Understanding Risk Management Requirements according to AS9100

kmalysiak

Starting to get Involved
#1
Hello Aerospace experts,

I am just trying to understand the notion of risk management in AS9100 and its aplications. I carefully read the AS9100 + appropriate materials from SCMH manual but their generality just kills me.
In the AS9100C itself the risk phrase appears in:

1. review of risks connected to requirements related to product
2. special requirements treatment (those require risk management)
3. planning and managing product realization to meet requirements at acceptable risk

4. selection and supplier usage
5. Preventive actions (one type of which is risk management and following actions to mitigate risks)

So from my point of view, the sufficient approach to risk management would be:
Ad.1 design FMEA
Ad.2 both design FMEA and processs FMEA
Ad.3 process FMEA
Ad.4 Supplier assesment register + checklist when supplier changed
Ad.5 These would be primarily based on design and process FMEA output

Special requirements has to be covered by both design and process risk analysis as some of them can be managed at the level of design, and some of them on the level of process.

I would also add the disaster recovery plan / procedure to mitigate risks on a more general level.
And that basically would be it.

Plase advise me if my thinking is right...

Cheers,

Chris
 
Last edited:
Elsmar Forum Sponsor

dsanabria

Quite Involved in Discussions
#3
Hello Aerospace experts,

I am just trying to understand the notion of risk management in AS9100 and its aplications. I carefully read the AS9100 + appropriate materials from SCMH manual but their generality just kills me.
In the AS9100C itself the risk phrase appears in:

1. review of risks connected to requirements related to product
2. special requirements treatment (those require risk management)
3. planning and managing product realization to meet requirements at acceptable risk

4. selection and supplier usage
5. Preventive actions (one type of which is risk management and following actions to mitigate risks)

So from my point of view, the sufficient approach to risk management would be:
Ad.1 design FMEA
Ad.2 both design FMEA and processs FMEA
Ad.3 process FMEA
Ad.4 Supplier assesment register + checklist when supplier changed
Ad.5 These would be primarily based on design and process FMEA output

Special requirements has to be covered by both design and process risk analysis as some of them can be managed at the level of design, and some of them on the level of process.

I would also add the disaster recovery plan / procedure to mitigate risks on a more general level.
And that basically would be it.

Plase advise me if my thinking is right...

Cheers,

Chris


Why yes - you are on the right path however, not knowing the product and size of the company - you could also be going overboard with to many document, forms and procedures - remember - keep it simple and effective.

furthermore,

This is from the IAQG - Auditors Guidance Material.

7.1.2 Risk management

What to look for

Consideration by the organization of:
? maintaining risk management activities during all product life
? the project phases when risk analysis are performed and update
? the assurance that the risk analysis is updated whenever a new component or part or a new or changed process/sub-process or a new or changed supplier is introduced
? taking into account lessons learnt from risk management activities

Examples of objective evidence:
? objectives, input and output of the risk management process are identified
? risks identification include risks regarding human factors
? effectiveness and risk status are monitored
? risk management regarding product, suppliers, program, process is handled
? responsibility for all types of risks (financial industrial, suppliers, product, project, operators, ?) is assigned (where applicable, cross functions are involved)
? method used to quantify risk (e.g., FMEA methodology)
? risks and associated mitigation plan are communicated to appropriate level
? mitigation plan are reviewed periodically
? residual risk levels are assessed and reviewed / approved by management
? residual or major risks review is part of Management review
? where applicable, customer is informed about residual risks

NOTES:
? Risk management is appropriate to the organization and the product. The method should ensure the identification of all risks liable to disrupt the operational/industrial process and/or achievement of customer expectations
The concept of risk can be viewed from two perspectives:
? Risk management process can be applied at various levels in an organization (organization, project, process, product, etc.). It can be a stand alone process or integrated into key points of the organization?s realization processes
? Risk based decisions: once risks are identified (7.1.2.c) from various potential sources (customer, organization, statutory/regulatory, etc.) the risks need to be communicated to various departments or individuals within the organization. As this risk communication is received, an assessment of these risks should be performed to determine potential impacts

:2cents:
 

kmalysiak

Starting to get Involved
#4
Hello dsanabria,

thanks for the answer. We already have an ISO/TS 16949 system in place, so for current products all these documents (DFMEA, PFMEA, supplier assessments), exists and are alive. For the AS9100 we are planning to certify, I am trying to get as much from the currently existing system as possible.

I just wonder if the sufficient risk assessment / risk mitigation tool in case of ex. suppliers management would be the supplier evaluation list, that qualifies suppliers based on their performance, supplier audits etc.

Anyway, maybe that is just me, but I would really appreciate to have manuals for AS9100 at the same level of details, consistency and applicability as old QS manuals....

