Regras IATF

Automotive certification scheme for
ISO/TS 16949:2002
Rules for achieving IATF recognition
2nd edition for ISO/TS 16949:2002
final draft – May 31, 2004
Rules for achieving IATF recognition ---- Second Edition for ISO/TS 16949:2002
© 2004 - ANFIA, © 2004 - CCFA/FIEV, © 2004 - SMMT, © 2004 - VDA, Page 1
© 2004 - DaimlerChrysler, © 2004 - Ford Motor Company, © 2004 - General Motors Corp. of 46
All rights reserved May 31, 2004
This document has been originated by the International Automotive Task Force. Copyright for this text is
held by ANFIA, CCFA/FIEV, SMMT, VDA (see below) and the vehicle manufacturers DaimlerChrysler,
Ford Motor Company, General Motors Corp..
Neither this document nor any extract from it may be reproduced in a retrieval system or transmitted in any
form or by any means, electronic, photocopying, recording or otherwise without prior written permission
being secured.
Requests for permission to reproduce and/or translate this document or any extract from it should be
addressed to one of the organizations below :
International Automotive Oversight Bureau (IAOB/USA)
Associazione Nazionale Fra Industrie Automobilistiche (ANFIA/Italy)
Comité des Constructeurs Français d'Automobiles (CCFA/France)
Fédération des Industries des Équipements pour Véhicules (FIEV/France)
Society of Motor Manufacturers and Traders (SMMT/UK)
Verband der Automobilindustrie – Qualitäts Management Center (VDA-QMC/Germany)
The IATF consists of automotive OEMs and industry associations. The IATF recognizes certification bodies
to conduct audits and issue certificates to Organizations that will be recognized by its members through
IATF Oversight Offices. The IATF Oversight Offices contract with the certification bodies and conduct
evaluations of certification body performance. The IATF Recognition Scheme is defined in ISO/TS
16949:2002, the following Rules for achieving IATF recognition, and any Frequently Asked Questions
(FAQs) and Sanctioned Interpretations (SI) that are issued by the IATF.
a FAQ is an explanation of an existing rule or requirement.
A SI changes the interpretation of a rule or a requirement which itself then becomes the basis
for a nonconformity
Frequently Asked Questions and Sanctioned Interpretations are posted on the Oversight Office web sites
at the following addresses :
www.iaob.org
www.vda-qmc.de
www.anfia.it
www.smmt.co.uk
www.iatf-france.com
Automotive certification scheme for ISO/TS 16949:2002
Rules for achieving IATF recognition (2nd edition for ISO/TS 16949: 2002)
The requirements herein referred to as “Rules”, with regard to ISO/TS 16949:2002 implementation
include criteria for certification body recognition, certification body audit process, certification body
auditor qualifications and, certificates. These requirements are binding on certification bodies
recognized by IATF for ISO/TS 16949:2002 certification. Should a certification body be uncertain
regarding the application of these rules they should refer to their IATF Oversight Office.
These rules are subject to periodic review and may be modified at any time at the sole discretion of
IATF after consultation with appropriate stakeholders.
All the Annexes included in this document shall be considered as normative, that is part of the
requirements and not just for information.
Note : Within this document :
the use of the term certification is synonymous with registration, and.
in order to be consistent with ISO 9001:2000, the term “organization” replaces the term
“supplier”.
1 Certification Body
1.1 The certification body shall be accredited for ISO 9001:2000 certification activities by a national
accreditation body. The application process for certification bodies to achieve IATF recognition is
maintained by the IATF Oversight Offices and is not included in these Rules.
The certification body shall conduct ISO/TS 16949:2002 certification activities in accordance with the
scope defined in their ISO 9001:2000 accreditation.
The certification body shall include in their operating procedures a description of their processes,
their sequence and interactions. The certification body shall perform internal audits using a process
approach.
Breach of these rules by any part of a certification body organization shall initiate the de-recognition
process and may result in cancellation of the IATF recognition.
1.2 Where a certification body has multiple offices involved in the ISO/TS 16949:2002 certification
process, the following conditions shall be fulfilled.
The certification body shall use a common quality management system including the same
procedures for all the local offices.
One of the offices shall be designated to interface with IATF, and be approved by IATF, as the
contracted office for the certification body. This contracted office will be the only contact
between IATF and the certification body and will be responsible for the control of all ISO/TS
16949:2002 certification related activities.
1.3 The certification body shall conform to ISO/IEC Guide 62:1996, “General requirements for bodies
operating assessment and certification of quality systems”, and these rules. These apply in particular
but are not limited to customer and organization complaints.
1.4 The certification body procedure for customer and organization complaints shall encompass at a
minimum a documented corrective action process (including root cause analysis and systemic
corrective action) and a record of complaint resolution.
1.5 In order to avoid conflict of interest, certification bodies that have provided management system
consulting services or site-specific auditor training within the prior two years to a particular company
shall not contract as a certification body for that company or its sites.
This restriction includes related bodies of the same parent company or affiliates, where the validity or
reliability of an audit can be questioned because of a consulting relationship.
Note : Consulting is the provision of training, documentation development, or assistance with
implementation of management systems to a specific organization.
Training open to the public, not organization specific, and held at a public forum is not
considered consulting.
1.6 The certification body may perform a “pre-audit”/”pre-assessment” which is an audit prior to the
Stage 1 – readiness review that generates non-binding findings at the organization’s sites without
recommending solutions.
In order to perform this pre-audit, the certification body shall nominate an auditor agreed to by the
organization.
The following rules shall be respected :
The pre-audit shall not be considered as part of the initial audit,
The pre-audit shall be conducted during a single visit to the site,
The duration of the pre-audit shall not exceed 80% of the days for the Stage 2 site audit (see
Annex 3),
The auditors used shall not be part of the audit team for the initial certification audit,
Time dedicated to the pre-audit will not reduce audit days requirement (see Annex 3),
More than one pre-audit on any one site in the same company shall be considered consulting.
1.7 The scope of certification shall include all manufacturing (see ISO/TS 16949:2002 clause 3.1.6)
meeting the applicability of ISO/TS 16949:2002 supplied to customers subscribing to ISO/TS
16949:2002.
The scope of certification may also include, at the decision of the organization, manufacturing (see
ISO/TS 16949:2002 clause 3.1.6) meeting the applicability of ISO/TS 16949:2002 supplied to
customers not subscribing to ISO/TS 16949.
1.8 The certification body shall have at least one member of those responsible for their certification
decision making function who shall exercise veto power with regard to all ISO/TS 16949:2002
certification decisions made by the certification body. This individual shall not be a participant in the
audits for which they are participating in the certification decision.
These persons with veto power shall be approved by the contracting IATF Oversight Office.
1.9 The certification body shall have an internal witness audit process that has the initial and continuing
authority for approval or rejection of their auditors.
This process shall be approved by the IATF Oversight Office.
1.10 Each certification body contracted by IATF for ISO/TS 16949:2002 certification shall enter the
required information in the IATF data base within one week after the certificate has been issued for
an initial or recertification audit, and within 2 weeks of the completion of a surveillance audit. This
information shall be in the specified format, in English.
1.11 Records
Certification bodies shall maintain the following records:
a. copies of scheduled audits showing time and assigned auditors,
b. auditor qualification records (full-time and sub-contract),
c. the quotation file to the organization, including the audit days and audit day fee,
d. the report of readiness review, including the evidence that all the requirements of ISO/TS
16949:2002 are addressed by the organization’s processes,
e. the audit plan (agenda) demonstrating process approach, including coverage of customer-
specific requirements where applicable,
f. the final audit report, including lead auditor recommendation regarding certification,
g. copies of all findings issued, surveillance audit reports, follow up reports, and other
documentation leading to correction of the non-conformities,
h. audit logs as maintained by each audit team member (e.g. IRCA),
i. copy of the certification decision,
j. copy of the certificate issued,
k. auditors initial approval (see 1.9) and continuous performance evaluation.
All the records specified above may be stored in hard copy or electronically and accessible during an
office assessment. The records specified above shall be retained for the life of the associated
ISO/TS 16949:2002 certificate plus at least 3 years.
Records shall remain legible, readily identifiable and retrievable. The certification body shall establish
a documented procedure that defines the controls for the identification, storage, protection, retrieval,
retention time and disposition of records.
2 Audit Process
The initial certification audit shall be conducted in two stages : stage 1 - readiness review (one or two
days on site ) and stage 2 – site audit (see Annex 1).
Stage 1 - Readiness review : see ISO/IEC DIS 17021 Annex A except paragraph A.3.
Stage 2 - Site audit : see ISO/IEC DIS 17021 Annex B.
The stage 2 site audit days requirements are illustrated in Annex 3 and certification bodies shall
apply the audit days calculator software program provided by their IATF Oversight Office.
2.1 The certification process shall address all ISO/TS 16949:2002 requirements according to Annex 1
which incorporates requirements from ISO/IEC DIS 17021 :
Note 1 : For exclusions, see clause 1.2 of ISO/TS 16949:2002.
Note 2 : For OEM vehicle assembly, ”contract review” and the “contract” are represented by the
internally documented marketing requirements for vehicle brand, mix and volumes.
2.2 Any "site" may elect to pursue third party certification to ISO/TS 16949:2002, however, such "sites"
shall have demonstrated capability to conform with all ISO/TS 16949:2002 requirements. (See
Annex 1). For corporate audit scheme all sites shall be audited, the sampling of sites is not allowed.
Conformance with ISO/TS 16949:2002 for third party certification shall be based on objective
evidence of meeting each applicable requirement, including customer specific requirements, at the
time of audit.
If during the stage 2 site audit, it becomes evident from the number of major non conformities
identified that certification will not be achieved, the audit team leader in discussion with the
organization may conclude that the audit should be terminated (see Annex 1). When this occurs, any
re-audit shall commence from the beginning of the process.
2.3 Supporting functions on site or remote, e.g., engineering, contract review, purchasing, warehouses,
shall be included in the initial and ongoing surveillance audits. Audit planning and execution shall
take into account all supporting functions, and the interfaces between them shall be defined and
audited. The certification body audit plan shall address all applicable processes at each location.
Where an organization also has manufacturing activities that do not meet the applicability of ISO/TS
16949:2002, the audit shall focus upon product and services that do meet the applicability.
For the initial audit, remote supporting functions shall be audited prior to the manufacturing site. The
audit plan of remote supporting functions shall be such that process sequences and interfaces are
appropriately addressed.
Supporting functions shall be audited as they support a site but cannot obtain independent ISO/TS
16949:2002 certification.
The design function, on site or remote, shall undergo surveillance audits at least once within each
consecutive 12-month period. Other remote or support functions shall be audited as required to
support the “site,” but shall be audited at the initial (or re-certification) audit and at least once more
during the life of the certificate. Additional audits of remote or support functions may be necessary
based upon their demonstrated performance as seen on the site(s) it supports.
In situations where remote supporting functions support many production sites, and these sites are
audited by more than one certification body, the organization has two options :
First, each certification body may audit the remote supporting locations.
Second, a certification body may accept the audit by another recognized certification body of
the remote supporting locations subject to the following provisions:
o the audit by the other certification body shall cover the complete product scope of those
functions, consistent with the process based audit approach,
o the organization shall provide to the certification body a copy of the audit plan, audit
report, all findings, all corrective actions, and all verification actions by the other
certification body. This information shall be in the language agreed between the
organization and the other certification body,
o the information shall confirm during the readiness review that all the interfaces between
the remote supporting location and the site were adequately audited by the other
certification body,
o copies of all surveillance and re-certification audits reports of the remote supporting
location by the other certification body shall be provided by the organization to the
certification body,
o verification of the organization’s corrective actions shall be conducted by the certification
body that audited the remote supporting location. Copies of all on site verification
activities will be provided by the organization to the certification body.
2.4 A letter of conformance may be issued by the certification body for a maximum of twelve months only
in the following situations :
a) a new site exists.
After 12 months production, the certification process will proceed by the same certification
body with a Readiness Review and initial audit with a maximum 50% possible reduction in
audit days.
b) an organization that can demonstrate it is on an active bid list for a customer requiring
ISO/TS 16949:2002 certification or compliance.
If a contract has not been issued within 12 months, the organization may re-apply for another
letter of conformance.
The letter of conformance may be issued by the certification body, after :
the organization is able to supply the information required for the Readiness Review including
internal and external performance data and one full cycle of internal audits and management
review, but not twelve months of internal audits and performance data, and
the relevant site has been audited to ISO/TS 16949:2002 and found compliant.
2.5 The entire quality management system shall be assessed at a minimum of once every three years.
The audit cycle shall be based upon the dates of the initial certification audit. The time interval
between initial certification and re-certification audit or between two re-certification audits shall not
exceed 3 years.
Audit Cycle:
3 Years Maximum from Initial Audit to Recertification Audit.
A
U Date of end of
D on site initial audit Date of Recertification Audit.
Maximum 3 years from the
I See Annex 1, T3 to T6 See Annex 1, T3 to T6
date of the end of on site Initial
T Audit
C
E
R
T
Date the CB issues the certificate.
I
Certification Date This is a short time after the Certification Decision. Re-Certification Date
F Date that the certification decision is Date that the certification decision is
I made by the CB. made by the CB.
C
A
T Certificate Cycle:
E Initial Certificate: 3 Years Maximum from Initial Audit to Recertification Audit.
Certification date: Date that the certification decision is made by the CB.
Expiry Date: Maximum 3 years from the Certification Date.
2.6 Audits by the certification body shall be conducted according to the process approach. (see Annex 5)
2.7 Utilizing the process approach, all requirements of ISO/TS 16949:2002 and all applicable customers
specific requirements shall be audited during the stage 2 site audit, during the surveillance audit
cycle, and during the re-certification audit.
Each on-site audit (initial, surveillance, and recertification) shall include an audit of :
a) implementation of requirements of new customers since last audit,
b) customer complaints and organization response,
c) organization internal audit and management review results and actions,
d) progress made toward continual improvement targets,
e) effectiveness of the corrective actions and verification since the last audit,
f) effectiveness of the management system with regard to achieving both customer and
organization objectives.
Every audit shall include auditing on all shifts [see Annex 3, item 6)]. Manufacturing activities shall be
audited on all shifts where they occur.
Each surveillance audit shall be planned around the processes of the organization, taking into
account current customer and internal performance data, internal audit and management review
results, and the same information pertinent to any new customers since the previous audit. Items a)
and b) above, are recommended to be obtained during surveillance audit planning.
Each surveillance audit shall re-examine some of the organization processes so that all processes
and all customer specific quality management system requirements have been re-examined within
each three year cycle. The audit report shall clearly show the part of the system that was audited.
Every re-certification audit shall re-assess the effective inter-action between all the processes
defined in the quality management system and the overall effectiveness of the management system
in its entirety taking into consideration internal and external changes which may have affected the
quality management system.
2.8 An audit finding shall have three distinct parts:

