IATF 16949 – Keep an eye on your Sanctioned Interpretations

We are entering the fifth year after the IATF 16949:2016 standard has been published. The due date for the transition audit from old standard version ISO/TS 16949:2009 to the new version IATF 16949:2016 was mid of September 2018. So by now the affected organizations should have become familiar with its requirements and how to use it.

Even if the standard was published only four years ago, the International Automotive Task Force (IATF) has already issued couple of additional changes, called Sanctioned Interpretations (SIs). The changes of requirements belong to certain clauses of the standard. These are always determined, approved & published by the IATF, as a set of changes which have to be implemented. But what is a Sanctioned Interpretation and why is it so important to be aware of them? An SI changes the interpretation of a requirement while the latest ends up in a nonconformity on which companies need to respond appropriately.

SIs January 2020

The last revision of the Sanctioned Interpretation was issued in October 2019, and has become effective this January 2020. The document can be found on the IATF homepage with free access to download. It contains eighteen sanctioned interpretations and includes all relevant clauses. In this blog entry will focus on most interesting ones.

More focus on Cybersecurity

Let’s start with a topic which has influenced three numbers of SIs: Cybersecurity. Cybersecurity is a growing risk to all organizations which deal with data, therefore it is also very important for automotive manufacturers and suppliers. It was added at following sub-clauses:

• 1.2.3 Contingency plans:
  Added requirements for preparing of contingency plan for cyber-attacks on information technology systems.
  Periodical cybersecurity testing. This may include a simulation of a cyber-attack, regular monitoring for specific threats, identification of dependencies and prioritization of vulnerabilities.

• 1.3.1 Plant, facility, and equipment planning:
  In designing plant layouts, the organization shall implement cyber protection of equipment and systems supporting manufacturing.

In my opinion it was a right decision to add cybersecurity to the standard, as we all know that it’s a hot topic in the industry with a high risk for all companies that needs to be minimised.

System Audit & Reviews

However, there are few other changes & clarifications: For example the complete audit cycle remains three years in length, or the top management shall review effectiveness and efficiency of the quality management system but with clarification that not every process requires an efficiency measure.

Product Safety

Regarding product safety IATF 16949 standard requires special approvals which were hard to implement in the past due to lack of detailed guidelines. In the last revision of the SIs, IATF is now trying to clarify how this could be done to minimize the confusions about this process and responsibilities for it.

As mentioned above, the SIs document is free for download on the IATF homepage and I would hardly recommend to take a look at it and integrate the changes in your QMS. So, keep an eye on it!

If you need support or guidance with Sanctioned Interpretations or IATF 16949 in common, please get in touch with me: info@lorit-consultancy.com

By Dijaz Maric, Quality Management & Reliability Engineering Consultant