As a member of the UK RMS Board, I feedback my comments in November 2023 on the key changes (as available in the public domain) – here are the latest anticipated changes to IA9100:2027 with my personal Observations .. .. ..

“the only certainty is uncertainty – the only constant is change”

INTRODUCTION

Clause 0.1

Organizational culture and ethical behavior are critical to an effective QMS and the ability of an organization to achieve its intended results. The organization’s culture and ethics are evident in the attitudes, behaviors, shared values and history.

Applicable: Indicates relevant or capable of being applied to a particular situation;

Appropriate: Indicates suitable, fitting, or proper for a specific purpose or context

Clause 0.2

Implementation of a quality management system and the management principles are the cornerstones to establishing a culture of quality within the organization. The definition of objectives and measurement can be used to further advance a culture focused on quality products and services.

3. TERMS AND DEFINITIONS

3.1 Counterfeit Part

An unauthorized copy, imitation, substitute, or modified item which is knowingly, recklessly, or negligently misrepresented as a specified genuine item from an authorized manufacturer; or a previously used item which has been represented as new.

3.6 Sub-tier External Provider

Any external provider that provides products or services to an organization that is not a direct (first tier) external provider, includes second-tier, third-tier, fourth-tier, etc.

Observation: Additional NOTES added to existing clauses to provide guidance on the use of APQP and PPAP

• 0.3.3 Risk-Based Thinking [not in DIS/ISO 9001:2025]

• 8.1 Operational Planning and Control

• 8.1.1 Operational Risk Management

• 8.3.1 General [8.3 Design and Development of Products and Services]

• 8.5.1.3 Production Process Verification

5. LEADERSHIP

Proposed addition of organizational culture and ethical work environment is deleted.

Observation: Unlikely to be removed from IA9100 as ISO 9001:2026 is expected (based on DIS/ISO 9001:2025) to contain –

i) promoting quality culture and ethical behaviour;

NOTE 2 An organization's quality culture and ethical behaviour are reflected in its shared values, attitudes, and established practices.

Consequently, the assumed “risk adding complexity or dilution to certification audits” will have to be delt with by CB auditors!

6. PLANNING

6.1 Actions to address risks and opportunities

Observation: Not specified in 1st Draft: NOTE to clarify operational risk controls in clause 8.1.1

7. SUPPORT

Observation: Amendment to existing 7.1.3 Infrastructure clause to respond to the growing use of AI and necessary controls within the industry

7.1.3 – new requirement added:

The organization shall define the controls governing the application of Artificial Intelligence (AI) tools

Observation: Amendment to existing clause 7.1.5.1 General to ensure that appropriate resources are used to verify characteristics with precision and accuracy

c) are capable of ensuring the precision and accuracy necessary to verify product and process conformity

NOTE:  The extent to which measurement introduces variation in measurement results can be determined by measurement systems analysis, gauge R&R, or attribute analysis.

Observation: Addition to existing clause 7.1.5.2 Measurement Traceability to ensure robust action is taken when necessary to protect the organization, customer and product

The organization shall determine if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose, and shall take appropriate action as necessary, including evaluation, containment, correction and corrective action (see 10.2).

Observation: New Note added to already proposed new clause 7.1.7 to recognize the growing importance of Information Security within the industry

7.1.7. The organization shall plan, implement, and control information security to safeguard the QMS to achieve its intended results.

NOTE: Information security policy, risks and opportunities, training, communication and awareness

Observation: New sub-clause added to existing clause 7.2 e) to ensure that competency once attained, is maintained – also removal of Note

e) maintain the necessary competence of persons that affect product and service conformity

Observation: Amendment to NOTES in existing clauses in 8.1 to improve readability and remove guidance considered to be of no added value.

8 Operation

8.1 a. determining the requirements for the products and services including consideration of:

Observation: The bullets now numbered (1-9) and bullet content refined.

8.1 b2 NOTE: According to the nature of the product and depending on the specified requirements, statistical techniques can be used to support product and service acceptance:

Observation: All previous bullets and their content removed.

Clause 8.1.k. (NEW – as a requirement) planning and implementing operations to prevent, detect and mitigate the risk of foreign objects and debris.

NOTE: (ENHANCED) One method to achieve operational planning and control can be through using integrated phased processes.

(ENHANCED – as a requirement) Product and service provision shall be planned and managed in a structured and controlled manner, including scheduled events performed in a planned sequence to meet requirements at acceptable risk, within resource and schedule constraints.

NOTE 1: (ENHANCED – renamed NOTE 1) This activity is generally referred to as project planning, project management, or program management.

NOTE 2: (NEW) One method to achieve operational planning and control can be through the use of a methodology such as Advanced Product Quality Planning (APQP). See Annex B.

Observation: Note changed to requirement in clause 8.1.3 Product Safety to emphasize the importance of Product Safety by adding detailed requirements

8.1.3 Product Safety

The organization shall plan, implement, and control the processes needed to assure product safety during the entire product life cycle, to the extent it would impact the end use of product in service.

