The aerospace industry is constantly evolving, and along with that comes an evolution of the Aerospace Certification Scheme. Unlike most standards, the AS9100, AS9120 and AS9110 standards update regularly and more frequently the Accreditation standard that Certification Bodies work to.

Auva is accredited to AS9104, which permits us to perform the Aerospace Scheme audits, and this is currently going through a transition period which should be completed in 2024. This can be challenging for certified organisations as the impact of the accreditation standard change will indirectly affect the AS9100, AS9120 and AS9110 standards, so although those requirements don’t change, the auditing approach will be very different.

As Auva transitions our system to meet the new accreditation requirements, we will communicate the fundamental changes to clients so that you know how these changes will affect your certification.

Depending on your organisation’s size, complexity and site structure, the changes will either be minimal or significant.

Some of the fundamental changes are:

  • Site structure changes
  • Audit planning
  • A risk-based approach to audit time

Site structure changes

There are currently five certification structures within the aerospace scheme: single-site, multi-site, campus, several and complex.

The new requirements align with IAF MD1 and revert to single site and multi-site structures like all other ISO standards. Organisations currently have single or multi-site structures that are still the same. For organisations with several or complex structures, these will revert to multi-site. For organisations on campus, these can flip either way, depending on what the organisation requires on their certificate.

You can change to a single site if you have a campus structure and do not require more than one address on the certificate. This is likely to suit those businesses who maybe have a warehouse over the road that is used for storage, that address does not deal directly with customers and often does not have any employees working within them.

If you require the address to appear on the certificate, then you will likely need to change to a multi-site structure. An example would be that an organisation has a separate machine shop for the building that is used due to outgrowing the current site and needing the extra room, kind of like an overflow manufacturing facility.

If required, your new structure will be applied at the next visit during 2024, which can obviously impact the audit time.

Audit planning

The new audit planning process is the element that will impact every client going forward. It will now take the lead auditor a lot longer than it has in the past and clients will play a large part in this process. The new audit time calculations will now include a 10% addition for this process to occur three months before the assessment date.

About three months before the audit, the lead auditor will issue a form which will ask for specific information on the status of the business, similar to the current data. However, the auditor will also require detailed KPI information and results, as well as the results of customer scorecards and reject/returns.

This process is critical to the new requirements and will need client input; if clients do not support the process by providing the information as required, then you could automatically be classed as high risk, and a non-conformance will be issued. The same will be done if false information is provided.

Organisations should spend time fine-tuning their KPIs and ensuring accurate data, especially on-time delivery and quality performance.

Risk-based approach to audit time

The lead auditor will review the information gained through the audit plan and put it through an analysis tool (OCAP) to place the audit within a high, medium or low category. This category will either leave the audit time per the audit timetable, add 10% or reduce it by 10%. There are seven different areas which are scored to determine the risk level.

This may not make a difference for smaller organisations, but for larger organisations, it can. The time can adjust every year and will fundamentally reward good performance.

Risk-based internal auditing is one of the risk inputs that will be easy for most organisations to implement and reduce. Risk-based internal audits have been required for several years but must be implemented more effectively. Audit schedules should adjust based on the risks surrounding the business, processes, changes and findings.

Under the new requirements, implementing a risk- based internal audit programme will place that risk score area into a low band. Analysing findings and increasing internal audits in those areas is one input to your audit plan and is very easy to implement.

It is recommended that you start to make these considerations in preparation for the transition.

Ensuring smooth transitions

There are many other changes, some considerable and some not so much. Our auditors will keep liaising with you on these changes and how they will impact the assessment approach.

For more information contact mike@auva.com