AS9100D - Scope of QMS for New Company - Only Choosing a Function Subset Due to Management

[tmarinon]

All,

First time poster that couldn't find an answer that was close enough to my company's situation that I decided to post here. I'm also recently assigned to being in this quality role so I apologize if my questions seem basic.

My company is a small engineering consulting company that offers a range of services (typically design, analysis and test) for a variety of customers which include the aviation industry. Up until now we've been small enough that whenever we competed for jobs where the issuing company required an AS9100/ISO 9001 certificate we were able to say that we were not certified but it didn't apply to us because we weren't providing them any products, only services. This had generally worked until recently where a major customer told us that without getting this certificate we would no longer be able to bid on their work.

Management asked me to look into the cost-feasibility of getting certified - but they expressed a desire to start small on the scope of the certification by limiting our scope to a single function, "testing services". Although our company offers multiple functions - they expressed a desire to only be certified for one of them. An example of a testing service would be us performing a vibration test of an assembly to make sure it survives and acquiring data for them to use in their analysis or installing a strain gage sensor.

My question is if this (certifying to a subset of functions provided) is a valid strategy - and/or if this is short sighted. We are just starting the evaluation process - we don't have an auditor or really any kind of formal QMS. Any help on particularly the scope of the AS9100 accreditation , but implicitly also in the scope of the QMS would be very helpful.

 

[normzone]

Welcome to the ranks of those who were also once " recently assigned to being in this quality role ". You're in good company, and some experts will be along shortly to assist you with qualified opinions, witty banter and snide remarks.

Until they arrive, I will play the role of the "clueless outsider" recommended in Kaizen sessions, and ask "what other roles does the company play that the management is loath to admit to at this moment ?"

 

[tmarinon]

I think I would phrase it less as "loath to admit" and more as "want to keep the burden as light as possible for the moment". So other roles that bring us money are: providing design services, providing analysis services, providing software sales. And of course we also have accounting/purchasing, sales, IT and HR functions to support our company. Mgmt basically wants to use the "testing services" function as a trial balloon to see how difficult this process will be. I believe they would be open to adding in the other roles later on - but are wary of doing a company wide initiative at a single point in time due to cost and the amount of effort required.

 

[normzone]

I see no harm with using "testing services" as a stalking horse trial balloon. Your experience may vary depending on the auditor who assesses the organization's readiness for certification.

But done that way only your customers who purchase testing services will be pleased. Does the major customer leaning on you to become AS9100 only purchase testing services?

 

[tmarinon]

Correct - usually the customer gives us a specific Statement of Work for a testing service, but then the terms and conditions / quality supplier checklist is generic. So the intention would be that we would be upfront that our scope only covers testing services, and only state that we are certified to AS9100D when the contract we are proposing on only includes testing services.

 

[normzone]

Correct - usually the customer gives us a specific Statement of Work for a testing service, but then the terms and conditions / quality supplier checklist is generic. So the intention would be that we would be upfront that our scope only covers testing services, and only state that we are certified to AS9100D when the contract we are proposing on only includes testing services.

Well, I'm now bordering on giving counsel outside of my range of experience.

However, often it's almost as much work to bring the company in under a small umbrella as it is to just do the whole thing at one pass and be done with it. I qualify this statement with the disclaimer that I do not have full understanding of your processes for "providing design services, providing analysis services, providing software sales ".

(looks around nervously - where are the experts? did everybody take today off?)

 

[John Predmore]

I don't know that I am an expert, but I can tell you my story. I was hired by a small engineering consulting firm, fewer than 10 employees, with no manufacturing experience, with an aerospace customer who wanted them to manufacture a product the small firm developed. The big company allowed us to work towards AS9003, which is a old subset of AS9100 for testing and built-to-print firms, and we were "assessed to be compliant" by the customer's SQE. Most people will tell you AS9003 is obsolete, not consistent with the newer version of ISO9001, but that was a stepping stone which took us 3 months. I don't know whether the stepping stone option was right or not, but it did give us a halfway goal and some midterm sense of accomplishment, and AS9003 opened the door with the customer to place prototype orders. AS9100 was always our ultimate goal, and it was production records of prototypes which were audited as our manufacturing operations in the AS9100 audit.

