IATF 16949:2016 Automotive Quality Management System

IATF 16949:2016 is the global technical specification and quality management standard for the automotive industry. Based on ISO 9001:2015, it was published in October 2016 and replaces ISO/TS 16949. It is designed to be used in conjunction with ISO 9001:2015 and contains supplemental requirements specific to the automotive industry rather than being a standalone QMS. It specifies the requirements for establishing, implementing, maintaining, and continually improving a QMS for any organization, in the automotive industry regardless of size. It brings together standards from across Europe and the US. IATF 16949:2016 outlines everything you need to know about achieving best practices when designing, developing, manufacturing, installing, or servicing automotive products. ISO/TS 16949 from 2009, a technical specification for automotive sector quality management systems, has become one of the most widely used international standards in the automotive industry, harmonizing the different assessment and certification systems in the global automotive supply chain. On October 3, 2016, IATF 16949:2016 was published by the IATF and therefore supersedes and replaces the current ISO/TS 16949:2009, defining the requirements of a Quality Management System for organizations in the automotive industry.  This means that organizations in the automotive industry seeking IATF 16969 certification must also comply with ISO 9001:2015. QMS is a collection of policies, processes, documented procedures, and records. This collection of documentation defines the set of internal rules that will govern how your company creates and delivers your product or service to your customers. The QMS must be tailored to the needs of your company and the product or service you provide, but the IATF 16949 standard provides a set of guidelines to help make sure that you do not miss any crucial elements that a QMS needs to be successful.  It is intended to be used by organizations of any size or industry and can be used by any company. As an international standard, it is recognized as the basis for any company to create a system to ensure customer satisfaction and improvement, and as such, many companies demand this as the minimum requirement for an organization to be a supplier.  The goal of the standard is the development of a QMS that:

  • Provides for continual improvement
  • Emphasizes defect prevention
  • Includes specific requirements and tools from the automotive industry
  • Promotes the reduction of variation and waste in the supply chain

Changes from ISO/TS 16949:2009 to IATF 16949:2016

The new standard is based on Annex SL – the new high-level structure. This is a common framework for all ISO management systems. This helps to keep consistency, align different management system standards, offer matching sub-clauses against the top-level structure, and apply common language across all standards. It will be easier for organizations to incorporate their QMS into core business processes and get more involvement from senior management. IATF 16949 requires complete conformance to all ISO 9001:2015 requirements and identifies the supplemental automotive management system requirements (which are extensive). The majority of these supplemental requirements are carry-over from ISO/TS 16949:2009 however there have been significant areas of update based on the evolving automotive industry direction. Highlights of the changes include the following:


High-level structure:

The new standard is based on Annex SL – the new high-level structure. This is a common framework for all ISO management systems. This helps to keep consistency, align different management system standards, offer matching sub-clauses against the top-level structure, and apply common language across all standards. It will be easier for organizations to incorporate their QMS into core business processes and get more involvement from senior management. The Plan-Do-Check-Act (PDCA) cycle can be applied to all processes and to the quality management system as a whole. ISO 9001 embraces a new structure by switching from eight clauses to ten clauses in the 2015 revision. This change allows the standard to better align with business strategic direction, become more compatible with other management system standards, and incorporate the Plan-Do-Check-Act approach, as shown below. Unlike ISO/TS 16949 and some other industry-specific standards, IATF 16949 does not contain the ISO 9001:2015 text. The document contains only the automotive-specific additional requirements; however, the organization is still required to comply with ISO 9001:2015. IATF 16949 clarifies that it is a supplement to be used in conjunction with ISO 9001:2015. IATF 16949 shares the same general section headings and clause structure as ISO 9001:2015, without reciting the text. This ensures all IATF 16949 requirements are fully aligned with the ISO 9001:2015 high-level structure. An organization is not required to reflect the new ten-clause structure and terminology in the documentation of their organization’s quality management system. The purpose of the new structure is to provide a clear presentation of the requirements; it is not intended to be a model for documenting an organization’s policies, objectives, and processes.

New Terms

RISK-BASED THINKING

Risk mitigation takes center stage in IATF 16949, as it does in ISO 9001:2015. IATF 16949 adds a number of specific risk-related requirements to minimize the likelihood of failure during new program development and to maximize the potential realization of planned activities. These additions are the result of industry best practices intended to make businesses safer and more stable by identifying and mitigating risk. To ensure risk-based thinking is pervasive throughout the organization, top management needs to be actively engaged. Responsibilities include:

  • Conducting contingency planning reviews
  • Identifying and supporting process owners
  • Participating in the escalation process related to product safety
  • Ensuring achievement of customer performance targets and quality objectives
  • Implementing corporate responsibility initiatives including an anti-bribery policy, an employee code of conduct, and an ethics escalation policy (“whistle-blowing policy”)

IATF 16949 requires that “organizations shall ensure conformance of all products and processes, including service parts and those that are outsourced.” This use of the word “ensure” implies that the organization needs to establish and maintain a system that mitigates the risk of nonconformance throughout the supply chain. The organization is ultimately responsible for all conformity and must cascade all applicable requirements down the supply chain to the point of manufacture. The standard reinforces the concept of a “multidisciplinary approach” throughout the product lifecycle, and particularly during design and development planning activities. IATF 16949 adds additional controls for the management of development projects throughout the cycle, which eventually concludes with a product approval process. As well, the automotive standard adds a large number of requirements to specifically address the development of manufacturing processes. Manufacturing processes may have the same output requirements as those specified for the product; however, customers often require the use of specific Automotive Core Tools, such as capturing and analyzing risk via a PFMEA. These sorts of considerations are included in IATF 16949 in an attempt to mitigate risk even before manufacturing the product or installing the machinery. Survival in the automotive industry requires a continuous change to address internal and external issues. Organizations need to adopt a process to assess the risk of changes and take appropriate action. IATF 16949 requirements to manage changes include:

  • Assessing manufacturing feasibility for changes to existing operations.
  • Evaluating design changes after initial product approval.
  • Reviewing control plans for changes affecting product, manufacturing process, measurement, logistics, supply sources, production volume changes, or risk analysis.
  • Controlling and reacting to changes that impact product realization, including changes caused by the organization, the customer, or any supplier. This includes both permanent and temporary changes.
  • Adjusting the frequency of internal audits based on the occurrence of process changes.

Other sources of risk, such as how to deal with nonconforming outputs, are covered in more detail to ensure suppliers are aligned with their customers.

INTEGRATION OF CUSTOMER-SPECIFIC REQUIREMENTS

IATF 16949 integrates many common industry practices previously found in customer-specific requirements. Integrating these common practices as requirements encourages commonality throughout the industry and aims to reduce the need for extensive customer-specific requirements in these areas. Also important is the clear distinction between customer requirements and customer-specific requirements (CSRs). In IATF 16949, these two terms are defined as follows:

  • Customer Requirements: All requirements specified by the customer (e.g., technical, commercial, product and manufacturing process-related requirements, general terms and conditions, customer-specific requirements, etc.)
  • Customer-Specific Requirements: Interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS Standard.

The new standard more clearly defines these two terms to reduce misunderstandings, and to facilitate the sampling of customer-specific quality management system requirements for effective implementation. For example, the organization needs to review and agree with customer requirements such as packaging manuals and manufacturing process guidelines. However, for customer-specific requirements, organizations need to review and agree after considering the impact on their entire QMS. Here are some examples of areas that were previously customer-specific requirements that are now included in more detail in IATF 16949:

  • Manufacturing feasibility
  • Warranty management
  • Temporary change of process controls
  • Supplier quality management system development
  • Second-party audits
  • Control plan
  • Problem-solving methodologies
  • Control of changes
  • Total productive maintenance
  • Standardized work

FIRST AND SECOND PARTY AUDITOR COMPETENCY

IATF 16949 adds additional requirements for both first and second-party auditors, which include:

  • Organizations shall have a documented process to verify internal auditor competency.
  • When training internal auditors, documented information shall be retained to demonstrate the trainer’s competency with the additional requirements.
  • Organizations shall demonstrate the competency of second-party auditors, and second-party auditors shall meet customer-specific requirements for auditor qualification.
  • This standard also outlines the minimum competencies for auditors, which include:
    • Automotive process approach for auditing, including risk-based thinking
    • Applicable core tools requirements
    • Applicable customer-specific requirements
    • Software development assessment methodologies, if applicable

These changes may require a competence gap analysis followed by additional auditor training and development activities.

