Under current European Aviation Safety Agency (EASA) regulations, Production Organization Approval (POA) holders are responsible for adequately controlling quality standards for products and parts they obtain from external suppliers. In today’s aviation production industry, several POA holders may obtain parts and products from the same suppliers (the same supplier may supply more than one European POA). This results in an inefficient situation where a supplier must be audited by several POA holders.
To remedy this situation, the EASA issued a Notice of Proposed Amendment (NPA) entitled “Other Party Supplier Control” to allow third parties to fulfill POA holders’ surveillance duties and reduce the duplication of auditing efforts. The NPA proposes to amend GM No. 2 to 21A.139(a), which governs POA holders’ responsibility to assess suppliers, by adding AMC No. 1 and No. 2 to 21A.139(b)(1)(ii). These amendments will allow POA holders to (1) contract with a third party to audit suppliers’ quality systems, or (2) make use supplier certification, whereby a supplier contracts with an appropriately recognized other party for the purpose of obtaining certification.
These two amendments are essentially two ways to ensure the quality of externally supplied parts: third party audit (AMC No. 1) or third party accreditation (AMC No. 2). The following describes the general methods similar to both third party audit and third party accreditation. A POA holder’s use of a third party to assess suppliers must be included in the POA holder’s quality system, and the quality system must be approved by the competent authority. In order to use a third party for supplier assessment, the POA holder must:
1. Include the use of a third party in the POA holder’s quality manual,
2. Include the following in the POA holder’s procedures:
a. The identity of the party to conduct the supplier assessment,
b. A list of suppliers under the third party’s surveillance, and such list must be made available to the competent authority upon request,
c. Methods used by the POA to audit/accredit the third party, including verification that:
i. the third party’s standards are of an acceptable scope,
ii. the third party is qualified to perform its task,
iii. the third party’s surveillance frequency is commensurate with the complexity of the product and with the surveillance frequency established by the POA holder’s suppliers control programme,
iv. the suppliers’ assessment is conducted on-site by the third party, and
v. the third party has access to propriety data at a level of detail sufficient to survey the suppliers functions.
d. An indication of scope of surveillance activities that the third party will perform, with an identification of any activities which the POA holder will continue to perform.
In addition, AMC No. 1 which governs third party audits, requires the POA holder to establish procedures used by the third party to notify the POA holder of the discovery of any nonconformities, corrective actions taken, and any follow-up necessary. AMC No. 2, which governs third party accreditation, requires the third party to maintain a list of certified suppliers or provide the suppliers with a certificate identifying that the necessary requirements have been met. The POA holder is also required to put procedures in place:
1. that ensure that the POA holder is aware of the loss of an existing certification,
2. that ensure that the POA holder is aware of nonconformities and has access to information about any such nonconformities, and
3. to evaluate the consequences of nonconformities and take appropriate action.
EASA’s NPA could reduce the number of redundant audit that parts suppliers incur. But there may be a period of adjustment as POA holders seek out third parties to audit and accredit suppliers, and there may be POAs that will not trust third parties to accomplish such audits. Additionally, it would change the current relationships between POA holders and their suppliers.
The NPA is open for public comment through April 23, 2010. Click here to review the NPA.