Supplier ISO 9001:2000 Certification Requirment - IATF Guidance Manual Contradiction?

D

Denise

Hello to Everyone,

It is the new year and our customers are gearing up for their surveillance audits. We do not have ISO or TS at this time. My company supplies steel to a part maker for the Big 3.

Question 1. Why does the IATF Guidance Manual to ISO/TS16949:2002 contradict what is being said about the requirement for Suppliers to have ISO certification? See quote below. It looks like 'evidence of a plan to be certified' is the minimum necessary.

Question 2. Which customer are they talking about? Big 3 or the part maker that supplies to the Big 3.

Question 3. If a company is audited by their registrar and the registrar finds that the company is dealing with a supplier that does not have ISO or TS certification, what happens to the company?

Question 4. What about new companies that want to be part of the automotive supply chain? Does this mean that any new company is out of luck when it comes to supplying for automotive until they are certified?

From the IATF Guidance Manual to ISO/TS16949:2002 page 18:
Supplier quality management system development is the demonstrated performance of a process with the goal to achieve conformity with ISO/TS16949:2002. Indicators of performance include:
- conformity with ISO9001:2000
- achievement of ISO9001:2000 certification, as a minimum, unless otherwise specified by the customer,
- compliance with ISO/TS61949:2002, unless otherwise specified by the customer,
- EVIDENCE OF A PROCESS TO ACHIEVE THE ABOVE STEPS


Looking for your comments,

Denise
 
L

Lmccrary

Denise,
You sound frustrated. Don't make it harder than it is.

#1 Follow your customers requirements. There are Customer specific requirements for the Big 3. If you have questions as to what their requirements are, contact them directly or contact your direct customers. They would probably appreciate you being pro-active.

#2 The customers they are talking about are your direct customers, the Big 3 or any other organization in the world that subscribes to the technical specification (BMW, Fiat, VW, Renault, Peugoet). If your customer requires your company to be registered, you must do so. (IMO any company wanting to do business in the automotive industry would get registered to something as soon as possible.)

#3 A company should have a process for supplier development which includes requiring your suppliers to be compliant to ISO:9000;2000 at a minimum. If they refuse and are a customer designated supplier, talk it over with your registrar. This happened at our company and the registrar accepted a letter from the supplier (from Japan) stating that they wouldn't complete our supplier survey. They since have sent us there registration timeline. I think it is a common industry understanding that suppliers will have to be registered to something in order to do business in the automotive industry.

#4 A new company falls under the same catagory as #3 in that they should show intent to register to a QMS with timelines and a letter of intent from their registrar. This IMO would be acceptable evidence.


I sent a letter to all of our suppliers stating that TS requires them to be registered and asked that they provide us with a copy of what ever certs they have or a timeline for their registration. I have received a response from almost all of them within two weeks and those that are not currently registered sent timelines for registration.

I hope this helps. Good Luck.
LMM
:)
 
D

Denise

LMM,

I am asking this because our customers (who are QS9000) think that all of their suppliers must have been certified by 12/31/2002. This comes from the QS9000 sanctioned interpretation C9. We have a timeline for TS certification (Dec. 2003) with each step defined in a gantt chart. We are working on it daily.

Do all automotive suppliers have to be certified or is the timeline acceptable? Have I misunderstood all along? I'm not sure what you are trying to say.

Denise
 
D

D.Scott

Hi Denise -

It is my understanding that under QS-9000, only suppliers to tier 1 have to be certified. Those supplying tier 2 and lower are required to work toward compliance. Your chart would document your timeline toward this compliance.

However, you say you supply a customer who supplies direct to one of the Big 3 which would make you a supplier to tier 1 and you would need to be certified. The timeline would not be sufficiant.

Check that your customer is a direct supplier, if they are not, your timeline should be good enough.

To my knowledge, there is no requirement for you (yet) to be TS certified. If you don't supply the Big 3 direct, you are only required to have ISO-900x.

Yes, you are right, the perscribed penalty for a tier 1 supplier using an uncertified supplier would be a nonconformance. There seems to be ways around this requirement if you have a customer willing to fight for you (see Angela's post) by getting a waiver on your behalf. Also, if your customers are not tier 1, there is no nonconformance as long as you are working toward compliance.

Hope this helps.

Dave
 
T

tomvehoski

Denise said:


Do all automotive suppliers have to be certified or is the timeline acceptable? Have I misunderstood all along? I'm not sure what you are trying to say.

Denise

Any company that sells production parts or critical services (heat treat, plating, etc.) to a QS-9000 company is now required to be ISO 9001 certified. If not, the QS-9000 company risks a nonconformance on their next audit. Some registrars are saying major NC, some say minor. The only ways around it are:

1. the 2nd party approved audit (which actually seems harder than 3rd party registration) outlined in the latest intrepretation

2. a customer waiver for the supplier involved

3. The QS-9000 clause about suppliers that are too small to afford certification (I think it is in Appendix I of QS).

Timeline would not be acceptable alone, but it might help get a customer to sign a waiver.
 
A

Angela-2007

My company is QS-9000 and I would like to note that suppliers do not have to certified to ISO-9001. They have to be certified to a version of ISO excluding ISO9003 or assessed and deemed compliant by a 2nd party OEM approved supplier. Also, only the suppliers that directly affect the quality of your product. Suppliers who you have defined as low volume or small mom and pop shops or companies that just distribute do not have to be certified or compliant.

Angela
 
D

Denise

"My company is QS-9000 and I would like to note that suppliers do not have to certified to ISO-9001. They have to be certified to a version of ISO excluding ISO9003 or assessed and deemed compliant by a 2nd party OEM approved supplier."

Tom, Dave, & Angela,

Would a '2nd party OEM approved supplier' be the part maker that we supply to? Again, our customer (the part maker) supplies to a Big 3 directly.

We would like to tell our customers (that supply directly to Big 3) that they are welcome to come in and audit us. We still would not be completely compliant to QS or TS but it would show their customer (Big 3) that we are well on our way to working towards it.

Can I make my own rules?.... If we have PPAPs that are acceptable to our customers (the part maker) and our customers' customer (Big 3) and a timeline for certification, then we should be 'conditionally' accepted as a supplier.

How's that? Makes sense, doesn't it?

Denise
 
A

Angela-2007

If your supplier can is QS-9000 registered and they have a trained auditor they can come and assess you. They would have to receive proper approval from Ford, GM Chrysler (only the ones they supply to) If you do not supply much to them (in comparison to their annual production) they could deem you a low volume supplier. If you are a small company that cannot take the cost on of certification they could deem you a small mom and pop company. If you do no value added work to the part you supply they could deem you a supplier. Can you make your own rules/ NO.

Angela
 
T

tomvehoski

Denise,

The big three has "approved" all of their tier-1 suppliers for 2nd party audits. The difficult part is that the auditor they send to you must have been through pretty much the same training and experience as registrar auditors. They also must conduct a full audit and show evidence. In theory the only difference between what happens at a 2nd vs. 3rd party audit is who is the auditor - they still must follow all of the same rules. You must also comply to all ISO requirements. It may be easier to pass an audit with your customer, but they must still prove to their 3rd party auditor that they did a complete, accurate audit. I have a feeling registration auditors are going to be looking closely at these supplier audits to see if they were actually done or completed over the phone, not at all, etc. as a way to slip by.

Tom
 
Top Bottom