Best regards,
KM
 

Kronos147

Trusted Information Resource
#5
We already have an ISO/TS 16949 system in place, so for current products all these documents (DFMEA, PFMEA, supplier assessments), exists and are alive. For the AS9100 we are planning to certify, I am trying to get as much from the currently existing system as possible.
You sound like a highly competent quality resource for your company. I hope they know that.

Too many of 'us' try to re-invent the wheel as opposed to documenting current practices and enhancing where required.

Eric
 

kmalysiak

Starting to get Involved
#6
Hello Kronos147,

thanks for compliments :) Anyway, you are right about the wheel reinventions... There is some point of generality when standards become too vague, what to then contradicts the standarisation idea... But maybe that is just me....
 

kmalysiak

Starting to get Involved
#8
Correct, and some level of generality is always desired. I understand it for the ISO9001 as this system could be adopted by various organizations from bakery to nails producer, but AS9100 that refers to rather narrow sector of industry could be more specific. I am sure that I am not the only one aerospace noobie looking for something more definitive (and if not the standard itself, the SCMH manuals could be a more specific guide).

How in brief yours risk management looks like? Are you nadcap audited certified?


regards
Chris
 

Kronos147

Trusted Information Resource
#9
How in brief yours risk management looks like? Are you nadcap audited certified?
Chris,

I left one company and went to another this year.

The company I left was AS9100 and Nadcap. The company I'm with now has not pursued Nadcap.

The last company had a mature QMS that had it's roots in ISO9001 and progressed to AS9100 and then added Nadcap. I managed the AS9100 Rev. B to Rev. C transition (and I obtained the Nadcap Cert). For Risk Management, I basically did a nice little cross reference dance in the Quality Manual with (3.1) Risk, (3.2) Special Requirements, (3.3) Critical Items, and (3.4) Key Characteristics.

Manual Section 7.1 describes Project Management and Risk Management and how this stuff all relates with a graphic. It specified a procedure to be more specific. The procedure referenced forms used during Quote and Contract Review, that had some check boxes and empty comments section that covered the Risk Analysis.

It passed muster.

Now for the new employer, their system was less formalized. The QMS is about three years old. The manual stated Risk Analysis was done, and it was being done because there would be training.

It seems it never came up in an audit.

Many of the previous audits concentrated on more fundamental issues. I believe these issues have all been resolved. I eagerly anticipate our next audit next June to confirm that.

I had to revised the Manual when I was promoted to MR. The previous MR was specified by name.

In the new manual, we specify that the procedure will document how we do the process.

In the procedure, there is a table:
A) Planning of Product Realization:
WI-CRP-102 Customer Related Processes - Order Planning
F 0036 Quote Review Checklist
F 0058 Project Costing Worksheet
F 0037 Planning Stamp

B) Project Management:
Traveler

C) Risk Management (and Risk Mitigation):
WI-CRP-102 Customer Related Processes - Order Planning
F 0036 Quote Review Checklist

D) Special Requirements:
WI-CRP-102 Customer Related Processes - Order Planning
F 0036 Quote Review Checklist
Traveler

E) Configuration Management:
Sales Order
Customer Drawing
Traveler

F) Control of Work Transfers:
SOP-7.4 Control of Purchasing
WI-PUR-103 Purchasing - Receiving Purchase Orders
F 0025 Purchase Order General Terms and Conditions
F 0024 Approved Supplier List (ASL)


The table shows work instructions and forms used to manage the entire risk management structure.

We'll see what the CB says next June.

Eric
 

kmalysiak

Starting to get Involved
#10
Hello, Kronos147

thanks for elaborate answer. So it seems that the current quality management system you are working with now, resembles more my idea of how the risk management should be incorporated - spread across the procedures / processes and is based mostly on checklists, evaluation lists (supplier list, presumably production plan).

Just two more questions:
-are you 'built to print' or 'built to specification' plant?
-any specific methodology for risk assessment (like FMEA, FTA ?)