PRODUCT SAFETY

Product safety is an entirely new section in the IATF standard, and a transitioning organization must have documented processes for the management of product-safety related products and manufacturing processes. New requirements related to product safety include, where applicable:

  • Special approval of control plans and FMEAs
  • Training identified by the organization or customer for personnel involved in product-safety related products and associated manufacturing processes
  • Transfer of requirements with regard to product safety throughout the supply chain, including customer-designated sources

This clause highlights the fact that a product should perform to its designed or intended purpose without causing unacceptable harm or damage. Organizations must have processes in place to ensure product safety throughout the entire product lifecycle.

MANUFACTURING FEASIBILITY

In the new standard, an organization is required to assess if they are capable of achieving the performance and timing targets specified by the customer, otherwise known as manufacturing feasibility. While ISO/TS 16949 did require this kind of manufacturing feasibility analysis, it did not impose specific requirements. The new standard’s specific requirements include:

  • Using a multidisciplinary approach
  • Performing the analysis for any new manufacturing or product technology and for any changed manufacturing process or product design
  • Validating their ability to make product specifications at the required rate through production runs, benchmarking studies, or other appropriate methods

WARRANTY MANAGEMENT

Based on the increasing importance of warranty management, a new requirement has been added to IATF 16949. When an organization is required to provide a warranty for their product(s), the warranty management process must address and integrate all applicable customer-specific requirements and warranty party analysis procedures to validate No Trouble Found (NTF). Decisions should be agreed upon by the customer, when applicable.

DEVELOPMENT OF PRODUCTS WITH EMBEDDED SOFTWARE

IATF 16949 requirements for products with embedded software reflect the additional challenges as we move toward more of a drive-by-wire world. The standard references embedded software in the requirements for product validation, warranty, and troubleshooting of issues in the field. A product requiring embedded software may need to comply with sourcing-from-origin requirements established by a customer. OEM requirements for sourcing and materials change frequently, and early changes to a program may negatively affect the timing and increase risk. Embedded software is here to stay and the new version of the standard may require companies to look at their purchased parts (now called outsourced components) and identify risks in their current system based on this new focus.

Structure of IATF 16949:2016

The IATF 16949 structure is split into 11 sections. The first three are introductory, with the last seven containing the requirements for the Quality Management System.  The structure is similar to that of ISO 9001:2015. Here is what the seven main sections are about:

Clause 1: Scope

Clause 1 details the scope of the standard and there is a supplementary note to cover products with embedded software.

Clause 2: Normative references

ISO 9000, Quality Management System – Fundamental and vocabulary are referenced and provides valuable guidance.

Clause 3: Terms and definitions

Terms and definitions are contained in ISO 9000:2015 – Quality Management – Fundamentals and vocabulary. The new standard contains additional terms and definitions relevant for the automotive industry including “accessory parts”, “challenge part”, “manufacturing services”, “outsourced processes”, “production shut down”, “special status”, and “total productive maintenance”.

Clause 4: Context of the organization

This section requires the organization to determine its context in terms of the Quality Management System, including interested parties and their needs and expectations. It also defines the requirements for determining the scope of the QMS, as well as general QMS requirements. This is a new clause that establishes the context of the QMS and how the business strategy supports it. The ‘context of the organization’ is the clause that underpins the rest of the new standard. It gives an organization the opportunity to identify and understand the factors and parties in their environment that support the quality management system. Firstly, the organization will need to determine external and internal issues that are relevant to its purpose, i.e. what are the relevant issues, both inside and out, that have an impact on what the organization does, or that would affect its ability to achieve the intended outcome(s) of its management system. It should be noted that the term “issue” covers not only problems that could be the subject of preventive actions, but also important topics for the management system to address, such as any market assurance and governance goals the organization might set. Secondly, an organization will also need to identify the “interested parties” that are relevant to their QMS. These groups could include shareholders, employees, customers, suppliers, statutory and regulatory bodies, and even pressure groups. Each organization will identify its own unique set of “interested parties” and over time these may change in line with the strategic direction of the organization. Next, the scope of the QMS must be determined. This could include the whole of the organization or specifically identified functions. Any supporting outsourced functions or processes will also need to be considered in the organization’s scope if they are relevant to the QMS. You are required to establish, implement, maintain, and continually improve the QMS in accordance with the requirements of the standard. This requires the adoption of a process approach and although every organization will be different, documented information such as process diagrams or written procedures could be used to support this. Product Safety is a new section in the standard. It has enhanced requirements designed to address current and emerging issues that the automotive industry is facing. The standard now lists the documented processes for the management of product safety-related products and manufacturing processes that an organization is required to have.

Section 4.3.1: Determining the scope of the quality management system – supplemental

These requirements were originally included in ISO/TS 16949:2009 Sections 1.1 and 1.2. They have been moved to Section 4 within IATF 16949. The requirement relating to supporting functions was revised to ensure that supporting functions not only address the need to include support functions in the audit but also to ensure that they are included in the scope of the QMS.In addition, any exclusion sought for design and development activities, now in Section 8.3, has to be preserved as documented information. The most important thing to remember is you can only exclude only design( if not applicable) from the scope of QMS all other functions must be included. The requirement relating to supporting functions was revised to ensure that supporting functions not only address the need to include support functions in the audit but also to ensure that they are included in the scope of the QMS. The scope must include support procedures like packing,inspection-testing, distribution, etc.

Section 4.3.2: Customer-specific requirements

Although the need to fulfill and satisfy customer-specific requirements was already mentioned throughout the whole ISO/TS 16949 document, in IATF 16949 this requirement specifically addresses the need to evaluate the customer-specific requirements and include them where applicable in the organization’s quality management system. This means that the supplier would need some sort of process to evaluate each of their customer’s customer-specific requirements and determine exactly how (and where) it applies to their organization’s QMS, as applicable. The organization must have a  Document Evaluation procedure considering customer’s requirements like PPAP, FMEA, APQP, INSPECTION TEST ON REQUEST ETC.

Section 4.4.1.1: Conformance of products and processes

This section ensures that the supplier (organization) is responsible for the conformity of outsourced processes, and all products and processes meet all applicable requirements and expectations of all interested parties. To ensure conformance of all products and processes, the organization would need to take a proactive approach to assess and address risks, and not rely only on inspection. The organization must conduct audits such as product audits, Procedure audits and system audits at the supplier site. The organization must also focus on the training of suppliers t and performance can be monitored by quality rating, delivery ratings, PPM LEVEL, etc.

Section 4.4.1.2: Product safety:   

The New section with enhanced requirements that address current and emerging issues the automotive industry is facing related to product and process safety. Organizations (suppliers) are required to have documented processes to manage product-safety-related products and processes. This section includes identification of statutory requirements; identifying and controlling product-safety-related characteristics both during design and at point of manufacture; defining responsibilities, escalation processes, reaction plans, and the necessary flow of information including top management, suppliers, and customers; receiving special approvals for FMEAs and Control Plans; product traceability measures; and cascading of requirements throughout the supply chain. The Organization must have documented procedures for product and procedure safety. The procedure may include taking approval from customer for statutory and regulatory requirements related to product safety, Approval of FMEA, Control Plans for Safety-related parameters, training to the personnel performing safety-related work, changes in the product which affect potential safety.

