What is the primary objective of AS9100?

The primary objective of AS9100 is to establish a quality management system (QMS) for aviation, space, and defense organizations that ensures product safety, configuration integrity, and supply chain reliability. AS9100D (2016) builds on ISO 9001:2015's 10-clause structure with over 100 aerospace-specific requirements, including operational risk management (Clause 8.1.1), configuration management (8.1.2), product safety (8.1.3), and counterfeit parts prevention (8.1.4). It mandates process-based controls, risk-based thinking across enterprise (Clause 6.1) and operational levels, and continual improvement to prevent quality escapes in safety-critical environments.

Who is legally or professionally required to comply with AS9100?

AS9100 applies professionally to organizations that design, develop, manufacture, or service aviation, space, and defense products and services. It targets manufacturers of aerospace parts, material suppliers, design centers, and quality organizations in the supply chain; maintenance organizations use AS9110, and distributors use AS9120. Major OEMs and primes require certification as a condition of contracts, with flow-down to subcontractors via Clause 8.4 for supplier controls, ensuring traceability and risk management across distributed chains.

Does AS9100 require an external audit or third-party certification?

Yes, AS9100 requires third-party certification through accredited bodies via a two-stage audit process. Stage 1 assesses documentation and readiness; Stage 2 verifies implementation and effectiveness using AS9101 guidance. Certification is listed in the IAQG OASIS database for supplier visibility, maintained by annual surveillance audits and recertification every three years, with evidence of process controls like configuration management and product safety.

How often should an assessment for AS9100 be performed?

AS9100 requires internal audits at planned intervals per Clause 9.2, plus annual surveillance audits and recertification every three years post-certification. Internal audits must be risk-based, covering all processes with competent auditors; management reviews (Clause 9.3) occur periodically. Nonconformities demand corrective actions (Clause 10) with effectiveness verification, typically within 60-90 days.

What are the consequences of non-compliance with AS9100?

Non-compliance with AS9100 risks certification suspension, contract loss, and supply chain exclusion. Audits identify nonconformities requiring root-cause analysis (considering human factors); unresolved major findings prevent certification or trigger OASIS delisting. Operationally, it leads to quality escapes, product safety events, rework, and OEM penalties, as 96% of certified firms are under 500 employees reliant on primes.

Can AS9100 be mapped to other international frameworks?

Yes, AS9100D aligns structurally with Annex SL frameworks via its 10-clause ISO 9001:2015 base, enabling integrated management systems. It supports mapping to standards sharing PDCA cycles, risk-based thinking (Clauses 6/8), and performance evaluation (Clause 9), though aerospace additions like counterfeit prevention require supplemental controls.

What is the first step to begin implementing AS9100?

The first step to implement AS9100 is conducting a gap analysis against AS9100D clauses to identify current QMS maturity. Assemble a cross-functional team to map processes, scope (Clause 4.3), risks (6.1), and aerospace specifics like product safety; produce a prioritized remediation plan with timelines, typically taking 6-18 months total.

What is the primary objective of ISO 13485?

ISO 13485:2016 specifies requirements for a quality management system (QMS) where organizations demonstrate ability to consistently provide medical devices and related services meeting customer and applicable regulatory requirements. This standard, structured in Clauses 4–8, emphasizes documented processes, risk-based controls, validation, traceability, and post-market obligations across the device lifecycle—from design and development to production, distribution, installation, servicing, and decommissioning. It functions as a regulatory-ready framework, requiring organizations to establish, implement, and maintain QMS processes with objective evidence of effectiveness.

Who is legally or professionally required to comply with ISO 13485?

ISO 13485 applies to organizations involved in one or more stages of the medical device lifecycle, including manufacturers, production, storage, distribution, installation, servicing, and suppliers of related services. Target entities encompass medical device manufacturers (design and/or production), contract manufacturers, importers, distributors, sterilization/calibration service providers, and software developers for Software as a Medical Device (SaMD). Organizations must identify their regulatory roles (e.g., manufacturer under EU MDR) and incorporate applicable regulatory requirements into the QMS; it is not legally mandatory but is expected by regulators like EU Notified Bodies and FDA (via QMSR effective February 2, 2026) for market access.

Does ISO 13485 require an external audit or third-party certification?

