AS9100 Quality Management System: Complete Guide

Introduction

In aerospace manufacturing, quality failures carry consequences far beyond scrap rates. A single nonconforming part reaching a flight-critical assembly can trigger catastrophic failures — which is why structured quality management isn't optional for anyone supplying aviation, space, or defense customers.

AS9100 is the globally recognized Quality Management System standard for the aerospace industry. It builds on ISO 9001:2015, adding aerospace-specific requirements for safety, risk management, traceability, and counterfeit parts prevention. Together, these requirements set the baseline for doing business in one of the world's most demanding supply chains.

This guide covers everything aerospace manufacturers need to know: what AS9100 Rev D is, how it differs from ISO 9001, its core elements, the certification process, and practical steps to prepare, including how CNC machine monitoring and real-time data tools support compliance on the shop floor.

TLDR

  • AS9100 Rev D is the current aerospace QMS standard, published in 2016 by SAE International and maintained by the IAQG
  • It incorporates all of ISO 9001:2015, with added requirements for product safety, configuration management, counterfeit parts, and risk
  • Major OEMs — Boeing, Airbus, Northrop Grumman, Lockheed Martin — contractually require AS9100 certification
  • Certification involves a two-stage audit with a 3-year cycle and annual surveillance
  • Implementation typically takes 3–18 months depending on company size and existing QMS maturity

What Is AS9100?

AS9100 Rev D — officially titled Quality Management Systems – Requirements for Aviation, Space and Defense Organizations — is the current version of the aerospace industry's QMS standard. Published September 20, 2016, by SAE International, it is developed and maintained by the International Aerospace Quality Group (IAQG). Despite incorporating ISO 9001:2015 in full, AS9100 is not an ISO standard — it is an IAQG/SAE standard with its own separate certification pathway.

A Brief History

The standard evolved in response to documented failures and supply chain gaps:

Version Year Key Driver
AS9000 1997 Industry effort to streamline aerospace quality standards
AS9100 (first release) 1999 Broader global aerospace market alignment
Rev C 2009 Introduction of operational risk management; based on ISO 9001:2008
Rev D 2016 Alignment with ISO 9001:2015; added product safety, counterfeit parts prevention, human factors, ethical behavior

Each revision addressed gaps that real-world failures exposed. Rev D's addition of product safety and counterfeit parts requirements, for example, reflected growing supply chain risks in global aerospace sourcing.

Who Needs AS9100?

The IAQG states that the 9100 standard applies at all levels of the aerospace supply chain — from OEMs down to sub-tier manufacturers and service providers. That includes:

  • Precision fabricators and CNC machining operations
  • Component manufacturers and assembly suppliers
  • Sub-tier suppliers providing raw materials or services

For most of the supply chain, this isn't a suggestion — major OEMs treat it as a hard gate:

  • Boeing (D6-82479): Appendix A suppliers must hold 9100 certification from an OASIS-accredited body
  • Northrop Grumman (SQAR): Level 1, 2, and 3 suppliers must be certified to AS9100
  • Airbus: QMS compliance with the IAQG 9100 series is a condition of supply

Without certification, suppliers are locked out of these programs before the conversation about price or capability even starts.

AS9100 vs. ISO 9001: What's the Difference?

Understanding the relationship between these two standards matters for any organization deciding where to invest its QMS resources.

AS9100 Rev D contains the complete, unmodified text of ISO 9001:2015 — nothing is removed or weakened. All additional aerospace-specific requirements are layered on top. This means ISO 9001 compliance is a prerequisite but not a substitute for AS9100 certification.

