AS9100-Risk-Based Thinking in the Airline industry – It’s about time.

The airline industry statistically has one of the best safest records. AS9100 defines the framework for a quality management system for aerospace parts manufacturers across the globe. Over the past decade there have been several airline accidents however, that have brought the safety of airlines to the forefront. In a most recent case of the Boeing 737-max a software glitch was identified as the cause. As investigations proceed the general consensus is that this glitch should have been previously identified.

Risk generally is associated with ‘uncertainty’ or ‘negativity’. This changed with ISO 9001:2015 and the onset of risk-based thinking that now asks companies to consider the opportunities for improvement that may arise out of taking a ‘calculated’ risk. Further in AS9100, that is built on ISO 9001, there are requirements for consideration of strategic risks and operational risks and the need to take action to address each. The impact of coronavirus or a similar pandemic is a great example of a strategic risk that can affect business continuity.

Risk-based thinking in the AS9100 standard promotes customer focus within an organization. While risk-based thinking has been inherent in previous versions of the standard with preventive action, the new standards address risk at each stage of the PDCA cycle thus enabling the entire As9100 management system at each stage as a preventive tool.

The aerospace and automotive industry are leaders in the implementation of Failure mode and effects Analysis (FMEA) and the Plan-Do-Check-Act Cycle (PDCA) of process management.  Originally adopted by the military in the 1950’s, FMEA later was embraced by the auto and aerospace industries.  The FMEA process identifies risks that can then be addressed using mistake proofing and problem solving with a team approach.  FMEA can be used for either product or process. When used properly it can be a very effective at addressing risks. FMEA is a great core tool that can be applied to address the AS9100 clause 8.1.1 operational risk requirements.

AS9100 asks top management to take accountability for the quality of products and services produced by their organization; keeping a customer focus at the core of all they do.  The influence of end users, customers and the companies marketing department on the product’s design needs to be constantly reviewed. At each stage of the requirements gathering, design & development and manufacturing stages of the AS9100 system there are potential risks. As such doing a single FMEA may not be sufficient but may require a review of the FMEA at periodic intervals as a change in inputs to the process/product may change the associated risks or identify new ones.

Management wants to encourage continuous improvement and innovative recommendations by all stakeholders, but changes must be reviewed.  Whenever a change is made to a AS9100 certified product or service, that change should follow the PDCA Cycle approach, the same way it was done when the product was first introduced.  This will reduce the number of recalls, and the risk of injuries to end users of the products.

A single non-conforming product that goes out of the organization into the market results in an intangible loss for no value can be put on the loss of reputation. It only takes a single incident! Starting with risk appreciation at the Plan stage of the PDCA cycle and then throughout the rest of the cycle, with a focus on customer satisfaction, will help the aerospace industry improve by preventing non-conformities before they occur as well as hopefully, improve their As9100 certified products.

Monitoring Outsourced Processes is a Primary Responsibility of Every Organization

The international standards provide a world of wisdom enabling robust planning to achieve results by the organizations. In this global economy, often doing all the work in-house is not a cost-effective solution. Moreover, with super-specialized industry requirements, perhaps a lot of quality products and services can be procured at reasonable prices. Yet it seems organizations fail to act in the spirit of the standard when putting in place requirements for monitoring outsourced processes. Clause 8.1 of ISO 9001:2015 in operational planning and control has a sting in the tail with a clear whip requiring that “the organization shall ensure that outsourced processes are controlled.”

Statutory requirements are created to provide the required oversight, maintain customer focus and protect the interests of the customer when products and services are cleared for use. The caveat is that the statutory body should be well resourced, have the infrastructure, maintain organizational knowledge levels (Clauses, 7.1.3 & 77.1.6 of ISO 9001) with competent manpower (Clause 7.2). This often is not possible or with time not sustainable due to budgetary constraints, knowledge level dropping with time, Leadership forgetting their primary role (Clause 5.1.1) of taking accountability for the effectiveness of the QMS (Quality Management System). As such, the resources (5.1.1 e) needed for the QMS are not provided or budgets not available. The statutory bodies rationalize it by their helplessness since the government does not provide the funding and budgetary support for this.

Whatever the reasons, the question is who suffers? A ship is sunk, and aircraft with all on board has crashed, dangerous drugs are in use. It is the customer who suffers. In helplessness on their ability to do their duties, the statutory bodies outsource the work to contracted parties or worst to the manufacturer itself! The whole logic of creating a statutory body is lost with this.

What then is the remedy? The essential rulemaking that implements compliance requires competence, resources, and infrastructure with a committed Leadership ensuring continuing suitability, adequacy and effectiveness of the system. When budgetary constraints do not allow this role to be fulfilled, the risk to the system along with the products and services it provides must be assessed and mitigated or the opportunity for improvement taken (Clause 6.1 of the ISO 9001).  This would require the authority to appreciate the FMEA (Failure Mode Effect and Analysis) and take measures to remedy this. If this risk is not appreciated as NC (Non-conformity) the CA (Corrective Action) will not take place nor will the government know of the consequences of underfunding or of recognizing the failure and finding alternatives/ considering options. If the manufacturer has the resources, the government may consider this an asset and avoid duplication of resources, thinking in national terms. Outsourcing to the manufacturer as has been seen can mean losing customer focus and is strict counter to the very philosophy of statutory work. It would call for aggressive, proactive and strict monitoring of the outsourced processes.

In my opinion, monitoring the outsourced processes diligently, as clearly prescribed in the standard is the answer. New options may not be necessary, if the existing clauses of ISO 9001 and related industry-specific standards, where applicable, are understood in the spirit of the standard and vigorously implemented.

  • Dr. IJ Arora