The final published version of AS9101D has been released. This is a supporting standard to AS9100C that describes a mandatory auditing approach. It also contains the auditing checklist and the report format. This document is incredibly important because it will affect how your system is going to be audited and surreptitiously adds extra requirements that have to be met. Key elements of this document are:
Process approach. Many organizations wanted ISO for cheap. They implemented a documented system that basically copied the standard. It was quick. It was easy. But it wasn’t particularly useful. It didn’t describe what actually went on in the organization and never helped with understanding how the organization worked. It didn’t help with improvement but it did take maintenance to make sure it was working. It was often bureaucratic, difficult to follow and was managed separately to how the organization was actually run. Finally someone is pushing the process approach. If your documents were written around the structure of the ISO standard then you are not demonstrating a process approach. Ideally you should re-write you system in a process based manner. If you don’t then you need a good way to demonstrate that you fully understand and use your system in a process based manner. This should be a tangible response to be able to demonstrate it to an auditor.
Process Based Auditing. Registrars are mandated to audit in a process based manner. Six audit approaches have been included in the standard are although registrars are free to audit in any manner they want, it is likely that they will opt to simply follow these approaches. While it might not change the way you design your system, you should at least ensure you change the way you conduct audits to fully prepare for your AS auditor.
PEAR. The Process Effectiveness Assessment Report. Auditors are required to assess the effectiveness of your systems. A low score results in a nonconformity including a major nonconformity. Although this is not a “requirement” contained in the AS standard, you are just as likely to lose your certificate (and new rules mean you could lose it for a year minimum) for missing this. The scoring is applicable to key production and service provision processes. The first thing you need Is a process (with supporting evidence) to identify which processes you are going to score and to justify those that you are not. Although this is not your choice and your auditor may require a score for processes you have tried to exclude, you are likely to be more successful if you have a formal process with tangible evidence. This is going to be a controversial area. It is not difficult to perceive many organizations missing the issue (it is not in AS), complaining, appealing and even asking their customers to intervene. It is going to be interesting. By implementing a solution in advance, there is a good chance that your auditor will simply accept it.
AS9100C Checklist. While rumored that it would be cut out of the Rev D standard, it is still there. This is a good thing for auditing as it ensures a thorough audit is completed. Fundamentally nothing changed here but continue to expect a thorough and complete audit.
This standard provides us much more to think about than AS alone. How its actually implemented is yet to be seen. The IAQG mandatory training, which might resolve this is reviewed here.
Cavendish Scott, Inc. has analyzed the changes from Rev B to Rev C and identified the best solutions for different situations. We have also designed solutions to address the issues introduced in AS9101D. While these changes are simple in some area, it is likely to be the most rigorously audited and if you have not fully addressed everything there is a significant chance of you losing your registration for a year. With our approach Cavendish Scott, Inc. guarantees that you will maintain your registration. Here are more details or contact us if you have any specific questions.