• The 3rd edition is the latest version and it was published on the 15th of June 2009. It has been technically updated to align with ISO 9001:2008 Standard. The previous revision was based on ISO 9001:2000.
• Customer-Specific Requirements (CSR) is the additional requirements imposed by the OEM. These requirements will form part of the audit criteria during the certification & internal audits.

ISO/TS 16949:2008 was developed by IATF (International Automotive Task Force) members and approved by ISO (International Organization for Standardization) for publication. It is an industry specific Quality Management System (QMS) catering for automotive industries with the following objectives:

• Promote continue improvement
• Emphasis defect prevention, and
• Continual waste and variation reduction.

     Overview :

The Standard is based on ISO 9001:2008 standard with additional common automotive industry requirements. The requirements are encompassed in 5 clauses, namely:

1. Quality Management System,
2. Management Responsibility,
3. Resource Management,
4. Product Realization,
5. Measurement, Analysis & Improvement.

Exclusion to the requirements is only limited to the product design & development processes.

Organizations that spearheading for certification must be parts of the automotive supply chain that provides value added activities or services to their customers. The term “automotive” include cars, buses, trucks, motorbikes but exclude special purpose vehicle such as tractors for agricultural purposes. Producers of automotive after-market products or providers of support services such as warehousing, transportation, calibration and others are not eligible for certification. Scope of certification includes site where value added activities are performed as well as remote locations if any where support services are provided.

The ISO/TS 16949 Standard was an international effort to develop a common Quality Management System for automotive industry. It was initially presented as an alternative to those organizations that were certified to US9000, VDA 6.1, AVSQ and EAQF. However, with the retirement of QS 9000, AVSQ and EQFQ in recent year, more and more companies have chosen to be certified with ISO/TS 16949.

Is ISO/TS 16949 relevant to your organization?

It is part of the common procurement requirement among the IATF members that all their suppliers, especially tier-1 suppliers shall be certified to ISO/TS 16949. JAMA strongly encourages their members’ suppliers to be certified to the ISO/TS 16949. In recent years, more are more OEMs (besides IATF and JAMA members) are encouraging or has made it part of the procurement requirements that require their suppliers to be 3rd party certified to ISO/TS 16949, one of those examples is Proton in Malaysia.

Notes:

• IATF members include the following vehicle manufacturers: BMW Group, Chrysler Group LLC, Daimler AG, Fiat Group Automobiles, Ford Motor Company, General Motors Corporation (including Opel Vauxhall), PSA Peugeot-Citroen, Renault, Volkswagen AG and the vehicle manufacturers respective trade associations - AIAG (U.S.), ANFIA (Italy), FIEV (France), SMMT (U.K.) and VDA (Germany)
• JAMA members include the following vehicle manufacturers: Daihatsu Motor Co., Ltd, Fuji Heavy Industries Ltd., Hino Motors, Ltd., Honda Motor Co., Ltd., Isuzu Motors Ltd., Kawasaki Heavy Industries, Ltd., Mazda Motor Corporation, Mitsubishi Motors Corporation, Mitsubishi Fuso Truck & Bus Corporation, Nissan Motor Co., Ltd., Suzuki Motor Corporation, Toyota Motor Corporation, UD Trucks Corporation, and Yamaha Motor Co., Ltd.

     Global Adoption :

At the end of June 2010, a total of 42,189 certificates were issued to ISO/TS 16949. Asia Pacific region accounted for the biggest number of certificates issued - 16,585 (47%). Among all the countries, China was the fastest growing country which itself accounted for 13,031 (31%) certificates.

     Benefits :

IATF has set up an IATF Global Database Customer Portal that allows anyone to check the validity of the certification certificates. This provides a simple mean for any organization to verify its supplier ISO/TS 16949 certification status. The benefits of being certified to ISO/TS 16949 Standard includes but not limited to:

• Quality improvement in product & process,
• Additional confidence to the customers,
• Common approach for managing Quality Management System,
• Reassignment of resources to quality improvement and
• Reduction in the multiple 3rd party registrations.