Clause 5: Leadership

This clause of the standard requires top management to demonstrate leadership and commitment to the QMS, along with defining corporate responsibility and the quality policy. The top management must also assign process owners along with other roles and responsibilities. This clause places requirements on “top management” which is the person or group of people who directs and controls the organization at the highest level. The ISO requirements have been supplemented by requiring organizations to adopt a corporate responsibility requirement. This reflects the increasing market and governmental expectations for improved integrity in social and environmental matters. There is an increased emphasis on people “owning” the QMS rather than one individual. The new standard requires top management to identify “process” owners who must be competent and understand their roles in relation to the QMS. Top management now has greater involvement and responsibility in the management system and must ensure that the requirements of it are integrated into the organization’s processes and that the policy and objectives are compatible with the strategic direction of the organization. The quality policy should be a living document, at the heart of the organization. To ensure this, top management is accountable and has a responsibility to ensure the QMS is made available, communicated, maintained, and understood by all parties. There is also a greater focus on top management to enhance customer satisfaction by identifying and addressing risks and opportunities that could affect it. They need to demonstrate consistent customer focus by showing how they meet customer requirements, regulatory and statutory requirements, and also how the organization maintains enhanced customer satisfaction. In the same context, they need to have a grasp of the organization’s internal strengths and weaknesses and how these could have an impact on the delivery and conformity of products or services. This will strengthen the concept of business process management. In addition, top management needs to demonstrate an understanding of the key risks associated with each process and the approach taken to manage, reduce, or transfer the risk. Finally, the clause places requirements on top management to assign QMS relevant responsibilities and authorities, but they must remain ultimately accountable for the effectiveness of the QMS.

Section 5.1.1.1: Corporate responsibility

ISO 9001:2015 expanded the ISO 9001:2009 concept of management responsibility into a set of leadership behaviors to ensure an effective QMS. IATF 16949 includes the requirement for an anti-bribery policy, an employee code of conduct, and an ethics escalation policy to address increasing market and governmental expectations for improved integrity in social and environmental matters in the automotive industry. This implies responsibility and empowerment at all levels and functions of the supplier/organization to follow an ethical approach and report any observed unethical behavior without fear of reprisal. The organization must implement corporate responsibility policies which must include at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation policy which can be termed as whistle-blowing policy.

Section 5.1.1.2: Process effectiveness and efficiency

The requirement for a supplier/organization to review their processes to ensure effectiveness and efficiency were covered in ISO/TS 16949, Section 5.1.1. The requirement has been the strength to ensure that the results of process review activities will now be included in the management review. Process review activities need to include evaluation methods and, as a result, implement improvements. The results of these steps would be an input to the management review process. Top management is thus performing a review of the process-specific reviews performed by the process owners. The Organization may have procedures such as production procedures, marketing procedures, development procedures,inspection-testing procedures, maintenance procedures. There may be sub procedures ex. Production sub procedures- in sheet metal includes shearing, cutting, punching, drawing, etc.

Section 5.1.1.3: Process owners

ISO/TS 16949:2009 addresses management responsibility and authority, but it does not explicitly mention that management ensures process owners understand their role and are competent. This new requirement will ensure that management understands this expectation, by specifically identifying these process owners and ensuring they can perform their assigned roles. This requirement recognizes that process owners have the authority and responsibility for activities and results for the processes they manage. Process Owners need to be clearly defined. ( process map, matrix, etc.)

Section 5.3.1: Organizational roles, responsibilities, and authorities – supplemental

This requirement was already part of ISO/TS 16949:2009. However, some modifications to the requirement were done to address the need to document assigned personnel responsibilities and authorities. Additionally, this clause now clarifies that the goal is not just to address customer requirements but also to meet customer requirements fully. Personnel involved in capacity analysis, logistics information, customer scorecards, and customer portals now also need to be assigned and documented, per the requirements in this section.

Section 5.3.2: Responsibility and authority for product requirements and corrective actions

The requirement in ISO/TS 16949 has been enhanced to explicitly make Top Management responsible for ensuring conformity to product requirements and that corrective actions are taken.IATF 16949 clarifies that there must be a process to inform those with the authority and responsibility for corrective action in order that they ensure non-conforming products are identified, contained, and not shipped to the customer. This implies that the assigned personnel must be always available to take prompt action to prevent release.

Clause 6: Planning

The section on planning defines requirements for addressing risks and opportunities and the requirements for risk analysis. This clause also includes requirements for preventive actions, contingency plans, and quality objectives and plans to achieve them. Planning has always been a familiar element in the automotive standards, but now there is an increased focus on ensuring that it is considered with Clause 4.1 ‘Context of the organization’ and Clause 4.2 ‘Interested parties’. The first part of this clause concerns risk assessment whilst the second part is concerned with risk treatment. When determining actions to identify risks and opportunities these need to be proportionate to the potential impact they may have on the conformity of products and services. Opportunities could include geographical expansion, new partnerships, or new technologies. The organization needs to plan actions to address both risks and opportunities, integrate and implement the actions into its management system processes and evaluate the effectiveness of these actions. Actions must be monitored, managed, and communicated across the organization. Another key element of this clause is the need to establish measurable quality objectives. Quality objectives now need to be consistent with the quality policy, relevant to the conformity of products and services as well as enhancing customer satisfaction. The new standard also contains several supplemental requirements in this clause. These cover: risk analysis recognizing the need to consider specific risks associated with the automotive industry, preventive action to reduce the negative effects of risk, and contingency plans which is an enhanced requirement of what was found in ISO/TS 16949. The importance of addressing customer expectations was already present in the old standard, but this has now been enhanced so that it is done at all levels throughout the organization. The last part of the clause considers planning of changes that must be done in a planned and systematic manner. There is a need to identify the potential consequences of changes, determine who is involved when changes are to take place, what resource needs to be allocated.

Section 6.1.2.1: Risk analysis

The need to identify, analyze, and consider actual and potential risks was covered in various areas of ISO/TS 16949. The IATF adopted additional requirements for risk analysis recognizing the continual need to analyze and respond to risk and to have suppliers/organizations consider specific risks associated with the automotive industry. Organizations would need to periodically review lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework, and implement action plans in light of these lessons. The effectiveness of these actions should be evaluated, and actions integrated into the organization’s QMS. The procedure for risk analysis must include at a minimum, lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework. The organization must retain documented information as evidence of the results of risk analysis.

Section 6.1.2.2: Preventive action

The requirement of TS 16949 was enhanced by integrating what is considered to be a best practice in the automotive industry. Organizations would need to implement a process to lessen the impact of the negative effects of risk, appropriate to the severity of the potential issues. Such a process would include: identifying the risk of nonconformity recurrence, documenting lessons learned, identifying and reviewing similar processes where the nonconformity could occur, and applying lessons learned to prevent such potential occurrence.

Section 6.1.2.3: Contingency plans

The expanded requirement ensures the organization defines and prepares contingency plans along with a notification process to the customer or other interested parties. Organizations would first take a systematic approach to identifying and evaluating risk for all manufacturing processes, giving particular attention to external risk. Contingency plans would be developed for any of the outlined disruption conditions — interruption of externally provided products, processes, and services, recurring natural disasters, fire, or infrastructure-related disruptions. Customer notification is a mandatory step in any contingency plan unless there is no risk to deliver a nonconforming product or affect on-time delivery.

Section 6.2.2.1: Quality objectives and planning to achieve them – supplemental

IATF 16949 included the importance of addressing customer expectations in the NOTE to Section 5.4.1.1, which was enhanced by requiring that it be done at all levels throughout the organization. In ensuring quality objectives meet customer requirements, these objectives need to consider customer targets. Personnel should be aware of, and committed to, achieving results that meet customer requirements. Quality objectives and related performance targets should be periodically reviewed for adequacy (at least annually).

