Featured Product
This Week in Quality Digest Live
Standards Features
Marc Lepere
The current system for rating ethical credentials is meaningless
For CO2 climate data, missing standards create underreporting
Wade Schroeder
The FDA is looking to make them mandatory
The short answer: Standard weights, rigorous procedures, and state inspectors ensure measurements are fair and accurate

More Features

Standards News
Appointments are the first for recently established committee to advise the President
ASQ’s five quality certifications are the only ones to earn global recognition by ANSI
ISO 21434 automotive cybersecurity and implementing design and process FMEAs
Standards for plastics enjoy a privileged status
Elsmar Cove is a leading forum for quality and standards compliance
Awards available in Kentucky, Nebraska, Rhode Island and South Dakota
Prior to vote, IAF seeks industry feedback to understand the level of demand from businesses and regulators.
FedEx demonstrates commitment to customer-focused continuous improvement
Merger will expand data-driven insight, advisory services, and analytics for supply chain assurance

More News

Radley M. Smith, Roderick A. Munro and Ronald J. Bowen

Radley M. Smith, Roderick A. Munro and Ronald J. Bowen’s default image


ISO/TS 16949 and the IAOB-IATF Infrastructure

Published: Tuesday, April 13, 2004 - 22:00

Under QS-9000, suppliers relied on the Supplier Quality Requirements Task Force for guidance and direction in dealing with questions related to the standard’s requirements. With the global application of ISO/TS 16949:2002, a globalized group was needed to offer the same direction that was given under QS-9000. This group is the International Automotive Task Force and is made up of the SQRTF as well as representatives from European automotive organizations.

The IATF has developed three companion documents for ISO/TS 16949:2002:

  • Quality Management System Assessment Check-List Based on Process Approach Audit (also known the Checklist to ISO/TS 16949:2002)
  • IATF Guidance to ISO/TS 16949:2002
  • IATF Automotive Certification Scheme for ISO/TS 16949:2002, Rules for Achieving IATF Recognition

We will examine each of these documents, touching upon their contents and how your organization should use them to ensure that you and your registrar are meeting ISO/TS 16949’s requirements. The goal of these three documents, in conjunction with ISO/TS 16949 and customer-specific requirements, is to assist organizations in achieving continual improvement in meeting customer requirements and thereby customer satisfaction.

IATF Checklist to ISO/TS 16949:2002

This document contains two chapters. Chapter 1 of the checklist is designed to give additional explanation of what the process approach to auditing entails. ISO 9001:1994 was based on an element compliance model, which was conducive to element-based auditing and the use of prescriptive checklists. QS-9000 enhanced that approach and began the movement toward what is now called the process approach. The checklist is not necessarily the most effective tool, but it does provide guidance to the auditor (external or internal) in ensuring that all aspects of ISO/TS 16949 are being met.

Chapter 2 of the checklist is a clause-by-clause review of the requirements and the recommended assessment items for an audit. The foreword to the checklist states: "The ’what to look for’ column is not mandatory, but it is a good guide. It is expected that auditors will supplement this column with their educated and experienced enhancements."

You should expand the checklist to include items that are critical and unique to your organization’s business. Furthermore, whenever customer problems or internal issues are found to relate to shortcomings in the quality management system, appropriate items should be added to your checklist.

IATF Guidance to ISO/TS 16949:2002

This document was written to provide guidance in the application of ISO/TS 16949:2002. It’s to be used for reference only and not as a standard. Automotive suppliers are directed to consult various Web sites, including www.iaob.org, to keep up-to-date with the changing materials for ISO/TS 16949:2002.

The guidance document covers all the primary clauses in ISO/TS 16949:2002. In many cases, the statements, "No further IATF guidance on this ISO 9001:2000 clause," or "No further IATF guidance on this automotive requirements clause," are offered. Otherwise, guidance is offered as to what the IATF would like suppliers and registrars to be aware of in ISO/TS 16949:2002, including ISO 9001:2000.

The last item in the guidance document is a checklist of items that an organization seeking ISO/TS 16949:2002 registration should submit to its registrar or certification body. This information includes:

  • Organization size
  • Site to be certified
  • Supporting locations (if any)
  • Product design responsibility (if any)
  • Certification scope. What does your organization want to be known for?
  • Organization’s processes-descriptions, including sequence and interactions. Commonly, copies of turtle diagrams, octopus diagrams and high-level process flow maps are a minimum submission.
  • Key indicator trends (last 12 months). At a minimum, organizations should provide data on customer satisfaction, employee motivation or awareness studies, product realization process analysis and supplier performance indicators.
  • Internal audit results and action plans (last 12 months). What has the internal audit processes found and what actions have been taken?
  • Management review results (last 12 months). What has been identified in the management review cycle and what actions have been taken?
  • Customer complaint status. A quick check in the organization’s shipping department may provide a list of items that need to be addressed.
  • Internal auditor qualifications as outlined in the standard
  • Customer-specific requirements to be included in the audit. Currently, only DaimlerChrysler, Ford and GM customer-specific requirements are posted on the IAOB Web site. There is some discussion of posting tier-one customers’ requirements in the future. Your organization must identify all of your customer-specific needs that relate to the scope of your audit and provide this information to the registrar.
  • Current certifications held
  • Quality manual. You may want to send an uncontrolled copy to your registrar for reference. Frequently, the quality manual will be included in the readiness review.

