IA9100 Aerospace Standard Upgrade Presentation

Source: IAQG

Clause by Clause Comparison

0.1 General

Importance of organizational culture and ethical behaviour to an effective QMS and its ability to achieve intended results. Importance of organizational culture and ethical behaviour on the QMS.

In-Depth Review:

Clause 0.1 – (New Requirement) Organizational culture and ethical behavior are critical to an effective QMS and the ability of an organization to achieve its intended results. The organizations culture and ethics are evident in the attitudes, behaviors, shared values and history.

Example Case:

Clause 0.1 in IA9100 introduces a new focus on organizational culture and ethical behavior as essential for an effective Quality Management System (QMS) in aerospace, influencing attitudes, behaviors, values, and history to achieve intended outcomes. Real-life example: Boeing's 737 MAX crises stemmed from a flawed safety culture and ethical lapses, where pressure to prioritize profits over transparency led to QMS failures, design flaws, two fatal crashes, and global grounding, highlighting how weak ethics undermine QMS results

0.2 Quality management principles

Implementation of QMS is a cornerstone to establishing a culture of quality

In-Depth Review:

Clause 0.2 – (New Requirement) Implementation of a quality management system and the management principles are the cornerstones to establishing a culture of quality within the organization. The definition of objectives and measurement can be used to further advance a culture focused on quality products and services.

Clause 4.1 NOTE 3 – (ISO) Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge, and performance of the organization.

Example Case:

Clause 0.2: Establishes QMS and principles as foundation for quality culture, advanced by defined objectives and measurements. Example: Boeing post-737 MAX crisis implemented QMS with safety objectives, measured by defect rates to build quality-focused culture.

Clause 4.1 NOTE 3: Aids internal context understanding via organizational values, culture, knowledge, and performance. Example: Airbus evaluates internal culture and knowledge during mergers to enhance performance in aircraft innovation.

4.1 Understanding the organization and its context - No Change.

4.2 Understanding the needs and expectations of interested parties - No Change.

4.3 Determining the scope of the quality management system - No Change.

4.4 Quality management system and its processes

NOTE to clarify the identification of processes is an organizational decision

Example Case:

Clause 4.4 in the new IA9100 requires organizations to establish, implement, maintain, and improve a QMS by determining necessary processes, their interactions, criteria, resources, monitoring, and documented information, with a new note clarifying that process identification and level of detail is an organizational decision. Real-life example: A large aerospace OEM might identify high-level processes like "Design and Development" and "Production," while a small parts supplier chooses detailed ones like "Raw Material Inspection" and "CNC Machining," tailoring to their size and risks.

5.1 Leadership and commitment

Leadership ensures goals and objectives that build a quality culture are consistent with policies, vision, mission, values, and context. Leadership promotes an ethical work environment with examples provided

In-Depth Review:

Clause 5.1.1.k – (new requirement) ensuring goals and objectives intended to build a quality culture are consistent with policies, vision, mission, values, and the context of the organization (See clause 4.).”

Clause 5.1.1.l. – (New Requirement) promoting an ethical work environment

– NOTE: For example, policy, expectations of conduct, periodic training and awareness, reporting channels, investigation, resolution of concerns, and ensuring no punitive action from reporting concerns)

Example Case:

Review: Clauses 5.1.1.k and 5.1.1.l in IA9100 require leadership to align quality culture goals with organizational policies, vision, mission, values, and context, while promoting ethics through policies, training, awareness, reporting channels, investigations, resolutions, and non-punitive reporting.

Real-life example: GE Aerospace leaders foster an ethical compliance culture using "The Spirit and The Letter" guide, which includes training, concern reporting, and resolution aligned with company values.

5.2 Policy - No Changes

5.3 Organizational roles, responsibilities and authorities - No Changes

6.1 Actions to address risks and opportunities

NOTE to clarify Operational Risk controls in clause 8.1.1

6.2 Quality objectives and planning to achieve them - No Change

6.3 Planning of changes - No Change

7.1.1 General - No Change

7.1.2 People - No Change

7.1.3 Infrastructure - No Change

7.1.4 Environment for the operation of processes

Culture added an example in NOTE for human and physical factors. Examples of Culture include: quality, ethical behavior, product and personnel safety, quality of work life.

