ISO 9001 is a generic quality management system (QMS) standard that can apply to almost any organization. AS9100 is an aerospace and defense sector standard that includes all of ISO 9001 and then adds extra requirements specific to aviation, space, and defense manufacturing and services.
Scope and industry focus
ISO 9001:
- Applies to any industry (manufacturing, services, software, logistics, etc.).
- Sets baseline expectations for a process-based QMS: document control, management review, internal audits, corrective action, and risk-based thinking.
- Focused on customer satisfaction and continual improvement, but not on any specific regulatory or sector risks.
AS9100 (e.g., AS9100D):
- Specific to aviation, space, and defense organizations, including OEMs and suppliers.
- Built on ISO 9001:2015, with all ISO 9001 clauses plus additional aerospace clauses and notes.
- Aligns with sector expectations such as high reliability, product safety, and regulatory oversight (e.g., airworthiness authorities), but it does not guarantee regulatory compliance or any audit outcome.
Key additional requirements in AS9100
In regulated manufacturing environments, the practical differences show up in how tightly you manage risk, configuration, and suppliers. Typical AS9100 additions include:
- Product safety and risk emphasis: More explicit requirements for identifying, assessing, and managing risks related to product safety and mission impact. This usually means more formal risk registers, FMEAs, or equivalent, and tighter linkage to design, planning, and change control.
- Configuration management: Stronger expectations for configuration baselines, change authorization, and traceability of what was built, with which revision of design, process, and software. This increases dependence on robust document control, BOM/route control, and system integration.
- Special processes and key characteristics: Extra controls around special processes (e.g., heat treat, welding, coatings, NDT) and key/critical characteristics, including qualification, periodic requalification, and evidence that parameters are controlled as planned.
- Supplier control and flowdown: More stringent supplier evaluation, monitoring, and flowdown of requirements, including configuration, key characteristics, FAI, and counterfeit part prevention.
- First Article Inspection (FAI): Alignment with AS9102 practices in many organizations, including documented evidence that the first production run conforms to all drawing and specification requirements.
- Counterfeit parts prevention: Requirements for processes to avoid, detect, and control counterfeit or suspect parts, which has implications for purchasing, receiving inspection, and traceability.
- Human factors and awareness: More explicit requirements related to awareness of product safety, human error risks, and ethical behavior.
Impact on processes and systems
Both standards are written to be technology-agnostic, but they push different levels of discipline in how you operate and integrate systems in a brownfield environment.
- Process definition and control: ISO 9001 expects defined processes and controls. AS9100 typically drives more granular process definition, documented work instructions, and objective evidence, especially for special processes and critical operations.
- Traceability: ISO 9001 requires traceability where it is critical to product conformity. AS9100 expects much broader traceability in aerospace contexts: materials, lots, serials, process parameters, tooling, and sometimes operator and equipment IDs.
- Integration with MES/ERP/QMS: Under ISO 9001, paper-based or lightly integrated systems may be acceptable if they are controlled. Under AS9100, the volume of evidence, configuration control, and traceability usually exposes weaknesses in disconnected legacy systems. Plants often need tighter integration or disciplined manual controls, with clear recognition of the risks and failure modes.
- Change control: Both require control of changes, but AS9100 expects more rigorous evaluation of the impact of changes on configuration, safety, reliability, and regulatory obligations, which can be challenging when multiple legacy systems and spreadsheets hold different versions of the truth.
Certification and regulatory context
- ISO 9001 certification: Common across many industries. Demonstrates that a QMS meets generic requirements, but does not imply regulatory or customer approval in aerospace or defense.
- AS9100 certification: Often required or strongly preferred by aerospace OEMs and primes for suppliers. It is still only a certification against the standard, not a guarantee of regulatory compliance, authority approvals, or customer audit results.
- Long-lifecycle implications: In aerospace and defense, products and support obligations can span decades. AS9100’s added focus on configuration management, records retention, and traceability interacts directly with long equipment and product lifecycles. Upgrading or replacing core systems solely to “get AS9100” often fails because of qualification, validation, downtime, and integration risks.
Choosing and implementing in brownfield environments
If you are already ISO 9001 certified and supplying into aerospace or defense, moving to AS9100 typically means:
- Performing a gap assessment from your current ISO 9001 QMS to AS9100 requirements.
- Strengthening or formalizing processes for configuration management, special processes, FAI, supplier controls, and counterfeit prevention.
- Assessing whether existing MES, ERP, PLM, and QMS tools can reliably support the extra traceability and evidence, or whether controlled workarounds and incremental upgrades are required.
- Planning carefully for validation and change control when touching production systems, especially in plants with limited downtime and high integration complexity.
ISO 9001 alone may be sufficient if you do not serve aerospace/defense or equivalent high-risk sectors. For organizations in those sectors, AS9100 is usually the relevant reference standard, but it must be implemented with a realistic view of existing systems, processes, and constraints.
