Advertisements

Home » Uncategorized

Category Archives: Uncategorized

IATF 16949:2016 Corporate responsibility

It’s been over a year since Volkswagen was caught cheating on EPA tests, but the effects of that scandal are still reverberating throughout the automotive industry. The IATF 16949 standard has been revised by the International Automotive Task Force (IATF) based on industry feedback and engagement.This is the first time that ethics language has been included in an automotive quality standard. It’s significant because it gives us an opportunity to verify where the supply base stands on several core ethics policies. The new IATF 16949 standard states that certified organizations must implement basic corporate responsibility policies, such as anti-bribery policies, an employee code of conduct and an ethics escalation (whistle-blower) policy. Nine North American and European OEMs and five national automotive supplier associations have agreed to include corporate responsibility requirements in the new quality standard.The language is basic, but it clearly requires automotive sites worldwide to provide documentation that they have established an employee behavioral expectation code, implemented a formal process to report code violations and published an anti-bribery policy.There are no incremental costs to suppliers or OEMs to capture this corporate responsibility data. By late 2018, more than 65,000 supplier sites that are certified to the new standard—primarily Tier One and Tier Two direct-part manufacturers—must be physically audited and re-certified by an approved IATF third-party certification body. Non-compliance could result in suspension of a supplier’s quality certification and limitations to accessing new business opportunities.Fortunately, the Automotive Industry Action Group (AIAG), which oversees the creation of these global standards, is offering a free knowledge assessment tool so that industry professionals can identify gaps in their understanding of the Group’s Global Guidance Principles and address them before being audited.

IATF 16949:2016  5.1.1.1 Corporate responsibility

The organization is required to  define and implement corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation policy i.e. whisfle-blowing policy

Explanation:

To be successful today, the automotive industry and its supply chain partners must contend with heightened expectations from a range of stakeholders on complex corporate responsibility issues:
• A plethora of governmental regulations affect the use and management of chemicals in the production process. The organization must keep abreast of existing and emerging regulations on the use and management of chemicals in the production process and provide an assessment of their impact.
• A growing number of regions, countries, and non governmental organizations throughout the world require companies to report greenhouse gas emissions, which also factor into financial firms’ assessments, stockholder decisions and customer perceptions.This is an important first step in environmental sustainability. OEMs and suppliers are required to calculate and report emissions from the supply base in a consistent and accurate manner, and creating cost savings for the organization . The lessons learned and processes implemented for GHGs will set a foundation for other elements of environmental sustainability (i.e., water, wastes).
• The increased globalization of automotive production makes understanding and managing the impact of working conditions on business a greater challenge. Understanding and managing the working conditions impacts of business has become a greater challenge with the increased globalization of automotive production, and developing responsible working conditions begins with having a shared understanding of the key issues(child labor, forced labor, freedom of association, harassment and discrimination, health and safety, wages and benefits, and working hours.) up and down the supply chain.

  1. Business Ethics
    The basis for sustainable and successful business activity is to have integrity and transparent business practices. Companies are expected to operate honestly and equitably throughout the supply chain in accordance with local law, including those laws pertaining to:
    • Anti-Corruption
    • Anti-competitive Business Practices
    • Protection of Intellectual Property
    • Respect for Company and Personal Data
    • Export Controls
    • Conflicts of Interest
  2. Environmental Standards
    Companies are expected to pursue effective environmental protection throughout the supply chain in order to reduce the environmental footprint of our products through-out their life-cycle. All products manufactured within the supply chain, and the applied materials and substances used in the process are expected to meet environmental standards for design, development, distribution, use, disposal or recycling. Such a comprehensive approach includes but is not limited to:
    • Reducing energy and water consumption
    • Reducing greenhouse gas emissions
    • Increasing use of renewable energies
    • Enhancing appropriate waste management
    • Training of employees
    Businesses are expected to support a proactive approach to environmental challenges, and encourage the development and diffusion of environmentally friendly technologies.
  3. Working Conditions and Human Rights
    1. Child Labor and Young Workers
      Child labor should not be tolerated and the age of employment must be in accordance with local labor law.
    2. Wages and Benefits
      Compensation and benefits should be competitive and comply with applicable local laws, including those relating to minimum wages, overtime compensation, and legally mandated benefits.
    3. Working Hours
      Working hours, including overtime, should comply with applicable local laws regulating hours of work.
    4. Forced Labor
      Any form of forced or compulsory labor, including human trafficking, should not be tolerated.
    5. Freedom of Association
      Workers should be able to communicate openly with management regarding working conditions without fear of reprisal, intimidation or harassment. Workers should have the right to associate freely, to join or not join labor unions, seek representation, and join workers’ councils in accordance with local laws.
    6. Health and Safety
      Workers should have a safe and healthy working environment that meets or exceeds applicable standards for safety and occupational health.
    7. Harassment and Discrimination
      Harassment or discrimination against employees in any form is not acceptable.

Anti Bribery Policy

Ethical business practices are not only necessary for preserving reputability and improving business overall, but also for adhering to the law. Conducting bribery or corrupt activities won’t just get you a slap on the wrist; you could be heavily fined or potentially put behind bars. Bribery includes the act of offering, giving, promising, asking, agreeing, receiving, or soliciting something of value for the purpose of influencing an action. But being involved in bribery is not just limited to the act of offering a bribe: if you are on the receiving end and accept it, you are also breaking the law.  Anti Bribery  Policies should aim to:

  • Demonstrate its understanding of anti-bribery law.
  • Emphasise that the company has zero-tolerance for bribery.
  • Detail whom the policy applies to.
  • Detail the company and employees’ responsibilities.
  • Reduce and control bribery risks.
  • Provide rules about accepting gifts.
  • Provide guidance on how business should be conducted so to prevent bribery.
  • Provide direction on how to avoid conflicts of interest.
  • Include information about monitoring and reviewing the policy.
  • An anti-bribery policy demonstrates a company’s commitment to preventing bribery and corrupt activities, and all staff should be instructed to familiarise themselves with the information it contains.

Having this policy in place ensures that everyone knows what to do in regards to preventing bribery, which minimises the risks of bribery and corruption occurring in your business and therefore protects your company from facing any issues with the law.

Six Principles to prevent Bribery in the organization

The Organization having Anti- Bribery policy in place and wishing to prevent bribery being committed on their behalf should follow the following Six principles.  Commentary and guidance on what procedures the application of the principles may produce accompanies each principle. These principles are not prescriptive. They are intended to be flexible and outcome focussed, allowing for the huge variety of circumstances that organisations find themselves in. Small organisations will, for example, face different challenges to those faced by large multi-national enterprises. Accordingly, the detail of how organisations might apply these principles, taken as a whole, will vary, but the outcome should always be robust and effective anti-bribery procedures. As set out in more detail below, bribery prevention procedures should be proportionate to risk.

Principle 1: Proportionate procedures

An Organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale and complexity of the  organisation’s activities. They are also clear, practical, accessible, effectively implemented and enforced.
Commentary
The term ‘procedures’ is used  to embrace both bribery prevention policies and the procedures which implement them. Policies articulate the organisation’s anti-bribery stance, show how it will be maintained and help to create an anti-bribery culture. They are therefore a necessary measure in the prevention of bribery, but they will not achieve that objective unless they are properly implemented. Adequate bribery prevention procedures ought to be proportionate to the bribery risks that the organisation faces. An initial assessment of risk across the organisation is therefore a necessary first step. To a certain extent the level of risk will be linked to the size of the organisation and the nature and complexity of its business, but size will not be the only determining factor. Some small organisations can face quite significant risks, and will need more extensive procedures than their counterparts facing limited risks. However, small organisations are unlikely to need procedures that are as extensive as those of a large multi-national organisation. For example, a very small business may be able to rely heavily on periodic oral briefings to communicate its policies while a large one may need to rely on extensive written communication. The level of risk that organisations face will also vary with the type and nature of the persons associated with it. For example, the organisation that properly assesses that there is no risk of bribery on the part of one of its associated persons will accordingly require nothing in the way of procedures to prevent bribery in the context of that relationship. By the same token the bribery risks associated with reliance on a third party agent representing a commercial organisation in negotiations with foreign public officials may be assessed as significant and accordingly require much more in the way of procedures to mitigate those risks. Organisations are likely to need to select procedures to cover a broad range of risks but any consideration by a court in an individual case of the adequacy of procedures is likely necessarily to focus on those procedures designed to prevent bribery on the part of the associated person committing the offence in question.Bribery prevention procedures may be stand alone or form part of wider guidance, for example on recruitment or on managing a tender process in public procurement. Whatever the chosen model, the procedures should seek to ensure there is a practical and realistic means of achieving the organisation’s stated anti-bribery policy objectives across all of the organisation’s functions. Applying these procedures retrospectively to existing associated persons is more difficult, but this should be done over time, adopting a risk-based approach and with due allowance for what is practicable and the level of control over existing arrangements.

Procedures
Organisations bribery prevention policies are likely to include certain common elements. As an indicative and not exhaustive list, an organisation may wish to cover in its policies

  • its commitment to bribery prevention
  • its general approach to mitigation of specific bribery risks, such as those arising from the conduct of intermediaries and agents, or those associated with hospitality and promotional expenditure, facilitation payments or political and charitable donations or contributions;
  • an overview of its strategy to implement its bribery prevention policies.

The procedures put in place to implement an organisation’s bribery prevention policies should be designed to mitigate identified risks as well as to prevent deliberate unethical conduct on the part of associated persons. The following is an indicative and not exhaustive list of the topics that bribery prevention procedures might embrace depending on the particular risks faced:

  • The involvement of the organisation’s top-level management .
  • Risk assessment procedures
  •  Due diligence of existing or prospective associated persons
  • The provision of gifts, hospitality and promotional expenditure; charitable and political donations; or demands for facilitation payments.
  • Direct and indirect employment, including recruitment, terms and conditions, disciplinary action and remuneration.
  • Governance of business relationships with all other associated persons including pre and post contractual agreements
  • Financial and commercial controls such as adequate bookkeeping, auditing and approval of expenditure
  • Transparency of transactions and disclosure of information.
  • Decision making, such as delegation of authority procedures, separation of functions and the avoidance of conflicts of interest
  • Enforcement, detailing discipline processes and sanctions for breaches of the organisation’s anti-bribery rules.
  • The reporting of bribery including ‘speak up’ or ‘whistle blowing’ procedures
  • The detail of the process by which the organisation plans to implement its bribery prevention procedures, for example, how its policy will be applied to individual projects and to different parts of the organisation.
  • The communication of the organisation’s policies and procedures, and training in their application
  • The monitoring, review and evaluation of bribery prevention procedures

Principle 2: Top-level commitment

The top-level management (be it a board of directors, the owners or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organisation in which bribery is never acceptable.

Commentary
Those at the top of an organisation are in the best position to foster a culture of integrity where bribery is unacceptable. The purpose of this principle is to encourage the involvement of top-level management in the determination of bribery prevention procedures. It is also to encourage top-level involvement in any key decision making relating to bribery risk where that is appropriate for the organisation’s management structure.
Procedures
Whatever the size, structure or market of a commercial organisation, top-level management commitment to bribery prevention is likely to include (1) communication of the organisation’s anti-bribery stance, and (2) an appropriate degree of involvement in developing bribery prevention procedures.

Internal and external communication of the commitment to zero tolerance to bribery. This could take a variety of forms. A formal statement appropriately communicated can be very effective in establishing an anti-bribery culture within an organisation. Communication might be tailored to different audiences. The statement would probably need to be drawn to people’s attention on a periodic basis and could be generally available, for example on an organisation’s intranet and/or internet site. Effective formal statements that demonstrate top level commitment are likely to include:

  • a commitment to carry out business fairly, honestly and openly
  • a commitment to zero tolerance towards bribery• the consequences of breaching the policy for employees and managers
  • for other associated persons the consequences of breaching contractual provisions relating to bribery prevention (this could include a reference to avoiding doing business with others who do not commit to doing business without bribery as a ‘best practice’ objective
  • articulation of the business benefits of rejecting bribery (reputational, customer and business partner confidence)
  • reference to the range of bribery prevention procedures the commercial organisation has or is putting in place, including any protection and procedures for confidential reporting of bribery (whistle-blowing)
  • key individuals and departments involved in the development and implementation of the organisation’s bribery prevention procedures
  • reference to the organisation’s involvement in any collective action against bribery in, for example, the same business sector.

Top-level involvement in bribery prevention
Effective leadership in bribery prevention will take a variety of forms appropriate for and proportionate to the organisation’s size, management structure and circumstances. In smaller organisations a proportionate response may require top-level managers to be personally involved in initiating, developing and implementing bribery prevention procedures and bribery critical decision making. In a large multi-national organisation the board should be responsible for setting bribery prevention policies, tasking management to design, operate and monitor bribery prevention procedures, and keeping these policies and procedures under regular review. But whatever the appropriate model, top-level engagement is likely to reflect the following elements:

  • Selection and training of senior managers to lead anti-bribery work where appropriate.
  • Leadership on key measures such as a code of conduct.
  • Endorsement of all bribery prevention related publications.
  • Leadership in awareness raising and encouraging transparent dialogue throughout the organisation so as to seek to ensure effective dissemination of anti-bribery policies and procedures to employees, subsidiaries, and associated persons, etc.
  • Engagement with relevant associated persons and external bodies, such as sectoral organisations and the media, to help articulate the organisation’s policies.
  • Specific involvement in high profile and critical decision making where appropriate
  • Assurance of risk assessment.
  • General oversight of breaches of procedures and the provision of feedback to the board or equivalent, where appropriate, on levels of compliance.

Principle 3: Risk Assessment

The commercial organisation assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed and documented.

Commentary

For organisations this principle will manifest itself as part of a general risk assessment carried out in clause 4 in relation to business objectives.  The purpose of this principle is to promote the adoption of risk assessment procedures that are proportionate to the organisation’s size and structure and to the nature, scale and location of its activities. But whatever approach is adopted the fuller the understanding of the bribery risks an organisation faces the more effective its efforts to prevent bribery are likely to be. Some aspects of risk assessment involve procedures that fall within the generally accepted meaning of the term ‘due diligence’.

Procedures

Risk assessment procedures that enable the organisation accurately to identify and prioritise the risks it faces will, whatever its size, activities, customers or markets, usually reflect a few basic characteristics. These are

  • Oversight of the risk assessment by top level management.
  • Appropriate resourcing – this should reflect the scale of the organisation’s business and the need to identify and prioritise all relevant risks
  • Identification of the internal and external information sources that will enable risk to be assessed and reviewed.
  • Due diligence enquiries
  • Accurate and appropriate documentation of the risk assessment and its conclusions.

As a commercial organisation’s business evolves, so will the bribery risks it faces and hence so should its risk assessment. For example, the risk assessment that applies to a organisation’s domestic operations might not apply when it enters a new market in a part of the world in which it has not done business before

Commonly encountered risks

Commonly encountered external risks can be categorised into five broad groups – country, sectoral, transaction, business opportunity and business partnership:

  1. Country risk: this is evidenced by perceived high levels of corruption, an absence of effectively implemented anti-bribery legislation and a failure of the foreign government, media, local business community and civil society effectively to promote transparent procurement and investment policies.
  2. Sectoral risk: some sectors are higher risk than others. Higher risk sectors include the extractive industries and the large scale infrastructure sector.
  3. Transaction risk: certain types of transaction give rise to higher risks, for example, charitable or political contributions, licences and permits, and transactions relating to public procurement.
  4.  Business opportunity risk: such risks might arise in high value projects or with projects involving many contractors or intermediaries; or with projects which are not apparently undertaken at market prices, or which do not have a clear legitimate objective.
  5. Business partnership risk: certain relationships may involve higher risk, for example, the use of intermediaries in transactions with foreign public officials; consortia or joint venture partners; and relationships with politically exposed persons where the proposed business relationship involves, or is linked to, a prominent public official.

 An assessment of external bribery risks is intended to help decide how those risks can be mitigated by procedures governing the relevant operations or business relationships; but a bribery risk assessment should also examine the extent to which internal structures or procedures may themselves add to the level of risk. Commonly encountered internal factors may include

  • deficiencies in employee training, skills and knowledge
  • bonus culture that rewards excessive risk taking
  •  lack of clarity in the organisation’s policies on, and procedures for, hospitality and promotional expenditure, and political or charitable contributions
  • lack of clear financial controls
  • lack of a clear anti-bribery message from the top-level management.

Principle 4: Due diligence

The organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.

Commentary

Due diligence is firmly established as an element of corporate good governance and it is envisaged that due diligence related to bribery prevention will often form part of a wider due diligence framework. Due diligence procedures are both a form of bribery risk assessment  and a means of mitigating a risk. By way of illustration, a organisation may identify risks that as a general proposition attach to doing business in reliance upon local third party intermediaries. Due diligence of specific prospective third party intermediaries could significantly mitigate these risks. The significance of the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right. The purpose of this Principle is to encourage organisations to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with them from bribing on their behalf.

Procedures

As this guidance emphasises throughout, due diligence procedures should be proportionate to the identified risk. They can also be undertaken internally or by external consultants. A person ‘associated’ with a organisation  includes any person performing services for a commercial organisation. The scope of this definition is broad and can embrace a wide range of business relationships. But the appropriate level of due diligence to prevent bribery will vary enormously depending on the risks arising from the particular relationship. So, for example, the appropriate level of due diligence required by a organisation when contracting for the performance of information technology services may be low, to reflect low risks of bribery on its behalf. In contrast, an organisation that is selecting an intermediary to assist in establishing a business in foreign markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf. Organisations will need to take considerable care in entering into certain business relationships, due to the particular circumstances in which the relationships come into existence. An example is where local law or convention dictates the use of local agents in circumstances where it may be difficult for a organisation to extricate itself from a business relationship once established. The importance of thorough due diligence and risk mitigation prior to any commitment are paramount in such circumstances. Another relationship that carries particularly important due diligence implications is a merger of  organisations or an acquisition of one by another. ‘Due diligence’  should be conducted using a risk-based approach . For example, in lower risk situations,  organisations may decide that there is no need to conduct much in the way of due diligence. In higher risk situations, due diligence may include conducting direct interrogative enquiries, indirect investigations, or general research on proposed associated persons. Appraisal and continued monitoring of recruited or engaged ‘associated’ persons may also be required, proportionate to the identified risks. Generally, more information is likely to be required from prospective and existing associated persons that are incorporated (e.g. companies) than from individuals. This is because on a basic level more individuals are likely to be involved in the performance of services by a company and the exact nature of the roles of such individuals or other connected bodies may not be immediately obvious. Accordingly, due diligence may involve direct requests for details on the background, expertise and business experience, of relevant individuals. This information can then be verified through research and the following up of references, etc. A organisation’s employees are presumed to be persons ‘associated’ with the organisation for the purposes of the Bribery Act. The organisation may wish, therefore, to incorporate in its recruitment and human resources procedures an appropriate level of due diligence to mitigate the risks of bribery being undertaken by employees which is proportionate to the risk associated with the post in question. Due diligence is unlikely to be needed in relation to lower risk posts.

Principle 5: Communication (including training)

The  organisation seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organisation through internal and external communication, including training, that is proportionate to the risks it faces.

Commentary

Communication and training deters bribery by associated persons by enhancing awareness and understanding of a commercial organisation’s procedures and to the organisation’s commitment to their proper application. Making information available assists in more effective monitoring, evaluation and review of bribery prevention procedures. Training provides the knowledge and skills needed to employ the organisation’s procedures and deal with any bribery related problems or issues that may arise.

Procedures for Communication

  1. The content, language and tone of communications for internal consumption may vary from that for external use in response to the different relationship the audience has with the commercial organisation. The nature of communication will vary enormously between commercial organisations in accordance with the different bribery risks faced, the size of the organisation and the scale and nature of its activities.
  2. Internal communications should convey the ‘tone from the top’ but are also likely to focus on the implementation of the organisation’s policies and procedures and the implications for employees. Such communication includes policies on particular areas such as decision making, financial control, hospitality and promotional expenditure, facilitation payments, training, charitable and political donations and penalties for breach of rules and the articulation of management roles at different levels. Another important aspect of internal communications is the establishment of a secure, confidential and accessible means for internal or external parties to raise concerns about bribery on the part of associated persons, to provide suggestions for improvement of bribery prevention procedures and controls and for requesting advice. These so called ‘speak up’ procedures can amount to a very helpful management tool for commercial organisations with diverse operations that may be in many countries. If these procedures are to be effective there must be adequate protection for those reporting concerns.
  3.  External communication of bribery prevention policies through a statement or codes of conduct, for example, can reassure existing and prospective associated persons and can act as a deterrent to those intending to bribe on a commercial organisation’s behalf. Such communications can include information on bribery prevention procedures and controls, sanctions, results of internal surveys, rules governing recruitment, procurement and tendering. A organisation may consider it proportionate and appropriate to communicate its anti-bribery policies and commitment to them to a wider audience, such as other organisations in its sector and to sectoral organisations that would fall outside the scope of the range of its associated persons, or to the general public.

Procedure for Training

Like all procedures training should be proportionate to risk but some training is likely to be effective in firmly establishing an anti-bribery culture whatever the level of risk. Training may take the form of education and awareness raising about the threats posed by bribery in general and in the sector or areas in which the organisation operates in particular, and the various ways it is being addressed. General training could be mandatory for new employees or for agents (on a weighted risk basis) as part of an induction process, but it should also be tailored to the specific risks associated with specific posts. Consideration should also be given to tailoring training to the special needs of those involved in any ‘speak up’ procedures, and higher risk functions such as purchasing, contracting, distribution and marketing, and working in high risk countries. Effective training is continuous, and regularly monitored and evaluated. It may be appropriate to require associated persons to undergo training. This will be particularly relevant for high risk associated persons. In any event, organisations may wish to encourage associated persons to adopt bribery prevention training. Nowadays there are many different training formats available in addition to the traditional classroom or seminar formats, such as e-learning and other web-based tools. But whatever the format, the training ought to achieve its objective of ensuring that those participating in it develop a firm understanding of what the relevant policies and procedures mean in practice for them.

Principle 6: Monitoring and review

The  organisation monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.

Commentary

The bribery risks that the organisation faces may change over time, as may the nature and scale of its activities, so the procedures required to mitigate those risks are also likely to change. Organisations will therefore wish to consider how to monitor and evaluate the effectiveness of their bribery prevention procedures and adapt them where necessary. In addition to regular monitoring, an organisation might want to review its processes in response to other stimuli, for example governmental changes in countries in which they operate, an incident of bribery or negative press reports.

Procedures

There is a wide range of internal and external review mechanisms which organisations could consider using. Systems set up to deter, detect and investigate bribery, and monitor the ethical quality of transactions, such as internal financial control mechanisms, will help provide insight into the effectiveness of procedures designed to prevent bribery. Staff surveys, questionnaires and feedback from training can also provide an important source of information on effectiveness and a means by which employees and other associated persons can inform continuing improvement of anti-bribery policies. Organisations could also consider formal periodic reviews and reports for top-level management. Organisations could also draw on information on other organisations’ practices, for example relevant trade bodies or regulators might highlight examples of good or bad practice in their publications. In addition, organisations might wish to consider seeking some form of external verification or assurance of the effectiveness of anti-bribery procedures. Some organisations may be able to apply for certified compliance with one of the independently-verified anti-bribery standards maintained by industrial sector associations or multilateral bodies. However, such certification may not necessarily mean that a commercial organisation’s bribery prevention procedures are ‘adequate’ for all purposes where an offence under section 7 of the Bribery Act could be charged.

Example of Template of Anti Bribery policy

1. What does your policy cover?

1.1 This anti-bribery policy exists to set out the responsibilities o[f [COMPANY Name] and those who work for us in regards to observing and upholding our zero-tolerance position on bribery and corruption.
1.2 It also exists to act as a source of information and guidance for those working for [COMPANY NAME] . It helps them recognise and deal with bribery and corruption issues, as well as understand their responsibilities.

2. Policy statement

2.1 [COMPANY NAME] is committed to conducting business in an ethical and honest manner, and is committed to implementing and enforcing systems that ensure bribery is prevented. [COMPANY NAME] has zero-tolerance for bribery and corrupt activities. We are committed to acting professionally, fairly, and with integrity in all business dealings and relationships, wherever in the country we operate.
2.2 [COMPANY NAME] will constantly uphold all laws relating to anti-bribery and corruption in all the jurisdictions in which we operate. We are bound by the laws of the India, including the Prevention of Corruption Act 1988, in regards to our conduct both at home and abroad.
2.3 [COMPANY NAME] recognises that bribery and corruption are punishable by  imprisonment and a fine. If our company is discovered to have taken part in corrupt activities, we may be subjected to an  fine, be excluded from tendering for public contracts, and face serious damage to our reputation. It is with this in mind that we commit to preventing bribery and corruption in our business, and take our legal responsibilities seriously.

3. Who is covered by the policy?

3.1 This anti-bribery policy applies to all employees (whether temporary, fixed-term, or permanent), consultants, contractors, trainees, seconded staff, home workers, casual workers, agency staff, volunteers, interns, agents, sponsors, or any other person or persons associated with us (including third parties), or any of our subsidiaries or their employees, no matter where they are located (within or outside of the India). The policy also applies to Officers, Trustees, Board, and/or Committee members at any level.
3.2 In the context of this policy, third-party refers to any individual or organisation our company meets and works with. It refers to actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies – this includes their advisors, representatives and officials, politicians, and public parties.
3.3 Any arrangements our company makes with a third party is subject to clear contractual terms, including specific provisions that require the third party to comply with minimum standards and procedures relating to anti-bribery and corruption.

4. Definition of bribery

4.1 Bribery refers to the act of offering, giving, promising, asking, agreeing, receiving, accepting, or soliciting something of value or of an advantage so to induce or influence an action or decision.
4.2 A bribe refers to any inducement, reward, or object/item of value offered to another individual in order to gain commercial, contractual, regulatory, or personal advantage.
4.3 Bribery is not limited to the act of offering a bribe. If an individual is on the receiving end of a bribe and they accept it, they are also breaking the law.
4.4 Bribery is illegal. Employees must not engage in any form of bribery, whether it be directly, passively (as described above), or through a third party (such as an agent or distributor). They must not bribe a foreign public official anywhere in the world. They must
not accept bribes in any degree and if they are uncertain about whether something is a bribe or a gift or act of hospitality, they must seek further advice from the company’s compliance manager.

5. What is and what is NOT acceptable

5.1 This section of the policy refers to following areas:
• Gifts and hospitality.
• Facilitation payments.
• Political contributions.
• Charitable contributions.
5.2 Gifts and hospitality
[COMPANY NAME] accepts normal and appropriate gestures of hospitality and goodwill (whether given to/received from third parties) so long as the giving or receiving of gifts meets the following requirements:
a. It is not made with the intention of influencing the party to whom it is being given, to obtain or reward the retention of a business or a business advantage, or as an explicit or implicit exchange for favours or benefits.
b. It is not made with the suggestion that a return favour is expected.
c. It is in compliance with local law.
d. It is given in the name of the company, not in an individual’s name.
e. It does not include cash or a cash equivalent (e.g. a voucher or gift certificate).
f. It is appropriate for the circumstances (e.g. giving small gifts around Dipawali / Christmas or as a small thank you to a company for helping with a large project upon completion).
g. It is of an appropriate type and value and given at an appropriate time, taking into account the reason for the gift.
h. It is given/received openly, not secretly.
i. It is not selectively given to a key, influential person, clearly with the intention of directly influencing them.
j. It is not above a certain excessive value, as pre-determined by the company’s compliance manager (usually in excess of Rs1000).
k. It is not offer to, or accepted from, a government official or representative or politician or political party, without the prior approval of the company’s compliance manager.
5.3 Where it is inappropriate to decline the offer of a gift (i.e. when meeting with an individual of a certain religion/culture who may take offence), the gift may be accepted so long as it is declared to the compliance manager, who will assess the circumstances.
5.4 [COMPANY NAME] recognises that the practice of giving and receiving business gifts varies between countries, regions, cultures, and religions, so definitions of what is acceptable and not acceptable will inevitably differ for each.
5.5 As good practice, gifts given and received should always be disclosed to the compliance manager. Gifts from suppliers should always be disclosed.
5.6 The intention behind a gift being given/received should always be considered. If there is any uncertainty, the advice of the compliance manager should be sought.
5.7 Facilitation Payments and Kickbacks
[COMPANY NAME] does not accept and will not make any form of facilitation payments of any nature. We recognise that facilitation payments are a form of bribery that involves expediting or facilitating the performance of a public official for a routine governmental action. We recognise that they tend to be made by low level officials with the intention of securing or speeding up the performance of a certain duty or action.
5.8 [COMPANY NAME] does not allow kickbacks to be made or accepted. We recognise that kickbacks are typically made in exchange for a business favour or advantage.
5.9 [COMPANY NAME] recognises that, despite our strict policy on facilitation payments and kickbacks, employees may face a situation where avoiding a facilitation payment or kickback may put their/their family’s personal security at risk. Under these circumstances, the following steps must be taken:
a. Keep any amount to the minimum.
b. Ask for a receipt, detailing the amount and reason for the payment.
c. Create a record concerning the payment.
d. Report this incident to your line manager.
5.10 Political Contributions
[COMPANY NAME] will not make donations, whether in cash, kind, or by any other means, to support any political parties or candidates. We recognise this may be perceived as an attempt to gain an improper business advantage.
5.11 Charitable Contributions
[COMPANY NAME] accepts (and indeed encourages) the act of donating to charities – whether through services, knowledge, time, or direct financial contributions (cash or otherwise) – and agrees to disclose all charitable contributions it makes.
5.12 Employees must be careful to ensure that charitable contributions are not used to facilitate and conceal acts of bribery.
5.13 We will ensure that all charitable donations made are legal and ethical under local laws and practices, and that donations are not offered/made without the approval of the compliance manager.

6. Employee Responsibilities

6.1 As an employee of [COMPANY NAME] , you must ensure that you read, understand, and comply with the information contained within this policy, and with any training or other anti-bribery and corruption information you are given.
6.2 All employees and those under our control are equally responsible for the prevention, detection, and reporting of bribery and other forms of corruption. They are required to avoid any activities that could lead to, or imply, a breach of this anti-bribery policy.
6.3 If you have reason to believe or suspect that an instance of bribery or corruption has occurred or will occur in the future that breaches this policy, you must notify the compliance manager.
6.4 If any employee breaches this policy, they will face disciplinary action and could face dismissal for gross misconduct. [COMPANY NAME] has the right to terminate a contractual relationship with an employee if they breach this anti-bribery policy.

7. What happens if I need to raise a concern?

7.1 This section of the policy covers 3 areas:
a. How to raise a concern.
b. What to do if you are a victim of bribery or corruption.
c. Protection.
7.2 How to raise a concern
If you suspect that there is an instance of bribery or corrupt activities occurring in relation to [COMPANY NAME] , you are encouraged to raise your concerns at as early a stage as possible. If you’re uncertain about whether a certain action or behaviour can be considered bribery or corruption, you should speak to your line manager, the compliance manager, the director, or the Head of Governance and Legal.
7.3 [COMPANY NAME] will familiarise all employees with its whistleblowing procedures so employees can vocalise their concerns swiftly and confidentially.
7.4 What to do if you are a victim of bribery or corruption
You must tell your compliance manager as soon as possible if you are offered a bribe by anyone, if you are asked to make one, if you suspect that you may be bribed or asked to make a bribe in the near future, or if you have reason to believe that you are a victim of
another corrupt activity.
7.5 Protection
If you refuse to accept or offer a bribe or you report a concern relating to potential act(s) of bribery or corruption, [COMPANY NAME] understands that you may feel worried about potential repercussions. [COMPANY NAME] will support anyone who raises concerns in good faith under this policy, even if investigation finds that they were mistaken.
7.6 [COMPANY NAME] will ensure that no one suffers any detrimental treatment as a result of refusing to accept or offer a bribe or other corrupt activities or because they reported a concern relating to potential act(s) of bribery or corruption.
7.7 Detrimental treatment refers to dismissal, disciplinary action, treats, or unfavourable treatment in relation to the concern the individual raised.
7.8 If you have reason to believe you’ve been subjected to unjust treatment as a result of a concern or refusal to accept a bribe, you should inform your line manager or the compliance manager immediately.

