IATF 16949 Cl. 4.3.2 - Customer Requirements vs. Customer Specific Requirements

Sebastian

Trusted Information Resource
I work for Tier-2 company.
My customers are Top-10, maybe Top-20 worldwide.
Small quotations from theirs supplier manuals.
Customer 1 requires suppliers to establish a standard method of assessing and mitigating risk in functions and plants to ensure that validated contingency plans are developed. [...]
and 6 sentences additional details.
You won't find "6.1.2.3" in this paragraph of supplier manual.

Customer 2 requires Seller to source its Products, in turn, from certified sub-Suppliers having a Quality System certified according to ISO TS - IATF 16949 or having an official planning to get ISO TS - IATF 16949 within [...]
period defined and additional conditions.
You won't find "8.4.1.2" in this paragraph of supplier manual.

Additionally in IATF 16949 standard paragraphs 6.1.2.3 and 8.4.1.2, you won't find "if required by the customer" as suggests FAQ #8.

"So, it's not CSR!" some would say.
Sorry, yes it is.

I post in other thread a comment with CSR-test procedure.
Maybe it would help someone.

If I was working for these companies, it would look in BMW, Daimler, VW way.
Just to avoid double job on supplier's side, confusions, arguing with auditors and finally solving issued NCs.
 

Bran

Involved In Discussions
As far as I can see only 7.5.1.1 d) suggests "a document (i.e. matrix) indicating where within the organizations's QMS their customer specific requirements are addressed", it doesn't say anything about lumping every other type of customer requirement in there too.

I had an overly prescriptive auditor for the last cycle, so had a finding during the Stage 1 audit that forced me to put all customer requirements documents into my CSR matrix. Currently I have 24 separate customer "customer requirement" documents on my CSR matrix. (None of these are packaging requirements or whatever, all documents with titles like "General Supplier Guideline" or "supplier quality manual" from Tier 2's and lower. If I were to take all the other documents for the 78 automotive customers we have, I would be well over 100 separate customer requirements documents). Somehow managed to get through the entire cycle without additional findings for not addressing anything but the actual CSR's in the QMS, but it was something I had to defend my position on every audit. It got to the point where I put the actual IATF definitions of "Customer requirements" and "CSR" as an appendix to the matrix!

Long story short, we are (fortunately) now out of the cycle with that auditor and I'll be revising my CSR matrix to include the IATF OEMs only for the next audit. Will take management of 24 "customer requirement documents" down to 4 CSRs.
 
Last edited:

Doug J

Registered
"The Matrix should include all of these as well" Really? Where does it say that in the standard?

As far as I can see only 7.5.1.1 d) suggests "a document (i.e. matrix) indicating where within the organizations's QMS their customer specific requirements are addressed", it doesn't say anything about lumping every other type of customer requirement in there too.

Isn't it up to me how I address 4.4.1.1 and show how my QMS shows conformance to all of these other customer requirements? As far as I can see, there is no should lump everything the customer requires into a matrix requirement in IATF.

This has me tearing my hair out. My company sells steel. Some of it to an OEM. Some to Tier 1, some to Tier 2, quite a bit to customers that we have no idea what they're doing with it and if it ends up in the automotive supply chain, and a lot to completely non-auto customers.

Per the IATF FAQ "A document (which could be a table, a list or a matrix) is required as part of the quality manual, per IATF 16949, Section 7.5.1.1 d). The document shall include all direct customers of the certified organization, which may include IATF OEMs, non-IATF OEMs, and other automotive customers (i.e. tier-1, tier-2, etc.). "

They say nothing at all in there about non-automotive customers, but then before that say "all direct customers". We have over 800 customers. Other than hiring someone full time to search customer's websites and read their SQMs, how am I supposed to manage this process?

My proposed solution is to create a list of our customers and say we handle their requirements during specification review and by reading their SQMs. By my reading, it seems like it would meet the requirements of the standard. But I have my doubts about what the auditors are going to say.
 

ArzuQMS

Registered
I just joined the group but noticed your question is over 2 years old. Not sure my input is still useful. I am a 3P auditor and have just written a book for sharing on IATF 16949 compliance. My answer to your question is attached. You can download the full book, it is free.

Hi Jack,

Thanks for your sharing. Where can I download your full book? Only Chapter 6 is attached your message.
 

GoKats78

Starting to get Involved
Is it a CSR if there is linkage to clauses on IATF 16949? (“interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS standards") or must it be listed on the IATF Website?
The most recent release of the Honda Supplier Manual (04/2023) has linkage to clauses and references it self as CSR.
 

John C. Abnet

Leader
Super Moderator
Is it a CSR if there is linkage to clauses on IATF 16949? (“interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS standards") or must it be listed on the IATF Website?
The most recent release of the Honda Supplier Manual (04/2023) has linkage to clauses and references it self as CSR.
This is a great and OFTEN raised question @GoKats78 .

The short answer is,....
No, it need not be listed on the IATF website.*

Here is the logic...
1- Yes, to be a CSR (according to the definitions listed WITHIN iatf 16949:2016, it must be linked to a specific clause.
2- Honda is not an IATF member.
3- Regardless and 'contrary' to all I just stated above, if you are an IATF 16949:2016 certified organization....
"... shall include all direct customers of the certified organization, which may include IATF OEMs, non-IATF OEMs, and other automotive customers (i.e. tier-1, tier-2, etc.)."

While I do not agree with (it is illogical ) how IATF approaches this (i.e. IATF requirements for NON- iatf member OEM) and contrary to IATF's claim that all CSR 'must be linked to clause...", the expectation is none-the-less as I just stated.

"... shall include all direct customers of the certified organization, which may include IATF OEMs, non-IATF OEMs, and other automotive customers (i.e. tier-1, tier-2, etc.)." is an excerpt from the most recent IATF FAQ....item #8. Here is a link...

1686587463798.png


*In other words, the IATF standard and the expectations contradict one another. (how/why IATF group imposes a 'requirement' that is NOT in the standard and adds a 'shall' to and audits to FQA is unconscionable) . Sad but true.

Hope this helps.

Be well.
 
Last edited:

GoKats78

Starting to get Involved
It does..We are beginning our "journey down the dark path" of IATF certification...
driven by a new customer whose requirements ARE listed on the IATF site...
 

John C. Abnet

Leader
Super Moderator
It does..We are beginning our "journey down the dark path" of IATF certification...
driven by a new customer whose requirements ARE listed on the IATF site...
Very best wishes. It can be a slippery slope (i.e. I've seen organizations create terrible monsters (QMS) ...so I would certainly advise to keep reaching out to the experts on this forum and/or seek out some RECOMMENDED and credible consultant in order to help your organization avoid the many 'DON'Ts' that can become a burden on your organization (IATF is enough of a burden compared to non-automotive QMS without unintentionally making it even more so).

Be well.
 
Top Bottom