     Auditing :

ISO/TS 16949 requires organization to plan and conduct internal audit at the planned interval as well as having Its QMS to be audited by the appointed 3rd party certification body on the annual basis.

Internal Audits

ISO/TS 16949 Standard requires that the internal auditors be competent on the basis of education, skill, training and experience. Organization can decide the criteria for competency. However, certain OEMs through their customer-specific requirements (CSR) spell out the criteria for internal auditor competency. Nevertheless, in general a competent auditor must be able to demonstrate certain level of competency in the following subjects:

• Understanding of the ISO/TS Requirements,
• Process Based Approach in Auditing,
• Understanding of the Core Tools (SPC, MSA, FMEA, APQP and PPAP)
• Applicable Customer-Specific Requirements

Notes:

• SPC – Statistical Process Control
• MSA – Measurement System Analysis
• FMEA – Potential Failure Modes and Effect Analysis
• APQP – Advanced Product Quality Planning
• PPAP – Production Part Approval Process

Appointed internal auditors must not audit their own work. Internal audit is allowed to be outsourced to outside parties such as consultant to carry out. It is sometime more effective than using its own staff but the costs can be high.

Unlike other management systems audit, ISO/TS 16949 audit must be planned and conducted to cover all working shifts. The internal audit must be planned on the annual basis, and take into the consideration the importance of the processes to be audited as well as the results from the previous audits. In addition, the internal audit itself is divided into 3 distinct types of audit – Quality Management System (QMS) Audit, Manufacturing Process Audit and Product Audit. QMS audit focuses on the conformance of ISO/TS 16949 and other related QMS including CSR requirements. Manufacturing Process Audit focuses on verifying the effectiveness of each manufacturing processes. Lastly, the Product Audit is focusing on auditing the product requirements at the appropriate stages from production to delivery to ensure product requirements are met.

All the findings that against the audit criteria will be issued with a Non-Conformance (NC) note and corrective action (CA) is required to be carried out by the auditees to address the root cause(s) of the problem to prevent recurrence. OFI (Opportunity for Improvement) or Observations were issued by the auditors to address the potential non-conformance findings. Preventive Actions (PA) were sometime initiated to address the OFI or Observation to prevent occurrence of the potential non-conformance.

Internal audit must be viewed positively in the organization as it provides a platform for continuing improving the organization’s QMS. The internal audit results are one of key inputs to the Management Review.

External Audits

All the external auditors are trained and qualified by their respective IATF Oversight Office (SMMT, IAOB, VDA, IATF France, QMC and ANFIA). All the auditors need to have at least 6 years of full time working experiences in the automotive industries with at least 2 years in the quality assurance activities. Throughout the year, IATF Oversight Office will perform witness audit on the auditors to ensure they maintain the high level of competency, consistency and professionalism.

     Choosing a Register :

As of May 2011, only 49 certification bodies are approved by the IATF to perform ISO/TS 16949 certification audit. The details on the approved certification bodies are available on the IATF website. It is recommended that the organization goes through the following items before deciding which certification body to engage.

• Make sure the certification body is approved by IATF.
• Obtain few quotations from the different certification bodies for comparison, and you would be surprise on the differences in price quoted.
• Make sure the certification body is having its own local auditor to do the job. Importing auditors from other countries might create an unnecessary communication problem. The additional costs will be high too.
• It is best to talk or interview the auditors before engaging them. It will provide you with the first valuable assessment as are they the right auditors for your organization.
• Talk to your clients to see if they have any preferred certification bodies to use.

     Route to Registration :

These are the steps to registration:

Pre-audit Assessment

Pre-audit or pre-assessment prior to Stage 1 readiness review is allowed to be carried out by the certification body with the following restrictions:

1. Pre-audit is not part of the certification audit process (Stage 1 & Stage 2).
2. Only one single visit to one site of a client is allowed. Multiple visits shall be considered as consultancy visit.
3. The audit time must be less than 80% of the calculated audit time for Stage 2 Audit.
4. Pre-audit shall not be considered as a factor for reducing the audit time for Stage 1 and 2 Audits.
5. External auditor that was assigned to perform the pre-audit assignment will not be allowed to participate in the Stage 1 and 2 Audits of the organization.

