Certificate of Conformance

A Certificate of Conformance (CoC) is the supplier’s formal statement that the delivered product meets the defined requirements. In defense, aerospace, and other regulated manufacturing environments, that statement is only useful if it is traceable to objective evidence: material pedigree, controlled processes, inspection results, and flowed-down customer requirements. A “one-page CoC” can be perfectly acceptable—or it can be a serious risk—depending on whether it correctly ties the shipment to the underlying manufacturing and quality records.

For buyers and program teams sourcing complex parts (e.g., additive manufacturing (AM) hardware with HIP and precision machining), the CoC is a key control point: it is what your receiving inspection uses to accept the lot, what your quality team uses to close out the PO, and what your customer may audit months or years later. This article focuses on what to require, how to read it, and how to integrate CoCs into a cert pack and record-retention workflow that stands up to AS9100 expectations, DFARS flowdowns, and high-consequence applications.

What a CoC should include

A procurement-ready CoC is not a marketing document and not a generic “we certify this is good.” It is a controlled quality record that unambiguously identifies what was shipped, what requirements apply, and who is responsible for the declaration of conformity.

At minimum, a CoC should include:

1) Supplier identity and quality system context
Supplier legal name and address, and a contact for quality. If applicable, include quality approvals/certifications (e.g., AS9100 certificate number and scope). If special processes are involved (heat treat, NDE, coating), the CoC should identify that those processes were performed by approved sources per the purchase order flowdowns; NADCAP accreditation is typically referenced in the supporting certs rather than asserted on the CoC alone.

2) Customer and order traceability
Customer name, purchase order (PO) number, line item, and any contract identifiers that control technical and regulatory flowdowns (e.g., program ID, ITAR marking requirements, DFARS clauses). For long-running programs, include the customer part number and internal cross-reference where applicable.

3) Product identification
Part number, part name/description, drawing/model revision, and quantity shipped. If your workflow uses serialization or lot/batch numbers, list them explicitly. For AM and PM-HIP components, a lot identifier that ties back to the build, powder batch, and HIP cycle is often more important than a generic work order number.

4) Applicable requirements and specifications
Reference the controlling drawing, specification, and revision level (including any customer or internal specs called out on the PO). This is where many CoCs fail: they cite a part number but omit the revision and therefore do not clearly state what “conformance” means.

5) Material and process traceability identifiers
A CoC should provide enough identifiers to pull the objective evidence quickly. Typical identifiers include material heat/lot number, powder batch number (for powder bed fusion), HIP lot or cycle ID, heat treat batch ID, plating/anodize lot, and NDE report numbers. You do not need to attach every report to the CoC itself, but you should reference them in a way that allows a buyer to reconcile the chain of custody without ambiguity.

6) Statement of conformity (clear and specific)
A concise statement that the supplied items conform to the requirements listed on the PO/drawing/specs. Avoid vague language (“built to industry standards”) and require specificity (“conforms to customer drawing X, rev Y, and PO Z requirements”). If deviations exist, they should be clearly disclosed and tied to approved concessions/waivers.

7) Authorized signature and accountability
Name, title, signature (digital or wet per your agreement), and date. For regulated supply chains, ensure the signer is authorized within the supplier’s quality system (e.g., quality manager or delegated authority). A missing signature or an “initials only” signature is a common receiving hold point.

8) Country of origin / DFARS domestic melt considerations (when required)
If your contract includes DFARS specialty metals restrictions or domestic melt requirements, ensure the CoC and/or supporting material test reports (MTRs) provide the required origin and melt source information. Many organizations handle the detailed DFARS evidence in the MTR and include a compliance statement on the CoC that references the relevant clause and supporting records.

9) Configuration and change control (when applicable)
For parts that depend on controlled files (e.g., AM build files, scan strategies, parameter sets, machining programs), buyers often require confirmation that the current, approved configuration was used. This is often satisfied by internal traveler records referenced by the CoC rather than reproducing configuration details on the CoC itself.

How it ties to cert packs

In aerospace and defense, the CoC is typically the cover sheet for a broader certification package (“cert pack”). The cert pack is the objective evidence that backs up the CoC statement. Buyers should treat the CoC as a map: it should point to the specific reports, lot numbers, and inspection results that prove conformity.

Typical cert pack contents (as applicable):

Material pedigree
Material Test Reports (MTRs)/mill certs for bar/plate/forging, powder certificates for AM feedstock (chemistry, particle size distribution, morphology if specified), and incoming inspection/receiving records. For powder bed fusion (PBF) builds, powder reuse controls and blending records are often critical; buyers may request the powder batch ID(s) used per build and the supplier’s reuse policy.

Process certifications
Heat treat records (furnace charts, batch IDs, quench details as applicable), Hot Isostatic Pressing (HIP) cycle certification (pressure/temperature/time, lot ID), and post-processing records (stress relief, solution/age, hot isostatic pressing for AM porosity reduction). If the part is made via PM-HIP (powder metallurgy followed by HIP densification), include capsule ID (if used), powder lot, HIP lot, and any subsequent heat treatment.

