设为首页 | 加入收藏
认证专家 当前您的位置:军工认证网>>认证专家
★AS9100认证★- AS9100认证标准内容

AS9100     质量管理体系 – 对于航空、航天以及国防组织的要求


Quality management systems — Requirements for Aviation, Space, and Defense Organizations

RATIONALE

This standard has been revised to incorporate the new clause structure and content of ISO 9001:2015. In addition, industry requirements, definitions, and notes have been revised in response to both ISO 9001 revisions and stakeholder needs.


FOREWORD

To assure customer satisfaction, aviation, space, and defense organizations must provide, and continually improve, safe and reliable products and services that meet or exceed customer and applicable statutory and regulatory requirements. The globalization of the industry and the resulting diversity of regional and national requirements and expectations have complicated this objective. Organizations have the challenge of purchasing products and services from external providers throughout the world and at all levels of the supply chain. External providers have the challenge of delivering products and services to multiple customers having varying quality requirements and expectations.

Industry has established the International Aerospace Quality Group (IAQG., with representatives from aviation, space, and defense companies in the Americas, Asia/Pacific, and Europe, to implement initiatives that make significant improvements in quality and reductions in cost throughout the value stream. This standard has been prepared by the IAQG.

This document standardizes quality management system requirements to the greatest extent possible and can be used at all levels of the supply chain by organizations around the world. Its use should result in improved quality, cost, and delivery performance through the reduction or elimination of organization-unique requirements, effective implementation of the quality management system, and wider application of good practice. While primarily developed for the aviation, space, and defense industry, this standard can also be used in other industry sectors when a quality management system with additional requirements over an ISO 9001 system is needed.

This standard includes ISO 9001:2015 1 quality management system requirements and specifies additional aviation, space, and defense industry requirements, definitions, and notes as shown in bold, italic text.

INTENDED APPLICATION

This standard is intended for use by organizations that design, develop, or provide aviation, space, and defense products and services; and by organizations providing post-delivery activities, including the provision of maintenance, spare parts, or materials for their own products and services.

NOTE: Organizations whose products are deliverable software, or contain deliverable software, should use the
IAQG-developed 9115 standard (see Bibliography) when planning and evaluating the software design, development, or management activities of the organization. The 9115 standard provides guidance to the requirements of the 9100 standard when it is desired to add “software” to the 9100 quality management system scope.

Organizations whose primary business is providing maintenance or continuing airworthiness management services for civil or military aviation articles and products; and original equipment manufacturers with maintenance, repair, and overhaul operations that are operated autonomously, or that are substantially different from their production operations; should use the IAQG-developed 9110 standard (see Bibliography).

Organizations that procure parts, materials, and assemblies and resells these products to a customer in the aviation, space, and defense industry should use the IAQG-developed 9120 standard (see Bibliography). This includes organizations that procure products and split them into smaller quantities, as well as those that coordinate a customer or regulatory controlled process on the product.

INTRODUCTION

0.1 General

The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives.

The potential benefits to an organization of implementing a quality management system based on this International Standard
are:

a. the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements;

b. facilitating opportunities to enhance customer satisfaction;

c. addressing risks and opportunities associated with its context and objectives;

d. the ability to demonstrate conformity to specified quality management system requirements.

This International Standard can be used by internal and external parties.

It is not the intent of this International Standard to imply the need for:
 
− uniformity in the structure of different quality management systems;

− alignment of documentation to the clause structure of this International Standard;

− the use of the specific terminology of this International Standard within the organization.

The quality management system requirements specified in this International Standard are complementary to requirements for products and services.

This International Standard employs the process approach, which incorporates the Plan-Do-Check-Act (PDCA) cycle and risk-based thinking.

The process approach enables an organization to plan its processes and their interactions.

The PDCA cycle enables an organization to ensure that its processes are adequately resourced and managed, and that opportunities for improvement are determined and acted on.

Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system to deviate from the planned results, to put in place preventive controls to minimize negative effects and to make maximum use of opportunities as they arise (see Clause A.4).

Consistently meeting requirements and addressing future needs and expectations poses a challenge for organizations in an increasingly dynamic and complex environment. To achieve this objective, the organization might find it necessary to adopt various forms of improvement in addition to correction and continual improvement, such as breakthrough change, innovation, and re-organization.

In this International Standard, the following verbal forms are used:
− “shall” indicates a requirement;
− “should” indicates a recommendation;
− “may” indicates a permission;
− “can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated requirement.

0.2 Quality Management Principles

This International Standard is based on the quality management principles described in ISO 9000. The descriptions include a statement of each principle, a rationale of why the principle is important for the organization, some examples of benefits associated with the principle, and examples of typical actions to improve the organization’s performance when applying the principle.