Thanks again for you time and support.
Best regards,
Chris
 
Thread starter Similar threads Forum Replies Date
M ISO 13485 training - Understanding of intent and implementation of risk management Training - Internal, External, Online and Distance Learning 1
P Understanding DFMEA and PFMEA - Supplier Related IATF 16949 - Automotive Quality Systems Standard 12
DuncanGibbons Understanding the applicability of Design of Experiments to the IQ OQ PQ qualification approach Reliability Analysis - Predictions, Testing and Standards 0
B Measuring and monitoring equipment - Understanding which procedures to be compliant with ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 6
M Informational Health Canada has launched an e-Learning tool to aid in understanding the premarket regulatory requirements for medical devices in Canada Medical Device and FDA Regulations and Standards News 0
S Understanding UDI requirements - Class 2 medical device (hearing aids) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
M Informational Understanding Costs And Risks For HFE Usability Studies — Part 1: Testing In-House Medical Device and FDA Regulations and Standards News 0
P Understanding FDA draft "Management of Cybersecurity in Medical Devices" Medical Information Technology, Medical Software and Health Informatics 3
J Properly understanding SPC - Newbie SPC questions Statistical Analysis Tools, Techniques and SPC 29
S Understanding control chart and measurement capability Statistical Analysis Tools, Techniques and SPC 2
P Minitab Data Analysis - Understanding if a Process is in Control or Not Using Minitab Software 2
R Understanding a few points on ISO 9001's Design and Development Planning ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Z Understanding Cycle Time - Why the time of the other activities are left out Lean in Manufacturing and Service Industries 11
J Understanding ISO 9001:2015 - 10.3 Continual Improvement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
J Understanding ISO9001:2015 - 8.3: Design and Development of Products and Services ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
E Root Cause Analysis - Is Insufficient Understanding an acceptable Root Cause? General Auditing Discussions 9
E Understanding of TS 16949 Clause 7.6.2 IATF 16949 - Automotive Quality Systems Standard 5
K Understanding IEC 60601-2-68 requirements ISO 13485:2016 - Medical Device Quality Management Systems 1
A Training material for interpretation & understanding Part 11 requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
N Understanding the absolute uncertainty specification for a Fluke 5500A Measurement Uncertainty (MU) 3
N Understanding, Challenging & Approving Supplier Control Plans FMEA and Control Plans 7
M Definition Recommendations - Understanding "recommendations" and "recommended corrective action" Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 8
S Understanding UDI (Unique Device Identification) Other US Medical Device Regulations 10
T Understanding USP <1112> Water Activity as applicable to Medical Devices Other Medical Device and Orthopedic Related Topics 4
S MIL-HDBK-217 - Understanding the various Environmental Conditions Reliability Analysis - Predictions, Testing and Standards 1
D What is your understanding or interpretation of TS16949 7.4.1.2 IATF 16949 - Automotive Quality Systems Standard 6
C Understanding the relationship between 62304 and the MDD ER IEC 62304 - Medical Device Software Life Cycle Processes 7
S Understanding Subgroup Size - Multi Cavity (Minitab) Statistical Analysis Tools, Techniques and SPC 4
R Understanding clause 15.4.2.1 d) of amendment 1:2012? IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
M Understanding accreditation, MoUs, certifications Other ISO and International Standards and European Regulations 28
L Mobile Medical App - Understanding 21 CFR Part 820 Requirements 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 3
D Understanding and implementing ISO 17025 ISO 17025 related Discussions 9
M Understanding Versions of Collateral and Particular Standards IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
S Understanding, Analysis and Monitoring Quality Defects on Composite Components Statistical Analysis Tools, Techniques and SPC 3
S Understanding PMS (Post Market Surveillance) and PMCF (Vigilance and PMCF) Quality Manager and Management Related Issues 1
B Understanding why my CpK and PpK are low, and LCL Statistical Analysis Tools, Techniques and SPC 20
S Understanding Quality Objectives, Metrics and KPI ISO 13485:2016 - Medical Device Quality Management Systems 15
Q Beginner's Understanding - The Purpose and Applications of QMS/ISO Standards Philosophy, Gurus, Innovation and Evolution 12
Q Understanding Configuration Management AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 16
W Understanding PPAP Appearance Approval APQP and PPAP 22
V Understanding Automotive Coating for Seating Mechanism Components Manufacturing and Related Processes 1
M Understanding of Regression and ANOVA in Minitab Statistical Analysis Tools, Techniques and SPC 8
4 Understanding ILAC policy P14:12/2010 6.3 part a) General Measurement Device and Calibration Topics 28
H Understanding 8.2.3 M&M of Processes for our Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
P Understanding ISO 26262 Road Vehicle Functional Safety Other ISO and International Standards and European Regulations 2
arios Understanding adoption of a product to an existing Sterilization Cycle Other US Medical Device Regulations 1
M Learning ISO 13485 - Getting a better understanding of the requirements ISO 13485:2016 - Medical Device Quality Management Systems 6
S Understanding FDA rules regarding MDDS Status and Clinical Trials 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
G Understanding Identification of Design in QSR 21 CRF Part 820.30 Design Control (f) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Q Understanding the general Philosophy with Complaints and CAPAs ISO 13485:2016 - Medical Device Quality Management Systems 7
Similar threads


















































Top Bottom