Key Takeaways
For aerospace organizations pursuing AS9100 Rev D certification, the audit process can feel like unfamiliar territory—particularly for those going through it for the first time. Knowing what to expect at each stage, what auditors will look for, and how to handle findings removes a lot of that uncertainty.
This post walks you through the AS9100 audit process from start to finish, covering Stage 1, Stage 2, surveillance audits, recertification, and how to handle non-conformances along the way.
A successful AS9100 audit doesn't start when the auditor arrives on-site. It starts months earlier, during your internal audit and management review cycles.
Before an accredited certification body (CB) can conduct an external audit, your organization must have completed a thorough internal audit of all processes within your QMS. This means reviewing documentation, identifying nonconformities, implementing corrective actions, and verifying that your QMS is functioning as intended.
Following your internal audit, a formal management review should be conducted. Senior leadership needs to evaluate QMS performance, review audit findings, assess resource allocation, and set goals for continuous improvement. This step ensures top management is actively engaged—something external auditors will look for when they arrive.
Most organizations run under their new QMS for three to six months before the certification audit. This pilot period generates the records and evidence auditors need to confirm your system is working in practice, not just on paper.
The Stage 1 AS9100 audit is a readiness review. Its purpose is straightforward: to determine whether your organization is prepared for the full certification audit that follows.
Stage 1 typically takes one to two days and is almost always conducted on-site. During this phase, the auditor will:
At the close of Stage 1, the auditor will communicate all identified concerns and provide a readiness recommendation. If concerns are found that indicate the organization is not ready to proceed, those issues must be resolved before Stage 2 can begin. Any minor gaps identified at this stage give your team an opportunity to make corrections before the full certification audit.
The Stage 2 AS9100 audit is the main event. Conducted approximately one to two months after Stage 1, it evaluates whether your entire QMS is fully compliant with AS9100 Rev D requirements.
Unlike Stage 1, which focuses primarily on documentation and readiness, Stage 2 is a comprehensive, process-level audit. The certification body will analyze every process within your organization's scope for compliance. This includes:
The length of Stage 2 depends on the size of your organization, the number of sites, and the functions within scope. If your operations include any remote locations, auditors will want to visit those sites as well—typically during Stage 2.
If the certification body does not identify any major nonconformances during Stage 2, your QMS will be certified to AS9100 Rev D. Your certificate is valid for three years.
Finding non-conformances during an AS9100 audit is not unusual. What matters is how your organization responds.
When an issue is identified, it is documented in a non-conformance report (NCR). From there, your team is responsible for:
All issues must be resolved—with confirmation—within six months of the closing meeting. If this timeline is not met, a repeat Stage 2 audit will be required. It's worth noting that while you will work collaboratively with auditors to identify non-conformances, the certification body cannot act as a consultant. Independent consulting agencies are available to assist with corrective action planning if needed.
Achieving AS9100 certification is not a one-time milestone. Maintaining it requires ongoing compliance, demonstrated through annual surveillance audits.
Surveillance audits are conducted once per year during the three-year certificate period. They cover the full scope of your QMS and follow a process similar to the certification audit. Lead auditors are required to complete and issue the surveillance audit report within 14 days of the audit's conclusion.
These annual reviews are not just a compliance requirement—they serve as a useful mechanism for continuous improvement. Organizations that treat surveillance audits as an opportunity to strengthen their QMS, rather than simply pass an inspection, tend to be better positioned for long-term performance.
At the end of the three-year certificate period, your organization must undergo a full recertification audit. This is a complete system audit that reassesses your entire QMS and verifies continued conformance to all AS9100 requirements.
The recertification audit evaluates:
Planning for recertification should begin well in advance of your certificate expiry date. Delays in scheduling can have serious consequences—including certificate withdrawal if audit timing requirements are exceeded.
Regardless of where you are in the certification cycle, a few consistent practices make a meaningful difference:
A well-run AS9100 audit reflects a well-run quality management system. When your processes are documented, your team is trained, and your records demonstrate real-world compliance, the audit becomes a validation of the work you've already done—not a source of anxiety.
If your organization is preparing for an initial certification, an upcoming surveillance, or a recertification audit, Smithers Quality Assessments has the expertise to support you at every stage of the process. Contact our team to learn how we can help you achieve and maintain AS9100 certification with confidence.
Reach out to Smithers Quality Assessments today to request a quote or contact us directly to discuss how we can help your organization excel in meeting AS9100 certification requirements.
