AS9100 Rev D treats product safety as a cross-cutting requirement. There is one dedicated clause plus several closely related clauses that most auditors will expect you to connect in your quality management system.
Primary clause explicitly focused on product safety
The main clause is:
- 8.1.3 Product safety – Requires the organization to plan, implement, and control processes needed to assure product safety during the entire life cycle, as appropriate to the organization and the product. This includes defining responsibilities, managing safety-related events, and maintaining safety-related information.
Key supporting clauses that impact product safety
While 8.1.3 is the explicit product safety clause, several other clauses are directly relevant and usually need to be aligned in procedures, training, and records:
- 4.1 & 4.2 (Context of the organization and interested parties) – Safety expectations from customers, regulators, and end users should be reflected in your QMS scope and risk priorities.
- 5.1.1 & 5.1.2 (Leadership and customer focus) – Top management is expected to demonstrate commitment to product safety as part of customer and regulatory focus.
- 6.1 (Actions to address risks and opportunities) – Product-safety-related risks should be identified, evaluated, and mitigated. In practice, this often links to FMEA, hazard analyses, and special characteristics.
- 6.2 (Quality objectives and planning) – Safety-critical performance (e.g., escape defects, special processes, escapes on critical items) can be reflected in objectives and KPIs.
- 7.2 (Competence) – Requires you to ensure competence for personnel whose work affects product safety, including training and authorization for safety-critical tasks.
- 7.5 (Documented information) – Controls safety-relevant documents and records, including work instructions, inspection plans, and configuration baselines for safety-critical items.
- 8.1.1 (Operational risk management) – Aerospace-specific requirement to manage operational risks, including those that influence product safety (e.g., process changes, capacity constraints, special process risks).
- 8.1.2 (Configuration management) – Ensures that safety-critical configurations are defined, controlled, and traceable. Mismanaged configuration is a common safety failure mode in complex, long-life aerospace products.
- 8.2 (Requirements for products and services) – Ensures that safety-related requirements from contracts, drawings, specifications, and regulations are identified, reviewed, and flowed down to operations and suppliers.
- 8.3 (Design and development of products and services) – Where design is in scope, this clause drives systematic identification and control of safety requirements, verification, and validation, including management of changes affecting safety.
- 8.4 (Control of externally provided processes, products, and services) – Requires safety-related requirements and controls to be flowed down to and monitored at suppliers and special process providers.
- 8.5.1 (Control of production and service provision) – Includes the use of suitable equipment, controlled conditions, and documented instructions, especially for safety-critical operations and special processes.
- 8.5.2 (Identification and traceability) – Enables tracking of safety-critical parts, materials, and configurations to support investigation and containment when safety concerns arise.
- 8.5.6 (Control of changes) – Requires evaluation and control of process and product changes, including assessment of impact on product safety and re-approval where needed.
- 8.6 (Release of products and services) – Ensures that all planned inspections, tests, and approvals related to safety requirements are complete and acceptable prior to release.
- 8.7 (Control of nonconforming outputs) – Addresses identification, segregation, disposition, and risk assessment of nonconformances that could affect product safety, including customer and regulatory notification where applicable.
- 9.1.1 & 9.1.3 (Monitoring, measurement, analysis and evaluation) – Data on safety-related defects, escapes, and events should be monitored and used for decision-making.
- 10.2 (Nonconformity and corrective action) – Requires structured investigation of nonconformities that affect or could affect product safety, and verification that corrective actions are effective.
- 10.3 (Continual improvement) – Supports ongoing reduction of safety-related risks through process and system improvements.
Clauses linked to human factors and reporting culture
AS9100 Rev D also ties product safety to human factors and reporting behavior:
- 7.3 (Awareness) – Requires personnel to be aware of their contribution to product safety, including the impact of nonconformity and the importance of ethical behavior.
- 7.4 (Communication) – Includes internal and external communication of safety-related information, including how safety issues are escalated.
- 10.2 (Nonconformity and corrective action) – Often used to formalize safety reporting, trend analysis, and escalation of systemic safety concerns.
Implementation notes for regulated, long-lifecycle environments
The specific clauses are fixed, but how they apply in your environment depends on scope (design vs build-to-print), legacy QMS structure, and system integration. In brownfield operations with older ERP/MES/QMS stacks, product safety controls usually span several systems and paper-based workflows. Trying to implement product safety as an isolated “module” in a single new system often fails because:
- Configuration management, nonconformance, and change control are already distributed across multiple validated tools and paper forms.
- Revalidating or replacing core systems to centralize product safety can trigger significant downtime, requalification, and retraining risk.
- Auditability and traceability expectations typically require incremental changes with strong change control, not wholesale system swaps.
Most organizations address AS9100 Rev D product safety expectations by tightening procedures, clarifying responsibilities, improving cross-system traceability, and adding targeted digital controls on top of existing infrastructure, rather than attempting a full replacement of legacy platforms.
