Professional Documents
Culture Documents
of AS9100 Rev D
WHITE PAPER
In this document, you will find each clause of AS9100 Rev D explained in plain English to help you better
understand the requirements of the standard. To make this easy, the clauses will be laid out in the same
order and assigned the same numbering designation as the clauses in AS9100 Rev D, and there will be
links to additional learning materials included as well.
Introduction
Some people see a management system as an administrative burden with limited benefit to the
company, but why is this the case? This could be due to the thinking of some individuals that the
management system is something separate from the way they do their “business,” but this line of
thinking limits their ability to go beyond simply documenting everything in the management system to
the point where they can benefit from the improvements that a management system can bring.
Please note that this white paper is not a replacement for the AS9100 Rev D requirements. You can get
the requirements from the http://standards.sae.org/as9100d/ website.
The basic concept of the process approach is that you look at the activities in your entire organization as
a series of processes—activities that take inputs and perform actions to make outputs. You can then
determine the sequence and interactions of your processes, which allows you to determine what
processes need to happen before others can start, what resources you need for each process, and what
results are expected and needed from each process. In addition, identifying the interactions between
processes can give you insight into potential problems and waste, where outputs are not adequate or
remain unused.
The best approach is to start your implementation by creating a process map that includes all of your
processes and how they are interconnected. For instance, your purchasing process needs input from
your contract process to determine what to buy, so it cannot start until your contract process has
created this output. Likewise, your production process cannot start until your purchasing process has
acquired the correct raw materials. Your global process map, which identifies all of the processes and
how they link together, will then allow you to define the processes in terms of inputs needed, controls
to be applied, and outputs expected. This process map can then be reviewed and updated throughout
the implementation process.
To find out more, see this article: PDCA cycle in AS9100 Rev D.
Customer
requirements
Planning Performance
Leadership
(6) Evaluation
(5)
(9)
of interested (10)
parties
(4)
Top Management – The individual or group who controls and coordinates the organization at the
highest level. When the scope of the management system covers only part of an organization, this term
refers to the individuals who direct that part of the organization.
Organization – A person or group who has their own functions with responsibility and authority to
achieve objectives.
Context of the organization – The combination of internal and external factors that affect the ability of
the organization to achieve their stated purpose, objectives, performance, and sustainability with
respect to the management system. This can include internal factors such as values and knowledge, as
well as external factors such as competitiveness and economic environment.
Interested party – A person or organization who is involved in, or perceives itself to be affected by, the
activities of the organization. Interested parties can include customers, suppliers, government, local
communities, employees, etc.
Process – Any set of activities that takes inputs to deliver an intended result, or output. For example:
the production process takes inputs (raw materials, work instructions, product specifications, etc.) and
performs several steps in an appropriate sequence. The outputs are the product, quality check reports,
etc.
Quality – Quality is the difference between a customer’s expectations and the perception of how well
these expectations were met upon receipt of the products and services.
Risk – Risk is “the effect of uncertainty on objectives,” and is seen as a positive or negative deviation
from what is expected. In the aerospace community, risk is generally expressed in terms of the
likelihood of occurrence and the severity of the consequences.
Five aerospace-specific terms are defined within AS9100 Rev D: counterfeit part, critical items, key
characteristic, product safety, and special requirements. For more information on these aerospace-
specific terms, see this article: Five special aerospace terms in AS9100 Rev D.
Tip: For more information, see this article: AS9100: Understanding the requirements of context of the
organization.
Tip: For more information, see this article: Identifying interesting parties and their requirements
according to AS9100 Rev D.
For more information, see this 9001Academy article: How to define the scope of the QMS according to
ISO 9001:2015.
Additionally, you will need to maintain any necessary documented information to support the processes
you have identified and to provide evidence that the processes were carried out as planned. The
necessary descriptions of the QMS and its processes, as well as other information gathered, can be
collected into a single document and called a quality manual.
Tip: For more information, see this article: The future of the quality manual in AS9100.
5.2 Policy
The quality policy is the overall goal and commitment that top management intends to be met by the
QMS—the high-level document stating the QMS direction, including commitment to quality and
customer satisfaction. Some key factors include providing a framework for quality objectives, meeting
compliance and regulatory obligations, and providing a commitment to the continual improvement of
the QMS. Critically, the quality policy must be maintained as documented information (possibly in the
quality manual mentioned above), be communicated and understood throughout the organization, and
available to interested parties.
Tip: For more information, see this article: Is the management representative still required in AS9100
Rev D?
Tip: For more information, see this article: How to define quality objectives in AS9100.
7.2 Competence
You will need to identify the competence required to properly perform the processes of the QMS such
that adequate outputs are obtained. This competence can be based on appropriate education, training,
or experience, and you must then ensure that employees performing the processes have the necessary
competence. This means your process will need to not only identify what competence is required, but
also what competence is missing for employees and how you will ensure that they obtain this
competence for the work to be performed.
7.3 Awareness
Awareness is closely associated with competence; however, it deals with what the employees must
understand to perform their work. Employees must be aware of the quality policy and objectives,
current and future impacts that affect the tasks they perform, and what their personal performance
means in the QMS, including how bad performance could affect the QMS. The information on personal
performance needs to include how they affect product and service conformity, product safety, and the
importance of ethical behavior.
7.4 Communication
In order for your QMS to be effectively relayed to your employees, you will need to establish processes
for internal and external communication. What do you need to communicate? When do you need to
communicate? How will you communicate? Who will you communicate to? Who will do the
communication? You will need to have some communication plans in place for when something
happens in your QMS that you need to relay to interested parties.
