Select Page

AS9110 and AS9120 have moved to new sites. Click here for AS9110 or Click here for AS9120.

AS9100 Risk Management

as9100 riskRisk-based thinking (RBT) is now an even more prominent part of every ISO Management System, and thus those based upon ISO requirements, like AS9100. Risk-based thinking is employed in many of the requirements of AS9100 Rev D, including many major clause references. But risk-related directives are also noted in these clauses:
Clause 4: Context of the Organization
Clause 5: Leadership
Clause 8: Operation
Clause 9: Performance Evaluation
Clause 10: Improvement
Annex A.4: Risk-based Thinking

Risk-based Thinking

RBT is essential for a successful quality management system. RBT involves consideration of potential effects, which may result in outcomes that deviate from what is expected. By adopting RBT you will be able to plan ahead and take actions to prevent undesired events, such as a nonconformity, from occurring.

Tools to help Manage Risk

Actions to Address Risks and Opportunities

A risk can be positive or negative. Addressing a risk could mean pursuing an opportunity. Examples of opportunities include pursuing a new customer, product, or technology.

Risks and opportunities are present in every process. Using RBT, organizations can plan for these potential risks or opportunities and take actions before they occur to control or prevent their effects. When planning for your quality management system, you are required to determine what your risks and opportunities are, plan the actions to take for addressing these risks and opportunities, and evaluate the effectiveness of the actions taken.

Operational Risk Management

Operational risks are those that may negatively impact a process, product, service, customer, or end user. In order to meet the requirements around operational risks, you must have a process for how these will be managed. That process must be documented in a risk management procedure and needs to include:

  • Assignment of responsibilities,
  • Criteria for assessing risk,
  • Management of actions to address risk,
  • Acceptance of remaining risk after actions have been taken,
  • Identification, assessment, and communication of risk.

Risk is generally expressed in terms of likelihood and severity within the aviation, space, and defense industries. A risk matrix accesses the degree of a risk based on these two factors. Assessing risk using this criterion will help you to determine which risks should be addressed.

ARP 9134 Risk Guidance Standard provides guidelines for supply chain risk management and can be a helpful tool for an organization needing to establish a risk management process.

Additional Resources:


Our All-in-One Certification Package is a proven, efficient system. It gives you all you need to prepare for registration – in one simple to use package.

Customer Review:

"I have just passed my Audit with zero non-conformances for the second year in a row using your ISO products to write my entire QMS. Thank you for producing documents of this quality"

Bettye Patrick

Buy the Standard

9100 Store Logo  AS 9100