EN 9101:2015

SLOVENSKI STANDARD
01-oktober-2015
1DGRPHãþD
SIST EN 9101:2011
6LVWHPLYRGHQMDNDNRYRVWL=DKWHYH]DSUHVRMRRUJDQL]DFLM]UDþQHJDSURPHWD
YHVROMVNLKSROHWRYLQREUDPEH
Quality Management Systems - Audit Requirements for Aviation, Space, and Defence
Organisations
Qualitätsmanagementsysteme - Audit-Anforderungen für Organisationen der Luftfahrt,
Raumfahrt und Verteidigung
Série aérospatiale - Systèmes de management de la Qualité - Exigences d’Audits pour
les Organisations de l'Aéronautique, l'Espace et la Défense
Ta slovenski standard je istoveten z: EN 9101:2015
ICS:
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
49.020 Letala in vesoljska vozila na Aircraft and space vehicles in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN 9101
EUROPEAN STANDARD
NORME EUROPÉENNE
September 2015
EUROPÄISCHE NORM
ICS 03.120.10; 49.020 Supersedes EN 9101:2011
English Version
Quality Management Systems - Audit Requirements for
Aviation, Space, and Defence Organisations
Systèmes de management de la Qualité - Exigences Qualitätsmanagementsysteme - Audit-Anforderungen
d'Audits pour les Organisations de l'Aéronautique, für Organisationen der Luftfahrt, Raumfahrt und
l'Espace et la Défense Verteidigung
This European Standard was approved by CEN on 20 March 2015.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2015 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9101:2015 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
0 Introduction . 5
0.1 General . 5
0.2 Auditing approach . 6
0.3 Audit records and reports . 6
1 Scope . 7
1.1 General . 7
1.2 Application . 7
2 Normative references . 7
3 Terms and definitions . 8
4 Auditing and reporting . 10
4.1 General . 10
4.1.1 Audit process . 10
4.1.2 Audit approaches . 12
4.1.2.1 Customer focus . 12
4.1.2.2 Organisational leadership . 12
4.1.2.3 Quality management system performance and effectiveness . 12
4.1.2.4 Process management . 13
4.1.2.5 Special processes . 14
4.1.2.6 Continual improvement . 14
4.1.3 Reporting . 14
4.2 Common audit activities . 15
4.2.1 Audit planning . 16
4.2.2 Conducting on-site audits . 17
4.2.2.1 General . 17
4.2.2.2 Conducting the opening meeting . 17
4.2.2.3 Site tour . 17
4.2.2.4 Audit conduct . 18
4.2.2.5 Identifying and recording of audit findings . 18
4.2.2.5.1 Process results . 18
4.2.2.5.2 Process realization . 19
4.2.2.5.3 Process effectiveness . 19
4.2.2.6 Preparing audit conclusions . 19
4.2.2.7 Conducting the closing meeting . 20
4.2.3 Audit report . 20
4.2.4 Nonconformity management . 21
4.3 Audit phase specific requirements . 22
4.3.1 Pre-audit activities . 22
4.3.1.1 Application . 22
4.3.1.2 Application Review . 22
4.3.1.2.1 Requirements for the Certification Body . 22
4.3.1.2.2 Requirements for the audit team leader . 23
4.3.2 Stage 1 Audit . 23
4.3.2.1 General . 23
4.3.2.2 Collection of information . 23
4.3.2.3 Review of the organization . 24
4.3.2.4 Stage 1 conclusions . 26
4.3.3 Stage 2 audit. 26
4.3.4 Surveillance audit . 26
4.3.5 Recertification audit . 27
4.3.6 Special audit. 27
5 Notes . 27
Appendices
Appendix A (informative) ACRONYM LOG . 28
Appendix B (normative) FORMS . 29
Figures and Tables
Figure 1 — Overview of audit process flow . 11
Table 1 — CERTIFICATION STRUCTURE REPORTING MATRIX . 15
Table 2 — RELATIONSHIP BETWEEN COMMON ACTIVITIES AND AUDIT PHASES . 16
Table 3 — PROCESS EVALUATION MATRIX . 20

European foreword
This document (EN 9101:2015) has been prepared by the Aerospace and Defence Industries
Association of Europe - Standardization (ASD-STAN).