The quality management principles are:
- customer focus;
- leadership;
- engagement of people;
- process approach;
- improvement;
- evidence-based decision making;
- relationship management.

0.3 Process Approach

This International Standard promotes the adoption of a process approach when developing, implementing, and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. Specific requirements considered essential to the adoption of a process approach are included in 4.4.

Understanding and managing interrelated processes as a system contributes to the organization’s effectiveness and efficiency in achieving its intended results. This approach enables the organization to control the interrelationships and interdependencies among the processes of the system, so that the overall performance of the organization can be enhanced.

The process approach involves the systematic definition and management of processes, and their interactions, so as to achieve the intended results in accordance with the quality policy and strategic direction of the organization. Management of the processes and the system as a whole can be achieved using the PDCA cycle (see 0.3.2. with an overall focus on risk-based thinking (see 0.3.3. aimed at taking advantage of opportunities and preventing undesirable results.

The application of the process approach in a quality management system enables:
a. understanding and consistency in meeting requirements;
b. the consideration of processes in terms of added value;
c. the achievement of effective process performance;
d. improvement of processes based on evaluation of data and information.

Figure 1 gives a schematic representation of any process and shows the interaction of its elements. The monitoring and measuring check points, which are necessary for control, are specific to each process, and will vary depending on the related risks.

Figure 1 – Schematic representation of the elements of a single process

0.3.2 Plan-Do-Check-Act Cycle

The PDCA cycle can be applied to all processes and to the quality management system as a whole. Figure 2 illustrates how clauses 4 to 10 can be grouped in relation to the PDCA cycle.


The PDCA cycle can be briefly described as follows:

− Plan: establish the objectives of the system and its processes, and the resources needed to deliver results in accordance with customers’ requirements and the organization’s policies, and identify and address risks and opportunities;

− Do: implement what was planned;

− Check: monitor and (where applicable) measure processes and the resulting products and services against policies, objectives, requirements, and planned activities, and report the results;

− Act: take actions to improve performance, as necessary.

Figure 2 – Representation of the structure of this International Standard in the PDCA cycle

NOTE: Numbers in brackets refer to the clauses in this International Standard.

0.3.3 Risk-Based Thinking

Risk-based thinking (see Clause A.4) is essential for achieving an effective quality management system. The concept of risk-based thinking has been implicit in previous editions of this International Standard including, for example, carrying out preventive action to eliminate potential nonconformities, analyzing any nonconformities that do occur, and taking action to prevent recurrence that is appropriate for the effects of the nonconformity.

To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results, and preventing negative effects.

Opportunities can arise as a result of a situation favorable to achieving an intended result, for example, a set of circumstances that allow the organization to attract customers, develop new products and services, reduce waste, or improve productivity. Actions to address opportunities can also include consideration of associated risks. Risk is the effect of uncertainty and any such uncertainty can have positive or negative effects. A positive deviation arising from a risk can provide an opportunity, but not all positive effects of risk result in opportunities.

0.4 Relationship with Other Management System Standards

This International Standard applies the framework developed by ISO to improve alignment among its International Standards for management systems (see Clause A.1).

This International Standard enables an organization to use the process approach, coupled with the PDCA cycle and risk-
based thinking, to align or integrate its quality management system with the requirements of other management system standards.

This International Standard relates to ISO 9000 and ISO 9004 as follows:

− ISO 9000, “Quality management systems – Fundamentals and vocabulary”, provides essential background for the
proper understanding and implementation of this International Standard;

− ISO 9004, “Managing for the sustained success of an organization A quality management approach”, provides guidance for organizations that choose to progress beyond the requirements of this International Standard.

Annex B provides details of other International Standards on quality management and quality management systems that have been developed by ISO/TC 176.

This International Standard does not include requirements specific to other management systems, such as those for environmental management, occupational health and safety management, or financial management.

Sector-specific quality management system standards based on the requirements of this International Standard have been developed for a number of sectors. Some of these standards specify additional quality management system requirements, while others are limited to providing guidance to the application of this International Standard within the particular sector.

A matrix showing the correlation between the clauses of this edition of this International Standard and the previous edition
(ISO 9001:2008) can be found on the ISO/TC 176/SC 2 open access web site at: www.iso.org/tc176/sc02/public.

 

 

 

 

 

 

 

 

Quality management systems — Requirements

1 Scope

This standard includes ISO 9001:2015 2 quality management system requirements and specifies additional aviation, space, and defense industry requirements, definitions, and notes.

It is emphasized that the requirements specified in this standard are complementary (not alternative) to customer and applicable statutory and regulatory requirements.