Note that in cases where data are being requested, the typical requirement is for 12 months of information. A number of suppliers have been caught by this requirement--as there is nothing this specific in ISO/TS 16949:2002 itself--and have found that they cannot be audited until the data become available. This could cause an issue for your organization if you are facing a customer deadline for becoming registered and you have yet to start collecting the required data.

IATF rules

This document is mostly aimed at registrars and at auditors who work for registrars. Only IATF-approved registrars can conduct formal ISO/TS 16949:2002 registrations. Accreditation of a registrar by a national accreditation body such as the American National Standards Institute-Registrar Accreditation Board National Accreditation Program (ANSI-RAB NAP) or the Standards Council of Canada does not confer acceptability for ISO/TS 16949:2002 registrations. It’s important to note that not all accredited registrars have been approved by the IATF for ISO/TS 16949:2002 registrations.

The IATF rules document contains a number of mandatory requirements for registrars and lead auditors that must be followed for an ISO/TS 16949:2002 registration to be valid. Organizations seeking registration should be aware of these requirements. This will enable them to ask the appropriate questions of prospective registrars. What follows is a summary of the rules document.

Certification body

ISO/TS 16949:2002 registrars are prevented from conducting any form of consulting activities with an auditee for a period of two years prior to the registration audit. This includes conducting no more than one pre-audit per organization site. The only exception to this rule are public courses offered by registrars. If your organization wishes to have a pre-assessment or gap analysis done prior to your registrar’s visit, you must hire a second registrar or consulting firm that is capable of conducting an ISO/TS 16949:2002 audit.

However, in most cases the readiness review conducted by your registrar will identify any areas that might cause nonconformances during registration. Even if nonconformances are found during registration, it is generally more cost- and time-effective to avoid a separate pre-assessment and proceed directly to the readiness review and the actual registration audit. Bear in mind that any nonconformances identified during the registration audit won’t stop the audit (unless the client requests it). Also, remember that nonconformances don’t require a complete new audit, only an audit of the area affected by the nonconformance.

Audit process

Registrars must follow a prescribed format for conducting audits. This process is closely monitored by the IATF, which conducts unannounced witness audits on registrars as they conduct audits with clients. A flowchart of the process is listed in annex 1 of the rules document and does indicate that the management of the auditee must ensure that a readiness audit is conducted before the registrar conducts the formal audit.

Registration to ISO/TS 16949:2002 is not allowed if any minor or major nonconformities are found. The definitions for nonconformities are:

  • Major nonconformity—presence of one or more of the following:
  • Absence or total breakdown of a system to meet a requirement
  • Any noncompliance that would result in the probability of shipping nonconforming product to the customer
  • A nonconformance that, in the judgment or experience of the auditor, would likely lead to a failure of the QMS
  • Minor nonconformity—a failure in the QMS, or a single observed lapse, that would in the judgment or experience of the auditor not lead to a failure of the QMS but could reduce the ability to enssure controlled processes or products

For organizations that are currently registered, a customer complaint or a nonconformity in a follow-up audit can cause the organization’s registration to be put into the decertification process outlined in annex 4. For corporate certificates, if one site in the organization becomes decertified, then all sites within that corporation also lose their registration to ISO/TS 16949:2002. As a result, many multi-plant organizations forgo the modest savings allowed by a corporate registration plan and obtain separate registrations for each plant.

All audits conducted at the site (internal or surveillance) must review the following items:

  • Any new customers since the last audit (requirements, process requirements, etc.)
  • Any customer complaints and the organization’s response to such complaints
  • The results and resulting actions of the organization’s internal audit and management review
  • The organization’s progress toward meeting continual improvement targets
  • The effectiveness measures of corrective actions and verifications made since the last audit

All audit plans must include an evaluation of the entire QMS and the effective implementation of ISO/TS 16949:2002. The assessment reports must include an evaluation of:

  • The effectiveness of the system (using the process model that starts with customer requirements and ends with customer satisfaction)
  • Process linkages
  • The system’s performance (results metrics) as compared to the management business plan
  • The system requirements achieved
  • A review of one complete internal audit and management review cycle

Audit team

When the auditors from a registrar arrive to conduct an ISO/TS 16949:2002 audit, there are certain requirements that must be met. One example of these requirements is auditor competence. At least one of the auditors should be the same person during any three-year cycle, the registrar must evaluate the auditors, an audit report is due to you within 15 days, and witness audit provisions are due within your contract with the registrar.

