Maturity models are hot right now, so IAQG has announced its stab at the trend, called AIMM (Aerospace Improvement Maturity Model.) I was getting a lot of emails about it from some very confused folks, so I sat in on the recent introductory webinar to get a sense of what it’s all about.

First, let’s commend the webinar presenters for not exploding when they saw my name pop up in the attendance list. I was polite and didn’t ask questions.

I’ve broken this piece up into two parts. The first is to talk about what AIMM is, the use-cases, and its benefits. The second part gets into my criticisms of it, and you can skip that entirely if you just want the good news.

What Is AIMM, and What’s Good

AIMM is a tool that aerospace companies can use for self-assessment, to then monitor their ability to improve their quality management system beyond mere compliance to AS9100. It’s web-based, and free. It does require a login, but that’s it. So far, so good.

Whereas CMMI might be a maturity model on steroids, AIMM is a maturity model on apple sauce, but the kind they sell in those tiny jars with pictures of babies on them. This is light stuff, no intellectual heft whatsoever, and largely a regurgitation of ideas you’ve either read elsewhere or figured out on your own already.

That’s good news, though. Companies pursuing AIMM will find they hardly need a consultant to help them.

(Yes, AIMM organizer Plexus is trying to sell 2-hour AIMM courses, but I just can’t imagine many people needing them.)

How does it work? You log into AIMM, and are presented with a web-based display of the AS9100 clauses, repackaged as “modules.” Boeing’s Alan Daniels made a fuss that these are not clauses, and how they did a lot of work to organize these as modules, but they are totally clauses. I have no idea what he was on about.

The AIMM Modules as presented when you first enter the site.

Then, you click into each one and are presented with definitions of how you can be ranked for that particular clause module against the five maturity levels (MLs).

So for clause 4.1 (yes, we’re back to clauses again), it looks like this:

The real meat of AIMM is the website’s self-assessment tool. Here you first “Plan” your self-assessment, and can tailor it accordingly. Then you “Perform” the assessment, which eventually results in some radar maps and other data based on your inputs. From there you can generate a report on your maturity level, which you can then use internally to establish a baseline. Then, as your company improves, you repeat the effort to show improvement.

I like this, and may well offer this as part of the Oxebridge AS9100 implementation program. Essentially, I see us helping the client perform an AIMM self-assessment once we’ve finished, to establish (a) how well we did, and (b) develop that baseline. Then, we might put in their procedures that they will conduct an annual AIMM self-check to show continual improvement efforts. Finally, an actual quality objective can be based around an AIMM maturity level: “we want to achieve ML5 in five years,” for example.

Another interesting angle is that AIMM could be used for companies without any certification wanting to implement AS9100 from scratch, and then pursuing certification later. This might help them implement AS9100 to begin with.

So overall I think the self-assessment tool is great. It’s easy, it’s free, and doesn’t require spending on third parties to work it.

Oh, and one of the presenters said that if you’re already AS9100 certified, you’d probably be at ML 2 or 3 already; that sounds about right to me.

Now I’ll move on to my criticisms, and — again — feel free to skip this next part if you want to leave with a warm feeling in your belly.

What’s Dumb About AIMM

Despite AIMM being called a “maturity model,” it barely is. It’s weak sauce. Instead, AIMM is merely a set of suggestions that increase in difficulty as you advance from ML1 to ML5, and then only barely so. The actual recommendations are really, really weak, given that (a) this is for aerospace, which is supposed to be hard because people’s lives are at stake, and (b) they call it a “maturity model,” and difficulty is supposed to be implied as you advance up the model.

Go back to the screenshot above of AIMM’s take on clause 4.1. Notice how they didn’t even come up with any criteria for ML5 here, and it’s blank. That happens a lot throughout the model, and is troubling. It means that either the AIMM authors thenselves don’t actually know how a company can be “Level 5 Optimizing,” or they intend that companies seeking the hardest level get a lot of free passes. (This same thing appears in CMMI, but because it’s based on an entirely different concept — “Practice Areas” — it’s actually done for a reason. The AIMM guys don’t appear to have understood that.)

Throughout the model, the criteria for ML4 or ML5 are lame, presenting old ideas that have been trotted around by consultants for eons, without much actual advanced thinking. Taking one of the most problematic AS9100 clauses — 10.2 on Corrective Action — we see the ML5 advice from AIMM is simply, “root cause analyses and corrective actions (covering the occurrence of nonconformities, as well as their non-detection earlier) are systematically generalized and collected in a lessons learned database usable by everyone.”

Really? That’s going to keep planes from exploding?

This is entirely reflective of the lack of actual experience and intellect by its authors, in my opinion.

Next, AIMM is crippled by the fact that it was made by an organization (IAQG) that has not only siloed itself off from its industry, but then relies on internal silos to get things done. IAQG does not operate like a proper standards body, representing the diverse interests of the folks who buy their products. They are largely a personality cult, but based on a circle of close-knit personalities (as opposed to CMMC, which is based on the cult of a single person, Katie Arrington.) They disallow participation by anyone outside of their approved clique, and then break themselves into tiny groups of “friendlies” who make stuff up in a vacuum.