Clause 7: Support

In this clause, you can find requirements for the resources and supporting processes needed for an effective QMS. It defines requirements for people, infrastructure, work environment, monitoring and measuring resources, organizational knowledge, competence, awareness, communication, and documented information. Clause 7 ensures there are the right resources, people, and infrastructure to meet the organizational goals. It requires an organization to determine and provide the necessary resources to establish, implement, maintain, and continually improve the QMS. Simply expressed, this is a very powerful requirement covering all QMS resource needs and now covers both internal and external resources. There are additional requirements to meet applicable statutory and regulatory requirements. It continues to cover requirements for infrastructure and the environment for the operation of processes. Where organizations are required to show their commitment to personnel safety, the new IATF standard makes reference to the forthcoming ISO 45001 as a way this can be demonstrated. Monitoring and measuring have been changed to include resources, such as personnel or training. There are enhanced requirements in the new standard that cover calibration and verification records. This includes software installed on employee-owned or customer-owned equipment. There is also an additional requirement that covers internal and external laboratories that are used for inspection, test, or calibration services. Organizational knowledge is a new requirement which deals with requirements for competence, awareness, and communication of the QMS. Personnel must not only be aware of the quality policy, documented information, and changes, but they must also understand how they contribute to product or service conformity and safety and the implications of not conforming. This clause also adds further requirements for on-the-job (OTJ) training and awareness and requires that relevant people shall be informed about the consequences of nonconformities. Requirements for internal auditors are specified including minimum competencies and documentation relating to their training. Second-party auditor competencies are also specified. There is a key requirement for maintaining the knowledge held by an organization to ensure the conformity of products and services. This could include the knowledge held by an individual as well as for example, the intellectual property of an organization. Organizations are required to examine whether the current knowledge they have is sufficient when planning changes and whether any additional knowledge is required. This includes internal and external feedback. Finally, there are requirements for “documented information”. This is a new term, which replaces the references in the previous standard of “documents” and “records”. Organizations need to determine the level of documented information necessary to control the QMS. This will differ between organizations due to size and complexity. In line with the increased importance of information security and data protection in organizations, there is also a greater emphasis on controlling access to documented, current information such as the use of passwords. Organizations should also have systems in place to provide a back-up should IT systems crash

Section 7.1.3.1: Plant, facility, and equipment planning
This updated section includes an increased focus on risk identification and risk mitigation, evaluating manufacturing feasibility, re-evaluation of changes in processes, and inclusion of on-site supplier activities. Many operational risks can be avoided by applying risk-based thinking during planning activities, which also extends to the optimization of material flow and the use of floor space to control non-conforming products. Capacity planning evaluation during manufacturing feasibility assessments must consider customer-contracted production rates and volumes, not only current order levels. Capacity should be re-evaluated for any process changes.

Section 7.1.4.1: Environment for the operation of processes – supplemental
This requirement for an organization to “maintain its premises in a state of order, cleanliness, and repair” was preserved from ISO/TS 16949 and transferred to IATF 16949.

Section 7.1.5.1.1: Measurement system analysis
Records are now required for customer acceptance of alternative methods. The previous requirement to analyze variation in measurement results is now extended specifically to inspection equipment.IATF 16949 also clarifies that records of customer acceptance need to be retained along with results from alternative measurement system analysis.

Section 7.1.5.2.1: Calibration/verification records
This section has been updated to ensure that customer requirement is met through enhanced calibration/verification record retention requirements, including software installed on employee-owned or customer-owned equipment. It requires a  documented process to manage calibration/verification records in order to provide evidence of conformity, and this includes any on-site supplier-owned equipment. Inspection, measurement, and test equipment calibration/verification activities need to consider applicable internal, customer, legislative, and regulatory requirements in order to establish approval criteria.

Section 7.1.5.3 Laboratory requirements.
This updated section allows the organization to conduct second-party assessments of laboratory facilities but requires customer-approval of the assessment method. The clause also clarifies that internal laboratory requirements apply even when calibration is performed by the equipment manufacturer, and that use of calibration services may be subject to government regulatory confirmation.

Section 7.2.1: Competence – supplemental
This section adds a requirement of “awareness,” which includes knowledge of an organization’s (supplier’s) quality policy, quality objectives, personnel contribution to the QMS, benefits of improved performance, and implications of not conforming with QMS requirements. It also further emphasizes the customer requirements for OJT (on-the-job training), not just quality requirements. Note that the use of the term “process” rather than “procedure” implies that these activities need to be managed (via the plan-do-check-act cycle), and not merely performed.

 Section 7.2.2: Competence – on-the-job training
IATF 16949 enhances the emphasis of on-the-job training and its importance in meeting customer requirements, including other interested parties.The process would consider any relevant interested party requirements as an input in determining the need for on-the-job training, and then consider the level of education and complexity of the tasks in determining the method used. This training must also include contract or agency personnel, and convey the consequences of nonconformity to customer requirements to all persons whose work affects quality.

Section 7.2.3: Internal auditor competency
This section features greatly-enhanced requirements for the organization’s internal auditor competency to ensure a more robust internal audit process. Organizations need to establish a documented process that considers the competencies required by this clause, take actions to address any deficiencies, assess the effectiveness of actions taken, and record a list of the approved auditors. The clause differentiates between quality management system auditors, manufacturing process auditors, and product auditors, and clarifies the competence requirements for each type of audit.

Section 7.2.4: Second-party auditor competency
This new section outlines requirements for second-party auditors ensuring they are properly qualified to conduct those types of audits, with customer-specific requirements being the main focus. The same core competencies that apply to internal auditors should, at a minimum, also apply to second-party auditors.

Section 7.3.1: Awareness – supplemental
It includes additional requirements to ensure all employees are aware of their impact on the organization’s (supplier’s) product quality output, customer-specific requirements, and risks involved for the customer with non-conforming products.

Section 7.3.2: Employee motivation and empowerment
This section did not substantially change, but now requires “maintaining a documented processes” for employee motivation and empowerment, instead of simply “having a process.”

 Section 7.5.1.1: Quality management system documentation
The IATF retained the quality manual requirement that was removed in ISO 9001:2015; however, the quality manual can be one main document or a series of multiple documents (hard copy or electronic). This section also requires that the organization’s processes and interactions are documented as part of their QMS. The quality manual needs to document wherein the organization’s QMS customer-specific requirements are addressed.

Section 7.5.3.2.1: Record retention
This section now requires a record retention process that is defined and documented, and that includes the organization’s record retention requirements. Specifically calls out production part approvals, tooling records, product, and process design records, purchase orders, and contracts/amendments. If there are no customer or regulatory agency retention period requirements for these types of records, “the length of time that the product is active for production and service requirements, plus one calendar year” applies.

Section 7.5.3.2.2: Engineering specifications
This section added engineering specifications require that the process is documented and agreed with the customer. It also clarifies product design changes and product realization process changes, and the alignment to related sections. If there are no other overriding customer agreements, reviews of engineering standards/specifications changes should be completed within 10 working days of receipt of notification.

Clause 8: Operation

The product requirements deal with all aspects of the planning and creation of the product or service. This section includes requirements on planning, product requirements review, design, purchasing, creating the product or service, and controlling the equipment used to monitor and measure the product or service. IATF 16949 allows for requirements in clause 8.3, regarding the design and development of products, to be excluded if they are not applicable to the company. This clause deals with the execution of the plans and processes that enable the organization to meet customer requirements and design products and services. It includes much of what was referred to in Clause 7 of the previous version, but there is a greater emphasis on the control of processes, especially planned changes and review of the consequences of unintended changes, and mitigating any adverse effects as necessary. It includes significant requirements over and above ISO 9001:2015 and ISO/TS 16949:2009. The new version of the standard acknowledges the importance of confidentiality in relation to customer-contracted products and projects. It also specifies a requirement for verbal and written communication with the customer to be agreed upon in terms of language and in other formats such as computer languages used. The clause continues to cover a number of requirements that have been strengthened in relation to ISO/TS 16949:2009. These include prototype programs, the product approval process where there is an emphasis on record retention and outsourced products and services, and statutory and regulatory requirements. There are a number of new sub-clauses which cover the management, measurement, and selection of suppliers. This recognizes the importance of effectively managing risk in the supply chain, particularly with regard to product quality. Reflecting on the increasing application of computer technology in vehicles, there is a new requirement that covers the process for quality assurance of suppliers of embedded software products. The use of second-party audits is also new to the standard and is to be used in an organization’s supplier management approach. Finally, the new standard now has additional requirements regarding the control of nonconforming or reworked products. This includes being able to verify that products to be scrapped are determined as unusable prior to their disposal and that these products are not used elsewhere without the approval of the customer.

Section 8.1.1: Operational planning and control — supplemental
This section features enhanced detail to ensure key processes are included and considered when planning for product realization. The required topics include customer product requirements and technical specifications, logistics requirements, manufacturing feasibility, project planning, and acceptance criteria. The section also clarifies the “resources needed to achieve conformity” encompasses all aspects of the development process, not just the manufacturing process requirements.

Section 8.1.2: Confidentiality
Only a minor edit to clarify confidentiality “includes” related product information, instead of using the word “and.” There is no change in intent.

Section 8.2.1.1: Customer communication — supplemental
The section added a requirement that the communication language (written or verbal) must be agreed with the customer. This should be considered when determining the necessary competence for roles that require customer communication.

