There are major changes in the aerospace sector with the impending release of the 9104 series of standards. Firstly, the potential to add or reduce audit days for 3rd party audits based on a risk assessment. Secondly, the process for the authentication of 3rd party auditors and the training needed to be completed.

9104/1 – Risk Assessment

There is now a risk assessment element to the 3rd party audit process. This risk assessment will cover the following performance based elements:

  • Complexity
  • Internal Audit
  • On-time Delivery
  • Conformity of delivered product or service (e.g., Item Escape Rate)
  • Customer Complaints/Feedback
  • AQMS Process Effectiveness from Previous Audit Report

The elements above can be determined to be low/medium/high risk depending on the outcome of the risk assessment.

This risk assessment includes an optional “Performance Based Surveillance/Recertification Process” (PBS/RP)  that includes the following:

  1. Completion of one AQMS certification cycle.
  2. The OCAP Risk Analysis from 8.6.5.4 (AS9104/1) results in a low/medium risk) for each site, including the central function.
  3. Implementation of an Internal Audit Program in accordance with ISO 19011, including:

Defined, structured, multiple event audit program that adjusts throughout the calendar years based upon;

  • performance
  • customer complaints
  • risk and
  • change management  
  • Internal auditor competency that includes:
  • Auditor(s)  that have passed a TPAB approved ASD Lead Auditor Course. (9104/3)”
  • Organization has ethics policy that includes communication and reporting processes.
  • No externally identified major nonconformity (e.g., CB auditors, customers, regulatory authorities) as defined in 9101. in the past 12 months related to internal audit, management review, or corrective action processes issued to either the central function or a single site structure organization.
  • No certificate suspension due to an AQMS nonconformance in the past six years.
  • Meeting customer satisfaction metrics based on customer provided data.

The outcome of the above can be yes/no depending on whether you pass or fail each of the criteria A to H. To be considered qualified (Yes) you must pass each of the criteria identified.

Audit Days

Example of audit days 125 employees (Surveillance) previously on site 4 days (excluding planning and reporting)

Scenario 1 – High risk  and PBS/RP (No) audit days = 4.5 days (Additional 0.5 days)

Scenario 2 – Low risk  and PBS/RP (Yes) audit days = 2.5 days (Reduction of 1.5 days)

The reduction or addition of audit days is a major change and could be significant for many organisations going forward. Thinking of both time and cost savings if the days were to be reduced.

AATT Audit Process (9104/3)

All new auditors that want to become AATT certified and then go on to become an AA or and AEA authenticated auditor will now have to provide evidence of passing a TPAB approved ASD Lead Auditor Course (see 9104/3 paragraph 3.7).

These courses can only be provided by TPAB approved training partners. CQI/IRCA 9100 Lead Auditor courses will not be considered as evidence after the transition period is completed.