In-Depth Review:

Clause 7.1.4 NOTE: d. – (New Requirement) culture (e.g., quality, ethical behavior, product and personnel safety, quality of work life).

Example Case:

Clause 7.1.4 requires suitable environments for processes, now adding culture (e.g., quality, ethical behavior, product/personnel safety, quality of work life) as a human factor in NOTE d. Real-life example: Boeing fosters a safety culture through mandatory ethics training and anonymous reporting, reducing manufacturing defects in aircraft components.

7.1.5 Monitoring and measuring resources

Measurement System Analysis (MSA) introduced in NOTE for analyzing variation.

In-Depth Review:

Clause 7.1.5.1 – (New Requirement) NOTE: The extent to which measurement introduces variation in measurement results can be determined by measurement systems analysis, gauge R&R, or attribute analysis.

Example Case:

Clause 7.1.5 in IA9100 introduces a NOTE on Measurement System Analysis (MSA) to evaluate variation in monitoring and measuring resources, ensuring accuracy and suitability for aerospace quality. Example: In aircraft engine manufacturing, MSA via Gage R&R assesses caliper variation when measuring turbine blade thickness, identifying operator or tool inconsistencies to prevent defects.

7.1.5 Monitoring and measuring resources

Clarifying that lists of monitoring & measurement equipment be placed on documented information that could be a register.

Example Case:

Clause 7.1.5 clarifies lists of monitoring and measurement equipment must be on documented information, like a register. Example: Aerospace manufacturer maintains digital register of calipers, gauges with IDs, calibration schedules, ensuring traceability during inspections.

7.1.6 Organizational knowledge - No Change

7.1.7 Information Security

New requirement for information security to safeguard the QMS to achieve intended results.

In-Depth Review:

Clause 7.1.7 – (New) The organization shall plan, implement, and control information security to safeguard the QMS to achieve its intended results.

Example Case:

Clause 7.1.7 requires aerospace organizations to plan, implement, and control information security measures to protect the Quality Management System (QMS) from threats, ensuring it achieves intended outcomes like compliance and performance. Real-life example: An aircraft manufacturer encrypts design data and uses access controls to prevent cyber breaches, safeguarding QMS integrity and avoiding production delays from data tampering.

7.2 Competence - No Change

7.3 Awareness - No Change

Clause 7.3 – the importance of ethical behavior

7.4 Communication - No Change

Clause 7.4.3 m.3. – the importance of ethical behavior.

7.5 Documented information - No Change

7.5.1 General - No Change

7.5.2 Creating and updating - No Change

7.5.3 Control of documented information

Further refined requirements when documented information is managed electronically

In-Depth Review:

Clause 7.5.3.1 – (Enhanced) When documented information is managed electronically, data protection processes shall be defined implemented, and maintained (e.g., protection from loss, access control, off-site data management, unauthorized changes, unintended alteration, corruption).

Example Case:

The enhanced Clause 7.5.3.1 in IA9100 requires aerospace firms to define, implement, and maintain data protection for electronic documented information, including safeguards against loss, unauthorized access, changes, alteration, or corruption. Real-life example: An aircraft parts manufacturer stores design specs in a cloud-based system with encrypted backups, role-based access controls, audit trails, and off-site redundancy to prevent data breaches or accidental corruption during updates.

8.1 Operational planning and control

8.1a. Information security (IA9100 clause 7.1.5) and data protection added to the NOTE. 8.1b. MSA and control plans added to the NOTE. 8.1k. Operations to prevent, detect and mitigate the risk of foreign objects and debris. APQP is one method for operational planning and control.

Clause 8.1 NOTE: – (New Requirement) information security and data protection;

Clause 8.1.b. – (Enhanced) NOTE: According to the nature of the product and depending on the specified requirements, statistical techniques can be used to support:

– process control;

• selection and verification of key characteristics;

• process capability studies;

• measurement systems analysis;

• statistical process control;

• design of experiments;

• control plans;

Clause 8.1.k. – (Enhanced) planning and implementing operations to prevent, detect and mitigate the risk of foreign objects and debris.

– NOTE: One method to achieve operational planning and control can be through using integrated phased processes.