a statement of nonconformity,
the requirement, or specific reference to the requirement,
the objective evidence observed that supports statement of nonconformity.
2.9 A major nonconformity is one or more of :
the absence of or total breakdown of a system to meet an ISO/TS 16949:2002 requirement. A
number of minor nonconformities against one requirement can represent a total breakdown of
the system and thus be considered a major nonconformity.
any noncompliance that would result in the probable shipment of nonconforming product. A
condition that may result in the failure or materially reduce the usability of the products or
services for their intended purpose.
a noncompliance that judgment and experience indicate is likely either to result in the failure of
the quality management system or to materially reduce its ability to assure controlled
processes and products.
A minor nonconformity is a failure to comply with ISO/TS 16949:2002 which based on judgment and
experience is not likely to result in the failure of the quality management system or reduce its ability
to assure controlled processes or products. It may be one of the following :
a failure in some part of the organization’s quality management system relative to ISO/TS
16949:2002.
a single observed lapse in following one item of a company’s quality management system.
All non-conformities shall be recorded and shall not be closed during the audit. The certification body
shall require the organization to submit root cause analysis and evidence of systemic corrective
action for each non-conformity issued.
2.10 Quality management systems shall not be certified to ISO/TS 16949:2002 if open minor or major
non-conformities to ISO/TS 16949:2002 exist.
After certification, when a nonconformity is identified by the certification body, then the de-
certification process shall be initiated (see Annex 4).
Note : Such identification can occur as a result of a customer complaint.
2.11 The audit plan shall be based upon the processes of the organization, and shall include all
requirements of the organization's quality management system implemented to meet the
automotive requirements of those customers recognizing ISO/TS 16949:2002 certification of their
suppliers, even when these requirements go beyond ISO/TS 16949:2002.
2.12 The audit plan shall include evaluation of all of the organization’s quality management system
requirements for effective implementation of ISO/TS16949:2002 as well as for effectiveness in
practice. Assessment shall evaluate the effectiveness of the system, its linkages, its requirements
and its performance. Part of the evidence required is process based internal audits of these
processes followed by a management review.
Note : Effectiveness of the system should consider how well the system is deployed, as
demonstrated by the measures defined by the organization to meet customer satisfaction and
company objectives.
3 Audit Team
3.1 Auditors
The certification body shall evaluate all auditor candidates and shall have evidence available to
demonstrate competence as required in Annex 2 as follows :
a. be employed by or under contract to an IATF contracted certification body,
b. be qualified ISO 9001:2000 auditors (See Annex 2, Section 1),
c. be competent in automotive core tools knowledge (See Annex 2, Section 2),
d. have conducted at least 3 ISO 9001:2000 third party audits as a lead auditor in manufacturing
industries (see Annex 2, Section 3),
e. meet the work experience requirements outlined in Annex 2, Section 3.
Auditor candidates shall be sponsored for and pass the IATF Sanctioned Automotive Training and
any subsequent re-qualification specified by IATF(see Annex 2, Section 4).
Upon successful completion of the sanctioned training, the auditor will be issued an IATF
identification card.
The sponsoring certification body will be issued a certificate for the auditor. Additional certification
bodies wishing to employ the auditor shall apply to the training organization named on the certificate
for a duplicate certificate bearing their name.
Both certificates and card are the property of the IATF and must be returned upon request.
Achieving IATF qualification shall be followed by the certification body internal development of
auditors leading to evaluation of competence in the field. When auditors are employed by multiple
certification bodies, each certification body is responsible for ensuring that the auditor is competent in
that certification body’s processes.
Auditors shall conduct a minimum of three (3) ISO/TS 16949:2002 audits, with a minimum total of six
(6) audit days, per year. Failure to do so will result in withdrawal of the auditor credentials.
3.2 All ISO/TS 16949:2002 audit teams, including surveillance, shall satisfy the following :
consist of IATF qualified auditors to conduct audits in the name of the certification body,
Note : The audit team may use external technical experts as necessary. This will be additional to
the audit days requirement. (See Annex 3 :”Audit days requirements”)
at least one team member shall have relevant sector specific experience for all commodity
codes which apply to the scope of certification at that site,
no member of the audit team shall have provided consultancy for the organization in the two
years prior to the audit.
3.3 At least one auditor of the initial audit team should participate in all audits of the three year audit
cycle. For each subsequent audit cycle, different auditors should be used.
3.4 The certification body shall annually evaluate auditor performance in determining effective
implementation of ISO/TS 16949:2002 requirements, including the internal witness audit process
(see 1.9). Such evaluations shall also include feedback from IATF witness audits, post-audit surveys,
and feedback from organizations audited and their customers.
3.5 The audit team shall provide a full report on the operations audited consistent with the content of
Annex 1 “Rules for auditing quality management systems according to ISO/TS 16949:2002” to the
organization audited within 15 working days of each initial, surveillance, and re-certification audit
unless otherwise agreed by the organization.
3.6 The contract between the certification body and the organization shall contain the following items :
The organization shall notify the certification body of any changes relating to legal, commercial,
organizational status or ownership,
The organization cannot refuse an IATF witness audit of the Certification Body,
Access authorization for IATF representatives or their delegates,
Authorization to provide the final report (see Annex 1, section 3) to the IATF,
The only use of the IATF logotype related to this certification scheme is as displayed on the
certificate issued by the certification body.
4 Other Requirements
4.1 Consultants to the organization cannot participate in the audit.

