What Is AS9100? The Aerospace & Defense Quality Management Guide

AS9100 is the quality management system standard developed for the aerospace, space, and defense industry. Published by the International Aerospace Quality Group (IAQG), it builds on ISO 9001 and adds industry-specific requirements such as end-to-end traceability, configuration management, risk analysis (FMEA), counterfeit part prevention, and First Article Inspection (FAI / AS9102). This guide explains what AS9100 requires, how it differs from ISO 9001, and how that workload is managed with a defense industry ERP.

Global aerospace and defense supply chains are expanding, and the number of small and mid-sized manufacturers supplying prime contractors is growing with them. But entering this ecosystem requires an invisible ticket: an AS9100 quality management system certificate. Most tenders and supplier agreements define this certification as a prerequisite, making it the entry threshold for any manufacturer aiming to win aerospace and defense contracts.

What Is AS9100?

AS9100 is a quality management system standard developed by the International Aerospace Quality Group (IAQG) for the aerospace, space, and defense (A&D) sector. It encompasses all requirements of ISO 9001 and adds clauses that address the industry’s demand for “near-zero defects.” First published in 1999, the current version is the 2016 revision (AS9100D). It corresponds to EN 9100 in Europe and JISQ 9100 in the Asia-Pacific region, all sharing the same content.

The standard is divided into three codes:

• AS9100: For organizations that design and manufacture products.
• AS9110: For maintenance, repair, and overhaul (MRO) organizations.
• AS9120: For distributors and stockist organizations.

What Is the Difference Between AS9100 and ISO 9001?

ISO 9001 is open to all sectors and voluntary; AS9100 is specific to aerospace and defense and is usually mandated by the customer. AS9100 retains the 10-clause structure of ISO 9001 and adds roughly 100 additional requirements on top. The most critical differences are:

Criterion	ISO 9001	AS9100
Scope	All sectors	Aerospace, space, defense
Obligation	Voluntary	Usually mandated by customer
Traceability	General level	Part / lot / serial level, end-to-end
Risk management	Recommended	Mandatory (including FMEA)
Configuration management	None	Mandatory
Counterfeit part prevention	None	Mandatory
First Article Inspection (FAI)	None	Mandatory (AS9102)
Product safety	General	Mandatory as a separate clause

What Are the Core Requirements of AS9100?

The main operational obligations AS9100 adds to ISO 9001 directly shape the daily workload of the quality team. The standard requires verifiable records at every stage of the product, from design to shipment. The six items below are the requirements most frequently audited and form the backbone of a quality management system:

1. End-to-end traceability: Recording which raw material lot, machine, operator, and work order each part was produced from.
2. Configuration management: Controlling which revision and bill of materials (BOM) a product was built with; managing engineering changes (ECN/ECO).
3. Risk management (FMEA): Performing Failure Mode and Effects Analysis, calculating the Risk Priority Number (RPN), and planning preventive actions.
4. Counterfeit part prevention: Certificate verification and origin tracking that prevent unapproved or counterfeit components from entering the supply chain.
5. First Article Inspection (FAI): Documenting the first part’s conformity to all specifications in the AS9102 format before serial production.
6. Measurement equipment calibration: Periodic calibration of gauges and measuring devices and tracking certificate validity.

Summary: The real challenge of AS9100 is not obtaining the certificate but maintaining it. Every time a technical drawing is revised, the control plan must be updated, the traceability chain must not break during shipment, and measurements must not be taken with an out-of-calibration gauge. Keeping these records in spreadsheets and shared folders increases the risk of nonconformity during surveillance audits.

How Is an AS9100 Certificate Obtained?

An AS9100 certificate is issued after a two-stage audit by an accredited certification body and typically takes 6-12 months including preparation. The certificate is valid for three years and is maintained through annual surveillance audits. The general flow consists of six steps:

1. Gap analysis: Identifying where the current quality system falls short of AS9100 requirements.
2. Documentation: Creating procedures, control plans, FMEA, and configuration records.
3. Implementation: Running the processes on the shop floor and accumulating records as objective evidence.
4. Internal audit and management review: Closing nonconformities through internal audit and management review before certification.
5. Certification audit: Stage 1 (document review) and Stage 2 (on-site audit) by the accredited body.
6. Surveillance audits: Maintaining the certificate with annual audits and recertification every three years.

How Is the AS9100 Documentation Workload Managed with ERP?

