| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| articles:as9100-under_revision [2024/01/06 15:25] – rrandall | articles:as9100-under_revision [2024/01/07 13:07] (current) – [Sub-tier Control] rrandall |
|---|
| {{:articles:as9100-under_revision.png?nolink |}} | {{:articles:as9100-under_revision.png?nolink&600 |}} |
| ====== First Thoughts ====== | ====== First Thoughts ====== |
| |
| //§ Environment for the Operation of Processes – Clause 7.1.4 NOTE: d. – (NEW) culture (e.g., quality, ethical behavior, product and personnel safety, quality of work life).// | //§ Environment for the Operation of Processes – Clause 7.1.4 NOTE: d. – (NEW) culture (e.g., quality, ethical behavior, product and personnel safety, quality of work life).// |
| |
| My thoughts... \\ | __My thoughts...__ \\ |
| While sec. 5.1.1k is a requirement, I see this as nothing more than virtue signaling from IAQG; which will be highly subjective and effectively non-auditable. And the "Note" under sec. 7.1.4d is completely non-auditable. | While sec. 5.1.1k is a requirement, I see this as nothing more than virtue signaling from IAQG; which will be highly subjective and effectively non-auditable. And the "Note" under sec. 7.1.4d is completely non-auditable. |
| |
| § Environment for the Operation of Processes – Clause 7.1.4 NOTE: d. – (NEW) culture (e.g., quality, ethical behavior, product and personnel safety, quality of work life).// \\ | § Environment for the Operation of Processes – Clause 7.1.4 NOTE: d. – (NEW) culture (e.g., quality, ethical behavior, product and personnel safety, quality of work life).// \\ |
| \\ | \\ |
| My thoughts... \\ | __My thoughts...__ \\ |
| I see "//5.1.1.l. – promoting an ethical work environment//" as just more virtue signaling (and perhaps a weak CYA for the industry). I feel fairly confident in this because the current requirements relating to ethics (shown below) are typically ignored by the AS9100 auditors. \\ | I see "//5.1.1.l. – promoting an ethical work environment//" as just more virtue signaling (and perhaps a weak CYA for the industry). I feel fairly confident in this because the current requirements relating to ethics (shown below) are typically ignored by the AS9100 auditors. \\ |
| |
| The organization shall plan, implement, and control information security to safeguard the QMS to achieve its intended results. \\ | The organization shall plan, implement, and control information security to safeguard the QMS to achieve its intended results. \\ |
| |
| My thoughts... \\ | __My thoughts...__ \\ |
| While some people in the Aerospace community are "losing their minds" that auditors will be mandating CMMC, that is NOT contained in either of these requirements. Also, notice that neither of these additions requires documented information. IMO, these additions are simply clarifications recognizing that we live in the 21st century. | While some people in the Aerospace community are "losing their minds" that auditors will be mandating CMMC, that is NOT contained in either of these requirements. Also, notice that neither of these additions requires documented information. IMO, these additions are simply clarifications recognizing that we live in the 21st century. |
| |
| g. reporting of safety events to the customer, authorities, and type certificate holder in accordance with customer and regulatory requirements//.\\ | g. reporting of safety events to the customer, authorities, and type certificate holder in accordance with customer and regulatory requirements//.\\ |
| |
| My thoughts... \\ | __My thoughts...__ \\ |
| I find this addition very interesting considering that I've __not__ gotten a consistent interpretation of what "Product Safety" is from any certification body (CB) Auditor. IAQG should have addressed this issue first. \\ | I find this addition very interesting considering that I've __not__ gotten a consistent interpretation of what "Product Safety" is from any certification body (CB) Auditor. IAQG should have addressed this issue first. \\ |
| For "Build-to-Print" machine shops, it's typically interpreted as "protection" of the product from damage (e.g., rust, gouges, scrapes). For "Design-Responsible" manufacturers, it typically involves ensuring that end users are protected from a defective or malfunctioning product. \\ | For "Build-to-Print" machine shops, it's typically interpreted as "protection" of the product from damage (e.g., rust, gouges, scrapes). For "Design-Responsible" manufacturers, it typically involves ensuring that end users are protected from a defective or malfunctioning product. \\ |