4.2 The certification body shall support the IATF activities.
4.3 The certification body shall neither violate copyright of any IATF documents , nor violate the
copyright of or infringe the trademarks of any IATF members.
The only use of the IATF logotype related to this certification scheme by the certification body is on
the certificate as defined in section 5 of this document.
4.4 Before the certification body can issue any certificate, they shall satisfy the IATF recognition
process.. Corrective actions required during this recognition process shall be verified for
effectiveness before certification activities continue.
Note : The document review of the certification body’s procedures in compliance with these
Rules shall be conducted prior to the recognition witness audit. This witness audit shall occur
during one of the five first ISO/TS 16949:2002 audits conducted by the certification body. This
should be a product design responsible organization audit. The recognition office assessment
will usually follow this witness audit and will review implementation of the processes of the
certification body for ISO/TS 16949:2002.
4.5 Ongoing recognition of the certification body shall be verified through IATF oversight activities :
Conduct ongoing surveillance witness audits, according to Table 4.5 below;
Develop an audit schedule for these ongoing surveillance witness audits of its ISO/TS
16949:2002 recognized certification body offices taking into account all countries where
ISO/TS 16949:2002 certificates are issued by each certification body;
Schedule ongoing surveillance witness audits to observe as many different auditors as
possible across all certification bodies.
Table 4.5:
Annual Assessments of Certification Body
Annual number of
< 30 31-100 101-250 251-500 501-750 > 750
ISO/TS16949 Certificates
Minimum number of annual :
Office Assessments * 1 1 1 1 1 1
Witness Audits ** 1 2 3 4 5 6
* Office assessments of the ISO/TS 16949:2002 recognized certification body are to be

conducted at the contracted office. Results may lead to assessments of other offices. Office
assessments shall review certification body conformance with all requirements of the Agreement,
“Rules”, and all Annexes. (e.g. timely notification of certifications and changes to the IATF
database).
** Witness audits are to be conducted, at a site, witnessing an audit team from a certification
body during an ISO/TS 16949:2002 audit to verify certification body conformance with all
requirements of ISO/TS 16949:2002, including the “Rules”, Annexes, and any ISO/TS 16949:2002
sanctioned interpretations subsequently issued. The global distribution of these witness audits
should be in proportion to the certificates issued by region. The certification body shall provide a
schedule of audits upon request from the contracting IATF Oversight Office. Pre-requisite for the
witness audit is the provision of the readiness review documents of the organization by the
certification body including information as detailed in Annex 1.
All non-conformities issued during witness audits or office assessments shall be closed by the
certification body within 60 days. The IATF Oversight Office shall verify the effective implementation
of the corrective action taken. Such verification may occur at a follow-up audit or at the next office
assessment or witness audit. When a certification body cannot close issued non-conformities within
60 days, the IATF Oversight Office may extend the period with special monitoring activities. If a major
non-conformity remains open after 60 days, the certification body de-recognition process shall begin.
The above table is the basis of IATF witness audits of the IATF certification scheme. IATF reserves
the right to undertake additional activities in response to corrective action follow up, or based upon
performance.
4.6 The certification body shall not operate as both a quality management system certification body and
as a quality management system accreditation body.
4.7 Certificates to ISO/TS 16949:2002 shall only be issued by IATF contracted certification body offices
for a maximum validity of three years (see 2.5).
4.8 The certification body shall not subcontract audits to ISO/TS 16949:2002. No activity except the use
of auditors shall be sub-contracted.
4.9 An upgrade audit is an initial audit, and all the requirements of an initial audit apply except as
modified below.
Existing certification(s)
Conditions for upgrading certification to
ISO/TS 16949:2002
INITIAL AUDIT DAYS MAY BE REDUCED TO THE

YES AUDIT DAYS OF A RECERTIFCATION AUDIT
defined in the Annex 3 *
INITIAL AUDIT DAYS MAY BE REDUCED BY NO MORE

YES YES THAN 50% OF THE AUDIT DAYS OF AN INITIAL AUDIT

YES YES THAN 50% OF THE AUDIT DAYS OF AN INITIAL AUDIT

YES THAN 30% OF THE AUDIT DAYS OF AN INITIAL AUDIT
* If the scope is unchanged, only the 4 cases above can have reduced audit days. Consistent
with the process approach, all additional requirements between the existing certification and
ISO/TS16949:2002 shall be addressed, during “upgrade” audits..
* If the scope is expanded, the audit days reduction of the table above can not be applied.
100% of the required audit days for the initial audit shall be applied.
* The certification body shall be the same for the former certification and for the new ISO/TS
16949:2002 certification. In no case can an upgrade audit be performed prior to the first
surveillance audit following a certificate transfer between certification bodies.
Note : Whenever the 4.9 upgrade percentage reduction is applied, the maximum possible audit
day reduction (when combined with non-product design responsible and corporate scheme) will
be 50%.
4.10 If an organization certified to ISO/TS16949:2002, by a recognized certification body elects to change

of certification body and to continue certification to ISO/TS16949:2002, then the following steps must
be followed, in sequence
The new certification body must be recognized by IATF,
The existing certificate must be valid, with no open non-conformities,
The new certification body must perform a review of the previous audit report and all findings
issued by the existing certification body,
The new certification body must perform a basic document review and a review of key
indicators of quality management system performance,
The new certification body shall conduct an audit, the equivalent of a re-certification audit,
The new certification body must notify IATF of the change in certification,
The process must in all cases continue to meet the “Rules”,
The new certification body shall enter the previous IATF certificate number into the IATF data
base. This is to trigger the transfer of the historical certification data in the IATF data base.
4.11 IATF reserves the right to send a delegate to the executive management committee of the
certification body to review the decision making process for ISO/TS16949:2002 certificates.
If a certification body places an existing ISO/TS 16949:2002 certified organization on suspension
(see Annex 4) because of quality management system non-conformities or a violation of the rules of
certification, the certification body shall enter the information in the IATF data base and notify their
IATF oversight office by email or fax, within 10 working days.
If an organization is put on suspension because of a customer concern :
the date of suspension shall be the date of the customer concern, not the date of notification by
the organization or the date of action by the certification body,
the certification body shall verify, on site, the effective implementation of corrective action
before removing them from suspension.
If a certification body withdraws the ISO/TS 16949:2002 certificate, the certification body shall:
enter the information in the IATF database,
notify the IATF by email or fax within 10 working days,
require the organization to return its IATF certificate,
require the organization to send out a written notice that it is no longer certified to its customers
requiring ISO/TS 16949 certification.
4.12 The certification body shall report to IATF any change in status of its management system
accreditation(s).
4.13 Cancellation of IATF recognition of a certification body for ISO/TS 16949:2002 may occur upon :
Violation of any provision of the contract,
Violation of these Rules,
Loss of ISO 9001 accreditation,
Failure to conduct a minimum of twenty-five (25) ISO/TS 16949:2002 site audits (initial,
surveillance or recertification ) per calendar year,
Inadequate performance as identified by IATF.
In the event of loss of IATF recognition, the certification body is responsible for the remedies for their
ISO/TS 16949:2002 certified organizations affected, including transfer of existing certifications to one
of the IATF recognized certification bodies of the organization’s choice (see 4.10).
5 ISO/TS 16949:2002 Certificate Content Requirements.

a. Certificates may be issued in the local language of the organization. However, an English
version shall be available upon request,
b. Scope statement(s) including only all manufacturing activities for related products and services
meeting the applicability of ISO/TS 16949:2002 (see 1.7) ,
c. Issue of the ISO/TS 16949:2002 edition , date of certification (date that the certification body
makes the certification decision) and date of expiration (date of certification plus 3 years
maximum), and permitted exclusions as defined in the clause 1.2 Application of ISO/TS
16949:2002,
d. List on the front page the company name and address. Any appendix/schedules that are a part
of the certificate, must note that more pages are included, e.g. Page 1 of 3 and be endorsed
with the certificate number,
e. Include any remote supporting functions , e.g. design centers, purchasing, contract review,
etc., which are part of the quality management system and have been audited, including both
their locations and scopes. If a remote supporting function supports more than one site, the
remote supporting function shall appear on each site certificate,
f. Include the name of the contracted office of the certification body, (city / state / country) ,
g. List on a separate appendix any customers whose specific quality management systems
requirements were included in the audit,
Note : This appendix shall be reissued after a surveillance audit if the list changes,
h. The IATF logo (equal prominence with other marks),
i. For corporate site certificate, each site shall receive a separate certificate, with a common
certification body certificate number plus suffix,
j. Have both the certification body certificate number and the IATF certificate number.
Certificates shall not reference other documents for which the certification body is not
recognized by IATF (e.g. ISO 9001:2000).
Annex 1 Rules for initial certification audit of quality management systems according to ISO/TS16949:2002
Phase description Time sched. Who What
1. Activities before the site audit T0 (starting Organization The Organization applying for the certification shall provide the
point) certification body with the following information and documentation:
Sufficient information on which to base a quotation for certification in
accordance with the ISO/TS16949:2002 Certification Scheme Rules,
Application and application review
including :
• Number of employees, address, etc.
See ISO/IEC DIS 17021 9.2.1/2
• Scope of the certification
• Product Design responsibility
• Sites to be registered
• Support functions remote or not
• Quality management systems certifications obtained
DESIGN DESIGN RESPONSIBILITY : For product design responsibility