ISO 13485 certification involves external audits by accredited certification bodies, typically in two stages: Stage 1 (documentation review) and Stage 2 (implementation verification), followed by annual surveillance and triennial recertification. While the standard itself does not mandate certification, it is conducted by third-party bodies to provide formal conformity evidence. Internal audits (Clause 8.2.4) are required for self-assessment, but external certification demonstrates auditable QMS maturity to regulators and partners.

How often should an assessment for ISO 13485 be performed?

Internal audits for ISO 13485 must be conducted at planned intervals to determine QMS suitability, adequacy, and effectiveness (Clause 8.2.4). Management reviews occur at planned intervals (Clause 5.6), typically annually, incorporating audit results, complaints, CAPA, and regulatory changes. External surveillance audits follow certification, usually annually, with full recertification every three years. Frequency is risk-based, with higher-risk processes audited more often.

What are the consequences of non-compliance with ISO 13485?

Non-compliance with ISO 13485 risks certification denial/suspension, regulatory enforcement, product holds, recalls, fines, and market exclusion. Audits reveal gaps in documentation, validation, or CAPA, leading to major nonconformities; persistent issues trigger corrective actions or certification loss. Regulators like FDA may issue Form 483 observations, while EU Notified Bodies halt CE marking, amplifying supply chain disruptions and liability.

Can ISO 13485 be mapped to other international frameworks?

Yes, ISO 13485 Annex B provides a direct correspondence table mapping its requirements to ISO 9001:2015. It aligns structurally with ISO 9001's process approach but excludes certain elements, adding medical device-specific emphases like regulatory integration and validation. Organizations cannot claim ISO 9001 conformity solely from ISO 13485.

What is the first step to begin implementing ISO 13485?

The first step is to define the QMS scope, including processes, justifications for exclusions (e.g., Clause 7 for non-design activities), and applicable regulatory requirements (Clause 4.1). Document this in the quality manual, identify outsourced processes with written quality agreements, and conduct a gap analysis against Clauses 4–8 to prioritize remediation.

Standards Comparison

AS9100 vs ISO 13485

AS9100

Mandatory

2016

Aerospace quality management system extending ISO 9001

ISO 13485

Mandatory

2016

International standard for medical device quality management systems

Quick Verdict

AS9100 enhances ISO 9001 for aerospace with configuration management, product safety, and counterfeit prevention, ensuring supply chain integrity. ISO 13485 tailors QMS for medical devices, emphasizing design controls, validation, and post-market surveillance. Organizations adopt them for market access and risk mitigation in high-stakes sectors.

Quality Management

AS9100

AS9100D: Quality Management Systems for Aerospace

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Explicit configuration management ensures design integrity
Product safety requirements across full lifecycle
Counterfeit parts prevention with detection controls
Operational risk management embedded in processes
Stricter supplier selection and performance monitoring

Quality Management

ISO 13485

ISO 13485:2016 Medical devices Quality management systems

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Risk-based QMS for medical device lifecycle
Design development planning and validation controls
Supplier evaluation and outsourcing management
Post-market surveillance and complaint handling
Traceability records and continual improvement

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

AS9100 Details

What It Is

AS9100D (AS9100:2016) is a certification standard for quality management systems (QMS) in aviation, space, and defense. It extends ISO 9001:2015 with over 100 aerospace-specific requirements. Primary purpose: ensure product safety, configuration integrity, and supply chain reliability in high-risk sectors. Adopts Annex SL 10-clause structure with process-based, risk-based thinking approach.

Key Components

**Clause 8 additionsconfiguration management (8.1.2), product safety (8.1.3), counterfeit prevention (8.1.4), operational risks (8.1.1).
Enhanced supplier controls (8.4), human factors, traceability.
Built on ISO 9001 PDCA cycle.
Third-party certification via IAQG-accredited audits: Stage 1/2, annual surveillance, triennial recertification.

Why Organizations Use It

Contractual prerequisite for OEM suppliers.
Reduces defects, improves delivery, cuts costs.
Manages safety risks, builds stakeholder trust.
Enhances market access via OASIS database.

Implementation Overview

Phased: gap analysis, process design, training, internal audits, certification.
6-18 months typical; suits all sizes in ASD.
Cross-functional, evidence-driven audits required.

