as9104/1: the main changes

Company Confidential 1

AS9104/1:The Main Changes

Tim Lee12 March 2012

2

Why AS9104/1?•Feedback from the IAQG leadership resulted in

ICOP improvement projects

• Audit Process Improvements– Improved through changes in 9101:2009 – Now published as AS9101 Rev D

•Consistency of Auditor Training– Addressed through common global Aerospace Auditor

Transition Training (AATT) sanctioned by the IAQG

•All other areas are addressed through changes in the scheme requirements i.e. with the introduction of AS9104/1 published in January 2012

3

Original Requirements for AS9104/1•Complete the Trilogy of 9104-series

documents, by revising AS9104

•Remove sections made redundant by the release of AS9104/2 (Oversight) and AS9104/3 (Auditor Training and Qualification)

•Address the areas of ICOP concern, by enhancing/revising topics identified in the OPMT FMEA (eg. audit days, multi-site, etc.)

•Upgrade to the new ISO and IAF audit docs.

4

Significant Changes to AS9104/1

•AS9104/1 is a total rewrite of the original 9104 document

•From AS9104 to AS9104/1 the document has increased from 30 pages to approximately 49 pages

•This training will only focus on the major changes that deviate significantly from the AS9104 standard.

5

AS9104/1 The Significant Changes

•Let’s Go …..

6

1. Scope Significant Changes• Introduces the concept of the ICOP scheme

• Sets Applicability to SMS, OPMT, ABs, CBs, and CBMCs

• Expands Applicability to IAQG Member Companies, AABs, TPABs, TPs and organisations seeking or obtaining AQMS standard certification.

• Defines AQMS standards as 9100, 9110 and 9120

• Introduces IAQG Member recognition of supplier certification to AQMS standards

AS9104/1 Significant Changes

7

2. References Significant Changes

• Updates to the revised ISO/IEC Documents e.g. 17011, 17021, 19011 etc.

• Includes AS9104/2 and AS9104/3

• Updates to the revised IAF Documents - MD 1, MD 2, MD 3, MD 4, MD 5, ML 4, GD 3, etc.

• Establishes Equivalencies for AS, EN, JISQ, SJAC, NBR, etc. (sector publications in USA, Europe, Japan, Japan and Brazil, etc.)


8

3. Definitions Significant Changes

• Increased number of Definitions from 11 to 29

• 22 new, 1 deleted, most others small changes

• Added Definitions include:- AQMS, AQMS Auditor, AAB, CBMC, ICOP, OPMT, TPAB- Assessment, Audit, Containment, Pre-Audit, Office

Assessment, Witness Audit, Witness Assessment- Site, Certification Structures, Lead Office, Central

Office, Combined Audit, Integrated management System, Organization

- Cross Frontier Accreditation


9

4. General replaced with4. Requirements of the Sector Management Structure

• Defines authority for the SMS, CBMC for:

• Approving ABs for ICOP participation

• Review and recognition of accreditation of CBs

• Approval of AABs and TPABs

• Data reporting to OPMT and OASIS

• Approval, Suspension & Withdrawal of entities

• Defining Operating Procedures including a process for Resolutions

• Recognition of entities approved or recognised in other sectors


10

5. Accreditation Bodies Significant Changes

• Conformance to ISO 17011 and IAF ML 4• SMS recognition of AB accreditation

decisions for accredited CBs in ICOP scheme• Enhanced detail for the CB Application and

Review Process• 9104-1 Accreditation for CBs scoped by

AQMS• Detail on OASIS entry requirements • Surveillance requirements (new table)

‒ Includes number of CB Client Files and number of Witness Assessments to be assessed annually


11

5. Accreditation Bodies Significant Changes

• Closure timescales for AB Nonconformity Reports raised on CBs

• CB suspension and withdrawal process including specific conditions causing suspension

• Complaint and issue resolution process• Notification to the AAB for AQMS auditor

competence issues• AB personnel competence including decision-

making personnel A, S & D competence


12

6. Certification Bodies Significant Changes

• Conformance to ISO 17021 and IAF Mandatory Documents (MD)

• No AQMS certificates before accreditation

• CB to maintain accreditation for ISO 9001 to keep accreditation for AQMS certification

• CB Certification Decisions must utilise a person with A, S or D competence

• CB Auditors must be Competent as per ISO/IEC 17021 and Authenticated to AS9104/1 and AS9104/3 requirements

• Allow periodic Surveillance and Oversight


13


• CB is responsible for ensuring data is accurately entered into OASIS

• CBs must ensure clients have an OASIS Administrator

• CBs must have a Complaint / Issue Resolution Process

• CBs Audit Programme to conform to 9101, 9104 series, 17021 and applicable IAF MDs