RESPONSIBILITY determination only 2 options are permitted:
• Organization responsibility (including subcontracted design)
• Customer responsibility
In the case of subcontracted design, the auditor must verify that both
Contract between
organization and design subcontractors have appropriate capability to
certification body
meet clause 7.3 requirements in its totality, including interfaces
and organization
between organization and subcontractors.
© 2004 - ANFIA, © 2004 - CCFA/FIEV, © 2004 - SMMT, © 2004 - VDA,
Page 15 of 46
© 2004 - DaimlerChrysler, © 2004 - Ford Motor Company, © 2004 - General Motors Corp.
Certification
body
The certification body shall comply with the audit team requirements
according to the present “Rules” document, section 3, and Annexes 2
and 3 and :
Establish
Audit team • Team of 2 auditors minimum if auditor-days requirements
exceed 5. (see audit days table in Annex 3)
• Language capability shall be adequate. When a translator is
used, the audits days requiring translations shall be increased by
a minimum of 20%.
The organization shall provide the following documentation to the audit
Organization
team for review, and for use in planning the audit (see format in the
Stage 1 audit - Readiness review IATF Guidance to ISO/TS 16949:2002):
• Description of processes showing the sequence and
See ISO/IEC DIS 17021 Annex A interactions, including key indicators and performance trends for
the previous 12 months, minimum
• Evidence that all the requirements of ISO/TS 16949:2002 are
addressed by the organization’s processes
• Quality manual (for each site to be audited)
• Internal audit and management review planning and results from
previous twelve months
• List of qualified internal auditors
• List of customer specific requirements
• Customer satisfaction and complaints status, including customer
reports and scorecards
The audit team shall determine :
T1 = approval of Certification
the readiness body • The appropriate scope of the certification
review
• Readiness for stage 2 site audit
© 2004 - DaimlerChrysler, © 2004 - Ford Motor Company, © 2004 - General Motors Corp. Page 16 of 46

If there is insufficient readiness to conduct the stage 2 site audit, the

Certification
body
certification body and the organization can agree to stop the process.
The certification body shall record this and the certification process
shall start at stage T0.
Can the
Stage 2 no No site visit.
onsite audit Maintain Stage 1 audit results shall be documented and communicated to the client
be Record organization including identification of any areas of concern that could be
conducted ? classified as nonconformity during the stage 2 audit.
yes
2. Audit planning The certification body shall comply with specified requirements for on-
site audit days considering :
Certification
body • Number of employees including all staff and all shifts for all
Site audit days activities (see audit days in Annex 3)
calculation
• The stage 2 site audit shall be completed within a 90 days
period from the approval of readiness review.
Audit team leader shall prepare the audit plan based upon information
Define Audit plan Audit team derived from the readiness review prior to site audit and communicate it
leader to the organization.

3. Audit Stage 2 Site audit T2 = start of on Audit team

Initial certification audit activities shall be conducted according to the
see ISO/IEC DIS 17021 Annex B site audit following rules :
• Use the Automotive Process Approach (see Annex 5)
Within 90 days
from T1 • At each site included in certification scope, all relevant
Hold opening meeting processes shall be audited
• Within the process audit all ISO/TS 16949:2002 clauses shall be
covered
• Review effectiveness of the implementation of the ISO/TS
Complete initial
16949:2002 requirements and for effectiveness in practice,
certification audit
related to planned and achieved quality performance.
There should be regular communication between organization and the

Audit team audit team regarding progress and results of the audit.
Provide feedback All non-conformities shall be identified to the organization when
detected by the auditor.
Major nonconformities may provide a basis for termination of the audit
by the audit team Leader in consultation with the organization.
In this case the audit team Leader will stop the certification process
Audit stopped. immediately : a report will be prepared for the certification body (copy
Continue no
Maintain for the Organization).
the audit?
Record The certification body will record the reasons for termination and report
to their IATF Oversight Office. When this occurs, any re-audit shall
commence from T0.
yes

At the end of the site audit, the audit team Leader conducts the final
T3 = end of site Audit team presentation and releases a draft report including :
Conduct closing audit leader
meeting. • description of all nonconformities
Draft report
T2 + number of • audit team recommendation to certification committee
days as
programmed
Audit team leader within 15 working days after the end of the site audit
T4 = issue of Audit team will send to the organization and the certification body the final report in
Produce Final report the final report leader accordance with ISO19011 clause 6.6.1 and ISO/IEC DIS 17021
within 15 clause 9.2.4 and detailing the following:
working days
from T3 • Scope – products – list of all the customer specific requirements
with issue level included in the audit
• Summary of audited processes and related results
• Non-conformities as evidenced during the audit process
• Audit team (plus additional technical experts if any)
• Cross-references of non-conformities to both the relevant clause
of ISO/TS 16949:2002 and the organization’s quality
management system
Audit team Issue the final report for acknowledgment by the organization whose
representative will sign the report and receive a copy of it.

4. Nonconformities management Organization Nonconformities shall be acknowledged by the organization.

For each nonconformity the Organization shall perform a root cause
analysis and define corresponding systemic corrective actions to be
implemented as soon as possible, in any case within 90 days from the
end of the site audit. The organization will inform the audit team of
Corrective actions corrective actions and target date for implementation.
definition and
implementation
The audit team may propose to the certification body a follow-up visit in
Audit team order to verify the implementation of corrective actions.
T5 Within 90
days from T3 Audit team
Upon verification of corrective action, a supplementary report shall be
issued by the audit team to accompany the final audit report.
Submission of supplementary
report and completion The audit report is completed, if appropriate, by the submission to the
of audit team report. certification body of the supplementary report detailing verification of
corrective actions.

5. Certification issue
Certification The certification body may require additional information in order to

Certification body clarify any aspect of the audit team final report, before a certification
decision
decision can be made. The audit team leader shall report on all specific
no issues raised by the certification function.
Supplement Audit team Audit team leader shall submit the required information to the
leader certification body within 7 days.
information
needed ?
yes no
yes Certification Certificates will be issued only if there is 100% compliance to

Conduct follow-up body requirements, and nonconformities found during the audit are 100%
verification
resolved.
100% resolved means the following :
• Containment of the condition to prevent risk to the customer
No
certification. • A documented evidence such as action plan, instructions,
Maintain records to demonstrate the elimination of the non conformity
yes Record condition, including assigned responsibilities or verification
follow-up visit
• This must have been achieved within 90 days of the end of the
site audit.

T6 = Certification The certification body shall inform the organization of the decision.
Certificate certification body
issued decision date In case of positive decision, the certification body shall record the
certificate information in the IATF database.
enter in
IATF
database
Surveillance activities :
Sections 2, 3 and 4 of the above flow chart shall be applied for surveillance audits in line with the requirements described in ISO/IEC DIS 17021
clause 9.3
Re-certification activities :
Sections 2, 3, 4 and 5 of the above flow chart shall be applied for re-certification audits in line with the requirements described in ISO/IEC DIS
17021 clause 9.4

Annex 2 Criteria for third party auditor qualification to ISO/TS 16949:2002
Qualification Criteria
qualified according to ISO 19011 and the relevant accreditation body rule
1) competency in :
ISO quality standards
ISO 9001:2000
Auditor audit management
Qualification team work techniques and presentation
interview techniques
2)
Automotive Automotive core tools knowledge and competence

Industry specific
skills
Have related ISO 9001:2000 auditing experience :

