Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Iso & Iatf Corelation in Standards

Download as xlsx, pdf, or txt
Download as xlsx, pdf, or txt
You are on page 1of 19

Standard Element Is this a new ISO 9001:2015 / IATF 16949:2016 Requirements Commentary Action / Resources Required

requirement?

New/Modified/
Bolded text indicates new to ISO 9001:2015 and IATF 16949:2016
Carryover

4.0 Context of the organization


4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect This was not specifically mentioned in the previous standard and is now an
its ability to achieve the intended result(s) of its quality management system. explicit requirement.
The organization shall monitor and review information about these external and internal issues. The organization must now be able to demonstrate they have identified,
NOTE 1: Issues can include positive and negative factors or conditions for consideration. monitored and reviewed all external and internal issues.
ISO 9001 4.1 New
NOTE 2: Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive,
market, cultural, social and economic environments, whether international, national, regional or local.

NOTE 3: Understanding the internal context can be facilitated by considering issues related to values, culture, knowledge and
performance of the organization.
4.2 Understanding the needs and expectations of interested parties
Due to their effect or potential effect on the organization’s ability to consistently provide products and services that meet customer and The intent of this requirement is to ensure that the organization considers the
applicable statutory and regulatory requirements, the organization requirements of relevant interested parties beyond just those of the customer.
shall determine:
The intention is to focus on the interested parties which are relevant to the
ISO 9001 4.2 New a) the interested parties that are relevant to the quality management system; Quality Management System (QMS).
b) the requirements of these interested parties that are relevant to the quality management system. The organization shall monitor and
review information about these interested parties and their relevant requirements.
The organization shall monitor and review information about these interested parties and their relevant requirements.
4.3 Determining the scope of the quality management system
The organization shall determine the boundaries and applicability of the quality management system to establish its scope. The new revision to the standard now explicitly requires that before you set the
scope of the QMS, you must have previously considered and demonstrated
When determining this scope, the organization shall consider: that the issues within 4.1 and interested parties within 4.2 are completed, prior
the external and internal issues referred to in 4.1; to setting the scope and boundaries of the QMS.
the requirements of relevant interested parties referred to in 4.2;
It is important to note that ISO 9001:2015 requires that all requirements within
the products and services of the organization. the standard are to be met unless they do not apply. This scope must be
The organization shall apply all the requirements of this International Standard if they are applicable within the determined scope of its documented and include the products and services provided as well as any
quality management system. justification for any requirements that the organization has determined do not
ISO 9001 4.3 Modified apply.

The scope of the organization’s quality management system shall be available and be maintained as DOCUMENTED INFORMATION. The
scope shall state the types of products and services covered, and provide justification for any requirement of this International Standard
that the organization determines is not applicable to the scope of its quality management system.

Conformity to this International Standard may only be claimed if the requirements determined as not being applicable do not affect the
organization’s ability or responsibility to ensure the conformity of its
products and services and the enhancement of customer satisfaction.

4.3.1 Determining the scope of the quality management system - supplemental


Supporting functions, whether on-site or remote (such as design centers, corporate headquarters, and distribution centers) shall be Originally included in ISO/TS 16949:2009, Sec. 1.1 and 1.2. The first
included in the scope of the quality management system (QMS). requirement relating to supporting functions was revised to not only address
the need to include them in the audit, but also to ensure that they are included
in the scope of the QMS.
IATF 16949 4.3.1 Modified The only permitted exclusion for this Automotive QMS Standard relates to the product design and development requirements within ISO Any exclusion(s) must now be documented.
9001, Section 8.3. The exclusion shall be justified and maintained as documented information (see ISO 9001, Section 7.5).

Permitted exclusions do not include manufacturing process design.


4.3.2 Customer-specific requirements
Customer-specific requirements shall be evaluated and included in the scope of the organization's quality management system. This suggests the organization would need a process to evaluate each
customer-specific requirement and determine exactly how and where it applies
IATF 16949 4.3.2 Carryover to their QMS.

4.4 Quality management system and its processes


This further reinforces the need for risk to be considered throughout the QMS.
The organization shall establish, implement, maintain and continually improve a quality management system, including the processes
needed and their interactions, in accordance with the requirements of this International Standard. The requirement for ownership within the processes are now required.

The organization shall determine the processes needed for the quality management system and their application throughout the Sec. 4.4.1 is a paraphrase of the entire standard. If you think about the
organization, and shall: standard as a living organism, 4.4.1 would be the skeleton. the specifics for
4.4.1 can be found throughout the remainder of the standard.
a) determine the inputs required and the outputs expected from these processes;
b) determine the sequence and interaction of these processes; The outputs of the activities listed may include process flow maps,
interrelationships, authority and responsibilities, quality performance data,
ISO 9001 4.4.1 Modified c) determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to etc.,
ensure the effective operation and control of these processes;
d) determine the resources needed for these processes and ensure their availability;
e) assign the responsibilities and authorities for these processes;
f) address the risks and opportunities as determined in accordance with the requirements of 6.1;

g) evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results;

h) improve the processes and the quality management system.


4.4.1.1 Conformance of products and processes
The organization shall ensure conformance of all products and processes, including service parts and those that are outsourced, to all This ensures 2 things: that the organization is responsible for the conformity of
applicable customer, statutory requirements (see section 8.4.2.2) outsourced processes, and that all products and processes meet all applicable
IATF 16949 4.4.1.1 New requirements and expectations of all interested parties.

4.4.1.2 Product safety


The organization shall have documented processes for the management of product-safety related products and manufacturing This is a new section with new and enhanced requirements that address
processes, which shall include but not limited to the following, where applicable: current and emerging issues the automotive industry is facing related to
product and process safety.
a) identification by the organization of statutory and regulatory product-safety requirements;
b) customer notification of requirements in item a); Organizations are specifically required to have documented processes to
manage product-safety related products and processes.
c) special approvals for design FMEA;
d) identification of product safety-related characteristics;
e) identification and controls of safety-related characteristics of product and at the point of manufacture;
f) special approval of control plans and process FMEAs;
g) reaction plans (see section 9.1.1.1);

h) defined responsibilities, definition of escalation process and flow of information, including top management, and customer notification;
IATF 16949 4.4.1.2 New
i) training identified by the organization or customer for personnel involved in product-safety related products and associated
manufacturing processes;
j) changes of product or process shall be approved prior to implementation, including evaluation of potential effects on product safety
from process and product changes (see ISO 9001, Section 8.3.6);
k) transfer of requirements with regard to product safety throughout the supply chain, including customer-designated sources (see
Section 8.4.3.1);
l) product traceability by manufactured lot (at a minimum) throughout the supply chain ( see Section 8.5.2.1);
m) lessons learned for new product introduction.
Note: Special approval is an additional approval by the function (typically the customer) that is responsible to approve such documents
with safety-related content.
To the extent necessary, the organization shall: The intent is to allow an organization to tailor the documentation around their
own value streams.
a) maintain DOCUMENTED INFORMATION to support the operation of its processes; Documented information is defined as maintained = documents and
ISO 9001 4.4.2 Modified
b) retain DOCUMENTED INFORMATION to have confidence that the processes are being carried out as planned. procedures & retained = records.
Standard Element Is this a new ISO 9001:2015 / IATF 16949:2016 Requirements Commentary Action / Resources Required
requirement?

New/Modified/
Bolded text indicates new to ISO 9001:2015 and IATF 16949:2016
Carryover
5 Leadership
5.1 Leadership and commitment
5.1.1 General
Top management shall demonstrate leadership and commitment with respect to the quality management system by: There are now specific requirements for Top Management to:
- Take accountability for the effectiveness of the QMS
a) taking accountability for the effectiveness of the quality management system;
- Promoting process approach and risk
b) ensuring that the quality policy and quality objectives are established for the quality management system and are compatible with the - Integration with business system
context and strategic direction of the organization;
This will assist in the integration of the QMS within the business system and to
c) ensuring the integration of the quality management system requirements into the organization’s business processes; keep the QMS from being thought of as a a stand-alone system.
d) promoting the use of the process approach and risk-based thinking;
The intent of this requirement is to establish the roles and responsibilities of
e) ensuring that the resources needed for the quality management system are available;
top management in relation to the effectiveness of the quality management
system, and the achievement of planned results.
ISO 9001 5.1.1 Modified f) communicating the importance of effective quality management and of conforming to the quality management system requirements;

g) ensuring that the quality management system achieves its intended results;
h) engaging, directing and supporting persons to contribute to the effectiveness of the quality management system;
i) promoting improvement;
j) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

NOTE: Reference to “business” in this International Standard can be interpreted broadly to mean those activities that are core to the
purposes of the organization’s existence, whether the organization is public, private, for profit or not for profit.

5.1.1.1 Corporate responsibility


The organization shall define and implement corporate responsibility policies, including at a minimum an anti-bribery policy, an The IATF supplemented the ISO requirements by adopting a Corporate
employee code of conduct, and an ethics escalation policy ("whistle-blowing policy"). Responsibility requirement to address increasing market and governmental
IATF 16949 5.1.1.1 New expectations for improved integrity in social and environmental matters.

5.1.1.2 Process effectiveness and efficiency


Top management shall review the product realization processes and support processes to evaluate and improve their effectiveness and The IATF strengthened the requirement to ensure that the results of process
efficiency. The results of the process review activities shall be included as input to the management review (see Section 9.3.2.1). review activities are now to be included in the management review.
IATF 16949 5.1.1.2 Modified

5.1.1.3 Process owners


Top management shall identify process owners who are responsible for managing the organizations processes and related outputs. The IATF adopted this new requirement to ensure that management
Process owners shall understand their roles and be competent to perform those roles (see ISO 9001, Section 7.2) understands this expectation, by specifically identifying the process owners and
IATF 16949 5.1.1.3 New assuring that they can perform their assigned roles.

5.1.2 Customer focus


Top management shall demonstrate leadership and commitment with respect to customer focus by ensuring that: Customer requirements must be known and met with the aim of increasing and
improving customer satisfaction.
a) customer and applicable statutory and regulatory requirements are determined, understood and consistently met;
ISO 9001 5.1.2 Modified b) the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are Top management to visibly demonstrate leadership and commitment.
determined and addressed;
c) the focus on enhancing customer satisfaction is maintained.
5.2 Policy
5.2.1 Establishing the quality policy
Top management shall establish, implement and maintain a quality policy that: The intent of this requirement is to ensure that top management aligns the
quality policy with the organization's strategic direction.
a) is appropriate to the purpose and context of the organization and supports its strategic direction;
ISO 9001 5.2.1 Modified b) provides a framework for setting quality objectives;
c) includes a commitment to satisfy applicable requirements;
d) includes a commitment to continual improvement of the quality management system.
5.2.2 Communicating the quality policy
The quality policy shall: The quality policy must be documented. Associates need to understand the
quality policy and what it means to them.
a) be available and be maintained as documented information;
ISO 9001 5.2.2 Modified
b) be communicated, understood and applied within the organization;
c) be available to relevant interested parties, as appropriate.
5.3 Organizational roles, responsibilities and authorities
Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood Responsibility and authority and their interactions must be defined and
within the organization. communicated.
Top management shall assign the responsibility and authority for: When changes are made, consider the impact of that change on the system,
a) ensuring that the quality management system conforms to the requirements of this International Standard; not simply the local impact.
ISO 9001 5.3 Modified
b) ensuring that the processes are delivering their intended outputs;
c) reporting on the performance of the quality management system and on opportunities for improvement (see 10.1), in particular to
top management;
d) ensuring the promotion of customer focus throughout the organization;
Top management shall ensure that: The IATF adopted some enhancements to explicitly make Top Management
responsible for ensuring conformity to product requirements and to corrective
a) personnel responsible for conformity to product requirements have the authority to stop shipment and stop production to correct actions taken.
quality problems:
Note: Due to the process design in some industries, it might not always be possible to stop production immediately. In this case, the The standard clarifies that there must be a process to inform those with the
affected batch must be contained and shipment to the customer prevented. authority and responsibility for corrective action in order that they ensure
IATF 16949 5.3.2 Modified nonconforming product is identified, contained, and not shipped to the
b) personnel with authority and responsibility for corrective action are promptly informed of product or processes that do not conform to customer.
requirements to ensure that nonconforming product is not shipped to the customer and that all potential nonconforming product is
identified and contained.
c) production operations across all shifts are staffed with personnel in charge of, or delegated responsibility for, ensuring conformity to
product requirements.
Standard Element Is this a new ISO 9001:2015 / IATF 16949:2016 Requirements Commentary Action / Resources Required
requirement?

New/Modified/
Bolded text indicates new to ISO 9001:2015 and IATF 16949:2016
Carryover
6.0 Planning
6.1 Actions to address risks and opportunities
When planning for the quality management system, the organization shall consider the issues referred to in 4.1 and the requirements Determine risks and opportunities, considering the issues raised and
referred to in 4.2 and determine the risks and opportunities that need to be addressed to: requirements identified. Then plan appropriate actions to reduce undesired
effects on the QMS and evaluate effectiveness.
a) give assurance that the quality management system can achieve its intended result(s);
ISO 9001 6.1.1 New
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.
The organization shall plan: Having identified the risks and opportunities that may impact the quality
management system, the organization should plan actions to address each
a) actions to address these risks and opportunities; item.
b) how to:
1) integrate and implement the actions into its quality management system processes (see 4.4);
2) evaluate the effectiveness of these actions.
ISO 9001 6.1.2 New Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and
services.
NOTE 1: Options to address risks can include avoiding risk, taking risk in order to pursue an opportunity, eliminating the risk source,
changing the likelihood or consequences, sharing the risk, or retaining risk by informed decision.
NOTE 2: Opportunities can lead to the adoption of new practices, launching new products, opening new markets, addressing new
customers, building partnerships, using new technology and other desirable and viable possibilities to address the organization’s or its
customers’ needs.

6.1.2.1 Risk analysis


The organization shall include in its risk analysis, at a minimum, lessons learned from product recalls, product audits, field returns and The IATF adopted additional requirements for risk analysis recognizing the
repairs, complaints, scrap, and rework. continual need to analyze and respond to risk and to have organizations
consider specific risks associated with the automotive industry.
IATF 16949 6.1.2.1 Modified The organization shall retain DOCUMENTED INFORMATION as evidence of the results of risk analysis.

