IATF 16949:2016 Determining the Scope of the Quality Management System

Audio version of the article


The scope of  QMS must do two things :1. Meet requirements consistently and 2. Enhance customer satisfaction by the effective application of  QMS,    continual improvement of  QMS, and providing assurance of conformity to customer and applicable regulatory requirements. Your organization must have the capability to determine your customer needs and requirements; design and develop a product; know-how and capacity to manufacture a product; package product; deliver on time; provide service and support; etc. It must have the ability to repeat your capability within specified parameters for quality as defined by customers, your own organization, or regulatory bodies. To achieve and demonstrate your capabilities, you must effectively plan, operate and control the processes, within your organization that provides them. These processes collectively form the scope of your quality management system (QMS).  The effective application of your QMS can be determined by – how well QMS activities and results measure up to planned performance indicators. Continual improvement of the QMS is achieved by – increasing the ability of the QMS to meet requirements through raising the performance indicators and more efficient use of resources.   Assurance of conformity to requirements may be achieved by providing confidence that requirements will be fulfilled. This confidence may be achieved through – implementing prevention-based controls; conducting internal/external audits; 3rd party certification of your QMS; etc.   This standard provides specific requirements to effectively plan, operate, control, and improve your QMS processes. These requirements focus on prevention-based controls and to a lesser extent detection-based controls, as well as continual improvement of your QMS.   It is important to note that the does not specify requirements for the product. The focus is on your QMS and its processes. By effectively controlling and continually improving your QMS processes, there will obviously be a positive impact on product quality performance. look at regulatory requirements applicable to your organization. These requirements may come from your customer; the industry you are in; from within your own organization; or state or federal organizations. You may need to apply regulatory requirements to your suppliers and outsourced processes (subcontractors). Your ultimate objective is to enhance customer satisfaction. You achieve this by planning, operating, and improving your QMS to effectively meet customer and regulatory requirements. As this standard represents specific automotive OEMs, your QMS must provide objective evidence that your QMS processes can identify and manage these requirements and that customer-specific requirements are effectively implemented.


Scope refers to the type of automotive supply chain facilities, IATF 16949 is applicable to. “Automotive” includes cars, trucks (light, medium, and heavy), buses, motorcycles. It excludes industrial, agricultural, off-highway (mining, forestry, construction, etc.). It includes all supplier ‘sites’  providing value-added parts, components, products, sub-assemblies, and services up the supply chain to the OEM. TS 16949 requirements may be applied to any site in the supply chain by its customer. It applies to all supply chain facilities or ‘sites’ that manufacture production materials; production and service parts; assemblies; or provide (value-added) finishing services such as heat treating, welding, painting; etc., for the automotive OEM’s subscribing to this standard. This means that all Tier 1 suppliers providing such products or services directly to subscribing automotive OEMs, must get IATF 16949 certification and they in turn may flow IATF 16949 conformity or certification requirements down to Tier 2 suppliers and so on. The flow down to tier 2 or 3 has now become more the norm than the exception. The ultimate aim is that all suppliers must be certified to IATF 16949 standard. This standard cannot be applied to:

  • Automotive after-market service parts made to original subscribing OEM specifications, but not procured and released through them.
  • Manufacturers of tooling; production equipment; jigs; fixtures; molds; etc used by the auto industry.
  • Remanufactured automobile parts.
  • Distribution centers; warehouses; parts packagers; logistics support; and sequencers.

Determine whether your activities or location is a site or support function. Note that the definition of ‘site is a location where value-added manufacturing occurs and a support function is a value-adding non-manufacturing process that supports a site. The support function may be on-site or at a remote location.   The rules for third-party Certification Body (Registrar) auditing of sites and remote locations are specified in an IATF document called “Automotive Certification Scheme for IATF 16949:2016 – Rules for achieving IATF recognition”. The general rule is that sites may obtain stand-alone IATF 16949 certification, but support functions, cannot obtain stand-alone certification.    Support functions may include a variety of non-manufacturing activities such as – design; purchasing; HR; sales; distribution centers; warehousing; sequencing; logistics; etc.     All support functions (whether on-site or off-site) that support a site must be included in that site’s QMS scope. As such they must be audited to all applicable IATF 16949 requirements including their interaction with site activities. Both manufacturing, as well as support activities, maybe outsourced (i.e. performed by an independently owned organization, on your site, or off-site). Organizations performing outsourced manufacturing activity must be subject to the same TS 16949 requirements that would apply if the activity were done by your organization. Such organizations can obtain independent IATF 16949 certification if required by their customers.  Organizations performing outsourced support functions (e.g. warehousing or HR services) may be subject to specific IATF 16949 requirements imposed by their customers, however, they cannot obtain independent IATF 16949 certification for such support activities. They may obtain independent ISO 9001 certification. The organizations subscribing to the TS 16949 standard include General Motors; Ford; Daimler Chrysler; Fiat; PSA Peugeot-Citreon; Renault SA; FIEV: Opel Vauxhall; Audi; BMW; VW; Mercedes Benz; etc. The Japanese OEM’s while participating in the development of the IATF 16949 standard, do not formally subscribe to it or require it of their supply chain.