If there is a conflict between the requirements of this standard and customer or applicable statutory or regulatory requirements, the latter shall take precedence.

This International Standard specifies requirements for a quality management system when an organization:

a. needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and

b. aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All the requirements of this International Standard are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.

NOTE 1 In this International Standard, the terms “product” or “service” only apply to products and services intended for, or required by, a customer.

NOTE 2 Statutory and regulatory requirements can be expressed as legal requirements.

2 Normative references

The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 9000:2015, Quality management systems — Fundamentals and vocabulary

ISO 9001:2015 Quality management systems – Requirements

3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 9000:2015 and the following apply.

3.1
Counterfeit Part

An unauthorized copy, imitation, substitute, or modified part (e.g., material, part, component), which is knowingly misrepresented as a specified genuine part of an original or authorized manufacturer.

NOTE: Examples of a counterfeit part can include, but are not limited to, the false identification of marking or labeling, grade, serial number, date code, documentation, or performance characteristics.

3.2 Critical Items

Those items (e.g., functions, parts, software, characteristics, processes. having significant effect on the provision and use of the products and services; including safety, performance, form, fit, function, producibility, service life, etc.; that require specific actions to ensure they are adequately managed. Examples of critical items include safety critical items, fracture critical items, mission critical items, key characteristics, etc.

3.3 Key Characteristic

An attribute or feature whose variation has a significant effect on product fit, form, function, performance, service life, or producibility, that requires specific actions for the purpose of controlling variation.

3.4 Product Safety

The state in which a product is able to perform to its designed or intended purpose without causing unacceptable risk of harm to persons or damage to property.

3.5 Special Requirements

Those requirements identified by the customer, or determined by the organization, which have high risks of not being met, thus requiring their inclusion in the operational risk management process. Factors used in the determination of special requirements include product or process complexity, past experience, and product or process maturity. Examples of special requirements include performance requirements imposed by the customer that are at the limit of the industry’s capability, or requirements determined by the organization to be at the limit of its technical or process capabilities.

NOTE: Special requirements (3.5) and critical items (3.2), along with key characteristics (3.3), are interrelated.

Special requirements are identified when determining and reviewing requirements related to the product (see 8.2.2 and 8.2.3). Special requirements can require the identification of critical items. Design output (see 8.3.5) can include identification of critical items that require specific actions to ensure they are adequately managed. Some critical items will be further classified as key characteristics because their variation needs to be controlled.

4 Context of the organization

4.1 Understanding the organization and its context

The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system.

The organization shall monitor and review information about these external and internal issues.

NOTE 1 Issues can include positive and negative factors or conditions for consideration.

NOTE 2 Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local.

NOTE 3 Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge and performance of the organization.

4.2 Understanding the needs and expectations of interested parties

Due to their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, the organization
shall determine:

a. the interested parties that are relevant to the quality management system;

b. the requirements of these interested parties that are relevant to the quality management system.

The organization shall monitor and review information about these interested parties and their relevant requirements.

4.3 Determining the scope of the quality management system

The organization shall determine the boundaries and applicability of the quality management system to establish its scope.

When determining this scope, the organization shall consider:

a. the external and internal issues referred to in 4.1;

b. the requirements of relevant interested parties referred to in 4.2;

c. the products and services of the organization.

The organization shall apply all the requirements of this International Standard if they are applicable within the determined scope of its quality management system.

The scope of the organization’s quality management system shall be available and be maintained as documented information. The scope shall state the types of products and services covered, and provide justification for any requirement of this International Standard that the organization determines is not applicable to the scope of its quality management system.

Conformity to this International Standard may only be claimed if the requirements determined as not being applicable do not affect the organization’s ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction.

4.4 Quality management system and its processes

4.4.1 The organization shall establish, implement, maintain and continually improve a quality management system, including the processes needed and their interactions, in accordance with the requirements of this International Standard.

The organization’s quality management system shall also address customer and applicable statutory and regulatory quality management system requirements.

The organization shall determine the processes needed for the quality management system and their application throughout the organization, and shall:

a. determine the inputs required and the outputs expected from these processes;

b. determine the sequence and interaction of these processes;

c. determine and apply the criteria and methods (including monitoring, measurements and related performance indicators. needed to ensure the effective operation and control of these processes;

d. determine the resources needed for these processes and ensure their availability;

e. assign the responsibilities and authorities for these processes;

f. address the risks and opportunities as determined in accordance with the requirements of 6.1;

g. evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;

h. improve the processes and the quality management system.

4.4.2 To the extent necessary, the organization shall:

a. maintain documented information to support the operation of its processes;

b. retain documented information to have confidence that the processes are being carried out as planned.

