Procedure for HSE Risk assessment for identified Hazards/Aspects

1.0     PURPOSE

This procedure is developed to establish effective HSE risk assessment / mitigation processes throughout operations including production processes as well as support operations and ensure that the same is kept up to date reflecting any change in the processes / operations.

2.0     SCOPE

When considering the hazards at the site, the following are taken into account:

  • Routine and non-routine activities.
  • The activities of all persons having access to the workplace (including contractors and visitors).
  • Human behavior, capabilities and other human factors (i.e. cultural differences, ergonomics, sex, attitudes to HSE etc).
  • Hazards originating outside the workplace that may affect the XXXXX (i.e. fire at a neighboring site or sand storm).
  • Hazards created in the vicinity of the workplace as a result of activities under the control of the management (i.e. a fire or spillage at XXXXX that adversely affects our neighbors).
  • Infrastructure, equipment and materials used within XXXXX whether provided by XXXXX or not. (i.e. Fork lift trucks or contractors ladders)
  • Changes or proposed changes in the organization, its activities or materials (i.e. hardware changes such as installing new capital equipment, or changes to procedures such as changing the role of operators)
  • Modifications to the HSE Management system.
  • Any applicable HSE legislation relating to the organization
  • The design of work areas, processes, installations, machinery & equipment, operating procedures and work organization.


3.1    The MR is responsible for overseeing the process of risk assessment and tracking for its updating.

3.2    Identified Core Team members from each department are responsible for informing / notifying the MR regarding any change in the processes, procedure or activities subsequent to the initial risk assessment.

3.3    Core Team / competent personnel along with the MR conduct the risk assessment for respective department once in 12 months.

3.4    Relevant departments (Sales, Purchase, Operations, Maintenance, Quality Assurance & Control, HR, Administration and Finance) will join the risk assessment process or will be consulted.

3.5     Project manager and Safety officers is responsible for risk assessment at onsite.


The framework provided herein provides an HSE risk assessment / mitigation process that:

4.1    Operates on a continuous and systematic basis;

4.2     Addresses HSE hazard / Aspect identification, risk / Impact assessment and risk control;

4.3     Analyzes and prioritizes those risks / Aspects;

4.4    Serves as a vehicle for risk/aspect control, management and communication and has utility for all parts of the site.

However, there are two (2) additional considerations that warrant attention:

4.5   Regulatory Requirements:  The process described herein includes the consideration of HSE risks associated with legal non-conformance and identify the applicable regulatory requirements.

4.6    Risk Control: This process provides for risk / Aspect identification, risk assessment and mitigation decision-making.


5.1     HSE Risk

The most important definition associated with the process is HSE risk.

For the purpose of this process HSE risk is defined as the unique combination of an Activity, Product or Service plus a relevant aspect / Hazard plus the resultant impact /Risk. In short:

HSE Risk = [Activity, Product or Service] + [Aspect/Hazard] + [Impact/Risk]

Definitions for each of the HSE risk components are as follows:

  1. Activity / Product / Service: XXXXX operational practices, the company’s products and services that are offered to customers worldwide.
  2. Aspects- Any element of XXXXX activities, products and services, which can interact with the environment or human health.
  3. Impacts – any change to the environment or human health, whether adverse or beneficial, wholly or partially resulting from XXXXX activities, products and services.
  4. Hazards -Source or situation with a potential to harm in terms of human injury or ill health.
  5. Risk: combination of the likelihood of an occurrence off a hazardous event(s) or exposure (s) and the severity of injury or ill health that can be the event or exposure (s)
  6. Routine Activities (R): Regular jobs carried out under Normal operating condition of the plant.
  7. Non Routine Activities (NR): Irregular and periodic jobs carried out during start up/ shutdown etc. e.g.: Oil / Coolant spillage, Leakages of water from pipes. Preventive Maintenance activities.
  8. Emergency: Activities which may lead to emergency situations or Severe Environmental/Occupational health Impact. e.g. Fire, explosion, Earthquake, sabotage, Collapse of structure, Release of Toxic gases, Leakage in acid pipelines etc.
  9. Interested Party Concern (IPC): Concerns from person or group, inside or outside the workplace, affected by HSE Performance.


6.1     Risk Assessment

6.1.1    The list of HSE Core team members is maintained by MR. HSE Core team members are imparted training to conduct Risk Assessment to evaluate significant risks.

6.1.2    The initial risk assessment is carried out for all the processes, procedures and activities concerned with production process and as well as in support functions and the same are documented.

6.1.3    The relevant department shall join the risk assessment process or will be consulted for the risk assessment.

6.1.4    Risk assessment for onsite activities during starting of any new project is carried out as per HSE requirements of the customer and documented as HSE Plan and the approvals are obtained. Controls for significant Onsite HSE risks are identified and implemented as per the customer requirements throughout the completion of the project.

6.1.5    The concerned department personnel are informed about the hazards/ aspects in their work area pertaining to their activities and processes.

6.1.6    The personnel are trained on risk mitigation programs as a measure to control risks in the work area.

6.1.7    Any change in the process, procedure, equipment or activity in a particular department, is to be informed to the MR and a prior consent taken for the specified change after carrying out a risk assessment for the proposed change.

6.1.8    The risk assessment of the proposed change or consent from MR is required to / shall be documented.

6.1.9    After the change has been made, a follow up risk assessment shall be done and documented.

6.1.10 The documents pertaining to the risk assessment shall be kept with MR and a copy (in soft or hard) each with the relevant department.

6.1.11 While identifying Occupational, Health, Safety and Environmental (HSE) hazards and risk during initial HSE review, the following criteria shall be considered:

  1. Change, including planned or new developments, new or modified activities, products and services
  2. Abnormal conditions and reasonably foreseeable emergency situations.
  3. All activities where previous records of incidents occurred.
  4. Inputs from regular safety audits.
  5. All activity routine & non routine, where substantial / potential hazards and risks are involved.
  6. Evaluation of feedback from investigation of previous incident.
  7. Examination of all existing HSE procedures and practices.
  8. Activities of all personnel having access to the work place (including subcontractors and visitors)
  9. Facilities at the work place, whether provided by the organization or others.
  10. Inputs from Medical Records
  11. Inputs received from external interested parties
  12. Inputs received from any employee
  13. Emission to air
  14. Release of waste water
  15. Waste Management and conservation of natural resources
  16. Contamination to land

Based on the above, final list of activities of occupation health, safety & environmental (HSE) hazards and associated risks is documented.

6.2    Risk Assessment & Determining Significance

6.2.1    Criteria for risk assessment, developed through brain storming & discussion by core team and the Management Representative is using the tables here below:

Frequency of OccurrenceScore
Very likely – High probability of HSE accident to occur.5
Likely – Strong Probability that an HSE impact / dangerous occurrence will occur4
Moderate – Reasonable probability that an HSE incident / near-miss may occur.3
Low – Low probability, Have heard about this few years / months ago2
Remote – Very unlikely1
Severe – Fatality / Very harmful to HSE, Complex long term effect.5
Serious – Harmful – difficult to correct but recoverable over a period of time4
Moderate – Somewhat harmful, short term loss3
Minor – Little potential for harm, easily correctable, clearable2
Not likely to effect1
Time to notice the HSE incident / accidentScore
After Long time (1 month to 12 months) or Fatality / Damage noticed on the same day / Domino effect5
Detected after one day4
Detected beyond 12 hours3
Detected beyond 4 hours2
Detected beyond 2 hours1

6.2.2     Risk Assessment should be carried out using the form XXXXX/HSE/R 10

6.2.3    Identify all the Activities, Hazards and associated Risks in the cell contained in column (d) of the Risk Assessment Form XXXXX/HSE/R 10

6.2.4    Ensure that multiple hazards / aspects are not mentioned in the form.

6.2.5    For every activity the core team should document whether the activity is a Routine (R), Non Routine (NR), Column (e).

6.2.6     Document the associated Hazard/ Aspect and Risk / Impact in the column (f), (g).

6.2.7    if Activity which has a risk of life or risk of fire or severe environmental impact should be considered as an Emergency by denoting Y in the column 1

6.2.8    For the identified activity gather information from interested parties if the activity has any concern with respect to HSE.

6.2.9    If any concern is raised, document it as Yes () in column (2).

6.2.10 If the activity has a legal concern, document as Yes (Y).

Examples of Legal concern could be in the form of:

  1. Storage of LPG Cylinders
  2. Storage of Hazardous waste
  3. Working at heights

6.2.11 Evaluate if the Hazard in the work process has a Legal implication. If yes, indicate by denoting “Y” in the cell contained in the column (3)

6.2.12 If there is a potential for significant reduction / saving of natural and other resources, then please indicate RSP (Resource Saving Potential) as “Y” in column (4) and treat the aspect as a Significant aspect.

Sl. NoDate of Entry
Aspects / Hazards
(Enter only one aspect or hazard in one row for any particular activity)
Impacts / Risk
(Enter only one risk in one row for any particular activity)
Column (a)Column (b)Column (c)Column (d)Column (e)Column (f)Column (g)
(Yes / No)
(Yes / No))
LC (Legal
(Yes / No)
(Yes / No)
Present / Existing Controls
Frequency of Occurrence

Time to
Column (1)Column (2)Column (3)Column (4)Column (h)Column (i)Column (j)Column (k)

Emergency , IPC, LC , RSP are the overriding criteria

Present risk
Justification for
converting Significant
(S) to Non Significant
Final significance
after justification
Link to
Objective /
Column (l) Column (m) Column (n) Column (o) Column (p)

6.2.13 Should there be an instance where any of the columns of Emergency (E), Interested Party Concern (IPC) / Legal Concern (LC) /RSP is applicable and is denoted by “Y” then these concerns will be an Overriding Criteria and not be evaluated further. But will be identified as a Significant risk by denoting “S” in the column (m).

6.2.14 Risks which do not have Emergency / Interested Party Concern (IPC) / Legal Concern (LC) should be denote by indicating “N” (No)

6.2.15 Risks where overriding criteria viz. Interested Party Concern (IPC) / Legal Concern (LC) are not applicable should be considered for Risk Assessment.

6.2.16 Any activity which is having Present / Existing controls, mention the same in column (h).

6.2.17 The risk criteria for severity (column(i)), Frequency of occurrence (column(j)) and Time to notice (column(k)) is applied to HSE risks as per the table 1 and present risk factor is calculated and mentioned in column (l)

6.2.18 Any HSE risk having a risk factor above or equal to 27 is considered significant and gradually lowered to cover all the HSE risks stages such that at one state all risks will be suitably addressed.

6.2.19 Any activities which are not listed in any regulation and have no existing control, the severity is rated as 3 and the risk is considered as Significant.

6.2.20  If the Risk has appropriate controls in the form of Engineering or Process control, justification for converting Significance into non-significance is recorded in column (n).

6.3    The Risk assessment register also contains control or reaction plan viz. the operational control measures/procedures, management program, emergency preparedness and response against all significant risks specified in column (p).

6.4    Significant HSE aspects are communicated to various levels and functions within XXXXX.

7.0    RECORDS

  • Risk Assessment (XXXXX/HSE/R 10)
  • HSE Plan for onsite activities.

Subscribe to get access

Read more of this content when you subscribe today.



XXXXX establishes, implements, maintains, and continually improves the EMS Management System and assures itself of conformity with its stated EMS policy.

XXXXX applies all the requirements of ISO 14001:2015 if they are applicable within the determined scope of its quality management system.

XXXXX determines the boundaries and applicability of the EMS management system to develop its business covers basically in the following area:

  • Operations
  • Project Management.
  • Supply chain management
  • Onsite servicing
  • Product sales
  • Manufacturing
  • Quality and Health and services

The Scope of operational activities at XXXXX is:

“Enter your Scope here”.

1.1 Company Profile

“Enter your Company profile here”.

1.2 Introduction to the Environment Management System

The requirements of this manual are aimed at the Environmental awareness and safety policies as well as maintenance of the system that provides the most effective and efficient means of achieving the documented EMS management objectives.

1.2.1 Purpose

  • The contents of this Manual are intended as an overview, to demonstrate and explain how XXXXX’s EMS Management System conforms to ISO 14001: 2015.
  • The Manual and its associated documentation covering Procedures, Work Instructions, Documents, and Records are structured on and meet the requirements of ISO 14001: 2015.
  • Manual holders will be responsible for ensuring that their staff is fully conversant with the contents of the Manual.
  • The EMS Policy and Principles outlined in this Manual form a mandatory basis for our EMS Management System.


ISO 14001: 2015 Environmental management systems – Requirements with guidance for use


3.1 Terms related to organization and leadership

3.1.1 Management system

Set of interrelated or interacting elements of an organization to establish policies and objectives and processes to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines (e.g. Quality, environment, occupational health and safety, energy, financial management).

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning and operation, performance evaluation, and improvement.

Note 3 to entry: The scope of a management system can include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

3.1.2 EMS management system

Part of the management system used to manage environmental aspects fulfill compliance obligations, and address risks and opportunities

3.1.3 EMS policy

Intentions and direction of an organization related to EMS performance, as formally expressed by its top management

3.1.4 Organization

Person or group of people that has its own functions with responsibilities, authorities, and relationships to achieve its objectives

Note 1 to entry: The concept of the organization includes, but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.

3.1.5 Top management

Person or group of people who directs and controls an organization at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.

Note 2 to entry: If the scope of the management system covers only part of an organization, then top management refers to those who direct and control that part of the organization.

3.1.6 Interested party

Person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity

(e.g.) Customers, communities, suppliers, regulators, non-governmental organizations, investors and employees.

Note 1 to entry: To “perceive itself to be affected” means the perception has been made known to the organization.

3.2 Terms related to planning

3.2.1 Environment

Surroundings in which an organization operates, including air, water, land, natural resources, flora, fauna, humans, and their interrelationships.

Note 1 to entry: Surroundings can extend from within an organization to the local, regional and global system.

Note 2 to entry: Surroundings can be described in terms of biodiversity, ecosystems, climate or other characteristics.

3.2.3 Environmental aspect

Element of an organization’s activities or products or services that interacts or can interact with the environment.

Note 1 to entry: An environmental aspect can cause (an) environmental impact(s). A significant environmental aspect is one that has or can have one or more significant environmental impact(s). Note 2 to entry: Significant environmental aspects are determined by the organization applying one or more criteria.

3.2.4 Environmental condition

State or characteristic of the environment as determined at a certain point in time

3.2.5 Environmental impact

Change to the environment, whether adverse or beneficial, wholly or partially resulting from an organization’s environmental aspects

3.2.6 Hazard identification

Process of recognizing that a hazard exists and defining its characteristics

3.2.7 Ill health

Identifiable, adverse physical or mental condition arising from and/or made worse by a work activity and/or work-related situation

3.2.8 Incident

Work-related event(s) in which an injury or ill health (regardless of severity) or fatality occurred, or could have occurred

NOTE 1 to entry: An accident is an incident that has given rise to injury, ill health, or fatality.

NOTE 2 to entry: An incident where no injury, ill health, or fatality occurs may also be referred to as a “near-miss”, “near-hit”, “close call” or “dangerous occurrence”.

NOTE 3 to entry: An emergency situation is a particular type of incident.

3.2.9 Objective

Result to be achieved

Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product, service, and process.

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as an EMS objective, or by the use of other words with similar meaning (e.g. aim, goal, or target).

3.2.10 EMS objective

Objective set by the organization consistent with its EMS policy

3.2.11 Prevention of pollution

Use of processes, practices, techniques, materials, products, services, or energy to avoid, reduce or control (separately or in combination) the creation, emission, or discharge of any type of pollutant or waste, in order to reduce adverse environmental impacts

Note 1 to entry: Prevention of pollution can include source reduction or elimination; process, product, or service changes; efficient use of resources; material and energy substitution; reuse; recovery; recycling, reclamation; or treatment.

3.2.12 Requirement

Need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, for example in documented information.

Note 3 to entry: Requirements other than legal requirements become obligatory when the organization decides to comply with them.

3.2.13 Compliance obligations

Legal requirements and other requirements (admitted term) legal requirements that an organization has to comply with and other requirements that an organization has to or chooses to comply with

Note 1 to entry: Compliance obligations are related to the EMS management system.

Note 2 to entry: Compliance obligations can arise from mandatory requirements, such as applicable laws and regulations, or voluntary commitments, such as organizational and industry standards, contractual relationships, codes of practice, and agreements with community groups or non-governmental organizations.

3.2.14 Risk

Effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected – positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73:2009, and “consequences” (as defined in ISO Guide 73:2009,, or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73:2009, of occurrence.

3.2.17 Risks and opportunities

Potential adverse effects (threats) and potential beneficial effects (opportunities)

3.2.18 Risk assessment

Process of evaluating the risk(s) arising from a hazard(s), taking into account the adequacy of any existing controls, and deciding whether or not the risk(s) is acceptable

3.2.19 Acceptable risk

Risk that has been reduced to a level that can be tolerated by the organization having regard to its legal obligations and its own EMS policy

3.3 Terms related to support and operation

3.3.1 Competence

Ability to apply knowledge and skills to achieve intended results

3.3.2 Documented information

Information required to be controlled and maintained by an organization and the medium on which it is contained

Note 1 to entry: Documented information can be in any format and media, and from any source.

Note 2 to entry: Documented information can refer to:

  • The EMS management system, including related processes;
  • Information created in order for the organization to operate (can be referred to as documentation);
  • Evidence of results achieved (can be referred to as records).

3.3.3 Document

Information and its supporting medium

3.3.4 Procedure

Specified way to carry out an activity or a process

3.3.5 Record

Document stating results achieved or providing evidence of activities performed

3.3.6 Life cycle

Consecutive and interlinked stages of a product (or service) system, from raw material acquisition or generation from natural resources to final disposal

Note 1 to entry: The life cycle stages include acquisition of raw materials, design, production, transportation/delivery, use, end-of-life treatment and final disposal.

3.3.7 Outsource (verb)

Make an arrangement where an external organization performs part of an organization’s function or process

Note 1 to entry: An external organization is outside the scope of the management system, although the outsourced function or process is within the scope.

3.3.8 Process

Set of interrelated or interacting activities which transforms inputs into outputs

Note 1 to entry: A process can be documented or not.

3.3.9 Workplace

Any physical location in which work related activities are performed under the control of the organization

3.4 Terms related to performance evaluation and improvement

3.4.1 Audit

Systematic, independent, and documented process (3.3.8) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.

Note 2 to entry: An audit can be a combined audit (combining two or more disciplines).

Note 3 to entry: Independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.

Note 4 to entry: “Audit evidence” consists of records, statements of fact, or other information which are relevant to the audit criteria and are verifiable; and “audit criteria” are the set of policies, procedures, or requirements used as a reference against which audit evidence is compared, as defined in ISO 19011:2011, 3.3 and 3.2 respectively.

3.4.2 Conformity

Fulfilment of a requirement

3.4.3 Nonconformity

Non-fulfilment of a requirement

Note 1 to entry: Nonconformity relates to requirements in this International Standard and additional EMS management system requirements that an organization establishes for itself.

3.4.4 Corrective action

Action to eliminate the cause of a nonconformity and to prevent recurrence

Note 1 to entry: There can be more than one cause for a nonconformity.

3.4.5 Preventive action

Action to eliminate the cause of a potential nonconformity or other undesirable potential situation

3.4.6 Continual improvement

Recurring activity to enhance performance

Note 1 to entry: Enhancing performance relates to the use of the EMS management system to enhance EMS performance consistent with the organization’s EMS policy.

Note 2 to entry: The activity need not take place in all areas simultaneously, or without interruption.

3.4.7 Effectiveness

Extent to which planned activities are realized and planned results achieved

3.4.8 Indicator

Measurable representation of the condition or status of operations, management or conditions

3.4.9 Monitoring

Determining the status of a system, a process or an activity

Note 1 to entry: To determine the status, there might be a need to check, supervise or critically observe.

3.4.10 Measurement

Process to determine a value

3.4.11 Performance

Measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes, products (including services), systems, or organizations.

3.4.12 EMS performance

Performance related to the management of environmental aspects & risks

Note 1 to entry: For an EMS management system, results can be measured against the organization’s EMS policy, EMS objectives, or other criteria, using indicators.


4.1 Understanding the organization and its context

XXXXX determines the external and internal issues (Refer: XXXXX/MR/20) that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its EMS management system. Such issues include environmental conditions being affected by or capable of affecting the organization.

4.2 Understanding the needs and expectations of interested parties

XXXXX determines:

  1. The interested parties (Refer: XXXXX/MR/21) that are relevant to the EMS management system
  2. The relevant needs and expectations (i.e. requirements) of these interested parties
  3. Which of these needs and expectations become its compliance obligations

4.3 Determining the scope of the EMS management system

XXXXX determines the boundaries and applicability of the environmental management system to establish its scope. XXXXX considered the following while determining its scope:

  1. The external and internal issues (Refer 4.1)
  2. The compliance obligations referred to in (Refer 4.2)
  3. Its organizational units, functions and physical boundaries
  4. Its activities, products and services
  5. Its authority and ability to exercise control and influence.

The scope is maintained as documented information (Refer 1.0) and made available to interested parties.

4.4 Environmental management system

XXXXX establishes, implements, maintains, and continually improves the EMS management system, including the processes needed and their interactions (Refer XXXXX/EMSM/Appendix/04), in accordance with the requirements of ISO 14001:2015 to achieve the intended outcomes, including

  • Enhancing its EMS performance
  • Fulfilling the compliance obligation
  • Achievement of EMS objectives

XXXXX has considered the knowledge gained in (Refer 4.1 & 4.2) when establishing and maintaining the EMS management system. XXXXX’s EMS Management System and supporting documentation (which includes Manual, Procedures, Work Instructions, Documents, and Records) have been established for monitoring and measuring the effectiveness of the processes necessary to ensure logical planning, resulting in steady continual improvement.


5.1 Leadership and commitment

Top management demonstrates the leadership and commitment with respect to the EMS management system by:

1.Taking accountability for the effectiveness of the EMS management system

  • Ensuring that the EMS policy and objectives are established and are compatible with the strategic direction and the context of the organization
  • Ensuring the integration of the EMS management system requirements into the organization’s business processes
  • Ensuring that the resources needed for the EMS management system are available
  • Communicating the importance of effective EMS management and of conforming to the EMS management system requirements
  • Ensuring that the EMS management system achieves its intended outcomes
  • Directing and supporting persons to contribute to the effectiveness of the EMS management system.
  • Promoting continual improvement

2.Supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

5.2 EMS Policy

Top management establishes, implements, and maintains an EMS policy (Refer XXXXX/EMSM/Appendix/01) that within the defined scope of its EMS management system and ensures that the policy:

  • Is appropriate to the purpose and context of the organization, including the nature, scale, and environmental impacts & risks of its activities, products, and services
  • Provides a framework for setting and reviewing EMS objectives
  • Includes a commitment to the protection of the environment, including prevention of pollution and other specific commitment(s) relevant to the context of the organization
  • Includes a commitment to the prevention of injury and ill-health
  • Includes a commitment to fulfill its compliance obligations related to its Environmental aspects and hazards
  • Includes a commitment to continual improvement of the EMS management system to enhance EMS performance

The EMS policy is:

  • Maintained as documented information
  • Communicated within the organization
  • Available to interested parties
  • Reviewed periodically to ensure that it remains relevant and appropriate to the organization.

5.3 Organizational roles, responsibilities and authorities

Top management ensures that the responsibilities and authorities for relevant roles are defined, documented, assigned, maintained and communicated within the organization using Functional Roles and Responsibilities through induction trainings.

Top management appoints Mr. ABCD (QHSE Manager) as Management Representative and assigns the responsibility and authority for:

  1. Ensuring that the EMS management system is established, implemented, maintained, and conforms to the requirements of ISO 14001:2015
  2. Reporting on the performance of the EMS management system, including EMS performance, to top management for review and used as a basis for improvement of the EMS management system

The appointment of a Management Representative is communicated to all persons working under the control of the organization through emails and toolbox talks.

XXXXX’s Management demonstrates their commitment to the continual improvement of EMS performance. XXXXX ensures that persons in the workplace take responsibility for aspects of the Environment over which they have control, including adherence to the organization’s applicable EMS requirements.


6.1 Actions to address risks and opportunities

6.1.1 General

XXXXX establishes, implements, and maintains the process(es) (Refer XXXXX/EMSP/01: EMS Risk Assessment) needed to meet the requirements in 6.1.1 to 6.1.4.

XXXXX considers:

  1. The issues referred to in 4.1
  2. The requirements referred to in 4.2
  3. The scope of its EMS management system

And determines the risks and opportunities, related to its environmental aspects, compliance obligations and other issues and requirements, identified in 4.1 and 4.2, that need to be addressed to:

  • Give assurance that the EMS management system can achieve its intended outcomes
  • Prevent or reduce undesired effects, including the potential for external environmental conditions that affects the organization
  • Achieve continual improvement

Within the scope of the EMS management system, XXXXX determines the potential emergency situations, including those that can have an environmental impact and incidents.

XXXXX maintains the documented information of its:

  • Risks and opportunities that need to be addressed
  • Process(es) needed in 6.1.1 to 6.1.4, to the extent necessary to have confidence they are carried out as planned.

6.1.2 Environmental aspects

The procedure for the identification & evaluation of aspects is defined and documented to determine the methods to identify the environmental aspects and to evaluate the actions needed to control its impacts. (Refer XXXXX/EMSP/01: EMS Risk Assessment)

Within the defined scope of the EMS management system, XXXXX’s team consisting of Management Representative, Department Heads/Representative & Safety Officer determines the environmental aspects of its activities, products and services that it can control and those that it can influence, and their associated environmental impacts, considering a life cycle perspective.

When determining environmental aspects, XXXXX takes into account:

  • Change, including planned or new developments, and new or modified activities, products and services
  • Abnormal conditions and reasonably foreseeable emergency situations.

XXXXX determines those aspects that have or can have a significant environmental impact, i.e. significant environmental aspects, by using established criteria based on environmental concern (Nature of impact, severity, probability, and time of notice), control concern (existing control and monitoring), and regulatory requirements. For all aspects, an effective control and monitoring mechanism will be applied in order to prevent them from becoming significant. These mechanisms will be in the form of procedures, work instructions, monitoring, training, etc., depending on the level of significance and nature of Activities/Processes/Services (A/P/S).

The aspects considered as significant are taken into consideration when establishing the SMART objectives. XXXXX communicates its significant environmental aspects among the various levels and functions of XXXXX, as appropriate. Management Representative will keep the information concerning identification and evaluation of aspects up-to-date.

XXXXX maintains documented information of its:

  • Environmental aspects and associated environmental impacts
  • Criteria used to determine its significant environmental aspects
  • Significant environmental aspects.

6.1.3 Compliance obligations

Management Representative / Admin Personnel using the documented procedure (Refer XXXXX/EMSP/03: Compliance Obligations)

  • Identifies, obtains, maintains and have access to all applicable legal and other relevant requirements related to the environmental aspects, hazard identification and risk assessment of all activities/processes/services of the company
  • Determines how these requirements apply to its organization’s environmental aspects and requirements

Identification will be focusing on requirements specific to the company’s A/P/S, Local Municipality regulations, Ministerial Orders, Labor laws and authorizations, licenses, and permits. XXXXX ensures that these applicable legal and other requirements to which it subscribes are taken into account in establishing, implementing, and maintaining its EMS management system. XXXXX communicates relevant information on legal and other requirements to persons working under the control of XXXXX, and other relevant interested parties. A detailed Legal Register, applicable to XXXXX activities is established and maintained. XXXXX keeps this information up-to-date.

6.1.4 Planning action

XXXXX plans:

To take actions to address its:

  • significant environmental aspects
  • compliance obligations
  • risks and opportunities identified in 6.1.1

2.How to:

  • Integrate and implement the actions into its EMS management system processes (see 6.2, Clause 7, Clause 8 and 9.1), or other business processes
  • Evaluate the effectiveness of these actions (see 9.1).

When planning these actions, XXXXX considers its technological options and its financial, operational, and business requirements.

6.2 EMS Objectives and planning to achieve them

6.2.1 EMS Objectives

XXXXX maintains a documented procedure (Refer XXXXX/EMSP/02: Objectives, Targets, and Program) XXXXX’s Chairman, Management Representative/Design & QA Manager, Department Heads establishes SMART (Specific, Measurable, Achievable, Realistic & Time-bound) objectives at all levels within XXXXX by taking into account XXXXX’ssignificantenvironmental aspects and associated compliance obligations, and considering its risks and opportunities. XXXXX also considers its technological options, its financial, operational, and business requirements, and the views of relevant interested parties. These objectives will be consistent with EMS Policy including the commitment

  • To prevention of injury, ill health and environmental pollution
  • To compliance with applicable legal requirements and with other requirements to which XXXXX subscribes and its significant environmental aspects
  • To continual improvement

These SMART objectives will be monitored, updated as appropriate, and communicated to all levels of the staff according to their involvement. These objectives are systematically reviewed at regular and planned intervals (mainly during management review meetings) and adjusted as necessary, to ensure that the objectives are achieved.

6.2.2 Planning actions to achieve EMS objectives

When planning to achieve its EMS objectives, XXXXX implements a program to determine:

  1. Actions to be taken
  2. Required resources
  3. Responsibility and authority
  4. Target date

Evaluation of results, including indicators for monitoring progress toward achievement of its measurable EMS objectives (see 9.1.1).

XXXXX has integrated the actions to achieve its EMS objectives into the organization’s business processes by communicating the action plan to the respective personnel and it is ensured that the actions were taken regularly.

The Core Team Members devise management programs in order to achieve the established EMS objective and target. These programs define the principal actions to be taken, those responsible for undertaking those actions, and the scheduled time for their implementation. XXXXX maintains documented information on the EMS objectives.