Section 8.2.2.1: Determining the requirements for products and services – supplemental
The IATF strengthened the standard by elevating Notes 2 and 3 of the former clause into requirements. This suggests current organizational knowledge regarding recycling, environmental impact, and product and manufacturing process characteristics should be standardized. This knowledge would be systematically reviewed and used when determining the requirements for the products and services to be offered to customers.

Section 8.2.3.1.1: Review of the requirements for products and services — supplemental
IATF 16949 strengthens this requirement by requiring the organization to retain a documented customer authorization for waivers of formal reviews for products and services.

Section 8.2.3.1.2: Customer-designated special characteristics
This section changes the action from “demonstrate conformity” to “conform,” and clarifies that it refers to “approval documentation,” rather than just “documentation.“There is no change in intent.

Section 8.2.3.1.3: Organization manufacturing feasibility
The section enhances  requirements for manufacturing feasibility analysis through the2 Purpose following changes:

  • Requiring a multidisciplinary approach to analyze feasibility, considering all engineering and capacity requirements.
  • Requiring this analysis for any new manufacturing or product technology, and for any changed manufacturing process or product design.

The organization should validate its ability to make product specifications at the required rate. These should consider customer-specific requirements.

Section 8.3.1.1: Design and development of products and services – supplemental
It elevates the NOTE in the former section to a requirement and added a requirement for documentation of the design and development process. As the concept of the design and development process in the automotive industry includes manufacturing design and development, the requirements from other parts in Section 8 should be considered complementary in the context of manufacturing and product design and development.

Section 8.3.2.1: Design and development planning – supplemental
This Section clarifies when the multidisciplinary approach is to be used and who should be involved. Specifically, it must include all affected stakeholders within the organization and, as appropriate, its supply chain. Additional examples are provided of areas where such an approach may be used during design and development planning (including project management), and the note further clarifies that purchasing, supplier, and maintenance functions might be included as stakeholders.

 Section 8.3.2.2: Product design skills
This section adds a NOTE as an example of a product design skillset. There is no change in intent.

Section 8.3.2.3: Development of products with embedded software
This new clause adds requirements for organization-responsible embedded software development and software development capability self-assessments. Organizations must use a process for quality assurance of products with internally developed embedded software and have an appropriate assessment methodology to assess their software development process. The software development process must also be included within the scope of the internal audit program; the internal auditor should be able to understand and assess the effectiveness of the software development assessment methodology chosen by the organization.

Section 8.3.3.1: Product design input
This section expanded the minimum set of product design input requirements, emphasizing regulatory and software requirements. New and broadened requirements include product specifications; boundary and interface requirements; consideration of design alternatives; assessment of risks and the organization’s ability to mitigate/manage those risks; conformity targets for preservation, serviceability, health, safety, environmental, and development timing; statutory and regulatory requirements for the country of destination; and embedded software requirements.

Section 8.3.3.2: Manufacturing process design input
The Section Expands the list of manufacturing process design inputs including product design output data including special characteristics, targets for timing; manufacturing technology alternatives; new materials; product handling and ergonomic requirements, and; design for manufacturing and design for assembly. This could include consideration of alternatives from innovation and benchmarking results, and new materials in the supply chain that could be used to improve the manufacturing process capacity. This section also further strengthened the requirements by transforming the former NOTE regarding error-proofing methods into a requirement.

Section 8.3.3.3: Special characteristics
This section identifies the source of special characteristics and including risk analysis to be performed by the customer or the organization. It expands the list of sources used to identify special characteristics, along with the requirements related to those special characteristics. Special characteristics need to be marked in all applicable cascaded quality planning documents; monitoring strategies should focus on reducing variation, which is typically done using statistical techniques. The organization must also consider customer-specific requirements for approvals and use of certain definitions and symbols, including submission of the symbol conversion table, if applicable and required.

Section 8.3.4.1: Monitoring
These changes align the IATF 16949 standard with IATF OEM advanced quality activities and aim to reduce the number of customer-specific requirements. The requirement clarifies that measurements apply at specified stages during the design and development of both products and services and that reporting must occur as required by the customer. This could include, for example, the periodic update of customer APQP schedule milestones, gate reviews, and open issues lists related to development activities.

Section 8.3.4.2: Design and development validation
This section features a strengthening of the requirements for design and development validation, and also added embedded software. Customer-specific requirements (CSRs), industry, and governmental agency-issued regulatory standards need to be considered when planning and performing design and development activities.

Section 8.3.4.3: Prototype program
The changes in this section strengthen the standard by focusing the organization on the quality management system for managing outsourced products and services.Regardless of whether the work is performed by the organization or by an outsourced process, the prototype program and control plan is part of the scope of the QMS. This type of control should be considered a support process and be integrated into the design and development process.

Section 8.3.4.4: Product approval process
The changes in this section clarify approval requirements, with an emphasis on outsourced products and/or services and record retention required. The activities should be managed (with an effectiveness review and improvement actions applied) and not just performed. A part approval process for externally provided products and services needs to be performed prior to final product submission to customers. Product approval must be obtained when the customer requires it, and records retained.

Section 8.3.5.1: Design and development outputs – supplemental
Product design output additions include a recognition of the use of 3D models and inclusion of service parts and packaging. IATF 16949 clarifies that it requires product design error-proofing methods, such as DFSS, DFMA, and FTA. The application of GD&T tolerancing and positioning systems allows organizations to specify dimensions and related tolerances based on functionality relationships. Outputs include repair and serviceability instructions and service parts requirements that will be used by approved maintenance organizations.

Section 8.3.5.2: Manufacturing process design output
Changes in this section strengthened verification requirements, process input variables, capacity analysis, maintenance plans, and correction of process nonconformities. It clarifies that the process approach methodology of verifying outputs against inputs applies to the manufacturing design process. The list of manufacturing design outputs is also expanded

Section 8.3.6.1: Design and development changes – supplemental
This section strengthens the requirement for change validation and approval prior to implementation, and also added embedded software. Design changes after initial product approval imply that products, components, and materials need to be evaluated and validated prior to production implementation. This validation needs to be done by the organization and the customer when there is a customer-specific requirement. For products with embedded software, the change record needs to document the revision level of the software and hardware to help assure that product configuration is managed appropriately.

Section 8.4.1.1: General – supplemental (under Control of externally provided processes, products, and services)
The former NOTE about purchased products was broadened and elevated into a requirement. It now clarifies that all the requirements of section 8.4 apply to sub-assembly, sequencing, sorting, rework, and calibration services.

Section 8.4.1.2: Supplier selection process
While ISO/TS 16949:2009 did address supplier selection in the ISO 9001:2008 boxed text via the Purchasing Process (see Section 7.4.1), the supplier selection process was not as detailed. This section now specifically calls out supplier selection process criteria, in addition to clarifying that it is a full process. The assessment used to select suppliers needs to be extended beyond typical QMS audits and include aspects such as risk to product conformity and uninterrupted supply of the organization’s product to their customers, etc. This process will need to be followed by new suppliers.

Section 8.4.1.3: Customer-directed sources (also known as “Directed–Buy”)
This section features a clarification of the organization’s responsibilities for customer-directed sources, even for customer-directed-buy suppliers. Unless otherwise defined by the contract, all requirements of IATF 16949 Section 8.4 apply in this situation, except requirements related to the selection of the supplier itself.

Section 8.4.2.1: Type and extent of control – supplemental
The changes in this section further strengthened the requirement for control of outsourced processes, including the assessment of risk. Internal and customer requirements are inputs that need to be considered during the development of methods to control externally provided products, processes, and services. Type and control need to be consistent with supplier performance and an assessment of the product, material, or service risk. This implies constant monitoring of performance and assessment of risk based on the established criteria, triggering the actions to escalate (increase) or reduce the types and extent of control. This applies to all Suppliers.

Section 8.4.2.2: Statutory and regulatory requirements
The updates clarify the applicability of statutory and regulatory requirements and strengthen the requirements. Identification of applicable statutory and regulatory requirements needs to consider the country of receipt, shipment, and delivery. Consideration should be developed for the product “ Life Cycle”. When special controls are required, the organization must implement these requirements and cascade those requirements down to their suppliers.

