What Is NATO AQAP? AQAP-2110 Requirements and Defense Audit Preparation
What is NATO AQAP, and what does AQAP-2110 require? The difference from ISO 9001, GQAR verification, and preparing for defense audits with an ERP.
NATO AQAP (Allied Quality Assurance Publications) are the allied quality assurance publications developed by NATO for defense suppliers. The most widely used is AQAP-2110; it builds on ISO 9001 and adds defense-specific NATO requirements on top. For suppliers involved in design, development, and production, it imposes requirements beyond ISO 9001 in areas such as risk management, traceability, configuration management, and counterfeit part prevention. It is often mandatory for manufacturers wishing to participate in NATO and allied countries’ defense tenders.
As the defense industry integrates into the NATO supply chain, the AQAP certificate is becoming an increasingly critical threshold for SMEs supplying prime contractors. Yet reliable resources on the subject are scarce. This guide explains what AQAP is, what requirements AQAP-2110 includes, how it differs from ISO 9001, and how to prepare for defense audits with an ERP.
What Is AQAP?
AQAP (Allied Quality Assurance Publications) is a family of standards developed by NATO to harmonize defense quality requirements among member countries and their suppliers. The goal is to ensure that different NATO countries speak a common and reliable quality language in defense procurement.
AQAP is not a single document but a family. The main publications are:
- AQAP-2110: General quality assurance requirements for suppliers involved in design, development, and production (the most common).
- AQAP-2105: Requirements for a contract-specific deliverable quality plan.
- AQAP-2131: Requirements for final inspection and tests.
- AQAP-2210: Additional software-specific quality assurance requirements.
- AQAP-2310: Requirements (based on EN 9100) for complex projects in aerospace, space, and defense.
The mutual recognition of these publications is ensured among NATO countries under the STANAG 4107 agreement.
What Is AQAP-2110 and What Requirements Does It Include?
AQAP-2110 contains the requirements NATO defines for the quality management system of suppliers providing defense products and services. Its structure consists of two layers: all requirements of ISO 9001:2015 (general QMS requirements) and the NATO-specific additional requirements added on top.
The main requirements AQAP-2110 adds to ISO 9001 are:
- Risk management: Assessment and mitigation of risks related to military contract performance, product safety, and supply chain reliability.
- Traceability: A strict traceability requirement for all components and materials.
- Configuration management: Configuration control based on ACMP 2100 contractual requirements.
- Counterfeit part prevention: Processes that prevent counterfeit/unapproved parts from entering the supply chain.
- Product assurance: Proof that the product is not only functional but also reliable and maintainable in the field.
- GQAR access: The ability of the Government Quality Assurance Representative (GQAR) to perform verification at the supplier’s facilities.
What Is the Difference Between AQAP-2110 and ISO 9001?
AQAP-2110 does not replace ISO 9001; it encompasses and extends it. The most critical difference is that AQAP-2110 introduces government/customer verification and a defense-specific risk focus.
| Criterion | ISO 9001 | AQAP-2110 |
|---|---|---|
| Scope | All sectors | Defense suppliers |
| Basis | Standalone standard | ISO 9001 + NATO additions |
| Government verification (GQAR) | None | Yes |
| Risk management | General | Defense-specific, mandatory |
| Counterfeit part prevention | None | Mandatory |
| Prerequisite | None | ISO 9001 certificate required |
Summary: An AQAP-2110 certificate cannot be obtained without an ISO 9001 certificate; the supplier must either already hold ISO 9001 or be certified to both simultaneously. The real difference of AQAP-2110 is that quality is verified not only by the supplier but also by a government representative (GQAR). This adds a layer of confidence beyond ISO 9001 in defense procurement.
Who Needs an AQAP Certificate?
An AQAP-2110 certificate is required for organizations wishing to participate in the Ministry of Defense tenders of NATO or allied countries. In many countries, defense ministries adopt a policy of prioritizing AQAP-certified suppliers. The certificate is particularly important for:
- Manufacturers involved in the design, development, and production of defense products
- SMEs supplying parts and subsystems to prime contractors (such as ASELSAN, TUSAŞ, ROKETSAN)
- Defense suppliers providing engineering, IT, cybersecurity, and logistics services
For an SME wishing to enter the defense supply chain, AQAP-2110, together with ISO 9001 and often AS9100, is a fundamental indicator of qualification.