8. Training and communication

8.1 [COMPANY NAME] will provide training on this policy as part of the induction process for all new employees. Employees will also receive regular, relevant training on how to adhere to this policy, and will be asked annually to formally accept that they will comply
with this policy.
8.2 [COMPANY NAME] ’s anti-bribery and corruption policy and zero-tolerance attitude will be clearly communicated to all suppliers, contractors, business partners, and any third-parties at the outset of business relations, and as appropriate thereafter.
8.3 [COMPANY NAME] will provide relevant anti-bribery and corruption training to employees etc. where we feel their knowledge of how to comply with the Prevention of Corruption Act 1988 needs to be enhanced. As good practice, all businesses should provide their employees with anti-bribery training where there is a potential risk of facing bribery or corruption during work activities.

9. Record keeping

9.1 [COMPANY NAME] will keep detailed and accurate financial records, and will have appropriate internal controls in place to act as evidence for all payments made. We will declare and keep a written record of the amount and reason for hospitality or gifts accepted and given, and understand that gifts and acts of hospitality are subject to managerial review.

10. Monitoring and reviewing

10.1 [COMPANY NAME] ’s compliance manager is responsible for monitoring the effectiveness of this policy and will review the implementation of it on a regular basis. They will assess its suitability, adequacy, and effectiveness.
10.2 Internal control systems and procedures designed to prevent bribery and corruption are subject to regular audits to ensure that they are effective in practice.
10.3 Any need for improvements will be applied as soon as possible. Employees are encouraged to offer their feedback on this policy if they have any suggestions for how it may be improved. Feedback of this nature should be addressed to the compliance manager.
10.4 This policy does not form part of an employee’s contract of employment and [COMPANY NAME] may amend it at any time so to improve its effectiveness at combating bribery and corruption.

—————————End of example————————————— 

Employee’s Code of Conduct

A code of conduct is a set of rules outlining the social norms and religious rules and responsibilities of, or proper practices for, an individual, party or organization and can be defined as “Principles, values, standards, or rules of behaviour that guide the decisions, procedures and systems of an organization in a way that (a) contributes to the welfare of its key stakeholders, and (b) respects the rights of all constituents affected by its operations.

A common code of conduct is written for employees of a company, which protects the business and informs the employees of the company’s expectations. It is ideal for even the smallest of companies to form a document containing important information on expectations for employees. The document does not need to be complex or have elaborate policies, but the file needs a simple basis of what the company expects from each employee. A Code of Conduct can be an important step in establishing an inclusive culture, but it is not a comprehensive solution on its own. An ethical culture is created by the organization’s leaders who manifest their ethics in their attitudes and behavior.] Studies of codes of conduct in the private sector show that their effective implementation must be part of a learning process that requires training, consistent enforcement, and continuous measurement/improvement.Simply requiring members to read the code is not enough to ensure that they understand it and will remember its contents.The proof of effectiveness is when employees/members feel comfortable enough to voice concerns and believe that the organization will respond with appropriate action. There is no standard code of ethics, and broad guidelines are given which can be adapted according to the organization culture and business requirement. Each organization Ethics & Compliance department is required to prepare a written Code of Conduct and implement the same within the organization.The main step has been mentioned with a brief narration and key activities required:

  1.  Mandate & commitment from top management: The Code of Conduct defines the core values of the organization thus impacting the organization culture. It also has an impact on the reputation of the organization as it specifies the organizations stance towards corporate social responsibility. Involvement of senior management is a must to provide direction, funding and resources.Obtain a formal commitment from the management and board of directors to establish the Code of Conduct. Approval for budgets for development, implementation and regular monitoring is required. Approval for staffing the department and establishing the reporting lines is need.
  2. Preparation of the policy document: The main policy document contains the values of the organization, management commitment to the same, details of the ethics program, and the monitoring process. Additionally all supporting policies are mentioned. For example, if the code specifies fair and just treatment for employees, there should be additional policies relating to workplace aggression, diversity, sexual harassment, equal opportunity etc.The core areas for the policy document needs to be identified. The main policy document needs to be supported by additional policies to ensure proper coverage and implementation. Benchmark the policy document with other organizations policy documents. Incorporate the legal requirements for the policy document.
  3. Approval of draft policy document: After completion of the policy document and supplementary policies the same should be approved by the senior management. The draft policy document needs to be formally approved by the top management, audit committee and board of directors. Obtain feedback from business users to determine if they are going to face any practical difficulties in implementing it.
  4. Develop an implementation strategy: An implementation strategy is critical for the success of the program. A project plan should be developed along with the implementation strategy. Involvement of Human Resources department is a must at this stage as they will be responsible for deploying training, incorporating the code of conduct in the appointment letters, establishing the reward system for maintaining ethics and also the reasons for terminating employees on grounds of unethical behavior. The implementation process will require:
    • Department structure and staff requirements of the Ethics office.
    • Selection of vendors for hotline and web systems implementation incase it is not being done in-house.
    • Reward and recognition system to be established by HR.
    • Ethical values should ideally be incorporated in the balance score card of the employee.
    • Training deployment strategy including the trainers, schedules, material and evaluation system.
    • Investigation and reporting procedures for minor and major deviances
  5. Training & Awareness: Communication is the key to a successful implementation of the Code of Conduct. Various methods and sources of training should be deployed simultaneously to train the staff and external stakeholders. A training calendar should be published for rolling out the training. Explore the following ideas for building awareness and training resources:
    • Prepare class room training material for educating the staff on the detailed policies.
    • Develop web based training program which includes ethical tests, case studies and business scenarios.
    • Publish relevant cases of ethical dilemmas on the intranet
    • Provide training to existing staff and incorporate the same in induction training for the new staff.
    • Publish the relevant policies on the web for external stakeholders like suppliers, etc.
    • Issue checklists for determining how to make decisions while facing ethical dilemmas.
  6. Implementing the required hotlines and software to monitor complaints: The organization has an option to develop a web-based reporting tool internally or outsource it. Whichever the case maybe, the final contact details and services should be published throughout the organization to enable staff to report complaints and discuss cases when they are facing ethical dilemmas. Undertake the following two steps for it:
    • Publish the contact numbers, email ids and websites for reporting complaints
    • Staff these 24/7 for effective monitoring or as per business requirement
  7. Reporting deviances and taking corrective action: Minor and major breaches to the Code of Conduct should be investigated properly. The report should identify people responsible for the breach, the level of it, corrective action to be taken and modifications required to the existing policies, if any. Do the following:Conduct investigations of the cases reported and submit reports to the audit committee and board of directors. Perform root cause analysis to determine the reason for deviances, and identify solutions to mitigate the risks.
  8. Evaluating commitment to ethical values: Depending on the requirements, periodically, surveys and audits should be conducted to evaluate the adherence to the policies and the overall attitude of the organization towards ethics. One must be aware that having a Code of Conduct does not ensure that it will be followed, hence regular monitoring is required to assess adherence. Adopt the following practices:
    • Conduct an Organization Survey to evaluate employee understanding and commitment to the Code of Business Ethics.
    • Periodically audit the practices being followed by benchmarking them against the policy document.
  9. Annual update: Policies are dynamic documents subject to revisions on the basis of changing economic and legal requirements. Do an overall assessment of the existing policies on annual basis, and incorporate changes after senior management approval. Also, for all additions and modifications, send formal communication to the staff. Use the following process:
    • Conduct an annual review of the policies.
    • Address gaps and deficiencies identified in the policies
    • Obtain management approval for the same
    • Roll out the updated policies and provide training to the staff.

The advantage of implementing a Code of Conduct is that it enhances the corporate governance efforts of the organization by establishing a uniform set of core values and behavior for all the staff. The staff know what is the right course of action, whom to approach in a dilemma and what will be the risks of adopting unethical behavior pattern. Due to this, the reputation and legal risks of the organization are also reduced since it is mandatory for employees to follow the law.

Example of Employee Code of conduct

In order to establish a harmonious and stable corporate environment for the sustainable development of the Company (as defined below) and realize the Company’s vision of “world-leading broadband communication and information service provider”, employees of the Company must adhere to the ethics and code of conduct in respect to their honesty, credibility and sense of responsibility, and endeavor to maximize the interest of customers, shareholders, employees and the society. All of the above serve as the basis of this Employee Code of conduct (the “Code of Conduct”).

1 General Provisions

1.1. Scope of Application
1.1.1. This Code of conduct is necessary to maintain the objectiveness and coordination of internal activities of the Company and important for the Company to convey its corporate spirit, quality of service and corporate value to its customers, employees, shareholders and society, and must be complied with by all the employees (the “Employees”) of [COMPANY NAME] and its branch companies and subsidiaries (the “Company”);
1.1.2. For Employees governed by the Code of Conduct for Management Personnel, the provisions of the Code of conduct for Management Personnel shall apply. For provisions not included in the Code of conduct for Management Personnel but included in this Code of Conduct, such provisions of this Code of Conduct shall apply;
1.1.3. Service agreements entered into between the Company and any staffing service providers shall expressly specify that staff seconded the Company shall comply with this Code of Conduct.
1.2. Performance of Duties
1.2.1. Employees of the Company should report any fraudulent behavior or behavior that violates this Code of conduct to the Supervision Department of the Company in accordance with the related reporting and processing policies and procedures;
1.2.2. The Company will provide appropriate channels, such as posting this Code of Conduct on the Company’s website, producing it prior to any business activity or incorporating it into commercial contracts, to ensure that parties that have business relations with the Company, such as suppliers, customers, agents, investors, creditors and debtors, are able to understand the principles and spirit of this Code of Conduct  in an accurate and timely manner.

2 Honesty and Credibility

2.1. Honesty and credibility are the fundamental principles of moral characters of the Company and all Employees. All Employees shall strive to maintain honesty and credibility in their work. Employees shall be honest and credible to customers, fellow tradesmen, partners, colleagues, shareholders, the country and the society.
2.2. Due fulfillment of responsibilities is an important approach for Employees to realize the principles of honesty and credibility. Employees should be responsible and self-disciplined, adhere to principles, be loyal to their duties, serve customers with enthusiasm and efficiency, handle the duties of their positions with a sense of responsibility, safeguard the interest of the Company as well as the rights and benefits of the shareholders and should not be concerned only about their own reputation or financial gains.
2.3. Employees should develop honesty and credibility as part of their fundamental professional ethics and reflect the same in their work, faithfully carrying out their commitments. Honesty and credibility should be fundamental to the Company’s development and success and instrumental to the realization of the Company’s core values.
2.4. Employees should view their performance reports appropriately and truthfully report their performance and keep accurate billing records, in order to ensure the truthfulness and reliability of accounting information and book records, the completeness of financial reporting procedures and the accuracy of the information submitted. False accounts, figures or performance results are strictly prohibited.
2.5. Employees are prohibited from providing any false or misleading information within and without the Company. The information disclosure procedures shall be strictly followed.
2.6. Employees should  strengthen the prevention of fraudulent behavior, in order to timely report and effectively prevent any fraudulent behavior. The Company encourages honesty and credibility as one aspect of the corporate culture by advocating and protecting Employee whistleblowing actions that truthfully expose fraudulent behaviors or behaviors that violate laws and regulations.
2.7. Employees have the obligation to comply with the current policies, laws, regulations and other regulatory requirements of the India and of the place of the Company’s listing, registration and business operation, and perform their duties according to the current rules as well as the Articles of Association of the Company.

3 Conflict of Interest

3.1. “Conflict of interest” in this Code of Conduct shall mean any conflict that has occurred or may occur between the personal interest of Employees and the interest of the Company, or between the Employees’ personal interest and their duties. In case of a conflict of interest, Employees should promptly report to their supervisors or the Supervision Department of the Company and proceed pursuant to the responses received in a timely manner.
3.2. Employees should abide by the Articles of Association and various rules and codes of the Company, faithfully perform their duties, and consciously prevent any conflict of interest for the best interest of the Company and its shareholders.
3.3. Employees should strictly comply with the laws, regulations and regulatory requirements in respect of anti-commercial bribery, distinguish normal commercial activities from improper business behaviors, firmly rectify any improper business behavior that violates commercial morality and fair competition, and cooperate with the regulatory authorities in their investigation of any commercial bribery  cases.
3.4. Employees are prohibited from illegally or inappropriately utilizing their positions or the inherent power thereof, information related to the Company’s operations or financial condition, or any information that may have a material effect on the market price of the Company’s securities for their or their families’ benefits. These activities include direct trading of securities, leaking information to others and suggesting others for such trading.
3.5. Employees are prohibited from carrying out, causing others to carry out or invest in any business activities that may compete with the Company’s businesses or business activities that have conflict of interest with the Company, or with their positions.
3.6. Employees are prohibited from conducting any connected transactions that may be detrimental to the Company’s interests with any economic entities in which they or their relatives serve or hold any investment or other forms of interest in. Employees are prohibited from holding any consulting, advisory or direct or indirect employment relationship with any customer, supplier or competitor of the Company or hold any substantial investment interest therein.
3.7. Employees should strictly abide by the related rules and policies of the Company in respect of “excuse from the position” and “excuse from the business”.

4 Relationship with Related Parties

4.1. “Relationship with related parties” in this Code of Conduct shall mean the relationship between Employees and related parties such as customers, business partners, competitors, regulators and other employees.
4.2. Employees should treat customers, business partners, competitors, regulators and other employees fairly.
4.3. Employees should adhere to the “Customers First” service concept and give customer service top priority.
4.3.1. Employees should develop the market-oriented service concept and focus on providing excellent services to customers;
4.3.2. Employees should protect the customers’ confidentiality and freedom of communication and should not disclose customers’ information and confidential data without customers’ consent;
4.3.3. In marketing activities, Employees should truthfully inform customers the Company’s services and products and fully respect customers’ freedom in making purchase decisions;
4.3.4. All Employees should respect customers’ rights and benefits and protect the legitimate interests of the Company.
4.4. When working with business partners, Employees of the Company should be consistent in their words and actions.
4.4.1. In selecting production chain partners, Employees of the Company should treat all candidates fairly and objectively and reasonably select the ultimate partner through tendering and bidding and other fair means in accordance with the Company’s rules;
4.4.2. When working with business partners, all Employees of the Company should consciously safeguard the legitimate interests of the Company, strictly abide by the laws and regulations prohibiting unfair competition, monopoly, corruption and bribery, strictly implement Company’s policies and procedures in commercial contracting and avoid unnecessary commercial risks;
4.4.3. Employees should have respect for the Company’s business partners and should not infringe upon the legitimate interests of the business partners in order to achieve mutually beneficial results for the Company and its partners.
4.5. Employees should strive to maintain a normal market competition environment and a good development environment for the Company.
4.5.1. Employees should follow the society’s moral standards and the rules of competition and are prohibited from taking inappropriate measures to interfere and interrupt network interconnection;
4.5.2. Employees should try to expand the Company’s market share by capitalizing on the Company’s advantages in services, products and brands and are prohibited from using inappropriate means such as exaggeration or distortion of facts and defaming our competitors’ product quality, service quality, financial condition, or business reputation;
4.5.3. Employees are prohibited from using any illegal or inappropriate means to obtain any commercial secrets or other confidential information of the Company’s competitors in relation to their products, services or marketing strategies;
4.6. All Employees of the Company should submit to the lawful supervision of the regulatory authorities, communicate as appropriate and assist in maintaining the regulation and order of the industrial market.
4.6.1. Employees should submit to the lawful supervision of the state and capital markets regulatory authorities and safeguard the legitimate interests of the Company;
4.6.2. Employees should have normal interactions with regulatory authorities and are prohibited from any inappropriate trading activities;
4.6.3. Relevant personnel should provide truthful and reliable information required by the regulatory authorities. For any omission or error, Employees should communicate with the regulatory authorities promptly and rectify such omission or error in accordance with the relevant procedures.
4.7. Employees of the Company should treat each other with trust and as equals and work as a team.
4.7.1. Employees should be warm and kind to colleagues, respect each person’s dignity, privacy and religious beliefs;
4.7.2. Employees should work as a team and use their expertise to promote innovation and team work.

5 Information Disclosure and Confidentiality

5.1. Employees should strictly abide by the Company’s confidentiality rules and undertake to safeguard  the Company’s commercial secrets and customers’ confidential information during the stipulated confidentiality period.
5.2. The State’s communications secrets, the Company’s commercial secrets and customer confidential information shall mean the proprietary or confidential information that has not been made public and, once made public, will be detrimental to the interests of the State, the Company and the customer, respectively, including, but not limited to, the State’s communications secrets, the Company’s operation information, strategic plans, customer data, remuneration information, marketing and sales strategies or any other confidential information.
5.3. Employees should safe keep confidential documents, materials and their storage media appropriately.
5.4. Employees must enter into confidentiality agreements with relevant parties when representing the Company in cooperative or business activities, if disclosure of confidential information is involved.
5.5. Employees should not exchange any confidential information pertaining to the Company with any individuals, companies or institutions or use them without authorization or entering into a confidential agreement, whether or not they are employed at the time by the Company or have benefited from such exchange or use.
5.6. Employees should strictly follow the Company’s information disclosure procedures and are prohibited from, without the Company’s permission, disclosing any confidential information of the Company to the public in their own names or in the name of the Company or make public statements relating to the Company. They are further prohibited from dispersing any false information.

6 Protecting Company Assets

6.1. Company Assets shall mean various tangible or intangible assets, trade secrets or other professional information that the Company owns or has the right to dispose of, including favorable business opportunities.
6.2. Employees should make reasonable use of and protect Company Assets, and ensure that Company Assets are reasonably utilized to serve lawful commercial purposes. Employees are prohibited from damaging, wasting, encroaching on, embezzling or abusing Company Assets in any way. Employees should always economize.
6.3. Employees should be risk-conscious, follow the Company’s cost control and management policies strictly and with discipline, and minimize operational risks. Management at each level and all Employees should actively minimize the potential operational risks and strengthen the monitoring and control of operational risks.
6.4. Employees should comply with safety rules and prevent accidents in order to minimize the Company’s asset loss and the Employees’ personal damages.

7 Reporting and Sanction

7.1. Any Employee who has violated this Code of Ethics is subject to Company sanctions, which include, but are not limited to, administrative sanction, termination of labor contract and transfer to judicial branch.
7.2. Every employee is obligated to timely report to supervisory departments any behavior that violates this Code of Ethics pursuant to relevant rules on reporting and handling of the Company. Audit Committee of the Board of Directors, Supervision Department, Audit Department and other departments of the Company are responsible for the supervision and handling of any violation of the Company’s rules and policies. Employees can report via any of the following means:
Mail: [Company mail address ]
Internet:[xx@yy.com]
Telephone and fax: [company phone no].
7.3. The Company encourages Employees to report any violation of laws, policies or regulations. The Company welcomes Employees’ comments and suggestions on operations and management of the Company through various communication channels including “Meet with the President” Day. Management at each level should treat employee comments seriously. Policies on reporting and handling should clearly specify that the Company should provide appropriate protection to whistleblowers and maintain information and records of such whistleblowing confidential. The Company should ensure the independence of personnel receiving and processing information provided by whistleblowers, differentiate authorization levels for relevant personnel and the de-classification authorization of archives. Personnel responsible for receiving, recording and processing or having access to reported information should sign additional confidential agreements specifying their obligations with regard to confidentiality. The Company should also reinforce the security measures for mailboxes, hotlines and email boxes for whistleblowing, distinguish responsibilities between management of reported information and report investigation and strictly follow the procedures for use of information and archives.
7.4. The Company protects employees reporting violation of laws, policies or regulations. Reporting via telephone or mail can be anonymous. Employees who leak information or retaliate against whistleblowers shall be subject to removal from position or termination of employment. Employees that violate the laws will be handed over to prosecution.

8 Supplementary Clauses

8.1. This Code of Conduct is a regulatory document setting forth professional standards for employees of the Company. As an attachment to the labor contract it has the same legally binding force and effect as the labor contract. Employees should also comply with the State’s laws, regulations and administrative rules, the Articles of Associations of the Company and various current rules and regulations within the Company.
8.2. When employees sign their labor contracts, they should also sign Employee Statement I (See Exhibit I), indicating that they know and will comply with the various provisions of this Code of Ethics and monitor and report any behavior in violation of this Code of Ethics.
8.3. Human Resource departments at each level should publicize and implement this Code of Ethics by various means, including training. They should also conduct training via mail or office system and have Employees sign Employee Statement II (see Exhibit II) annually, collect information on fraudulent behaviors and behaviors that violate this Code of Ethics, and submit to supervisory organizations for investigation and decision.
8.4. This Code of Ethics is reviewed by the Legal Department of the Company and by the Employees’ Congress. It shall take effect upon approval by the Board of Directors of the Company, which also has the interpreting authority. Termination or any modification of this Code of Ethics should be approved by the Board of Directors.

Exhibit I:  Employees Statement I

I have carefully read and understood the requirements of this Employee Code of Conduct (the “Code”) of [Company name]. I acknowledge that it is an exhibit to my labor contract with equal legal binding force and effect and undertake to abide by this Code. I hereby declare the following:
1. I will abide by professional ethics and not commit fraudulent acts or behaviors in violation of this Code;
2. I will timely report any fraudulent behavior or behaviors in violation of this Code.

(Signature)

Date:

Exhibit II: Employees Statement II

1. I have strictly complied with the Employees Code of Coduct of [Company name] (the “Code”) from _________,  to _________, and have not committed any acts in violation of this Code;
2. I am not aware of any acts committed by other employees that are fraudulent or in violation of this Code. I have truthfully reported all such acts that I’m aware of to the Supervision Department.

(Signature)

Date:

—————————End of example—————————————

 

Example of Whistleblowing  Policy of Oman LNG L.C.C

1. Introduction
Oman LNG is committed to the highest possible standards in terms of governance practices, openness/transparency, honesty, accountability, professionalism and duty of care in delivering ones responsibilities as prescribed in OLNG’s “Statement of General Business Principles” and “Code of Conduct”.

2. Purpose
This Policy aims to encourage every individual working for or dealing with the Company to report any Unethical Practices at any level of the organizational structure with complete comfort, confidence and protection. Also, it aims to define and establish the position of the Company on the framework for reporting Unethical Practices, and establish suitable steps to investigate and take necessary corrective actions.

3. Definition
a. “Unethical Practice” means any behavior or practice of the Company, its employees, contractors, suppliers or their individual employees in relation to their business dealings with the Company which is believed to be inconsistent with the Company’s General Business Principles and its general spirit, and includes, but is not limited to, the following suspected activities / improper practices:

  • Fraud or fraudulent financial reporting;
  • Manipulation of Company data / records, including forging official documents;
  • Abuse of authority at any defined level in the Company;
  •  Disclosure of confidential / proprietary information to unauthorized personnel;
  •  Knowingly violating applicable laws and regulations, thereby exposing the Company to penalties, fines or any legal action;
  • Any instances of misappropriation or abuse of Company property/assets;
  • Actively violating any laid down Company policy, including the Code of Conduct;
  • Economically wasteful act or action;
  •  Criminal activity;
  •  Harassment of any nature to employees or any other third party.
  •  Using confidential information acquired in the course of one’s work for personal advantage;
  •  Any other activities whether unethical or improper in nature and damaging the interests of the Company;
  •  Attempts to conceal any of the above.

b. “Whistleblower” means any person (employee, director, customer, vendor or any other individual stakeholder) reporting an Unethical Practice under this policy.

4.  Reporting Unethical Practice

a. The Company has introduced this policy to enable you to raise your concerns about Unethical Practices at an early stage and in the right way. If something is troubling you which you think the Company’s management or Board should know about or look into, then please refer to this policy.

b. Normally, concerns should be raised with the appropriate department that the issue is dealt with within the Company and should be handled in line with company policies and procedures. It is recognized, however, that there may be occasions where the use of normal chain of command may not be appropriate. Persons may believe their concerns:

  • are overly sensitive;
  • would  not be receiving appropriate attention;
  • are of particular significance;
  • the line manager/department is the perpetrator of the issue to be addressed or
  • the person may be sufficiently uncomfortable such that it warrants the use of another confidential reporting channel. 

Hence, the Whistleblower may report such Unethical Practice in writing to WhistleBlow@omanlng.co.om. This mailbox is regularly reviewed by the Chief Internal Auditor at the Company. 

c. The Chief Internal Auditor shall never reveal the name of the Whistleblower without his/her consent unless required by law. If they at some point of time are ordered and required by law to report the name of the Whistleblower, they shall inform the Whistleblower, unless they have lawful reasons not to do so.  Where the Whistleblower feels very exposed and is afraid of being victimized (s)he can e-mail anonymously when reporting the issue by hiding his / her identity. In this respect the Whistleblower shall provide and deliver all related information and facts with the initial report to facilitate the investigation process. The Whistleblower can remain anonymous in follow-up communications and clarifications by providing a discreet e-mail address.

d.The Whistleblower must address the following aspects, while reporting any issues under this policy:

  • Clear understanding of the issue being raised.
  • The issue should not be merely speculative in nature but should be based on actual facts.
  • Should contain as much specific information as possible to allow  proper  inquiry/ investigation.
  • If the Whistleblower has a personal interest in the matter, (s)he will be required to disclose this.

5. Protection to Whistleblower

The identity of the Whistleblower shall be kept confidential at all times, unless otherwise agreed with the Whistleblower or required by law (e.g. during the course of any legal proceedings, where the Whistleblower is required to give evidence in court).No unfair treatment shall be vetted out towards any Whistleblower acting in good faith by virtue of his/her having reported issues under this policy and the Company shall ensure that full protection is granted to him/her against any action.

—————————End of example————————————— 

Your Donation can make a difference

We have chosen to make our Resources freely and openly available on the web with the hope that it touches the life of thousands of readers who visits us daily. We hope our blog has helped in enhancing the knowledge of our readers and added value to organization and their implementers. We would request you to make donation large and small, so as to provide us the resources needed to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of updating and enriching our site content. Your contribution will ensure that we can keep our blog  up-to-date and add more of the rich resources — such as video — that make a difference for so many worldwide.
Your donation will demonstrate your commitment to knowledge as a public good and is an important part of our overall sustainability plan. Your donation is also important in demonstrating to us how much you value the site and motivates us to devote more of our time towards developing this blog.

Your Feedback


ExcellentVery GoodGoodokPoor /Needs improvement

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: preteshbiswas@gmail.com  or call at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

Advertisements

IATF 16949:2016 Determining the Scope of the Quality Management System

The scope of  QMS must do two things :1. Meet requirements consistently and 2. Enhance customer satisfaction by the effective application of  QMS,    continual improvement of  QMS and   providing assurance of conformity to customer and applicable regulatory requirements. Your organization must have the capability to determine your customer needs and requirements; design and develop product; know-how and capacity to manufacture product; package product; deliver on time; provide service and support; etc. It must have  ablity to repeat your capability within specified parameters for quality as defined by customers, your own organization or regulatory bodies. To achieve and demonstrate your capabilities, you must effectively plan, operate and control the processes, within your organization that provide them. These processes collectively form the scope of your quality management system (QMS).  The effectiveness application of your QMS can be determined by – how well QMS activities and results measure up to planned performance indicators. Continual improvement of the QMS is achieved by – increasing the ability of the QMS to meet requirements through raising the performance indicators and more efficient use of resources.   Assurance of conformity to requirements may be achieved by providing confidence that requirements will be fulfilled. This confidence may be achieved through – implementing prevention based controls; conducting internal/external audits; 3rd party certification of your QMS; etc.   This standard provides specific requirements to effectively plan, operate, control and improve your QMS processes. These requirements focus on prevention based controls and to a lesser extent detection based controls, as well as continual improvement of your QMS.   It is important to note that the does not specify requirements for product. The focus  is on your QMS and its processes. By effectively controlling and continually improving your QMS processes, there will obviously be a positive impact on product quality performance. look at  regulatory requirements applicable to your organization. These requirements may come from your customer; the industry you are in; from within your own organization; or state or federal organizations. You may need to apply regulatory requirements to your suppliers and outsourced processes (subcontractors). Your ultimate objective is to enhance customer satisfaction. You achieve this by planning, operating and improving your QMS to effectively meet customer and regulatory requirements. As this standard represents specific automotive OEM’s, your QMS must provide objective evidence that your QMS processes can identify and manage these requirements and that customer-specific requirements are effectively implemented.

Scope  refers to the type of automotive supply chain facilities, IATF 16949 is applicable to. “Automotive” includes cars, trucks (light, medium and heavy), buses, motorcycles. It excludes industrial, agricultural, off-highway (mining, forestry, construction, etc.). It includes all supplier ‘sites’  providing value-added parts, components, products , sub-assemblies and services up the supply chain to the OEM. TS 16949 requirements may be applied to any site in the supply chain by its customer. It applies to all supply chain facilities or ‘sites’ that manufacture production materials; production and service parts; assemblies; or provide (value-added) finishing services such as heat treating, welding, painting; etc., for the automotive OEM’s subscribing to this standard.This means that all Tier 1 suppliers providing such products or services directly to subscribing  automotive OEM’s, must get IATF 16949 certification and they in turn may flow IATF 16949 conformity or certification requirements down to Tier 2 suppliers and so on . The flow down to tier 2 or 3 has now become more the norm than the exception. The ultimate aim is that all supplier must be certified to IATF 16949 standard. This standard cannot be applied to:

  • Automotive after-market service parts made to original subscribing OEM specifications, but not procured and released through them.
  • Manufacturers of tooling; production equipment; jigs; fixtures; molds; etc used by the auto industry.
  • Remanufactured automobile parts.
  • Distribution centers; warehouses; parts packagers; logistics support; and sequencers.

Determine whether your activities or location is a site or support function. Note that the definition of ‘site’is a location where value-added manufacturing occurs and a support function is a value-adding non-manufacturing process that supports a site. The support function may be on-site or at a remote location.   The rules for third party Certification Body (Registrar) auditing of sites and remote locations are specified in an IATF document called “Automotive Certification Scheme for IATF 16949:2016 – Rules for achieving IATF recognition”. The general rule is that sites may obtain stand-alone IATF 16949 certification, but support functions, cannot obtain stand-alone certification.    Support functions may include a variety of non-manufacturing activities such as – design; purchasing; HR; sales; distribution centers; warehousing; sequencing; logistics; etc.     All support functions (whether on-site or off-site) that support a site must be included in that site’s QMS scope. As such they must be audited to all applicable IATF 16949 requirements including their interaction with site activities. Both manufacturing as well as support activities may be outsourced (i.e. performed by an independently owned organization, on your site or off-site). Organizations performing outsourced manufacturing activity must be subject to the same TS 16949 requirements that would apply if the activity were done by your organization. Such organizations can obtain independent IATF 16949 certification if required by their customers.  Organizations performing outsourced support functions (e.g. warehousing or HR services) may be subject to specific IATF 16949 requirements imposed by their customers, however they cannot obtain independent IATF 16949 certification for such support activities. They may obtain independent ISO 9001 certification. he organizations subscribing to the TS 16949 standard include: General Motors; Ford; Daimler Chrysler; Fiat; PSA Peugot-Citreon; Renault SA; FIEV: Opel Vauxhall; Audi; BMW; VW; Mercedes Benz; etc. The Japanese OEM’s while participating in the development of the IATF 16949 standard, do not formally subscribe to it or require it of their supply chain.

