Configuration control in AS9100 ensures that aerospace organizations maintain accurate, approved product definitions throughout design, production, and delivery. This article explains what configuration control is, what it requires, why it matters for certification, and how auditors evaluate compliance. Organizations seeking practical guidance on strengthening configuration control can also access additional implementation resources and training support.
What Is Configuration Control in AS9100?
Configuration control in AS9100 refers to the structured process organizations use to define and protect a product’s approved state. It governs how changes are identified, reviewed, authorized, and implemented so that the product delivered always matches its documented definition. In aerospace, that definition extends beyond drawings to include any technical data that establishes what the product is supposed to be, from software and part identification to test and validation requirements.
The purpose is simple: the product you ship must match the approved configuration to a T. No informal substitutions. No undocumented revisions. No silent changes.
AS9100 requires organizations to maintain configuration management processes to ensure traceability and prevent unintended variation across the lifecycle of the product.
Why Does AS9100 Require Configuration Control?
Aerospace products operate in high-risk environments. Small configuration errors can lead to performance failure, contractual violations, or safety concerns.
AS9100 requires configuration control because uncontrolled change introduces risk. When revisions are not formally evaluated and approved, organizations lose visibility over:
- Which version of the product is being built
- Whether risk was reassessed after a change
- Whether downstream processes were updated
- Whether customers were properly notified
Configuration control protects product integrity. It also protects contractual compliance, especially when customer-specific requirements apply.
How AS9100 Auditors Evaluate Configuration Control
AS9100 auditors do not evaluate configuration control by reading a procedure alone. They test it.
An auditor may select a part number or assembly and trace it through its lifecycle. They will review drawing revisions, engineering change notices, implementation dates, and production records. They may verify whether risk assessments were updated after a design change. They often check whether obsolete revisions were properly removed from use.
If different departments provide conflicting revision information, that signals weak control. If production records reference outdated data, that becomes an audit finding.
Auditors are looking for alignment between engineering, quality, purchasing, and production. Configuration control should not live in one department. It must function across the system.
Common Configuration Control Audit Findings
When an auditor hits your shop floor, some common findings related to configuration control include:
- Obsolete drawings still accessible at point of use
- Engineering changes implemented before formal approval
- Bills of material not updated after design revisions
- Incomplete traceability between change requests and production
- Lack of documented review of customer impact
These findings rarely stem from a lack of documentation. They usually stem from weak cross-functional communication or rushed change implementation.
What AS9100 Certified Companies Should Do Now
If you are AS9100 certified, configuration control should be periodically tested internally, not just during an external audit. Consider the following steps:
- Review your last three engineering changes and trace them from approval to production implementation.
- Confirm that obsolete revisions are removed from all points of use.
- Verify that risk assessments are updated when configurations change.
- Ensure purchasing receives formal notification of part or specification updates.
- Conduct a focused internal audit on configuration management before your next certification audit.
- Train engineering and quality teams together on configuration responsibilities.
- Schedule refresher training if change-related findings have occurred in past audits.
Configuration control is strongest when teams share a common understanding of how changes move through the organization.
How APEX QA Helps
Our AS9100 Lead Auditor and Internal Auditor training programs support aerospace manufacturers who need stronger configuration management practices.
This training was engineered for quality managers, engineering leaders, internal auditors, and aerospace suppliers preparing for certification or recertification.
The session includes a detailed examination of AS9100 configuration management requirements, along with insight into how auditors actively test configuration control during assessments. It explores real-world examples of configuration-related findings and walks through practical methods for auditing engineering change processes. Participants will also gain perspective on strengthening cross-functional change review so configuration decisions are evaluated consistently across departments.
Format: Online, in-person training, and private training can all available. Instruction is delivered over multiple half-day and full-day sessions.
Outcome: Participants leave training with the ability to evaluate configuration control processes internally before an external auditor does.
Frequently Asked Questions About Configuration Control in AS9100
Is configuration control only about engineering drawings?
No. Configuration control includes all technical data that defines the product, including software, bills of material, specifications, and test requirements.
Does AS9100 require formal configuration management for all aerospace suppliers?
Yes. The level of complexity may vary, but all AS9100-certified organizations must ensure controlled management of product configuration.
What is the difference between document control and configuration control?
Document control governs how documents are approved and distributed. Configuration control governs how product changes are evaluated, approved, and implemented across the lifecycle.
Can configuration control findings lead to a major nonconformity?
Yes. If configuration weaknesses affect product conformity or contractual compliance, auditors may escalate findings depending on severity and systemic impact.