Special process and finishing certs
Coating/plating/anodize/chemical conversion coating certifications and lot traceability, and evidence of using approved processors when required. If NADCAP is mandated by the prime/customer, the cert pack should include the processor cert and/or references to accreditation scope where applicable.

Inspection and test evidence
Dimensional inspection results (CMM reports, first-piece inspection summaries, in-process and final inspection records), surface finish measurements, hardness, density verification (where required), and NDE results. For internal features common to AM (lattice structures, conformal cooling, internal channels), buyers may require CT scanning reports to verify internal geometry and detect lack-of-fusion defects. For welds or cast-like geometries, other NDE methods may apply (PT/MT/UT/RT), and the cert pack should identify the technique, acceptance criteria, and personnel qualifications.

FAI/FAIR when required
For many aerospace customers, an AS9102 First Article Inspection Report (FAIR) is required at initial production, after significant changes, or per customer trigger events. The CoC should not be used as a substitute for a FAIR; instead, it should reference that a FAIR is included or already approved for that configuration.

Traceability and traveler records
Internal routers/travelers that demonstrate controlled execution: AM build record, powder handling logs, machine ID, parameter set revision, build plate ID, in-situ monitoring references (if used), depowdering/cleaning steps, HIP/heat treat batch records, and CNC machining operations (including 5-axis machining setup verification where critical). Buyers typically do not need every internal sheet, but they should require that the supplier can produce them under audit and that the CoC references the key lot IDs to retrieve them quickly.

Step-by-step: how successful programs connect AM + HIP + machining to the CoC
Step 1: RFQ and flowdowns — Buyer specifies drawing/spec revision, acceptance criteria, and required records (MTR, powder cert, HIP cert, heat treat, NDE, CMM, CT, FAIR). Regulatory flowdowns (ITAR handling, DFARS specialty metals, counterfeit prevention) are documented on the PO.
Step 2: Build and lot definition — Supplier assigns a build ID and lot structure that links each serialized part to the build, powder batch(es), and machine/parameter set. Deviations are documented and dispositioned.
Step 3: Post-processing — Stress relief and/or HIP are performed under controlled batches. Batch IDs are recorded and tied to the part/lot. If HIP is used to close AM porosity, buyers often expect a HIP cycle certification and clear indication of which parts were in that cycle.
Step 4: Machining and finishing — Critical-to-function surfaces are machined (often 5-axis), and any finishing processes are applied by approved sources. Tooling/fixturing controls and in-process inspection checkpoints are recorded.
Step 5: Inspection and release — Final inspection, CMM, and required NDE/CT are completed with report numbers tied to the shipment. The CoC is generated as the final declaration that the shipped quantity conforms and is traceable to the cert pack evidence.

Typical issues and red flags

Most receiving holds and audit findings related to CoCs are preventable. Buyers can reduce risk by defining CoC requirements in the PO and then consistently verifying them at receipt.

Common CoC problems buyers should flag:

Missing or incorrect revision control
A CoC that omits drawing/spec revision, lists an outdated revision, or references the wrong part number is a configuration management failure. For AM parts where build files and parameter sets matter, revision mistakes can lead to non-conforming microstructure, density, or geometry.

Vague conformity statements
Language such as “conforms to applicable requirements” without stating what those requirements are is not procurement-ready. Require explicit references to the PO and controlling documents.

Broken traceability chain
Examples include: powder batch listed on the powder cert does not match the build record; HIP lot listed on the HIP cert doesn’t match the traveler; parts are mixed across builds/lots without clear segregation; or material heat numbers are missing. Traceability breaks are especially high-risk for flight/mission-critical hardware.

Quantity/serialization discrepancies
CoC says 10 pieces shipped, packing list shows 9, or serial numbers are missing/duplicated. Treat this as a control failure; it can affect downstream maintenance, fielding, and recall actions.

Unapproved special processors
If the PO requires approved/NADCAP-accredited processing and the cert pack shows an unapproved source (or no source at all), do not accept on the basis of a CoC statement alone.

“Certificate stacking” without evidence
Some suppliers reference standards (AS9100, NADCAP, ITAR compliance) as blanket claims on the CoC. Those claims do not replace objective evidence: accreditation scope, purchase order flowdowns, controlled handling, and process records.

Altered or uncontrolled documents
Hand-edits, overwriting, missing document identifiers, or inconsistent formatting can indicate the CoC is not issued from a controlled system. In regulated programs, uncontrolled records can become a major audit nonconformance.

Inspection results that do not match requirements
Watch for mismatched units, missing acceptance criteria references, outdated inspection plans, or “pass” statements without measurable data where variable data is required. For AM internal geometries, ensure the inspection method (e.g., CT scanning) and acceptance criteria are clearly identified.

Industry expectations

Expectations vary by customer and criticality, but aerospace and defense buyers generally align on the same themes: traceability, controlled processes, and auditable records. A CoC should fit cleanly into that ecosystem.

AS9100-aligned quality management
AS9100 environments emphasize document control, configuration management, product identification and traceability, control of externally provided processes, and retention of documented information. Buyers should expect the CoC to be a controlled output from the supplier’s QMS, backed by retained records for the full retention period.

