IA9100 is Coming: Key Updates for Aerospace & Defense

The AS9100 standard has long defined the quality management systems for the aerospace and defense industries. Now that framework is evolving. The International Aerospace Quality Group (IAQG) is in the process of developing IA9100, the next generation of the AS9100 standard.

While final rules aren’t likely to be issued until the end of 2026, organizations that start preparing now will be better positioned to maintain 9100 certification, meet customer expectations and stay competitive as the standard transitions in the coming years.

QT9 Software recently spoke with AS9100 quality consultant Mike Varney, president of Mike Varney Quality Management Solutions (MVQMS), about the upcoming transition to IA9100. Below is an overview of coming changes and Varney’s unique insight into ways aerospace and defense companies can start preparing.

Contents

Understanding the shift from AS9100 to IA9100

Timeline and current status of the IA9100 standard

What’s changing: Key IA9100 revisions and new requirements 

IA9100 impact on certification and audits

Final thoughts: Turning change into opportunity

Understanding the shift from AS9100 to IA9100

AS9100 standards have always aligned with ISO 9001, the globally accepted standard for quality management from the International Organization for Standardization (ISO). The coming transition to IA9100 will incorporate upcoming changes to the ISO 9001 standard.

As another way to connect AS9100 to ISO 9001, the standard’s name change to IA9100 will better reflect the international use of the standard. Similarly, revisions will incorporate the needs of modern aerospace companies.

Why is the AS9100 standard changing?

The aerospace industry has evolved dramatically since AS9100 Rev D was introduced in 2016. Supply chains are more global, digital threats are more complex and sustainability and ethics now influence brand trust and customer contracts.

IA9100 addresses these realities by:

• Aligning with ISO 9001:2026 to ensure global consistency and adaptability

• Strengthening risk-based thinking and integrating it with digital systems

• Expanding the focus on safety, security and ethical conduct across the enterprise

• Promoting leadership engagement and a strong culture of accountability

The IAQG began revising the 9100 series in late 2021. Draft versions of IA9100 were circulated in 2023 and 2024, with hundreds of comments garnered from across industries and certification bodies.

The final draft of IA9100 is expected to be released in late 2026, alongside ISO 9001:2026, to ensure full alignment between the two frameworks.

Organizations will have a formal transition window, generally two to three years after publication, to migrate from AS9100 to IA9100 certification.

“What we’re hearing right now is that the three-year transition window should stand,” said Varney. He cautioned, however, that because this update is being considered a minor revision, a shorter two-year window is possible.

What’s changing: Key IA9100 revisions and new requirements 

While the revisions coming with IA9100 are expected to be relatively minor, many have systemic impact.

“There are a handful of things that are not new, but are stressed much more significantly than in the past,” said Varney. “For example, ethical behavior is something that is in the [current] AS9100 standard for Rev D, but is now peppered throughout this new standard in more places.

“We also see more mention of MSA (measurement system analysis), APQP and process control,” he adds. While none of these processes are new to people in aerospace, they will now need to become more organic to aerospace and defense quality systems across the board.

Expanded areas of focus include:

Process controls and risk management

IA9100 places greater emphasis on the use of statistical methodologies and planning for quality assurance at all stages. These include:

• Process Capability Studies (Cp)

• Statistical Process Control (SPC)

• Advanced Product Quality Planning (APQP)

• Measurement System Analysis (MSA)

• Key Product Characteristics (KPC)

• Comprehensive control plans integrated into ERP

Cybersecurity, data security

As Varney notes, cybersecurity is a high priority for every industry, and IA9100 addresses the challenge for aerospace. There will be new expectations for:

• Cybersecurity risk assessments

• Secure access protocols

• Incidence response plans

• Awareness training for employees who handle sensitive data

With so much discussion around CMMC (Cybersecurity Maturity Model Certification) “we’re anticipating that we’re going to have to create some sort of information security program for every company that is planning to be IA9100-certified going forward,” said Varney. “That’s going to be mandatory.”

Though current wording leaves the completion of this task up to the organization, Varney recommends developing a plan for the protection of your information technology based on what’s appropriate for your organization.

Product safety

New product safety measures will also be required under IA9100. These include:

• Product safety analysis included in FMEA design and process

• Mandatory consideration of product safety in risk management and audit programs

• Documenting safety incidents

• Creating a system for anonymous reporting of potential product issues

• Requiring traceability for Safety Critical Items (SCI)

Supplier management

IA9100 will tighten requirements for supplier management as a way to combat quality issues that stem from early in the supply chain. Enhanced requirements are expected for supplier verification and monitoring, traceability and counterfeit detection, including allowing remote audits and inspections. There may be an additional push to utilize the IAQG’s global supplier database.