• No CB Consultancy

• Responsibility for Integrity and Validity of Certificates


14


• Rules and consequences for Suspension and Withdrawal of a CB

• CB Rules for application of Advanced Surveillance and Recertification Procedures (ASRP) and Computer Aided Auditing Techniques (CAAT)

• Ensure access for audits involving areas and materials which are Classified and/or Export Controlled

• Restrictions on clients demanding audit team changes without good reason


15

7. AQMS Auditors Reference to AS9104/3

• Auditor Competency Detailed in AS9104/3 and is required to be demonstrated

• AAB responsibility for evaluation, authentication, and re-authentication of AQMS Auditors (both AA and AEA)

• Applicant Auditors to inform AAB of a previous rejection, suspension, or withdrawal in another SMS

• Withdrawn Auditors May NOT Re-Apply for 12 Months in Any IAQG Sector

• Consequences for not re-authenticating on time (i.e. apply more than 3 months before expiry, no application before expiry = withdrawal)


16

8. Audits and Reporting Significant Changes• Certification Structures defined in Annex B

– New: campus, several sites and complex organisations

– As before: single site and multiple site

• Eligibility Criteria for each structure documented (Annex B)

• CB and client to agree structure type

• CB to retain records of structure determination

• For Complex organisation structures the CB is to refer rationale and justification to the IAQG OPMT Certification Structure Oversight Committee (CSOC) for approval


17

8. Audits and Reporting Significant Changes• Minimum audit days

– New Audit Day Table

– NO reductions from Audit Day Table are allowed except as specified for ASRP, CAAT and Several Sites

– Increases to Audit Day Table are both allowed and expected

– Audit Day Table is Compliant to IAF MD 5

– New Table Specifies Initial, Surveillance, & Recertification Days for 9100/9110, 9100/9110 less Design, and 9120.


18

8. Audits and Reporting Significant Changes• Minimum audit days (continued …)

– Audit Day Table DOES NOT include Non-Audit Time (travel, meals, breaks, etc.)

– Audit Day Table DOES NOT include Auditor Time for Audit Planning, Writing of Reports, Filling Out 9101 Forms, etc.

– Justification for audit days required to be documented

– Extra time for correction and corrective action verification, use of translators, etc.

– Method for calculation of audit days set for each certification structure type


19


– Audit Days - Audit Day is 8 Hours

– Working longer is still counted as 8 hours

– (cannot do 4 days of 10 hrs to equal 40 hours)

– Must audit ALL working shifts

– Shift auditing still meets 8 hour daily limitation

– If work less than 8 hours per day add extra days to compensate to maintain on-site duration

– If stage 1 required at recertification, audit time is to be added


20


– Requirements for auditing management systems with multiple AQMS applicability

– Multiple AQMS additional minimum audit days based on level of integration of activities and processes

» >80% integrated = Fully Integrated = +15%

» >50% to 80% integrated = Partially Integrated = +30%

» <50% integrated = Not Integrated

Audit duration is independent from each other i.e. add 100% table 2 for headcount for additional AQMS standard.

• Audit Team Leader to be on one site and an AEA to be on site at each site throughout the whole of the audit


21

8. Audits and Reporting Significant Changes• Nonconformities

– Client suspension if conformance not established within 60 days from issue of NCR

– Customer notification included where applicable

• NCRs as a minimum to be provided at closing meeting

• Complete audit report within two weeks of closing meeting

• Certified organisations to provide a copy of audit report to customers upon request


22

8. Audits and Reporting Significant Changes• Transfer of AQMS certificates

– IAF MD 2 applies in full

– If transfer < 12 months before expiry full stage 1 and stage 2 audits required

– On site audit always required

• Advanced Surveillance and Recertification Procedures (ASRP)

– In accordance with IAF MD 3 requirements i.e. CB must be accredited to apply ASRP

– Reduction in on-site audit duration not exceed 30%

– CB client internal auditors must be AA equivalent and one must be AEA equivalent to lead internal audit


23

8. Audits and Reporting Significant Changes• Computer Aided Auditing Techniques (CAAT)

– IAF MD 4 applies in full

– Audit time transferred to off-site activity and is not reduced overall

– Combined CAAT and ASRP shall not reduce on-site audit time by more than 30%


24

9. Oversight Reference to AS9104/2

• Combines previous chapters 9, 10 and 11

• Refers to AS9104/2 for detailed requirements

• For those conducting oversight requires ICOP Declaration Form completed and filed

• Other ICOP committee members to sign a confidentiality agreement

• Allows sharing of results with applicable AAB for determined AQMS auditor competency issues