After enquiries and votes carried out in accordance with the rules of this Association, this European
Standard has received the approval of the National Associations and the Official Services of the member
countries of ASD, prior to its presentation to CEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by March 2016, and conflicting national standards shall
be withdrawn at the latest by March 2016.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
This document supersedes EN 9101:2011.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
RATIONALE
This European standard has been revised to incorporate the requirements for accredited Certification
Bodies (CBs) introduced by International Organization for Standardization (ISO) / International
Electrotechnical Commission (IEC) ISO/IEC 17021:2011, EN 9104/1:2012, and inputs received from
industry stakeholders associated to process-based auditing methods and the evaluation of process
effectiveness.
FOREWORD
To assure customer satisfaction, aviation, space, and defence organisations must produce and
continually improve safe reliable products that meet or exceed customer and applicable
statutory/regulatory requirements. The globalization of the industry and the resulting diversity of
regional and national requirements and expectations have complicated this objective. Organisations
have the challenge of purchasing products from suppliers, at all levels of the supply chain, throughout
the world. Suppliers have the challenge of delivering products to multiple customers having varying
quality requirements and expectations.
Industry established the International Aerospace Quality Group (IAQG), with representatives from
companies in the Americas, Asia/Pacific, and Europe, to implement initiatives that make significant
improvements in quality and reductions in cost throughout the value stream.
This document has been prepared by the IAQG and standardises the requirements for conducting and
reporting of Quality Management System (QMS) audits. It can be used by aviation, space, and defence
organisations at all levels throughout the global supply chain.
It provides requirements for an audit and reporting process, based on:
• the process and continual improvement approach defined in EN 9100-series standards;
• the specific aviation, space, and defence additions in EN 9100-series standards;
• the use of common audit tools; and
• the uniform, transparent, and standardised reporting of audit results.
In this European Standard, the word “shall” indicates a requirement and the word “should” a
recommendation to meet the intent of the standard. Words “typical”, “example”, or “e.g.” indicate
suggestions given for guidance. Information marked “NOTE” is for guidance in understanding or
clarifying the associated requirement.
0 Introduction
0.1 General
Auditing is a basic tool to assess effective implementation of and conformity to QMS requirements.
In addition to the determination of conformity, this European Standard focuses on the evaluation of
effectiveness (see ISO 9000, subclause 3.2.14) of the QMS and its associated processes.
An organization is not only required to be in conformity with QMS requirements, but to be effective in
meeting customer expectations and delivering products that meet those expectations.
Additionally, this European Standard takes into account the new requirements presented in the 2009
revisions of the EN 9100-series standards [e.g. critical items, special requirements, On-time Delivery
(OTD) performance, risk management, project management].
0.2 Auditing approach
This European Standard supports the engagement and evaluation of an organization’s QMS process
approach, as required by the EN 9100-series standards. When evaluating an organization’s QMS, there
are basic questions that should be asked of every process, for example:
a) Is the process identified and appropriately defined?
b) Are responsibilities assigned?
c) Are the processes adequately implemented and maintained?
d) Is the process effective in achieving the desired results?
The collective answers to these and other associated questions will contribute to the evaluation results.
In addition, product quality (as delivered), customer satisfaction, and QMS effectiveness can be
considered as interrelated. This relationship should be reflected in the audit process and associated
results.
0.3 Audit records and reports
This European Standard defines the audit records and reports to be generated, during the audit process.
They are critical in providing the organization and its’ customers with objective evidence on the
conformity and effectiveness of the QMS (including process effectiveness), and reporting the audit
results in a standard format/structure.
1 Scope
1.1 General
This European Standard defines requirements for the preparation and execution of the audit process. In
addition, it defines the content and composition for the audit reporting of conformity and process
effectiveness to the EN 9100-series standards, the organization’s QMS documentation, and customer and
statutory/regulatory requirements.
The requirements in this European Standard are additions or represent changes to the requirements
and guidelines in the standards for conformity assessment, auditing, and certification as published by
ISO/IEC (i.e. ISO/IEC 17000, ISO/IEC 17021). When there is conflict with these standards, the
requirements of the EN 9101 standard shall take precedence.