ISO 9001:2015 4.3 Determining the Scope of the Quality Management System

The organization must establish scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1.,the requirements of relevant interested parties in 4.2. and the products and services of the organization. Requirements from this International standards that can be applied by the organization shall be applied within the scope of the QMS. Requirements from this International standards that cannot be applied by the organization and which does not affect the organization’s ability or responsibility  to provide product and services that meet the conformity of its product and services and enhancement of the customer satisfaction. The organization must make available the scope and must maintain scope as documented information stating the Products and services covered by the QMS and any Justification where a requirement of this International standard cannot be applied.

For explanation on ISO 9001:2015 4.3.Determining the scope of the Quality Management System click here. 

IATF 16949:2016 4.3.1 Determining the Scope of the Quality Management System- Supplement

Supporting functions, whether on-site or remote {such as design centres, corporate headquarters, and distribution centres). shall be included in the scope of the Quality Management System.(QMS) . The only permitted exclusion for this Automotive  QMS Standard relates to the product design and development requirements within ISO 9001, .Section 8.3 The exclusion shall be justified aid maintained as documented information. Permitted exclusions do not include manufacturing process design.

Explanation:

In order to establish a QMS (Quality Management System) according to IATF 16949, you first need to define everything the QMS will apply to. This requirement is nothing new to quality standards, or any other management system standard, for that matter. Although it seems like just a formality, defining the scope is one of the crucial steps in the implementation and ongoing maintenance of the QMS. You will basically define to what processes, locations, products, and services your QMS applies, and this will provide an input for the certification body and auditors. Requirements for the scope in IATF 16949 are based mostly on ISO 9001, but as with many other requirements, the automotive industry goes a bit further. Since ISO 9001 requirements are the first we need to meet in the implementation, and are not stated in the text of the IATF 16949 standard, let’s examine them first.

Section 4.3 of the ISO 9001:2015 standard details the requirements for determining the scope of the Quality Management System. In a note about the QMS, it is stated that the QMS can include the whole organization, specifically identified functions of the organization, specifically identified sections of the organization, or one or more functions across a group of organizations. To start, there are three considerations to be included when determining the scope:

  • external and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
  • requirements of relevant interested parties
  • the product and service of the organization

In addition, the scope must state the products and services covered by the QMS, and justification for any instances where the ISO 9001 standard cannot be applied—but this requirement is further limited by IATF 16949, as you will see below.Although ISO 9001 allows organizations to decide which functions or sections will be included in the scope, IATF 16949 requires supporting functions, whether on-site or remote, to be included in the scope of the QMS. Supporting functions can be design centers, corporate headquarters, and distribution centers. This leaves far less freedom for the organization when defining the scope, and the aim is to ensure that all operations that affect the quality of products and services and/or customer satisfaction are included in the QMS scope. This will make the implementation much harder for some organizations, especially for big companies that have many locations on several continents. Customer-specific requirements also need to be evaluated and included in the scope of the QMS. In practice, this means that the organization will have to consider these requirements, and see how they reflect on the QMS and act accordingly. For some organizations, this won’t bring anything new; however, for companies where their customers define processes, products, or services it means that they will have to include all of this in the scope of the QMS. Furthermore, the standard in this section defines the exclusions. IATF 16949 allows exclusions only from clause 8.3, and even here, with many limitations. Basically, the only requirements that can be excluded are related to design and development of products and services. Permitted exclusions do not include manufacturing process design. Naturally, the organization will also have to provide and document justifications for exclusions. Finally, there is a requirement to document the scope; unlike ISO 9001, which doesn’t specify where and how, IATF 16949 requires the Quality Manual to include the information about the scope and justifications for any exclusions.

Usually, the scope of the QMS covers the entire organization. Some noted exceptions are when your QMS only covers one physical location of a multi-location company, or when your manufacturing or service is distinctly split between industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for automotive, and need to have a QMS certified to the ISO/TS 16949 QMS standard for automotive, but you want line 3 to be certified to ISO 9001 because many of the automotive requirements do not apply). So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable, if this is relevant. It should be clear enough to identify what your business does, and if not all parts of the business are applicable, it should be identified clearly which parts are.

Your scope does not have a size limit, and should include enough information to determine what is covered by the processes of the QMS. However, it is important to make clear what is included and what is not. If it is not clear to you what processes in your company are covered by your QMS, then how will it be clear to an outside auditor or other interested party? Making your scope statement simple and easy to read can help to focus your QMS efforts, and prevent unnecessary questions about activities that may not be applicable to your QMS certification. The definition of management system in ISO 9000:2015 for the first time provides an option to scope the system down to a single function or discipline. This was never the intent of a QMS, which was always intended to apply to an entire organization. ISO 9001:2015 also eliminated the term “permissible exclusions” by saying that if a requirement can be applied, it must be applied. Minimalists can now argue they only must include one function in their systems and incorporate only those requirements that apply to that function. IATF 16949:2016 addresses this problem in subclause 4.3.1, which requires support processes and value-adding sites to be included in a QMS’s scope. The previous 2008 version of ISO 9001 never mentioned omitting applicable requirements due to the geographic location of the processes. In IATF 16949:2016, where you choose to locate activities is your organization’s prerogative, but all applicable processes and requirements must be in the QMS regardless of where an organization chooses to locate and perform them. Individuals, such as auditors, who must verify whether an organization is conforming to applicable requirements must visit the locations in which those processes are being performed to verify conformance. The new ISO 9000:2015 definition of “management system” now allows for a QMS scope to be as narrow as one function. Furthermore, top management is aligned to the scope of the QMS. If a minimalist organization chose to include only the purchasing department in its scope, top management would be the purchasing executive. There is another argument that can be used by minimalist ISO 9001 implementers. A clause in IATF 16949:2016 indicates that if an ISO 9001 requirement can be applied, it must be, and product quality cannot be compromised.

For an example on how a scope could be derived please click here

IATF 16949:2016 4.3.2 Customer Specific requirements

Customer-specific requirements shall be evaluated and included in the scope of the organization’s quality management system.

Explanation:

Customer specific requirements (CSRs) as defined by IATF 16949 is “interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS standards

Customer-specific requirements are the requirements created by the customer with the expectation that the supplier will identify, implement, and audit these customer-specific requirements with the same intensity that they do the basic requirements of the standard. Customer-specific requirements are requirements which are outside the TS document. Had all the subscribers to the document been able to agree on these unique, very specific, company-specific requirements, then those requirements would have been written as part of the text inside TS. It is  importance that the audit team receiving details of customer-specific requirements well in advance of any audit (initial, surveillance, or renewal) from the organization, using them as a basis for the audit planning process. Failure to do so is viewed as an audit failure.Customer-specific requirements are those that are agreed to between the supplier and the customer. They typically fall into the following categories:

  • Part-specific requirements (dimensions, materials, performance characteristics, etc.)
  • Delivery requirements
  • Boiler-plate requirements (typically found in the purchase order)
  • General requirements (PPAP, APQP, etc.)
  • Process requirements (example: heat treat)

The terms customer specific requirements and supplier quality manuals are in many ways interchangeable. Some customers refer to their documents directly as ‘Customer Specific Requirements’ while others call their documents ‘Supplier Manuals’ or ‘Supplier Quality Manuals’. The distinction, in part, is that ‘Supplier Manuals’ or ‘Supplier Quality Manuals’ often contain customer specific requirements, as well as policies, terms and conditions unrelated to quality. Customer specific requirements, in their truest form, seek to expand the standard, or define how a customer wants a portion of the standard to be met.Customer-specific requirements are a component of lATF 16949 that cannot be ignored. ln fact, customer-specific requirements are more important in lATF 16949 than they were in QS-9000, which considered them as part of the requirements. Furthermore. the customer-specific requirements of DaimlerChrysler, Ford. and GM were the only essential “requirements” in implementing and auditing QS-9000. lATF I6949 changes this situation. The international Automotive Task Force (IATF), which consists of nine OEMs which include the following vehicle manufacturers: BMW Group, FCA US LLC, Daimler AG, FCA Italy Spa, Ford Motor Company, General Motors Company, PSA Group, Renault, Volkswagen AG and the vehicle manufacturers respective trade associations – AIAG (U.S.), ANFIA (Italy), FIEV (France), SMMT (U.K.) and VDA QMC (Germany) used a different strategy to create IATF 16949. When all of the IATF members could not agree on a certain clause or process, the objecting OEM put that particular clause into its own customer-specific requirements. Consequently, there are many more customer core requirements. The five Automotive Industry Action Group (AIAG) reference manuals, which were under stood to be core requirements of QS-9000. are now customer-specific requirements
of DaimlerChrysler. Ford. and GM.

Figure above shows that ISO 9001 is considered a base set of requirements that IATF 16949 builds upon for the automotive sector. IATF I6949 tells the supplier to conform to company- (i.e.customer specific requirements in addition to IATF l6949’s requirements. Additional requirements may include division-specific requirements, commodity-specific requirements. or part-specific requirements. Examples of division-specific requirements include a semiconductor commodity supplier to a DaimlerChrysler plant. or a heat treat supplier to a Ford Powenrain division. The semiconductor supplier has to contend with the following requirements:
ISO 9001,  IATF 16949,  five reference manuals. which are part of DaimlerChrysler’s requirements: semiconductor commodity-specific requirements issued by the Automotive Electronics Council: and part-specific requirements from a contract review. Similarly, the heat treat supplier to Ford Powertrain has to implement ISO 9001, IATF 16949. five reference manuals. heat treat requirements specific to Ford. a DCP control plan methodology specific to the Ford Powenrain division. and part-specific requirements of that particular heat-treated part. derived from contract review. Needless to say. the customer-specific requirements have gained a whole new degree of importance in IATF In fact. customer-specific requirements will be It challenge when implementing and/or auditing IATF I6949.

Documentation Requirements For Customer-Specific  Requirements

Customer-specific documentation requirements are stated in the customer-specific documents of DaimlerChrysler. Ford, and GM. The DaimlerChrysler requirement says. “All IATF 16949 requirements and the requirements of this document (i.e.. customer-specific requirements) shall be documented in the organizations quality system.” The Ford and GM customer-specific documents say. “All IATF 16949:2016 requirements and the requirements of this document shall be addressed by the organization’s quality system.” The DaimlerChrysler requirement asks the
organization to trace each “shall“ to ensure that it has been included in the documented system. The Ford and GM requirements ask the organization and the auditor to ensure that each “shall” has been addressed by the organization’s business/quality system. DaimlerChrysler’s documentation requirements are more precise and place a greater documentation burden on the organization. Organizations should map the customer-specific requirements into their process documentation or work instructions. Through this method. both current and future employees can become knowledgeable of customer-specific requirements as they work within a process. If your organization does not use this strategy. it will have difficulty separating out customer-specific requirements and addressing the issue of how employees are to ensure process repeatability. For example. clause 8.3.5.2 of the GM customer-specific requirements says. “The organization shall have a method to identify, control, and monitor the high risk items on those critical operations. There shall be rapid feedback and feed forward between inspection stations and manufacturing, between departments, and between shifts. ” This is a detail that needs to be built into the process. It is not possible for a management system to address such a requirement without building it into a process. work instruction. form, or checklist.

Implementing customer specific Requirements. 

The strategy for addressing customer-specific requirements should be as follows. First. the organization must identify and assemble all of the customer-specific requirements from its customer base.

Customer Specific requirement checklist: for Automotive industry (considered requirements of IATF 16949)

  • It is important that, utilization of accredited laboratory facility should be specified by as per government approved certifying body.
  • To be verify, is customer approved sub-contractor service to be utilized? The approved vendor list index such information.
  • Most important is transportation mode for shipping the materials should be specified, where containers / or and any vehicle type / or and specified as surface transportation.
  • Some analytical and statistical details that possible to demand by customer which is conducted internally for process and activities, like control plan, PFMEA, PPAP (PPAP is widely recommended and used in automotive industry, in with some customers are demand as necessary requirements)
  • Some customer is demand the detailed information about traceability requirements.
  • The stability of processes: ongoing process capability requirement should be specified; most customers can ask for it.
  • It should be clear with customer specific requirement, PPAP submission and sample size, grade and specification should be identified and confirmed from customers.
  • Is there customer specified method for handing of complaints? Specified format for responding like 8D format, most customers are preferring standard formats but some customers are expecting some unique requirements as its application requirements.
  • Specific packing and labeling requirements should be specified. Generally packaging and labeling requirements mostly different for single product from different customers, so it is very important to specific requirements are collected and approved from customers.

Some other requirements like, MSA approval requirements, shipping notification, quality records and reviews, inspection reports, special characteristic and its symbol identifications, internal quality auditors’ qualifications, non-conformance details etc. International standards – requirements mostly IATF 16949 requirements are Measurement system Analysis are consider as primary requirement for the automotive applications manufacturers and same for the supplier chain that provided material to OEM & automotive applications assembling, supplier chain is also need to update with same technical specification which is automotive industries are follow.

Implementation begins with training. Key supplier personnel must be trained in customer-specific requirements. Customer requirements typically come in two levels of specificity: identifying how a process should operate. or requiring an entirely new process or method. Detailed customer specifics can be implemented into processes by following a documentation strategy. Mapping the customer-specific requirements to processes is the least risky, and so the best. documentation strategy. Adopt a common process for the entire organization and clearly indicate different ways tasks should be performed to satisfy different customers. Organizations should follow these steps when adopting customer-specific requirements:

  1. Adopt the most stringent requirement.
  2. Describe how tasks may be different for different customers.
  3. Add difierent forms for different customers if the submission methods differ.
  4. Measure processes differently if customer measurement criteria vary.

Some customer criteria cannot be implemented just by mapping them into existing processes. Customer specifics may ask suppliers to adopt a certain system. For example. DaimlerChrysler requires the use of Powerway. and Ford requires the use of a particular CAD system. Sometimes, the requirements mandate an entire implementation for e.g., MS-9000 or MMOG (by Ford) or Ford Ql requirements. Teams must be formed for these specific implementations and the mandates must be completed as a part of ISO/T S 16949 implementation.

Auditing Requirements  For Customer-Specific Requirements

Utilizing document review is the best method for determining whether the organization has already considered all of the customer-specific requirements. The internal auditor needs to have a detailed document review checklist with the “shalls“ clearly delineated. The organization must complete the checklist, showing where it believes the customer-specific requirements are documented. The auditor will check to see if the processes indeed demonstrate evidence of compliance with the customer-specific requirements. As mentioned previously. some requirements are processes that would only be audited during an onsite audit. Once the auditor has checked each process and ensured that the processes demonstrate evidence of compliance with the customer’s specifics. then the requirements can be discarded and the process documentation used for the on-site audit. Trying to audit customer-specific requirements during an onsite audit without the document review is difficult and time-consuming. To understand the specific requirements matrix, let’s see what can be consider requirements that customer can demands? And what kinds of the customer demands or requirements are consider as specific. As on base of supplier’s previous experienced with customers & routine supplies than extra things are request by customer that never asked before that requirements are consider as specific requirements, No its not a complete true, actually customer specific requirements are consider on base of the customer’s requirements those are affect the customer’s applications & business that concern with quality of the products, some applications are very critical that required special measurements & Analysis to approve for the assembling, most of automotive customers requirements are almost specific. Reason is very state that application of the product and its fitting criteria’s required tolerances of approval is very close that need to analysis of the product to enhance quality with minor or zero tolerances with compare customer’s required tolerances, there are no space for huge variation, application requirements variation of product an be very low that critical to maintain for supplier, that should be need care at all the parameters, instructions and its follow-up strongly.

Customer Specific requirements matrix, base requirement is PPAP ( Part Production Approval Process ), it’s a specific requirement, reason that customer buy the material for the assembling with specific design that can possible are done in assembly area, to match with design of the customer engineering shop, product’s first part will be going to approval for,. Customer’s engineer are check as design provided to supplier, match all possibilities to understand for the further requirements, changes or modifications to finalized product. The customer specific requirements matrix can we develop when we really fully understand the customer specific requirements or customer’s end application’s requirements. the product we are manufacturing is installed / used at any particular part or utilize for specific purpose of course against the customers must ask for unique requirements to match its requirements queries. To understand the customer specific requirements, needs to verify what really customer expect? See below simple customer specific requirement checklist.​

pdf BMW Group Customer Specific Requirements for IATF 16949:2016 – September 2017
pdf FCA US LLC Customer Specific Requirements for IATF 16949:2016
pdf FCA Italy S.p.A Customer Specific Requirements for IATF 16949:2016
pdf Ford Motor Company Customer Specific Requirements for IATF 16949:2016 – effective May 2017
pdf General Motors Customer Specific Requirements for IATF 16949:2016 – Effective Nov 1, 2017
pdf PSA Group Customer Specific Requirements for use with IATF 16949:2016
pdf Volkswagen Group Customer Specific Requirements for use with IATF 16949:2016

Your Donation can make a difference

We have chosen to make our Resources freely and openly available on the web with the hope that it touches the life of thousands of readers who visits us daily. We hope our blog has helped in enhancing the knowledge of our readers and added value to organization and their implementers. We would request you to make donation large and small, so as to provide us the resources needed to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of updating and enriching our site content. Your contribution will ensure that we can keep our blog  up-to-date and add more of the rich resources — such as video — that make a difference for so many worldwide.
Your donation will demonstrate your commitment to knowledge as a public good and is an important part of our overall sustainability plan. Your donation is also important in demonstrating to us how much you value the site and motivates us to devote more of our time towards developing this blog.

Your Feedback


ExcellentVery GoodGoodokPoor /Needs improvement

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: preteshbiswas@gmail.com  or call at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 Conformance of products and processes

Conformance of products and processes is the ability of a product, service, or process to meet its design specifications. Design specifications are an interpretation of what the customer needs. Of course, a product having high quality of conformance may still not be perceived by a customer as being an acceptable product if the person who created the design specifications did not correctly interpret what the customer wanted. Conformance is measured within an acceptable tolerance range. For example, if customers expect delivery of car within 10 minutes of its scheduled delivery date, then any delivery time within that time frame has a high quality of conformance, while any longer interval does not. Thus, it equates to conformance to specifications within an acceptable tolerance range.

It is possible for a product to be of extremely high quality in terms of being produced within a tight tolerance range, using premium materials, and including all possible features. However, if the design specifications call for a less expensive product with fewer features, then the product is considered to have a low quality of conformance. This means that a high cost does not necessarily equate to a high quality of conformance. As an example, if a car is designed to sell at a low price, have excellent fuel economy, and operate reliably, then those are the key specifications that the actual vehicle must meet in order to have a high quality of conformance. If the vehicle were to have an oversized engine that provided more torque than necessary, it would have a low quality of conformance, because including such an engine would increase the price of the car and result in lower fuel economy. A management technique is to track how persistently a product or service is measured close to the outer boundary established for conformance. If the measurement remains near the boundary for a significant period of time, it is likely that a breach of the measurement threshold will occur soon, so management can begin to direct attention to rectifying the issue. For example, a delivery that is consistently within just a few moments of the maximum allowable delivery threshold should be investigated. Such investigations may locate problems that can be rectified, or perhaps detect intentional measurement errors to keep the reported amounts within the conformance threshold.

Before we discuss on Conformance of products and processes, we must discuss three aspects associated with definition of quality: quality of design, quality of conformance. and quality of performance.

  1. Quality of Design
    Quality of is all about set conditions that the product or service must minimally have to satisfy the requirements of the customer. Thus. the product or service must be designed in such a way so as to meet at least minimally the needs of the consumer. However. the design nmst be simple and also less expensive so as to meet the customers‘ product or service expectations. Quality of design is influenced by many factors. such as product type, cost, profit, policy, demand of the availability of parts and materials and product reliability.
  2. Quality of Conformance
    Quality of conformance is basically the standards defined in the design phase after the product is manufactured or while the service is delivered. This phase is also concerned about is control starting from raw material to the finished product. Three broad aspects are covered in  this definition. viz. defect detection, defect root cause analysis. and defect prevention. Defect prevention deals with the means to deter the occurrence of defects and is usually achieved using statistical process control techniques defects may be by inspection. testing or statistical data analysis collected fiom process, the root causes behind the presence of defects are investigated. and finally corrective actions are taken to prevent recurrence of the defect.
  3. Quality of Performance
    Quality of performance is how well the product functions or service performs when put to use. It measures the degree to which the product or Service satisfies the customer from the perspective of both of design and the quality of conformance. Meeting customer expectation is the focus when we talk about of performance. Automobile industry conduct test drive of vehicles to collect information about mileage, oil consumption. Bulbs are life tested to understand its reliability during useful life. Customer survey is conducted to find customer‘s perception about service delivered. If product or service does not live up to customer expectation then adjustments are needed in the design or conformance phase.

IATF 16949:2016 4.4.1.1 Conformance of products and processes

The organization has to  ensure conformance of all its products and processes, including service parts and those that are outsourced, to all applicable customer, statutory, and regulatory requirements

Explanation:

All customers have needs, requirements, wants, and expectations. Needs are essential to maintain certain standards, or essential for products and services, to fulfill the purpose for which they have been acquired. Requirements are what is requested of others and may encompass  needs but often is not realized until after rwe have been made.  Hence requirements at the moment of sale may or may not express all needs. Requirements may include wants — nice to have but not essential. Expectations are implied needs or requirements. They have not been requested because it is taken  for granted — regarded as to be understood as the accepted norm. They may be things to which customers are accustomed, based on fashion, style, trends, or previous experience. In supplying products or services there are three fundamental parameters which determine their saleability. They are price, quality, and delivery. Customers require products and services of a given quality to be delivered by or be available by a given time and to be of a price that reflects value for money. These are the requirements of customers. An organization will survive only if it creates and retains satisfied customers and this will only be achieved if it offers for sale products or services which respond to customer needs and expectations as well as requirements. While price is a function of cost, profit margin, and market forces, and delivery is a function of the organizations efficiency and effectiveness, quality is determined by the extent to which a product or service successfully serves the purposes of the user during usage (not just at the point of sale). Price and delivery are both transient features, whereas the impact of quality is sustained long after the attraction or the pain of price and delivery have subsided. A product which possesses features that satisfy customer needs is a quality product. Likewise, one that possesses features which dissatisfy customers is not a quality product. The customer is the only one who can decide whether the quality of the products and services you supply is satisfactory and you will be conscious of this either by direct feedback or by loss of sales, reduction in market share, and, ultimately, loss of business.

Quality characteristics

Any feature or characteristic of a product or service which is needed to satisfy customer needs or achieve fitness for use is a quality characteristic. When dealing with products the characteristics are almost always technical characteristics, whereas service quality characteristics have a human dimension. Some typical quality characteristics are given in the table below.

These are the characteristics which need to be specified and their achievement controlled, assured, improved, managed, and demonstrated. When the value of these characteristics is quantified or qualified they are termed quality requirement or requirement for quality. Requirements for quality can be defined as an expression of the needs or their translation into a set of quantitatively or qualitatively slated requirement for the draracterislics of an entity to enable it realization and examination.  Technical requirements for a product or service are quality requirements. In practice, characteristics are usually classified into the categories critical, major, and minor. The terms can be defined in simple terms as follows:

  1. Critical characteristic—Any feature whose Failure can reasonably be expected to present a safety hazard either to the user of the productor to anyone depending on the product functioning properly.
  2. Major characteristic—Any Feature, other than critical. whose failure would likely result in a reduction of the usability of the product.
  3. Minor characteristic—Any feature, other than major or critical. whose failure would likely be noticeable to the user.
  4. Incidental characteristic—Any Feature other than critical, major, or minor.

Of course, it is possible to develop classification schemes that are more detailed.However, the above definitions suflice for the vast majority of applications. Most often classifications of critical characteristics are noted on the drawing as well as in the manufacturing plan, as well as in such other ways as to give the user ample warning of potential hazards.

A classification of defects is the enumeration of possible defects of the unit of product classified according to their seriousness.

  1. Defect—Any nonconformance of the unit of product with specified requirements.
  2. Defective—A product with one or more defects.
  3. Critical defect—A critical defect is a defect that judgment and experience indicate would result in hazardous or unsafe conditions for individuals using, maintaining. or depending upon the product or at defect that judgment and experience indicate is likely to prevent performance of the tactical function of a major end item such as cars, trucks, Ship, aircraft. tank, missile. or space vehicle.
  4. Critical defective—A critical detective is a unit of Product which contains one or more critical defects and may also contain major and/or minor defects.
  5. Major defect—A major defect is a defect, other than critical, that is likely to result in failure or to reduce materially the usability of the unit of product For its intended purpose.
  6. Major defective—A major defective is a unit of product which contains one or more major defects and may also contain minor defects but contains no critical defects.
  7. Minor defect—A minor defect is a defect that is not likely to reduce materially the usability of the unit of product for its intended purpose or is a departure From established standards having little bearing on the effective use or operation of the unit.
  8. Minor defective—A minor defective is a unit of product which contains one or more minor defects but contains no critical or major defect.

Design Review and Qualification

A great deal of what We learn comes from experience. The more we do a thing, the more we learn about doing it better. As a corollary, when something is new or untried we tend to make more mistakes. Design review and qualification is performed to apply the lessons learned from experience with other products and projects to the new situation. The objective is to introduce the new item with a minimum of startup problems, errors, and engineering changes. This involves such activities as:

  • Locating qualified suppliers
  • Identifying special personnel, equipment, handling, storage, quality and regulatory requirements
  • Providing information to marketing for forecasting, promotional. and public-relations purposes.

The design review and qualification activity is usually performed after the development of an acceptable prototype and before full—scale production. Design review often takes place in formal and informal meetings involving manufacturing, quality, and engineering personnel. In some cases, customer personnel are also present. The meetings involve the discussion of preliminary engineering drawings and design concepts. The purpose is to determine if the designs can be produced (or procured) and inspected within the cost and schedule constraints set by management. If not, one of two courses of action must be taken: 1) change the design or 2) acquire the needed production or inspection capabilities. The design review is commonly where critical and major characteristics are identified. This information is used to design functional test and inspection equipment, as well as to focus manufacturing and quality efforts on high—priority items. Formal Failure Mode, Effects and Criticality Analysis (FMECA) and Fault
Tree Analysis (FTA) is also performed to assist in identification of important features. When feasible. a pilot run will be scheduled to confirm readiness for full-scale production. Pilot runs present an excellent opportunity for process capability analysis (PCA) to verify that the personnel, machines, tooling, materials and procedure can meet the engineering requirements. The pilot run usually involves a small number of parts produced under conditions that simulate the full—scale production environment. Parts produced in the pilot run are subject to intense scrutiny to determine any shortcomings in the design, manufacturing, or quality plans. Ideally, the pilot run will encompass the entire spectrum of production, from raw materials to storage to transportation, installation and operation in the field. Properly done, design review and qualification will result in a full-scale production plan that will minimize startup problems, errors, and engineering changes after startup. The production plan will include error-free engineering drawings, a manufacturing plan and a quality plan. .

Process Qualification and Validation Methods

Process qualification and validation are primarily control issues. One objective is to identify those processes that are capable of meeting management and engineering requirements, if properly controlled. Another objective is to assure that processes are actually performing at the level which they are capable of performing, This requires that process capability be analyzed using statistical methods and that products are produced only on those processes capable of holding the required tolerances.

Dimensions of quality

In addition to quality parameters there are three dimensions of quality

  • The business quality dimension. This is the extent to which the business services the needs of society. Customers are not only interested in the quality of particular products and service but judge suppliers by the general level of quality products they provide and continuity of supply, their care of the environment, and their adherence to health, safety, and legal regulations.
  • The product quality dimension. This is the extent to which the products and service provided meet the needs of specific customers.
  • The organization quality dimension. This is the extent to which the organization maximizes its efficiency and effectiveness, achieving minimum waste, efficient management, and good human relations Companies that do not operate efficiency or do not meet their employees‘ expectations wili generally find their failure costs to be high and will lose their best people. This directly affects all aspects of quality.

Many organizations only concentrate on the product quality dimension, but the three are interrelated and interdependent. Deterioration in one leads to a deterioration in the others, perhaps not immediately but eventually. As mentioned previously, it is quite possible for an organization to satisfy the customers for its products and services and fail to satisfy the needs of society. Within an organization, the working environment may be oppressive — there may be political infighting and the source of revenue so secure that no effort is made to reduce waste. Even so, such organizations may produce products and services which satisfy their customers. We must separate these three concepts to avoid confusion.

There are three primary organization levels: the enterprise level, the business level, and the operations level‘. Between each level there are barriers. At the enterprise level, the executive management responds to the voice of ownership and is primarily concerned with profit, return on capital employed, market share, etc. At the business level, the managers are concerned with products and services and hence respond to the voice of the customer. At the operational level, the middle managers, supervisors, operators, etc. focus on processes that produce products and services and hence respond to the voice of the processes carried out within their own function. In reality, these levels overlap, particularly in small organizations. The CEO of a small company will be involved at all three levels whereas in the large multinational, the CEO spends all of the time at the enterprise level, barely touching the business level, except when major deals with potential customers are being negotiated. Once the contract is won, the CEO of the multinational may confine his/her involvement to monitoring performance through metrics and goals. Quality should be a strategic issue that involves the owners as it delivers fiscal performance. Low quality will cause fiscal performance ultimately to decline.The typical focus for a quality system is at the operations level. It is seen as an initiative for work process improvement. The documentation is often developed at the work process level and focused on functions. Much of the effort is focused on the processes within the functions rather than across the functions and only involves the business level at the customer interface, as illustrated in Table:.

Quality management

The basic goal of quality management is the elimination of failure: both in the concept and in the reality of our products, services, and processes. In an ideal world, if we could design products, services, and processes that could not fail we would have achieved the ultimate goal. Failure means not only that products, services, and processes would fail to fulfill their function but that their function was not what our customers desired.Hence quality management is a means for planning, organizing, and controlling the prevention of failure. All the tools and techniques that are used in quality management serve to improve our ability to succeed in our pursuit of excellence. Quality does not appear by chance, or if it does it may not be repeated. One has to design quality into the products and services. It has often been said that one cannot inspect quality into a product. A product remains the same after inspection as it did before, so no amount of inspection will change the quality of the product. However, what inspection does is measure quality in a way that allows us to make decisions on whether to release a piece of work. Work that passes inspection should be quality work but inspection unfortunately is not 100% reliable. Most inspection relies on the human judgement of the inspector and human judgement can be affected by many factors, some of which are outside our control (such as the private life, health, or mood of the inspector).

Several methods have evolved to achieve, sustain, and improve quality, they are quality control, quality improvement, and quality assurance, which collectively are known as quality management. 

