Certificate of Conformance

A Certificate of Conformance (CoC) is a formal supplier statement that delivered parts, materials, or assemblies meet specified requirements: drawing, specification, purchase order, and any associated quality clauses. In defense and aerospace manufacturing, the CoC is not a courtesy document—it is a contractual deliverable that ties the hardware to its traceability chain and serves as the first thing a receiving inspector or quality auditor checks.

For buyers and program teams sourcing complex parts (e.g., additive manufacturing (AM) hardware with HIP and precision machining), the CoC is a key control point: it confirms that the entire process chain—from powder lot to final inspection—was executed under controlled conditions and that objective evidence exists to back up the conformance claim.

This guide covers what a CoC must include, what makes it procurement-ready, how it connects to the broader certification pack, and what to watch for when reviewing CoCs from suppliers.

What a CoC must include

A complete, defensible CoC should contain enough information for a quality professional to verify that the delivered items meet requirements without guessing. At minimum, it should address:

1) Part identification
Part number, drawing revision, and nomenclature. If the PO calls out a specific configuration or dash number, the CoC should match exactly. For serialized parts, list each serial number; for lot-controlled parts, list the lot or batch number.

2) Purchase order and specification references
PO number, line item, and any referenced specifications (material specs, process specs, industry standards such as AMS, ASTM, or customer-specific quality clauses). The CoC should state compliance to each requirement explicitly, not generically.

3) Quantity and condition
Number of pieces delivered and their condition (e.g., “machined and finished per drawing,” “HIP + heat treated to condition X”). For AM parts, stating the post-processing state is critical because the same alloy can have very different properties depending on whether it was stress-relieved only, HIPed, or HIPed + heat treated.

4) Material traceability
Reference to the material certification (chemistry and mechanical properties as applicable). For AM components, traceability should extend to the powder lot(s) used in the build, including any blending or reuse records. For wrought or forged starting stock, reference the mill cert or heat lot.

5) Special process certifications
If the part underwent special processes (heat treatment, HIP, anodizing, plating, shot peening, NDE, etc.), the CoC should reference the applicable process certifications and, where required, confirm NADCAP accreditation status for those processes. If outside processing was used, the subcontractor’s certifications should be traceable.

6) Inspection and test results
Reference to the inspection report (CMM, dimensional, NDE, hardness, etc.) and a statement that all inspection results meet drawing requirements. For first article deliveries, reference the AS9102 First Article Inspection (FAI) report.

7) Compliance declarations
Explicit statements for ITAR handling (if applicable), DFARS compliance (specialty metals, country-of-origin, etc.), and any other contractual flowdowns. These should not be generic boilerplate—they should reference the specific clauses called out in the PO.

8) Authorized signature and date
A CoC must be signed (or electronically authenticated) by an authorized representative of the supplier’s quality organization, with a date of issuance.

Why the CoC matters more than it seems

In routine production, the CoC can feel like a formality. But in regulated manufacturing—especially defense and aerospace—it carries real weight:

It is a legal declaration. The CoC states that the supplier’s quality system verified conformance. If parts are later found nonconforming, the CoC is part of the accountability chain. Inaccurate or incomplete CoCs can trigger corrective action requests (CARs), supplier suspensions, and, in defense contexts, contractual consequences.

It is the first thing receiving inspects. A missing, incomplete, or inconsistent CoC can hold up receiving, delay MRB review, or trigger a quality escape investigation. For time-sensitive programs, a clean CoC accelerates acceptance and reduces handling time.

It ties the cert pack together. The CoC is the “cover page” for the certification pack (material certs, special process certs, inspection reports, traceability records). Without a clear CoC that references each supporting document, the cert pack is a collection of disconnected paperwork.

It enables downstream traceability. If a field failure or fleet action occurs years later, the CoC and its referenced records are how the affected parts are identified, the manufacturing history is reconstructed, and the root cause investigation begins. Incomplete records at this stage are costly and damaging.

CoC for AM, HIP, and machined parts

When the manufacturing route includes additive manufacturing, HIP or PM-HIP components, heat treatment, and precision CNC machining, the CoC must address a longer and more complex process chain than a conventionally machined part. Each step adds traceability requirements and potential failure modes that the CoC should confirm were controlled.

Powder lot traceability
The CoC should reference the material certification for the powder lot(s), including chemistry, particle size distribution (PSD), and any reuse/blending records. If multiple powder lots were used in a single build, each should be listed. This is especially important when DFARS specialty metals clauses apply.

