EN 9101:2023

SLOVENSKI STANDARD
01-januar-2024
Aeronavtika - Sistemi vodenja kakovosti - Zahteve za presojo sistemov vodenja
kakovosti organizacij zračnega prometa, vesoljskih poletov in obrambe
Aerospace series - Quality management systems - Requirements for conducting audits
of aviation, space, and defence quality management Systems
Qualitätsmanagementsysteme - Luft- und Raumfahrt - Anforderungen an die
Durchführung von Audits von Qualitätsmanagementsystemen in Luftfahrt, Raumfahrt
und Verteidigung
Série aérospatiale - Systèmes de management de la qualité - Exigences pour la
conduite d’audits des systèmes de management de la qualité dans l’aéronautique,
l’espace et la défense
Ta slovenski standard je istoveten z: EN 9101:2023
ICS:
03.100.70 Sistemi vodenja Management systems
03.120.10 Vodenje in zagotavljanje Quality management and
kakovosti quality assurance
49.020 Letala in vesoljska vozila na Aircraft and space vehicles in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN 9101
EUROPEAN STANDARD
NORME EUROPÉENNE
November 2023
EUROPÄISCHE NORM
ICS 03.100.70; 03.120.10; 03.120.20; 49.020 Supersedes EN 9101:2018
English Version
Aerospace series - Quality management systems -
Requirements for conducting audits of aviation, space, and
defence quality management Systems
Série aérospatiale - Systèmes de management de la Qualitätsmanagementsysteme - Luft- und Raumfahrt -
qualité - Exigences pour la conduite d'audits des Anforderungen an die Durchführung von Audits von
systèmes de management de la qualité dans Qualitätsmanagementsystemen in Luftfahrt, Raumfahrt
l'aéronautique, l'espace et la défense und Verteidigung
This European Standard was approved by CEN on 7 August 2023.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2023 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 9101:2023 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
0. Introduction . 4
1 Scope . 6
1.1 General. 6
1.2 Application . 6
2 Normative references . 6
3 Terms and definitions . 7
4 Auditing and reporting . 8
4.1 General. 8
4.2 Audit program . 9
4.3 Audit reporting . 9
5 Common audit activities . 11
5.1 General. 11
5.2 Audit planning. 11
5.3 Conducting audits . 13
5.4 Audit report . 17
5.5 Nonconformity management . 17
6 Audit phase specific requirements . 19
6.1 General. 19
6.2 Pre-audit activities (initial audit) . 19
6.3 Stage 1 audit . 20
6.4 Stage 2 audit . 22
6.5 Surveillance audit . 22
6.6 Recertification audit . 23
6.7 Special audit . 23
Annex A (informative) Acronym log . 24
Annex B (informative) Forms . 25
Bibliography . 30
Tables
Table 1 — Audit reporting requirements . 10
Table 2 — Special audit reporting requirements . 11
Table 3 — Relationship between common activities and audit phases . 12
Table 4 — Process evaluation matrix . 16
Table 5 — Nonconformity report management time frames . 18

European foreword
This document (EN 9101:2023) has been prepared by the Aerospace and Defence Industries
Association of Europe — Standardization (ASD-STAN).
After enquiries and votes carried out in accordance with the rules of this Association, this
document has received the approval of the National Associations and the Official Services of the
member countries of ASD-STAN, prior to its presentation to CEN.
This document shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by May 2024, and conflicting national standards shall be
withdrawn at the latest by May 2024.
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN 9101:2018.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this document: Austria, Belgium, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Türkiye and the United Kingdom.
0 Introduction
0.1 General
This document has been revised to align with the latest revision of the International Aerospace Quality
Group (IAQG) 9104-1 standard, incorporating inputs received from interested parties, standard
clarifications, and Other Party Management Team (OPMT) resolutions.
Industry established the IAQG, with representatives from Aviation, Space, and Defence (ASD)
companies in the Americas, Asia/Pacific, and Europe, to implement initiatives that make significant
improvements in quality and reductions in cost throughout the value stream.
This document has been prepared by the IAQG and standardizes the requirements for conducting audits
of ASD Quality Management Systems (QMS). It can be used at all levels of the supply chain by
organizations around the world.
This document supplements the existing International Organization for Standardization
(ISO)/International Electrotechnical Commission (IEC) 17021-1 conformity assessment standard and
provides requirements for an audit and reporting process, based on the:
a) process and continual improvement approach defined in EN 9100-series standards;
b) specific ASD additions in EN 9100-series standards;
c) use of common audit tools; and
d) uniform, transparent, and standardized reporting of audit results.
In this document, the following terms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates a permission;
— “can” indicates a possibility or capability; and
— “days” are calendar days.
Words “example” or “e.g.” indicate suggestions given for guidance, and information marked “NOTE” is
for guidance in understanding or clarifying the associated requirement .
Auditing is a basic tool to assess effective implementation of and conformity to QMS requirements.
In addition to assessing conformity, this document focuses on the evaluation of effectiveness
(see ISO 9000:2015, 3.7.11) of the QMS and its associated processes.
An organization is not only required to be in conformity with QMS requirements, but to be effective in
meeting customer expectations and delivering products and services that meet those expectations.