ISO 9001:2015 4.3 Determining the Scope of the Quality Management System

The organization must establish the scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1., the requirements of relevant interested parties in 4.2. and the products and services of the organization. Requirements from this International standard that can be applied by the organization shall be applied within the scope of the QMS. Requirements from this International standard that cannot be applied by the organization and which does not affect the organization’s ability or responsibility to provide product and services that meet the conformity of its product and services and enhancement of the customer satisfaction. The organization must make available the scope and must maintain scope as documented information stating the Products and services covered by the QMS and any Justification where a requirement of this International Standard cannot be applied.

For explanation on ISO 9001:2015 4.3.Determining the scope of the Quality Management System click here. 


IATF 16949:2016 4.3.1 Determining the Scope of the Quality Management System- Supplement

Supporting functions, whether on-site or remote {such as design centers, corporate headquarters, and distribution centers). shall be included in the scope of the Quality Management System. (QMS). The only permitted exclusion for this Automotive  QMS Standard relates to the product design and development requirements within ISO 9001,.Section 8.3 The exclusion shall be justified aid maintained as documented information. Permitted exclusions do not include manufacturing process design.



In order to establish a QMS (Quality Management System) according to IATF 16949, you first need to define everything the QMS will apply to. This requirement is nothing new to quality standards, or any other management system standard, for that matter. Although it seems like just a formality, defining the scope is one of the crucial steps in the implementation and ongoing maintenance of the QMS. You will basically define to what processes, locations, products, and services your QMS applies, and this will provide input for the certification body and auditors. Requirements for the scope in IATF 16949 are based mostly on ISO 9001, but as with many other requirements, the automotive industry goes a bit further. Since ISO 9001 requirements are the first we need to meet in the implementation and are not stated in the text of the IATF 16949 standard, let’s examine them first.

Section 4.3 of the ISO 9001:2015 standard details the requirements for determining the scope of the Quality Management System. In a note about the QMS, it is stated that the QMS can include the whole organization, specifically identified functions of the organization, specifically identified sections of the organization, or one or more functions across a group of organizations. To start, there are three considerations to be included when determining the scope:

  • external and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
  • requirements of relevant interested parties
  • the product and service of the organization

In addition, the scope must state the products and services covered by the QMS, and justification for any instances where the ISO 9001 standard cannot be applied—but this requirement is further limited by IATF 16949, as you will see below. Although ISO 9001 allows organizations to decide which functions or sections will be included in the scope, IATF 16949 requires supporting functions, whether on-site or remote, to be included in the scope of the QMS. Supporting functions can be design centers, corporate headquarters, and distribution centers. This leaves far less freedom for the organization when defining the scope, and the aim is to ensure that all operations that affect the quality of products and services and/or customer satisfaction are included in the QMS scope. This will make the implementation much harder for some organizations, especially for big companies that have many locations on several continents. Customer-specific requirements also need to be evaluated and included in the scope of the QMS. In practice, this means that the organization will have to consider these requirements, and see how they reflect on the QMS, and act accordingly. For some organizations, this won’t bring anything new; however, for companies where their customers define processes, products, or services it means that they will have to include all of this in the scope of the QMS. Furthermore, the standard in this section defines the exclusions. IATF 16949 allows exclusions only from clause 8.3, and even here, with many limitations. Basically, the only requirements that can be excluded are related to the design and development of products and services. Permitted exclusions do not include manufacturing process design. Naturally, the organization will also have to provide and document justifications for exclusions. Finally, there is a requirement to document the scope; unlike ISO 9001, which doesn’t specify where and how IATF 16949 requires the Quality Manual to include the information about the scope and justifications for any exclusions.