NOTE 1 In this European Standard, the term “EN 9100-series standards” comprises the following Aerospace
Quality Management System (AQMS) standards: EN 9100, EN 9110, and EN 9120; developed by the IAQG and
published by various national standards bodies.
NOTE 2 In addition to this European Standard, the IAQG publishes deployment support material on the IAQG
website (see http://www.sae.org/iaqg/) that can be used by audit teams, when executing the audit process.
1.2 Application
This European Standard shall be used for audits of EN 9100-series standards by CBs for certification of
organisations, under the auspices of the aviation, space, and defence industry certification scheme [also
known as Industry Controlled Other Party (ICOP) scheme]. The ICOP scheme requirements are defined
in the EN 9104-series standards (i.e. EN 9104/1, EN 9104/2, EN 9104/3).
NOTE Relevant parts of this European Standard can be used by an organization in support of internal audits
(1st party) and external audits at suppliers (2nd party).
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
1)
EN 9100 , Quality Management Systems — Requirements for Aviation, Space and Defence Organisations
1)
EN 9102 , Aerospace series — Quality systems — First article inspection
1)
EN 9104-001 , Aerospace series — Quality management systems — Part 001: Requirements for Aviation,
Space, and Defence Quality Management System Certification Programs
1)
EN 9104-002 , Aerospace series — Quality management systems — Part 002: Requirements for Oversight
of Aerospace Quality Management System Certification/Registrations Programs
1)
EN 9104-003 , Aerospace series — Quality management systems — Part 003: Requirements for
Aerospace Quality Management System (AQMS) — Auditor Training and Qualification

1)
As developed under the auspice of the IAQG and published by various standards bodies [e.g., SAE International, European
Committee for Standardisation (CEN), Japanese Standards Association/Society of Japanese Aerospace Companies (JSA/SJAC),
Brazilian Association for Technical Norms (ABNT)].
1)
EN 9110 , Quality Management Systems — Requirements for Aviation Maintenance Organisations
1)
EN 9115 , Quality Management Systems — Requirements for Aviation, Space and Defence
Organisations — Deliverable Software (Supplement to EN 9100)
1)
EN 9120 , Quality Management Systems — Requirements for Aviation Space and Defence Distributors
1)
EN 9131 , Aerospace series — Quality Management Systems — Nonconformance Data Definition and
Documentation
IAF MD 2:2007, IAF Mandatory Document for the Transfer of Accredited Certification of Management
Systems
IAF MD 3:2008, IAF Mandatory Document for Advanced Surveillance and Recertification Procedures
IAF MD 4:2008, IAF Mandatory Document for the Use of Computer Assisted Auditing Techniques (“CAAT”)
for Accredited Certification of Management Systems
IAQG Procedure 119, Forms Management
ISO 9000:2005, Quality management systems — Fundamentals and vocabulary
ISO/IEC 17000:2004, Conformity assessment — Vocabulary and general principles
ISO/IEC 17021:2011, Conformity assessment — Requirements for bodies providing audit and certification
of management systems
3 Terms and definitions
For the purpose of this European Standard, the terms and definitions provided in ISO 9000,
ISO/IEC 17000, EN 9100-series standards, EN 9104/1 standard, and the following apply. Furthermore,
an acronym log for this European Standard is presented in Appendix A.
3.1
containment
action to control and mitigate the impact of a nonconformity and protect the customer's operation (stop
the problem from getting worse); includes correction, immediate corrective action, immediate
communication, and verification that the nonconforming situation does not further degrade
3.2
Key Performance Indicator (KPI)
measures associated with goals or targets showing how well an organisation is achieving its’ objectives
or critical success factors for a particular project. KPIs are used to objectively define a quantifiable and
measurable indication of the organisation’s progress towards achieving its goals
3.3
major nonconformity
a non-fulfilment of a requirement which is likely to result in the failure of the QMS or reduce its ability
to assure controlled processes or compliant products/services; it can be one or more of the following
situations:
• a nonconformity where the effect is judged to be detrimental to the integrity of the product or
service;
• the absence of or total breakdown of a system to meet a EN 9100-series standard requirement, an
organization procedure, or customer QMS requirement;
• any nonconformity that would result in the probable shipment of nonconforming product; and
• a condition that could result in the failure or reduce the usability of the product or service and its
intended purpose.