The breakthrough for us was when I called AS9100 registrars for quotes. One man asked if we were working with a consultant. The registrar was less interested to work with a DIY outfit, but partnering with a consultant they trusted would give us credibility when we said we were ready. I told him it would have to be somebody comfortable working with a tiny firm with limited resources, and recognizing we had an atypical product and manufacturing process. The man had a consultant in mind. The consultant was very helpful, we built our QMS in record time using Excel spreadsheets and paper production records. After 4 months, about 20 days of the consultant on-site, we were ready for Stage 1 audit. We wouldn't have accomplished that rapid pace without this consultant's help, but he said we wouldn't have succeeded without a leadership who was committed, and a quality manager who knew what was needed and was willing to do the work.

To answer the OP's question, I would choose not to limit the scope, thinking it will be easy to expand later. Instead, we went forward with full scope, but understood that the QMS we assembled in 12 months was immature and needs considerable refinement. We have done quite a few improvement projects since our certification 3 months ago, on our own timetable and initiative, because we understand our QMS is not perfect or finished. I think it is easier to refine a system which is complete rather than build one piecemeal.

 

[Golfman25]

All,

First time poster that couldn't find an answer that was close enough to my company's situation that I decided to post here. I'm also recently assigned to being in this quality role so I apologize if my questions seem basic.

My company is a small engineering consulting company that offers a range of services (typically design, analysis and test) for a variety of customers which include the aviation industry. Up until now we've been small enough that whenever we competed for jobs where the issuing company required an AS9100/ISO 9001 certificate we were able to say that we were not certified but it didn't apply to us because we weren't providing them any products, only services. This had generally worked until recently where a major customer told us that without getting this certificate we would no longer be able to bid on their work.

Management asked me to look into the cost-feasibility of getting certified - but they expressed a desire to start small on the scope of the certification by limiting our scope to a single function, "testing services". Although our company offers multiple functions - they expressed a desire to only be certified for one of them. An example of a testing service would be us performing a vibration test of an assembly to make sure it survives and acquiring data for them to use in their analysis or installing a strain gage sensor.

My question is if this (certifying to a subset of functions provided) is a valid strategy - and/or if this is short sighted. We are just starting the evaluation process - we don't have an auditor or really any kind of formal QMS. Any help on particularly the scope of the AS9100 accreditation , but implicitly also in the scope of the QMS would be very helpful.

What services does the company that wants the cert. use? If they use the testing services, then that is a valid way to approach. If they use some other services, then a cert. to testing services will be useless. And I see no problem only applying to to a specific part of your business. However, I would try to keep as much consistent between service lines as possible. Eventually, you'll include the whole business scope.

 

[tmarinon]

All,

Thank you for the additional clarification.

1. We are beginning the process of finding a consultant to help us through this process - so we will certainly be running this approach by them. If they agree with the statements above then we may choose to do the entire business at one time. However out of an abundance of caution while we are still learning we are trying it piecemeal.

2. Agreed that we should try to keep consistency between our service lines. An example showing the similarities is that four all four core functions (design, analysis, test, software sales) start with a proposal process where we take the customer's requirements, our capabilities and other relevant information and create a unique proposal identifying how we will perform the service requested. So even though our scope would be intended to apply to just the testing function, alot of the work would hopefully be able to be transferred with minimal additional effort.

3. John - thank you for sharing your story. We are very similar - small firm, limited resources, atypical work product/service. And stepping stone is a good way to put how management would like to approach this effort. I think the concern in trying to go for a full scope (all services) is that we might overpromise in our QMS and then get hit with NC or fail our certification effort if we aren't doing what we promise. I'd say our current quality system is much more of a "you know what quality looks like so we trust you to do quality work". Between that and the fact that each project we support is a customized project - our documentation and document control is I think going to be a big challenge.

As mentioned above - I think getting a consultant to start working with us will help significantly. I just wanted to get a sense of whether this piecemeal approach is allowed (sounds like it is) and wise (arguments on both sides).

 

[Michael_M]

One thing I will add. The scope of your registration is recorded on the certification and that is the only scope the certification is good for.

This next part I am not 100% sure about; but I believe if the scope changes, you have to re-certify from the beginning. Adding or changing the scope could cost you more in the long run. Certifications are for 3 years, the first year does the 'initial' certification and for 11-15 employees will be a 3.0 day audit. For the next two years, you will perform a "annual surveillance" audit and for 11-15 employees will be 1.5 days each. Again, I am not absolutely positive on this, but changing your scope may require new 'initial' certification each time.