quality management system aerospace...

28
Presents Quality Management System Aerospace Requirements Differences between ISO 9001:2015 and AS9100D Tammy McAlpin June 2016 © Smithers Quality Assessments, Inc. | 121 S. Main Street | Akron, OH 44308 | 1-866-688-0134 www.smithersregistrar.com

Upload: buitram

Post on 02-Jul-2018

220 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Presents

Quality Management System Aerospace Requirements

Differences between

ISO 9001:2015 and AS9100D

Tammy McAlpin

June 2016

© Smithers Quality Assessments, Inc. | 121 S. Main Street | Akron, OH 44308 | 1-866-688-0134 www.smithersregistrar.com

Page 2: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Differences between ISO 9001:2015 and AS9100D

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 2 of 30

About the Company

Smithers Quality Assessments (SQA), founded in 1993, is an accredited quality, environmental and safety management systems certification body serving industrial, commercial, government, and service businesses.

We are accredited as a registrar for the following standards:

- ISO 9001 Quality - ISO 14001 Environmental - ISO/TS 16949 Automotive - AS 9100 Aerospace - ISO 13485 Medical Device - OHSAS 18001 Health & Safety

Additional services include:

- 1st Party Internal Audits - Gap Analysis - GMP (Good Manufacturing Practices) - GLP (Good Laboratory Practices) - 2nd Party Supplier or Special Audits

For over 20 years, SQA has built its business on the philosophy that “education and preparation leads to success” and a “no surprises” approach to customers. Every customer is important to us, regardless of size. We are always upfront, honest and fair in our business practices.

To best serve SQA’s growing client base, we have our world headquarters located in Akron, OH with supporting offices in the United Kingdom and China.

Page 3: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Differences between ISO 9001:2015 and AS9100D

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 3 of 30

Introduction: The material contained in this paper is intended for organizations that wish to comply with the requirements of AS9100D and personnel who are engaged in auditing the requirements.

The focus is limited to the differences (deltas) between ISO 9001:2015 and AS9100D. It assumes that the requirements of ISO 9001:2015 are understood by the user.

It should be noted that throughout AS9100D, there are requirements that make reference to “contract requirements” and/or “regulatory authorities.” In such cases, it is mandatory to first refer to the contract and, as applicable, regulatory requirements to make a determination of applicability.

Since “Notes” are included for guidance, they have not been treated as requirements. This does not in any way diminish their importance.

Disclaimers:

Each section has three parts:

• Requirement o The clause and/or sub-clause number containing the differences is listed,

along with a summary of the applicable subject matter. For the full text of the requirements, the reader will need to refer to the copyrighted version of AS9100D. Copies of AS9100D can be obtained from: SAE World Headquarters 400 Commonwealth Drive Warrendale, PA 15096-0001 USA

Phone: 724-776-4841 www.store.sae.org

• Summary

o This is the author’s attempt to emphasize the key points of each clause. In no way should the reader rely on summaries to be all-inclusive. The text of AS9100D is the source document.

• Audit Guidance

o These are suggested audit techniques and considerations, which have been reviewed by qualified AS9100D auditors. They are in no way meant to be all-inclusive. Each circumstance will have its own unique set of considerations. As always, an effective audit relies heavily on the experience and knowledge of the auditor.

Page 4: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 4 of 30

Differences between ISO 9001:2015 and AS9100D

1 - SCOPE SUMMARY

• ISO 9001:2015 is the basic requirement.

• Additional requirements have been added specific to the aviation, space, and

defense industry – AS9100D is “complementary” not “alternative” to ISO 9001:2015.

• If there is a conflict between the requirements of AS9100D and customer or applicable regulatory or statutory requirements, the latter will have precedence

• No other differences. AUDIT GUIDANCE

• No special guidance is required for qualified auditors.

• All applicable elements and organizational processes must be subjected to

assessment for initial assessments and recertification assessments; sampling of these organizational processes is permitted during on-going surveillance actions.

2 - NORMATIVE REFERENCES ISO9000:2015 Quality Management Systems – Fundamentals and Vocabulary

3.1 - COUNTERFEIT PARTS (See 8.1.4) SUMMARY • This is a basic definition of counterfeit product that will be used within this

document and has emphasis on aviation, space, and defense product.

• Counterfeit parts are a growing concern in the industry.

• Counterfeit parts results in poor product safety and rising costs in the industry.

• Counterfeit product can include returned (repaired or refurbished) product, incorrect product configuration, incomplete testing and certification, does not comply with form, fit and function requirements.

