ISO 9001:2008 AS9100 Rev C 9001:2008, Rev. and AS9101 Rev.

D Interpretations to Effectiveness
Peter P. Kucan Director of Registrar Operations Aerospace Experienced Auditor
www.priregistrar.org

Introduction

The goal of this presentation is to review the currently known rules for upgrade per the new audit support document, AS9101 Revision D and to highlight the major changes to the ISO 9001:2008, AS9100 Revision C standards.

www.priregistrar.org

Rules for Upgrade

www.priregistrar.org

Rules for Upgrade

All audits after July 1, 2011 shall be to Revision C di f J l 1 h ll b R ii All certs to Revision B shall be withdrawn after July 1 J l 1, 2012 Company must tell registrar in which audit they wish to be upgraded and formerly declare conformance to the 2009 version of the AQMS standard to the registrar prior to having the transition audits.

www.priregistrar.org

Rules for Upgrade

The number of audit days for an upgrade will be calculated via the requirements stated in SR-001 and AS9104 d AS9104. All processes in Section 7 shall be documented on aP Process Effectiveness Assessment Report Eff ti A tR t (PEAR), which may be found in AS9101D, and evaluated for effectiveness during the audit. No company can restart their three year contract cycle via an upgrade during a surveillance audit.
5
www.priregistrar.org

AS9101 D Rules for Upgrade Stage 1 Upgrade

Th audit t The dit team l d shall require the organization to leader h ll i th i ti t provide the necessary information and documentation for review, including the following: quality manual; description of processes showing their sequence and interactions, including the identification of any outsourced i i i l di h id ifi i f d processes; NOTE 1: The processes can be depicted in various ways [e.g., process maps, turtle diagrams, SIPOC method (breakdown of supplier, inputs, process steps/tasks, outputs, customer), octop s] o tp ts c stomer) octopus].
6
www.priregistrar.org

AS9101D Rules for Upgrade Stage 1 Upgrade

performance measures and trends f the f d d for h previous 12 months (This is a MUST. We cannot transition the client without these being in place!); evidence that the requirements of the applicable 9100 series 9100-series standards are addressed by the organizations documented procedures established for the quality management system q y g y (e.g., by referencing them in the quality manual or by using a cross reference); interactions with support functions on-site or at remote locations/sites; 7 www.priregistrar.org

AS9101D Rules for Upgrade Stage 1 Upgrade

evidence of internal audits of processes/procedures, p p , including internal and external quality management system requirements; th l t t management review results; the latest t i lt list of all major (e.g., top five) aviation, space, and/or de e se a d a y ot e custo e s equ defense and any other customers requiring 9 00 se es g 9100-series standard compliance, including an indication of how much business each customer represents and their customer specific quality management system requirements, if requirements applicable; and p evidence of customer satisfaction and complaint summaries, including verification of customer reports, scorecards, and special status or equivalent. www.priregistrar.org
8

AS9101D Rules for Upgrade Stage 1 Upgrade

NOTE 2: E 2 Examples of customer specific quality l f t ifi lit management system requirements are: product process verification, including First Article Inspection (FAI) requirements (e.g., 9102); quality records to be created and maintained by the organization; coordination of document changes; defined special requirements/critical items/key characteristics; approval of design changes by the customer; flow down of requirements to sub-tiers; customer notification of production process changes; t tifi ti f d ti h traceability; handling of nonconformities; and applicability of other IAQG quality management system standards in contracts
9
www.priregistrar.org

ISO 9001:2008 and AS9100C

What requirements are new or changed?

10
www.priregistrar.org

ISO 9001:2008

4.2 A documented procedure shall be established to define the controls needed f) to ensure that documents of external origin determined by the organization to be d t i d b th i ti t b necessary for the planning and operation of the th quality management system are identified lit t t id tifi d and their distribution controlled
11
www.priregistrar.org

4.2 Doc Requirements

The organization shall ensure that personnel have access t and are aware of, relevant h to, d f l t quality management system documentation and changes. d h

12

www.priregistrar.org

5.2 Customer Focus

Top management shall ensure that product p g p conformity and on-time delivery p f performance are measured and that appropriate action is taken if planned , , results are not, or will not be, achieved.

13

www.priregistrar.org

5.5.2 Management Rep

Top management shall appoint a member of the organization's management who, f g z g , irrespective of other responsibilities, shall have responsibility and authority that p y y includesthe organizational freedom and unrestricted access to top management to p g resolve quality management issues.

14

www.priregistrar.org

7.1.1 Project Management

As appropriate to the organization and the product the organization shall plan product, and manage product realization in a structured and controlled manner to meet requirements at acceptable risk, within resource and schedule constraints.
15
www.priregistrar.org

7.1.2 Risk Management

The organization shall establish, implement and maintain a process f managing risk to the p for g g achievement of applicable requirements, that includes as appropriate to the organization and the product h d a) assignment of responsibilities for risk management, t b) definition of risk criteria (e.g., likelihood, consequences, consequences risk acceptance) acceptance),..
16
www.priregistrar.org

7.1.2 Risk Management

c) id tifi ti ) identification, assessment and communication t d i ti of risks throughout product realization, d) identification, implementation and management of actions to mitigate risks that exceed the defined risk acceptance criteria, and e) acceptance of risks remaining after implementation of mitigating actions.
17
www.priregistrar.org