6.1.2.2 Preventive action


The organization shall determine and implement action(s) to eliminate the causes of potential nonconformities in order to prevent their The IATF enhanced the requirement found in ISO/TS 16949. Organizations
occurrence. Preventive actions shall be appropriate to the severity of the potential issues. need to implement a process to lessen the impact of negative effects of risk,
appropriate to the severity of the potential issues.
The organization shall establish a process to lessen the impact of negative effects of risk including the following:
a) determining potential nonconformities and their causes; Such a process would include: identifying the risk of nonconformity recurrence,
documenting lessons learned, identifying and reviewing similar processes
IATF 16949 6.1.2.2 Modified b) evaluating the need for action to prevent occurrence of nonconformities; towards prevention.
c) determining and implementing action needed;
d) documented information of action taken;
e) reviewing the effectiveness of the preventive action
f) utilizing lessons learned to prevent recurrence in similar processes (see ISO 9001, section 7.1.6)
6.1.2.3 Contingency plans
The organization shall: The expanded requirement ensures the organization defines and prepares
contingency plans along with a notification process to the customer or other
a) identify and evaluate internal and external risks to all manufacturing processes and infrastructure equipment essential to maintain interested parties.
production output and to ensure that customer requirements are met;
b) define contingency plans according to risk and impact to the customer; Customer notification is a mandatory step in any contingency plan, unless there
is no risk to deliver nonconforming product or affect on-time delivery.
c) prepare contingency plans for continuity of supply in the event of any of the following: key equipment failures (also see section
8.5.6.1.1); interruption from externally provided products, processes, and services; recurring natural disasters; fire; utility interruptions; The effectiveness of these contingency plans would be tested periodically and
labor shortages; or infrastructure disruptions; reviewed by a multidisciplinary team that includes top management.
d) include, as a supplement to the contingency plans, a notification process to the customer and other interested parties for the extent Contingency plans would be updated as necessary.
IATF 16949 6.1.2.3 Modified and duration of any situation impacting customer operations;
e) periodically test the contingency plans for effectiveness (e.g. simulations, as appropriate);
f) conduct contingency plan reviews (at minimum annually) using a multidisciplinary team including top management, and update as
required;
g) document the contingency plans and retain DOCUMENTED INFORMATION describing any revision(s), including the person(s) who
authorized the change(s);
The contingency plans shall include provisions to validate that the manufactured product continues to meet customer specifications
after the re-start of production following an emergency in which production was stopped and if regular shutdown processes were not
followed.
6.2 Quality objectives and planning to achieve them
Although the objectives are still reviewed by top management in management
The organization shall establish quality objectives at relevant functions, levels and processes needed for the quality management system. review, this requirement has been driven down more to the organization to
determine and, evaluate the results.
The quality objectives shall:
a) be consistent with the quality policy; Top management oversees the establishment of quality objectives at these
relevant functions and levels. The quality objectives must be documented.
b) be measurable;
ISO 9001 6.2.1 Modified c) take into account applicable requirements; These objectives must be measurable and consistent with the quality policy. It
d) be relevant to conformity of products and services and to enhancement of customer satisfaction; is important to communicate the objectives throughout the organization, as
appropriate.
e) be monitored;
f) be communicated;
g) be updated as appropriate.
The organization shall maintain DOCUMENTED INFORMATION on the quality objectives.
When planning how to achieve its quality objectives, the organization shall determine: The organization should identify who is responsible for achieving specific
objectives and ensuring sufficient resources are made available (see clause 7)
a) what will be done; and how results will be evaluated.
b) what resources will be required;
ISO 9001 6.2.2 Modified
c) who will be responsible;
d) when it will be completed;
e) how the results will be evaluated.
6.2.2.1 Quality objectives and planning to achieve them - supplemental
Top management shall ensure that quality objectives to meet customer requirements are defined, established, and maintained for The IATF enhanced the requirement of customer expectations to include a note
relevant functions, processes, and levels throughout the organization. in Sec. 6.2.2.1 and to require that it be done at all levels throughout the
organization.
IATF 16949 6.2.2.1 Modified
The results of the organization's review regarding interested parties and their relevant requirements shall be considered when the
organization establishes its annual (at a minimum) quality objectives and related performance targets (internal and external).

6.3 Planning of changes


When the organization determines the need for changes to the quality management system, the changes shall be carried out in a planned The term 'organization' is now used in lieu of just Top Management.
manner (see 4.4).
The application of risk-based thinking can be helpful in identifying the actions
The organization shall consider: necessary in planning changes to the quality management system.
ISO 9001 6.3 Modified a) the purpose of the changes and their potential consequences;
b) the integrity of the quality management system;
c) the availability of resources;
d) the allocation or reallocation of responsibilities and authorities.
Standard Element Is this a new ISO 9001:2015 / IATF 16949:2016 Requirements Commentary Action / Resources Required
requirement?

New/Modified/
Bolded text indicates new to ISO 9001:2015 and IATF 16949:2016
Carryover
7 Support
7.1 Resources
7.1.1 General
The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual A focus on the organization to consider internal capabilities, resources and
improvement of the quality management system. constraints. Also, what needs to be obtained from external sources.
ISO 9001 7.1.1 Modified The organization shall consider: Resources may include people, suppliers, equipment, etc.,
a) the capabilities of, and constraints on, existing internal resources;
b) what needs to be obtained from external providers.
7.1.2 People
The organization shall determine and provide the persons necessary for the effective implementation of its quality management system No impact. Resources needed to maintain the QMS must be determined and
ISO 9001 7.1.2 Carryover and for the operation and control of its processes. provided.

7.1.3 Infrastructure
The organization shall determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve No impact. The organization must identify, provide and maintain the
conformity of products and services. infrastructure necessary to ensure conformance of product including:
NOTE: Infrastructure can include: - Building, workspace and utilities
- Process equipment
ISO 9001 7.1.3 Carryover a) buildings and associated utilities; - Supporting services (i.e., transportation, communication)
b) equipment, including hardware and software;
c) transportation resources;
d) information and communication technology.
7.1.3.1 Plant, facility, and equipment planning
The organization shall use a multi-disciplinary approach including risk identification and risk mitigation methods for developing and This updated section includes an increased focus on risk identification and risk
improving plant, and equipment plans. In designing layouts, the organization shall: mitigation, evaluating manufacturing feasibility, re-evaluation of changes in
processes, and inclusion of on-site supplier activities.
a) optimize material flow, material handling, and value-added use of floor space including control of nonconforming product and;

b) facilitate synchronous flow, as applicable.


Methods shall be developed and implemented to evaluate manufacturing feasibility for new product or new operations. Manufacturing
feasibility assessments shall include capacity planning. These methods shall also be applicable for evaluation proposed changes to
IATF 16949 7.1.3.1 Modified existing operations.

The organization shall maintain process effectiveness, including periodic re-evaluation relative to risks, to incorporate any changes made
during process approval, control plan maintenance (see section 8.5.1.1) and verification of job set-ups (see section 8.5.1.3).

Assessments of manufacturing feasibility and evaluation of capacity planning shall be inputs to management reviews (see ISO 9001,
Section 9.3).
Note 1: These requirements should include the application of lean principles.
Note 2: These requirements should apply to on-site supplier activities, as applicable.
7.1.4 Environment for the operation of processes
The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve Key focus on addition of human and physical factors.
conformity of products and services.
The organization must identify and manage conditions of the work
NOTE: A suitable environment can be a combination of human and physical factors, such as: environment. This may include ergonomics, cleanliness, heat, noise, light, etc.
ISO 9001 7.1.4 Modified a) social (e.g. non-discriminatory, calm, non-confrontational);
b) psychological (e.g. stress-reducing, burnout prevention, emotionally protective);
c) physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise).
These factors can differ substantially depending on the products and services provided.
Note: Where third-party certification to ISO 45001 (or equivalent) is recognized, it may be used to demonstrate the organization's ---
IATF 16949 7.1.4 New
conformity to the personnel safety aspects of this requirements.
7.1.4.1 Environment for the operation of processes - supplemental
The organization shall maintain its premises in a state of order, cleanliness, and repair that is consistent with the product and This requirement was preserved from ISO/TS 16949.
IATF 16949 7.1.4.1 Carryover manufacturing needs.

7.1.5 Monitoring and measuring resources


7.1.5.1 General
The organization shall determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is The requirement for specific records of the results of calibration and
used to verify the conformity of products and services to requirements. verification being maintained has been replaced by "shall retain appropriate
DOCUMENTED INFORMATION".
The organization shall ensure that the resources provided:
ISO 9001 7.1.5.1 Modified a) are suitable for the specific type of monitoring and measurement activities being undertaken; The organization must have a process to ensure monitoring and measurement
activities are capable and are implemented.
b) are maintained to ensure their continuing fitness for their purpose.
The organization shall retain appropriate DOCUMENTED INFORMATION as evidence of fitness for purpose of the monitoring and
measurement resources.
7.1.5.1.1 Measurement systems analysis
Records are now required for customer acceptance of alternative methods. The
Statistical studies shall be conducted to analyze the variation present in the results of each type of inspection, measurement, and test previous requirement to analyze variation in measurement results is now
equipment system identified in the control plan. The analytical methods and acceptance criteria used shall conform to those in reference extended specifically to inspection equipment.
manuals on Measurement Systems Analysis. Other analytical methods and acceptance criteria may be used if approved by the customer.
The IATF also clarifies that records of customer acceptance need to be retained
IATF 16949 7.1.5.1.1 Modified along with results from alternative measurement system analysis.
Records of customer acceptance of alternative methods shall be retained along with results from alternative measurement systems
analysis (see section 9.1.1.1)
Note: Prioritization of MSA studies should focus on critical or special product or process characteristics

7.1.5.2 Measurement traceability


When measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in The requirement for specific records of the results of calibration and
the validity of measurement results, measuring equipment shall be: verification being maintained has been replaced by "shall retain appropriate
DOCUMENTED INFORMATION".
a) calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or
national measurement standards; when no such standards exist, the basis used for calibration or verification shall be retained as The organization must have a process to ensure monitoring and measurement
DOCUMENTED INFORMATION; activities are capable and are implemented.

ISO 9001 7.1.5.2 Carryover b) identified in order to determine their status;


c) safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement
results.

The organization shall determine if the validity of previous measurement results has been adversely affected when measuring equipment
is found to be unfit for its intended purpose, and shall take appropriate action as necessary.

---
IATF 16949 7.1.5.2 New Note: A number or another identifier traceability to the device calibration record meets the intent of the requirements in ISO 9001:2015

7.1.5.2.1 Calibration / verification records


This updated section helps ensure that customer requirements are met
The organization shall have a documented process for managing calibration / verification records. Records of the calibration / verification through enhanced calibration / verification record retention requirements,
activity for all gauges and measuring equipment (including employee-owned equipment relevant for measuring, customer-owned including software installed or employee-owned or customer-owned
equipment, or on-site supplier owned equipment) needed to provide evidence of conformity to internal requirements, legislative and equipment.
regulatory requirements, and customer-defined requirements shall be retained.
IATF 16949 clarifies that a documented process is required to manage
calibration / verification records in order to provide evidence of conformity,
The organization shall ensure that calibration / verification activities and records shall include the following details: and this includes any on-site supplier-owned equipment.
a) revisions following engineering changes that impact measurement systems;
Calibration / verification activities need to consider applicable internal,
b) any out-of-specification readings as received for calibration / verification; customer, legislative and regulatory requirements in order to establish
c) an assessment of the risk of the intended use of the product caused by the out-of-specification condition; approval criteria.

IATF 16949 7.1.5.2.1 Modified


equipment.

IATF 16949 clarifies that a documented process is required to manage


calibration / verification records in order to provide evidence of conformity,
and this includes any on-site supplier-owned equipment.

Calibration / verification activities need to consider applicable internal,


customer, legislative and regulatory requirements in order to establish
approval criteria.

IATF 16949 7.1.5.2.1 Modified d) when a piece of inspection measurement and test is found to be out of calibration or defective during its planned verification or
calibration or during its use, DOCUMENTED INFORMATION on the validity or previous measurement results obtained with this piece of
inspection measurement and test equipment shall be retained, including the associated standard's last calibration date and the next due
date on the calibration report;
e) notification to the customer if suspect product or material has been shipped;
f) statements of conformity to specification after calibration / verification;
g) verification that the software version used for product and process control is as specified;
h) records of the calibration and maintenance activities for all gauging (including employee-owned equipment, customer-owned
equipment, or on-site supplier-owned equipment);
i) production-related software verification used for product and process control (including software installed on employee-owned
equipment, customer-owned equipment, or on-site supplier-owned equipment).
7.1.5.3 Laboratory requirements
7.1.5.3.1 Internal laboratory
An organization's internal laboratory facility shall have defined scope that includes its capability to perform the required inspection, test, This section added a requirement to have the organization (client) define a
or calibration services. This laboratory scope shall be included in the quality management system documentation. The laboratory shall methodology to verify measurement system capability if no applicable national
specify and implement, as minimum, requirements for: or international standard(s) exist.

a) adequacy of the laboratory technical procedures; This clause also clarifies that the applied methodology must meet customer
requirements, if they exist.
b) competency of the laboratory personnel;
c) testing of the product;
IATF 16949 7.1.5.3.1 Modified d) capability to perform these services correctly, traceable to the relevant process standard (such as ASTM, EN, etc.) when no national or
international standard(s) is available, the organization shall define and implement a methodology to verify measurement system
capability;
e) customer requirements, if any;
f) review of related records.
Note: Third party accreditation to ISO/IEC 17025 (or equivalent) may be used to demonstrate the organization's in-house laboratory
conformity to this requirement.
7.1.5.3.2 External laboratory
This updated section allows the organization to conduct second-party
External/commercial/independent laboratory facilities used for inspection, test, or calibration services by the organization shall have assessments of laboratory facilities, but requires customer approval of the
defined laboratory scope that includes the capability to perform the required inspection, test, or calibration, and either: assessment method.
- the laboratory shall be accredited to ISO/IEC 17025 or national equivalent and include the relevant inspection test, or calibration service The clause also clarifies that internal laboratory requirements (Sec. 7.1.5.3.1)
in the scope of the accreditation (certificate); the certification or test report shall include the mark of a national accreditation body; or apply even when calibration is performed by the equipment manufacturer, and
- there shall be evidence that the external laboratory is acceptable to the customer. that use of calibration services may be subject to government regulatory
Note: Such evidence may be demonstrated by customer assessment, for example, or by customer-approved second-party assessment that confirmation, if required.
IATF 16949 7.1.5.3.2 Modified the laboratory meets the intent of ISO/IEC 17025 or national equivalent. The second-party assessment may be performed by the
organization assessing the laboratory using customer-approved method of assessment.

