What It Is

AS9100D:2016 is the international certification standard for quality management systems (QMS) in aviation, space, and defense. It extends ISO 9001:2015 with over 100 aerospace-specific requirements, focusing on safety-critical processes via a process-based, risk-oriented approach using Annex SL structure.

Key Components

• **Clause 8 additionsconfiguration management (8.1.2), product safety (8.1.3), counterfeit prevention (8.1.4), operational risks (8.1.1).
• Enhanced supplier controls, human factors, and traceability.
• Built on PDCA cycle with leadership accountability (Clause 5) and performance evaluation (Clause 9).
• Third-party certification via IAQG-accredited audits, OASIS database listing.

Why Organizations Use It

• Market access: Required by OEMs for supply chain qualification.
• Risk reduction: Prevents defects, ensures product integrity, lowers escapes.
• Benefits: Improved delivery, cost savings, supplier performance.
• Builds stakeholder trust through proven safety and compliance.

Implementation Overview

• Phased: gap analysis, process design, training, internal audits, Stage 1/2 certification.
• Applies to designers, manufacturers, MROs globally.
• 6-18 months typical, with annual surveillance.

What It Is

APRA Prudential Standard CPS 234 (Information Security) is a binding prudential regulation issued by the Australian Prudential Regulation Authority, effective 1 July 2019. It mandates APRA-regulated entities like banks, insurers, and super funds to maintain information security capabilities commensurate with threats to protect confidentiality, integrity, and availability of information assets, including those managed by third parties.

Key Components

• Governance with Board ultimate accountability and defined roles.
• Information asset classification by criticality and sensitivity.
• Commensurate controls, systematic testing, and independent assurance.
• Incident response plans with annual testing.
• 72-hour APRA notification for material incidents; 10 business days for unremediable weaknesses. No fixed control count; risk-based approach.

Why Organizations Use It

• Mandatory compliance to avoid enforcement, penalties, and scrutiny.
• Enhances operational resilience, reduces incident impact.
• Builds customer trust, enables better vendor terms.
• Strategic differentiation in partnerships and market access.

Implementation Overview

Phased: gap analysis, policy framework, asset register, controls, testing, monitoring. Applies to all sizes of APRA entities in Australia; requires ongoing assurance, no formal certification but APRA audits.