AS9100 Knowledge base

A new approach to document and record control in AS9100

Author: Mark Hammar

AS9100 Rev D, requirements for creating an aerospace Quality Management System (QMS), has taken the approach of following the new ISO 9001:2015 standard in the use of the term “documented information.” This has many people confused, and asking: “Can we delete our documented procedures? Are there no more requirements for documents and records? Just what is meant by documented information?” While the previous requirements for controlling documents and records have been removed, the new requirement for documented information is intended to cover both documents and records. Here is a bit more about what it means.

What is meant by ‘documented information’?

In AS9100, documented information is any meaningful data that the organization is required to control and maintain, and the medium on which it is contained. So, “documented information” refers to the Quality Management System (QMS) and its processes, documentation, and records.

The requirements for documented information are captured in section 7.5 of AS9100 Rev D, and include many of the same requirements that were in the previous version for controlling documents and records. The QMS still needs to include documented information that is required by the standard, as well as documented information that you have determined to be necessary for the effectiveness of the QMS. Processes to control documented information also need to consider the size of the organization and type of activities, the complexity of processes and interactions, and the competence of personnel.

Next, the requirements for creating and updating documented information include control over identification, appropriate format, and review & approval of documented information (which implies authorized persons and methods as determined by the organization). The final requirements deal with control, and availability and suitability where it is needed. Control includes adequate protection, applicable distribution, access, retrieval, use, storage, preservation, control of changes, retention and disposition, and particularly, prevention of unintended use of obsolete documented information. All of these requirements are much the same as those already in place for documented procedures and records, but have been made into one set of requirements.

So, what is the required documented information in AS9100?

Within AS9100 Rev D, the following pieces of documented information are required by the standard:

  • Scope of the QMS (including boundaries and applicability)
  • Anything necessary to support the operation of QMS processes
  • Anything necessary to be confident that QMS processes are carried out as planned
  • General description of your relevant interested parties
  • Description of processes of the QMS and their application, sequence, interaction, and assigned responsibilities and authorities
  • The Quality Policy
  • The Quality Objectives
  • Evidence that monitoring and measurement resources are fit for purpose
  • Calibration standards when no internationally recognized standard exists
  • Evidence of competence
  • Evidence that processes have been carried out as planned
  • Evidence to demonstrate conformity of products and services to requirements
  • Results of review of requirements related to products and services
  • Confirmation that design and development requirements have been met
  • Inputs and outputs of the design and development process
  • Design and development controls and changes
  • Results of evaluation, monitoring of performance, and re-evaluation of external providers
  • Information on external products, including retention periods and disposition requirements
  • Definition of characteristics of the products and services, including the activities to be performed and the results to be achieved
  • Validation and control of special processes
  • Results of production process verification
  • Information necessary to maintain traceability when this is required
  • What occurs when customer property is damaged, lost, or unusable
  • The results of changes to the production and service provisions
  • Release of product or service to the customer, including the person authorizing the release
  • Process for nonconformity control
  • Actions taken on nonconforming process outputs, products, and services, including concessions obtained
  • Results of monitoring and measurement activities
  • Evidence of the implementation of the audit program and audit results
  • Evidence of the results of the management review
  • Process for nonconformity and corrective action
  • Evidence of the nonconformities and actions taken, and the results of any corrective actions

Do you need to change your processes to comply with the new approach?

The AS9100 standard has never been prescriptive, meaning it does not tell you how you must implement the requirements. So, this means that if you want to keep your current process for document and record control, even the documented procedure that is in place, then this is an acceptable way to implement the requirements on documented information. If you will confuse your employees by changing these terms from “documents and records” to “documented information,” then don’t. Just ensure that everything that is required for the AS9100 standard is included in your QMS.

On the other hand, if you currently have two separate procedures for control of documentation and control of records, and see a benefit from combining them into one procedure with simplified requirements, this is the ideal time to do it. Remember, the AS9100 requirements are there to help you to find ways to control your processes and improve them; they should never get in the way of you finding benefits in your QMS.

 

Want to find out more about the AS9100 Rev D implementation process? Download the Diagram of AS9100 Rev D Implementation Process.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on AS9100 standard.

You may unsubscribe at any time.

For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what are your rights, see this Privacy Notice.

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.