– Product and service provision shall be planned and managed in a structured and controlled manner, including scheduled events performed in a planned sequence to meet requirements at acceptable risk, within resource and schedule constraints.

– NOTE 1: This activity is generally referred to as project planning, project management, or program management.

– NOTE 2: One method to achieve operational planning and control can be through the use of a

methodology such as Advanced Product Quality Planning (APQP). See Annex B .

Clause 8.3.2.1 – (Enhanced Requirement) The organization shall divide the design and development effort into distinct activities defining the tasks, necessary resources, responsibilities, design content, and inputs and outputs for each activity.

Example Case:

IA9100 clause 8.1 enhances operational planning and control by adding notes on information security and data protection, incorporating MSA and control plans into statistical techniques, strengthening FOD risk prevention/detection/mitigation, and recommending APQP for structured processes.

Real-life example: Lockheed Martin’s F-35 program uses APQP for phased assembly planning, MSA to validate precision measurements of jet engine components, FOD controls like tool tethering and clean zones to eliminate debris risks, and encrypted systems for protecting design data.

8.1.1 Operation risk management - No Change

8.1.2 Configuration management - No Change

8.1.3 Product safety

Product Safety NOTE items now requirements, including identification of hazards, safety risks, change impact from safety risk, safety process effectiveness, training, communication and awareness, and reporting events.

In-Depth Review:

Clause 8.1.3 – (Enhanced Requirement) The organization shall plan, implement, and control the processes needed to assure product safety. These processes include, as appropriate:

a. identification of hazards, including reactive and proactive methods;

b. analysis, assessment, and control of safety risks associated with identified hazards(see 8.1.1);

c. identification and management of changes that may impact product safety;

d. assessment of the effectiveness of safety processes (see 9.1.3 and 10.1);

e. provision of training on product safety responsibilities to relevant personnel (see 7.2 and 7.3);

f. communication and awareness of product safety information, including safety-critical

information, safety events, and changes to safety procedures, as applicable (see 7.3 and 7.4);

g. reporting of safety events to the customer, authorities, and type certificate holder in accordance with customer and regulatory requirements.

Example Case:

Review of Clause 8.1.3: Enhances product safety by mandating processes for hazard identification (reactive/proactive), risk analysis/control, change management impacting safety, process effectiveness assessment, personnel training, communication/awareness of safety info, and event reporting to stakeholders.

Real-life example: Boeing's 787 Dreamliner battery fires in 2013 prompted hazard identification (overheating risks), risk controls (redesigned battery enclosures), change management (supplier modifications), effectiveness audits, crew training, safety communications, and FAA reporting for compliance.

8.1.4 Prevention of counterfeit parts

Prevention of Counterfeit Parts NOTE items now requirements, including training, parts obsolescence monitoring program, traceability of parts, test methodologies, monitoring counterfeit parts, and segregation/containment/ reporting of suspected or detected counterfeit parts.

In-Depth Review:

Clause 8.1.4 – (Enhanced) The organization shall plan, implement, and control processes, appropriate to the organization and the product, for the prevention of counterfeit or suspect counterfeit part use and their inclusion in product(s) delivered to the customer.

These processes shall include, as applicable:

a. training of appropriate persons in the awareness and prevention of counterfeit parts (e.g.,

personnel involved in procurement, receiving inspection, shipping inspection and material control);

b. application of a parts obsolescence monitoring program;

c. controls for acquiring externally provided product from original or authorized manufacturers,

authorized distributors, or other approved sources;

d. requirements for assuring traceability of parts and components to their original or authorized

manufacturers;

e. verification and test methodologies to detect counterfeit parts;

f. monitoring of counterfeit parts reporting from external sources;

g. segregation, containment and reporting of suspect or detected counterfeit parts.

8.2 Requirements for products and services - No Change

8.2.1 Customer communication - No Change

8.2.2 Determining the requirements related to products and services - No Change

8.2.3 Review of the requirements related to products and services - No Change

8.2.4 Changes to requirements for products and services - No Change

8.3 Design and development of products and services - No Change

8.3.1 General - No Change

8.3.2 Design and development planning

Clarified dividing design and development into distinct activities.

