The latest revision of IATF 16949 came out in November of 2016, and as the deadline for transitioning gets closer, people are starting to become concerned about what steps they need to take to make sure they are compliant with this latest version.
It’s true that IATF 16949:2016 has brought some substantial changes with regard to concepts and methods, but it’s nothing too difficult. As long as companies take the time to properly plan for the transition, and approach the process systematically, there’s no reason why it can’t be completed before the deadline.
Timing
Starting on October 1, 2017, all new certification audits must be conducted according to the new IATF 16949:2016 and the IATF Rules 5th edition. Organizations already certified against ISO/TS 16949:2009 can make the transition for their next recertification audit. When the grace period ends on September 14, 2018, the old ISO/TS 16949:2009 certificates will no longer be valid.
Those organizations that need to transition from ISO/TS 16949:2009 to IATF 16949:2016 will need to pass a transition audit, including VETO approval for certification, on or before that September 14 deadline. Those companies undergoing their transition audit between July and September of 2018 will have 120 days, at a maximum, to receive a positive VETO decision after their transition audit is complete.
Transition steps
Here are the 12 steps, in order, that I recommend for any organization looking to transition to the 2016 version of the IATF 16949 standard:
1) Define the context of the organization. Consider this new requirement carefully, as it serves as the foundation of your new Quality Management System (QMS). There are no extra requirements beyond those of ISO 9001:2015, but due to the nature of the industry, IATF 16949 is known for raising the bar, so you should anticipate this clause to be looked at closely when it comes time for the certification audit.
2) List all interested parties. Technically, this is part of the same clause where you’ll find context of the organization, but because it is new, you may want to pay extra attention. Identifying all interested parties and acknowledging their expectations are important when defining the company’s strategic direction.
3) Review the scope of the QMS. Now is the time to take another look at the existing scope of your Quality Management System, because the reliability and integrity of your QMS depend on it. The new revision of the standard requires the evaluation of customer-specific obligations, and their inclusion in the scope of the QMS.
4) Demonstrate leadership. Leadership requirements in the new revision of the standard are nearly identical to those for management commitment in the last version. However, IATF 16949:2016 places even greater importance on organizational leadership, with additional requirements listed for corporate responsibility. Top management can show leadership by creating a Quality Policy and quality objectives, holding themselves accountable for the Quality Management System, and providing adequate resources to keep it running smoothly.
5) Assess risks and opportunities. The latest revision requires the assessment of risks and opportunities. The focus is on the organization’s ability to achieve the planned results, as well as other concepts like compliance obligations and context of the organization. Risk assessment should include past experiences from audits, customer complaints, product recalls, scrap and rework, and field returns and repairs. Once risks and opportunities have been assessed, plans should be made to address them.
6) Align QMS objectives with strategic direction of company. Your company’s Quality Management System cannot be in opposition to the company’s overall business strategy. Likewise, quality objectives should be aligned with the company’s other activities. The new revision requires the creation of plans for achieving the objectives, as well as the definition, establishment, and maintenance of quality objectives to meet customer requirements.
7) Control documented information. The new term “documented information” includes both procedures and records. The transition is a good time to make improvements to your existing documentation while you work on realigning your existing procedures with the new clause numbers. For more information, see: List of mandatory documents required by IATF 16949.
8) Increase operational control. IATF 16949:2016 calls for better control over processes – for example, operating criteria, and the implementation of controls over processes according to these criteria. In addition, confidentiality requirements have been increased, along with expansion of operational planning and control obligations.
9) Redefine the design and development process. The definition of your design and development process needs to be expanded to include inputs, outputs, controls, and responsibilities; as well as how changes to the design and development process will be managed – like who is authorized to make changes, who will review results of any changes, and what will be done to avoid negative impacts.
10) Control external providers. The purchasing process has been renamed “Control of externally provided processes, products and services.” The requirement basically says that you must do whatever you have to, in order to make sure your providers deliver what is expected. This can be achieved through verifying that processes, services, and products supplied by external providers comply with your requirements. To do this, you’ll have to determine what information needs to be provided to suppliers, including type and extent of any controls.
11) Evaluate QMS performance. You are required to evaluate your QMS with regards to its performance, effectiveness, and efficiency. You may already be familiar with KPIs (Key Performance Indicators) – you just need to figure out what needs to be monitored, how it should be monitored, and how often.
12) Measure and report. Measuring and reporting are assigned greater importance in the new standard, particularly when it comes to the performance evaluation mentioned previously. Likewise, management review and the internal audit process must be aligned with the new standard. Even though there’s no change to the methods of conducting these activities, some changes have been made to the requirements to be audited as part of the internal audit, as well as to the input elements for the management review.
Transitioning to the new version of the standard may seem overwhelming in the beginning, but I estimate that over the course of a year, it shouldn’t take more than an hour or two per month. These aren’t changes for the sake of changes – they do make sense, and offer a tremendous opportunity to further integrate your Quality Management System with your other business activities, and get a leg up on your competition.
To help you with your transition to IATF 16949, read this white paper on the Twelve-step transition process from ISO/TS 16949:2009 to IATF 16949:2016.