AS9100 Standards Major and Minor Nonconformances for 2019
Top 10 AS9100 Standards: Major and Minor Nonconformances
These top 10 minor/major combined findings from 2019 for all the AS91XX aerospace standards (AS9100, AS9110 and AS9120) were collected from certification body audits in the Americas sector. This data from the IAQG-OASIS database represents about 50% of the global AS91XX certifications.
- 8.5.1 Control of production and service provision
- 10.2.1 Nonconformity and corrective action (most number of major NCRs)
- 220.127.116.11 Measurement traceability
- 8.4.3 Information for external providers
- 18.104.22.168 Control of externally provided processes, products and services – General
- 22.214.171.124 Control of documented information
- 8.4.2 Type and extent of control for external providers
- 9.2.2 Internal audit
- 7.2 Competence
- 8.4.1 Control of externally provided processes, products and services – General
During 2019, a total of 17,184 nonconformances were written (15,298 minor and 1,886 major). Below are explanations of how Major and Minor nonconformities are determined.
What Is A Minor Nonconformity?
A minor nonconformity is considered a failure to comply with AS9100 (based on judgment and experience), which is not likely to result in the failure of the QMS or to reduce its ability to ensure controlled processes or products.
A nonconformity occurs when there is a failure to meet a requirement as indicated by one or more of the following:
- A customer requirement
- The ISO 9001 and/or AS9100 standard
- A statutory or regulatory requirement
- Your company’s self-imposed requirements
What Is A Major Nonconformity?
A major nonconformity occurs when there is a failure to meet a requirement as indicated by one or more of the following:
- A significant nonconformity against the requirements of the ISO 9001 and/or IATF 16949® standard
- A failure of a complete system
- A significant quantity of minor nonconformities
- The lack of existence of a standard or contract requirement
- The absence or total breakdown of a system to meet a management system requirement
- Any nonconformity that can result in the probable shipment of nonconforming products
- A non-compliance that is likely to result in the failure of the QMS or to materially reduce its ability to ensure controlled processes and products
Note that the AS9100 standard incorporates the clause structure and content of the ISO 9001:2015 quality management system requirements along with additional aviation, space and defense industry requirements, definitions and notes. Below are some tips to help with compliance to the requirements and to avoid audit findings.
8.5.1 Control of production and service provision
- Work instructions or specifications should be clear and understandable to ensure the product or service conforms to the requirements. Too often what is done in practice doesn’t match what is documented. There may also be inconsistencies by shift – What is done on one shift is not what is done on another shift.
- Personnel who operate process equipment should be familiar with the critical parameters of process requirements, as stated in work instructions, engineering drawings or specifications. This is especially true if there are key characteristics (clause 3.3), special requirements (clause 3.5), or critical items (clause 3.2) that production personnel need to be aware of.
- Production equipment, major tooling, and software programs used to automate, control, monitor, or measure production processes are not adequately confirmed or validated prior to release to production.
- Examples of validation methods:
- Defined criteria for review and approval of processes
- Approval of equipment, set ups and qualification of personnel
- Use of specific methods and procedures
- Requirements for records
- Re-validation (i.e., after breaks or disruption or start of the shift)
- Process monitoring and measuring instructions may take the form of:
- Process and/or standard operation instructions
- Inspection and lab test instructions
- Test procedures
- Other similar documents that meet the same intent
- Special processes (e.g., welding, plating, heat treatment, coatings) require increased controls since the product quality can’t be measured without destructive test. Therefore, controls may need to be more robust for the equipment, set ups, ongoing process monitoring, and even qualification/certification of the production personnel. The pass/fail criteria for the approval of the production process must be defined.
- Whether a special process or a normal production process, there must be production process verification to make sure that the production process is able to produce product that meets specs. This might include risk assessments, capability studies, capacity studies, and control plans.
10.2.1 Nonconformity and corrective action (the greatest number of major NCRs)
There is probably little surprise that issues dealing with corrective actions have the largest number of major non-conformities. They can result from poor root cause analysis, lack of understanding of clause intent, insufficient documentation of implemented actions, timeliness of closure (falling through the cracks), and/or ineffective validation of corrective actions (actions didn’t fix the problem). Issues and corrective actions are prevalent within any quality system. Issues may result from internal conditions (for example audit results, negative trends, high-risk events) or external conditions (for example customer complaints, warranty problems, supplier issues, external audits). Whether the issues are internal or external, the overall goal is the same: take systemic actions to prevent recurrence.
- In response to a nonconformity/finding a corrective action should be implemented
- Follow-up to determine if the action was effective
- Conduct a Root Cause Analysis and create a plan to eliminate the nonconformity from occurring again.
- For multi-site certifications, any nonconformity and Root Cause Analysis should include all sites covered by the certificate. And where appropriate, implement the corrective action at those sites.
- Employees should understand the importance of fully investigating the cause and the methodology used.
126.96.36.199 Measurement traceability
Measuring equipment must be calibrated or verified, or both, at specified intervals, or prior to use against measurement standards traceable to international or national measurement standards; when no standard exists, the basis used for calibration or verification must be retained as documented information
- Documented information is usually retained in a spreadsheet, calibration database or through certificates. The information should include reference to the standards used, results of any calibration or verification, and also when the resource is found not to be valid.