• This includes all parts: hardware, electronics, component parts, raw material, etc.

Page 5: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 5 of 30

Differences between ISO 9001:2015 and AS9100D

3.2 - CRITICAL ITEMS SUMMARY

• Critical items have significant effect on the provision and use of products and services and have a significant impact on the fit, function, safety, performance, etc. of a part or product.

• Critical items are interrelated to key characteristics and special requirements.

• These items require specific actions to control and ensure their conformance to requirements.

• See 3.3 key characteristics and 3.5 special requirements.

AUDIT GUIDANCE

• Review the organization’s quality documentation and/or engineering documentation (product and/or process) to determine: how critical items are determined; how they are designated; how they are communicated; how they are controlled.

• Review customer requirements to determine if any critical items are called out or

listed on the relevant drawings/customer specific requirements.

• Review working documents to see if critical items are clearly communicated, as applicable.

• Review operational control/design output to ensure that these items are

identified, as applicable.

• Review records for those critical items that have special controls defined.

• Review performance to verify that critical items are reviewed at the frequency required.

3.3 - KEY CHARACTERISTIC SUMMARY

• The term “key characteristic” is not unique to aviation, space, and defense, but it does have a high level of importance. In other industries, the following terms are similar: special characteristics, key product characteristics and critical characteristics.

Page 6: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 6 of 30

Differences between ISO 9001:2015 and AS9100D

• Note that this term applies not just to product, but also to material and

processes.

• Safety is often a consideration when designating key characteristics.

• It is common for a symbol to be used to highlight or designate key characteristics.

• Key characteristics can be designated by the customer or by the organization.

• As applicable, the existence of key characteristics must be communicated to all

applicable personnel, including suppliers.

• Key characteristics often have special controls associated with them, e.g., SPC, special records and/or tests, special tools, special training for applicable personnel, etc.

AUDIT GUIDANCE

• See 3.2 above.

3.4 - PRODUCT SAFETY (see 8.1.3)

SUMMARY

• This is a basic definition of product safety during the product life cycle, with emphasis on aviation, space, and defense industry considerations.

• Focus is on the ability of the product to do its job (designated or intended) without

imposing unacceptable risk to persons or property.

• Products can be of a hard (washers, engines, propellers) or soft (knowledge, concepts) nature.

AUDIT GUIDANCE

• Review the organizations documentation to verify the effectiveness of the

awareness of personnel for product safety items.

• Review documentation pertaining to product or service operations to determine: how product safety is determined and what the associated risk is; how this is communicated; how it is controlled, mitigated and maintained.

Page 7: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 7 of 30

Differences between ISO 9001:2015 and AS9100D

• During document review and, if applicable, pre-assessment, pay special attention to the way the Quality Management System (QMS) has been documented; determine where the product safety is included (reference 7.3 and 8.1.3).

• See 3.2 above.

3.5 - SPECIAL REQUIREMENTS

SUMMARY

• These requirements are those that the customer imposes on their contract flow down, which may or may not be included on the drawing or associated specifications that require additional control due to the high risk of the requirements not being met.

• These also may be requirements imposed internally by the organization to

minimize high risk areas within the process or product.

• Special requirements can require the identification of critical items.

• Special requirements that need tight variation control are also designated as key characteristics.

• This could include added inspection, frequent monitoring of the requirement(s),

capability data, increased training, specific use of suppliers, etc.

AUDIT GUIDANCE

• Review the organization’s quality documentation and/or engineering documentation (product and/or process) to determine: how special requirements are determined; how they are monitored; how they are communicated; how they are controlled.

• Review customer requirements to determine if any critical items are called out or

listed on the relevant drawings/ customer specific requirements.

• Confirm which documented information shows that the requirements are being met and are conforming.

• Review associated records to show that these requirements are met.

• Review any other applicable requirements such as Nadcap, ITAR, DFAR, etc.

Page 8: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 8 of 30

Differences between ISO 9001:2015 and AS9100D

4.4.1 - QMS/PROCESS SUMMARY

• It is added that the Quality Management System shall also address customer and applicable statutory and regulatory requirements.

• It is not uncommon for customers and/or regulatory agencies to “flow down” requirements to organizations. Whenever this occurs, it is required that the organization develop methods for including such requirements in its documented Quality Management System.

• This is also referenced in section 4.2 where it states that requirements from

interested parties are to be determined.

• There are many specific requirements that could be “flowed down.” Some examples are: o Requirement for specific non-destructive evaluation; o Requirements to use specified suppliers; o Special identification, serializing or labeling requirements.

