Steps to AS9100 Certification (That Actually Work in the Real World)
For aerospace and defense suppliers, achieving AS9100 certification isn’t just a checkbox, it’s a business requirement. Whether you’re bidding on government contracts or supplying major OEMs, certification under AS9100 demonstrates that your organization can meet the stringent demands of the aerospace industry.
But what does the path to certification really look like?
If you’ve searched online, you’ve probably seen basic lists: “Get management buy-in, perform a gap analysis, train your team, etc.” While these are technically correct, they’re often vague and overlook the day-to-day realities of implementation.
This article breaks down the real steps to AS9100 certification the ones that matter when you’re not just trying to get certified, but actually trying to run a system that works.
AS9100D Requirements: A Practical Guide for Aerospace, Space, and Defense Organizations
Step 1: Understand What AS9100 Really Requires
AS9100 is built on ISO 9001, but it adds critical aerospace-specific requirements like product safety, risk-based thinking, counterfeit part prevention, configuration management, and traceability.
Reading the standard is essential, but don’t stop there. You’ll need to understand how each clause affects your actual workflows. For example:
- Do you have a reliable way to verify incoming parts and materials?
- Are inspection tools calibrated, tracked, and documented?
- Can you prove conformance to drawing requirements during an audit?
This isn’t just about paperwork—it’s about process control, part verification, and traceability from start to finish.
AS9100D, the latest revision of the internationally recognized aerospace quality management standard, is built on the ISO 9001:2015 framework but adds sector-specific requirements for aviation, space, and defense. It ensures organizations deliver safe, reliable products and services while meeting customer, regulatory, and industry expectations. Understanding what this standard demands is the first step toward achieving certification and maintaining long-term compliance.
The standard is organized into ten clauses. The first three provide context and definitions, while the remaining seven contain the actual requirements your organization must implement to meet AS9100D.
Clause 4 – Context of the Organization
This is where the requirements begin. Organizations must define the scope of their quality management system, identify interested parties, and assess internal and external factors that influence performance. You’ll also need to determine process interactions and establish a clear approach to addressing risks and opportunities.
Clause 5 – Leadership
Leadership is expected to be actively engaged in the quality management system. This means setting a clear quality policy, assigning roles and responsibilities, and ensuring the organization’s strategic direction aligns with customer and regulatory requirements. Demonstrating commitment goes beyond issuing directives—it must be reflected in resource allocation and everyday decision-making.
Clause 6 – Planning
Planning focuses on identifying risks and opportunities, setting measurable quality objectives, and preparing for changes in a controlled manner. Risk-based thinking is a thread that runs through the entire standard, but it becomes most explicit here, guiding how organizations prepare for challenges before they impact performance.
Clause 7 – Support
Support addresses the resources that make your QMS work, from facilities and infrastructure to employee competence and communication systems. It also governs documented information—ensuring that records are maintained, secure, and readily accessible. This clause reinforces that quality is sustained through the right people, tools, and documentation.
Clause 8 – Operation
Operation is the most detailed section. It covers design and development, supplier management, production, service delivery, and control of nonconforming outputs. Aerospace-specific elements—such as configuration management and counterfeit part prevention—are included here to address the industry’s heightened safety and reliability demands.
Clause 9 – Performance Evaluation
Organizations must monitor and measure performance, gather customer feedback, conduct internal audits, and hold management reviews. The focus is on making data-driven decisions to improve efficiency and quality. This clause ensures the QMS is not just maintained but continuously evaluated for effectiveness.
Clause 10 – Improvement
Improvement requires a proactive approach to enhancing performance. This means identifying and correcting nonconformities, preventing recurrence, and pursuing continual improvement. In an industry where risks are high, this clause ensures that lessons learned become permanent safeguards.
Step 2: Conduct a Real Gap Assessment
A true gap assessment isn’t just filling out a checklist. It’s about understanding where your current processes fall short of the standard and what it will take to close those gaps.
For example:
- If you don’t have a documented risk analysis process tied to production or procurement, that’s a gap.
- If your inspection records don’t show who checked what, when, and to what spec, it’s a problem.
- If there’s no clear sequence for document control or approval workflows, you’ll struggle during the audit.
Your assessment should result in a prioritized action plan and not just a file full of red Xs.
Step 3: Build the System Around the Work (Not the Other Way Around)
This is where many companies go wrong. They write procedures to “look good” on paper, not to support actual operations. Then those same procedures are ignored by the team and called out in audits.
Good documentation reflects how your team really works:
- If you inspect to drawing spec and log it in Excel, your procedure should say that.
- If you use software to assign work orders or track NCRs, build that into your process map.
- If your lead technician signs off final acceptance, make it part of the control plan.
Auditors don’t want perfection. They want consistency and evidence that your system is used, not staged.
Step 4: Train, Apply, and Collect Evidence
AS9100 expects training to be more than a checkbox. Your team should understand their role in the QMS and how their actions tie to product quality, customer satisfaction, and regulatory compliance.
At the same time, you’ll need to start collecting objective evidence:
- Records of inspections, calibrations, and nonconformities
- Training logs and internal communication
- Documented corrective actions and management review notes
Evidence wins audits. And if you inspect or assemble to spec, you need the paper trail to prove it.
Step 5: Perform Internal Audits and Management Reviews
Before scheduling your certification audit, your system must be fully operational. That means:
- You’ve completed at least one full cycle of internal audits
- You’ve held a documented management review meeting
- You’ve addressed any findings or nonconformities
Your internal audit should go beyond “spot checks.” It should examine whether your system aligns with the standard and actually works in practice.
Management review isn’t just a formality. It’s where leadership assesses whether the QMS is driving results, resolving risks, and enabling the business to grow.
Step 6: Choose a Certification Body and Schedule the Audit
At this point, you’re ready to engage a third-party registrar. Choose a certification body accredited by an aerospace-recognized body (like ANAB) and make sure they understand your size, scope, and operational complexity.
The certification process usually includes:
- Stage 1 Audit: Documentation review and readiness check
- Stage 2 Audit: Full system audit with records sampling, interviews, and process walk-throughs
If successful, you’ll receive your AS9100 certificate which is valid for three years, with annual surveillance audits to maintain compliance.
Final Thoughts: You Don’t Need a Starter Kit. You Need a System.
Most AS9100 starter kits offer templates and slides. But in real-world operations, especially where parts, equipment, and assemblies must meet spec and compliance needs more than documents.
You need a system that:
- Reflects your actual work environment
- Helps you inspect and trace to specification
- Stands up to auditor scrutiny
- Supports business performance, not just certification
That’s exactly why we created the AssessmentDrive® – to support organizations that are serious about building a system, not just passing an audit.
It’s built for teams that inspect to spec, deliver to contract, and want a QMS that actually works.
Ronnie Lee Roberts II has worked in the Department of Defense (DoD) quality space since 2017, supporting programs at Patuxent River and Webster Field (NAWCAD/NAVAIR). He has worked as a certified AS9100:2016 Rev D Lead Auditor (2022-2025), ISO/IEC 20000-1:2018 Lead Auditor (TPECS [2023]), and a Certified CMMI® Associate (2025) with experience supporting CMMI-DEV Level 3 environments. His expertise spans technical writing, document control, CAD design, logistics management, and quality control. Ronnie specializes in inspecting to specification, ensuring contract compliance, and preparing teams for success in high-stakes, audit-ready environments.