So, sure enough, AIMM was made by the same ten or so folks you see doing a lot of the other AS9100 stuff: Daniels, Beard, Darrel Taylor, Buddy Cressionnie, and even Michelle Barton (yes, She Who Must Be Obeyed). I found this list of its team members from a 2019 presentation hidden online:

Notice that no single private space company is represented here: IAGQ continues its backward practice of preventing companies like SpaceX, Blue Origin, Relativity, or Rocket Lab from sitting at the table. Instead, it’s the same few companies that keep losing contracts to these private upstarts, and who keep blowing up airplanes and killing folks. Boeing is everywhere, but remember this: Boeing has not even implemented AS9100 within its own organization.

Why the hell anyone should be listening to Boeing on “quality” is beyond me. They absolutely suck, and even they know it.

So the AIMM webinar presenters had to sheepishly admit that their maturity model did not take into consideration the new AS9145 standard on APQP, which is quickly growing to become a de facto “plugin” requirement alongside AS9100. They had to admit it did not take into account AS13100, the new standard for aerospace engine system manufacturers, another huge standard.

It gets worse: AIMM is only usable for AS9100, and not for the two sister standards, AS9110 (for repair stations) or AS9120 (for stockist distributors.) Ouch!

Beard also admitted that AIMM didn’t take any look at the long-standing ISO standard, ISO 9004, which already exists as an improvement tool and has its own version of a maturity model baked in.

Daniels and the others insisted that AIMM relies on the IAQG’s aerospace Supply Chain Management Handbook (SCMH) materials, but I don’t really see it. Even then, the SCMH materials are hit-and-miss; some are great, others are copy-and-paste junk taken from other third parties. Remember how the SCMH stuff on project management was lifted from PMI¬†without attribution and had nothing to do with aerospace?

The problem is because of IAQG’s culty silos: the nerdy tech guys work on AS9145, the even-nerdier-still engine guys work on AS13100, and the less-intellectually-inclined are tasked with AS9100, the “Tik Tokker” of the set: popular, but vacuous. ¬†Each silo has its own culture club, and they just can’t work together.

This “made in a vacuum” aspect of AIMM is unforgivable and also makes its use-case very, very limited.

Not For Certification, Until It Is.

But let’s ask the question everyone wants to know: will AIMM really be limited for self-assessment? I mean, hell, the president of NQA (Kevin Beard) doesn’t do anything that doesn’t push NQA’s certification business. (Even Beard’s commentary during the presentation was nearly obsessively related to how AIMM will be viewed by certification body auditors. They even managed to name-drop the cybersecurity model CMMC in a webinar poll, and NQA just happens to be pursuing CMMC registrar status. That’s not an accident.)

Throughout the webinar, the presenters insisted this was for self-assessment and not certification.

Until the last three minutes.

At that point, Daniels mumbled something about them being willing to create a certification scheme out of AIMM if “the industry” desires it. Frankly, his comment was mangled, and I’m waiting on the published webinar to grab an actual quote. (I’ll update this if I am misquoting.)

Either way, there is no way that AIMM could be used for certification; it would simply rely too heavily on the auditor’s opinions. CMMI has a monstrously large infrastructure in place for its maturity model appraisals, and even then they make it clear that a CMMI maturity level is not a certification. Then, they have volumes of information on how such appraisals would be conducted to ensure they are fair. AIMM has none of that, and it would take 10 years or more for them to come up with it.

Next, when Daniels talks about “the industry,” he does not mean the AS9100 user. IAQG has consistently said the consumer of AS9100 is who they say it is — namely “the primes,” and even then only Boeing and Lockheed and Raytheon and a handful of others. And, of course, the friendly CBs like Beard’s NQA or Smithers or DNV. Left to them, of course they are going to push a half-baked certification scheme on the industry. No adults are monitoring them, after all, and they have no reason not to.

Oh, Yeah: AS9100 Is Getting Updated Early

During the webinar, Daniels also dropped another bomb. He admitted that AS9100 was undergoing a 5-year review and that “all indicators are that we will” update AS9100 soon. That’s huge. ISO has already voted not to update ISO 9001, and updates to ISO 9001 have traditionally been the trigger for updates to AS9100.

If AS9100 updates early, it will break that cycle. That means AS9100 certified companies who thought they caught a break because ISO 9001 wasn’t getting an update, well, won’t. They can expect AS9100 Rev E sooner rather than later.

This also raises the question again as to whether this will mark the point at which AS9100 decouples from ISO entirely. Certainly breaking the revision alignment with ISO 9001 can be seen as the first step towards that. We all know it’s going to happen (even if I have been consistently wrong on when). The IAQG wants to follow the automotive model for IATF 16949, which broke from ISO, because there’s a lot of money to be had. Why have ANAB and IAF get accreditation fees when IAQG could be sucking up all that loot?

Sources tell me that IAQG is equally divided on this issue: half the gang wants to split from ISO, and the other half doesn’t. So it keeps getting stalled.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 14001 Implementation