Exploring the Impact of IA9101 and IA9104 on Your AS9100 Certification

The IAQG (International Aerospace Quality Group) Standard Development Organization is in the process of overhauling AS9101 and AS9104, the standards that all Certification Bodies (CBs) and Auditors must follow when conducting AS9100 audits. 

The goal of this update is to clarify the requirements for certification programs and how auditors conduct and report audits. The changes have been approved and the documents are currently in the translation phase. Once released, all CBs will transition to the new standards at the same time. The timeline for this transition is still being discussed. 

The updated standards will carry the new prefix IA (International Aerospace), replacing the sector-related prefixes currently in use, such as AS, JIS Q or SJAC, and EN. 

These changes will have a direct impact on how CBs conduct audits, but also—indirectly—on audited aerospace organizations. In this article we’ll provide an overview of the changes and how they affect you.

IA9101 and IA9104/1 define the rules that CBs and auditors must follow when offering and conducting AS9100 audits for aviation, space, and defense Quality Management Systems (QMS):

• IA9101: provides the requirements for conducting audits, such as reporting findings and managing nonconformities.
• IA9104/1: establishes rules for operating audit programs and maintaining oversight of auditing activities.

“Those two documents alone constitute most of what we, as a CB, are held accountable to when we’re assessed by our accreditation groups,” says NSF Aerospace Scheme Technical Manager, Amanda Brown.

In fact, IA9104/1 is part of a series of standards commonly known as the ‘Trilogy’, together with IA9104/2 (requirements for oversight of aviation, space, and defense QMS programs) and IA9104/3 (requirements for auditor training, development, competence and authentication), which were also updated.

Risk-based approach to purchasing processes

According to the current requirement, every year auditors need to look at the purchasing process(es) of organizations. The new document will adopt a risk-based approach and include this requirement in the surveillance sampling like any other process. “The annual audit of purchasing was necessary at the time the standards were architected, due to the risk this process held. After the update, auditors will look at purchasing as one of the processes driving the organization’s risk and won’t be required to audit it every year. This change is an excellent example of how the industry monitors and adapts using risk-based thinking,” says Brown.

Simplified forms

The most significant change was for Form 1, which is the stage 1 audit report and the fact-finding mission associated with initial certification. “The current Form 1 compels auditors to spend a lot of time filling out a piece of paper and writing down evidence associated with all the individual clauses. The new method allows for a higher-level review with the opportunity to dig in deep in areas where the client’s risks are,” says Brown.

More clarity on NCR timelines and terminology

The Non-Conformity Report (NCR) is the document used to identify and record instances where a process, product, or system does not meet requirements or standards. The new rules enhance clarity regarding procedures for containment (the immediate actions taken to control and limit the impact of nonconformities) and repeat nonconformities, with a more definitive timeline for action and more severe consequences for inaction.

Wider appetite for ICT auditing

Once transitioned, CBs will be able to conduct up to 50% of an audit remotely using information and communication technology (ICT). Instances when ICT can be applied will include stage 1 audits, transfer audits (when a company moves to a different CB), or instances when an organization operates in a digital environment from remote locations. “Organizations are setting up their businesses differently now. Many have remote and hybrid work models and therefore larger parts of an audit can be completed using ICT. We don’t need to be on-site to stare at a screen when we can do that from the comfort of our own office,” says Brown. When an organization cannot facilitate an ICT-based audit, the audit will still occur in person at the client’s site.

Risk-based approach to auditing

A new tool called OCAP (Organization Certification Analysis Process) will be used to analyze the risk profile of each organization to determine appropriate audit duration and focus areas. This process requires organizations to provide relevant information before audits begin and throughout the certification cycle. The OCAP tool is being built into the OASIS database.

Single reporting for integrated audits

Currently, when an organization has an integrated management system that combines two or more Aerospace Quality Management Systems (AQMS) Standards (e.g., 9100 with 9110 or 9100 with 9120), auditors have to create two separate reports, even though they’re auditing the client’s amalgamated system just once. The new approach will push for a singular audit to be created within the OASIS database and streamline the information collected for it.

