Iatf Gap Analysis Tool

GAP ANALYSIS TOOL GAP Rev-h
Automotive
GAP Standard:toIATF 16949-new (with IS0-9001-base)
/TS 16949
• IATF 16949:2016
IATF 16949 follows the high level structure of ISO 9001:2015
• IATF 16949:2016 must be used in conjunction with ISO 9001:2015
 2 separate documents must be used to have all requirements
 IATF 16949 cannot be used as a stand-alone requirements document
 Each section begins with reference back to the ISO-9001 Standard
IAFT 16949
5 Leadership
5.1 Leadership and commitment Know Them Both!
5.1.1 General
See ISO 9001:2015 requirements
• 282 shalls / 16 shoulds in IATF 16949 + 133 shalls = 415 shalls
(292 shalls / 16 shoulds in ISO/TS 16949)
• 21 Documented Processed in IAFT -&- 60 Documented Info / Rcds
• IATF created a transition plan and communicated April 2016
(further revised in November 2016), deadline of Sept 2018
Input from key automotive stakeholders
• IATF launched a survey (via the National Associations) early June

2015 soliciting feedback from over 2,000 key stakeholders:
– OEMs – Witness Auditors
– Suppliers (all Tiers) – Subject Matter Experts
– Certification Bodies – Oversight Offices
• Over 1,700 comments were received for consideration of updates
to ISO/TS 16949.
• Additionally, the IATF conducted a face:face review of the draft
IATF 16949 standard in Rome, Italy in April 2016 with CBs and
supplier representatives.
Value & Credibility
• IATF OEMs look at the linkage

between ISO/TS 16949 Certification and Supplier/Client
quality performance
– Increased focus on operational performance and customer
feedback (customer scorecards/metrics)
– IATF 16949 contains many IATF OEM Customer Specific
Requirements (CSRs)
– OEMs are raising the bar regarding expectations for audits
to reflect systemic weaknesses that affect supplier/client
performance
• Goal = Prevent problems before they occur

Communication Process
The IATF felt it was important to keep everyone informed about project
updates, so they posted regular updates to the IATF Global Oversight
website: http://www.iatfglobaloversight.org/
ISO-9001:2015 & IATF 16949:2016 GAP Analysis
INSTRUCTIONS: Review with Leadership Team for best results.
Each slide is used to identify gaps and where to revise your documented
Quality System for new requirements.
Include document title, responsible process owner, target date to revise
and review document(s), and implementation plans .
Also think error proofing to automate QMS functions (software) to reduce
risk of human error in designing your Quality System .
Use GAP Action /note section on each requirement/slide
Exa: Revise Quality manual , procedure , process map, work instruction , form ,
FMEA / CP, software system error proofing. Include due date + process owner.
GAP Actions / Date / Resp (id-Names of assessment for self-declared training record)
•
•
•
Mandatory Docs
Mandatory Docs
Mandatory Docs
Mandatory Docs
GAP Actions / Date / Resp. (id-Names of assessment for self-declared training record)
• CEO VP. SALES , Supply chain MGR, MFG Mgr , HR mgr , ENG Mgr , QA Mgr +++
• Add names / date of overview training
•
•
LEGEND of the
Changes to
ISO-9 & IATF-16
ISO-9 - Base Standard ISO-9001:2015 requirements to be met
ISO-9001:2015 & IATF-016969:2016 Elements

1. Scope
2. Normative References
3. Terms & Definitions
4. Context of The Organization
5. Leadership
6. Planning
7. Support
8. Operations
9. Performance Evaluation
10. Improvement
LEGEND of the
Changes to
ISO-9 & IATF-16

1. Scope
5. Leadership
6. Planning
7. Support
8. Operations
10. Improvement
ISO-9 Changes
Section 4.1 Understanding ISO-9 Fundamentals
 Training Approach
 ISO 9001:2015 Structure Changes
 Key Concept: Process Approach
 Key Concept: Risk-Based Thinking
 2015 Terminology
•
ISO-9 Changes
Section 4.1 Understanding ISO-9 Fundamentals
2008 version 2015 version
Clause 1 Scope Clause 1 Scope
Clause 2 Normative References Clause 2 Normative References
Clause 3 Terms and Definitions Clause 3 Terms and Definitions
Clause 4 Quality Management System Clause 4 Context of the Organization
REQUIREMENTS
Clause 5 Management Responsibility Clause 5 Leadership
REQUIREMENTS
Clause 6 Resource Management Clause 6 Planning for the QMS
Clause 7 Product/Service Realization Clause 7 Support
Clause 8 Measurement, Analysis & Imprvmt Clause 8 Operation
Clause 9 Performance Evaluation
Clause 10 Improvement
Clarification of New Structure,
Annex A
Terminology and Concepts
Annex B Quality Management Principles
ISO 10000 Portfolio of Quality
Annex C
Management Standards
• Clauses 1, 2 & 3 remain the same.
• 2008 requirements were clauses 4 thru 8 vs- 2015 requirements are clauses 4 thru 10.
• Additional assistance is provided in Annexes A, B and C.
ISO-9 Changes
Key Concept – Process Approach & Risk-Based Thinking
• These concepts are particularly important for:
Top management as they are required to demonstrate leadership and commitment by
promoting the use of these concepts.
Employees tasked with the implementation and maintenance of the QMS.
Internal auditors are required to use a process approach when auditing.
Requirements Specified Requirements Satisfied

(including resource ) (results of a process)
 Inputs and intended outputs may be tangible (such as equipment, materials or
components) or intangible (such as energy or information).
 Outputs can also be unintended, such as waste or pollution.
• REVIEW ALL process MAPS RISK & METRICS Red Yellow Green
•
•
ISO-9 Changes
• This is a schematic
representation of
the elements of a
single process
• Types of Processes:
Production/Service
stamping, welding,
assembly, design,
repair, etc.
Management - risk mgmt,
Mgmt Rvw, training, QMS-
planning/objectives, management reviews , audits and corrective actions
• Support - purchasing, document control, calibration and maintenance
• Customer - sales, customer communication, order processing, supplier mgmt
•
ISO-9 Changes
• Representation of the structure of ISO 9001:2015 standard in the PDCA cycle
(numbers in brackets refer to the clauses of the standard)
ISO-9 Changes
• Representation of the structure of ISO 9001:2015 standard in the PDCA cycle
(numbers in brackets refer to the clauses of the standard)
• 2008 version: “prevention” as a separate component of a QMS.
Required that you react to prevent or reduce undesired effects.
Risk is
Effect of Effects can be
RISK
characterized
uncertainty on positive or
by potential
an expected negative
events and
result consequences
consequences
• 2015 version: application of risk-based thinking throughout QMS.

