ISO 27001 is an international standard that describes how to manage information security in an organization. It specifies the requirements for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS).

ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements was first published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

In today’s globalized world, organizations are relying more and more on electronic media to keep records and data of sensitive information. In order to protect this information, organizations have the need to implement an ISMS. ISO 27001 offers a set of specifications that describe the features of an effective ISMS. This standard has a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes, and information technology (IT) systems and its main objectives are:

• Confidentiality, which ensures the availability of information only to those who are authorized to access,
• Integrity, which protects the accuracy and completeness of information and processing methods, and
• Availability, which ensures that authorized users have access to information and associated assets when required.

ISO 27001 is suitable for organizations of all sizes and sectors, anywhere in the world. Any organization that wants to protect their information from threats and to comply with a range of regulatory and statutory requirements related to information protection can implement this standard. Organizations that comply with this standard can:

• Establish a clear and structured methodology for security management.
• Reduce risk of loss, theft or corruption of information.
• Continually review the risks and its controls.
• Increase customers and strategic partner’s confidence.
• Ensure continuity of business operations required after serious incidents.
• Comply with legislation relative personal information, intellectual property and others.
• Improve their image.
• Reduce costs and improve processes and service.
• Integrate the ISMS with other management standards such as ISO 9001 and ISO 14001.

The ISO 27000 family of standards offers a set of specifications, codes of conduct, and best practice guidelines on designing, implementing, auditing, and certifying information security management systems. The ISMS can protect the confidentiality, integrity, and availability of the information. Of primary interest to information security are ISO 27001, ISO 27002 and ISO 27005. Of all the ISO 27000 family of standards, ISO 27001 is the only one that organizations can receive certification for as it offers the specification of an effective information security management system; however, this standard is not a guide. For guidance, organizations should use other standards of the ISO 27000 series.

Good Manufacturing Practices (GMP) is a system of processes, procedures, and documentation that help ensure that products are consistently produced and controlled according to quality standards. These practices are required in order to conform to guidelines and regulations recommended by agencies that control authorization and licensing for the manufacture and sale of food, drug products, and active pharmaceutical products.

GMP have not always been the standard for the food and drug industry; back in the early 1900s little care was taken in the production and process of safe and quality products. Many tragedies occurred that led to increasingly stringent regulation and today GMP is law in many countries, including the US. These GMP guidelines and regulations require that manufacturers, processors, and packagers of drugs, medical devices, and food take proactive steps to ensure that their products are safe, pure, and effective. GMP guidelines and regulations address many issues that can influence the safety and quality of a product. Some of these are:

• Hygiene: Facilities must maintain a clean and hygienic manufacturing area.
• Controlled environmental conditions in order to prevent contamination and cross contamination.
• Manufacturing processes are clearly defined and controlled.
• Instructions and procedures are clear and unambiguous.
• Operators are trained to carry out and document procedures.
• Records are made either manually or by instruments during manufacture that demonstrate compliance with these guidelines and regulations.
• Records of manufacture (including distribution) enable the complete history of a batch to be traced are retained in a comprehensible and accessible form.
• The distribution of the products minimizes any risk to their quality.
• A system is available for recalling any batch of the product from sale or supply.
• Complaints are examined and investigated, and appropriate measures are taken with respect to the defective products and to prevent recurrence.

GMP applies to organizations that manufacture and process drugs, cosmetics, medical products, and food. Most GMP requirements are very general and open-ended, allowing each manufacturer to decide individually how to best implement the necessary controls.

Organizations that meet GMP or cGMP (current Good Manufacturing Practices) will not only comply with the legislation, but also will commit to a program which will substantially increase the quality of their product and increase revenues and customer satisfaction. Some other benefits of implementing GMP are:

• They outline a quality system that reduces or prevents errors.
• They ensure products are safe.
• They prevent and control contamination and cross-contamination.
• They prevent mislabeling and adulteration.
• They provide a better understanding and comply with the relevant laws and regulations.
• They enhance the international credibility and public image.

Many countries have legislated that food, pharmaceutical, and medical device manufacturers must follow GMP procedures. The regulated procedures focus on safety, honesty (eg. labeling), effectiveness, and reliability. Each country creates their own GMP guidelines that correspond with their own legislation. GMP certification is granted to manufacturing or service systems of organizations to certify that they engage with good manufacturing practices in their manufacturing or service processes, according to a Standard Code of Practice related to their business.

