FAQs

A very common customer-specific requirement is the application of the process audit according to VDA 6.3 in the entire supply chain.

This closes the circle from the IATF 16949 requirement in chapter 9.2.2.6 to perform regular process audits and to perform them according to the process audit standard VDA 6.3.

(see also "Where can I find the customer-specific requirements in the VDA 6.3 process audit?")

The purpose of posting on the IATF 16949 home page is to enable certification auditors and 1st/2nd party auditors to become familiar with the customer-specific requirements of automotive manufacturers and their suppliers.

However, this is only partially sufficient because certification auditors do not automatically have access to all the contents of manufacturers' and suppliers' customer-specific requirements.
In addition, different manufacturers and suppliers have different philosophies about which customer-specific requirements are published on the IATF home page.

Conclusion: The IATF Oversight Homepage does not fully list the customer-specific requirements of automotive manufacturers or suppliers.

IATF 16949 (Quality Management System in the Automotive Industry) provides a common approach to a QM system in the automotive supply chain.

IATF 16949 can be specified by additional or supplementary Customer Specific Requirements (CSR) for the supplier's QM system.

The application of IATF 16949 requires knowledge and implementation of customer-specific requirements in the automotive supply chain:
• In Chapter 4 Context of the Organization, IATF 16949 requires that customer-specific requirements be evaluated and applied within the scope of the company's quality management system.
• Chapter 7.2.3, ISTF 16949, requires that auditors must have knowledge of customer specific requirements in order to be able to audit them.
• In chapter 8.5.1.5, IATF 16949 requires that the applicable customer-specific requirements must be taken into account in maintenance and servicing (Total Productive Maintenance - TPM).
• In chapter 9.2.2.6, IATF 16949 requires that customer-specific requirements must be included in the process audits to be performed on a regular basis.
• ...and in chapter 9.2.2.4, it is required that the customer-specific requirements are considered in the product audit.

Usually, customer-specific requirements can be rejected. However, this must be agreed in writing with the customer before the contract is awarded or signed.

Once the contracts containing customer-specific requirements have been signed, they are binding.

The main standards are:
• MBST 13/19 Production process and product approval
• MBST 14/07 Quality assurance. Operation of a quality management system
• MBN 10447 Process Capability and Process Liability.
• MBST 18/06 Management of defective deliveries after leaving the production site
• MBST 27/09 Failure Mode and Effect Analysis (FMEA)
• MBST 28/16 General packaging procedure and handling of load carriers
• MBN 10448 Damage analysis field

The customer-specific requirements Mercedes-Benz AG can be found in the "Purchasing Conditions", the specifications.
Many customer-specific requirements of Mercedes-Benz AG are defined in "Mercedes-Benz Special Terms" (MBST) and are available in the Mercedes-Benz AG Supplier Portal.

The main standards are:
• GS 95004 Part Analysis of field complaints
• GS 95015 Requirements for suppliers for 0-km
• GS 91011 Special features
• GS 95009 Protective measures against electrostatic discharge (ESD)
• GS 90036 Retractability of parts
• GS 95017 Continuous validation of product reliability in series production
• GS 98000 Statistical capability tests
• GS 98001 General specifications and special procedure
• GS 90018 BMW Requalification of product and process

The customer-specific requirements BMW Group can be found in the IPC "international Purchasing Condition", the specifications and the LSV "Service Interface Agreement".

The customer-specific requirements of the BMW Group are mostly written in "Group Standards" (GS). Those can be dpwnloaded at the BMW Group B2B portal.

The definition of customer-specific requirements differs significantly depending on the customer. All award documents must always be reviewed for this purpose.
This usually concerns the customer's specifications, other agreements and the purchasing conditions.

Customer specific requirements are requested by the customer and are additional requirements to be applied in the Management System (MS) of the supplier.
In the automotive industry, these are usually specific implementation requirements for requirements from IATF 16949 or DIN EN 9001:2015.

• An example of such an additional customer requirement can be an increased target value for process stability (Cpk).

The customer-specific requirements therefore have a direct effect on the company's MS. In addition, there may be customer requirements for the product. These are often called other customer-specific requirements.

The most important prerequisite for any successful audit, is to explain the added value in case of non-conformity to the people concerned.
Only if the auditees recognize this added value and do not feel "caught" in the audit will improvement processes be initiated and usually implemented sustainably and effectively.

This requires special skills on the part of the auditors. This can be achieved with expert knowledge, good explanations and understanding of the auditee's situation.