The organization shall establish and maintain documented information that includes:

− a general description of relevant interested parties (see 4.2 a);

− the scope of the quality management system, including boundaries and applicability (see 4.3);

− a description of the processes needed for the quality management system and their application throughout the
organization;

− the sequence and interaction of these processes; assignment of the responsibilities and authorities for these processes.

NOTE: The above description of the quality management system can be compiled into a single source of documented information and referred to as a quality manual.

5 Leadership

5.1 Leadership and commitment

5.1.1 General

Top management shall demonstrate leadership and commitment with respect to the quality management system by:

a. taking accountability for the effectiveness of the quality management system;

b. ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the context and strategic direction of the organization;

c. ensuring the integration of the quality management system requirements into the organization’s business processes;

d. promoting the use of the process approach and risk-based thinking;

e. ensuring that the resources needed for the quality management system are available;

f. communicating the importance of effective quality management and of conforming to the quality management system requirements;

g. ensuring that the quality management system achieves its intended results;

h. engaging, directing and supporting persons to contribute to the effectiveness of the quality management system;

i. promoting improvement;

j. supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

NOTE Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization’s existence, whether the organization is public, private, for profit or not for profit.

5.1.2 Customer focus

Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that:

a. customer and applicable statutory and regulatory requirements are determined, understood and consistently met;

b. the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed;

c. the focus on enhancing customer satisfaction is maintained.

d.. product and service conformity and on-time delivery performance are measured and appropriate action is taken
if planned results are not, or will not be, achieved.

5.2 Policy

5.2.1 Establishing the quality policy

Top management shall establish, implement and maintain a quality policy that:

a. is appropriate to the purpose and context of the organization and supports its strategic direction;

b. provides a framework for setting quality objectives;

c. includes a commitment to satisfy applicable requirements;

d. includes a commitment to continual improvement of the quality management system.

5.2.2 Communicating the quality policy

The quality policy shall:

a. be available and be maintained as documented information;

b. be communicated, understood and applied within the organization;

c. be available to relevant interested parties, as appropriate.

5.3 Organizational roles, responsibilities and authorities

Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.

Top management shall assign the responsibility and authority for:

a. ensuring that the quality management system conforms to the requirements of this International Standard;

b. ensuring that the processes are delivering their intended outputs;

c. reporting on the performance of the quality management system and on opportunities for improvement (see 10.1), in particular to top management;

d. ensuring the promotion of customer focus throughout the organization;

e. ensuring that the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented.

Top management shall appoint a specific member of the organization’s management, identified as the management representative, who shall have the responsibility and authority for oversight of the above requirements.

The management representative shall have the organizational freedom and unrestricted access to top management to resolve quality management issues.

NOTE: The responsibility of a management representative can include liaison with external parties on matters relating to the quality management system.

6 Planning

6.1 Actions to address risks and opportunities

6.1.1 When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to:

a. give assurance that the quality management system can achieve its intended result(s.;

b. enhance desirable effects;

c. prevent, or reduce, undesired effects;

d. achieve improvement.

6.1.2 The organization shall plan:

a. actions to address these risks and opportunities;

b. how to:
1. integrate and implement the actions into its quality management system processes (see 4.4);
2. evaluate the effectiveness of these actions.

Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.

NOTE 1 Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source, changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.

NOTE 2 Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new customers, building partnerships, using new technology and other desirable and viable possibilities to address the organization’s or its customers’ needs.

6.2 Quality objectives and planning to achieve them

6.2.1 The organization shall establish quality objectives at relevant functions, levels and processes needed for the quality management system.

The quality objectives shall:

a. be consistent with the quality policy;

b. be measurable;

c. take into account applicable requirements;

d. be relevant to conformity of products and services and to enhancement of customer satisfaction;

e. be monitored;

f. be communicated;

g. be updated as appropriate.

The organization shall maintain documented information on the quality objectives.

6.2.2 When planning how to achieve its quality objectives, the organization shall determine:

a. what will be done;

b. what resources will be required;

c. who will be responsible;

d. when it will be completed;

e. how the results will be evaluated.

6.3 Planning of changes

When the organization determines the need for changes to the quality management system, the changes shall be carried out in a planned manner (see 4.4).

The organization shall consider:

a. the purpose of the changes and their potential consequences;

b. the integrity of the quality management system;

c. the availability of resources;

d. the allocation or reallocation of responsibilities and authorities.

7 Support

7.1 Resources

7.1.1 General

The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the quality management system.

The organization shall consider:

a. the capabilities of, and constraints on, existing internal resources;

b. what needs to be obtained from external providers.

7.1.2 People

The organization shall determine and provide the persons necessary for the effective implementation of its quality management system and for the operation and control of its processes.

