What It Is

AS9100D:2016 is the international certification standard for quality management systems (QMS) in aviation, space, and defense. It extends ISO 9001:2015 with over 100 aerospace-specific requirements, focusing on safety-critical integrity via a process-based, risk-oriented approach using Annex SL structure.

Key Components

• **Clause 8 additionsConfiguration management (8.1.2), product safety (8.1.3), counterfeit prevention (8.1.4), operational risks (8.1.1).
• 10-clause PDCA framework with dual risk layers (strategic Clause 6.1, operational).
• Enhanced supplier controls, human factors, and traceability.
• Third-party certification via IAQG-accredited audits (Stage 1/2, surveillance).

Why Organizations Use It

Provides market access as OEM prerequisite, reduces defects/escapes, ensures supply chain reliability, mitigates catastrophic risks, and builds stakeholder trust through OASIS visibility and proven performance.

Implementation Overview

Phased approach (gap analysis, process design, training, audits) takes 6-18 months. Applies to all sizes in ASD sectors globally; requires documented processes, internal audits, management reviews.

What It Is

The Privacy Act 1988 (Cth) is Australia's comprehensive federal regulation establishing baseline privacy standards for handling personal information. It applies economy-wide via 13 Australian Privacy Principles (APPs), using a principles-based, risk-calibrated approach focused on collection, use, disclosure, security, and individual rights.

Key Components

• 13 APPs covering transparency (APP 1), collection (APPs 3-5), use/disclosure (APPs 6-8), quality/security (APPs 10-11), and access/correction (APPs 12-13).
• Notifiable Data Breaches (NDB) scheme for mandatory reporting.
• OAIC enforcement with civil penalties up to AUD 50M or 30% turnover.
• No formal certification; compliance via self-assessment and audits.

Why Organizations Use It

• Legal compliance for APP entities (>$3M turnover, health providers, etc.).
• Mitigates breach risks, enhances trust, supports cross-border flows.
• Builds competitive edge via robust governance.

Implementation Overview

Phased: discovery, policy design, controls deployment, incident readiness. Targets medium-large orgs in Australia; ongoing audits by OAIC.