AS9100 Quality Compliance for Aerospace

AS9100 is the internationally recognized quality management system standard tailored specifically to the aerospace industry, extending the ISO 9001 framework with additional requirements that address aviation safety, product reliability, and regulatory traceability. This page covers the standard's definition, how its certification process works, the scenarios in which it applies, and the decision boundaries organizations face when determining scope and compliance obligations. Understanding AS9100 is essential for any manufacturer, supplier, or MRO (maintenance, repair, and overhaul) organization seeking to participate in regulated aerospace supply chains governed by the Federal Aviation Administration (FAA) and defense acquisition authorities.

Definition and scope

AS9100 is published and maintained by the International Aerospace Quality Group (IAQG), a body composed of aerospace prime contractors and regulatory stakeholders operating across the Americas, Europe, and Asia Pacific. The current revision — AS9100 Revision D — aligns its base structure with ISO 9001:2015, adopting the same High Level Structure (Annex SL) that enables integration with other management system standards, while layering approximately 80 aerospace-specific additions, clarifications, and requirements on top.

The standard applies to organizations across the full aerospace value chain: design and development organizations, production facilities, distributors, and service providers including MRO operations. It does not, by itself, constitute regulatory approval from the FAA or the European Union Aviation Safety Agency (EASA), but it is frequently a contractual prerequisite set by primes such as Boeing, Lockheed Martin, and Raytheon. The Online Aerospace Supplier Information System (OASIS) database, maintained by SAE International on behalf of the IAQG, is the authoritative registry of certified organizations worldwide.

The scope boundary matters significantly. A facility may hold AS9100 certification for one product line or site while operating non-certified processes in adjacent business units. Defining scope is a formal documented decision that affects which processes, sites, and product families fall under the certified quality management system, directly linking to compliance scope determinations.

How it works

AS9100 compliance operates through a structured audit and certification cycle administered by third-party certification bodies (CBs) accredited under the IAQG Sanctioned Audit Approach (SAA). The process moves through the following discrete phases:

1. Gap analysis — The organization compares its existing quality management system against AS9100 Rev D clause requirements, identifying documentation gaps, process deficiencies, and unmet aerospace-specific obligations.
2. System development — Documented procedures, work instructions, risk registers, and configuration management records are established or revised to close identified gaps.
3. Stage 1 audit (document review) — An accredited CB auditor reviews the organization's documented system for adequacy against the standard's clauses without full process observation.
4. Stage 2 audit (on-site certification audit) — Auditors observe processes, interview personnel, and sample objective evidence — including records, calibration logs, and nonconformance reports — to verify system implementation.
5. Certification issuance — On satisfactory completion with no unresolved major nonconformances, the CB issues a certificate registered in OASIS with a defined scope statement, valid for three years.
6. Surveillance audits — Annual surveillance audits (at minimum) verify continued conformance between recertification cycles.
7. Recertification audit — Conducted before the three-year certificate expires, covering the full system scope.

Risk-based thinking is a foundational mechanism embedded throughout the standard. Clause 6.1 of AS9100 Rev D requires organizations to identify risks and opportunities that could affect conformity, and to plan actions proportionate to those risks. This connects directly to risk-based compliance QA frameworks that structure how organizations prioritize corrective action.

Common scenarios

Defense subcontractors and DFARS compliance — Organizations supplying to U.S. Department of Defense prime contractors often encounter AS9100 as a contractual quality requirement flowing down through Defense Federal Acquisition Regulation Supplement (DFARS) clauses, in addition to quality system requirements specified in MIL-SPEC documents.

Commercial aviation parts manufacturers — A company producing structural components under FAA Production Approval Holder (PAH) status may hold both FAA regulatory authorization and AS9100 certification. These are parallel but distinct: FAA approval grants legal authority to manufacture approved parts; AS9100 certification demonstrates systemic quality management capability to customers.

Distributors of aerospace hardware — AS9100 Rev D includes specific requirements for the control of counterfeit and suspect unapproved parts, making certification particularly relevant for distributors who stock and resell hardware such as fasteners, bearings, and electronic components. The FAA addresses counterfeit parts risk under AC 21-29D, and AS9100's Clause 8.1.4 directly addresses this failure mode.

MRO organizations — Maintenance facilities seeking to serve regulated airline customers commonly pursue AS9100 alongside or in lieu of AS9110, the IAQG standard specific to aviation maintenance operations. The choice between the two standards constitutes a formal scope decision.

Decision boundaries

The primary classification decision is whether AS9100, AS9110 (MRO), or AS9120 (distribution) applies to a given organization. All three are IAQG standards; the correct one depends on the predominant operational activity:

• AS9100 — Design, development, and/or production of aerospace products
• AS9110 — Maintenance, repair, and overhaul of aerospace products
• AS9120 — Stockists and distributors (no manufacturing or MRO)

A second boundary involves the relationship between AS9100 and ISO 9001 compliance. ISO 9001 certification does not satisfy AS9100 requirements; the aerospace-specific clauses require separate audit coverage. An organization holding ISO 9001 that enters the aerospace market must complete a full AS9100 certification process, not merely a gap extension audit under the existing ISO certificate.

Internal audit compliance obligations also differ between the two standards — AS9100 requires internal auditors to demonstrate competency specifically relevant to aerospace processes, a criterion not explicit in ISO 9001 alone.

Organizations whose customers include both aerospace and automotive primes face a choice between pursuing dual certification (AS9100 and IATF 16949) or scoping each standard to the relevant product lines — a scope management decision with significant documentation and audit resource implications.

References

• International Aerospace Quality Group (IAQG)
• OASIS Certification Database — SAE International
• ISO 9001:2015 — International Organization for Standardization
• FAA Advisory Circular AC 21-29D: Detecting and Reporting Suspected Unapproved Parts
• Defense Federal Acquisition Regulation Supplement (DFARS) — Defense Acquisition Regulations System
• European Union Aviation Safety Agency (EASA)