AUDIT GUIDANCE

• The applicable statutory and regulatory requirements should be determined in the

contract review process.

• Review the requirements flowed down on the purchase order as well as any other requirements applicable to the organization such as ITAR/EAR requirements, NADCAP requirements, and environmental requirements.

• Verify that those requirements are implemented within the Quality Management

System.

• Request that the organization show proof of documents from regulatory agencies (e.g., FAA) that have requirements applicable to the organization and/or product being produced by the organization.

• Assess the effectiveness of the accessibility of documents to those employees

that have a need for their use.

Page 9: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 9 of 30

Differences between ISO 9001:2015 and AS9100D

4.4.2 - QMS/PROCESS SUMMARY

• One of the main changes in ISO 9001:2015 is the elimination of the requirement

for a “Quality Manual.” • AS9100D states that a Quality Manual may be a compilation of identified

documented information.

• AS9100D lists specific documented information including: o General description of relevant interested parties; o Scope of the Quality Management System; o Description of processes needed in the QMS and their application; o Sequence and interaction of processes; o Responsibilities and authorities throughout the organization.

• The organization can determine how they will meet this requirement. AUDIT GUIDANCE • Review the Quality Management System’s documented information to ensure

that these requirements are implemented.

• If the organization uses a different method from the traditional “Quality Manual,” determine that all required information is included in the Quality Management System.

• Ensure that proper references are made to each of the above items and that

they are included in the documented information for “processes.”

• Ensure that there is clear reference to the authority and responsibilities and who is responsible for each process.

• Ensure there is a clear description of all processes and how they interact with

other processes.

• Ensure the process sequence and interaction document matches the SQA-78 Comprehensive Workbook.

Page 10: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 10 of 30

Differences between ISO 9001:2015 and AS9100D

5.1.2 - CUSTOMER FOCUS

SUMMARY • Top management is responsible for the leadership and commitment to ensure

continued customer satisfaction. • Added additional responsibilities to top management to ensure they are active

and an integral part of the Quality Management System. Clause “d)” was added into AS9100 to include the requirements for product and service conformity and on time delivery.

• Organizations are required to measure product and service conformity and on-

time delivery performance (OTD) and take appropriate action when the planned results are not met.

AUDIT GUIDANCE

• Review the objectives defined by the company on product/service conformity

and evaluate the current status.

• The data associated with product and service conformity will most likely be found in sections 8.7 Control of Nonconforming Outputs and 10.2 Nonconforming and Corrective Action.

• Appropriate action should be taken and provide detailed information on how

product/service conformity objectives will be met (What is the plan?).

• Objectives for OTD and product/service conformity are often related to each other; nonconforming product will limit the ability of the organization to maintain required delivery.

• Verify OTD metrics to determine if objective is being met; also determine if the

customer has their own required objectives (customer specific requirements) and if they are being met.

Page 11: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 11 of 30

Differences between ISO 9001:2015 and AS9100D

5.3 - ORGANIZATIONAL ROLES, RESPONSIBILITIES AND AUTHORITIES SUMMARY

• ISO 9001:2015 requires top management to ensure that responsibilities and authorities for relevant roles are clearly defined.

• AS9100 adds the additional requirement for top management to appoint a

Management Representative (MR) to have oversight of sub clauses “a)” thru “e).”

• Having “organizational freedom” means that a person does not need to seek

authority for each action on a case-by-case basis. Rather, the MR is authorized to take action that is binding upon the organization – period.

AUDIT GUIDANCE

• Locate and review the Quality Management System for defined Management

Representative roles and responsibilities.

• Ensure that a member of the organization has been appointed as the Management Representative.

• Determine if there are any limitations on the authority of the MR. If there are,

ascertain if these limitations are legitimate and do not conflict with this requirement.

• Ask to review records of actions where the MR executed his/her authority; check

consequences, follow-up, etc.

• Review the organization chart and reporting relationships. Determine if there is true organizational freedom.

7.1.5.2 - MEASUREMENT TRACEABILITY SUMMARY • AS9100D gets very specific regarding calibrated/verified monitoring and

measuring equipment and the recall process.

• A register of monitoring and measuring equipment must be defined and implemented to include equipment type, unique identification, location and the verification/calibration method, frequency and acceptance criteria.

Page 12: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 12 of 30

Differences between ISO 9001:2015 and AS9100D

• The register must include ALL monitoring and measuring equipment including customer owned, employee owned and owned by the organization.

• Additionally, test hardware, test software, automated test equipment and plotters

to produce verification data are now considered monitoring and measuring equipment.