The organization cannot refuse an IATF witness audit of the certification body. This allows the IATF to arrive (possibly unannounced) during an audit to verify that the registrar is conducting the audit according to procedures. Witness audits are a critique of the registrar’s practices and will normally have no effect on your assessment’s results or the way that it is conducted.

Other requirements

There are some additional rules that registrars must follow. For example, consultants you hire are not allowed to participate in the audits; registrars are expected to follow all rules and respect the IATF’s and ISO’s copyrights. Only the IATF can approve registrars to conduct ISO/TS 16949:2002 audits, and certificates are only good for a maximum of three years. A matrix of audit days has been developed for organizations and registrars to follow in transitioning from various standards to ISO/TS 16949:2002. Your registrar will work with you on your unique circumstances to meet the requirements.

If your organization ever decides to change its registrar, a specified sequence of steps must take place:

1. The new registrar must be approved by the IATF.

2. You must have a current ISO/TS 16949:2002 registration. (In other words, you cannot change registrars if your company has been decertified.)

3. The new registrar must review the most recent audit report and all findings of the previous registrar.

4. A formal document review of your system, as well as a review of the key performance indicators of your QMS, must take place.

5. A conversion audit must be conducted to finish out the current registration cycle (or a re-certification audit, if the change occurs at the end of a current registration cycle).

6. The new registrar must notify IATF of the change.

7. The rules document must be followed.

The IATF will monitor all activities to ensure that the registrars are adhering to all rules and requirements.

ISO/TS 16949:2002 certificate content requirements

Registrars can modify the appearance of the ISO/TS 16949:2002 certificate that organizations receive; however, there are rules concerning what must be included on the actual certificate. Registrars are not allowed to reference documents for which they are not accredited or recognized.

Forms and tables

Registrars are required to submit reports to the IATF on a regular basis using the specified formats listed in this section.

Annex 1. Rules for auditing quality management systems according to ISO/TS 16949:2002

A matrix has been created listing the sequence of activities that a registrar must follow in conducting audits for ISO/TS 16949:2002. The areas covered are activities before the audit, audit planning, site audit and reports, nonconformities, and management and certification issues. To ensure that the process proceeds according to the matrix, organizations must provide the registrar with requested information in a timely manner.

Annex 2. Criteria for third-party auditor qualification to ISO/TS 16949:2002

Auditors must follow ISO 19011:2000. There are qualifications, automotive industry-specific skills, minimum work experiences and sanctioned automotive training rules that must be met by all auditors.

Annex 3. Audit days for certification to ISO/TS 16949:2002

Essentially, the total number of people in your organization determines the number of audit days that a registrar will need to spend at your organization. The IAOB Web site (www.iaob.org) clarifies this. The number of days allowed starts at two for an organization with 15 employees and goes up to 21 days for an organization with more than 4,000 employees. You should discuss this with your registrar prior to signing any contracts for auditing.

If a corporate registration is being sought, an adjustment to the audit days can be based on the number of locations and the amount of duplicated information found at the individual sites.

Annex 4. Decertification process to ISO/TS 16949:2002

Registrars must follow ISO/IEC Guide 62:1996 (or EN 45012), which explains the basics of how registrars should deal with auditees. This document gives additional rules that apply to the ISO/TS 16949:2002 process. A matrix is provided, giving the steps involved for decertification of a supplier to ISO/TS 16949:2002. With corporate certificates, if one site loses its registration, then the entire corporation also loses its registration.


A careful reading of the rules document indicates that ISO/TS 16949:2002 requires more significant changes from registrars than it does from the suppliers being registered. The three documents released by the IATF are meant to assist the registrar and supplier in meeting ISO/TS 16949:2002’s requirements. These manuals are to be used while performing an audit. IATF or IAOB members may periodically witness audit the uses of these manuals during registrar audits. If this should occur at your organization, you will be expected--and are required as part of your agreement--to be audited to ISO/TS 16949:2002, to allow the witness auditors to view the audit process.


About The Author

Radley M. Smith, Roderick A. Munro and Ronald J. Bowen’s default image

Radley M. Smith, Roderick A. Munro and Ronald J. Bowen

This article is excerpted from The ISO/TS 16949 Answer Book by Radley M. Smith, Roderick A. Munro and Ronald J. Bowen. It will be published in May by Paton Press. For more information or to pre-order a copy, visit www.patonpress.com.