IATF 16949

IATF 16949: Quality standard for suppliers in the automotive industry

Certification according to the quality standard IATF 16949 is really a must for suppliers within the automotive sector. IATF 16949 is recognised throughout the world and is the vital prerequisite in order to supply automobile manufacturers, where a certification according to IATF 16949 is generally mandatory in order to maintain a business relationship.

Increasing cost pressures also mean that companies have to develop and implement efficient and capable processes in all areas. Make sure that you fulfil the quality requirements in the supply chain of the automotive industry with the certification of your quality management system according to IATF 16949, while at the same time strengthening your position on the market. 

The focus of the standard is on continuous improvement of system and process and in the end product quality of organisations in the areas of development and manufacture. Development and production processes are considered within this context, with special emphasis on defect prevention through a risk-based and process approach.  

 

Benefits of certification according to IATF 16949

  • Implementation of an internationally recognised quality management standard
  • International market access
  • Certified proof of continuous improvement of your system, process and product quality   
  • Certified proof of use of processes to reduce defects and risks
  • Acceptance and trust of customers and partner organisations, as the certificate demonstrates compliance with sector- and customer-specific demands of the automotive industry

Objectives of the IATF 16949 QM standard

With a certification of your quality management system according to IATF 16949 you demonstrate that you:

  • ensure fulfilment of the sector-specific requirements for the management system and customer orientated processes,
  • fulfil the specific system requirements for quality management and give customer satisfaction top priority.

Customer information on the “Rules for Achieving and Maintaining IATF Recognition, 6th edition, 2025”

As announced in January 2024 in the “IATF Stakeholder Communiqué“ on the „Release of Rules 6th Edition” on the IATF Global Oversight website, the IATF has revised and now published its certification rules

The IATF Global Oversight now grants a maximum period of nine months from 31st March 2024 to implement the changes required in the “Rules for Achieving and Maintaining IATF Recognition 6th edition, 2025” (Rules 6th edition) both for the certification bodies recognized by the IATF and for their clients. 

The IATF Rules 6th Edition come into force and must be fully implemented by 1st January 2025. From 1 January 2025, the IATF Rules 5th edition and all sanctioned interpretations and frequently asked questions of the IATF Rules 5th edition will become obsolete. Since 31st March 2024, the IATF Rules 6th edition can be obtained by interested parties via IATF Oversight Offices. Editions are available in different languages; the German version will be available from May 2024.

 