7.1 Resources

XXXXX determines and provides the resources like competent persons, equipment, personnel protective equipment, good work environment, infrastructure, technology, and financial resources needed for the establishment, implementation, maintenance, and continual improvement of the EMS management system are provided adequately.

Resources are identified primarily through planning stages, or when the need arises.

7.2 Competence

XXXXX has:

  1. Determines the necessary competence of person(s) doing work under its control that affects its EMS performance and its ability to fulfil its compliance obligations
  • Ensures that these persons are competent on the basis of appropriate education, training or experience
  • Determines training needs associated with its environmental aspects, and its EMS management system
  • Where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken.

XXXXX retains the appropriate documented information as evidence of competence.

Weekly Toolbox talks are held to discuss relevant issues. All Personnel is encouraged to comment and contribute to the discussion. Important discussions from the weekly toolbox meetings are recorded.

All new employees are made aware of the company’s commitment to the Environment as part of their induction training. All Staff receives induction training from their respective

Supervisors. Environment performance, trends and any relevant issues will be discussed at the meetings.

Training procedures (Refer: L2/01 Training takes into account differing levels of:

  1. Responsibility, ability, language skills and literacy; and
  2. Risk.

7.3 Awareness

XXXXX ensures that persons doing work under XXXXX’s control are aware of :

  • The EMS policy
  • Significant environmental aspects & consequences and related actual or potential impacts, associated with their work
  • Their contribution to the effectiveness of the EMS management system, including the benefits of enhanced EMS performance
  • Their roles and responsibilities and importance in achieving conformity to the EMS policy and procedures with the requirements of the EMS management system, including emergency preparedness and response requirements
  • The potential consequences of departure from specified procedures
  • The implications of not conforming with the EMS management system requirements, including not fulfilling the organization’s compliance obligations.

7.4 Communication

7.4.1 General

XXXXX establishes, implements, and maintains the process(es) needed for internal and external communications relevant to the EMS management system, including:

  1. On what it will communicate
  2. When to communicate
  3. With whom to communicate

d)   How to communicate.

Top Management/Department Heads/MR were communicating through notices, memos, and in-house check-lists and keep the workforce informed on the company’s performance, progress, and improvement in all areas concerning Environment performance. Supervisors will also assess operations during routine toolbox talks, and communicate results to the workforce.

A documented procedure (Refer XXXXX/EMSP/04: Communication) is established, implemented and maintained for

  1. Internal communication among the various level and function within the organization,
  2. Communication with contractors and other visitors to the workplace
  3. Receiving, documenting, and responding to relevant communication from external interested parties

When establishing its communication process(es), XXXXX:

  • Takes into account its compliance obligations
  • Ensures that EMS information communicated is consistent with information generated within the EMS management system, and is reliable.

XXXXX responds to relevant communications on its EMS management system and retains documented information as evidence of its communications, as appropriate.

7.4.2 Internal communication


  • Internally communicate information relevant to the EMS management system among the various levels and functions of XXXXX, including changes to the EMS management system, as appropriate
  • Ensures its communication process(es) enable(s) persons doing work under the XXXXX’s control to contribute to continual improvement.

7.4.3 External communication

XXXXX externally communicates the information relevant to the EMS management system, as established by XXXXX’s communication process and as required by its compliance obligations.

A documented procedure (Refer XXXXX/EMSP/04: Communication) is established, implemented and maintained for

1)The participation of workers by their:

  • Appropriate involvement in Environmental aspect identification, risk assessments and determination of controls
  • Appropriate involvement in incident investigation

2) Involvement in the development and review of EMS policies and objectives

  • Consultation where there are any changes that affect their EMS
  • Representation on EMS matters.

Workers are informed about their participation arrangements, including their representative(s) –

  1. EMS Officer on EMS matters.
  2. Consultation with contractors where there are changes that affect their EMS.

XXXXX ensures that relevant external interested parties are consulted about pertinent EMS matters as appropriate.

7.5 Documented information

7.5.1 General

XXXXX EMS manual indicates the policies related to the system for implementing the actions necessary to ensure logical planning, resulting in steady continual improvement of the system and its processes.

The EMS management system documentation includes the following:

  • EMS Manual, Policy and objectives
  • Description of Scope of EMS Management System
  • Description of the main elements of the EMS management system and their interaction, and reference to related documents
  • Procedures / Instructions / Master lists as required by the XXXXX’s EMS management system
  • Documents, including records and other External origin documents required by ISO 14001: 2015  and by XXXXX as being necessary for the effectiveness of the EMS management system

XXXXX establishes and maintains the documented information to demonstrate conformity to the requirements of its EMS management system and of ISO 14001:2015 standards, and the results achieved.

7.5.2 Creating and updating

When creating and updating documented information, XXXXX ensures appropriate:

  1. Identification and description (e.g. a title, date, author, or reference number)
  2. Format (e.g. language, software version, graphics) and media (e.g. paper, electronic)
  3. Review and approval for suitability and adequacy.

7.5.3 Control of documented information

Documented information required by the EMS management system and by ISO 14001: 2015 & are controlled to ensure that it is:

  1. Available and suitable for use, where and when it is needed;
  2. Adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).

XXXXX establishes, implements and maintains a documented procedure  to

  1. Address the following activities as applicable:
    • Distribution, access, retrieval, and use
    • Storage, protection, and preservation, including preservation of legibility
    • Control of changes (e.g. version control)
    • Retention and disposition
  2. Approve documents for adequacy prior to issue
  3. Review and update as necessary and re-approve documents
  4. Prevent the unintended use of obsolete documents and apply suitable identification to them if they are retained for any purpose.

Documented information of external origin determined by XXXXX to be necessary for the planning and operation of the EMS management system are identified, as appropriate, and controlled.


8.1 Operational planning and control

XXXXX establishes, implements, controls, and maintains the processes (Refer XXXXX/EMS/05: Operational Control) needed to meet EMS management system requirements and to implement the actions identified in 6.1 and 6.2, by:

  • Establishing operating criteria for the process(es)
  • Implementing control of the process(es), in accordance with the operating criteria.

XXXXX controls planned changes and reviews the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. XXXXX ensures that outsourced processes are controlled or influenced. The type and extent of control or influence to be applied to the process(es) is defined within the EMS management system.

Consistent with a life cycle perspective, XXXXX:

  1. Establishes controls, as appropriate, to ensure that its EMS requirements are addressed in the design and development process for the product or service, considering each life cycle stage
  2. Determines its EMS requirement(s) for the procurement of products and services, as appropriate
  3. Communicates its relevant EMS requirement(s) to external providers, including contractors
  4. Considers the need to provide information about potential significant environmental impacts & consequences associated with the transportation or delivery, use, end-of-life treatment, and final disposal of its products and services.

XXXXX determines those operations and activities that are associated with the identified hazard(s) where the implementation of controls is necessary to manage the risk(s). This includes the management of change.

For those operations and activities, XXXXX implements and maintains:

  1. Operational controls, as applicable to XXXXX and its activities; XXXXX integrate those operational controls into its overall EMS management system
  2. Controls related to purchased goods, equipment, and services
  3. Controls related to contractors and other visitors to the workplace
  4. Documented procedures, to cover situations where their absence could lead to deviations from the EMS policy and the objectives
  5. Stipulated operating criteria where their absence could lead to deviations from the EMS policy and objectives.

Those operations and activities, which are identified as significant environmental aspects and high risk in line with the policy, objectives & targets, legal & other requirements, etc. will be controlled. The objective of all these controls is to prevent, correct, and monitor the significant impacts identified. XXXXX maintains documented information to the extent necessary to have confidence that the processes have been carried out as planned.

8.2 Emergency Preparedness and Response

XXXXX establishes, implements & maintains a documented procedure (Refer XXXXX/EMSP/09: Emergency preparedness and Response) to identify the potential emergency situations that can have an impact(s) on the environment and OH&S; to prepare for and respond to the potential emergency situation identified in 6.1.1.


  1. Prepares to respond by planning actions to prevent or mitigate adverse environmental impacts consequences from emergency situations
  2. Responds to actual emergency situations and accidents
  3. Takes action to prevent or mitigate the consequences of emergency situations, appropriate to the magnitude of the emergency and the potential environmental and impact
  4. Take account of the needs of relevant interested parties while planning the emergency response e.g. emergency services and neighbors.
  5. Periodically tests the planned response actions to respond to emergency situations, where practicable involving relevant interested parties as appropriate
  6. Periodically reviews and revises the process(s) / procedure and planned response actions, in particular after the occurrence of emergency situations or accidents
  7. Provides relevant information and training related to emergency preparedness and response, as appropriate, to relevant interested parties, including persons working under its control.

XXXXX maintains the documented information to the extent necessary to have confidence that the process(es) is (are) carried out as planned.


9.1 Monitoring, measurement, analysis and evaluation9.1.1 General

XXXXX monitors, measures, analyses, and evaluates its EMS performance and effectiveness of the EMS management system.

XXXXX establishes and maintains a procedure (Refer XXXXX/EMSP/06: Monitoring, Measurement, Analysis, and Evaluations) to determine:

  1. What needs to be monitored and measured
  2. The methods for monitoring, measurement, analysis, and evaluation, as applicable, to ensure valid results
  3. The criteria against which the organization will evaluate its environmental performance, and appropriate indicators
  4. When the monitoring and measuring shall be performed
  5. When the results from monitoring and measurement shall be analyzed and evaluated.

In addition to information gathered from the Internal Audits Schedule, Procedures and/or Instructions will be in place to monitor and measure the effectiveness and ongoing development of the EMS Management System. The equipment that is required to monitor or measure EMS performance is calibrated and maintained as appropriate. XXXXX establishes and maintains a procedure (Refer L2/20: Calibration of Measuring and Monitoring Equipment) for control of Measuring devices.

Calibration, where applicable, will be carried out as required by third-party certified organizations and where appropriate in-house. Records of calibration and maintenance activities and results are retained.

XXXXX communicates relevant EMS performance information both internally and externally, as identified in its communication process(es) and as required by its compliance obligations.

XXXXX retains appropriate documented information as evidence of the monitoring, measurement, analysis, and evaluation results.

9.1.2 Evaluation of Compliance

XXXXX establishes, implements, and maintains the process(es) needed to evaluate fulfillment of its compliance obligations.


  1. Determines the frequency that compliance will be evaluated
  2. Evaluates compliance and take action if needed
  3. Maintains knowledge and understanding of its compliance status.

XXXXX retains documented information as evidence of the compliance evaluation result(s).

9.2 Internal Audit

9.2.1 General

XXXXX conducts internal audits at planned intervals to provide information on whether the EMS management system:

  1. Conforms to:
    1. The organization’s own requirements for its EMS management system
    1. The requirements of ISO 14001:2015
  2. Is effectively implemented and maintained.

9.2.2 Internal audit programme

XXXXX establishes, implements, and maintains (an) internal audit program (s) (Refer L2/24: Internal Audit), including the frequency, methods, responsibilities, planning requirements, and reporting of its internal audits. When establishing the internal audit program, XXXXX takes into consideration the Risk assessment, EMS importance of the processes concerned, changes affecting the organization, and the results of previous audits.

An Internal Audit Program is established and maintained with audit criteria and scope to ensure that all aspects of the EMS Management System are audited. The frequency of Internal Audits will be determined according to the effectiveness of the system and the significance of individual system activities. In any event, each aspect of the System is audited at least once a year.

Internal Audits were performed in line with standard requirements under the MR supervision. Suitably trained and qualified internal auditors who are not directly responsible for the area being audited shall undertake Internal Audits to ensure objectivity and the impartiality of the audit process.

All Internal Audit findings are documented. Any non-conformity is recorded and reported to the responsible person and agreed upon at the time of audit. Any corrective action that can be taken immediately should be implemented and recorded.

Results of audits are submitted to XXXXX’s Management and those are used for reviewing the continued effectiveness and improvement of the EMS Management System.

9.3 Management Review

The EMS Management System is reviewed and relevant facts recorded and used, where /appropriate, as a method of implementing any improvement resulting from the findings of any internal audits. Reviews will be carried out, as required, with concerned personnel, and this will be utilized as a method of assessing opportunities to improve or discuss any changes to the EMS Management System including the EMS policy and objectives or its procedures. This shall be carried out at least once in 12 months by Top Management to ensure its continuing suitability, adequacy, and effectiveness of the system (Refer Management Review Meeting).

The management review includes consideration of:

  1. The status of actions from previous management reviews
  2. Changes in:
    • External and internal issues that are relevant to the EMS management system
    • The needs and expectations of interested parties, including compliance obligations
    • Its significant environmental aspects & consequences
    • Risks and opportunities
  3. The extent to which EMS objectives have been achieved
  4. Information on the organization’s EMS performance, including trends in:
    • Nonconformities and corrective actions
    • Monitoring and measurement results
    • Status of Incident investigation, corrective and preventive actions
    • Fulfillment of its compliance obligations
    • Audit results
    • Results of participation and consultation
  5. Adequacy of resources
  6. Relevant communication(s) from interested parties, including complaints;
  7. Opportunities for continual improvement.

The outputs of the management review include:

  • Conclusions on the continuing suitability, adequacy and effectiveness of the EMS management system
  • Decisions related to continual improvement opportunities
  • Decisions related to any need for changes to the EMS management system, including resources
  • Actions, if needed, when EMS objectives have not been achieved
  • Opportunities to improve integration of the EMS management system with other business processes, if needed
  • Any implications for the strategic direction of the organization.

Any decisions made during the meeting, assigned actions, and their due dates, are recorded in the minutes of management review. XXXXX retains documented information as evidence of the results of management reviews. Relevant outputs from management review are made available for communication and consultation.


10.1 General

XXXXX determines the opportunities for improvement (see 9.1, 9.2 and 9.3) and implements necessary actions to achieve the intended outcomes of its EMS management system.

10.2 Nonconformity and corrective action

XXXXX establishes, implements, and maintains a procedure(s) for dealing with nonconformity and for taking corrective action.

1.When a nonconformity occurs, XXXXX:

  • Reacts to the nonconformity and, as applicable
  • Takes action to control and correct it
  • Deals with the consequences, including mitigating adverse environmental impacts and consequences

2. Evaluate the need for action to eliminate the causes of the nonconformity or to prevent nonconformity, in order that it does not recur or occur elsewhere, by:

  • Reviewing the nonconformity
  • Determining the causes of the nonconformity to avoid their recurrence
  • Determining if similar nonconformities exist, or could potentially occur to avoid the occurrence
  • Implement any action needed to mitigate their environmental impacts and consequences
  • Review the effectiveness of any corrective action and preventive action taken
  • Record and communicate the results of corrective action(s) and preventive action(s) taken
  • Make changes to the EMS management system, if necessary.

Corrective actions are appropriate to the significance of the effects of the nonconformities encountered, including the environmental impact(s) and consequences.

XXXXX retains documented information as evidence of:

  • The nature of the nonconformities and any subsequent actions taken
  • The results of any corrective / preventive action

Where the corrective action identifies new or changed hazards or the need for new or changed controls, the procedure requires that the proposed actions are taken through a risk assessment prior to implementation. Any corrective action is taken to eliminate the causes of actual and potential nonconformity to be appropriate to the magnitude of problems and commensurate with the risk(s) encountered. XXXXX ensures that any necessary changes arising from corrective action and preventive action are made to the management system documentation.

10.2.1 Incident investigation

XXXXX establishes, implements, and maintains a procedure(s) (Accident and Incident Investigation) to record, investigate and analyze incidents in order to:

  1. Determine underlying deficiencies and other factors that might be causing or contributing to the occurrence of incidents
  2. Identify the need for corrective action
  3. Identify opportunities for preventive action
  4. Identify opportunities for continual improvement
  5. Communicate the results of such investigations

The investigations are performed in a timely manner. Any identified need for corrective action or opportunities for preventive action is dealt with in accordance with the relevant parts of 10.2. The results of incident investigations are documented and maintained.

10.3 Continual improvement

XXXXX continually improves the suitability, adequacy, and effectiveness of the EMS management system to enhance EMS performance.

Subscribe to get access

Read more of this content when you subscribe today.

IATF 16949:2016 Organizational roles, responsibilities, and authorities

Top Management is defined as the person or group of people who directs and controls an organization at the highest level (within the scope of the quality management system). Top Management has the power to delegate authority and provide resources within the organization. Top management must ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization. The top management must primarily take accountability for the effectiveness of the QMS and understand that its success or failure depends on them. Defining the Quality Policy and objectives is a task that cannot be fulfilled without the engagement of the top management, as both the policy and the objectives must be aligned with the context and strategic direction of the organization.  The QMS must be integrated with the business processes of the organization, and this is also a responsibility of the top management. The provision of resources for QMS operation is also part of the top management responsibilities, as, without the appropriate resources, the QMS cannot work. Promoting the use of the process approach and risk-based thinking, along with communicating the importance of the effectiveness of the QMS and compliance with the requirements. Engaging, directing, and supporting personnel to contribute to the effectiveness of the QMS, and supporting other management roles to demonstrate leadership in their areas of responsibility. Defining the corporate responsibility policy, which needs to include an anti-bribery policy, the employees’ code of conduct, and an ethics escalation policy (whistle-blowing policy). Identifying process owners who will be in charge of managing the processes and related outputs. Conducting management reviews in order to assess the condition and performance of the QMS and define necessary actions for improvement.

In addition to the roles and responsibilities that the top management must take,  the top management must assign to the mid-management and other employees within the organization:

  • Conformity of the QMS to the requirements of the standard – one or more persons in the organization needs to be responsible for the overall conformity to the standard.
  • Process effectiveness – the top management must assign responsibilities to ensure that the processes are delivering the intended outcomes; this is in close relation with the requirement to assign process owners.
  • Reporting on QMS performance – some person within the organization must be in charge of reporting to the top management on the performance of the QMS and opportunities for improvement.
  • Ensuring the QMS integrity during maintenance and changes in the system – this person will have to be responsible for ensuring that compliance with the standard and other requirements is preserved during maintenance or changes made to the QMS.
  • Compliance with customer requirements – considering the importance of the customer requirements in an IATF 16949-based QMS, it is no wonder that the standard requires the top management to assign responsibility for ensuring and documenting customer requirements.
  • Stopping the production and shipment in case of nonconformity – the top management must assign authority to relevant people to stop the production or prevent the shipment of non-conforming products to the customers.
  • Responsibility for corrective actions – the persons with this authority must be informed about any nonconformity regarding products or processes, so they can prevent the shipment of nonconforming or potentially nonconforming products to the customers.
  • Conformity to product requirements – the top management must ensure that all processes and shifts include adequate personnel who are in charge of the product’s conformity to the requirements.

A good audit system is also imperative. At any time an audit report is carried out, a number of variables have to be investigated in order to permit certification. This is the reason that it’s crucial to select a really good provider of an audit management system. The efficiency of an audit investigation is significant to an operation’s longevity. Thus, ensure that each audit investigation is undertaken as professionally as it can be.

5.3 Organizational Roles, Responsibilities, and Authorities

Top management must ensure that the responsibilities and authorities for relevant roles are assigned, communicated, and understood within the organization. Top Management must assign the responsibility and authority to ensure that the system conforms to the requirements of ISO 9001 and that the processes are delivering their intended outputs. Top Management must assign the responsibility and authority for a report on the performance of the system, on opportunities for improvement, and on the need for change or innovation, and especially for reporting to top management. Top Management must assign the responsibility and authority to ensure the promotion of customer focus throughout the organization and ensure that integrity of system is maintained when changes to system are planned and implemented.

For explanation click here. 

5.3.1 Organizational roles, responsibilities, and authorities – supplemental

Top management shall assign personnel with the responsibility and authority to ensure that customer requirement are met. These assignments shall be documented. This includes but is not limited to the selection of special characteristics, setting quality objectives and related training, corrective and preventive actions, product design and development, capacity analysis, logistics information, customer scorecards, and customer portals.

5.3.2 Responsibility and authority for product requirements and corrective actions

Top management must ensure that personnel responsible for conformity to product requirements have the authority to stop shipment and stop production to correct quality problems. In case it is not possible to stop the production immediately due to process design the affected batch must be contained and shipment to the customer prevented. Personnel with authority and responsibility for corrective action should be promptly informed of products or processes that do not conform to requirements to make sure that nonconforming products are not shipped to the customer and that all potential nonconforming product is identified and contained. Production operations across all shifts should have personnel in charge of, or delegated responsibility for, ensuring conformity to product requirements.

Top management must establish the organization necessary to deploy the QMS. It must define the structure, hierarchy and lines of reporting. Additionally perhaps, through the assistance of the Human Resources function, it must ensure that the duties, responsibilities and authority of all personnel are defined and communicated. All personnel must be clear on their duties, responsibilities and authority in meeting customer and regulatory requirements. Organization charts, job descriptions, procedures, work instructions, etc, are some of the many ways that top management may use to define and document this. These must be communicated and deployed, as applicable, throughout the organization. Orientation packages, appointment postings, sign-off on job descriptions, training on procedures and work instructions, etc, are some of the many ways in accomplishing this. The organization structure and lines of reporting; responsibility and authority of managerial functions and departments may be established by top management (business planning) and the responsibilities and authorities for the rest of the organization may be established by the HR function working with various process owners. Again, this would depend on the size, complexity and culture of the organization. The communication process must ensure timely reporting of serious product or process to higher-level staff with authority and responsibility for decision making and provision of resources for taking corrective action. When product or process problems occur, the process for handling nonconformities must include a review of what actions, decisions, responsibilities, timing, etc, were involved in causing the problem to arise. Accountability across all shifts, for the actions taken as a result, should be reviewed. The Control Plan must also be reviewed in terms of its effectiveness or inability to prevent nonconformity. The responsibilities, authority, rules and conditions under which production is stopped to correct quality problems must be carefully defined. Contingency planning to minimize delivery disruptions to customers must be taken into consideration. Ensure that any staff delegated with responsibility for product quality is adequately trained and is available on site or if off-site, is quickly available or accessible to verify product quality. The objective here is not to disrupt shift operations or cause shipping delays by creating a backlog of the product requiring inspection for the next shift. The performance indicators for the business planning, HR process and QMS processes may be used to determine the effectiveness of planning and managing the organizational structure, responsibilities and authorities. IATF 16949 focuses heavily on meeting customer and regulatory requirements and enhancing customer satisfaction. The MR must likewise promote this focus through all processes that are directly and even indirectly involved in achieving this. There are many ways of doing this including the use of training, cross-functional teams, customer-focused project teams, project milestone reviews, designated customer representative, electronic interfaces with the customer, use of PPAP, FMEA’s, Control Plans, customer specifications, customer product-specific work instructions, etc. The designated customer representative and their specific responsibilities must be clearly defined.  They must ensure that customer requirements are fully understood and addressed. A good way to address this, is for the customer representative to participate in the entire APQP (Advanced Product Quality Planning) process. Review specific requirements for the customer representative at OEM customer or IATF websites.  The effective fulfillment of the customer representative’s responsibilities may be demonstrated by their participation in milestone and decision points related to production release ie engineering release and other related activities linked to customer requirements.

Responsibility and authority

The requirements on responsibility and authority are in two parts: one general and the other relating to people with particular roles

Identifying Process that affects the quality

The responsibility, authority, and interrelation of personnel who manage, perform and verify Processes affecting quality is to be defined and documented. The key to this requirement is determining what affects quality; i.e. if you can identify any Processes that does not affect quality, you are not obliged to define in your quality system the responsibilities and authority of those who manage, perform, or verify it. In principle, every process affects the quality of the products and services supplied by the organization, some directly, others indirectly. The process can be divided into result-producing, support, and housekeeping activities. All are essential to the business but only the result-producing and support activities affect the quality of the products and services supplied. The result-producing activities are those which directly bring in revenue and which contribute to results, such as sales, marketing, development, manufacture, and maintenance. The support activities are usually those which set standards, create the vision, produce information needed by the result-producers, provide teaching, training, and advice, such as research, computer services, quality assurance, training, and personnel. Housekeeping activities are those which do not contribute to results but their malfunction could harm the business, such as health and safety, security, catering, travel, medical, general maintenance, etc.

Apart from result-producing activities, there are several other activities that could affect quality:

  • A failure to observe government health and safety regulations could close a factory for a period and hence result in late delivery to customers.
  • Health and safety hazards could result in injury or illness, place key personnel out of action for a period, and hence result in work not being done or being done by personnel who are not competent.
  • A failure to take adequate personnel safety precautions may put the product at risk.
  • A failure to safely dispose of hazardous materials and observe fire precautions could put the plant at risk.

If there are personnel involved with the identification, interpretation, promulgation, and verification of such regulations then their responsibilities and authority will need to be defined in the quality system.

What is “responsibility and authority”?

Responsibility is in simple terms an area in which one is entitled to act on one’s own accord. It is the obligation of staff to their managers for performing the duties of their jobs. It is thus the obligation of a person to achieve the desired conditions for which they are accountable to their managers. If you caused something to happen, you must be responsible for the result just as you would if you caused an accident — so to determine a person’s responsibility, ask “What can you cause to happen?”

Authority is in simple terms the right to take actions and make decisions. In the management context, it constitutes a form of influence and a right to take action, to direct and coordinate the actions of others, and to use discretion in the position occupied by an individual, rather than in the individual themselves. The delegation of authority permits decisions to be made more rapidly by those who are in more direct contact with the problem.

It is necessary for management to define who should do what in order that the designated work is assigned to someone to carry out. It is not cost-effective to have duplicate responsibilities or gaps in responsibility as this leads to conflict or tasks being overlooked. A person’s job can be divided into two components: actions and decisions. Responsibilities and authority should therefore be described in terms of the actions assigned to an individual to perform and discretion delegated to an individual: that is, the decisions they are permitted to take along with the freedom they are permitted to exercise. Each job should therefore have core responsibilities, which provide a degree of predictability, and innovative responsibilities, which in turn provide the individual with scope for development. In defining responsibilities and authority there are some simple rules that you should follow:

  • Through the process of delegation, authority is passed down within the organization and divided among subordinate personnel, whereas responsibility passes upwards.
  • A manager may assign responsibilities to a subordinate and delegate authority, however, they remain responsible for the subordinate’s use of that authority.
  • When managers delegate responsibility for something, they remain responsible for it. When managers delegate authority they lose the right to make the decisions they have delegated but remain responsible and accountable for the way such authority is used. Accountability is one’s control over the authority one has delegated to one’s staff.
  • It is considered unreasonable to hold a person responsible for events caused by factors that they are powerless to control.
  • Before a person can be in a state of control they must be provided with three things:
    1. Knowledge of what they are supposed to do: i.e. the requirements of the job, the objectives they are required to achieve.
    2. Knowledge of what they are doing, provided either from their own senses or from an instrument or another person authorized to provide such data.
    3. Means of regulating what they are doing in the event of failing to meet the prescribed objectives. These means must always include the authority to regulate and the ability to regulate both by varying the person’s own conduct and by varying the process under the person’s authority. It is in this area that freedom of action and decision should be provided.
  • The person given responsibility for achieving certain results must have the right (i.e. the authority) to decide how those results will be achieved, otherwise, the responsibility for the results rests with those who stipulate the course of action.
  • Individuals can rightfully exercise only that authority which is delegated to them and that authority should be equal to that person’s responsibility (not more or less than it). If people have authority for action without responsibility, it enables them to walk by problems without doing anything about them. Authority is not power itself. It is
    quite possible to have one without the other! A person can exert influence without the right to exert it.
  • In the absence of the delegation of authority and assignment of responsibilities, individuals assume duties that may duplicate those duties assumed by others. Thus jobs that are necessary but unattractive will be left undone. It also encourages decisions to be made only by top management, resulting in an increasing management work-load and engendering a feeling of mistrust in the workforce.

Defining responsibilities and authority

The actual documentation of responsibilities within your QMS is as important as the planning and decisions that go into the process. Though there is no specific mention of “documented information” in terms of roles and responsibilities, the standard says that the organization should maintain documented information “determined as being necessary for QMS effectiveness.” Great care must be taken to ensure that, when delivered to an employee, roles and responsibilities are clearly defined, clearly measurable, have a clear definition of time periods relevant to the activities, and are aligned to the capabilities of the employee. When roles and responsibilities are documented so specifically, clear review and action periods can be set. The organization can then readily identify how much progress is being made, maintaining clarity in terms of the responsibility for the delivery of activity important to the QMS. Ensure that your roles and responsibilities are correctly allocated, defined, and documented, and the business of ensuring continual improvement for your QMS will become much more achievable The responsibilities and authority should be documented in addition to being defined, as one can define such things in dialogue with one’s staff without documenting them. This is indeed a common way for staff to discover their responsibilities. Sometimes you may not be aware of the limits of your authority until you overstep the mark. By documenting the responsibility and authority of staff, managers should be able to avoid such surprises.

There are four principal ways in which responsibilities and authority can be documented:

  • In an organization structure diagram, or organigram
  • In job descriptions
  • In terms of reference
  • In procedures

The standard does not stipulate which method should be used. In very small companies a lack of such documents defining responsibility and authority may not prove detrimental to quality provided people are made aware of their responsibilities and adequately trained. However, if you are going to rely on training, there has to be some written material which is used so that training is carried out to consistent standards. Organigrams are a useful way of showing interrelationships (see below) but imprecise as a means of defining responsibility and authority. They do illustrate the lines of authority and accountability but only in the chain of command. Although organigrams can define the area in which one has authority to act, they do not preclude others having responsibilities within the same area; for example, the title “Design Manager — Computer Products” implies the person could be responsible for all aspects of computer product design when in fact they may not have any software, mechanical engineering, or reliability engineering responsibilities. Titles have to be kept brief as they are labels for communication purposes and are not usually intended for precision on the subject of responsibilities and authority. One disadvantage of organigrams is that they do not necessarily show the true relationships between people within the company. Horizontal relationships can be difficult to depict with clarity in a diagram. They should therefore not be used as a substitute for policy.