Calibration services may be performed by the equipment manufacturer when a qualified laboratory is not available for a given piece of
equipment. In such cases, the organization shall ensure that the requirements listed in section 7.1.5.3.1 have been met.

Use of calibration services, other than by qualified (or customer accepted) laboratories, may be subject to government regulatory
confirmation, if required.
7.1.6 Organizational knowledge
This is an entirely new requirement and focuses upon organic type of
The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and information being shared.
services. This knowledge shall be maintained and be made available to the extent necessary. When addressing changing needs and
trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional The organization should consider how to determine and manage organizational
knowledge and required updates. knowledge required to achieve conformity of products and services and to
meet its present and future needs.
NOTE 1: Organizational knowledge is knowledge specific to the organization; it is generally gained by experience. It is information that is
ISO 9001 7.1.6 New used and shared to achieve the organization’s objectives. People and their experiences are the foundation of organizational knowledge.
NOTE 2: Organizational knowledge can be based on: Capturing and sharing such experiences can generate synergies.

a) internal sources (e.g. intellectual property; knowledge gained from experience; lessons learned from failures and successful projects;
capturing and sharing undocumented knowledge and experience; the results of improvements in processes, products and services);

b) external sources (e.g. standards; academia; conferences; gathering knowledge from customers or external providers).
7.2 Competence
The organization shall: The organization's personnel whose work impacts product requirements must
be competent.
a) determine the necessary competence of person(s) doing work under its control that affects the performance and effectiveness of the
quality management system; The emphasis here is on competence.
b) ensure that these persons are competent on the basis of appropriate education, training, or experience;
A training record will usually not be enough to demonstrate competence. The
ISO 9001 7.2 Modified c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness organization will want to assess the output of the employee's job.
of the actions taken;
d) retain appropriate DOCUMENTED INFORMATION as evidence of competence.
NOTE: Applicable actions can include, for example, the provision of training to, the mentoring of, or the reassignment of currently
employed persons; or the hiring or contracting of competent persons.
7.2.1 Competence - supplement
The organization shall establish and maintain a documented process(es) for identifying training needs including awareness (see section This section adds a requirement of "awareness".
7.3.1) and achieving competence of all personnel performing activities affecting conformity to product and process requirements.
Personnel performing specific assigned tasks shall be qualified, as required, with particular attention to the satisfaction of customer Note that the use of the term "process" rather than "procedure" implies that
IATF 16949 7.2.1 Modified requirements. these activities need to be managed (via the plan-do-check cycle), and not
merely performed.

7.2.2 Competence - on-the-job training


The organization shall provide on-the-job training (which shall include customer requirements training) for personnel in any new or The IATF enhances the emphasis of on-the-job training and its importance in
modified responsibilities affecting conformity to quality requirements, internal requirements, regulatory of legislative requirements; this meeting customer requirements, including other interested parties.
shall include contract or agency personnel. The level of detail required for on-the-job training shall be commensurate with the level of
education the personnel possess and the complexity of the task(s) they are required to perform for their daily work. Persons whose This training must also convey the consequences of nonconformity to customer
work can affect quality shall be informed about the consequences of nonconformity to customer requirements. requirements to all persons whose work affects quality.
IATF 16949 7.2.2 Modified

7.2.3 Internal auditor competency


The organization shall have a documented process(es) to verify that internal auditors are competent, taking into account any customer- This section features greatly-enhanced requirements to the organization's
specific requirements. For additional guidance on auditor competencies, refer to ISO 190011. The organization shall maintain a list of internal auditor competency to ensure a more robust internal audit process.
qualified internal auditors.
Organizations need to establish a documented process that considers the
Quality management system auditors, manufacturing process auditors, and product auditors shall be able to demonstrate the following competencies required by this clause, takes actions to address any deficiencies,
minimum competencies: assesses the effectiveness of actions taken, and records a list of the approved
auditors.
a) understanding of the automotive process approach for auditing, including risk-based thinking;
b) understanding of applicable customer-specific requirements; When training is provided, documented information must also be retained
about trainer competency.
c) understanding of applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit;
d) understanding of applicable core tool requirements related to the scope of the audit;
e) understanding how to plan, conduct, report, and close out audit findings.
IATF 16949 7.2.3 Modified
Additionally, manufacturing process auditors shall demonstrate technical understanding of the relevant manufacturing process(es) to be
audited, including process risk analysis (such as PFMEA) an control plan. Product auditors shall demonstrate competence in
understanding product requirements and use of relevant measuring and test equipment to verify product conformity.

Where training is provided to achieve competency, DOCUMENTED INFORMATION shall be retained to demonstrate the trainer's
competency with the above requirements.
Maintenance of and improvement in internal auditor competence shall be demonstrated through:
f) executing a minimum number of audits per year, as defined by the organization; and
g) maintaining knowledge of relevant requirements based on internal changes (e.g. process technology, product technology) and
external changes (e.g. ISO 9001, IATF 16949, core tools, and customer specific requirements).
7.2.4 Second-party auditor competency
The organization shall demonstrate the competence of the auditors undertaking the second-party audits. Second-party auditors shall This new section outlines requirements for second-party auditors ensuring they
meet customer specific requirements for auditor qualification and demonstrate the minimum following core competencies, including are properly qualified to conduct these types of audits, with customer specific
understanding of: requirements being the main focus.

a) the automotive process approach to auditing, including risk based thinking; The same core competencies that apply to internal auditors should, at a
minimum, also apply to second-party auditors.
IATF 16949 7.2.4 New b) applicable customer and organization specific requirements;
c) applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit;
d) applicable manufacturing process(es) to be audited, including PFMEA and control plan;
e) applicable core tool requirements related to the scope of the audit;
f) how to plan, conduct, prepare audit reports, and close out audit findings.
7.3 Awareness
The organization shall ensure that persons doing work under the organization’s control are aware of: As stated.
a) the quality policy;
b) relevant quality objectives;
ISO 9001 7.3 Modified
c) their contribution to the effectiveness of the quality management system, including the benefits of improved performance;

d) the implications of not conforming with the quality management system requirements.
7.3.1 Awareness - supplemental
The organization shall maintain DOCUMENTED INFORMATION that demonstrates that all employees are aware of their impact on Includes additional requirements to ensure that all employees are aware of
product quality and the importance of their activities in achieving, maintaining, and improving quality, including customer requirements their impact on the organization's (client's) product quality output, customer
IATF 16949 7.3.1 Modified and the risks involved for the customer with nonconforming product. specific requirements, and risks involved for the customer with nonconforming
product.

7.3.2 Employee motivation and empowerment


The organization shall maintain a documented process(es) to motivate employees to achieve quality objectives, to make continual This section did not substantially change, but now requires "maintaining a
improvements, and to create an environment that promotes innovation. The process shall include the promotion of quality and documented process" for employee motivation and empowerment, instead of
IATF 16949 7.3.2 Modified technological awareness throughout the whole organization. simply "having a process".

7.4 Communication
The shift is from Top Management to the Organization. The steps are more
The organization shall determine the internal and external communications relevant to the quality management system, including: specific and it mentions internal and external sources.
a) on what it will communicate; Examples may include: work group meetings, bulletin boards, quality alerts,
ISO 9001 7.4 Modified b) when to communicate; town hall meetings, emails, etc.,
c) with whom to communicate;
d) how to communicate;
e) who communicates.
7.5 Documented information
7.5.1 General
The organization’s quality management system shall include: No specific requirement for a Quality Manual, but it may be used if wanted by
the Organization.
a) DOCUMENTED INFORMATION required by this International Standard;
b) DOCUMENTED INFORMATION determined by the organization as being necessary for the effectiveness of the quality management Major change from specific documents and records to the term of
system. "DOCUMENTED INFORMATION".
ISO 9001 7.5.1 Modified
NOTE: The extent of DOCUMENTED INFORMATION for a quality management system can differ from one organization to another due to: The intent is upon the organization to determine these.

- the size of organization and its type of activities, processes, products and services;
- the complexity of processes and their interactions;
- the competence of persons.
7.5.1.1 Quality management system documentation
The organization's quality management system shall be documented and include a quality manual, which can be a series of documents The IATF retained the quality manual requirement that was removed in the ISO
(electronic or hard copy). 9001:2015; however, the quality manual can be one main document or a series
of multiple documents (hard copy or electronic).
The format and structure of the quality manual is at the discretion of the organization and will depend on the organization's size,
culture, and complexity. If a series of documents is used, then a list shall be retained of the documents that comprise the quality manual This section also requires that the organization's processes and interactions are
for the organization. documented as part of their QMS.
The quality manual shall include, at a minimum, the following The quality manual needs to document where in the organization's QMS
a) The scope of the quality management system, including details of and justification for any exclusions customer-specific requirements are addressed.
IATF 16949 7.5.1.1 Modified
b) documented processes established for the quality management system, or reference to them

c) the organization's processes and their interactions (input and outputs), including type and extent of control of any outsourced processes

d) a document (i.e. matrix) indicating where within the organization's quality management system their customer specific requirements
are addressed.
Note: A matrix of how the requirements of this Automotive QMS standard are addressed by the organization's processes may be used
to assist with linkages of the organizations' processes and this Automotive QMS.
7.5.2 Creating and updating
When creating and updating DOCUMENTED INFORMATION, the organization shall ensure appropriate: Key focus upon the term "DOCUMENTED INFORMATION" in lieu of documents
and records from the previous standard.
a) identification and description (e.g. a title, date, author, or reference number);
ISO 9001 7.5.2 Modified b) format (e.g. language, software version, graphics) and media (e.g. paper, electronic); The intent on control is still in place, but the organization is to determine the
c) review and approval for suitability and adequacy. extent.

7.5.3 Control of documented information


DOCUMENTED INFORMATION required by the quality management system and by this International Control establishes a predictable outcome.
Standard shall be controlled to ensure:
ISO 9001 7.5.3.1 Modified
a) it is available and suitable for use, where and when it is needed;
b) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
The organization needs to determine how the "DOCUMENTED INFORMATION"
For the control of DOCUMENTED INFORMATION, the organization shall address the following activities, as applicable: will be identified, stored, protected, retrieved, how long they will be kept, and
disposed of.
a) distribution, access, retrieval and use;
b) storage and preservation, including preservation of legibility;
c) control of changes (e.g. version control);
ISO 9001 7.5.3.2 Modified d) retention and disposition.
DOCUMENTED INFORMATION of external origin determined by the organization to be necessary for the planning and operation of the
quality management system shall be identified as appropriate, and be controlled.
DOCUMENTED INFORMATION retained as evidence of conformity shall be protected from unintended alterations.
NOTE: Access can imply a decision regarding the permission to view the DOCUMENTED INFORMATION only, or
the permission and authority to view and change the DOCUMENTED INFORMATION.
7.5.3.2.1 Record retention
The organization shall define, document, and implement a record retention policy. The control of records shall satisfy statutory, This section now requires a record retention process that is defined and
regulatory, organizational, and customer requirements. documented, and that includes the organization's record retention
requirements.
Production part approvals, tooling records (including maintenance and ownership), product and process design records, purchase orders The clause specifically calls out production part approvals, tooling records,
IATF 16949 7.5.3.2.1 Modified (if applicable), or contracts and amendments shall be retained for the length of time that the product is active for production and service product and process design records, purchase orders, and contracts /
requirements, plus one calendar year, unless otherwise specified by the customer or regulatory agency. amendments.

Note: Production part approval DOCUMENTED INFORMATION may include product, applicable test equipment records, or approved test
data.
7.5.3.2.2 Engineering specifications
The organization shall have a documented process describing the review, distribution, and implementation of all customer engineering Added an engineering specifications requirement that the process is
standards/specifications and related revisions based on customer schedules, as required. documented and agreed with the customer.

This section also clarifies product design changes and product realization
process changes, and the alignment to related sections.

IATF 16949 7.5.3.2.2 Modified


Added an engineering specifications requirement that the process is
documented and agreed with the customer.

This section also clarifies product design changes and product realization
When an engineering standard/specification change results in a product design change, refer to the requirements in ISO 9001 Section process changes, and the alignment to related sections.
8.3.6. when an engineering standard/specification change results in a product realization process change, refer to the requirements in
section 8.5.6.1. The organization shall retain record of the date on which each change is implemented in production. Implementation shall
IATF 16949 7.5.3.2.2 Modified include updated documents.

Review should be completed within 10 working days of receipt of notification of engineering standards/specifications changes.
Note: A change in these standards/specifications may require an updated record of customer production part approval when these
specifications are referenced on the design record or if the affect documents of the production part approval process, such as control plan,
risk analysis (such as FMEAs), etc.
Standard Element Is this a new ISO 9001:2015 / IATF 16949:2016 Requirements Commentary Action / Resources Required
requirement?

New/Modified/
Bolded text indicates new to ISO 9001:2015 and IATF 16949:2016
Carryover
8 Operation
8.1 Operation planning and control
The organization shall plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products Added the requirement to "control" the processes.
and services, and to implement the actions determined in Clause 6, by:
It is important to define what the "product" is and to plan and define the
a) determining the requirements for the products and services; manner in which the product is realized.
b) establishing criteria for:
The organization must determine if 8.1 a - 8.1 e is appropriate and act
1) the processes; accordingly. If the organization outsources any processes, they must be
2) the acceptance of products and services; controlled.
c) determining the resources needed to achieve conformity to the product and service requirements;
ISO 9001 8.1 Modified d) implementing control of the processes in accordance with the criteria;
e) determining, maintaining and retaining DOCUMENTED INFORMATION to the extent necessary:
1) to have confidence that the processes have been carried out as planned;
2) to demonstrate the conformity of products and services to their requirements.
The output of this planning shall be suitable for the organization’s operations.
The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any
adverse effects, as necessary.
The organization shall ensure that outsourced processes are controlled (see 8.4).
8.1.1 Operation planning and control - supplement
When planning for product realization, the following topics shall be included: This section features enhanced detail to ensure key processes are included and
considered when planning for product realization.
a) customer product requirements and technical specifications
b) logistics requirements The section also clarifies the "resources needed to achieve conformity"
c) manufacturing feasibility encompasses all aspects of the development process, not just the
IATF 16949 8.1.1 Modified manufacturing process requirements.
d) project planning (refer to ISO 9001, section 8.3.2)
e) acceptance criteria
The resources identified in ISO 9001, section 8.1c), refer to the required verification, validation, monitoring, measurement, inspection,
and test activities specific to the product and the criteria for the product acceptance.
8.1.2 Confidentiality
The organization shall ensure the confidentiality of customer-contracted products and projects under development, including related Features only a minor edit to clarify confidentiality "includes" related product
IATF 16949 8.1.2 Modified product information. information. There is no change in intent.