 Requires a proactive approach to prevent or reduce undesired
effects, as well as reacting if they occur.
 Makes preventive action a part of planning, operation, analysis
and evaluation of the QMS.
ISO-9 Changes
• Risk-based thinking is required in the following clauses
4 – Context Determine the contributers to risk
5 – Leadership Promote risk-based thinking & ensure clause 4 is followed
6 – Planning Identify risks and take appropriate action to address them
7 – Resources Determine and provide necessary resources
8 – Operation Implement and manage operations
9 – Performance Monitor/measure/analyze/evaluate effectivess of actions
taken to address risks
10 – Improvement Improve by responding to changes in risk
All Clauses Risk is implied whenever “suitable” or “appropriate” is
mentioned even though is it not plainly expressed.
ISO-9 Changes
Terminology
SHALL indicates a requirement
SHOULD indicates a recommendation (does not appear in the 2015 version)
M AY indicates a permission (only used once in the 2015 version)
CAN indicates a possibility or a capability (mainly used in notes)
NOTE Provide guidance in understanding or clarifying the associated
requirement. (the yare NOT requirements)
Product & includes all output categories
Services (hardware, services, software and processed materials)
•
•
• Train
ISO-9 Changes
Terminology
2008: Exclusions / 2015: Not used
• Instead clause 4.3 defines conditions under which an organization can decide
that a requirement cannot be applied to any of its QMS processes.
• The org can only decide that a requirement is not applicable if the decision will
not result in failure to achieve conformity of products / services & enhancement
of customer satisfaction.
• The impact of this change will be reviewed in detail when we discuss clause 4.3
in an upcoming training session.
2008: Documentation & Records / 2015: Documented Information
ISO-9 Changes
Section 4.1 Understanding The Organization & Its Context
• The organization shall
• determine external & internal issues relevant to its purpose & its strategic
direction that affect its ability to achieve the intended result(s) of its QMS.
• shall monitor & review information about these external & internal issues.
Note 1: Issues can include positive/negative factors or conditions for consideration.
Note 2: Understanding external context considers issues arising legal, technological,
competitive, market, cultural, social and economic environments, whether
international, national, regional or local.
Note 3: Understanding the internal context considers values, culture, knowledge and
performance of the organization.
•
• QA manual re-write VP / QA / CEO NEW process maps Date XXX
•
ISO-9 Changes
Section 4.1 Understanding The Organization & Its Context - Associated Clauses:
• 4.3 When determining the scope, the organization shall consider the external
and internal issues referred to in 4.1
• 5.1.1 Top management shall ensure that the quality policy / quality objectives
are established for the QMS and compatible with the organization’s
strategic direction and its context.
• 5.2.1a Top management shall establish, review and maintain its quality policy
appropriate to the purpose and context of the organization.
• 6.1.1 When planning the QMS, the org shall consider issues referred to in 4.1
and determine risks and opportunities that need to be addressed.
• 9.3.1 The management review shall be planned and carried out taking into
consideration changes in external and internal issues relevant to its QMS
that includes its strategic direction.
• QA manual re-write QA Mgr/ VP Date XXX
• Process map leadership / Risk VP date XXX

•
•
ISO-9 Changes
Section 4.2 Understanding Needs & Expectations of Interested Parties
• Due to their effect (potential or real) on
the organization’s ability to consistently
provide products & services to customer,
regulatory, statutory requirements, the
organization shall determine:
 interested parties that are relevant
to the QMS
 requirements of these parties
The organization shall monitor and review
information about these interested parties
and their relevant requirements.
ISO-9001:2015; 3.3.7 - Interested Party: person or group having an interest in the
performance or success of an organization (3.3.1)
Example: Customers (3.3.5), owners, people in an organization, suppliers
(3.3.6), bankers, unions, partners or society.
Note: A group can comprise an org / part thereof, or more than one org.
ISO-9 Changes
Section 4.2 Interested Parties - Associated Clauses:
• 4.3 When determining the scope, the org shall consider requirements of
relevant interested parties referred to in 4.2
• 5.2.2 Quality policy is available to relevant interested parties, as appropriate.
• 6.1.1 When planning QMS, the organization shall consider the requirements
referred to in 4.2 & determine risks / opportunities need to be addressed
• 8.3.2 In determining the stages and controls for design and development, the
organization shall consider the level of control expected for the design and
development process by customers and other relevant interested parties.
• 9.3.2 Management review is planned / carried out considering information on
QMS performance and effectiveness, including trends in customer
satisfaction and feedback from relevant interested parties.
• Revised Mgt review form Risk / Opp VP Date XXX
•
•
ISO-9 Changes
Section 4.3 Determining The Scope of The QMS
• The org determines boundaries & applicability of its QMS to establish its scope.
• When determining this scope, the organization shall consider:
 the external and internal issues referred to in 4.1;
 the requirements of relevant interested parties referred to in 4.2;
 the products and services of the organization.
• The organization shall apply all the requirements of this International Standard if
they are applicable within the determined scope of its QMS.
• ISO-9 does not require the org to maintain a Quality Manual – but IATF-16 does
Changes
IATF requirements for TS 16949 Scope Statements: 4th to 5th Ed Rules
• TS scope statements must be formulated as follows and only include products
and services supplied to the automotive industry and thus built into the vehicle:
Design & Manufacturing of XXX or Production of XXX
• When identifying functions performed by remote sites, only terms used are:
Aftersales Human resources Policy making Sequencing
Calibration Information technologies Process design Servicing
Continuous improvement Internal audit management Product design Strategic planning
Contract review Laboratory Production equipment development Supplier mgmt
Customer service Logistics Purchasing Testing
Distribution Maintenance Quality system management Training
Engineering Management review Research & Development Warehousing
Facilities management Marketing Repair Warranty mgmt
Finance Packaging Sales
• CEO VP. QA Mgr +++
• Check current certificate & process maps to match reality
• Note these are IATF termimnology iology not ours ,