Example Case:

The updated IA9100 clause 8.3.2 enhances design and development planning by requiring organizations, when appropriate, to divide efforts into distinct activities, defining tasks, resources, responsibilities, design content, inputs, and outputs for each. Example: In aerospace engine development, divide into conceptual design (requirements analysis by engineering team) and prototyping development (building and testing by manufacturing group), ensuring clear deliverables and compliance.

8.3.3 Design and development inputs - No Change

8.3.4 Design and development controls - No Change

8.3.5 Design and development outputs - No Change

8.3.6 Design and development changes - No Change

8.4 Control of externally provided processes, products and services - No Change

8.4.1 General - No Change

Clause 8.4.1 – (Existing) The organization shall require that external providers apply appropriate controls to their direct and sub-tier external providers, to ensure that requirements are met.

8.4.2 Type and extent of control

Slight change to NOTE to allow remote inspection and audit of the external supplier.

Example Case:

IA9100 clause 8.4.2 requires organizations to determine and apply controls on external providers based on risks, performance, and product criticality, with a updated NOTE allowing remote inspections and audits. Example: An aerospace firm remotely audits a fastener supplier via live video feeds and secure file sharing during global supply chain disruptions, verifying compliance without physical presence

8.4.3 Information for external providers

Restructured clause to increase understanding including adding direct and sub-tier control.

Clause 8.4.3.k.d. – (New Requirement) Determining the level of control of their direct and sub-tier external providers;

Example Case:

Clause 8.4.3 of IA9100 restructures requirements for communicating information to external providers, enhancing clarity and adding controls for direct and sub-tier suppliers. New sub-clause 8.4.3.k.d mandates determining control levels based on risk and criticality. Example: An aircraft manufacturer requires its direct engine part supplier to apply high control (e.g., audits) to sub-tier material providers for safety-critical components, while using certifications for low-risk items.

8.5.1 Control of production and service provision

8.5.1.d NOTE includes clarity and alignment with clause 8.5.1.1, 8.5.1.3 Production Process Verification structure changed to make it clear that it is more than FAI.

Example Case:

Clause 8.5.1 in IA9100 enhances control of production and service provision. The NOTE in 8.5.1.d clarifies monitoring and measurement activities, aligning with 8.5.1.1 on equipment/tool/software validation. Clause 8.5.1.3 restructures Production Process Verification to emphasize it exceeds First Article Inspection (FAI), including risk assessments, capacity planning, and AS9102:2023 elements like FAI planning.

Real-life example: An aerospace firm manufacturing turbine blades verifies production not just via initial FAI but through ongoing risk evaluations of welding processes, tool calibration per 8.5.1.1, and capacity checks, preventing defects in full runs.

8.5.2 Identification and traceability - No Change

8.5.3 Property belonging to customers or external providers - No Change

8.5.4 Preservation - No Change

8.5.5 Post-delivery activities - No Change

8.5.6 Control of changes - No Change

8.6 Release of products and services - No Change

8.7 Control of nonconforming outputs - No Change

9.1 Monitoring, measurement, analysis and evaluation - No Change

9.1.1 General - No Change

9.1.2 Customer satisfaction - No Change

9.1.3 Analysis and evaluation - No Change

9.2 Internal audit

Reviewing performance indicators change from NOTE to requirement. Ensuring risks are included when establishing an audit program

Example Case:

In the IA9100 2026 revision, clause 9.2 elevates reviewing performance indicators from a note to a mandatory requirement during internal audits, ensuring objective evaluation of QMS effectiveness. It also mandates including risks in audit program establishment for risk-based auditing. Example: An aerospace parts supplier plans audits by reviewing KPIs like defect rates (now required) and incorporating risks such as material shortages, auditing high-risk suppliers first to prevent delays.

9.3 Management review - No Change

10.1 General - No Change

10.2 Nonconformity and corrective action - No Change

10.3 Continual improvement

NOTE: Organization requirement to plan periodic QMS maturity assessment and set improvement goals and objectives.

Example Case:

In the upcoming IA9100 aerospace standard, clause 10.3 on Continual Improvement mandates organizations to plan periodic QMS maturity assessments and set improvement goals and objectives, enhancing overall system effectiveness. Example: An aircraft engine manufacturer conducts annual maturity assessments using the AIMM model, identifies supplier integration weaknesses, and sets goals to reduce defects by 15% through targeted training, achieving compliance and cost savings.