At least 3 (three) ISO 9001: 2000 third party audits as a lead auditor in
manufacturing industries.
Note : Automotive manufacturing first or second party auditing experience may be
considered.
3)
AND in addition:
Minimum work
experience
Six (6) years full time appropriate practical experience (including 2 years
dedicated to Quality Assurance activities) in the past ten (10) years in an
organization meeting the applicability of ISO/TS 16949:2002 (see 1.7) .
Note : Experience in industries with similar scopes of applicability in chemical,
electrical or metallic commodities may be considered .
Auditor training is only open to an auditor sponsored by a IATF contracted
certification body, accreditation body witness auditor or IATF nominees.
To apply to attend an IATF training session, the sponsoring certification
body shall provide to the IATF for each candidate a file containing a copy
of their existing qualifications including records demonstrating audit and
work experience. This is contained in the auditor application form. This
document expands the IATF requirements.
4)
Only candidates with an accepted file will be allowed to attend the training
IATF Sanctioned and qualification course.
Automotive Note : abbreviated IATF sanctioned automotive training courses are
Training for allowed for auditors previously qualified to ISO/TS 16949:1999.
ISO/TS
All auditors must successfully complete the common IATF ISO/TS
16949:2002
16949:2002 sanctioned auditor examination, irrespective of existing
qualification.
An auditor qualification certificate will be valid for a period of three years.
Auditor re-certification is required within this period.
Failure to conduct a minimum of three (3) ISO/TS 16949:2002 audits with
a minimum total of six (6) audit days, per year, will result in withdrawal of
the qualification certificate.
Annex 3 Audit days for certification to ISO/TS 16949:2002
Table of minimum audit days for initial certification stage 2 audit and re-certification audit
Initial certification Stage 2 site audit Re-certification audit
Audited entity : Audited entity : Minimum audit days
Minimum audit days
Number of Number of for re-certification
for Stage 2 site audit
employees employees audit
1–6 2.0 1 – 14 2.0
7 – 11 2.5 15 – 28 2.5
12 – 18 3.0 29 – 49 3.0
19 – 27 3.5 50 – 80 3.5
28 – 39 4.0 81 – 122 4.0
40 – 54 4.5 123 – 176 4.5
55 – 71 5.0 177 – 246 5.0
72 – 93 5.5 247 – 332 5.5
94 – 117 6.0 333 – 436 6.0
118 – 146 6.5 437 – 562 6.5
147 – 179 7.0 563 – 710 7.0
180 – 216 7.5 711 – 883 7.5
217 – 257 8.0 884 – 1082 8.0
258 – 304 8.5 1083 – 1310 8.5
305 – 348 9.0 1311 – 1569 9.0
349 – 422 9.5 1570 – 1860 9.5
423 – 507 10.0 1861 – 2187 10.0
508 – 602 10.5 2188 – 2551 10.5
603 – 711 11.0 2552 – 2953 11.0
712 – 832 11.5 2954 – 3398 11.5
833 – 968 12.0 3399 – 3886 12.0
969 - 1119 12.5 3887 – 4419 12.5
1120 – 1286 13.0 4420 – 5001 13.0
1287 – 1470 13.5 5002 – 5632 13.5
1471 – 1673 14.0 5633 – 6317 14.0
1674 – 1895 14.5 6318 – 7057 14.5
1896 – 2138 15.0 7058 + 15.0
2139 – 2402 15.5
2403 – 2688 16.0
2689 – 2999 16.5
3000 – 3334 17.0
3335 – 3695 17.5
3696 – 4084 18.0
4085 – 4502 18.5
4503 – 4949 19.0
4950 - 5427 19.5
5428 – 5937 20.0
5938 – 6482 20.5
6483 – 7061 21.0
7062 – 7676 21.5
7677 + 22.0
When calculating audit days, the result shall be rounded up to the nearest half day.
An audit day is typically a full normal working day of 8 hours. The number of audit days may not be
reduced by programming longer hours per work day. The only exception is on days when shift
working is being covered, see item 6 below.
A maximum of 10 % of the total audit time may be allocated to writing the audit report.
Requirements on audit days
1. Audited entity in the table above means site and supporting functions remote or not covered by
the certification scope. The number of employees is the total of those on site and in supporting
activities.
2. Initial certification audit includes audit stage 1 - readiness review (one or two days on site ) and
audit stage 2 – site audit (see table above), but not pre-audit time.
3. On-site review of corrective actions arising from previous audits will be additional to the
specified audit days.
4. The only deviations permitted from the calculation illustrated in the table is either upgrade from
the current third party certifications as detailed in 4.9 or adoption of the “corporate” scheme
detailed below.
5. In cases such as simple processes, or demonstrated performance, the specified audit days of
the table shall be applied for the initial and re-certification audit, but if in the light of certification
body experience a good case can be made for reduced audit days for the balance of the cycle,
application shall be made prior to the next surveillance audit to the IATF Oversight Office.
6. Each audit shall include auditing on all shifts. If crews are dedicated and non-rotating, then all
crews shall be audited.
7. Non product design responsible organizations (see definition of design responsibility in Annex
1) may reduce on-site audit days by 15 %.
8. If a portion of the site is dedicated to automotive and completely separated in terms of
“employees’ activity” then and only then can this portion of the head count be used for the days
calculation after application to, and approval from the IATF oversight office. In this case the
same ratio should be applied to support staff head count.
9. The number of surveillance audit days during the period of validity of the certificate shall be the
number of initial audit days in the calculation illustrated in the table above. There shall be at
least one surveillance audit per year (minus three months, plus one month). Surveillance audits
shall be of equal duration and rounded up to the nearest half day.
10. When a translator is used, the audits days requiring translation shall be increased by a
minimum of 20%.
Corporate Audit scheme
A “Corporate” Audit Scheme can be applied where multiple manufacturing sites are assessed
together with supporting locations to be provided corporate site certificates.
The following additional rules apply before a certification body can apply a “Corporate” audit scheme
for ISO/TS 16949:2002.
In order to adequately assess the quality management system, it is necessary to audit every site but
it is the responsibility of the certification body to develop an audit plan whose total days are based
upon the minimum calculation. How the days are distributed between the site(s) and any supporting
functions remote or not is the responsibility of the certification body. If the certification body moves
significantly from the base head count distribution calculation, an explanation is required in the audit
plan documents.
The conditions required of the organization for a “Corporate audit scheme” include :
a) The quality management system must be centrally structured and managed, and subjected
to regular ISO/TS 16949:2002 compliant internal audits at all sites.
b) The quality management system must comply with ISO/TS 16949:2002.
c) The balance of activities which could be centrally managed include:
1) strategic planning, policy making;
2) contract review, where local acceptance of orders is permitted;
3) approval of suppliers;
4) evaluation of training needs (activity may have local aspects);
5) quality management system documentation (Level 1 and Level 2) and changes in
same;
6) management review;
7) evaluation of corrective actions;
8) internal audit planning and evaluation of the result;
9) quality planning and continuous improvement activities (activity may have local
aspects); and
10) design activities.
Note : Variations are acknowledged due to size and/or organizational structure.
The certification body must establish, during the quotation process, how the multiple site company
falling under the “Corporate” audit scheme meets these requirements.
Audit days adjustment for “Corporate” Audit Scheme
“Corporate” schemes apply only to multiple site certifications based on a “corporate” quality
management system. As a minimum, for a “corporate” site certificate, the percentage reduction in
the calculation of on-site audit days per site shall not be more than the percentage in table below.
The same logic applies to the surveillance audit days calculation. Remote functions, e.g.
Engineering, Purchasing, must be audited as they support a site(s).
Table : Audit days Adjustment for “Corporate” Audit scheme
Number of sites Percent reduction
2 to 9 20
10 to 19 30
20 and above 40
The certification body shall treat these audit days as true minimums.
The cumulative effects of the reductions allowed for a non-product design responsible organization,
up-grading audits and corporate scheme can not exceed 50% of the full initial audit days.
Deviations proposals shall be approved by IATF prior to commencement to the audit.
The actual on-site initial audit days must be reported in the audit report.
Annex 4 Decertification process to ISO/TS 16949:2002
In addition to the documented process already existing in clause 2.1.5.3 of the ISO/IEC Guide 62 :1996 (or
EN 45012) which content is :
“The certification/registration body shall have procedures to
a) grant, maintain, withdraw and, if applicable, suspend certification/registration ;
b) extend or reduce the scope of certification/registration ;
c) conduct reassessment in the event of changes significantly affecting the activity and operation
of the organization (such as change of ownership, changes in personnel or equipment), or if
analysis of a complaint or any other information indicates that the certified/registered
organization no longer complies with the requirements of the certification/registration body.”
All IATF recognized ISO/TS 16949:2002 certification bodies shall apply the following definitions and
documented process as explained below and in the associated flow chart :
Decertification process : actions or decisions to be taken by the certification body when events
occur indicating that the initial conditions of the issue of the ISO/TS 16949:2002 certificate to a
organization are no longer satisfied. The starting point could be information coming from the
organization (significant changes of ownership, interruption of activity,…), from the certification body
(non conformity observed during a surveillance audit, delayed surveillance audits requested by the
organization, non-compliance with a clause of the certification contract by the organization,…), from
an ISO/TS16949:2002 recognizing customer (poor quality performance of the organization, …) or
from claims from other customers of the organization or information from the field.
Granting of a certificate : A certificate is issued by a certification body, with a defined period of
validity and with a defined scope of certification.
Maintaining a certificate : A certificate’s validity is subject to the ongoing surveillance audits, re-
certification audits, and other conditions defined in the contract with the certification body.
Suspension : Suspension is a temporary status not exceeding 120 days (unless approved by the
IATF oversight office) which can only end by the full reinstatement, or withdrawal of the certificate.
During the suspension period, the certificate remains valid and is still recognized by the IATF.
Withdrawal of a certificate : definitive interruption of the validity of an ISO/TS 16949:2002 certificate,
as a sanction from the certification body following a organization non-compliance of the certification
contract.
Cancellation of a certificate : action to nullify a certificate at the request of the certified company to
interrupt the certification contract, or by decision of the certification body after verification of the
definitive end of the certified activity, for example when an organization that has been certified no
longer has products or services that meet the applicability for a period of 12 months, the certification
body shall cancel the certificate. This is not a sanction.
In the case of withdrawal or cancellation, the previously certified entity is delisted from the current
certified data base of the certification body
Corporate Site Certification : In the event of corporate site certification, if a single corporate site
loses its certificate based upon performance issues, then all related corporate sites also lose their
certification.
IATF recognized ISO/TS ISO/TS 16949:2002
Time IATF Oversight Office
16949:2002 Certification body Certified organization
Starting point
- Field information,
Customer - postponed surv. audit Organization
claim - Non conformity,… request
Analysis
No action Suspension
Decision
10 days max yes