Build identification
For AM parts, the CoC should tie each part (by serial or lot) to a specific build ID, machine, and build date. This supports configuration control and allows investigation if a build-related issue emerges after delivery.

Post-processing steps and sequence
The CoC should confirm that stress relief, HIP, heat treatment, and machining were performed in the correct sequence and under controlled conditions. If any step was outsourced (e.g., HIP at a third-party facility), the CoC should reference the subcontractor’s certifications and confirm traceability back to the part serial/lot.

Inspection gates
For complex AM workflows, best practice includes in-process inspection gates (e.g., post-HIP dimensional check, post-machining CMM, CT scanning if required). The CoC should confirm that all required inspection gates were passed, not just end-of-line inspection.

NDE results
If nondestructive evaluation was performed (penetrant testing, CT scanning, ultrasonic, etc.), the CoC should reference the NDE report(s) and confirm that results met acceptance criteria. For CT scanning, the report should include indication criteria and resolution basis.

What makes a CoC “procurement-ready”

Not all CoCs are created equal. A procurement-ready CoC is one that can pass receiving inspection, satisfy a quality audit, and support downstream traceability without requiring follow-up questions or additional documentation requests.

Checklist for a procurement-ready CoC:

• Part number and revision match the PO and drawing exactly. No handwritten corrections, no mismatches between the CoC and the accompanying inspection report.
• PO number and line item are stated. For multi-line POs, each line item should be traceable to the corresponding CoC entry.
• Material certification is referenced and matches. The alloy, spec, and lot number on the CoC should agree with the material cert. For AM, powder lot(s) should be traceable.
• All special processes are listed and certified. Each special process should reference the applicable spec and, where required, confirm NADCAP or other accreditation. Outsourced processes should name the processor and their cert status.
• Inspection results are referenced and conforming. The CoC should state that inspection was performed per the drawing and that all characteristics are within tolerance. Reference the inspection report by document number or date.
• Compliance statements are specific, not generic. “ITAR-controlled per DDTC registration” is better than “we comply with all applicable laws.” “DFARS 252.225-7009 compliant; specialty metals traceable to U.S. melt” is better than “DFARS compliant.”
• Authorized signature and date are present. Electronic signatures must meet the supplier’s quality system requirements for authentication and traceability.
• The CoC is legible and version-controlled. If the CoC format is a controlled form within the supplier’s QMS, it should show a form number and revision. This helps auditors verify that the supplier is using a current, approved template.

Common problems with CoCs

Procurement and quality teams encounter recurring issues that, while often minor individually, can accumulate into systemic supplier management problems:

1) Generic compliance statements
“All items conform to requirements” without referencing which requirements. This makes it impossible to audit what was actually verified. Fix: require the CoC to list each governing document (drawing, spec, PO clause) and state compliance against each.

2) Missing or incomplete material traceability
For AM parts, this is especially common when powder lot records are not tied to specific builds. If a supplier delivers parts from multiple builds but only references one powder lot, ask whether lot segregation or lot identifier that ties back to the build, powder batch, and HIP cycle is often more important than a generic serial number.

3) Unsigned or undated CoCs
An unsigned CoC has no legal standing and no accountability. Electronic signatures are acceptable but must be authenticated and traceable within the supplier’s quality system.

4) Mismatched revision levels
The CoC references drawing revision B, but the inspection report was done against revision C. This creates a configuration disconnect that must be resolved before acceptance.

5) Missing special process references
If the part was heat treated or HIPed but the CoC does not reference the process or the processor’s accreditation, the buyer cannot verify that the step was controlled. This is a common audit finding.

6) No reference to inspection data
A CoC that claims conformance without referencing an inspection report leaves the buyer with no way to verify. Even a brief reference (“Per CMM Report #XYZ, dated MM/DD/YYYY, all characteristics conform”) adds substantial traceability value.

7) Boilerplate ITAR/DFARS statements
Generic export compliance language that does not reference the specific PO clauses or DFARS provisions can be flagged in audits and may not satisfy contract requirements.

How to specify CoC requirements in an RFQ

The best time to define CoC requirements is at the RFQ stage, not at receiving. Including clear expectations in the RFQ and PO helps suppliers prepare compliant documentation from the start and reduces back-and-forth at delivery.