How to Prepare for Defense Audits with an ERP?
The risk management, traceability, configuration management, and counterfeit part prevention requirements AQAP-2110 introduces create serious difficulty in an audit when managed with scattered documents. When a GQAR performs a verification, every requested record must be presentable instantly and consistently. A defense industry ERP keeps these requirements audit-ready by tying them to real production data.
HarmonyERP’s quality management module supports AQAP-2110 audit preparation with the following capabilities:
- Risk management (FMEA): Analyze contract and product risks and track preventive actions.
- End-to-end traceability: Track all components and materials by serial/lot and report instantly during GQAR verification.
- Configuration management: Keep configuration under control with a revision-controlled bill of materials and ECN/ECO processes.
- Calibration tracking: Monitor the calibration of measurement equipment (in an ISO 10012-compliant manner).
- CAPA and quality records: Keep nonconformity, root cause, and corrective action records audit-ready.
These capabilities form the very backbone of the requirements AQAP-2110 adds on top of ISO 9001; this way, the audit becomes the reporting of existing data rather than a scramble to find documents.
Common Mistakes in AQAP Audit Preparation
- Skipping ISO 9001. AQAP-2110 cannot be obtained without ISO 9001; a prior or simultaneous ISO 9001 certificate is essential.
- Reducing risk management to a formality. AQAP requires concrete, defense-specific risk assessment; a generic risk table is not enough.
- Leaving the traceability chain incomplete. Counterfeit part prevention and traceability are the most frequently audited areas of AQAP.
- Not planning for GQAR access. For the government representative to perform verification, records must be accessible and organized.
- Neglecting configuration control. If ACMP 2100-based configuration management is missing, a major nonconformity arises in the audit.
Frequently Asked Questions
What is AQAP?
AQAP (Allied Quality Assurance Publications) are the allied quality assurance publications developed by NATO for defense suppliers. The goal is to harmonize defense quality requirements among NATO member countries and their suppliers. The most widely used publication is AQAP-2110, prepared for design-development-production suppliers.
What is the difference between AQAP-2110 and ISO 9001?
AQAP-2110 includes all requirements of ISO 9001 and adds defense-specific NATO requirements on top. The most critical differences are defense-specific risk management, strict traceability, configuration management, counterfeit part prevention, and verification by a government representative (GQAR). AQAP-2110 cannot be obtained without an ISO 9001 certificate.
Is ISO 9001 required to obtain an AQAP certificate?
Yes. To obtain an AQAP-2110 certificate, an organization must either already hold an ISO 9001 certificate or be certified to both standards simultaneously. Because AQAP-2110 builds on and extends ISO 9001, it cannot be certified independently.
Who needs an AQAP certificate?
AQAP-2110 is required for organizations wishing to participate in the Ministry of Defense tenders of NATO or allied countries. It is an important qualification indicator for companies that design, develop, or produce defense products and for SMEs supplying parts and services to prime contractors. Many countries prioritize AQAP-certified suppliers.
How does HarmonyERP help with AQAP audit preparation?
HarmonyERP keeps risk management (FMEA), end-to-end traceability, configuration management, calibration tracking, and CAPA records on a single platform tied to real production data. This forms the backbone of the requirements AQAP-2110 adds on top of ISO 9001. During GQAR verification, requested records are not searched for in a separate archive but reported instantly.
Conclusion
NATO AQAP is a family of standards that provides a common quality language in defense procurement; its most widely used publication, AQAP-2110, adds defense-specific risk management, traceability, configuration management, and counterfeit part prevention requirements to the ISO 9001 base. It is often mandatory for manufacturers supplying prime contractors who wish to enter the defense tenders of NATO and allied countries. The certificate cannot be obtained without ISO 9001 and includes government representative (GQAR) verification, which makes traceability and record organization critical.
HarmonyERP’s quality management module runs the risk management, traceability, configuration, and calibration processes AQAP-2110 requires on a single platform. With 20+ years of enterprise software experience, we help aerospace and defense manufacturers build a quality infrastructure ready for NATO audits. To see our defense-specific solution live, request a free demo.
Related guides: Defense Industry ERP Solution · Quality Management Module · What Is AS9100?
Related Posts
All in Quality →Transform Your Business with HarmonyERP
Manage manufacturing, accounting, inventory and sales from a single platform. Request a demo and see the difference.