Quality culture

Leadership will be tasked with demonstrating commitment to a culture of quality through behavior and resources, including incorporating human factors, such as fatigue, into root cause investigations and providing employee well-being programs that support quality outcomes.

Climate change and sustainability

Similar to other quality management systems, IA9100 is expected to call on aerospace companies to integrate environmental management plans into quality systems and objectives. While not a specific requirement, many suspect that future regulatory changes will mandate sustainability practices.

IA9100 impact on certification and audits

Transition period

Once IA9100 is published, certification bodies will establish a transition window, typically between 24 and 36 months. During that period, companies can still be audited under AS9100 Rev D but will need to complete migration by the final cutoff date to maintain certification.

Varney recommends timing your certification renewal carefully. “If you’re certified to AS9100 and your cert expires within the next three years, plan your re-certification while the current standard is still valid. That way, you can schedule a transition audit later and have your certificate upgraded to IA9100 without a lapse.”

Audit expectations

Auditors are expected to focus more on effectiveness and evidence of performance, not just procedural compliance. Expect to provide data demonstrating risk reduction, leadership engagement, supplier oversight and digital quality metrics.

Audits may include new focus areas such as cybersecurity readiness, employee well-being and ethical behavior. Evidence of integration across departments also will be expected.

Supplier oversight

Prime contractors and first-tier suppliers will need to prove tighter control of sub-tiers, particularly for counterfeit part prevention, training and information security.

Failing to transition within the timeline may result in certification suspension or loss of eligibility for contracts that mandate aerospace quality certification.

Complexity and scope

While the revision isn’t a full overhaul, Varney cautioned that the changes still run deep:

“Even though this is a minor revision, the updates are system-level. It’s not just one person updating 10 SOPs, it’s about how your organization functions end-to-end.”

He also warned that certification bodies will need time to retrain auditors, which could cause scheduling bottlenecks. “Don’t wait until the final year,” he said. “The earlier you start, the easier it will be to get your audits completed.”

Watch QT9's discussion with AS9100 / IA9100 consultant Mike Varney

How aerospace and defense organizations can begin preparing for AS9100 changes 

The best thing anyone can do is start learning,” says Varney. “There’s so much good information available, much of it free. Start self-educating before the crunch hits.”

1. Conduct a gap assessment

Compare your current QMS against the draft IA9100 requirements and expected ISO 9001:2026 changes. Identify shortfalls in areas like cybersecurity, APQP, ethics and supplier control.

2. Focus on measurable systems 

Varney recommends starting small. “For companies not yet doing MSA, start with a basic gauge R&R,” he said. “It can be a simple, afternoon exercise with a few tools and people. You’ll quickly see how capable your system really is.”

2. Reinforce cybersecurity controls

Develop an information security program proportional to your organization’s size and risk exposure. This will soon be a certification requirement.

3. Train and cross-educate teams

Educate staff across departments on IA9100’s expanded focus areas. Include IT, HR and procurement teams in training related to cybersecurity, ethics and supplier management. Ensure every employee understands ethical expectations and the purpose behind process changes. Train auditors, inspectors and production staff early.

4. Prepare your supply chain

Communicate early with suppliers about IA9100 requirements. Encourage them to perform self-assessments, participate in joint audits and implement counterfeit prevention measures.
Update documentation and processes Start revising procedures, work instructions and risk management frameworks to reflect upcoming requirements. Maintain strong change control practices.

5. Prepare your supply chain

Communicate early with suppliers about IA9100 requirements. Encourage them to perform self-assessments, participate in joint audits and implement counterfeit prevention measures. 

6. Update documentation and processes

Start revising procedures, work instructions and risk management frameworks to reflect upcoming requirements. Maintain strong change control practices. 

7. Pilot and test changes

Implement IA9100 principles on a pilot program, such as one production line or product family. Use the results to refine your companywide rollout plan.

8. Coordinate with certification bodies

Ask your registrar for IA9100 readiness guidance, including expected transition milestones and audit expectations.

Final thoughts: Turning change into opportunity

The move from AS9100 to IA9100 isn’t a revolution, but it’s still significant. The new standard brings a modern focus to data integrity, ethics, safety and system-wide consistency.

“Please don’t wait until 2027,” says Varney. “Even though it’s a minor revision, these are system-level changes that take time. The earlier you start, the easier it’ll be on everyone—your auditors, your consultants and your team.”

Companies that take a proactive approach now will have smoother transitions and stronger, more resilient systems once IA9100 becomes the new global standard for aerospace quality.