• Additionally, the organization needs a process for recalling gages (getting them into the calibration function).

AUDIT GUIDANCE

• Review the organization’s processes, documented procedures and work

instructions, as applicable, for control of monitoring and measuring equipment.

• Randomly select gages in use and in storage for further assessment; review the records for these gages, checking for conformance.

• Observe gages in-use. Look for unique identification and, as applicable, gage

calibration status identification.

• Assess the adequacy of the environmental conditions where gages are calibrated. Typically, gages capable of high discretion need more control, such as environmental stability, a defined soaking period, special handling, etc.

• In all cases, assess the adequacy of the masters to which gages are compared.

Pay special attention to the traceability of such masters to national standards.

• Review the calibration records for the master standards to ensure conformity.

• If gages are calibrated where they are used (that is, not taken to a calibration room), assure that there is an adequate soaking time used for the master to become equalized to the ambient temperature.

• If gages are in use at suppliers, assess the effectiveness of the recall system. If

responsibility for the calibration of such gages is flowed down to the supplier, assess the process whereby the organization assures the ongoing integrity of such gages.

• If calibration is outsourced, review the control used at the supplier and ensure

that they are approved by the organization.

• Review how calibration certificates are reviewed and accepted, if outsourced.

Page 13: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 13 of 30

Differences between ISO 9001:2015 and AS9100D

7.2, 7.3, 7.4 - COMPETENCY, AWARENESS AND COMMUNICATION SUMMARY • Added note in 7.2 for consideration of periodic evaluation of personnel to ensure

that personnel competency is still adequate for the specific job function. • Section 7.3 added clauses “e)”, “f)” and “g)” for personnel awareness of:

o The Quality Management System and relevant changes; o Their contribution to product or service compliance and product safety; o The importance of ethical behavior.

• Ensure that the organization has a process for ensuring proper awareness of individuals pertaining to the new term “product safety” and the continued awareness of the QMS and any associated changes as well as ensuring ethical behavior of all personnel.

• Section 7.4 added note that communication should include internal and external

feedback relevant to the Quality Management System. All feedback should be analyzed and acted upon as necessary.

AUDIT GUIDANCE • 7.2 - Ask the organization how they determine employee competency on a

periodic basis and review any associated records showing conformity.

• Review the procedures/process for the control of documented information to evaluate the effectiveness of communicating QMS changes to the personnel.

• Review how the organization documents that personnel are aware of changes

relevant to their job function.

• Review job descriptions and training records to see where product safety is referenced and how training is implemented.

• Determine how the organization controls ethical behavior and how the

organization makes personnel under their control aware of the importance of ethical behavior (e.g., an ethical statement signed by the employee).

• Review records of communication to see how feedback is received internally and

externally and how this information is reviewed and used.

• See how positive feedback is flowed to personnel and what actions are taken for negative feedback.

Page 14: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 14 of 30

Differences between ISO 9001:2015 and AS9100D

7.5.2 - CREATING AND UPDATING 7.5.3.2 - CONTROL OF DOCUMENTED INFORMATION SUMMARY • Documented information (documents and records) can include procedures, work

instructions, traceability documents, certificates of inspection, testing, analysis, SPC data, and other such documents.

• 7.5.2 added “Note” to clarify that approval implies an authorized person and approval method for relevant types of documented information.

• 7.5.3.2 added sub clause “e)” to ensure that all obsolete documented information is controlled and/or properly removed from points of use.

• Documented information that is maintained electronically will have a defined data

protection process (e.g. protected from loss, unauthorized changes, unintended alteration, corruption, physical damage, etc.). This is to ensure that the documented information is retrievable and protected for future use.

AUDIT GUIDANCE

• Review the process for how documents are created and updated.

• Determine who is responsible for the creation and approval of documents and review relevant “documented information” to ensure that proper approval by the relevant responsible person(s) was implemented.

• Review how documented information is distributed within the organization and

ensure that documents in use are the current revision and obsolete versions are prevented from unintentional use.

• Review how personnel have access to documented information and how the

revisions are controlled at point of use.

• Review documented information that defines how electronic data will be protected, and verify that the process is effective.

Page 15: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 15 of 30

Differences between ISO 9001:2015 and AS9100D

8.1a - OPERATIONAL PLANNING AND CONTROL SUMMARY

• Additional “notes” added to this clause to show consideration of items when determining requirements for products and services include: o Personal and product safety; o Producibility and inspectability; o Reliability, availability and maintainability; o Suitability of parts and materials used in product; o Selection and development of embedded software; o Product obsolescence; o FOD program; o Handling, packaging and preservation; o Recycling or final disposal of product at the end of the life cycle.

