You can’t make this up. I was approached by a former client recently, who asked me to update their AS9100 Rev C system — which I implemented years ago — to the new Rev D standard. I said no problem, and prepared to make them a quote. They said there’s was a catch: they were calling me on Friday, and he wanted it by noon on Monday, since their audit was the following Tuesday. Since Friday was already shot, that gave me only Saturday and half of Monday to work on it, since I would be on airplanes all day Sunday.
Now, this is an old client I worked with for many years, so I didn’t hang up immediately. I explained how this is impossible, that the bulk of Rev D changes are really having to do with the new ISO 9001:2015 changes — risk-based thinking, context of the organization, etc. — and that typically I take a week to update documentation and internal audit checklists, and to do the “COTO Exercise” of identifying and managing risks and opportunities. Then, I told him, you have to do an entire internal audit under the new standard — or, at the very least, a delta audit of just the gaps — before you can even have the registrar show up. Finally, you have to accomplish at least one management review under Rev D, too. This assumes you have fully implemented all the changes, and the internal audits found nothing.
I’ve been told I’m insane since I launched this business in 2000 for offering 40-day ISO 9001 and AS9100 implementations, and 10-day updates to new versions. The usual suspects screamed and set themselves on fire insisting it can’t be done. I proved them wrong for 17 years, but to upgrade over a weekend?
Impossible, right? Of course you know where this story is going, but let’s make the journey together.
I’m Your AS9100 God, So Kneel
So I offered this: I would spend a few hours updating his Quality Manual — which fortunately included the procedures in its text — and provide him a generic COTO Log from my template kit. He would show this to the auditor, and then use it to make the argument that his upgrade was underway, and would be complete by the time the next surveillance audit came around, in six months. He’d take his major nonconformities against AS9100 D, and move on, possibly with an AS9100 Rev C cert in hand, or possibly with the entire thing suspended temporarily.
I spent six hours on the documentation, updating as best I could, and hit save. I sent him the manual and a generic COTO Log with a bunch of generic risks plopped in, and (if I recall) exactly nothing mentioning opportunities at all. Then I got the news. The client underwent their AS9100 revision D audit, with a fully IAF-accredited, IAQG-sanctioned registrar, and passed with only two minor nonconformities.
Sweet mother of God, what has this become?
And get ready for the cherry on top: one of the findings had to do with the new “ethics” requirements in AS9100 Rev D. So the auditor wrote the client up for ethics while handing them — straightfaced — a cert for a system that was only a few hours old. It’s as if we are literally living in the poem Jabberwocky.
Now I would say this is a risky piece to write, since it might jeopardize my client (if they ever found out who it was) because the CB would be embarrassed and go back and do a proper audit. Or ANAB might get off its ass and start actually earning its money to ensure its accredited CBs were not doing conformity assessment while apparently in a full-on coma. But since I know this is not merely an isolated incident, and that CBs just pass anyone now, no matter what the hell they are up to, no one can ever find out. This situation is probably happening every day, all over the planet. It means that every AS9100 Rev D cert out there is suspect, and if planes fall out of the sky, well that’s fine because the registrar got paid.
Of course, now my client and I can take our time and do the necessary work to make their QMS a real one, and not something I whipped up like an orange mocha frappuccino, and get me to a mental place where I can sleep at night. Because right now, this is crazy.
So to UKAS and ANAB and IAQG and IAF and all the others, I say this: all your efforts to stop soft-grading have failed. The world is polluted with certificates that were issued by morons disguised as idiots, and it all happened on your watch. Shit, sometimes it happened while you were sitting in the room. Your levels of incompetence and fraud have risen to levels unimagined. So when we see scandals like Kobe Steel or Takata airbags, this is why. You have abdicated your responsibility, allowing an evil, menacing bastard like me get away with upgrading a client to a new aerospace standard in the same amount of time it would take me to mow my lawn and get a haircut.
So if you want your system updated in ludicrous speed, apparently all you have to do is call me, and then send a check to your registrar. I mean, it’s only aerospace, so what could go wrong?
About Christopher Paris
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.