IATF 16949 Cl. 8.4.2.3 - Supplier Quality Management System Development

[AMIT BALLAL]

Ok. In your opinion, if an organization does not buy any materials/components to produce their own products but they have assembly lines/heat treatment lines and workers and their business is to process components/materials supplied from their customers and deliver assembled/heat treated automotive products to the customers.

1) Are they eligible for IATF16949 certification?
2) If they are eligible what would the CB write as the scope of certification in their IATF16949 certificate?

Please don't take my comments on you. Only thing we are discussing is on standards, rules and its implementation.

If this organization is automotive, then eligible for certification.
Scope can be "Assembly and heat treatment of products such as XXXX".

 

[Sebastian]

Example of heat treatment certificate
https://hauckht.nl/wp-content/uploads/2018/02/0020855-001-16949-ENGUS-IATF-2.pdf

SI#8 add word "eligible" because of "target QMS level" in clause 8.4.2.3. For some suppliers target QMS level would be d), for others c). Why not b) or even a)? Good question.

Purchased good can be automotive or non-automotive. Everything depends how do we use it. When used in product/manufacturing of product intended for automotive customer, it becomes automotive.

Several years ago during approval process our product was rejected. Reason was very serious - use of hexavalent Chromium. We were shocked as we were sure, that nor component nor process included this element. Further investigation revealed that problem source was pen we used for numbering part stickers corresponding to inspection results presented in report.

QualitySpirit interpretation of pens and ISO 9001 certification is absolutely right. Everything depends on risk-based model and pen application. I am aware that most or even all suppliers using pens in their mass production manufacturing process do not care whether they get them from certified or not certified supplier, but requirement is requirement and I understand and support its intention.

 

[AMIT BALLAL]

Example of heat treatment certificate
https://hauckht.nl/wp-content/uploads/2018/02/0020855-001-16949-ENGUS-IATF-2.pdf

SI#8 add word "eligible" because of "target QMS level" in clause 8.4.2.3. For some suppliers target QMS level would be d), for others c). Why not b) or even a)? Good question.

Purchased good can be automotive or non-automotive. Everything depends how do we use it. When used in product/manufacturing of product intended for automotive customer, it becomes automotive.

Several years ago during approval process our product was rejected. Reason was very serious - use of hexavalent Chromium. We were shocked as we were sure, that nor component nor process included this element. Further investigation revealed that problem source was pen we used for numbering part stickers corresponding to inspection results presented in report.

QualitySpirit interpretation of pens and ISO 9001 certification is absolutely right. Everything depends on risk-based model and pen application. I am aware that most or even all suppliers using pens in their mass production manufacturing process do not care whether they get them from certified or not certified supplier, but requirement is requirement and I understand and support its intention.

Right. It depends on its use and risk. My reply was based on the examples of pens and toilet papers given by him.

 

[Golfman25]

Guys the key word is "automotive."

As far as the IATF is concerned they could over complicate a one car parade. "Eligible organizations" in their re-write is redundant.

Hexavalent chromium prohibition and ISO /IATF certification are two completely different requirements. One does not relate to the other.

 

[Istvan_K]

Hi Guys,

Coming back to this topic. My company have just received a NC during the IATF, as we were not using a risk-based model to define a minimum acceptable level of QMS development and a target QMS development level for our suppliers.
What we had defined is minimum ISO 9001 with the development towards IATF, plus we started with the MAQMSR requirement for the suppliers which do not have IATF.

But, the auditor insisted that the acceptable levels should be an outcome of a risk analysis and we should define from which supplier we require which certification (9001, 9001+MAQMSR or IATF) out of this risk analysis.

Does any of you has such a risk analysis model or maybe some hints on how should be this implemented?

Your feedback is highly apreciated.

Best regards,
Istvan K.

 

[Golfman25]

Hi Guys,

Coming back to this topic. My company have just received a NC during the IATF, as we were not using a risk-based model to define a minimum acceptable level of QMS development and a target QMS development level for our suppliers.
What we had defined is minimum ISO 9001 with the development towards IATF, plus we started with the MAQMSR requirement for the suppliers which do not have IATF.

But, the auditor insisted that the acceptable levels should be an outcome of a risk analysis and we should define from which supplier we require which certification (9001, 9001+MAQMSR or IATF) out of this risk analysis.

Does any of you has such a risk analysis model or maybe some hints on how should be this implemented?

Your feedback is highly apreciated.

Best regards,
Istvan K.

Take a look at your suppliers. Who is high risk, who is medium risk, who is low risk? First pass, I wouldn't over complicate it. The higher the risk, the further and quicker you want them up to the IATF standard. Low risk suppliers, may not even need ISO. Good luck.

 

[Mikey324]

We thought of it like this:

What is the absolute minimum QMS level we want to accept = ISO 9001
What is the supplies quality performance rating?
What is the supplier delivery performance rating?

So supplier A is IATF 16949 certified. Their quality rating is 75%. Their delivery rating is 80%
Suppler B is ISO 9001 certified. Their quality rating is 99.8%, delivery is 100%

With that mentioned above, which supplier actually needs QMS development? By doing this, you are already analyzing risk using quality, delivery, and anything else of value to your organization as determining factors. We wanted to use a method that kept us compliant, but had actual value to our organization.

 

[vincee]

Hi Guys,

Coming back to this topic. My company have just received a NC during the IATF, as we were not using a risk-based model to define a minimum acceptable level of QMS development and a target QMS development level for our suppliers.
What we had defined is minimum ISO 9001 with the development towards IATF, plus we started with the MAQMSR requirement for the suppliers which do not have IATF.

But, the auditor insisted that the acceptable levels should be an outcome of a risk analysis and we should define from which supplier we require which certification (9001, 9001+MAQMSR or IATF) out of this risk analysis.

Does any of you has such a risk analysis model or maybe some hints on how should be this implemented?

Your feedback is highly apreciated.

Best regards,
Istvan K.

 

[vincee]

Hi Istvan I recommend creating some sort of matrix or heat map to track your suppliers targets based on a risk model. This will show the suppliers current status, the min. requirement, their target based on a risk model, for example SOR similar as a PFMEA. Where you first start off with a Supplier Assessment, then have the product of, Severity(S) based on the product criticality, Occurrence(O) based on the suppliers percentage of volume that is Automotive Product and Risk (R) based on the total volumes produced by your suppliers over last year...Simple Example below...Hope this helps...Good Luck!

 

[Istvan_K]

Hi Vince, many thanks for your feedback. I think about a rating from 1 to 5, for S, O and R. so it would fit to the "RPN" criterias (>18, >12, >9)
I would replace the O (Occurrence ) assessment to something related to the failures (incidents) or generally to the quality performance of the supplier, instead of the automotive share of the supplier. What do you think?