Job descriptions or job profiles are useful in describing what a person is responsible for. However, it rather depends upon the reason for having them as to whether they will be of any use in managing quality. Those produced for job evaluation, recruitment, salary grading, etc. may be of use in the quality system if they specify the objectives people are responsible for achieving and the decisions they are authorized to take. Terms of reference are not job descriptions but descriptions of the boundary conditions. They act as statements that can be referred to in deciding the direction in which one should be going and the constraints on how to get there. They are more like rules than a job description and more suited to a committee than an individual. They rarely cover responsibilities and authority except by default. Procedures are probably the most effective way of defining people’s responsibilities and authority as it is at the level of procedures that one can be specific as to what someone is required to do. Procedures specify individual actions and decisions. By assigning actions or decisions to a particular person you have assigned to them a responsibility or given them certain authority. Procedures do present problems, however, it may be difficult for a person to see clearly what his/her job is by scanning the various procedures because procedures often describe tasks rather than objectives. When writing procedures never use the names of individuals as they will inevitably change. The solution is to use position or role titles and have a description for a particular position or role that covers all the responsibilities assigned through the procedures. Individuals only need to know what positions they occupy or the roles they perform. Their responsibilities and authority are clarified by the procedures and the position or role descriptions.

Within IATF 16949 there are several requirements for an assignment of responsibility. These include  but not limited to the responsibility and authority for:

  • Defining the quality policy and objectives
  • Determining customer satisfaction
  • Representing the needs of the customer
  • Stopping production to correct quality problems
  • Assigning trained personnel
  • Appointing the management representative
  • Reviewing business plans
  • Promoting quality awareness
  • Promoting safety awareness
  • Conducting the management review
  • Quality planning
  • Assigning the project manager
  • Reporting product realization measurements to management
  • Conducting project reviews
  • Carrying out FMEA
  • Performing process studies
  • Performing process design verification
  • Developing control plans
  • Submitting product approval requests
  • Accepting contracts
  • Reviewing product designs
  • Performing product design verification and validation
  • Reviewing product design changes
  • Reviewing and approving documents and changes thereto
  • Evaluating and selecting subcontractors Subcontractor assessment
  • Reviewing and approving purchasing documents
  • Verifying product at subcontractor’s premises
  • Reporting lost or unsuitable customer supplied product to customers
  • Planning production, installation, and servicing processes
  • Verifying job set-ups
  • Verifying product
  • Performing layout inspection
  • Checking comparative references
  • Calibrating inspection, measuring, and test equipment
  • Notifying customers of nonconforming product shipment
  • Reviewing and disposing of nonconforming product
  • Obtaining authorization to deviate from customer approved specifications
  • Handling customer complaints
  • Investigating the cause of nonconforming product
  • Determining corrective and preventive actions
  • Receiving product into and dispatching product from storage areas
  • Issuing shipment notifications to customers
  • Planning, conducting, and reporting on internal quality audits
  • Identifying training needs and providing training
  • Reviewing training effectiveness
  • Reporting that servicing meets requirements
  • Identifying the need for statistical techniques

In organizations that undertake projects rather than operate continuous processes or production lines, there is a need to define and document project-related responsibilities and authority. These appointments are often temporary, being only for the duration of the project. Staff are assigned from the line departments to fulfill a role for a limited period. To meet the requirement for defined responsibility, authority, and interrelationships for project organizations you will need Project Organization Charts and Project Job Descriptions for each role (such as Project Manager, Project Design Engineer, Project Systems Engineer, and Project Quality Engineer). As project structures are temporary, there needs to be a system in place that controls the interfaces between the line functions and the project team. Such a system would include:

  • Policies that govern the allocation of work to projects
  • Policies that govern the allocation of work to staff on these projects
  • Job descriptions for each role, stating responsibilities, authority, and accountability
  • Procedures that identify the roles responsible for each task and for ensuring that information is conveyed to and from these staff at the appropriate time
  • Procedures that consolidate information from several disciplines for transmission to the customer when required
  • Monitoring procedures to track progress and performance
  • Procedures that ensure the participation of all parties in decisions affecting the product and its development and production
  • Procedures for setting priorities and securing commitment
  • Procedures that include the management of subcontractor programs during development and deal with the transmission of information to and from the subcontractors, what is to be transmitted, by whom, in what form, and with whose approval

Some organizations have assigned responsibility for each element of the standard to a person, but such managers are not thinking clearly. For some elements, the assignment of responsibility may appear possible, as in the case of  Design control and Purchasing, but when you come to examine it more closely you will find that the task is not so easy. If we look at purchasing we find that it is made up of many actions and decisions, such as defining the technical requirement, evaluating the supplier, choosing the supplier, placing the order, monitoring the supply, inspecting the goods on receipt, etc. No one person other than the CEO is responsible for all of these actions unless it is a small company. The Purchasing Manager may not accept responsibility for errors in the technical specification invoked in the purchase order if he/she did not prepare or approve the technical specification. When auditors ask “Who is responsible for purchasing?” ask them to specify the particular activity they are interested in. Remember you have a system that delegates authority to those qualified to do the job.

Interrelation of personnel

Defining individual responsibilities and authority alone will not define how personnel relates to one another. Interrelation means to place in a mutual relationship, so what is needed is a definition of the relationships between all staff with quality responsibilities. The primary reason for defining interrelationships is to establish channels of communication so that work proceeds smoothly without unplanned interruption. Staff needs to know from whom they will receive their instructions, to whom they are accountable, to whom they should go to seek information to resolve difficulties, and to whom information or product should be submitted when complete. Personnel within a company are related in several ways:

  • By position in a reporting hierarchy
  • By position in a chain of operations as internal customers and suppliers of information, product, or service
  • By position in a salary-grading structure
  • By job title, profession, type of work
  • By location, i.e. being on the same site but not in the same department, group, or division

In order for personnel to achieve a common objective (product or service quality) they must relate to one another — they must interact. Work passes from one person to another, from one department to another and often this relationship is quite different from the hierarchical relationship of personnel in the company. In order to meet this particular requirement it is, therefore, necessary to:

  • Define the structure of the company, preferably in a diagrammatic form showing each department and section whose work affects quality. (You don’t have to define all parts of the company.)
  • Define the location of work, departments, groups, and divisions.
  • Define the processes that manage, specify, achieve, and control product/service quality and who performs each stage in the process, preferably in the form of flow diagrams.

Action to prevent nonconformity

Initiating action to prevent something is not the same as preventing something from taking place. You can prevent something from happening either by not starting the process or by stopping it before a nonconformity has occurred. The only people who should prevent the occurrence of product or process nonconformity are those in control of the process — those operating the machines, producing the results, doing the work — or those people who manage or supervise such people. It would not be right for anyone not responsible for the process to exert power over it, such as stopping the process or changing the material, the documentation, the instructions, or the personnel. In addition to the managers of the process,  the quality auditors should be given the authority to initiate action to prevent nonconformity but if you do this, such authority should override that of those in control of the process. In other words, if the auditor requires some action to be taken to prevent the recurrence of nonconformity, he has to do more than notify those in control of the process, otherwise, such notification could be ignored. The reason for doing this is for ensuring that the requirements of the standard are met. Authority to initiate means authority to cause someone to take action. It does not give the initiator the right to specify what action to take. However, the receiver of the instruction must either obey it or escalate it to higher management. Regarding nonconformities relating to the quality system, anyone should be permitted to request a change to the quality system documentation to prevent the occurrence of nonconformities; however, only a person’s manager should be permitted to issue instructions to his/her staff enforcing compliance with the documented quality system. The Top Management can and should, however, instruct other managers to comply with the agreed policies and practices.

Identifying  and recording problems

A problem is a difference between the way things are and the way things ought to be, as perceived by the one identifying it. A problem relating to the product, process, or quality system (or quality problem) is, therefore, a difference between what has been achieved and what is required. The organization must identify the responsibilities and authority who need to identify and record such problems. Any organization should provide an environment that encourages all employees to contribute to the business, but unfortunately, this is not so in many organizations. There may well be some merit in limiting such freedom in order that management is not swamped with fictitious problems. It all comes down to deciding who is in a position to be able to tell whether a situation is a problem and whether it affects quality. Certainly, managers and professional staff should be free to identify problems because they should have the knowledge to report only problems that can be resolved. To provide staff with the necessary freedom you will need one or more problem-reporting procedures and some policies that give staff the freedom to identify, record, and report problems relating to the product, process, and quality system.

Initiating or providing solutions

 Managers of the functions concerned should have the authority to initiate solutions to problems arising in their areas of responsibility. Experts and other personnel used in an advisory capacity should also be given authority to make recommendations and provide solutions. However, you may wish to limit such powers. You will not want just anyone to influence those resolving the problems. Those not qualified to give advice on certain subjects should not have the authority to do so. There have been many cases where a person has taken unqualified advice to find that they should not have done so. Hence the requirement that solutions be provided through designated channels. You will therefore need some policy to ensure that the credentials of those giving advice are checked before the advice is accepted. Likewise, there should be a policy that ensures staff takes the advice given by qualified personnel unless they can justify otherwise. There is no point in an organization employing experts and then allowing their advice to be ignored. If the experts are no good it is better to replace them!

Verifying the implementation of solutions 

The person resolving the problem should be the person who caused it or, if this is not possible or appropriate, it should be the person responsible for the result. This person should also verify that they have implemented the solution correctly, but there may be a need for others to verify that the solution resolves the problem; for example, the person detecting the problem may be a customer. Quite often the solution implemented may not, in fact, resolve the original problem. This could be due to poor communication or to politics. In addition, the designer of the solution may decide to take the opportunity to change things that were perhaps not perfect but found them less costly to change in conjunction with other changes. Where such changes may result in the problem not being solved, it becomes more important that the verification be carried out by someone other than the designer. You will need to define who has the authority to verify certain types of solutions, such as new products, design changes, policy changes, planning changes, procedures changes, or process changes. They may be the same people who verified the original designs, plans, procedures, etc. but could be different if you have product support, maintenance, or post—design organization.

Control of nonconforming product

There are three separate requirements here. Control of further processing involves stopping the process and, as explained previously, should be carried out only by those responsible for the process. Controlling further delivery is somewhat different, as the authority to deliver may not be vested in the same person who performed the processing. Delivery decisions are more than decisions about conformance to specification. They are about conformance to contract and those responsible for the production processes may not be able to determine whether contractual conditions have been met. Much more may hang on the resolution of a problem than mere conformance to specification. The decision in some circumstances may be taken by the CEO. There may have been a safety problem or a product liability problem so your system needs to recognize these fine distinctions. Those making the delivery decisions need possession of all the information required to protect the company as well as meet customer needs. Installation decisions are similar to process decisions and the decision to start or stop further installation work should rest with those responsible for installation. If the materials have not been delivered they cannot be installed, so the key decision, in this case, is the delivery decision.

Meeting customer requirement (Customer representative)

The organization must ensure that appropriate individuals be assigned to represent the needs of the customer in internal functions. Each customer may have slightly different requirements, many of them often have no impact on product quality but on the presentation of information. If you characterize products and processes too closely to specific customer requirements, you run the risk of introducing inefficiencies and reducing productivity. You can, however, maintain productivity and respond to your customer’s varying demands through an interface function. Appointing a person as your customer liaison representative provides an opportunity to develop someone in your organization who knows as much about what the customers need and why it is needed as the customers themselves. This person is then able to translate specific customer requirements into your language and back again. So rather than change all your processes to suit all your customers, translate customer requirements onto your own paperwork and use this throughout the process. At the end of the chain of processes, NAATI translation uses to your paperwork onto customer forms and supply these to your customer. Where a customer wants something that others have not yet demanded, consider the overall benefits, and if it does provide added value change your processes. If not, find a compromise that is mutually beneficial. The appointed customer representative will need to spend some time with the customer to learn their ways and understand their language, needs, and expectations. Hence if your staff speaks English and you do business with Chinese companies you may need people who can speak Chinese and who are familiar with the appropriate subject vocabulary. Beware, however, that in appointing such a person you choose wisely. It also has to be someone you can trust to represent your interests. You will need a means of calibrating this person so that he/she does not get carried away with enthusiasm and start to impose requirements that are no more than personal likes and dislikes.

Back to Home Page

If you need assistance or have any doubt and need to ask any question contact me at or call Pretesh Biswas at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.

IATF 16949:2016 Process owner

Process Owner is a person who has the ultimate responsibility for the performance of a process in realizing its objectives measured by key process indicators and has the authority and ability to make necessary changes. A Process Owner is a person immediately accountable for creating, sustaining, and improving a particular process, as well as, being responsible for the outcomes of the process. A process owner is responsible for managing and overseeing the objectives and performance of a process through Key Performance Indicators (KPI). A process owner has the authority to make required changes related to achieving process objectives. A process owner is usually someone in management, not a team or committee. You need a single point of contact that is accountable for the overall process. Of course, the process owner may establish a process leader and team to help set up, operate, and support the process. Process owner responsibilities include:

  • Developing, deploying and managing process.
  • Explaining the purpose of a process
  • Ensuring process objectives
  • Determining, implementing and monitoring metrics( KPIs).
  • Improving process performance.
  • Ensuring quality reporting
  • Negotiating other process conflicts with respective process owners
  • Requesting required employee training
  • Reviewing, approving and communicating process changes and/or improvements
  • Driving towards system improvement goals.
  • Periodically presenting to Leadership the current state of improvement and opportunities.
  • Representing their co-workers during internal assessments and third party assessments
  • Advising management of process breaches or interruptions

IATF 16949:2016 Process owners

Top management must identify process owners who are given the responsible for managing the organization’s processes and related outputs. Process owners must understand their roles and should be competent to perform those roles.

To understand the term “process owner”, lets begin with the definition of a process. A Process is a set of interrelated or interacting activities which transforms inputs into outputs. The inputs of a process are the outputs from other processes. And, processes are planned and carried out under controlled conditions to add value. A Business Process consists of a series of tasks that receives a product or service (the input) from a supplier, adds value to that product or service through some transformation (the process), and then delivers a product or service of more value (output) to a customer. All business transactions take place through business processes that connect in a series to form Business Systems. We typically find somewhere between 8-16 business processes per Business System.

A Process Owner is a person who is given the responsibility and authority for managing a particular process. A Process Owner is designated by the Top Management to be responsible for the development, maintenance and enhancement of a specific process within the Management System. The Process Owner should have a clear understanding of and be closely involved with the assigned process on a daily basis. It is not necessary to select a supervisor for this role. For example, it can be beneficial to choose a subject matter expert. Most organizations find it useful to appoint individual process owners and define their responsibilities as ensuring the implementation, maintenance, and improvement of their specific process and its interactions with other processes. Process owners take an organization-wide view of their processes. They may not truly “own” the process in that some of the people who are involved in carrying out the process may not report to them. Instead, the owner is responsible for the design of the process, in other words, how it is carried out, how it interacts with other processes, and how it is measured. And, this responsibility is an ongoing task. Process owners have responsibility for their specific process, end-to-end. However, as stated earlier, this does not mean that all the staff involved in a process actually report to the process owner. Process owners usually have responsibility for most steps in the process and are able to influence other key areas outside their direct organizational control. The owner is assigned a specific process of the Management System and is responsible for documenting, developing and continuously improving the system. If an employee wishes to change the process, that person must work through the Process Owner. The owner also works actively and cooperatively with other linked process owners and subject matter experts to ensure enterprise wide continuity and optimization. Characteristics of a good Process Owner include:

  • Flexibility and good people skills. A good owner wants to share knowledge with others. It is important to be objective and open to suggestions for change.
  • Knowledge. The owner must have a strong understanding of the technical and practical aspects of the process and be able to explain and educate others.
  • Commitment. The owner must care and ensure that the process equals best practice.
  • Subject Matter expert: The owner is aware of the entire process in detail, including the inputs, output, raw materials and resources required, supplier requirements, customer requirements, Interactions with other processes and so on.
  • Owns the Process Performance: The person is responsible for the KPIs, Metrics, Cost incurred, Profit & Loss Account of the process, ups and downs of the performance, Corrective and Preventive actions to be taken, and changes to be done in the process.
  • Manages Training & Feedback: Responsible for the skills and knowledge of his team members and Leads. He specifies the skills to be looked at while hiring, identifies training needs, designs the training curriculum, assess and provide performance feedback for his team.
  • Manages the Team: The owner sets the goal for the team based on organization’s vision and goal, leads the team on adhering to the process and policies, encourages and motivates team for performance improvement, sets a career path for his team members.

Process owners can use the Plan-Do-Check-Act methodology to improve their processes: 1) planning what to do and how to do it, 2) doing what was planned, 3) checking the results to see if things happened according to plan, and 4) acting to improve the process the next cycle.

First and foremost, a process owner should be performing management duties, not clerical duties. At the highest level, management includes the planning, managing, and supporting of performance. A process owner should be doing all those activities for a given process. Planning includes setting performance goals for the process that are derived from organizational goals. The goals and support plans of the functional areas that participate in the process should cascade from those process goals. The process owner should be actively engaged with functional leaders to determine what kinds of resources are needed to enable and support the process and then to get commitments from the functions to provide those needed resources. This planning and resource allocation activity includes determining if the process is capable of meeting organizational goals, which means regularly assessing the condition of the process in question, and then initiating, sponsoring, and steering the improvement efforts that will make the process capable. But the role does not include doing the improvements – process ownership is not a role for the Black Belt specialist. As for ongoing management, the process owner role should include regular reviews of process performance and capability, and re-planning or adjusting as necessary. This monitoring of process performance should be driven by both process and function metrics that help the process owner and functional managers understand where performance deviations are occurring and agree on what the corrective actions should be. Process owners should ensure the following activities are completed:

  • Define a process that can be easily subjected to audit
  • Describe its links and interactions with other processes
  • Identify its documentation and training requirements
  • Issue and maintain any procedures and instructions
  • Implement processes consistent with the quality policy
  • Make available necessary resources and information
  • Operate and control an effective and efficient process
  • Resolve any problems and prevent their recurrence
  • Communicate process changes to the process users
  • Define and manage interfaces with other processes
  • Communicate input requirements to internal suppliers
  • Meet the output requirements of internal customers
  • Analyze performance data and set quality objectives
  • Track progress against process performance targets
  • Communicate with process users to identify issues
  • Identify risks and opportunities with current process
  • Investigate and propose process improvements

Role of the Process Owner

Creating effective process owners is never an easy task. It frequently means changing deeply ingrained management perspectives and behaviors. It also means spanning organizational silos and reorienting their management world view to focus on what links rather than differentiates functions. Companies often complicate this evolution because they fail to adopt incentives to motivate management behavior in line with the company’s new process orientation. Fundamental decisions about the roles and responsibilities of process owners, and who is best qualified to execute these roles, are paramount to building a strong process-based governance model. Clear process owner roles offer strong benefits to internal governance. They not only drive how decisions will be made in the future, but also identify and correct potential flaws in the company’s current governance. In many companies, the results include more effective and efficient cross-functional decision making, fewer cross-functional committees, more single-point ownership, and fewer informal channels to challenge and overturn decisions by escalating decisions to senior executives. What is the background required for successful process owners?  A process owner should—

  • Be an executive or senior manager who possesses organizational clout and can command, not just negotiate
  • Typically be the senior-most manager whose areas of responsibility directly intersect most with the process
  • Have a predisposition to oversee and work with the teams within the core business process and have major equity across the functions in the business process
  • Possess a broad understanding of the activities and challenges across the business process, with knowledge of upstream and downstream activities (e.g., suppliers and customers)
  • Have the ability to do what is best for the overall performance of the process and its customers, rather than for just the functions or operations falling within the process.
    In short, a process owner is not necessarily a subject matter or technical expert, a functional specialist, or an process specialist. The table below shows a typical job description for a process owner.

Some of the key attributes of individuals occupying this role are…

  1. Broad Experience: As a leader Process Owner have to understand how the pieces fit together. This knowledge is only truly gained through experience by bouncing about from role to role. This in turn requires that they be…
  2. Diggers: Individuals who get things done by going to ground zero, deciphering how things work, and possessing the understanding to make adjustments to capitalize on the situation. Process owners delve into the weeds and absorb the details, because they know this is where true change takes place. Mired in the details, they must also retain a…
  3. Customer Focus: Any innovation effort will be adjusted and redesigned as new information comes to light. On occasion the original strategy may be fatally flawed, requiring major readjustments before it delivers the intended outcome. To recalibrate strategies, key to this role is the ability for the business process owner to be customer focused. Again, this is a mindset best gained on the ground floor connecting with customers. Having such a background provides an awareness of the customer that cannot be taught as effectively in any other way. Dealing with a changing scope also requires process owners be…
  4. Level headed, pragmatic, and fact based: Changing situations allow ambitious individuals to capitalize on the chaos for their own personal gain. Doing so may well limit the benefits captured by an improvement effort. Process owners are the rudder of the organization’s change efforts and need to base improvements on facts and not emotions or political concerns. Bringing strategies in the face of adversity requires a certain level of…
  5. Natural Leadership: Some of the best candidates for business process owner are individuals who just seem to have the knack for getting things done. They plow through resistance and find a way to deliver when others fail. They are capable negotiators and excel at coordinating with other leaders.

How to utilize the strengths of a Process Owner:

  1. Train the Process owner: No employee will contribute for a new initiative without understanding the concepts, realizing the benefits of it. So, train the process owners, so that he realizes the need of it and thinks of the benefits he reaps on.
  2. Involve him from the early stage: He should be involved from the early stages of implementation. He should be a part of meetings discussing the planning of System implementation.
  3. Let him point out the pain area and Project opportunity: The Top Management should consult the process owner in identifying the pain areas and opportunities of improvement. Imposing ideas or projects will lead to resistance and he will tend to be defensive.
  4. Consult him in Team Member Selection: He knows the strengths and availability of his team members. Thus his opinion in team member selection will be beneficial for the process/project and least disturbance to the normal operations.
  5. Utilize his process knowledge: Involve him in the process of root cause analysis and solution identification. Without his support, the changed process cannot be implemented continuously.
  6. Credit him for the entire Success: Publicly appreciate his involvement and support in the success. Also his team members can be rewarded for their commitment and contribution. Top Management can be made as a bonus parameter to encourage the process owner and his team for effective participation.

 If your organization wishes to make process ownership work – and shift management attention to what really matters to customers – then consider the following pitfalls to avoid.

Pitfall #1: The drive on process ownership is NOT top down

If senior leadership are not actively driving process ownership, it’s not likely to result in a greater emphasis on improving the customer experience through enterprise wide process orientation.  In the absence of ongoing leadership support, few such efforts are sustainable.

Pitfall #2: The scope of responsibility of process owners is too narrow

Process ownership needs to have a certain degree of scope to be effective in driving process orientation. Too often, the scope of responsibility of process owners is defined within department boundaries. In this case there is frequently overlap and redundancy between what departmental management and process owners do.

Pitfall #3: The scope of responsibility of process owners is too wide

However, the remit cannot be so wide that the  challenges involved will be so great that the process owner is not likely to succeed. This is especially true if the scope of responsibility of process owners is defined in terms of mega processes such as order to cash, procure to pay, or hire to retire.

Pitfall #4: The job description is too complex

The role needs to be desirable and the responsibilities need to be achievable.  Only a handful of deliverables are needed, with a focus on improved performance through collaboration, customer experience and measurement.

Pitfall #5: If the emphasis on control trumps the focus on collaboration

The entire foundation of process ownership is based on collaboration – NOT control and, frankly, the concept of controlling processes is no longer popular with the rank and file in many organizations.

Conversely, there are at least 4 critical success factors involved with shifting management attention to what really matters to customers through process ownership.

Success factor #1: Give it a name that has clout

The label of process ownership needs to be changed to something that is more descriptive and desirable. Instead of “process owner for order to cash” consider “Director – Perfect Order Delivery.” Instead of “process owner – procure to pay” consider “Director – Request to Receipt.”

Success factor #2: Measure what matters to customers

This is the foundational tactic for mitigating the obstacles of perception and complexity. It enables leaders to ask questions around operational performance and creating value for customers. By emphasizing metrics such as perfect order delivery (on-time, complete, error-free), perfect response to inquiries and complaints (first-time-right, complete, error-free), and variance to promise date for new product or service introduction, leaders can raise thought-provoking questions that directly strike to operational performance and require cross-departmental collaboration.

Success factor #3: Establish partnerships

Establishing partnerships is another key tactic that can mitigate key obstacles. Establishing a close and collaborative relationship with the Top Management is arguably the most important of these partnerships for increased process orientation and fundamental to success. Others may advocate major change, but, invariably, the Top Management leads the communication of the case for change and the arbiter in deciding which members of the leadership team need to engage.

Success factor #4: Promote Learning

This is the final critical success factor. By measuring what matters to customers and forging essential partnerships, the leadership team can lead lunch and learn sessions around the performance of critical processes and be front and center in reinforcing the need for cross functional collaboration.

Subscribe to get access

Read more of this content when you subscribe today.

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at:  or call at +919923345531. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 Process effectiveness and efficiency

Process effectiveness and efficiency are business terms often used interchangeably or in a general combination. Effectiveness refers to your ability to optimize business strengths in the way you operate. Efficiency refers to your ability to optimize your resources and business activities to generate revenue and profits. Organizations simply cannot ignore the terms ‘efficiency’ and ‘effectiveness’  For increasing productivity as well as improving customer service, both of these are essential. Efficiency is doing things right; effectiveness is doing the right things.


IATF 16949:2016 Process effectiveness and efficiency

Top management is required to review the product realization processes and support processes to evaluate and improve their effectiveness and efficiency. The results of this process review activities must be an  input to the management review 

Clause requires top management to have a method for reviewing all organizational activities that relate to supplying parts to the organization’s customers.  IATF 6949 adds a requirement that top management must regularly review the effectiveness and efficiency of the product realization and support processes. In simple English, that requires top management to ask how well the core business is being managed. Financial measures obviously come to mind. but from the quality perspective, measures of parts per million (ppm) nonconforming at the customer, first-run capability (the percent of product produced without repair operations). scrap, employee turnover, and delivery performance to the schedule are among the appropriate metrics for measuring core business efficiency. The clause also requires not to ensure that the results of process review activities will now be included in management review. Process review activities need to include evaluation methods and, as a result, implement improvements. The results of these steps would be an input to the management review process. Top management is thus performing a review of the process-specific reviews performed by the process owners.

Top management at each site must review process effectiveness and efficiency . This may include:

  • Achievement of continual improvement objectives for identified product realization and support processes
  • Optimization of the interaction of these processes
  • Verification that these processes operate as an effective and efficient network
  • Monitoring cost trends and benchmarking of key processes

Process Effectiveness

Effectiveness is an external measure of performance and indicates how well a Process fulfills the demands of various stakeholders. Simply put, it is “doing the right things.” For example, in educational institutions, effectiveness is measured by teaching students what they need to know. Managers need to make sure that the services or products meet customers’ expectations. When analyzing a company’s processes, effectiveness takes precedence over efficiency. The effectiveness of a process is the measure of how relevant the output is to the desired objective. A truly effective process will make customers happy by providing everything right. That is the right results at the right place time, and cost. Hence, measure process effectiveness from the customers’ goal point of view.

Effectiveness measures the extent to which planned activities (run rate) and planned results (objectives) are achieved? E.g., say you plan to produce and ship 1000 units a day with zero defects.  At the end of the week, the production records showed we achieved our planned activity of 1000 units per day, but fell short on our planned result, as we incurred a 2.5% defect rate and only hit a 90% on-time delivery rate.

Effectiveness can include discussion of current operations and opportunities for improvement. If your business is currently effective, you are using your core strengths and available resources to best serve the marketplace. A for-profit business with a strong customer service staff is effective if it earns healthy revenue by providing a high level of sales and service production. An effective manufacturing firm uses its buildings, equipment, and workflow to produce quality goods. The activities that make you effective now may not contribute to continued effectiveness. Therefore, it is fair to say that effective companies consistently look for opportunities for growth and development. If an emerging market develops that your company can serve, effectiveness means that you conduct research, recognize the needs and interests of the market, develop products and services to match and promote your brands well to the target customer base. Your company’s effectiveness is somewhat relative to the ability of competitors to produce similar business results with the same resources and opportunities.

Process Efficiency

Efficiency is an internal measure of performance for a process that shows how well the process converts inputs into outputs. The more the ratio of outputs to inputs approaches 100 percent, the better the efficiency of the process will be. In simple terms, it is “doing things right” and comes from the proper harnessing of time, cost, and effort. For example, an employee can improve efficiency by developing a daily work schedule, avoiding personal phone calls, and preventing distractions. Process efficiency, on the other hand, acts as a vital factor in determining productivity. It is a measurable concept. Essentially it is the ratio of ‘useful output to total input’. Hence it requires resource optimization (mainly cost and time) along with maximum waste reduction. To understand process efficiency we need to measure process time, cost, and effort needs.

Efficiency is the relationship between results achieved and resources used. Can we produce more units than planned per hour for the set amount of resources? Or can we use fewer resources than planned to produce the units.? Efficiency can relate to the utilization of any resource – machine, labor, material, facilities, utilities, time, etc.    Let us look at a simple example. Say one operator A can produce 100 good units per hour with 2% material scrap on a machine.  Operator B produces 105 good units with only 1% material scrap per hour on the same machine. Clearly, operator B is more efficient in the use of time as well as material, both of which can be measured. Because there are many other resources to be considered, the measurement of efficiency can get fairly complex and requires a multidisciplinary approach involving production, engineering, cost accounting, and other disciplines.

