Under QS-9000, suppliers relied on the Supplier Quality Requirements Task Force for guidance and direction in dealing with questions related to the standard’s requirements. With the global application of ISO/TS 16949:2002, a globalized group was needed to offer the same direction that was given under QS-9000. This group is the International Automotive Task Force and is made up of the SQRTF as well as representatives from European automotive organizations.
The IATF has developed three companion documents for ISO/TS 16949:2002:
We will examine each of these documents, touching upon their contents and how your organization should use them to ensure that you and your registrar are meeting ISO/TS 16949’s requirements. The goal of these three documents, in conjunction with ISO/TS 16949 and customer-specific requirements, is to assist organizations in achieving continual improvement in meeting customer requirements and thereby customer satisfaction.
IATF Checklist to ISO/TS 16949:2002
This document contains two chapters. Chapter 1 of the checklist is designed to give additional explanation of what the process approach to auditing entails. ISO 9001:1994 was based on an element compliance model, which was conducive to element-based auditing and the use of prescriptive checklists. QS-9000 enhanced that approach and began the movement toward what is now called the process approach. The checklist is not necessarily the most effective tool, but it does provide guidance to the auditor (external or internal) in ensuring that all aspects of ISO/TS 16949 are being met.
Chapter 2 of the checklist is a clause-by-clause review of the requirements and the recommended assessment items for an audit. The foreword to the checklist states: "The ’what to look for’ column is not mandatory, but it is a good guide. It is expected that auditors will supplement this column with their educated and experienced enhancements."
You should expand the checklist to include items that are critical and unique to your organization’s business. Furthermore, whenever customer problems or internal issues are found to relate to shortcomings in the quality management system, appropriate items should be added to your checklist.
IATF Guidance to ISO/TS 16949:2002
This document was written to provide guidance in the application of ISO/TS 16949:2002. It’s to be used for reference only and not as a standard. Automotive suppliers are directed to consult various Web sites, including www.iaob.org, to keep up-to-date with the changing materials for ISO/TS 16949:2002.
The guidance document covers all the primary clauses in ISO/TS 16949:2002. In many cases, the statements, "No further IATF guidance on this ISO 9001:2000 clause," or "No further IATF guidance on this automotive requirements clause," are offered. Otherwise, guidance is offered as to what the IATF would like suppliers and registrars to be aware of in ISO/TS 16949:2002, including ISO 9001:2000.
The last item in the guidance document is a checklist of items that an organization seeking ISO/TS 16949:2002 registration should submit to its registrar or certification body. This information includes:
Note that in cases where data are being requested, the typical requirement is for 12 months of information. A number of suppliers have been caught by this requirement--as there is nothing this specific in ISO/TS 16949:2002 itself--and have found that they cannot be audited until the data become available. This could cause an issue for your organization if you are facing a customer deadline for becoming registered and you have yet to start collecting the required data.
This document is mostly aimed at registrars and at auditors who work for registrars. Only IATF-approved registrars can conduct formal ISO/TS 16949:2002 registrations. Accreditation of a registrar by a national accreditation body such as the American National Standards Institute-Registrar Accreditation Board National Accreditation Program (ANSI-RAB NAP) or the Standards Council of Canada does not confer acceptability for ISO/TS 16949:2002 registrations. It’s important to note that not all accredited registrars have been approved by the IATF for ISO/TS 16949:2002 registrations.
The IATF rules document contains a number of mandatory requirements for registrars and lead auditors that must be followed for an ISO/TS 16949:2002 registration to be valid. Organizations seeking registration should be aware of these requirements. This will enable them to ask the appropriate questions of prospective registrars. What follows is a summary of the rules document.
ISO/TS 16949:2002 registrars are prevented from conducting any form of consulting activities with an auditee for a period of two years prior to the registration audit. This includes conducting no more than one pre-audit per organization site. The only exception to this rule are public courses offered by registrars. If your organization wishes to have a pre-assessment or gap analysis done prior to your registrar’s visit, you must hire a second registrar or consulting firm that is capable of conducting an ISO/TS 16949:2002 audit.
However, in most cases the readiness review conducted by your registrar will identify any areas that might cause nonconformances during registration. Even if nonconformances are found during registration, it is generally more cost- and time-effective to avoid a separate pre-assessment and proceed directly to the readiness review and the actual registration audit. Bear in mind that any nonconformances identified during the registration audit won’t stop the audit (unless the client requests it). Also, remember that nonconformances don’t require a complete new audit, only an audit of the area affected by the nonconformance.
Registrars must follow a prescribed format for conducting audits. This process is closely monitored by the IATF, which conducts unannounced witness audits on registrars as they conduct audits with clients. A flowchart of the process is listed in annex 1 of the rules document and does indicate that the management of the auditee must ensure that a readiness audit is conducted before the registrar conducts the formal audit.
