IATF 16949 key changes

Unlike ISO/TS 16949 and some other industry-specific standards, IATF 16949 does not contain ISO 9001:2015 text. This standard contains only additional requirements specific to the automotive industry; however, organizations are still required to follow ISO 9001:2015. IATF 16949 hereby clarifies that it is a supplement to ISO 9001:2015 and is intended to be used in conjunction with it.

IATF 16949 has the same general section headings and clause structure as ISO 9001:2015 and does not elaborate on the text. This ensures that all IATF 16949 requirements are fully aligned with the ISO 9001:2015 high-level structure.

risk-based thinking

As in ISO 9001:2015, risk mitigation is the focus of IATF 16949. IATF 16949 adds a number of specific risk-related requirements to minimize the likelihood of failure during new project development and maximize the likelihood of implementing planned activities. These increases are the result of best industry practices designed to make business safer and more stable by identifying and mitigating risks.

To ensure that risk-based thinking is applied throughout the organization, top management needs to be actively involved, with responsibilities including:

• Conduct contingency plan reviews

• Identify and support process owners

• Participate in the escalation process related to product safety

• Ensure that customer performance and quality objectives are met

• Implement corporate responsibility measures, including an anti-bribery policy, employee code of conduct and an updated code of ethics policy (“Whistleblower Policy”)

IATF 16949 requires "The organization shall ensure the conformity of all products and processes, including service parts and outsourced parts". Using the word "ensure" means that the organization needs to establish and maintain a system for mitigating the risk of non-compliance throughout the supply chain. The organization is ultimately responsible for all compliance and must move all applicable requirements down the supply chain to the point of manufacture.

The standard reinforces the concept of a "multi-party approach" throughout the product life cycle, especially during design and development planning activities. IATF 16949 adds additional control over the management of development projects throughout the cycle, culminating in the product approval process.

Automotive standards also add many requirements to specifically address the development of manufacturing processes. A manufacturing process can have the same output requirements as a product.

However, customers often require the use of specific automotive core tools such as PFMEA to capture and analyze risks. Such considerations are included in IATF 16949, which seeks to mitigate risks even before the product is manufactured or mechanically installed.

To survive in the automotive industry, continuous change is required to address internal and external issues. Organizations need to have a process for assessing the risk of change and taking appropriate action. IATF 16949 requirements for change management include:

• Assess the manufacturing feasibility of existing operational changes.

• Evaluate design changes after initial product approval.

• Review control plans for changes affecting products, manufacturing processes, measurements, logistics, sources of supply, throughput, or risk analysis.

• Control and react to changes that affect product realization, including those caused by the organization, customers, or any suppliers. Such changes include permanent and temporary changes.

• Adjust the frequency of internal audits based on the occurrence of process changes.

The standard also covers other sources of risk in more detail, such as how to handle non-conforming outputs to ensure suppliers meet their customer requirements.

Integration of customer-specific requirements

IATF 16949 incorporates many common industry practices previously found in customer-specific requirements. Consolidating these common practices as requirements promotes commonality across the industry, with the aim of reducing the need for extensive customer-specific requirements in these areas.

The distinction between customer requirements and customer-specific requirements (CSR) is also important. These two terms are defined in IATF 16949 as follows:

• Customer Requirements: All requirements specified by the customer (eg: technical, commercial, product and manufacturing process-related requirements; general terms and conditions; customer-specific requirements, etc.).

• Customer-specific requirements: Interpretation of specific clauses of this automotive QMS standard or supplementary requirements related to this clause.

The new standard defines these two terms more clearly to reduce misunderstandings and to facilitate sampling of customer-specific quality management system requirements for effective implementation.

For example, an organization needs to review and comply with customer requirements such as packaging manuals and manufacturing process guidelines; however, for customer-specific requirements, the organization needs to review and comply with such requirements after considering the impact on its overall QMS.

Here are some examples of aspects that were previously customer-specific requirements and are now covered in more detail in IATF 16949:

• Manufacturing feasibility

• Warranty Management

• Temporary changes to process control

• Supplier quality management system development

• Second-party audit

• Control Plan

• Problem solving

• Change Control

• Total production maintenance

• Standardized work