AS9102 FAIR triggers
When first articles are required, industry expects a formal FAIR package with ballooned drawings and characteristic accountability. The CoC then certifies that subsequent production lots conform to the same approved configuration and controlled processes, unless changes trigger a partial or full re-FAI.

NADCAP and special process control
Where special processes are invoked (heat treat, NDE, coatings), primes often require NADCAP-accredited sources and documentation that the correct process specification and revision were used. The CoC is the top-level declaration; the cert pack is where the special process certifications and lot details live.

Defense flowdowns: ITAR, DFARS, counterfeit prevention
A CoC should not expose controlled technical data, but it should support compliance. Buyers commonly require:
ITAR handling — clear marking and controlled distribution of cert packs; limiting data to authorized parties; and ensuring records storage meets access-control expectations.
DFARS clauses — especially for specialty metals and sourcing restrictions, where melt source and origin may be required.
Counterfeit risk mitigation — particularly relevant for fasteners, raw material, and serialized components; traceability to original manufacturers and documented inspections where applicable.

AM-specific maturity expectations
For PBF/DMLS/SLM parts, mature suppliers can provide build records, powder batch controls, machine calibration/maintenance status, and post-processing traceability (HIP/heat treat) with minimal friction. Buyers increasingly expect AM suppliers to treat build parameters and post-processing as controlled processes, not artisanal know-how.

How to store records

A CoC is only as valuable as your ability to retrieve it—along with its supporting objective evidence—during audits, failure investigations, or customer returns. Record retention needs to be designed into the workflow, not handled as an afterthought.

Define retention requirements at contract time
Retention periods can vary by customer, part criticality, and contract. Defense and aerospace programs commonly expect multi-year retention, and some applications require very long retention for life-of-program support. Buyers should specify required retention duration and the expectation that records remain readable and retrievable.

Control access and distribution (especially for ITAR)
If the CoC or cert pack contains export-controlled information or data that could be considered technical data, ensure storage systems enforce access controls, audit logs, and role-based permissions. Even when the CoC itself is not technical data, the associated drawing references, process specs, and inspection reports may be sensitive.

Use a structured, searchable record system
At minimum, store CoCs and cert packs with consistent metadata: customer, PO, part number, revision, lot/build ID, serial numbers, ship date, and key process lot IDs (HIP/heat treat/NDE). This enables rapid retrieval without relying on tribal knowledge.

Maintain document integrity
Use controlled PDFs, digital signatures where appropriate, and version control. Ensure that reissued CoCs are clearly labeled as revisions, with a reason for reissue and linkage to the original shipment.

Backups and survivability
Implement backup and disaster recovery plans appropriate to the business risk. Losing cert packs can create immediate deliverability issues on follow-on orders and can become a contractual problem during audits.

Supplier record availability under audit
Buyers should ensure the supplier contractually commits to record availability and timely response. A best practice is to require that, upon request, the supplier can produce the full cert pack for a given serial number or lot within a defined timeframe.

Template checklist

Use the checklist below as a practical template for RFQs, POs, and receiving inspection. Tailor it to part criticality and customer flowdowns.

CoC identification and control
□ Supplier legal name/address and quality contact
□ Unique CoC number and issue date (controlled document)
□ Authorized signer name/title/signature

Order and configuration traceability
□ Customer PO number and line item
□ Part number and description
□ Drawing/model/spec revision listed (not just “latest”)
□ Quantity shipped matches packing list
□ Serial numbers and/or lot numbers listed (when required)

Material traceability
□ Material specification and condition (if applicable)
□ Heat/lot number (wrought/forged/cast) and MTR reference
□ For AM/PBF: powder batch ID(s) and powder cert reference
□ DFARS/specialty metals compliance statement if flowed down, with supporting record reference

Process traceability (as applicable)
□ AM build ID/machine ID/parameter set revision referenced (as required by contract)
□ HIP certification referenced (cycle ID and lot)
□ Heat treat certification referenced (batch ID, spec, revision)
□ CNC machining traveler/operation completion referenced for final configuration
□ Special process certifications referenced (coating/plating/anodize), including processor identity

Inspection and test evidence (as required)
□ CMM/dimensional report numbers referenced; acceptance criteria identified
□ NDE reports referenced (PT/MT/UT/RT) with spec and acceptance criteria
□ CT scanning report referenced for internal features/defect detection when required
□ FAIR/AS9102 included or on file when required

Conformity statement and exceptions
□ Explicit statement of conformity to PO + drawing/spec revision
□ Any deviations clearly disclosed and tied to approved concessions/waivers

Record retention and accessibility
□ Retention period defined in PO/contract
□ Cert packs stored with searchable metadata (PO, part, rev, lot/build, serials)
□ Access controls and distribution rules defined for ITAR/controlled programs

When buyers consistently require this level of clarity, suppliers respond by tightening lot structure, strengthening traceability, and issuing CoCs that are genuinely auditable. The result is fewer receiving holds, faster closeout, and substantially lower program risk—especially for complex workflows that combine AM, HIP/PM-HIP densification, precision machining, and rigorous inspection.