| g. segregation, containment and reporting of suspect or detected counterfeit parts.// \\ | g. segregation, containment and reporting of suspect or detected counterfeit parts.// \\ |
| |
| My thoughts... \\ | __My thoughts...__ \\ |
| Provided that a company is effectively complying with "c" & "d." (above), I don't think that very many of the above requirements will be "applicable" to the vast majority of IA9100 companies. | Provided that a company is effectively complying with "a", "c" & "d." (above), I don't think that very many of the above requirements will be "applicable" to the vast majority of IA9100 companies. |
| |
| __Conclusion:__ \\ | __Conclusion:__ \\ |
| //Clause 8.4.3.k.d. – (New) Determining the level of control of their direct and sub-tier external providers;// \\ | //Clause 8.4.3.k.d. – (New) Determining the level of control of their direct and sub-tier external providers;// \\ |
| |
| My thoughts... \\ | __My thoughts...__ \\ |
| This is simply an expansion of the requirement in Clause 8.4.1: \\ | This is simply an expansion of the current requirement in Clause 8.4.1: \\ |
| "The organization shall require that external providers apply appropriate controls to their direct and sub-tier external providers, to ensure that requirements are met." \\ | //"The organization shall require that external providers apply appropriate controls to their direct and sub-tier external providers, to ensure that requirements are met."// \\ |
| Since the AS9100 "Clarifications" document (i.e., official interpretations) has "clarified" that ALL of 8.4.3 must be either flowed down to suppliers OR excluded with justification, this is just one more thing for companies to add to the "Supplier Requirements". \\ | Since the AS9100 "Clarifications" document (i.e., official interpretations) has "clarified" that ALL of 8.4.3 must be either flowed down to suppliers OR excluded with justification, this is just one more thing for companies to add to the "Supplier Requirements". \\ |
| |
| //8.1.k. – planning and implementing operations to prevent, detect and mitigate the risk of foreign objects and debris.// \\ | //8.1.k. – planning and implementing operations to prevent, detect and mitigate the risk of foreign objects and debris.// \\ |
| |
| My thoughts... \\ | __My thoughts...__ \\ |
| All I can say about this "new" requirement is... what took them so long? Auditors have been looking for FOD control since day 1 of AS9100D. This "new" requirement is merely the formalization of an "implied" requirement. However, while not specifically required, I suspect that IA9100 auditors will "expect" to see risk mitigation actions identified in a "risk register"... and records reflecting that personnel have been trained and deemed competent in control of FOD. | All I can say about this "new" requirement is... what took them so long? Auditors have been looking for FOD control since day 1 of AS9100D. This "new" requirement is merely the formalization of an "implied" requirement. However, while not specifically required, I suspect that IA9100 auditors will "expect" to see risk mitigation actions identified in a "risk register"... and records reflecting that personnel have been trained and deemed competent in control of FOD. |
| |
| //"<del>When appropriate,</del> The organization shall divide the design and development effort into distinct activities __defining__ the tasks, necessary resources, responsibilities, design content, and inputs and outputs __for each activity__."// \\ | //"<del>When appropriate,</del> The organization shall divide the design and development effort into distinct activities __defining__ the tasks, necessary resources, responsibilities, design content, and inputs and outputs __for each activity__."// \\ |
| |
| My thoughts... \\ | __My thoughts...__ \\ |
| The biggest change here is the removal of "When Appropriate" AND the inclusion of "for each activity". In my experience, the vast majority of AS9100 auditors are "generalists" (i.e., NOT Engineers). And typically do a poor job of auditing sec. 8.3. I doubt that very many AS9100 auditors are going to notice this subtle change. | The biggest change here is the removal of "When Appropriate" AND the inclusion of "for each activity". In my experience, the vast majority of AS9100 auditors are "generalists" (i.e., NOT Engineers). And typically do a poor job of auditing sec. 8.3. I doubt that very many AS9100 auditors are going to notice this subtle change. |
| |