Quality control (QC)

Quality control is the operational techniques and activities that are used to fulfill requirements for quality. This  implies that any activities, whether sewing the improvement, control, management, or assurance of quality, could be a quality control activity. They prevent change and when applied to quality regulate quality performance and prevent undesirable changes in the quality standards. Quality control is a process for maintaining standards and not for creating them. Standards are maintained through a process of selection, measurement, and correction of work, so that only those products or services that emerge from the process meet the standards. In simple terms, quality control prevents undesirable changes being present in the quality of the product or service being supplied. The simplest form of quality control is illustrated  Quality control can be applied to particular products, to processes that produce the products, or to the output of the whole organization by measuring the overall quality performance of the organization. Quality control is often regarded as a post-event activity: i.e. a means of detecting whether quality has been achieved and taking action to correct any deficiencies. However, one can control results by installing sensors before, during, or after the results are created. It all depends on where you install the sensor, what you measure, and the consequences of failure. Some failures cannot be allowed to occur and so must be prevented from happening through rigorous planning and design. Other failures are not so critical but must be corrected immediately using automatic controls or mistake-proofing. Where the consequences are less severe or where other types of sensor are not practical or possible human inspection and test can be used as a means of detecting failure. Where failure cannot be measured without observing trends over longer periods, you can use information controls. They do not stop immediate operations but may well be used to stop further operations when limits are exceeded. The progressive development of controls from having no control of quality to installing controls at all key stages from the begin ning to the end of the life cycle is illustrated in Figure below As can be seen, if you have no controls, quality products are produced by chance and not design. The more controls you install the more certain you are of producing products of consistent quality but there is a need for balance to be achieved. 

It is often deemed that quality assurance serves prevention and quality control detection, but a control installed to detect failure before it occurs serves prevention, such as reducing the tolerance band to well within the specification limits. So quality control can prevent failure. Assurance is the result of an examination whereas control produces the result. Quality assurance does not change the product, quality control does. “Quality control” is also the term used as the name of a department. In most cases Quality Control Departments perform inspection and test activities and the name derives from the authority that such departments have been given. They sort good products from bad products and authorize the release of the good products. It is also common to find that Quality Control Departments perform supplier control activities, which are called Supplier Quality Assurance or Vendor Control. In this respect they are authorized to release products from suppliers into the organization either from the supplier’s premises or on receipt in the organization. In recent times the inspection and test activities have been transferred into the production departments of organizations, sometimes retaining the labels and sometimes reverting to the inspection and test labels. Control of quality, or anything else for that matter, can be accomplished by the following steps:

  1. Determine what parameter is to be controlled.
  2. Establish its criticality and whether you need to control before, during, or after results are produced.
  3. Establish a specification for the parameter to be controlled which provides limits of acceptability and units of measure.
  4. Produce plans for control which specify the means by which the characteristics will be achieved and variation detected and removed.
  5. Organize resources to implement the plans for quality control.
  6. Install a sensor at an appropriate point in the process to sense variance from specification.
  7. Collect and transmit data to a place for analysis.
  8. Verify the results and diagnose the cause of variance.
  9. Propose remedies and decide on the action needed to restore the status quo.
  10. Take the agreed action and check that the variance has been corrected.

Quality improvement (Ql)

Quality improvement is the actions taken throughout the organization to increase the effectiveness of activities and processes to provide added benefits to both the organization and its customers. In simple terms, quality improvement is anything that causes a beneficial change in quality performance. There are two basic ways of bringing about improvement in quality performance. One is by better control and the other by raising standards. We don’t have suitable words to define these two concepts. Doing better what you already do is improvement but so is doing something new. Juran uses the term control for maintaining standards and the term breakthrough for achieving new standards. Imai uses the term improvement when change is gradual and innovation when it is radical. Hammer uses the term re-engineering for the radical changes. All beneficial change results in improvement, whether gradual or radical. Quality improvement (for better control) is about improving the rate at which an agreed standard is achieved. It is therefore a process for reducing the spread of variation so that all products meet agreed standards. The performance of products or processes may vary due to either random or assignable causes of variation. By investigating the symptoms of failure and determining the root cause, the assignable causes can be eliminated and the random causes reduced so that the performance of processes becomes predictable. A typical quality improvement of this type might be to reduce the spread of variation in a parameter so that the average value coincides with the nominal value (i.e. bring the parameter under control). Another example might be to reduce the defect rate from 1 in 100 to 1 in 1,000,000. Another might be simply to correct the weaknesses in the registered quality system so that it will pass reassessment.

Quality improvement (innovation), is about raising standards and setting a new level. New standards are created through a process that starts at a feasibility stage and progresses through research and development to result in a new standard, proven for repeatable applications. Such standards result from innovations in technology, marketing, and management. A typical quality improvement might be to redesign a range of products to increase the achieved reliability from 1 failure every 5,000 hours to 1 failure every 100,000 hours. Another example might be to improve the efficiency of the service organization so as to reduce the guaranteed call-out time from the specified 36 hours to 12 hours. The transition between where quality improvement stops and quality control begins is where the level has been set and the mechanisms are in place to keep quality on or above the set level. In simple terms, if quality improvement reduces quality costs from 25% of turnover to 10% of turnover, the objective of quality control is to prevent the quality costs rising above 10% of tumover.Improving quality by raising standards can be accomplished by the following steps:

  1. Determine the objective to be achieved, e.g. new markets, products, or technologies, or new levels of organizational efficiency or managerial effectiveness, new national standards or government legislation. These provide the reasons for needing change.
  2. Determine the policies needed for improvement, i.e. the broad guidelines to enable management to cause or stimulate the improvement.
  3. Conduct a feasibility study. This should discover whether accomplishment of the objective is feasible and propose several strategies or conceptual solutions for consideration. If feasible, approval to proceed should be secured.
  4. Produce plans for the improvement which specify the means by which the objective will be achieved.
  5. Organize the resources to implement the plan.
  6. Carry out research, analysis, and design to define a possible solution and credible alternatives.
  7. Model and develop the best solution and carry out tests to prove it fulfills the objective.
  8. Identify and overcome any resistance to the change in standards.
  9. Implement the change, i.e. put new products into production and new services into operation.
  10. Put in place the controls to hold the new level of performance.

This improvement process will require controls to keep improvement projects on course towards their objectives. The controls applied should be designed in the manner described previously.

Quality assurance (QA)

Quality assurance is all those planned and systematic actions necessary to provide adequate confidence that an entity will fulfill requirements for quality. Both customers and managers have a need for quality assurance as they are not in a position to oversee operations for themselves. They need to place trust in the producing operations, thus avoiding constant intervention. Customers and managers need:

  1. Knowledge of what is to be supplied. (This may be gained from the sales literature, contract, or agreement.)
  2. Knowledge of how the product or service is intended to be supplied. (This may be gained from the supplier’ s proposal or offer.)
  3. Knowledge that the declared intentions will satisfy customer requirements if met. (This may be gained from personal assessment or reliance on independent certifications.)
  4. Knowledge that the declared intentions are actually being followed. (This may be gained by personal assessment or reliance on independent audits.)
  5. Knowledge that the products and services meet your requirements. (This may be gained by personal assessment or reliance on independent audits.)

You can gain an assurance of quality by testing the product/service against prescribed standards to establish its capability to meet them. However, this only gives confidence in the specific product or service purchased and not in its continuity or consistency during subsequent supply. Another way is to assess the organization that supplies the products/services against prescribed standards to establish its capability to produce products of a certain standard. This approach may provide assurance of continuity and consistency of supply. Quality assurance activities do not control quality, they establish the extent to which quality will be, is being, or has been controlled. Quality control concerns the operational means to fulfill quality requirements, and quality assurance aims at providing confidence in this fulfillment both within the organization and externally to customers and authorities. All quality assurance activities are post-event activities and off-line and serve to build confidence in results, in claims, in predictions, etc. Quite often, the means to provide the assurance need to be built into the process, such as creating records, documenting plans, documenting specifications, reporting reviews, etc. Such documents and activities also serve to control quality as well as assure it  Assurance is not an action but a result. It results from obtaining reliable information that testifies the accuracy or validity of some event or product.  Quality Assurance Departments are often formed to provide both customer and management with confidence that quality will be, is being, and has been achieved. However, another way of looking upon Quality Assurance Departments is as Corporate Quality Control. Instead of measuring the quality of products, they are measuring the quality of the business and by doing so are able to assure management and customers of the quality of products and services. Assurance of quality can be gained by the following steps

  1. Acquire the documents that declare the organization’s plans for achieving quality.
  2. Produce a plan that defines how an assurance of quality will be obtained, i.e. a quality assurance plan.
  3. Organize the resources to implement the plans for quality assurance.
  4. Establish whether the organization’s proposed product or service possesses characteristics which will satisfy customer needs.
  5. Assess operations, products, and services of the organization and determine where and what the quality risks are.
  6. Establish whether the organization’s plans make adequate provision for the control, elimination, or reduction of the identified risks.
  7. Determine the extent to which the organization’s plans are being implemented and risks contained.
  8. Establish whether the product or service being supplied has the prescribed characteristics.

Your Donation can make a difference

We have chosen to make our Resources freely and openly available on the web with the hope that it touches the life of thousands of readers who visits us daily. We hope our blog has helped in enhancing the knowledge of our readers and added value to organization and their implementers. We would request you to make donation large and small, so as to provide us the resources needed to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of updating and enriching our site content. Your contribution will ensure that we can keep our blog  up-to-date and add more of the rich resources — such as video — that make a difference for so many worldwide.
Your donation will demonstrate your commitment to knowledge as a public good and is an important part of our overall sustainability plan. Your donation is also important in demonstrating to us how much you value the site and motivates us to devote more of our time towards developing this blog.

Your Feedback


ExcellentVery GoodGoodokPoor /Needs improvement

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: preteshbiswas@gmail.com  or call at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 Product safety

Product Safety  have gained significant importance within the global automotive industry during the last few years. The numbers of re-calls were 4-times as high in 2016 as they were in 2006. The impact of those re-calls to manufacturing companies is devastating. Newspapers regularly report about major re-calls in the automotive sector, in which even small product defects led to a global disaster. During a re-call companies not only have to face direct costs but also damages to the brand image. Furthermore, there are severe penal risks for acting negligent or on intentional purpose.  Observing the increased numbers of re-calls, one might think that products became a lot more unsafe in recent years. The actual cause can rather be found in the occurrence of more strict legal requirements, increasingly stricter authority- activities and the validity of different legal requirements in different countries. Accordingly, organizations have to follow more different and more strict external requirements, while at the same time authorities are way more active and globally interlinked than in the past. In parallel to this development, global automotive manufactures are urged to handle a constantly increasing degree of complexity. This is mainly caused by an increased variety of parts that are being produced and handled, the increasing amount and difficulties of internal and external interfaces in a global production network and the increased manufacturing complexity. Although organizations are facing this higher complexity and the stricter legal requirements, they still have to fulfill customer‘s expectations towards safety and quality. Customers do not accept a lack of quality and neither they would accept any unsafe products at any time, that’s why many companies are investing into marketing and marketing research to know exactly what the clients want, and some even will Buy instagram followers to have a bigger client database. A recent survey showed, that safety and quality are rated as the two most relevant factors for customers during their vehicle selection process in today’s time as well as in a 25-year forecast. Safety and quality represents a key to market success within the global automotive industry. Due to the severe risks of product liability and the high degree of complexity, organizations need to be aware of, which of their processes in the value creation chain have an impact on the safety of their products. With this knowledge, they are able to install appropriate measures that ensure the conformity of processes and products and thereby contribute to an improved Product safety and minimized liability risks.

Definition of product Safety

IATF defines Product Safety as ” standards relating to the design and manufacturing of products to ensure they do not represents harm or hazards to customers“. Product Safety represents a subset of quality. ISO 9000 defines Quality as the degree to which a set of inherent characteristics fulfills the requirements. The mentioned characteristics can thereby be considered as many different and numerous aspects. This includes for instance things like appearance or sustainability. Eventually, it is always the customer that judges about the quality of a product or service. The special thing with the quality-characteristic safety is that no customer would ever accept any compromises and therefore always expects its complete fulfillment. The Product safety can be termed as “Reliability in regard to safety relevant defects”. Resulting in the logic that safety relevant defects furthermore are considered as all defects that may result in a danger to humans participating in the traffic. Beside the organizational framework, the activities within the product creation process have a direct impact on the safety of the product.

Product safety is a term used to describe policies designed to protect people from risks associated with consumer products they buy and use every day. Product safety is the ability of a product to be safe for intended use, as determined when evaluated against a set of established rules.The legislation sets out clear test and documentary requirements that manufacturers and distributors must follow to demonstrate that their products meet defined safety criteria and are safe for intended use. Evidence that the prescribed legislation has been conformed with can be demanded by the enforcement authorities within strict time frames. All consumer products must be safe and meet consumer guarantees under the product safety laws. There should be some safety standards. These standards are designed to ensure the safety of products, activities or processes etc. The Indian consumer has the ‘right to be protected against marketing of goods and services which are hazardous to life and property’ (Consumer Protection Act 1986). There are many rules & regulations concerning consumer product safety in India. There are general like the Sale of Goods Act, 1930, Consumer Protection Act, 1986, Bureau of Indian Standards and Import Policy 2012 for safety of the consumer products. To implement the rules there are mechanism enforced by regulatory bodies. These mechanisms are operated through the Bureau of Indian Standards Act.

IATF 16949:2016 4.4.1.2 Product safety

It is required that the organization must have documented processes for the management of product-safety related products and manufacturing processes. The documented process must include if applicable identification by the organization of statutory and regulatory product-safety requirements. The documented process must include if applicable customer notification of requirements in identification of  statutory and regulatory product – safety requirements. The documented process must include if applicable special approvals for design FMEA. The documented process must include if applicable identification of product safely-related characteristics. The documented process must include if applicable identification and controls of safety-related characteristics of product and at the point of manufacture. The documented process must include if applicable special approval of control plans and process FMEAs. The documented process must include if applicable reaction plans. It must be defined responsibilities, definition of escalation process and flow of information, including top management, and customer notification. The documented process must include training identified by the organization or customer lor personnel involved in product—safety related products and associated manufacturing processes. The documented process must include changes of product or process shall be approved prior to implementation including evaluation of potential effects on product safety from process and product changes. The documented process must include transfer of requirements with regard to product safety throughout the supply chain, including customer designated sources. It must included product traceability by manufactured lot (at a minimum) throughout the supply chain. It must also include The documented process must include if applicable lessons learned for new product introduction.
NOTE: Special approval is an additional approval by the function (typically the customer) that is responsible to approve such documents with safety—related content.

Explanation:

The new clause titled Product Safety requires a documented process for the management of product safety. This clause defines 13 normative elements that must be included in the documented product safety process. These 13 requirements include identification of product safety characteristics, inclusion of safety characteristics with approvals in design and process FMEAs, control of safety characteristics at the point of manufacturer with documentation in control plans with specific reaction plans, and defined responsibilities for product safety management including the definition of an escalation process and flow of information, including top management, and customer notification. Additionally, those personnel involved in product safety related processes will have specific training. The new standard also requires identification and review of safety targets as part of the product design inputs. Work instructions are required to include rules for operator safety. Product identification and traceability has been expanded to ensure clear start and stop points for the product received by the customer or in the field that may contain quality and/or safety related nonconformities with the same requirements extended to externally provided products with safety/regulatory characteristics. The IATF stated this requirement was strengthened to support industry lessons learned related to field issues. Control of reworked product is a new requirement in the rev 2016 standard. Within this new clause, the organization is required to obtain approval from the customer prior to commencing rework of any the safety and regulatory characteristics related to the product. Disposition of Nonconforming product is another scope expansion of the new standard requiring product not meeting safety and regulatory requirements to be scrapped and rendered unusable prior to disposal. Lastly, the management review inputs are required to include a review of actual field failures and their impact on safety or the environment. The justification given by the IATF for expansion of these requirements was to address current and emerging issues the automotive industry is facing related to product and process safety.  While some of these changes are incorporating present customer specific requirements, others are clearly intended to drive increased awareness of safety related issues throughout the automotive supply chain. The following 13 elements need to be included in the documented product safety process:

  • Statutory and regulatory requirements for product safety – the organization needs to identify all legal and other requirements related to product safety. This can include the methods of identification and review of this information.
  • Customer requirements regarding product safety – usually, this information is clearly stated by the customer, but there are always some requirements that are implied and are part of the Statutory and regulatory requirements for the product safety.
  • Safety-related characteristics of the product – considering the lifecycle of the product and how it is used, the organization needs to identify those characteristics that are relevant for product safety.
  • Product safety-related controls at the point of manufacture – the organization needs to establish appropriate process controls to ensure that the product meets safety requirements.
  • Special approval of process FMEA and control plans – special approval is additional approval by the function (usually the customer) that is responsible for approving such documents with safety-related content.
  • Reaction plans – these usually include containment of the product and 100% inspection if necessary.
  • Responsibilities, including the escalation plan and flow of information to the top management and the customer.
  • Training for the personnel involved in the product safety and manufacturing process (training requirements can come from the organization itself or from the customer).
  • Approval of the changes in the product or process, including evaluation of the effects of the changes on the product safety.
  • Transfer of the product safety requirements throughout the supply chain, including customer-designated sources.
  • The new standard also requires identification and review of safety targets as part of the product design inputs.
  • Product identification and traceability have been expanded to ensure clear start and stop points for the product received by the customer, or in the field, that may contain quality- and/or safety-related nonconformities, with the same requirements extended to externally provided products with safety/regulatory characteristics. The IATF stated that this requirement was strengthened to support industry lessons learned related to field issues.
  • Control of reworked product is a new requirement in the 2016 revision of the standard. Within this new clause, the organization is required to obtain approval from the customer prior to commencing rework of any the safety and regulatory characteristics related to the product.
  • Disposition of nonconforming product is another scope expansion of the new standard, requiring product not meeting safety and regulatory requirements to be scrapped and rendered unusable prior to disposal.
  • Lastly, the management review inputs are required to include a review of actual field failures and their impact on safety or the environment.

Ten Principles of Safety Management

  1. Establish and observe a written corporate safety policy.
  2. Create an independent safety review process.
  3. Identify and evaluate the severity and foreseeability of product hazards.
  4. Conduct a design review assessing the risk of injury by considering the hazards, the environment, and foreseeable use.
  5. First attempt to eliminate hazards. If not possible, then reduce the opportunity for injury by guarding against the hazards.
  6. Warn users of product dangers and motivate them to avoid injury.
  7. Promote only the safe use of a product.
  8. Maintain safety-related records during the useful life of the product.
  9. Continuously monitor safety performance of the product in the hands of users.
  10. Promptly notify product users and institute recall procedures where necessary to substantially reduce or eliminate injury.

1. Establish and observe a written corporate safety policy.

A written corporate safety policy is the ultimate responsibility of top management. The document is designed to detail executive commitment, both statutory and voluntary, to the concept of system safety; a before-the-fact management system designed to insure the production and distribution of reasonably safe products. Oral direction such as “safety is everyone’s responsibility” provides inadequate instructions to the organization. The policy must describe management commitment to clear identification of the responsible corporate units for the tasks of hazard identification, risk assessment and injury control. The primary goal of a written safety policy is the creation of a management system to substantially reduce of eliminate injury to consumers.

2. Create an independent safety review process.

The independence of the safety function within the management structure is crucial to successful analysis of potential product dangers. Corporate Safety director is an advisory role, with authority to interact with technical functions such as product design, engineering, human factors, communications and legal. The safety manager must be able to order safety-related analyses by the various technical divisions and have the authority to integrate the results for presentation directly to top management for decisions on injury control. It is critical that the safety management office be independent of production and distribution. Giving a production manager primary responsibility for safety will divide his or her loyalties and compromise injury control before management review. The safety director often will preside over a safety review board is compromised of members from the technical divisions.

3. Identify and evaluate the severity and foreseeability of product hazards.

A hazard is the inherent capability of a product to do harm. It is most often the result of an energy transfer or release, with such transfer creating impact to the product user. Appropriate analysis must include a focus on whether the hazard is latent to the user while foreseeable to the producer and the impact on certain vulnerable population groups. The vast majority of car drivers  do not understand that Petrol and LPG leakage can create dangerous conditions when the safety valve fails to operate. A little spark can create a catastrophic explosion. Children cannot recognize strangulation hazards in and around Safety belts. Manufacturers and distributors must proceed with extra caution where the hazard is not immediately apparent to the user.

4. Conduct a design review assessing the risk of injury by considering the hazards, the environment, and foreseeable use.

A risk of injury is the opportunity for a specific set of conditions to create harm: Under what circumstances can the user be injured? An examination of the identified hazards, the environment in which it is intended to be used and foreseeable use and misuse of the product by the user population must be considered. An all terrain vehicle, or ATV, can be an inherently unstable 300-pound machine that can throw a rider. Crushing injuries can occur in addition to the impact by overturning. ATVs are intended to be used in uncontrolled, wilderness environments, such as mountainous paths, sand dunes and over obstacles. By creating a recreational, sometimes uninhibited setting, ATV riders can foreseeable use the product by going fast, racing with friends, or even by partaking in alcoholic beverages. While not always appropriate behavior to a safety analyst, it is foreseeable that these situations will occur and must be considered to effect reasonable safeguards to prevent injury.

5. First attempt to eliminate hazards. If not possible, then reduce the opportunity for injury by guarding against the hazards.

By eliminating a specific hazard, certain injury cannot occur. Some automotive workshops have pits to enable work to be done. The vehicle is driven over the pit, and the mechanic works from beneath. Because carbon monoxide (from the vehicle exhaust) is heavier than air, the fumes may build up in the ‘confined space’ under the vehicle. These fumes need not be only from the vehicle being worked on: if other engines are running nearby, there is still a significant risk of exhaust emissions collecting in the pit. Using a hoist eliminates the danger. But in other cases this is often not possible. Gasoline creates toxic and explosive fumes. It is not possible to eliminate them without destroying its usefulness. Gasoline can however, be stored in an appropriate canister to prevent the fumes from leaking into a water heater closet in the garage causing an explosion and severe burn injuries. A power mower employs a steel blade rotating at over 200 mph, but lawn mowers can incorporate devices to shut down the blade when the operator releases the controls and can shield user access to the rotating blades.

6. Warn users of product dangers and motivate them to avoid injury.

In addition to elimination of hazards, product warnings and instructions must assist the user to avoid dangers, including those that remain after thorough attempts to eliminate or guard. An explicit warning including a signal word, statement of the hazard, appropriate behavior and a description of the consequences of the danger are required. A pictogram illustrating the consequences is often needed to communicate the danger, especially to those who cannot read the words. This communication of the consequences is particularly important in motivating the user to avoid the danger.

7. Promote only the safe use of a product.

Advertising and product promotion sometimes subtly and deceptively promote consumer misuse. Motorcycles promoting speeds up to 150 mph certainly encourage users to go fast, if not to the limit.  In the early years of sales, ATVs were advertised as safe, family fun. Print advertisements said the ATVs could traverse “an astonishing array of terrain”, over “rocks, boulders and fallen logs” and “where some animals can’t go.” Small, instantly removed disclaimers are insufficient to warn users of the dangers of actions depicted in advertisements. Positive statements providing safe use instructions with sufficient frequency to influence behavior is necessary to reinforce safe activity.

8. Maintain safety-related records during the useful life of the product.

An effective product safety system requires records in sufficient detail to allow for timely detection of safety hazards and trends, and for tracing product defects in assembly, components and overall design. Records necessary to provide sufficient data for management decisions include safety-related product changes, test results, consumer complaints, product liability lawsuits, location of products within the distribution chain, government injury data, and engineering reports. An integral part of the corporate safety policy is establishment of a system of records and a directive concerning retention of those documents. A document destruction policy of three years concerning a product with a useful life of seven years deprives the organization for the opportunity to protect product users from danger.

9. Continuously monitor the safety performance of the product in the hands of users.

Once a manufacturer/distributor has concluded that a product is reasonably safe based on pre-production review and analysis, the product is ready for distribution to users. Feedback from product users is critical to determining whether subsequent corrective action is necessary.  A major producer of  valves distributed approximately 15,000 valves to OEM manufacturers. Reports from the field indicated the seals were not properly chlorinated, thus allowing the gasket to tear and leak gas. The company notified the Consumer Product Safety Commission under section 15(b) that the product possibly “contained a defect which could create a substantial product hazard”. An appropriate corrective action plan including the recall of the valve and notification to consumers was taken to protect consumers from the dangers of gas explosions.

10. Promptly notify product users and institute recall procedures where necessary to substantially reduce or eliminate injury.

Upon discovery of a product hazard after distribution to the public, immediate notification of the danger and quick steps to protect users from injury are critical. Time is of the essence. Knowledgeable product users can help reduce both injuries and claims. Efficient recall procedures can remove hazardous products from the stream of commerce. A few years ago, a combination of manufacturing flaws turned Toyota’s fleet of vehicles into automotive runaways. In some cases, the floor mats became lodged under the accelerator, jamming it down. In others the gas pedal would simply stick. After more than 60 cases of runaway vehicles were reported, 30 of which resulted in at least one death, Toyota went into crisis mode and issued two separate recalls in 2009 and 2010 to “reconfigure” the accelerator setup. Company officials have estimated the cost of the blunder will top $5 billion after all is said and done, making it the costliest recall ever recorded.

Basic elements of  Product Safety 

Product safety  involves the application of the principles of Safety Management to the design and marketing of products. Basic elements of product safety programming are designed to identify and evaluate potential product hazards for systematic control using the techniques of safety management . A Product Safety program must include a clear, explicit, and documented statement of product safety policy. It must include a clear, explicit, and documented assignment of individual responsibility for the conduct of product safety activity. It must also include clear, explicit, and documented product safety program plan outlining the specific steps, procedures, and techniques to be followed on conducting product safety activity during the product design and marketing processes to achieve product safety goals. As a starting point, a documented search for authoritative literature and relevant standards relating to a potential safety concerns associated with the product to be designed or marketed. The conduct of explicit and documented activity giving attention to the systematic discovery or identification of reasonably anticipated potential product or system hazards, followed by an evaluation of those hazards in terms of associated risk factors (likely loss event probability and severity). The documented use of the core concepts and principles of safety management and safety engineering, and the cardinal rules of hazard control, to reasonably eliminate or minimize unacceptable product hazards (though, in order of preference and effectiveness, use of design, safeguarding, or warning means). Product safety programs should appropriately include the following:

  1. Corporate Safety Policies
    Safety Product policy is a widely publicized explicit formal statement, as a matter of record, regarding top management’s commitment to state-of-the-art
    product safety and the preeminent importance of product safety during product (system) design, production, and distribution. To establish a policy the organization must:

    • Develop a mission statement to prevent unreasonable risks of injury, signed by the CEO and distributed to all employees.
    • Use all technically feasible and economically practical safety measures to substantially reduce or eliminate injuries, and to meet or exceed all applicable safety standards.
    • Create a multi-disciplinary Safety Review Committee to audit product safety policies and to consider product hazards, the environment of use and foreseeable consumer behavior.
    • Collect and maintain safety related data throughout the product life cycle including technical documents, injury data, complaints/returns, product liability litigation, government analyses and other information concerning the risks of injury.
  2. Product Hazards
    • Review the inherent capability of the product to create harm through a transfer of mechanical, thermal, electrical, chemical, biological or radiation energy.
    • Evaluate injury potential and severity.
    • Study intended and foreseeable product use in concert with operator capabilities based on demographics, anthropometric, educational level, and physical capacity.
  3. Foreseeable Use
    • Investigate how injuries occur by reviewing historical data, manuals and instructions, professional journals and electronic databases.
    • Review government injury databases
    • Analyze internal corporate safety data on product use including customer complaints, warranty returns, toll free lines, internal intuitive brainstorming sessions, focus groups, surveys, behavioral testing, and computer models.
  4. Risk Factors
    • Environment of use including weather, family/peers, job stress, location, ambient conditions, terrain, noise, temperature.
    • Promotion – Marketing, advertising, distribution, public relations, word of mouth, packaging, product form and shape, point of purchase materials.
    • Vulnerable population groups such as children, seniors and the disabled, concerning products that exceed the physical or cognitive capabilities of operators.
    • Hazard perception of the user includes severity of the injury, likelihood or frequency of injury, magnitude of the danger, and prior experience such as familiarity with product operations, lack of prior injury, overconfidence and first impression of hazards and risks.
    • Benefit or value of unintended use including time savings, ease of operation, overcoming poor performance and peer group acceptance.
  5. Safety Measures
    • Eliminate the hazard to remove the inherent capability to do harm, or if not possible, place a physical barrier, guard or interlock between the product hazard and the user.
    • Warn the user of the danger and motivate them to avoid injury using signal words, hazard, pictorial, instructions, and statements of consequences.
    • Promote safety education including safety alerts, injury data, training, owner’s manuals, point of purchase displays.
  6. Corrective Action
    • Analysts must monitor the safety performance of products by systematic collection of injury data and other consumer use.
    • When an unreasonable risk is identified, modify future production and initiate a recall applying appropriate safety measures to repair, replace, or repurchase the defective or non-complying products.
    • Public notice includes direct mail, service bulletins, public media, paid advertising, dealer notice, point of sale posters.
    • Government requirements , Defect Notification for Motor Vehicles and Equipment such as child safety seats, and Market Withdrawal and Recall Policies .

Establishing framework for product safety

The risks for organizations and individuals that origin from PS are enormous. For example Product liability payments is one the  most severe management failures that occur because of not handling PS appropriately. Due to the inherent risks of product liability, the application of Reliable Management seems to be a necessary tool. Reliability Management can be defined as taking adequate measures to protect people, environment and assets from harmful consequences. Reliable management can be considered as the decisive aspect to actually focus on the essential tasks. Consequently, organizations have the responsibilities to allocate their resources according to where they are most required and where most of the risks can potentially be reduced. There is not a way to eliminate risks, but therefore they need to be managed. The the organizations needs to know, which are their individual and relevant process that have an impact on Product Safety. If organizations have identified them, it will allow them to allocate their available resources according to the importance of the process. This again enhances the chances that tasks are fulfilled according to their requirements.

Laws and regulations can have specific impacts on  products and processes. Within Product Safety they do play a significant role. The legal requirements have their origin from product liability. Product Safety can be considered as the tool, which tries converts legal requirements from product liability into safe products. The organizations have two main tasks for Product Safety in order to fulfill the legal requirements. Firstly, the creation of safety by the technology. This implies the technical development of a safe product (eg reliability engineering, testing, etc.). Secondly, the creation of safety by an organization that is capable of creating safety (e.g. clear responsibilities, communication, etc.). This needs to be supplemented with  creation of a verification data, which allows proving the conformity of manufactured products. This became, due to the increasing numbers of lawsuits, a lot more important. The legal situation states, that manufacturer are in the role to prove the product was safe at the time it was launched into the Market. Therefore, these verification records are of crucial character and can actually be decisive for the result of lawsuits. To engineers,legal requirements often seem to be described in a rather general and vague language. In order to fulfill requirements from the law legal requirements can be converted into specific working instructions. Practitioners, which in most cases do not have legal backgrounds, do require legal certainty. They need to know, what their duties are and how they can fulfill these. Therefore, specific working instructions can be created  for all the process that impact the product safety.