8.2 Requirements for product and services


8.2.1 Customer communication
Communication with customers shall include: Incorporated customer property along with establishing contingency actions.
a) providing information relating to products and services; The organization must establish a communication with the customer.
b) handling enquiries, contracts or orders, including changes; Determine how the communication will take place.
ISO 9001 8.2.1 Modified
c) obtaining customer feedback relating to products and services, including customer complaints;
d) handling or controlling customer property;
e) establishing specific requirements for contingency actions, when relevant
8.2.1.1 Customer communication - supplemental
Added requirement that the communication language (written or verbal) must
Written or verbal communication shall be in the language agreed by the customer. The organization shall have the ability to be agreed with the customer.
IATF 16949 8.2.1.1 Modified communicate necessary information, including data in a customer-specified computer language and format (e.g. computer-aided design
data, electronic data interchange)

8.2.2 Determining the requirements for products and services


The organization must determine and understand the customer's requirements
When determining the requirements for the products and services to be offered to customers, the organization shall ensure that: relating to the product, delivery and post-delivery activities.
a) the requirements for the products and services are defined, including: This is an important activity that must be done in the early stages of the
ISO 9001 8.2.2 Modified process.
1) any applicable statutory and regulatory requirements;
2) those considered necessary by the organization;
b) the organization can meet the claims for the products and services it offers.
8.2.2.1 Determining the requirements for products and services - supplemental
These requirements shall include recycling, environmental impact, and characteristics identified as a result of the organizations knowledge Post delivery activities include any after-sales product service provided as part
of the product and manufacturing processes. of the customer contract or purchase order.
IATF 16949 8.2.2.1 Modified
Compliance to ISO 9001, section 8.2.2 item a) 1), shall include but not be limited to the following: all applicable government, safety, and
environmental regulations related to acquisition, storage, handling, recycling, elimination, or disposal or material.

8.2.3 Review of requirements for products and services


Prior to acceptance of a contract, the organization must determine the
The organization shall ensure that it has the ability to meet the requirements for products and services to be offered to customers. The feasibility of meeting the customer's requirements.
organization shall conduct a review before committing to supply products and services to a customer, to include:
The key in this section is that the review is done BEFORE the acceptance.
a) requirements specified by the customer, including the requirements for delivery and post delivery activities;
This section can be referred to as the contract review section.
b) requirements not stated by the customer, but necessary for the specified or intended use, when known;
c) requirements specified by the organization;
d) statutory and regulatory requirements applicable to the products and services;
ISO 9001 8.2.3.1 Modified
e) contract or order requirements differing from those previously expressed.

The organization shall ensure that contract or order requirements differing from those previously defined are resolved.

The customer’s requirements shall be confirmed by the organization before acceptance, when the customer does not provide a
documented statement of their requirements.
NOTE: In some situations, such as internet sales, a formal review is impractical for each order. Instead, the review can cover relevant
product information, such as catalogues.
8.2.3.1.1 Review of the requirements for products and services - supplemental
The organization shall retain documented evidence of a customer-authorized waiver for the requirements stated in ISO 9001, Section This section changes the action from "demonstrate" conformity to "conform",
8.2.3.1, for a formal review. and clarifies that it refers to "approval documentation", rather than just
"documentation".
IATF 16949 8.2.3.1.1 Modified
There is no change in intent.

8.2.3.1.2 Customer-designated special characteristics


The organization shall conform to customer requirements for designation, approval documentation, and control of special characteristics. This section changes the action from "demonstrate" conformity to "conform",
and clarifies that it refers to "approval documentation", rather than just
"documentation".
IATF 16949 8.2.3.1.2 Modified
There is no change in intent.

8.2.3.1.3 Organization manufacturing feasibility


Enhanced requirements for manufacturing feasibility analysis through the
The organization shall utilize a multidisciplinary approach to conduct an analysis to determine if it is feasible that the organization's following changes:
manufacturing processes are capable of consistently producing product that meets all the engineering and capacity requirements - multidisciplinary approach to analyze feasibility
specified by the customer. The organization shall conduct this feasibility analysis for any manufacturing or product technology new to - requiring this analysis for any new manufacturing or product technology, and
the organization and for any changed manufacturing process or product design. for any changed manufacturing process or product design.
- recommending the organization validate their ability to make product
IATF 16949 8.2.3.1.3 Modified specifications at the required rate and to consider customer-specific
requirements.
Enhanced requirements for manufacturing feasibility analysis through the
following changes:
- multidisciplinary approach to analyze feasibility
- requiring this analysis for any new manufacturing or product technology, and
for any changed manufacturing process or product design.
- recommending the organization validate their ability to make product
IATF 16949 8.2.3.1.3 Modified Additionally, the organization should validate through production runs, benchmarking studies, or other appropriate methods, their specifications at the required rate and to consider customer-specific
ability to make product to specifications at the required rate. requirements.

The organization shall retain DOCUMENTED INFORMATION, as applicable: Documented information must be kept showing the results of the review and
of any changes. This was previously called "records".
ISO 9001 8.2.3.2 Modified a) on the results of the review;
b) on any new requirements for the product and services.
8.2.4 Changes to requirements for products and services
The organization shall ensure that relevant DOCUMENTED INFORMATION is amended, and that relevant persons are made aware of the No major impact. The people who are involved in the process must be made
ISO 9001 8.2.4 Modified changed requirements, when the requirements for products and services are changed. aware of any changes that occur.

8.3 Design and development or products and services


8.3.1 General
The organization shall establish, implement and maintain a design and development process that is appropriate to ensure the This is an expanded requirement in ISO 9001:2015. The organization must
subsequent provision of products and services. establish a "process" for design and development.
ISO 9001 8.3.1 Modified

8.3.1.1 Design and development of products and services - supplemental


The requirements of ISO 9001:2015, Section 8.3.1, shall apply to product and manufacturing process design and development and shall Strengthened the standard by elevating the NOTE in the former section to a
focus on error prevention rather than detection. requirement, and added a requirement for documentation of the design and
IATF 16949 8.3.1.1 Modified development process.
The organization shall document the design and development process.

8.3.2 Design and development planning


In determining the stages and controls for design and development, the organization shall consider: Made the steps for design planning more distinct.
a) the nature, duration and complexity of the design and development activities; The organization must assign clear responsibility for the design and
b) the required process stages, including applicable design and development reviews; development of the product and the manufacturing processes to make that
c) the required design and development verification and validation activities; product.
d) the responsibilities and authorities involved in the design and development process; During the planning process, the organization must manage the interfaces
ISO 9001 8.3.2 Modified e) the internal and external resource needs for the design and development of products and services; between groups to ensure effective communication.
f) the need to control interfaces between persons involved in the design and development process;
g) the need for involvement of customers and users in the design and development process;
h) the requirements for subsequent provision of products and services;
i) the level of control expected for the design and development process by customers and other relevant interested parties;
j) the documented information needed to demonstrate that design and development requirements have been met.
8.3.2.1 Design and development planning - supplemental
The update to this section clarifies when the multidisciplinary approach is to be
The organization shall ensure that design and development planning includes all affected stakeholders within the organization and, as used and who should be involved.
appropriate, its supply chain. Examples of areas for using such a multidisciplinary approach include but are not limited to the following:
Specifically, it must include all affected stakeholders within the organization
a) project management (for example, APQP or VDA-RGA); and, as appropriate, its supply chain.
b) product and manufacturing process design activities (for example, DFM and DFA), such as consideration of the use of alternative
IATF 16949 8.3.2.1 Modified designs and manufacturing processes;
c) development and review of product design risk analysis (FMEAs), including actions to reduce potential risks;
d) development and review of manufacturing process risk analysis (for example, FMEAs, process flows, control plans, and standard work
instructions;
Note: A multidisciplinary approach typically includes the organizations design, manufacturing, engineering, quality, production,
purchasing, supplier, maintenance, and other appropriate functions.
8.3.2.2 Product design skills
This section adds a NOTE as an example of a product design skillset. There is no
The organization shall ensure that personnel with product design responsibility are competent to achieve design requirements and are change in intent.
IATF 16949 8.3.2.2 Modified skilled in applicable product design tools and techniques. Applicable tools and techniques shall be identified by the organization.

Note: An example or product design skills is the application of digitized mathematically based data.
8.3.2.3 Development of products with embedded software
This new section adds requirements for organization-responsible embedded
The organization shall use a process for quality assurance for their products with internally developed embedded software. A software software development and software development capability self-assessments.
development assessment methodology shall be utilized to assess the organizations software development process. Using prioritization
based on risk and potential impact to the customer, the organization shall retain DOCUMENTED INFORMATION of a software
IATF 16949 8.3.2.3 New
development capability self-assessment.
The organization shall include software development within the scope of their internal audit program.

8.3.3 Design and development inputs


The organization shall determine the requirements essential for the specific types of products and services to be designed and developed. Design inputs must be identified and documented.
The organization shall consider:
These inputs may come from customers, marketplace needs, regulatory
a) functional and performance requirements; requirements, standards, and specifications, skill requirements, documentation
b) information derived from previous similar design and development activities; and data on existing products.
c) statutory and regulatory requirements; The design inputs must be reviewed for accuracy and ensure they are not in
ISO 9001 8.3.3 Modified
d) standards or codes of practice that the organization has committed to implement; conflict with each other.
e) potential consequences of failure due to the nature of the products and services.
Inputs shall be adequate for design and development purposes, complete and unambiguous.
Conflicting design and development inputs shall be resolved.
The organization shall retain DOCUMENTED INFORMATION on design and development inputs.
8.3.3.1 Product input
The organization shall identify, document, and review product design input requirements as a result of contract review. Product design This section expanded the minimum set of product design input requirements,
input requirements include, but are not limited to the following: emphasizing regulatory and software requirements.
a) product specifications including, but not limited to special characteristics (see Section 8.3.3.3); The consideration of design alternatives could involve practices which result in
b) boundary and interface requirements; the trade-off curves mentioned in the added NOTE.
c) identification, traceability, and packaging; Embedded software requirements may relate to predictability, analyzability /
d) consideration of design alternatives; verifiability, and comprehensibility.
e) assessment of risks with the input requirements and the organization's ability to mitigate/manage the risks, including from the
feasibility analysis;
IATF 16949 8.3.3.1 Modified
f) targets for conformity to product requirements including preservation, reliability, durability, serviceability, health, safety,
environmental, development timing, and cost;
g) applicable statutory and regulatory requirements of the customer-identified country of destination, if provided;
h) embedded software requirements.

The organization shall have a process to deploy information gained from previous design projects, competitive product analysis
(benchmarking), supplier feedback, internal input, filed data, and other relevant sources for current and future projects of a similar nature.

Note: One approach for considering design alternatives is the use of trade-off curves
8.3.3.2 Manufacturing process input
The organization shall identify, document, and review manufacturing process design input requirements including but not limited to the Expanded the list of manufacturing process design inputs including: product
following: design output data including special characteristics, targets for timing;
manufacturing technology alternatives; new materials; product handling and
a) product design output data including special characteristics; ergonomic requirements, and; design for manufacturing and design for
b) targets for productivity, process capability, timing, and cost; assembly.
c) manufacturing technology alternatives; This section also further strengthened the requirements by transforming the
d) customer requirements, if any; former NOTE regarding error-proofing methods into a requirement.
IATF 16949 8.3.3.2 Modified
e) experience from previous developments;
f) new materials;
g) product handling and ergonomic requirements; and
h) design for manufacturing and design for assembly.
assembly.

This section also further strengthened the requirements by transforming the


former NOTE regarding error-proofing methods into a requirement.
IATF 16949 8.3.3.2 Modified

The manufacturing process design shall include the use of error-proofing methods to a degree appropriate to the magnitude of the
problem(s) and commensurate with the risks encountered.
8.3.3.3 Special characteristics
The organization shall use a multidisciplinary approach to establish, document, and implement its process(es) to identify special The changes in this section relate to identifying the source of special
characteristics, including those determined by the customer and the risks analysis performed by the organization, and shall include the characteristics and including risk analysis to be performed by the customer or
following: organization.

a) documentation of all special characteristics in the drawings (as required), risk analysis (such as FMEA), control plans, and standard This section also expands the list of sources used to identify special
work/operator instructions; special characteristics are identified with specific markings and are cascaded through each of these characteristics, along with the related requirements.
IATF 16949 8.3.3.3 Modified documents;
Special characteristics need to be marked in all applicable cascaded quality
b) development of control and monitoring strategies for special characteristics of products and production processes; planning documents.
c) customer-specified approvals, when required;
d) compliance with customer-specified definitions and symbols or the organization's equivalent symbols or notations, as defined in a
symbol conversion table. The symbol conversion table shall be submitted to the customer, if required.
8.3.4 Design and development controls
The organization shall apply controls to the design and development process to ensure that: Added the wording "process" to design to provide emphasis on process
approach.
a) the results to be achieved are defined;
b) reviews are conducted to evaluate the ability of the results of design and development to meet requirements; Added verification and validation activities here.

c) verification activities are conducted to ensure that the design and development outputs meet the input requirements; Design reviews must be performed according to planned arrangements. There
reviews are essential to keeping the project on track and ensuring the product
d) validation activities are conducted to ensure that the resulting products and services meet the requirements for the specified will meet customer and the organization's specifications.
ISO 9001 8.3.4 Modified application or intended use;
Design review should be multi-disciplinary. DOCUMENTED INFORMATION of
e) any necessary actions are taken on problems determined during the reviews, or verification and validation activities; the reviews and actions must be kept.

f) DOCUMENTED INFORMATION of these activities is retained.


Note: Design and development reviews, verification and validation have distinct purposes. They can be conducted separately or in any
combination, as is suitable for the products and services of the organization.
8.3.4.1 Monitoring
Measurements at specified stages during the design and development of products and processes shall be defined, analyzed, and reported These changes align the IATF 16949 standard with IATF OEM advanced quality
with summary results as an input to management review (see Section 9.3.2.1). activities, and aim to reduce the number of customer-specific requirements.

When required by the customer, measurements of the product and process development activity shall be reported to the customer at
IATF 16949 8.3.4.1 Modified stages specified, or agreed to, by the customer.

Note: When appropriate, these measurements may include quality risks, costs, lead times, critical paths, and other measurements.

