Certifications and Registrations

ISO 9001:2015 is an international standard that outlines the requirements for a Quality Management System (QMS). Organizations that follow this standard must demonstrate their ability to consistently provide products and services that meet customer and regulatory requirements. The seven principles of ISO 9001:2015 are customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision-making, and relationship management.

AS9100:2016 is the latest aerospace quality standard, based on ISO 9001:2015. It includes requirements specific to the industry and helps ensure the safety, reliability, and quality of products/services. Organizations use it to meet regulatory/customer needs, covering risk/supply chain management areas. AS9100 is recognized globally and required by many customers/suppliers. It’s a benchmark for improving quality performance, and implementing it can reduce costs, increase productivity, and improve customer satisfaction.

ISO 13485 is an international standard that details the requirements for developing, maintaining, and enhancing a quality management system for medical devices. This standard is intended for companies that design, produce, or supply medical devices, including manufacturers, suppliers, and distributors. Obtaining ISO 13485 certification implies that a company has met the standard’s strict requirements, which include risk management, design and development, production, storage, distribution, and post-market surveillance. This certification confirms that the company produces safe and effective medical devices that adhere to regulatory requirements. Additionally, companies with ISO 13485 certification demonstrate their commitment to providing high-quality products and services to their customers.

DFARS/NIST compliance is a standard that applies to organizations that handle government data, such as IT providers, manufacturers, and government contractors. The Defense Federal Acquisition Regulation Supplement (DFARS) requires contractors to comply with specific information security requirements. Specifically, DFARS clause 252.204-7012 mandates compliance with NIST (National Institute of Standards and Technology) SP 800-171, which details a set of security controls for protecting Controlled Unclassified Information (CUI) processed or stored on nonfederal systems. A contractor considered DFARS/NIST compliant has met all the security requirements and has implemented the necessary controls to ensure data protection by DFARS and NIST SP 800-171 standards.

ITAR compliance refers to regulations governing the export and transfer of defense articles, defense services, technical data, and other items listed on the United States Munitions List. The U.S. State Department’s Directorate of Defense Trade Controls (DDTC) enforces these regulations designed to protect U.S. national security and foreign policy interests.

To be ITAR compliant, companies must register with the DDTC, have internal compliance programs in place, and ensure that any employees with access to controlled technical data or other items are U.S. citizens or have been granted proper security clearances.