7.1.3 Infrastructure

The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services.

NOTE Infrastructure can include:

a. buildings and associated utilities;

b. equipment, including hardware and software;

c. transportation resources;

d. information and communication technology.

7.1.4 Environment for the operation of processes

The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services.

NOTE A suitable environment can be a combination of human and physical factors, such as:

a. social (e.g. non-discriminatory, calm, non-confrontational);

b. psychological (e.g. stress-reducing, burnout prevention, emotionally protective);

c. physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise).

These factors can differ substantially depending on the products and services provided.

7.1.5 Monitoring and measuring resources

7.1.5.1 General

The organization shall determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements.

The organization shall ensure that the resources provided:

a. are suitable for the specific type of monitoring and measurement activities being undertaken;

b. are maintained to ensure their continuing fitness for their purpose.

The organization shall retain appropriate documented information as evidence of fitness for purpose of the monitoring and measurement resources.

7.1.5.2 Measurement traceability

When measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in the validity of measurement results, measuring equipment shall be:

a. calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; when no such standards exist, the basis used for calibration or verification shall be retained as documented information;

b. identified in order to determine their status;

c. safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results.

The organization shall establish, implement, and maintain a process for the recall of monitoring and measuring equipment requiring calibration or verification.

The organization shall maintain a register of the monitoring and measuring equipment. The register shall include the equipment type, unique identification, location, and the calibration or verification method, frequency, and acceptance criteria.

NOTE: Monitoring and measuring equipment can include, but are not limited to: test hardware, test software, automated test equipment (ATE), and plotters used to produce verification data. It also includes personally owned and customer supplied equipment used to provide evidence of product and service conformity.

Calibration or verification of monitoring and measuring equipment shall be carried out under suitable environmental conditions (see 7.1.4).

The organization shall determine if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose, and shall take appropriate action as necessary.

7.1.6 Organizational knowledge

The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.

This knowledge shall be maintained and be made available to the extent necessary.

When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates.

NOTE 1 Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is used and shared to achieve the organization’s objectives.

NOTE 2 Organizational knowledge can be based on:

a. internal sources (e.g. intellectual property; knowledge gained from experience; lessons learned from failures and successful projects; capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products and services);

b. external sources (e.g. standards; academia; conferences; gathering knowledge from customers or external providers).

7.2 Competence

The organization shall:

a. determine the necessary competence of person(s. doing work under its control that affects the performance and effectiveness of the quality management system;

b. ensure that these persons are competent on the basis of appropriate education, training, or experience;

c. where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;

d. retain appropriate documented information as evidence of competence.

NOTE: Consideration should be given for the periodic review of the necessary competence.

NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the reassignment of currently employed persons; or the hiring or contracting of competent persons.

7.3 Awareness

The organization shall ensure that persons doing work under the organization’s control are aware of:

a. the quality policy;

b. relevant quality objectives;

c. their contribution to the effectiveness of the quality management system, including the benefits of improved performance;

d. the implications of not conforming with the quality management system requirements.

e. relevant quality management system documented information and changes thereto;

f. their contribution to product or service conformity;

g. their contribution to product safety;

h. the importance of ethical behavior.

7.4 Communication

The organization shall determine the internal and external communications relevant to the quality management system, including:

a. on what it will communicate;

b. when to communicate;

c. with whom to communicate;

d. how to communicate;

e. who communicates.

NOTE: Communication should include internal and external feedback relevant to the quality management system.

7.5 Documented information

7.5.1 General

The organization’s quality management system shall include:

a. documented information required by this International Standard;

b. documented information determined by the organization as being necessary for the effectiveness of the quality management system.

NOTE The extent of documented information for a quality management system can differ from one organization to another due to:

— the size of organization and its type of activities, processes, products and services;

— the complexity of processes and their interactions;

— the competence of persons.

7.5.2 Creating and updating

When creating and updating documented information, the organization shall ensure appropriate:

a. identification and description (e.g. a title, date, author, or reference number.;

b. format (e.g. language, software version, graphics. and media (e.g. paper, electronic.;

c. review and approval for suitability and adequacy.

7.5.3 Control of documented information

7.5.3.1 Documented information required by the quality management system and by this International Standard shall be controlled to ensure:

a. it is available and suitable for use, where and when it is needed;

b. it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

7.5.3.2 For the control of documented information, the organization shall address the following activities, as applicable:

a. distribution, access, retrieval and use;

b. storage and preservation, including preservation of legibility;

c. control of changes (e.g. version control);

d. retention and disposition.

e. prevention of the unintended use of obsolete documented information by removal or by application of suitable identification or controls if kept for any purpose.