AUDIT GUIDANCE

• The above items will typically be found in the contract review process of the RFQ stages and/or design process.

• Review the request from the customer for an RFQ or purchase order, and evaluate the process to see what elements are included when determining requirements.

• These items above are for general consideration. What is used will depend on the

type of product, customer requirements, legal and regulatory and actions needed to address risks and opportunities.

• These items will be reviewed in more detail in section 8.2.2 and 8.2.3.

8.1b & c - OPERATIONAL PLANNING AND CONTROL SUMMARY

• Additional “notes” are added to this clause to show consideration of items when

establishing criteria for processes and acceptance of products and services. Statistical techniques are noted as an acceptable method to support criteria establishment for: o Design verification; o Process control including key characteristics, process capability, statistical

process control and design of experiments;

Page 16: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 16 of 30

Differences between ISO 9001:2015 and AS9100D

o Verification of process and product; o Failure mode, effects, and criticality analysis.

• Added requirement to 8.1c to determine the resources needed to meet on time

delivery requirements. AUDIT GUIDANCE

• The above items will typically be found in the contract review process of the RFQ stages and/or design process.

• Review the request from the customer for an RFQ, or purchase order and evaluate the process to see what elements are included when determining process and product acceptance criteria.

• Determine what evidence is available to show what the established criteria is and

how they were determined.

• They should include consideration of the items above.

8.1(f thru j) - OPERATIONAL PLANNING AND CONTROL SUMMARY

• Determining the process and controls needed to manage critical items and

production process controls where key characteristics have been identified. • Engaging personnel from other processes/internal stakeholders needed for

planning and control.

• Determining the process and resources needed to support and maintain the products and services.

• Determining the products and services to be supplied from an external

provider.

• Establishing controls to prevent delivery of nonconforming products and services to the customer.

• These clauses have been added to assure proper control over the operational

planning process.

• Additional “note” communicating the potential use of “integrated phased processes” to meet operational control and planning requirements.

Page 17: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 17 of 30

Differences between ISO 9001:2015 and AS9100D

• Additional “note” communicating this activity is known as project planning, project management, or program management.

• To ensure that the resources necessary for the product/service has been

determined and controlled.

• To ensure that any changes made to the processes are controlled and retained. Any unplanned changes require action to mitigate any adverse effect to the process.

• To ensure that nonconforming material is never shipped to the customer.

• To ensure that outsourced processes are controlled.

AUDIT GUIDANCE

• There are several ways that the requirements above can be met including APQP (Advanced Product Quality Plan). Control plans or “quality plans” can be used to meet these requirements.

• After review of the purchase order and/or quotations, ensure that customer

requirements are included and that the organization has a structured and controlled process for meeting requirements.

• The plan should be structured and controlled including any timed events, process

sequences (also known as FAI, Frozen Planning, etc.). Consideration should be given to any risk, resource and schedule constraints.

• Determine how the control is implemented, and verify that these controls are

working within the process.

• Review the documented information (e.g., quality plan, etc.) to show conformance to these requirements.

• Review how the organization controls their outsourced processes – how they plan

and control any transfer of work and validate that the results are conforming.

• Reference section 8.4 (external provider to external provider) & 8.5 (organization to organization or external provider to organization).

Page 18: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 18 of 30

Differences between ISO 9001:2015 and AS9100D

8.1.1 - OPERATION RISK MANAGEMENT SUMMARY

• An organization must have a process for controlling risk and have control over

that process. • This risk in clause 8.1.1 refers directly to the operational risk of product or

services as appropriate for the organization.

• One of the key aspects is to ensure that any risk found or potential risk associated with the product or service is identified and actions have been taken to mitigate that risk.

• Operational risks can include capacity, new technology, personnel constraints,

machine constraints and short delivery times, etc.

• Each risk factor found should be identified, assessed, and communicated with the organization.

• Risk is typically evaluated by how likely it is that the risk going to occur and the

severity of the consequences.

• Actions should be taken to mitigate risk that exceeds the organization’s defined risk acceptance criteria. Remaining risks should be accepted.

• OEM’s want to make sure that organizations assess and control the risk within

their organization to prevent receiving nonconforming material and to make sure they receive their product on time.

AUDIT GUIDANCE • Review the process for risk assessment and control.

• Verify whether or not the identified risk is consistent with the company and the

products/services that are produced.

• Verify identified risks items are categorized based on frequency of occurrence and the consequences.

