ISO/TS 16949 vs. ISO 9001

[Crimpshrine13]

I work for the ISO/TS 16949 certified company, which parent company is ISO 9001 certified in foreign country. The third party audit from last year discovered that we were supposed to include our parent company as supporting function for 7.3 Process Design.

Now this year, we're going to do this extension audit on our parent company, but it worries me so much that their system does not meet the expectation of the extension audit.

The problem is, that when I reviewed their documents, I have discovered numbers of things that are not done correctly, yet their local CB is passing each audit (both re-certification and surveillance) only with Opportunity for Improvements, and no NCs.

Such is for example, two internal audits being conducted had discovered some of the things that they were not doing according to the procedure and also not recording what they were supposed to be recording, but the internal auditor had put those in OFI section and did not issue CA. During the re-certification audit, this is completely either overlooked or ignored and the third party auditor did not mention anything about it at all.

Another example is that management review minutes does not indicate that the minimal items such as on-time delivery, CA & PA, customer complaints were discussed although the procedure manual says to discuss over these items during the management review meetings. This was also not mentioned during the re-certification audit.

Per ISO/TS 16949 standard, these are very basic and must items that need to be done, but it appears to be that the local CB doing ISO 9001 audit is letting slide many things and just citing any issues as OFI.

How strictly ISO 9001 audited by the third party CBs? With ISO/TS 16949, IATF is overlooking what CBs are doing under the strict rules, but I didn't think ISO has similar function.

I was also recently reading the CSR for Fiat/Chrysler, and it said " ISO 9001 certification through an IATF-recognized Certification Body is recommended." I am thinking this is because many ISO 9001 registered suppliers are probably not meeting their expectation although they require all suppliers to be ISO/TS 16949 compliant, which is the case here with the problem I am having.

Is anyone here familiar with ISO 9001 audit in comparison with ISO/TS 16949 audits?

 

[Jen Kirley]

My experience with TS 16949 audits is that they were rigorous, but the Internal Audit process was not audited to the extent of contents of the audit records.

ISO 9001 audits are also supposed to be rigorous. I try to be thorough when I do mine. TS 16949 adds the sub-elements and requirements of core manuals: FMEA, SPC, MSA, PPAP and APQP. TS 16949 auditors will ask for control plans but as an ISO 9001 auditor I am not required to ask for any of these things.

It's true that there is variation among CB auditors between registrars, regions and accrediting body overseers. I have heard a lot of complaints about lax auditing in developing nations. How must of it is true, I do not know.

 

[Confussed]

We have lax auditors here in the USA in all of the Registrars, unfortunately they appear not to have any concern but to make the customer happy.
Put your best effort into your system and you will be fine. If they actually do have a finding they must reference the standard and what section etc.
Good Luck

 

[Crimpshrine13]

We have lax auditors here in the USA in all of the Registrars, unfortunately they appear not to have any concern but to make the customer happy.
Put your best effort into your system and you will be fine. If they actually do have a finding they must reference the standard and what section etc.
Good Luck

The original post is from 2015 and what I'm responding is how I perceive it now.

Unfortunately, I don't think it is really the country-based issue. The issue is the ISO 9001. ISO 9001 does not have a taskforce or board that watches over the standard and compliance (maybe because ISO 9001 is not an industry-specific standard). IATF is different. IATF is under strict rules and these auditors are not laxed. They will not let you go if you're not complying with the standard because CBs will get in trouble, too (and this was becoming that way for ISO/TS 16949 as well just before transitioning to IATF 16949). When we had an auditor issue and the CB didn't handle the matter right, I actually took it to IAOB to get things resolved (and actually that is a good thing about IATF). IAOB observes what CBs do in the U.S. and certain audit documents are reviewed by them, too, so CBs can't really get away from it either. But, with ISO 9001, there's no organization that oversees the system like IATF, so CBs that do ISO 9001 audits but not IATF 16949 are laxed (to gain more business), and this really doesn't sit well with what's required for IATF, and this always gets me in trouble, and ISO auditors being laxed isn't the issue just in the U.S., but also in Japan as well.

 

[John Broomfield]

Best not to rely on the auditors.

Where are the leaders and managers on this?

For example, have you developed a service specification with your parent company so they know exactly what your company needs from them to fulfill customer requirements?

 

[Guest]

ISO 9001 does not have a taskforce or board that watches over the standard and compliance

But it does. And they visit here and other forums too

Unfortunately, I don't think it is really the country-based issue.

True

IATF is different. IATF is under strict rules and these auditors are not laxed. They will not let you go if you're not complying with the standard because CBs will get in trouble, too

Experience shows there's no difference. Customers don't push back, because they fear reprisals.

IAOB observes what CBs do in the U.S.

Does that make any difference? When they see the police on the highway, drivers slow down. It's called the Hawthorne Effect.

When we had an auditor issue and the CB didn't handle the matter right, I actually took it to IAOB to get things resolved (and actually that is a good thing about IATF)

It shouldn't need that to happen, should it?

 

[Crimpshrine13]

Best not to rely on the auditors.

Where are the leaders and managers on this?

For example, have you developed a service specification with your parent company so they know exactly what your company needs from them to fulfill customer requirements?

They already know what they must do. They're just not fully committed. They've been talking about getting certified to IATF 16949 (and previously ISO/TS 16949), but it never happens, and this has been going for years. They've done 2 x stage 1 audits (readiness audit) and failed with too many non-conformities. Some of them were majors that couldn't be easily fixed, and they had to go with ISO 9001 so that at least there's a certification, but it's the management commitment issue at the end. I've warned them many times that with the size of our companies (both parent company and us are very small), we need someone internally who can put things together, oversee the quality management system on a daily basis, provide basic quality training to personnel, and always be on top of it because what's required in IATF is a different scale than ISO 9001, and that without that kind of personnel, it is harder to just assume that each department would do what they are supposed to be doing because we just don't have the same kind of manpower, and when things get extremely busy for any reason, something may fall in the crack (and we do have someone like that in our quality department primarily responsible for managing quality management system, but the parent company doesn't).

Being "compliant to IATF 16949" is really a gray zone because if the organization is ISO 9001 certified but not certified to IATF 16949, there's not really anyone that reviews their quality system other than the customers (2nd party), but if these customers really don't push for the 2nd party audits, it's left untouched regardless unless the customers are extremely dissatisfied. And, it would be an awkward situation for us to audit them, too, being in the parent-subsidiary relationship and wouldn't be an option.

I do request for corrections to comply with IATF requirements when quality issues occur with their product (pass-through items) though because I'm addressing the issues on behalf of our customers, and I know that our customers wouldn't accept corrective actions that are incomplete, so I always reject the corrective actions until the actions are complete fix and reasonable explanations are presented.

 

[John Broomfield]

…and what is your progress on developing the service specification with the parent company?

Give top management an opportunity to commit to a solution.

ISO-speak or IATF-speak rarely captures their imagination, let alone commitment.