8.3.4.2 Design and development validation


Design and development validation shall be performed in accordance with customer requirements, including any applicable industry and This section features a strengthening of the requirements for design and
governmental agency-issued regulatory standards. The timing of design and development validation shall be planned in alignment with development validation, and also added embedded software.
IATF 16949 8.3.4.2 Modified customer-specified timing, as applicable.

Where contractually agreed with the customer, this shall include evaluation of the interaction of the organization's product, including
embedded software, within the system of the customer's product.
8.3.4.3 Prototype programme
The changes in this section strengthen the standard by focusing the
When required by the customer, the organization shall have a prototype programme and control plan. The organization shall use, organization on the quality management system for managing outsourced
whenever possible, the same suppliers, tooling, and manufacturing processes as will be used in production. products and services.
IATF 16949 8.3.4.3 Modified
All performance-testing activities shall be monitored for timely completion and conformity to requirements.
When services are outsourced, the organization shall include the type and extent of control in the scope of its quality management
system to ensure that outsourced services conform to requirements (see ISO 9001, Section 8.4).
8.3.4.4 Product approval process
The organization shall establish, implement, and maintain a product and manufacturing approval process conforming to requirements These changes clarify approval requirements, with an emphasis on outsourced
defined by the customer(s). products and/or services and the record retention required.
The organization shall approve externally provided products and services per ISO 9001, Section 8.4.3, prior to submission of their part The use of the word "process" instead of procedure implies that the activities
IATF 16949 8.3.4.4 Modified approval to the customer. should be managed with an effectiveness review.
The organization shall obtain documented product approval prior to shipment, if required by the customer. Records of such approval
shall be retained.
Note: Product approval should be subsequent to the verification of the manufacturing process.
8.3.5 Design and development outputs
The organization shall ensure that design and development outputs: Design outputs must be provided in a manner that facilitates verification
a) meet the input requirements; against inputs.
b) are adequate for the subsequent processes for the provision of products and services; These outputs must meet input requirements, provide information for
ISO 9001 8.3.5 Modified c) include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria; purchasing, production and service provision, contain or reference product
criteria for safe and proper use.
d) specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision.

The organization shall retain DOCUMENTED INFORMATION on design and development outputs.
8.3.5.1 Design and development outputs - supplemental
The product design output shall be expressed in terms that can be verified and validated against product design input requirements. The Product design output additions include a recognition of the use of 3D models,
product design output shall include, but is not limited to the following, as applicable: and inclusion of service parts and packaging.
a) design risk analysis (FMEA); The application of GD&T tolerancing and positioning systems allows
b) reliability study results; organizations to remove ambiguity and specify dimensions and related
tolerances based on functionality relationships.
c) product special characteristics;
d) results of product design error-proofing, such as DFSS, DFMA, and FTA;
e) product definition including 3D models, technical data packages, product manufacturing information, and geometric dimensioning &
IATF 16949 8.3.5.1 Modified tolerancing (GD&T);
f) 2D drawings, product manufacturing information, and geometric dimensioning & tolerancing (GD&T);
g) product design review results;
h) service diagnostic guidelines and repair and serviceability instructions;
i) service part requirements;
j) packaging and labeling requirements for shipping.
Note: Interim design outputs should include any engineering problems being resolved through a trade-off process.
8.3.5.2 Manufacturing process output
Changes in this section strengthened verification requirements, process input
The organization shall document the manufacturing process design output in a manner that enables verification against the variables, capacity analysis, maintenance plans and correction of process
manufacturing process design inputs. The organization shall verify the outputs against manufacturing process design input nonconformities.
requirements. The manufacturing process design output shall include, but is not limited to the following:
a) specifications and drawings; More specifically, it clarifies that the process approach methodology of
verifying outputs against inputs applies to the manufacturing design process.
b) special characteristics for product and manufacturing process;
c) identification of process input variables and impact characteristics; The list of manufacturing design outputs has also expanded.
d) tooling and equipment for production and control, including capability studies of equipment and process(es);
e) manufacturing process flow charts/layout, including linkage of product, process, and tooling;
IATF 16949 8.3.5.2 Modified f) capacity analysis;
g) manufacturing process FMEA;
h) maintenance plans and instructions;
i) control plan (see Appendix A);
j) standard work and work instructions;
k) process approval acceptance criteria;
l) data for quality, reliability, maintainability, and measurability;
m) results of error-proofing identification and verification, as appropriate;
n) methods of rapid detection, feedback, and correction of product/manufacturing process nonconformities.
8.3.6 Design and development changes
All design and development changes must be identified and recorded.
The organization shall identify, review and control changes made during, or subsequent to, the design and development of products and
services, to the extent necessary to ensure that there is no adverse impact on conformity to requirements. DOCUMENTED INFORMATION of the results of the review of changes and any
actions must be kept.
The organization shall retain DOCUMENTED INFORMATION on:
ISO 9001 8.3.6 Modified
a) design and development changes;
b) the results of reviews;
c) the authorization of the changes;
d) the actions taken to prevent adverse impacts.
8.3.6.1 Design and development changes - supplemental
This section strengthens the requirement for change validation and approval
The organization shall evaluate all design changes after initial product approval, including those proposed by the organization or its prior to implementation, and also added embedded software.
suppliers, for potential impact on fit, form, function, performance, and/or durability. These changes shall be validated against customer
requirements and approved internally, prior to production implementation. For products with embedded software, the change record needs to document
IATF 16949 8.3.6.1 Modified the revision level of the software (and hardware) to assure that it is managed
If required by the customer, the organization shall obtain documented approval, or a documented waiver, from the customer prior to properly.
production implementation.
For products with embedded software, the organization shall document the revision level of software and hardware as part of the
change record.
8.4 Control of external provided processes, products and services
8.4.1 General
The organization shall ensure that externally provided processes, products and services conform to requirements. The organization must control how it ensures externally provided product,
services and its processes conforms to specified requirements.
The organization shall determine the controls to be applied to externally provided processes, products and services when:
Criteria for evaluation, selection, monitoring of performance and re-evaluation
needs to be defined and providers selected accordingly.
a) products and services from external providers are intended for incorporation into the organization’s own products and services;

ISO 9001 8.4.1 Modified b) products and services are provided directly to the customer(s) by external providers on behalf of the organization;
c) a process, or part of a process, is provided by the external provider as a result of a decision by the organization;

The organization shall determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external
providers, based on their ability to provide processes or products and services in accordance with requirements. The organization shall
retain DOCUMENTED INFORMATION of these activities and any necessary actions arising from the evaluations.

8.4.1.1 General - supplemental


The former NOTE about purchased products was broadened and elevated into
The organization shall include all products that affect customer requirements such as subassembly, sequencing, sorting, rework, and a requirement.
IATF 16949 8.4.1.1 New calibration services in the scope of their definition of externally provided products, processes, and services.

8.4.1.2 Supplier selection process


The organization shall have a documented supplier selection process. The selection shall include: This section now specifically calls out supplier selection process criteria, in
addition to clarifying that it is a full process.
a) an assessment of the selected supplier's risk to product conformity and uninterrupted supply of the organization's product to their
customers; The assessment used to select suppliers needs to be extended beyond typical
b) relevant quality and delivery performance; QMS audits and include aspects such as: risk to product conformity and
uninterrupted supply, relevant quality and delivery performance and
c) an evaluation of the supplier's quality management system; evaluation of the suppliers' quality management system.
d) multi-disciplinary decision making; and
e) an assessment of software development capabilities, if applicable. The standard also provides a list of other criteria to be considered.
Other supplier selection criteria that should be considered include the following:
- volume of automotive business (absolute and as percentage of total business);
IATF 16949 8.4.1.2 New
- financial stability;
- purchased product, material, or service complexity;
- required technology (product or process);
- adequacy of available resources (e.g. people, infrastructure);
- manufacturing capability;
- change management process;
- business continuity planning (e.g. disaster preparedness, contingency planning);
- logistics process;
- customer service.
8.4.1.3 Customer-directed sources (also known as "Directed-Buy")
This section features a clarification of the organization's responsibilities for
When specified by the customer, the organization shall purchase products, materials, or services from customer-directed sources. customer directed sources, even for customer directed-buy suppliers.
IATF 16949 8.4.1.3 Modified All requirements of Section 8.4 (except the requirements in IATF 16949, Section 8.4.1.2) are applicable to the organization's control of
customer-directed sources unless specific agreements are otherwise defined by the contract between the organization and the
customer.

8.4.2 Type and extent of control


The organization shall ensure that externally provided processes, products and services do not adversely affect the organization’s ability Consider the effect of the purchased product on the end product and apply
to consistently deliver conforming products and services to its customers. suitable controls.
The organization shall: The organization must define and implement activities to verify purchased
a) ensure that externally provided processes remain within the control of its quality management system; product. Examples are: receiving inspection, certifications sent with the
product, audits of suppliers, etc.
b) define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output;
ISO 9001 8.4.2 Modified c) take into consideration:
1) the potential impact of the externally provided processes, products and services on the organization’s ability to consistently meet
customer and applicable statutory and regulatory requirements;
2) the effectiveness of the controls applied by the external provider;
d) determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet
requirements.
8.4.2.1 Type and extent of control - supplemental
The organization shall have a documented process to identify outsourced processes and to select the types and extent of controls used The changes in this section further strengthened the requirement for control of
to verify conformity of externally provided products, processes, and services to internal (organizational) and external customer outsourced processes, including the assessment of risk.
IATF 16949 8.4.2.1 Modified requirements.

The process shall include the criteria and actions to escalate or reduce the types and extent of controls and development activities
based on supplier performance and assessment of product, material, or service risks.
8.4.2.2 Statutory and regulatory requirements
The updates clarify and strengthen the applicability of statutory and regulatory
The organization shall document their process to ensure that purchased products, processes, and services conform to the current requirements.
applicable statutory and regulatory requirements in the country of receipt, the country of shipment, and the customer-identified country
of destination, if provided.
IATF 16949 8.4.2.2 Modified
If the customer defines special controls for the certain products with statutory and regulatory requirements, the organization shall
ensure they are implemented and maintained as defined, including at suppliers.
8.4.2.3 Supplier quality management system development
This section provides a method to strengthen ISO 9001 certification, aligns with
The organization shall require their suppliers of automotive products and services to develop, implement, and improve a quality customer-specific requirements, and clarifies the acceptable third-party
management system certified to ISO 9001, unless otherwise authorized by the customer [e.g., item a) below], with the ultimate certification bodies (which shall be recognized by the IATF).
objective of becoming certified to this Automotive QMS Standard. Unless otherwise specified by the customer, the following sequence
should be applied to achieve this requirement: Instead of requiring organizations to simply "develop" the supplier QMS, this
sections outlines a progressive approach that goes from compliance to ISO
a) compliance to ISO 9001 through second-party audits;
9001 via second-party audits all the way through certification to IATF through
third-party audits.
b) certification to ISO 9001 through third-party audits; unless otherwise specified by the customer, suppliers to the organization shall
demonstrate conformity to ISO 9001 by maintaining a third-party certification issued by a certification body bearing the accreditation
IATF 16949 8.4.2.3 Modified mark of a recognized IAF MLA (International Accreditation Forum Multilateral Recognition Arrangement) member and where the
accreditation body's main scope includes management system certification to ISO/IEC 17021;

c) certification to ISO 9001 with compliance to other customer-defined QMS requirements (such as Minimum Automotive Quality
Management System Requirements for Sub-Tier Suppliers [MAQMSRJ or equivalent) through second-party audits;
third-party audits.

IATF 16949 8.4.2.3 Modified

d) certification to ISO 9001 with compliance to IATF 16949 through second-party audits;
e) certification to 16949 through third-party audits (valid third-party certification of the supplier to IATF 16949 by an IATF-recognized
certification body).
8.4.2.3.1 Automotive product-related software or automotive products with embedded software
The organization shall require their suppliers of automotive product-related software, or automotive products with embedded software, This new section added requirements for software development assessment
to implement and maintain a process for software quality assurance for their products. methodology. These requirements align to those presented in section 8.3.2.3,
but are now cascaded down to suppliers.
A software development assessment methodology shall be utilized to assess the supplier's software development process. Using
prioritization based on risk and potential impact to the customer, the organization shall require the supplier to retain DOCUMENTED
IATF 16949 8.4.2.3.1 New INFORMATION or a software development capability self-assessment.

8.4.2.4 Supplier monitoring


The organization shall have a documented process and criteria to evaluate supplier performance in order to ensure conformity of This section features strengthened requirements for supplier monitoring.
externally provided products, processes, and services to internal and external customer requirements.
The use of the term "documented process" suggests that the organization
At a minimum, the following supplier performance indicators shall be monitored: should continuously review inputs and introduce improvement actions
a) delivered product conformity to requirements; regarding supplier monitoring data, as needed.
b) customer disruptions at the receiving plant, including yard holds and stop ships;
IATF 16949 8.4.2.4 Modified c) delivery schedule performance;
d) number of occurrences of premium freight

If provided by the customer, the organization shall also include the following, as appropriate, in their supplier performance monitoring:

e) special status customer notifications related to quality or delivery issues;


f) dealer returns, warranty, field actions, and recalls.
8.4.2.4.1 Second-party audits
The organization shall include a second-party audit process in their supplier management approach. Second-party audits may be used This new section aligns customer-specific requirements into the IATF 16949
for the following: standard.
a) supplier risk assessment; Second-party audits were not previously included in the ISO/TS 16949
b) supplier monitoring; standard.
c) supplier QMS development; The organization's criteria for determining the need, frequency, and scope of
d) product audits; second-party audits must be based on risk analysis.
e) process audits.
IATF 16949 8.4.2.4.1 New
Based on a risk analysis, including product safety/regulatory requirements, performance of the supplier, and QMS certification level, at
a minimum, the organization shall document the criteria for determining the need, type, frequency, and scope of second-party audits.

The organization shall retain records of the second-party audit reports.


If the scope of the second-party audit is to assess the supplier's quality management system, then the approach shall be consistent with
the automotive process approach.
NOTE: Guidance may be found in the IATF Auditor Guide and ISO 19011.
8.4.2.5 Supplier development
The organization shall determine the priority, type, extent, and timing of required supplier development actions for its active suppliers. This section adds an emphasis on performance-based supplier development
Determination inputs shall include, but are not limited to the following: activities. This suggests that the supplier monitoring process should be
considered an input to the supplier development activities.
a) performance issues identified through supplier monitoring (see Section 8.4.2.4);
b) second-party audit findings (see Section 8.4.2.4.1); These development activities should consider short and long term goals,
IATF 16949 8.4.2.5 Modified applied corrective actions, and pursue opportunities for continual
c) third-party quality management system certification status; improvement.
d) risk analysis.
The organization shall implement actions necessary to resolve open (unsatisfactory) performance issues and pursue opportunities for
continual improvement.

