AS 9100 is applicable to any organization as a choice but is often a business demand. Aerospace is a vast field and has major and minor players. Does it therefore imply that tier 2 and tier 3 suppliers should go through the same documentation burden as a primary aerospace organization? This is a dilemma faced by tier 2/3 suppliers. I have often thought about this. This short article based on QMII experience is specifically written for AS9100 Tier-2/3 Suppliers and how they can maintain the balance between control and still maintain agility and meet the requirements of the standard.
Tier-2 and Tier-3 aerospace suppliers face a unique dilemma, the need to meet AS9100’s rigorous expectations while working with limited resources and tight delivery schedules. Customer flow-downs, documentation demands, and special-process scrutiny can quickly overwhelm small teams. The key challenge is achieving effective control without unnecessary bureaucracy, preserving the agility that keeps smaller suppliers competitive. This special article is aimed at this need of the tier 2/3 suppliers.
The supplier’s challenge in aerospace quality comes from the aerospace customers bringing layers of requirement complexity, unique quality clauses, FAIR specifics (First Article Inspection Report, and the broader process called First Article Inspection (FAI), special-process certifications, customer portals, and documentation formats. These customer-specific expectations often exceed the base AS9100 standard and force Tier-2/3 suppliers to interpret, prioritize, and integrate a landscape of varied demands. Without a structured approach, they risk creating bloated systems that satisfy auditors on paper but hinder production flow.
Understanding AS9100 Clause 8 – operational controls is therefore essential. Clause 8 is the operational heart of AS9100, setting expectations for planning, process control, risk mitigation, and configuration management. It emphasizes that conformity comes from effective planning and controlled execution, not from sheer volume of documents. Suppliers must ensure that personnel have the right information at the right time, that processes are validated where outcomes cannot be fully verified after the fact, and that changes are managed with discipline. For small suppliers, the goal is implementing these controls proportionally to risk, not copying OEM (original equipment manufacturers)-level tier 1 systems.
Minimum-Viable Risk (MVR) must be considered as a pragmatic interpretation of AS9100. AS9100 demands risk-based thinking, but many small suppliers interpret this as “more forms” instead of “better decisions.” MVR provides a method to match controls to actual consequences. It prevents systems from becoming document-heavy while maintaining the safeguards needed for aerospace.
Basic MVR principles include:
- Identifying what can truly go wrong (escape, defect, missed requirement).
- Assessing the severity of consequence.
- Matching control strength to risk severity—not habit or tradition.
- Eliminating duplicate or ritualistic checks.
- Documenting the rationale for proportional controls.
MVR (monitoring, verification, and reporting) is simplicity with discipline and is the heart of AS9100 done well. It includes applying MVR to special processes without gridlock. Special processes, like welding, heat treat, coatings, NDT (nondestructive testing), bonding pose inherently higher risks because results cannot be fully verified after production. However, small suppliers can maintain strong control without drowning in paperwork. They should control inputs, not layers of signatures. Validate equipment capability, freeze key parameters, ensure personnel competency, and maintain controlled settings. Excess signatures do not improve quality, controlled inputs do.
The tier 2 and 3 suppliers should build process ownership. Escapes in special processes usually stem from incorrect settings, outdated drawings, or tribal knowledge. An escape is a defect that leaves your organization and reaches the customer. A single-point accountability model, owned by the welding lead, NDT supervisor, or coating tech reduces error pathways better than multiple inspectors. Also, use of one-page critical parameter sheets condenses travelers into one-page sheets listing key variables, limits, and required verifications. This approach focuses on what actually matters to conformity.
Another important organizational priority of tier 2/3 suppliers (AS 9100 clause 4.4.1) is to right size the QMS to their risk level. AS9100 allows flexibility, and small suppliers should embrace it. Not every process requires the same level of documentation, inspection, or validation.
- Low-risk machining or simple assembly can rely on straightforward checks.
- High-risk special processes need tighter controls, but not excessive forms.
- Different supplier tiers have different expectations; Tier-3 machining houses need far less documentation than Tier-1 system integrators.
- A right-sized QMS is efficient, compliant, and scalable.
Then there is the use of practical supplier evaluation methods. Supplier oversight does not have to involve 12-page questionnaires or annual onsite audits. AS9100 encourages objective, data-driven oversight:
- On-Time Delivery (OTD).
- NCR (non-conformity report) and escape trends.
- Responsiveness to containment.
- Corrective action effectiveness.
This approach is more reliable than generic forms and lets purchasing focus on high-risk, high-impact suppliers.
Then there are the common audit weaknesses in tier suppliers. QMII’s audit experience reveals recurring issues across Tier-2/3 organizations:
- Manuals copied from templates that do not match actual practice.
- Weak configuration control, especially in revision management.
- Inconsistent traceability in special processes and outsourced steps.
- Internal audits that check boxes instead of evaluating system effectiveness.
- Training records that prove attendance but not competency.
- Excessive documentation without actual operational control.
These weaknesses stem not from lack of effort, but from systems that were built to “pass audits” rather than ensure reliability.
Using MVR to reduce escapes and customer returns. Most escapes involve incorrect flow-downs, poor configuration management, or over-reliance on manual documentation. MVR shifts focus from detection to prevention, reducing escapes by simplifying controls and strengthening process discipline. Early requirement clarification, targeted training, and controlled process inputs all contribute to fewer customer complaints and more predictable performance.
As an example, perhaps a recommendatory timeline from QMII for consideration could be for a Tier-2/3 implementation blueprint (90 Days) would be three phased. Phase 1 – Diagnose (Weeks 1–3). Map critical processes, identify friction points, and assess risk using MVR. In Phase 2 simplify (Weeks 4–8), streamline travelers, create one-page control sheets, and combine competency and training logs. Finally in Phase 3 – reinforce (Weeks 9–12), clarify process ownership, audit for effectiveness, and pilot new controls. This, I think, builds a lean, compliant AS9100 system with predictable output.
In conclusion and as a call to action I would say a streamlined, risk-aligned AS9100 system allows Tier-2/3 suppliers to maintain compliance without sacrificing agility or productivity. By matching control depth to risk, strengthening special-process discipline, and using data-driven supplier monitoring, organizations can reduce escapes, satisfy customers, and maintain competitive flow.
For suppliers looking to strengthen their capability, QMII offers AS9100 auditor training that emphasizes process-based auditing, practical system improvement, and real-world risk management—equipping teams to build QMSs that are both compliant and efficient.