FAQs on Rules for Achieving and Maintaining IATF Recognition, 6th edition, 2025

Initial certifications Stage 1 audit
  • Stage 1 audit takes place in 2 sections (including a review of the applicability of IATF 16949, certification structure and the planned scope, followed by an assessment of readiness for certification by means of an on-site audit using the “Gemba“ method). 
  • Decision of the certification body on readiness for stage 2 audit or repetition of stage 1 audit after max. 15 days. 
  • If the readiness is not given, a repetition of stage 1 can take place within a maximum of 6 months with the same auditor. 
  • If necessary, at least one additional hour is required to review open points from a previous stage 1 audit. 
Stage 2 audit
  • This includes a complete system audit (all requirements of IATF 16949 are to be audited on-site and evaluated regarding effective implementation). 
  • The stage 2 audit can take place at the earliest 20 days and must take place at the latest 90 days after the final meeting of the stage-1-audit based on a positive readiness assessment by the certification body.
Audit Cycle
  • The last day of a re-certification audit must be completed no later than 3 years -3 months/+0 days after the last day of the first stage 2, re-certification, or transfer audit. Otherwise, the certificate will be withdrawn immediately. 
  • The last day of a surveillance audit must be -3/+3 months after the last initial audit of stage 2, re-certification, or transfer audits (“ARD“). Otherwise, the certificate will be withdrawn immediately.
Specifications regarding audit duration and possible reductions in on-site audit days Corporate Scheme”-Certification Structure
  • Application possible from of two production plants (“sites”) to be included. Reduction of on-site audit time per “site” by max. 15 %. (Note: Depending on the scope of the corporate scheme, a reduction of up to 40% per site was previously permitted).
Upgrade-Audit
  • Total reduction in on-site audit time can now be up to max. 30% (previously up to 50%).
Extended Manufacturing Sites
  • These may be a maximum of 10 miles / 16 km and a maximum travel time of one hour from the main site. If this is not the case, former extended manufacturing sites must be considered as sites and must undergo an initial certification audit (possibly in the corporate scheme structure). This can take place during the underlying audit cycle.
Relocation of sites and remote support locations (RSL)
  • If the production site is relocated, an initial certification audit must be conducted with the involvement of the supporting sites.
Audit preparation / deadlines
  • The client must confirm the audit date to the certification body at least 90 days before the start of the audit (First Audit Day, “FAD”). 
  • A later postponement the audit date is only possible with documented, verifiable justification. 
  • Extended requirements apply for content and deadline for providing information on audit preparation / readiness review to the certification body.
Extended requirements for audit planning
  • The audit planning by the certification body must demonstrably comprise at least 0.50 person days. This requires an entry in the IATF database. 
  • The audit preparation information must be submitted by the client to the certification body at least 30 days before the first audit day. Otherwise, the certification body may postpone the audit, which may result in the loss of the certificate if the specified audit dates in the cycle cannot be met. 
  • If evidence of the client’s management review is not available at the certification body 30 days before the audit or can only be reviewed on site, at least two additional hours must be scheduled for assessment before the start of the audit.
  • The audit of customer performance data is to be carried out during the opening session / introductory meeting, i.e., there is no need for the previously obligatory additional hour before the start of the audit. 
  • The audits must cover all production processes, and these must be operational at the time of the audit, i.e., there must be no production processes that are not implemented at the time of the audit. Otherwise, the certification body may postpone the audit, which may also result in the loss of the certificate if the specified audit dates in the cycle cannot be met. 
  • The audit plan must be submitted to the client by the certification body at least 14 days before the start of the audit.
Non-conformity Management (“NCM”)
  • If the client’s problem-solving process for identified non-conformities is not effective, a major non-conformity (“NC1”) must be raised. 
  • In the case of major non-conformities, the client must submit the containment measures within 15 days of completion of the on-site audit, as well as evidence of the effectiveness of the containments, the root cause analysis, corrective actions taken and a plan for systemic corrective action. 
  • If the 15-day feedback is rejected by the certification body, a revision by the client and re-examination / re-assessment by the auditor must be carried out by day 30 after the audit is completed. 
  • The 60-day deadline for non-conformity management, including verification of the effectiveness of the corrective actions by the client, continues to apply, as does the fact that non-conformities must be assessed as “open but 100% resolved” or closed within 90 days of the last audit day. 
  • If the systemic corrective actions for non-conformities are not effectively implemented, the certificate must be withdrawn.
Minimum times for the on-site effectiveness assessment of audit non-conformities
  • For any minor non-conformity (“nc2”): 0.5 - 1.0 hour (in the next regular audit or during a special audit). 
  • For any major non-conformity (“NC1”): 1.0 - 3.0 hours each (as part of a special audit).
Special features when considering / including remote support locations (“RSL”)
  • Audit plans, reports, non-conformity reports and their status must be reviewed and documented for all remote support locations (“RSL”) supporting the site to be audited. This also applies to remote support locations audited by other certification bodies. 
  • IATF 16949 certificates may only identify remote support locations where the effectiveness of the support functions in the plant (“site”) has been verified.
Remote audit methods
  • These are conditionally possible for Surveillance audits for Stand-Alone Remote Support Location (“SA-RSL”), where no product or material handling occurs. 
  • The definition of the remote functions is shown in the table in appendix 2 of the Rules 6th edition.
Decertification process
  • Process begins with IATF-, customer-complaint or non-conformities in the audit. 
  • The duration of the decertification process is limited to a maximum of 120 days after Last Audit Day (“LAD”). If the decertification process cannot be positively finished by that deadline, the certificate will be withdrawn. 
  • In the case of a major non-conformity (“NC1”), the certificate is suspended on the date of the certification body’s decision, max. 15 days after completion of the audit. 
  • For performance complaints from customers to the client: The client must respond in the IATF Performance Complaint Management System (“PCMS”) within 20 days of being requested to do so by the certification body, if applicable. 
  • If a certificate is withdrawn, the client must remove all references to IATF certification from the company’s internal and public image.

ISO 9001 as a basis

IATF 16949 is based on the ISO 9001 quality management standard. The standard is augmented by sector-specific requirements of the automotive industry. This means that the standard offers a holistic approach to improvement of quality and performance in the automotive supply chain, from the downstream suppliers (sub-tier) to the direct (first-tier) suppliers.

As it is based on ISO 9001, the IATF 16949 standard also makes use of the High Level Structure. The standardised terms and definitions and also numbering of the clauses mean that integration into existing management systems which are also based on the High Level Structure is easily achieved.

 

FAQs on IATF 16949

Who exactly can benefit from IATF 16949?

Certification according to IATF 16949 is important for all organisations who manufacture and supply products for the automotive industry – from sub-tier to direct suppliers. These include series production and replacement part manufacturers and providers of added value services.

Why should suppliers aim at certification?

Through successful certification, suppliers demonstrate that they fulfil the QM requirements, undertake a continuous improvement process and implement customer-specific QM system requirements. The IATF 16949 certificate is also a mandatory requirement for acceptance by many automobile manufacturers and suppliers.

Does IATF 16949 replace ISO 9001 certification?

IATF 16949 is an independent QM standard. It covers the requirements of ISO 9001 but is certified on a stand-alone basis. If a certificate according to ISO 9001 is also desired, fulfilment of the ISO-9001 requirements can also be assessed within an IATF-based audit. However, the certification procedure itself is performed independently of IATF 16949.

What is the difference between ISO/TS 16949 and IATF 16949?

ISO/TS 16949 is the standard which preceded IATF 16949. It is no longer valid. Since 15 September 2018 organisations must have transitioned to IATF 16949.

Successfully through certification with TÜV NORD

We provide our services throughout the world based on our international recognition as an IATF contractual partner and our international network of experts – and we support our clients individually and competently with many different certification projects. Our technical knowledge is reliable and securely based and we have the necessary accreditations and registrations in order to perform audits and certifications according to the rules of IATF 16949 and other management system standards. Both international audit teams and local auditors are here to help you.

Please contact us

Arkadia Green Park, Tower F 6th Floor, Suite 602-604, Jl. TB. Simatupang Kav.88, Kebagusan, Pasar Minggu, 12520 Jakarta Selatan

Tety YohantiSales Manager
Certification Services

tety@tuv-nord.com