Efficiency generally refers to how well you convert business investments into revenue and profit. One factor in efficiency is cost control. Efficient companies usually only spend money that produces tangible gains in customers, revenue, or profit. Paying competitive wages while motivating employees to produce the highest goods or sales contributes to efficiency. Paying only for product developments that lead to enhanced customer perception of value is another element of cost control and efficiency.

 Productivity relates the output of goods and services of the company to the inputs of all the resources used in the production of goods and services. In other words, it measures how well a company transforms resources into products. Productivity is the combination of efficiency and effectiveness. This means that a company that only attains efficiency or effectiveness is either partially productive or not productive at all. To be productive, a company needs to be efficient and effective at the same time. Relating efficiency and effectiveness overcomes the shortcomings of using either of them alone. If managers focus on efficiency alone, they may jeopardize the competitiveness of their company. For example, mere focus on efficiency ignores the contribution of the activity to customer value creation. Likewise, the exclusive emphasis on effectiveness ignores the cost-effectiveness of the activity. Improving productivity boosts competitiveness by lowering operational costs, using resources better, increasing market share, and increasing profits.

Measuring Process effectiveness and efficiency 

The starting point involves detailed process mapping and creating the block diagram for the said process after discussing in detail with the operations teams and floor walk-through. The block diagram is then fine-tuned to mark the boundaries thus freezing the beginning point and the ending point of the chosen process. Further planning involves marking the source of inputs that go into the said process, identifying the input source as well as the output customers at intermediate and final stages of the process. Detailed examination of the data that is received as input, the data or deliverable that is required to be sent as output from the process would have to be done to ensure every possible detail is captured. At this point, it becomes necessary to examine the input and output data accuracy, errors, frequency, and standardization of the data as well as to record the customer expectations from the process. Once the entire process mapping and overview has been completed and defined, the next logical step would be to tabulate the measurements and targets for the overall process.

  1. Process Effectiveness Measurement
    Effectiveness of a process refers to the usefulness of the process output in relation to the expectations and needs of the Customer. The effectiveness of the process lies in being able to provide the desired output as needed by the Customer at the right time, the right way, and at the right place, and more importantly at the right cost too. The process of setting up process effectiveness measurement begins with outlining the complete Customer expectations and needs detail. These expectations would then be converted into measurable targets and expectations. Lastly, the data collection and measurement methods would need to be outlined. It helps to elaborate a little more on the process effectiveness measurement and the attributes that are used as measurements. In most cases, it is generally seen that the customer expectations and requirements are not defined clearly with specifications in terms of the delivery format, frequency, and so on. In addition, the customer’s expectation of error-free service, customer experience, and quality of service is not defined or understood well enough and is not quantified. Now is the time to examine the customer expectations in detail and establish the criteria for delivery of the said product or service in line with customer expectations. There are several criteria that are used to measure the process effectiveness specifically in relation to the Customer expectations. Some of the popular and useful criteria used in the product as well as service industry include – Product or Service Presentation, Timeliness of Delivery, Accuracy of Service, Reliability of Service or Product, Product usability, Product serviceability, and Customer Service, Responsiveness, etc. Once the criteria for measurement have been established and accepted, the next sequential step would be to formalize the measurement criteria and freeze the formats. Measurement criteria here would include the usage of QC Inspection, Check Sheets, AQ Sampling formats to be used at the Customer end, Customer Inspection and Installation reports or feedback forms, etc. Specific measurement criteria can be set up depending upon the specific business case.
  2. Process Efficiency
    Efficient execution of the process is very important for very many reasons. In most cases, the processes are normally found to contain inefficiencies built over a period of time. First and foremost every customer who is buying a product or a Service expects efficiency of service. Depending upon the nature of the business or the service, the process efficiency can be ascertained. The efficiency of service in a restaurant can be measured in terms of time taken from Order to Delivery of Food and in the case of an Airline; the check-in process efficiency could be of prime importance to gauge service efficiency. Take the case of Sales Order processing; the process efficiency would be of importance when it comes to the calculation of total time taken from the Order to delivery to the end customer. Process efficiency is not only important from the point of view of the external customers alone. Internally too, process efficiency has a bearing on the cost of the operations as well. Internally the process efficiency can be measured using several criteria including but not limited to – Total processing time, Resource utilization per unit of output, Non-Value Added Cost, Non-Value Added Time, Cost of Quality, etc. Measuring the processing time at all stages throws up a lot of factors that are aiding or harming the process efficiency and thus provides ample information to be able to work on process control and improvement. Measurement of process time or cycle time will also throw up non-value-added time as well as activity that can be acted upon for correction. Furthermore, any deficiency in the training or skills of the workers and any delay or inefficiency from the related processes that are supposed to provide the inputs will also show up with the measurement of the cycle time of the process. The efficiency of the process has a direct bearing on the Customer’s expectation and the promise to the Customer as well as to the overall operational cost. Therefore putting process efficiency measurements in place will help bring out the areas and factors that are needed to be controlled, managed, changed, and altered in the process of improving the said process.

Some metrics used for calculating Process efficiency and effectiveness are

Improving Customer Experience & Responsiveness

On-Time Delivery to Commit – This metric is the percentage of time that manufacturing delivers a completed product on the schedule that was committed to customers.

Manufacturing Cycle Time –  Measures the speed or time it takes for manufacturing to produce a given product from the time the order is released to production, to finished goods.

Time to Make Changeovers – Measures the speed or time it takes to switch a manufacturing line or plant from making one product over to making a different product.

Improving Quality

Yield – Indicates a percentage of products that are manufactured correctly and to specifications the first time through the manufacturing process without scrap or rework.

Customer Rejects/ Return Material Authorizations/ Returns – A measure of how many times customers reject products or request returns of products based on receipt of a bad or out of specification product.

Supplier’s Quality Incoming – A measure of the percentage of good quality materials coming into the manufacturing process from a given supplier.

Improving Efficiency

Throughput – Measures how much product is being produced on a machine, line, unit, or plant over a specified period of time.

Capacity Utilization – Indicates how much of the total manufacturing output capacity is being utilized at a given point in time.

Overall Equipment Effectiveness (OEE) – This multi-dimensional metric is a multiplier of Availability x Performance x Quality, and it can be used to indicate the overall effectiveness of a piece of production equipment or an entire production line.

Schedule or Production Attainment – A measure of what percentage of time a target level of production is attained within a specified schedule of time.

Reducing Inventory

WIP Inventory/Turns – A commonly used ratio calculation to measure the efficient use of inventory materials. It is calculated by dividing the cost of goods sold by the average inventory used to produce those goods.

Ensuring Compliance

Reportable Health and Safety Incidents – A measure of the number of health and safety incidents that were either actual incidents or near misses that were recorded as occurring over a period of time.

Reportable Environmental Incidents – A measure of the number of health and safety incidents that were recorded as occurring over a period of time.

Number of Non-Compliance Events / Year – A measure of the number of times a plant or facility operated outside the guidelines of normal regulatory compliance rules over a one-year period. These non-compliances need to be fully documented as to the specific non-compliance time, reasons, and resolutions.

Reducing Maintenance

Percentage Planned vs. Emergency Maintenance Work Orders – This ratio metric is an indicator of how often scheduled maintenance takes place, versus more disruptive/un-planned maintenance.

Downtime in Proportion to Operating Time – This ratio of downtime to operating time is a direct indicator of asset availability for production.

Increasing Flexibility & Innovation

Rate of New Product Introduction –  Indicates how rapidly new products can be introduced to the marketplace and typically includes a combination of design, development, and manufacturing ramp-up times.

Engineering Change Order Cycle Time – A measure of how rapidly design changes or modifications to existing products can be implemented all the way through documentation processes and volume production.

Reducing Costs & Increasing Profitability

Total Manufacturing Cost per Unit Excluding Materials – This is a measure of all potentially controllable manufacturing costs that go into the production of a given manufactured unit, item, or volume.

Manufacturing Cost as a Percentage of Revenue – A ratio of total manufacturing costs to the overall revenues produced by a manufacturing plant or business unit.

Net Operating Profit – Measures the financial profitability for all investors/shareholders/debt holders, either before or after taxes, for a manufacturing plant or business unit.

Productivity in Revenue per Employee – This is a measure of how much revenue is generated by a plant, business unit, or company, divided by the number of employees.

Average Unit Contribution Margin – This metric is calculated as a ratio of the profit margin that is generated by a manufacturing plant or business unit, divided into a given unit or volume of production.

Return on Assets/Return on Net Assets – A measure of financial performance calculated by dividing the net income from a manufacturing plant or business unit by the value of fixed assets and working capital deployed.

Energy Cost per Unit – A measure of the cost of energy (electricity, steam, oil, gas, etc.) required to produce a specific unit or volume of production.

 Cash-to-Cash Cycle Time – This metric is the duration between the purchase of a manufacturing plant or business unit’s inventory, and the collection of payments/accounts receivable for the sale of products that utilize that inventory – typically measured in days.

EBITDA – This metric acronym stands for Earnings Before Interest, Taxes, Depreciation, and Amortization. It is a calculation of a business unit or company’s earnings, prior to having any interest payments, tax, depreciation, and amortization subtracted for any final accounting of income and expenses. EBITDA is typically used as a top-level indication of the current operational profitability of a business.

Customer Fill Rate/On-Time delivery/Perfect Order Percentage – This metric is the percentage of times that customers receive the entirety of their ordered manufactured goods, to the correct specifications, and delivered at the expected time.

Subscribe to get access

Read more of this content when you subscribe today.

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 Corporate responsibility

It’s been over a year since Volkswagen was caught cheating on EPA tests, but the effects of that scandal are still reverberating throughout the automotive industry. The IATF 16949 standard has been revised by the International Automotive Task Force (IATF) based on industry feedback and engagement. This is the first time that ethics language has been included in an automotive quality standard. It’s significant because it gives us an opportunity to verify where the supply base stands on several core ethics policies. The new IATF 16949 standard states that certified organizations must implement basic corporate responsibility policies, such as anti-bribery policies, an employee code of conduct, and an ethics escalation (whistle-blower) policy. Nine North American and European OEMs and five national automotive supplier associations have agreed to include corporate responsibility requirements in the new quality standard. The language is basic, but it clearly requires automotive sites worldwide to provide documentation that they have established an employee behavioral expectation code, implemented a formal process to report code violations, and published an anti-bribery policy. There are no incremental costs to suppliers or OEMs to capture this corporate responsibility data. By late 2018, more than 65,000 supplier sites that are certified to the new standard—primarily Tier One and Tier Two direct-part manufacturers—must be physically audited and re-certified by an approved IATF third-party certification body. Non-compliance could result in the suspension of a supplier’s quality certification and limitations to accessing new business opportunities. Fortunately, the Automotive Industry Action Group (AIAG), which oversees the creation of these global standards, is offering a free knowledge assessment tool so that industry professionals can identify gaps in their understanding of the Group’s Global Guidance Principles and address them before being audited.

IATF 16949:2016 Corporate responsibility

The organization is required to  define and implement corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation policy i.e. whisfle-blowing policy


To be successful today, the automotive industry and its supply chain partners must contend with heightened expectations from a range of stakeholders on complex corporate responsibility issues:
• A plethora of governmental regulations affect the use and management of chemicals in the production process. The organization must keep abreast of existing and emerging regulations on the use and management of chemicals in the production process and provide an assessment of their impact.
• A growing number of regions, countries, and non-governmental organizations throughout the world require companies to report greenhouse gas emissions, which also factor into financial firms’ assessments, stockholder decisions, and customer perceptions. This is an important first step in environmental sustainability. OEMs and suppliers are required to calculate and report emissions from the supply base in a consistent and accurate manner and creating cost savings for the organization. The lessons learned and processes implemented for GHGs will set a foundation for other elements of environmental sustainability (i.e., water, wastes).
• The increased globalization of automotive production makes understanding and managing the impact of working conditions on business a greater challenge. Understanding and managing the impacts of the working conditions of business has become a greater challenge with the increased globalization of automotive production, and developing responsible working conditions begins with having a shared understanding of the key issues(child labor, forced labor, freedom of association, harassment and discrimination, health and safety, wages and benefits, and working hours.) up and down the supply chain.

  1. Business Ethics
    The basis for sustainable and successful business activity is to have integrity and transparent business practices. Companies are expected to operate honestly and equitably throughout the supply chain in accordance with local law, including those laws pertaining to:
    • Anti-Corruption
    • Anti-competitive Business Practices
    • Protection of Intellectual Property
    • Respect for Company and Personal Data
    • Export Controls
    • Conflicts of Interest
  2. Environmental Standards
    Companies are expected to pursue effective environmental protection throughout the supply chain in order to reduce the environmental footprint of our products throughout their life-cycle. All products manufactured within the supply chain and the applied materials and substances used in the process are expected to meet environmental standards for design, development, distribution, use, disposal, or recycling. Such a comprehensive approach includes but is not limited to:
    • Reducing energy and water consumption
    • Reducing greenhouse gas emissions
    • Increasing use of renewable energies
    • Enhancing appropriate waste management
    • Training of employees
    Businesses are expected to support a proactive approach to environmental challenges and encourage the development and diffusion of environmentally friendly technologies.
  3. Working Conditions and Human Rights
    1. Child Labor and Young Workers
      Child labor should not be tolerated and the age of employment must be in accordance with local labor law.
    2. Wages and Benefits
      Compensation and benefits should be competitive and comply with applicable local laws, including those relating to minimum wages, overtime compensation, and legally mandated benefits.
    3. Working Hours
      Working hours, including overtime, should comply with applicable local laws regulating hours of work.
    4. Forced Labor
      Any form of forced or compulsory labor, including human trafficking, should not be tolerated.
    5. Freedom of Association
      Workers should be able to communicate openly with management regarding working conditions without fear of reprisal, intimidation, or harassment. Workers should have the right to associate freely, to join or not join labor unions, seek representation, and join workers’ councils in accordance with local laws.
    6. Health and Safety
      Workers should have a safe and healthy working environment that meets or exceeds applicable standards for safety and occupational health.
    7. Harassment and Discrimination
      Harassment or discrimination against employees in any form is not acceptable.

Anti Bribery Policy

Ethical business practices are not only necessary for preserving reputability and improving business overall, but also for adhering to the law. Conducting bribery or corrupt activities won’t just get you a slap on the wrist; you could be heavily fined or potentially put behind bars. Bribery includes the act of offering, giving, promising, asking, agreeing, receiving, or soliciting something of value for the purpose of influencing action. But being involved in bribery is not just limited to the act of offering a bribe: if you are on the receiving end and accept it, you are also breaking the law.  Anti Bribery  Policies should aim to:

  • Demonstrate its understanding of anti-bribery law.
  • Emphasise that the company has zero-tolerance for bribery.
  • Detail whom the policy applies to.
  • Detail the company and employees’ responsibilities.
  • Reduce and control bribery risks.
  • Provide rules about accepting gifts.
  • Provide guidance on how business should be conducted so to prevent bribery.
  • Provide direction on how to avoid conflicts of interest.
  • Include information about monitoring and reviewing the policy.
  • An anti-bribery policy demonstrates a company’s commitment to preventing bribery and corrupt activities, and all staff should be instructed to familiarise themselves with the information it contains.

Having this policy in place ensures that everyone knows what to do in regards to preventing bribery, which minimizes the risks of bribery and corruption occurring in your business and therefore protects your company from facing any issues with the law.

Six Principles to prevent Bribery in the organization

The Organization having Anti- Bribery policy in place and wishing to prevent bribery from being committed on their behalf should follow the following Six principles.  Commentary and guidance on what procedures the application of the principles may produce accompany each principle. These principles are not prescriptive. They are intended to be flexible and outcome focussed, allowing for the huge variety of circumstances that organizations find themselves in. Small organizations will, for example, face different challenges to those faced by large multi-national enterprises. Accordingly, the detail of how organizations might apply these principles, taken as a whole, will vary, but the outcome should always be robust and effective anti-bribery procedures. To set out in more detail below, bribery prevention procedures should be proportionate to risk.

Principle 1: Proportionate procedures

An Organisation’s procedures to prevent bribery by persons associated with it are proportionate to the bribery risks it faces and to the nature, scale, and complexity of the organization’s activities. They are also clear, practical, accessible, effectively implemented, and enforced.
The term ‘procedures’ is used to embrace both bribery prevention policies and the procedures which implement them. Policies articulate the organization’s anti-bribery stance, show how it will be maintained, and help to create an anti-bribery culture. They are therefore a necessary measure in the prevention of bribery, but they will not achieve that objective unless they are properly implemented. Adequate bribery prevention procedures ought to be proportionate to the bribery risks that the organization faces. An initial assessment of risk across the organization is therefore a necessary first step. To a certain extent, the level of risk will be linked to the size of the organization and the nature and complexity of its business, but size will not be the only determining factor. Some small organizations can face quite significant risks and will need more extensive procedures than their counterparts facing limited risks. However, small organizations are unlikely to need procedures that are as extensive as those of a large multi-national organization. For example, a very small business may be able to rely heavily on periodic oral briefings to communicate its policies while a large one may need to rely on extensive written communication. The level of risk that organizations face will also vary with the type and nature of the persons associated with it. For example, an organization that properly assesses that there is no risk of bribery on the part of one of its associated persons will accordingly require nothing in the way of procedures to prevent bribery in the context of that relationship. By the same token, the bribery risks associated with reliance on a third party agent representing a commercial organization in negotiations with foreign public officials may be assessed as significant and accordingly require much more in the way of procedures to mitigate those risks. Organizations are likely to need to select procedures to cover a broad range of risks but any consideration by a court in an individual case of the adequacy of procedures is likely necessary to focus on those procedures designed to prevent bribery on the part of the associated person committing the offence in question. Bribery prevention procedures may be stand-alone or form part of wider guidance, for example on recruitment or on managing a tender process in public procurement. Whatever the chosen model, the procedures should seek to ensure there is a practical and realistic means of achieving the organization’s stated anti-bribery policy objectives across all of the organization’s functions. Applying these procedures retrospectively to existing associated persons is more difficult, but this should be done over time, adopting a risk-based approach and with due allowance for what is practicable and the level of control over existing arrangements.

Organizations’ bribery prevention policies are likely to include certain common elements. As an indicative and not exhaustive list, an organization may wish to cover in its policies

  • its commitment to bribery prevention
  • its general approach to mitigation of specific bribery risks, such as those arising from the conduct of intermediaries and agents, or those associated with hospitality and promotional expenditure, facilitation payments, or political and charitable donations or contributions;
  • an overview of its strategy to implement its bribery prevention policies.

The procedures put in place to implement an organization’s bribery prevention policies should be designed to mitigate identified risks as well as to prevent deliberate unethical conduct on the part of associated persons. The following is an indicative and not exhaustive list of the topics that bribery prevention procedures might embrace depending on the particular risks faced:

  • The involvement of the organization’s top-level management.
  • Risk assessment procedures
  •  Due diligence of existing or prospective associated persons
  • The provision of gifts, hospitality, and promotional expenditure; charitable and political donations; or demands for facilitation payments.
  • Direct and indirect employment, including recruitment, terms, and conditions, disciplinary action, and remuneration.
  • Governance of business relationships with all other associated persons including pre and post-contractual agreements
  • Financial and commercial controls such as adequate bookkeeping, auditing, and approval of expenditure
  • Transparency of transactions and disclosure of information.
  • Decision makings, such as delegation of authority procedures, separation of functions, and the avoidance of conflicts of interest
  • Enforcement, detailing discipline processes and sanctions for breaches of the organization’s anti-bribery rules.
  • The reporting of bribery including ‘speak up’ or ‘whistle blowing’ procedures
  • The detail of the process by which the organization plans to implement its bribery prevention procedures, for example, how its policy will be applied to individual projects and to different parts of the organization.
  • The communication of the organization’s policies and procedures, and training in their application
  • The monitoring, review, and evaluation of bribery prevention procedures

Principle 2: Top-level commitment

The top-level management (be it a board of directors, the owners, or any other equivalent body or person) are committed to preventing bribery by persons associated with it. They foster a culture within the organization in which bribery is never acceptable.

Those at the top of an organization are in the best position to foster a culture of integrity where bribery is unacceptable. The purpose of this principle is to encourage the involvement of top-level management in the determination of bribery prevention procedures. It is also to encourage top-level involvement in any key decision-making relating to bribery risk where that is appropriate for the organization’s management structure.
Whatever the size, structure, or market of a commercial organization, top-level management commitment to bribery prevention is likely to include (1) communication of the organization’s anti-bribery stance, and (2) an appropriate degree of involvement in developing bribery prevention procedures.

Internal and external communication of the commitment to zero tolerance to bribery. This could take a variety of forms. A formal statement appropriately communicated can be very effective in establishing an anti-bribery culture within an organization. Communication might be tailored to different audiences. The statement would probably need to be drawn to people’s attention on a periodic basis and could be generally available, for example on an organization’s intranet and/or internet site. Effective formal statements that demonstrate top-level commitment are likely to include:

  • a commitment to carry out business fairly, honestly, and openly
  • a commitment to zero tolerance towards bribery• the consequences of breaching the policy for employees and managers
  • for other associated persons the consequences of breaching contractual provisions relating to bribery prevention (this could include a reference to avoiding doing business with others who do not commit to doing business without bribery as a ‘best practice’ objective
  • articulation of the business benefits of rejecting bribery (reputational, customer, and business partner confidence)
  • reference to the range of bribery prevention procedures the commercial organization has or is putting in place, including any protection and procedures for confidential reporting of bribery (whistle-blowing)
  • key individuals and departments involved in the development and implementation of the organization’s bribery prevention procedures
  • reference to the organization’s involvement in any collective action against bribery in, for example, the same business sector.

Top-level involvement in bribery prevention
Effective leadership in bribery prevention will take a variety of forms appropriate for and proportionate to the organization’s size, management structure, and circumstances. In smaller organizations, a proportionate response may require top-level managers to be personally involved in initiating, developing, and implementing bribery prevention procedures and bribery critical decision making. In a large multi-national organization the board should be responsible for setting bribery prevention policies, tasking management to design, operate, and monitor bribery prevention procedures, and keeping these policies and procedures under regular review. But whatever the appropriate model, top-level engagement is likely to reflect the following elements:

  • Selection and training of senior managers to lead anti-bribery work where appropriate.
  • Leadership on key measures such as a code of conduct.
  • Endorsement of all bribery prevention-related publications.
  • Leadership in awareness-raising and encouraging transparent dialogue throughout the organization so as to seek to ensure effective dissemination of anti-bribery policies and procedures to employees, subsidiaries, and associated persons, etc.
  • Engagement with relevant associated persons and external bodies, such as sectoral organizations and the media, to help articulate the organization’s policies.
  • Specific involvement in high profile and critical decision making where appropriate
  • Assurance of risk assessment.
  • General oversight of breaches of procedures and the provision of feedback to the board or equivalent, where appropriate, on levels of compliance.

Principle 3: Risk Assessment

The commercial organization assesses the nature and extent of its exposure to potential external and internal risks of bribery on its behalf by persons associated with it. The assessment is periodic, informed, and documented.


For organizations, this principle will manifest itself as part of a general risk assessment carried out in clause 4 in relation to business objectives.  The purpose of this principle is to promote the adoption of risk assessment procedures that are proportionate to the organization’s size and structure and to the nature, scale, and location of its activities. But whatever approach has adopted the fuller the understanding of the bribery risks an organization faces the more effective its efforts to prevent bribery are likely to be. Some aspects of risk assessment involve procedures that fall within the generally accepted meaning of the term ‘due diligence.


Risk assessment procedures that enable the organization accurately to identify and prioritize the risks it faces will, whatever its size, activities, customers, or markets, usually reflect a few basic characteristics. These are

  • Oversight of the risk assessment by top-level management.
  • Appropriate resourcing – this should reflect the scale of the organization’s business and the need to identify and prioritize all relevant risks
  • Identification of the internal and external information sources that will enable risk to be assessed and reviewed.
  • Due diligence inquiries
  • Accurate and appropriate documentation of the risk assessment and its conclusions.

As a commercial organization’s business evolves, so will the bribery risks it faces and hence so should its risk assessment. For example, the risk assessment that applies to an organization’s domestic operations might not apply when it enters a new market in a part of the world in which it has not done business before

Commonly encountered risks

Commonly encountered external risks can be categorized into five broad groups – country, sectoral, transaction, business opportunity, and business partnership:

  1. Country risk: this is evidenced by perceived high levels of corruption, an absence of effectively implemented anti-bribery legislation, and a failure of the foreign government, media, local business community, and civil society effectively to promote transparent procurement and investment policies.
  2. Sectoral risk: some sectors are at higher risk than others. Higher-risk sectors include the extractive industries and the large-scale infrastructure sector.
  3. Transaction risk: certain types of transactions give rise to higher risks, for example, charitable or political contributions, licenses and permits, and transactions relating to public procurement.
  4.  Business opportunity risk: such risks might arise in high-value projects or with projects involving many contractors or intermediaries; or with projects which are not apparently undertaken at market prices, or which do not have a clear legitimate objective.
  5. Business partnership risk: certain relationships may involve higher risk, for example, the use of intermediaries in transactions with foreign public officials; consortia or joint venture partners; and relationships with politically exposed persons where the proposed business relationship involves, or is linked to, a prominent public official.

 An assessment of external bribery risks is intended to help decide how those risks can be mitigated by procedures governing the relevant operations or business relationships, but a bribery risk assessment should also examine the extent to which internal structures or procedures may themselves add to the level of risk. Commonly encountered internal factors may include

  • deficiencies in employee training, skills, and knowledge
  • bonus culture that rewards excessive risk-taking
  •  lack of clarity in the organization’s policies on, and procedures for, hospitality and promotional expenditure, and political or charitable contributions
  • lack of clear financial controls
  • lack of a clear anti-bribery message from the top-level management.

Principle 4: Due diligence

The organization applies due diligence procedures, taking a proportionate and risk-based approach, in respect of persons who perform or will perform services for or on behalf of the organization, in order to mitigate identified bribery risks.


Due diligence is firmly established as an element of corporate good governance and it is envisaged that due diligence related to bribery prevention will often form part of a wider due diligence framework. Due diligence procedures are both a form of bribery risk assessment and a means of mitigating risk. By way of illustration, an organization may identify risks that as a general proposition attach to doing business in reliance upon local third-party intermediaries. Due diligence of specific prospective third-party intermediaries could significantly mitigate these risks. The significance of the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right. The purpose of this Principle is to encourage organizations to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with them from bribing on their behalf.


As this guidance emphasizes throughout, due diligence procedures should be proportionate to the identified risk. They can also be undertaken internally or by external consultants. A person ‘associated with an organization includes any person performing services for a commercial organization. The scope of this definition is broad and can embrace a wide range of business relationships. But the appropriate level of due diligence to prevent bribery will vary enormously depending on the risks arising from the particular relationship. So, for example, the appropriate level of due diligence required by an organization when contracting for the performance of information technology services may be low, to reflect low risks of bribery on its behalf. In contrast, an organization that is selecting an intermediary to assist in establishing a business in foreign markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf. Organizations will need to take considerable care in entering into certain business relationships, due to the particular circumstances in which the relationships come into existence. An example is where local law or convention dictates the use of local agents in circumstances where it may be difficult for an organization to extricate itself from a business relationship once established. The importance of thorough due diligence and risk mitigation prior to any commitment is paramount in such circumstances. Another relationship that carries particularly important due diligence implications is a merger of organizations or an acquisition of one by another. ‘Due diligence’  should be conducted using a risk-based approach. For example, in lower-risk situations, organizations may decide that there is no need to conduct much in the way of due diligence. In higher-risk situations, due diligence may include conducting direct interrogative inquiries, indirect investigations, or general research on proposed associated persons. Appraisal and continued monitoring of recruited or engaged ‘associated’ persons may also be required, proportionate to the identified risks. Generally, more information is likely to be required from prospective and existing associated persons that are incorporated (e.g. companies) than from individuals. This is because on a basic level more individuals are likely to be involved in the performance of services by a company and the exact nature of the roles of such individuals or other connected bodies may not be immediately obvious. Accordingly, due diligence may involve direct requests for details on the background, expertise, and business experience, of relevant individuals. This information can then be verified through research and the following up of references, etc. An organization’s employees are presumed to be persons associated with the organization for the purposes of the Bribery Act. The organization may wish, therefore, to incorporate in its recruitment and human resources procedures an appropriate level of due diligence to mitigate the risks of bribery being undertaken by employees which are proportionate to the risk associated with the post in question. Due diligence is unlikely to be needed in relation to lower-risk posts.

Principle 5: Communication (including training)

The organization seeks to ensure that its bribery prevention policies and procedures are embedded and understood throughout the organization through internal and external communication, including training, that is proportionate to the risks it faces.


Communication and training deter bribery by associated persons by enhancing awareness and understanding of a commercial organization’s procedures and to the organization’s commitment to their proper application. Making information available assists in more effective monitoring, evaluation, and review of bribery prevention procedures. Training provides the knowledge and skills needed to employ the organization’s procedures and deal with any bribery-related problems or issues that may arise.

Procedures for Communication

  1. The content, language, and tone of communications for internal consumption may vary from that for external use in response to the different relationship the audience has with the commercial organization. The nature of communication will vary enormously between commercial organizations in accordance with the different bribery risks faced, the size of the organization, and the scale and nature of its activities.
  2. Internal communications should convey the ‘tone from the top’ but are also likely to focus on the implementation of the organization’s policies and procedures and the implications for employees. Such communication includes policies on particular areas such as decision making, financial control, hospitality, and promotional expenditure, facilitation payments, training, charitable and political donations and penalties for breach of rules, and the articulation of management roles at different levels. Another important aspect of internal communications is the establishment of a secure, confidential, and accessible means for internal or external parties to raise concerns about bribery on the part of associated persons, to provide suggestions for improvement of bribery prevention procedures and controls, and for requesting advice. These so-called ‘speak up’ procedures can amount to a very helpful management tool for commercial organizations with diverse operations that may be in many countries. If these procedures are to be effective there must be adequate protection for those reporting concerns.
  3.  External communication of bribery prevention policies through a statement or codes of conduct, for example, can reassure existing and prospective associated persons and can act as a deterrent to those intending to bribe on a commercial organization’s behalf. Such communications can include information on bribery prevention procedures and controls, sanctions, results of internal surveys, rules governing recruitment, procurement, and tendering. An organization may consider it proportionate and appropriate to communicate its anti-bribery policies and commitment to them to a wider audience, such as other organizations in its sector and to sectoral organizations that would fall outside the scope of the range of its associated persons, or to the general public.

