Hello to Everyone,

It is the new year and our customers are gearing up for their surveillance audits. We do not have ISO or TS at this time. My company supplies steel to a part maker for the Big 3.

Question 1. Why does the IATF Guidance Manual to ISO/TS16949:2002 contradict what is being said about the requirement for Suppliers to have ISO certification? See quote below. It looks like 'evidence of a plan to be certified' is the minimum necessary.

Question 2. Which customer are they talking about? Big 3 or the part maker that supplies to the Big 3.

Question 3. If a company is audited by their registrar and the registrar finds that the company is dealing with a supplier that does not have ISO or TS certification, what happens to the company?

Question 4. What about new companies that want to be part of the automotive supply chain? Does this mean that any new company is out of luck when it comes to supplying for automotive until they are certified?

From the IATF Guidance Manual to ISO/TS16949:2002 page 18:
Supplier quality management system development is the demonstrated performance of a process with the goal to achieve conformity with ISO/TS16949:2002. Indicators of performance include:
- conformity with ISO9001:2000
- achievement of ISO9001:2000 certification, as a minimum, unless otherwise specified by the customer,
- compliance with ISO/TS61949:2002, unless otherwise specified by the customer,
- EVIDENCE OF A PROCESS TO ACHIEVE THE ABOVE STEPS


Looking for your comments,

Denise

Denise,
You sound frustrated. Don't make it harder than it is.

#1 Follow your customers requirements. There are Customer specific requirements for the Big 3. If you have questions as to what their requirements are, contact them directly or contact your direct customers. They would probably appreciate you being pro-active.

#2 The customers they are talking about are your direct customers, the Big 3 or any other organization in the world that subscribes to the technical specification (BMW, Fiat, VW, Renault, Peugoet). If your customer requires your company to be registered, you must do so. (IMO any company wanting to do business in the automotive industry would get registered to something as soon as possible.)

#3 A company should have a process for supplier development which includes requiring your suppliers to be compliant to ISO:9000;2000 at a minimum. If they refuse and are a customer designated supplier, talk it over with your registrar. This happened at our company and the registrar accepted a letter from the supplier (from Japan) stating that they wouldn't complete our supplier survey. They since have sent us there registration timeline. I think it is a common industry understanding that suppliers will have to be registered to something in order to do business in the automotive industry.

#4 A new company falls under the same catagory as #3 in that they should show intent to register to a QMS with timelines and a letter of intent from their registrar. This IMO would be acceptable evidence.


I sent a letter to all of our suppliers stating that TS requires them to be registered and asked that they provide us with a copy of what ever certs they have or a timeline for their registration. I have received a response from almost all of them within two weeks and those that are not currently registered sent timelines for registration.

I hope this helps. Good Luck.
LMM
:)

LMM,

I am asking this because our customers (who are QS9000) think that all of their suppliers must have been certified by 12/31/2002. This comes from the QS9000 sanctioned interpretation C9. We have a timeline for TS certification (Dec. 2003) with each step defined in a gantt chart. We are working on it daily.

Do all automotive suppliers have to be certified or is the timeline acceptable? Have I misunderstood all along? I'm not sure what you are trying to say.

Denise

Hi Denise -

It is my understanding that under QS-9000, only suppliers to tier 1 have to be certified. Those supplying tier 2 and lower are required to work toward compliance. Your chart would document your timeline toward this compliance.

However, you say you supply a customer who supplies direct to one of the Big 3 which would make you a supplier to tier 1 and you would need to be certified. The timeline would not be sufficiant.

Check that your customer is a direct supplier, if they are not, your timeline should be good enough.

To my knowledge, there is no requirement for you (yet) to be TS certified. If you don't supply the Big 3 direct, you are only required to have ISO-900x.

Yes, you are right, the perscribed penalty for a tier 1 supplier using an uncertified supplier would be a nonconformance. There seems to be ways around this requirement if you have a customer willing to fight for you (see Angela's post) by getting a waiver on your behalf. Also, if your customers are not tier 1, there is no nonconformance as long as you are working toward compliance.

Hope this helps.

Dave

Denise said:


Do all automotive suppliers have to be certified or is the timeline acceptable? Have I misunderstood all along? I'm not sure what you are trying to say.

Denise

Any company that sells production parts or critical services (heat treat, plating, etc.) to a QS-9000 company is now required to be ISO 9001 certified. If not, the QS-9000 company risks a nonconformance on their next audit. Some registrars are saying major NC, some say minor. The only ways around it are:

1. the 2nd party approved audit (which actually seems harder than 3rd party registration) outlined in the latest intrepretation

2. a customer waiver for the supplier involved

3. The QS-9000 clause about suppliers that are too small to afford certification (I think it is in Appendix I of QS).

Timeline would not be acceptable alone, but it might help get a customer to sign a waiver.

My company is QS-9000 and I would like to note that suppliers do not have to certified to ISO-9001. They have to be certified to a version of ISO excluding ISO9003 or assessed and deemed compliant by a 2nd party OEM approved supplier. Also, only the suppliers that directly affect the quality of your product. Suppliers who you have defined as low volume or small mom and pop shops or companies that just distribute do not have to be certified or compliant.