What AS9100 Adds Beyond ISO 9001

The aerospace additions target areas where the consequences of failure are most severe:

Requirement Area AS9100 Clause What It Means in Practice
Operational Risk Management 8.1.1 Formal process to plan, implement, and control risks in production operations
Configuration Management 8.1.2 Controls to manage product configurations and prevent unauthorized changes
Product Safety 8.1.3 Explicit requirements to identify and mitigate product safety risks
Counterfeit Parts Prevention 8.1.4 Processes to detect and prevent suspect/counterfeit parts from entering the supply chain
Control of Work Transfers 8.1 Requirements when production work is moved between facilities or suppliers
Human Factors 10.2.1 Consideration of human error in nonconformity and corrective action analysis
Ethical Behavior 7.3 Awareness requirements around ethical conduct in the supply chain

AS9100 versus ISO 9001 aerospace-specific added requirements comparison table infographic

The Certification Implication

A company with ISO 9001 certification has a useful head start: the process framework is already in place. That said, AS9100 requires a separate certification audit by a body specifically accredited for aerospace QMS, and ANAB acceptance (or an international equivalent) is typically required for OEM recognition through OASIS.

The distinction in purpose is equally important:

  • ISO 9001 demonstrates general quality management competence across industries
  • AS9100 signals that an organization meets the specific controls aerospace customers require for life-critical products

One standard opens doors broadly; the other opens the aerospace supply chain specifically.

Key Elements of an AS9100 Quality Management System

An AS9100 QMS is the integrated system of policies, processes, and records that governs how an organization designs, produces, and delivers aerospace products. Documentation captures the system — but the policies, processes, and people running them are what auditors and customers actually evaluate.

Leadership and Planning

Top management must do more than sign a quality policy. AS9100 requires active leadership commitment, including:

  • Defining organizational context and identifying interested parties (customers, regulators, employees)
  • Setting measurable quality objectives tied to strategic direction
  • Ensuring the QMS is integrated into business planning, not maintained as a separate compliance function

Operational Core: The Shop Floor Requirements

These are the clauses most directly affecting daily manufacturing operations:

  • Product realization planning: defines how each product will be made, controlled, and verified before production begins
  • First Article Inspection (clause 8.5.1.3): verifies that the manufacturing process consistently produces conforming product; customer flowdowns such as Lockheed Martin's QM003 also require AS9102 FAI reports before first delivery
  • Configuration management (clause 8.1.2): controls which version of a design or NC program is authorized for production at any given time
  • Production process validation: demonstrates that processes produce consistent results, particularly for special processes where output cannot be fully verified by inspection

Risk Management as a System Theme

AS9100 Rev D treats risk differently from a standalone risk register. Clause 8.1.1 requires organizations to plan, implement, and control an operational risk management process — risk assessment must be embedded in how work is planned and executed daily, not compiled once a year and filed away.

Rev D extended this risk-based thinking across all process areas, expanding on the operational risk foundation Rev C introduced in 2009.

Measurement, Analysis, and Improvement

Strong processes mean nothing without proof they're working. AS9100 requires organizations to demonstrate effectiveness through hard evidence, not assertions. Key requirements include:

  • Internal audits to check process conformance
  • Management reviews using real performance data
  • Nonconformance management with root cause analysis
  • Corrective action that addresses causes, not just symptoms
  • Documented evidence that improvements are achieving results

Supplier and Supply Chain Controls

Quality obligations don't stop at your facility's door. AS9100 clause 8.4 requires organizations to assess, select, and monitor external providers and to flow down quality and regulatory requirements through the supply chain. This includes:

  • Evaluating sub-tier suppliers against applicable AS9100 and customer-specific QMS requirements
  • Implementing controls to prevent counterfeit or unapproved parts from entering production
  • Verifying that supplier-provided products and services conform to requirements before use

Benefits of AS9100 Certification for Aerospace Manufacturers

Market Access

The most direct benefit is access. Boeing, Airbus, Northrop Grumman, Raytheon, and Lockheed Martin all require AS9100 certification as a condition of supply. For organizations targeting aerospace contracts, certification is not a differentiator — it is the entry ticket.

