FAQ

How should ISO 9001 suppliers prepare for AS9100 expectations?

ISO 9001 suppliers should prepare for AS9100 by treating it as an aerospace quality and execution discipline, not as a simple documentation upgrade. ISO 9001 provides a useful base, but AS9100 adds expectations around risk, traceability, configuration control, product safety, counterfeit part prevention, supplier flow-downs, nonconformance control, and objective evidence. Whether those expectations become contractual requirements depends on the customer, program, purchase order, and certification scope.

Start with a controlled gap assessment

The first step is a clause-by-clause and process-by-process gap assessment against AS9100, not just a document comparison. The assessment should identify where current ISO 9001 practices are adequate, where evidence is weak, and where aerospace-specific controls are missing or informal.

Common gaps include:

  • Customer requirements are accepted but not reliably flowed down to planning, purchasing, inspection, production, and shipping.
  • Configuration changes are handled through tribal knowledge or email rather than controlled revision processes.
  • Traceability exists for some jobs but is not consistently tied to material, process, inspection, operator, equipment, and record history.
  • Nonconformances are documented, but containment, disposition, root cause, corrective action, and effectiveness checks are inconsistent.
  • Supplier controls do not adequately address special processes, delegated inspection, counterfeit risk, or customer-approved sources.

Strengthen flow-down and evidence discipline

AS9100 expectations often expose weak connections between contract review, engineering data, production planning, purchasing, inspection, and quality records. A supplier needs a reliable way to identify applicable customer requirements and show that they were applied at the right step.

This usually requires tighter control over purchase order review, drawing and specification revisions, work instructions, inspection plans, certificates, training records, and nonconformance records. The issue is not only whether the procedure exists. The issue is whether the supplier can produce credible, time-bound evidence that the procedure was followed for the specific order, part, lot, or serial number.

Prepare for aerospace-specific controls

Suppliers moving from ISO 9001 toward AS9100 should expect more scrutiny in several areas:

  • Configuration management: controlling drawings, models, specifications, routings, and approved changes across the job lifecycle.
  • Operational risk: identifying risks to product conformity, delivery, special requirements, critical items, and key characteristics where applicable.
  • Product safety: understanding and controlling process conditions that could affect safe product performance, without assuming this is only an engineering responsibility.
  • Counterfeit part prevention: controlling sourcing, acceptance, and traceability for purchased parts and materials where counterfeit risk is relevant.
  • First article inspection: AS9102 FAI may be required by customers even when it is not the central focus of AS9100 certification.
  • Change control: ensuring changes to process, supplier, material, equipment, tooling, location, or software are reviewed before use when they can affect conformity.

Do not assume software alone closes the gap

MES, ERP, PLM, QMS, inspection, and document control systems can help, but only if the process design, master data, roles, approvals, and validation are sound. In brownfield environments, evidence often lives across several systems and older manual records. Full replacement is usually unrealistic for aerospace-grade suppliers because of validation cost, qualification burden, downtime risk, integration complexity, and long equipment lifecycles.

A practical approach is usually to stabilize the critical interfaces first: customer requirements into ERP or planning, engineering revisions from PLM or document control into routings and work instructions, production and inspection records into MES or QMS, and nonconformance and CAPA records into the quality system. If those handoffs are weak, AS9100 preparation becomes an evidence-reconstruction exercise during audits and customer reviews.

Train people on the operating meaning, not only the clauses

AS9100 preparation should include role-based training for buyers, planners, operators, inspectors, engineers, quality staff, and supervisors. The training should explain what each role must do differently: how to recognize flow-down requirements, how to verify the correct revision, when to stop work, how to document a defect, when customer approval is required, and how to preserve traceability.

Generic awareness training is rarely enough. The standard may be written at a management-system level, but audit findings often come from shop-floor execution, purchasing decisions, uncontrolled changes, incomplete inspection records, and unclear ownership.

Use internal audits before the customer or registrar does

Internal audits should test real jobs, not just procedures. Pick completed and active orders and trace requirements from contract review through purchasing, production, inspection, nonconformance handling, shipping, and record retention. This is where weak handoffs, missing approvals, stale work instructions, and incomplete evidence usually appear.

Internal audit results should feed corrective action and management review. They should not be treated as rehearsal paperwork. If systemic gaps are found, the supplier needs time to correct process design, train users, update records where appropriate, and verify effectiveness before inviting customer or certification scrutiny.

Certification is not the same as customer acceptance

AS9100 certification can support supplier qualification, but it does not guarantee customer approval, audit outcomes, program award, or acceptance of parts. Customers may impose additional requirements for FAI, source inspection, special process approval, ITAR or export-controlled data handling, record retention, delegated authority, or reporting formats.

The safe preparation path is to build a quality system that can show controlled execution, not just compliance language. For an ISO 9001 supplier, that means closing the practical gaps between requirements, work performed, records produced, and changes controlled.

Related Blog Articles

Get Started

Built for Speed, Trusted by Experts

Whether you're managing 1 site or 100, Connect 981 adapts to your environment and scales with your needs—without the complexity of traditional systems.

Get Started

Built for Speed, Trusted by Experts

Whether you're managing 1 site or 100, C-981 adapts to your environment and scales with your needs—without the complexity of traditional systems.