Tungsten Blog

EASA Part 21J Audit Readiness: A Practical 10-Point Checklist for Design Offices

Audit readiness is not a one-week scramble. Use this 10-point Part 21J checklist to tighten traceability, approvals, and evidence control before your next authority review.
Insight article 18 May 2026By Tungsten
Back to blog 18 May 2026

Most Part 21J teams do not fail audits because of weak engineering.

They struggle because evidence is fragmented, approvals are hard to verify, and traceability takes too long to prove under pressure.

When audit preparation starts too late, small process gaps become expensive fire drills.

This guide gives you a practical 10-point checklist you can apply now to reduce rework and walk into your next review with confidence.

Why Audit Readiness Is an Ongoing Process

Audit readiness is not just about having documents.

It is about demonstrating control over:

  • What changed
  • Why it changed
  • Who approved it
  • Which evidence supports it

If your team cannot answer those four questions quickly and consistently, risk rises even when technical work is strong.

The 10-Point Part 21J Audit Readiness Checklist

1) Single Source of Truth for Controlled Documents

Every controlled document should live in one governed location, not across inboxes, local folders, and shared drives.

Verify

  • Teams use one canonical repository for active certification artefacts
  • Legacy copies are read-only or archived
  • Every file has a clear owner and classification

2) Revision Integrity Across the Full Package

A revision ID must mean the same thing everywhere: file metadata, approval record, exports, and references.

Verify

  • Revision labels are generated or enforced centrally
  • Cover pages, headers, and approval records agree on revision and date
  • Post-approval edits trigger a new revision and approval cycle

3) Requirement-to-Evidence Traceability Closure

Traceability must connect requirements to design outputs, verification evidence, and status.

Verify

  • Every requirement links to design and verification artefacts
  • No unresolved requirement paths remain before release
  • Matrix exports are reviewable without manual reconstruction

4) Role-Based Approval Control

Approvals are valid only when the right role approves the right revision at the right time.

Verify

  • Authority matrix is current and explicitly documented
  • Approval events are tied to immutable revision identifiers
  • Delegation and temporary authority changes are recorded

5) Complete and Retrievable Supporting Evidence

Claims without accessible evidence are audit liabilities.

Verify

  • Every critical claim references an attached, retrievable artefact
  • Evidence links resolve without broken paths or permissions issues
  • Required artefact types are present for each compliance area

6) Consistent Terminology, Units, and Naming

Terminology drift creates ambiguity and slows reviewer confidence.

Verify

  • Shared glossary is maintained and applied in templates
  • Units and symbols are standardized for repeated parameters
  • Naming conventions are enforced for documents and sections

7) Time-Stamped Activity and Decision Logs

You should be able to reconstruct key decisions in minutes, not hours.

Verify

  • Material actions are captured with actor, timestamp, and context
  • Decision rationale is linked to affected artefacts
  • Log retention supports full program lifecycle needs

8) Structured Pre-Submission Quality Gates

Teams need hard gates that prevent avoidable errors from reaching final export.

Verify

  • Exports are blocked on missing approvals or missing evidence
  • Cross-reference checks run before package freeze
  • Gate failures are visible, assigned, and tracked to closure

9) Repeatable Audit Drill Workflow

Practice lowers risk. A documented audit drill makes real reviews far less disruptive.

Verify

  • Team can run a mock evidence request in a timed exercise
  • Roles are clear for retrieval, validation, and response ownership
  • Post-drill findings become process improvements, not one-off fixes

10) Governance Metrics for Early Warning Signals

What gets measured gets fixed earlier.

Verify

  • You track approval latency, traceability gaps, and rework events
  • Trends are reviewed monthly by project and organisation
  • Threshold breaches trigger preventive action, not just reporting

A 30-Day Implementation Plan

You do not need a full process overhaul to improve readiness quickly.

Use a focused 30-day sprint:

  1. Week 1: baseline current gaps against the 10 points
  2. Week 2: standardize revision and approval controls
  3. Week 3: close traceability and evidence retrieval gaps
  4. Week 4: run one timed audit drill and capture improvements

This creates a practical foundation your team can iterate every month.

Common Mistakes to Avoid

  • Treating audit readiness as a last-minute documentation task
  • Keeping approvals in disconnected email threads
  • Allowing traceability exceptions to linger after milestone reviews
  • Measuring volume of documents instead of quality of evidence chains

Fixing these four patterns alone usually improves audit outcomes fast.

What Good Looks Like in Practice

A high-performing Part 21J team can answer authority questions with minimal friction:

  • "Show revision history for this certification artefact"
  • "Who approved this change and under what authority?"
  • "Where is the linked verification evidence for this requirement?"

When your system can answer those instantly, audits become verification exercises, not crisis events.

Final Takeaway

Audit readiness is not paperwork overhead.

It is operational discipline that protects timelines, reduces rework, and strengthens confidence with authorities.

Start with the 10-point checklist, run a 30-day sprint, and institutionalize the process before the next formal review window opens.

Article details

Written for working certification teams

Published

18 May 2026

Author

Tungsten

Focus

Document control, approval workflows, and audit-readiness for Part 21J design offices.

See the workflow in context

Replace document chaos with a structured review flow.

Tungsten is built for design offices that need cleaner approvals, tighter records, and less time lost to spreadsheet drift.

Book a Demo Start Free Trial

Keep reading

More guidance for certification teams working through document control, review cycles, and compliance evidence.
Archive15 May 2026

The Hidden Cost of Spreadsheet-Based Document Control in EASA Part 21J Design Offices

Most Part 21J design offices still manage certification documents with spreadsheets and shared drives. Here's what that's actually costing you — and why the switch to structured workflows pays for itself within weeks.

Read article
Archive9 May 2026

Why EASA Rejects Design Certifications: 7 Common Submission Errors and How to Avoid Them

Most EASA submission rejections are not engineering failures. They are documentation and traceability failures. Here are the seven most common causes and how Part 21J teams can prevent them.

Read article

© 2026 Altus Aeronautica Ltd. Built for aerospace engineers, by aerospace engineers.