3.4
minor nonconformity
a non-fulfilment of a requirement which is not likely to result in the failure of the QMS or reduce its
ability to assure controlled processes or compliant products/services; it can be a single system failure
or lapse in conformance with one of the following conditions:
• a EN 9100-series standard requirement;
• a customer QMS requirement; or
• a procedure associated to the organization’s QMS.
Note 1 to entry: A number of minor nonconformities against one requirement (e.g. similar nonconformities
associated to different sites or different departments/functions/processes within a single site) can represent a
total breakdown of the system and thus be considered a major nonconformity.
3.5
Nonconformity Report (NCR)
a document stating results and providing objective evidence of nonconformity against audit criteria,
including the following information: containment, correction, root cause, corrective action
implementation, and closure
3.6
Online Aerospace Supplier Information System (OASIS)
Web-based IAQG database containing information on participating IAQG member companies, National
Aerospace Industry Associations (NAIA), National Accreditation Bodies (NAB), accredited CBs,
authenticated Aerospace Experience Auditors (AEAs), Aerospace Auditors (AAs) certified suppliers,
certificates, and audit results
3.7
planned activities
the means, methods, and internal requirements by which the organisation intends to achieve planned
results of a given process to meet customer requirements. Planned activities include conformity to
process requirements and procedures
3.8
planned results
the intended performance of a process, as defined and measured by the organisation. Planned results
include product conformity and OTD to meet customer requirements, and may include other elements
related to the process, as defined by the organisation
3.9
Process Effectiveness Assessment Report (PEAR)
a document stating process evaluation results; providing evidence of conformity to requirements and
process effectiveness
4 Auditing and reporting
The audit and reporting process established to assess conformity, including the determination of QMS
EN 9100-series standards, shall meet the requirements of ISO/IEC 17021, as stated
effectiveness to the
in each relevant clause of this European Standard. Additional audit requirements for the aviation, space,
and defence industry are invoked by this European Standard.
For combined and integrated audits, the requirements of EN 9104/1, subclause 8.2.3 apply.
4.1 General
The audit process and associated activities (see subclause 4.1.1) shall be followed when auditing and
certifying organisations to AQMS standards in the aviation, space, and defence industry.
The audit process requirements consist of three main parts:
a) the phases of the audit process (see subclause 4.1.1);
b) the common activities (see subclause 4.2) that shall be used to support the audit phases; and
c) the specific requirements for each audit phase (see subclause 4.3).
4.1.1 Audit process
The audit process consists of the following phases (see Figure 1):
a) Pre-audit activities (see subclause 4.3.1);
b) Stage 1 audit (see subclause 4.3.2);
c) Stage 2 audit (see subclause 4.3.3);
d) Surveillance audit (see subclause 4.3.4); and
e) Recertification audit (see subclause 4.3.5).
Figure 1 — Overview of audit process flow
(see ISO/IEC 17021:—, Figure E.1)
Pre-audit activities and Stage 1 / Stage 2 audits are applicable for initial certification. A Stage 1 audit
can also be utilized for recertification audits and during CB transfer.
NOTE 1 Although ‘Special Audit’ is not listed as a part of the audit program, it can be applicable after initial
certification, when directed by special request. The requirements for special audits are addressed in subclause
4.3.6.
NOTE 2 The requirements for certification are defined by the EN 9104/1 standard.
4.1.2 Audit approaches
The following approaches (see subclauses 4.1.2.1 thru 4.1.2.6) shall be used, as appropriate, to conduct
each on-site audit.
4.1.2.1 Customer focus
The audit team shall determine that customer satisfaction is being evaluated and appropriate actions
are taken by the organization based on available performance information (e.g. nonconformity data,
corrective action requests, results of satisfaction surveys, complaints regarding product quality, OTD,
service provision, responsiveness to customer and internal requests) provided by the organization’s
customers (e.g. scorecards, report cards).