Method of identifying the processes that are relevant for Product Safety

  1. Create a preliminary list of potentially relevant processes for Product Safety
    The first step involves the investigation of which process could possibly have an impact on PS. Therefore, interviews and comprehensive literature reviews regarding the areas product-creation-process, reliability engineering and enterprise models are of specific importance. All identified tasks and processes are thereby allocated to the departments that will hold responsibility for process ownership.
  2. Discuss preliminary Product Safety process with practitioners and experts from your organization
    During the second step, the preliminary Product Safety process are discussed with experts from the respective departments. A workshop with at least three members from preferably different plants is considered as an important instrument to hold this discussion. This has the advantage that the proposed actions are discussed from different angles and different historical backgrounds. The active involvement of future applicants in the identification process is considered as a crucial step. People are more likely to accept developments and changes, once they contributed to them. After workshops with all departments have been held, one more workshop with the focus on cross-divisional topics and interfaces between departments is advisable. Eventually, the necessity of this task has to be decided individually.
  3. Group and create a short description of all considered Processes
    Within this step, all discussed processes are grouped and consolidated. Next, a short description of each of the processes task with its purpose and goal is being created in order to avoid misunderstandings, when talking about those processes. The thereby existing list can be called ‘Preliminary Processes’.
  4. Apply the Product Safety Filter
    The filter distinguishes those activities that actually have a proven impact on Product Safety from those that only seem to be relevant. Eventually, only established process safety processes  are qualified for a special treatment, which should ensure that they are conducted in the best possible way. The special treatment means that additional resources or a special treatment are involved. Therefore, it is important that organization identify the correct processes and treat only those with special care. In order to identify the process that have impact on PS, a set of criteria have been developed. These criteria are derived from the overall goal, which is minimizing product liability risks. This goal is supported if at least one of the following two criteria applies: A special treatment of a task leads to either an improvement of the safety of a product or the minimization of liability risks. Since these two criteria are terms with a wide meaning and purpose, they need to be elaborated in order to ensure the correct filtration.

Your Donation can make a difference

We have chosen to make our Resources freely and openly available on the web with the hope that it touches the life of thousands of readers who visits us daily. We hope our blog has helped in enhancing the knowledge of our readers and added value to organization and their implementers. We would request you to make donation large and small, so as to provide us the resources needed to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of updating and enriching our site content. Your contribution will ensure that we can keep our blog  up-to-date and add more of the rich resources — such as video — that make a difference for so many worldwide.
Your donation will demonstrate your commitment to knowledge as a public good and is an important part of our overall sustainability plan. Your donation is also important in demonstrating to us how much you value the site and motivates us to devote more of our time towards developing this blog.

Your Feedback


ExcellentVery GoodGoodokPoor /Needs improvement

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: preteshbiswas@gmail.com  or call at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 GAP ANALYSIS TOOLS

IATF 16949:2016 GAP ANALYSIS TOOLS

 The following checklist can be used for both internal audit as well as  a Gap Analysis tools.The checklist given below has the requirements as given in standard IATF 16949:2016 and has to be used along with the requirements as given in Standard ISO 9001:2015. Please click here for ISO 9001:2015 GAP Analysis Tools
Gap analysis

 

IATF 16949:2016 Checklist
Clause 4  Context of the organization
4.3 – Determining the Scope of the Quality Management System
4.3.1 – Determining the Scope of the Quality Management System-Supplemental
1 Are supporting functions, whether on-site or remote (such as design centres, corporate headquarters, and distribution centres), included in the scope of the Quality Management System (QMS)?
2 Have you taken the only permitted exclusion for this Automotive QMS Standard relates to the product design and development requirements within ISO 9001, Section 8.3 (Design and development of product and services)? Is the exclusion justified and maintained as documented information? Please note Permitted exclusions do not include manufacturing process design
4.3.2 Customer – Specific Requirements
1 Are customer – specific requirements evaluated and included in the scope of the organization’s quality management system?
4.4 – Quality Management System and its Processes
4.4.1.1 – Conformance of Products and Processes
1 Has the organization ensured conformance of all products and processes, including service parts and those that are outsourced, to all applicable customer, statutory, and regulatory requirements?
4.4.1.2 – Product Safety
1 Does the organization have documented processes for the management of product-safety related products and manufacturing processes?
2 Does the organization have documented processes for identification of  statutory and regulatory product – safety requirements?
3 Does the organization have documented processes for customer notification of requirements in identification of  statutory and regulatory product – safety requirements?
4 Does the organization have documented processes for special approvals for design FMEA?

Note : Special approval is an additional approval by the function (typically the customer) that is responsible to approve such documents with safety – related content.

5 Does the organization have documented processes for identification of product safety – related characteristics?
6 Does the organization have documented processes for identification and controls of safety – related characteristics of product and at the point of manufacture?
7 Does the organization have documented processes for  special approval of control plans and process FMEAs?
8 Does the organization have documented processes for  reaction plans?
9 Does the organization have documented processes for  defined responsibilities, definition of escalation process and flow of information, including top management, and customer notification?
10 Does the organization have documented processes for training identified by the organization or customer for personnel involved in product – safety related products and associated manufacturing processes?
11 Does the organization have documented processes for changes of product or process shall be approved prior to implementation, including evaluation of potential effects on product safety from process and product changes?
12 Does the organization have documented processes for  transfer of requirements with regard to product safety throughout the supply chain, including customer – designated sources?
13 Does the organization have documented processes for product traceability by manufactured lot (at a minimum) throughout the supply chain?
14 Does the organization have documented processes for lessons learned for new product introduction?
Clause 5 Leadership
Clause 5.1 Leadership and Commitments
Clause 5.1.1 General
5.1.1.1 Leadership and Commitment – Corporate Responsibility
1 Has the organization defined and implemented corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation policy (“whistle – blowing policy”)?
5.1.1.2 Process Effectiveness and Efficiency
1 Has top management reviewed the product realization processes and support processes to evaluate and improve their effectiveness and efficiency? Are the results of the process review activities included as input to the management review?
5.1.1.3 Process owners
1 Has top management identified process owners who are responsible for managing the organization’s processes and related outputs?
2 Do process owners understand their roles and are they competent to perform those roles?
5.3 Organizational Roles, Responsibilities, and Authorities
5.3.1 Organizational Roles, Responsibilities, and Authorities – Supplemental
1 Has top management assigned personnel with the responsibility and authority to ensure that customer requirements are met?  
2 Have these assignments been documented?  
3 Does this includes but is not limited to the selection of special characteristics, setting quality objectives and related training, corrective and preventive actions, product design and development, capacity analysis, logistics information, customer scorecards, and customer portals?  
5.3.2 Responsibility and Authority for Product Requirements and Corrective Actions
 1 Has top management ensured that personnel responsible for conformity to product requirements have the authority to stop shipment and stop production to correct quality problems?
 2 In case it is not possible to stop production immediately, has top management ensured that the affected batch is contained and shipment to the customer prevented?
 3 Has top management ensured that personnel with authority and responsibility for corrective action are promptly informed of products or processes that do not conform to requirements to ensure that nonconforming product is not shipped to the customer and that all potential nonconforming product is identified and contained?
 4 Has top management ensured that  production operations across all shifts are staffed with personnel in charge of, or delegated responsibility for, ensuring conformity to product requirements?
6 Planning
6.1 Action to address risks and opportunities
6.1.2.1 Risk Analysis
1 Has the organization included in its risk analysis, at a minimum, lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework?  
2 Has the organization retained documented information as evidence of the results of risk analysis??  
6.1.2.2 Preventive Actions
1 Has the organization determined and implemented action(s) to eliminate the causes of potential nonconformities in order to prevent their occurrence?  
2 Are preventive actions appropriate to the severity of the potential issues?  
3 Has the organization established a process to lessen the impact of negative effects of risk?  
4 Has the organization established a process to  determining potential nonconformities and their causes?  
5 Has the organization established a process to evaluating the need for action to prevent occurrence of nonconformities?  
6 Has the organization established a process to determining and implementing action needed?  
7 Has the organization established a process to documented information of action taken?  
8 Has the organization established a process to  reviewing the effectiveness of the preventive action taken?  
9 Has the organization established a process to  utilizing lessons learned to prevent recurrence in similar processes?  
6.1.2.3 Contingency Plans
1 Has the organization  identified and evaluated internal and external risks to all manufacturing processes and infrastructure equipment essential to maintain production output and to ensure that customer requirements are met?  
2 Has the organization defined contingency plans according to risk and impact to the customer?  
3 Has the organization prepared contingency plans for continuity of supply in the event of  key equipment failures, interruption from externally provided products, processes, and services, recurring natural disasters, fire, utility interruptions, labor shortages or infrastructure disruptions?  
4 Has the organization  included, as a supplement to the contingency plans, a notification process to the customer and other interested parties for the extent and duration of any situation impacting customer operations?  
5 Has the organization periodically tested the contingency plans for effectiveness (e.g. simulations, as appropriate) ?  
6 Has the organization conducted contingency plan reviews at a minimum annually using a multidisciplinary team including top management, and updated as required?  
7 Has the organization documented the contingency plans and retained documented information describing any revisions, including the person who authorized the change?  
8 Do the contingency plans include provisions to validate that the manufactured product continues to meet customer specifications after the re-start of production following an emergency in which production was stopped and if the regular shutdown processes were not followed?  
6.2 Quality Objectives and Planning to Achieve Them
6.2.2.1 Quality Objectives and Planning to Achieve Them – Supplemental
1 Has top management ensured that quality objectives to meet customer requirements are defined, established, and maintained for relevant functions, processes, and levels throughout the organization?  
2 Are the results of the organization’s review regarding interested parties and their relevant requirements considered when the organization establishes its annual (at a minimum) quality objectives and related performance targets (internal and external)?  
7 Support
7.1 Resources
7.1.3 Infrastructure
7.1.3.1 Plant, Facility, and Equipment Planning
1 Has the organization used a multidisciplinary approach including risk identification and risk mitigation methods for developing and improving plant, facility, and equipment plans?  
2 In designing plant layouts has the organization optimized material flow, material handling, and value-added use of floor space including control of nonconforming product?  
3 In designing plant layouts  facilitated synchronous material flow?  
4 Are methods developed and implemented to evaluate manufacturing feasibility for new product or new operations?  
5 Do manufacturing feasibility assessments include capacity planning?  
6 Are these methods also applicable for evaluating proposed changes to existing operations?  
7 Has the organization maintained process effectiveness, including periodic re-evaluation relative to risk, to incorporate any changes made during process approval, control plan maintenance , and verification of job set-ups ?  
8 Are assessments of manufacturing feasibility and evaluation of capacity planning inputs to management reviews?  
9 As applicable does these requirements should include the application of lean manufacturing principles and apply to on-site supplier activities?  
7.1.4 Environment for the Operation of Processes
7.1.4.1 Environment for the Operation of Processes – Supplemental
1 Has the organization maintained its premises in a state of order, cleanliness, and repair that is consistent with the product and manufacturing process needs?  
7.1.5 Monitoring and measuring resources
7.1.5.1 General
7.1.5.1.1 Measurement Systems Analysis
1 Have statistical studies been conducted to analyse the variation present in the results of each type of inspection, measurement, and test equipment system identified in the control plan?  
2 Do the analytical methods and acceptance criteria used conform to those in reference manuals on measurement systems analysis? Other analytical methods and acceptance criteria may be used if approved by the customer.  
3 Are records of customer acceptance of alternative methods retained along with results from alternative measurement systems analysis?  
4  Is prioritization of MSA studies focused on critical or special product or process characteristics?  
7.1.5.2 Measurement traceability
7.1.5.2.1 Calibration / Verification Records
1 Does the organization have a documented process for managing calibration / verification records?  
2 Are records of the calibration / verification activity for all gauges and measuring and test equipment (including employee – owned equipment relevant for measuring, customer-owned equipment, or on-site supplier-owned equipment) needed to provide evidence of conformity to internal requirements, legislative and regulatory requirements, and customer -defined requirements retained?  
3 Has the organization ensured that calibration / verification activities and records include  revisions following engineering changes that impact measurement systems?  
4 Has the organization ensured that calibration / verification activities and records include any out-of-specification readings as received for calibration / verification?  
5 Has the organization ensured that calibration / verification activities and records include an assessment of the risk of the intended use of the product caused by the out-of-specification condition?  
6 Has the organization ensured that when a piece of inspection measurement and test equipment is found to be out of calibration or defective during its planned verification or calibration or during its use, documented information on the validity of previous measurement results obtained with this piece of inspection measurement and test equipment is retained, including the associated standard’s last calibration date and the next due date on the calibration report?  
7 Has the organization ensured that notification is sent to the customer if suspect product or material has been shipped?  
8 Has the organization ensured that calibration / verification activities and records include statements of conformity to specification after calibration / verification?  
9 Has the organization ensured that calibration / verification activities and records include verification that the software version used for product and process controls is as specified?  
10 Has the organization ensured that calibration / verification activities and records include  records of the calibration and maintenance activities for all gauging including employee-owned equipment, customer-owned equipment, or on-site supplier-owned equipment?  
11 Has the organization ensured that calibration / verification activities and records include production-related software verification used for product and process control including software installed on employee-owned equipment, customer-owned equipment, or on-site supplier-owned equipment?  
7.1.5.3.1 Laboratory Requirements: Internal Laboratory
1 Does the organization’s internal laboratory facility have a defined scope that includes its capability to perform the required inspection, test, or calibration services?  
2 Is this laboratory scope included in the quality management system documentation?  
3 Has the laboratory specified and implemented requirements for adequacy of the laboratory technical  procedures?  
4 Has the laboratory specified and implemented requirements for competency of the laboratory personnel?  
5 Has the laboratory specified and implemented requirements for  testing of the product?  
6 Does the laboratory have the capability to perform these services correctly, traceable to the relevant process standard such as ASTM, EN, etc.?  
7 When no national or international standard(s) is available, has the organization defined and implemented a methodology to verify measurement system capability?  
8 Has the laboratory specified and implemented requirements for customer requirements?  
9 Has the laboratory specified and implemented requirements for  review of the related records?  
10 Does the Laboratory have a third-party accreditation to ISO / IEC 17025 (or equivalent)  to demonstrate the organization’s in-house laboratory conformity to the above mentioned requirements?  
7.1.5.3.2 Laboratory Requirements: External Laboratory
1 Do external/ commercial/ independent laboratory facilities used for inspection, test, or calibration services by the organization have a defined laboratory scope that includes the capability to perform the required inspection, test, or calibration?  
2 Is the external laboratory accredited to ISO / IEC 17025 or national equivalent and includes the relevant inspection, test, or calibration service in the scope of the accreditation (certificate) where  the certificate of calibration or test report includes the mark of a national accreditation body; or  there is evidence that the external laboratory is acceptable to the customer?  
NOTE: Such evidence may be demonstrated by customer assessment, for example, or by customer-approved second-party assessment that the laboratory meets the intent of ISO/IEC 17025 or national equivalent. The second-party assessment may be performed by the organization assessing the laboratory using a customer-approved method of assessment. Calibration services mayb be performed by the equipment manufacturer when a qualified laboratory is not available for a given piece of equipment. In such cases, the organization shall ensure that the requirements listed in Section 7.1.5.3.1 have been met. Use of calibration services, other than by qualified (or customer accepted) laboratories, may be subject to government regulatory confirmation, if required.
7.2 Competence
7.2.1 Competence – Supplemental
1 Has the organization established and maintained a documented process for identifying training needs including awareness and achieving competence of all personnel performing activities affecting conformity to product and process requirements?  
2 Are personnel performing specific assigned tasks qualified, as required, with particular attention to the satisfaction of customer requirements?  
7.2.2 Competence – On-The-Job Training
1 Does the organization provide on-the-job training, which includes customer requirements training, for personnel in any new or modified responsibilities affecting conformity to quality requirements, internal requirements, regulatory or legislative requirements?  
2 Does this includes contract or agency personnel?  
3 Is the level of detail required for on-the-job training commensurate with the level of education the personnel possess and the complexity of the task they are required to perform for their daily work?  
4 Are persons whose work can affect quality informed about the consequences of nonconformity to customer requirements?  
7.2.3 Internal Auditor Competency
 
1
Does the organization have a documented process to verify that internal auditors are competent, taking into account any customer-specific requirements?  
 
2
Does the organization maintain a list of qualified internal auditors?  
 
3
Are quality management system auditors, manufacturing process auditors, and product auditors all able to demonstrate the  understanding of the automotive process approach for auditing, including risk-based thinking?  
 
4
Are the auditors able to demonstrate the  understanding of applicable customer-specific requirements?  
 
5
Are the  auditors able to demonstrate the  understanding of applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit?  
 
6
Are the  auditors able to demonstrate the understanding of applicable core tool requirements related to the scope of the audit?  
 
7
Are the  auditors able to demonstrate the   understanding how to plan, conduct, report, and close out audit findings?  
 
8
Do manufacturing process auditors demonstrate technical understanding of the relevant manufacturing process to be audited, including process risk analysis such as PFMEA and control plan?  
 
9
Do product auditors demonstrate competence in understanding product requirements and use of relevant measuring and test equipment to verify product conformity?  
 
10
Where training is provided to achieve competency, is documented information retained to demonstrate the trainer’s competency with the above requirements?  
 
11
Is maintenance of and improvement in internal auditor competence demonstrated through executing a minimum number of audits per year, as defined by the organization?  
 
12
Is maintenance of and improvement in internal auditor competence demonstrated through maintaining knowledge of relevant requirements based on internal changes (e.g. process technology, product technology) and external changes (e.g. ISO 9001, IATF 16949, core tools, and customer specific requirements)?  
7.2.4 Second-Party Auditor Competency
 
1
Does the organization demonstrate the competence of the auditors undertaking the second-party audits?  
 
2
Do second-party auditors meet customer specific requirements for auditor qualification and demonstrate the understanding of the automotive process approach to auditing, including risk based thinking?  
 
3
Do second-party auditors demonstrate the understanding of applicable customer and organization specific requirements?  
 
4
Do second-party auditors demonstrate the understanding of applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit?  
 
5
Do second-party auditors demonstrate the understanding of applicable manufacturing process to be audited, including PFMEA and control plan?  
 
6
Do second-party auditors demonstrate the understanding of applicable core tool requirements related to the scope of the audit?  
 
7
Do second-party auditors demonstrate the understanding of how to plan, conduct, prepare audit reports, and close out audit findings?  
7.3 Awareness
7.3.1 Awareness – Supplemental
 
1
Does the organization maintain documented information that demonstrates that all employees are aware of their impact on product quality and the importance of the activities in achieving, maintaining, and improving quality, including customer requirements and the risks involved for the customer with non-conforming product?  
7.3.2 Awareness – Employee Motivation and Empowerment
1 Does the organization maintain a documented process to motivate employees to achieve quality objectives, to make continual improvements, and to create an environment that promotes innovation?  
2 Does the process include the promotion of quality and technological awareness throughout the whole organization?  
7.5 Documented Information
7.5.1 General
7.5.1.1 Documented Information: Quality Management System Documentation
1 Is the organization’s quality management system documented and includes a quality manual, which can be a series of documents (electronic or hard copy)?  
2 Is the format and structure of the quality manual at the discretion of the organization and does it depend on the organization’s size, culture, and complexity?  
3 If a series of documents is used, is a list retained of the documents that comprise the quality manual for the organization?  
4 Does the quality manual include the scope of the quality management system, including details of and justification for any exclusions?  
5 Does the quality manual include documented processes established for the quality management system, or reference to them?  
6 Does the quality manual include the organization’s processes and their sequence and interactions (inputs and outputs), including type and extent of control of any outsourced processes?  
7 Does the quality manual include  a document (ie. matrix) indicating where within the organization’s quality management system their customer-specific requirements are addressed?  
NOTE: A matrix of how the requirements of this Automotive QMS standard are addressed by the organization’s processes may be used to assist with linkages of the organization’s processes and this Automotive QMS.
7.5.3 Control of Documented Information
7.5.3.2.1 Record Retention
1 Does the organization define, document, and implement a record retention policy?  
2 Do the control of records satisfy statutory, regulatory, organizational, and customer requirements?  
3 Are production part approvals, tooling records including maintenance and ownership, product and process design records, purchase orders (if applicable), or contracts and amendments retained for the length of time that the product is active for production and service requirements, plus one calendar year, unless otherwise specified by the customer or regulatory agency?  
4 Does Production part approval documented information include approved product, applicable test equipment records, or approved test data?  
7.5.3.2.2 Control of Documented Information: Engineering Specifications
1 Does the organization have a documented process describing the review, distribution, and implementation of all customer engineering standards/specifications and related revisions based on customer schedules, as required?  
2  Does the organization retain a record of the date on which each change is implemented in production?  
3 Does implementation include updated documents?  
4 Is review completed within 10 working days of receipt of notification of engineering standards/specification changes?  
NOTE: A change in these standards / specifications may require an updated record of customer production part approval when these specifications are referenced on the design record or if they affect documents of the production part approval process, such as control plan, risk analysis (such as FMEAs), etc.
8 Operations
8.1 Operational Planning and Control
8.1.1 Operational Planning and Control – Supplemental
1 When planning for product realization, are the following topics included: a) customer product requirements and technical specifications b) logistics requirements c) manufacturing feasibility d) project planning  e) acceptance criteria?  
8.1.2 Confidentiality
1 Has the organization ensured the confidentiality of customer-contracted products and projects under development, including related product information?  
8.2 Requirements for Products and Services
8.2.1 Customer Communication
8.2.1.1 Customer Communication – Supplemental
1 Is written or verbal communication in the language agreed with the customer?  
2 Does the organization have the ability to communicate necessary information, including data in a customer-specified computer language and format e.g. computer-aided design data, electronic data interchange?  
8.2.2 Determining the Requirements for Products and Services
8.2.2.1 Determining the Requirements for Products and Services – Supplemental
1 Do these requirements include recycling, environmental impact, and characteristics identified as a result of the organization’s knowledge of the product and manufacturing processes?  
2 Does compliance to any statutory and Regulatory requirement related to product include all applicable government, safety, and environmental regulations related to acquisition, storage, handling, recycling, elimination, or disposal of material?  
8.2.3 Review of the Requirements for Products and Services
8.2.3.1.1 Review of the Requirements for Products and Services – Supplemental
1 Does the organization retain documented evidence of a customer-authorized waiver for the requirements stated in ISO 9001, Section 8.2.3.1, for a formal review?  
8.2.3.1.2  Customer-Designated Special Characteristics
1 Does the organization conform to customer requirements for designation, approval documentation, and control of special characteristics?  
8.2.3.1.3 Requirements for Products and Services: Organization Manufacturing Feasibility
1 Does the organization utilize a multidisciplinary approach to conduct an analysis to determine if it is feasible that the organization’s manufacturing processes are capable of consistently producing product that meets all of the engineering and capacity requirements specified by the customer?  
2 Does the organization conduct this feasibility analysis for any manufacturing or product technology new to the organization and for any changed manufacturing process or product design?  
3 Additionally, does the organization validate through production runs, bench marking studies, or other appropriate methods, their ability to make product to specifications at the required rate?  
8.3 Design and development of products and services
8.3.1 General
8.3.1.1 Design and development of products and services – supplement
1 Does the requirement of product and manufacturing process design and development focusses on error prevention rather on detection ?  
1 Does the organization documents its design and development processes?  
8.3.2 Design and Development Planning 
8.3.2.1 Design and Development Planning – Supplemental
1 Does the organization ensure that design and development planning includes all affected stakeholders within the organization and, as appropriate, its supply chain?  
2 While doing the Design and development planning, does the organization uses as  a multidisciplinary approach which includes  a) project management (for example, APQP or VDA – RGA); b) product and manufacturing process design activities (for example, DFM and DFA), such as consideration of the use of alternative designs and manufacturing processes; c) development and review of product design risk analysis (FMEAs), including actions to reduce potential risks; d) development and review of manufacturing process risk analysis (for example, FMEAs, process flows, control plans, and standard work instructions)?  
NOTE: A multidisciplinary approach typically includes the organization’s design, manufacturing, engineering, quality, production, purchasing, supplier, maintenance, and other appropriate functions.
8.3.2.2 Product Design Skills
1 Does the organization ensure that personnel with product design responsibility are competent to achieve design requirements and are skilled in applicable product design tools and techniques?  
2 Are applicable tools and techniques identified by the organization?  
8.3.2.3 Development of Products with Embedded Software
1

 

Does the organization use a process for quality assurance for their products with internally developed embedded software?  
2 Is a software development assessment methodology utilized to assess the organization’s software development process?  
3 Using prioritization based on risk and potential impact to the customer, does the organization retain documented information of a software development capability self-assessment?  
4 Does the organization include software development within the scope of their internal audit programme?  
8.3.3 Design and Development Inputs
8.3.3.1 Product Design Input
1 Does the organization identify, document, and review product design input requirements as a result of contract review?  
2 Do product design input requirements include product specifications including but not limited to special characteristics?  
3 Do product design input requirements include boundary and interface requirements?  
4 Do product design input requirements include  identification, traceability, and packaging?  
5 Do product design input requirements include consideration of design alternatives?

NOTE: One approach for considering design alternatives is the use of trade-off curves.

 
6 Do product design input requirements include assessment of risks with the input requirements and the organization’s ability to mitigate / manage the risks, including from the feasibility analysis?  
7 Do product design input requirements include targets for conformity to product requirements including preservation, reliability, durability, serviceability, health, safety, environmental, development timing, and cost?  
8 Do product design input requirements include applicable statutory and regulatory requirements of the customer-identified country of destination, if provided?  
9 Do product design input requirements include embedded software requirements?  
10 Does the organization have a process to deploy information gained from previous design projects, competitive product analysis (benchmarking), supplier feedback, internal input, field data, and other relevant sources for current and future projects of a similar nature?  
8.3.3.2 Manufacturing Process Design Input
 1 Does the organization identify, document, and review manufacturing process design input requirements?  
 2 Does the manufacturing process design input requirements including but not limited to the following: a) product design output data including special characteristics; b) targets for productivity, process capability, timing, and cost; c) manufacturing technology alternatives; d) customer requirements, if any; e) experience from previous developments; f) new materials; g) product handling and ergonomic requirements; and h) design for manufacturing and design for assembly?  
3 Does the manufacturing process design include the use of error-proofing methods to a degree appropriate to the magnitude of the problems and commensurate with the risks encountered?  
8.3.3.3 Special Characteristics
 1  Does the organization use a multidisciplinary approach to establish, document, and implement its process to identify special characteristics, including those determined by the customer and the risk analysis performed by the organization?  
 2  Does it includes  documentation of all special characteristics in the drawings (as required), risk analysis (such as FMEA), control plans, and standard work/operator instructions; special characteristics identified with specific markings and cascaded through each of these documents?  
 3  Does identification of special characteristics includes development of control and monitoring strategies for special characteristics of products and production processes?  
 4 Does identification of special characteristics includes customer-specified approvals, when required?  
 5 Does identification of special characteristics includes compliance with customer-specified definitions and symbols or the organization’s equivalent symbols or notations, as defined in a symbol conversion table?  
 6  Is the symbol conversion table submitted to the customer, if required?  
8.3.4 Design and Development Controls
8.3.4.1 Monitoring
 1 Are measurements at specified stages during the design and development of products and processes defined, analyzed, and reported with summary results as an input to management review?  
 2  When required by the customer, are measurements of the product and process development activity reported to the customer at stages specified, or agreed to, by the customer?  
 3 When appropriate, does these measurements include quality risks, costs, lead times, critical paths, and other measurements?  
8.3.4.2 Design and Development Validation
1 Is design and development validation performed in accordance with customer requirements, including any applicable industry and governmental agency-issued regulatory standards?  
2 Is the timing of design and development validation planned in alignment with customer-specified timing, as applicable?  
3 Where contractually agreed with the customer, does this include evaluation of the interaction of the organization’s product, including embedded software, within the system of the final customer’s product?  
8.3.4.3 Prototype Programme
1 When required by the customer, does the organization have a prototype programme and control plan?  
2 Does the organization use, whenever possible, the same suppliers, tooling, and manufacturing processes as used in production?  
3 Are all performance-testing activities monitored for timely completion and conformity to requirements?  
4 When services are outsourced, does the organization include the type and extent of control in the scope of its quality management system to ensure that outsourced services conform to requirements?  
8.3.4.4 Product Approval Process
1 Does the organization establish, implement, and maintain a product and manufacturing approval process conforming to requirements defined by the customer?  
2 Does the organization approve externally provided products and services per ISO 9001, Section 8.4.3 (Information for external provider), prior to submission of their part approval to the customer?  
3 Does the organization obtain documented product approval prior to shipment, if required by the customer? Are records of such approval retained?  
4 Are records of such approval retained?  
NOTE: Product approval should be subsequent to the verification of the manufacturing process.
8.3.5 Design and Development Outputs
8.3.5.1 Design and Development Outputs – Supplemental
1 Is the product design output expressed in terms that can be verified and validated against product design input requirements?  
2 Does the product design output include design risk analysis (Design FMEA)?  
 3  Does the product design output include reliability study results?
 4  Does the product design output include product special characteristics?  
 5  Does the product design output include  results of product design error-proofing, such as DFSS, DFMA and FTA?
 6  Does the product design output include product definition including 2D drawing, 3D models, technical data packages, product manufacturing information, and geometric dimensioning & tolerancing (GD & T)?
 7  Does the product design output include product design review results?
 8  Does the product design output include service diagnostic guidelines and repair and serviceability instructions?
 9 Does the product design output include service part requirements?
 10 Does the product design output include packaging and labeling requirements for shipping?
 11 Does the Interim design outputs include any engineering problems being resolved through a trade-off process?
8.3.5.2 Manufacturing Process Design Output
 1 Does the organization document the manufacturing process design output in a manner that enables verification against the manufacturing process design inputs?
 2 Does the organization verify the outputs against manufacturing process design input requirements?
 3 Does the manufacturing process design output include specifications and drawings?
 4 Does the manufacturing process design output include  special characteristics for product and manufacturing process?
 5  Does the manufacturing process design output include  identification of process input variables that impact characteristics?
 6 Does the manufacturing process design output include tooling and equipment for production and control, including capability studies of equipment and process?
 7 Does the manufacturing process design output include manufacturing process flowcharts / layout, including linkage of product, process, and tooling?
 8 Does the manufacturing process design output include capacity analysis?
 9  Does the manufacturing process design output include manufacturing process FMEA?
 10  Does the manufacturing process design output include  maintenance plans and instructions?
 11  Does the manufacturing process design output include  control plan?
12 Does the manufacturing process design output include standard work and work instructions?  
13 Does the manufacturing process design output include process approval acceptance criteria?  
14 Does the manufacturing process design output include  data for quality, reliability, maintainability, and measurability?  
15 Does the manufacturing process design output include  results of error-proofing identification and verification, as appropriate?  
16 Does the manufacturing process design output include  methods of rapid detection, feedback, and correction of product/manufacturing process nonconformities?  
8.3.6 Design and Development Changes
8.3.6.1 Design and Development Changes – Supplemental
1 Does the organization evaluate all design changes after initial product approval, including those proposed by the organization or its suppliers, for potential impact on fit, form, function, performance, and/or durability?  
2 Are these changes validated against customer requirements and approved internally, prior to production implementation?  
3 If required by the customer, does the organization obtain documented approval, or a documented waiver, from the customer prior to production implementation?  
4 For products with embedded software, does the organization document the revision level of software and hardware as part of the change record?  
8.4 Control of externally provided processes, products and services
8.4.1 General
8.4.1.1 General – Supplemental
1 Does the organization include all products and services that affect customer requirements such as sub- assembly, sequencing, sorting, rework, and calibration services in the scope of their definition of externally provided products, processes, and services?  
8.4.1.2 Supplier Selection Process
 1 Does the organization have a documented supplier selection process?
 2 Does the selection process include an assessment of the selected supplier’s risk to product conformity and uninterrupted supply of the organization’s product to the customers?
 3 Does the selection process include relevant quality and delivery performance?
 4 Does the selection process include an evaluation of the supplier’s quality management system?
 5  Does the selection process include multidisciplinary decision making?
 6 Does the selection process include an assessment of software development capabilities, if applicable?  
 7 Are other supplier selection criteria considered including the following: volume of automotive business (absolute and as a percentage of total business); financial stability; purchased product, material, or service complexity; required technology (product or process); adequacy of available resources (e.g. people, infrastructure); design and development capabilities (including project management);  manufacturing capability; change management process; business continuity planning (e.g. disaster preparedness, contingency planning); logistics process; customer service  
8.4.1.3 Customer-Directed Sources (also known as “Directed-Buy”)
1 When specified by the customer, does the organization purchase products, materials, or services from customer-directed sources?  
 2  Are all requirements of Section 8.4 (except the requirements in IATF 16949, Section 8.4.1.2) applicable to the organization’s control of customer-directed sources unless specific agreements are otherwise defined by the contract between the organization and the customer?  
8.4.2 Type and Extent of Control
8.4.2.1 Type and Extent of Control – Supplemental
1 Does the organization have a documented process to identify outsourced processes and to select the types and extent of controls used to verify conformity of externally provided products, processes, and services to internal (organizational) and external customer requirements?  
2 Does the process include the criteria and actions to escalate or reduce the types and extent of controls and development activities based on supplier performance and assessment of product, material, or service risks?  
8.4.2.2 Statutory and Regulatory Requirements
1 Does the organization document their process to ensure that purchased products, processes, and services conform to the current applicable statutory and regulatory requirements in the country of receipt, the country of shipment, and the customer-identified country of destination, if provided?  
2 If the customer defines special controls for certain products with statutory and regulatory requirements, does the organization ensure they are implemented and maintained as defined, including at suppliers?  
8.4.2.3 Supplier Quality Management System Development
1 Does the organization require their suppliers of automotive products and services to develop, implement, and improve a quality management system certified to ISO 9001, unless otherwise authorized by the customer, with the ultimate objective of becoming certified to this Automotive QMS Standard?  
2 Unless otherwise specified by the customer, is the following sequence applied to achieve this requirement:

  1. compliance to ISO 9001 through second-party audits;
  2. certification to ISO 9001 through third-party audits; unless otherwise specified by the customer, do suppliers to the organization demonstrate conformity to ISO 9001 by maintaining a third-party certification issued by a certification body bearing the accreditation mark of a recognized IAF MLA (International Accreditation Forum Multilateral Recognition Arrangement) member and where the accreditation body’s main scope includes management system certification to ISO / IEC 17021;
  3. certification to ISO 9001 with compliance to other customer-defined QMS requirements (such as Minimum Automotive Quality Management System Requirements for Sub-Tier Suppliers [MAQMSR] or equivalent) through second-party audits;
  4. certification to ISO 9001 with compliance to IATF 16949 through second-party audits;
  5. certification to 16949 through third-party audits (valid third-party certification of the supplier to IATF 16949 by an IATF-recognized certification body)?
 