Usually, the scope of the QMS covers the entire organization. Some noted exceptions are when your QMS only covers one physical location of a multi-location company, or when your manufacturing or service is distinctly split between industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for automotive and need to have a QMS certified to the ISO/TS 16949 QMS standard for automotive, but you want line 3 to be certified to ISO 9001 because many of the automotive requirements do not apply). So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable, if this is relevant. It should be clear enough to identify what your business does, and if not all parts of the business are applicable, it should be identified clearly which parts are.

Your scope does not have a size limit and should include enough information to determine what is covered by the processes of the QMS. However, it is important to make clear what is included and what is not. If it is not clear to you what processes in your company are covered by your QMS, then how will it be clear to an outside auditor or other interested parties? Making your scope statement simple and easy to read can help to focus your QMS efforts, and prevent unnecessary questions about activities that may not be applicable to your QMS certification. The definition of a management system in ISO 9000:2015 for the first time provides an option to scope the system down to a single function or discipline. This was never the intent of a QMS, which was always intended to apply to an entire organization. ISO 9001:2015 also eliminated the term “permissible exclusions” by saying that if a requirement can be applied, it must be applied. Minimalists can now argue they only must include one function in their systems and incorporate only those requirements that apply to that function. IATF 16949:2016 addresses this problem in sub-clause 4.3.1, which requires support processes and value-adding sites to be included in a QMS’s scope. The previous 2008 version of ISO 9001 never mentioned omitting applicable requirements due to the geographic location of the processes. In IATF 16949:2016, where you choose to locate activities is your organization’s prerogative, but all applicable processes and requirements must be in the QMS regardless of where an organization chooses to locate and perform them. Individuals, such as auditors, who must verify whether an organization is conforming to applicable requirements must visit the locations in which those processes are being performed to verify conformance. The new ISO 9000:2015 definition of “management system” now allows for a QMS scope to be as narrow as one function. Furthermore, top management is aligned to the scope of the QMS. If a minimalist organization chose to include only the purchasing department in its scope, top management would be the purchasing executive. There is another argument that can be used by minimalist ISO 9001 implementers. A clause in IATF 16949:2016 indicates that if an ISO 9001 requirement can be applied, it must be, and product quality cannot be compromised.

For an example on how a scope could be derived please click here


IATF 16949:2016 4.3.2 Customer Specific requirements

Customer-specific requirements shall be evaluated and included in the scope of the organization’s quality management system.


Customer specific requirements (CSRs) as defined by IATF 16949 is “interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS standards


Customer-specific requirements are the requirements created by the customer with the expectation that the supplier will identify, implement, and audit these customer-specific requirements with the same intensity that they do the basic requirements of the standard. Customer-specific requirements are requirements that are outside the TS document. Had all the subscribers to the document being able to agree on these unique, very specific, company-specific requirements, then those requirements would have been written as part of the text inside TS. It is important that the audit team receiving details of customer-specific requirements well in advance of any audit (initial, surveillance, or renewal) from the organization, using them as a basis for the audit planning process. Failure to do so is viewed as an audit failure. Customer-specific requirements are those that are agreed to between the supplier and the customer. They typically fall into the following categories:

  • Part-specific requirements (dimensions, materials, performance characteristics, etc.)
  • Delivery requirements
  • Boiler-plate requirements (typically found in the purchase order)
  • General requirements (PPAP, APQP, etc.)
  • Process requirements (example: heat treat)

The terms customer-specific requirements and supplier quality manuals are in many ways interchangeable. Some customers refer to their documents directly as ‘Customer Specific Requirements’ while others call their documents ‘Supplier Manuals’ or ‘Supplier Quality Manuals’. The distinction, in part, is that ‘Supplier Manuals’ or ‘Supplier Quality Manuals’ often contain customer-specific requirements, as well as policies, terms, and conditions unrelated to quality. Customer-specific requirements, in their truest form, seek to expand the standard, or define how a customer wants a portion of the standard to be met. Customer-specific requirements are a component of lATF 16949 that cannot be ignored. ln fact, customer-specific requirements are more important in lATF 16949 than they were in QS-9000, which considered them as part of the requirements. Furthermore. the customer-specific requirements of Daimler Chrysler, Ford. and GM was the only essential “requirements” in implementing and auditing QS-9000. IATF I6949 changes this situation. The International Automotive Task Force (IATF), which consists of nine OEMs which include the following vehicle manufacturers: BMW Group, FCA US LLC, Daimler AG, FCA Italy Spa, Ford Motor Company, General Motors Company, PSA Group, Renault, Volkswagen AG and the vehicle manufacturers respective trade associations – AIAG (U.S.), ANFIA (Italy), FIEV (France), SMMT (U.K.) and VDA QMC (Germany) used a different strategy to create IATF 16949. When all of the IATF members could not agree on a certain clause or process, the objecting OEM put that particular clause into its own customer-specific requirements. Consequently, there are many more customer core requirements. The five Automotive Industry Action Group (AIAG) reference manuals, which were understood to be core requirements of QS-9000. are now customer-specific requirements of DaimlerChrysler. Ford. and GM.