Notes to entry used in definitions, however, are considered normative and will provide additional information
that supplements the terminological data such as statements, instructions, recommendations or requirements
relating to the use of a term.
0.2 Auditing approach
This document supports the engagement and evaluation of an organization's QMS process approach, as
required by the EN 9100-series standards. When evaluating an organization's QMS, there are basic
questions that should be asked of every process, for example:
a) Is the process appropriately determined?
b) Are responsibilities assigned?
c) Are the processes adequately implemented and maintained?
d) Is the process effective in achieving the desired results?
The collective answers to these and other associated questions will contribute to the evaluation results.
In addition, product and service quality (as delivered), customer satisfaction, and QMS effectiveness can
be considered as interrelated. This relationship should be reflected in the audit process and associated
results.
0.3 Audit documented information
This document defines the documented information to be generated, during the audit process.
The documented information is critical in providing the organization and its customers with objective
evidence on the conformity and effectiveness of the QMS (including process effectiveness) and
reporting the audit results in a standard format/structure.
1 Scope
1.1 General
This document defines requirements for the preparation and execution of the audit process. In addition,
it defines the content and composition for the audit reporting of conformity and process effectiveness to
the EN 9100-series standards, the organization’s QMS documentation, and customer and
statutory/regulatory requirements.
The requirements in this document are additions or represent changes to the requirements and
guidelines in the standards for conformity assessment, auditing, and certification as published by
ISO/IEC (i.e. ISO/IEC 17000:2020, ISO/IEC 17021-1). When there is conflict with these standards, the
requirements of this document take precedence.
NOTE 1 In this document, the term “EN 9100-series standards” comprises the EN 9100, EN 9110, and EN 9120
standards, developed by the IAQG and published by various national standards bodies.
NOTE 2 In addition to this document, the IAQG publishes deployment support material on the IAQG
website (see http://www.iaqg.org) that can be used by audit teams, when executing the audit process.
1.2 Application
This document is intended to be used for audits of EN 9100-series standards by Certification
Bodies (CBs) for certification of organizations, under the auspices of the ASD industry certification
scheme [also known as the Industry Controlled Other Party (ICOP) scheme]. The ICOP scheme
requirements are defined in the EN 9104-series standards (i.e. EN 9104-1, EN 9104-2, EN 9104-3).
NOTE Relevant parts of this document can also be used by an organization in support of internal
st nd
audits (1 party) and external audits at suppliers (2 party).
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
EN 9100:2018, Quality management systems — Requirements for aviation, space and defence
organizations
EN 9110:2018, Quality management systems — Requirements for aviation maintenance organizations
2, 3,
EN 9104-1:2022, Aerospace series — Quality management systems — Part 1: Requirements for
certification of aviation, space and defence
ISO 9000:2015, Quality management systems — Fundamentals and vocabulary
ISO/IEC 17000:2020, Conformity assessment — Vocabulary and general principles

As developed under the auspice of the IAQG and published by various standards bodies [e.g., AeroSpace and
Defence Industries Association of Europe – Standardization (ASD-STAN), SAE International, European Committee
for Standardization (CEN), Japanese Standards Association (JSA)/Society of Japanese Aerospace Companies
(SJAC), Brazilian Association for Technical Norms (ABNT)].
Published as ASD-STAN Standard at the date of publication of this document by AeroSpace and Defence
industries Association of Europe — Standardization (ASD-STAN), https://www.asd-stan.org/.
ISO/IEC 17021-1:2015, Conformity assessment — Requirements for bodies providing audit and
certification of management systems — Part 1: Requirements
IAQG Procedure 105.6, IAQG Forms Management
3 Terms and definitions
For the purposes of this document, the terms and definitions in ISO 9000:2015, ISO/IEC 17000:2020,
4 5
EN 9100-series, EN 9104-series, IAQG International Dictionary and the following apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp/
— IEC Electropedia: available at https://www.electropedia.org/
3.1
containment
action to control and mitigate the impact of a nonconformity to protect the customer, organization, or
product (i.e., stop the problem from getting worse); includes immediate action, immediate
communication, and verification to ensure that the nonconforming situation does not further degrade
3.2
key performance indicator
KPI
measures associated with goals or targets showing how well an organization is achieving its objectives
or critical success factors; used to objectively define a quantifiable and measurable indication of
performance
3.3
major nonconformity
nonconformity that affects the capability of the management system to achieve the intended results
Note 1 to entry: Nonconformities could be classified as major in the following circumstances:
— if there is a significant doubt that effective process control is in place, or that products or services will meet
specified requirements;
— a number of minor nonconformities associated with the same requirement or issue could demonstrate a
systemic failure and thus constitute a major nonconformity.
Note 2 to entry: In addition, a major nonconformity can be one or more of the following situations:
— a nonconformity where the effect is judged to be detrimental to the integrity or safe use of the product or service;
— the absence of or total breakdown of a system to meet a EN 9100-series standard requirement, a customer
QMS requirement, or documented information defined by the organization;
— any nonconformity that can result in the probable delivery of nonconforming product or service;
— a condition that can result in the failure or reduce the usability of the product or service for its
intended purpose.
[SOURCE: ISO/IEC 17021-1:2015, 3.12, modified — Note 2 to entry has been added]