8.4.2.3.1 Automotive product-related software or automotive products with embedded software
1 Does the organization require their suppliers of automotive product-related software, or automotive products with embedded software, to implement and maintain a process for software quality assurance for their products?  
2 Is a software development assessment methodology utilized to assess the supplier’s software development process?  
3 Using prioritization based on risk and potential impact to the customer, does the organization require the supplier to retain documented information of a software development capability self-assessment?  
8.4.2.4 Supplier Monitoring
1 Does the organization have a documented process and criteria to evaluate supplier performance in order to ensure conformity of externally provided products, processes, and services to internal and external customer requirements?  
2 At a minimum, are the following supplier performance indicators monitored:

  1. delivered product conformity to requirements;
  2. customer disruptions at the receiving plant, including yard holds and stop ships;
  3. delivery schedule performance;
  4. number of occurrences of premium freight?
 
3 If provided by the customer, does the organization also include the following, as appropriate, in their supplier performance monitoring:

  1. special status customer notifications related to quality or delivery issues;
  2. dealer returns, warranty, field actions, and recalls?
 
8.4.2.4.1 Second-party audits
1 Does the organization include a second-party audit process in their supplier management approach?
Second-party audits may be used for the following: a) supplier risk assessment; b) supplier monitoring; c) supplier QMS development; d) product audits; e) process audits.
 
2 Based on a risk analysis, including product safety/regulatory requirements, performance of the supplier, and QMS certification level, at a minimum, does the organization document the criteria for determining the need, type, frequency, and scope of second-party audits? Does the organization retain records of the second-party audit reports?  
3 If the scope of the second-party audit is to assess the supplier’s quality management system, is the approach consistent with the automotive process approach?  
8.4.2.5 Supplier Development
1 Does the organization determine the priority, type, extent, and timing of required supplier development actions for its active suppliers?  
2 Do determination inputs include performance issues identified through supplier monitoring?  
3 Do determination inputs include second-party audit findings?  
4 Do determination inputs include  third-party quality management system certification status?  
5 Do determination inputs include risk analysis?  
6 Does the organization implement actions necessary to resolve open (unsatisfactory) performance issues and pursue opportunities for continual improvement?  
8.4.3 Information for External Providers 
8.4.3.1 Information for External Providers – Supplemental
1 Does the organization pass down all applicable statutory and regulatory requirements and special product and process characteristics to their suppliers and require the suppliers to cascade all applicable requirements down the supply chain to the point of manufacture?  
8.5 Production and Service provision
8.5.1 Control of Production and Service provision
8.5.1.1 Control Plan
1 Does the organization develop control plans at the system, subsystem, component, and / or material level for the relevant manufacturing site and all product supplied, including those for processes producing bulk materials as well as parts?  
2 Are family control plans acceptable for bulk material and similar parts using a common manufacturing process?  
3 Does the organization have a control plan for pre-launch and production that shows linkage and incorporates information from the design risk analysis (if provided by the customer), process flow diagram, and manufacturing process risk analysis outputs (such as FMEA)?  
4 Does the organization, if required by the customer, provide measurement and conformity data collected during execution of either the pre-launch or production control plans?  
5 Does Control plan includes controls used for the manufacturing process control, including verification of job set-ups?  
6 Does Control plan includes first-off / last-off part validation, as applicable?  
7 Does Control plan includes  methods for monitoring of control exercised over special characteristics, defined by both the customer and the organization?  
8 Does Control plan includes  the customer-required information, if any?  
9 Does Control plan includes specified reaction plan when nonconforming product is detected, the process becomes statistically unstable or not statistically capable?  
10 Does the organization review control plans and update when it has shipped nonconforming product to the customer?  
11 Does the organization review control plans and update when any change occurs affecting product, manufacturing process, measurement, logistics, supply sources, production volume changes, or risk analysis (FMEA)?  
12 Does the organization review control plans and update  after a customer complaint and implementation of the associated corrective action, when applicable?  
13 Does the organization review control plans and update at a set frequency based on a risk analysis?  
14 If required by the customer, does the organization obtain customer approval after review or revision of the control plan?  
8.5.1.2 Standardised Work – Operator Instructions and Visual Standards
1 Does the organization ensure that standardised work documents are communicated to and understood by the employees who are responsible for performing the work?  
2 Is it  legible and presented in the language understood by the personnel responsible to follow them?  
3 Is it accessible for use at the designated work area?  
4  Do the standardised work documents also include rules for operator safety?  
8.5.1.3 Verification of Job Set-Ups
1 Does the organization verify job set-ups when performed, such as an initial run of a job, material changeover, or job change that requires a new set-up?  
2 Does the organization maintain documented information for set-up personnel?  
3 Does the organization use statistical methods of verification, where applicable?  
4 Does the organization  perform first-off/last-off part validation, as applicable; where appropriate, are first-off parts retained for comparison with the last-off parts; where appropriate, are last-off parts retained for comparison with first-off parts in subsequent runs?  
5 Does the organization retain records of process and product approval following set-up and first-off/last-off part validations?  
8.5.1.4 Verification After Shutdown
1 Does the organization define and implement the necessary actions to ensure product compliance with requirements after a planned or unplanned production shutdown period?  
8.5.1.5 Total Productive Maintenance
 1 Does the organization develop, implement, and maintain a documented total productive maintenance system?  
 2 Does the system include identification of process equipment necessary to produce conforming product at the required volume?  
 3 Does the system include availability of replacement parts for the equipment identified?  
 4 Does the system include provision of resource for machine, equipment, and facility maintenance?  
 5 Does the system include packaging and preservation of equipment, tooling, and gauging?  
 6 Does the system include applicable customer-specific requirements?  
 7 Does the system include documented maintenance objectives, for example: OEE (Overall Equipment Effectiveness), MTBF (Mean Time Between Failure), and MTTR (Mean Time To Repair), and Preventive Maintenance compliance metrics?  
 8 Does performance to the maintenance objectives form an input into management review ?  
 9 Does the system include regular review of maintenance plan and objectives and a documented action plan to address corrective actions where objectives are not achieved?  
 10  Does the system include use of preventive maintenance methods?
 11  Does the system include  use of predictive maintenance methods, as applicable?  
 12  Does the system include  periodic overhaul?  
8.5.1.6 Management of Production Tooling and Manufacturing, Test, Inspection Tooling and Equipment
 1  Does the organization provide resources for tool and gauge design, fabrication, and verification activities for production and service materials and for bulk materials, as applicable?  
 2 Does the organization establish and implement a system for production tooling management, whether owned by the organization or the customer?  
 3 Does the Production tooling management includes maintenance and repair facilities and personnel?  
 4 Does the Production tooling management includes storage and recovery?  
 5 Does the Production tooling management includes set-up and tool-change programmes for perishable tools?  
 6 Does the Production tooling management includes tool design modification documentation, including engineering change level of the product?  
 7 Does the Production tooling management includes tool modification and revision to documentation?  
 8 Does the Production tooling management includes tool identification, such as serial or asset number; the status, such as production, repair or disposal; ownership; and location?  
 9  Does the organization verify that customer-owned tools, manufacturing equipment, and test/inspection equipment are permanently marked in a visible location so that the ownership and application of each item can be determined?  
 10  Does the organization implement a system to monitor these activities if any work is outsourced?  
8.5.1.7 Production Scheduling
1 Does the organization ensure that production is scheduled in order to meet customer orders/demands such as Just-In-Time (JIT) and is supported by an information system that permits access to production information at key stages of the process and is order driven?  
2 Does the organization include relevant planning information during production scheduling, e.g. customer orders, supplier on-time delivery performance, capacity, shared loading (multi-part station), lead time, inventory level, preventive maintenance, and calibration?  
8.5.2 Identification and Traceability 
8.5.2.1 Identification and Traceability – Supplemental
1 Does the organization implement identification and traceability processes to support identification of clear start and stop points for product received by the customer or in the field that may contain quality and/or safety-related nonconformities?  
2 Does the organization conduct an analysis of internal, customer, and regulatory traceability requirements for all automotive products, including developing and documenting traceability plans, based on the levels of risk or failure severity for employees, customers, and consumers?  
3 Do these plans define the appropriate traceability systems, processes, and methods by product, process, and manufacturing location?  
4 Do these plans  enable the organization to identify nonconforming and/or suspect product?  
5 Do these plans enable the organization to segregate nonconforming and/or suspect product?  
6 Do these plans ensure the ability to meet the customer and/or regulatory response time requirements?  
7  Do these plans  ensure documented information is retained in the format (electronic, hardcopy, archive) that enables the organization to meet the response time requirements?  
8  Do these plans ensure serialized identification of individual products, if specified by the customer or regulatory standards?  
9 Do these plans ensure the identification and traceability requirements are extended to externally provided products with safety/regulatory characteristics?  
8.5.4 Preservation
8.5.4.1 Preservation – Supplemental
1 Does preservation include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection?  
2 Does preservation apply to materials and components from external and/or internal providers from receipt through processing, including shipment and until delivery to/acceptance by the customer?  
3 In order to detect deterioration, does the organization assess at appropriate planned intervals the condition of product in stock, the place/type of storage container, and the storage environment?  
4 Does the organization use an inventory management system to optimize inventory turns over time and ensure stock rotation, such as “first-in-first-out” (FIFO)?  
5 Does the organization ensure that obsolete product is controlled in a manner similar to that of nonconforming product?  
6 Do organizations comply with preservation, packaging, shipping, and labeling requirements as provided by their customers?  
8.5.5 Post Delivery activities
8.5.5.1 Feedback of Information from Service
1 Does the organization ensure that a process for communication of information on service concerns to manufacturing, material handling, logistics, engineering, and design activities is established, implemented, and maintained?  
2

 

Is  the organization  aware of nonconforming products and materials that may be identified at the customer location or in the field. ?  
3 Where applicable does “Service Concerns” include the results of field failure test analysis?  
8.5.5.2 Service Agreement with Customer
1 When there is a service agreement with the customer, does the organization verify that the relevant service centres comply with applicable requirements?  
2 Does the organization verify the effectiveness of any special purpose tools or measurement equipment?
3 Does the organization ensure that all service personnel are trained in applicable requirements?  
8.5.6 Control of Changes
8.5.6.1 Control of Changes – Supplemental
1 Does the organization have a documented process to control and react to changes that impact product realization?  
2 Are the effects of any change, including those changes caused by the organization, the customer, or any supplier, assessed?
3 Does the organization define verification and validation activities to ensure compliance with customer requirements?  
4 Does the organization validate changes before implementation?  
5 Does the organization document the evidence of related risk analysis?
6 Does the organization retain records of verification and validation?  
7 Do changes, including those made at suppliers, require a production trial run for verification of changes such as changes to part design, manufacturing location, or manufacturing process to validate the impact of any changes on the manufacturing process?  
8 When required by the customer, does the organization notify the customer of any planned product realization changes after the most recent product approval?
9 When required by the customer, does the organization obtain documented approval, prior to implementation of the change?  
10 When required by the customer, does the organization complete additional verification or identification requirements, such as production trial run and new product validation?  
8.5.6.1.1 Temporary Change of Process Controls
1 Does the organization identify, document, and maintain a list of the process controls, including inspection, measuring, test, and error-proofing devices, that includes the primary process control and the approved back-up or alternate methods?  
2 Does the organization document the process that manages the use of alternate control methods?
3 Does the organization include in this process, based on risk analysis (such as FMEA), severity, and the internal approvals to be obtained prior to production implementation of the alternate control method?  
4 Before shipping product that was inspected or tested using the alternate method, if required, does the organization obtain approval from the customer(s)?  
5 Does the organization maintain and periodically review a list of approved alternate process control methods that are referenced in the control plan?
6 Are standard work instructions available for each alternate process control method?  
7 Does the organization review the operation of alternate process controls on a daily basis, at a minimum, to verify implementation of standard work with the goal to return to the standard process as defined by the control plan as soon as possible? Example methods include but are not limited to the following:

  1. daily quality focused audits (e.g. layered process audits, as applicable)
  2. daily leadership meetings.
 
8 Is restart verification documented for a defined period based on severity and confirmation that all features of the error-proofing device or process are effectively reinstated?
9 Does the organization implement traceability of all product produced while any alternate process control devices or processes are being used (e.g. verification and retention of first piece and last piece from every shift)?  
8.6 Release of Products and Services
8.6.1 Release of Products and Services – Supplemental
 1 Does the organization ensure that the planned arrangements to verify that the product and service requirements have been met encompass the control plan and are documented as specified in the control plan?  
 2 Does the organization ensure that the planned arrangements for the initial release of products and services encompass product or service approval?  
 3 Does the organization ensure that product or service approval is accomplished after changes following initial release, according to ISO 9001, Section 8.5.6?  
8.6.2 Layout Inspection and Functional Testing
 1 Is a layout inspection and a functional verification to applicable customer engineering material and performance standards performed for each product as specified in the control plans?  
 2 Are results available for customer review?  
NOTE 1: Layout inspection is the complete measurement of all product dimensions shown on the design record(s). NOTE 2: The frequency of layout inspection is determined by the customer.
8.6.3 Appearance Items
 1 For organizations manufacturing parts designated by the customer as “appearance items”, does the organization provide appropriate resources, including lighting, for evaluation?
 2 Does the organization provide masters for colour, grain, gloss, metallic brilliance, texture, distinctness of image (DOI), and haptic technology, as appropriate?
 3 Does the organization provide maintenance and control of appearance masters and evaluation equipment?
 4 Does the organization provide verification that personnel making appearance evaluations are competent and qualified to do so?
8.6.4 Verification and Acceptance of Conformity of Externally Provided Products and Services
 1 Does the organization have a process to ensure the quality of externally provided processes, products, and services utilizing one or more of the following methods:

  1. receipt and evaluation of statistical data provided by the supplier to the organization;
  2. receiving inspection and/or testing, such as sampling based on performance;
  3. second-party or third-party assessments or audits of supplier sites when coupled with records of acceptable delivered product conformance to requirements;
  4. part evaluation by a designated laboratory;
  5.  another method agreed with the customer?
8.6.5 Statutory and Regulatory Conformity
 1 Prior to release of externally provided products into its production flow, does the organization confirm and is it able to provide evidence that externally provided processes, products, and services conform to the latest applicable statutory, regulatory, and other requirements in the countries where they are manufactured and in the customer-identified countries of destination, if provided?
8.6.6 Acceptance Criteria
 1 Is acceptance criteria defined by the organization and, where appropriate or required, approved by the customer?
 2  For attributed data sampling, is the acceptance level zero defects?
8.7 Control of Non conforming outputs
8.7.1.1 Customer Authorization for Concession
1 Does the organization obtain a customer concession or deviation permit prior to further processing whenever the product or manufacturing process is different from that which is currently approved?  
2 Does the organization obtain customer authorization prior to further processing for “use as is” and rework dispositions of nonconforming product?
3  If sub-components are reused in the manufacturing process, is that sub-component reuse clearly communicated to the customer in the concession or deviation permit?  
4 Does the organization maintain a record of the expiration date or quantity authorized under concession?  
5 Does the organization also ensure compliance with the original or superseding specifications and requirements when the authorization expires?
6 Is material shipped under concession properly identified on each shipping container (this applies equally to purchased product)?  
7 Does the organization approve any requests from suppliers before submission to the customer?  
8.7.1.2 Control of Nonconforming Product – Customer – Specified Process
 1 Does the organization comply with applicable customer-specified controls for nonconforming product(s)?
8.7.1.3 Control of Suspect Product
 1 Does the organization ensure that product with unidentified or suspect status is classified and controlled as nonconforming product?
 2 Does the organization ensure that all appropriate manufacturing personnel receive training for containment of suspect and nonconforming product?
8.7.1.4 Control of Reworked Product
1 Does the organization utilize risk analysis (such as FMEA) methodology to assess risks in the rework process prior to a decision to rework the product?  
2 If required by the customer, does the organization obtain approval from the customer prior to commencing rework of the product?
3 Does the organization have a documented process for rework confirmation in accordance with the control plan or other relevant documented information to verify compliance to original specifications?  
4  Are instructions for disassembly or rework, including re-inspection and traceability requirements, accessible to and utilized by the appropriate personnel?  
5 Does the organization retain documented information on the disposition of reworked product including quantity, disposition, disposition date, and applicable traceability information?
8.7.1.5 Control of Repaired Product
1 Does the organization utilize risk analysis (such as FMEA) methodology to assess risks in the repair process prior to a decision to repair the product?  
2 Does the organization obtain approval from the customer before commencing repair of the product?
3 Does the organization have a documented process for repair confirmation in accordance with the control plan or other relevant documented information?  
4 Are instructions for disassembly or repair, including re-inspection and traceability requirements, accessible to and utilized by the appropriate personnel?  
5 Does the organization obtain a documented customer authorization for concession for the product to be repaired?
6 Does the organization retain documented information on the disposition of repaired product including quantity, disposition, disposition date, and applicable traceability information?
8.7.1.6 Customer Notification
 1 Does the organization immediately notify the customers in the event that nonconforming product has been shipped?
 2 Is initial communication followed with detailed documentation of the event?
8.7.1.7 Nonconforming Product Disposition
1 Does the organization have a documented process for disposition of nonconforming product not subject to rework or repair?  
2 For product not meeting requirements, does the organization verify that the product to be scrapped is rendered unusable prior to disposal?
3 The organization shall not divert nonconforming product to service or other use without prior customer approval.  
9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.1.1 Monitoring and Measurement of Manufacturing Processes
1 Does the organization perform process studies on all new manufacturing (including assembly or sequencing) processes to verify process capability and to provide additional input for process control, including those for special characteristics?
2 For  manufacturing processes where  it may not be possible to demonstrate product compliance through process capability, are  alternate methods such as batch conformance to specification  used?
3 Does the organization maintain manufacturing process capability or performance results as specified by the customer’s part approval process requirements?
4 Does the organization verify that the process flow diagram, PFMEA, and control plan are implemented?  
5 Does the organization adherence to the following:

  1. measurement techniques;
  2. sampling plans;
  3. acceptance criteria;
  4. records of actual measurement values and/or test results for variable data;
  5. reaction plans and escalation process when acceptance criteria are not met
 
6 Are significant process events, such as tool change or machine repair, recorded and retained as documented information?  
7 Does the he organization initiate a reaction plan indicated on the control plan and evaluated for impact on compliance to specifications for characteristics that are either not statistically capable or are unstable?  
8 Does these reaction plans include containment of product and 100 percent inspection, as appropriate?  
9 Is a corrective action plan developed and implemented by the organization indicating specific actions, timing, and assigned responsibilities to ensure that the process becomes stable and statistically capable.?  
10 Do the organization review the plans  with and approved by the customer, when required. ?  
11 Does the organization  maintain records of effective dates of process changes.?  
9.1.1.2 Identification of Statistical Tools
1 Does the organization determine the appropriate use of statistical tools?  
2 Does the organization verify that appropriate statistical tools are included as part of the advanced product quality planning (or equivalent) process and included in the design risk analysis (such as DFMEA) (where applicable), the process risk analysis (such as PFMEA), and the control plan?  
9.1.1.3 Application of Statistical Concepts
1 Are statistical concepts, such as variation, control (stability), process capability, and the consequences of over-adjustment, understood and used by employees involved in the collection, analysis, and management of statistical data?  
9.1.2. Customer satisfaction
9.1.2.1 Customer Satisfaction – Supplemental
1 Is customer satisfaction with the organization monitored through continual evaluation of internal and external performance indicators to ensure compliance to the product and process specifications and other customer requirements?  
2 Are performance indicators based on objective evidence and include but not limited to the following: a) delivered part quality performance?  
3 Does performance indicators include customer disruptions?  
4 Does performance indicators include field returns, recalls, and warranty (where applicable)?  
5 Does performance indicators include delivery schedule performance (including incidents of premium freight)?  
6 Does performance indicators include  customer notifications related to quality or delivery issues, including special status?  
7 Does the organization monitor the performance of manufacturing processes to demonstrate compliance with customer requirements for product quality and process efficiency?  
8 Does the organization monitor the performance of manufacturing processes to demonstrate compliance with customer requirements for product quality and process efficiency?  
9 Does the organization monitor the performance of manufacturing processes to demonstrate compliance with customer requirements for product quality and process efficiency?  
10 Do the organization record analytical results and do the organization retain and control these records?  
9.1.3. Analysis and evaluation
9.1.3.1 Prioritization
1 Are trends in quality and operational performance compared with progress toward objectives and lead to action to support prioritization of actions for improving customer satisfaction?  
9.2 Internal Audit
9.2.2.1 Internal Audit Programme
1 Does the organization have a documented internal audit process?  
2 Does the process include the development and implementation of an internal audit programme that covers the entire quality management system including quality management system audits, manufacturing process audits, and product audits?  
3 Is the audit programme prioritized based upon risk, internal and external performance trends, and criticality of the processes?  
4 Where the organization is responsible for software development, does the organization include software development capability assessments in their internal audit programme?  
5 Is the frequency of audits reviewed and, where appropriate, adjusted based on occurrence of process changes, internal and external nonconformities, and/or customer complaints?  
6  Is the effectiveness of the audit programme reviewed as a part of management review?  
9.2.2.2 Quality Management System Audit
1 Does the organization audit all quality management system processes over each three-year calendar period, according to an annual programme, using the process approach to verify compliance with this Automotive QMS Standard?  
2 Integrated with these audits, does the organization sample customer-specific quality management system requirements for effective implementation?  
9.2.2.3 Manufacturing Process Audit
1 Does the organization audit all manufacturing processes over each three-year calendar period to determine their effectiveness and efficiency using customer-specified required approaches for process audits?  
2 Where not defined by the customer, does the organization determine the approach to be used?  
3 Within each individual audit plan, is each manufacturer process audited on all shifts where it occurs, including the appropriate sampling of the shift handover?  
4 Does the manufacturing process audit include an audit of the effective implementation of the process risk analysis (such as PFMEA), control plan, and associated documents?  
9.2.2.4 Product Audit
1 Does the organization audit products using customer-specific required approaches at appropriate stages of production and delivery to verify conformity to specified requirements?  
2 Where not defined by the customer, does the organization define the approach to be used?  
9.3 Management review
9.3.1 General
9.3.1.1 Management Review – Supplemental
1 Is management review conducted at least annually?  
2 Is the frequency of management review(s) increased based on risk to compliance with customer requirements resulting from internal or external changes impacting the quality management system and performance-related issues?  
9.3.2 Management review inputs
9.3.2.1 Management Review Inputs – Supplemental
1 Does input to management review include cost of poor quality (cost of internal and external nonconformance)?  
2 Does input to management review include measures of process effectiveness?  
3 Does input to management review include measures of process efficiency?  
4 Does input to management review include product conformance?  
5 Does input to management review include assessments of manufacturing feasibility made for changes to existing operations and for new facilities or new product?  
6 Does input to management review include  customer satisfaction?  
7 Does input to management review include  review of performance against maintenance objectives?  
8 Does input to management review include warranty performance where applicable?  
9 Does input to management review include  review of customer scorecards where applicable?  
10 Does input to management review include identification of potential field failures identified through risk analysis (such as FMEA)?  
11 Does input to management review include actual field failures and their impact on safety or the environment?  
9.3.3 Management review outputs
9.3.3.1 Management Review Outputs – Supplemental
1 Does top management document and implement an action plan when customer performance targets are not met?  
10 Improvement
10.2 Non conformity and corrective action
10.2.3 Problem Solving
1 Does the organization have a documented processes for problem solving?  
2 Has the organization defined approaches for various types and scale of problems (e.g. new product development, current manufacturing issues, field failures, audit findings)?  
3 Does the process includes containment, interim actions, and related activities necessary for control of nonconforming outputs?  
4 Does it includes root cause analysis, methodology used, analysis, and results?  
5 Does it includes implementation of systemic corrective actions, including consideration of the impact on similar processes and products?  
6 Does the organization  verifies of the effectiveness of implemented corrective actions?  
7  Does the organization reviews and, where necessary, update the appropriate documented information (e.g. PFMEA, control plan)?  
8 Where the customer has specified prescribed processes, tools, or systems for problem solving, does the organization use those processes, tools, or systems, unless otherwise approved by the customer?  
10.2.4 Error-Proofing
1 Does the organization have a documented process to determine the use of appropriate error-proofing methodologies?  
2 Are details of the method used documented in the process risk analysis (such as PFMEA) and are test frequencies documented in the control plan?  
3 Does the process include the testing of error-proofing devices for failure or simulated failure?  
4 Are records maintained?  
5 Are challenge parts, when used, identified, controlled, verified, and calibrated where feasible?  
6 Do error-proofing device failures have a reaction plan?  
10.2.5 Warranty Management Systems
1 When the organization is required to provide warranty for their products, does the organization implement a warranty management process?  
2 Does the organization include in the process a method for warranty part analysis, including NTF (no trouble found)?  
3 When specified by the customer, does the organization implement the required warranty management process?  
10.2.6 Customer Complaints and Field Failure Test Analysis
1 Does the organization perform analysis on customer complaints and field failures, including any returned parts, and does it initiate problem solving and corrective action to prevent recurrence?  
2 Where requested by the customer, does this include analysis of the interaction of embedded software of the organization’s product within the system of the final customer’s product?  
3 Does the organization communicate the results of testing/analysis to the customer and also within the organization?  
10.3 Continual improvement
10.3.1 Continual Improvement – Supplemental
1 Does the organization have a documented process for continual improvement?  
2 Does it includes identification of the methodology used, objectives, measurement, effectiveness, and documented information?  
3 Does it includes  a manufacturing process improvement action plan with emphasis on the reduction of process variation and waste?  
4 Does it includes risk analysis (such as FMEA)?  
NOTE: Continual improvement is implemented once manufacturing processes are statistically capable and stable or when product characteristics are predictable and meet customer requirements.

pdf Template for IATF GAP  Analysis tools
  Example of  IATF GAP  Analysis

Your Donation can make a difference

We have chosen to make our Resources freely and openly available on the web with the hope that it touches the life of thousands of readers who visits us daily. We hope our blog has helped in enhancing the knowledge of our readers and added value to organization and their implementers. We would request you to make donation large and small, so as to provide us the resources needed to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of updating and enriching our site content. Your contribution will ensure that we can keep our blog  up-to-date and add more of the rich resources — such as video — that make a difference for so many worldwide.
Your donation will demonstrate your commitment to knowledge as a public good and is an important part of our overall sustainability plan. Your donation is also important in demonstrating to us how much you value the site and motivates us to devote more of our time towards developing this blog.