4.1.2.2 Organisational leadership
There shall be an interview(s) with top management to evaluate the:
a) establishment and continued relevance of the organization’s quality policy and objectives;
b) establishment of performance measures aligned to quality objectives;
c) QMS development, implementation, and continual improvement;
d) top management commitment;
e) QMS performance and effectiveness;
f) performance to customer expectations (e.g. supplier rating, scorecard, audit results); and
g) actions taken to address issues that are not meeting customer performance expectations.
4.1.2.3 Quality management system performance and effectiveness
The audit of QMS performance and effectiveness shall include a review of the following:
a) the processing of customer complaints, customer feedback data (e.g. periodic performance reports
received from customers), and other relevant customer data (e.g. results of customer surveys);
b) results and actions from internal and external audits of the QMS, including their associated records;
c) stakeholder feedback (e.g. feedback from regulatory authorities or other interested parties);
d) the processing of process/product nonconformities, including review of associated corrective
actions and evaluation on the effectiveness of actions taken;
e) the processing of preventive actions, including evaluation on the effectiveness of actions taken;
f) management review conduct, including associated records (e.g. process inputs/outputs, actions
taken);
g) internal performance monitoring, measurement, reporting, and reviews against stakeholder and
internal performance objectives and targets, including continual improvement activities and
associated records;
h) the organization’s current performance against targets, including customer specific targets and
associated records of applicable actions taken where targets are not being met; and
i) the status and effectiveness of the organization’s process performance improvement activities and
their outcomes related to product quality.
4.1.2.4 Process management
The audit team shall conduct QMS audits using a method that focuses on process performance and
effectiveness; this ensures that priority is given to the following:
a) reviewing the organization’s processes, their sequence and interactions, the identification of
functions and assignment of responsibilities, and performance against requirements and defined
measures, with focus on processes that directly impact the customer;
b) reviewing the process for validation and approval of processes and process changes;
c) reviewing the availability of resources and information required to operate and support associated
activities, including appropriate training and competency of personnel;
d) reviewing the process-based management techniques, including the examination of process
measures (e.g. quality, takt time, cycle time, output effectiveness, control limits, process capability
determination);
e) reviewing plans in place to ensure performance objectives/targets are monitored, measured, and
analysed in order to realize the planned activities and achieve the planned results (e.g. verify
performance information availability, percentage of nonconforming parts/products, percentage
OTD);
f) reviewing applicable action taken when objectives/targets are not met to promote continual
improvement; and
g) pursuing audit trails addressing customer concerns or requests for corrective actions, performance
against objectives, and relevant process controls.
The audit team shall audit processes to sufficient depth and detail to evaluate if the organization’s
processes are capable of meeting planned results and performance levels, including applicable
customer specific targets.
NOTE 1 KPIs are used to identify an organization’s progress towards achieving its’ performance goals.
NOTE 2 KPIs relating to financial information are not in the scope of the EN 9101 standard.
NOTE 3 The audit team should pursue process-based audit trails by following actual products, customer
orders, and related documents (e.g. customer contracts, drawings, shop orders, inspection records) through the
organization’s product realization and associated processes. Verifying the interfaces between processes and the
linked documentation requirements (see EN 9100-series standards subclause 4.2); resource management (see
EN 9100-series standards Clause 6); and measurement, analysis, and improvement (see EN 9100-series
standards, Clause 8).
4.1.2.5 Special processes
When special processes (see EN 9100/EN 9110, subclause 7.5.2) are included in the audit plan, the
audit team shall evaluate process validation, as well as, the monitoring, measuring, and control of these
processes, including the following:
a) The process records shall be reviewed for each audited special process, including the established
arrangements and a comparison between actual and planned results.
b) The audit team shall identify and select a sample of special processes, including those defined by
the customer. For the selected special processes, the audit team shall audit the monitoring and
measuring equipment used (e.g. calibration, accuracy) and the method for recording the results. If
required, the traceability between the process (e.g. batch or load charge identification) and the
resulting products shall be verified.
c) In the case of outsourced special processes, the audit team shall verify that the organization’s
supplier control process addresses these items accordingly. In addition, the audit team shall review
the use of customer-designated sources, as required.