Angela

"My company is QS-9000 and I would like to note that suppliers do not have to certified to ISO-9001. They have to be certified to a version of ISO excluding ISO9003 or assessed and deemed compliant by a 2nd party OEM approved supplier."

Tom, Dave, & Angela,

Would a '2nd party OEM approved supplier' be the part maker that we supply to? Again, our customer (the part maker) supplies to a Big 3 directly.

We would like to tell our customers (that supply directly to Big 3) that they are welcome to come in and audit us. We still would not be completely compliant to QS or TS but it would show their customer (Big 3) that we are well on our way to working towards it.

Can I make my own rules?.... If we have PPAPs that are acceptable to our customers (the part maker) and our customers' customer (Big 3) and a timeline for certification, then we should be 'conditionally' accepted as a supplier.

How's that? Makes sense, doesn't it?

Denise

If your supplier can is QS-9000 registered and they have a trained auditor they can come and assess you. They would have to receive proper approval from Ford, GM Chrysler (only the ones they supply to) If you do not supply much to them (in comparison to their annual production) they could deem you a low volume supplier. If you are a small company that cannot take the cost on of certification they could deem you a small mom and pop company. If you do no value added work to the part you supply they could deem you a supplier. Can you make your own rules/ NO.

Angela

Thanks Angela!

Just kidding about making my own rules:bigwave: :bigwave:

Denise

Denise,

The big three has "approved" all of their tier-1 suppliers for 2nd party audits. The difficult part is that the auditor they send to you must have been through pretty much the same training and experience as registrar auditors. They also must conduct a full audit and show evidence. In theory the only difference between what happens at a 2nd vs. 3rd party audit is who is the auditor - they still must follow all of the same rules. You must also comply to all ISO requirements. It may be easier to pass an audit with your customer, but they must still prove to their 3rd party auditor that they did a complete, accurate audit. I have a feeling registration auditors are going to be looking closely at these supplier audits to see if they were actually done or completed over the phone, not at all, etc. as a way to slip by.

Tom

Tom;

Check the C9. You do need something showing that you have approval to do the audit. In order to perform the audit or to be deemed a "qualified lead auditor" you only need evidence of sucessfull completion of training (doesn't stated lead auditor training) or evidence of a minimum of five internal QS-9000 audits under the supervision of a qualified lead auditor. I have performed several of these assessments on our suppliers. You do have to show evidence, but you could just utilize the QSA to do that.

Angela

Denise;

Keep in mind that any company that meets the requirements to perform the assessment could. It does not have to be your customer. So if your company is buddy buddy with another that meets the requirements, they could perform the assessment and you could supply the results to your customers.

Angela

I just ran across this article in the newsletter our registrar sends out:

"The dilemma is how to get your entire supplier base registered to the minumum requirement in order to obtain your certification to TS. Supplier development personel know that it would take some time to get the complete supply base certified to ISO9001:2000, but management reps did not want to hear that they had to wait to obtain the certification for the organization. The question became, "What is the minumum requirement for the organization to meet the intent of this requirement in order to proceed with their certification"

"In order to meet the requirements of the standard, the organization needs to clearly state to their supply base the goal of conformity to TS and develop their suppliers toward that goal. The second concern is conformity and registration to ISO9001:2002. Suppliers should be required to provide evidence that they conform to the requirments of ISO as well as a timeline detailing the steps toward achieving registration by a third party certified body. This timeline should not extend past 18 months for achieving certification. The organization should be able to demonstrate knowledge of the status of the supply base and their progress toward achieving registration to ISO or TS."

"In the event a supplier chooses not to develop to ISO or TS, several options are availabe to the organization. The organization may choose to seek an exemption from the requirement by petitioning the customer for a deviation (Unless otherwise specified by the customer...) or the organization may choose to begin elimination of the supplier. For an exemption to be valid, it must be received from the customer's representative on the IATF Task Force."

OK, so we have different requirements depending upon whether a company has ISO/TS16949:2002 or QS9000.

It looks like with QS9000 C9 sanctioned interpretation, a supplier must have ISO certification or assessment by and OEM-approved second party, at a minimum.

For TS, the standard (page 19) states "Unless otherwise specified by the customer, suppliers to the organization shall be third party registered to ISO9001:2000 by an accredited third-party certification body.

However, in the TS16949 IATF Guidance Manual (page 18) it states that indicators of performance include: conformity to ISO, certification to ISO, compliance to TS, evidence of a process to achieve the above steps.

The same people wrote both docs. Therein lies the contradiction.

If we go with the guidance manual, I am presuming that any of those indicators are acceptable. Is there an imaginary 'OR' between each of those indicators or is there an imaginary 'AND'. I've always presumed that it was an 'OR'.

Being a supplier that has no certification at this time, our decision is to work toward certification of TS (QS will be obsolete shortly). Since most automotive OEMs are QS9000 certified, then they are forced to follow the QS sanction. Even though they will almost certainly migrate to TS (which minimally requires evidence of process....).

Is my summary correct?

I guess I will have to ask our registrar. This should be interesting.


Denise
Denise