Mark Hammar In the AS9100 Rev D aerospace quality management system (QMS), we learned that some companies will use acceptance authority media (AAM) as a way of knowing who has approved products. While not every company uses AAM, this is common enough in the aerospace industry that requirements for control are included in AS9100 Rev D. In this article, we will look at what the standard requirements say about AAM. We will also look at some important things to consider when putting your controls in place if you use AS9100 acceptance authority media in your company.
What does the standard actually say?
Acceptance authority media is mentioned in Clause 8.5.2 Identification and Traceability, explaining about using AAM as a way of indicating the identity of outputs and to ensure the conformity of products. The overall clause requires that you always be able to tell what a product is (the identity of the product), as well as the conformity status of the product (where it is in production, and what testing it has passed). Some companies use acceptance authority media to keep track of this in their paperwork.
This clause on identification and traceability includes additional aerospace requirements for acceptance authority media. It states that, where AAM is used, your company must establish controls for how the media is used. These controls do not need to be in the form of a documented procedure, but this is certainly one way to make sure that all the rules are easily known. The important part of these controls is that, when you see a mark (such as a stamp impression) on your paperwork, it indicates that an activity such as a test was completed, and you know who did that activity at that time.
The clause also includes examples of different types of acceptance authority media that could be in place, including; stamps, electronic signatures and passwords. Remember that these are just common examples, and any media that you use to denote who has done a planned activity with your hardware needs to be controlled.
For more about traceability read the article How to meet traceability requirements in an AS9100D-based QMS.
How can you comply with these requirements?
Putting controls in place for acceptance authority media can include many different methods, but there are a few things to keep in mind when setting up your own rules:
Assigning the media – Media needs to be assigned to an individual, not several individuals. If you are using stamps, then one person will have a stamp that can be distinguished from everyone else. If you rely on passwords in a computer system to be able to sign off an operation, then these passwords need to be for each individual; a group password is not acceptable.
Differentiating the media – As part of assigning the media, it can also be important to have different types of media. For instance, it can be extremely helpful to know if a stamp was assigned to an inspector rather than an assembly person. This way, when you see it beside an inspection step, you know if was done by an employee with the correct competencies.
Controlling the media – Employees need to understand the necessity of keeping their acceptance media from unintended use. If anyone can take a quality inspector stamp out of a drawer and use it, then you really don’t know who performed the acceptance step. Keeping passwords private is also an important part of media control.
Replacing the media – Some companies will choose to re-use physical media (such as a stamp) when an employee leaves a position. When this is the case, it is important to have rules in place to know what dates an employee had the media in their possession. Doing so means that if, for example, you have a record from 2017, you know who had which stamps at this time. These rules often include having a gap of several months before re-issuing a stamp to a new employee. Many companies also choose to just destroy stamps after an employee leaves rather than re-using them to avoid this control step.
Knowing when the media is used – Due to the above rules, it is also important to know when acceptance media is actually used so you can match this to the timeframe. Having rules in place to record the date of use of acceptance media will allow you to compare the media with your acceptance media listing. Again, this will let you know who was assigned that media during the timeframe it was used. It can also help if you have employees change positions in your company; you will know what position they were in at the date that they used an electronic signature to approve a document, and lets you ensure they were competent for that approval at the time.
Ensure your process meets customer requirements
As with many requirements from AS9100 Rev D, it is important to know what your customer requirements are before you implement rules about acceptance authority media. Some customers will have very specific requirements on how these media are used, and others may even have requirements that exclude the use of certain authority media. Make sure that the rules you put in place meet the contractual obligations from your customers, as well as applicable laws and regulations.
Barring any specific rules imposed on your company, it is important to make decisions that will prove beneficial to your company rather than a complex and unnecessary process. Remember that AS9100 does not state that you need to have AAM, only that you need to have a control process. Before you choose to use AAM in your QMS, ask yourself if they are really necessary.
For more information on AAM in the AS9100 standard, and a better understanding of all of the requirements, download this free white paper: Clause-by-clause explanation of AS9100 Rev D.