NOTE 1 Special processes are managed by using personnel qualified, as required by organization and/or
customer requirements, and by controlling physical or chemical process characteristics [e.g. temperature, time
(process duration), pressure, chemical composition of product or process treatment material (surface treatment
solution)].
NOTE 2 If an audit(s) has been performed by a customer or by a specialized independent 3rd party, the audit
team can take the audit by these organisations into account. This can include audit results, sampling of the
findings, and verification of any reported nonconformities to determine adequate resolution (i.e. no recurrence).
4.1.2.6 Continual improvement
The audit team shall evaluate the organization’s interrelated processes and activities for continual
improvement of the QMS, its processes, their conformity, and effectiveness in order to:
a) ensure focus on issues that are important to the organization, their customers, and regulatory
authorities; and
b) determine the effectiveness of an organization’s approach to continually improving process
performance.
NOTE The organization should be able to demonstrate that they have a structured approach to achieve
continual improvement of the QMS and its processes.
4.1.3 Reporting
Reporting requirements associated with AQMS certification structures (see EN 9104/1, subclause 3.11)
are included in Table 1.
Table 1 — CERTIFICATION STRUCTURE REPORTING MATRIX
Type of
Certification
Single Multiple Several Complex
Campus
Structure
Site Sites Sites Organization
Audit Phase
Stage 1 Audit • Stage 1 Audit Report (Form 1)
• QMS Process Matrix Report (Form 2); per site
Stage 2 Audit • PEAR (Form 3); per site or combined, as appropriate
Surveillance • Nonconformity Report (NCR) (Form 4); as applicable
• Audit Report (Form 5)
Recertification
• Supplemental Audit Report (Form 6); optional
• PEAR (Form 3); per site or combined, as appropriate
Special Audit • NCR (Form 4); as applicable
• Audit Report (Form 5)
Recording of process information may be combined into a single PEAR for multiple sites, several site,
campus, or complex organisations, provided that the process is common across sites/structures.
Information recorded shall reflect each site included in the PEAR. The process effectiveness level shall
reflect the lowest value of the various sites assessed.
In accordance with IAQG Procedure 119, representations of the EN 9101 forms are presented in
Appendix B for reference only. Electronic versions of these forms, with supporting instructions, are
available via the forms section of the IAQG website: http://www.sae.org/iaqg/. Use of these electronic
forms is mandatory and variations are not permissible; however, expanding the fields to accommodate
the recording of information is permissible.
4.2 Common audit activities
Audit planning, on-site auditing, and audit reporting are common activities linked with Stage 1, Stage 2,
surveillance, recertification, and special audits. Nonconformity management is common for Stage 2,
surveillance, and recertification audits. The requirements for activities and common activities that
apply to each phase of the audit program are referenced in Table 2.
The Stage 1, Stage 2, surveillance, and recertification audit activities shall be described in the audit
program established during the ‘Pre-audit Activities’ phase.
Table 2 — RELATIONSHIP BETWEEN COMMON ACTIVITIES AND AUDIT PHASES
Audit
Pre-audit
Phase
Stage 1 Stage 2 Surveillance Recertification Special
Activities
(4.3.2) (4.3.3) (4.3.4) (4.3.5) (4.3.6)
Common
(4.3.1)
Activity
Audit Planning (4.2.1) X X X X X X
On-site Auditing (4.2.2)  X X X X X
Audit Reporting (4.2.3)  X X X X X
Nonconformity
X X X X
Management (4.2.4)
4.2.1 Audit planning
The requirements of ISO/IEC 17021, subclauses 9.1.2 thru 9.1.8 apply.
In addition, the audit plan shall be based on the processes defined by the organization and documented
in the QMS Process Matrix Report (see Form 2).
The audit team leader shall use the organization’s customer feedback requests, including those received
through the OASIS database (see EN 9104/1, subclause 14.2), to assist with audit planning for
surveillance and recertification audits. The audit activities shall be prioritised based upon performance
data for business risks that could impact the customer (i.e. customer concerns, customer special
statuses) and on processes that are not achieving planned results.