Documented information of external origin determined by the organization to be necessary for the planning and operation of the quality management system shall be identified as appropriate, and
be controlled.

Documented information retained as evidence of conformity shall be protected from unintended alterations.

When documented information is managed electronically, data protection processes shall be defined (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage).

NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

8 Operation

8.1 Operational planning and control

The organization shall plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in
Clause 6, by:

a. determining the requirements for the products and services;

NOTE: Determination of requirements for the products and services should include consideration of:

- personal and product safety;

- producibility and inspectability;

- reliability, availability, and maintainability;

- suitability of parts and materials used in the product;

- selection and development of embedded software;

- product obsolescence;

- prevention, detection, and removal of foreign objects;

- handling, packaging, and preservation;

- recycling or final disposal of the product at the end of its life.

b. establishing criteria for:

1. the processes;

2. the acceptance of products and services;

NOTE: According to the nature of the product and depending on the specified requirements, statistical techniques can be used to support:

- design verification (e.g., reliability, maintainability, product safety);

- process control;
•
 selection and verification of key characteristics;
 process capability measurements;
 statistical process control;
 design of experiments

- verification;

- failure mode, effects, and criticality analysis.

c. determining the resources needed to achieve conformity to the product and service requirements and to meet on-time
delivery of products and services;

d. implementing control of the processes in accordance with the criteria;

e. determining, maintaining and retaining documented information to the extent necessary:

1. to have confidence that the processes have been carried out as planned;

2. to demonstrate the conformity of products and services to their requirements.

f. determining the processes and controls needed to manage critical items, including production process controls when key characteristics have been identified;

g. engaging representatives of affected organization functions for operational planning and control;

h. determining the process and resources to support the use and maintenance of the products and services;

i. determining the products and services to be obtained from external providers;

j. establishing the controls needed to prevent the delivery of nonconforming products and services to the customer.

NOTE: One method to achieve operational planning and control can be through using integrated phased processes.

As appropriate to the organization, customer requirements, and products and services, the organization shall plan and manage product and service provision in a structured and controlled manner including scheduled events performed in a planned sequence to meet requirements at acceptable risk, within resource and schedule constraints.

NOTE: This activity is generally referred to as project planning, project management, or program management.

The output of this planning shall be suitable for the organization’s operations.

NOTE: As an output of this planning, documented information specifying the processes of the quality management system and the resources to be applied to a specific product, service, project, or contract can be referred to as a quality plan.

The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary.

The organization shall ensure that outsourced processes are controlled (see 8.4).

The organization shall establish, implement, and maintain a process to plan and control the temporary or permanent transfer of work, to ensure the continuing conformity of the work to requirements. The process shall ensure that work transfer impacts and risks are managed.

NOTE: For the control of work transfer from the organization to an external provider, or from an external provider to another external provider, see 8.4. For the control of work transfer from one organization facility to another, or from an external provider to the organization, see 8.5.

8.1.1 Operational Risk Management

The organization shall plan, implement, and control a process for managing operational risks to the achievement of applicable requirements, which includes as appropriate to the organization and the products and services:

a. assignment of responsibilities for operational risk management;

b. definition of risk assessment criteria (e.g., likelihood, consequences, risk acceptance);

c. identification, assessment, and communication of risks throughout operations;

d. identification, implementation, and management of actions to mitigate risks that exceed the defined risk acceptance criteria;

e. acceptance of risks remaining after implementation of mitigating actions.

NOTE 1: While clause 6.1 addresses the risks and opportunities when planning for the quality management system of the organization, the scope of this clause (8.1.1) is limited to the risks associated to the operational processes needed for the provision of products and services (clause 8).

NOTE 2: Within the aviation, space, and defense industry, risk is generally expressed in terms of the likelihood of occurrence and the severity of the consequences.

8.1.2 Configuration Management
The organization shall plan, implement, and control a process for configuration management as appropriate to the organization and its products and services in order to ensure the identification and control of physical and functional attributes throughout the product lifecycle. This process shall:

a. control product identity and traceability to requirements, including the implementation of identified changes;

b. ensure that the documented information (e.g., requirements, design, verification, validation and acceptance documentation) is consistent with the actual attributes of the products and services.

8.1.3 Product Safety

The organization shall plan, implement, and control the processes needed to assure product safety during the entire product life cycle, as appropriate to the organization and the product.

NOTE: Examples of these processes include:

- assessment of hazards and management of associated risks (see 8.1.1);

- management of safety critical items;

- analysis and reporting of occurred events affecting safety;
 
- communication of these events and training of persons.

8.1.4 Prevention of Counterfeit Parts

The organization shall plan, implement, and control processes, appropriate to the organization and the product, for the prevention of counterfeit or suspect counterfeit part use and their inclusion in product(s) delivered to the customer.

