ISO9001-AS9100

DISCLAIMER

• This document contains unedited notes and has not been formally proofread.
• The information provided in this document is intended to provide a basic understanding of certain technologies.
• Please exercise caution when visiting or downloading from websites mentioned in this document and verify the safety of the website and software.
• Some websites and software may be flagged as malware by antivirus programs.
• The document is not intended to be a comprehensive guide and should not be relied upon as the sole source of information.
• The document is not a substitute for professional advice or expert analysis and should not be used as such.
• The document does not constitute an endorsement or recommendation of any particular technology, product, or service.
• The reader assumes all responsibility for their use of the information contained in this document and any consequences that may arise.
• The author disclaim any liability for any damages or losses that may result from the use of this document or the information contained therein.
• The author reserve the right to update or change the information contained in this document at any time without prior notice.
• Any attempts to perform penetration testing or ethical hacking on systems or networks should be done with the explicit permission of the system/network owner. Unauthorized access is illegal and can result in serious legal consequences.
• It is important to fully understand the scope of the testing and to only test within that scope. Testing outside the agreed upon scope is considered unauthorized and may result in legal action.
• Any findings or vulnerabilities discovered during testing should be reported to the system/network owner immediately and kept confidential until a fix can be implemented.
• It is recommended to use a separate, dedicated testing environment rather than testing on a live production system to minimize the risk of accidentally causing damage or downtime.
• It is important to take steps to protect your own identity and prevent accidental data leaks or exposure of sensitive information during testing.
• It is also recommended to follow a standard code of ethics for ethical hacking and penetration testing.

***********************************************************************************

ISO 9001		AS9100
4          Context of the organization		4          Context of the organization
4.1        Understanding the organization and its context		4.1
4.2        Understanding the needs and expectations of interested parties		4.2
4.3        Determining the scope of the quality management system		4.3
4.4        Quality management system and its processes		4.4     # Documented quality manual
5          Leadership		5          Leadership
5.1        Leadership and commitment		5.1
5.1.1      General		5.1.1
5.1.2      Customer focus		5.1.2
5.2        Policy		5.2
5.2.1      Establishing the quality policy		5.2.1
5.2.2      Communicating the quality policy		5.2.2
5.3        Organizational roles, responsibilities and authorities		5.3     # Management representative required
6          Planning		6          Planning
6.1        Actions to address risks and opportunities		6.1
6.2        Quality objectives and planning to achieve them		6.2
6.3        Planning of changes		6.3
7          Support		7          Support
7.1        Resources		7.1
7.1.1      General		7.1.1
7.1.2      People		7.1.2
7.1.3      Infrastructure		7.1.3
7.1.4      Environment for the operation of processes		7.1.4
7.1.5      Monitoring and measuring resources		7.1.5
7.1.6      Organizational knowledge		7.1.6     # Special Requirements : People's responsible to know what are their contributions to product safety/ services, product safety and their ethical behaviour
7.2        Competence		7.2
7.3        Awareness		7.3
7.4        Communication		7.4
7.5        Documented information		7.5
7.5.1      General		7.5.1
7.5.2      Creating and updating		7.5.2
7.5.3      Control of documented information		7.5.3     # Data protection laws
8           Operation		8           Operation
8.1        Operational planning and control		8.1
Nill		#8.1.1      Operational Risk Management
Nill		#8.1.2      Configuration Management
Nill		#8.1.3      Product safety
Nill		#8.1.4      Prevention of Counterfeit Parts:  Implements control measures to prevent the use of unauthorized or fraudulent parts.
8.2        Requirements for products and services		8.2
8.2.1      Customer communication		8.2.1
8.2.2      Determining the requirements for products and services		8.2.2
8.2.3      Review of the requirements for products and services		8.2.3
8.2.4      Changes to requirements for products and services		8.2.4
8.3        Design and development of products and services		8.3
8.3.1      General		8.3.1
8.3.2      Design and development planning		8.3.2
8.3.3      Design and development inputs		8.3.3
8.3.4      Design and development controls		8.3.4
8.3.5      Design and development outputs		8.3.5
8.3.6      Design and development changes		8.3.6
8.4        Control of externally provided processes, products and services		8.4
8.4.1      General		8.4.1
8.4.2      Type and extent of control		8.4.2      #Verification of externally provided products and services
8.4.3      Information for external providers		8.4.3
8.5        Production and service provision		8.5
8.5.1      Control of production and service provision		8.5.1      #Control of production equipment, tools and software programs #Validation and control of special processes #Production process verification
8.5.2      Identification and traceability		8.5.2
8.5.3      Property belonging to customers or external providers		8.5.3
8.5.4      Preservation		8.5.4
8.5.5      Post-delivery activities		8.5.5
8.5.6      Control of changes		8.5.6
8.6        Release of products and services		8.6
8.7        Control of nonconforming outputs		8.7
9           Performance evaluation		9           Performance evaluation
9.1        Monitoring, measurement, analysis and evaluation		9.1
9.1.1      General		9.1.1
9.1.2      Customer satisfaction		9.1.2
9.1.3      Analysis and evaluation		9.1.3
9.2        Internal audit		9.2
9.3        Management review		9.3
9.3.1      General		9.3.1
9.3.2      Management review inputs		9.3.2
9.3.3      Management review outputs		9.3.3
10        Improvement		10        Improvement
10.1     General		10.1
10.2     Nonconformity and corrective action		10.2
10.3     Continual improvement		10.3

