What is the role of the OASIS database in supplier control?

The OASIS database, managed by the International Aerospace Quality Group (IAQG), is a centralized directory of organizations certified to AS9100-series standards and the certification bodies and auditors that oversee them. In supplier control, its role is to provide trusted, standardized certification and audit information that you can reference as one input to your supplier approval, monitoring, and risk management processes.

How OASIS supports supplier control

In practical terms, most aerospace and defense organizations use OASIS in supplier control for:

• Certification verification: Confirming whether a current or candidate supplier holds an active AS9100-series certification, who their certification body (CB) is, and the validity dates.
• Scope and site coverage: Checking which sites are certified and what activities, products, or services are covered by the certificate scope, so you can align it with the work you intend to place.
• Audit and nonconformity visibility: Reviewing high-level audit results, including any major nonconformities and whether they have been closed, to inform risk assessments and surveillance planning.
• Supplier onboarding checks: Using OASIS information as part of due diligence before approving a supplier, especially for higher-risk product categories or special processes.
• Ongoing surveillance: Periodically confirming that a supplier’s certification remains valid and that there are no significant unresolved issues noted by their CB.

These uses support a more evidence-based supplier control process, and they reduce reliance on static copies of certificates that can be outdated or incomplete.

What OASIS does not do in supplier control

It is important to be clear about what OASIS does not provide. Relying on it alone is not sufficient for robust supplier control in regulated, long-lifecycle environments:

• No guarantee of performance: OASIS records do not guarantee delivery performance, product quality, or process capability. You still need your own metrics, such as OTD, PPM, NCR rates, and escape severity.
• No replacement for supplier qualification: OASIS is not a substitute for your internal qualification activities (e.g., technical assessments, process capability reviews, first article inspection, or special process approvals).
• No detailed process or product data: The database does not provide detailed process flows, PFMEAs, control plans, or part-level quality history. Those remain in your own systems (ERP, MES, QMS) and supplier submissions.
• No direct integration to your risk model by default: Unless you have built and validated an integration, OASIS information will not automatically feed your supplier scorecards, risk rankings, or approval workflows.

Typical ways OASIS is embedded in supplier control processes

In mature aerospace supplier management, OASIS is usually embedded in several control points:

• Supplier onboarding and approval: Before adding a new aerospace supplier, commodity managers or quality engineers check OASIS to confirm certification status, verify the scope covers the intended work, and note any recent major nonconformities.
• Periodic supplier review: During annual or periodic supplier reviews, the team confirms in OASIS that certificates are still valid, and reconciles any discrepancies with copies provided by the supplier.
• Audit planning: When planning on-site supplier audits, internal auditors review the supplier’s OASIS audit history to focus on high-risk areas, repeat findings, or systemic weaknesses identified by the CB.
• Escalation and containment: If a critical escape or major quality issue occurs, quality and procurement may check OASIS for any recent CB findings at that supplier that may relate to the issue, and consider this when deciding on additional surveillance or probation.

In all cases, OASIS is one input. It complements, but does not replace, your own technical and commercial assessments.

Limitations, dependencies, and data quality

The effectiveness of OASIS in supplier control depends on several factors:

• Timeliness of CB updates: OASIS relies on certification bodies to maintain data. If CBs are slow to update records, certificate status or findings may lag reality.
• Access controls and confidentiality: Some detailed audit information is only visible to certain users or by mutual agreement. Your team may not see all underlying evidence without additional arrangements with the supplier or CB.
• Internal process maturity: If your supplier control process does not systematically reference OASIS, or if checks are not documented in your QMS, the available data will not reliably influence decisions.
• Integration quality (if used): If you integrate OASIS data into ERP, QMS, or supplier portals, you must validate mapping, synchronization frequency, and error handling. In regulated environments, such integrations should go through formal change control and, where applicable, validation.

Organizations should define explicitly in their procedures how OASIS is used (e.g., at supplier approval, re-approval, and periodic review) and what to do when OASIS data conflicts with supplier-provided documentation.

Coexistence with existing systems and brownfield reality

In most aerospace and defense environments, OASIS coexists with a mix of legacy and modern systems:

• ERP and supplier master data: OASIS information is typically referenced when creating or updating supplier master records, but the ERP remains the system of record for who is approved to receive particular parts or commodities.
• QMS and supplier qualification workflows: QMS workflows often include a step to document OASIS checks (e.g., screenshots or reference IDs) as objective evidence in approval and periodic review records.
• Supplier portals and scorecards: Some organizations replicate key OASIS attributes (certification type, expiry date) into supplier scorecards, but this usually happens via manual entry or light integrations rather than full automation, due to validation, cost, and change control constraints.

Attempting to treat OASIS as a complete supplier control platform usually fails in practice. Long equipment lifecycles, integration debt, and the burden of qualifying new tools mean that most plants continue to use OASIS as a reference data source while keeping ERP, QMS, and MES as the operational systems of record for supplier control.

How to use OASIS in a risk-based supplier control strategy

To use OASIS effectively and realistically:

• Define when OASIS must be checked: For example, new supplier approval, annual review of strategic suppliers, and before placing work for critical parts or special processes.
• Link OASIS status to risk ratings: Incorporate certification status, scope fit, and recent major nonconformities as factors in your supplier risk model, alongside your own performance metrics.
• Document evidence and decisions: Store OASIS references (e.g., printouts or IDs) in your QMS or supplier file so you have traceable evidence during audits.
• Do not over-rely on it: Treat OASIS as corroborating evidence, not as proof that a supplier is low risk. Continue to monitor actual performance, process capability, and conformance data.

Used this way, OASIS strengthens supplier control by making certification data more transparent and traceable, while keeping your operational decisions grounded in your own quality and delivery experience.