Audit planning shall take into account:
a) the sequence and interactions of the organization’s processes;
b) the criticality of products and processes, including special processes;
c) the risks associated with product or process maturity (e.g. new product introduction, new process
equipment or facilities);
d) product related safety issues (e.g. airworthiness issues, reporting to customer and/or authorities);
e) results of internal audits;
f) previous audit findings (e.g. CBs, customers, regulatory authorities);
g) performance measures and trends for quality and OTD (e.g. KPIs, scorecards, dashboards);
h) previous management review results;
i) customer requirements;
j) statutory/regulatory requirements;
k) customer satisfaction/performance data;
l) certification structure [i.e. single site, multiple site, campus, several sites, complex organization
(see EN 9104/1)];
m) integrated and/or combined audits (see EN 9104/1, subclause 8.2.3);
n) use of Advanced Surveillance and Recertification Procedures (ASRP) (see EN 9104/1, subclause
8.9);
o) use of CAAT (see EN 9104/1, subclause 8.10); and
p) the proportion of aviation, space, and defence business each customer represents.
NOTE The audit team leader should ensure that the amount of audit time planned on auditing any one
customer’s specific QMS requirements is consistent (approximately) with the proportion of aviation, space, and
defence business each customer represents (e.g. if customer X has 20 % of the business, the audit team should not
spend 80 % of their time verifying customer X's specific QMS requirements).
4.2.2 Conducting on-site audits
4.2.2.1 General
The requirements of ISO/IEC 17021, subclause 9.1.9 apply.
In addition, each on-site audit, except for nonconformity follow-up (see subclause 4.2.4) and special
audits (see subclause 4.3.6) shall include the following, as applicable:
a) a review of the changes to the QMS, since the last audit (including certification structure);
b) a review of requirements from new aviation, space, and defence customers, since the last audit;
c) a review of customer satisfaction information and requested corrective actions and associated
responses (see subclause 4.1.2.1);
d) an interview with top management (see subclause 4.1.2.2);
e) an audit of the organization’s processes, including their performance and effectiveness (see
subclauses 4.1.2.3, 4.1.2.4, and 4.1.2.5), as identified in the audit plan (see subclause 4.2.1);
f) an audit of the continual improvement of the QMS (see subclause 4.1.2.6);
g) an audit of follow-up actions from previous audits; and
h) an audit of the purchasing process (see EN 9104/1, subclause 8.2.2.n).
NOTE If there is more than one surveillance audit during a year (e.g. every six months), some activities
(e.g. interview with top management) may be spread over these audits.
4.2.2.2 Conducting the opening meeting
The requirements of ISO/IEC 17021, subclause 9.1.9.2 apply.
In addition, in case of a non-single site certification structure:
a) The AEA shall conduct site specific opening meetings; or
b) a central opening meeting shall be conducted with representatives from all sites, either physically
or by means of electronic/distance meeting methods (e.g. net-meeting, Webex, Meet-me).
4.2.2.3 Site tour
The audit team leader may conduct a site tour to address any changes in scope or facilities, since the last
visit, or to familiarise audit team members with the organization’s activities.
4.2.2.4 Audit conduct
The requirements of ISO/IEC 17021, subclauses 9.1.9.3 thru 9.1.9.5 apply.
In addition, the audit shall be conducted through the use of various auditing approaches (see subclause
4.1.2). The audit team shall pursue relevant audit trails to assist in the determination of QMS conformity
and effectiveness.
NOTE Audit tools may be developed (e.g. check sheets, questionnaires) to help auditors in the collection of
objective evidence during the audit process.
4.2.2.5 Identifying and recording of audit findings
The requirements of ISO/IEC 17021, subclause 9.1.9.6 apply.
The audit team shall complete the QMS Process Matrix Report (see Form 2) to demonstrate which
processes and EN 9100-series standard clauses have been audited, including a summary of objective
evidence related to each EN 9100-series standard, Clauses 4, 5, 6, and 8. For recording a summary of
objective evidence related to the product realization process, see subclause 4.2.2.5.2.
NOTE 1 If objective evidence for Clau
...