+ 30 days max notification
Corrective
action plan
Verification of
corrective When
needed Unscheduled
actions
audit
+ 110 days decision
10
days withdrawal
max
reinstatement
+ 120 days max notification
Any deviation from this process is to be submitted for approval to the IATF Oversight Office before
application .
Annex 5 : Automotive Process Approach auditing
IATF expects ISO/TS 16949:2002 auditors to audit based upon the customer oriented processes defined
by the organization. This model was introduced further to ISO 9001:2000 and refers to the fact that any
organization needs customer input to comply to specified and expected needs of the customer (output) in
order to achieve customer satisfaction. This is accomplished by value adding processes of product
realization and appropriate support processes, both enabled by management processes and provided
resources.
The Automotive Process Approach to auditing for ISO/TS 16949:2002 must not be driven by a “clause” or
a “section” driven checklist
The Process Model and the introductory sections of ISO 9001:2000 and ISO/TS 16949:2002,the Technical
Specification requirements, and the “Rules” specify the need to define an organization’s processes.
Any ISO/TS 16949:2002 auditor therefore must be capable of understanding the
IATF Automotive Process Approach
as well as the process approach and process map of the audited entity.
Automotive Process Approach auditing includes the following activities:
Identification of the organization’s processes based on quality management system
documentation and any additional information provided by the organization (see section 4.1 a) of
ISO/TS 16949:2002), including evidence that all the requirements of ISO/TS 16949:2002 are
addressed by the organization’s processes
Analysis of processes according to the criteria
Products and/or services provided to customer
Risks to the customer
Interfaces (inputs/outputs)
Identification of group processes for economical and effective audit
Prioritization of audit activities considering
Customer requirements, including customer-specific quality management system
requirements
Follow up issues of prior audits (external and internal)
Customer satisfaction and complaints status, including customer reports and scorecards
Key indicators trends for the previous 12 months, minimum
Value (add) to audited organization
Finalization of audit plan including sequence / process steps, timing, interview partners and
application of Rules for achieving IATF recognition.
Conducting the audit considering the following :
The organization’s definition of their processes including their sequence and interactions
Where practical, the auditor shall examine processes where they occur
Objective evidence of both compliance and noncompliance with requirements shall be
recorded
During creation of the audit plan consider the IATF Automotive Process Approach, “customer oriented
processes”, support processes, “octopus”, and “turtle” models utilized during the IATF training/qualification
course for third party auditors. See also, 1 Scope -1.1 General, and Readiness Evaluation Worksheet,
IATF Guidance to ISO/TS 16949:2002.
For review of the audit the following reference table or equivalent shall be used to verify the
completeness of the audit.
Table for verification of the completeness of the process oriented auditing versus ISO/TS 16949:2002 requirements
Page 32 of 46
© 2004 - DaimlerChrysler, © 2004 - Ford Motor Company, © 2004 - General Motors Corp.
Annex 6 – Selection from ISO/IEC DIS 17021
The content of this annex is an excerpt from the ISO/IEC DIS 17021 dated 2004-04-23.
ISO retains its copyright on this wording and notes that the wording may be subject to change .
© ISO/IEC 2004 – All rights reserved
5.1.2 Certification agreement

The certification body shall have a legally enforceable agreement for the provision of certification
services to its client organisations. In addition, where there are multiple offices of certification
bodies or multiple sites of a certified client, the certification body shall ensure there is a legally
enforceable contractual relationship between the certification body granting certification and issuing
a certificate, and the certified client.
7.2.5 The certification body shall have a process for ensuring that the auditors it uses (including
audit team leaders) are competent both as auditors in the generic sense and for auditing in specific
technical areas as defined by the certification body. Appropriate documented requirements to this
effect shall be based on the guidance provided in ISO 19011, Clause 7.
9.1.1 The certification body shall have a process for selecting and appointing the audit team,
including the audit team leader taking into account the competence needed to achieve the
objectives of the audit. This process shall be based on the guidance provided in ISO 19011, 6.2.1
and 6.2.4, transformed into appropriate documented requirements.
9.2 Initial audit and certification
9.2.1 Application
The certification body shall require an authorised representative of the applicant organization to
provide the necessary information to enable it to establish:
a) the desired scope of the certification;
b) the general features of the applicant organization, including its name, address(es) of its
physical location(s)
c) general information, relevant for the field of certification applied for, concerning the
applicant organization such as its activities, human and technical resources, functions and
relationship in a larger corporation, if any; and
d) the standards or other requirements for which the applicant organization is seeking
certification; and
e) information concerning the use of consultancy relating to the management system.
9.2.2 Application review
9.2.2.1 Before proceeding with the audit, the certification body shall conduct a review of the
application and supplementary information for certification to ensure that:
a) the information about the applicant organization and its management system is sufficient
for the conduct of the review;
b) the requirements for certification are clearly defined, documented and have been provided
to the applicant organization;
c) any known difference in understanding between the certification body and the applicant
organization is resolved;
d) the certification body has the competence and ability to perform the certification service.
Scope of certification sought, location and number of the applicant organization's
operations, time required to complete audits and any other points influencing activities or
the certification process shall be considered (language, safety conditions, threats to
impartiality, etc.). Based on this review, the certification body shall determine the
competences it needs to include in its audit team (see 7.2.5);
e) records of the justification for the decision shall be maintained.
9.2.2.2 Where a certification body is taking account of certifications or other audits already granted
to the applicant organization, it shall collect sufficient, verifiable information to justify and record any
adjustments to the audit programme.
9.2.2.3 After having conducted the application review, the certification body shall notify the
applicant that it is accepting or not accepting the application. The reasons of non-acceptance must
be conveyed to the applicant.
9.2.2.4 Before commencing the audit, an agreement (see 5.1.2 and 8.6.1.1d) shall be established
between the certification body and the applicant organization which:
a) defines the scope of work to be undertaken, including the intended scope of certification
and site details;
b) requires the applicant organization to supply any information needed for its intended
certification;
c) requires the applicant organization to conform to the requirements for certification.
9.2.2.5 The certification body shall, in response to an application for extension to scope of a
certification already granted, undertake a feasibility review and audit activities necessary to
determine whether or not the extension may be granted.
9.2.2.6 The audit team shall be appointed (see 9.1.1) and composed of auditors (and technical
experts as necessary) who, between them, have the totality of the competences identified by the
certification body as set out in 9.2.2.1d) for the certification of the applicant organization. The
selection of the team shall be performed with reference to the designations of competence of
auditors and technical experts made under Clause 7.2.5, and may include use of both internal and
external human resources.
9.2.3 Initial certification audit

The initial certification audit of a management system shall be conducted in two stages, which are
described in normative Annexes A and B.
9.2.4 Initial certification audit reports
9.2.4.1 The certification body shall have documented reporting procedures. The stage 1 audit
report shall include comments on the adequacy of the management system documentation, the
organization’s analysis of key performance or significant aspects and whether the level of
implementation of the management system indicates that it is ready for the stage 2 audit. The
stage 1 audit report shall report on the requirements in A.2. The stage 2 audit report shall be based
on the guidance provided in ISO 19011, Clause 6.6.1.
9.2.4.2 As a minimum these documented procedures shall ensure that a written audit report is
promptly provided to the audited organization, including audit findings and conclusions, positive
and negative, on fulfilment, including effectiveness, of the management system (in particular,
referencing the effectiveness of the internal audit process and achievement of policy commitments)
with all requirements of the standard, including identifying any nonconformities.
9.2.4.3 Ownership of the audit report shall be maintained by the certification body.
9.2.5 Post-audit activities

9.2.5.1 The audited organization shall be requested to describe the specific correction and
corrective actions taken, or planned to be taken, to eliminate detected nonconformities and their
causes, within a defined time, to remedy any identified nonconformities.
9.2.5.2 The audited organization shall be informed if an additional full audit, an additional limited
audit, or documented evidence (to be confirmed during future surveillance audits), will be needed to
ensure effective correction and corrective actions.
9.2.5.3 Correction and corrective actions by the audited organization shall be reviewed by the audit
team leader (and if necessary other members of the audit team) to determine if the actions are
sufficient and, if already implemented, effective.
9.3 Surveillance activities
9.3.1 Surveillance
9.3.1.1 The certification body shall have an established programme for carrying out periodic
surveillance audits at sufficiently close intervals to confirm that the certified management system
continues to fulfil all certification requirements. The certification body shall conduct audits, as
necessary, to confirm the continued conformity and effectiveness of the management system.
9.3.1.2 The certification body shall develop its surveillance activities so that representative areas
and functions covered by the scope of the management system are audited on a regular basis.
9.3.1.3 The audit plan shall include, as a minimum, the information in ISO 19011, 6.4.1, a-g.
9.3.1.4 Surveillance activities shall include periodic on-site surveillance audits assessing the
certified client’s fulfilment of specified requirements with respect to the standard against which the
certification is granted, and may also include:
a) enquiries from the certification body to the client on aspects concerning the certification;
b) reviewing the client's declarations with respect to its operations;
c) requests to the client to provide documents and records (on paper or electronic media);
d) other means of monitoring the certified client’s performance.
9.3.1.5 The date of the first surveillance audit, following initial certification, shall be programmed
from the end of stage 2 of the initial audit.
9.3 2 Surveillance audit