• Review the risk register or other documents used by the organization, and

determine if mitigating action has occurred and/or if the risk was accepted.

Page 19: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 19 of 30

Differences between ISO 9001:2015 and AS9100D

• Review the action log (mitigation) associated with the risks to determine if they are effective.

• Determine how risk is communicated throughout the organization and evaluate if

this is effective.

8.1.2 - CONFIGURATION MANAGEMENT SUMMARY

• Configuration management is effective throughout the full product cycle. It includes the physical and functional attributes for a product.

• Configuration management involves control of all documents that pertain to

the product, including such items as part drawings, material specifications, field service manuals, installation instructions, cross-reference documents, part samples, warranty documents, etc.

• Must include the control of identification and traceability.

• A key aspect of configuration management is interchangeability of

components.

• Another aspect deals with existing inventory and product in the field. A sub-category of this, as warranted, may be Product Recall.

AUDIT GUIDANCE

• Start with a review of the process the organization has defined regarding configuration management.

• Determine if the extent of the process is appropriate to the product.

• Review records of recent changes with emphasis on interchangeability,

inventory, field stock (if applicable), and product already in use.

• Review drawing notes for listed requirements. Determine if the configuration management program has addressed them as applicable and appropriate.

• Review product currently in production to determine if the configuration meets

current requirements.

Page 20: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 20 of 30

Differences between ISO 9001:2015 and AS9100D

8.1.2 - PRODUCT SAFETY SUMMARY

• Product Safety is the ability of the product to do its job without imposing unacceptable risk to persons or property.

• It is required for organizations to plan, implement and control the process needed for ensuring product safety.

• Products can be of a hard (washers, engines, propellers) or soft (knowledge,

concepts) nature. AUDIT GUIDANCE

• Review the organizations documentation to verify the effectiveness of the awareness of personnel for product safety items.

• Review documentation pertaining to product or service operations to determine

how product safety is determined and what the associated risk is; how this is communicated; and how it is controlled, mitigated and maintained.

• Determine if the process is effective.

• Review any documented information that shows that the process is effective and

review any changes that occurred in the process.

• Change management is required to ensure no adverse effects are taken during change.

8.1.2 - PREVENTION OF COUNTERFEIT PARTS SUMMARY

• An organization must have a process for controlling the prevention of counterfeit or suspect counterfeit parts and their inclusion in products(s) that is appropriate to the organization and the product.

• Counterfeit parts prevention process should address: training, parts

obsolescence program, purchasing from approved sources, traceability, test methods to detect counterfeit parts, counterfeit parts reporting, and suspect or detected counterfeit parts.

Page 21: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 21 of 30

Differences between ISO 9001:2015 and AS9100D

• Counterfeit parts have been a growing concern in the industry; therefore, this specific requirement was added to the new standard.

• Counterfeit product results in poor product safety and rising costs incurred by the

OEM in the aerospace industry.

• Counterfeit product can include returned (repair or refurbished) product, incorrect product configuration, incomplete testing and certification, and/or does not comply with form, fit and function requirements.

• This includes all products (e.g. hardware, electronics, or other key items).

AUDIT GUIDANCE

• Review the organizations counterfeit product process and documentation to determine:

o How is the process defined; o How personnel are trained to identify counterfeit product and awareness.

• Review the control of product configuration (see 8.1.2) and how it relates to

counterfeit awareness and control.

• Review the process for the control of external providers (see 8.4.2) and the process for ensuring product/service received from the external provider are verified as acceptable according to the stated requirements flowed down to the provider.

• Review the organization’s inventory management to see how obsolescence of

product is monitored and how obsolete product is disposed of.

• Review test methods/validation activities that ensure counterfeit product is not released to the customer.

8.2.1 – 8.2.3.1 - REVIEW OF REQUIREMENTS FOR PRODUCTS AND SERVICES SUMMARY

• 8.2.1 c & d are added requirements for determining special requirements and identification of operational risks.

• 8.2.3.1 are added specific requirements for the review of customer requirements:

o Requirement for the review to be coordinated with applicable functions. No one (1) individual is responsible for reviewing the requirements, but it is a joint effort with all applicable personnel;

Page 22: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 22 of 30

Differences between ISO 9001:2015 and AS9100D

o Requirement that if a requirement cannot be met then the organization shall negotiate an acceptable requirement between the customer and the organization. This is to ensure that all requirements are reviewed and addressed so no additional risk is created during production.

