IATF 16949 Clause 8.4.2.4.1 Second Party Audits (Supplier Management)

[Peters]

Your c) is currently b).
When there are no customer requirements you skip b)-stage and go directly to c)-stage, but I think in most cases there is a minimum one customer's requirement which affects supplier and exceeds ISO 9001 requirements and can be audited.

Do you mean customer specific requirements cascaded to supplier? Is it your interpretation?

 

[Sebastian]

Yes, I mean CSR.

 

[Jim Green]

Hello,

I am not sure if this is in the correct section so pardon me ahead of time.

The way I am reading the new IATF requirements, since my company is going for our IATF16949:2016 registration audit, our lead auditor is telling us that all of our Tier II suppliers must all be IATF certified also. I don't interpret that clause of IATF that way. I think that we can "approve" our suppliers via second party audits. Can any one agree or disagree with this observation? Thanks.

That is what makes this whole thing so frustrating. It does not say all tier 2 suppliers have to be certified... So businesses are gonna get knocked off unnecessarily due to the usual misinterpretation.

 

[AMIT BALLAL]

There is a sanctioned interpretation released by IATF, which has mandated ISO9001 certification of suppliers.

There is no requirement that all of suppliers have to be IATF certified. You can define criteria and path for developing QMS of suppliers towards IATF certification. You can decide which suppliers to be taken towards IATF certification and which not, and why. Following are the links to similar threads which might be useful to you:

IATF 16949 Cl. 8.4.2.3 - Supplier Quality Management System Development

IATF 16949 - Cl. 8.4.2.3 - Which type of suppliers could be exempt of ISO 9001

 

[jack770214]

That is what makes this whole thing so frustrating. It does not say all tier 2 suppliers have to be certified... So businesses are gonna get knocked off unnecessarily due to the usual misinterpretation.

No they have to be 9001 working toward IATF compliance. If all the IATF companies just started dropping the standard cert the OEMs would have no suppliers. The aiag better watch itself or they may face a rebellion.

Sent from my LGMP260 using Tapatalk

 

[Laurie Wright]

Can anyone share their procedure for this clause? Struggling here for compliance

 

[malasuerte]

Hi Laurie

Do you not have an Internal Audit Program?

Honestly, there really is not much of a difference. You simply need to have a program that can go out and audit your suppliers.

The only real exception is documenting if you are using the audits for any of a-e specifics in the clause.

Supplier risk Assessment: You got audit your supplier in advance of selection
monitoring: ongoing and based on performance
development: if you are going to help them develop
product/process audits: just like your internal program

If you still need help, a conversation may be better. feel free to pm me and we can chat sometime.

 

[malasuerte]

Can anyone share their procedure for this clause? Struggling here for compliance

Hi Laurie

Do you not have an Internal Audit Program?

Honestly, there really is not much of a difference. You simply need to have a program that can go out and audit your suppliers.

The only real exception is documenting if you are using the audits for any of a-e specifics in the clause.

Supplier risk Assessment: You got audit your supplier in advance of selection
monitoring: ongoing and based on performance
development: if you are going to help them develop
product/process audits: just like your internal program

If you still need help, a conversation may be better. feel free to pm me and we can chat sometime.

 

[AndyN]

Hi Laurie

Do you not have an Internal Audit Program?

Honestly, there really is not much of a difference. You simply need to have a program that can go out and audit your suppliers.

The only real exception is documenting if you are using the audits for any of a-e specifics in the clause.

Supplier risk Assessment: You got audit your supplier in advance of selection
monitoring: ongoing and based on performance
development: if you are going to help them develop
product/process audits: just like your internal program

If you still need help, a conversation may be better. feel free to pm me and we can chat sometime.

I'm not sure I'd agree with these assertions. Apart from anything else, it's not REQUIRED to audit suppliers, otherwise, why have IATF certification. That's one of the problems supplier keep raising with the OEs - why do you keep auditing us?

Many smaller businesses have no infrastructure to audit suppliers. Saying it's an internal audit on supplier risk steroids is an over simplification, IMHO.

 

[malasuerte]

I'm not sure I'd agree with these assertions. Apart from anything else, it's not REQUIRED to audit suppliers, otherwise, why have IATF certification. That's one of the problems supplier keep raising with the OEs - why do you keep auditing us?

Many smaller businesses have no infrastructure to audit suppliers. Saying it's an internal audit on supplier risk steroids is an over simplification, IMHO.

That was not the intent of my statement. My response is to the process of 2nd party audits. I don't think it is an "oversimplification" - actually I feel a simplified approach is best in many cases.

The clause does state: "The organization shall include a second-party audit process in their supplier management approach."


"Based on a risk analysis, including product safety/regulatory requirements, performance of the supplier, and QMS certification level, at a minimum, the organization shall document the criteria for determining the need, type, frequency, and scope of second-party audits."


So if you shall have a process and you shall document when you need a 2nd party audit, I would think that means you may actually need to audit suppliers once and a while.

But, I guess if you can justify that you never need to audit suppliers, then so be it....but you still have to document the process!

But this is only from my experience at a multi-billion dollar company w/ the infrastructure as you say.....so I could be off as it pertains to smaller companies.