Observation: Corresponding NOTE already changed to a requirement, including updated bullet list to identify the detailed requirements –

These processes include, as appropriate:

a.    identification of hazards, including reactive and proactive methods;

b.    analysis, assessment, and control of safety risks associated with identified hazards(see 8.1.1);

c.    identification and management of changes that may impact product safety;

d.    assessment of the effectiveness of safety processes (see 9.1.3 and 10.1);

e.    provision of training on product safety responsibilities to relevant personnel (see 7.2 and 7.3);

f.     communication and awareness of product safety information, including safety-critical information, safety events, and changes to safety procedures, as applicable (see 7.3 and 7.4);

g.    reporting of safety events to the customer, authorities, and type certificate holder in accordance with customer and regulatory requirements.

8.1.4 Prevention of counterfeit parts

The organization shall plan, implement, and control processes, appropriate to the organization and the product, for the prevention of counterfeit or suspect counterfeit part use and their inclusion in product(s) delivered to the customer.

Observation: NOTE replaced by requirement

These processes shall include, as applicable:

a.    training of appropriate persons in the awareness and prevention of counterfeit parts (e.g., personnel involved in procurement, receiving inspection, shipping inspection and material control);

b.    application of a parts obsolescence monitoring program;

c.    controls for acquiring externally provided product from original or authorized manufacturers, authorized distributors, or other approved sources;

d.    requirements for assuring traceability of parts and components to their original or authorized manufacturers;

e.    verification and test methodologies to detect counterfeit parts;

f.     monitoring of counterfeit parts reporting from external sources;

g.    segregation, containment and reporting of suspect or detected counterfeit parts.

Observation: Note changed to requirement in clause 8.3.3 Design and Development Inputs to emphasize the need to consider internal and external information when determining Design and Development inputs

The organization shall consider internal and external information (e.g. production and in-service data, external provider and end-user feedback).

Observation: Amendment to existing clause 8.4.3 to focus the external provider on performance, including the establishment of performance objectives

8.4.3 Information for External Providers

The organization shall ensure the adequacy of requirements prior to their communication to the external provider.

The organization shall communicate to external providers its requirements for:

d) taking corrective action when nonconformity has been identified

e) control and monitoring of the external providers’ performance to be applied by the organization, including performance objectives relating to process, product and service conformity, and on-time delivery performance;

g) ensuring that appropriate control is applied to their direct and sub-tier external providers;

h) flowing down applicable organization and customer requirements to their external providers, including sub-tiers;

Observation: New sub-clause number 8.4.3.2 added to an existing requirement

8.4.3.2 In addition, the organization shall communicate to external providers the following requirements, as applicable:

a)   implement a quality management system;

b)   use customer-designated or approved external providers, including process sources (e.g., special processes);

c)    notify the organization of nonconforming processes, products, or services and obtain approval for their disposition;

d)   design and development control;

e)    prevent the use of counterfeit parts (see 8.1.4);

f)    notify the organization of changes to processes, products, or services, including changes of their external providers or location of manufacture, and obtain the organization’s approval;

g)   flow down to external providers applicable requirements including customer requirements;

h)   provide test specimens for design approval, inspection/verification, investigation, or auditing;

i)     retain documented information, including retention periods and disposition requirements;

Observation: New sub-clause number 8.4.3.3 added to an existing requirement

8.4.3.3 The organization shall retain documented information of the requirements communicated to the external provider allocated.

Reformatted the third sentence in clause 8.4.1, into two bullets to provide clarity with regards to identifying and managing the risks

The organization shall identify and manage the risks associated with

a) the external provision of processes, products and  services and;

b) the selection and use of external providers, including their sub-tiers

Observation: Amendment to existing clause 8.5.1.3 b) to clarify the requirement relating to production capability and capacity

8.5.1.3 Production Process Verification

The organization shall implement production process verification activities to ensure the production process is able to produce products that meet requirements.

Sufficient production to confirm that the process can consistently fulfil requirements at the customer demand rate.

Observation: Amendment to existing clauses 9.2.1 and 9.2.2 to (i) focus the organization on conducting internal process audits to determine effectiveness and control, and (ii) apportion audits within the internal audit program that are focused on product and service conformity

9 Performance evaluation

9.2.1 Previous NOTE replaced by requirements –

Process audits shall be conducted, that include the evaluation of performance indicators to confirm the effective operation and control of the organization’s processes (see 4.4.1 c and 9.1.1).

9.2.2 new bullet added to existing –

g) ensuring risks are included when establishing an audit program

h) include audits relevant to product and service conformity (e.g. production process audits, special process audits).

Observation: Addition to existing clause 9.3.2 to emphasize the importance of Product Safety performance during review by Top Management

9.3.1 General

c.

9. The management review shall be planned and carried out taking into consideration:

9. product safety performance.

Observation: Addition to existing clause 10.2.1 to ensure the key requirements are defined within the nonconformity and corrective action management process

g) flow down corrective action requirements to an external provider when it is determined that the external provider (including their sub-tier) is responsible for the nonconformity;

The organization shall maintain documented information that defines the nonconformity and corrective action management processes, that includes the above requirements.