•
•
Changes
IATF requirements for TS 16949 Scope Statements: 4th to 5th Ed Rules
• Mfg-Site vs RSL (Remote Support Location) QMS Structure Matrix
Changes
Section 4.3.1: Determining the scope of the quality mgmt system – supplemental
• These requirements were originally included in ISO/TS 16949:2009; Sections
1.1 and 1.2. They have been moved to Section 4 within IATF 16949.
• The requirement relating to supporting functions was revised to ensure that
supporting functions not only address the need to include support functions*
in the audit, but also to ensure that they are included in the scope of the QMS.
( Sales/Design / Warehouses …. Other support locations/ functions *)
• In addition, any exclusion sought for design and development activities, now in
Section 8.3, has to be preserved as documented information.
•
•
Changes
Section 4.3.2: Customer-specific requirements
• Although the need to fulfill and satisfy customer-specific requirements was
already mentioned throughout the whole ISO/TS 16949 document, in IATF
16949 this requirement specifically addresses the need to evaluate the
customer specific requirements and include them where applicable in the
organization's quality management system.
• This means that the supplier would need some sort of process to evaluate each
of their customer’s customer-specific requirements (CSR) and determine
exactly how (and where) it applies to their organization's QMS, as applicable.
3.1 Terms and Definitions: CSR – interpretation of or supplemental requirements linked to a specific clause(s) of
this Automotive QMS Standard. Exa: is your customers Supplier QA manual , and /or see IATF.org for OEM CSR’s
• CSR process / processs MAP QA / VP date xxx

•
•
Changes
Section 4.4.1.1: Conformance of products and processes
• This requirement was adopted based on IATF survey feedback that was received
• It ensures two things:
 that the supplier (organization) is responsible for the conformity of
outsourced processes, and
 that all products and processes meet all applicable requirements and
expectations of all interested parties
• To ensure conformance of all products and processes, the organization would
need to take a proactive approach to assess and address risks, and not rely
only on inspection.
• Check SC’s regulations / risks / error proofing / CpK - ENG / MFG

•
•
Changes
Section 4.4.1.2: Product safety (Documented Process)
• New section with enhanced requirements that address current and emerging
issues the automotive industry is facing related to product and process safety.
• Organizations (suppliers) are required to have documented processes to
manage product-safety related products and processes.
Examples: Safety items may include FMVSS/ ECE regulations such as brakes,
lighting, steering, seating, airbags. Process safety may include stampings that
could produce sharp edges / burs and machine guarding for safety.
• Process MAP for Product safety / Regulations / SCs Eng Mgr Date XXX
• LINK to APQP . SHOP Floor awareness safety related product – print / FMEA / CP / WI / Label
•
•
Changes
Section 4.4.1.2: Product safety
• This section includes identification of statutory requirements; identifying and
controlling product-safety-related characteristics both during design and at
point of manufacture; defining responsibilities, escalation processes, reaction
plans, and the necessary flow of information including top management and
customers; receiving special approvals for FMEAs and Control Plans; product
traceability measures; and cascading of requirements throughout the supply
chain.
•
•
Section 4; Context of The Org
Changes to
ISO-9 / IATF-16 GAP Summary ISO-9 & IATF-16
QMS-Team GAP Participant Names Title
QMS Rep Confirmation – Na: Da:
Additional Notes:
• Check manual re write
•
•
LEGEND of the
Changes to
ISO-9 & IATF-16

1. Scope
5. Leadership
6. Planning
7. Support
8. Operations
10. Improvement
ISO-9 Changes
Section 5.1.1: Leadership & Commitment
• Top mgmt shall demonstrate leadership and commitment with respect to the QMS by
 Taking accountability for the effectiveness of the QMS.
 Ensuring quality policy and quality objectives are established for the QMS and are
compatible with context and strategic direction of the organization.
 Ensuring integration of QMS rqmts into organization’s business processes.
 Promoting the use of the process approach and risk-based thinking.
 Ensuring that the resources needed for the QMS are available.
 Communicating the importance of effective quality mgmt & of conforming to the
QMS requirements.
 Ensuring that the QMS achieves its intended results.
 Engaging, directing & supporting persons to contribute to the effectiveness of QMS.
 Promoting improvement.
 Supporting other relevant management roles to demonstrate their leadership as it
applies to their areas of responsibility.
• Verify metrics are in line with customer requirements & strategy VP Date XXX
•
•
Changes
Section 5.1.1.1: Corporate Responsibility
• The organization is to define and implement corporate responsibility policies…
at a minimum an anti-bribery policy, an employee code of conduct, and an
ethics escalation policy (“whistle-blowing policy”).
• Develop training for all on ethics policy , conduct , anti bribe , and whistle blowers
• Delivery of training & records / add to training matrix HR date XXX
• Audit new employees & those absent for this

•
•
Changes
Section 5.1.1.2: Process effectiveness and efficiency
• The requirement for an organization to review their processes to ensure
effectiveness and efficiency was covered in ISO/TS 16949, Section 5.1.1.
• Based on survey feedback, the IATF strengthened the requirement to ensure
that the results of process review activities will now be included in
management review.
• Process review activities need to include evaluation methods and, as a result,
implement improvements.
• The results of these steps would be an input to the management review
process. Top management is thus performing a review of the process-specific
reviews performed by the process owners.
• VP to review all metrics to assure E/E are intact & if not establish new ,metrics Date XXX
•
•
Changes
Section 5.1.1.3: Process Owners
• ISO/TS 16949:2009 addresses management responsibility and authority, but it
does not explicitly mention that management ensure process owners
understand their role and are competent.
• The IATF adopted this new requirement to ensure that management
understands this expectation, by specifically identifying these process owners
and ensuring they can perform their assigned roles.
• This requirement recognizes that process owners have the authority and
responsibility for activities and results for the processes they manage.
• Each process owner to update their process maps Date xxx