Registration to ISO/TS 16949:2002 is not allowed if any minor or major nonconformities are found. The definitions for nonconformities are:
For organizations that are currently registered, a customer complaint or a nonconformity in a follow-up audit can cause the organization’s registration to be put into the decertification process outlined in annex 4. For corporate certificates, if one site in the organization becomes decertified, then all sites within that corporation also lose their registration to ISO/TS 16949:2002. As a result, many multi-plant organizations forgo the modest savings allowed by a corporate registration plan and obtain separate registrations for each plant.
All audits conducted at the site (internal or surveillance) must review the following items:
All audit plans must include an evaluation of the entire QMS and the effective implementation of ISO/TS 16949:2002. The assessment reports must include an evaluation of:
When the auditors from a registrar arrive to conduct an ISO/TS 16949:2002 audit, there are certain requirements that must be met. One example of these requirements is auditor competence. At least one of the auditors should be the same person during any three-year cycle, the registrar must evaluate the auditors, an audit report is due to you within 15 days, and witness audit provisions are due within your contract with the registrar.
The organization cannot refuse an IATF witness audit of the certification body. This allows the IATF to arrive (possibly unannounced) during an audit to verify that the registrar is conducting the audit according to procedures. Witness audits are a critique of the registrar’s practices and will normally have no effect on your assessment’s results or the way that it is conducted.
There are some additional rules that registrars must follow. For example, consultants you hire are not allowed to participate in the audits; registrars are expected to follow all rules and respect the IATF’s and ISO’s copyrights. Only the IATF can approve registrars to conduct ISO/TS 16949:2002 audits, and certificates are only good for a maximum of three years. A matrix of audit days has been developed for organizations and registrars to follow in transitioning from various standards to ISO/TS 16949:2002. Your registrar will work with you on your unique circumstances to meet the requirements.
If your organization ever decides to change its registrar, a specified sequence of steps must take place:
1. The new registrar must be approved by the IATF.
2. You must have a current ISO/TS 16949:2002 registration. (In other words, you cannot change registrars if your company has been decertified.)
3. The new registrar must review the most recent audit report and all findings of the previous registrar.
4. A formal document review of your system, as well as a review of the key performance indicators of your QMS, must take place.
5. A conversion audit must be conducted to finish out the current registration cycle (or a re-certification audit, if the change occurs at the end of a current registration cycle).
6. The new registrar must notify IATF of the change.
7. The rules document must be followed.
The IATF will monitor all activities to ensure that the registrars are adhering to all rules and requirements.
ISO/TS 16949:2002 certificate content requirements
Registrars can modify the appearance of the ISO/TS 16949:2002 certificate that organizations receive; however, there are rules concerning what must be included on the actual certificate. Registrars are not allowed to reference documents for which they are not accredited or recognized.
Forms and tables
Registrars are required to submit reports to the IATF on a regular basis using the specified formats listed in this section.
Annex 1. Rules for auditing quality management systems according to ISO/TS 16949:2002
A matrix has been created listing the sequence of activities that a registrar must follow in conducting audits for ISO/TS 16949:2002. The areas covered are activities before the audit, audit planning, site audit and reports, nonconformities, and management and certification issues. To ensure that the process proceeds according to the matrix, organizations must provide the registrar with requested information in a timely manner.
Annex 2. Criteria for third-party auditor qualification to ISO/TS 16949:2002
Auditors must follow ISO 19011:2000. There are qualifications, automotive industry-specific skills, minimum work experiences and sanctioned automotive training rules that must be met by all auditors.
Annex 3. Audit days for certification to ISO/TS 16949:2002
Essentially, the total number of people in your organization determines the number of audit days that a registrar will need to spend at your organization. The IAOB Web site (www.iaob.org) clarifies this. The number of days allowed starts at two for an organization with 15 employees and goes up to 21 days for an organization with more than 4,000 employees. You should discuss this with your registrar prior to signing any contracts for auditing.
If a corporate registration is being sought, an adjustment to the audit days can be based on the number of locations and the amount of duplicated information found at the individual sites.
Annex 4. Decertification process to ISO/TS 16949:2002
Registrars must follow ISO/IEC Guide 62:1996 (or EN 45012), which explains the basics of how registrars should deal with auditees. This document gives additional rules that apply to the ISO/TS 16949:2002 process. A matrix is provided, giving the steps involved for decertification of a supplier to ISO/TS 16949:2002. With corporate certificates, if one site loses its registration, then the entire corporation also loses its registration.
A careful reading of the rules document indicates that ISO/TS 16949:2002 requires more significant changes from registrars than it does from the suppliers being registered. The three documents released by the IATF are meant to assist the registrar and supplier in meeting ISO/TS 16949:2002’s requirements. These manuals are to be used while performing an audit. IATF or IAOB members may periodically witness audit the uses of these manuals during registrar audits. If this should occur at your organization, you will be expected--and are required as part of your agreement--to be audited to ISO/TS 16949:2002, to allow the witness auditors to view the audit process.