Aerospace will see a change in 2026 when AS 9100 comes as the revised and renamed standard IA9100 in 2026. The International Aerospace Quality Group (IAQG) has been coordinating the next revision to align with the ISO 9001 update cycle, and industry communications increasingly describe a staged approach.
The updated ISO 9001 version is expected to be published this year (2026), toward September–October. That timing is important because AS9100 updated as IA9100 is expected toward the same time. This is because IA 9100 will continue to be typically providing sector-specific requirements latched to the ISO 9001 structure. And a consistent signal from ISO 9001 revision commentary is stronger emphasis on quality culture and ethical conduct, with greater expectations from leadership and their involvement. Even where the ISO changes are described as editorial clarifications, the interpretation by organizations, auditors and customers tends to be that culture and ethics must be demonstrated through governance and day-to-day decisions.
Looking at the 2026 version some of the changes on a clause-by-clause basis that organizations, auditors can expect are toward effective implementation proved by actual actions and results:
- 5.1 Leadership and commitment (especially how leadership drives culture and accountability).
- 5.2 Policy (is it lived or framed?).
- 9.3 Management review (outputs that change the system, not just minutes).
Supply chain resilience becomes a priority and a first-class audit theme. The ISO 9001 revision discourse also highlights supply chain disruption and resilience more directly. In aerospace, resilience is inseparable from product safety, counterfeit avoidance, special process control, and traceability. Therefore, what auditors should look for is, risk-tiered supplier controls that change inspection strategy, verification depth, and containment plans. Disruption playbooks, realistic scenario drills (material shortage, special process capacity collapse, cyber event at a supplier, geopolitical shipping impact). And the flow down effectiveness to see if customer/statutory requirements and key characteristics are properly transmitted and verified? These clauses are relevant:
- 8.4 Control of externally provided processes, products and services (supplier selection, monitoring, re-evaluation).
- 6.1 Actions to address risks and opportunities (supplier and continuity risks).
- 8.1 Operational planning and control (contingency thinking in operational control).
Counterfeit part prevention stays central for organizations and auditors will probe end-to-end traceability. Counterfeit prevention is already explicit in AS9100 Rev D operational controls, including planning and control for prevention of counterfeit or suspect counterfeit part use. In practice, many systems still over-rely on training and “approved supplier” lists while leaving gaps in distribution channels and returns/repairs. The changes relate to what auditors should look for (beyond training records) are authenticated sourcing and purchasing controls, traceability depth sufficient for risk and part criticality. Also, controls for suspect parts (segregation, reporting, disposition, customer notification where needed) and receiving verification strategy linked to supplier risk and history. This would mean looking at these clauses:
- 8.1 Operational planning and control (where counterfeit prevention is implemented in practice).
- 8.4 Supplier control (distribution risk, broker controls).
- 8.7 Control of nonconforming outputs (suspect parts containment and disposition).
The risk-based thinking matures in the revised standard and auditors must separate “risk lists” from risk-managed operations. A common failure mode today is a static risk register that doesn’t change controls. The ISO revision commentary continues to reinforce clearer expectations around risk, resilience, and communication of contingency-related topics. This would see risk changing the plan in terms of inspection, verification, staffing, supplier strategy, buffers, first-article strategy, special process oversight. Also, risk competence in terms of consistent criteria and decision rights. Corrective action feedback would be checked to see if major issues trigger updated controls and re-assessed risk? Therefore:
- 6.1 Actions to address risks and opportunities.
- 8.1 Operational planning and control.
- 10.2 Nonconformity and corrective action.
For human factors and “work environment” evidence becomes more specific (and more observable). Aerospace escapes are frequently human-system failures. AS9100 already expects organizations to determine and manage the work environment, including human/physical factors. In a revision climate emphasizing culture and effectiveness organizations will be expected to implement reality and link it to control design. Auditors will be required to observe these and audit them. This would mean looking for error-likely conditions (interrupt-driven work, ambiguous WI’s (work instructions), rework loops, poor 5S/tooling discipline) and competence effectiveness (can the operator explain critical steps and acceptance criteria?) as also, shift handover integrity for critical operations. The clauses applicable would be:
- 7.1.4 Environment for the operation of processes.