Your Feedback


ExcellentVery GoodGoodokPoor /Needs improvement

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: preteshbiswas@gmail.com  or call at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 Automotive Quality Management System

IATF 16949:2016 is the global technical specification and quality management standard for the automotive industry. Based on ISO 9001:2015, it was published in October 2016 and replaces ISO/TS 16949. It is designed to be used in conjunction with ISO 9001:2015 and contains supplemental requirements specific to the automotive industry rather than being a standalone QMS. It specifies the requirements for establishing, implementing, maintaining and continually improving a QMS for any organization, in the automotive industry regardless of size. It brings together standards from across Europe and the US. IATF 16949:2016 outlines everything you need to know about achieving best practice when designing, developing, manufacturing, installing or servicing automotive products. ISO/TS 16949 from 2009, a technical specification for automotive sector quality management systems, has become one of the most widely used international standards in the automotive industry, harmonizing the different assessment and certification systems in the global automotive supply chain. On October 3, 2016, IATF 16949:2016 was published by the IATF and therefore supersedes and replaces the current ISO/TS 16949:2009, defining the requirements of a Quality Management System for organizations in the automotive industry.  This means that organizations in the automotive industry seeking IATF 16969 certification must also comply with ISO 9001:2015. QMS, is a collection of policies, processes, documented procedures, and records. This collection of documentation defines the set of internal rules that will govern how your company creates and delivers your product or service to your customers. The QMS must be tailored to the needs of your company and the product or service you provide, but the IATF 16949 standard provides a set of guidelines to help make sure that you do not miss any crucial elements that a QMS needs to be successful.  It is intended to be used by organizations of any size or industry, and can be used by any company. As an international standard, it is recognized as the basis for any company to create a system to ensure customer satisfaction and improvement, and as such, many companies demand this as the minimum requirement for an organization to be a supplier.  The goal of the standard is the development of a QMS that:

  • Provides for continual improvement
  • Emphasizes defect prevention
  • Includes specific requirements and tools from the automotive industry
  • Promotes the reduction of variation and waste in the supply chain

Changes from ISO/TS 16949:2009 to IATF 16949:2016

The new standard is based on Annex SL – the new high level structure. This is a common framework for all ISO management systems. This helps to keep consistency, align different management system standards, offer matching sub-clauses against the top level structure and apply common language across all standards. It will be easier for organizations to incorporate their QMS into core business processes and get more involvement from senior management. IATF 16949 requires complete conformance to all ISO 9001:2015 requirements and identifies the supplemental automotive management system requirements (which are extensive). The majority of these supplemental requirements are carry-over from ISO/TS 16949:2009 however there has been significant areas of update based on the evolving automotive industry direction. Highlights of the changes include the following:

  1. High level structure: The new standard is based on Annex SL – the new high level structure. This is a common framework for all ISO management systems. This helps to keep consistency, align different management system standards, offer matching sub-clauses against the top level structure and apply common language across all standards. It will be easier for organizations to incorporate their QMS into core business processes and get more involvement from senior management. The Plan-Do-Check-Act (PDCA) cycle can be applied to all processes and to the quality management system as a whole. ISO 9001 embraces a new structure by switching from eight clauses to ten clauses in the 2015 revision. This change allows the standard to better align with business strategic direction, become more compatible with other management system standards, and incorporate the Plan-Do-Check-Act approach, as shown below. Unlike ISO/TS 16949 and some other industry-specific standards, IATF 16949 does not contain the ISO 9001:2015 text. The document contains only the automotive-specific additional requirements; however, the organization is still required to comply with ISO 9001:2015. IATF 16949 clarifies that it is a supplement to be used in conjunction with ISO 9001:2015. IATF 16949 shares the same general section headings and clause structure as ISO 9001:2015, without reciting the text. This ensures all IATF 16949 requirements are fully aligned with the ISO 9001:2015 high level structure. An organization is not required to reflect the new ten-clause structure and terminology in the documentation of their organization’s quality management system. The purpose of the new structure is to provide a clear presentation of the requirements; it is not to intended to be a model for documenting an organization’s policies, objectives and processes.
  2. New Terms
  3. RISK-BASED THINKING
    Risk mitigation takes center stage in IATF 16949, as it does in ISO 9001:2015. IATF 16949 adds a number of specific risk-related requirements to minimize the likelihood of failure during new program development and to maximize the potential realization of planned activities. These additions are the result of industry best practices intended to make businesses safer and more stable by identifying and mitigating risk. To ensure risk-based thinking is pervasive throughout the organization, top management needs to be actively engaged. Responsibilities include:

    • Conducting contingency planning reviews
    • Identifying and supporting of process owners
    • Participating in the escalation process related to product safety
    • Ensuring achievement of customer performance targets and quality objectives
    • Implementing corporate responsibility initiatives including an anti-bribery policy, an employee code of conduct, and an ethics escalation policy (“whistle-blowing policy”)

    IATF 16949 requires that “organizations shall ensure conformance of all products and processes, including service parts and those that are outsourced.” This use of the word “ensure” implies that the organization needs to establish and maintain a system that mitigates the risk of nonconformance throughout the supply chain. The organization is ultimately responsible for all conformity and must cascade all applicable requirements down the supply chain to the point of manufacture. The standard reinforces the concept of a “multidisciplinary approach” throughout the product lifecycle, and particularly during design and development planning activities. IATF 16949 adds additional controls for the management of development projects throughout the cycle, which eventually concludes with a product approval process. As well, the automotive standard adds a large number of requirements to specifically address the development of manufacturing processes. Manufacturing processes may have the same output requirements as those specified for the product; however, customers often require the use of specific Automotive Core Tools, such as capturing and analyzing risk via a PFMEA. These sorts of considerations are included in IATF 16949 in an attempt to mitigate risk even before manufacturing the product or installing machinery. Survival in the automotive industry requires continuous change to address internal and external issues. Organizations need to adopt a process to assess the risk of changes and take appropriate action. IATF 16949 requirements to manage changes include:

    • Assessing manufacturing feasibility for changes to existing operations.
    • Evaluating design changes after initial product approval.
    • Reviewing control plans for changes affecting product, manufacturing process, measurement, logistics, supply sources, production volume changes, or risk analysis.
    • Controlling and reacting to changes that impact product realization, including changes caused by the organization, the customer, or any supplier. This includes both permanent and temporary changes.
    • Adjusting the frequency of internal audits based on occurrence of process changes.

    Other sources of risk, such as how to deal with nonconforming outputs, are covered in more detail to ensure suppliers are aligned with their customers.

  4. INTEGRATION OF CUSTOMER-SPECIFIC REQUIREMENTS
    IATF 16949 integrates many common industry practices previously found in customer-specific requirements. Integrating these common practices as requirements encourages commonality throughout the industry and aims to reduce the need for extensive customer-specific requirements in these areas. Also important is the clear distinction between customer requirements and customer-specific requirements (CSRs). In IATF 16949, these two terms are defined as follows:

    • Customer Requirements: All requirements specified by the customer (e.g., technical, commercial, product and manufacturing process-related requirements, general terms and conditions, customer-specific requirements, etc.)
    • Customer-Specific Requirements: Interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS Standard.

    The new standard more clearly defines these two terms to reduce misunderstandings, and to facilitate the sampling of customer-specific quality management system requirements for effective implementation. For example, the organization needs to review and agree with customer requirements such as packaging manuals and manufacturing process guidelines. However, for customer-specific requirements, organizations need to review and agree after considering the impact on their entire QMS. Here are some examples of areas that were previously customer-specific requirements that are now included in more detail in IATF 16949:

    • Manufacturing feasibility
    • Warranty management
    • Temporary change of process controls
    • Supplier quality management system development
    • Second-party audits
    • Control plan
    • Problem-solving methodologies
    • Control of changes
    • Total productive maintenance
    • Standardized work
  5. FIRST AND SECOND PARTY AUDITOR COMPETENCY
    IATF 16949 adds additional requirements for both first and second-party auditors, which include:

    • Organizations shall have a documented process to verify internal auditor competency.
    • When training internal auditors, documented information shall be retained to demonstrate trainer’s competency with the additional requirements.
    • Organizations shall demonstrate the competency of second-party auditors, and second-party auditors shall meet customer-specific requirements for auditor qualification.
    • This standard also outlines the minimum competencies for auditors, which include:
      • Automotive process approach for auditing, including risk- based thinking
      • Applicable core tools requirements
      • Applicable customer-specific requirements
      • Software development assessment methodologies, if applicable

    These changes may require a competence gap analysis followed by additional auditor training and development activities.

  6. PRODUCT SAFETY
    Product safety is an entirely new section in the IATF standard, and a transitioning organization must have documented processes for the management of product-safety related products and manufacturing processes. New requirements related to product safety include, where applicable:

    • Special approval of control plans and FMEAs
    • Training identified by the organization or customer for personnel involved in product-safety related products and associated manufacturing processes
    • Transfer of requirements with regard to product safety throughout the supply chain, including customer- designated sources

    This clause highlights the fact that a product should perform to its designed or intended purpose without causing unacceptable harm or damage. Organizations must have processes in place to ensure product safety throughout the entire product lifecycle.

  7. MANUFACTURING FEASIBILITY
    In the new standard, an organization is required to assess if they are capable of achieving the performance and timing targets specified by the customer, otherwise known as manufacturing feasibility. While ISO/TS 16949 did require this kind of manufacturing feasibility analysis, it did not impose specific requirements. The new standard’s specific requirements include:

    • Using a multidisciplinary approach
    • Performing the analysis for any new manufacturing or product technology and for any changed manufacturing process or product design
    • Validating their ability to make product specifications at the required rate through production runs, benchmarking studies or other appropriate methods
  8. WARRANTY MANAGEMENT
    Based on the increasing importance of warranty management, a new requirement has been added to IATF 16949. When an organization is required to provide warranty for their product(s), the warranty management process must address and integrate all applicable customer-specific requirements and warranty party analysis procedures to validate No Trouble Found (NTF). Decisions should be agreed upon by the customer, when applicable.
  9. DEVELOPMENT OF PRODUCTS WITH EMBEDDED SOFTWARE
    ATF 16949 requirements for products with embedded software reflect the additional challenges as we move toward more of a drive-by-wire world. The standard references embedded software in the requirements for product validation, warranty and troubleshooting of issues in the field. A product requiring embedded software may need to comply with sourcing-from-origin requirements established by a customer. OEM requirements for sourcing and materials change frequently, and early changes to a program may negatively affect timing and increase risk. Embedded software is here to stay and the new version of the standard may require companies to look at their purchased parts (now called outsourced components) and identify risks in their current system based on this new focus.

Structure of IATF 16949:2016

The IATF 16949 structure is split into 11 sections. The first three are introductory, with the last seven containing the requirements for the Quality Management System.  The structure is similar to that of ISO 9001:2015.Here is what the seven main sections are about:

  • Clause 1: Scope – Clause 1 details the scope of the standard and there is a supplementary note to cover products with embedded software.
  • Clause 2: Normative references
    ISO 9000, Quality Management System – Fundamental and vocabulary is referenced and provides valuable guidance.
  • Clause 3: Terms and definitions
    Terms and definitions are contained in ISO 9000:2015 – Quality Management – Fundamentals and vocabulary. The new standard contains additional terms and definitions relevant for the automotive industry including “accessory parts”, “challenge part”, “manufacturing services”, “outsourced processes”, “production shutdown”, “special status”, and “total productive maintenance”.
  • Clause 4: Context of the organization – This section requires the organization to determine its context in terms of the Quality Management System, including interested parties and their needs and expectations. It also defines the requirements for determining the scope of the QMS, as well as general QMS requirements. This is a new clause that establishes the context of the QMS and how the business strategy supports it. The ‘context of the organization’ is the clause that underpins the rest of the new standard. It gives an organization the opportunity to identify and understand the factors and parties in their environment that support the quality management system. Firstly, the organization will need to determine external and internal issues that are relevant to its purpose, i.e. what are the relevant issues, both inside and out, that have an impact on what the organization does, or that would affect its ability to achieve the intended outcome(s) of its management system. It should be noted that the term “issue” covers not only problems which could be the subject of preventive actions, but also important topics for the management system to address, such as any market assurance and governance goals the organization might set. Secondly an organization will also need to identify the “interested parties” that are relevant to their QMS. These groups could include shareholders, employees, customers, suppliers, statutory and regulatory bodies and even pressure groups. Each organization will identify their own unique set of “interested parties” and over time these may change in line with the strategic direction of the organization. Next the scope of the QMS must be determined. This could include the whole of the organization or specific identified functions. Any supporting outsourced functions or processes will also need to be considered in the organization’s scope if they are relevant to the QMS. You are required to establish, implement, maintain and continually improve the QMS in accordance with the requirements of the standard. This requires the adoption of a process approach and although every organization will be different, documented information such as process diagrams or written procedures could be used to support this. Product Safety is a new section in the standard. It has enhanced requirements designed to address current and emerging issues that the automotive industry is facing. The standard now lists the documented processes for the management of product safety-related products and manufacturing processes that an organization is required to have.
    • Section 4.3.1: Determining the scope of the quality management system – supplemental
      These requirements were originally included in ISO/TS 16949:2009 Sections 1.1 and 1.2. They have been moved to Section 4 within IATF 16949.The requirement relating to supporting functions was revised to ensure that supporting functions not only address the need to include support functions in the audit, but also to ensure that they are included in the scope of the QMS.In addition, any exclusion sought for design and development activities, now in Section 8.3, has to be preserved as documented information.
    • Section 4.3.2: Customer-specific requirements
      Although the need to fulfill and satisfy customer-specific requirements was already mentioned throughout the whole ISO/TS 16949 document, in IATF 16949 this requirement specifically addresses the need to evaluate the customer specific requirements and include them where applicable in the organization’s quality management system. This means that the supplier would need some sort of process to evaluate each of their customer’s customer-specific requirements and determine exactly how (and where) it applies to their organization’s QMS, as applicable
    • Section 4.4.1.1: Conformance of products and processes
      It ensures that the supplier (organization) is responsible for the conformity of outsourced processes, and all products and processes meet all applicable requirements and expectations of all interested parties.To ensure conformance of all products and processes, the organization would need to take a proactive approach to assess and address risks, and not rely only on inspection
    • Section 4.4.1.2: Product safety:   New section with enhanced requirements that address current and emerging issues the automotive industry is facing related to product and process safety.Organizations (suppliers) are required to have documented processes to manage product-safety related products and processes.This section includes identification of statutory requirements; identifying and controlling product-safety-related characteristics both during design and at point of manufacture; defining responsibilities, escalation processes, reaction plans, and the necessary flow of information including top management, suppliers, and customers; receiving special approvals for FMEAs and Control Plans; product traceability measures; and cascading of requirements throughout the supply chain.
  • Clause 5: Leadership – This clause of the standard requires top management to demonstrate leadership and commitment to the QMS, along with defining corporate responsibility and the quality policy. The top management must also assign process owners along with other roles and responsibilities. This clause places requirements on “top management” which is the person or group of people who directs and controls the organization at the highest level. The ISO requirements have been supplemented by requiring organizations to adopt a corporate responsibility requirement. This reflects increasing market and governmental expectations for improved integrity in social and environmental matters. There is an increased emphasis on people “owning” the QMS rather than one individual. The new standard requires top management to identify “process” owners who must be competent and understand their roles in relation to the QMS. Top management now have greater involvement and responsibility in the management system and must ensure that the requirements of it are integrated into the organization’s processes and that the policy and objectives are compatible with the strategic direction of the organization. The quality policy should be a living document, at the heart of the organization. To ensure this, top management are accountable and have a responsibility to ensure the QMS is made available, communicated, maintained and understood by all parties. There is also a greater focus on top management to enhance customer satisfaction by identifying and addressing risks and opportunities that could affect it. They need to demonstrate consistent customer focus by showing how they meet customer requirements, regulatory and statutory requirements, and also how the organization maintains enhanced customer satisfaction. In the same context, they need to have a grasp of the organization’s internal strengths and weaknesses and how these could have an impact on delivery and conformity of products or services. This will strengthen the concept of business process management. In addition, top management need to demonstrate an understanding of the key risks associated with each process and the approach taken to manage, reduce or transfer the risk . Finally, the clause places requirements on top management to assign QMS relevant responsibilities and authorities, but they must remain ultimately accountable for the effectiveness of the QMS.
    • Section 5.1.1.1: Corporate responsibility
      ISO 9001:2015 expanded the ISO 9001:2009 concept of management responsibility into a set of leadership behaviors to ensure an effective QMS.IATF 16949 includes the requirement for an anti-bribery policy, an employee code of conduct, and an ethics escalation policy to address increasing market and governmental expectations for improved integrity in social and environmental matters in the automotive industry.This implies responsibility and empowerment at all levels and functions of the supplier/organization to follow an ethical approach and report any observed unethical behavior without fear of reprisal.
    • Section 5.1.1.2: Process effectiveness and efficiency
      The requirement for a supplier/organization to review their processes to ensure effectiveness and efficiency was covered in ISO/TS 16949, Section 5.1.1.The requirement have been strength to ensure that the results of process review activities will now be included in management review.Process review activities need to include evaluation methods and, as a result, implement improvements.The results of these steps would be an input to the management review process. Top management is thus performing a review of the process-specific reviews performed by the process owners.
    • Section 5.1.1.3: Process owners
      ISO/TS 16949:2009 addresses management responsibility and authority, but it does not explicitly mention that management ensure process owners understand their role and are competent. This new requirement will ensure that management understands this expectation, by specifically identifying these process owners and ensuring they can perform their assigned roles.This requirement recognizes that process owners have the authority and responsibility for activities and results for the processes they manage. Process Owners needs to be clearly defined. ( process map, matrix, etc.)
    •  Section 5.3.1: Organizational roles, responsibilities, and authorities – supplemental
      This requirement was already part of ISO/TS 16949:2009. However,some modifications to the requirement were done to address the need to document assigned personnel responsibilities and authorities.Additionally, this clause now clarifies that the goal is not just to address customer requirements but also to meet customer requirements fully. Personnel involved in capacity analysis, logistics information, customer scorecards, and customer portals now also need to be assigned and documented, per the requirements in this section.
    • Section 5.3.2: Responsibility and authority for product requirements and corrective actions
      The requirement in ISO/TS 16949 have been enhanced  to explicitly make Top Management responsible for ensuring conformity to product requirements and that corrective actions are taken.IATF 16949 clarifies that there must be a process to inform those with the authority and responsibility for corrective action in order that they ensure non-conforming product is identified, contained, and not shipped to the customer.This implies that the assigned personnel must be always available to take prompt action to prevent release.
  • Clause 6: Planning – The section on planning defines requirements for addressing risks and opportunities and the requirements for risk analysis. This clause also includes requirements for preventive actions, contingency plans, and quality objectives and plans to achieve them. Planning has always been a familiar element in the automotive standards, but now there is an increased focus on ensuring that it is considered with Clause 4.1 ‘Context of the organization’ and Clause 4.2 ‘Interested parties’. The first part of this clause concerns risk assessment whilst the second part is concerned with risk treatment. When determining actions to identify risks and opportunities these need to be proportionate to the potential impact they may have on the conformity of products and services. Opportunities could include geographical expansion, new partnerships, or new technologies. The organization needs to plan actions to address both risks and opportunities, to integrate and implement the actions into its management system processes and evaluate the effectiveness of these actions. Actions must be monitored, managed and communicated across the organization. Another key element of this clause is the need to establish measurable quality objectives. Quality objectives now need to be consistent with the quality policy, relevant to the conformity of products and services as well as enhancing customer satisfaction. The new standard also contains several supplemental requirements in this clause. These cover: risk analysis recognizing the need to consider specific risks associated with the automotive industry, preventive action to reduce the negative effects of risk, and contingency plans which is an enhanced requirement of what was found in ISO/TS 16949. The importance of addressing customer expectations was already present in the old standard, but this has now been enhanced so that it is done at all levels throughout the organization. The last part of the clause considers planning of changes which must be done in a planned and systematic manner. There is a need to identify the potential consequences of changes, determine who is involved, when changes are to take place, what resource needs to be allocated.
    • Section 6.1.2.1: Risk analysis
      The need to identify, analyze, and consider actual and potential risks was covered in various areas of ISO/TS 16949.The IATF adopted additional requirements for risk analysis recognizing the continual need to analyze and respond to risk and to have suppliers/organizations consider specific risks associated with the automotive industry. Organizations would need to periodically review lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework, and implement action plans in light of these lessons. The effectiveness of these actions should be evaluated, and actions integrated in to the organization’s QMS.
    • Section 6.1.2.2: Preventive action
      The requirement of TS 16949 were enhanced by integrating what is considered to be a best practice in the automotive industry. Organizations would need to implement a process to lessen the impact of negative effects of risk, appropriate to the severity of the potential issues.Such a process would include: identifying the risk of nonconformity recurrence, documenting lessons learned, identifying and reviewing similar processes where the nonconformity could occur, and applying lessons learned to prevent such potential occurrence.
    • Section 6.1.2.3: Contingency plans
      The expanded requirement ensures the organization defines and prepares contingency plans along with a notification process to the customer or other interested parties.Organizations would first take a systematic approach to identifying and evaluating risk for all manufacturing processes, giving particular attention to external risk.Contingency plans would be developed for any of the outlined disruption conditions — interruption of externally provided products, processes, and services, recurring natural disasters, fire, or infrastructure-related disruptions.Customer notification is a mandatory step in any contingency plan, unless there is no risk to deliver nonconforming product or affect on-time delivery.
    • Section 6.2.2.1: Quality objectives and planning to achieve them – supplemental
      ISO/TS 16949 included the importance of addressing customer expectations in the NOTE to Section 5.4.1.1, which was enhanced  by requiring that it be done at all levels throughout the organization.In ensuring quality objectives meet customer requirements, these objectives need to consider customer targets.Personnel should be aware of, and committed to, achieving results that meet customer requirements.Quality objectives and related performance targets should be periodically reviewed for adequacy (at least annually).
  • Clause 7: Support – In this clause you can find requirements for the resources and supporting processes needed for an effective QMS. It defines requirements for people, infrastructure, work environment, monitoring and measuring resources, organizational knowledge, competence, awareness, communication, and documented information. Clause 7 ensures there are the right resources, people and infrastructure to meet the organizational goals. It requires an organization to determine and provide the necessary resources to establish, implement, maintain and continually improve the QMS. Simply expressed, this is a very powerful requirement covering all QMS resource needs and now covers both internal and external resources. There are additional requirements to meet applicable statutory and regulatory requirements. It continues to cover requirements for infrastructure and environment for the operation of processes. Where organizations are required to show their commitment to personnel safety, the new IATF standard makes reference to the forthcoming ISO 45001 as a way this can be demonstrated. Monitoring and measuring has been changed to include resources, such as personnel or training. There are enhanced requirements in the new standard that cover calibration and verification records. This includes software installed on employee-owned or customer-owned equipment. There is also an additional requirement that covers internal and external laboratories that are used for inspection, test, or calibration services. Organizational knowledge is a new requirement which deals with requirements for competence, awareness, and communication of the QMS. Personnel must not only be aware of the quality policy, documented information and changes, but they must also understand how they contribute to product or service conformity and safety and the implications of not conforming. This clause also adds further requirements for on-the-job (OTJ) training and awareness and requires that relevant people shall be informed about the consequences of nonconformities. Requirements for internal auditors are specified including minimum competencies and documentation relating to their training. Second-party auditor competencies are also specified. There is a key requirement to maintain the knowledge held by an organization to ensure conformity of products and services. This could include the knowledge held by an individual as well as for example, the intellectual property of an organization. Organizations are required to examine whether the current knowledge they have is sufficient when planning changes and whether any additional knowledge is required. This includes internal and external feedback. Finally there are the requirements for “documented information”. This is a new term, which replaces the references in the previous standard of “documents” and “records”. Organizations need to determine the level of documented information necessary to control the QMS. This will differ between organizations due to size and complexity. In line with the increased importance of information security and data protection in organizations, there is also greater emphasis on controlling access to documented, current information such as use of passwords. Organizations should also have systems in place to provide a back-up should IT systems crash
    • Section 7.1.3.1: Plant, facility, and equipment planning
      This updated section includes an increased focus on risk identification and risk mitigation, evaluating manufacturing feasibility, re-evaluation of changes in processes, and inclusion of on-site supplier activities. Many operational risks can be avoided by applying risk-based thinking during planning activities, which also extends to optimization of material flow and use of floor space to control non-conforming product. Capacity planning evaluation during manufacturing feasibility assessments must consider customer-contracted production rates and volumes, not only current order levels. Capacity should be re-evaluated for any process changes.
    • Section 7.1.4.1: Environment for the operation of processes – supplemental
      This requirement for an organization to “maintain its premises in a state of order, cleanliness, and repair” was preserved from ISO/TS 16949 and transferred to IATF 16949.
    • Section 7.1.5.1.1: Measurement system analysis
      Records are now required for customer acceptance of alternative methods. The previous requirement to analyze variation in measurement results is now extended specifically to inspection equipment.IATF 16949 also clarifies that records of customer acceptance need to be retained along with results from alternative measurement system analysis.
    • Section 7.1.5.2.1: Calibration/verification records
      •This section have been updated to  ensure that customer requirements are met through enhanced calibration/verification record retention requirements, including software installed on employee-owned or customer-owned equipment. It requires a  documented process  to manage calibration/verification records in order to provide evidence of conformity, and this includes any on-site supplier-owned equipment. Inspection, measurement, and test equipment calibration/verification activities need to consider applicable internal, customer, legislative, and regulatory requirements in order to establish approval criteria.
    • Section 7.1.5.3 Laboratory requirements.
      This updated section allows the organization to conduct second-party assessments of laboratory facilities, but requires customer-approval of the assessment method.The clause also clarifies that internal laboratory requirements apply even when calibration is performed by the equipment manufacturer, and that use of calibration services may be subject to government regulatory confirmation.
    • Section 7.2.1: Competence – supplemental
      •This section adds a requirement of “awareness,” which includes knowledge of an organization’s (supplier’s) quality policy, quality objectives, personnel contribution to the QMS, benefits of improved performance, and implications of not conforming with QMS requirements.It also further emphasizes the customer requirements for OJT (on-the-job training), not just quality requirements.Note that the use of the term “process” rather than “procedure” implies that these activities need to be managed (via the plan-do-check-act cycle), and not merely performed.
    •  Section 7.2.2: Competence – on-the-job training
      IATF 16949 enhances the emphasis of on-the-job training and its importance in meeting customer requirements, including other interested parties.The process would consider any relevant interested party requirements as an input in determining the need for on-the-job training, and then consider the level of education and complexity of the tasks in determining the method used.This training must also include contract or agency personnel, and convey the consequences of nonconformity to customer requirements to all persons whose work affects quality.
    • Section 7.2.3: Internal auditor competency
      This section features greatly-enhanced requirements to the organization’s internal auditor competency to ensure a more robust internal audit process.Organizations need to establish a documented process that considers the competencies required by this clause, take actions to address any deficiencies, assess the effectiveness of actions taken, and record a list of the approved auditors.The clause differentiates between quality management system auditors, manufacturing process auditors, and product auditors, and clarifies the competence requirements for each type of audit.Section
    • 7.2.4: Second-party auditor competency
      This new section outlines requirements for second-party auditors ensuring they are properly qualified to conduct those types of audits, with customer specific requirements being a main focus.The same core competencies that apply to internal auditors should, at a minimum, also apply to second-party auditors.
    • Section 7.3.1: Awareness – supplemental
      It includes additional requirements to ensure all employees are aware of their impact on the organization’s (supplier’s) product quality output, customer specific requirements, and risks involved for the customer with non-conforming product.
    • Section 7.3.2: Employee motivation and empowerment
      This section did not substantially change, but now requires “maintaining a documented processes” for employee motivation and empowerment, instead of simply “having a process.”
    •  Section 7.5.1.1: Quality management system documentation
      The IATF retained the quality manual requirement that was removed in ISO 9001:2015; however, the quality manual can be one main document or a series of multiple documents (hard copy or electronic).This section also requires that the organization’s processes and interactions are documented as part of their QMS.The quality manual needs to document where in the organization’s QMS customer-specific requirements are addressed.
    • Section 7.5.3.2.1: Record retention
      This section now requires a record retention process that is defined and documented, and that includes the organization’s record retention requirements.Specifically calls out production part approvals, tooling records, product and process design records, purchase orders, and contracts/amendments. If there is no customer or regulatory agency retention period requirements for these types of records, “the length of time that the product is active for production and service requirements, plus one calendar year” applies.
    • Section 7.5.3.2.2: Engineering specifications
      This section added an engineering specifications requirement that the process is documented and agreed with the customer.I also clarifies product design changes and product realization process changes, and the alignment to related sections. If there are no other overriding customer agreements, reviews of engineering standards/specifications changes should be completed within 10 working days of receipt of notification.
  • Clause 8: Operation – The product requirements deal with all aspects of the planning and creation of the product or service. This section includes requirements on planning, product requirements review, design, purchasing, creating the product or service, and controlling the equipment used to monitor and measure the product or service. IATF 16949 allows for requirements in clause 8.3, regarding design and development of products, to be excluded if they are not applicable to the company. This clause deals with the execution of the plans and processes that enable the organization to meet customer requirements and design products and services. It includes much of what was referred to in Clause 7 of the previous version, but there is greater emphasis on the control of processes, especially planned changes and review of the consequences of unintended changes, and mitigating any adverse effects as necessary. It includes significant requirements over and above ISO 9001:2015 and ISO/TS 16949:2009. The new version of the standard acknowledges the importance confidentiality in relation to customer-contracted products and projects. It also specifies a requirement for verbal and written communication with the customer to be agreed in terms of language and in other formats such as computer languages used. The clause continues to cover a number of requirements which have been strengthened in relation to ISO/TS 16949:2009. These include prototype programmes, the product approval process where there is an emphasis on record retention and outsourced products and services, and statutory and regulatory requirements. There are a number of new sub-clauses which cover the management, measurement and selection of suppliers. This recognizes the importance of effectively managing risk in the supply chain, particularly with regards to product quality. Reflecting the increasing application of computer technology in vehicles, there is a new requirement which covers the process for quality assurance of suppliers of embedded software products. The use of second–party audits is also new to the standard and is to be used in an organization’s supplier management approach. Finally, the new standard now has additional requirements regarding the control of nonconforming or reworked products. This includes being able to verify that products to be scrapped are determined as unusable prior to their disposal and that these products are not used elsewhere without the approval of the customer.
    • Section 8.1.1: Operational planning and control — supplemental
      This section features enhanced detail to ensure key processes are included and considered when planning for product realization.The required topics include customer product requirements and technical specifications, logistics requirements, manufacturing feasibility, project planning, and acceptance criteria. The section also clarifies the “resources needed to achieve conformity” encompasses all aspects of the development process, not just the manufacturing process requirements.
    • Section 8.1.2: Confidentiality
      Only a minor edit to clarify confidentiality “includes” related product information, instead of using the word “and.” There is no change in intent.
    • Section 8.2.1.1: Customer communication — supplemental
      The section added a requirement that the communication language (written or verbal) must be agreed with the customer. This should be considered when determining the necessary competence for roles that require customer communication.
    • Section 8.2.2.1: Determining the requirements for products and services – supplemental
      •The IATF strengthened the standard by elevating Notes 2 and 3 of the former clause into requirements. This suggests current organizational knowledge regarding recycling, environmental impact, and product and manufacturing process characteristics should be standardized.This knowledge would be systematically reviewed and used when determining the requirements for the products and services to be offered to customers.
    • Section 8.2.3.1.1: Review of the requirements for products and services — supplemental
      IATF 16949 strengthens this requirement by requiring the organization to retain a documented customer authorization for waivers of formal reviews for products and services.
    • Section 8.2.3.1.2: Customer-designated special characteristics
      This section changes the action from “demonstrate conformity” to “conform,” and clarifies that it refers to “approval documentation,” rather than just “documentation.“There is no change in intent.
    • Section 8.2.3.1.3: Organization manufacturing feasibility
      The section enhances  requirements for manufacturing feasibility analysis through the following changes:

      • Requiring a multidisciplinary approach to analyze feasibility, considering all engineering and capacity requirements.
      • Requiring this analysis for any new manufacturing or product technology, and for any changed manufacturing process or product design.

      The organization should validate their ability to make product specifications at the required rate. These should consider customer-specific requirements.

