In AS9100 (latest revision at the time of writing: AS9100D), nonconformance control is primarily addressed in clause 8.7, but several other clauses are directly related and are usually in scope when you define or audit your nonconformance process.
Primary clause for nonconformance control
8.7 Control of nonconforming outputs is the core clause. It typically covers:
- Identification and documentation of nonconforming product, components, data, or services
- Segregation or controlled disposition to prevent unintended use
- Responsibilities and authorities for review and disposition (e.g., scrap, rework, repair, use-as-is)
- Re-verification requirements after rework or repair
- Requirements for customer or regulatory approval when needed for certain dispositions
- Record keeping for nonconformances and dispositions
This clause is usually the starting point for any nonconformance procedure or electronic nonconformance reporting (NCR/NCMR) workflow.
Closely related AS9100 clauses
In practice, effective nonconformance control in an aerospace or defense environment also involves the following clauses:
- 8.3 Design and development of products and services
When design outputs are found nonconforming (e.g., design verification failures, qualification test failures), the associated nonconformities and dispositions should align with your design control and change processes.
- 8.4 Control of externally provided processes, products and services
Supplier nonconformances, incoming inspection failures, and supplier escapes need to be controlled using the same discipline as internal nonconformances, with additional flowdown and feedback requirements to suppliers.
- 8.5 Production and service provision
Operational controls, in-process inspection, and final acceptance activities are where most nonconformances are first detected. The requirements here drive how nonconformances are identified on the shop floor and in test.
- 8.5.2 Identification and traceability
Traceability requirements (part, batch/lot, serial number, operator, equipment, and sometimes process parameters) directly influence your ability to contain and disposition nonconformances, especially for suspected escapes.
- 8.5.6 Control of changes
When a nonconformance leads to rework, repair, or process changes, those actions may constitute a change that must be controlled, reviewed, and, where applicable, approved by customers or authorities.
- 8.5.1.3 Production process verification (First Article Inspection)
Nonconformances discovered during FAI or equivalent process verification must be controlled and resolved before acceptance. The interface between AS9102 FAI and your nonconformance process is often scrutinized in audits.
Corrective action and systemic follow-up
Not every nonconformance triggers a corrective action, but the link between nonconformities and systemic problem solving is covered here:
- 10.2 Nonconformity and corrective action
Defines how you react to nonconformities, evaluate need for corrective actions, perform root cause analysis, implement actions, and verify effectiveness. Your nonconformance records are typically the inputs to risk-based corrective action selection.
- 10.1 Improvement
Nonconformance data and trends are often used to drive continual improvement, including changes in process controls, training, or supplier management.
Supporting and governance clauses that often apply
Several clauses are not “nonconformance control” in name but have direct impact on how credible and auditable your nonconformance process is:
- 4.3 Determining the scope of the quality management system
Clarifies which operations, sites, and product lines are covered, which affects where and how nonconformances must be controlled.
- 7.5 Documented information
Controls for procedures, work instructions, and records that define and evidence your nonconformance process, including forms, workflows, and disposition approvals.
- 7.2 Competence
Personnel making disposition decisions (e.g., MRB members, quality engineers) must be competent and often specifically authorized.
- 8.1 Operational planning and control
Requires planning of operations so that nonconformities can be detected and controlled at appropriate stages, including defined criteria for acceptance and rejection.
- 8.1.2 Configuration management
Ensures that when nonconformances occur, they are evaluated against the correct configuration (revision of design, BOM, process, and software), and that any use-as-is or repair conditions are clearly tied to the affected configuration items.
- 8.1.3 Product safety
For safety-related items, the evaluation and disposition of nonconformances has additional scrutiny; some dispositions may not be permitted without customer or regulatory involvement.
- 8.1.4 Prevention of counterfeit parts
Nonconformances related to suspected counterfeit parts invoke specific control, segregation, and escalation requirements.
- 9.1 Monitoring, measurement, analysis and evaluation
Nonconformance metrics and trends are part of QMS performance monitoring.
- 9.3 Management review
Nonconformance data, significant events, and systemic issues are typically inputs to management review.
Brownfield and system coexistence considerations
In real plants, nonconformance control usually spans several systems: legacy MES, ERP, QMS, PLM, and sometimes standalone MRB or deviation tools. AS9100 does not mandate specific tools, but it expects:
- Clear, traceable linkage between nonconformances, affected parts/serials, and dispositions across systems
- Controlled interfaces and handoffs (e.g., from inspection in MES to NCR in QMS to inventory adjustments in ERP)
- Change control and validation when you modify or replace nonconformance workflows or IT platforms
Full replacement of existing nonconformance tools in an aerospace-grade environment is often constrained by validation cost, downtime risk, and integration complexity. Many organizations instead layer improvements (e.g., improved forms, better integrations, analytics) on top of existing systems while keeping the AS9100 clause mapping and documented process stable.
Dependencies and local interpretation
How these clauses are interpreted and implemented can vary significantly by organization, customer contract, and regulatory oversight. You should:
- Map your documented nonconformance procedure(s) and digital workflows explicitly to the relevant AS9100 clauses, not just 8.7
- Include design, supplier, and configuration management interfaces where they affect dispositions and approvals
- Ensure that record retention and traceability expectations from customers and authorities are reflected in your nonconformance records and linked systems
None of these clauses on their own guarantee audit outcomes or regulatory acceptance. Their effectiveness depends heavily on how consistently they are applied across your actual operations and information systems.