AS9110 is a standard that defines the requirements for a quality management system (QMS) for organizations whose primary business is providing maintenance repair, and overhaul services (MRO’s) in the aircraft industry.

The AS9110 standard was published in January 2003 after the airspace industry realized that the requirements for establishing an efficient QMS in MRO organizations were different from those of the original equipment manufacturers (OEM). This standard, formally titled AS9110 Quality Maintenance Systems – Aerospace – Requirements for Maintenance Organizations, was developed by the International Aerospace Quality Group (IAQG) through SAE International. The AS9110 standard is based on AS9100 and adds specific requirements that are critical for the MRO of commercial, private, and military aircrafts.

Aviation safety is crucial. Every day millions of people fly around the world and expect to reach their destination in a safe manner. In order to do this, airlines rely on a vast, global, and ever-growing network of repair stations to keep their fleets operating safely and cost-effectively. Most airspace products are designed to work for 50 years and more, so proper maintenance is crucial for the safety of the operation.

In the MRO industry, there are still many organizations that rely on inspection and test for their quality controls. This approach aims at reacting to nonconformities rather than preventing them. AS9110 provides a framework for organizations to leave this reactive approach behind and establish an effective QMS. Some of the areas of emphasis in the AS9110 standard include:

• Detecting and preventing counterfeit and suspect unapproved parts
• Human factors (recognizing human factors that affect workers)
• Safety management systems
• Technical data
• Project management and risk management

The prime candidates to seek certification to the AS9110 standard are FAA 145 certified repair stations. Those seeking Parts Manufacturing Approval (PMA) from the FAA to manufacture aircraft parts and components are also likely to seek AS9110 certification. However, AS9110 applies for any MRO organization in the aircraft industry that wishes to adopt a comprehensive quality system focused on areas directly impacting product safety and reliability.

Organizations that successfully establish and implement AS9110 can benefit from a solid quality management system that will boost their performance by:

• Providing access to the best practices of the aerospace industry
• Identifying and maintaining authority requirements
• Meeting or exceeding customer requirements through a system of continual improvement
• Ensures the airworthiness, integrity, and safety of the products that are brought back into service

Those organizations who decide to be certified in AS9110 will be listed in the Online Aerospace Supplier Information System (OASIS), the international database which publishes all aerospace quality certifications, which are required by many OEMs. This will undoubtedly expand any organization’s market and elevate their QMS to the global standard adopted by the aerospace industry.

AS9100 is an international standard containing requirements for establishing and maintaining a quality management system for the aerospace industry. Its official name is AS9100 Quality Management Systems – Requirements for Aviation, Space and Defense Organizations and it is intended to be used by organizations that design, develop, and produce aviation, space, and defense products and can be applied throughout the supply chain.

This standard was published in October 1999 by the Society of Automotive Engineers and the European Association of Aerospace Industries. Its aim was to fulfill the need of a quality management system model that satisfies internal, government, and regulatory requirements applicable to the aerospace industry; something that ISO 9001 was never designed to do. AS9100 incorporates all the requirements of ISO 9001, in addition to unique quality and reliability needs of the aerospace industry.

The aerospace industry has high standards of customer satisfaction and strict laws imposed by regulatory authorities, therefore, the industry needs to produce and continuously improve products that meet these requirements. Unlike other quality management standards, which focus primarily on the final product, AS9100 focuses more on how the products are made. This standard establishes the elements that a quality management system must have in order for companies to consistently provide safe, quality products that are delivered on time.

AS9100 was reviewed in 2016 to produce AS9100D. AS9100D was developed with the support of the International Aerospace Quality Group (IAQG) and includes the following revisions:

• Changes made to ISO 9001:2015 requirements
• Consideration of Aviation, Space and Defense stakeholders’ needs identified since the last revision
• Clarifications to 9100 series requests issued by IAQG since the last revision

Any organization in the aerospace industry can adopt AS9100D. The design and implementation of this standard will be influenced by the size and organizational structure of the company, its needs, its particular objectives, processes and the products it provides. An organization that decides to establish and implement AS9100D will benefit by:

• Having a better performance of internal operations
• Improving their quality image
• Decreasing costs
• Gaining a competitive advantage and benefit from the improved processes and its continuous improvement
• Assuring customers that they produce, and continually improve, safe, reliable products on time
• Being listed in the Online Aerospace Supplier Information System (OASIS)

While primarily developed for the aviation, space and defense industry, this standard can also be used in other industry sectors where a quality management system with additional requirements over an ISO 9001 system is needed. Unlike many ISO standards, where compliance with them is voluntary, AS9100 compliance and/or registration is a must for many aerospace suppliers, as most major manufacturers and suppliers worldwide require AS9100 compliance for anyone doing business with them. This standard has been published around the world as EN 9100 in Europe and SJAC 9100 in the Far East.

Related Articles About AS9100

• AS9100 & The Importance of Oasis
• 5 Common Myths about AS9100
• NADCAP Special Processes

AS9120 is a standard that specifies the requirements for a quality management system (QMS) for stockist distributors in the aerospace industry. This standard addresses chain of custody, traceability, control, and availability of records.

AS9120 – Quality Management Systems – Aerospace Requirements for Stockist Distributors – was developed for stockist or pass-through distributors of aerospace commodity items. This standard is part of the AS9100 series and it includes all of the ISO 9001 requirements, plus specific requirements related to aerospace distributors.

Distributors of aerospace commodity items directly impact the performance of these items if they are mishandled or traceability is lost between the original equipment manufacturer (OEM) and final customer. AS9120 has been developed to help distributors minimize the occurrence of anything that could negatively affect the performance of their commodities. AS9120 also provides suppliers with a comprehensive quality system focused on areas directly impacting product safety and reliability including:

• Splitting: Specific requirements for batch splitting and lot splitting, and how conformance to specification is maintained.
• Airworthiness certificates: Defines the documents issued by cognizant civil aviation authorities that certify that parts meet the required airworthiness requirements.
• Control of records: Record requirements differ significantly for distributors of aerospace product.  AS9120 defines those requirements.
• Traceability: Defines specific requirements for traceability from receipt until delivery.
• Evidence of Conformance: Specific documents are required by distributors as evidence of conformance.

Who will benefit from AS9120?

This certification is intended for organizations that procure parts, materials, and assemblies, and sell these products to a customer in the Aerospace industry. This includes organizations that procure products and split them into smaller quantities. This standard is not intended for organizations that rework or repair products.

For distributors, the AS9120 standard flows down the manufacturer’s AS9100 requirements for inventory control, lot tracing, and vendor management, ensuring manufacturers have consistency throughout their supply chain. By aligning to AS9120, an organization can establish and continuously improve an effective quality system that will enable them to consistently meet customer expectations. Organizations that comply with AS9120 will gain a competitive advantage by:

• Identifying opportunities for operational improvements and cost reduction;
• Improved audit and surveillance efficiency;
• Reduced number of customer audits required, and a corresponding reduction in needed resources;
• Enhanced supplier performance due to higher quality, waste reduction, and a customer satisfaction focus; and
• Streamlined documentation.

Privacy Policy

Our Commitment To Privacy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.

The Information We Collect

This notice applies to all information collected or submitted on this website. On some pages, you may be able to order products, make requests, and register to receive materials. The types of personal information collected at these pages are:

Name

Address

Email address

Phone number

The Way We Use Information

We use the information you provide about yourself when placing an order only to complete that order. We do not share this information with outside parties except to the extent necessary to complete that order.

We use the information you provide about someone else when placing an order only to ship the product and to confirm delivery. We do not share this information with outside parties except to the extent necessary to complete that order.

We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

You can register with our website if you would like to receive our catalog as well as updates on our new products and services. Information you submit on our website will not be used for this purpose unless you fill out the registration form.

We use non-identifying and aggregate information to better design our website and to share with advertisers. For example, we may tell an advertiser that X number of individuals visited a certain area on our website, or that Y number of men and Z number of women filled out our registration form, but we would not disclose anything that could be used to identify those individuals.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.

Our Commitment To Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

How You Can Access Or Correct Your Information

You can access all your personally identifiable information that we collect online and maintain by contacting us directly. We use this procedure to better safeguard your information. You can correct factual errors in your personally identifiable information by sending us a request that credibly shows error. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.

How to Contact Us

More information on how to contact us is available on our Contact Us page.