NOTE: Counterfeit part prevention processes should consider:

− training of appropriate persons in the awareness and prevention of counterfeit parts;

− application of a parts obsolescence monitoring program;

− controls for acquiring externally provided product from original or authorized manufacturers, authorized distributors, or other approved sources;

− requirements for assuring traceability of parts and components to their original or authorized manufacturers;

− verification and test methodologies to detect counterfeit parts;

− monitoring of counterfeit parts reporting from external sources;

− quarantine and reporting of suspect or detected counterfeit parts.

8.2 Requirements for products and services

8.2.1 Customer communication

Communication with customers shall include:

a. providing information relating to products and services;

b. handling enquiries, contracts or orders, including changes;

c. obtaining customer feedback relating to products and services, including customer complaints;

d. handling or controlling customer property;

e. establishing specific requirements for contingency actions, when relevant.

8.2.2 Determining the requirements for products and services

When determining the requirements for the products and services to be offered to customers, the organization shall ensure that:

a. the requirements for the products and services are defined, including:

1. any applicable statutory and regulatory requirements;

2. those considered necessary by the organization;

b. the organization can meet the claims for the products and services it offers.

c. special requirements of the products and services are determined;

d. operational risks (e.g., new technology, ability and capacity to provide, short delivery time frame) have been identified.

8.2.3 Review of the requirements for products and services

8.2.3.1 The organization shall ensure that it has the ability to meet the requirements for products and services to be offered to customers. The organization shall conduct a review before committing to supply products and services to a customer, to include:

a. requirements specified by the customer, including the requirements for delivery and post-delivery activities;

b. requirements not stated by the customer, but necessary for the specified or intended use, when known;

c. requirements specified by the organization;

d. statutory and regulatory requirements applicable to the products and services;

e. contract or order requirements differing from those previously expressed.

This review shall be coordinated with applicable functions of the organization.

If upon review the organization determines that some customer requirements cannot be met or can only partially be met, the organization shall negotiate a mutually acceptable requirement with the customer.

The organization shall ensure that contract or order requirements differing from those previously defined are resolved.

The customer’s requirements shall be confirmed by the organization before acceptance, when the customer does not provide a documented statement of their requirements.

NOTE In some situations, such as internet sales, a formal review is impractical for each order. Instead, the review can cover relevant product information, such as catalogues.

8.2.3.2 The organization shall retain documented information, as applicable:

a. on the results of the review;

b. on any new requirements for the products and services.

8.2.4 Changes to requirements for products and services

The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.

8.3 Design and development of products and services

8.3.1 General

The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.

8.3.2 Design and development planning

In determining the stages and controls for design and development, the organization shall consider:

a. the nature, duration and complexity of the design and development activities;

b. the required process stages, including applicable design and development reviews;

c. the required design and development verification and validation activities;

d. the responsibilities and authorities involved in the design and development process;

e. the internal and external resource needs for the design and development of products and services;

f. the need to control interfaces between persons involved in the design and development process;

g. the need for involvement of customers and users in the design and development process;

h. the requirements for subsequent provision of products and services;

i. the level of control expected for the design and development process by customers and other relevant interested parties;

j. the documented information needed to demonstrate that design and development requirements have been met.

When appropriate, the organization shall divide the design and development effort into distinct activities and, for each activity, define the tasks, necessary resources, responsibilities, design content, and inputs and outputs.

Design and development planning shall consider the ability to provide, verify, test and maintain products and services (reference output of 8.1 a).

8.3.3 Design and development inputs

The organization shall determine the requirements essential for the specific types of products and services to be designed and developed. The organization shall consider:

a. functional and performance requirements;

b. information derived from previous similar design and development activities;

c. statutory and regulatory requirements;

d. standards or codes of practice that the organization has committed to implement;

e. potential consequences of failure due to the nature of the products and services.

f. when applicable, the potential consequences of obsolescence (e.g., materials, processes, components, equipment, products).

Inputs shall be adequate for design and development purposes, complete and unambiguous.

Conflicting design and development inputs shall be resolved.

The organization shall retain documented information on design and development inputs.

NOTE: The organization can also consider as design and development inputs other information such as benchmarking, external provider feedback, internally generated data, and in-service data.

8.3.4 Design and development controls

The organization shall apply controls to the design and development process to ensure that:

a. the results to be achieved are defined;

b. reviews are conducted to evaluate the ability of the results of design and development to meet requirements;

c. verification activities are conducted to ensure that the design and development outputs meet the input requirements;

d. validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified application or intended use;

e. any necessary actions are taken on problems determined during the reviews, or verification and validation activities;

f. documented information of these activities is retained;

g. progression to the next stage is authorized.