8.4.3 Information for external providers


The organization shall ensure the adequacy of requirements prior to their communication to the external provider. Externally provided products or services must be clearly described on
purchasing documents. Some organizations refer to this as the Purchase Order.
The organization shall communicate to external providers its requirements for:
a) the processes, products and services to be provided; Prior to release to the external provider, purchasing documents must be
b) the approval of: reviewed for adequacy.
1) products and services;
2) methods, processes and equipment;
ISO 9001 8.4.3 Modified
3) the release of products and services;
c) competence, including any required qualification of persons;
d) the external providers’ interactions with the organization;
e) control and monitoring of the external providers’ performance to be applied by the organization;

f) verification or validation activities that the organization, or its customer, intends to perform at the external providers’ premises.

8.4.3.1 Information for external providers - supplemental


The organization shall pass down all applicable statutory and regulatory requirements and special product and process characteristics to The organization is required to provide key information to their supply chain
their suppliers and require the suppliers to cascade all applicable requirements down the supply chain to the point of manufacture. through this new requirement. This information includes all applicable
IATF 16949 8.4.3.1 New statutory and regulatory requirements and special product and process
characteristics.

8.5 Production and service provision


8.5.1 Control of production and service provision
The organization shall implement production and service provision under controlled conditions. The organization must ensure information is available that specifies product
characteristics. Some organizations use a design record or a control plan. There
Controlled conditions shall include, as applicable: are many other methods to be used.
a) the availability of DOCUMENTED INFORMATION that defines:
1) the characteristics of the products to be produced, the services to be provided, or the activities to be performed; Work instructions can be used to define activities to be performed. These work
instructions can be in any format.
2) the results to be achieved;
b) the availability and use of suitable monitoring and measuring resources; The organization must maintain the equipment used for production and service
provision, where necessary. This may include preventative as well as predictive
c) the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or maintenance.
ISO 9001 8.5.1 Modified outputs, and acceptance criteria for products and services, have been met;
The organization must identify and provide appropriate measuring and
d) the use of suitable infrastructure and environment for the operation of processes; monitoring equipment, where necessary.
e) the appointment of competent persons, including any required qualification;

f) the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision,
where the resulting output cannot be verified by subsequent monitoring or measurement;

g) the implementation of actions to prevent human error;


h) the implementation of release, delivery and post-delivery activities.
Clarification of suitable infrastructure.
NOTE: Suitable infrastructure includes appropriate manufacturing equipment required to ensure product compliance. Monitoring and
IATF 16949 8.5.1 Modified measuring resources include appropriate monitoring and measuring equipment required to ensure effective control of manufacturing
processes.

8.5.1.1 Control plan


This section strengthened the control plan requirements and aligned IATF OEM
The organization shall develop control plans (in accordance with Annex A) at the system, subsystem, component and/or material level for customer-specific requirements into the IATF 16949 standard.
the relevant manufacturing site and all product supplied, including those for processes producing bulk materials as well as parts. Family
control plans are acceptable for bulk material and similar parts using a common manufacturing process. It also elevated a NOTE regarding customer approval to a requirement, and
strengthened the control plan review and update criteria and linked to the
PFMEA updates.
The organization shall have a control plan for pre-launch and production that shows linkage and incorporates information from the
design risk analysis (if provided by the customer), process flow diagram, and manufacturing process risk analysis outputs (such as FMEA). This section also expanded the scope of activities to be included within the
control plan.
The organization shall, if required by the customer, provide measurement and conformity data collected during execution of either the
pre-launch or production control plans. The organization shall include in the control plan:

IATF 16949 8.5.1.1 Modified


It also elevated a NOTE regarding customer approval to a requirement, and
strengthened the control plan review and update criteria and linked to the
PFMEA updates.

This section also expanded the scope of activities to be included within the
control plan.

a) controls used for the manufacturing process control, including verification of job set-ups;
b) first-off/last-off part validation, as applicable;
IATF 16949 8.5.1.1 Modified c) methods for monitoring of control exercised over special characteristics (see Annex A) defined by both the customer and the
organization;
d) the customer-required information, if any;
e) specified reaction plan (see Annex A); when nonconforming product is detected, the process becomes statistically unstable or not
statistically capable.
The organization shall review control plans, and update as required, for any or the following:
f) the organization determines it has shipped nonconforming product to the customer,
g) when any change occurs affecting product, manufacturing process, measurement, logistics, supply sources, production volume changes,
or risk analysis (FMEA) (see Annex A);
h) after a customer complaint and implementation of the associated corrective action, when applicable;
i) at a set frequency based on a risk analysis.
If required by the customer, the organization shall obtain customer approval after review or revision of the control plan.
8.5.1.2 Standardized work - operator instructions and visual standards
The organization shall ensure that standardized work documents are: IATF 16949 strengthens the requirements for standardized work, including the
requirement to address specific language needs.
a) communicated to and understood by the employees who are responsible for performing the work;
b) legible; Standardized work documents need to be clearly understood by the
IATF 16949 8.5.1.2 Modified organization's operators.
c) presented in the language(s) understood by the personnel responsible to follow them;
d) accessible for use at the designated work area(s).
The standardized work documents shall also include rules for operator safety.
8.5.1.3 Verification of job set-ups
The organization shall: The changes in this section elevate a NOTE to a requirement, and clarify record
retention.
a) verify job set-ups when performed, such as an initial run of a job, material changeover, or job change that requires a new set-up;

b) maintain DOCUMENTED INFORMATION for set-up personnel;


IATF 16949 8.5.1.3 Modified c) use statistical methods of verification, where applicable;

d) perform first-off/last-off part validation, as applicable; where appropriate, first-off parts should be retained for comparison with the
last-off parts; where appropriate, last off-parts should be retained for comparison with first-off parts in subsequent runs;

e) retain records of process and product approval following set-up and first-off/ last-off part validations.
8.5.1.4 Verification after shutdown
The organization shall define and implement the necessary actions to ensure product compliance with requirements after a planned or Defines a new requirement for verification after shutdown, integrating industry
unplanned production shutdown period. lessons learned and/or best practices.
IATF 16949 8.5.1.4 New

8.5.1.5 Total productive maintenance


The organization shall develop, implement, and maintain a documented total productive maintenance system. This section strengthens the requirement for equipment maintenance and
overall proactive management of the Total Productive Maintenance (TPM).
At a minimum, the system shall include the following:
a) identification of process equipment necessary to produce conforming product at the required volume; TPM should be fully integrated within the manufacturing processes.
b) availability of replacement parts for the equipment identified in item a);
New and clarified requirements include: identification of process equipment;
c) provision of resource for machine, equipment, and facility maintenance; [provision of resources; applicable customer-specific requirements;
d) packaging and preservation of equipment, tooling, and gauging; documented maintenance objectives with action plans where objectives are
not being achieved; use of preventative methods; and periodic overhaul.
e) applicable customer-specific requirements;
IATF 16949 8.5.1.5 Modified
f) documented maintenance objectives, for example: OEE (Overall Equipment Effectiveness), MTBF (Mean Time Between Failure), and
MTTR (Mean Time To Repair), and Preventive Maintenance compliance metrics. Performance to the maintenance objectives shall form
an input into management review (see ISO 9001, Section 9.3);
g) regular review of maintenance plan and objectives and a documented action plan to address corrective actions where objectives are
not achieved;
h) use of preventive maintenance methods;
i) use of predictive maintenance methods, as applicable;
j) periodic overhaul.
8.5.1.6 Management of production tooling and manufacturing, test, inspection tooling and equipment
The organization shall provide resources for tool and gauge design, fabrication, and verification activities for production and service IATF 16949 features strengthened tooling and equipment marking and tracking
materials and for bulk materials, as applicable. requirements.

The organization shall establish and implement a system for production tooling management, whether owned by the organization or the This requirement extends the scope to production and service materials, and
customer, including: for bulk materials as applicable, and clarifies that requirements apply whether
tooling is owned by the organization or by the customer.
a) maintenance and repair facilities and personnel;
b) storage and recovery;
c) set-up;
IATF 16949 8.5.1.6 Modified d) tool-change programmes for perishable tools;
e) tool design modification documentation, including engineering change level of the product;
f) tool modification and revision to documentation;

g) tool identification, such as serial or asset number, the status, such as production, repair or disposal; ownership; and location.

The organization shall verify that customer-owned tools, manufacturing equipment, and test/inspection equipment are permanently
marked in a visible location so that the ownership and application of each item can be determined.
The organization shall implement a system to monitor these activities if any work is outsourced.
8.5.1.7 Production scheduling
This section emphasized the importance of planning information and
The organization shall ensure that production is scheduled in order to meet customer orders/demands such as Just-In-Time (JIT) and is integrated IATF OEM customer lessons learned.
supported by an information system that permits access to production information at key stages of the process and is order driven.
This suggests the organization needs a robust feasibility review process
IATF 16949 8.5.1.7 Modified regarding production scheduling.
The organization shall include relevant planning information during production scheduling, e.g., customer orders, supplier on-time
delivery performance, capacity, shared loading (multi-part station), lead time, inventory level, preventive maintenance, and calibration.

8.5.2 Identification and traceability


The organization must have a method in place to identify the product
The organization shall use suitable means to identify outputs when it is necessary to ensure the conformity of products and services. throughout production and service operations.

The organization shall identify the status of outputs with respect to monitoring and measurement requirements throughout production
ISO 9001 8.5.2 Modified and service provision.
The organization shall control the unique identification of the outputs when traceability is a requirement, and shall retain the
DOCUMENTED INFORMATION necessary to enable traceability.
Clarification not previously included in ISO/TS 16949.
NOTE: Inspection and test status is not indicated by the location of product in the production flow unless inherently obvious, such as
IATF 16949 8.5.2 New material in an automated production transfer process. Alternatives are permitted if the status is clearly identified, documented, and
achieves the designated purpose.

8.5.2.1 Identification and traceability- supplemental


The purpose of traceability is to support identification of clear start and stop points for product received by the customer or in the field Strengthens the requirements for traceability to support lessons learned
that may contain quality and/or safety-related nonconformities. Therefore, the organization shall implement identification and related to field issues.
traceability processes as described below.
Traceability configuration needs to consider the requirements of interested
parties and risk assessments.
The organization shall conduct an analysis of internal, customer, and regulatory traceability requirements for all automotive products,
including developing and documenting traceability plans, based on the levels of risk or failure severity for employees, customers, and
consumers. These plans shall define the appropriate traceability systems, processes, and methods by product, process, and
manufacturing location that:

IATF 16949 8.5.2.1 Modified a) enable the organization to identify nonconforming and/or suspect product;
b) enable the organization to segregate nonconforming and/or suspect product;
c) ensure the ability to meet the customer and/or regulatory response time requirements;
d) ensure documented information is retained in the formal (electronic, hardcopy, archive) that enables the organization to meet the
response time requirements;
IATF 16949 8.5.2.1 Modified

e) ensure serialized identification of individual products, if specified by the customer or regulatory standards;
f) ensure the identification and traceability requirements are extended to externally provided products with safely/regulatory
characteristics.
8.5.3 Property belonging to customers or external providers
The organization shall exercise care with property belonging to customers or external providers while it is under the organization’s control The organization must ensure conformity of the product during internal
or being used by the organization. operations and delivery to the intended destination.

The organization shall identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation
into the products and services.
ISO 9001 8.5.3 Modified
When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall
report this to the customer or external provider and retain DOCUMENTED INFORMATION on what has occurred.

NOTE: A customer’s or external provider’s property can include materials, components, tools and equipment, premises, intellectual
property and personal data.
8.5.4 Preservation
The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to The organization shall preserve the outputs during production and service
requirements. provision, to the extent necessary to ensure conformity to requirements.
ISO 9001 8.5.4 Modified
NOTE: Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and
protection.
8.5.4.1 Preservation - supplemental
Preservation shall include identification, handling, contamination control, packaging, storage, transmission or transportation, and Adds specificity to preservation controls and includes application to internal
protection. and/or external providers.
Preservation shall apply to materials and components from external and/or internal providers from receipt through processing, Preservation principles need to be applied from the point of receiving materials
including shipment and until delivery to/acceptance by the customer. all the way to product acceptance by the customer.
In order to detect deterioration, the organization shall assess at appropriate planned intervals the condition of product in stock, the
IATF 16949 8.5.4.1 Modified place/type of storage container, and the storage environment.
The organization shall use an inventory management system to optimize inventory turns over time and ensure stock rotation, such as
"first-in-first-out” (FIFO).

The organization shall ensure that obsolete product is controlled in a manner similar to that of nonconforming product.

Organizations shall comply with preservation, packaging, shipping, and labeling requirements as provided by their customers.
8.5.5 Post-delivery activities
The organization shall meet requirements for post-delivery activities associated with the products and services. The organization must have methods in place for release, delivery and post-
delivery activities, if applicable.
In determining the extent of post-delivery activities that are required, the organization shall consider:
a) statutory and regulatory requirements; This links back to Sec. 8.2.2 - determination of requirements related to the
b) the potential undesired consequences associated with its products and services; product.
ISO 9001 8.5.5 Modified c) the nature, use and intended lifetime of its products and services;
d) customer requirements;
e) customer feedback.
NOTE: Post-delivery activities can include actions under warranty provisions, contractual obligations such as maintenance services, and
supplementary services such as recycling or final disposal.
8.5.5.1 Feedback of information from service
The organization shall ensure that a process for communication of information on service concerns to manufacturing, material handling, Requirements for the section feature an expanded scope to include material
logistics, engineering, and design activities is established, implemented, and maintained. handling and logistics.
IATF 16949 8.5.5.1 Modified NOTE 1: The intent of the addition of “service concerns" to this sub-clause is to ensure that the organization is aware of nonconforming The new 2nd NOTE also clarifies "service concerns".
product(s) and material(s) that may be identified at the customer location or in the field.
NOTE 2: "Service concerns” should include the results of field failure test analysis (see Section 10.2.6) where applicable.
8.5.5.2 Service agreement with customer
When there is a service agreement with the customer, the organization shall: This section clarifies that service centers need to comply with all applicable
requirements when there is a service agreement with the customer.
a) verify that the relevant service centers comply with applicable requirements;
IATF 16949 8.5.5.2 Modified
b) verify the effectiveness of any special purpose tools or measurement equipment;
c) ensure that all service personnel are trained in applicable requirements.
8.5.6 Control of changes
The organization shall review and control changes for production or service provision, to the extent necessary to ensure continuing New ISO clause to emphasize this topic.
conformity with requirements.
If the organization was using Sec. 7.3 for design and development of
ISO 9001 8.5.6 Modified The organization shall retain DOCUMENTED INFORMATION describing the results of the review of changes, the person(s) authorizing the manufacturing, then this would be roughly equivalent, otherwise it is a new
change, and any necessary actions arising from the review. requirement.

