Company Confidential Registration Management Committee RMC Auditor Workshop Charleston, SC July Ballot: What is it all about? Information on the principles and changes incorporated in Will Tate – Triumph Group

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Where does fit in the ICOP scheme? Requirements for Aerospace Quality Management System (AQMS) Auditor Training and Qualification One part of the 9104 trilogy of standards Page 2

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Understanding the current : describes the requirements for ‒ Training organizations (Training Providers – TPs) ‒ The AQMS Auditor Training Courses (to be provided by the TP’s) ‒ Auditors (to conduct AQMS Certification audit activities) ‒ The AQMS Auditor Authentication process AQMS Auditor Authentication is the process by which trained and qualified auditors become recognized by our industry ‒ It enables them to be eligible to conduct third-party AQMS certification audits does not describe how auditors are utilized ‒ Described in the standard Page 3

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee What’s wrong with the current ? Current standard now dated: ‒ Missing areas e.g. TPAB and AAB Requirements ‒ Doesn’t reflect the use of Training Developers or Sanctioned Training Feedback from IAQG members, authorities and oversight: ‒ Auditor Authentication and the CB’s competence processes are not delivering effective or fully competent auditors in all cases ‒ Other issues raised include: » depth of auditing » effectiveness of auditing » effectiveness of the closeout of corrective and preventive actions » Audit teams not finding problems and issues found by regulators and customer audits Page 4

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee What’s happened with ? has undergone a significant re-write Aims of the re-write include: ‒ Add missing areas e.g. TPAB and AAB Requirements ‒ Introduce use of Training Developers and Sanctioned Training ‒ Remove list of specific training courses and their definitions ‒ Making a significant change to the AQMS auditor authentication process to improve its effectiveness Page 5

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Authentication and Auditor Competence The current AQMS Auditor authentication process does not address auditor competence Why? ‒ It is based on an auditor having met certain attributes » Education » Work experience » Audit experience » Training None of these tell us if an auditor can actually conduct an effective audit We know the results from the current processes are not fully effective and so we need to make a change … Page 6 Qualification-based

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Authentication and Auditor Competence So, what’s the alternative? The ballot draft proposes assessing competence instead of attributes To do that a new mechanism was needed: ‒ Proposed: Witnessed Assessment » Problem – not enough resources in global AAB’s ‒ Proposed: Carry on as we are » Problem – doesn’t tell us if an auditor can do an effective audit ‒ Documented proposal – Competence Validation Process (CVP) Page 7

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee CVP – Competence Validation Process A process to evaluate QMS auditing and technical competence Proposed to be carried out through an on-line environment How will CVP work? ‒ A simulated audit environment will be created ‒ Auditors will go through an audit process within the simulation » Preparing, audit planning, conducting an audit, reporting etc. » Lead auditors will also undertake audit team leadership processes e.g. opening and closing meetings, closeout of findings, etc. » Competence validated against the defined model Page 8

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Auditors are limited in the number of times they can take CVP: –Limited to once every six months to prevent auditors passing CVP through attrition of the validation process Initial authentication based on prerequisites and successful completion of CVP Having completed the simulation, the CVP software will output a report of the results Page 9 Competence Validation Process – Con’t

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Results will be classified as Green, Yellow and Red ‒ Lead Auditors will need yellow or green in all competence areas ‒ Auditors will need yellow or green in QMS auditing competence only ‒ Provisions established for auditors not achieving required results at re-authentication to give chance to repeat the process Page 10 Competence Validation Process – Con’t

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Competence Validation Process – Con’t Concept is to focus on development rather than testing –Auditors will receive a feedback sheet of competence areas where ‘Yellow’ or ‘Red’ results were achieved –Forms the basis for an individual competence development program Page 11

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Implementation of CVP How will it CVP be implemented? ‒ A software developer will be needed ‒ A competent body will also be needed to operate and configure the software to validate the established competencies ‒ Likely to involve remote proctoring technologies ‒ Will be modular » One module for 9100 and 9120 additional module for 9110 ‒ Concept is that all auditors to attempt the module as if applying for one of the lead auditor grades » Auditors will not need to pass the technical competence elements ‒ How much will it cost per auditor per module? » Not known at this time Page 12

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee CVP Selection and Development Process How will the CVP project be developed? –Project run by IAQG OPMT as part of Tactical Objectives –WG will need active IAQG Member support and involvement –Project to be run similar to OASIS Next Generation »IAQG OPMT WG recommends a provider »IAQG SWG and General Assembly makes decision on provider –Financial and costing models to be developed during bid process Page 13

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee What else is in ? Pre-qualification requirements for authentication are simplified: ‒ Difficult topic of ASD work experience changed to 2 years general industrial manufacturing (or maintenance) experience (not software) The European Aviation Safety Agency (UK Civil Aviation Authority representative) participated as part of the re-write team: Page 14

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee EASA made an input that airworthiness authorities will not accept only 2 in 10 years general manufacturing industry work experience –Required aerospace experience on every audit with an ‘aviation’ scope –A proposal was developed and agreed with EASA to introduce a grade of authentication requiring 2 years aviation or space (not defence) experience –One of these new grades (AELA) will be required to be present on every audit with an ‘aviation’ scope Page 15 What else is in ? (Con’t)

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Auditor Authentication Grades have changed: ‒ Previous grades of AQMS auditor authentication were: » Aerospace Auditor ‘AA’ or Aerospace Experience Auditor ‘AEA’ ̶ Following the EASA input the authenticated AQMS auditor grades have been redefined: » ASD Auditor (AA) – 2 years general industry work experience, QMS auditing competence » ASD Lead Auditor (ALA) – 2 years general industry work experience, QMS auditing competence and aviation, space and defence technical competence » ASD Experienced Lead Auditor (AELA) – as ALA plus 2 years suitable work experience in aviation or space (not defense) Page 16 What else is in ? (Con’t)