    • Section 8.3.1.1: Design and development of products and services – supplemental
      It  elevates the NOTE in the former section to a requirement, and added a requirement for documentation of the design and development process.As the concept of the design and development process in the automotive industry includes manufacturing design and development, the requirements from other parts in Section 8 should be considered complimentary in the context of manufacturing and product design and development.
    • Section 8.3.2.1: Design and development planning – supplemental
      This Section clarifies when the multidisciplinary approach is to be used and who should be involved. Specifically, it must include all affected stakeholders within the organization and, as appropriate, its supply chain.Additional examples are provided of areas where such an approach may be used during design and development planning (including project management), and the note further clarifies that purchasing, supplier, and maintenance functions might be included as stakeholders.
    •  Section 8.3.2.2: Product design skills
      This section adds a NOTE as an example of a product design skillset. There is no change in intent.
    • Section 8.3.2.3: Development of products with embedded software
      This new clause adds requirements for organization-responsible embedded software development and software development capability self-assessments.Organizations must use a process for quality assurance of products with internally developed embedded software, and have an appropriate assessment methodology to assess their software development process. The software development process must also be included within the scope of the internal audit program; the internal auditor should be able to understand and assess the effectiveness of the software development assessment methodology chosen by the organization.
    • Section 8.3.3.1: Product design input
      This section expanded the minimum set of product design input requirements, emphasizing regulatory and software requirements.New and broadened requirements include: product specifications; boundary and interface requirements; consideration of design alternatives; assessment of risks and the organization’s ability to mitigate/manage those risks; conformity targets for preservation, serviceability, health, safety, environmental, and development timing; statutory and regulatory requirements for the country of destination; and embedded software requirements.
    • Section 8.3.3.2: Manufacturing process design input
      The Section Expands the list of manufacturing process design inputs including: product design output data including special characteristics, targets for timing; manufacturing technology alternatives; new materials; product handling and ergonomic requirements, and; design for manufacturing and design for assembly.This could include consideration of alternatives from innovation and benchmarking results, and new materials in the supply chain that could be used to improve the manufacturing process capacity.This section also further strengthened the requirements by transforming the former NOTE regarding error-proofing methods into a requirement.
    • Section 8.3.3.3: Special characteristics
      This section identify the source of special characteristics and including risk analysis to be performed by the customer or the organization. It expands the list of sources used to identify special characteristics, along with the requirements related to those special characteristics. Special characteristics need to be marked in all applicable cascaded quality planning documents; monitoring strategies should focus on reducing variation, which is typically done using statistical techniques. The organization must also consider customer-specific requirements for approvals and use of certain definitions and symbols, including submission of the symbol conversion table, if applicable and required.
    • Section 8.3.4.1: Monitoring
      These changes align the IATF 16949 standard with IATF OEM advanced quality activities and aim to reduce the number of customer-specific requirements.The requirement clarifies that measurements apply at specified stages during the design and development of both products and services, and that reporting must occur as required by the customer.This could include, for example, the periodic update of customer APQP schedule milestones, gate reviews, and open issues lists related to development activities.
    • Section 8.3.4.2: Design and development validation
      This section features a strengthening of the requirements for design and development validation, and also added embedded software. Customer specific requirements (CSRs), industry, and governmental agency-issued regulatory standards need to be considered when planning and performing design and development activities.
    • Section 8.3.4.3: Prototype programme
      The changes in this section strengthen the standard by focusing the organization on the quality management system for managing outsourced products and services.Regardless of whether the work is performed by the organization or by an outsourced process, the prototype programme and control plan are part of the scope of the QMS.This type of control should be considered a support process and be integrated into the design and development process.
    • Section 8.3.4.4: Product approval process
      The changes in this section clarify approval requirements, with an emphasis on outsourced products and/or services and record retention required.The activities should be managed (with an effectiveness review and improvement actions applied) and not just performed.A part approval process for externally provided products and services needs to be performed prior to final product submission to customers.Product approval must be obtained when the customer requires it, and records retained.
    • Section 8.3.5.1: Design and development outputs – supplemental
      Product design output additions include a recognition of the use of 3D models, and inclusion of service parts and packaging.IATF 16949 clarifies that it requires product design error-proofing methods, such as DFSS, DFMA, and FTA. The application of GD&T tolerancing and positioning systems allows organizations to specify dimensions and related tolerances based on functionality relationships.Outputs include repair and serviceability instructions and service parts requirements that will be used by approved maintenance organizations.
    • Section 8.3.5.2: Manufacturing process design output
      Changes in this section strengthened verification requirements, process input variables, capacity analysis, maintenance plans and correction of process nonconformities. It clarifies that the process approach methodology of verifying outputs against inputs applies to the manufacturing design process. The list of manufacturing design outputs is also expanded
    • Section 8.3.6.1: Design and development changes – supplemental
      This section strengthens the requirement for change validation and approval prior to implementation, and also added embedded software.Design changes after initial product approval implies that products, components, and materials need to be evaluated and validated prior to production implementation.This validation needs to be done by the organization and the customer, when there is a customer-specific requirement. For products with embedded software, the change record needs to document the revision level of the software and hardware to help assure that product configuration is managed appropriately.
    • Section 8.4.1.1: General – supplemental (under Control of externally provided processes, products and services)
      The former NOTE about purchased products was broadened and elevated into a requirement.It now clarifies that all the requirements of section 8.4 apply to sub-assembly, sequencing, sorting, rework, and calibration services.
    • Section 8.4.1.2: Supplier selection process
      While ISO/TS 16949:2009 did address supplier selection in the ISO 9001:2008 boxed text via the Purchasing Process (see Section 7.4.1), the supplier selection process was not as detailed.This section now specifically calls out supplier selection process criteria, in addition to clarifying that it is a full process.The assessment used to select suppliers needs to be extended beyond typical QMS audits and include aspects such as: risk to product conformity and uninterrupted supply of the organization’s product to their customers, etc. This process will need to be followed for new suppliers.
    • Section 8.4.1.3: Customer-directed sources (also known as “Directed–Buy”)
      This section features a clarification of the organization’s responsibilities for customer directed sources, even for customer directed-buy suppliers. Unless otherwise defined by contract, all requirements of IATF 16949 Section 8.4 apply in this situation, except requirements related to the selection of the supplier itself.
    • Section 8.4.2.1: Type and extent of control – supplemental
      The changes in this section further strengthened the requirement for control of outsourced processes, including the assessment of risk.Internal and customer requirements are inputs that need to be considered during the development of methods to control externally provided products, processes, and services.Type and control needs to be consistent with supplier performance and an assessment of product, material, or service risk.This implies a constant monitoring of performance and assessment of risk based on the established criteria, triggering the actions to escalate (increase) or reduce the types and extent of control. This applies to all Suppliers.
    • Section 8.4.2.2: Statutory and regulatory requirements
      The updates clarify the applicability of statutory and regulatory requirements and strengthen the requirements.Identification of applicable statutory and regulatory requirements needs to consider the country of receipt, shipment, and delivery. Consideration should be developed for the product “ Life Cycle”. When special controls are required, the organization must implement these requirements and cascade those requirements down to their suppliers.
    • Section 8.4.2.3: Supplier quality management system development
      This section provides a method to strengthen ISO 9001 certification, aligns with customer-specific requirements, and clarifies the acceptable third-party certification bodies (which shall be recognized by the IATF) Instead of requiring organizations to simply “develop” the supplier QMS, this section outlines a progressive approach that goes from compliance to ISO 9001 via second-party audits all the way through certification to IATF 16949 through third-party certification.One of the suggested QMS requirements is the Minimum Automotive Quality Management System Requirements for Sub-Tier Suppliers ( MAQMSR )
    • Section 8.4.2.3.1: Automotive product-related software or automotive products with embedded software
      This new section added requirements for software development assessment methodology.These requirements align to those presented within Section 8.3, but are now cascaded down to suppliers.
    • Section 8.4.2.4: Supplier monitoring
      Organizations should continuously review inputs and introduce improvement actions regarding supplier monitoring data, as needed. Documented and non-documented yard holds and stop ships should be considered customer disruptions, and the number of premium freight occurrences need to be monitored.Performance indicators provided by the customer and from service need to be included within the organization’s supplier monitoring process.
    • Section 8.4.2.4.1: Second-party audits
      This new section aligns customer-specific requirements into the IATF 16949 standard. See Section 7.2.4 for details of 2nd Party Auditor Qualifications. Second-party audits should consider issues relevant to the organization beyond simply the maturity of their QMS development. Examples of situations that could trigger a second-party audit include: input from supplier performance indicators; risk assessment results and follow-up of open issues from process and product audits; and new development launch readiness.The organization’s criteria for determining the need, type, frequency, and scope of second-party audits must be based on a risk analysis including product safety/regulatory, performance, etc. This criteria needs to be documented. The organization shall ensure that supplier monitoring includes a second-party audit process. The organization shall demonstrate the competence of the auditors undertaking the second- party audits. When supplier monitoring requires periodic second-party surveillance audits, the audits shall be conducted at least annually. Records of the second-party audit reports shall be retained.If the scope of the second-party audit is to assess the supplier’s quality management system, then: the approach shall be consistent with the automotive process approach; the audit scope may be reduced for suppliers with accredited third-party certification to ISO 9001 (see Section 8.4.2.5.1).
    • Section 8.4.2.5: Supplier development
      This section adds an emphasis on performance-based supplier development activities. Supplier monitoring process should be considered an input to the supplier development activities. These development activities should consider both short term and long term goals.

      • Short term efforts would generally focus on supplier products, and would require defining suitable methods to assure the quality of purchased product from each supplier.
      • Long term efforts would generally focus on supplier QMS and manufacturing processes on the whole, and consider audits, training, and enhancement efforts that implement and enhance quality assurance agreements between suppliers and the organization, and further reduce risk.
    • Section 8.4.3.1: Information for external providers – supplemental
      The organization is required to provide key information to their supply chain through this new requirement.This information includes all applicable statutory and regulatory requirements and special product and process characteristics. The ISO 9001 portion has a list (a-f) of requirements which are to be communicated to the supplier, including: approval, competency requirements, communication, monitoring of supplier performance, validation, etc.
    • Section 8.5.1.1: Control plan
      This section strengthened the control plan requirements and aligned IATF OEM customer-specific requirements into the IATF 16949 standard. It also elevated a NOTE regarding customer approval to a requirement, and strengthened the control plan review and update criteria and linked to the PFMEA updates.Control plans are needed for the relevant manufacturing site and all product supplied, and not just for the final product or final assembly line, as an example. Although family control plans are acceptable for bulk material and similar parts using a common manufacturing process, care should be given to identify the degree of difference that is acceptable to apply this common control.
    • Section 8.5.1.2: Standardized work – operator instructions and visual standards
      Through this section, IATF 16949 strengthens the requirements for standardized work, including the requirement to address specific language needs.Standardized work documents need to be clearly understood by the organization’s operators and should include all applicable quality, safety, and other aspects necessary to consistently perform each manufacturing operation.
    • Section 8.5.1.3: Verification of job set-ups
      The changes in this section elevate a NOTE to a requirement, and clarify record retention.Clarify that the organization shall verify job changes that require a new set-up; maintain documented information for set-up personnel; perform first-off/last-off part validation, as applicable, including retention and comparison; and retain records of process and product approval following these validation actions.
    • Section 8.5.1.4: Verification after shutdown
      Defines a new requirement for verification after shutdown, integrating industry lessons learned and/or best practices.The necessary actions after the shutdown period should be anticipated in the PFMEA, control plans, and maintenance instructions, as appropriate.A multidisciplinary approach should be used to identify any additional actions needed to address unexpected shutdown events.
    • Section 8.5.1.5: Total productive maintenance
      Strengthens the requirement for equipment maintenance and overall proactive management of the Total Productive Maintenance (TPM).TPM is a system for maintaining and improving the integrity of production and quality systems through machines, equipment, processes, and employees that add value to the manufacturing process. TPM should be fully integrated within the manufacturing processes and any necessary support processes.Metrics need to be more than on time completion of PM’s and these are inputs into Management Review. Documented maintenance objectives including but not limited to OEE (Overall Equipment Effectiveness), MTBF (Mean Time Between Failure), and MTTR (Mean Time To Repair), which shall form an input into management review (see Section 9.3).Regular review of maintenance plan and objectives and a documented action plan to address corrective actions where objectives are not achieved.Use of planned preventive maintenance methods, e.g. periodic inspection without disassembling the equipment, visual checks, cleaning and some servicing, and replacement of parts, in order to prevent sudden failures and process problems. Use of predictive maintenance methods, as applicable e.g. non-destructive testing (oil analysis, vibration analysis, thermal imaging, and ultrasonic detection). Periodic overhaul, where the equipment is periodically stripped down, inspected, and overhauled at fixed intervals and any parts found below standard are repaired or replaced.
    • Section 8.5.1.6: Management of production tooling and manufacturing, test, inspection tooling and equipment
      IATF 16949 features strengthened tooling and equipment marking and tracking requirements.This requirement extends the scope to production and service materials and for bulk materials, as applicable, and clarifies that requirements apply whether tooling is owned by the organization or by the customer.The updates clarify that the system for production tooling management must include tool design modification documentation and tool identification information. Customer-owned tools and equipment need to be permanently marked in a visible location.
    • Section 8.5.1.7: Production scheduling
      •This section emphasized the importance of planning information and integrated IATF OEM customer lessons learned.
      •Ensure that customer orders/demands will be achieved.
      •This suggests the organization needs a robust feasibility review process regarding production scheduling. The production scheduling activities also need to include all relevant planning information as inputs to their feasibility review and make any necessary adjustments.
    • Section 8.5.2.1: Identification and traceability — supplemental
      It strengthened the requirements for traceability to support industry lessons learned related to field issues. Requirement of clear start and stop points for product received by the customer is aligned with the definition of traceability in ISO 9000:2015.
    • Section 8.5.4.1: Preservation – supplemental
      It adds specificity to preservation controls and includes application to internal and/or external providers.Preservation activities are expanded in two ways: first, activities that are considered preservation controls, and second, locations where preservation controls apply. Preservation controls include the preservation of identification during the product shelf life; a contamination control program appropriate to identified risks; design and development of robust packaging and storage areas; adequate transmission and transportation considerations; and measures to protect product integrity.
    •  Section 8.5.5.1: Feedback of information from service
      Requirements for this section feature an expanded scope to include material handling and logistics.The new second NOTE also clarifies that “service concerns” should include the results of field failure test analysis where applicable –the intent of this addition is to ensure that the organization is aware of nonconformities that occur outside of its organization.
    • Section 8.5.5.2: Service agreement with customer
      This section clarifies that service centers need to comply with all applicable requirements when there is a service agreement with the customer.
    • Section 8.5.6.1: Control of changes – supplemental
      The control of changes requirements in the standard is aligned with existing IATF OEM requirements.The changes clarify that “any change” includes those caused by the organization and/or the customer, in addition to those by any supplier.The process to control and react to changes needs to include risk analysis and to retain records of verification and validation.FMEAs should be reviewed for any manufacturing or product changes, prior to implementation. Production trial run activities should be planned based on the risk and complexity of the changes.
    • Section 8.5.6.1.1: Temporary change of process controls
      This new requirement for temporary control of process changes addresses issues experienced by the IATF OEM customers.The organization must identify, document, and maintain a list of process controls that includes both the primary process control (example: automated nut driver) and the approved back-up or alternate methods (example: manual torque wrench). The list must be updated regularly to reflect the current and approved process controls.The use of alternative control methods is considered a process; therefore, the organization is expected to manage these activities appropriately.
    • Section 8.6.1: Release of products and services — supplemental
      While ISO/TS 16949:2009 did mention product and delivery of service in the ISO 9001:2008 boxed text via the Monitoring and Measurement of Product section (see Section 7.4.1), the product and delivery of service process is further detailed in IATF 16949.These updates strengthen the standard to ensure process controls align with the control plan.To achieve coherence between the control plan and the planned arrangements to verify product and service conformity, the organization should conduct a regular control plan audit that compares the current approval status of the product and process with the actual controls applied in the manufacturing process.
    •  Section 8.6.2: Layout inspection and functional testing
      An added note clarifies that frequency of layout inspections is determined by the customer.
    • Section 8.6.3: Appearance items
      This section requires organizations to provide masters for haptic technology, as appropriate. Haptic technology recreates the sense of touch by applying forces, vibrations, or motions to the user.
    •  Section 8.6.4: Verification and acceptance of conformity of externally provided products and services
      Changes in this section align with ISO 9001:2015 terminology and clarify the source of statistical data as that provided by the supplier to the organization.
    • Section 8.6.5: Statutory and regulatory conformity
      The Section strengthens the standard for statutory and regulatory conformity to require evidence of compliance.”Prior to release” means that the organization should implement a process and/or agreements with its suppliers requiring sufficient prevention and detection controls to ensure that products meet all applicable statutory, regulatory, and other requirements.These requirements must consider both the countries where products are manufactured and the destination countries.
    • Section 8.6.6: Acceptance criteria
      This section clarifies “where required” to be “where appropriate or required,” and updates the clause reference to align with the new structure. There is no major change in the intent of this section.
    • Section 8.7.1.1: Customer authorization for concession
      Changes in this section are for the alignment of terminology, and the clarification of concessions applied to rework of nonconforming product and sub-component reuse.The changes clarify that the organization must obtain customer authorization prior to further processing for “use as is” and rework disposition of nonconforming products. Sub-component reuse must be clearly communicated to the customer. A blanket approval would be sufficient.Appropriate internal verification and validation activities of any rework or reuse of sub-components should be approved prior to customer submission.
    • Section 8.7.1.2: Control of nonconforming product – customer specified process
      This section ensures customer controlled shipping requirements are followed, and that these customer-specific requirements are integrated into the organization’s internal activities for the control of nonconforming product.
    • Section 8.7.1.3: Control of suspect product
      The updates in this section augment the requirements for control of suspect product by ensuring containment training is implemented.Appropriate training should consider, for example, awareness about special characteristics, customer-specific requirements related to nonconforming product control, product safety, escalation processes, storage areas, and related roles.
    • Section 8.7.1.4: Control of reworked product
      This update increases the scope of control of reworked product requirements to include: customer approval, risk assessment, rework confirmation, traceability, and retention of documented information.The risk analysis and customer approval requirements are interrelated; FMEAs should identify and address risks related to each possible rework of the characteristics stated in the control plan.
    • Section 8.7.1.5: Control of repaired product
      The changes in this section clarify the requirement and the need for follow-up with detailed information for reworked product.The repair process should be addressed in the FMEA.
    • Section 8.7.1.6: Customer notification
      This new section features a new automotive requirement to address modifications in ISO 9001 requirements and address customer issues for IATF OEM concerns.While customer notification is mentioned twice in ISO/TS 16949:2009 (see Section 7.4.3.2 and Section 8.2.1.1), it did not address customer notification in a standalone section.The organization is required to immediately notify the customer if they ship nonconforming product, and follow up with detailed documentation.
    • Section 8.7.1.7: Nonconforming product disposition
      Strengthen the requirement of disposition of nonconforming product by clarifying that organizations must also have a documented process for disposition of nonconforming product not subject to rework or repair.Planned activities need to be managed and the results considered to improve this process.Contamination control practices should be applied to avoid any risk of unintended use of this type of nonconforming products. (make the product unusable)
      Customer approval is required before nonconforming products in this category can be diverted for service or any other use.
  • Clause 9: Performance evaluation – This section includes the requirements needed to make sure that you can monitor whether your QMS is functioning well. It includes assessing customer satisfaction, internal audits, monitoring products and processes, and management review. Requirements for monitoring, measurement, analysis and evaluation are covered and you will need to consider what needs to be measured, methods employed, when data should be analysed and reported on and at what intervals. Documented information that provides evidence of this must be retained. There is now an emphasis on directly seeking out information that relates to how customers view the organization. Organizations must actively seek out information on customer perception and there is a supplemental clause covering customer satisfaction and performance indicators to be used to measure compliance with customer requirements.. This can be achieved in a number of ways including satisfaction surveys, analysis of market share, and through complaints logged. There is now an explicit requirement that organizations must show how the analysis and evaluation of this data is used, especially with regards to the need for improvements to the QMS. Internal audits must also be conducted using a risk-based approach. There are additional requirements relating to defining the ‘audit criteria’ and ensuring the results of the audits are reported to ‘relevant’ management. IATF 16949:2016 now contains new requirements that cover the qualifications of Internal Auditors which will strengthen their development and competence. Management reviews are still required but there are additional requirements including the consideration of changes in external and internal issues that are relevant to the QMS. Documented information must be retained as evidence of management reviews.
    • Section 9.1.1: Monitoring, measurement, analysis and evaluation
      It need to answer the following questions:

      • What needs to be measured?
      • How will it be measured?
      • When (how often) will it be measured?
      • When will it be analyzed?

      This applies to all measurements and not just the control plan items.

    • Section 9.1.1.1: Monitoring and measurement of manufacturing processes
      It clarifies the requirement for targeting process effectiveness and efficiency (not just “having” a process, but monitoring it). This includes the competencies required for personnel performing the measurements.Further ensures that organizations support the manufacturing process through defined roles, responsibilities, and effective escalation processes to drive process capability and stability.The NOTE clarifies that it may not be possible or feasible to measure product or manufacturing process characteristics through process capability assessments. In such cases, a rate or index of lot conformity may be acceptable.If the gage used for measurement gives variable data, the actual measurement must be recorded.
    • Section 9.1.1.2: Identification of statistical tools
      Requirements for the identification of statistical tools feature clarifications regarding the documented deployment of the use of statistical tools from DFMEA, PFMEA, and the APQP (or equivalent) process.The tool chosen in the APQP (or equivalent) process must be included in design/process risk analysis and the control plan.
    • Section 9.1.1.3: Application of statistical concepts
      This section features a clarification regarding requirements for those involved in capturing and analyzing data; previously, this was driven across all employees regardless of relevance.These concepts should be included in the competencies required for “employees involved in the collection, analysis, and management of statistical data.”
    •  Section 9.1.2.1: Customer satisfaction – supplemental
      It clarify customer satisfaction monitoring criteria and introduction of additional focus on warranty management.Additional focus to ensure all customer performance measures are regularly reviewed to reduce the risk of failure to achieving customer satisfaction.The organization has a responsibility to access, review, and take appropriate action about information published in customer portals. When identifying the need for correction or improvement actions, customer scorecard deficiencies should be given priority.
    • Section 9.1.3: Analysis & Evaluation
      This section has been strengthened and now includes analysis requirements for “performance & effectiveness of the QMS”, as well as “the effectiveness of actions taken to address risks and opportunities.”
      a) conformity of products and services;
      b) the degree of customer satisfaction;
      c) the performance and effectiveness of the quality management system;
      d) if planning has been implemented effectively;
      e) the effectiveness of actions taken to address risks and opportunities;
      f) the performance of external providers;
      g) the need for improvements to the quality management system.
    • Section 9.1.3.1: Prioritization
      The emphasis of the requirement changed from the ISO/TS 16949 standard’s “Analysis of data” to the prioritization of actions based on performance and risk management. Actions to improve customer satisfaction need to take precedence as the organization considers trends and drives towards improvement.
    • Section 9.2.2.1: Internal Audit Program
      It strengthened the need to drive a risk-based approach to the development and deployment of an organization-wide internal audit program. Internal audit activities are considered a process, which require a clear definition of expected inputs, planned activities, intended outputs, and monitored performance. The process needs to identify and evaluate the level of risk related to each QMS process, internal and external performance trends, and process criticality. Then, the process would need to continuously monitor this information to trigger special internal audits and/or to plan periodic internal audits.
    • Section 9.2.2.2: Quality management system audit
      Strengthen the quality management system audit and the use of process approach, which further drives process improvements organization-wide.There is a 3 year window to audit all of the QMS processes, but the schedule should be based on risk.The audit program is continuously monitoring information that could trigger the need for an unplanned internal audit.The use of the automotive process approach, including risk-based thinking, needs to be applied during the audit.The internal audit must also sample customer-specific QMS requirements for effective implementation.
    • Section 9.2.2.3: Manufacturing process audit
      Strengthens the formal approaches to ensure organizations achieve the benefits of effective manufacturing process audits. Shift handover should be considered a significant process event; internal auditors should look for objective evidence of an effective process to communicate and address relevant information.The audit must also evaluate the effective implementation of the process risk analysis (PFMEA), control plan, and associated documents.
    • Section 9.2.2.4: Product audit
      The strengthened product audit requirements now require the use of customer-specified approaches, when applicable.If not applicable, the organization shall define their process. There are customers who specify the use of VDA 6.3 for Manufacturing audits. If not specified by a customer, an internal process must be defined. This could be the currently defined process based on the IATF2016 Requirements.
    • Section 9.3.1.1: Management review – supplemental
      It strengthens management review requirements to include an assessment of risk and compliance to customer requirements.The one-year frequency is a minimum, as the process is driven by the continuous assessment of the risks related to internal and external changes and performance-related issues.As changes and issues increase, the frequency of management review activities should increase in turn, preserving the minimum of at least an annual review. The IATF expectation is that if there is a major issue identified at a Customer, there should be a focused Internal audit followed by some type of Management Review.
    • Section 9.3.2.1: Management review inputs – supplemental
      Enhanced details for management review input requirements, including those related to cost of poor quality, effectiveness, efficiency, conformance, feasibility assessments, customer satisfaction, performance against maintenance objectives, warranty performance, review of customer scorecards, and the identification of potential field failures through risk analysis.The above should be considered the minimum information that should be covered during management review; a monitoring system should be in place, with criteria that trigger special unplanned management review activities.
    • Section 9.3.3.1: Management review outputs – supplemental
      Enhanced section ensures action is taken where customer requirements are not achieved, and supports the continual analysis of process performance and risk.Even though process owners should address customer performance issues related to the processes they manage, this requirement gives top management the clear and ultimate responsibility to address customer performance issues and ensure the effectiveness of corrective actions.
  • Clause 10: Improvement – The last section of the standard defines the requirements for continual improvement of the QMS, including requirements for nonconformities and corrective actions, problem solving, and error-proofing processes. This clause starts with a new section that organizations should determine and identify opportunities for improvement such as improved processes to enhance customer satisfaction. There is also a need to look for opportunities to improve processes, products and services, and the QMS, especially with future customer requirements in mind. Due to the new way of handling preventive actions, there are no preventive action requirements in this clause. These have now been moved to Clause 6. However, there are some new corrective action requirements. The first is to react to the nonconformities and take action, as applicable, to control and correct the nonconformities and deal with the consequences. The second is to determine whether similar nonconformities exist or could potentially occur. Causal factors include human factors, so it could be wide ranging. The requirement for documented information (procedure) for nonconformity and corrective action is retained. This must include flow down to providers as appropriate. The requirement for continual improvement has been extended to cover the suitability and adequacy of the QMS as well as its effectiveness, but it no longer specifies how an organization achieves this. Improvement activities must be monitored and evaluated. The new standard contains a new requirement that covers customer complaints and field failure test analysis. It requires organizations to perform analysis on field failures and returned parts. Where requested, this can extend to how embedded software in the organization’s product performs within the system of the final customer’s product.
    • Section 10.2.3: Problem solving
      Updates to this section are to facilitate the consolidation of IATF OEM customer specific minimum requirements.The organization’s defined process(es) for problem solving must consider: various types and scales of problems; control of nonconforming output; systemic corrective action and verification of effectiveness; and review/updates to documented information. In addition, CSRs related to nonconformity and corrective action need to be used and integrated within the internal corrective action process.
    • Section 10.2.4: Error-proofing
      This section, which previously only mentioned the use of error-proofing methods in corrective action, includes new requirements to strengthen the approach to error proofing and consolidate customer-specific requirements.The organization needs a process that both identifies the need or opportunity for an error-proofing device/method, and designs and implements the device/method.The FMEA would document whether the method impacts occurrence (a prevention control) or impacts detection (a detection control).The control plan needs to include the test frequency of the error-proofing devices, and records must be maintained for the performance of these tests.
    • Section 10.2.5: Warranty management systems
      This is a new requirement based on the increasing importance of warranty management and consolidates IATF OEM customer specific requirements.The warranty management process should address and integrate all applicable customer-specific requirements, and warranty part analysis procedures to validate No Trouble Found (NTF) decisions should be agreed by the customer, when applicable.
    • Section 10.2.6: Customer complaints and field failure test analysis
      It includes a new requirement regarding embedded software and identification of preferred approaches.The organization’s analysis is extended beyond parts to the customer complaints and field failures themselves, and the results must be communicated to the customer and also within the organization.
    • Section 10.3.1: Continual improvement – supplemental
      It changes in this section clarify the minimum process requirements for continual improvement: identification of methods, information and data; an improvement action plan that reduces variation and waste; and risk analysis (such as FMEA).Use of TPM, Lean, Six Sigma, and other manufacturing excellence programs or methodologies should follow a structured approach that continuously identifies and addresses opportunities for improvement.

Benefits of IATF 16949

The benefits of IATF 16949 cannot be overstated; companies large and small have used this standard to great effect, discovering and securing tremendous cost and efficiency savings. The new standard will help you to introduce an integrated approach with other management system standards. It will bring quality and continual improvement into the heart of the organization. It will increase involvement of the leadership team. It will help to mitigate risk and improve opportunity management with a greater application of risk-based thinking. One of the major changes in IATF 16949:2016 is that it brings quality management and continual improvement into the heart of an organization. This means that the new standard is an opportunity for organizations to align their strategic direction with their quality management system. The starting point of the new version of the standard is to identify internal and external parties and issues which affect the QMS. This means that it can be used to help enhance and monitor the performance of an organization, based on a higher level strategic view. Here are just a few of these benefits:

  • Improve your image and credibility – When customers see that you are certified by a recognized certification body, they will understand that you have implemented a system that is focused on meeting customer requirements and improvement. This improves their trust that you will deliver what you have promised.
  • Qualify to supply the automotive industry – This is one of the main drives for companies to get certified against IATF 16949. In order to get big customers from the automotive industry, you have to demonstrate that you are able to provide high-quality products with no defects, and an IATF 16949 certificate will prove it.
  • Improve customer satisfaction – One of the key principles of the IATF 16949 QMS is the focus on improving customer satisfaction by identifying and meeting customer requirements and needs. By improving satisfaction, you improve repeat customer business.
  • Fully integrated processes – By using the process approach of IATF 16949, you not only look at the individual processes in your organization, but also at the interactions of those processes. By doing this, you can more easily find areas for improvement and resource savings within your organization.
  • Use evidence-based decision making – Ensuring that you are making decisions based on good evidence is a key to the success of an IATF 16949 QMS. By ensuring that your decisions are based on good evidence, you can better target resources to the best effect to correct problems and improve your organizational efficiency and effectiveness.
  • Create a culture of continual improvement – With continual improvement as the main output of the QMS, you can attain ever-increasing gains in savings of time, money, and other resources. By making this the culture of your company, you can focus your workforce on improving the processes they are directly responsible for.
  • Engage your people – Who better than the people working within a process to help find the best solutions for improving that process? By focusing your workforce on not only managing, but also improving the processes, they will be more engaged in the outcome of the organization.
  • Facilitate continual improvement: Regular assessment will ensure you continually use, monitor and improve your processes
  • Increase market opportunities so you can demonstrate to customers excellent levels of safety, reliability and traceability throughout the supply chain. Increase efficiency that will save you time, money and resources. Ensure compliance with a system supported by regulatory authorities that helps to mitigate your risks

Your Donation can make a difference

We have chosen to make our Resources freely and openly available on the web with the hope that it touches the life of thousands of readers who visits us daily. We hope our blog has helped in enhancing the knowledge of our readers and added value to organization and their implementers. We would request you to make donation large and small, so as to provide us the resources needed to distribute, collect, digitize as it is becoming extremely difficult for us to afford the full cost of updating and enriching our site content. Your contribution will ensure that we can keep our blog  up-to-date and add more of the rich resources — such as video — that make a difference for so many worldwide. Your donation will demonstrate your commitment to knowledge as a public good and is an important part of our overall sustainability plan. Your donation is also important in demonstrating to us how much you value the site and motivates us to devote more of our time towards developing this blog.

Back to Home Page

If you need assistance or have any doubt and need to ask any question contact me at: preteshbiswas@gmail.com or call Pretesh Biswas at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

[contact-form-7 404 "Not Found"]

Pretesh Biswas

Pretesh Biswas

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,226 other subscribers

%d bloggers like this: