73 Ocean Street, New South Wales 2000, SYDNEY

Contact Person: Callum S Ansell
E: [email protected]
P: (02) 8252 5319


22 Guild Street, NW8 2UP,

Contact Person: Matilda O Dunn
E: [email protected]
P: 070 8652 7276


Genslerstraße 9, Berlin Schöneberg 10829, BERLIN

Contact Person: Thorsten S Kohl
E: [email protected]
P: 030 62 91 92

Crucial Insights into AS9100D Risk Requirements for Aerospace and Defense

General, IAQG, In the news, Standards

In the complex realm of Aviation, Space, and Defense (ASD) organizations, comprehending AS9100D risk requirements is crucial. AS9100D:2016 brought about the integration of risk-based thinking with operational risk introduced in AS9100C:2009, fostering a comprehensive approach. This mandate for risk identification and mitigation traces back to AS9100’s inception in 1999, with an initial focus on risk assessment during contracting. Aiming for comprehensive coverage, the International Aerospace Quality Group® (IAQG) progressively introduced requirements touching on operational orders in 2009 and overarching organizational risks in 2016.

At its core, these requirements aim to cultivate a proactive risk and opportunity culture. By embracing effective risks and opportunities processes, the Aerospace Quality Management System (AQMS) effectiveness is elevated. The outcome is a harmonious blend of desirable enhancements, containment of undesirable impacts, and improved results by mitigating risks. In driving this transformation, leadership bears the responsibility of not only initiating but also nurturing the risk-based thinking culture.

Contrary to a siloed approach, AS9100 implementation involves an integration of risk considerations. Unlike the former preventive action clause, risk is woven seamlessly across the standard, spanning from Clause 0.1 to 10.2. This view recognizes risk as a proactive tool, fostering AQMS alignment with its goals and enhancing overall customer satisfaction. Importantly, this model necessitates leadership’s unwavering commitment to ensure that risk-based thinking permeates every organizational facet.

Risk cascades through a generic process and marks specific monitoring and measuring checkpoints tailored to its uniqueness. This approach converges with the Plan-Do-Check-Act (PDCA) cycle, where the initial planning stage seeks to anchor system and process objectives. It also underscores that addressing risk is not a standalone process, but a universal theme driving holistic improvement.

Annex A.4, a notable section, acknowledges that risk-based thinking was implicitly present in prior standards. Yet, the question arises: Does this implicit acknowledgment suffice for compliance, or does compliance demand more than just “thinking”? Clause 6.1.2 clarifies that organizations must not merely contemplate risks and opportunities, but actively plan actions and evaluate their efficacy. Substantiating this with evidence, organizations must present action plans accompanied by mitigation steps.

Clause 6.1.2 further accentuates that actions must be proportionate to their potential impact on product and service conformity. This necessitates a business-oriented approach, ensuring efficient resource allocation rather than chasing inconsequential concerns. Clause 8.1.1 takes the spotlight, stipulating that organizations must devise, implement, and control a process for managing operational risks. This process encompasses risk criteria, identification, assessment, communication, mitigation actions, and acceptance of residual risks. Importantly, evidence of operational risk management should weave through the product lifecycle.

To foster compliance, organizations must heed Clause 4.4.2b, underscoring the need for retained documented information. This ensures confidence that planned processes are executed. The relationship between risk-based thinking and operational risk is pivotal, as the former spans AQMS processes.

Operational risks, a subset of risk-based thinking, gravitate toward Clause 8, typifying the operational process’s lifecycle. Function-specific controls define this process, whether it’s program management, contracts, engineering, procurement, or production (Clauses 8.1-8.7). Notably, operational risk management is particularly relevant for ensuring risk resilience across the lifecycle.

Even as some organizations set risk thresholds, the emergence of corrective actions from escapes necessitates a reevaluation of risk assessments. Clause 10.2.1e demands that risks and opportunities identified during planning be revisited as corrective actions arise.

Finally, recognizing risk as a coin with both positive and negative facets, organizations are called to harness opportunities arising from uncertainty. Like risks, opportunities are pervasive across AQMS facets. From identifying new customers to innovating products or services, these opportunities underpin AQMS enhancement.

In summary, elevating organizational performance aligns with the International Accreditation Forum’s envisioned outcomes and demands anchoring AS9100D compliance within the framework of risk-based thinking and operational risk management. This approach, designed to amplify favorable effects and minimize adverse impacts, is a cornerstone of achieving improved results.

This article is a summary of the published article titled “Did you Understand the Assignment?  Making sense of AS9100D risk requirements.”