•
•
ISO-9 Changes
Section 5.2.1: Quality Policy - Establish
• Top mgmt shall establish, implement and maintain a quality policy that:
 is appropriate to the purpose & context of the org & supports its strategic direction
 provides the framework for setting its quality objectives;
 includes commitment to satisfy applicable requirements;
 includes commitment to continual improvement of the QMS.
Section 5.2.2: Quality Policy - Communication
• The Quality Policy
 available as documented information
 communicated, understood and applied within the organization
 available to relevant interested parties, as appropriate.
•
•
ISO-9 Changes
Section 5.3: Org Roles, Responsibility & Authority
• Top mgmt shall ensure responsibilities & authorities for relevant roles are assigned,
communicated & understood within the organization.
• Top management shall assign the responsibility and authority for:
 ensuring QMS conforms to requirements of this International Standard
 ensuring that the processes are delivering their intended outputs
 reporting on the performance of the QMS & opportunities for imprvmt (10.1), for top mgmt
 ensuring the promotion of customer focus throughout the organization (VOC)
 ensuring the integrity of QMS is maintained when changes to QMS are planned / implemented
• Refer to ISO-9001:2015; Section 9.3 – Mgmt Review for additional Mgmt Roles/Resp
•
•
Changes
Section 5.3.1: Organ’tnl roles, responsibilities, and authorities – supplemental
• This requirement was already part of ISO/TS 16949:2009.
• However, based on IATF survey feedback, the IATF adopted some
modifications to the requirement to address the need to document
assigned personnel responsibilities and authorities.
• Additionally, this clause now clarifies that the goal is not just to address
customer requirements but also to meet customer requirements fully.
• Personnel involved in capacity analysis, logistics information, customer
scorecards, and customer portals now also need to be assigned and
documented, per the requirements in this section.
• QA manual re-write QA Mgr/ VP Date XX
• Assign process owner customer portal / scorecard / cap/ logistsics Sales Date XXX
•
•
Changes
Section 5.3.2: Responsibility & authority for product rqmts & corrective Actions
• Differs from ISO/TS16949:2009; Section 5.5.1.1 (Modification)
Note: Due to the process design in some industries, it might not always be
possible to stop production immediately. In this case, the affected back must
be contained and shipment to the customer prevented.
• Production operations across all operational shifts staffed with personnel in
charge of / or delegated responsibility to ensure conformity to product
requirements
• STOP call wait signs order & post Date XXX Mfg VP
•
•
Section 5; Leadership
Changes to
Additional Notes:
•
•
•
LEGEND of the
Changes to
ISO-9 & IATF-16

1. Scope
5. Leadership
6. Planning
7. Support
8. Operations
10. Improvement
ISO-9 Changes
Section 6 – Planning; 6.1: Actions to Address Risk & Opportunities
• When planning QMS, the org shall consider issues referred to in 4.1 & the requirements
referred to in 4.2 & determine the risks & opportunities that need to be addressed to:
 give assurance that the QMS can achieve its intended results;
 enhance desirable effects;
 prevent, or reduce, undesired effects;
 achieve improvement.
Section 6 – Planning; 6.2: The org shall plan:
 Actions to address the risk & opportunities
 How to: 1) integrate and implement the actions into its QMS processes (see 4.4)
2) evaluate the effectiveness of these actions.
• Refer to ISO-9 6.1.2 “Notes” for more detail
•
•
Changes
Section 6.1.2.1: Risk analysis
• The need to identify, analyze, and consider actual and potential risks was covered in
various areas of ISO/TS 16949.
• The IATF adopted additional requirements for risk analysis recognizing the continual
need to analyze and respond to risk and to have suppliers/organizations consider
specific risks associated with the automotive industry.
• Organizations would need to periodically review lessons learned from product
recalls, product audits, field returns and repairs, complaints, scrap, and rework,
and implement action plans in light of these lessons.
• The effectiveness of these actions should be evaluated, and actions integrated in to
the organization's QMS.
• Objective Evidence – Retained documented information as results of risk analysis
• Quick response board in MFG / OPL / Q alerts Mfg VP Date XXX

•
•
Changes
Section 6.1.2.2: Preventive action
• The IATF enhanced the requirement found in ISO/TS 16949 by integrating what
is considered to be a best practice in the automotive industry.
• Organizations would need to implement a process to lessen the impact of
negative effects of risk, appropriate to the severity of the potential issues
• Such a process would include: identifying the risk of nonconformity
recurrence, documenting lessons learned, identifying and reviewing similar
processes where the nonconformity could occur, and applying lessons learned
to prevent such potential occurrence.
•
•
Changes
Section 6.1.2.3: Contingency plans
• The expanded requirement ensures the organization defines and prepares
contingency plans along with a notification process.
• Organizations first take a systematic approach to identifying and evaluating risk
for all manufacturing processes, giving particular attention to external risk.
• Contingency plans( CP) would be developed for any of the outlined disruption
conditions -- interruption of externally provided products, processes, and
services, recurring natural disasters, fire, or infrastructure-related disruptions.
Shall periodically test CP.
• Customer notification is a mandatory step in any contingency plan, unless there
is no risk to deliver nonconforming product or affect on-time delivery
• Update Contingency plan see bold above Date XXX VP
• Reminder for annual table top test / perform table top review Date VP
•
•
ISO-9 Changes
6.2: Quality Objectives & Planning;
6.2.1 The organization shall establish quality objectives at relevant functions,
levels and processes needed for the QMS. The quality objectives shall:
 be consistent with the quality policy
 be measurable
 take into account applicable requirements
 be relevant to conformity of products & services & enhance cust-satisfaction
 be monitored
 be communicated
 be updated as appropriate.
The organization shall maintain documented information on the quality objectives.
•
•
ISO-9 Changes
6.2: Quality Objectives & Planning;
6.2.2 When planning how to achieve its quality objectives, the org shall determine:
 what will be done
 what resources will be required
 who will be responsible
 when it will be completed
 how the results will be evaluated. POLICY
The organization shall maintain documented information on the quality objectives.
•
•
Changes
Section 6.2.2.1: Quality objectives & planning to achieve them – supplemental
• ISO/TS 16949 included the importance of addressing customer expectations in
the NOTE to Section 5.4.1.1. The IATF enhanced the requirement by requiring
that it be done at all levels throughout the organization.
• In ensuring quality objectives meet customer requirements, these objectives
need to consider customer targets.
• Personnel should be aware of, and committed to, achieving results that meet
customer requirements.
• Quality objectives and related performance targets should be periodically
reviewed for adequacy (at least annually).
• Mgt review process review perf targets Date XXX VP

