Planning, implementation and control of the processes needed to meet the requirements for the provision of products and services.

Establish, implement, and maintain a process for managing operational risks to the achievement of applicable requirements that includes assignment of responsibilities, definition of risk criteria, identification and assessment of risks, mitigation actions, and acceptance of residual risk.

Establish a configuration-management process appropriate to the product with planning, identification, change control, status accounting and audits to ensure consistent product identification, traceability and control of physical and functional characteristics throughout the product life cycle.

Plan, implement and control the processes needed to assure product safety during the entire product life cycle, including hazard identification, risk assessment, management of identified risks, communication of risks to affected parties, and reporting and lessons learned.

Plan, implement and control processes, appropriate to the organization and the product, for the prevention of counterfeit or suspect-counterfeit part use and their inclusion in products delivered to the customer. Includes training, source controls, material and part verification, in-process control, quarantine, and reporting.

Customer communication, determination and review of requirements, and changes to requirements for products and services.

Review of requirements for products and services — ensuring the organization's ability to meet requirements before committing to supply. Handling of enquiries, contracts or order handling, customer feedback including complaints, and specific requirements for contingency actions.

Design and development planning, inputs, controls, outputs and changes.

Evaluation, selection, monitoring, and re-evaluation of external providers; type and extent of control; information for external providers.

Control of production and service provision, identification and traceability, property belonging to customers or external providers, preservation, post-delivery activities and control of changes.

Determine and meet requirements for post-delivery activities associated with products and services, including collection and analysis of in-service data, actions to be taken as a result of product problems, control and updating of technical documentation, approval and control of repairs, and controls required for off-site work.

Implement planned arrangements, at appropriate stages, to verify that product and service requirements have been met, including First Article Inspection requirements.

Ensure that nonconforming outputs are identified and controlled to prevent unintended use or delivery. Includes segregation, authority for disposition, and use of concessions.

Conduct internal audits at planned intervals to provide information on whether the QMS conforms to the organization's own requirements, the requirements of AS9100, and is effectively implemented and maintained.

Top management reviews the organization's QMS at planned intervals to ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.

React to nonconformities, evaluate the need for action to eliminate the causes, implement any action needed, review the effectiveness of any corrective action taken, update risks and opportunities, and make changes to the QMS if necessary.

Continually improve the suitability, adequacy, and effectiveness of the QMS, including considering outputs of analysis and evaluation, and management review.