IATF 16949 Certification

• Stage 1 audit takes place in 2 sections (including a review of the applicability of IATF 16949, certification structure and the planned scope, followed by an assessment of readiness for certification by means of an on-site audit using the “Gemba“ method).
• Decision of the certification body on readiness for stage 2 audit or repetition of stage 1 audit after max. 15 days.
• If the readiness is not given, a repetition of stage 1 can take place within a maximum of 6 months with the same auditor.
• If necessary, at least one additional hour is required to review open points from a previous stage 1 audit.

• This includes a complete system audit (all requirements of IATF 16949 are to be audited on-site and evaluated regarding effective implementation).
• The stage 2 audit can take place at the earliest 20 days and must take place at the latest 90 days after the final meeting of the stage-1-audit based on a positive readiness assessment by the certification body.

• The last day of a re-certification audit must be completed no later than 3 years -3 months/+0 days after the last day of the first stage 2, re-certification, or transfer audit. Otherwise, the certificate will be withdrawn immediately.
• The last day of a surveillance audit must be -3/+3 months after the last initial audit of stage 2, re-certification, or transfer audits (“ARD“). Otherwise, the certificate will be withdrawn immediately.

• Application possible from of two production plants (“sites”) to be included. Reduction of on-site audit time per “site” by max. 15 %. (Note: Depending on the scope of the corporate scheme, a reduction of up to 40% per site was previously permitted).

• Total reduction in on-site audit time can now be up to max. 30% (previously up to 50%).

• These may be a maximum of 10 miles / 16 km and a maximum travel time of one hour from the main site. If this is not the case, former extended manufacturing sites must be considered as sites and must undergo an initial certification audit (possibly in the corporate scheme structure). This can take place during the underlying audit cycle.

• If the production site is relocated, an initial certification audit must be conducted with the involvement of the supporting sites.

• The client must confirm the audit date to the certification body at least 90 days before the start of the audit (First Audit Day, “FAD”).
• A later postponement the audit date is only possible with documented, verifiable justification.
• Extended requirements apply for content and deadline for providing information on audit preparation / readiness review to the certification body.

• The audit planning by the certification body must demonstrably comprise at least 0.50 person days. This requires an entry in the IATF database.
• The audit preparation information must be submitted by the client to the certification body at least 30 days before the first audit day. Otherwise, the certification body may postpone the audit, which may result in the loss of the certificate if the specified audit dates in the cycle cannot be met.
• If evidence of the client’s management review is not available at the certification body 30 days before the audit or can only be reviewed on site, at least two additional hours must be scheduled for assessment before the start of the audit.
• The audit of customer performance data is to be carried out during the opening session / introductory meeting, i.e., there is no need for the previously obligatory additional hour before the start of the audit.
• The audits must cover all production processes, and these must be operational at the time of the audit, i.e., there must be no production processes that are not implemented at the time of the audit. Otherwise, the certification body may postpone the audit, which may also result in the loss of the certificate if the specified audit dates in the cycle cannot be met.
• The audit plan must be submitted to the client by the certification body at least 14 days before the start of the audit.

• If the client’s problem-solving process for identified non-conformities is not effective, a major non-conformity (“NC1”) must be raised.
• In the case of major non-conformities, the client must submit the containment measures within 15 days of completion of the on-site audit, as well as evidence of the effectiveness of the containments, the root cause analysis, corrective actions taken and a plan for systemic corrective action.
• If the 15-day feedback is rejected by the certification body, a revision by the client and re-examination / re-assessment by the auditor must be carried out by day 30 after the audit is completed.
• The 60-day deadline for non-conformity management, including verification of the effectiveness of the corrective actions by the client, continues to apply, as does the fact that non-conformities must be assessed as “open but 100% resolved” or closed within 90 days of the last audit day.
• If the systemic corrective actions for non-conformities are not effectively implemented, the certificate must be withdrawn.

• For any minor non-conformity (“nc2”): 0.5 - 1.0 hour (in the next regular audit or during a special audit).
• For any major non-conformity (“NC1”): 1.0 - 3.0 hours each (as part of a special audit).

• Audit plans, reports, non-conformity reports and their status must be reviewed and documented for all remote support locations (“RSL”) supporting the site to be audited. This also applies to remote support locations audited by other certification bodies.
• IATF 16949 certificates may only identify remote support locations where the effectiveness of the support functions in the plant (“site”) has been verified.

• These are conditionally possible for Surveillance audits for Stand-Alone Remote Support Location (“SA-RSL”), where no product or material handling occurs.
• The definition of the remote functions is shown in the table in appendix 2 of the Rules 6^th edition.

• Process begins with IATF-, customer-complaint or non-conformities in the audit.
• The duration of the decertification process is limited to a maximum of 120 days after Last Audit Day (“LAD”). If the decertification process cannot be positively finished by that deadline, the certificate will be withdrawn.
• In the case of a major non-conformity (“NC1”), the certificate is suspended on the date of the certification body’s decision, max. 15 days after completion of the audit.
• For performance complaints from customers to the client: The client must respond in the IATF Performance Complaint Management System (“PCMS”) within 20 days of being requested to do so by the certification body, if applicable.
• If a certificate is withdrawn, the client must remove all references to IATF certification from the company’s internal and public image.

Certification according to IATF 16949 is important for all organisations who manufacture and supply products for the automotive industry – from sub-tier to direct suppliers. These include series production and replacement part manufacturers and providers of added value services.

Through successful certification, suppliers demonstrate that they fulfil the QM requirements, undertake a continuous improvement process and implement customer-specific QM system requirements. The IATF 16949 certificate is also a mandatory requirement for acceptance by many automobile manufacturers and suppliers.

IATF 16949 is an independent QM standard. It covers the requirements of ISO 9001 but is certified on a stand-alone basis. If a certificate according to ISO 9001 is also desired, fulfilment of the ISO-9001 requirements can also be assessed within an IATF-based audit. However, the certification procedure itself is performed independently of IATF 16949.

ISO/TS 16949 is the standard which preceded IATF 16949. It is no longer valid. Since 15 September 2018 organisations must have transitioned to IATF 16949.