Procedure for Training

Like all procedures training should be proportionate to risk but some training is likely to be effective in firmly establishing an anti-bribery culture whatever the level of risk. Training may take the form of education and awareness-raising about the threats posed by bribery in general and in the sector or areas in which the organization operates in particular, and the various ways it is being addressed. General training could be mandatory for new employees or for agents (on a weighted risk basis) as part of an induction process, but it should also be tailored to the specific risks associated with specific posts. Consideration should also be given to tailoring training to the special needs of those involved in any ‘speak up’ procedures, and higher risk functions such as purchasing, contracting, distribution and marketing, and working in high-risk countries. Effective training is continuous, and regularly monitored and evaluated. It may be appropriate to require associated persons to undergo training. This will be particularly relevant for high-risk associated persons. In any event, organizations may wish to encourage associated persons to adopt bribery prevention training. Nowadays there are many different training formats available in addition to the traditional classroom or seminar formats, such as e-learning and other web-based tools. But whatever the format, the training ought to achieve its objective of ensuring that those participating in it develop a firm understanding of what the relevant policies and procedures mean in practice for them.

Principle 6: Monitoring and review

The organization monitors and reviews procedures designed to prevent bribery by persons associated with it and makes improvements where necessary.


The bribery risks that the organization faces may change over time, as may the nature and scale of its activities, so the procedures required to mitigate those risks are also likely to change. Organizations will therefore wish to consider how to monitor and evaluate the effectiveness of their bribery prevention procedures and adapt them where necessary. In addition to regular monitoring, an organization might want to review its processes in response to other stimuli, for example, governmental changes in countries in which they operate, an incident of bribery, or negative press reports.


There is a wide range of internal and external review mechanisms that organizations could consider using. Systems set up to deter, detect and investigate bribery, and monitor the ethical quality of transactions, such as internal financial control mechanisms, will help provide insight into the effectiveness of procedures designed to prevent bribery. Staff surveys, questionnaires, and feedback from training can also provide an important source of information on the effectiveness and a means by which employees and other associated persons can inform the continuing improvement of anti-bribery policies. Organizations could also consider formal periodic reviews and reports for top-level management. Organizations could also draw on information on other organizations’ practices, for example, relevant trade bodies or regulators might highlight examples of good or bad practices in their publications. In addition, organizations might wish to consider seeking some form of external verification or assurance of the effectiveness of anti-bribery procedures. Some organizations may be able to apply for certified compliance with one of the independently-verified anti-bribery standards maintained by industrial sector associations or multilateral bodies. However, such certification may not necessarily mean that a commercial organization’s bribery prevention procedures are ‘adequate’ for all purposes where an offense under section 7 of the Bribery Act could be charged.

Example of Template of Anti Bribery policy

1. What does your policy cover?

1.1 This anti-bribery policy exists to set out the responsibilities o[f [COMPANY Name] and those who work for us in regards to observing and upholding our zero-tolerance position on bribery and corruption.
1.2 It also exists to act as a source of information and guidance for those working for [COMPANY NAME] . It helps them recognise and deal with bribery and corruption issues, as well as understand their responsibilities.

2. Policy statement

2.1 [COMPANY NAME] is committed to conducting business in an ethical and honest manner and is committed to implementing and enforcing systems that ensure bribery is prevented. [COMPANY NAME] has zero-tolerance for bribery and corrupt activities. We are committed to acting professionally, fairly, and with integrity in all business dealings and relationships, wherever in the country we operate.
2.2 [COMPANY NAME] will constantly uphold all laws relating to anti-bribery and corruption in all the jurisdictions in which we operate. We are bound by the laws of India, including the Prevention of Corruption Act 1988, in regards to our conduct both at home and abroad.
2.3 [COMPANY NAME] recognizes that bribery and corruption are punishable by imprisonment and a fine. If our company is discovered to have taken part in corrupt activities, we may be subjected to a fine, be excluded from tendering for public contracts, and face serious damage to our reputation. It is with this in mind that we commit to preventing bribery and corruption in our business and take our legal responsibilities seriously.

3. Who is covered by the policy?

3.1 This anti-bribery policy applies to all employees (whether temporary, fixed-term, or permanent), consultants, contractors, trainees, seconded staff, home workers, casual workers, agency staff, volunteers, interns, agents, sponsors, or any other person or persons associated with us (including third parties), or any of our subsidiaries or their employees, no matter where they are located (within or outside of India). The policy also applies to Officers, Trustees, Board, and/or Committee members at any level.
3.2 In the context of this policy, third-party refers to any individual or organization our company meets and works with. It refers to actual and potential clients, customers, suppliers, distributors, business contacts, agents, advisers, and government and public bodies – this includes their advisors, representatives and officials, politicians, and public parties.
3.3 Any arrangements our company makes with a third party are subject to clear contractual terms, including specific provisions that require the third party to comply with minimum standards and procedures relating to anti-bribery and corruption.

4. Definition of bribery

4.1 Bribery refers to the act of offering, giving, promising, asking, agreeing, receiving, accepting, or soliciting something of value or of an advantage so as to induce or influence an action or decision.
4.2 A bribe refers to any inducement, reward, or object/item of value offered to another individual in order to gain commercial, contractual, regulatory, or personal advantage.
4.3 Bribery is not limited to the act of offering a bribe. If an individual is on the receiving end of a bribe and they accept it, they are also breaking the law.
4.4 Bribery is illegal. Employees must not engage in any form of bribery, whether it be directly, passively (as described above), or through a third party (such as an agent or distributor). They must not bribe a foreign public official anywhere in the world. They must not accept bribes to any degree and if they are uncertain about whether something is a bribe or a gift or act of hospitality, they must seek further advice from the company’s compliance manager.

5. What is and what is NOT acceptable

5.1 This section of the policy refers to the following areas:
• Gifts and hospitality.
• Facilitation payments.
• Political contributions.
• Charitable contributions.
5.2 Gifts and hospitality
[COMPANY NAME] accepts normal and appropriate gestures of hospitality and goodwill (whether given to/received from third parties) so long as the giving or receiving of gifts meets the following requirements:
a. It is not made with the intention of influencing the party to whom it is being given, to obtain or reward the retention of a business or a business advantage, or as an explicit or implicit exchange for favors or benefits.
b. It is not made with the suggestion that a return favor is expected.
c. It is in compliance with local law.
d. It is given in the name of the company, not in an individual’s name.
e. It does not include cash or a cash equivalent (e.g. a voucher or gift certificate).
f. It is appropriate for the circumstances (e.g. giving small gifts around Dipawali / Christmas or as a small thank you to a company for helping with a large project upon completion).
g. It is of an appropriate type and value and given at an appropriate time, taking into account the reason for the gift.
h. It is given/received openly, not secretly.
i. It is not selectively given to a key, influential person, clearly with the intention of directly influencing them.
j. It is not above a certain excessive value, as pre-determined by the company’s compliance manager (usually in excess of Rs1000).
k. It is not offered to, or accepted from, a government official or representative or politician or political party, without the prior approval of the company’s compliance manager.
5.3 Where it is inappropriate to decline the offer of a gift (i.e. when meeting with an individual of a certain religion/culture who may take offense), the gift may be accepted so long as it is declared to the compliance manager, who will assess the circumstances.
5.4 [COMPANY NAME] recognizes that the practice of giving and receiving business gifts varies between countries, regions, cultures, and religions, so definitions of what is acceptable and not acceptable will inevitably differ for each.
5.5 As good practice, gifts that are given and received should always be disclosed to the compliance manager. Gifts from suppliers should always be disclosed.
5.6 The intention behind a gift being given/received should always be considered. If there is any uncertainty, the advice of the compliance manager should be sought.
5.7 Facilitation Payments and Kickbacks
[COMPANY NAME] does not accept and will not make any form of facilitation payments of any nature. We recognize that facilitation payments are a form of bribery that involves expediting or facilitating the performance of a public official for a routine governmental action. We recognize that they tend to be made by low-level officials with the intention of securing or speeding up the performance of a certain duty or action.
5.8 [COMPANY NAME] does not allow kickbacks to be made or accepted. We recognize that kickbacks are typically made in exchange for a business favor or advantage.
5.9 [COMPANY NAME] recognizes that, despite our strict policy on facilitation payments and kickbacks, employees may face a situation where avoiding a facilitation payment or kickback may put their/their family’s personal security at risk. Under these circumstances, the following steps must be taken:
a. Keep any amount to the minimum.
b. Ask for a receipt, detailing the amount and reason for the payment.
c. Create a record concerning the payment.
d. Report this incident to your line manager.
5.10 Political Contributions
[COMPANY NAME] will not make donations, whether in cash, kind, or by any other means, to support any political parties or candidates. We recognize this may be perceived as an attempt to gain an improper business advantage.
5.11 Charitable Contributions
[COMPANY NAME] accepts (and indeed encourages) the act of donating to charities – whether through services, knowledge, time, or direct financial contributions (cash or otherwise) – and agrees to disclose all charitable contributions it makes.
5.12 Employees must be careful to ensure that charitable contributions are not used to facilitate and conceal acts of bribery.
5.13 We will ensure that all charitable donations made are legal and ethical under local laws and practices and that donations are not offered/made without the approval of the compliance manager.

6. Employee Responsibilities

6.1 As an employee of [COMPANY NAME], you must ensure that you read, understand, and comply with the information contained within this policy, and with any training or other anti-bribery and corruption information you are given.
6.2 All employees and those under our control are equally responsible for the prevention, detection, and reporting of bribery and other forms of corruption. They are required to avoid any activities that could lead to, or imply, a breach of this anti-bribery policy.
6.3 If you have reason to believe or suspect that an instance of bribery or corruption has occurred or will occur in the future that breaches this policy, you must notify the compliance manager.
6.4 If any employee breaches this policy, they will face disciplinary action and could face dismissal for gross misconduct. [COMPANY NAME] has the right to terminate a contractual relationship with an employee if they breach this anti-bribery policy.

7. What happens if I need to raise a concern?

7.1 This section of the policy covers 3 areas:
a. How to raise a concern.
b. What to do if you are a victim of bribery or corruption.
c. Protection.
7.2 How to raise a concern
If you suspect that there is an instance of bribery or corrupt activities occurring in relation to [COMPANY NAME], you are encouraged to raise your concerns at as early a stage as possible. If you’re uncertain about whether a certain action or behavior can be considered bribery or corruption, you should speak to your line manager, the compliance manager, the director, or the Head of Governance and Legal.
7.3 [COMPANY NAME] will familiarise all employees with its whistleblowing procedures so employees can vocalize their concerns swiftly and confidentially.
7.4 What to do if you are a victim of bribery or corruption
You must tell your compliance manager as soon as possible if you are offered a bribe by anyone if you are asked to make one, if you suspect that you may be bribed or asked to make a bribe in the near future, or if you have reason to believe that you are a victim of
another corrupt activity.
7.5 Protection
If you refuse to accept or offer a bribe or you report a concern relating to potential act(s) of bribery or corruption, [COMPANY NAME] understands that you may feel worried about potential repercussions. [COMPANY NAME] will support anyone who raises concerns in good faith under this policy, even if the investigation finds that they were mistaken.
7.6 [COMPANY NAME] will ensure that no one suffers any detrimental treatment as a result of refusing to accept or offer a bribe or other corrupt activities or because they reported a concern relating to potential act(s) of bribery or corruption.
7.7 Detrimental treatment refers to dismissal, disciplinary action, treats, or unfavorable treatment in relation to the concern the individual raised.
7.8 If you have reason to believe you’ve been subjected to unjust treatment as a result of a concern or refusal to accept a bribe, you should inform your line manager or the compliance manager immediately.

8. Training and communication

8.1 [COMPANY NAME] will provide training on this policy as part of the induction process for all new employees. Employees will also receive regular, relevant training on how to adhere to this policy, and will be asked annually to formally accept that they will comply
with this policy.
8.2 [COMPANY NAME] ’s anti-bribery and corruption policy and zero-tolerance attitude will be clearly communicated to all suppliers, contractors, business partners, and any third-parties at the outset of business relations, and as appropriate thereafter.
8.3 [COMPANY NAME] will provide relevant anti-bribery and corruption training to employees etc. where we feel their knowledge of how to comply with the Prevention of Corruption Act 1988 needs to be enhanced. As a good practice, all businesses should provide their employees with anti-bribery training where there is a potential risk of facing bribery or corruption during work activities.

9. Record keeping

9.1 [COMPANY NAME] will keep detailed and accurate financial records and will have appropriate internal controls in place to act as evidence for all payments made. We will declare and keep a written record of the amount and reason for hospitality or gifts accepted and given, and understand that gifts and acts of hospitality are subject to managerial review.

10. Monitoring and reviewing

10.1 [COMPANY NAME] ’s compliance manager is responsible for monitoring the effectiveness of this policy and will review the implementation of it on a regular basis. They will assess its suitability, adequacy, and effectiveness.
10.2 Internal control systems and procedures designed to prevent bribery and corruption are subject to regular audits to ensure that they are effective in practice.
10.3 Any need for improvements will be applied as soon as possible. Employees are encouraged to offer their feedback on this policy if they have any suggestions for how it may be improved. Feedback of this nature should be addressed to the compliance manager.
10.4 This policy does not form part of an employee’s contract of employment and [COMPANY NAME] may amend it at any time so to improve its effectiveness at combating bribery and corruption.

—————————End of example————————————— 

Employee’s Code of Conduct

A code of conduct is a set of rules outlining the social norms and religious rules and responsibilities of, or proper practices for, an individual, party, or organization and can be defined as “Principles, values, standards, or rules of behavior that guide the decisions, procedures, and systems of an organization in a way that (a) contributes to the welfare of its key stakeholders, and (b) respects the rights of all constituents affected by its operations.

A common code of conduct is written for employees of a company, which protects the business and informs the employees of the company’s expectations. It is ideal for even the smallest of companies to form a document containing important information on expectations for employees. The document does not need to be complex or have elaborate policies, but the file needs a simple basis of what the company expects from each employee. A Code of Conduct can be an important step in establishing an inclusive culture, but it is not a comprehensive solution on its own. An ethical culture is created by the organization’s leaders who manifest their ethics in their attitudes and behavior.] Studies of codes of conduct in the private sector show that their effective implementation must be part of a learning process that requires training, consistent enforcement, and continuous measurement/improvement. Simply requiring members to read the code is not enough to ensure that they understand it and will remember its contents. The proof of effectiveness is when employees/members feel comfortable enough to voice concerns and believe that the organization will respond with the appropriate action. There is no standard code of ethics, and broad guidelines are given which can be adapted according to the organizational culture and business requirement. Each organization’s Ethics & Compliance department is required to prepare a written Code of Conduct and implement the same within the organization. The main step has been mentioned with a brief narration and key activities required:

  1.  Mandate & commitment from top management: The Code of Conduct defines the core values of the organization thus impacting the organization’s culture. It also has an impact on the reputation of the organization as it specifies the organization’s stance towards corporate social responsibility. The involvement of senior management is a must to provide direction, funding, and resources. Obtain a formal commitment from the management and board of directors to establish the Code of Conduct. Approval for budgets for development, implementation, and regular monitoring is required. Approval for staffing the department and establishing the reporting lines is a need.
  2. Preparation of the policy document: The main policy document contains the values of the organization, management commitment to the same, details of the ethics program, and the monitoring process. Additionally, all supporting policies are mentioned. For example, if the code specifies fair and just treatment for employees, there should be additional policies relating to workplace aggression, diversity, sexual harassment, equal opportunity, etc. The core areas for the policy document needs to be identified. The main policy document needs to be supported by additional policies to ensure proper coverage and implementation. Benchmark the policy document with other organizations’ policy documents. Incorporate the legal requirements for the policy document.
  3. Approval of draft policy document: After completion of the policy document and supplementary policies the same should be approved by the senior management. The draft policy document needs to be formally approved by the top management, audit committee, and board of directors. Obtain feedback from business users to determine if they are going to face any practical difficulties in implementing it.
  4. Develop an implementation strategy: An implementation strategy is critical for the success of the program. A project plan should be developed along with the implementation strategy. The involvement of the Human Resources department is a must at this stage as they will be responsible for deploying training, incorporating the code of conduct in the appointment letters, establishing the reward system for maintaining ethics, and also the reasons for terminating employees on grounds of unethical behavior. The implementation process will require:
    • Department structure and staff requirements of the Ethics office.
    • Selection of vendors for hotline and web systems implementation in case it is not being done in-house.
    • Reward and recognition system to be established by HR.
    • Ethical values should ideally be incorporated in the balanced scorecard of the employee.
    • Training deployment strategy including the trainers, schedules, material, and evaluation system.
    • Investigation and reporting procedures for minor and major deviances
  5. Training & Awareness: Communication is the key to a successful implementation of the Code of Conduct. Various methods and sources of training should be deployed simultaneously to train the staff and external stakeholders. A training calendar should be published for rolling out the training. Explore the following ideas for building awareness and training resources:
    • Prepare classroom training material for educating the staff on the detailed policies.
    • Develop a web-based training program that includes ethical tests, case studies, and business scenarios.
    • Publish relevant cases of ethical dilemmas on the intranet
    • Provide training to existing staff and incorporate the same in induction training for the new staff.
    • Publish the relevant policies on the web for external stakeholders like suppliers, etc.
    • Issue checklists for determining how to make decisions while facing ethical dilemmas.
  6. Implementing the required hotlines and software to monitor complaints: The organization has an option to develop a web-based reporting tool internally or outsource it. Whichever the case may be, the final contact details and services should be published throughout the organization to enable staff to report complaints and discuss cases when they are facing ethical dilemmas. Undertake the following two steps for it:
    • Publish the contact numbers, email ids and websites for reporting complaints
    • Staff these 24/7 for effective monitoring or as per business requirement
  7. Reporting deviances and taking corrective action: Minor and major breaches to the Code of Conduct should be investigated properly. The report should identify the people responsible for the breach, the level of it, corrective action to be taken, and modifications required to the existing policies if any. Do the following: Conduct investigations of the cases reported and submit reports to the audit committee and board of directors. Perform root cause analysis to determine the reason for deviances, and identify solutions to mitigate the risks.
  8. Evaluating commitment to ethical values: Depending on the requirements, periodically, surveys and audits should be conducted to evaluate the adherence to the policies and the overall attitude of the organization towards ethics. One must be aware that having a Code of Conduct does not ensure that it will be followed, hence regular monitoring is required to assess adherence. Adopt the following practices:
    • Conduct an Organization Survey to evaluate employee understanding and commitment to the Code of Business Ethics.
    • Periodically audit the practices being followed by benchmarking them against the policy document.
  9. Annual update: Policies are dynamic documents subject to revisions on the basis of changing economic and legal requirements. Do an overall assessment of the existing policies on annual basis, and incorporate changes after senior management approval. Also, for all additions and modifications, send a formal communication to the staff. Use the following process:
    • Conduct an annual review of the policies.
    • Address gaps and deficiencies identified in the policies
    • Obtain management approval for the same
    • Roll out the updated policies and provide training to the staff.

The advantage of implementing a Code of Conduct is that it enhances the corporate governance efforts of the organization by establishing a uniform set of core values and behavior for all the staff. The staff knows what is the right course of action, whom to approach in a dilemma, and what will be the risks of adopting unethical behavior patterns. Due to this, the reputation and legal risks of the organization are also reduced since it is mandatory for employees to follow the law.

Example of Employee Code of conduct

In order to establish a harmonious and stable corporate environment for the sustainable development of the Company (as defined below) and realize the Company’s vision of “world-leading broadband communication and information service provider”, employees of the Company must adhere to the ethics and code of conduct in respect to their honesty, credibility, and sense of responsibility, and endeavor to maximize the interest of customers, shareholders, employees, and the society. All of the above serve as the basis of this Employee Code of conduct (the “Code of Conduct”).

1 General Provisions

1.1. Scope of Application
1.1.1. This Code of conduct is necessary to maintain the objectiveness and coordination of internal activities of the Company and important for the Company to convey its corporate spirit, quality of service, and corporate value to its customers, employees, shareholders, and society, and must be complied with by all the employees (the “Employees”) of [COMPANY NAME] and its branch companies and subsidiaries (the “Company”);
1.1.2. For Employees governed by the Code of Conduct for Management Personnel, the provisions of the Code of conduct for Management Personnel shall apply. For provisions not included in the Code of conduct for Management Personnel but included in this Code of Conduct, such provisions of this Code of Conduct shall apply;
1.1.3. Service agreements entered into between the Company and any staffing service providers shall expressly specify that staff seconded the Company shall comply with this Code of Conduct.
1.2. Performance of Duties
1.2.1. Employees of the Company should report any fraudulent behavior or behavior that violates this Code of conduct to the Supervision Department of the Company in accordance with the related reporting and processing policies and procedures;
1.2.2. The Company will provide appropriate channels, such as posting this Code of Conduct on the Company’s website, producing it prior to any business activity, or incorporating it into commercial contracts, to ensure that parties that have business relations with the Company, such as suppliers, customers, agents, investors, creditors, and debtors, are able to understand the principles and spirit of this Code of Conduct in an accurate and timely manner.

2 Honesty and Credibility

2.1. Honesty and credibility are the fundamental principles of moral characters of the Company and all Employees. All Employees shall strive to maintain honesty and credibility in their work. Employees shall be honest and credible to customers, fellow tradesmen, partners, colleagues, shareholders, the country, and society.
2.2. Due fulfillment of responsibilities is an important approach for Employees to realize the principles of honesty and credibility. Employees should be responsible and self-disciplined, adhere to principles, be loyal to their duties, serve customers with enthusiasm and efficiency, handle the duties of their positions with a sense of responsibility, safeguard the interest of the Company as well as the rights and benefits of the shareholders and should not be concerned only about their own reputation or financial gains.
2.3. Employees should develop honesty and credibility as part of their fundamental professional ethics and reflect the same in their work, faithfully carrying out their commitments. Honesty and credibility should be fundamental to the Company’s development and success and instrumental to the realization of the Company’s core values.
2.4. Employees should view their performance reports appropriately and truthfully report their performance and keep accurate billing records, in order to ensure the truthfulness and reliability of accounting information and book records, the completeness of financial reporting procedures, and the accuracy of the information submitted. False accounts, figures, or performance results are strictly prohibited.
2.5. Employees are prohibited from providing any false or misleading information within and without the Company. The information disclosure procedures shall be strictly followed.
2.6. Employees should strengthen the prevention of fraudulent behavior, in order to timely report and effectively prevent any fraudulent behavior. The Company encourages honesty and credibility as one aspect of the corporate culture by advocating and protecting Employee whistleblowing actions that truthfully expose fraudulent behaviors or behaviors that violate laws and regulations.
2.7. Employees have the obligation to comply with the current policies, laws, regulations, and other regulatory requirements of India and of the place of the Company’s listing, registration, and business operation, and perform their duties according to the current rules as well as the Articles of Association of the Company.

3 Conflict of Interest

3.1. “Conflict of interest” in this Code of Conduct shall mean any conflict that has occurred or may occur between the personal interest of Employees and the interest of the Company, or between the Employees’ personal interest and their duties. In case of a conflict of interest, Employees should promptly report to their supervisors or the Supervision Department of the Company and proceed pursuant to the responses received in a timely manner.
3.2. Employees should abide by the Articles of Association and various rules and codes of the Company, faithfully perform their duties, and consciously prevent any conflict of interest for the best interest of the Company and its shareholders.
3.3. Employees should strictly comply with the laws, regulations and regulatory requirements in respect of anti-commercial bribery, distinguish normal commercial activities from improper business behaviors, firmly rectify any improper business behavior that violates commercial morality and fair competition, and cooperate with the regulatory authorities in their investigation of any commercial bribery cases.
3.4. Employees are prohibited from illegally or inappropriately utilizing their positions or the inherent power thereof, information related to the Company’s operations or financial condition, or any information that may have a material effect on the market price of the Company’s securities for their or their families’ benefits. These activities include direct trading of securities, leaking information to others, and suggesting others for such trading.
3.5. Employees are prohibited from carrying out, causing others to carry out, or invest in any business activities that may compete with the Company’s businesses or business activities that have a conflict of interest with the Company, or with their positions.
3.6. Employees are prohibited from conducting any connected transactions that may be detrimental to the Company’s interests with any economic entities in which they or their relatives serve or hold any investment or other forms of interest in. Employees are prohibited from holding any consulting, advisory, or direct or indirect employment relationship with any customer, supplier, or competitor of the Company or hold any substantial investment interest therein.
3.7. Employees should strictly abide by the related rules and policies of the Company in respect of “excuse from the position” and “excuse from the business”.

4 Relationship with Related Parties

4.1. “Relationship with related parties” in this Code of Conduct shall mean the relationship between Employees and related parties such as customers, business partners, competitors, regulators, and other employees.
4.2. Employees should treat customers, business partners, competitors, regulators, and other employees fairly.
4.3. Employees should adhere to the “Customers First” service concept and give customer service top priority.
4.3.1. Employees should develop the market-oriented service concept and focus on providing excellent services to customers;
4.3.2. Employees should protect the customers’ confidentiality and freedom of communication and should not disclose customers’ information and confidential data without customers’ consent;
4.3.3. In marketing activities, Employees should truthfully inform customers of the Company’s services and products and fully respect customers’ freedom in making purchase decisions;
4.3.4. All Employees should respect customers’ rights and benefits and protect the legitimate interests of the Company.
4.4. When working with business partners, employees of the Company should be consistent in their words and actions.
4.4.1. In selecting production chain partners, Employees of the Company should treat all candidates fairly and objectively and reasonably select the ultimate partner through tendering and bidding and other fair means in accordance with the Company’s rules;
4.4.2. When working with business partners, all Employees of the Company should consciously safeguard the legitimate interests of the Company, strictly abide by the laws and regulations prohibiting unfair competition, monopoly, corruption, and bribery, strictly implement Company’s policies and procedures in commercial contracting and avoid unnecessary commercial risks;
4.4.3. Employees should have respect for the Company’s business partners and should not infringe upon the legitimate interests of the business partners in order to achieve mutually beneficial results for the Company and its partners.
4.5. Employees should strive to maintain a normal market competition environment and a good development environment for the Company.
4.5.1. Employees should follow society’s moral standards and the rules of the competition and are prohibited from taking inappropriate measures to interfere and interrupt network interconnection;
4.5.2. Employees should try to expand the Company’s market share by capitalizing on the Company’s advantages in services, products, and brands and are prohibited from using inappropriate means such as exaggeration or distortion of facts and defaming our competitors’ product quality, service quality, financial condition, or business reputation;

4.5.3. Employees are prohibited from using any illegal or inappropriate means to obtain any commercial secrets or other confidential information of the Company’s competitors in relation to their products, services, or marketing strategies;
4.6. All Employees of the Company should submit to the lawful supervision of the regulatory authorities, communicate as appropriate and assist in maintaining the regulation and order of the industrial market.
4.6.1. Employees should submit to the lawful supervision of the state and capital markets regulatory authorities and safeguard the legitimate interests of the Company;
4.6.2. Employees should have normal interactions with regulatory authorities and are prohibited from any inappropriate trading activities;
4.6.3. Relevant personnel should provide truthful and reliable information required by the regulatory authorities. For any omission or error, Employees should communicate with the regulatory authorities promptly and rectify such omission or error in accordance with the relevant procedures.
4.7. Employees of the Company should treat each other with trust and as equals and work as a team.
4.7.1. Employees should be warm and kind to colleagues, respect each person’s dignity, privacy, and religious beliefs;
4.7.2. Employees should work as a team and use their expertise to promote innovation and teamwork.

5 Information Disclosure and Confidentiality

5.1. Employees should strictly abide by the Company’s confidentiality rules and undertake to safeguard the Company’s commercial secrets and customers’ confidential information during the stipulated confidentiality period.
5.2. The State’s communications secrets, the Company’s commercial secrets and customer confidential information shall mean the proprietary or confidential information that has not been made public and, once made public, will be detrimental to the interests of the State, the Company and the customer, respectively, including, but not limited to, the State’s communications secrets, the Company’s operation information, strategic plans, customer data, remuneration information, marketing, and sales strategies or any other confidential information.
5.3. Employees should safely keep confidential documents, materials, and their storage media appropriately.
5.4. Employees must enter into confidentiality agreements with relevant parties when representing the Company in cooperative or business activities if disclosure of confidential information is involved.

5.5. Employees should not exchange any confidential information pertaining to the Company with any individuals, companies, or institutions or use them without authorization or entering into a confidential agreement, whether or not they are employed at the time by the Company or have benefited from such exchange or use.
5.6. Employees should strictly follow the Company’s information disclosure procedures and are prohibited from, without the Company’s permission, disclosing any confidential information of the Company to the public in their own names or in the name of the Company or make public statements relating to the Company. They are further prohibited from dispersing any false information.