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Forms for capturing the IAQG OPMT defined QMS Auditing and Technical competence requirements have been developed The competence requirements are not defined in the standard however: –An example of the initial definition of QMS Auditing and Technical competence requirements has been included ‒ The actual QMS Auditing and Technical Competence requirements are to be held on the IAQG Forms Management System ‒ There will be controls for managing and updating competence requirements ‒ Allows the flexibility to change the competence requirements without the need for a re-write of the standard Page 17 What else is in ? (Con’t)

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee New requirements for Training Developers introduced ‒ Follows the concept that one (or more) developers will be selected to work with the IAQG OPMT ‒ Introduces controls for transferring from Training Developer to Training Provider No specific training courses defined ‒ These will be specified by the IAQG OPMT as requirements change Page 18 What else is in ? (Con’t)

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee AAB’s are retained in the authentication process: ‒ Authentication will be based on pre-requisites plus CVP results ‒ 3 year initial authentication period will be retained ‒ For re-authentication: » ‘All green’ CVP results for ALA and AELA will be awarded 5 year authentication » Lead auditors obtaining ‘Red’ results will be given 1 year to improve –Auditors will only be allowed to be authenticated through one AAB at any one time. Page 19 What else is in ? (Con’t)

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Changes for the re-ballot of At the end of the first ballot in March 2015 –Ballot passed in the Asia-Pacific and Europe sectors –Ballot failed in the Americas sector 212 feedback comments were received –Most were editorial in nature –A very few indicated that they did not like the proposed standard and that change was unnecessary The re-write team has dispositioned all 212 comments as follows: –Accepted: 92 –Partially Accepted: 37 –Rejected: 83 The following slides summarize the main changes made ….. Page 20

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Changes for the re-ballot of The layout of the standard has been significantly amended in order to reduce duplication, improve flow, readability and simplify the AQMS auditor authentication process. Examples include: –CVP is to be taken before application for authentication or re-authentication –Tables have been introduced to summarize CVP results with auditor authentication eligibility status –Simplified flow charts Page 21

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Changes for the re-ballot of A new section has been added to the standard to define the responsibilities of the IAQG OPMT relating to requirements that includes: –The development, deployment, operation and maintenance of the CVP Process –The development, deployment, operation and maintenance of sanctioned training courses including the relationship with training developers –Utilization of feedback from CVP to identify new sanctioned training needs –Co-ordination of the deployment and maintenance of sanctioned training courses. Page 22

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Changes for the re-ballot of Requirements for auditors relating to taking the CVP have been clarified: –Auditors are responsible for generating and working their own improvement plan –The format of the improvement plan is to include improvement actions to address CVP results that are yellow or red, examples may include: »Self-learning, formal training, gaining of work experience –The auditor’s employing organization(s) is(are) responsible for verifying that the auditor has completed their improvement plan »Auditors employed by more than 1 organization- select a single primary organization for verification activity Page 23

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Changes for the re-ballot of Requirements for the amount of training required for auditors undertaking the advancement process to change AQMS auditor grade has been clarified: –Specified as a minimum of 10 hours of formal training per calendar year from the date of the last authentication decision. –A definition of formal training has been added as follows: »Training that is structured with defined objectives, a defined duration, and should include a method to evaluate the effectiveness of the training or knowledge acquired. Page 24

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Changes for the re-ballot of A number of definitions have been amended and clarified: –Manufacturing Industry Company has been changed to Manufacturing organization –The manufacturing organization work experience needed for AQMS auditor authentication does not exclude aviation, space or defence work experience. –The definition aviation and/or space experience has been deleted. –Ballot feedback proposed the addition of a definition for CVP however it was agreed not to add a definition »CVP is its own definition i.e. a process to validate competence »The CVP process is described in the standard Page 25

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Changes for the re-ballot of Ballot feedback proposed the addition of references to standards that are not yet released however it was agreed not to add such references e.g. ISO/IEC –Instead refer to ISO/IEC series Page 26

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Support for re-ballot Evaluating auditor competence instead of looking at attributes is a challenging change: –It is a new concept for the ICOP scheme and the standard We know that the current attributes based system is not effective Competence is demonstrated in other industries and other sectors so why not in auditing aviation, space and defense companies? needs to be flexible to accommodate changes in required auditing competencies, training and authentication The standard is now going to re-ballot and needs your support Page 27

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Some FAQs related to new What happens to existing AA’s and AEA’s –AA’s retain AA grade, AEAs AELA with successful CVP Who maintains the auditor’s improvement plan? –Auditor is responsible for maintaining and updating their own improvement plan When will the new requirements go into effect? –When new passes ballot in all 3 sectors, IAQG OPMT will develop, communicate an implementation plan with dates Page 28

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Page 29 Some FAQs related to new (con’t) Who is the auditor’s Aerospace program Manager? –The primary employing CB or company individual who is responsible for the AS auditing function –Where can I find the competence criteria? –OPMT will maintain the competence criteria and list on the IAQG OPMT webpage (specific URL, TBD). Examples are in the appendix of the standard. What happens if I can’t pass the CVP? –After 2 tries, the auditor is withdrawn and must re- apply as an initial authentication (QMS competence). Is graded as an AA if unsuccessful at Technical competence.

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Further Questions Page 30 Contact your SDR: Americas – Will Tate - Asia-Pacific – Shuuji Komori - Europe – Ian Folland –