The standard requires that the documented information you need for your QMS is properly identified
and described, adequately protected, stored and preserved to maintain legibility, distributed and
retrieved to ensure appropriate use, and controlled when changes are made. Documented information
must be adequately reviewed and approved prior to use to ensure that the information is fit for the
intended purpose.
Another important note is that you must have controls in place to prevent the unintended use of
obsolete information.
Tip: For more information, see this article: A new approach to document and record control in AS9100.
You will then need to define the processes needed to produce the necessary product and service
features, as well as what criteria the products and services need to meet to be accepted for release. You
will then need to identify the resources required in order to ensure that these processes function, as
well as the records needed to show that they were carried out as planned.
For adequate planning of operational control, you will also need to put in place the processes needed to
address operational risk management, configuration management, product safety, and the prevention
of counterfeit parts.
Tip: For more information, see these articles: 5 key elements of risk management in AS9100 Rev D and
Understanding configuration management in AS9100 Rev D.
There are certain activities that need to happen before offering your products and services to the
customer; requirements need to be defined, such as applicable legal requirements and those your
organization deems necessary, and you will need to ensure that you can deliver to these requirements.
After you receive the order, and prior to delivery, your organization must review the requirements
related to the products and services and keep records of this review. When a customer changes the
requirements, you must ensure that all necessary documented information is amended with the new
information and all relevant persons are aware of the change. In addition, special requirements of the
products and services need to be determined and any operational risks need to be identified.
The first step in design and development is planning, where all phases must be defined with appropriate
activities including review, verification, and validation for each phase. Design and development inputs
related to products and services include:
Design and development outputs are to be in a format suitable for verifying that they meet the design
inputs. They must be approved before acceptance, and can be in any form necessary for the product or
service, such as drawings, parts lists, plans, packaging information, etc.
Review is an important part of design and development, and review activities must be defined and
controlled to ensure that the process proceeds in the intended direction. The review can identify
problems during design and development and suggest actions to resolve these problems, and the
review must be documented. When tests are necessary for the purpose of verification and validation,
these tests must be planned, controlled, reviewed, and documented.
The last step in design and development is to identify, review, and control changes during the design
and development of products and services. Documented information is required regarding these
changes, the results of reviews, authorization for change, and actions taken to prevent adverse effects.
You will also need to establish controls to ensure that externally provided processes, products, and
services do not adversely affect your products and services. These controls need to be communicated to
external providers, and may include:
Your organization retains responsibility for the conformity of all externally provided processes,
products, and services, and must manage the risks identified for external providers.
Outputs must be identified by suitable means to ensure product and service conformance is identifiable.
When traceability is required, your organization needs to control the outputs by unique identification
and, where necessary, maintain documented information. When property belonging to customers or
external providers is used, the organization must identify, verify, protect, and safeguard this property,
including reporting on lost or damaged property.
Outputs must be preserved to maintain product and service conformity, and post-delivery activities that
are required for the products and services must be identified and planned. These post-delivery activities
may be determined through statutory and regulatory requirements, customer requirements, customer
feedback, analysis of in-service data, etc.
When changes in the product and service provision processes are required, they must be reviewed and
controlled in order to ensure conformity to requirements. Persons authorized to approve product or
service provision changes shall be identified.
Correction
Segregation, containment, return, or suspension
Informing the customer
Obtaining authorized acceptance by relevant authority, and when acceptable to the customer
When you disposition nonconforming products as use-as-is or repair, you can only implement the
disposition after approval by an authorized design authority, and customer approval when the
nonconformity results in a departure from contract requirements. Product that is scrap must be marked
or controlled until physically rendered unusable, and counterfeit or suspected counterfeit parts must be
controlled to prevent unintended use. When a nonconformity is corrected, the conformity to
requirements must be verified prior to use.
Documented information must be kept that describes the nonconformity, actions taken, concessions
obtained, and the authority deciding on the actions to be taken.
The first step is to determine what needs to be monitored and measured, how, and when, as well as
when data will be evaluated and analyzed. Monitoring and measurement should include effectiveness
of the QMS as well as how well you met customer requirements (including on-time delivery) and how
satisfied customers are. This can be done by many forms including interviews, questionnaires, direct
contact, etc.
At the conclusion of an audit you will present audit results collected from the review of data during the
audit. These results will include observations of positive outcomes, opportunities for improvement, and
non-conformities to the processes. When corrective action is taken for a non-conformity, and
verification of the action is needed, a follow-up audit may be necessary.
Tip: For more information, see these articles: 6 Main steps in the internal audit according to AS9100 Rev
D and Developing an internal audit checklist for AS9100 Rev D.
The review must evaluate the status of previous actions, changes in internal and external issues,
customer satisfaction, quality policy and objectives, process performance, nonconformities and
corrective actions, monitoring and measurement results, audit results, external provider performance,
on-time delivery performance, adequacy of resources, effectiveness of actions for risks and
opportunities, and opportunities for improvement.
The output of the management review includes decisions on opportunities for improvement, changes to
the QMS, resource needs,and risks identified. Results of the management review must be maintained as
documented information.
When necessary, corrective actions must also be flowed down to external providers when it is
determined that the responsibility lies with them. Specific actions must be taken when timely and
effective corrective actions are not achieved.
Tip: For more information, see this article: Corrective actions vs. continual improvement in AS9100.
With this in mind, can you afford NOT to implement AS9100 Rev S within your organization?
Tip: For more information, see these articles: 7 Key benefits of AS9100 implementation and 13
Implementation steps for AS9100 Rev D.
References
9100Academy