9.3.2.1 On-site surveillance audits are normally less comprehensive in scope than initial
certification audits and recertification audits, but shall be planned together with the other
surveillance activities, so that the certification body can maintain confidence that the certified
management system continues to fulfil requirements in between recertification audits.
9.3.2.2 The certification body shall have a process for conducting surveillance audits based on the
guidance provided in ISO 19011, 6.5, transformed into an appropriate requirement. Irrespective of
other surveillance activities, on-site surveillance audits shall be conducted at least once a year.
9.3.2.3 Surveillance activities shall include a review of any changes to the certified client and
management system. Surveillance audits shall include:
a) internal audits and management review;
b) complaints;
c) effectiveness of the management system with regard to achieving the certified client’s
objectives;
d) progress of planned activities aimed at continual improvement; and
e) use of marks or any other reference to certification.
9.3 3 Surveillance audit report

9.3.3.1 For surveillance audits, the report from the audit team to the certified client and to the
certification body shall reflect the requirements of the management system reviewed, and
comments on the fulfilment of certification requirements, including effectiveness, of the audited
organization’s management system. This report shall be based on the guidance provided in
ISO 19011, 6.6.1, transformed into appropriate documented requirements.
9.3.3.2 When, during a surveillance audit, instances of nonconformity or lack of evidence of
conformity are identified, the certification body shall define time limits for correction and corrective
actions to be implemented.
NOTE It is recommended that time limits be based on the severity of the nonconformity and its impact.
9.3.3.3 The surveillance audit report shall contain a report on the review and verification of the
continued effective implementation of corrective action for every nonconformity from the present
surveillance audit and the previous audit.
9.4 Recertification
9.4.1 Recertification cycle
The time interval between the initial certification audit and re-certification audit or between two re-
certification audits shall not exceed 3 years.
9.4.2 Recertification audit plan

9.4.2.1 A recertification audit shall be planned and conducted to evaluate the requirements of the
relevant normative document. The purpose of the recertification audit is to confirm the continued
conformity and effectiveness of the management system as a whole, and its continued relevance
and applicability for the scope of certification.
9.4.2.2 The recertification audit shall also provide for a review of the performance of the
management system over the period of certification, and include at least the points listed in a
surveillance audit (9.3.2).
9.4.2.3 Recertification audit activities may require a separate stage 1 audit for significant changes.
9.4.2.4 In the case of multiple sites or multiple management system certifications being provided
by the certification body, the planning for the audit shall ensure adequate on-site audit coverage to
provide confidence in the certification.
9.4.2.5 The results of recent surveillance audits and the certified client's internal audit(s) should be
taken into account. The audit plan shall include, as a minimum, the information in ISO 19011,
Clause 6.4.1, a-g.
9.4.3 Recertification audit

The recertification audit shall include an on-site audit (which may replace or extend a regular
surveillance audit). This recertification audit shall address the following management system
requirements:
a) the effective interaction between the processes of the management system;
b) the effectiveness of the management system in its entirety in the light of internal and
external changes;
c) demonstrated commitment to maintain the effectiveness and improvement of the
management system in order to enhance overall performance;
d) that the operation of the certified management system contributes to the achievement of
the organization’s policy and objectives.
9.4.4 Recertification audit report
9.4.4.1 For re-certification audits, the report from the audit team to the certified client and to the
certification body shall reflect the management system reviewed, and comments on the fulfilment of
certification requirements, including effectiveness, of the audited organization’s management
system. This report shall be based on the guidance provided in ISO 19011, Clause 6.6.1,
transformed into appropriate documented requirements.
9.4.4.2 When, during a recertification audit, instances of nonconformity or lack of evidence of
conformity are identified the certification body shall define time limits for correction and corrective
actions to be implemented.
NOTE It is recommended that the time limits reflect the severity of the nonconformity and its impact.
9.4.4.3 The recertification audit report shall contain a report on the review and verification of the
continued effective implementation of corrective action for every nonconformity from the previous
audit.
9.4.5 Recertification decision

9.4.5.1 The certification body shall ensure that the persons or committees that make the
recertification decisions are different from those who carried out the audits.
9.4.5.2 The individual or group that makes the decision on renewing the certification shall include a
level of knowledge and experience sufficient to evaluate the audit processes, results, and
recommendations of the audit team (see 7.2.9).
9.4.5.3 The certification body shall make decisions on renewing certification based on the results
of re-certification audit as well as the results of the review of the system over the period of
certification and the complaints received from users of certification.
Annex A Stage 1 audit
A.1 Stage 1 audits shall have an audit plan (see 9.1.3) that address the points defined in A.2.
Normally the certification body shall perform the stage 1 audit of a client organization’s
management system on-site. In exceptional cases stage 1 could be carried out without a visit. The
decision not to carry out a site visit should be justified, documented and the client should be
informed that planning of stage 2 audit might not be accurate. Such justification should be based
on the organizations size, location, risk considerations, previous knowledge, etc.
A.2 The stage 1 audit shall be performed to:

a) evaluate the applicant organization's location and site-specific conditions and to undertake
discussions with the client organization's personnel to determine the preparedness for the
stage 2 audit;
b) review the client organization’s status and understanding regarding requirements of the
standard, in particular with respect to the identification of key performance or significant
aspects, processes, objectives and operation of the management system;
c) collect necessary information regarding the scope of the management system, processes
and location(s) of the client organization, and related statutory, regulatory aspects and
compliance, e.g. quality, environmental, legal aspects of the applicant organization's
operation, associated risks etc;
d) review the allocation of resources for stage 2 and agree with the client organization on the
details of the stage 2 audit;
e) provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the
management system, site operations in the context of possible significant aspects of the
applicant organization’s management system;
f) evaluate if the internal audits and management review are being planned and performed
effectively and that the level of implementation of the management system substantiates
that the client organization is ready for the stage 2 audit.
Annex B Stage 2 audit
B.1 Stage 2 audits shall have an audit plan (see 9.1.3). The plan shall follow the guidance as
detailed in ISO 19011, 6.4.1 a-g.
The stage 2 audit shall take place at the site(s) of the client organization. The purpose of the
stage 2 audit is to evaluate the implementation and effectiveness of the client’s management
system.
B.2 The audit team shall conduct the stage 2 audit to gather audit evidence that the
management system conforms to the standard and other certification requirements.
B.3 The audit team shall audit a sufficient number of examples of the activities of the client
organization in relation to the management system and activities to get a sound appraisal of the
implementation, including effectiveness, of the management system.
B.4 As part of the audit, the audit team shall address a sufficient number of the staff, including
top management and operational personnel of the audited facility, to provide assurance that the
system is implemented and understood throughout the client organization.
B.5 The audit team shall analyse all information and audit evidence gathered during the
stage 1 and stage 2 audits to determine the extent of fulfilment with all certification requirements
and decide on any nonconformity. The audit team may suggest possible areas for improvement, to
be presented to the client organization as opportunities for improvement, but shall not recommend
specific solutions.
B.6 The stage 2 audit shall cover an examination of the organization’s processes which
address at least the following:
a) information and evidence about conformity to all requirements of the applicable normative
document;
b) performance monitoring, measuring, reporting and reviewing against key performance
objectives and targets;
c) the system organization and performance as regards legal compliance;
d) operational control;
e) internal auditing and management review;
f) management responsibility for the client organization’s policies;
g) links between policy, performance objectives and targets.
B.7 Post-audit activities shall cover at least the following:

a) a record of any identified and agreed nonconformities shall be left with the client prior to
departure from the audit site;
b) establishing the audit report specified in 9.2.4.
Annex 7 - Main changes from the Rules 1st edition dated March 19, 2002
st
Was in the Rules for ISO/TS 2002 1 nd
Is now in the Rules for ISO/TS 2002 2 edition
edition
0 Cover 0 Cover
0.1 Cover back 0.1 Addition of summary of IATF works and roles.
Wording improved.
0.2 Foreword 0.2
Addition of normative precision for annexes.
1 Certification body 1 Certification body
General Addition of precision on application process not
included in the Rules.
1.1
1.1 Addition of description of CB processes and
internal audits with process approach.
Multiple offices CB 1.2 Split into 2 bullets with simplified wording.