ISO 13485 Details

What It Is

ISO 13485:2016, titled "Medical devices — Quality management systems — Requirements for regulatory purposes," is a certifiable international standard for risk-based QMS in medical device lifecycles, from design to post-market surveillance, ensuring devices meet customer and regulatory requirements.

Key Components

Clauses 4–8: QMS/documentation, management responsibility, resources, product realization, measurement/improvement.
Requires documented procedures, medical device files, validation, traceability.
Integrates ISO 14971 risk management; process approach.
Third-party certification with audits.

Why Organizations Use It

Enables market access (EU MDR, FDA QMSR 2026).
Mitigates recalls, compliance risks.
Builds supplier trust, competitive edge.
Demonstrates regulatory maturity.

Implementation Overview

Phased: gap analysis, documentation, training, validation, internal audits.
Suits manufacturers/suppliers globally, all sizes.
Stage 1/2 certification audits, annual surveillance. (178 words)

Key Differences

Aspect	AS9100	ISO 13485
Scope	Aerospace QMS with configuration, safety, counterfeit controls	Medical device QMS with design, validation, post-market surveillance
Industry	Aviation, space, defense organizations globally	Medical device manufacturers, suppliers worldwide
Nature	Voluntary certification standard based on ISO 9001	Regulatory-purpose QMS standard for devices
Testing	Stage 1/2 audits, annual surveillance, recertification	Certification audits, internal audits, process validation
Penalties	Loss of certification, market access denial	Regulatory actions, recalls, market withdrawal

Scope

AS9100

Aerospace QMS with configuration, safety, counterfeit controls

ISO 13485

Medical device QMS with design, validation, post-market surveillance

Industry

AS9100

Aviation, space, defense organizations globally

ISO 13485

Medical device manufacturers, suppliers worldwide

Nature

AS9100

Voluntary certification standard based on ISO 9001

ISO 13485

Regulatory-purpose QMS standard for devices

Testing

AS9100

Stage 1/2 audits, annual surveillance, recertification

ISO 13485

Certification audits, internal audits, process validation

Penalties

AS9100

Loss of certification, market access denial

ISO 13485

Regulatory actions, recalls, market withdrawal

Frequently Asked Questions

Common questions about AS9100 and ISO 13485

AS9100 FAQ

ISO 13485 FAQ

You Might also be Interested in These Articles...

PDPA Cross-Border Transfer Rules Decoded: Singapore, Thailand, and Taiwan Mechanisms Compared with Practical Implementation Templates

Decode PDPA cross-border transfers for Singapore, Thailand, Taiwan. Statutory excerpts, approved mechanisms, SCC templates. Harmonize with GDPR, navigate exempt

Breaking Down NIST CSF 2.0 Structure: Core, Tiers, Profiles, and Real-World Application

Master NIST CSF 2.0 structure: Govern + 5 Core functions, Tiers (Partial-Adaptive), Profiles for gaps, and real-world apps. Build effective cyber risk strategie

Top 10 Reasons ISO 27701 is the Ultimate Privacy Boost for Your ISO 27001 ISMS in 2025

Extend ISO 27001 with ISO 27701 for ultimate privacy governance amid GDPR & AI regs. Discover top 10 advantages like integrated audits to future-proof your ISMS

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how AS9100 and ISO 13485 compare against other standards

Other AS9100 Comparisons

Other ISO 13485 Comparisons

Quick Verdict

What It Is

Key Components

**Clause 8 additionsconfiguration management (8.1.2), product safety (8.1.3), counterfeit prevention (8.1.4), operational risks (8.1.1).

Enhanced supplier controls (8.4), human factors, traceability.

Built on ISO 9001 PDCA cycle.

Third-party certification via IAQG-accredited audits: Stage 1/2, annual surveillance, triennial recertification.

What It Is

Aspect

AS9100

ISO 13485

Scope

Aerospace QMS with configuration, safety, counterfeit controls

Medical device QMS with design, validation, post-market surveillance

Industry

Aviation, space, defense organizations globally

Medical device manufacturers, suppliers worldwide

Nature

Voluntary certification standard based on ISO 9001

Regulatory-purpose QMS standard for devices

Testing

Stage 1/2 audits, annual surveillance, recertification

Certification audits, internal audits, process validation

Penalties

Loss of certification, market access denial

Regulatory actions, recalls, market withdrawal