What are the most significant additional AS9100 requirements beyond ISO 9001?

AS9100 is built on ISO 9001, not separate from it. If you implement AS9100, you must first meet ISO 9001, then address additional aerospace-specific requirements. The exact impact depends on your scope (design vs build-to-print vs MRO), customer contracts, and current process maturity.

1. Product safety and FOD (Foreign Object Debris) control

AS9100 adds explicit requirements around product safety that go well beyond ISO 9001’s generic risk language:

• Defined product safety policies and responsibilities.
• Controls to prevent, detect and remove FOD throughout manufacturing, assembly, test and packaging.
• Training and awareness specific to product safety and FOD (signage, housekeeping, point-of-use controls).
• Documented FOD prevention procedures and records of inspections or sweeps where risk is high (e.g., fuel systems, flight controls).

In brownfield plants this often drives changes to layout, housekeeping standards, tool control, cleaning and inspection steps, and how work instructions, MES and checklists capture FOD checks.

2. Risk management beyond ISO 9001 “risk-based thinking”

ISO 9001 requires risk-based thinking in a general sense. AS9100 goes further and expects structured risk management for product realization:

• Formal risk assessment and mitigation for key processes and programs (e.g., PFMEA or equivalent).
• Risk reviews at defined stages (bid/no-bid, contract review, design reviews, industrialization, major changes).
• Actions to reduce risk tied into planning, work instructions and control plans.
• Monitoring of risk and effectiveness of mitigations over the program life, not just at launch.

Practically, this usually requires linking engineering, program management and operations planning tools, or at least ensuring that risk registers are actually reflected in routing steps, inspection plans and traveler content.

3. Configuration management

AS9100 requires an explicit configuration management process, beyond normal document control:

• Defined configuration items (part numbers, assemblies, software, documents) and their relationships.
• Clear rules for baselining configurations for contracts and serial numbers.
• Control of changes to configuration, including impact analysis and approvals.
• Ability to show which configuration is built into which unit (as-built configuration traceability).

In a mixed ERP/MES/PLM/QMS environment, this can be difficult. AS9100 does not mandate specific tools, but auditors expect that engineering changes, travelers, work instructions and inspection plans align, and that you can trace which revision was used for a given serial number.

4. Counterfeit parts prevention

AS9100 introduces specific requirements to prevent counterfeit or suspect parts entering the supply chain:

• Documented counterfeit parts prevention program.
• Controls on sources of supply, particularly for electronic components and high-risk commodities.
• Verification methods (certifications, testing, traceability back to original manufacturers or authorized distributors).
• Segregation, reporting and disposition process for suspect or confirmed counterfeit material.

This frequently forces tighter supplier qualification, increased incoming verification, and better linkage between purchasing data, receiving inspection and nonconformance workflows across ERP, QMS and supplier portals.

5. Special processes and process validation

AS9100 pays particular attention to special processes where results cannot be fully verified by subsequent inspection (e.g., heat treatment, NDT, plating, welding):

• Defined criteria and approval processes for special process suppliers.
• Qualification and periodic requalification of processes, equipment and personnel.
• Detailed records to demonstrate conformity of each batch or lot (parameters, certifications, operator qualifications).
• Flowdown of customer and regulatory special process requirements to internal and external providers.

In brownfield operations, these controls often live partly on paper, partly in vendor portals, and partly in MES or QMS. AS9100 increases scrutiny on consistency, traceability and evidence that the validated process is the one actually being run.

6. More prescriptive supplier control and flowdown

ISO 9001 requires control of external providers. AS9100 adds aerospace-specific expectations:

• Risk-based supplier selection and monitoring, including on-time delivery, quality performance and special approvals (e.g., Nadcap, customer approvals where applicable).
• More detailed purchasing data and technical flowdown (configuration, key characteristics, special processes, inspection requirements, FAI expectations).
• Verification of purchased products at supplier or upon receipt, sometimes including delegated inspection programs.
• Control of sub-tier suppliers and flowdown of applicable requirements.

These requirements usually drive updates to purchasing templates, PO terms, supplier scorecards and integration between ERP, QMS and supplier portals. Poor integration or incomplete data often becomes visible under AS9100 audits.

7. Product realization planning and first article expectations

While AS9100 does not equal AS9102, it reinforces structured planning of product realization:

• More detailed planning from contract review through manufacturing, including control of key characteristics and inspection points.
• Clear definition of verification, validation and testing activities, including acceptance criteria.
• Stronger expectation that new parts and major changes follow a controlled introduction process that typically includes first article inspection (FAI) following AS9102 when required by customer or contract.

Plants with many legacy parts often need to reconcile historical practices with current AS9100 and AS9102 requirements, especially when customers change their expectations mid-program.

8. Preservation, packaging and delivery controls

AS9100 tightens expectations on preserving product conformity after inspection and test:

• Environmental controls (humidity, temperature, cleanliness) where they affect product integrity.
• Packaging methods that protect against physical, ESD or contamination damage.
• Traceable labeling that supports configuration, lot and serial tracking throughout the supply chain.
• Control of storage life and shelf-life items, including rotation and reinspection as applicable.

For many sites, this requires better linkage between inventory management, labeling, and quality records, and may expose gaps in how ERP and physical warehouse practices align.

9. Expanded control of nonconforming product and concessions

ISO 9001 already requires control of nonconforming outputs. AS9100 adds more rigor:

• Defined criteria for use-as-is and repair dispositions, often with stronger engineering involvement (MRB).
• Formal customer notification and approval for concessions/deviations where required contractually.
• More emphasis on trend analysis of nonconformities and escape prevention, not just individual fixes.

In practice, this often exposes weaknesses in paper-based MRB, email-based deviation approvals and fragmented CAPA systems. Digital NCR/MRB workflows and traceable approval trails become more important, especially across long product lifecycles.

10. Human factors and awareness

AS9100 calls out human factors explicitly when establishing, implementing and maintaining processes for nonconformity and corrective action, and in other risk-related areas:

• Considering fatigue, stress, training, and work environment when analyzing causes of defects or escapes.
• Reinforcing awareness of individual contributions to product safety, quality and regulatory compliance.

This typically affects how you conduct root cause analysis, design training and communicate with the shop floor, rather than adding new standalone procedures.

11. Quality management system documentation and records

AS9100 keeps ISO 9001’s more flexible stance on documentation, but aerospace expectations are less forgiving in practice:

• Greater emphasis on documented, repeatable processes where risk is high (special processes, configuration changes, MRB, FAI, software and firmware handling).
• Robust control of documented information across long equipment and program lifecycles.
• Traceable records that can be produced quickly for audits, customer investigations and incident reviews.

For brownfield sites with mixed paper and digital systems, this can be a major challenge. Full replacement of legacy systems is rarely feasible due to validation cost, downtime and integration risk, so most organizations incrementally digitize high-risk workflows while keeping compatible paper or hybrid records where necessary.

12. No guarantee of compliance, and strong dependence on context

AS9100 describes what needs to be controlled, not exactly how. Two plants can both claim AS9100 alignment yet implement controls very differently. The impact of “additional requirements beyond ISO 9001” depends heavily on:

• Scope of activities (design authority vs build-to-print vs MRO).
• Existing maturity of configuration management, supplier quality and risk management.
• Legacy systems (ERP, MES, PLM, QMS) and how well they are integrated and validated.
• Customer-specific flowdowns and regulatory obligations (e.g., defense vs commercial).

No tool or template can guarantee AS9100 certification or specific audit outcomes. Organizations typically move iteratively: bring current practices into line with the standard, close obvious gaps, then use internal audits and customer feedback to refine controls over time.