AS9100C (the latest version) was issued in January of 2009.  However it is not currently possible to be registered/certified to it.  The IAQG (International Aerospace Quality Group) has published a timeline that explains how and when organizations can become certified but this is currently awaiting two activities to be completed.

First, a companion standard AS9101 must be re-published to the D revision.  This standard contains instructions on how AS9100 should be audited and in the C version included a full standard checklist (which is now to be optional).  The substantial changes mean that AS9100C cannot be audited until this standard is published.  Currently this standard is being issued as a draft.  The draft will then need to be reviewed and voted upon.  That process will take many months that will mean it will not be available for final issue until about the end of the first quarter 2010.

Secondly, mandatory training is currently being designed.  This training has been identified by the IAQG as necessary to ensure better and more consistent auditing of AS9100.  A single source designer is about to be identified and when training materials are completed and approved by the IAQG, they will be made available to other training providers to deliver.  At this point, the single training designer has not been identified, materials have not yet been approved or made available for presentation.  It is currently expected that training will be “available” during the first quarter of 2010

If both of these tasks are completed on time then certifications to AS9100C should be possible shortly after.  It is recommended that you don’t plan on until mid to late summer 2010.  Cavendish Scott Intends to provide general training for AS9100C, the mandated AS9100C training and other AS training once these events are more defined.  We also intend to provide AS9100C upgrade materials and tools.

AS9100 is the Aerospace Industry version of ISO 9001. It takes the whole ISO 9001 standard and adds Aerospace specific requirements.  The additional requirements include such things as a requirement for defined processes for configuration control, project management and risk management – as well as many minor clarifications, extensions etc.

AS9100 is controlled by the IAQG (International Aerospace Quality Group) with the aim of strengthening the Aerospace supplier industry.  Their control over the auditing and certification process is such that the auditors tend to be very tough (no soft grading and recording ALL findings).  AS9100 is just as straightforward as ISDO 9001 but just more intense.  If you want to attempt AS9100 be prepared to implement a “tight” system without cutting corners.

Free e-Book: How to Avoid Famous Mistakes With ISO 9001

Want to avoid some of the most common auditing mistakes for ISO 9001? Get our free e-book on common ISO mistakes and how to avoid them.

Good Question.

Conventional wisdom is that step one is to determine your current situation.  In larger and more complex organizations this is more valid than in simpler and smaller organizations.

A formal gap audit will be conducted very much like an ISO assessment audit.  Each process will be examined, details will be checked and a comprehensive report will be generated.  Perhaps it doesn’t need to be as long as a formal ISO audit but gap audits are still often quite lengthy.

In many cases it is easy to determine the current situation.  “We don’t do internal audits, we haven’t got a formal calibration program, we don’t have a management review meeting”.  Many of the supporting ISO requirements are not implemented in organizations and you don’t need a formal gap analysis to tell you that.

The primary processes in an organization – those that you do for a living, tend to be in good shape.  ISO is such a good standard that if you are successful then you are probably meeting ISO 80-90%.  Consequently it will take a really detailed gap audit to identify these issues and that may simply not be worth it.  Accept that some “tweaking” will be necessary during the project…..but not much.

In most instances, with  a project plan in place,  the gap analysis has a very short life as any gaps are fixed within a few week.

When we perform consulting projects we skip the formal gap analysis in favor of a project planning exercise.  We look at each process, ask some telling questions and focus on planning the solution.  Documenting findings which we are going to fix in a few weeks is just  “busy work”.  We do a basic review of the current situation, produce a project plan identifying the ISO processes and cross referencing to the requirements we expect (at this stage) to address.  During the project, we get into each process in detail and make sure that everything is adequately addressed.  Thus any gaps that might have been around at the start of the project are not very relevant.  Of course we also course this a gap analysis!!

FREE E-BOOK:
Five Easy Pieces: The Basic Steps to ISO 9000

Need to begin implementing ISO 9000 but feeling overwhelmed and unsure where to start? Come get our free guide on the basic steps to ISO 9000:

Download Now

Anyone can be an ISO auditor.

Internal audits are conducted by employees who have been trained how to audit and they conduct audits within the company on behalf of the company. Contact your ISO representative and ask about opportunities for auditing.

Professional auditors work for the certification bodies. There are no mandatory qualifications to become an auditor but certification bodies are required to demonstrate that their auditors are competent. This is actually a very difficult task and a variety of techniques and records have been established by certification bodies to achieve it – to varying degrees of success. Further, just because a certification body has a lot of records in place, it doesn’t actually mean the auditor is any good. In practice, registrars insist or at least prefer that the people they hire (either as contractors or full time) are “registered” auditors. The two main auditor registration organizations are RABQSA based in Australia and America, and IRCA based in the UK. They both offer similar schemes – not surprisingly as they are governed by ISO standards.

RABQSA additionally offers a competency scheme that requires a comprehensive witnessed audit by an experienced skills examiner – although “who examines the examiner?” is a great question.

The other scheme more widely offered (and more popular) is a qualification scheme that requires you to pass a 5 day lead auditor class (with a 2 hour exam), demonstrate with a CV or resume that you have work experience of about 4 years, that you have more specific work experience of about 2 years (e.g. in quality or environmental sectors that you want to audit in) and then participate in audits to demonstrate audit experience.

Getting this audit experience is difficult for some. Some internal audits and supplier audits can count. Consulting audits can count too. If you don’t have access to this, then often a certification body will allow you to participate in audits but there is usually some payback associated with that. Some less than professional certification bodies will actually charge you to be part of a team that they are charging the client for.

You maintain a log of the audits that you have participated in and get the auditee or team leader to sign off on your logs. These, along with other evidence is submitted to the registration organization for review – and issue of your formal status as a registered auditor.

Once you have achieved lead auditor there is no guarantee that a certification body will contract with you or employ you. The work can be grueling, is not particularly well respected and not always well paid. You can use your qualification to set up as a consultant – but because many of us have had less than professional experiences of so-called professional auditors, the status doesn’t always mean much.

Most people who complete the lead auditor training course stop there claiming to be “ISO lead auditors” on their resume and most employers understand that and the value it brings.

Of course they can!  The more relevant question is whether they can “get involved”.

Firstly there are NO accreditation rules that forbid consultants, registrars rarely have documented policies for consultants involvement and thus the auditor often makes the decision.

Not unreasonably nobody wants any interference in an audit.  A consultant who tries to answer questions asked of other people is interfering.  That is not acceptable and the auditor should talk to the consultant.  However, there is nothing restricting the consultant from being involved.  Perhaps the consultant has a formal role in managing corrective action, conducting audits or providing training.

There is nothing that bans auditors from opening or closing meetings (although some auditors try this) and you should stand your ground when an auditor restricts your access to your experts.  If you don’t involve them they will not be able to help you if things go wrong.

ISO 9001 requires the management representative to be part of the organizations “own management” but it is unlikely that ISO were commenting on the employment status of the person performing this role and that would mean that so long as the consultant has a management role in the organization they can in fact be the management representative.  If your auditor is adamant (many of them are) then simply appoint the consultant to the role of coordinator and assign an internal manager as the management representative.

A well behaved consultant will contribute with answers to difficult ISO type questions and point the auditor in the right direction.  A clever auditor will welcome the consultant and take advantage of his/her expertise and experience with the organization.  Bad auditors are scared of being embarrassed or just believe that ISO should be handled by the organization without any help (a little bit like going to court without your lawyer).

Before the audit, get a copy of your registrars policy for consultants (or at least an email confirming it will be acceptable).  Preferably do this before choose the registrar and only choose those that will allow you access to your experts.