AS9100 auditors typically request objective evidence that your quality management system is both defined and operating in practice. In most audits, that means they will want to see a mix of documented controls, execution records, and proof that issues are detected, investigated, and managed through change control.
The exact evidence requested varies by audit scope, process area, customer requirements, and how your site actually operates. Auditors also sample. They usually do not review everything. They follow trails across documents, transactions, records, people, and product.
Documented process controls
Approved procedures, work instructions, process maps, forms, templates, and revision history showing document control in use.
Management system records
Quality objectives, management review records, KPI tracking, risk registers, action logs, and evidence that leadership reviews system performance.
Training and competence records
Role-based training matrices, qualification records, certifications where applicable, and records showing personnel were authorized for the work performed.
Contract and requirements flowdown
Evidence that customer, statutory, regulatory, and internal requirements were reviewed, understood, and flowed into planning, purchasing, production, and inspection activities.
Operational planning and execution records
Travelers, routers, work orders, production records, inspection checkpoints, signoffs, and as-built or device history records where applicable.
Traceability and configuration evidence
Lot, serial, batch, material, and component traceability records, along with configuration or revision linkage between released requirements and the product built.
Inspection and test evidence
In-process and final inspection results, acceptance records, test reports, sampling rationale if used, and handling of failed results.
Monitoring and measuring resources
Calibration records, gage status, out-of-tolerance investigations, and controls for equipment used to accept product.
Nonconformance and corrective action records
Nonconformance reports, containment, disposition, root cause analysis, corrective actions, verification of effectiveness, and rework or concession records if used.
Internal audit evidence
Audit schedules, checklists, reports, findings, follow-up actions, and proof that internal audits are more than a paperwork exercise.
Supplier control records
Approved supplier controls, supplier monitoring, purchase order flowdown, receiving inspection, outside processing records, and supplier corrective action records when relevant.
Change control records
Engineering change implementation, process change approvals, document revisions, validation or revalidation where needed, and communication of changes to affected functions.
Many auditors start from one of three directions:
Clause-based sampling: asking for evidence aligned to specific AS9100 requirements.
Process-based sampling: walking a process such as purchasing, receiving, production, inspection, or corrective action.
Product or job trace: selecting a part, work order, or shipment and following it backward and forward through requirements, planning, execution, inspection, nonconformance, and release.
That last method is common because it exposes gaps between systems quickly. If planning is in ERP, execution is in MES, quality records are in QMS, and some approvals remain on paper or in spreadsheets, the auditor may ask you to reconcile all of them.
Strong evidence is usually:
current and approved
traceable to the process or product sampled
consistent across systems and records
linked to responsible roles and dates
retained according to your documented controls
credible when tested through interviews and floor observation
Auditors generally put less weight on statements like “we always do it this way” if records, timestamps, revisions, or signatures do not support that claim.
In a mixed environment, evidence is often fragmented across ERP, MES, PLM, QMS, shared drives, paper packets, and local spreadsheets. That is common. It is not automatically a nonconformity. The real issue is whether you can produce a coherent, controlled evidence trail.
Where sites struggle is not usually the absence of data. It is inconsistent master data, weak document governance, manual handoffs, duplicate entry, missing revision linkage, and records that cannot be tied cleanly to the product or process instance under review.
This is also why full replacement programs often disappoint in regulated, long-lifecycle operations. Replacing ERP, MES, PLM, and QMS just to simplify audit evidence can create major qualification effort, validation burden, downtime risk, retraining, and integration disruption. In many plants, a better near-term approach is to improve evidence continuity across existing systems before attempting wholesale replacement.
No fixed checklist covers every audit. Evidence requests depend on your certification scope, customer-specific requirements, product risk, process specializations, outsourced activities, and whether the auditor is following a recent issue, prior finding, or sampled product line.
Electronic records can work well, but only if access, version control, audit trails, retention, and record integrity are managed well enough to withstand sampling. Paper records can also work, but retrieval speed, legibility, completeness, and reconciliation across systems become common weak points.
So the practical answer is: expect auditors to ask for documented procedures, controlled records, traceability, competence evidence, quality event records, internal audit evidence, and sampled job or product history. They are usually testing whether your system is operational, consistent, and controllable, not just documented.
Whether you're managing 1 site or 100, Connect 981 adapts to your environment and scales with your needs—without the complexity of traditional systems.
Whether you're managing 1 site or 100, C-981 adapts to your environment and scales with your needs—without the complexity of traditional systems.