Certification also places organizations in the OASIS database, the IAQG's official supplier discovery tool. OASIS is free to appear in and is the first place procurement teams look when qualifying new suppliers. NQA reports there are more than 23,000 active AS9100 certificates globally, reflecting the standard's broad adoption across the aerospace supply chain.

Reduced Customer Audit Burden

Third-party certification from an accredited body carries real weight with customers. Boeing's supplier quality documentation confirms that AS9100 certification from an ANAB-accredited body can be used for Boeing QMS approval when the supplier is listed in OASIS. In practice, that translates to:

  • Fewer customer-conducted audits on your facility
  • Less time spent managing supplier qualification visits
  • Stronger positioning when competing for long-term contracts

Operational Discipline

The certification process forces organizations to document and measure their processes in ways that often surface waste and inefficiency informal systems miss entirely. Structured nonconformance management and root cause analysis create a feedback loop that improves operations — regardless of what any customer requires.

How to Get AS9100 Certified: Step-by-Step Process

Getting certified follows a predictable sequence — but the time and effort required depend heavily on where you're starting from.

Step 1 — Gap Analysis

Compare your current QMS against AS9100 Rev D clause by clause. The goal is to identify what exists, what's partially implemented, and what's missing entirely. Organizations transitioning from ISO 9001:2015 typically face fewer gaps than those starting from scratch, but the aerospace-specific clauses — configuration management, product safety, counterfeit parts — almost always require new work.

Step 2 — Implementation Planning and Documentation

Build a project plan with specific tasks, owners, and deadlines. Documentation priorities for aerospace include:

  • Quality manual and procedure updates reflecting AS9100 requirements
  • Configuration management procedures (clause 8.1.2)
  • Operational risk management process (clause 8.1.1)
  • Product safety procedures (clause 8.1.3)
  • Counterfeit parts prevention controls (clause 8.1.4)
  • Supplier evaluation and flowdown procedures (clause 8.4)

Step 3 — Employee Training and Awareness

AS9100 Rev D explicitly requires employees to understand how their work contributes to product safety and quality. This makes training a compliance requirement, not just good practice. At minimum, training should address:

  • The overall QMS structure and how processes connect
  • Each employee's specific responsibilities within their process
  • The consequences of nonconformance in a life-critical industry

Step 4 — Run the QMS and Conduct Internal Audits

The system must operate long enough to generate objective evidence before certification. This means:

  1. Running production under the documented QMS
  2. Conducting at least one full internal audit cycle
  3. Completing at least one management review
  4. Closing corrective actions with verified effectiveness

4-step AS9100 QMS pre-certification internal audit and readiness process flow

Auditors look for records: audit reports, corrective action logs, management review minutes, and production data collected under the documented system.

Step 5 — Select an Accredited Certification Body and Complete the Audit

Not all ISO 9001 registrars are accredited for AS9100. Select a body accredited by ANAB (in the US) or an international equivalent, and verify they appear in OASIS. The certification process follows a two-stage model:

  • Stage 1: Documentation review — the auditor assesses whether your QMS documentation is adequate and whether the organization is ready for Stage 2
  • Stage 2: On-site certification audit — the auditor verifies that the system is implemented, operational, and effective

Successful completion results in a 3-year certificate. Annual surveillance audits are required in years two and three, with recertification at the end of the cycle.

Realistic Timeline

Implementation timelines vary considerably. Based on guidance from Advisera's AS9100 implementation resources:

  • Up to 50 employees: approximately 3–6 months
  • Up to 200 employees: approximately 6–10 months
  • More than 200 employees: approximately 10–20 months

AS9100 certification implementation timeline by company size months to completion

Organizations with design and development in scope typically need more time than manufacturing-only operations. Shops with a mature ISO 9001 system already in place often compress the lower end of these ranges significantly — in some cases by several months.