•
•
ISO-9 Changes
6.3: Planning of Changes
• When the organization determines the need for changes to the QMS, the changes
shall be carried out in a planned manner (see 4.4). The org shall consider:
 the purpose of the changes and their potential consequences
 the integrity of the QMS
 the availability of resources
 the allocation or reallocation of responsibilities and authorities.
•
•
Section 6; Planning
Changes to
Additional Notes:
•
•
•
LEGEND of the
Changes to
ISO-9 & IATF-16

1. Scope
5. Leadership
6. Planning
7. Support
8. Operations
10. Improvement
ISO-9 Changes
7.1: Resources
7.1.1 The organization shall determine and provide the resources needed
for the establishment, implementation, maintenance and continual
improvement of the QMS. The org shall consider:
 the capabilities of, and constraints on, existing internal resources
 what needs to be obtained from external providers.
7.1.2 People - The organization shall determine and provide the persons
necessary for the effective implementation of its QMS and
for the operation and control of its processes.
•
•
ISO-9 Changes
7.1: Resources
7.1.3 Infrastructure – The organization shall determine, provide and
maintain the infrastructure necessary for the operation of its
processes and to achieve conformity of products and services.
Note: Infrastructure can include:
 the capabilities of, and constraints on, existing internal resources
 what needs to be obtained from external providers.
•
•
•
Changes
Section 7.1.3.1: Plant, facility, and equipment planning
• This updated section includes an increased focus on risk identification and risk
mitigation, evaluating manufacturing feasibility, re-evaluation of changes in
processes, and inclusion of on-site supplier activities.
• Many operational risks can be avoided by applying risk-based thinking during
planning activities, which also extends to optimization of material flow and use
of floor space to control non-conforming product.
• Capacity planning evaluation during manufacturing feasibility assessments
must consider customer-contracted production rates and volumes, not only
current order levels.
•
•
ISO-9 Changes
7.1: Resources
7.1.4 Environment for the Operation of Process
The organization shall determine, provide and maintain the
environment necessary for the operation of its processes and to
achieve conformity of products and services.
Note: A suitable environment can be a combination of human
and physical factors, such as:
 social (e.g. non-discriminatory, calm, non-confrontational
 psychological stress-reducing, burnout prev’tn, emotionally protective
 physical (e.g. temperature, heat, humidity, light, airflow, hygiene, noise)
Factors can differ depending on the products & services provided.
•
Changes
Section 7.1.4.1: Environment for the operation of processes – supplemental
• This requirement for an organization to "maintain its premises in a state of
order, cleanliness, and repair" was preserved from ISO/TS 16949 and
transferred to IATF 16949.
•
•
ISO-9 Changes
7.1.5: Monitoring & Measuring Resources
7.1.5.1 Monitoring & Measuring Resources
The org shall determine and provide the resources needed to ensure
valid and reliable results when monitoring or measuring is used to
verify the conformity of products and services to requirements.
The organization shall ensure that the resources provided are:
 suitable for specific type of monitoring & measurement undertaken
 maintained to ensure their continuing fitness for their purpose.
• The organization shall retain appropriate documented information as evidence of fitness
for purpose of the monitoring and measurement resources.
•
•
Changes
Section >>> 7.1.5.1.1: Measurement system analysis
• Records are now required for customer acceptance of alternative methods.
The previous requirement to analyze variation in measurement results is now
extended specifically to inspection equipment.
• IATF 16949 also clarifies that records of customer acceptance need to be
retained along with results from alternative measurement system analysis.
Note: Prioritization of MSA studies to focus on critical or special product or
process characteristics.
• QA to check MSA records for alt methods get customer agreement DATE xxx
•
•
ISO-9 Changes
7.1.5.2: Measurement Traceability
• When measurement traceability is a requirement, or is considered by the organization to
be an essential part of providing confidence in the validity of measurement results,
measuring equipment shall be:
 calibrated or verified, or both, at specified intervals, or prior to use, against
measurement stds traceable to international or national measurement stds when
no such std exist, the basis used for calibration or verification shall be retained as
documented information
 identified in order to determine their status
 safeguarded from adjustments, damage or deterioration that would invalidate the
calibration status and subsequent measurement results.
• The organization shall determine if the validity of previous measurement results has been
adversely affected when measuring equipment is found to be unfit for its intended
purpose, and shall take appropriate action as necessary.
•
•
Changes
Section 7.1.5.2.1: Calibration/verification records (Documented Process)
• This updated section helps ensure that customer requirements are met through
enhanced calibration/verification record retention requirements, including
software installed on employee-owned or customer-owned equipment.
• This updated section helps ensure that customer requirements are met through
enhanced calibration/verification record retention requirements, including
software installed on employee-owned or customer-owned equipment.
• IATF 16949 clarifies that a documented process is required to manage
calibration/verification records in order to provide evidence of conformity, and this
includes any on-site supplier-owned equipment.
• Inspection, measurement, and test equipment calibration/verification activities
need to consider applicable internal, customer, legislative, and regulatory
requirements in order to establish approval criteria.
• QA to create cal procedure / process including software test Date xxx