Section 8.4.2.3: Supplier quality management system development
This section provides a method to strengthen ISO 9001 certification, aligns with customer-specific requirements, and clarifies the acceptable third-party certification bodies (which shall be recognized by the IATF) Instead of requiring organizations to simply “develop” the supplier QMS, this section outlines a progressive approach that goes from compliance to ISO 9001 via second-party audits all the way through certification to IATF 16949 through third-party certification. One of the suggested QMS requirements is the Minimum Automotive Quality Management System Requirements for Sub-Tier Suppliers ( MAQMSR )

Section 8.4.2.3.1: Automotive product-related software or automotive products with embedded software
This new section added requirements for software development assessment methodology. These requirements align with those presented within Section 8.3 but are now cascaded down to suppliers.

Section 8.4.2.4: Supplier monitoring
Organizations should continuously review inputs and introduce improvement actions regarding supplier monitoring data, as needed. Documented and non-documented yard holds and stops ships should be considered customer disruptions and the number of premium freight occurrences need to be monitored. Performance indicators provided by the customer and from service need to be included within the organization’s supplier monitoring process.

Section 8.4.2.4.1: Second-party audits
This new section aligns customer-specific requirements into the IATF 16949 standard. See Section 7.2.4 for details of 2nd Party Auditor Qualifications. Second-party audits should consider issues relevant to the organization beyond simply the maturity of their QMS development. Examples of situations that could trigger a second-party audit include input from supplier performance indicators; risk assessment results and follow-up of open issues from the process and product audits; and new development launch readiness. The organization’s criteria for determining the need, type, frequency, and scope of second-party audits must be based on a risk analysis including product safety/regulatory, performance, etc. These criteria need to be documented. The organization shall ensure that supplier monitoring includes a second-party audit process. The organization shall demonstrate the competence of the auditors undertaking the second-party audits. When supplier monitoring requires periodic second-party surveillance audits, the audits shall be conducted at least annually. Records of the second-party audit reports shall be retained. If the scope of the second-party audit is to assess the supplier’s quality management system, then: the approach shall be consistent with the automotive process approach; the audit scope may be reduced for suppliers with accredited third-party certification to ISO 9001 (see Section 8.4.2.5.1).

Section 8.4.2.5: Supplier development
This section adds an emphasis on performance-based supplier development activities. The supplier monitoring process should be considered an input to the supplier development activities. These development activities should consider both short term and long-term goals.

Short-term efforts would generally focus on supplier products and would require defining suitable methods to assure the quality of purchased products from each supplier.

Long-term efforts would generally focus on supplier QMS and manufacturing processes on the whole and consider audits, training, and enhancement efforts that implement and enhance quality assurance agreements between suppliers and the organization, and further reduce risk.

Section 8.4.3.1: Information for external providers – supplemental
The organization is required to provide key information to its supply chain through this new requirement. This information includes all applicable statutory and regulatory requirements and special product and process characteristics. The ISO 9001 portion has a list (a-f) of requirements that are to be communicated to the supplier, including approval, competency requirements, communication, monitoring of supplier performance, validation, etc.

Section 8.5.1.1: Control plan
This section strengthened the control plan requirements and aligned IATF OEM customer-specific requirements into the IATF 16949 standard. It also elevated a NOTE regarding customer approval to a requirement, and strengthened the control plan review and update criteria, and linked to the PFMEA updates. Control plans are needed for the relevant manufacturing site and all products supplied, and not just for the final product or final assembly line, as an example. Although family control plans are acceptable for bulk material and similar parts using a common manufacturing process, care should be given to identifying the degree of difference that is acceptable to apply this common control.

Section 8.5.1.2: Standardized work – operator instructions and visual standards
Through this section, IATF 16949 strengthens the requirements for standardized work, including the requirement to address specific language needs. Standardized work documents need to be clearly understood by the organization’s operators and should include all applicable quality, safety, and other aspects necessary to consistently perform each manufacturing operation.

Section 8.5.1.3: Verification of job set-ups
The changes in this section elevate a NOTE to a requirement and clarify record retention. Clarify that the organization shall verify job changes that require a new set-up; maintain documented information for set-up personnel; perform first-off/last-off part validation, as applicable, including retention and comparison; and retain records of the process and product approval following these validation actions.

Section 8.5.1.4: Verification after shutdown
Defines a new requirement for verification after shutdown, integrating industry lessons learned and/or best practices. The necessary actions after the shutdown period should be anticipated in the PFMEA, control plans, and maintenance instructions, as appropriate. A multidisciplinary approach should be used to identify any additional actions needed to address unexpected shutdown events.

Section 8.5.1.5: Total productive maintenance
Strengthens the requirement for equipment maintenance and overall proactive management of the Total Productive Maintenance (TPM).TPM is a system for maintaining and improving the integrity of production and quality systems through machines, equipment, processes, and employees that add value to the manufacturing process. TPM should be fully integrated within the manufacturing processes and any necessary support processes. Metrics need to be more than on-time completion of PM’s and these are inputs into Management Review. Documented maintenance objectives including but not limited to OEE (Overall Equipment Effectiveness), MTBF (Mean Time Between Failure), and MTTR (Mean Time To Repair), which shall form an input into management review (see Section 9.3).Regular review of maintenance plan and objectives and a documented action plan to address corrective actions where objectives are not achieved.Use of planned preventive maintenance methods, e.g. periodic inspection without disassembling the equipment, visual checks, cleaning, and some servicing, and replacement of parts, in order to prevent sudden failures and process problems. Use of predictive maintenance methods, as applicable e.g. non-destructive testing (oil analysis, vibration analysis, thermal imaging, and ultrasonic detection). The periodic overhaul, where the equipment is periodically stripped down, inspected, and overhauled at fixed intervals and any parts found below standard are repaired or replaced.

Section 8.5.1.6: Management of production tooling and manufacturing, test, inspection tooling, and equipment
IATF 16949 features strengthened tooling and equipment marking and tracking requirements. This requirement extends the scope to production and service materials and for bulk materials, as applicable, and clarifies that requirements apply whether tooling is owned by the organization or by the customer. The updates clarify that the system for production tooling management must include tool design modification documentation and tool identification information. Customer-owned tools and equipment need to be permanently marked in a visible location.

Section 8.5.1.7: Production scheduling
This section emphasized the importance of planning information and integrated IATF OEM customer lessons learned.
Ensure that customer orders/demands will be achieved.
This suggests the organization needs a robust feasibility review process regarding production scheduling. The production scheduling activities also need to include all relevant planning information as inputs to their feasibility review and make any necessary adjustments.

Section 8.5.2.1: Identification and traceability — supplemental
It strengthened the requirements for traceability to support industry lessons learned related to field issues. The requirement of clear start and stop points for the product received by the customer is aligned with the definition of traceability in ISO 9000:2015.

Section 8.5.4.1: Preservation – supplemental
It adds specificity to preservation controls and includes application to internal and/or external providers. Preservation activities are expanded in two ways: first, activities that are considered preservation controls, and second, locations where preservation controls apply. Preservation controls include the preservation of identification during the product shelf-life; a contamination control program appropriate to identified risks; design and development of robust packaging and storage areas; adequate transmission and transportation considerations; and measures to protect product integrity.

 Section 8.5.5.1: Feedback of information from service
Requirements for this section feature an expanded scope to include material handling and logistics. The new second NOTE also clarifies that “service concerns” should include the results of field failure test analysis where applicable –the intent of this addition is to ensure that the organization is aware of nonconformities that occur outside of its organization.

Section 8.5.5.2: Service agreement with the customer
This section clarifies that service centers need to comply with all applicable requirements when there is a service agreement with the customer.

Section 8.5.6.1: Control of changes – supplemental
The control of changes requirements in the standard is aligned with existing IATF OEM requirements. The changes clarify that “any change” includes those caused by the organization and/or the customer, in addition to those by any supplier. The process to control and react to changes needs to include risk analysis and to retain records of verification and validation.FMEAs should be reviewed for any manufacturing or product changes, prior to implementation. Production trial run activities should be planned based on the risk and complexity of the changes.

Section 8.5.6.1.1: Temporary change of process controls
This new requirement for temporary control of process changes addresses issues experienced by the IATF OEM customers. The organization must identify, document, and maintain a list of process controls that includes both the primary process control (example: automated nut driver) and the approved back-up or alternate methods (example: manual torque wrench). The list must be updated regularly to reflect the current and approved process controls. The use of alternative control methods is considered a process; therefore, the organization is expected to manage these activities appropriately.