Additional Requirements in AS9100:

• Focus on Safety: Emphasizes risk assessment, mitigation, and control to prevent product-related incidents, especially for "critical items."

• Operational Risk Management: Requires addressing specific risks linked to flight safety and mission success.

• Configuration Management: Ensures strict control over changes to critical items and product conformity.

• Prevention of Counterfeit Parts: Implements measures to prevent the use of unauthorized parts in production.

• Verification of External Providers: Requires stricter verification of outsourced products and services due to their impact on the final product.

• Enhanced Production Controls: Mandates control of production equipment, tools, software, and special processes relevant to safety and quality.

• Data Protection & Ethics: Raises awareness about individual employee contributions to product safety, ethical behavior, and compliance with data protection laws.

Safety Focus:

• Product Safety (8.1.3): Requires risk assessment, mitigation plans, and safety-related controls throughout the product lifecycle.

• Special Requirements (7.1.6, 8.1.3): Emphasizes employee awareness of their contributions to product safety and encourages ethical behavior.

• Prevention of Counterfeit Parts (8.1.4): Implements control measures to prevent the use of unauthorized or fraudulent parts.

• Operational Risk Management (8.1.1):

• Identifies and mitigates potential risks that could impact flight safety, mission success, or product quality.

• Requires documented risk assessments and plans for risk control and mitigation.

• Configuration Management (8.1.2):

• Ensures accurate and consistent identification, documentation, and control of product configuration throughout its lifecycle.

• Manages changes to critical items and configurations to prevent safety hazards.

• Control of Externally Provided Processes, Products and Services (8.4):

• Goes beyond standard verification, requiring deeper evaluation of subcontractors and suppliers due to their impact on final product safety and quality.

• Includes requirements for assessing supplier capabilities, approving them, and conducting ongoing monitoring and audits.

• Enhanced Production Controls (8.5.1):

• Mandates control of production equipment, tools, and software programs used in critical processes, ensuring calibration and suitability.

• Requires validation and control of special processes critical to product safety and quality.

• Management Responsibilities:

• Management Representative (5.3): Appoints a dedicated individual to oversee the QMS implementation and effectiveness.

• Data Protection & Ethics (7.1.6): Raises awareness among employees about their contributions to product safety, ethical behavior, and compliance with data protection laws.