How Smart Manufacturing Technology Supports AS9100 Compliance

AS9100 Rev D's requirements for production monitoring, configuration control, and measurement and analysis create a practical need for real-time visibility across the shop floor. Organizations that rely on manual data collection or paper-based records face a harder path to meeting the standard's traceability and evidence requirements.

Where Manual Systems Create Compliance Risk

The standard requires documented evidence that processes are operating as planned, that records are maintained, and that performance trends are analyzed for continual improvement. Manual systems introduce:

  • Transcription errors that create traceability gaps
  • Time lags between events and records that complicate root cause analysis
  • Inconsistent data quality across machines or shifts
  • Documentation bottlenecks before management reviews

How Machine Monitoring Addresses These Gaps

Excellerant's IIoT platform connects CNC machines of any age or protocol — modern controls via ethernet or WiFi, legacy equipment via RS-232 serial or PLC adaptors — to a unified cloud platform that automatically captures production data without manual intervention.

The platform addresses four AS9100 requirement areas directly:

  • Configuration management (clause 8.1.2): NC file revision control with one-click revision compare and a Rev-Lock-Load feature that restricts each machine to a single authorized program, ensuring only approved versions run in production
  • Production monitoring (clause 8.5.1): Real-time cycle time capture, part count tracking, and machine-status timelines provide the objective evidence needed for process verification and FAI support
  • Measurement and analysis (clause 9.1): OEE calculations broken down by availability, performance, and quality — plus run-to-run, week-to-week, and year-to-year comparison reports — give management teams the performance data required for management reviews and continual improvement
  • Root cause analysis (clause 10.2): Automated downtime recording with operator-assigned reason codes (personnel, material, tooling, machine malfunction) creates the data foundation for corrective action analysis

IIoT machine monitoring dashboard displaying CNC production data and OEE metrics

Bi-directional integration with ERP platforms including SAP, Oracle, Epicor, JobBoss, and Global Shop Solutions eliminates manual data entry, ensuring production records in enterprise systems match actual shop floor activity. This keeps records synchronized and removes a common gap that surfaces during AS9100 audits.

For aerospace and defense shops preparing for Stage 2 certification, this means compliance-relevant records are generated at the machine level — not reconstructed from memory before an audit.

Frequently Asked Questions

What is the AS9100 quality management system?

AS9100 is an internationally recognized QMS standard for aviation, space, and defense organizations, developed by the IAQG and published by SAE International. It incorporates ISO 9001:2015 in full and adds aerospace-specific requirements for product safety, risk management, configuration control, and traceability.

What are the key elements of an AS9100 quality management system?

The core elements include leadership commitment, operational risk management, configuration management, product realization planning, supplier controls, internal audits, and continual improvement, all built on the ISO 9001:2015 framework. Aerospace-specific additions like product safety and counterfeit parts prevention set it apart from general quality management.

How does AS9100 differ from ISO 9001?

AS9100 includes every ISO 9001:2015 requirement without deletion, then layers on aerospace-specific additions: project management, configuration management, product safety, counterfeit parts prevention, and human factors in corrective action. Certification also requires a separate audit from an aerospace-accredited body.

Who needs AS9100 certification?

Any organization in the aviation, space, or defense supply chain — manufacturers, fabricators, sub-tier suppliers, and service providers — may be required to hold AS9100 certification as a condition of supplying major OEMs like Boeing, Airbus, Northrop Grumman, or Lockheed Martin.

How long does it take to get AS9100 certified?

Timelines range from 3–6 months for small organizations to 10–20 months for larger operations. Organizations with an existing ISO 9001:2015 system move faster since the base QMS framework is already in place, though the aerospace-specific clauses still require additional implementation work.

What is AS9100 Rev D and how is it different from Rev C?

Rev D, released in 2016, incorporated ISO 9001:2015 and added requirements for product safety, counterfeit parts prevention, human factors in corrective action, and ethical behavior. Rev C, released in 2009, was based on ISO 9001:2008 and introduced operational risk management but did not include these newer requirements.