GAB attaches particular importance to these competencies of the auditors, which is reflected in the enthusiasm of the customers.

For many years, GAB has been commissioned worldwide by well-known 1st tier automotive suppliers as well as logistics companies and their suppliers to optimize internal and external processes.

We do not just enumerate deviations, but focus on the findings that contribute to the development of the audited company's management system and avoid identified risks.

If the audit is conducted internally, we also bring in approaches for improvement.

The word audit comes from the Latin auditus, where audire translates as "to hear."
In the field of quality management, the term has become established. Here it is meant that a person listens when another person reports.

However, the auditor must have considerably more skills than just listening.
The ability to grasp and analyze interrelationships and, based on this, to derive questions by means of appropriate discussion of the company's management system (MS) is particularly important.
In addition, an auditor needs a broad knowledge of quality standards and methods, a high level of analytical ability as well as a lot of professional experience in order to correctly classify what is presented to him or examined and to confirm or not the fulfillment of requirements from quality standards, customer-specific requirements, internal specifications or legal/regulatory requirements, resulting in so-called non-conformities and the need for action by the management.

Thus, if management has corporate responsibility for meeting all requirements, auditors help identify where there are deficiencies in the company in meeting requirements and thus risks to the company, and highlight these in the audit report for management.

Unfortunately, the audit has not always been treated with care in recent years. In the minds of many, it has the character of an audit or evaluation of work performance.

The actual purpose of the audit - to achieve continuous self-improvement and to avoid risks for the company - is often neglected.

GAB has a worldwide network of auditors ready for audits at any time.
Our team consists of experienced and trained ISO 9001, ISO 14001, IATF 16949 and VDA 6.3 system and process auditors.

Our audit projects range from Europe to the USA, Mexico and Asia.
We are represented in many countries, such as Poland, Hungary, Romania, China, India, USA, Mexico, etc. and have highly trained auditors who can perform audits in local languages.

Almost all management systems are based on the "High Level Structure" of ISO 9001:2015.
The following overview gives a rough idea:

ISO 14001
ISO 45001
ISO 27001

An audit that takes place in the course of certification according to an ISO standard is subject to the rules of the ISO or the respective accreditor, which must be observed by accredited certification companies.
In practice, this refers, for example, to the qualification of auditors and the correct planning and management of audits, etc., which is documented in standards and guidelines developed specifically for this purpose:

• ISO/IEC 17021:2011 specifies the requirements for "bodies that audit and certify management systems".
• ISO/IEC 17065:2013 sets requirements for "bodies that certify products, processes and services."
• ISO 19011:2020 is a guide to auditing management systems.

Importantly, ISO 19011 does not provide classic requirements for how an audit must be conducted, rather it provides "guidance for leading and directing an audit program and for planning and conducting an audit."
Therefore, ISO 19011 is used for the internal audit (1st party audit) or for example the supplier audit (2nd party audit), while ISO 17021 is mandatory for the certification audit (3rd party audit) for certification bodies.

"3rd party audits" are performed by external auditors (independent third parties) who are approved for the underlying set of rules, e.g. for certification audits according to ISO 9001:2018.

The term "2nd party audits" is used to describe the audits that a customer carries out on its suppliers.
This customer audit is also often referred to as a "supplier audit".

The procedures known as "1st party audits" will generally be carried out by an "internal auditor", i.e. usually, but not necessarily, by a company employee who has been trained for this purpose. In this case, only one party, namely the company itself, is involved. Nevertheless, internal audits can also be carried out by external auditors, but only on condition that they are qualified auditors.
Auditors of a certification company are not allowed to perform internal audits at companies if they themselves perform the certification audit for that company.

To determine the type of audit, the objective of the audit must first be determined. ISO 9001:2015 classifies the audit in chapter 9, measurement.

If, for example, the measurement of the conformity of the quality management system is defined as the objective, then the automotive industry standards ISO 9001:2015, IATF 16949 or the system audit VDA 6.1 are applied.

If an improvement of the processes is determined as the goal, different standards can result. As an example, ISO 9001:2015 with a process-oriented approach or directly a process audit according to VDA 6.3 could also be used here.

An audit can also be used as an analysis of a defect (deviation). Reactively, the analysis capability of an audit is used, for example, in event-oriented audits (EOA) to avoid repeat defects or to reduce high warranty costs.

The types of audits can be distinguished the following types:
• System audit
• Process audit
• Product audit