6 Protecting Company Assets

6.1. Company Assets shall mean various tangible or intangible assets, trade secrets, or other professional information that the Company owns or has the right to dispose of, including favorable business opportunities.
6.2. Employees should make reasonable use of and protect Company Assets, and ensure that Company Assets are reasonably utilized to serve lawful commercial purposes. Employees are prohibited from damaging, wasting, encroaching on, embezzling, or abusing Company Assets in any way. Employees should always economize.
6.3. Employees should be risk-conscious, follow the Company’s cost control and management policies strictly and with discipline, and minimize operational risks. Management at each level and all Employees should actively minimize the potential operational risks and strengthen the monitoring and control of operational risks.
6.4. Employees should comply with safety rules and prevent accidents in order to minimize the Company’s asset loss and the Employees’ personal damages.

7 Reporting and Sanction

7.1. Any Employee who has violated this Code of Ethics is subject to Company sanctions, which include, but are not limited to, administrative sanction, termination of the labor contract, and transfer to the judicial branch.
7.2. Every employee is obligated to timely report to supervisory departments any behavior that violates this Code of Ethics pursuant to relevant rules on reporting and handling of the Company. The audit committee of the Board of Directors, Supervision Department, Audit Department, and other departments of the Company are responsible for the supervision and handling of any violation of the Company’s rules and policies. Employees can report via any of the following means:
Mail: [Company mail address ]
Telephone and fax: [company phone no].
7.3. The Company encourages employees to report any violation of laws, policies, or regulations. The Company welcomes Employees’ comments and suggestions on operations and management of the Company through various communication channels including “Meet with the President” Day. Management at each level should treat employee comments seriously. Policies on reporting and handling should clearly specify that the Company should provide appropriate protection to whistleblowers and maintain information and records of such whistleblowing confidential. The Company should ensure the independence of personnel receiving and processing information provided by whistleblowers, differentiate authorization levels for relevant personnel, and the de-classification authorization of archives. Personnel responsible for receiving, recording, and processing or having access to reported information should sign additional confidential agreements specifying their obligations with regard to confidentiality. The Company should also reinforce the security measures for mailboxes, hotlines, and email boxes for whistleblowing, distinguish responsibilities between the management of reported information and report investigation and strictly follow the procedures for use of information and archives.
7.4. The Company protects employees reporting violations of laws, policies, or regulations. Reporting via telephone or mail can be anonymous. Employees who leak information or retaliate against whistleblowers shall be subject to removal from position or termination of employment. Employees that violate the laws will be handed over to the prosecution.

8 Supplementary Clauses

8.1. This Code of Conduct is a regulatory document setting forth professional standards for employees of the Company. As an attachment to the labor contract, it has the same legally binding force and effect as the labor contract. Employees should also comply with the State’s laws, regulations, and administrative rules, the Articles of Associations of the Company, and various current rules and regulations within the Company.
8.2. When employees sign their labor contracts, they should also sign Employee Statement I (See Exhibit I), indicating that they know and will comply with the various provisions of this Code of Ethics and monitor and report any behavior in violation of this Code of Ethics.
8.3. Human Resource departments at each level should publicize and implement this Code of Ethics by various means, including training. They should also conduct training via mail or office system and have Employees sign Employee Statement II (see Exhibit II) annually, collect information on fraudulent behaviors and behaviors that violate this Code of Ethics and submit to supervisory organizations for investigation and decision.

8.4. This Code of Ethics is reviewed by the Legal Department of the Company and by the Employees’ Congress. It shall take effect upon approval by the Board of Directors of the Company, which also has the interpreting authority. Termination or any modification of this Code of Ethics should be approved by the Board of Directors.

Exhibit I:  Employees Statement I

I have carefully read and understood the requirements of this Employee Code of Conduct (the “Code”) of [Company name]. I acknowledge that it is an exhibit to my labor contract with equal legal binding force and effect and undertake to abide by this Code. I hereby declare the following:
1. I will abide by professional ethics and not commit fraudulent acts or behaviors in violation of this Code;
2. I will timely report any fraudulent behavior or behaviors in violation of this Code.



Exhibit II: Employees Statement II

1. I have strictly complied with the Employees Code of Conduct of [Company name] (the “Code”) from _________,  to _________, and have not committed any acts in violation of this Code;
2. I am not aware of any acts committed by other employees that are fraudulent or in violation of this Code. I have truthfully reported all such acts that I’m aware of to the Supervision Department.



—————————End of example—————————————

Example of Whistleblowing  Policy of Oman LNG L.C.C

1. Introduction
Oman LNG is committed to the highest possible standards in terms of governance practices, openness/transparency, honesty, accountability, professionalism, and duty of care in delivering one’s responsibilities as prescribed in OLNG’s “Statement of General Business Principles” and “Code of Conduct”.

2. Purpose
This Policy aims to encourage every individual working for or dealing with the Company to report any Unethical Practices at any level of the organizational structure with complete comfort, confidence, and protection. Also, it aims to define and establish the position of the Company on the framework for reporting Unethical Practices and establish suitable steps to investigate and take necessary corrective actions.

3. Definition
a. “Unethical Practice” means any behavior or practice of the Company, its employees, contractors, suppliers, or their individual employees in relation to their business dealings with the Company which is believed to be inconsistent with the Company’s General Business Principles and its general spirit, and includes, but is not limited to, the following suspected activities / improper practices:

  • Fraud or fraudulent financial reporting;
  • Manipulation of Company data/records, including forging official documents;
  • Abuse of authority at any defined level in the Company;
  •  Disclosure of confidential/proprietary information to unauthorized personnel;
  •  Knowingly violating applicable laws and regulations, thereby exposing the Company to penalties, fines, or any legal action;
  • Any instances of misappropriation or abuse of Company property/assets;
  • Actively violating any laid down Company policy, including the Code of Conduct;
  • The economically wasteful act or action;
  •  Criminal activity;
  •  Harassment of any nature to employees or any other third party.
  •  Using confidential information acquired in the course of one’s work for personal advantage;
  •  Any other activities whether unethical or improper in nature and damaging the interests of the Company;
  •  Attempts to conceal any of the above.

b. “Whistleblower” means any person (employee, director, customer, vendor, or any other individual stakeholder) reporting an Unethical Practice under this policy.

4.  Reporting Unethical Practice

a. The Company has introduced this policy to enable you to raise your concerns about Unethical Practices at an early stage and in the right way. If something is troubling you which you think the Company’s management or Board should know about or look into, then please refer to this policy.

b. Normally, concerns should be raised with the appropriate department that the issue is dealt with within the Company and should be handled in line with company policies and procedures. It is recognized, however, that there may be occasions where the use of the normal chain of command may not be appropriate. Persons may believe their concerns:

  • are overly sensitive;
  • would  not be receiving appropriate attention;
  • are of particular significance;
  • the line manager/department is the perpetrator of the issue to be addressed or
  • the person may be sufficiently uncomfortable such that it warrants the use of another confidential reporting channel. 

Hence, the Whistleblower may report such Unethical Practice in writing to This mailbox is regularly reviewed by the Chief Internal Auditor at the Company. 

c. The Chief Internal Auditor shall never reveal the name of the Whistleblower without his/her consent unless required by law. If they at some point in time are ordered and required by law to report the name of the Whistleblower, they shall inform the Whistleblower, unless they have lawful reasons not to do so.  Where the Whistleblower feels very exposed and is afraid of being victimized (s)he can e-mail anonymously when reporting the issue by hiding his / her identity. In this respect, the Whistleblower shall provide and deliver all related information and facts with the initial report to facilitate the investigation process. The Whistleblower can remain anonymous in follow-up communications and clarifications by providing a discreet e-mail address.

d. The Whistleblower must address the following aspects, while reporting any issues under this policy:

  • A clear understanding of the issue being raised.
  • The issue should not be merely speculative in nature but should be based on actual facts.
  • Should contain as much specific information as possible to allow proper inquiry/ investigation.
  • If the Whistleblower has a personal interest in the matter, (s)he will be required to disclose this.

5. Protection to Whistleblower

The identity of the Whistleblower shall be kept confidential at all times unless otherwise agreed with the Whistleblower or required by law (e.g. during the course of any legal proceedings, where the Whistleblower is required to give evidence in court). No unfair treatment shall be vetted out towards any Whistleblower acting in good faith by virtue of his/her having reported issues under this policy and the Company shall ensure that full protection is granted to him/her against any action.

—————————End of example————————————— 

Subscribe to get access

Read more of this content when you subscribe today.

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: . You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 Determining the Scope of the Quality Management System

The scope of  QMS must do two things :1. Meet requirements consistently and 2. Enhance customer satisfaction by the effective application of  QMS,    continual improvement of  QMS, and providing assurance of conformity to customer and applicable regulatory requirements. Your organization must have the capability to determine your customer needs and requirements; design and develop a product; know-how and capacity to manufacture a product; package product; deliver on time; provide service and support; etc. It must have the ability to repeat your capability within specified parameters for quality as defined by customers, your own organization, or regulatory bodies. To achieve and demonstrate your capabilities, you must effectively plan, operate and control the processes, within your organization that provides them. These processes collectively form the scope of your quality management system (QMS).  The effective application of your QMS can be determined by – how well QMS activities and results measure up to planned performance indicators. Continual improvement of the QMS is achieved by – increasing the ability of the QMS to meet requirements through raising the performance indicators and more efficient use of resources.   Assurance of conformity to requirements may be achieved by providing confidence that requirements will be fulfilled. This confidence may be achieved through – implementing prevention-based controls; conducting internal/external audits; 3rd party certification of your QMS; etc.   This standard provides specific requirements to effectively plan, operate, control, and improve your QMS processes. These requirements focus on prevention-based controls and to a lesser extent detection-based controls, as well as continual improvement of your QMS.   It is important to note that the does not specify requirements for the product. The focus is on your QMS and its processes. By effectively controlling and continually improving your QMS processes, there will obviously be a positive impact on product quality performance. look at regulatory requirements applicable to your organization. These requirements may come from your customer; the industry you are in; from within your own organization; or state or federal organizations. You may need to apply regulatory requirements to your suppliers and outsourced processes (subcontractors). Your ultimate objective is to enhance customer satisfaction. You achieve this by planning, operating, and improving your QMS to effectively meet customer and regulatory requirements. As this standard represents specific automotive OEMs, your QMS must provide objective evidence that your QMS processes can identify and manage these requirements and that customer-specific requirements are effectively implemented.

Scope refers to the type of automotive supply chain facilities, IATF 16949 is applicable to. “Automotive” includes cars, trucks (light, medium, and heavy), buses, motorcycles. It excludes industrial, agricultural, off-highway (mining, forestry, construction, etc.). It includes all supplier ‘sites’  providing value-added parts, components, products, sub-assemblies, and services up the supply chain to the OEM. TS 16949 requirements may be applied to any site in the supply chain by its customer. It applies to all supply chain facilities or ‘sites’ that manufacture production materials; production and service parts; assemblies; or provide (value-added) finishing services such as heat treating, welding, painting; etc., for the automotive OEM’s subscribing to this standard. This means that all Tier 1 suppliers providing such products or services directly to subscribing automotive OEMs, must get IATF 16949 certification and they in turn may flow IATF 16949 conformity or certification requirements down to Tier 2 suppliers and so on. The flow down to tier 2 or 3 has now become more the norm than the exception. The ultimate aim is that all suppliers must be certified to IATF 16949 standard. This standard cannot be applied to:

  • Automotive after-market service parts made to original subscribing OEM specifications, but not procured and released through them.
  • Manufacturers of tooling; production equipment; jigs; fixtures; molds; etc used by the auto industry.
  • Remanufactured automobile parts.
  • Distribution centers; warehouses; parts packagers; logistics support; and sequencers.

Determine whether your activities or location is a site or support function. Note that the definition of ‘site is a location where value-added manufacturing occurs and a support function is a value-adding non-manufacturing process that supports a site. The support function may be on-site or at a remote location.   The rules for third-party Certification Body (Registrar) auditing of sites and remote locations are specified in an IATF document called “Automotive Certification Scheme for IATF 16949:2016 – Rules for achieving IATF recognition”. The general rule is that sites may obtain stand-alone IATF 16949 certification, but support functions, cannot obtain stand-alone certification.    Support functions may include a variety of non-manufacturing activities such as – design; purchasing; HR; sales; distribution centers; warehousing; sequencing; logistics; etc.     All support functions (whether on-site or off-site) that support a site must be included in that site’s QMS scope. As such they must be audited to all applicable IATF 16949 requirements including their interaction with site activities. Both manufacturing, as well as support activities, maybe outsourced (i.e. performed by an independently owned organization, on your site, or off-site). Organizations performing outsourced manufacturing activity must be subject to the same TS 16949 requirements that would apply if the activity were done by your organization. Such organizations can obtain independent IATF 16949 certification if required by their customers.  Organizations performing outsourced support functions (e.g. warehousing or HR services) may be subject to specific IATF 16949 requirements imposed by their customers, however, they cannot obtain independent IATF 16949 certification for such support activities. They may obtain independent ISO 9001 certification. The organizations subscribing to the TS 16949 standard include General Motors; Ford; Daimler Chrysler; Fiat; PSA Peugeot-Citreon; Renault SA; FIEV: Opel Vauxhall; Audi; BMW; VW; Mercedes Benz; etc. The Japanese OEM’s while participating in the development of the IATF 16949 standard, do not formally subscribe to it or require it of their supply chain.

ISO 9001:2015 4.3 Determining the Scope of the Quality Management System

The organization must establish the scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1., the requirements of relevant interested parties in 4.2. and the products and services of the organization. Requirements from this International standard that can be applied by the organization shall be applied within the scope of the QMS. Requirements from this International standard that cannot be applied by the organization and which does not affect the organization’s ability or responsibility to provide product and services that meet the conformity of its product and services and enhancement of the customer satisfaction. The organization must make available the scope and must maintain scope as documented information stating the Products and services covered by the QMS and any Justification where a requirement of this International Standard cannot be applied.

For explanation on ISO 9001:2015 4.3.Determining the scope of the Quality Management System click here. 

IATF 16949:2016 4.3.1 Determining the Scope of the Quality Management System- Supplement

Supporting functions, whether on-site or remote {such as design centers, corporate headquarters, and distribution centers). shall be included in the scope of the Quality Management System. (QMS). The only permitted exclusion for this Automotive  QMS Standard relates to the product design and development requirements within ISO 9001,.Section 8.3 The exclusion shall be justified aid maintained as documented information. Permitted exclusions do not include manufacturing process design.


In order to establish a QMS (Quality Management System) according to IATF 16949, you first need to define everything the QMS will apply to. This requirement is nothing new to quality standards, or any other management system standard, for that matter. Although it seems like just a formality, defining the scope is one of the crucial steps in the implementation and ongoing maintenance of the QMS. You will basically define to what processes, locations, products, and services your QMS applies, and this will provide input for the certification body and auditors. Requirements for the scope in IATF 16949 are based mostly on ISO 9001, but as with many other requirements, the automotive industry goes a bit further. Since ISO 9001 requirements are the first we need to meet in the implementation and are not stated in the text of the IATF 16949 standard, let’s examine them first.

Section 4.3 of the ISO 9001:2015 standard details the requirements for determining the scope of the Quality Management System. In a note about the QMS, it is stated that the QMS can include the whole organization, specifically identified functions of the organization, specifically identified sections of the organization, or one or more functions across a group of organizations. To start, there are three considerations to be included when determining the scope:

  • external and internal issues that are relevant to the purpose of the organization, the strategic direction, and the ability to achieve intended results
  • requirements of relevant interested parties
  • the product and service of the organization

In addition, the scope must state the products and services covered by the QMS, and justification for any instances where the ISO 9001 standard cannot be applied—but this requirement is further limited by IATF 16949, as you will see below. Although ISO 9001 allows organizations to decide which functions or sections will be included in the scope, IATF 16949 requires supporting functions, whether on-site or remote, to be included in the scope of the QMS. Supporting functions can be design centers, corporate headquarters, and distribution centers. This leaves far less freedom for the organization when defining the scope, and the aim is to ensure that all operations that affect the quality of products and services and/or customer satisfaction are included in the QMS scope. This will make the implementation much harder for some organizations, especially for big companies that have many locations on several continents. Customer-specific requirements also need to be evaluated and included in the scope of the QMS. In practice, this means that the organization will have to consider these requirements, and see how they reflect on the QMS, and act accordingly. For some organizations, this won’t bring anything new; however, for companies where their customers define processes, products, or services it means that they will have to include all of this in the scope of the QMS. Furthermore, the standard in this section defines the exclusions. IATF 16949 allows exclusions only from clause 8.3, and even here, with many limitations. Basically, the only requirements that can be excluded are related to the design and development of products and services. Permitted exclusions do not include manufacturing process design. Naturally, the organization will also have to provide and document justifications for exclusions. Finally, there is a requirement to document the scope; unlike ISO 9001, which doesn’t specify where and how IATF 16949 requires the Quality Manual to include the information about the scope and justifications for any exclusions.

Usually, the scope of the QMS covers the entire organization. Some noted exceptions are when your QMS only covers one physical location of a multi-location company, or when your manufacturing or service is distinctly split between industries (e.g., in a plant with three assembly lines where assembly lines 1 and 2 are for automotive and need to have a QMS certified to the ISO/TS 16949 QMS standard for automotive, but you want line 3 to be certified to ISO 9001 because many of the automotive requirements do not apply). So, your scope should identify the physical locations of the QMS, products or services that are created within the QMS processes, and the industries that are applicable, if this is relevant. It should be clear enough to identify what your business does, and if not all parts of the business are applicable, it should be identified clearly which parts are.

Your scope does not have a size limit and should include enough information to determine what is covered by the processes of the QMS. However, it is important to make clear what is included and what is not. If it is not clear to you what processes in your company are covered by your QMS, then how will it be clear to an outside auditor or other interested parties? Making your scope statement simple and easy to read can help to focus your QMS efforts, and prevent unnecessary questions about activities that may not be applicable to your QMS certification. The definition of a management system in ISO 9000:2015 for the first time provides an option to scope the system down to a single function or discipline. This was never the intent of a QMS, which was always intended to apply to an entire organization. ISO 9001:2015 also eliminated the term “permissible exclusions” by saying that if a requirement can be applied, it must be applied. Minimalists can now argue they only must include one function in their systems and incorporate only those requirements that apply to that function. IATF 16949:2016 addresses this problem in sub-clause 4.3.1, which requires support processes and value-adding sites to be included in a QMS’s scope. The previous 2008 version of ISO 9001 never mentioned omitting applicable requirements due to the geographic location of the processes. In IATF 16949:2016, where you choose to locate activities is your organization’s prerogative, but all applicable processes and requirements must be in the QMS regardless of where an organization chooses to locate and perform them. Individuals, such as auditors, who must verify whether an organization is conforming to applicable requirements must visit the locations in which those processes are being performed to verify conformance. The new ISO 9000:2015 definition of “management system” now allows for a QMS scope to be as narrow as one function. Furthermore, top management is aligned to the scope of the QMS. If a minimalist organization chose to include only the purchasing department in its scope, top management would be the purchasing executive. There is another argument that can be used by minimalist ISO 9001 implementers. A clause in IATF 16949:2016 indicates that if an ISO 9001 requirement can be applied, it must be, and product quality cannot be compromised.

For an example on how a scope could be derived please click here

IATF 16949:2016 4.3.2 Customer Specific requirements

Customer-specific requirements shall be evaluated and included in the scope of the organization’s quality management system.


Customer specific requirements (CSRs) as defined by IATF 16949 is “interpretations of or supplemental requirements linked to a specific clause(s) of this Automotive QMS standards

Customer-specific requirements are the requirements created by the customer with the expectation that the supplier will identify, implement, and audit these customer-specific requirements with the same intensity that they do the basic requirements of the standard. Customer-specific requirements are requirements that are outside the TS document. Had all the subscribers to the document being able to agree on these unique, very specific, company-specific requirements, then those requirements would have been written as part of the text inside TS. It is important that the audit team receiving details of customer-specific requirements well in advance of any audit (initial, surveillance, or renewal) from the organization, using them as a basis for the audit planning process. Failure to do so is viewed as an audit failure. Customer-specific requirements are those that are agreed to between the supplier and the customer. They typically fall into the following categories:

  • Part-specific requirements (dimensions, materials, performance characteristics, etc.)
  • Delivery requirements
  • Boiler-plate requirements (typically found in the purchase order)
  • General requirements (PPAP, APQP, etc.)
  • Process requirements (example: heat treat)

The terms customer-specific requirements and supplier quality manuals are in many ways interchangeable. Some customers refer to their documents directly as ‘Customer Specific Requirements’ while others call their documents ‘Supplier Manuals’ or ‘Supplier Quality Manuals’. The distinction, in part, is that ‘Supplier Manuals’ or ‘Supplier Quality Manuals’ often contain customer-specific requirements, as well as policies, terms, and conditions unrelated to quality. Customer-specific requirements, in their truest form, seek to expand the standard, or define how a customer wants a portion of the standard to be met. Customer-specific requirements are a component of lATF 16949 that cannot be ignored. ln fact, customer-specific requirements are more important in lATF 16949 than they were in QS-9000, which considered them as part of the requirements. Furthermore. the customer-specific requirements of DaimlerChrysler, Ford. and GM was the only essential “requirements” in implementing and auditing QS-9000. IATF I6949 changes this situation. The International Automotive Task Force (IATF), which consists of nine OEMs which include the following vehicle manufacturers: BMW Group, FCA US LLC, Daimler AG, FCA Italy Spa, Ford Motor Company, General Motors Company, PSA Group, Renault, Volkswagen AG and the vehicle manufacturers respective trade associations – AIAG (U.S.), ANFIA (Italy), FIEV (France), SMMT (U.K.) and VDA QMC (Germany) used a different strategy to create IATF 16949. When all of the IATF members could not agree on a certain clause or process, the objecting OEM put that particular clause into its own customer-specific requirements. Consequently, there are many more customer core requirements. The five Automotive Industry Action Group (AIAG) reference manuals, which were understood to be core requirements of QS-9000. are now customer-specific requirements of DaimlerChrysler. Ford. and GM.

The figure above shows that ISO 9001 is considered a base set of requirements that IATF 16949 builds upon for the automotive sector. IATF I6949 tells the supplier to conform to the company- (i.e.customer specific requirements in addition to IATF l6949’s requirements. Additional requirements may include division-specific requirements, commodity-specific requirements. or part-specific requirements. Examples of division-specific requirements include a semiconductor commodity supplier to a Daimler Chrysler plant. or a heat treat supplier to a Ford Powertrain division. The semiconductor supplier has to contend with the following requirements:
ISO 9001,  IATF 16949,  five reference manuals. which are part of DaimlerChrysler’s requirements: semiconductor commodity-specific requirements issued by the Automotive Electronics Council: and part-specific requirements from a contract review. Similarly, the heat treat supplier to Ford Powertrain has to implement ISO 9001, IATF 16949. five reference manuals. heat treat requirements specific to Ford. a DCP control plan methodology specific to the Ford Powertrain division. and part-specific requirements of that particular heat-treated part. derived from contract review. Needless to say. the customer-specific requirements have gained a whole new degree of importance in IATF In fact. customer-specific requirements will be It challenge when implementing and/or auditing IATF I6949.

Documentation Requirements For Customer-Specific  Requirements

Customer-specific documentation requirements are stated in the customer-specific documents of DaimlerChrysler. Ford, and GM. The Daimler Chrysler requirement says. “All IATF 16949 requirements and the requirements of this document (i.e.. customer-specific requirements) shall be documented in the organization’s quality system.” The Ford and GM customer-specific documents say. “All IATF 16949:2016 requirements and the requirements of this document shall be addressed by the organization’s quality system.” The DaimlerChrysler requirement asks the organization to trace each “shall“ to ensure that it has been included in the documented system. The Ford and GM requirements ask the organization and the auditor to ensure that each “shall” has been addressed by the organization’s business/quality system. Daimler Chrysler’s documentation requirements are more precise and place a greater documentation burden on the organization. Organizations should map the customer-specific requirements into their process documentation or work instructions. Through this method. both current and future employees can become knowledgeable of customer-specific requirements as they work within a process. If your organization does not use this strategy. it will have difficulty separating out customer-specific requirements and addressing the issue of how employees are to ensure process repeatability. For example. clause of the GM customer-specific requirements says. “The organization shall have a method to identify, control, and monitor the high-risk items on those critical operations. There shall be rapid feedback and feed-forward between inspection stations and manufacturing, between departments, and between shifts. ” This is a detail that needs to be built into the process. It is not possible for a management system to address such a requirement without building it into a process. work instruction. form, or checklist.

Implementing customer specific Requirements. 


The strategy for addressing customer-specific requirements should be as follows. First. the organization must identify and assemble all of the customer-specific requirements from its customer base.

Customer Specific requirement checklist: for Automotive industry (considered requirements of IATF 16949)

  • It is important that utilization of accredited laboratory facilities should be specified by as per government-approved certifying body.
  • To verify, is customer approved sub-contractor service to be utilized? The approved vendor list index such information.
  • Most important is transportation mode for shipping the materials should be specified, where containers / or and any vehicle type / or and specified as surface transportation.
  • Some analytical and statistical details that possible to demand by the customer which is conducted internally for process and activities, like control plan, PFMEA, PPAP (PPAP is widely recommended and used in the automotive industry, in with some customers are demand as necessary requirements)
  • Some customer is demand detailed information about traceability requirements.
  • The stability of processes: ongoing process capability requirement should be specified; most customers can ask for it.
  • It should be clear with the customer-specific requirements, PPAP submission, and sample size, grade, and specification should be identified and confirmed from customers.
  • Is there a customer-specified method for handing complaints? Specified format for responding like 8D format, most customers are preferring standard formats but some customers are expecting some unique requirements as its application requirements.
  • Specific packing and labeling requirements should be specified. Generally packaging and labeling requirements mostly different for a single product from different customers, so it is very important to specific requirements are collected and approved by customers.

Some other requirements like MSA approval requirements, shipping notification, quality records and reviews, inspection reports, special characters and their symbol identifications, internal quality auditors’ qualifications, non-conformance details, etc. International standards – requirements mostly IATF 16949 requirements are Measurement system Analysis are consider as the primary requirement for the manufacturers of the automotive applications and same for the supplier chain that provided material to OEM & automotive applications assembling, supply chain also needs to update with the same technical specification which is automotive industries are following.

Implementation begins with training. Key supplier personnel must be trained in customer-specific requirements. Customer requirements typically come in two levels of specificity: identifying how a process should operate. or requiring an entirely new process or method. Detailed customer specifics can be implemented into processes by following a documentation strategy. Mapping the customer-specific requirements to processes is the least risky, and so the best. documentation strategy. Adopt a common process for the entire organization and clearly indicate different ways tasks should be performed to satisfy different customers. Organizations should follow these steps when adopting customer-specific requirements:

  1. Adopt the most stringent requirement.
  2. Describe how tasks may be different for different customers.
  3. Add different forms for different customers if the submission methods differ.
  4. Measure processes differently if customer measurement criteria vary.

Some customer criteria cannot be implemented just by mapping them into existing processes. Customer specifics may ask suppliers to adopt a certain system. For example. Daimler Chrysler requires the use of Power way. and Ford requires the use of a particular CAD system. Sometimes, the requirements mandate an entire implementation for e.g., MS-9000 or MMOG (by Ford) or Ford Ql requirements. Teams must be formed for these specific implementations and the mandates must be completed as a part of ISO/T S 16949 implementation.

Auditing Requirements  For Customer-Specific Requirements

Utilizing document review is the best method for determining whether the organization has already considered all of the customer-specific requirements. The internal auditor needs to have a detailed document review checklist with the “shalls” clearly delineated. The organization must complete the checklist, showing where it believes the customer-specific requirements are documented. The auditor will check to see if the processes indeed demonstrate evidence of compliance with the customer-specific requirements. As mentioned previously. some requirements are processes that would only be audited during an onsite audit. Once the auditor has checked each process and ensured that the processes demonstrate evidence of compliance with the customer’s specifics. then the requirements can be discarded and the process documentation used for the on-site audit. Trying to audit customer-specific requirements during an onsite audit without the document review is difficult and time-consuming. To understand the specific requirements matrix, let’s see what can consider requirements that customers can demands? And what kinds of customer demands or requirements are considered as specific. As on base of supplier’s previous experience with customers & routine supplies than extra things are requested by the customer that never asked before those requirements are considered as specific requirements, No it is not completely true, actually customer-specific requirements are considered on the basis of the customer’s requirements those are affecting the customer’s applications & business that concern with the quality of the products, some applications are very critical that required special measurements & Analysis to approve for the assembling, most of automotive customers requirements are almost specific. The reason very states that application of the product and its fitting criteria’s required tolerances of approval is very close that need to the analysis of the product to enhance quality with minor or zero tolerances with comparing customer’s required tolerances, there is no space for huge variation, application requirements variation of product an be very low that critical to maintaining for a supplier, that should need care at all the parameters, instructions and its follow-up strongly.

Customer Specific requirements matrix, base requirement is PPAP ( Part Production Approval Process ), it’s a specific requirement, the reason that customer buy the material for the assembling with a specific design that can possible are done in the assembly area, to match with the design of the customer engineering shop, product’s first part will be going to approval for,. Customer’s engineers are check as design provided to the supplier, match all possibilities to understand the further requirements, changes, or modifications to the finalized product. The customer-specific requirements matrix can be developed when we really fully understand the customer-specific requirements or customer’s end application’s requirements. the product we are manufacturing is installed/used at any particular part or utilize for a specific purpose of course against the customers must ask for unique requirements to match its requirements queries. To understand the customer-specific requirements, needs to verify what the really customer expects? See below simple customer-specific requirement checklist.​

pdfBMW Group Customer Specific Requirements for IATF 16949:2016 – September 2017
pdfFCA US LLC Customer Specific Requirements for IATF 16949:2016
pdfFCA Italy S.p.A Customer Specific Requirements for IATF 16949:2016
pdfFord Motor Company Customer Specific Requirements for IATF 16949:2016 – effective May 2017
pdfGeneral Motors Customer Specific Requirements for IATF 16949:2016 – Effective Nov 1, 2017
pdfPSA Group Customer Specific Requirements for use with IATF 16949:2016
pdfVolkswagen Group Customer Specific Requirements for use with IATF 16949:2016

Subscribe to get access

Read more of this content when you subscribe today.