AUDIT GUIDANCE • Review the process for reviewing purchase orders, drawings, specifications, etc.

to ensure that all requirements have been reviewed. This includes delivery dates and any outsourced processes.

• Determine the effectiveness of the review:

o Who is responsible for this process; o How are the other functions utilized in the review process?

• Review any documented information that shows that the requirements have been

reviewed and were acceptable.

• Review any requirements that could not be met and the documented evidence that the customer agreed to a mutual replacement requirement.

8.3.2 - DESIGN AND DEVELOPMENT PLANNING SUMMARY

• When applicable the design and development process shall be divided into

distinct activities, which will include the tasks, necessary resources, responsibilities, design content and inputs and outputs.

• Design and development planning shall consider the ability to provide, verify, test and maintain products and services.

• Configuration control is a key consideration (see 4.3).

• Design projects run the range from very simple (one component) to very

complex (space shuttle).

• As complexity increases, there will be increasing needs to ensure that responsibilities, authorities, and other key design considerations are defined and controlled.

• The entire design process must ensure that contract requirements are met.

• There is added emphasis on safety and functional objectives of the product.

Page 23: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 23 of 30

Differences between ISO 9001:2015 and AS9100D

AUDIT GUIDANCE

• Review the design planning documents for recent projects. • Determine how the organization has addressed this requirement. Has each

activity been divided as applicable?

• Review records of actions from mandatory and significant design planning steps.

• Determine if the organization has executed effective configuration control

(8.1.3).

• Review to determine if the planning stage considers the ability to test, verify and maintain the product (reference 8.1a).

• Review the process used by the organization to determine the project

complexity. Do you agree?

• Review the timing between design steps.

• Determine if safety and functional objectives are applicable. If they are, have they been defined? Do records indicate that such objectives have been met?

8.2.3 - DESIGN AND DEVELOPMENT INPUTS SUMMARY

• Additional note “f)” added to define when applicable potential consequences of

obsolescence shall be included.

• This is to ensure during the design input stage that if a product has the potential to become obsolete within a certain time frame, it is documented and included in the design process.

• This can include any type of technology, software, or other key items that have a

high risk of obsolescence. AUDIT GUIDANCE

• Review the documented information for inputs into the design process to ensure that all required elements are present.

• Determine if any items have been included for risk of obsolescence.

Page 24: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 24 of 30

Differences between ISO 9001:2015 and AS9100D

8.3.2 - DESIGN AND DEVELOPMENT CONTROLS SUMMARY

• This requirement is focused on personnel that have defined authority to permit

the design process to continue to the next step and ensure that any outputs not met are addressed and acted upon.

• Inherent in this requirement are the issues of: effective contract review; competent personnel; team involvement (if required); customer involvement, as applicable.

AUDIT GUIDANCE

• Determine how the organization has designated those personnel with defined authority to permit design processes to proceed through the various steps.

• Look for records that verify that such authority was exercised at the appropriate

design steps/phases.

• Determine if review has been limited to design personnel. If other departments/functions have not been included, it may be that problems will occur in the manufacturing process.

• Review to determine that prior to progression to the next stage all, outputs meet

requirements.

• Ensure that progression is authorized and documented. 8.3.2.1 - DESIGN AND DEVELOPMENT CONTROLS VERIFICATION AND VALIDATION TESTING

SUMMARY

• When testing is necessary for verification and validation, specific items must be present and documented: test plan; test procedures; configuration of the tested product; and whether or not the test plan and procedure are observed and the acceptance criteria are met.

• In the context of this clause, verification refers to “inspection” activities (e.g., checking of a drawing, measurement of prototype parts, solid modeling, inspection records, comparison to similar designs, sample calculations, etc.).

Page 25: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 25 of 30

Differences between ISO 9001:2015 and AS9100D

• Validation refers to performance testing under defined conditions.

• There is emphasis on product meeting requirements throughout identified operational conditions (e.g., vibration, temperature, g-forces, life cycles, exposure to water, chemicals, etc.).

• The emphasis is on control of all aspects of verification and validation testing.

• In a few words: Be sure the correct product, at the correct revision level and

status, is being tested; the test method is defined and adhered to; results are recorded; test results meet defined requirements.

AUDIT GUIDANCE

• Review records of verification and validation test results. Ensure that documentation includes test item and resources used, test objectives and conditions, parameters to be recorded and any relevant acceptance criteria.

• Ascertain whether or not records indicate conformance.

• Review the test procedure to ensure that the testing was in accordance with

requirements.

• In those cases, where conformance is not indicated, determine what actions the organization took to resolve the situation.