Section 8.6.1: Release of products and services — supplemental
While ISO/TS 16949:2009 did mention product and delivery of service in the ISO 9001:2008 boxed text via the Monitoring and Measurement of Product section (see Section 7.4.1), the product and delivery of service process are further detailed in IATF 16949. These updates strengthen the standard to ensure process controls align with the control plan. To achieve coherence between the control plan and the planned arrangements to verify product and service conformity, the organization should conduct a regular control plan audit that compares the current approval status of the product and process with the actual controls applied in the manufacturing process.

 Section 8.6.2: Layout inspection and functional testing
An added note clarifies that the frequency of layout inspections is determined by the customer.

Section 8.6.3: Appearance items
This section requires organizations to provide masters for haptic technology, as appropriate. Haptic technology recreates the sense of touch by applying forces, vibrations, or motions to the user.

 Section 8.6.4: Verification and acceptance of conformity of externally provided products and services
Changes in this section align with ISO 9001:2015 terminology and clarify the source of statistical data as that provided by the supplier to the organization.

Section 8.6.5: Statutory and regulatory conformity
The Section strengthens the standard for statutory and regulatory conformity to require evidence of compliance.” Prior to release” means that the organization should implement a process and/or agreements with its suppliers requiring sufficient prevention and detection controls to ensure that products meet all applicable statutory, regulatory, and other requirements. These requirements must consider both the countries where products are manufactured and the destination countries.

Section 8.6.6: Acceptance criteria
This section clarifies “where required” to be “where appropriate or required,” and updates the clause reference to align with the new structure. There is no major change in the intent of this section.

Section 8.7.1.1: Customer authorization for concession
Changes in this section are for the alignment of terminology, and the clarification of concessions applied to rework of nonconforming product and sub-component reuse. The changes clarify that the organization must obtain customer authorization prior to further processing for “use as is” and rework the disposition of non-conforming products. Sub-component reuse must be clearly communicated to the customer. A blanket approval would be sufficient. Appropriate internal verification and validation activities of any rework or reuse of sub-components should be approved prior to customer submission.

Section 8.7.1.2: Control of nonconforming product – customer-specified process
This section ensures customer-controlled shipping requirements are followed, and that these customer-specific requirements are integrated into the organization’s internal activities for the control of the nonconforming product.

Section 8.7.1.3: Control of suspect product
The updates in this section augment the requirements for control of the suspect products by ensuring containment training is implemented. Appropriate training should consider, for example, awareness of special characteristics, customer-specific requirements related to nonconforming product control, product safety, escalation processes, storage areas, and related roles.

Section 8.7.1.4: Control of reworked product
This update increases the scope of control of reworked product requirements to include: customer approval, risk assessment, rework confirmation, traceability, and retention of documented information. The risk analysis and customer approval requirements are interrelated; FMEAs should identify and address risks related to each possible rework of the characteristics stated in the control plan.

Section 8.7.1.5: Control of repaired product
The changes in this section clarify the requirement and the need for follow-up with detailed information for the reworked product. The repair process should be addressed in the FMEA.

Section 8.7.1.6: Customer notification
This new section features a new automotive requirement to address modifications in ISO 9001 requirements and address customer issues for IATF OEM concerns. While customer notification is mentioned twice in ISO/TS 16949:2009 (see Section 7.4.3.2 and Section 8.2.1.1), it did not address customer notification in a standalone section. The organization is required to immediately notify the customer if they ship nonconforming products, and follow up with detailed documentation.

Section 8.7.1.7: Nonconforming product disposition
Strengthen the requirement of the disposition of non-conforming products by clarifying that organizations must also have a documented process for the disposition of nonconforming products not subject to rework or repair. Planned activities need to be managed and the results considered to improve this process. Contamination control practices should be applied to avoid any risk of unintended use of this type of nonconforming product. (make the product unusable)
Customer approval is required before nonconforming products in this category can be diverted for service or any other use.

Clause 9: Performance evaluation

This section includes the requirements needed to make sure that you can monitor whether your QMS is functioning well. It includes assessing customer satisfaction, internal audits, monitoring products and processes, and management review. Requirements for monitoring, measurement, analysis, and evaluation are covered and you will need to consider what needs to be measured, methods employed, when data should be analyzed and reported on, and at what intervals. Documented information that provides evidence of this must be retained. There is now an emphasis on directly seeking out information that relates to how customers view the organization. Organizations must actively seek out information on customer perception and there is a supplemental clause covering customer satisfaction and performance indicators to be used to measure compliance with customer requirements. This can be achieved in a number of ways including satisfaction surveys, analysis of market share, and complaints lodged. There is now an explicit requirement that organizations must show how the analysis and evaluation of this data are used, especially with regards to the need for improvements to the QMS. Internal audits must also be conducted using a risk-based approach. There are additional requirements relating to defining the ‘audit criteria’ and ensuring the results of the audits are reported to ‘relevant’ management. IATF 16949:2016 now contains new requirements that cover the qualifications of Internal Auditors which will strengthen their development and competence. Management reviews are still required but there are additional requirements including the consideration of changes in external and internal issues that are relevant to the QMS. Documented information must be retained as evidence of management reviews.

Section 9.1.1: Monitoring, measurement, analysis, and evaluation
It needs to answer the following questions:

  • What needs to be measured?
  • How will it be measured?
  • When (how often) will it be measured?
  • When will it be analyzed?

This applies to all measurements and not just the control plan items.

Section 9.1.1.1: Monitoring and measurement of manufacturing processes
It clarifies the requirement for targeting process effectiveness and efficiency (not just “having” a process, but monitoring it). This includes the competencies required for personnel performing the measurements. Further ensures that organizations support the manufacturing process through defined roles, responsibilities, and effective escalation processes to drive process capability and stability. The NOTE clarifies that it may not be possible or feasible to measure product or manufacturing process characteristics through process capability assessments. In such cases, a rate or index of lot conformity may be acceptable. If the gage used for measurement gives variable data, the actual measurement must be recorded.

Section 9.1.1.2: Identification of statistical tools
Requirements for the identification of statistical tools feature clarifications regarding the documented deployment of the use of statistical tools from DFMEA, PFMEA, and the APQP (or equivalent) process. The tool is chosen in the APQP (or equivalent) process must be included in the design/process risk analysis and the control plan.

Section 9.1.1.3: Application of statistical concepts
This section features a clarification regarding requirements for those involved in capturing and analyzing data; previously, this was driven across all employees regardless of relevance. These concepts should be included in the competencies required for “employees involved in the collection, analysis, and management of statistical data.”

 Section 9.1.2.1: Customer satisfaction – supplemental
It clarifies customer satisfaction monitoring criteria and the introduction of additional focus on warranty management. Additional focus to ensure all customer performance measures are regularly reviewed to reduce the risk of failure to achieving customer satisfaction. The organization has a responsibility to access, review, and take appropriate action about information published in customer portals. When identifying the need for correction or improvement actions, customer scorecard deficiencies should be given priority.

Section 9.1.3: Analysis & Evaluation
This section has been strengthened and now includes analysis requirements for “performance & effectiveness of the QMS”, as well as “the effectiveness of actions taken to address risks and opportunities.”
a) conformity of products and services;
b) the degree of customer satisfaction;
c) the performance and effectiveness of the quality management system;
d) if planning has been implemented effectively;
e) the effectiveness of actions taken to address risks and opportunities;
f) the performance of external providers;
g) the need for improvements to the quality management system.

Section 9.1.3.1: Prioritization
The emphasis of the requirement changed from the ISO/TS 16949 standard’s “Analysis of data” to the prioritization of actions based on performance and risk management. Actions to improve customer satisfaction need to take precedence as the organization considers trends and drives towards improvement.

Section 9.2.2.1: Internal Audit Program
It strengthened the need to drive a risk-based approach to the development and deployment of an organization-wide internal audit program. Internal audit activities are considered a process, which requires a clear definition of expected inputs, planned activities, intended outputs, and monitored performance. The process needs to identify and evaluate the level of risk related to each QMS process, internal and external performance trends, and process criticality. Then, the process would need to continuously monitor this information to trigger special internal audits and/or to plan periodic internal audits.