Simplified site structure options

With the current rule, there is a single-site option and four options for non-single sites (multi-site, campus, several, and complex). The new rules will only have three options: single, campus and multi-site. 

Mandatory calculation of audit time for reporting and planning

Under the current rule, AQMS audits are calculated for the “audit duration”, or the time spent auditing, with no audit reporting included. Each CB then adds whatever they need to for planning and reporting, knowing that those are not part of audit duration. To create a level playing field, the future rules will include a standard calculation for reporting and planning, so that all audit time will be made up of audit duration, plus reporting and planning time. The new method mandates a minimum of 20% increase to the duration to arrive at total audit time.

More mandated integrations with intended applications of the standards

The 9100, 9110, and 9120 documents have intended applications:

• 9100 is for any service or manufacturing organization.
• 9110 is for those doing maintenance, repair, and overhaul.
• 9120 is for the distribution of items that an organization is not the manufacturer of.

However, until now, a 9100 certificate could also be issued to a distributor or a certificated repair station, if that was the organization’s preference. In the future, organizations will have to align more closely with the intended applications of these standards and supplement their existing AQMS with the requirements tied to the nature of their work. This is impactful on many levels, but there is a caveat that permits an organization to operate per customer requirement, so they may be able to continue operating a 9100-based distribution organization IF their customer has mandated this to be the standard of choice.

Longer audits for integrated AQMSs

Currently, for integrated AQMS organizations, minimum audit duration (time spent auditing) is calculated by taking the duration of the “primary” standard and adding a 15% minimum (rounded up to the nearest 0.5 day) for each additional standard. Under the future rules, the durations will be calculated for all applicable standards and the highest number will be used as the foundation. For each additional standard, the minimum increase goes from 15%+ to 50%. “Because the need of integrated audits has increased and these audits carry an inherently higher level of complexity and possibly risk, audit durations are going up to ensure auditors have the time needed to conduct an effective audit. This change will need to be taken into consideration when budgeting for future audits,” says Brown. Clearer entry criteria for Performance-based Surveillance and Recertification Program (PBS/RP). The PBS/RP is an option to reward those doing an exceptional job of holding themselves accountable by reducing the oversight required through CB audit activity. This reduction can be in the range of 50% annually, but the cost of doing what is necessary can often outweigh the savings of the audit. “While it may not appeal to everyone, those dedicated to implementing a high-performing and effective management system can use PBS/RP as a way to see some financial reward in return for their commitment,” says Brown.

Here is how your organization may be impacted by these changes:

• Contract structure. If you're a single site, you probably won’t see a lot of changes. If you have more than one site, we’ll have to review your records and determine if we will need to re-quote.
• Audit time. That may increase. It depends on your current structure and size of the organization.
• Conversion of contractually flowed AS standards. If your customer contracts require different 91xx standards, you will have to provide a full list of those, which will then be converted into IA standards. That will have an impact on audit duration.
• Integrated audit readiness. As Brown explains, you may have to add new 91XX standards: “If, for example, you are a repair station or a design shop that has a distribution arm as well, and you’re operating under a 9100, you may want to prepare for adding 9110 or 9120 to your certificates.”
• More documentation required. Prior to initial, surveillance and recertification audits, organizations will have to submit additional documentation that CBs will use to determine the organization’s risk and complexity and audit duration.

Alongside these updates, the IAQG launched OASIS Insights in April 2025. Insights is a benchmarking tool that transforms AS9100 audit outcomes into actionable intelligence. After each audit, certified organizations automatically receive a report showing how they rank against (anonymized) peer groups of similar size and structure. This report will be uploaded to your audit file a couple of days after the audit is published.  Anyone with level 2 access to your organization will be able to view these reports.

As the aerospace industry prepares for the transition to these updated standards, NSF is committed to keeping clients informed, supporting them through the process. “Although many details about the new auditing standards are still unclear, I believe it’s important to inform our customers as early as possible of the impact,” says Brown. “Our pledge as a company is to make sure that we serve as the mouthpiece between the industry updates and the certified organizations and those looking to become certified in the future, so they can stay informed.”