25

10. Auditor Authentication Bodies New Section

• AAB must comply with AS9104/3

• Introduces concept of auditor suspension

• AAB agrees to periodic oversight

• Must have a person with A, S or D knowledge to support AEA authentication

• Requires a management system for authentication

• Clarifies authentication only for AA and AEA

• Sets out requirements for independence of authentication decisions (i.e. no conflicts of interest)

• Auditor Complaint / Appeal Process required

• Disclosure of any previous applications, authentications or rejections


26

10. Auditor Authentication Bodies New Section

• Process required for dealing with alleged auditor competency issues within 60 days

• Establishes consequences post withdrawal of auditor authentication

• Use of marks and logos

• Record retention for two authentication cycles


27

11. Training Provider Approval Bodies New Section

• TPAB must comply with AS9104/3

• TPAB agrees to periodic oversight surveillance and rights of access including to TP classes

• Industry specific courses require SMS concurrence

• Oversight or approval of class = no credit for attending

• Requires TPAB to have a management system

• Sets out requirements for conflict of interest avoidance during approval decisions

• Complaint / Appeal Process required

• Consequences for withdrawal of approval

• A, S or D competence required for evaluation of industry specific training courses


28

12. OASIS New Section

• OPMT has Responsibility for OASIS

• OPMT may make changes to OASIS functionality

• CB OASIS Administrators Required

• When CB accreditation withdrawn, CBs client data only visible for 6 Months

• Created a Responsibility Matrix for data correctness

• Certification structures and associations with OINs established

• The central site shall be identified for all certificated organisations in OASIS

• All entities to establish an OASIS administrator for data control / entry


29

13. Requirements of the OPMT New Section

• Previously section 14 but re-titled with minor changes

• May publish resolutions to clarify 9104 requirements

• Establishes Certification Structure Oversight Sub-Committee requirements and process


30

14. OASIS Feedback Process New Section

• Establishes feedback process and mechanism

• Also describes feedback to Accreditation Bodes


Certification

BodySupplier Customer

FEEDBACK - A

FEEDBACK - B

FEEDBACK - C

Audit

Product / ProcessQuality

Audit Findings

Certification

BodySupplier Customer

FEEDBACK - A

FEEDBACK - B

FEEDBACK - C

Audit

Product / ProcessQuality

Audit Findings

31

15. Sector Management Structure Minor Changes

• Responsibility for conformance of sector

• Establishes voting rights of sector at IAQG OPMT

• Only IAQG or IAQG sector member company representatives have voting rights

• Further details suspension of a national scheme

• Adds IAQG OPMT and sector diagram


32

16. Cross Frontier Policy New Section

• Enables AB operations and Oversight in countries or sectors away from home country or sector

• ABs to follow IAF GD 3

• ABs can sub-contract work to other approved ABs in other countries or Sectors

• Accrediting AB retains responsibility for the work

• OP Assessors can also sub-contract work to OP Assessors in other countries or sectors

• Subcontracting sector or CBMC retains responsibility

• Fees can be levied on CBs for Oversight outside SMS/CBMC home region


33

17. Records Minor Changes

• All entities to keep records for a minimum of six years

• IAQG OPMT, EAQG OPMT and CBMCs are required to define and list records to be retained

• Rights of access to records including OASIS for oversight re-affirmed


34

18. Certified Organisations New Section• Requires certified organisations to comply with AS9104

• Requires CBs to flow down requirement to certified clients

• Certified Organizations must allow CB to post Tier 1 and Tier 2 Audit Data to OASIS Database.- Agree Tier 1 is Public Information- Agree to provide access to Tier 2 upon request of A, S and D

customers (unless justification of competition confidentiality, conflict of interest, etc.)

- Agree to Notify their A, S and D customers in case of Loss of Certification

• Shall provide ‘Right of Access’ to their facilities, people, and processes for oversight or CB review

• Failure to abide by requirements is cause for withdrawal of AQMS certification


35

19. Confidentiality and Conflict of Interest New Section

• Expanded from section 4.3 of 9104:2006

• Data collected is confidential

• Not to be shared unless agreed in writing by affected parties

• Participants to review and declare any potential or actual conflicts of interest


36

20. Fees and Financials New Section

• OPMT can recommend Fees for Registration of Audit Data in the OASIS Database –

‒ to be approved by IAQG Council

• OPMT must prepare an Annual Budget

‒ Estimate Contract Labour, Meeting/Workshop Costs, Sector ICOP Projects, and OASIS Sustainment and Improvements

‒ Submit to IAQG Treasurer for approval

• SMS or CBMC fees can also be recommended but must be approved by the sector


Questions

37

as9104/1: the main changes

Documents

as91041 as91041

aqms auditor

significant changeslets

major changes

witness audit

introduction of as91041

combined audit

icop schemeenhanced