•
•
Changes
Section 7.1.5.3.2: External laboratory
• This updated section allows the organization to conduct second-party
assessments of laboratory facilities, but requires customer-approval of the
assessment method.
• This updated section allows the organization to conduct second-party
assessments of laboratory facilities, but requires customer-approval of the
assessment method.
• The clause also clarifies that internal laboratory requirements apply even when
calibration is performed by the equipment manufacturer, and that use of
calibration services may be subject to government regulatory confirmation.
Example: scales – USA / State weights & measures
•
•
ISO-9 Changes
7.1.6: Organizational Knowledge
• The organization shall determine the knowledge necessary for the operation of its
processes and to achieve conformity of products and services.
• This knowledge shall be maintained and made available to the extent necessary.
• When addressing changing needs and trends, the organization shall consider its current
knowledge and determine how to acquire or access any necessary additional knowledge
and required updates.
• See ISO-9001:2015 for [2] Notes
•
•
ISO-9 Changes
7.2: Competence – the org shall:
 determine the necessary competence of person(s) doing work under its
control that affects the performance and effectiveness of the QMS
 ensure that these persons are competent on the basis of appropriate
education, training, or experience
 where applicable, take actions to acquire the necessary competence, and
evaluate the effectiveness of the actions taken;
 retain appropriate documented information as evidence of competence
NOTE: Applicable actions can include, for example, the provision of training
to, the mentoring of, or the reassignment of currently employed persons; or
the hiring or contracting of competent persons.
•
•
Changes
Section 7.2.1: Competence – supplemental (Documented Process)
• This section adds a requirement of “awareness,” which includes knowledge of
an organization’s (supplier’s) quality policy, quality objectives, personnel
contribution to the QMS, benefits of improved performance, and implications
of not conforming with QMS requirements.
• It also further emphasizes the customer requirements for OJT (on-the-job
training), not just quality requirements.
Note that the use of the term "process" rather than "procedure“ implies that
these activities need to be managed (via the plan-do-check-act cycle), and not
merely performed.
• HR procedure competence / training matrix update Date XXX

•
•
Changes
Section 7.2.2: Competence – on-the-job training
• IATF 16949 enhances the emphasis of on-the-job training and its importance in
meeting customer requirements, including other interested parties.
• The process would consider any relevant interested party requirements as an
input in determining the need for on-the-job training, and then consider the
level of education and complexity of the tasks in determining the method used.
• This training must also include contract or agency personnel, and convey the
consequences of nonconformity to customer requirements to all persons
whose work affects quality.
Examples of competence: conformity to quality requirements, internal
requirements, regulatory or legislative requirements
•
•
Changes
Section 7.2.3: Internal auditor competency (Documented Process)
• This section features greatly-enhanced requirements to the organization's
internal auditor competency to ensure a more robust internal audit process.
• Organizations need to establish a documented process that considers the
competencies required by this clause, take actions to address any deficiencies,
assess the effectiveness of action taken, and record a list of the approved
auditors.
• The clause differentiates between quality management system auditors,
manufacturing process auditors, and product auditors, and clarifies the
competence requirements for each type of audit.
• HR competence procedure / trainimg matrix update Date XXX
• List of system , product , mfg process auditors Date XXX

•
•
Changes
Section 7.2.4: Second-party auditor competency
• This new section outlines requirements for second-party auditors ensuring they
are properly qualified to conduct those types of audits, with customer specific
requirements being a main focus.
• The same core competencies that apply to internal auditors should, at a
minimum, also apply to second-party auditors.
• Understanding of: Automotive Risk-base thinking, Customer/Org specific
requirements, ISO-9001 & IATF16949 requirements as related to audit scope,
manufacturing process(es) / P-FMEA and Control Plans, applicable AIAG Core
Tools & Audit Guidelines in accordance with ISO-19011.
• Training matrix HR date XXX

•
•
ISO-9 Changes
7.3: Awareness
• The org shall ensure that persons doing work under the org’s
control are aware of:
 the quality policy
 relevant quality objectives
 their contribution to the effectiveness of the QMS, including the benefits
of improved performance
 the implications of not conforming with the QMS requirements
•
•
Changes
Section 7.3.1: Awareness – supplemental
• Includes additional requirements to ensure all employees are aware of their
impact on the organization’s (supplier’s) product quality output, customer
specific rqmts, and risks involved for the customer with non-conforming product.
•
•
(Documented Process)
Section 7.3.2: Employee motivation & empowerment Changes
• This section did not substantially change, but now requires "maintain[ing] a
documented process(es)" for employee motivation and empowerment, instead
of simply "having a process."
• HR procedure for Motiv/ empower Date XXX

•
ISO-9 Changes
7.4: Communication
• The organization shall determine the internal and external communications
relevant to the QMS, including:
 on what it will communicate
 when to communicate  how to communicate
 with whom to communicate  who communicates
•
•
ISO-9 Changes
7.5: Documented Information
• Terminology
2008: Document, documented procedure, quality manual, quality plan, etc.
2015: Maintain documented information
2008: Records
2015: Retain documented information.
•
•
ISO-9 Changes
7.5: Documented Information
• 7.5.1 The organization’s QMS shall include documented information:
 required by this International Standard
 determined by the org necessary for the effectiveness of the QMS.
NOTE: The extent of documented information for a QMS can differ from one
organization to another due to the:
- size of org & its type of activities, processes, products, and services
- complexity of processes and their interactions
- competence of persons
• 7.5.2 When creating & updating documented information, the org ensure appropriate:
 identification and description (e.g. a title, date, author, or reference no)
 format (language, software version, graphics) & media (paper, electronic)
 review and approval for suitability and adequacy
•
•
Changes
Section 7.5.1.1: Quality mgmt system documentation (Documented Process)
• The IATF retained the quality manual requirement that was removed in ISO
9001:2015; however, the quality manual can be one main document or a series
of multiple documents (hard copy or electronic).
• This section also requires that the organization’s processes and interactions
are documented as part of their QMS.
• The quality manual needs to document where in the organization's QMS
customer-specific requirements are addressed.
• QA procedure / process maps / CSR requirement need be identified Date XXX