1.2 Conformity to guide 62 1.3 No change.
Addition of details added on corrective action
1.3 Complaints procedure 1.4
process.
Conflict of interest, 1.5 Wording improved.
1.4
consulting, pre-audit 1.6 New : rules for pre-audit.
Wording improved to be consistent with
1.5 Certification scope 1.7
applicability of ISO/TS 16949:2002.
1.6 Veto power 1.8 Wording improved.
New :requirement of CB’s internal witness audit
1.9
process.
Addition of precisions added about data base
1.7 IATF data base inputs 1.10
entries.
1.11 New : Requirements about CB’s records.
2 Audit process 2 Audit process
New : Reference to the 2 stages audit defined in
the future ISO 17021.
New : Use of audit days calculator software.
2.1 Certification process 2.1 Addition of reference to ISO 17021.
Addition of NO sampling for corporate scheme
st
2.2 Conformance 2.2 coming from 2.3 of 1 edition.
Addition of precisions on termination of an audit.
Addition of precisions when also activities out of
scope, about sequence of audits, and frequency of
audits of supporting functions.
2.3 Supporting functions 2.3 New : addition of precisions when supporting
functions support many sites.
New : conditions when several CB audit the
support functions.
Revised conditions : new site or supplier on a bid
2.4 Letter of conformance 2.4
list only.
Addition of details and of the audit/certificate
2.5 3 year cycle 2.5
diagram cycles.
2.6 New :audit according to process approach.
New : precisions on each audit content.
2.6 Audits content 2.7 st
Addition of 2.11 of 1 edition.
2.7 CB checklist Deleted : NO more reference to any checklist.
2.8 New : definition of audit finding.
No change to the definitions.
2.8 MAJOR NC and minor nc 2.9 Addition of non closure during the audit and
requirements for closure.
New : Conditions to certification and start of
2.10
decertification.
2.9 Audit plan 2.11 Improved wording.
2.10 QMS effectiveness 2.12 Addition of internal audits process based.
2.11 Content of audits Moved to 2.7.
3 Audit team 3 Audit team
Auditors requirements 3.1 New : Auditors requirements.
3.1 Audit team 3.2 Simplified wording.
3.2 Auditor/audit cycle 3.3 Improved wording.
Auditor performance Improved wording,
3.3 3.4
evaluation Addition of internal witness audit process.
Simplified wording,
3.4 Audit report 3.5
Deletion of opportunities for improvement.
Addition of notification of changes and only
3.5 Certification contract 3.6
authorized use of IATF logo.
4 Other requirements 4 Other requirements
4.1 Consultants and audit 4.1 No change.
Support to IATF oversight
4.2 4.2 No change.
activities
4.3 IATF copyright and logo 4.3 Addition of precisions.
4.4 Initial witness audit 4.4 Additions of precisions and improved wording.
Extension of the table.
Addition of assessments to other offices,
4.5 On going witness audits 4.5
requirements of schedule of audits and documents.
Addition of NC closure conditions.
4.6 CB / AB 4.6 Improved wording.
4.7 ISO/TS certificates issuance 4.7 No change.
4.8 Subcontracted audits 4.8 Simplified wording
Updated conditions according to still existing
certifications.
4.9 Upgrading conditions 4.9 Addition of condition of upgrading after a transfer
of certificate and of a Note with limits of cumulative
reductions.
CB Change and Transfer Addition of conversion audit conditions and entry
4.10 4.10
after ISO/TS certification in the data base.
IATF right and certificate Addition of actions to take when suspension and
4.11 4.11
suspension withdrawal.
4.12 New : report of change in QM accreditation.
4.12 Cancellation of recognition 4.13 Precisions on conditions, and consequences.
Certificate content
5 5 Certificate content requirements
requirements
5a New : language precisions.
5a Scope statement 5b Wording adapted to ISO/TS applicability.
5b Dates and exclusions 5c Changes on issue and expiration dates.
5c Reference to the Rules Deleted.

5d Name, address 5d No change.
5e Multi sites Deleted.

5f Remote locations 5e Location replaced by supporting function.
Name of CB’s contracted
5g 5f No change.
office
List of customer specific List of customers with specific requirements
5h 5g
requirements instead of list of the requirements.
5i IATF logo 5h No change.
Multiple sites replaced by corporate, and
5j Multi sites 5i
Addition of One certificate for each site.
5k 5j Improved wording.
6 Forms and tables
6.1 Reports by CBs Deleted.

Data on certification
6.1.1 Deleted.
activities
6.1.2 Data on auditors Deleted.
6.1.3 Activity of auditors Deleted.
Rules for auditing QMS
Rules for initial certification audit of QMS
Annex 1 according to ISO/TS Annex 1
according to ISO/TS 16949 : 2002.
16949 : 2002.
Annex 1 – 1 Annex 1 – 1
Addition of reference to ISO 17021,
Box 1 Request for certification Box 1
Simplified wording.
Box 2 Certification contract Box 2 No change.
Establish audit team moved from Annex 1 – 2 Box
st
Box 3 2 of the 1 edition
Addition of translation increased audit days.
Addition of definition of T1.
Addition of reference to ISO 17021 stage 1 audit.
Addition of process description in required
Box 3 Readiness review Box 4 documentation.
Deletion of pre-audit as not part of the ISO/TS
certification process.
Box 4 Certification audit Box 5 Improved wording.
Box 1 Audit days calculation Box 1 Wording adapted to 2 stages audit.
Box 2 Establish audit team Moved to Annex 1 – 1 Box 3.
Box 3 Define audit plan Box 2 No change.
Box 4 Monthly audit schedule Deletion as not part of the certification process.
Addition of reference to ISO 17021 stage 2 audit.
Box 1 Site audit Box 1
Deletion of use of the checklist.
Addition of new precisions.
Box 2 Provide feedback Box 2 Improved wording.
Box 3 Conduct closing meeting Box 3
Addition of references to ISO 19011 and 17021.
Box 4 Produce final report Box 4
T5 changed starting point was T4 is now T3.
Non-conformities Addition of acknowledgment of NC.
Box 1 Box 1
management Addition of proposal of follow up audit coming
st
from Box 2 of 1 edition.
Addition of verification of corrective action coming
Box 2 Supplementary report Box 2 st
from Box 1 of 1 edition.
Box 1 Certification decision Box 1 Change to the 90 days period end date.
Box 2 Certificate issue Box 2 nd
Deletion of the 2 bullet.
New : addition of content of surveillance activities.
New : addition of content of re-certification
activities.
Criteria for third party
Criteria for third party auditor qualification to
Annex 2 auditor qualification to Annex 2
ISO/TS 16949:2002
ISO/TS 16949:2002
Box 1 Box 1 Deletion of reference to ISO 10011.
Box 2 Box 2 No change.
Changes in ISO 9001 audit experience and in
industry experience.
Box 3 Box 3 Deletion of condition B) related to automotive
auditors.
Deletion of last sentence about waivers.
Box 4 Box 4 Addition of precision about application form.
Audit days for certification Audit days for certification to ISO/TS
Annex 3 Annex 3
to ISO/TS 16949 :2002t 16949 :2002t
New : table with reduced steps.
Table Table Addition of precision for use.
Requirements on audit
Requirements on audit days.
days
New : Entity explanation, coming partly from 7) of
1
the 1st edition.
1 2 Wording adapted to 2 stages audit.
2 3 Previous replaces initial.
3 4 No change.
4 5 Improved wording.
5 6 Improved wording.
6 7 No change, reference to annex A1 added.
7 8 New : site partly working for automotive.
9 New : definition of surveillance audit days.
10 New : Increased audit days when translation.
Corporate considerations Corporate audit scheme
Audit plan responsibility Addition of precisions.
New 1) strategic planning and policy making
Conditions required
2) where organization is replaced by suppliers.
Improved wording.
Audit days adjustment Table changed to give the % reduction.
Addition of limits for cumulative reductions.
Decertification process to
Annex 4 Annex 4 Decertification process to ISO/TS 16949:2002
ISO/TS 16949:2002
Deletion of “major” before NC,
Decertification process
Addition of “surveillance” before audit.
Granting a certificate No change.
Maintaining a certificate No change.
Suspension replaces Probation.
Probation
Improved wording for definition of suspension.
Withdrawal No change.
Cancellation Addition of example.
Corporate certificates Wording adapted to new corporate sites certificate.
Flow chart Change : maximum time is now 120 days.
Annex 5 Automotive process approach audit
New : text based on the wording of chapter one of
the checklist document (now dead).
Annex 6 Selection from ISO/IEC DIS 17021
New : excerpt of the future ISO/IEC 17021.

Annex 7 NEW : The present document.

Regras IATF

Uploaded by

Copyright:

Available Formats

Regras IATF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Regras IATF

Uploaded by

Copyright:

Available Formats

Automotive certification scheme for

Rules for achieving IATF recognition

2nd edition for ISO/TS 16949:2002

final draft – May 31, 2004

2.8 An audit finding shall have three distinct parts:

4.1 Consultants to the organization cannot participate in the audit.

Minimum number of annual :

* Office assessments of the ISO/TS 16949:2002 recognized certification body are to be

INITIAL AUDIT DAYS MAY BE REDUCED TO THE

INITIAL AUDIT DAYS MAY BE REDUCED BY NO MORE

INITIAL AUDIT DAYS MAY BE REDUCED BY NO MORE

INITIAL AUDIT DAYS MAY BE REDUCED BY NO MORE

4.10 If an organization certified to ISO/TS16949:2002, by a recognized certification body elects to change

5 ISO/TS 16949:2002 Certificate Content Requirements.

Phase description Time sched. Who What

DESIGN DESIGN RESPONSIBILITY : For product design responsibility

All rights reserved May 31, 2004

If there is insufficient readiness to conduct the stage 2 site audit, the

All rights reserved May 31, 2004

3. Audit Stage 2 Site audit T2 = start of on Audit team

There should be regular communication between organization and the

All rights reserved May 31, 2004

All rights reserved May 31, 2004

4. Nonconformities management Organization Nonconformities shall be acknowledged by the organization.

All rights reserved May 31, 2004

Certification The certification body may require additional information in order to

yes Certification Certificates will be issued only if there is 100% compliance to

All rights reserved May 31, 2004

All rights reserved May 31, 2004

Automotive Automotive core tools knowledge and competence

Have related ISO 9001:2000 auditing experience :

Requirements on audit days

Table : Audit days Adjustment for “Corporate” Audit scheme

Number of sites Percent reduction

10 days max yes

+ 110 days decision

+ 120 days max notification

© ISO/IEC 2004 – All rights reserved

5.1.2 Certification agreement

9.2 Initial audit and certification

9.2.3 Initial certification audit

9.2.5 Post-audit activities

9.3 Surveillance activities

9.3 2 Surveillance audit

9.3 3 Surveillance audit report

9.4.1 Recertification cycle

9.4.2 Recertification audit plan

9.4.3 Recertification audit

9.4.5 Recertification decision

A.2 The stage 1 audit shall be performed to:

B.7 Post-audit activities shall cover at least the following:

Multiple offices CB 1.2 Split into 2 bullets with simplified wording.

5c Reference to the Rules Deleted.

5e Multi sites Deleted.

6.1 Reports by CBs Deleted.

Box 3 Define audit plan Box 2 No change.

New : excerpt of the future ISO/IEC 17021.

You might also like