Section 9.2.2.2: Quality management system audit
Strengthen the quality management system audit and the use of the process approach, which further drives process improvements organization-wide. There is a 3-year window to audit all of the QMS processes, but the schedule should be based on risk. The audit program is continuously monitoring information that could trigger the need for an unplanned internal audit. The use of the automotive process approach, including risk-based thinking, needs to be applied during the audit. The internal audit must also sample customer-specific QMS requirements for effective implementation.

Section 9.2.2.3: Manufacturing process audit
Strengthens the formal approaches to ensure organizations achieve the benefits of effective manufacturing process audits. Shift handover should be considered a significant process event; internal auditors should look for objective evidence of an effective process to communicate and address relevant information. The audit must also evaluate the effective implementation of the process risk analysis (PFMEA), control plan, and associated documents.

Section 9.2.2.4: Product audit
The strengthened product audit requirements now require the use of customer-specified approaches, when applicable. If not applicable, the organization shall define its process. There are customers who specify the use of VDA 6.3 for Manufacturing audits. If not specified by a customer, an internal process must be defined. This could be the currently defined process based on the IATF2016 Requirements.

Section 9.3.1.1: Management review – supplemental
It strengthens management review requirements to include an assessment of risk and compliance to customer requirements. The one-year frequency is a minimum, as the process is driven by the continuous assessment of the risks related to internal and external changes and performance-related issues. As changes and issues increase, the frequency of management review activities should increase in turn, preserving the minimum of at least an annual review. The IATF expectation is that if there is a major issue identified as a Customer, there should be a focused Internal audit followed by some type of Management Review.

Section 9.3.2.1: Management review inputs – supplemental
Enhanced details for management review input requirements, including those related to cost of poor quality, effectiveness, efficiency, conformance, feasibility assessments, customer satisfaction, performance against maintenance objectives, warranty performance, review of customer scorecards, and the identification of potential field failures through risk analysis. The above should be considered the minimum information that should be covered during management review; a monitoring system should be in place, with criteria that trigger special unplanned management review activities.

Section 9.3.3.1: Management review outputs – supplemental
The enhanced section ensures action is taken where customer requirements are not achieved and supports the continual analysis of process performance and risk. Even though process owners should address customer performance issues related to the processes they manage, this requirement gives top management clear and ultimate responsibility to address customer performance issues and ensure the effectiveness of corrective actions.

Clause 10: Improvement

The last section of the standard defines the requirements for continual improvement of the QMS, including requirements for nonconformities and corrective actions, problem-solving, and error-proofing processes. This clause starts with a new section that organizations should determine and identify opportunities for improvement such as improved processes to enhance customer satisfaction. There is also a need to look for opportunities to improve processes, products and services, and the QMS, especially with future customer requirements in mind. Due to the new way of handling preventive actions, there are no preventive action requirements in this clause. These have now been moved to Clause 6. However, there are some new corrective action requirements. The first is to react to the nonconformities and take action, as applicable, to control and correct the nonconformities and deal with the consequences. The second is to determine whether similar nonconformities exist or could potentially occur. Causal factors include human factors, so they could be wide-ranging. The requirement for documented information (procedure) for nonconformity and corrective action is retained. This must include flow down to providers as appropriate. The requirement for continual improvement has been extended to cover the suitability and adequacy of the QMS as well as its effectiveness, but it no longer specifies how an organization achieves this. Improvement activities must be monitored and evaluated. The new standard contains a new requirement that covers customer complaints and field failure test analysis. It requires organizations to perform analysis of on-field failures and returned parts. Where requested, this can extend to how embedded software in the organization’s product performs within the system of the final customer’s product.

Section 10.2.3: Problem-solving
Updates to this section are to facilitate the consolidation of IATF OEM customer-specific minimum requirements. The organization’s defined process(es) for problem-solving must consider: various types and scales of problems; control of nonconforming output; systemic corrective action and verification of effectiveness; and review/updates to documented information. In addition, CSRs related to nonconformity and corrective action need to be used and integrated within the internal corrective action process.

Section 10.2.4: Error-proofing
This section, which previously only mentioned the use of error-proofing methods in corrective action, includes new requirements to strengthen the approach to error-proofing and consolidate customer-specific requirements. The organization needs a process that both identifies the need or opportunity for an error-proofing device/method, and designs and implements the device/method. The FMEA would document whether the method impacts occurrence (a prevention control) or impacts detection (a detection control). The control plan needs to include the test frequency of the error-proofing devices, and records must be maintained for the performance of these tests.

Section 10.2.5: Warranty management systems
This is a new requirement based on the increasing importance of warranty management and consolidates IATF OEM customer-specific requirements. The warranty management process should address and integrate all applicable customer-specific requirements, and warranty part analysis procedures to validate No Trouble Found (NTF) decisions should be agreed by the customer, when applicable.

Section 10.2.6: Customer complaints and field failure test analysis
It includes a new requirement regarding embedded software and the identification of preferred approaches. The organization’s analysis is extended beyond parts to the customer complaints and field failures themselves, and the results must be communicated to the customer and also within the organization.

Section 10.3.1: Continual improvement – supplemental
It changes in this section to clarify the minimum process requirements for continual improvement: identification of methods, information, and data; an improvement action plan that reduces variation and waste; and risk analysis (such as FMEA). The use of TPM, Lean, Six Sigma, and other manufacturing excellence programs or methodologies should follow a structured approach that continuously identifies and addresses opportunities for improvement.

Benefits of IATF 16949

The benefits of IATF 16949 cannot be overstated; companies large and small have used this standard to great effect, discovering and securing tremendous cost and efficiency savings. The new standard will help you to introduce an integrated approach with other management system standards. It will bring quality and continual improvement into the heart of the organization. It will increase the involvement of the leadership team. It will help to mitigate risk and improve opportunity management with a greater application of risk-based thinking. One of the major changes in IATF 16949:2016 is that it brings quality management and continual improvement into the heart of an organization. This means that the new standard is an opportunity for organizations to align their strategic direction with their quality management system. The starting point of the new version of the standard is to identify internal and external parties and issues which affect the QMS. This means that it can be used to help enhance and monitor the performance of an organization, based on a higher level strategic view. Here are just a few of these benefits:

  • Improve your image and credibility – When customers see that you are certified by a recognized certification body, they will understand that you have implemented a system that is focused on meeting customer requirements and improvement. This improves their trust that you will deliver what you have promised.
  • Qualify to supply the automotive industry – This is one of the main drives for companies to get certified against IATF 16949. In order to get big customers from the automotive industry, you have to demonstrate that you are able to provide high-quality products with no defects, and an IATF 16949 certificate will prove it.
  • Improve customer satisfaction – One of the key principles of the IATF 16949 QMS is the focus on improving customer satisfaction by identifying and meeting customer requirements and needs. By improving satisfaction, you improve repeat customer business.
  • Fully integrated processes – By using the process approach of IATF 16949, you not only look at the individual processes in your organization but also at the interactions of those processes. By doing this, you can more easily find areas for improvement and resource savings within your organization.
  • Use evidence-based decision-making – Ensuring that you are making decisions based on good evidence is a key to the success of an IATF 16949 QMS. By ensuring that your decisions are based on good evidence, you can better target resources to the best effect to correct problems and improve your organizational efficiency and effectiveness.
  • Create a culture of continual improvement – With continual improvement as the main output of the QMS, you can attain ever-increasing gains in savings of time, money, and other resources. By making this the culture of your company, you can focus your workforce on improving the processes they are directly responsible for.
  • Engage your people – Who better than the people working within a process to help find the best solutions for improving that process? By focusing your workforce on not only managing but also improving the processes, they will be more engaged in the outcome of the organization.
  • Facilitate continual improvement: Regular assessment will ensure you continually use, monitor, and improve your processes
  • Increase market opportunities so you can demonstrate to customers excellent levels of safety, reliability, and traceability throughout the supply chain. Increase efficiency that will save you time, money, and resources. Ensure compliance with a system supported by regulatory authorities that helps to mitigate your risks

If you need assistance or have any doubt and need to ask any questions contact me at preteshbiswas@gmail.com. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.

Leave a Reply