Back to Home Page

If you need assistance or have any doubt and need to ask any question  contact me at: You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion is also welcome.

IATF 16949:2016 Conformance of products and processes

Conformance of products and processes is the ability of a product, service, or process to meet its design specifications. Design specifications are an interpretation of what the customer needs. Of course, a product having a high quality of conformance may still not be perceived by a customer as being an acceptable product if the person who created the design specifications did not correctly interpret what the customer wanted. Conformance is measured within an acceptable tolerance range. For example, if customers expect delivery of a car within 10 minutes of its scheduled delivery date, then any delivery time within that time frame has a high quality of conformance, while any longer interval does not. Thus, it equates to conformance to specifications within an acceptable tolerance range.

It is possible for a product to be of extremely high quality in terms of being produced within a tight tolerance range, using premium materials, and including all possible features. However, if the design specifications call for a less expensive product with fewer features, then the product is considered to have a low quality of conformance. This means that a high cost does not necessarily equate to a high quality of conformance. As an example, if a car is designed to sell at a low price, have excellent fuel economy, and operate reliably, then those are the key specifications that the actual vehicle must meet in order to have a high quality of conformance. If the vehicle were to have an oversized engine that provided more torque than necessary, it would have a low quality of conformance, because including such an engine would increase the price of the car and result in a lower fuel economy. A management technique is to track how persistently a product or service is measured close to the outer boundary established for conformance. If the measurement remains near the boundary for a significant period of time, it is likely that a breach of the measurement threshold will occur soon, so management can begin to direct attention to rectifying the issue. For example, a delivery that is consistently within just a few moments of the maximum allowable delivery threshold should be investigated. Such investigations may locate problems that can be rectified, or perhaps detect intentional measurement errors to keep the reported amounts within the conformance threshold.

Before we discuss on Conformance of products and processes, we must discuss three aspects associated with definition of quality: quality of design, quality of conformance. and quality of performance.

  1. Quality of Design
    Quality is all about set conditions that the product or service must minimally have to satisfy the requirements of the customer. Thus. the product or service must be designed in such a way so as to meet at least minimally the needs of the consumer. However. the design must be simple and also less expensive so as to meet the customers‘ product or service expectations. Quality of design is influenced by many factors. such as product type, cost, profit, policy, the demand of the availability of parts and materials, and product reliability.
  2. Quality of Conformance
    Quality of conformance is basically the standards defined in the design phase after the product is manufactured or while the service is delivered. This phase is also concerned about is control starting from raw material to the finished product. Three broad aspects are covered in this definition. viz. defect detection, defect root cause analysis. and defect prevention. Defect prevention deals with the means to deter the occurrence of defects and is usually achieved using statistical process control techniques defects maybe by inspection. testing or statistical data analysis collected fiom process, the root causes behind the presence of defects are investigated. and finally corrective actions are taken to prevent the recurrence of the defect.
  3. Quality of Performance
    Quality of performance is how well the product functions or service performs when put to use. It measures the degree to which the product or Service satisfies the customer from the perspective of both design and the quality of conformance. Meeting customer expectations is the focus when we talk about performance. Automobile industry conduct test drive of vehicles to collect information about mileage, oil consumption. Bulbs are life tested to understand their reliability during useful life. The customer survey is conducted to find customer‘s perception about service delivered. If the product or service does not live up to customer expectations then adjustments are needed in the design or conformance phase.

IATF 16949:2016 Conformance of products and processes

The organization has to  ensure conformance of all its products and processes, including service parts and those that are outsourced, to all applicable customer, statutory, and regulatory requirements


All customers have needs, requirements, wants, and expectations. Needs are essential to maintain certain standards, or essential for products and services, to fulfill the purpose for which they have been acquired. Requirements are what is requested of others and may encompass needs but often are not realized until after we have been made.  Hence requirements at the moment of sale may or may not express all needs. Requirements may include wants — nice to have but not essential. Expectations are implied needs or requirements. They have not been requested because it is taken for granted — regarded as to be understood as the accepted norm. They may be things to which customers are accustomed, based on fashion, style, trends, or previous experience. In supplying products or services there are three fundamental parameters that determine their saleability. They are price, quality, and delivery. Customers require products and services of a given quality to be delivered by or be available by a given time and to be of a price that reflects value for money. If you want to know who does the best-unemployed loans able to offer you a good service, check for more details. These are the requirements of customers. An organization will survive only if it creates and retains satisfied customers and this will only be achieved if it offers for sale products or services that respond to customer needs and expectations as well as requirements. While the price is a function of cost, profit margin, and market forces, and delivery is a function of the organization’s efficiency and effectiveness, quality is determined by the extent to which a product or service successfully serves the purposes of the user during usage (not just at the point of sale). Price and delivery are both transient features, whereas the impact of quality is sustained long after the attraction or the pain of price and delivery have subsided. A product that possesses features that satisfy customer needs is a quality product. Likewise, one that possesses features that dissatisfy customers is not a quality product. The customer is the only one who can decide whether the quality of the products and services you supply is satisfactory and you will be conscious of this either by direct feedback or by loss of sales, reduction in market share, and, ultimately, loss of business.

Quality characteristics

Any feature or characteristic of a product or service which is needed to satisfy customer needs or achieve fitness for use is a quality characteristic. When dealing with products the characteristics are almost always technical characteristics, whereas service quality characteristics have a human dimension. Some typical quality characteristics are given in the table below.

These are the characteristics that need to be specified and their achievement controlled, assured, improved, managed, and demonstrated. When the value of these characteristics is quantified or qualified they are termed quality requirements or requirements for quality. Requirements for quality can be defined as an expression of the needs or their translation into a set of quantitatively or qualitatively slated requirements for the characteristics of an entity to enable its realization and examination.  Technical requirements for a product or service are quality requirements. In practice, characteristics are usually classified into the categories critical, major, and minor. The terms can be defined in simple terms as follows:

  1. Critical characteristic—Any feature whose Failure can reasonably be expected to present a safety hazard either to the user of the product or to anyone depending on the product functioning properly.
  2. Major characteristic—Any Feature, other than critical. whose failure would likely result in a reduction of the usability of the product.
  3. Minor characteristic—Any feature, other than major or critical. whose failure would likely be noticeable to the user.
  4. Incidental characteristic—Any Feature other than critical, major, or minor.

Of course, it is possible to develop classification schemes that are more detailed. However, the above definitions suffice for the vast majority of applications. Most often classifications of critical characteristics are noted on the drawing as well as in the manufacturing plan, as well as in such other ways as to give the user ample warning of potential hazards.

A classification of defects is the enumeration of possible defects of the unit of product classified according to their seriousness.

  1. Defect—Any nonconformance of the unit of the product with specified requirements.
  2. Defective—A product with one or more defects.
  3. Critical defect—A critical defect is a defect that judgment and experience indicate would result in hazardous or unsafe conditions for individuals using, maintaining. or depending upon the product or at defect that judgment and experience indicate is likely to prevent the performance of the tactical function of a major end item such as cars, trucks, Ship, aircraft. tank, missile. or space vehicle.
  4. Critical defective—A critical detective is a unit of Product that contains one or more critical defects and may also contain major and/or minor defects.
  5. Major defect—A major defect is a defect, other than critical, that is likely to result in failure or to reduce materially the usability of the unit of product For its intended purpose.
  6. Major defective—A major defective is a unit of product that contains one or more major defects and may also contain minor defects but contains no critical defects.
  7. Minor defect—A minor defect is a defect that is not likely to reduce materially the usability of the unit of product for its intended purpose or is a departure From established standards having little bearing on the effective use or operation of the unit.
  8. Minor defective—A minor defective is a unit of product that contains one or more minor defects but contains no critical or major defect.

Design Review and Qualification

A great deal of what We learn comes from experience. The more we do a thing, the more we learn about doing it better. As a corollary, when something is new or untried we tend to make more mistakes. Design review and qualification are performed to apply the lessons learned from experience with other products and projects to the new situation. The objective is to introduce the new item with a minimum of startup problems, errors, and engineering changes. This involves such activities as:

  • Locating qualified suppliers
  • Identifying special personnel, equipment, handling, storage, quality, and regulatory requirements
  • Providing information to marketing for forecasting, promotional. and public-relations purposes.

The design review and qualification activity is usually performed after the development of an acceptable prototype and before full—scale production. Design review often takes place in formal and informal meetings involving manufacturing, quality, and engineering personnel. In some cases, customer personnel are also present. The meetings involve the discussion of preliminary engineering drawings and design concepts. The purpose is to determine if the designs can be produced (or procured) and inspected within the cost and schedule constraints set by management. If not, one of two courses of action must be taken: 1) change the design or 2) acquire the needed production or inspection capabilities. The design review is commonly where critical and major characteristics are identified. This information is used to design functional test and inspection equipment, as well as to focus manufacturing and quality efforts on high—priority items. Formal Failure Mode, Effects and Criticality Analysis (FMECA), and Fault Tree Analysis (FTA) is also performed to assist in identification of important features. When feasible. a pilot run will be scheduled to confirm readiness for full-scale production. Pilot runs present an excellent opportunity for process capability analysis (PCA) to verify that the personnel, machines, tooling, materials, and procedure can meet the engineering requirements. The pilot run usually involves a small number of parts produced under conditions that simulate the full—scale production environment. Parts produced in the pilot run are subject to intense scrutiny to determine any shortcomings in the design, manufacturing, or quality plans. Ideally, the pilot run will encompass the entire spectrum of production, from raw materials to storage to transportation, installation, and operation in the field. Properly done, design review and qualification will result in a full-scale production plan that will minimize startup problems, errors, and engineering changes after startup. The production plan will include error-free engineering drawings, a manufacturing plan, and a quality plan. .

Process Qualification and Validation Methods

Process qualification and validation primarily control issues. One objective is to identify those processes that are capable of meeting management and engineering requirements if properly controlled. Another objective is to assure that processes are actually performing at the level which they are capable of performing, This requires that process capability be analyzed using statistical methods and that products are produced only on those processes capable of holding the required tolerances.

Dimensions of quality

In addition to quality parameters there are three dimensions of quality

  • The business quality dimension. This is the extent to which the business services the needs of society. Customers are not only interested in the quality of particular products and services but judge suppliers by the general level of quality products they provide and continuity of supply, their care of the environment, and their adherence to health, safety, and legal regulations.
  • The product quality dimension. This is the extent to which the products and service provided meet the needs of specific customers.
  • The organization quality dimension. This is the extent to which the organization maximizes its efficiency and effectiveness, achieving minimum waste, efficient management, and good human relations Companies that do not operate efficiently or do not meet their employees‘ expectations will generally find their failure costs to be high and will lose their best people. This directly affects all aspects of quality.

Many organizations only concentrate on the product quality dimension, but the three are interrelated and interdependent. Deterioration in one leads to a deterioration in the others, perhaps not immediately but eventually. As mentioned previously, it is quite possible for an organization to satisfy the customers for its products and services and fail to satisfy the needs of society. Within an organization, the working environment may be oppressive — there may be political infighting and the source of revenue so secure that no effort is made to reduce waste. Even so, such organizations may produce products and services which satisfy their customers. We must separate these three concepts to avoid confusion.


There are three primary organization levels: the enterprise level, the business level, and the operations level‘. Between each level there are barriers. At the enterprise level, the executive management responds to the voice of ownership and is primarily concerned with profit, return on capital employed, market share, etc. At the business level, the managers are concerned with products and services and hence respond to the voice of the customer. At the operational level, the middle managers, supervisors, operators, etc. focus on processes that produce products and services and hence respond to the voice of the processes carried out within their own function. In reality, these levels overlap, particularly in small organizations. The CEO of a small company will be involved at all three levels whereas, in the large multinational, the CEO spends all of the time at the enterprise level, barely touching the business level, except when major deals with potential customers are being negotiated. Once the contract is won, the CEO of the multinational may confine his/her involvement to monitoring performance through metrics and goals. Quality should be a strategic issue that involves the owners as it delivers fiscal performance. Low quality will cause fiscal performance ultimately to decline. The typical focus for a quality system is at the operations level. It is seen as an initiative for work process improvement. The documentation is often developed at the work process level and focused on functions. Much of the effort is focused on the processes within the functions rather than across the functions and only involves the business level at the customer interface, as illustrated in Table:.

Quality management

The basic goal of quality management is the elimination of failure: both in the concept and in the reality of our products, services, and processes. In an ideal world, if we could design products, services, and processes that could not fail we would have achieved the ultimate goal. Failure means not only that products, services, and processes would fail to fulfill their function but that their function was not what our customers desired. Hence quality management is a means for planning, organizing, and controlling the prevention of failure. All the tools and techniques that are used in quality management services to improve our ability to succeed in our pursuit of excellence. Quality does not appear by chance, or if it does it may not be repeated. One has to design quality into the products and services. It has often been said that one cannot inspect the quality of a product. A product remains the same after inspection as it did before, so no amount of inspection will change the quality of the product. However, what inspection does is measure quality in a way that allows us to make decisions on whether to release a piece of work. Work that passes inspection should be quality work but inspection unfortunately is not 100% reliable. Most inspection relies on the human judgment of the inspector and human judgment can be affected by many factors, some of which are outside our control (such as the private life, health, or mood of the inspector).


Several methods have evolved to achieve, sustain, and improve quality, they are quality control, quality improvement, and quality assurance, which collectively are known as quality management.

Quality control (QC)


Quality control is the operational techniques and activities that are used to fulfill requirements for quality. This implies that any activities, whether sewing the improvement, control, management, or assurance of quality, could be a quality control activity. They prevent change and when applied to quality regulate quality performance and prevent undesirable changes in the quality standards. Quality control is a process for maintaining standards and not for creating them. Standards are maintained through a process of selection, measurement, and correction of work, so that only those products or services that emerge from the process meet the standards. In simple terms, quality control prevents undesirable changes from being present in the quality of the product or service being supplied. The simplest form of quality control is illustrated Quality control can be applied to particular products, to processes that produce the products, or to the output of the whole organization by measuring the overall quality performance of the organization. Quality control is often regarded as a post-event activity: i.e. a means of detecting whether quality has been achieved and taking action to correct any deficiencies. However, one can control results by installing sensors before, during, or after the results are created. It all depends on where you install the sensor, what you measure, and the consequences of failure. Some failures cannot be allowed to occur and so must be prevented from happening through rigorous planning and design. Other failures are not so critical but must be corrected immediately using automatic controls or mistake-proofing. Where the consequences are less severe or where other types of sensors are not practical or possible human inspection and test can be used as a means of detecting the failure. Where the failure cannot be measured without observing trends over longer periods, you can use information controls. They do not stop immediate operations but may well be used to stop further operations when limits are exceeded. The progressive development of controls from having no control of quality to installing controls at all key stages from the beginning to the end of the life cycle is illustrated in Figure below As can be seen, if you have no controls, quality products are produced by chance and not design. The more controls you install the more certain you are of producing products of consistent quality but there is a need for balance to be achieved.

It is often deemed that quality assurance serves prevention and quality control detection, but a control installed to detect failure before it occurs serves prevention, such as reducing the tolerance band to well within the specification limits. So quality control can prevent failure. Assurance is the result of an examination whereas control produces the result. Quality assurance does not change the product, quality control does. “Quality control” is also the term used as the name of a department. In most cases, Quality Control Departments perform inspection and test activities and the name derives from the authority that such departments have been given. They sort good products from bad products and authorize the release of the good products. It is also common to find that Quality Control Departments perform supplier control activities, which are called Supplier Quality Assurance or Vendor Control. In this respect, they are authorized to release products from suppliers into the organization either from the supplier’s premises or on receipt in the organization. In recent times the inspection and test activities have been transferred into the production departments of organizations, sometimes retaining the labels and sometimes reverting to the inspection and test labels. Control of quality, or anything else for that matter, can be accomplished by the following steps:

  1. Determine what parameter is to be controlled.
  2. Establish its criticality and whether you need to control before, during, or after results are produced.
  3. Establish a specification for the parameter to be controlled which provides limits of acceptability and units of measure.
  4. Produce plans for control which specify the means by which the characteristics will be achieved and variation detected and removed.
  5. Organize resources to implement the plans for quality control.
  6. Install a sensor at an appropriate point in the process to sense variance from specification.
  7. Collect and transmit data to a place for analysis.
  8. Verify the results and diagnose the cause of variance.
  9. Propose remedies and decide on the action needed to restore the status quo.
  10. Take the agreed action and check that the variance has been corrected.

Quality improvement (Ql)

Quality improvement is the actions taken throughout the organization to increase the effectiveness of activities and processes to provide added benefits to both the organization and its customers. In simple terms, quality improvement is anything that causes a beneficial change in quality performance. There are two basic ways of bringing about improvement in quality performance. One is by better control and the other by raising standards. We don’t have suitable words to define these two concepts. Doing better what you already do is an improvement but so is doing something new. Juran uses the term control for maintaining standards and the term breakthrough for achieving new standards. Imai uses the term improvement when change is gradual and innovation when it is radical. Hammer uses the term re-engineering for radical changes. All beneficial change results in improvement, whether gradual or radical. Quality improvement (for better control) is about improving the rate at which an agreed standard is achieved. It is therefore a process for reducing the spread of variation so that all products meet agreed standards. The performance of products or processes may vary due to either random or assignable causes of variation. By investigating the symptoms of failure and determining the root cause, the assignable causes can be eliminated and the random causes reduced so that the performance of processes becomes predictable. A typical quality improvement of this type might be to reduce the spread of variation in a parameter so that the average value coincides with the nominal value (i.e. bring the parameter under control). Another example might be to reduce the defect rate from 1 in 100 to 1 in 1,000,000. Another might be simply to correct the weaknesses in the registered quality system so that it will pass reassessment.


Quality improvement (innovation), is about raising standards and setting a new level. New standards are created through a process that starts at a feasibility stage and progresses through research and development to result in a new standard, proven for repeatable applications. Such standards result from innovations in technology, marketing, and management. A typical quality improvement might be to redesign a range of products to increase the achieved reliability from 1 failure every 5,000 hours to 1 failure every 100,000 hours. Another example might be to improve the efficiency of the service organization so as to reduce the guaranteed call-out time from the specified 36 hours to 12 hours. The transition between where quality improvement stops and quality control begins is where the level has been set and the mechanisms are in place to keep quality on or above the set level. In simple terms, if quality improvement reduces quality costs from 25% of turnover to 10% of turnover, the objective of quality control is to prevent the quality costs from rising above 10% of turnover. Improving quality by raising standards can be accomplished by the following steps:

  1. Determine the objective to be achieved, e.g. new markets, products, or technologies, or new levels of organizational efficiency or managerial effectiveness, new national standards, or government legislation. These provide the reasons for needing change.
  2. Determine the policies needed for improvement, i.e. the broad guidelines to enable management to cause or stimulate the improvement.
  3. Conduct a feasibility study. This should discover whether accomplishment of the objective is feasible and propose several strategies or conceptual solutions for consideration. If feasible, approval to proceed should be secured.
  4. Produce plans for the improvement which specify the means by which the objective will be achieved.
  5. Organize the resources to implement the plan.
  6. Carry out research, analysis, and design to define a possible solution and credible alternatives.
  7. Model and develop the best solution and carry out tests to prove it fulfills the objective.
  8. Identify and overcome any resistance to the change in standards.
  9. Implement the change, i.e. put new products into production and new services into operation.
  10. Put in place the controls to hold the new level of performance.

This improvement process will require controls to keep improvement projects on course towards their objectives. The controls applied should be designed in the manner described previously.


Quality assurance (QA)

Quality assurance is all those planned and systematic actions necessary to provide adequate confidence that an entity will fulfill requirements for quality. Both customers and managers have a need for quality assurance as they are not in a position to oversee operations for themselves. They need to place trust in the producing operations, thus avoiding constant intervention. Customers and managers need:

  1. Knowledge of what is to be supplied. (This may be gained from the sales literature, contract, or agreement.)
  2. Knowledge of how the product or service is intended to be supplied. (This may be gained from the supplier’s proposal or offer.)
  3. The knowledge that the declared intentions will satisfy customer requirements if met. (This may be gained from personal assessment or reliance on independent certifications.)
  4. The knowledge that the declared intentions are actually being followed. (This may be gained by personal assessment or reliance on independent audits.)
  5. The knowledge that the products and services meet your requirements. (This may be gained by personal assessment or reliance on independent audits.)

You can gain assurance of quality by testing the product/service against prescribed standards to establish its capability to meet them. However, this only gives confidence in the specific product or service purchased and not in its continuity or consistency during subsequent supply. Another way is to assess the organization that supplies the products/services against prescribed standards to establish its capability to produce products of a certain standard. This approach may provide assurance of continuity and consistency of supply. Quality assurance activities do not control quality, they establish the extent to which quality will be, is being, or has been controlled. Quality control concerns the operational means to fulfill quality requirements, and quality assurance aims at providing confidence in this fulfillment both within the organization and externally to customers and authorities. All quality assurance activities are post-event activities and off-line and serve to build confidence in results, in claims, in predictions, etc. Quite often, the means to provide the assurance need to be built into the process, such as creating records, documenting plans, documenting specifications, reporting reviews, etc. Such documents and activities also serve to control quality as well as assure it  Assurance is not an action but a result. It results from obtaining reliable information that testifies the accuracy or validity of some event or product.  Quality Assurance Departments are often formed to provide both customer and management with confidence that quality will be, is being, and has been achieved. However, another way of looking upon Quality Assurance Departments is Corporate Quality Control. Instead of measuring the quality of products, they are measuring the quality of the business and by doing so are able to assure management and customers of the quality of products and services. Assurance of quality can be gained by the following steps

  1. Acquire the documents that declare the organization’s plans for achieving quality.
  2. Produce a plan that defines how an assurance of quality will be obtained, i.e. a quality assurance plan.
  3. Organize the resources to implement the plans for quality assurance.
  4. Establish whether the organization’s proposed product or service possesses characteristics which will satisfy customer needs.
  5. Assess operations, products, and services of the organization and determine where and what the quality risks are.
  6. Establish whether the organization’s plans make adequate provision for the control, elimination, or reduction of the identified risks.
  7. Determine the extent to which the organization’s plans are being implemented and risks contained.
  8. Establish whether the product or service being supplied has the prescribed characteristics.

Subscribe to get access

Read more of this content when you subscribe today.

Back to Home Page

If you need assistance or have any doubt and need to ask any questions contact me at You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.

IATF 16949:2016 Product safety

Product Safety has gained significant importance within the global automotive industry during the last few years. The numbers of re-calls were 4-times as high in 2016 as they were in 2006. The impact of those re-calls on manufacturing companies is devastating. Newspapers regularly report about major recalls in the automotive sector, in which even small product defects led to a global disaster. During a re-call, companies not only have to face direct costs but also damages to the brand image. Furthermore, there are severe penal risks for acting negligently or on intentional purpose.  Observing the increased numbers of re-calls, one might think that products became a lot more unsafe in recent years. The actual cause can rather be found in the occurrence of more strict legal requirements, increasingly stricter authority- activities, and the validity of different legal requirements in different countries. Accordingly, organizations have to follow more different and more strict external requirements, while at the same time authorities are way more active and globally interlinked than in the past. In parallel to this development, global automotive manufactures are urged to handle a constantly increasing degree of complexity. This is mainly caused by an increased variety of parts that are being produced and handled, the increasing amount and difficulties of internal and external interfaces in a global production network, and the increased manufacturing complexity. Although organizations are facing this higher complexity and stricter legal requirements, they still have to fulfill customer‘s expectations towards safety and quality. Customers do not accept a lack of quality and neither they would accept any unsafe products at any time, that’s why many companies are investing in marketing and marketing research to know exactly what the clients want, and some even will Buy Instagram followers to have a bigger client database. A recent survey showed, that safety and quality are rated as the two most relevant factors for customers during their vehicle selection process in today’s time as well as in a 25-year forecast. Safety and quality represent a key to market success within the global automotive industry. Due to the severe risks of product liability and the high degree of complexity, organizations need to be aware of, which of their processes in the value creation chain have an impact on the safety of their products. With this knowledge, they are able to install appropriate measures that ensure the conformity of processes and products and thereby contribute to improved Product safety and minimized liability risks.

Definition of product Safety

IATF defines Product Safety as ” standards relating to the design and manufacturing of products to ensure they do not represent harm or hazards to customers“. Product Safety represents a subset of quality. ISO 9000 defines Quality as the degree to which a set of inherent characteristics fulfills the requirements. The mentioned characteristics can thereby be considered as many different and numerous aspects. This includes for instance things like appearance or sustainability. Eventually, it is always the customer that judges the quality of a product or service. The special thing with the quality-characteristic safety is that no customer would ever accept any compromises and therefore always expects its complete fulfillment. Product safety can be termed as “Reliability in regard to safety-relevant defects”. Resulting in the logic that safety-relevant defects furthermore are considered as all defects that may result in a danger to humans participating in the traffic. Besides the organizational framework, the activities within the product creation process have a direct impact on the safety of the product.

Product safety is a term used to describe policies designed to protect people from risks associated with consumer products they buy and use every day. Product safety is the ability of a product to be safe for intended use, as determined when evaluated against a set of established rules. The legislation sets out clear test and documentary requirements that manufacturers and distributors must follow to demonstrate that their products meet defined safety criteria and are safe for the intended use. Evidence that the prescribed legislation has been conformed with can be demanded by the enforcement authorities within strict time frames. All consumer products must be safe and meet consumer guarantees under the product safety laws. There should be some safety standards. These standards are designed to ensure the safety of products, activities or processes, etc. The Indian consumer has the ‘right to be protected against marketing of goods and services which are hazardous to life and property (Consumer Protection Act 1986). There are many rules & regulations concerning consumer product safety in India. There are general like the Sale of Goods Act, 1930, Consumer Protection Act, 1986, Bureau of Indian Standards and Import Policy 2012 for the safety of the consumer products. To implement the rules there are mechanisms enforced by regulatory bodies. These mechanisms are operated through the Bureau of Indian Standards Act.

IATF 16949:2016 Product safety

It is required that the organization must have documented processes for the management of product-safety-related products and manufacturing processes. The documented process must include if applicable identification by the organization of statutory and regulatory product safety requirements. The documented process must include if applicable customer notification of requirements in the identification of statutory and regulatory product – safety requirements. The documented process must include if applicable special approvals for design FMEA. The documented process must include if applicable identification of product safety-related characteristics. The documented process must include if applicable identification and controls of safety-related characteristics of the product and at the point of manufacture. The documented process must include if applicable special approval of control plans and process FMEAs. The documented process must include if applicable reaction plans. It must be defined responsibilities, the definition of the escalation process, and the flow of information, including top management, and customer notification. The documented process must include training identified by the organization or customer or personnel involved in product—safety-related products and associated manufacturing processes. The documented process must include changes of product or process shall be approved prior to implementation including evaluation of potential effects on product safety from the process and product changes. The documented process must include the transfer of requirements with regard to product safety throughout the supply chain, including customer-designated sources. It must include product traceability by manufactured lot (at a minimum) throughout the supply chain. It must also include The documented process must include if applicable lessons learned for new product introduction.
NOTE: Special approval is an additional approval by the function (typically the customer) that is responsible to approve such documents with safety—related content.


The new clause titled Product Safety requires a documented process for the management of product safety. This clause defines 13 normative elements that must be included in the documented product safety process. These 13 requirements include identification of product safety characteristics, the inclusion of safety characteristics with approvals in design and process FMEAs, control of safety characteristics at the point of the manufacturer with documentation in control plans with specific reaction plans, and defined responsibilities for product safety management including the definition of an escalation process and flow of information, including top management, and customer notification. Additionally, that personnel involved in product safety-related processes will have specific training. The new standard also requires the identification and review of safety targets as part of the product design inputs. Work instructions are required to include rules for operator safety. Product identification and traceability has been expanded to ensure the clear start and stop points for the product received by the customer or in the field that may contain quality and/or safety-related nonconformities with the same requirements extended to externally provided products with safety/regulatory characteristics. The IATF stated this requirement was strengthened to support industry lessons learned related to field issues. Control of reworked products is a new requirement in the rev 2016 standard. Within this new clause, the organization is required to obtain approval from the customer prior to commencing rework of any safety and regulatory characteristics related to the product. Disposition of Nonconforming products is another scope expansion of the new standard requiring products not meeting safety and regulatory requirements to be scrapped and rendered unusable prior to disposal. Lastly, the management review inputs are required to include a review of actual field failures and their impact on safety or the environment. The justification given by the IATF for the expansion of these requirements was to address current and emerging issues the automotive industry is facing related to product and process safety.  While some of these changes are incorporating present customer-specific requirements, others are clearly intended to drive increased awareness of safety-related issues throughout the automotive supply chain. The following 13 elements need to be included in the documented product safety process.