Managing AS9100 requirements with spreadsheets and shared folders means a traceability chain that breaks with every revision and documents that cannot be found during audits. A defense industry ERP keeps these records audit-ready by tying them to real production data.

HarmonyERP meets AS9100 requirements with the following concrete capabilities:

• Serial/lot traceability: The history of every part, from raw material to finished product, is visible in a single query; when a recall is needed, the affected serial numbers are listed within minutes.
• Configuration management and ECN/ECO: SolidWorks technical drawings and bills of materials are transferred to the ERP; engineering changes flow automatically into the BOM, and production with an obsolete revision is blocked.
• FMEA and RPN: Failure mode and effects analyses are managed digitally, the risk priority number is calculated, and preventive actions are tracked.
• CAPA / 8D: Nonconformity forms and root cause analyses are opened and closed systematically.
• Calibration tracking: Automatic alerts are generated for measurement equipment approaching its calibration date.

HarmonyERP’s quality management module keeps all of these records in sync with production data, so any document the auditor requests is not searched for in a separate archive but reported instantly from real data. For data confidentiality in defense projects, HarmonyERP runs on-premise on your own servers and, when required, in air-gapped environments.

Common Mistakes in AS9100 Compliance

1. Obtaining the certificate but not maintaining the system. AS9100 is obtained once but maintained through annual surveillance audits; if records are not kept current, the certificate can be suspended.
2. Neglecting configuration control. Continuing production with an old revision after a drawing is revised is the most common major nonconformity in AS9100.
3. Thinking of traceability only at shipment. Traceability begins at raw material receipt; it cannot be built retroactively at the end of the process.
4. Not following the calibration schedule. A measurement taken with an out-of-date gauge invalidates all related inspection records.
5. Doing FMEA once and shelving it. Risk analysis is a living document updated every time the process changes.

Frequently Asked Questions

What is a defense industry ERP?

A defense industry ERP is enterprise resource planning software developed for aerospace and defense manufacturers that require compliance with strict quality standards such as AS9100 and ISO 9001, lot/serial-level end-to-end traceability, and project-based costing. It unifies production, quality, procurement, and audit processes on a single secure platform. HarmonyERP meets these needs with an on-premise architecture and an integrated quality management module.

Is an AS9100 certificate mandatory?

AS9100 is not legally mandatory; however, it is a prerequisite that aerospace and defense prime contractors require from their suppliers. Without the certificate, entering most tenders and approved supplier lists is not possible. For this reason, it is effectively mandatory for manufacturers aiming to join the defense supply chain.

What is the difference between AS9100 and ISO 9001?

ISO 9001 is a voluntary quality standard open to all sectors. AS9100 is a standard specific to aerospace and defense that builds on ISO 9001; it includes roughly 100 additional requirements such as traceability, configuration management, FMEA, counterfeit part prevention, and First Article Inspection (FAI).

What is the difference between AS9100 and IATF 16949?

Both are ISO 9001-based sectoral quality standards. AS9100 was developed for aerospace and defense, while IATF 16949 was developed for automotive. Since both include advanced requirements such as traceability, FMEA, and configuration control, they are supported by a similar quality infrastructure on the ERP side.

How long is an AS9100 certificate valid?

An AS9100 certificate is valid for three years from its issue date. A surveillance audit is conducted each year during this period; at the end of three years it is renewed through a recertification audit. If records are not kept current, the certificate can be suspended or withdrawn.

How does HarmonyERP help with AS9100 audit preparation?

HarmonyERP keeps traceability records, FMEA analyses, control plans, CAPA (8D) processes, and calibration data on a single platform tied to real production data. As a result, the documents an auditor requests are not searched for in a separate archive but reported instantly, shortening audit preparation time.

Conclusion

AS9100 is the fundamental quality requirement for entering the aerospace and defense supply chain, imposing obligations beyond ISO 9001 such as traceability, configuration management, FMEA, and counterfeit part prevention. The real difficulty of the certificate is not obtaining it but maintaining it by keeping records current and audit-ready through every revision. With manual methods this workload is error-prone; with an ERP system, traceability, quality, and configuration records stay automatically in sync with real production data.

HarmonyERP’s quality management module runs the traceability, FMEA, CAPA, and calibration processes AS9100 requires on a single platform. With 20+ years of enterprise software experience, we help aerospace and defense manufacturers set up their quality processes in an audit-ready way. To discuss our defense-specific solution, get in touch with us.

Related guides: Defense Industry ERP Solution · Quality Management Module · HarmonyERP Overview