•
•
ISO-9 Changes
7.5.3: Control of Documented Information
• 7.5.3.1 Documented information required by the QMS and by this International Standard
shall be controlled to ensure it is:
 available and suitable for use, where and when it is needed;
 adequately protected (e.g. from loss of confidentiality, improper use, or loss
of integrity).
•
•
ISO-9 Changes
7.5.3: Control of Documented Information
• 7.5.3.2 For the control of documented information, the organization shall address the
following activities, as applicable:
 distribution, access, retrieval and use
 storage and preservation, including preservation of legibility
 control of changes (e.g. version control)
 retention and disposition.
• Documented information of external origin determined by the organization to be necessary for
the planning and operation of the QMS shall be identified as appropriate, and be controlled.
• Documented information retained as evidence of conformity shall be protected from
unintended alterations.
NOTE: Access can imply a decision regarding the permission to view the documented
information only, or permission & authority to view & change the documented information.
•
•
Changes
Section 7.5.3.2.1: Record retention
• This section now requires a record retention process that is defined and
documented, and that includes the organization’s record retention
requirements.
• Specifically calls out production part approvals, tooling records, product and
process design records, purchase orders, and contracts/amendments.
• If there is no customer or regulatory agency retention period requirements for
these types of records, "the length of time that the product is active for
production and service requirements, plus one calendar year" applies.
• VP / QA revise record retention list Date XXX

•
•
Changes
Section 7.5.3.2.2: Engineering specifications (Documented Process)
• Added an engineering specifications requirement that the process is documented
and agreed with the customer.
• This section also clarifies product design changes and product realization process
changes, and the alignment to related sections.
• If there are no other overriding customer agreements, reviews of engineering
standards/specifications changes should be completed within 10 working days of
receipt of notification.
• Engineering standards/changes resulting in produce change must refer back to
ISO-9001, Section 8.3.6
Key: keep in mind the interaction of ISO-9001 & IATF-16949
• ENG procdure for change control including Eng specs / 10 days Date XXX
•
•
Section 7; Support
Changes to
Additional Notes:
•
•
•
LEGEND of the
Changes to
ISO-9 & IATF-16

1. Scope
5. Leadership
6. Planning
7. Support
8. Operations
10. Improvement
ISO-9 Changes
8.1: Operational Planning & Control
• The org shall plan, implement &control the processes (see 4.4) needed to meet rqmts for
provision/products & services, & to implement actions determined in Clause 6, by:
 determining the requirements for the products and services
 establishing criteria for the:
processes & acceptance of product and services
 determining resources to achieve conformity to product & service rqmts
 implement control of the processes in accordance with the criteria;
 determining, maintaining &retaining documented information necessary to:
have confidence that the processes have been carried out as planned
demonstrate products & services conformity to their requirements.
• The output of this planning shall be suitable for the organization’s operations.
•
•
ISO-9 Changes
8.1: Operational Planning & Control
• The organization shall control planned changes and review the consequences of
unintended changes; taking action to mitigate any adverse effects, as necessary.
• The organization shall ensure that outsourced processes are controlled (see 8.4).
• Outsourced: an arrangement made where an external organization performs part of
an organization’s function or process.
•
•
Changes
Section 8.1.1: Operational planning and control — supplemental
• This section features enhanced detail to ensure key processes are included and
considered when planning for product realization.
• The required topics include customer product requirements and technical
specifications, logistics requirements, manufacturing feasibility, project
planning, and acceptance criteria.
• The section also clarifies the "resources needed to achieve conformity"
encompasses all aspects of the development process, not just the
manufacturing process requirements.
•
•
ISO-9 Changes
8.2.1: Customer Communications
• Communication with customers shall include:
 providing information relating to products and services;
 handling enquiries, contracts or orders, including changes;
 obtaining cust feedback relating to products and services, incldg cust complaints;
 handling or controlling customer property;
 establishing specific requirements for contingency actions, when relevant.
8.2.2: Determining Product & Services Requirements
• When determining the requirements for the products and services to be offered to
customers, the organization shall ensure that:
 the requirements for the products and services are defined, including:
- any applicable statutory and regulatory requirements;
- those considered necessary by the organization;
 the organization can meet the claims for the products and services it offers.
•
•
Changes
Section 8.1.2: Confidentiality
• Only a minor edit to clarify confidentiality "includes" related product
information, instead of using the word "and." There is no change in intent.
•
•
Section 8.2.1.1: Customer communication — supplemental

• Added a requirement that the communication language (written or verbal)
must be agreed with the customer.
• This should be considered when determining the necessary competence for
roles that require customer communication
•
•
Changes
Section 8.2.2.1: Determining requirements for products & services – supplemental
• The IATF strengthened the standard by elevating Notes 2 and 3 of the former
clause into requirements.
• This suggests current organizational knowledge regarding recycling,
environmental impact, and product and manufacturing process characteristics
should be standardized.
• This knowledge would be systematically reviewed and used when determining
the requirements for the products and services to be offered to customers.
•
•
ISO-9 Changes
8.2.3: Review of Product & Services Requirements
• 8.2.3.1 The org shall ensure the ability to meet the requirements for products and
services to be offered to customers & shall conduct a review before committing
to supply products and services to customer, to include:
 requirements specified by the customer, including the requirements for delivery
and post-delivery activities
 requirements not stated by the customer, but necessary for the specified or
intended use, when known
 requirements specified by the organization
 statutory and regulatory requirements applicable to the products and services
 contract or order requirements differing from those previously expressed.
•
•
ISO-9 Changes
8.2.3: Review of Product & Services Requirements
• 8.2.3.1 (continued)
The organization shall ensure that contract or order requirements differing from those
previously defined are resolved.
The customer’s requirements shall be confirmed by the organization before
acceptance, when the customer does not provide a documented statement of their
requirements.
NOTE: In some instances, such as internet sales, a formal review is impractical for
each order. Instead, the review can cover relevant product information, such
as catalogues.
•
•
Changes
Section 8.2.3.1.1: Review requirements for products & services — supplemental
• IATF 16949 strengthens this requirement by requiring the organization to retain
a documented customer authorization for waivers of formal reviews for
products and services.
•
Section 8.2.3.1.2: Customer-designated special characteristics

