ISO/TS16949 to IATF 16949:2016 Gap Analysis Questions


Involved In Discussions
AIAG came out with their own gap analysis last week.

Thanks for sharing AIAG gap analysis. I just got some questions from the content and would like to ask some help here.

Section Conformance of products and processes
•This requirement was adopted based on IATF survey feedback received
•It ensures two things:
–that the supplier (organization) is responsible for the conformity of outsourced processes, and
–that all products and processes meet all applicable requirements and expectations of all interested parties
•To ensure conformance of all products and processes, the organization would need to take a proactive approach to assess and address risks, and not rely only on inspection

This change looks not like a new clause even it said so. Could anyone share his or her experience about "a proactive approach to assess and address risks, and not rely only on inspection" for outsourced processes?

Section 5.3.2: Responsibility and authority for product requirements and corrective actions
•Based on survey feedback, the IATF adopted some enhancements to the requirement originally included in ISO/TS 16949 to explicitly make Top Management responsible for ensuring conformity to product requirements and that corrective actions are taken.
•IATF 16949 clarifies that there must be a process to inform those with the authority and responsibility for corrective action in order that they ensure non-conforming product is identified, contained, and not shipped to the customer.
•This implies that the assigned personnel must be always available to take prompt action to prevent release.

The clause only said promptly informed. Shall we need to define a process for this nonconformance notification to owners?

Section Risk analysis
•The need to identify, analyze, and consider actual and potential risks was covered in various areas of ISO/TS 16949.
•The IATF adopted additional requirements for risk analysis recognizing the continual need to analyze and respond to risk and to have suppliers/organizations consider specific risks associated with the automotive industry.
Organizations would need to periodically review lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework, and implement action plans in light of these lessons.
•The effectiveness of these actions should be evaluated, and actions integrated in to the organization's QMS.

Red words are not found in section Could anyone help guide where to find the requirements?

Section Determining the requirements for products and services – supplemental
•The IATF strengthened the standard by elevating Notes 2 and 3 of the former clause into requirements.
•This suggests current organizational knowledge regarding recycling, environmental impact, and product and manufacturing process characteristics should be standardized.
This knowledge would be systematically reviewed and used when determining the requirements for the products and services to be offered to customers.

Does this mean we should standardize environmental and legal requirements as our organizational knowledge, and systematically review them?
The clause didn't say they would be reviewed.
Last edited:


Quite Involved in Discussions
--- Yes. You have to:

1) collect these requirements
2) review them periodically
3) integrate them into your QMS (usually in your procedures, WI etc.)
4) evaluate the effectiveness of the implementation
5) update your QMS whenever these requirements changed
The clause didn't say they would be reviewed. --- this required in d)


Kiran Walimbe

Involved In Discussions
Section Risk analysis
For carrying out Risk analysis of a process, use of Turtle Diagram could be a good idea. It happens to be a hot favorite of practitioners of VDA 6.3 process auditing. Any opinion??
Top Bottom