Participants in design and development reviews shall include representatives of functions concerned with the design and development stage(s) being reviewed.

NOTE Design and development reviews, verification and validation have distinct purposes. They can be conducted separately or in any combination, as is suitable for the products and services of the organization.

8.3.4.1 When tests are necessary for verification and validation, these tests shall be planned, controlled,
reviewed, and documented to ensure and prove the following:
 
a. test plans or specifications identify the test item being tested and the resources being used, define test objectives and conditions, parameters to be recorded and relevant acceptance criteria;

b. test procedures describe the test methods to be used, how to perform the test, and how to record the results;

c. the correct configuration of the test item is submitted for the test;

d. the requirements of the test plan and the test procedures are observed;

e. the acceptance criteria are met.

Monitoring and measuring devices used for testing shall be controlled as defined in clause 7.1.5.

At the completion of design and development, the organization shall ensure that reports, calculations, test results, etc., are able to demonstrate that the design for the product or service meets the specification requirements for all identified operational conditions.

8.3.5 Design and development outputs

The organization shall ensure that design and development outputs:

a. meet the input requirements;

b. are adequate for the subsequent processes for the provision of products and services;

c. include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria;

d. specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision;

e. specify, as applicable, any critical items, including any key characteristics, and specific actions to be taken for these items;

f. are approved by authorized person(s) prior to release.

The organization shall define the data required to allow the product to be identified, manufactured, verified, used, and maintained.

NOTE: Data can include:

- the drawings, part lists, and specifications necessary to define the configuration and the design features of the product;

- the material, process, manufacturing, assembly, handling, packaging, and preservation data needed to provide and maintain a conforming product or service;

- the technical data and repair schemes for operating and maintaining the product.

The organization shall retain documented information on design and development outputs.

8.3.6 Design and development changes

The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements.

The organization shall implement a process with criteria for notifying its customer, prior to implementation, about changes that affect customer requirements.

The organization shall retain documented information on:

a. design and development changes;

b. the results of reviews;

c. the authorization of the changes;

d. the actions taken to prevent adverse impacts.

Design and development changes shall be controlled in accordance with the configuration management process requirements.

8.4 Control of externally provided processes, products and services

8.4.1 General

The organization shall ensure that externally provided processes, products and services conform to requirements.

The organization shall be responsible for the conformity of all externally provided processes, products, and services, including from sources defined by the customer.

The organization shall ensure, when required, that customer-designated or approved external providers, including process sources (e.g., special processes), are used.

The organization shall identify and manage the risks associated with the external provision of processes, products, and services, as well as the selection and use of external providers.

The organization shall require that external providers apply appropriate controls to their direct and sub-tier external providers, to ensure that requirements are met.

The organization shall determine the controls to be applied to externally provided processes, products and services when:

a. products and services from external providers are intended for incorporation into the organization’s own products and services;

b. products and services are provided directly to the customer(s. by external providers on behalf of the organization;

c. a process, or part of a process, is provided by an external provider as a result of a decision by the organization.

The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements. The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.

NOTE: During external provider evaluation and selection, the organization can use quality data from objective and reliable external sources, as evaluated by the organization (e.g., information from accredited quality management system or process certification bodies, external provider approvals from government authorities or customers). Use of such data would be only one element of an organization’s external provider control process and the organization remains responsible for verifying that externally provided processes, products, and services meet specified requirements.

8.4.1.1 The organization shall:

a. define the process, responsibilities, and authority for the approval status decision, changes of the approval status, and conditions for a controlled use of external providers depending on their approval status;

b. maintain a register of its external providers that includes approval status (e.g., approved, conditional, disapproved) and the scope of the approval (e.g., product type, process family);

c. periodically review external provider performance including process, product and service conformity, and on-time delivery performance;

d. define the necessary actions to take when dealing with external providers that do not meet requirements;

e. define the requirements for controlling documented information created by and/or retained by external providers.

8.4.2 Type and extent of control

The organization shall ensure that externally provided processes, products and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers.

The organization shall:

a. ensure that externally provided processes remain within the control of its quality management system;

b. define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output;

c. take into consideration:

1. the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet customer and applicable statutory and regulatory requirements;

2. the effectiveness of the controls applied by the external provider;

3. the results of the periodic review of external provider performance (see 8.4.1.1 c);

d. determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements.

Verification activities of externally provided processes, products, and services shall be performed according to the risks identified by

成都公司地址:成都市高新区天府三街峰汇中心1-10-8    重庆公司地址:重庆市江北区北滨二路江北嘴紫御江山7-8-4