• This section changes the action from "demonstrate conformity“ to "conform,"
and clarifies that it refers to "approval documentation," rather than just
"documentation.“
• There is no change in intent.
•
•
ISO-9 Changes
Section 8.2.3 (continued)
• 8.2.3.2 The organization shall retain documented information, as applicable:
 on the results of the review;
 on any new requirements for the products and services.
•
•
Changes
Section 8.2.3.1.3: Organization manufacturing feasibility
• Enhanced requirements for manufacturing feasibility analysis through the
following changes:
 Requiring a multidisciplinary approach to analyze feasibility, considering
all engineering and capacity requirements
 Requiring this analysis for any new manufacturing or product technology,
and for any changed manufacturing process or product design.
• The organization should validate their ability to make product specifications at
the required rate. These should consider customer-specific requirements.
•
ISO-9 Changes
8.2.4 Changes to Requirements for Products & Services
• The organization shall ensure that relevant documented information is amended, and
that relevant persons are made aware of the changed requirements, when the
requirements for products and services are changed.
•
•
Changes
Section 8.3.1.1: Design & development of products and services – supplemental
• Strengthened the standard by elevating the NOTE in the former section to a
requirement, and added a requirement for documentation of the design and
development process.
• As the concept of the design and development process in the automotive
industry includes manufacturing design and development, the requirements
from other parts in Section 8 should be considered complimentary in the
context of manufacturing and product design and development.
•
Changes
Section 8.3.2.1: Design and development planning – supplemental
• Clarifies when the multidisciplinary approach is to be used and who should be
involved. Specifically, it must include all affected stakeholders within the
organization and, as appropriate, its supply chain.
• Additional examples are provided of areas where such an approach may be used
during design and development planning (including project management), and the
note further clarifies that purchasing, supplier, and maintenance functions might be
included as stakeholders.
•
•
Changes
Section 8.3.2.2: Product design skills
• This section adds a NOTE as an example of a product design skillset. There is no
change in intent.
Changes
Section 8.3.2.3: Development of products with embedded software
• This new clause adds requirements for organization-responsible embedded
software development and software development capability self-assessments.
• Organizations must use a process for quality assurance of products with
internally developed embedded software, and have an appropriate assessment
methodology to assess their software development process.
• The software development process must also be included within the scope of
the internal audit program; the internal auditor should be able to understand
and assess the effectiveness of the software development assessment
methodology chosen by the organization
• If future products have embedded software we will carry out reqts at that time
•
Changes
Section 8.3.3.1: Product design input
• This section expanded the minimum set of product design input requirements,
emphasizing regulatory and software requirements.
• New and broadened requirements include: product specifications; boundary
and interface requirements; consideration of design alternatives; assessment of
risks and the organization's ability to mitigate/manage those risks; conformity
targets for preservation, serviceability, health, safety, environmental, and
development timing; statutory and regulatory requirements for the country of
destination; and embedded software requirements.
•
Changes
Section 8.3.3.2: Manufacturing process design input
• Expanded the list of manufacturing process design inputs including: product design
output data including special characteristics, targets for timing; manufacturing
technology alternatives; new materials; product handling and ergonomic
requirements, and; design for manufacturing and design for assembly.
• This could include consideration of alternatives from innovation and benchmarking
results, and new materials in the supply chain that could be used to improve the
manufacturing process capacity.
• This section also further strengthened the requirements by transforming the former
NOTE regarding error-proofing methods into a requirement
•
Changes
Section 8.3.3.3: Special characteristics (Documented Process)
• Identify the source of special characteristics and including risk analysis to be
performed by the customer or the organization.
• Expands the list of sources used to identify special characteristics, along with
the requirements related to those special characteristics.
• Special characteristics need to be marked in all applicable cascaded quality
planning documents; monitoring strategies should focus on reducing variation,
which is typically done using statistical techniques.
• The organization must also consider customer-specific requirements for
approvals and use of certain definitions and symbols, including submission of
the symbol conversion table, if applicable and required
• Procedure for SC’s eng date XXX

•

Iatf Gap Analysis Tool

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Iatf Gap Analysis Tool

Загружено:

Авторское право:

Доступные форматы

GAP ANALYSIS TOOL GAP Rev-h

• IATF launched a survey (via the National Associations) early June

• IATF OEMs look at the linkage

• Goal = Prevent problems before they occur

ISO-9 - Base Standard ISO-9001:2015 requirements to be met

ISO-9001:2015 & IATF-016969:2016 Elements

ISO-9 - Base Standard ISO-9001:2015 requirements to be met

ISO-9001:2015 & IATF-016969:2016 Elements

Requirements Specified Requirements Satisfied

• 2015 version: application of risk-based thinking throughout QMS.

• Process map leadership / Risk VP date XXX

• Note these are IATF termimnology iology not ours ,

• CSR process / processs MAP QA / VP date xxx

• Check SC’s regulations / risks / error proofing / CpK - ENG / MFG

QMS Rep Confirmation – Na: Da:

ISO-9 - Base Standard ISO-9001:2015 requirements to be met

ISO-9001:2015 & IATF-016969:2016 Elements

• Delivery of training & records / add to training matrix HR date XXX

• Audit new employees & those absent for this

• Each process owner to update their process maps Date xxx

QMS Rep Confirmation – Na: Da:

ISO-9 - Base Standard ISO-9001:2015 requirements to be met

ISO-9001:2015 & IATF-016969:2016 Elements

• Quick response board in MFG / OPL / Q alerts Mfg VP Date XXX

• Update Contingency plan see bold above Date XXX VP

• Mgt review process review perf targets Date XXX VP

QMS Rep Confirmation – Na: Da:

ISO-9 - Base Standard ISO-9001:2015 requirements to be met

ISO-9001:2015 & IATF-016969:2016 Elements

• QA to create cal procedure / process including software test Date xxx

• HR procedure competence / training matrix update Date XXX

• HR competence procedure / trainimg matrix update Date XXX

• List of system , product , mfg process auditors Date XXX

• Training matrix HR date XXX

• HR procedure for Motiv/ empower Date XXX

• QA procedure / process maps / CSR requirement need be identified Date XXX

• VP / QA revise record retention list Date XXX

QMS Rep Confirmation – Na: Da:

ISO-9 - Base Standard ISO-9001:2015 requirements to be met

ISO-9001:2015 & IATF-016969:2016 Elements

Section 8.2.1.1: Customer communication — supplemental

Section 8.2.3.1.2: Customer-designated special characteristics

• Procedure for SC’s eng date XXX

Вам также может понравиться