IATF 16949:2016’s Evolution

How the automotive quality management system has changed

by R. Dan Reid

Editor’s note: This is part one of a two-part series that examines key changes in ISO TS 16949’s recent revision. Look for part two in February’s column.

Last year, the automotive sector revised its ISO TS 16949 quality management system (QMS) requirements to align with ISO 9001:2015’s substantial revision. The ISO TS 16949 revision also incorporated International Automotive Task Force (IATF) original equipment manufacturer (OEM) customer-specific requirements (CSR) among other items.

IATF 16949:2016 replaces ISO TS 16949 and is now a sector-owned document. The standard’s focus continues to be on preventing the occurrence of problems, and the new automotive certification requirements also mandate the use of ISO 9001:2015, which must be obtained separately.

Decoupling the automotive requirements from the International Organization of Standardization (ISO) gives the automotive sector full control of this standard, and they avoid paying royalties for using the ISO standard.

Rather than provide an exhaustive review of this standard’s changes, additions and deletions from ISO TS 16949, I’ll highlight several significant alterations.

Scope problem addressed

The definition of management system in ISO 9000:2015 for the first time provides an option to scope the system down to a single function or discipline. This was never the intent of a QMS, which was always intended to apply to an entire organization.

ISO 9001:2015 also eliminated the term "permissible exclusions" by saying that if a requirement can be applied, it must be applied. Minimalists can now argue they only must include one function in their systems and incorporate only those requirements that apply to that function. IATF 16949:2016 addresses this problem in subclause 4.3.1, which requires support processes and value-adding sites to be included in a QMS’s scope.

The previous 2008 version of ISO 9001 never mentioned omitting applicable requirements due to the geographic location of the processes. In IATF 16949:2016, where you choose to locate activities is your organization’s prerogative, but all applicable processes and requirements must be in the QMS regardless of where an organization chooses to locate and perform them. Individuals, such as auditors, who must verify whether an organization is conforming to applicable requirements must visit the locations in which those processes are being performed to verify conformance.

The new ISO 9000:2015 definition of "management system" now allows for a QMS scope to be as narrow as one function. Furthermore, top management is aligned to the scope of the QMS. If a minimalist organization chose to include only the purchasing department in its scope, top management would be the purchasing executive.

There is another argument that can be used by minimalist ISO 9001 implementers. A clause in IATF 16949:2016 indicates that if an ISO 9001 requirement can be applied, it must be, and product quality cannot be compromised.

Minimalists can argue that this all depends on the QMS scope. As explained earlier, IATF 16949:2016 addresses this unfortunate development in ISO 9000.


The number of CSRs has concerned the automotive supply base since the early days of QS-9000—a quality standard developed by automakers in the 1990s. A lot of work and expense has been created by the differences in QMS requirements between the OEMs that remained after the QMS harmonization. The problem is exacerbated at the tier-one level of the supply chain: All OEM CSRs are comprehended, and many tier-one suppliers add their own CSRs for deployment to tier-two suppliers, which have fewer resources to deal with CSRs than tier-one suppliers.

The 2008 version of ISO 9001 required an organization to determine the product requirements in subclause 7.2.1. ISO 9001:2015 continues this in subclause 8.2.2. Three groups can specify QMS requirements: customers, regulators and internal functions, such as engineering. In this respect, there has been an ISO 9001 requirement for organizations to identify and address CSRs. In the new IATF 16949, subclause 4.3.2 makes a process for this to be a more explicit requirement.

Less to document?

IATF 16949 continues to require "documented processes" while ISO 9001:2015 now uses the generic term "documented information." The IATF 16949 subclauses that require a documented procedure include:

  •—product safety.
  •—calibration/verification records.
  • 7.2.1—competence—supplemental.
  • 7.2.3—internal auditor competency.
  • 7.3.2—employee motivation and empowerment.
  •—engineering specifications.
  •—type and extent of control—supplemental (outsourced processes).
  •—supplier monitoring.
  •—control of changes—supplemental.
  •—control of reworked product.
  •—control of repaired product.
  •—nonconforming product disposition.
  • 10.2.3—problem solving.
  • 10.2.4—error-proofing.
  • 10.3.1—continual improvement—supplemental.