The figure above shows that ISO 9001 is considered a base set of requirements that IATF 16949 builds upon for the automotive sector. IATF I6949 tells the supplier to conform to the company- (i.e.customer specific requirements in addition to IATF l6949’s requirements. Additional requirements may include division-specific requirements, commodity-specific requirements. or part-specific requirements. Examples of division-specific requirements include a semiconductor commodity supplier to a Daimler Chrysler plant. or a heat treat supplier to a Ford Powertrain division. The semiconductor supplier has to contend with the following requirements:
ISO 9001,  IATF 16949,  five reference manuals. which are part of DaimlerChrysler’s requirements: semiconductor commodity-specific requirements issued by the Automotive Electronics Council: and part-specific requirements from a contract review. Similarly, the heat treat supplier to Ford Powertrain has to implement ISO 9001, IATF 16949. five reference manuals. heat treat requirements specific to Ford. a DCP control plan methodology specific to the Ford Powertrain division. and part-specific requirements of that particular heat-treated part. derived from contract review. Needless to say. the customer-specific requirements have gained a whole new degree of importance in IATF In fact. customer-specific requirements will be It challenge when implementing and/or auditing IATF I6949.


Documentation Requirements For Customer-Specific  Requirements

Customer-specific documentation requirements are stated in the customer-specific documents of DaimlerChrysler. Ford, and GM. The Daimler Chrysler requirement says. “All IATF 16949 requirements and the requirements of this document (i.e.. customer-specific requirements) shall be documented in the organization’s quality system.” The Ford and GM customer-specific documents say. “All IATF 16949:2016 requirements and the requirements of this document shall be addressed by the organization’s quality system.” The DaimlerChrysler requirement asks the organization to trace each “shall“ to ensure that it has been included in the documented system. The Ford and GM requirements ask the organization and the auditor to ensure that each “shall” has been addressed by the organization’s business/quality system. Daimler Chrysler’s documentation requirements are more precise and place a greater documentation burden on the organization. Organizations should map the customer-specific requirements into their process documentation or work instructions. Through this method. both current and future employees can become knowledgeable of customer-specific requirements as they work within a process. If your organization does not use this strategy. it will have difficulty separating out customer-specific requirements and addressing the issue of how employees are to ensure process repeatability. For example. clause of the GM customer-specific requirements says. “The organization shall have a method to identify, control, and monitor the high-risk items on those critical operations. There shall be rapid feedback and feed-forward between inspection stations and manufacturing, between departments, and between shifts. ” This is a detail that needs to be built into the process. It is not possible for a management system to address such a requirement without building it into a process. work instruction. form, or checklist.


Implementing customer specific Requirements. 


The strategy for addressing customer-specific requirements should be as follows. First. the organization must identify and assemble all of the customer-specific requirements from its customer base.


Customer Specific requirement checklist: for Automotive industry (considered requirements of IATF 16949)

  • It is important that utilization of accredited laboratory facilities should be specified by as per government-approved certifying body.
  • To verify, is customer approved sub-contractor service to be utilized? The approved vendor list index such information.
  • Most important is transportation mode for shipping the materials should be specified, where containers / or and any vehicle type / or and specified as surface transportation.
  • Some analytical and statistical details that possible to demand by the customer which is conducted internally for process and activities, like control plan, PFMEA, PPAP (PPAP is widely recommended and used in the automotive industry, in with some customers are demand as necessary requirements)
  • Some customer is demand detailed information about traceability requirements.
  • The stability of processes: ongoing process capability requirement should be specified; most customers can ask for it.
  • It should be clear with the customer-specific requirements, PPAP submission, and sample size, grade, and specification should be identified and confirmed from customers.
  • Is there a customer-specified method for handing complaints? Specified format for responding like 8D format, most customers are preferring standard formats but some customers are expecting some unique requirements as its application requirements.
  • Specific packing and labeling requirements should be specified. Generally packaging and labeling requirements mostly different for a single product from different customers, so it is very important to specific requirements are collected and approved by customers.