8.4.3 Information for external providers
The aerospace standard has numerous supplier flow down considerations and requirements for:
- Design and development controls
- Special requirements, critical items, or key characteristics, and of which might require the use of statistical process control (SPC)
- Test, inspection, and verification
- QMS requirements such as Nadcap, or the need to be ISO certified
- Counterfeit parts
- Change notification
- Sub-tier flow down requirements from the customer
- Record retention requirements
- Right of access
- Personnel awareness requirements and the importance of ethical behavior.
To ensure supplied products and services don’t adversely affect your ability to consistently deliver good products and services you must:
- Ensure suppliers remain within control of its QMS
- Define the controls you intend to apply to your suppliers and their products/services
- Take into account the potential impact suppliers have on your ability to meet customer, legal and regulatory requirements and effectiveness of controls applied by suppliers, and the supplier’s performance
- Determine verification or other activities necessary to make sure supplier’s products/services meet requirements
- Verification activities based on risk
- Positive recall if released prior to verification
- Validate test report accuracy for high-risk raw materials (critical items)
8.4.1 Control of externally provided processes, products and services – General
In 2019 one of the top 10 minor/major combined findings for all the AS91XX aerospace standards (AS9100, AS9110 and AS9120) from certification body audits in the Americas sector was 8.4.1 Control of externally provided processes, products and services. Clause 8.4.1 requires your company to understand the risks to determine whether your supplier’s interaction with your sub-tier suppliers is as robust as expected and needed.
- Determine how you will evaluate, select, monitor performance, and periodically re-evaluate suppliers.
- Retain records of activities and actions from evaluation
- Identify and manage risks as it relates to supplier selection and ongoing use.
188.8.131.52 Control of externally provided processes, products and services – General
AS9100 expands upon 8.4.1 by adding that the organization must:
- Define the process, responsibilities, and authority for the approval status decision, changes of the status, and conditions for a controlled use of external providers
- Maintain a register of its external providers that includes approval status and the scope of the approval
- Periodically review external provider performance including process, product quality or service conformity and on-time delivery performance
- Define necessary actions to take for dealing with external providers that do not meet requirements
- Define the requirements for controlling documented information created by and/or retained by external providers
184.108.40.206 Control of documented information
For control of documented information, consider how employees access the information and who has access to the available systems.
- If information is posted there needs to be a procedure to ensure that what is posted is the current and correct (change control).
- Electronic documents can be protected through access by assigning login rights with or without revision authority or they might be assigned read-only access.
8.4.2 Type and extent of control for external providers
What is your process to evaluate test reports to confirm products meet requirements and how do you verify the process is implemented and effective?
- Clause 8.4.2 requires periodic monitoring of the external provider’s delegated verification activities. Auditors are going to look to see that you don’t just receive and file Certificates of Conformance or raw material certs or FAI’s. Companies will need to determine what monitoring means to you based on risk. This clause also requires that you implement a process for any external test reports, to evaluate the data in those test reports to confirm that the product meets requirements. If raw material is a significant operational risk (a critical item), there needs to be a process to validate the accuracy of test reports.
- Verification activities in clause 8.4.2 will require inspections or periodic testing when there is high risk of nonconformities including counterfeit parts and raw materials. The level and frequency is based on risk, historical problems, and being susceptible to counterfeit parts.
Knowledge. Expertise. Experience.
Outsource Your Internal Audits
9.2.2 Internal audit
Internal audits usually reveal at least one minor nonconformity…and that’s not necessarily a bad thing. Audits serve as a framework for helping organizations identify and fix QMS issues before they result in serious quality concerns. On the other hand, a major nonconformance could indicate systemic patterns of failure, but is an opportunity for improvement.
- The internal audit system needs to be fully operational and effective.
- An audit program should cover all parts of the company and all elements of the management system. Within a 3-years period, all should be audited at least once.
- Critical areas should be audited annually with frequency based on:
- the importance of the processes and their performance
- changes to the organization
- results of previous audits and customer issues
- risks to the business and QMS
- Internal audit findings must be reported to relevant management and be part of the management review agenda. Make timely corrective actions, review performance and take appropriate decisions toward operational improvement.
- Information used to determine competence needs may include:
- An annual assessment which takes into account any changes in technology, business objectives and organizational changes
- Employee’s performance appraisal
- Corrective action requests
- Customer complaints
- Competence requirements as evidenced in departmental procedure, job descriptions, etc.
- Competence needs should be defined for new and existing employees, as well as temporary employees.
- Documented information must be retained. This can include:
- Educational background and diplomas
- Signed application
- Copies of certificates
- Training attendance sheets
- Learning management systems
Serving aerospace and defense manufacturers, suppliers, distributors, and repair stations since 2005, simpleQuE offers customized AS9100, AS9110 and AS9120, or ASA-100 (FAA AC00-56) consulting, internal auditing, and training services.
Learn More About The simpleQuE Advantage