- 7.2 Competence / 7.3 Awareness.
- 8.5 Production and service provision (work instruction use, verification, tooling)
Another trend likely to be seen in IA9100 would be digitalization and data integrity becoming audit-critical, not “nice to have”. ISO 9001 revision commentary highlights digitalization and modern data-driven management. Aerospace auditors should therefore elevate scrutiny of digital records, e-signatures, MES/ERP traceability, (Manufacturing Execution System and ERP – Enterprise Resource Planning, traceability refers to the integrated digital record that tracks a part, from its raw material origin through every production step to final delivery) and automated test systems, and data transformations used for decision-making. Therefore, aerospace organizations should look for data integrity controls, access, versioning, audit trails, backups, retention and bypass risk to see can the required workflow steps be overridden without controlled authorization. Dashboard traceability to see from source system to transformation to metric to decision to action and finally to the result:
- 7.5 Documented information (control of digital records).
- 9.1 Monitoring, measurement, analysis and evaluation (validity of metrics).
- 8.1 / 8.5 Operational control (system-enforced steps, automated verification).
Aerospace auditors in 2026 would therefore see an audit approach that fits the revision trends to audit “transition readiness” as a controlled process. Even before formal adoption dates, many organizations may consider starting aligning language and practices to see if they have a controlled gap assessment method, a revision/transition plan with owners and milestones, controlled internal communications and competence updates and disciplined change control over procedures and process controls. The clause anchors for this are:
- 3 Planning of changes.
- 5 documented information.
- 2 internal audit.
- 3 management review.
For the go process-first organizations will follow each product and follow the risk. The auditors will check this by picking one high-impact product line or program and trace it from contract/design planning to purchasing leading to production then verification and release as also post-delivery feedback. Sample at least one change event (supplier change, drawing revision, special process change, escape). The relevant clauses to do this would be:
- 4 process approach.
- 1–8.7 operations.
- 2 corrective action.
Elevation of effectiveness tests in 2026 would require audit conclusions to increasingly hinge on whether the system produces fewer escapes and less recurrence, faster detection and containment and pinpoints decisions that visibly reflect risk and culture commitments. Clause anchors for these would be, 9.1 performance evaluation and 10.2 improvement.
Based on the revisions expected in IA9100 2026 I could sum up for aerospace auditors a clause-based checklist (field-ready) with grounded evidence to perhaps be:
- 5.1 / 9.3: Show me a leadership decision where quality/product safety won over schedule—what changed afterward?
- 6.1 / 8.4: How do supplier risks change receiving inspection, verification, and contingency planning?
- 8.1 / 8.7: Walk me through your counterfeit/suspect part prevention and containment from PO to disposition.
- 7.1.4 / 7.2: What human-factor risks exist in this process, and what controls reduce error-likelihood?
- 7.5 / 9.1: Prove this KPI: data source, transformations, access control, and how it drove action.
Summing up I would guess the hardest for organizations would be to consider the most common weak points they will likely see are:
- Culture/ethics presented as statements, not governance and measurable behaviors.
- Risk registers that don’t change controls, especially in supplier management and production planning.
- Counterfeit prevention that’s not end-to-end, particularly in distribution and returns/repairs.
- Digital records without strong integrity controls, especially across multiple systems.
- Human factors handled informally, without designed controls and competence verification.
If auditors hold the line on evidence—governance, traceability, effectiveness—the transition to IA9100 can strengthen aerospace quality rather than just reshuffle terminology. IA9100 clause numbering and wording may evolve until formal publication. This article intentionally anchors to the stable ISO 9001 / AS9100 structure (Clauses 4–10) to remain usable throughout the transition.
—
This article was written by IJ, Principal Consultant at QMII. With extensive experience in ISO standards, auditing, and organizational transformation, IJ has guided global organizations in strengthening their management systems. His approach focuses on aligning ISO implementation with strategic business objectives to drive long-term performance improvement.