The pre-audit may result in some non-binding findings and auditor is advised not to recommend solutions to the findings.

Stage 1 Audit (Readiness Review)

Stage 1 audit must be carried out on site. Under some special circumstances, Stage 1 audit may be completed without visiting the site, however, approval from the relevant IATF Oversight Office shall be obtained first. A member of the assigned audit team for Stage 1 and Stage 2 audits shall carry out the audit and preferably the lead auditor of the audit team should perform the Stage 1 Audit.

The following documentation (as minimum) must be prepared by the organization and ready for Stage 1 audit.

Description of key processes showing the sequence and interactions. This includes the identification of outsourced processes.

• Key performance indicators trends for the previous 12 months, as minimum.
• Quality Manual, including the interactions and support functions for manufacturing site and remote locations, if any.
• Evidence to indicate all the requirements of ISO/TS 16949 have been addressed by the organization’s processes.
• Evidence of one full cycle of Internal Audit to ISO/TS 16949 and followed by a Management Review.
• List of Qualified Internal Auditors and the criteria for qualification.
• List of automotive customers, and their applicable customer-specific requirements (CSR).
• Customer complaint summary and responses including scorecards and special status issued by customers.

Stage 1 Audit activities include the verification of the following information to assess the organization readiness for Stage 2 Audit.

• Evaluation of Organization’s management system documentation,
• Evaluation of Organization manufacturing site and remote locations readiness for Stage 2 Audit,
• Evaluation of organization’s status and understanding of the requirements of the standard,
• Collection of information regarding the scope of management system, processes, and applicable statutory and regulatory requirements to the product,
• Reviewing the allocation of resources with the organization and agree with the organization the details for Stage 2 Audit,
• Provision a focus for Stage 2 Audit by understanding the organization’s management system and site operation,
• Evaluation of the planning and execution of Internal Audit and Management Review to assess the level of implementation that provide information regarding the organization readiness for Stage 2 Audit, and
• Verification that both organization and its design subcontractors have sufficient capability to meet the ISO/TS 16949 requirements.

Upon collecting all the relevant information, the audit team will decide if the organization has sufficient readiness to proceed to Stage 2 Audit. If the audit team concluded that the organization is “not ready” for Stage 2 Audit, the organization will need to go through another round of Stage 1 Audit again. An organization will be deemed “not ready” if the audit team concluded that:

• The organization was not able to present or complete the items required, or
• The organization has an issue which could result in major non-conformity at the Stage 2 Audit with respect to the effective implementation of the quality management system.

Stage 2 Audit

The Stage 2 Audit must be conducted within 90 calendar days from the approval of the Stage 1 Audit. The Audit is the evaluation of the implementation effectiveness of the organization’s quality management system and it must be conducted on-site.

Registration Confirmation

The audit team will make the recommendation for certification only after all the non-conformities identified during the Stage 2 Audit have been resolved. On site verification of major non-conformity is required. The certification decision must be made 120 days from the last day of the Stage 2 Audit.

Certificate Issue

Your certificate will only be issued if there is:

• 100% compliance to the requirements,
• Non-conformities found during the audit are either closed or open but 100% resolved.

Certificates to ISO/TS 16949 shall be issued by the IATF contracted certification body office or an approved regional office under the control of the IATF contracted certification body office.

Continued Assessmen

After registration, your certification body will perform surveillance audit (on-site) to assess your management system’s fulfilment to the requirements. Whenever nonconformity was found during the audit, decertification process will be initiated. For a major non-conformity found during the audit, the organization will have 20 days from the last day of the audit to initiate root cause analysis and implementation of correction. The certification body must review the correction and to decide if the certificate is to be suspended.

Reassessment

Your certification body is required to perform a reassessment of your management system every 3 years. The purpose of the reassessment audit is to confirm the continue conformity and effectiveness of the quality management system as a whole and its continued relevance and applicability for the scope of certification.