Located on the IAQG website: https://iaqg.org/tools/dictionary/.
An acronym log for this document is presented in Annex A.
3.4
minor nonconformity
nonconformity that does not affect the capability of the management system to achieve the intended
results
Note 1 to entry: In addition, a minor nonconformity can be a single system failure or lapse in conformity to meet a
EN 9100-series standard requirement, customer QMS requirement, or documented information defined by the
organization.
[SOURCE: ISO/IEC 17021-1:2015, 3.13, modified — Note 1 to entry has been added]
3.5
nonconformity report
NCR
document that provides details of the nonconformity, organization’s planned actions, and auditor
verification/closure
Note 1 to entry: See Form 4.
3.6
planned activity
criteria and methods by which the organization plans to achieve the intended results of, and conformity
to, a given process to meet requirements
3.7
planned result
intended performance of a process as determined and measured by the organization
Note 1 to entry: Performance measures include product/service conformity and On-time Delivery (OTD) and may
include other measures related to the process defined by the organization.
3.8
process effectiveness assessment report
PEAR
document that provides details of a given process, process results, process realization, and the level of
process effectiveness
Note 1 to entry: See Form 3.
3.9
repeat nonconformity
trend of identical nonconformities reported against the same requirement, indicating that previous
corrective action attempt(s) failed to prevent recurrence of the nonconforming situation
4 Auditing and reporting
4.1 General
4.1.1 The audit and reporting process established to assess conformity, including the determination
of QMS effectiveness to the EN 9100-series standards, shall meet the requirements of ISO/IEC 17021-1,
as stated in each relevant clause of this standard.
4.1.2 For Integrated Management System (IMS) audits, the requirements of EN 9104-1:2022,
8.5.2 apply.
4.1.3 The audit program and associated activities (see 4.2) shall be followed when auditing and
certifying organizations to EN 9100-series standards in the ASD industry.
4.1.4 The audit process requirements consist of three main parts:
a) the phases of the audit process (see 4.2.1);
b) the common audit activities (see Clause 5) used to support each audit phase;
c) the specific requirements for each audit phase (see Clause 6).
4.2 Audit program
4.2.1 The audit program consists of the following phases:
a) pre-audit activities (see 6.2);
b) stage 1 audit (see 6.3);
c) stage 2 audit (see 6.4);
d) surveillance audit (see 6.5);
e) recertification audit (see 6.6).
4.2.2 Pre-audit activities and stage 1/stage 2 audits are applicable for initial certification. A stage 1
audit can also be utilized for recertification audits and during CB transfer.
NOTE 1 Although ‘Special Audit’ is not listed as a part of the audit program, it can be applicable after initial
certification, when directed by special request. The requirements for special audits are defined in 6.7.
NOTE 2 The requirements for certification are defined by the EN 9104-1 standard.
4.3 Audit reporting
4.3.1 Audit reporting requirements are defined in Table 1.

Table 1 — Audit reporting requirements
Audit phase
Audit report(s)
Stage 1 Stage 2 Surveillance Recertification Special
(see 6.3) (see 6.4) (see 6.5) (see 6.6) (see 6.7)
Stage 1 audit report
Required —
(see Form 1)
QMS process matrix report
(see Form 2)
Required; per site or combined, as
See 4.3.2
Process effectiveness
appropriate (see 4.3.3)
assessment report (PEAR)
(see Form 3)
—
Nonconformity report (NCR)
Required (as applicable)
(see Form 4)
Audit report
Required
(see Form 5)
4.3.2 A QMS process matrix report (see Form 2) and PEAR (see Form 3) shall be issued dependent
upon the reason for the special audit, as defined in Table 2.
4.3.3 Recording of process information may be combined into a single PEAR and QMS process matrix
report for multi-site organizations, provided that the process is common across the sites. Information
recorded shall reflect each site included in the PEAR and QMS process matrix report. The process
effectiveness level shall reflect the lowest single value of the various sites assessed.
4.3.4 All audit reporting, defined within this standard, shall be managed electronically within the
online aerospace supplier information system (OASIS) database, including the audit reports defined in
Table 1.
NOTE In accordance with IAQG Procedure 105.6, representations of the EN 9101 forms are presented in
Annex B for reference only. These forms and supporting instructions are accessible via the IAQG website.

