 Conformity assessment Vocabulary and general principles

NOTE 1: ISO/IEC 17021-2 is under development. See note 2 under 1. General.

IAQG Coordination Draft, 6 June 2008 6

3.1 Audit Cycle:

3.3 Certification cycle:

3.4 Effectiveness Assessment Record (EAR):

3.5 International Aerospace Quality Group (IAQG):

3.6 Industry Controlled Other Party (ICOP):

3.7 Non Conformance Report (NCR):

3.8 On Line Aerospace Supplier Information System (OASIS)

3.9 Other Party:

IAQG Coordination Draft, 6 June 2008 7

a) Preliminary contact visit,

IAQG Coordination Draft, 6 June 2008 8

4.2 Common Audit Activities

4.2.1 Audit Planning

Audit plans shall be based on the review of:

IAQG Coordination Draft, 6 June 2008 9

4.2.2 Conducting on-site audits

[ISO/IEC 17021 9.1.9]

c) On-site Audit Activities

IAQG Coordination Draft, 6 June 2008 11

There shall be an interview with top management to audit:

See also ISO 9001 Auditing Practices Group Guidance on:

IAQG Coordination Draft, 6 June 2008 12

IAQG Coordination Draft, 6 June 2008 13

IAQG Coordination Draft, 6 June 2008 14

When the desired level of performance is being achieved:

NOTE: see also the Effectiveness Assessment Record template in appendix 7.

IAQG Coordination Draft, 6 June 2008 15

IAQG Coordination Draft, 6 June 2008 16

a) Validation of special processes

b) Monitoring and Measurement of Special Processes

4.2.2.7 Preparing Audit Conclusions

IAQG Coordination Draft, 6 June 2008 17

Identifying and recording audit findings

There are three parts to a well-documented nonconformity:

c) a record of the requirement against which the nonconformity is detected.

IAQG Coordination Draft, 6 June 2008 18

4.2.2.9 Closing meeting

Conducting the closing meeting

4.2.3 Audit Reporting

IAQG Coordination Draft, 6 June 2008 19

4.2.4 Nonconformity Management

IAQG Coordination Draft, 6 June 2008 20

4.3 Audit Phase Specific Requirements

4.3.1 Preliminary Contact/Activities