• Ensure that the configuration of the item being tested is correct and meets

requirements.

• Review data to ensure that monitoring and measuring equipment meets clause 7.1.5.

• Ensure operating requirements are included and in conformance.

• If required, have the customer or other outside agency (e.g., FAA, military)

been involved?

• Is the approval process adhered to? • Are all failures documented?

8.3.5 - DESIGN AND DEVELOPMENT OUTPUTS

Page 26: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 26 of 30

Differences between ISO 9001:2015 and AS9100D

SUMMARY

• The emphasis is on the finished product.

• Added requirement in clause 8.3.6e to specify, as applicable, any critical items, including key characteristics and any specific actions related to them.

• Added requirement 8.3.6f that the outputs are approved prior to release.

• Required data must be defined to allow the product to be identified,

manufactured, verified, used and maintained.

• Data can include many items and is not just limited to electronic data.

AUDIT GUIDANCE

• Review the output documents of a design project.

• Review to ensure that the product is identified, and also identified at the correct configuration.

• Determine if there is clear and adequate definition of the product and all related

requirements, such as those listed above.

• Examine engineering change control documents to determine if the integrity of the configuration has been maintained at all applicable points of control.

• Review any changes in assignments and how they affect the final design output

and timing of the project.

8.4.1 - CONTROL OF EXTERNALL PROVIDED PROCESSES, PRODUCTS AND SERVICES (GENERAL) SUMMARY

• It is not uncommon for customers to designate suppliers for certain materials, components, assemblies, and services.

• Being “customer-designated” does not relieve the organization of responsibility for controlling the quality from such suppliers.

• All suppliers are to be approved via an organization-defined process; this

includes a disapproval process and defined authority for all such actions.

Page 27: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 27 of 30

Differences between ISO 9001:2015 and AS9100D

• There is special emphasis on outsourced special processes, such as welding, plating, Non-destructive Evaluation (NDE), etc.

• Customer approval might be required for outsourced work.

• NADCAP approval might be required for special processes.

• Risk shall be identified and managed as it pertains to external providers and

outsourced processes.

• Organizations are also required to flow down appropriate controls to the external providers as well as ensure their sub-tiers are controlled.

AUDIT GUIDANCE

• Review contracts, engineering requirements, and part drawings.

• Review for evidence of flow down and the controls associated with the external providers. How is this communicated?

• Determine if there are any customer-designated suppliers, or if there is a

requirement for customer approval of suppliers.

• Review the receiving and in-process inspection records that pertain to these suppliers; check for incoming and in-process conformance.

• If the organization has a defined supplier control process that involves

supplier on-site evaluations, review the records.

• Compare supplier records to the approved supplier list. Determine that all belong on the approved list.

• Determine, as applicable, if NADCAP or customer approval was obtained.

8.4.1.1 - CONTROL OF EXTERNALL PROVIDED PROCESSES, PRODUCTS AND SERVICES (GENERAL) SUMMARY

• This clause is an added requirement to ensure proper controls are in place for the control of external providers, and is in addition to 8.4.1.

Page 28: Quality Management System Aerospace Requirementssmithersregistrar.com/SmithersSQA/media/Smithers-SQA/PDF/9001-to... · Quality Management System ... SQA has built its business on

Provided by: Smithers Quality Assessment, Inc. | 121 S. Main Street | Akron, OH 44308 1-866-688-0134 | www.smithersregistrar.com

Page 28 of 30

Differences between ISO 9001:2015 and AS9100D

• External providers can have a huge impact on an organization, and as a result, the added controls are to ensure they do not have an adverse effect on the organization.

• Responsibilities and authorities must be defined to show who is responsible for

this process and the decisions affecting the external providers.

• The organization must have a register of approved external providers which include the approval status and the scope of approval (product type or process family).

• The organization must periodically review the external provider’s performance

and will include product/service conformity and OTD performance.

• The actions to be taken when external providers do not meet defined criteria must be defined.

• Control of documented information created and/or retained by the external

provider must be defined and implemented. AUDIT GUIDANCE

• Review the approved supplier list and ensure each supplier has an approval status and scope that is appropriate to the product or service that they provide.

• Review the periodic evaluations performed on the suppliers

o How often are they evaluated; o What is the criteria for evaluation; o What are the results?

• Is product/service performance and OTD included in the criteria?

• What is the process when an external provider does not meet all of the

requirements?

• Review any associated corrective actions issued to the supplier for nonconformities. Are they appropriate and effective?

• Review purchase orders or communication to determine how documented

information is retained and for how long. What are the controls associated with documented information?