Table 2 — Special audit reporting requirements
QMS process matrix Process effectiveness
Reason for special audit report assessment report (PEAR)
(see Form 2) (see Form 3)
Transferring certification from one CB
to another
Reducing an organization’s certification
scope, or number of sites and/or
locations Not required
Verification of evidence to support
application of performance-based
surveillance/recertification process
(PBS/RP)
Change to an organization’s certification
structure
Investigate a complaint or serious issue
Required, if special audit
activity is conducted against
Follow up from an organization’s
Required
EN 9100-series standards
suspension
Clause 8
Expanding an organization’s
certification scope, or number of sites
and/or locations
5 Common audit activities
5.1 General
5.1.1 Common audit activities shall be undertaken for each phase of the audit program as defined in
Table 3.
5.1.2 Stage 1, stage 2, surveillance, and recertification audit activities shall be described in the audit
program established during the ‘pre-audit activities’ phase (see 6.2).
5.2 Audit planning
5.2.1 The requirements of ISO/IEC 17021-1:2015, 9.2 shall apply.
5.2.2 Audit teams shall plan audits in accordance with EN 9104-1:2022, 8.5.5.
5.2.3 Process names shall be consistent in the audit plan, QMS process matrix report (see Form 2),
and PEAR (see Form 3) and shall correspond to the process names defined by the organization.
5.2.4 The audit team leader shall use the organization’s customer feedback requests, including those
received through the OASIS database (see EN 9104-1:2022, 8.5.12), to assist with audit planning for
surveillance and recertification audits, and special audits (when appropriate).
Table 3 — Relationship between common activities and audit phases
Audit phase
Common activity
Pre-audit
Stage 1 Stage 2 Surveillance Recertification Special
activities
(see 6.3) (see 6.4) (see 6.5) (see 6.6) (see 6.7)
(see 6.2)
Audit planning
X X X X X X
(see 5.2)
Conducting audits
— X X X X X
(see 5.3)
Audit reporting
— X X X X X
(see 5.4)
Nonconformity
management — — X X X X
(see 5.5)
5.2.5 Audit activities shall be prioritized based upon performance data for business risks that could
impact the customer and on processes that are not achieving planned results.
5.2.6 Audit planning shall take into account, as appropriate to the relevant audit phase:
a) organization certification analysis process (OCAP) data (see EN 9104-1:2022, 8.5.1);
b) risks identified in the risk analysis process (see EN 9104-1:2022, 8.5.1.5 and 8.5.5.6);
c) the sequence and interactions of the organization's processes;
d) the criticality of products, services, and processes, including special processes;
e) risks associated with QMS, product, service, and process maturity (e.g. new product or service
introduction, new process equipment or facilities);
f) product related safety issues (e.g. airworthiness issues, reporting to customer and/or authorities);
g) results of internal audits;
h) previous audit findings (e.g. CBs, customers, regulatory authorities);
i) previous management review results;
j) changes to QMS, customer, statutory, or regulatory requirements;
k) customer satisfaction/performance data;
l) certification structure [i.e. single site, multi-site (see EN 9104-1:2022, 8.5.1.4.1)];
m) level of IMS (see EN 9104-1:2022, 8.5.2.1);
n) use of PBS/RP (see EN 9104-1:2022, 8.5.3);
o) use of information and communication technology (ICT) (see EN 9104-1:2022, 8.5.4);
p) any current IAQG published resolutions.
5.3 Conducting audits
5.3.1 General
5.3.1.1 The requirements of ISO/IEC 17021-1:2015, 9.4 shall apply.
5.3.1.2 Audit team composition shall meet the requirements of EN 9104-1:2022, 8.5.6.1.
5.3.1.3 The audit team shall pursue relevant audit trails to assist in the determination of QMS
conformity and effectiveness.
5.3.1.4 Each audit, except for nonconformity follow-up (see 5.5) and special audits (see 6.7) shall
include the following, as applicable:
a) verification of the scope of certification;
b) verification that changes to QMS, customer, statutory,
...