ISO 9001:2015 requires an organization to have documented information, not including records, in 10 additional clauses and subclauses. While the stated intent of the ISO 9001:2015 revision was to reduce the need for documentation, it has actually made the documentation requirements less prescriptive but similar in amount. IATF 16949 adds to those.

IATF 16949 continues to require a quality manual, which was deleted from ISO 9001:2015. A quality manual now must indicate where CSRs are addressed within the QMS. Organizations should have a process for identifying and addressing any CSRs because these are critical to customers that require their suppliers to be IATF 16949 certified.

IATF 16949 no longer requires disposal of records after a specified retention period, but this is covered in ISO 9001:2015, which is a normative reference in the automotive standard. A normative reference must be used with the document referencing it while an informative reference is for guidance only.

New conformance requirements

IATF 16949:2016 subclause requires an organization to be responsible for the conformity of outsourced processes. It also requires that all products and processes meet applicable requirements and expectations of all interested parties.

The first part of subclause is a carryover from previous versions of the standard. The second part is driven by ISO 9001:2015’s requirement to address interested party needs and expectations. This was formerly limited to customers, which are only one category of an organization’s interested parties.

This is a significant expansion of a QMS. Product and process design, and validation processes will take on additional responsibilities. The processes must ensure interested parties’ typically soft needs and expectations—such as "smooth ride" or "quiet ride"—are effectively translated into product and process requirements, and validated as meeting needs and expectations.

‘Big Q’ QMS reintroduced

In the 1980s, General Motors had full business supplier-assessment criteria and targets for excellence. These included sections for quality, cost, delivery, technology and leadership. This was abandoned with the initial harmonization effort with Chrysler and Ford. At that time, they wanted a QMS scope to be specific to quality—that is, "small Q" with delivery.

Over time, ISO 9001 brought back "leadership." This latest revision of the automotive requirements in IAFT 16949:2016 carries over and expands on the issue of safety-related products and manufacturing process safety in subclause Product safety is defined in the standard as "standards relating to the design and manufacturing of products to ensure they do not represent harm or hazards to customers."1

This safety subclause requires an escalation process with defined responsibilities, flow down of safety requirements to the supply chain, management of safety characteristics and special approvals for control plans, and failure mode and effects analyses, among other items.

This is a more practical approach to the subject compared to the ISO occupational health and safety (OH&S) project—ISO 45001—which is in the draft stage. This draft standard is assigned to a new ISO committee with significant representation from organized labor. It requires workers and worker representatives to participate in matters—such as policy making—that normally have been the responsibility of leadership.

Given the redundancy and immaturity of the OH&S draft—coupled with several problematic requirements—it is not clear whether this standard will be approved for publication. If not, sector documents will be the primary impetus for organizations to provide for safety.

Corporate responsibility also is included in the new automotive document, reinforcing that it’s now more than a QMS. The term is not defined in the standard. At a minimum, policies against bribery and for employee codes of conduct and ethics escalation must be implemented. IATF indicates this implies responsibility and empowerment at all levels and functions of an organization to follow an ethical approach and report any observed unethical behavior without fear of reprisal.

IATF 16949 introduced several other key changes, such as how the standard incorporates the process approach and process review requirements, and how it addresses risk and auditor competency, which I’ll cover in the second part of this column.


  1. International Automotive Task Force, IATF 16949:2016—Technical Specification.


International Organization for Standardization (ISO), ISO 9001:2015—Quality management systems—Requirements.

ISO, ISO 9000:2015—Fundamentals and vocabulary.

R. Dan Reid is the principal consultant with Management Systems Consulting LLC in Farmington, MI. He is an author of ISO Technical Specification 16949, QS-9000, ISO 9001:2000, the first International Organization for Standardization international workshop agreement, the Chrysler, Ford, GM Advanced Product Quality Planning With Control Plan, Production Part Approval Process and Potential Failure Modes and Effects Analysis manuals and the Automotive Industry Action Group’s Business Operating Systems for Healthcare Organizations. Reid was the first delegation leader of the International Automotive Task Force. He is an ASQ fellow and an ASQ-certified quality engineer.

Great article Dan! There are 3 other "documented processes" that should be listed here for IATF 16949. Perhaps you've consolidated a few? Here is what I'm seeing: - Statutory & regulatory requirements - Temporary change of process controls - Internal audit program
--Jim Thompson, 05-10-2017

Average Rating


Out of 1 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers