Twelve-step transition process from

ISO/TS 16949:2009 to IATF 16949:2016

Copyright ©2018 Advisera Expert Solutions Ltd. All rights reserved.

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 1
Table of Contents

Executive summary ..................................................................................................................................... 3

Purpose........................................................................................................................................................ 3
Other useful resources ................................................................................................................................ 4
Timing for the transition ............................................................................................................................. 4
Twelve-step transition process ................................................................................................................... 5
Sample Documentation ............................................................................................................................... 9

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 2

Executive summary

The latest revision of IATF 16949 came out in November of 2016, and as the deadline for transitioning
gets closer, people are starting to become concerned about what steps they need to take to make sure
they are compliant with this latest version.

It’s true that IATF 16949:2016 has brought some substantial changes with regard to concepts and
methods, but it’s nothing too difficult. As long as companies take the time to properly plan for the
transition, and approach the process systematically, there’s no reason why it can’t be completed before
the deadline. The transition process is confusing for many organizations, from questions on what the
changes are to where to start and how to be sure the updated system is fully compliant with IATF 16949.

This white paper is intended for organizations that have already implemented ISO/TS 16949 and are
planning the transition to IATF 16949. It explains the transition timing and what steps are to be taken in
order to perform a successful transition.

Purpose

This white paper is intended for companies that have already implemented ISO/TS 16949, and are
planning to transition to IATF 16949; this transition needs to take place before the deadline in September
2018 for the company to remain compliant and maintain IATF 16949 certification. This paper describes
the suggested steps in the transition process.

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 3

Other useful resources

For more information on IATF 16949:2016, see these articles:

 Checklist of Mandatory Documentation Required by IATF 16949:2016

 A new approach to document and record control in IATF 16949
 Checklist of IATF 16949:2016 implementation steps
 How to structure IATF 16949:2016 documentation

Timing for the transition

As of October 1, 2017, all new certification audits must be conducted according to the new IATF
16949:2016 and the IATF Rules 5th edition. Organizations already certified against ISO/TS 16949:2009
can make the transition for their next recertification audit. When the grace period ends on September
14, 2018, the old ISO/TS 16949:2009 certificates will no longer be valid.

Those organizations that need to transition from ISO/TS 16949:2009 to IATF 16949:2016 will need to
pass a transition audit, including VETO approval for certification, on or before the September 14
deadline. Those companies undergoing their transition audit between July and September of 2018 will
have 120 days, at a maximum, to receive a positive VETO decision after their transition audit is complete.

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 4

Twelve-step transition process

The easiest way to make the upgrade to the IATF 16949:2016 revision is by following these steps:

1) Define the context of the organization

Clause 4 of the 2016 revision is a new requirement that involves defining the context of the organization.
This is a critical change, as this consideration will form the basis of your whole Quality Management
System (QMS). Organizations must now consider all items that may influence the QMS performance,
including external, internal, cultural, social, economic, technological, and legal factors. These are
considered to be factors that will influence the organization’s objectives, purpose, and sustainability. It
is advised that the consideration and outcome of this process be demonstrated within your Quality
Policy, or equivalent document.

Consider this new requirement carefully, as it serves as the foundation of your new Quality Management
System (QMS). There are no extra requirements beyond those of ISO 9001:2015, but due to the nature
of the industry, IATF 16949 is known for raising the bar, so you should anticipate this clause to be looked
at closely when it comes time for the certification audit.

For more information, see: How to define the context of the organization in IATF 16949:2016.

2) List all interested parties

Technically, this is part of the same clause where you’ll find context of the organization, but because it
is new, you may want to pay extra attention. Identifying all interested parties and acknowledging their
expectations will be important when defining the company’s strategic direction.

Customers, owners, providers, bankers, unions, regulators, partners in society groups, competitors, and
even pressure groups should all be considered as potential “interested parties” who may be affected by
decisions made by your company, or the scope of your QMS. For example, if you made a business
decision to ramp up your organization’s activities by having a 24-hour shift pattern, then local residents
who may be affected by increased traffic or activity to and from your site would become an “interested
party.” You must be able to demonstrate that you have taken all these factors into consideration to
satisfy this clause.

Read more here: Determining interested parties and their requirements according to IATF 16949:2016.

3) Review the scope of the QMS

Now is the time to take another look at the existing scope of your Quality Management System, because
the reliability and integrity of your QMS depend on it. The new revision of the standard requires the
evaluation of customer-specific obligations, and their inclusion in the scope of the QMS.

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 5

The scope of the QMS, according to IATF 16949, needs to include supporting functions, whether on-site
or remote. Supporting functions include design centers, corporate headquarters, and distribution
centers.

For more information, see: How to define scope of the QMS according to IATF 16949:2016.

4) Demonstrate leadership
There is a marked change in the “leadership” requirements in the new version, which appear in clause
5. The 2016 revision calls for leaders to be “active” and responsible, rather than the more passive role
that could be interpreted from the 2009 revision. The standard assigns responsibility to the
organizational leader for strategic quality objectives, QMS scope and results, policies and processes,
communication, culture, fostering a commitment to quality, providing resources and training
opportunities, and even “inspiring, encouraging and recognizing the contribution of people.” Therefore,
it is clear that “top management” involvement and inclusion in all aspects of your QMS will become a
requirement. For instance, making decisions on issues like risk assessment topics will now be almost
impossible without strategic leadership advice, except in the instance of responding to an “incident.”

Leadership requirements in the new revision of the standard are nearly identical to those for
management commitment in the last version. However, IATF 16949:2016 places even greater
importance on organizational leadership, with additional requirements listed for corporate
responsibility. Top management can show leadership by creating a Quality Policy and quality objectives,
holding themselves accountable for the Quality Management System, and providing adequate resources
to keep it running smoothly.

5) Assess risks and opportunities

The latest revision requires the assessment of risks and opportunities. The focus is on the organization’s
ability to achieve the planned results, as well as other concepts like compliance obligations and context
of the organization. Risk assessment should include past experiences from audits, customer complaints,
product recalls, scrap and rework, and field returns and repairs. Once risks and opportunities have been
assessed, plans should be made to address them.

This is a new and key requirement of the new version of the standard, and appears in clause 6 of the
standard. Risks and opportunities now need to be considered for all aspects of the QMS, including all
compliance requirements and even the context of the organization. After this, there should be a
documented plan for how the business should address that risk. Therefore, the assessment of risk and
opportunity is intended to become an integral part of all major QMS components and decision-making
processes. Add to this the increased reliance on leadership mentioned above, and it is easy to see how
real business benefits will be attained for most organizations. One way to comply is a “Risk Log” for your
top team, which they can populate when assessing, taking actions, and mitigating risk.

6) Align QMS objectives with strategic direction of the company

Your company’s Quality Management System cannot be in opposition to the company’s overall business
strategy. Likewise, quality objectives should be aligned with the company’s other activities. The new

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 6

revision requires the creation of plans for achieving the objectives, as well as the definition,
establishment, and maintenance of quality objectives to meet customer requirements.

The new version of the standard requires the organization to ensure that the quality objectives are
compatible with the strategic direction of the company. The revision also requires that plans for
achieving these objectives must be created.

For more information, see: How to Write IATF 16949 Quality Objectives.

7) Control documented information

The new term “documented information” includes both procedures and records. The transition is a good
time to make improvements to your existing documentation while you work on realigning your existing
procedures with the new clause numbers.

For example, as “documented information” and a “process approach” are now critical, why not consider
replacing some of your more wordy or cumbersome process instructions with one single process
diagram? While improving your documentation is an excellent opportunity to demonstrate continual
improvement, you are advised to ensure that your existing documentation still meets the needs of the
standard.

For more information, see: A new approach to document and record control in IATF 16949.

8) Increase operational control

IATF 16949:2016 calls for better control over processes – for example, operating criteria, and the
implementation of controls over processes according to these criteria. In addition, confidentiality
requirements have been increased, along with expansion of operational planning and control
obligations.

Improved operational control versus the stated criteria is one of the goals of the new version. The stated
criteria are that your organization must define the criteria and processes for services and products to be
effectively delivered, and ensure that the documentation and resources to deliver them are in place.
Therefore, it is important that your process documentation reflects this improved accuracy and
operational control to comply with the new standard. For example, are your stated criteria and defined
processes aligned to produce the targeted results and outcomes? Can you show that resources have
been planned and delivered and that the product conforms to the stated requirements?

9) Redefine the design and development process

The definition of your design and development process needs to be expanded to include inputs, outputs,
controls, and responsibilities; as well as how changes to the design and development process will be
managed – like who is authorized to make changes, who will review the results of any changes, and what
will be done to avoid negative impacts.

There is a marked change in the level of control the standard requires in terms of design and
development relative to the 2008 version. Responsibilities, inputs and outputs, controls, change control,

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 7

change authorization, and action required to prevent adverse impacts are among the factors that now
need specific consideration. Documentation of these aspects is also critical. For example, if you have a
product that has changed in terms of specifications, can you evidence who authorized and approved that
change, and provide documented proof that shows that this person is deemed “qualified” to do so? This
is the level of detail that this clause demands to protect the integrity of the process and product, and the
needs of your customer.

10) Control external providers

The purchasing process has been renamed “Control of externally provided processes, products and
services.” The requirement basically says that you must do whatever you have to, in order to make sure
your providers deliver what is expected. The main thread is that you must ensure that your organization’s
externally provided products and services fulfill your stated requirements. Therefore, your organization
must determine what type and extent of controls and related information need to be provided to any
external parties to ensure their delivery matches your requirements exactly. For example, can you
illustrate an exact specification, timescale, quality expectation, and cost for an outsourced product? IATF
16949 requires this to be done, documented, and implemented. This can be achieved through verifying
that processes, services, and products supplied by external providers comply with your requirements. To
do this, you’ll have to determine what information needs to be provided to suppliers, including type and
extent of any controls.

11) Evaluate QMS performance

Clause 9 of the standard deals with “Performance Evaluation.” There is now a requirement to evaluate
the effectiveness and performance of your QMS, in a similar way that key performance indicators have
been used elsewhere in the past. Again, your organization is required to keep documented evidence of
the results, so for instance, continual improvement can be developed from this process.

The organization is required to evaluate its QMS with regards to its performance, effectiveness, and
efficiency. You may already be familiar with KPIs (key performance indicators) – you just need to figure
out what needs to be monitored, how it should be monitored, and how often.

12) Measure and report

Measuring and reporting are assigned greater importance in the new standard, particularly when it
comes to the performance evaluation mentioned previously. Likewise, management review and the
internal audit process must be aligned with the new standard. Even though there’s no change to the
methods of conducting these activities, some changes have been made to the requirements to be
audited as part of the internal audit, as well as to the input elements for the management review.

For more information, see: Five Main Steps in an IATF 16949:2016 Internal Audit and How to implement
management review according to IATF 16949.

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 8

Sample Documentation

You can download an IATF 16949 Documentation Toolkit. This will allow you to see a sample of policies
and procedures required by the standard.

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 9

 Advisera Expert Solutions Ltd
for electronic business and business consulting
Zavizanska 12, 10000 Zagreb
Croatia, European Union
Email: support@advisera.com
U.S. (international): +1 (646) 759 9933
United Kingdom (international): +44 1502 449001
Toll-Free (U.S. and Canada): 1-888-553-2256
Toll-Free (United Kingdom): 0800 808 5485
Australia: +61 3 4000 0020

Copyright © 2018 Advisera Expert Solutions Ltd. All rights reserved. 10