Anticipated IA9100 series changes

“the only certainty is uncertainty – the only constant is change”

Preamble

The evolution to the IA9100 series (9100, 9110 and 9120) of standards offers an opportunity for organizations in the aerospace and defence sectors to improve their QMS, boost customer satisfaction and achieve their business goals.

Because IA9100 includes ISO 9001; to which additional requirements will be added; the actual timing of publication is still open to speculation. With the revised ISO 9001 not now expected until late 2025/early 2026, IA9100 is unlikely to available until after these dates, possibly late 2026 – early 2027.

It must also be remembered that the IA9104 ‘trilogy’ (for CBs and TPs) and IA9101 (for 3rd party audits) must also be published before, or with the release of, the IA9100 series.

An additional hurdle for all ‘IA standards’ will be the translation into seven other languages identified by the IAQG (International Aerospace Quality Group) as well as English. Having been responsible for the translation of TEC Transnational’s e-Learning courses I can attest that this is a major task!

The update started in the third quarter of 2021 in anticipation of a release in 2024 at that time. This schedule was contingent on the five-year revision schedule for the ISO?9001 standard. This intertwining of the IA9100 content with ISO 9001 requires IAQG to stay logistically aligned with ISO 9001 updates for publication efficiency and reduced confusion.

IAQG’s first preparatory actions were to invite sector teams to recommend significant topics that should be addressed in the revision. These topics were vetted and dispositioned both at the sector levels (Americas, Asia Pacific, Europe) and at the combined IAQG level.

A total of fourteen themes were identified: Advanced Product Quality Planning (APQP), remote surveillance, product safety, Human Factors, cyber/data security, counterfeit terminology, culture/ethics, process terminology, risks, information security, terminology and formatting, Foreign Object Debris, sub-tier supplier control, and transfer of work.

During the IAQG biannual Congress in Brussels in April 2023, these themes were debated in an open meeting. Over the next several months, a small writing team created a draft document based on the existing ISO 9001 content and the themes which was released in November 2023.

PowerPoint presentations of these changes are available in the public domain –

• IA9100 Quality Management System (Clause-by-Clause Comparison)
• IA9100 Key Changes (System View)

?All IAQG sectors reviewed the November 2023 draft and consolidated 388 comments. Between December 2023 and March 2024, the sector teams reviewed and assigned the specific areas to be addressed, which included –

• Concerns about notes being turned into requirements that were overly burdensome or difficult to implement – a notable example relates to sub-tier supplier controls.
• Concerns with the use of the terms “as appropriate” and “as applicable” when referring to requirements is found to be confusing and is a symptom of a lack of clarity about tailoring rules.
• Concerns that topics are touched upon but there is no reference in the clause about extensive pre-existing and supporting standards (e.g. information security, APQP, Counterfeit Part Avoidance, Human Factors, etc.). Though the intention was to expand scope of IA9100, it also oversimplifies the added topics.
• Concerns to keep the concept of Product Safety separate from Key Characteristics that are not necessarily tied to safety.
• Disagreement to add requirements related to culture and ethics as they are not uniformly interpreted or practical for auditing.
• Disagreement to include business continuity and product line capacity as Risk Management items.
• Disagreement to include Human Factors topics, as Human Factors has a dedicated community within aerospace and defence and sustain its own standards and training.
• Agreement to broaden the counterfeit item definition and seek alignment with the preexisting standards’ definitions (though they were found to be inconsistent).
• Agreement that a “location” for finding calibrated equipment can be an identified user.
• Agreement that a process can be used to verify the validity of material test reports rather than requiring 100% of those reports to be validated.

?

Changes & Comments

As a member of the UK RMS Board, I feedback my comments (DAS) in November 2023 on the key changes (as available in the public domain) – here they are .. .. ..

INTRODUCTION

Clause 0.1 (NEW) Organizational culture and ethical behavior are critical to an effective QMS and the ability of an organization to achieve its intended results. The organization’s culture and ethics are evident in the attitudes, behaviors, shared values and history.

DAS: Okay – but organizations cannot expect “ethical behaviour” from their employees unless they are operating a high-profile “just culture”! This MUST be included.

Clause 0.2 (NEW) Implementation of a quality management system and the management principles are the cornerstones to establishing a culture of quality within the organization. The definition of objectives and measurement can be used to further advance a culture focused on quality products and services.

DAS: Comment only – should this read “Implementation of a quality and safety management system .. .. ..”?

?

3. TERMS AND DEFINITIONS

3.1 Counterfeit Part (ENHANCED)

An unauthorized copy, imitation, substitute, or modified part (e.g., material, part, component, software and electronic device), which is knowingly misrepresented as a specified genuine part of an original or authorized manufacturer.

?

4. CONTEXT OF THE ORGANIZATION

4.1 Understanding the organization and its context

NOTE 3: (UNCHANGED) Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge, and performance of the organization. Remember to add: “The organization shall determine whether climate change is a relevant issue.”

ISO 9001 requirement: The organization shall determine whether climate change is a relevant issue.

4.2 NOTE: Relevant interested parties can have requirements related to climate change.

Observation: Take a look at my on Implementing Climate Change.

4.4 Quality management system and its processes

ISO 9001 NOTE: “Relevant interested parties can have requirements related to climate change.”

4.4.2 (NEW) NOTE: The determination of processes is an organizational decision as to the level of detail needed to adequately manage the quality management system, while meeting the requirements of this standard.

DAS: Simply states the obvious that the level of detail is an organizational decision! The basic ISO 9001 requirement remains: “The organization shall determine the processes needed for the quality management system and their application throughout the organization”

Also, the current AS9100 requirements: The organization shall establish and maintain documented information that includes:

? a description of the processes needed for the quality management system and their application throughout the organization;

? the sequence and interaction of these processes;

? assignment of the responsibilities and authorities for these processes.

?

5. LEADERSHIP

Clause 5.1.1.k (NEW) ensuring goals and objectives intended to build a quality culture are consistent with policies, vision, mission, values, and the context of the organization (See clause 4.).

Clause 5.1.1.l. (NEW) promoting an ethical work environment

DAS: Deployment of a “just culture” which is: “an atmosphere where individuals are not blamed for ‘honest errors’ but are held accountable for wilful violations and gross negligence!” Surely, this should this be added as a definition in Clause 3?

NOTE: For example, policy, expectations of conduct, periodic training and awareness, reporting channels, investigation, resolution of concerns, and ensuring no punitive action from reporting concerns)

?

6. PLANNING

6.1 Actions to address risks and opportunities

(NEW) NOTE to clarify operational risk controls in clause 8.1.1

?

7. SUPPORT

7.1.4 Environment for the operation of processes

Clause 7.1.4 NOTE:? d. (NEW) culture (e.g., quality, ethical behavior, product and personnel safety, quality of work life).

DAS: To raise the awareness and need for promoting a “culture of product safety in the aviation, space, and defence (ASD) industries”

7.1.5 Monitoring and measuring resources

Clause 7.1.5.1 (NEW) NOTE:? The extent to which measurement introduces variation in measurement results can be determined by measurement systems analysis, gauge R&R, or attribute analysis.

DAS: MSA must be applied to both variable and attribute measurement systems

Clarifying that “lists of monitoring and measurement equipment be placed on documented information that could be a register”

7.1.7 (NEW) The organization shall plan, implement, and control information security to safeguard the QMS to achieve its intended results.

7.3 Awareness h. (UNCHANGED) the importance of ethical behavior

Clause 7.5.3.1 (ENHANCED) When documented information is managed electronically, data protection processes shall be defined implemented, and maintained (e.g., protection from loss, access control, off-site data management, unauthorized changes, unintended alteration, corruption).

DAS: This is a major addition – (cyber) security and data protection. It should extend to Cyber Threats, Data Privacy/Confidentiality, Supply Chain Vulnerabilities. Key focus areas must include: Risk Assessment and Management, Data Encryption, Access Control, Regulatory Compliance (e.g. ICAO standards and regional regulations), and Incident Response and Recovery.

?

8. OPERATION

Observation: It is anticipated that the new ISO 9001:2025/26 will not any revw requirements!

8.1 Operational planning and control

Clause 8.1.a. (ENHANCED) NOTE: information security and data protection

NOTE: (NEW) information security and data protection;

Clause 8.1.b. (ENHANCED) NOTE: According to the nature of the product and depending on the specified requirements, statistical techniques can be used to support:

─?????? process control;

─?????? selection and verification of key characteristics;

─?????? process capability studies;

─?????? measurement systems analysis;

─?????? statistical process control;

─?????? design of experiments;

─?????? control plans;

Clause 8.1.k. (NEW – as a requirement) planning and implementing operations to prevent, detect and mitigate the risk of foreign objects and debris.

DAS: Should AS9146:2017 be invoked? (Foreign Object Damage (FOD) Prevention Program - Requirements for Aviation, Space, and Defense Organizations)

NOTE: (ENHANCED) One method to achieve operational planning and control can be through using integrated phased processes.

(ENHANCED – as a requirement) Product and service provision shall be planned and managed in a structured and controlled manner, including scheduled events performed in a planned sequence to meet requirements at acceptable risk, within resource and schedule constraints.

NOTE 1: (ENHANCED – renamed NOTE 1) This activity is generally referred to as project planning, project management, or program management.

NOTE 2: (NEW) One method to achieve operational planning and control can be through the use of a methodology such as Advanced Product Quality Planning (APQP). See Annex B.

DAS: Should AS9145:202? be invoked? Still no mandated requirement for APQP & PPAP – a further divergence from AS13100!

8.1.3 Product safety (ENHANCED) The organization shall plan, implement, and control the processes needed to assure product safety

[NB: NOTE replace by requirement]

These processes include, as appropriate: (NEW)

a.??? identification of hazards, including reactive and proactive methods;

b.??? analysis, assessment, and control of safety risks associated with identified hazards(see 8.1.1);

c.??? identification and management of changes that may impact product safety;

d.??? assessment of the effectiveness of safety processes (see 9.1.3 and 10.1);

e.??? provision of training on product safety responsibilities to relevant personnel (see 7.2 and 7.3);

f.???? communication and awareness of product safety information, including safety-critical information, safety events, and changes to safety procedures, as applicable (see 7.3 and 7.4);

g.??? reporting of safety events to the customer, authorities, and type certificate holder in accordance with customer and regulatory requirements.

DAS: Another major change – now a requirement! This implies a SMS (Safety Management System) as recommended by ICAO Annex 19 – Safety Management and becoming a requirement in both Part 21 Sub J [DO] and Part G [PO]. Should the requirement also include safety policy and safety objectives?

Also, because this requirement related to a “Management System” should it be located within clause 4 ~ possibly 4.5 Safety Management System?

8.1.4 Prevention of counterfeit parts

(ENHANCED) The organization shall plan, implement, and control processes, appropriate to the organization and the product, for the prevention of counterfeit or suspect counterfeit part use and their inclusion in product(s) delivered to the customer.

[NB: NOTE replace by requirement]

These processes shall include, as applicable:

a.??? training of appropriate persons in the awareness and prevention of counterfeit parts (e.g., personnel involved in procurement, receiving inspection, shipping inspection and material control);

b.??? application of a parts obsolescence monitoring program;

c.??? controls for acquiring externally provided product from original or authorized manufacturers, authorized distributors, or other approved sources;

d.??? requirements for assuring traceability of parts and components to their original or authorized manufacturers;

e.??? verification and test methodologies to detect counterfeit parts;

f.???? monitoring of counterfeit parts reporting from external sources;

g.??? segregation, containment and reporting of suspect or detected counterfeit parts.

DAS: Another major requirement. We need to consider if these requirements conform to AS6174 – Counterfeit Materiel; Assuring Acquisition of Authentic and Conforming Materiel, and also IEC TS 62668-1:2016, AS5553:2016 Rev B, IECQ OD 706-3-1, etc.

?

8.3 Design and Development of Products and Services

Clause 8.3.2.1 (ENHANCED) When appropriate, the organization shall divide the design and development effort into distinct activities defining the tasks, necessary resources, responsibilities, design content, and inputs and outputs for each activity. DAS: A useful clarification

8.4 Control of externally provided processes, products, and services

8.4.1 General (UNCHANGED) The organization shall require that external providers apply appropriate controls to their direct and sub-tier external providers, to ensure that requirements are met.

DAS: Clearly explains that ‘flow-down’ applies throughout an organization’s supply chain

8.4.2 (NEW) NOTE 2: Verification activities can include:

Slight change to NOTE 2: “to allow remote inspection and audit of external supplier”

DAS: We need to see the full wording of this NOTE 2

8.4.3 Information for external providers

Clause 8.4.3.k. (NEW) Determining the level of control of their direct and sub?tier external providers;

8.4.3 m. (UNCHANGED) ensuring that persons are aware of:

? the importance of ethical behavior.

DAS: Okay – but organizations cannot expect “ethical behaviour” from their persons unless they are operating a high-provide “just culture”!!!

8.5.1 Control of production and service provision

8.5.1.d. NOTE: “includes clarity and alignment with clause 8.5.1.1.“

8.5.1.3 “production proves verification structure changed to make it clear that it is more than FAI”

DAS: Presumably this means full conformity with AS9102:2023 which includes ‘enhancements’ such as First Article Inspection Planning process, Evaluation Activities, etc. and the revised FORMS.

9. PERFORMANCE EVALUATION

9.2 Internal audit

[NB: NOTE replace by requirement]

“Reviewing performance indicators”

“Ensuring risks are included when establishing an audit program”

DAS: Two long-awaited requirements – will focus organizations on the soon-to-be deployed AS9104/1A:2022 OCAP and (hopefully) PBS/RP!

?

10. IMPROVEMENT

NOTE: Organization requirement to plan periodic QMS maturity assessment and set improvement goals and objectives

DAS: We need clarification as to whether this is a NOTE or a requirement

?

?Take time to review and let me have your feedback