8.5.6.1 Control of changes - supplemental


IATF strengthens the control of changes requirements in the standard to align
The organization shall have a documented process to control and react to changes that impact product realization. The effects or any with existing IATF OEM requirements.
change, including those changes caused by the organization, the customer, or any supplier, shall be assessed.
The changes clarify the "any change" includes those caused by the organization
The organization shall: and/or customer, in addition to those by any supplier.
a) define verification and validation activities to ensure compliance with customer requirements; The organization should also ensure they have a strong process to
b) validate changes before implementation; communicate and manage changes.
c) document the evidence of related risk analysis;
IATF 16949 8.5.6.1 Modified d) retain records of verification and validation.

Changes, including those made at suppliers, should require a production trial run for verification of changes (such as changes to part
design, manufacturing location, or manufacturing process) to validate the impact of any changes on the manufacturing process.

When required by the customer, the organization shall:


e) notify the customer of any planned product realization changes after the most recent product approval;
f) obtain documented approval, prior to implementation of the change;
g) complete additional verification or identification requirements, such as production trial run and new product validation.
8.5.6.1.1 Temporary change of process controls
The organization shall identify, document, and maintain a list of the process controls, including inspection, measuring, test, and error- This new requirement for temporary control of process changes addresses
proofing devices, that includes the primary process control and the approved back-up or alternate methods. issues experienced by the IATF OEM customers.

The organization shall document the process that manages the use of alternate control methods. The organization shall include in this The organization must identify, document and maintain a list of process
process, based on risk analysis (such as FMEA), severity, and the internal approvals to be obtained prior to production implementation controls that includes both primary process control and the approved back-up
of the alternate control method. or alternate methods.

The use of alternative control methods is considered a process; therefore, the


Before shipping product that was inspected or tested using the alternate method, if required, the organization shall obtain approval organization is expected to manage these activities appropriately.
from the customer(s). The organization shall maintain and periodically review a list of approved alternate process control methods that
are referenced in the control plan. Daily reviews of operator standardized work must consider alternate process
controls with the goal of returning to the standard process as soon as possible.
IATF 16949 8.5.6.1.1 New Standard work instructions shall be available for each alternate process control method. The organization shall review the operation of
alternate process controls on a daily basis, at a minimum, to verify implementation of standard work with the goal to return to the
standard process as defined by the control plan as soon as possible. Example methods include but are not limited to the following:

a) daily quality focused audits (e.g., layered process audits, as applicable);


b) daily leadership meetings.
Restart verification is documented for a defined period based on severity and confirmation that all features of the error-proofing device
or process are effectively reinstated.
The organization shall implement traceability of all product produced while any alternate process control devices or processes are being
used (e.g., verification and retention of first piece and last piece from every shift).
8.6 Release of products and services
The organization shall implement planned arrangements, at appropriate stages, to verify that the product and service requirements have The organization must monitor and measure those characteristics necessary to
been met. verify requirements are met.

These methods must be carried out at appropriate times during the process.
ISO 9001 8.6 Modified
The organization must monitor and measure those characteristics necessary to
verify requirements are met.

The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily These methods must be carried out at appropriate times during the process.
completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.
ISO 9001 8.6 Modified
The organization shall retain DOCUMENTED INFORMATION on the release of products and services. The DOCUMENTED INFORMATION
shall include:
a) evidence of conformity with the acceptance criteria;
b) traceability to the person(s) authorizing the release.
8.6.1 Release of products and services - supplemental
The organization shall ensure that the planned arrangements to verify that the product and service requirements have been met This further detail strengthens the standard to ensure process controls align
encompass the control plan and are documented as specified in the control plan (see Annex A) . with the control plan.

The organization shall ensure that the planned arrangements for initial release of products and services encompass product or service The organization should conduct a regular control plan audit that compares the
IATF 16949 8.6.1 New approval. current approval status with the actual controls applied in the manufacturing
The organization shall ensure that product or service approval is accomplished after changes following initial release, according to ISO process.
9001, Section 8.5.6.

8.6.2 Layout inspection and functional testing


An added NOTE clarifies that frequency of layout inspections is determined by
A layout inspection and a functional verification to applicable customer engineering material and performance standards shall be the customer.
performed for each product as specified in the control plans. Results shall be available for customer review.
IATF 16949 8.6.2 Modified
NOTE 1: Layout inspection is the complete measurement of all product dimensions shown on the design record(s).
NOTE 2: The frequency of layout inspection is determined by the customer.
8.6.3 Appearance items
This section on appearance items now requires organizations to provide
For organizations manufacturing parts designated by the customer as “appearance items," the organization shall provide the following: masters for haptic technology, as appropriate.
a) appropriate resources, including lighting, for evaluation; Haptic technology recreates the sense of touch by applying forces, vibrations,
IATF 16949 8.6.3 Modified or motions to the user.
b) masters for color, grain, gloss, metallic brilliance, texture, distinctness of image (DOI), and haptic technology, as appropriate;

c) maintenance and control of appearance masters and evaluation equipment;


d) verification that personnel making appearance evaluations are competent and qualified to do so.
8.6.4 Verification and acceptance of conformity of externally provided products and services
The organization shall have a process to ensure the quality of externally provided processes, products, and services utilizing one or more Changes in this section align with ISO 9001:2015 terminology and clarify the
of the following methods: source of statistical data as that provided by the supplier to the organization.
a) receipt and evaluation of statistical data provided by the supplier to the organization;
b) receiving inspection and/or testing, such as sampling based on performance;
IATF 16949 8.6.4 Modified
c) second-party or third-party assessments or audits of supplier sites when coupled with records of acceptable delivered product
conformance to requirements;
d) part evaluation by a designated laboratory;
e) another method agreed with the customer.
8.6.5 Statutory and regulatory conformity
Strengthens the standard for statutory and regulatory conformity to require
Prior to release of externally provided products into its production flow, the organization shall confirm and be able to provide evidence evidence of compliance.
IATF 16949 8.6.5 Modified that externally provided processes, products, and services conform to the latest applicable statutory, regulatory) and other requirements
in the countries where they are manufactured and in the customer-identified countries of destination, if provided.

8.6.6 Acceptance criteria


This sections clarifies "where required" to be "where appropriate or required".
Acceptance criteria shall be defined by the organization and, where appropriate or required, approved by the customer. For attribute data
IATF 16949 8.6.6 Modified
sampling, the acceptance level shall be zero defects (see Section 9.1.1, 1).

8.7 Control of nonconforming outputs


The organization shall ensure that outputs that do not conform to their requirements are identified and controlled to prevent their The organization must identify and control nonconforming product and
unintended use or delivery. services. This could include eliminating the nonconformity, obtaining a waiver
or deviation permit, or re-working the product.
The organization shall take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and
services. This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision
of services.
ISO 9001 8.7.1 Modified The organization shall deal with nonconforming outputs in one or more of the following ways:
a) correction;
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for acceptance under concession.
Conformity to the requirements shall be verified when nonconforming outputs are corrected.
8.7.1.1 Customer authorization for concession
The organization shall obtain a customer concession or deviation permit prior to further processing whenever the product or Changes in this section are for the alignment of terminology, and the
manufacturing process is different from that which is currently approved. clarification of concessions applied to rework of nonconforming product and
sub-component reuse.
The organization shall obtain customer authorization prior to further processing for "use as is” and rework dispositions of
nonconforming product. If sub-components are reused in the manufacturing process, that sub-component reuse shall be clearly
communicated to the customer in the concession or deviation permit.
IATF 16949 8.7.1.1 Modified
The organization shall maintain a record of the expiration date or quantity authorized under concession.

The organization shall also ensure compliance with the original or superseding specifications and requirements when the authorization
expires. Material shipped under concession shall be properly identified on each shipping container (this applies equally to purchased
product). The organization shall approve any requests from suppliers before submission to the customer.

8.7.1.2 Control of nonconforming product - customer-specified process


The organization shall comply with applicable customer-specified controls for nonconforming product(s). This section ensures customer controlled shipping requirements are followed,
and that these customer-specific requirements are integrated into the
IATF 16949 8.7.1.2 Modified organization's internal activities for the control of nonconforming product.

8.7.1.3 Control of suspect product


The organization shall ensure that product with unidentified or suspect status is classified and controlled as nonconforming product. The The updates in this section augment the requirements for control of suspect
organization shall ensure that all appropriate manufacturing personnel receive training for containment of suspect and nonconforming product by ensuring containment training is implemented.
IATF 16949 8.7.1.3 Modified product.

8.7.1.4 Control of reworked product


The organization shall utilize risk analysis (such as FMEA) methodology to assess risks in the rework process prior to a decision to rework This update increases the scope of control of reworked product requirements
the product. If required by the customer, the organization shall obtain approval from the customer prior to commencing rework of the to include customer approval, risk assessment, rework confirmation,
product. traceability, and retention of documented information.

The organization shall have a documented process for rework confirmation in accordance with the control plan or other relevant
IATF 16949 8.7.1.4 Modified DOCUMENTED INFORMATION to verify compliance to original specifications.
Instructions for disassembly or rework, including re-inspection and traceability requirements, shall be accessible to and utilized by the
appropriate personnel.
The organization shall retain DOCUMENTED INFORMATION on the disposition of reworked product including quantity, disposition,
disposition date, and applicable traceability information.
8.7.1.5 Control of repaired product
The organization shall utilize risk analysis (such as FMEA) methodology to assess risks in the repair process prior to a decision to repair The changes in this section clarify the requirement and the need for follow-up
the product. The organization shall obtain approval from the customer before commencing repair of the product. with detailed information for reworked product.

The organization shall have a documented process for repair confirmation in accordance with the control plan or other relevant The requirements for repaired products are essentially the same as those for
documented information. reworked products outlined in Sec. 8.7.1.4.
IATF 16949 8.7.1.5 Modified Instructions for disassembly or repair, including re-inspection and traceability requirements, shall be accessible to and utilized by the
appropriate personnel.
The organization shall obtain a documented customer authorization for concession for the product to be repaired.
The organization shall retain DOCUMENTED INFORMATION on the disposition of repaired product including quantity, disposition,
disposition date, and applicable traceability information.
8.7.1.6 Customer notification
The organization shall immediately notify the customer(s) in the event that nonconforming product has been shipped. Initial While customer notification is mentioned twice in ISO/TS 16949:2009, it did not
communication shall be followed with detailed documentation of the event. address customer notification in a stand alone section.
IATF 16949 8.7.1.6 Modified

8.7.1.7 Nonconforming product disposition


Updates in this section strengthen the requirement of disposition of
The organization shall have a documented process for disposition of nonconforming product not subject to rework or repair. For nonconforming product by clarifying that organizations must also have a
product not meeting requirements, the organization shall verify that the product to be scrapped is rendered unusable prior to disposal. documented process for nonconforming product not subject to rework or
IATF 16949 8.7.1.7 Modified repair.
The organization shall not divert nonconforming product to service or other use without prior customer approval.

8.7.2 Control of nonconforming outputs


The organization shall retain DOCUMENTED INFORMATION that: Not just product nonconformance.
a) describes the nonconformity;
ISO 9001 8.7.2 Modified b) describes the actions taken;
c) describes any concessions obtained;
d) identifies the authority deciding the action in respect of the nonconformity.
Standard Element Is this a new ISO 9001:2015 / IATF 16949:2016 Requirements Commentary Action / Resources Required
requirement?

New/Modified/
Bolded text indicates new to ISO 9001:2015 and IATF 16949:2016
Carryover
9.0 Performance Evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
The organization shall determine: The organization must determine the need for and implement monitoring,
measurement, analysis, and improvement opportunities needed to ensure
a) what needs to be monitored and measured;
conformity of the product, the quality management system, and to continually
b) the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results; improve.
ISO 9001 9.1.1 Modified c) when the monitoring and measuring shall be performed;
The organization must retain DOCUMENTED INFORMATION.
d) when the results from monitoring and measurement shall be analyzed and evaluated.
The organization shall evaluate the performance and the effectiveness of the quality management system.
The organization shall retain appropriate DOCUMENTED INFORMATION as evidence of the results.
9.1.1.1 Monitoring and measurement of manufacturing processes
Updates to this section clarify the requirement for targeting process
The organization shall perform process studies on all new manufacturing (including assembly or sequencing) processes to verify process effectiveness and efficiency, which is an extension of the requirement to have
capability and to provide additional input for process control, including those for special characteristics. effective and efficient processes instead of just having a process.

The section further ensures that organizations support the manufacturing


NOTE: For some manufacturing processes, it may not be possible to demonstrate product compliance through process capability. For process through defined roles, responsibilities, and effective escalation
those processes, alternate methods such as batch conformance to specification may be used. processes to drive process capability and stability.
The organization shall maintain manufacturing process capability or performance results as specified by the customer's part approval
process requirements. The organization shall verify that the process flow diagram, PFMEA, and control plan are implemented, including
adherence to the following:
a) measurement techniques;
b) sampling plans;
c) acceptance criteria;
IATF 16949 9.1.1.1 Modified
d) records of actual measurement values and/or test results for variable data;
e) reaction plans and escalation process when acceptance criteria are not met.

Significant process events, such as tool change or machine repair, shall be recorded and retained as DOCUMENTED INFORMATION.

The organization shall initiate a reaction plan indicated on the control plan and evaluated for impact on compliance to specifications for
characteristics that are either not statistically capable or are unstable. These reaction plans shall include containment of product and 100
percent inspection, as appropriate. A corrective action plan shall be developed and implemented by the organization indicating specific
actions, timing, and assigned responsibilities to ensure that the process becomes stable and statistically capable. The plans shall be
reviewed with and approved by the customer, when required.

The organization shall maintain records of effective dates of process changes.


9.1.1.2 Identification of statistical tools
Requirements for the identification of statistical tools feature clarifications
The organization shall determine the appropriate use of statistical tools. The organization shall verify that appropriate statistical tools regarding documented deployment of the use of statistical tools from DFMEA,
IATF 16949 9.1.1.2 Modified are included as part of the advanced product quality planning (or equivalent) process and included in the design risk analysis (such as PFMEA, and APQP process.
DFMEA) (where applicable), the process risk analysis (such as PFMEA), and the control plan.