Some other requirements like MSA approval requirements, shipping notification, quality records and reviews, inspection reports, special characters and their symbol identifications, internal quality auditors’ qualifications, non-conformance details, etc. International standards – requirements mostly IATF 16949 requirements are Measurement system Analysis are consider as the primary requirement for the manufacturers of the automotive applications and same for the supplier chain that provided material to OEM & automotive applications assembling, supply chain also needs to update with the same technical specification which is automotive industries are following.

Implementation begins with training. Key supplier personnel must be trained in customer-specific requirements. Customer requirements typically come in two levels of specificity: identifying how a process should operate. or requiring an entirely new process or method. Detailed customer specifics can be implemented into processes by following a documentation strategy. Mapping the customer-specific requirements to processes is the least risky, and so the best. documentation strategy. Adopt a common process for the entire organization and clearly indicate different ways tasks should be performed to satisfy different customers. Organizations should follow these steps when adopting customer-specific requirements:

  1. Adopt the most stringent requirement.
  2. Describe how tasks may be different for different customers.
  3. Add different forms for different customers if the submission methods differ.
  4. Measure processes differently if customer measurement criteria vary.

Some customer criteria cannot be implemented just by mapping them into existing processes. Customer specifics may ask suppliers to adopt a certain system. For example. Daimler Chrysler requires the use of Power way. and Ford requires the use of a particular CAD system. Sometimes, the requirements mandate an entire implementation for e.g., MS-9000 or MMOG (by Ford) or Ford Ql requirements. Teams must be formed for these specific implementations and the mandates must be completed as a part of ISO/T S 16949 implementation.


Auditing Requirements  For Customer-Specific Requirements

Utilizing document review is the best method for determining whether the organization has already considered all of the customer-specific requirements. The internal auditor needs to have a detailed document review checklist with the “shalls” clearly delineated. The organization must complete the checklist, showing where it believes the customer-specific requirements are documented. The auditor will check to see if the processes indeed demonstrate evidence of compliance with the customer-specific requirements. As mentioned previously. some requirements are processes that would only be audited during an onsite audit. Once the auditor has checked each process and ensured that the processes demonstrate evidence of compliance with the customer’s specifics. then the requirements can be discarded and the process documentation used for the on-site audit. Trying to audit customer-specific requirements during an onsite audit without the document review is difficult and time-consuming. To understand the specific requirements matrix, let’s see what can consider requirements that customers can demands? And what kinds of customer demands or requirements are considered as specific. As on base of supplier’s previous experience with customers & routine supplies than extra things are requested by the customer that never asked before those requirements are considered as specific requirements, No it is not completely true, actually customer-specific requirements are considered on the basis of the customer’s requirements those are affecting the customer’s applications & business that concern with the quality of the products, some applications are very critical that required special measurements & Analysis to approve for the assembling, most of automotive customers requirements are almost specific. The reason very states that application of the product and its fitting criteria’s required tolerances of approval is very close that need to the analysis of the product to enhance quality with minor or zero tolerances with comparing customer’s required tolerances, there is no space for huge variation, application requirements variation of product an be very low that critical to maintaining for a supplier, that should need care at all the parameters, instructions and its follow-up strongly.

Customer Specific requirements matrix, base requirement is PPAP ( Part Production Approval Process ), it’s a specific requirement, the reason that customer buy the material for the assembling with a specific design that can possible are done in the assembly area, to match with the design of the customer engineering shop, product’s first part will be going to approval for,. Customer’s engineers are check as design provided to the supplier, match all possibilities to understand the further requirements, changes, or modifications to the finalized product. The customer-specific requirements matrix can be developed when we really fully understand the customer-specific requirements or customer’s end application’s requirements. the product we are manufacturing is installed/used at any particular part or utilize for a specific purpose of course against the customers must ask for unique requirements to match its requirements queries. To understand the customer-specific requirements, needs to verify what the really customer expects?

If you need assistance or have any doubt and need to ask any question  contact me at: preteshbiswas@gmail.com. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.


One thought on “IATF 16949:2016 Determining the Scope of the Quality Management System

Leave a Reply