7.1.3 Configuration Mgt.

The organization shall establish, implement and maintain a configuration management process that includes, as appropriate to the product a) configuration management planning, b) configuration identification, c) change control, d) configuration status accounting, and e) configuration audit. NOTE See ISO 10007 for guidance.
18
www.priregistrar.org

7.1.4 Control of Work Transfers f

The organization shall establish, implement and maintain a process to plan and control the temporary or permanent transfer of work h f f k (e.g., from one organization facility to another, f h from the organization to a supplier, h i i li from one supplier to another supplier) and to verify the conformity of the work to if h f i f h k requirements.
( Was formerly in Control of Manufacturing)
19
www.priregistrar.org

7.3.1 Design and Development Planning

Where appropriate, the organization shall divide the design and development effort g p ff into distinct activities and, for each activity, define the tasks, necessary y, f , y resources, responsibilities, design content, input and output data and planning p p p g constraints.

20

www.priregistrar.org

7.3.1 Design and Development Planning p g

Design and development planning shall consider the ability to h ll id h bili p produce, inspect, test and , p , maintain the product.

21

www.priregistrar.org

7.4.1 Purchasing Process

The organization shall A) maintain a register of its suppliers that includes approval status (e g approved conditional (e.g., approved, conditional, disapproved) and the scope of the approval (e.g., product type, process family), E) define the process, responsibilities and authority for the approval status decision, changes of the approval status and conditions for a controlled use of suppliers depending on the supplier's approval status, and F) determine and manage the risk when selecting and using suppliers (see 7.1.2).
22
www.priregistrar.org

7.4.1 Purchasing Process

Purchasing information shall describe the product to be purchased, including, where appropriate h) records retention requirements

23

www.priregistrar.org

7.5.1.1 Production Process Verification f

The organization shall use a representative item from the first production run of a new part or assembly to verify that the production processes, production documentation processes and tooling are capable of producing parts and assemblies that meet requirements. This process shall be repeated when changes occur that invalidate the original results (e.g., engineering changes, manufacturing process changes, tooling changes). NOTE This activity is often referred to as first article inspection. (Was formerly in Inspection)
24
www.priregistrar.org

8.2.1 Customer Satisfaction

Information to be monitored and used for the evaluation of customer satisfaction shall include, f f but is not limited to, product conformity, on-time delivery performance, customer complaints and corrective action requests. Organizations shall i i O i i h ll develop and implement plans for customer satisfaction improvement that address deficiencies identified by these evaluations, and assess the effectiveness of the results. ff f
25
www.priregistrar.org

ISO 9001:2008

8.2.2 Internal Audits Records of the audits and their results shall be maintained h ll b i i d

26

www.priregistrar.org

8.2.3 Monitoring and Measurement Processes

In the event of a process nonconformity, the organization shall g z c) determine if the process nonconformity is limited to a specific case or whether it could have affected other processes or products

27

www.priregistrar.org

ISO 9001:2008

8.2.4 Records shall indicate the person(s) authorizing release of product f d li d t for delivery t th to the customer

28

www.priregistrar.org

8.2.4 Monitoring and Measurement of Product f

Measurement requirements for product acceptance shall be documented and shall include include c) required records of the measurement results (at a minimum, indication of acceptance or rejection) p j

29

www.priregistrar.org

8.2.4 Monitoring and Measurement of Product f

When the organization uses sampling inspection as a means of product acceptance, the sampling plan shall be justified on the basis of recognized statistical principles and appropriate for use (i.e., matching the sampling plan to the criticality of the product and to the process capability).
30
www.priregistrar.org

8.3 Control of Nonconforming Product

Where applicable, the organization shall deal with nonconforming product by one or more of the following ways: d) by taking action appropriate to the effects, or potential effects, of the nonconformity when nonconforming product is detected after delivery or use has started; The organization's nonconforming product control process shall provide for timely reporting of delivered nonconforming product;

31

www.priregistrar.org

8.3 Control of Nonconforming Product f g

Where applicable, the organization shall deal with pp , g z nonconforming product by one or more of the following ways: e) b t ki actions necessary to contain the effect of the ) by taking ti t t i th ff t f th nonconformity on other processes or products. Dispositions of use-as-is or repair shall only be used after approval by an authorized representative of the organization responsible for design. The organization shall not use dispositions of use as is or use-as-is repair, unless specifically authorized by the customer, f y p f if the nonconformity results in a departure from the contract requirements.
32
www.priregistrar.org

8.5.1 Continual Improvement

The organization shall monitor the implementation of improvement i l i fi activities and evaluate the effectiveness of the results.

33

www.priregistrar.org

8.5.2 Corrective Action

A documented procedure shall be f q for established to define requirements f i) determining if additional nonconforming product exists based on the causes of the nonconformities and taking further action when required.
34
www.priregistrar.org

8.5.3 Preventive Action

NOTE Examples of preventive action opportunities include risk management, error p f g f g proofing, failure mode and effect analysis (FMEA), and information on product problems reported by external sources.
35
www.priregistrar.org

ISO 9001:2008

Corrective and Preventive Action both now require that the actions taken are reviewed for EFFECTIVENESS.

36

www.priregistrar.org

Achieving Excellence Together

Thanks for your attention and for choosing PRI Registrar as your partner i in Continual Improvement Improvement.
37
www.priregistrar.org