9.1.1.3 Application of statistical concepts


This sections features a clarification regarding requirements for those involved
IATF 16949 9.1.1.3 Modified Statistical concepts, such as variation, control (stability), process capability, and the consequences of over-adjustment, shall be understood in capturing and analyzing data; previously, this was driven across all
and used by employees involved in the collection, analysis, and management of statistical data. employees regardless of relevance.

9.1.2 Customer satisfaction


Customer perception was previously in a NOTE and now it is an explicit
The organization shall monitor customers’ perceptions of the degree to which their needs and
requirement.
expectations have been fulfilled. The organization shall determine the methods for obtaining,
monitoring and reviewing this information.
ISO 9001 9.1.2 Modified NOTE: Examples of monitoring customer perceptions can include customer surveys, customer feedback
on delivered products and services, meetings with customers, market-share analysis, compliments, warranty
claims and dealer reports.

9.1.2.1 Customer satisfaction - supplemental


Updates to this section clarify customer satisfaction monitoring criteria and
Customer satisfaction with the organization shall be monitored through continual evaluation of internal and external performance introduction of additional focus on warranty management.
indicators to ensure compliance to the product and process specifications and other customer requirements.
There is also additional focus to ensure all customer performance measures are
regularly reviewed to reduce risk of failure to achieving customer satisfaction.
Performance indicators shall be based on objective evidence and include but not be limited to the following:
a) delivered part quality performance;
b) customer disruptions,
IATF 16949 9.1.2.1 Modified
c) field returns, recalls, and warranty (where applicable);
d) delivery schedule performance (including incidents of premium freight);
e) customer notifications related to quality or delivery issues, including special status.
The organization shall monitor the performance of manufacturing processes to demonstrate compliance with customer requirements for
product quality and process efficiency. The monitoring shall include the review of customer performance data including online customer
portals and customer scorecards, where provided.

9.1.3 Analysis and evaluation


The organization must collect and analyze data about the effectiveness and
The organization shall analyze and evaluate appropriate data and information arising from monitoring and measurement. suitability of the quality management system and evaluate where continual
improvement can be made.
The results of analysis shall be used to evaluate:
a) conformity of products and services;
b) the degree of customer satisfaction;
ISO 9001 9.1.3 Modified c) the performance and effectiveness of the quality management system;
d) if planning has been implemented effectively;
e) the effectiveness of actions taken to address risks and opportunities;
f) the performance of external providers;
g) the need for improvements to the quality management system.
NOTE: Methods to analyze data can include statistical techniques.
9.1.3.1 Prioritization
Trends in quality and operational performance shall be compared with progress toward objectives and lead to action to support The emphasis of the requirement changed from the "analysis of data" to the
prioritization or actions for improving customer satisfaction. prioritization of actions based on performance and risk management.
IATF 16949 9.1.3.1 Modified

9.2 Internal audit


9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management Audits must be performed at planned intervals. The organization makes this
system: determination.
a) conforms to: Keep in mind that audits need to be done often enough to ensure conformity
ISO 9001 9.2.1 Modified to the organization's requirements and to the requirements of IS) 9001:2015.
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.
The organization shall: System auditors are selected to do audits based on impartiality. They may not
audit their own work area.
a) plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning
requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting the Management must ensure actions are taken to eliminate detected
organization, and the results of previous audits; nonconformities and their causes.

b) define the audit criteria and scope for each audit;


ISO 9001 9.2.2 Modified
System auditors are selected to do audits based on impartiality. They may not
audit their own work area.

Management must ensure actions are taken to eliminate detected


nonconformities and their causes.

ISO 9001 9.2.2 Modified


c) select auditors and conduct audits to ensure objectivity and the impartiality of the audit process;
d) ensure that the results of the audits are reported to relevant management;
e) take appropriate correction and corrective actions without undue delay;
f) retain DOCUMENTED INFORMATION as evidence of the implementation of the audit programme and the audit results.
NOTE: See ISO 19011 for guidance
9.2.2.1 Internal audit programme
This section strengthened the need to drive a risk-based approach to the
The organization shall have a documented internal audit process. The process shall include the development and implementation of an development and deployment of an organizational-wide internal audit
internal audit program that covers the entire quality management system including quality management system audits, manufacturing program.
process audits, and product audits.
Internal audits must also consider software development capability
The audit programme shall be prioritized based upon risk, internal and external performance trends, and critically of the process(es). assessments, when applicable.
IATF 16949 9.2.2.1 Modified
Where the organization is responsible for software development, the organization shall include software development capability
assessments in their internal audit program.

The frequency of audits shall be reviewed and, where appropriate, adjusted based on occurrence of process changes, internal and
external nonconformities, and/or customer complaints. The effectiveness of the audit program shall be reviewed as a part of
management review.

9.2.2.2 Quality management system audit


Updates to this section strengthen the quality management system audit and
The organization shall audit all quality management system processes over each three-year calendar period, according to an annual the use of process approach, which further drives process improvements
IATF 16949 9.2.2.2 Modified programme, using the process approach to verify compliance with this Automotive QMS Standard. Integrated with these audits, the organization-wide.
organization shall sample customer-specific quality management system requirements for effective implementation.

9.2.2.3 Manufacturing process audit


IATF 16949 also strengthens the formal approaches to ensure organizations
The organization shall audit all manufacturing processes over each three-year calendar period to determine their effectiveness and achieve the benefits of effective manufacturing process audits.
efficiency using customer-specific required approaches for process audits. Where not defined by the customer, the organization shall
determine the approach to be used.
IATF 16949 9.2.2.3 Modified Within each individual audit plan, each manufacturing process shall be audited on all shifts where it occurs, including the appropriate
sampling of the shift handover.
The manufacturing process audit shall include an audit of the effective implementation of the process risk analysis (such as PFMEA),
control plan, and associated documents.
9.2.2.4 Product audit
The strengthened product audit requirements now require the use of
The organization shall audit products using customer-specific required approaches at appropriate stages of production and delivery to customer-specified approaches, when applicable
IATF 16949 9.2.2.4 Modified
verify conformity to specified requirements. Where not defined by the customer, the organization shall define the approach to be used.

9.3 Management review


9.3.1 General
No impact from the previous standard. Top management must review the
Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, system at planned intervals.
ISO 9001 9.3.1 Carryover
adequacy, effectiveness and alignment with the strategic direction of the organization.

9.3.1.1 Management review- supplemental


Management review shall be conducted at least annually. The frequency of management review(s) shall be increased based on risk to This update strengthens management review requirements to include an
compliance with customer requirements resulting from internal or external changes impacting the quality management system and assessment of risk and compliance to customer requirements.
IATF 16949 9.3.1.1 Modified performance-related issues.

9.3.2 Management review inputs


The management review shall be planned and carried out taking into consideration: Management must use information from: audits (external and internal),
customer feedback, process performance, product conformity, status of
a) the status of actions from previous management reviews; preventive and corrective action, follow-up actions from previous management
b) changes in external and internal issues that are relevant to the quality management system; reviews, planned changes, and recommendations for improvement.
c) information on the performance and effectiveness of the quality management system, including trends in:
1) customer satisfaction and feedback from relevant interested parties;
2) the extent to which quality objectives have been met;
3) process performance and conformity of products and services;
ISO 9001 9.3.2 Modified
4) nonconformities and corrective actions;
5) monitoring and measurement results;
6) audit results;
7) the performance of external providers;
d) the adequacy of resources;
e) the effectiveness of actions taken to address risks and opportunities (see 6.1);
f) opportunities for improvement.
9.3.2.1 Management review inputs - supplemental
Input to management review shall include: Updates to this section feature enhanced details for management review input
requirements, including those related to cost of poor quality, effectiveness,
a) cost of poor quality (cost of internal and external nonconformance); efficiency, conformance, feasibility assessments, customer satisfaction,
b) measures of process effectiveness; performance against maintenance objectives, warranty performance, review of
c) measures of process efficiency; customer scorecards, and the identification of potential field failures through
risk analysis.
d) product conformance;
e) assessments of manufacturing feasibility made for changes to existing operations and for new facilities or new product (see Section A monitoring system should be in place, with criteria that trigger special
7.1.3.1); unplanned management review activity.
IATF 16949 9.3.2.1 Modified
f) customer satisfaction (see ISO 9001, Section 9.1.2);
g) review or performance against maintenance objectives;
h) warranty performance (where applicable);
i) review of customer scorecards (where applicable);
j) identification of potential field failures identified through risk analysis (such as FMEA);
k) actual field failures and their impact on safety or the environment.
9.3.3 Management review outputs
The outputs of the management review shall include decisions and actions related to: Management must take the review inputs and transform it into outputs.
a) opportunities for improvement;
ISO 9001 9.3.3 Modified b) any need for changes to the quality management system;
c) resource needs.
The organization shall retain DOCUMENTED INFORMATION as evidence of the results of management reviews.
9.3.3.1 Management review outputs - supplemental
Top management shall document and implement an action plan when customer performance targets are not met. This enhanced section ensures action is taken where customer requirements
are not achieved, and supports the continual analysis of process performance
IATF 16949 9.3.3.1 Modified and risk.
Standard Element Is this a new ISO 9001:2015 / IATF 16949:2016 Requirements Commentary Action / Resources Required
requirement?

New/Modified/
Bolded text indicates new to ISO 9001:2015 and IATF 16949:2016
Carryover
10.0 Improvement
10.1 General
The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer The purpose of improvement is for an organization to both plan and actually
requirements and enhance customer satisfaction. implement actions in order to achieve intended results and enhance customer
satisfaction.
These shall include:
a) improving products and services to meet requirements as well as to address future needs and expectations;
ISO 9001 10.1 Modified
b) correcting, preventing or reducing undesired effects;
c) improving the performance and effectiveness of the quality management system.
NOTE: Examples of improvement can include correction, corrective action, continual improvement, breakthrough change, innovation
and re-organization.
10.2 Nonconformity and corrective action
When a nonconformity occurs, including any arising from complaints, the organization shall: The organization must identify and control nonconforming product and
services. This could include eliminating the nonconformity, obtaining a waiver
a) react to the nonconformity and, as applicable: or deviation permit, or re-working the product.
1) take action to control and correct it;
2) deal with the consequences; Re-verification must take place when nonconforming product is corrected.

b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:

1) reviewing and analyzing the nonconformity;


ISO 9001 10.2.1 Modified
2) determining the causes of the nonconformity;
3) determining if similar nonconformities exist, or could potentially occur;
c) implement any action needed;
d) review the effectiveness of any corrective action taken;
e) update risks and opportunities determined during planning, if necessary;
f) make changes to the quality management system, if necessary.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
The organization shall retain DOCUMENTED INFORMATION as evidence of: DOCUMENTED INFORMATION of the nonconformity and any corrective action
must be maintained.
ISO 9001 10.2.2 Modified a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.
10.2.3 Problem solving
The organization shall have a documented process(es) for problem solving including: Updates to this section are to facilitate the consolidation of IATF OEM
customer-specific minimum requirements.
a) defined approaches for various types and scale of problems (e.g., new product development, current manufacturing issues, field
failures, audit findings); The organization's defined process(es) for problem solving must consider:
various types and scales of problems; control of nonconforming output;
b) containment, interim actions, and related activities necessary for control of nonconforming outputs (see ISO 9001, Section 8.7), systematic corrective action and verification of effectiveness; and
review/updates to documented information.
IATF 16949 10.2.3 Modified c) root cause analysis, methodology used, analysis, and results;
d) implementation of systemic corrective actions, including consideration of the impact on similar processes and products;
e) verification of the effectiveness of implemented corrective actions;
f) reviewing and, where necessary, updating the appropriate documented information (e.g., PFMEA, control plan).
Where the customer has specific prescribed processes, tools, or systems for problem solving, the organization shall use those processes,
tools, or systems unless otherwise approved by the customer.
10.2.4 Error-proofing
This section, which previously only mentioned the use of error-proofing
The organization shall have a documented process to determine the use of appropriate error-proofing methodologies. Details of the methods in corrective action, includes new requirements to strengthen the
method used shall be documented in the process risk analysis (such as PFMEA) and test frequencies shall be documented in the control approach to error-proofing and consolidate customer-specific requirements.
plan.
IATF 16949 10.2.4 Modified
The process shall include the testing of error-proofing devices for failure or simulated failure. Records shall be maintained. Challenge
parts, when used, shall be identified, controlled, verified, and calibrated where feasible. Error-proofing device failures shall have a
reaction plan.

10.2.5 Warranty management systems


When the organization is required to provide warranty for their product(s), the organization shall implement a warranty management New requirement based on the increased importance of warranty management.
process. The organization shall include in the process a method for warranty part analysis, including NTF (no trouble found). When
specified by the customer, the organization shall implement the required warranty management process.
IATF 16949 10.2.5 New

10.2.6 Customer complaints and field failure test analysis


The organization shall perform analysis on customer complaints and field failures, including any returned parts, and shall initiate This section includes a new requirement regarding embedded software and
problem solving and corrective action to prevent recurrence. identification of preferred approaches.

Where requested by the customer, this shall include analysis of the interaction of embedded software of the organization's product
IATF 16949 10.2.6 Modified within the system of the final customer's product.
The organization shall communicate the results of testing/analysis to the customer and also within the organization.

10.3 Continual improvement


The quality policy, objectives, audit results, analysis of data and corrective and
The organization shall continually improve the suitability, adequacy and effectiveness of the quality management system. preventive action shall be used as a method to facilitate the improvement to
ISO 9001 10.3 Modified the quality management system.
The organization shall consider the results of analysis and evaluation, and the outputs from management review, to determine if there
are needs or opportunities that shall be addressed as part of continual improvement.
10.3.1 Continual improvement- supplemental
The organization shall have a documented process for continual improvement. The organization shall include in this process the Changes in this section clarify the minimum process requirements for continual
following: improvement.
a) identification of the methodology used, objectives, measurement, effectiveness, and DOCUMENTED INFORMATION; Use of these methodologies should follow a structured approach that
IATF 16949 10.3.1 Modified b) a manufacturing process improvement action plan with emphasis on the reduction of process variation and waste; continuously identifies and addresses opportunities for improvement.
c) risk analysis (such as FMEA).
NOTE: Continual improvement is implemented once manufacturing processes are statistically capable and stable or when product
characteristics are predictable and meet customer requirements.

You might also like