What to include in your RFQ/PO quality clause for CoC:

1) Required CoC content
List the minimum fields: part number, revision, PO reference, quantity, serial/lot numbers, material cert reference, special process certs, inspection report reference, compliance statements, and authorized signature.

2) Material traceability requirements
Specify what must be traceable: heat/lot for wrought, powder lot for AM, and any special requirements for blending or reuse documentation. If DFARS specialty metals apply, require traceability to country of melt/origin.

3) Special process documentation
List which special processes require certification references on the CoC and whether NADCAP or equivalent accreditation is required. Include heat treatment, HIP, NDE, plating, anodizing, shot peening, and any program-specific processes.

4) Inspection deliverables
Define what inspection data must accompany the CoC: dimensional report (CMM), NDE report(s), CT scan report (if applicable), FAI (if first article), and any test data (hardness, tensile, etc.).

5) Compliance declarations
Specify the exact ITAR, DFARS, and any other regulatory/contractual compliance statements required. Provide clause numbers and require the supplier to respond specifically, not generically.

6) Record retention
State the required record retention period and how records should be maintained (electronic, hard copy, access controls). For defense programs, retention may be 7–10+ years depending on contract.

7) Rejection criteria
State that incomplete, inaccurate, or unsigned CoCs are grounds for rejection or hold at receiving. This sets expectations and prevents late-stage disputes.

CoC within the certification pack

The CoC is the lead document in a broader certification pack (also called a data package or cert pack). For aerospace and defense parts, the full pack often includes:

• Certificate of Conformance (CoC) — the lead summary document stating overall compliance.
• Material certification(s) — chemistry, mechanical properties, heat/lot or powder lot traceability.
• Special process certifications — HIP, heat treat, plating, anodize, shot peen, etc., with processor name and accreditation references.
• Inspection report(s) — CMM dimensional data, NDE results (PT, CT, UT as applicable), hardness records, test coupons.
• First Article Inspection (FAI) — AS9102 report if required (typically for first production unit, new process, or design change).
• Traceability records / travelers — linking part serial/lot to each processing step, powder lot, HIP/heat treat batch, machining setup, and inspection.
• Compliance declarations — ITAR, DFARS, country-of-origin, and any program-specific flowdowns.
• Packaging and shipping records — if required by the PO (e.g., MIL-STD packaging, desiccant, humidity indicators).

The CoC ties all of these together. It should cross-reference each document so an auditor can follow the chain from the CoC to the supporting evidence without searching.

Practical tips for buyers

1) Review the CoC before accepting hardware. A quick check at receiving can catch mismatches, missing signatures, and incomplete references before parts are distributed to production.

2) Compare CoC content against PO requirements. Specifically, confirm that each PO quality clause has a corresponding statement or reference in the CoC and supporting documentation.

3) Verify material traceability end to end. For AM parts, trace from the CoC to the material cert to the powder lot record to the build ID. Any gaps represent a configuration or compliance risk.

4) Audit special process references. Confirm that each special process named on the CoC (a) was required by the drawing/spec, (b) references a controlled procedure and accreditation where needed, and (c) has supporting records (furnace charts, test coupons, NDE reports).

5) Flag generic compliance language early. During supplier onboarding or first article review, request specific compliance statements aligned to your PO clauses. This prevents boilerplate from becoming a recurring issue.

6) Use the CoC as a supplier management tool. CoC quality is a leading indicator of supplier discipline. Consistent, complete, accurate CoCs correlate with suppliers who have strong internal process control and configuration management.

7) Retain CoCs and cert packs per program requirements. For defense programs, these records are often required for the life of the program plus a defined retention period. Ensure your records management system can retrieve them efficiently if a fleet action, audit, or investigation occurs.

A well-executed CoC is not just paperwork—it is the documented proof that a part was manufactured, inspected, and delivered under controlled conditions. For programs that depend on traceability, configuration control, and regulatory compliance, the CoC is the last line of quality defense before hardware enters service. Getting it right starts at the RFQ and carries through every step of the manufacturing workflow. This is especially important in modern workflows that combine AM, HIP/PM-HIP densification, precision machining, and rigorous inspection.

Explore Our Capabilities

Learn more about how Metal Powder Supply supports aerospace and defense manufacturing:

• Additive Manufacturing
• CNC Machining & Finishing

Need a quote or have questions about your project? Request a quote or contact our team to discuss your requirements.