  • Statutory and regulatory requirements for product safety – the organization needs to identify all legal and other requirements related to product safety. This can include the methods of identification and review of this information.
  • Customer requirements regarding product safety – usually, this information is clearly stated by the customer, but there are always some requirements that are implied and are part of the Statutory and regulatory requirements for product safety.
  • Safety-related characteristics of the product – considering the lifecycle of the product and how it is used, the organization needs to identify those characteristics that are relevant for product safety.
  • Product safety-related controls at the point of manufacture – the organization needs to establish appropriate process controls to ensure that the product meets safety requirements.
  • Special approval of process FMEA and control plans – special approval is additional approval by the function (usually the customer) that is responsible for approving such documents with safety-related content.
  • Reaction plans – these usually include containment of the product and 100% inspection if necessary.
  • Responsibilities, including the escalation plan and flow of information to the top management and the customer.
  • Training for the personnel involved in the product safety and manufacturing process (training requirements can come from the organization itself or from the customer).
  • Approval of the changes in the product or process, including evaluation of the effects of the changes on the product safety.
  • Transfer of the product safety requirements throughout the supply chain, including customer-designated sources.
  • The new standard also requires the identification and review of safety targets as part of the product design inputs.
  • Product identification and traceability have been expanded to ensure the clear start and stop points for the product received by the customer, or in the field, that may contain quality- and/or safety-related nonconformities, with the same requirements extended to externally provided products with safety/regulatory characteristics. The IATF stated that this requirement was strengthened to support industry lessons learned related to field issues.
  • Control of reworked products is a new requirement in the 2016 revision of the standard. Within this new clause, the organization is required to obtain approval from the customer prior to commencing rework of any safety and regulatory characteristics related to the product.
  • Disposition of non-conforming products is another scope expansion of the new standard, requiring products not meeting safety and regulatory requirements to be scrapped and rendered unusable prior to disposal.
  • Lastly, the management review inputs are required to include a review of actual field failures and their impact on safety or the environment.

Ten Principles of Safety Management

  1. Establish and observe a written corporate safety policy.
  2. Create an independent safety review process.
  3. Identify and evaluate the severity and foreseeability of product hazards.
  4. Conduct a design review assessing the risk of injury by considering the hazards, the environment, and foreseeable use.
  5. First attempt to eliminate hazards. If not possible, then reduce the opportunity for injury by guarding against the hazards.
  6. Warn users of product dangers and motivate them to avoid injury.
  7. Promote only the safe use of a product.
  8. Maintain safety-related records during the useful life of the product.
  9. Continuously monitor the safety performance of the product in the hands of users.
  10. Promptly notify product users and institute recall procedures where necessary to substantially reduce or eliminate injury.

1. Establish and observe a written corporate safety policy.

A written corporate safety policy is the ultimate responsibility of top management. The document is designed to detail executive commitment, both statutory and voluntary, to the concept of system safety; a before-the-fact management system designed to ensure the production and distribution of reasonably safe products. Oral direction such as “safety is everyone’s responsibility” provides inadequate instructions to the organization. The policy must describe management commitment to clear identification of the responsible corporate units for the tasks of hazard identification, risk assessment, and injury control. The primary goal of a written safety policy is the creation of a management system to substantially reduce or eliminating injury to consumers.

2. Create an independent safety review process.

The independence of the safety function within the management structure is crucial to successful analysis of potential product dangers. The corporate Safety director is an advisory role, with the authority to interact with technical functions such as product design, engineering, human factors, communications, and legal. The safety manager must be able to order safety-related analyses by the various technical divisions and have the authority to integrate the results for presentation directly to top management for decisions on injury control. It is critical that the safety management office be independent of production and distribution. Giving a production manager primary responsibility for safety will divide his or her loyalties and compromise injury control before management review. The safety director often will preside over a safety review board is compromised of members from the technical divisions.

3. Identify and evaluate the severity and foreseeability of product hazards.

A hazard is the inherent capability of a product to do harm. It is most often the result of an energy transfer or release, with such transfer creating an impact on the product user. The appropriate analysis must include a focus on whether the hazard is latent to the user while foreseeable to the producer and the impact on certain vulnerable population groups. The vast majority of car drivers do not understand that Petrol and LPG leakage can create dangerous conditions when the safety valve fails to operate. A little spark can create a catastrophic explosion. Children cannot recognize strangulation hazards in and around Safety belts. Manufacturers and distributors must proceed with extra caution where the hazard is not immediately apparent to the user.

4. Conduct a design review assessing the risk of injury by considering the hazards, the environment, and foreseeable use.

Risk of injury is the opportunity for a specific set of conditions to create harm: Under what circumstances can the user be injured? An examination of the identified hazards, the environment in which it is intended to be used and foreseeable use and misuse of the product by the user population must be considered. An all-terrain vehicle, or ATV, can be an inherently unstable 300-pound machine that can throw a rider. Crushing injuries can occur in addition to the impact by overturning. ATVs are intended to be used in uncontrolled, wilderness environments, such as mountainous paths, sand dunes, and over obstacles. By creating a recreational, sometimes uninhibited setting, ATV riders can foreseeable use the product by going fast, racing with friends, or even by partaking in alcoholic beverages. While not always appropriate behavior to a safety analyst, it is foreseeable that these situations will occur and must be considered to effect reasonable safeguards to prevent injury.

5. First attempt to eliminate hazards. If not possible, then reduce the opportunity for injury by guarding against the hazards.

By eliminating a specific hazard, certain injuries cannot occur. Some automotive workshops have pits to enable work to be done. The vehicle is driven over the pit, and the mechanic works from beneath. Because carbon monoxide (from the vehicle exhaust) is heavier than air, the fumes may build up in the ‘confined space’ under the vehicle. These fumes need not be only from the vehicle being worked on: if other engines are running nearby, there is still a significant risk of exhaust emissions collecting in the pit. Using a hoist eliminates the danger. But in other cases, this is often not possible. Gasoline creates toxic and explosive fumes. It is not possible to eliminate them without destroying their usefulness. Gasoline can, however, be stored in an appropriate canister to prevent the fumes from leaking into a water heater closet in the garage causing an explosion and severe burn injuries. A power mower employs a steel blade rotating at over 200 mph, but lawnmowers can incorporate devices to shut down the blade when the operator releases the controls and can shield user access to the rotating blades.

6. Warn users of product dangers and motivate them to avoid injury.

In addition to the elimination of hazards, product warnings and instructions must assist the user to avoid dangers, including those that remain after thorough attempts to eliminate or guard. An explicit warning including a signal word, statement of the hazard, appropriate behavior, and a description of the consequences of the danger are required. A pictogram illustrating the consequences is often needed to communicate the danger, especially to those who cannot read the words. This communication of the consequences is particularly important in motivating the user to avoid the danger.

7. Promote only the safe use of a product.

Advertising and product promotion sometimes subtly and deceptively promote consumer misuse. Motorcycles promoting speeds up to 150 mph certainly encourage users to go fast, if not to the limit.  In the early years of sales, ATVs were advertised as safe, family fun. Print advertisements said the ATVs could traverse “an astonishing array of terrain”, over “rocks, boulders and fallen logs” and “where some animals can’t go.” Small, instantly removed disclaimers are insufficient to warn users of the dangers of actions depicted in advertisements. Positive statements providing safe use instructions with sufficient frequency to influence behavior are necessary to reinforce the safe activity.

8. Maintain safety-related records during the useful life of the product.

An effective product safety system requires records in sufficient detail to allow for timely detection of safety hazards and trends, and for tracing product defects in assembly, components, and overall design. Records necessary to provide sufficient data for management decisions include safety-related product changes, test results, consumer complaints, product liability lawsuits, location of products within the distribution chain, government injury data, and engineering reports. An integral part of the corporate safety policy is the establishment of a system of records and a directive concerning the retention of those documents. A document destruction policy of three years concerning a product with a useful life of seven years deprives the organization of the opportunity to protect product users from danger.

9. Continuously monitor the safety performance of the product in the hands of users.

Once a manufacturer/distributor has concluded that a product is reasonably safe based on pre-production review and analysis, the product is ready for distribution to users. Feedback from product users is critical to determining whether subsequent corrective action is necessary.  A major producer of valves distributed approximately 15,000 valves to OEM manufacturers. Reports from the field indicated the seals were not properly chlorinated, thus allowing the gasket to tear and leak gas. The company notified the Consumer Product Safety Commission under section 15(b) that the product possibly “contained a defect which could create a substantial product hazard”. An appropriate corrective action plan including the recall of the valve and notification to consumers was taken to protect consumers from the dangers of gas explosions.

10. Promptly notify product users and institute recall procedures where necessary to substantially reduce or eliminate injury.

Upon discovery of a product hazard after distribution to the public, immediate notification of the danger and quick steps to protect users from injury is critical. Time is of the essence. Knowledgeable product users can help reduce both injuries and claims. Efficient recall procedures can remove hazardous products from the stream of commerce. A few years ago, a combination of manufacturing flaws turned Toyota’s fleet of vehicles into automotive runaways. In some cases, the floor mats became lodged under the accelerator, jamming it down. In others, the gas pedal would simply stick. After more than 60 cases of runaway vehicles were reported, 30 of which resulted in at least one death, Toyota went into crisis mode and issued two separate recalls in 2009 and 2010 to “reconfigure” the accelerator setup. Company officials have estimated the cost of the blunder will top $5 billion, after all, is said and done, making it the costliest recall ever recorded.

Basic elements of  Product Safety 

Product safety involves the application of the principles of Safety Management to the design and marketing of products. Basic elements of product safety programming are designed to identify and evaluate potential product hazards for systematic control using the techniques of safety management. A Product Safety program must include a clear, explicit, and documented statement of product safety policy. It must include a clear, explicit, and documented assignment of individual responsibility for the conduct of product safety activity. It must also include a clear, explicit, and documented product safety program plan outlining the specific steps, procedures, and techniques to be followed on conducting product safety activity during the product design and marketing processes to achieve product safety goals. As a starting point, a documented search for authoritative literature and relevant standards relating to potential safety concerns associated with the product to be designed or marketed. The conduct of explicit and documented activity giving attention to the systematic discovery or identification of reasonably anticipated potential product or system hazards, followed by an evaluation of those hazards in terms of associated risk factors (likely loss event probability and severity). The documented use of the core concepts and principles of safety management and safety engineering, and the cardinal rules of hazard control, to reasonably eliminate or minimize unacceptable product hazards (though, in order of preference and effectiveness, use of design, safeguarding, or warning means). Product safety programs should appropriately include the following:

  1. Corporate Safety Policies
    Safety Product policy is a widely publicized explicit formal statement, as a matter of record, regarding top management’s commitment to state-of-the-art
    product safety and the preeminent importance of product safety during product (system) design, production, and distribution. To establish a policy the organization must:
    • Develop a mission statement to prevent unreasonable risks of injury, signed by the CEO and distributed to all employees.
    • Use all technically feasible and economically practical safety measures to substantially reduce or eliminate injuries, and to meet or exceed all applicable safety standards.
    • Create a multi-disciplinary Safety Review Committee to audit product safety policies and to consider product hazards, the environment of use, and foreseeable consumer behavior.
    • Collect and maintain safety-related data throughout the product life cycle including technical documents, injury data, complaints/returns, product liability litigation, government analyses, and other information concerning the risks of injury.
  2. Product Hazards
    • Review the inherent capability of the product to create harm through a transfer of mechanical, thermal, electrical, chemical, biological, or radiation energy.
    • Evaluate injury potential and severity.
    • The study intended and foreseeable product use in concert with operator capabilities based on demographics, anthropometric, educational level, and physical capacity.
  3. Foreseeable Use
    • Investigate how injuries occur by reviewing historical data, manuals and instructions, professional journals, and electronic databases.
    • Review government injury databases
    • Analyze internal corporate safety data on product use including customer complaints, warranty returns, toll-free lines, internal intuitive brainstorming sessions, focus groups, surveys, behavioral testing, and computer models.
  4. Risk Factors
    • The environment of use including weather, family/peers, job stress, location, ambient conditions, terrain, noise, temperature.
    • Promotion – Marketing, advertising, distribution, public relations, word of mouth, packaging, product form, and shape, point of purchase materials.
    • Vulnerable population groups such as children, seniors, and the disabled, concerning products that exceed the physical or cognitive capabilities of operators.
    • Hazard perception of the user includes the severity of the injury, likelihood or frequency of injury, magnitude of the danger, and prior experiences such as familiarity with product operations, lack of prior injury, overconfidence, and first impression of hazards and risks.
    • Benefit or value of unintended use including time savings, ease of operation, overcoming poor performance, and peer group acceptance.
  5. Safety Measures
    • Eliminate the hazard to remove the inherent capability to do harm, or if not possible, place a physical barrier, guard, or interlock between the product hazard and the user.
    • Warn the user of the danger and motivate them to avoid injury using signal words, hazard, pictorial, instructions, and statements of consequences.
    • Promote safety education including safety alerts, injury data, training, owner’s manuals, point of purchase displays.
  6. Corrective Action
    • Analysts must monitor the safety performance of products by systematic collection of injury data and other consumer use.
    • When an unreasonable risk is identified, modify future production and initiate a recall applying appropriate safety measures to repair, replace, or repurchase the defective or non-complying products.
    • The public notice includes direct mail, service bulletins, public media, paid advertising, dealer notice, point of sale posters.
    • Government requirements, Defect Notification for Motor Vehicles and Equipment such as child safety seats, and Market Withdrawal and Recall Policies.

Establishing framework for product safety

The risks for organizations and individuals that origin from PS are enormous. For example, Product liability payments are one the most severe management failures that occur because of not handling PS appropriately. Due to the inherent risks of product liability, the application of Reliable Management seems to be a necessary tool. Reliability Management can be defined as taking adequate measures to protect people, the environment, and assets from harmful consequences. Reliable management can be considered as the decisive aspect to actually focus on the essential tasks. Consequently, organizations have the responsibility to allocate their resources according to where they are most required and where most of the risks can potentially be reduced. There is not a way to eliminate risks, but therefore they need to be managed. The organizations need to know, which are their individual and relevant process that has an impact on Product Safety. If organizations have identified them, it will allow them to allocate their available resources according to the importance of the process. This again enhances the chances that tasks are fulfilled according to their requirements.

Laws and regulations can have specific impacts on products and processes. Within Product Safety, they do play a significant role. The legal requirements have their origin from product liability. Product Safety can be considered as the tool, which tries to convert legal requirements from product liability into safe products. The organizations have two main tasks for Product Safety in order to fulfill the legal requirements. Firstly, the creation of safety by the technology. This implies the technical development of a safe product (eg reliability engineering, testing, etc.). Secondly, the creation of safety by an organization that is capable of creating safety (e.g. clear responsibilities, communication, etc.). This needs to be supplemented with the creation of verification data, which allows proving the conformity of manufactured products. This became, due to the increasing numbers of lawsuits, a lot more important. The legal situation states that manufacturers are in the role to prove the product was safe at the time it was launched into the Market. Therefore, these verification records are of crucial character and can actually be decisive for the result of lawsuits. To engineers, legal requirements often seem to be described in a rather general and vague language. In order to fulfill requirements from the law legal requirements can be converted into specific working instructions. Practitioners, which in most cases do not have legal backgrounds, do require legal certainty. They need to know, what their duties are and how they can fulfill these. Therefore, specific working instructions can be created for all the processes that impact product safety.

Method of identifying the processes that are relevant for Product Safety

  1. Create a preliminary list of potentially relevant processes for Product Safety
    The first step involves the investigation of which process could possibly have an impact on PS. Therefore, interviews and comprehensive literature reviews regarding the areas of product-creation-process, reliability engineering, and enterprise models are of specific importance. All identified tasks and processes are thereby allocated to the departments that will hold responsibility for process ownership.
  2. Discuss preliminary Product Safety process with practitioners and experts from your organization
    During the second step, the preliminary Product Safety process is discussed with experts from the respective departments. A workshop with at least three members from preferably different plants is considered an important instrument to hold this discussion. This has the advantage that the proposed actions are discussed from different angles and different historical backgrounds. The active involvement of future applicants in the identification process is considered a crucial step. People are more likely to accept developments and changes, once they contributed to them. After workshops with all departments have been held, one more workshop with a focus on cross-divisional topics and interfaces between departments is advisable. Eventually, the necessity of this task has to be decided individually.
  3. Group and create a short description of all considered Processes
    Within this step, all discussed processes are grouped and consolidated. Next, a short description of each of the processes task with its purpose and goal is being created in order to avoid misunderstandings, when talking about those processes. The thereby existing list can be called ‘Preliminary Processes’.
  4. Apply the Product Safety Filter
    The filter distinguishes those activities that actually have a proven impact on Product Safety from those that only seem to be relevant. Eventually, only established process safety processes are qualified for a special treatment, which should ensure that they are conducted in the best possible way. Special treatment means that additional resources or special treatment are involved. Therefore, it is important that organizations identify the correct processes and treat only those with special care. In order to identify the process that has an impact on PS, a set of criteria has been developed. These criteria are derived from the overall goal, which is minimizing product liability risks. This goal is supported if at least one of the following two criteria applies: A special treatment of a task leads to either an improvement of the safety of a product or the minimization of liability risks. Since these two criteria are terms with a wide meaning and purpose, they need to be elaborated in order to ensure the correct filtration.

Subscribe to get access

Subscribe today

Back to Home Page

If you need assistance or have any doubt and need to ask any questions contact me at You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.


 The following checklist can be used for both internal audits as well as Gap Analysis tools. The checklist given below has the requirements as given in standard IATF 16949:2016 and has to be used along with the requirements as given in Standard ISO 9001:2015. Please click here for ISO 9001:2015 GAP Analysis Tools

IATF 16949:2016 Checklist
Clause 4  Context of the organization
4.3 – Determining the Scope of the Quality Management System
4.3.1 – Determining the Scope of the Quality Management System-Supplemental
1Are supporting functions, whether on-site or remote (such as design centres, corporate headquarters, and distribution centres), included in the scope of the Quality Management System (QMS)? 
2Have you taken the only permitted exclusion for this Automotive QMS Standard relates to the product design and development requirements within ISO 9001, Section 8.3 (Design and development of product and services)? Is the exclusion justified and maintained as documented information? Please note Permitted exclusions do not include manufacturing process design 
4.3.2 Customer – Specific Requirements
1Are customer-specific requirements evaluated and included in the scope of the organization’s quality management system? 
4.4 – Quality Management System and its Processes – Conformance of Products and Processes
1Has the organization ensured conformance of all products and processes, including service parts and those that are outsourced, to all applicable customer, statutory, and regulatory requirements? – Product Safety
1Does the organization have documented processes for the management of product-safety related products and manufacturing processes? 
2Does the organization have documented processes for identification of statutory and regulatory product – safety requirements? 
3Does the organization have documented processes for customer notification of requirements in the identification of statutory and regulatory product – safety requirements? 
4Does the organization have documented processes for special approvals for design FMEA?Note: Special approval is an additional approval by the function (typically the customer) that is responsible to approve such documents with safety – related content. 
5Does the organization have documented processes for identification of product safety-related characteristics? 
6Does the organization have documented processes for identification and controls of safety-related characteristics of the product and at the point of manufacture? 
7Does the organization have documented processes for special approval of control plans and process FMEAs? 
8Does the organization have documented processes for reaction plans? 
9Does the organization have documented processes for defined responsibilities, the definition of escalation process and flow of information, including top management, and customer notification? 
10Does the organization have documented processes for training identified by the organization or customer for personnel involved in product – safety-related products and associated manufacturing processes? 
11Does the organization have documented processes for changes of product or process shall be approved prior to implementation, including evaluation of potential effects on product safety from the process and product changes? 
12Does the organization have documented processes for transfer of requirements with regard to product safety throughout the supply chain, including customer – designated sources? 
13Does the organization have documented processes for product traceability by manufactured lot (at a minimum) throughout the supply chain? 
14Does the organization have documented processes for lessons learned for new product introduction? 
Clause 5 Leadership
Clause 5.1 Leadership and Commitments
Clause 5.1.1 General Leadership and Commitment – Corporate Responsibility
1Has the organization defined and implemented corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation policy (“whistleblowing policy”)? Process Effectiveness and Efficiency
1Has top management reviewed the product realization processes and support processes to evaluate and improve their effectiveness and efficiency? Are the results of the process review activities included as input to the management review? Process owners
1Has top management identified process owners who are responsible for managing the organization’s processes and related outputs? 
2Do process owners understand their roles and are they competent to perform those roles? 
5.3 Organizational Roles, Responsibilities, and Authorities
5.3.1 Organizational Roles, Responsibilities, and Authorities – Supplemental
1Has top management assigned personnel with the responsibility and authority to ensure those customer requirements are met? 
2Have these assignments been documented? 
3Does this include but is not limited to the selection of special characteristics, setting quality objectives and related training, corrective and preventive actions, product design and development, capacity analysis, logistics information, customer scorecards, and customer portals? 
5.3.2 Responsibility and Authority for Product Requirements and Corrective Actions
 1Has top management ensured that personnel responsible for conformity to product requirements have the authority to stop shipment and stop production to correct quality problems? 
 2In case it is not possible to stop production immediately, has top management ensured that the affected batch is contained and shipment to the customer prevented? 
 3Has top management ensured that personnel with authority and responsibility for corrective action are promptly informed of products or processes that do not conform to requirements to ensure that nonconforming product is not shipped to the customer and that all potential nonconforming product is identified and contained? 
 4Has top management ensured that production operations across all shifts are staffed with personnel in charge of, or delegated responsibility for, ensuring conformity to product requirements? 
6 Planning
6.1 Action to address risks and opportunities Risk Analysis
1Has the organization included in its risk analysis, at a minimum, lessons learned from product recalls, product audits, field returns and repairs, complaints, scrap, and rework? 
2Has the organization retained documented information as evidence of the results of risk analysis?? Preventive Actions
1Has the organization determined and implemented action(s) to eliminate the causes of potential nonconformities in order to prevent their occurrence? 
2Are preventive actions appropriate to the severity of the potential issues? 
3Has the organization established a process to lessen the impact of negative effects of risk? 
4Has the organization established a process to determining potential nonconformities and their causes? 
5Has the organization established a process to evaluate the need for action to prevent the occurrence of nonconformities? 
6Has the organization established a process of determining and implementing action needed? 
7Has the organization established a process to documented information of action taken? 
8Has the organization established a process to review the effectiveness of the preventive action taken? 
9Has the organization established a process to utilize lessons learned to prevent recurrence in similar processes? Contingency Plans
1Has the organization identified and evaluated internal and external risks to all manufacturing processes and infrastructure equipment essential to maintain production output and to ensure those customer requirements are met? 
2Has the organization defined contingency plans according to risk and impact to the customer? 
3Has the organization prepared contingency plans for continuity of supply in the event of key equipment failures, interruption from externally provided products, processes, and services, recurring natural disasters, fire, utility interruptions, labour shortages or infrastructure disruptions? 
4Has the organization included, as a supplement to the contingency plans, a notification process to the customer and other interested parties for the extent and duration of any situation impacting customer operations? 
5Has the organization periodically tested the contingency plans for effectiveness (e.g. simulations, as appropriate)? 
6Has the organization conducted contingency plan reviews at a minimum annually using a multidisciplinary team including top management, and updated as required? 
7Has the organization documented the contingency plans and retained documented information describing any revisions, including the person who authorized the change? 
8Do the contingency plans include provisions to validate that the manufactured product continues to meet customer specifications after the re-start of production following an emergency in which production was stopped and if the regular shutdown processes were not followed? 
6.2 Quality Objectives and Planning to Achieve Them Quality Objectives and Planning to Achieve Them – Supplemental
1Has top management ensured that quality objectives to meet customer requirements are defined, established, and maintained for relevant functions, processes, and levels throughout the organization? 
2Are the results of the organization’s review regarding interested parties and their relevant requirements considered when the organization establishes its annual (at a minimum) quality objectives and related performance targets (internal and external)? 
7 Support
7.1 Resources
7.1.3 Infrastructure Plant, Facility, and Equipment Planning
1Has the organization used a multidisciplinary approach including risk identification and risk mitigation methods for developing and improving plant, facility, and equipment plans? 
2In designing plant layouts has the organization optimized material flow, material handling, and value-added use of floor space including control of nonconforming product? 
3In designing plant layouts facilitated synchronous material flow? 
4Are methods developed and implemented to evaluate manufacturing feasibility for a new product or new operations? 
5Do manufacturing feasibility assessments include capacity planning? 
6Are these methods also applicable for evaluating proposed changes to existing operations? 
7Has the organization maintained process effectiveness, including periodic re-evaluation relative to risk, to incorporate any changes made during process approval, control plan maintenance, and verification of job set-ups? 
8Are assessments of manufacturing feasibility and evaluation of capacity planning inputs to management reviews? 
9As applicable do these requirements should include the application of lean manufacturing principles and apply to on-site supplier activities? 
7.1.4 Environment for the Operation of Processes Environment for the Operation of Processes – Supplemental
1Has the organization maintained its premises in a state of order, cleanliness, and repair that is consistent with the product and manufacturing process needs? 
7.1.5 Monitoring and measuring resources General Measurement Systems Analysis
1Have statistical studies been conducted to analyse the variation present in the results of each type of inspection, measurement, and test equipment system identified in the control plan? 
2Do the analytical methods and acceptance criteria used conform to those in reference manuals on measurement systems analysis? Other analytical methods and acceptance criteria may be used if approved by the customer. 
3Are records of customer acceptance of alternative methods retained along with results from alternative measurement systems analysis? 
4 Is the prioritization of MSA studies focused on critical or special product or process characteristics? Measurement traceability Calibration / Verification Records
1 Does the organization have a documented process for managing calibration/verification records? 
2Are records of the calibration/verification activity for all gauges and measuring and test equipment (including employee-owned equipment relevant for measuring, customer-owned equipment, or on-site supplier-owned equipment) needed to provide evidence of conformity to internal requirements, legislative and regulatory requirements, and customer-defined requirements retained? 
3Has the organization ensured that calibration/verification activities and records include revisions following engineering changes that impact measurement systems? 
4Has the organization ensured that calibration/verification activities and records include any out-of-specification readings as received for calibration/verification? 
5Has the organization ensured that calibration/verification activities and records include an assessment of the risk of the intended use of the product caused by the out-of-specification condition? 
6Has the organization ensured that when a piece of inspection measurement and test equipment is found to be out of calibration or defective during its planned verification or calibration or during its use, documented information on the validity of previous measurement results obtained with this piece of inspection measurement and test equipment is retained, including the associated standard’s last calibration date and the next due date on the calibration report? 
7Has the organization ensured that notification is sent to the customer if the suspect product or material has been shipped? 
8Has the organization ensured that calibration/verification activities and records include statements of conformity to specification after calibration/verification? 
9Has the organization ensured that calibration/verification activities and records include verification that the software version used for product and process controls is as specified? 
10Has the organization ensured that calibration/verification activities and records include records of the calibration and maintenance activities for all gauging including employee-owned equipment, customer-owned equipment, or on-site supplier-owned equipment? 
11Has the organization ensured that calibration/verification activities and records include production-related software verification used for product and process control including software installed on employee-owned equipment, customer-owned equipment, or on-site supplier-owned equipment? Laboratory Requirements: Internal Laboratory
1Does the organization’s internal laboratory facility have a defined scope that includes its capability to perform the required inspection, test, or calibration services? 
2Is this laboratory scope included in the quality management system documentation? 
3Has the laboratory specified and implemented requirements for the adequacy of the laboratory technical procedures? 
4Has the laboratory specified and implemented requirements for the competency of the laboratory personnel? 
5Has the laboratory specified and implemented requirements for testing of the product? 
6Does the laboratory have the capability to perform these services correctly, traceable to the relevant process standard such as ASTM, EN, etc.? 
7When no national or international standard(s) is available, has the organization defined and implemented a methodology to verify measurement system capability? 
8Has the laboratory specified and implemented requirements for customer requirements? 
9Has the laboratory specified and implemented requirements for review of the related records? 
10Does the Laboratory have a third-party accreditation to ISO / IEC 17025 (or equivalent)  to demonstrate the organization’s in-house laboratory conformity to the above-mentioned requirements? Laboratory Requirements: External Laboratory
1Do external/ commercial/ independent laboratory facilities used for inspection, test, or calibration services by the organization have a defined laboratory scope that includes the capability to perform the required inspection, test, or calibration? 
2Is the external laboratory accredited to ISO / IEC 17025 or national equivalent and includes the relevant inspection, test, or calibration service in the scope of the accreditation (certificate) where the certificate of calibration or test report includes the mark of a national accreditation body; or there is evidence that the external laboratory is acceptable to the customer? 
NOTE: Such evidence may be demonstrated by customer assessment, for example, or by the customer-approved second-party assessment that the laboratory meets the intent of ISO/IEC 17025 or national equivalent. The second-party assessment may be performed by the organization assessing the laboratory using a customer-approved method of assessment. Calibration services maybe be performed by the equipment manufacturer when a qualified laboratory is not available for a given piece of equipment. In such cases, the organization shall ensure that the requirements listed in Section have been met. Use of calibration services, other than by qualified (or customer accepted) laboratories, may be subject to government regulatory confirmation if required.
7.2 Competence
7.2.1 Competence – Supplemental
1Has the organization established and maintained a documented process for identifying training needs including awareness and achieving competence of all personnel performing activities affecting conformity to product and process requirements? 
2Are personnel performing specific assigned tasks qualified, as required, with particular attention to the satisfaction of customer requirements? 
7.2.2 Competence – On-The-Job Training
1Does the organization provide on-the-job training, which includes customer requirements training, for personnel in any new or modified responsibilities affecting conformity to quality requirements, internal requirements, regulatory or legislative requirements? 
2Does this include contract or agency personnel? 
3Is the level of detail required for on-the-job training commensurate with the level of education the personnel possess and the complexity of the task they are required to perform for their daily work? 
4Are persons whose work can affect quality informed about the consequences of nonconformity to customer requirements? 
7.2.3 Internal Auditor Competency
Does the organization have a documented process to verify that internal auditors are competent, taking into account any customer-specific requirements? 
Does the organization maintain a list of qualified internal auditors? 
Are quality management system auditors, manufacturing process auditors, and product auditors all able to demonstrate the understanding of the automotive process approach for auditing, including risk-based thinking? 
Are the auditors able to demonstrate the understanding of applicable customer-specific requirements? 
Are the auditors able to demonstrate the understanding of applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit? 
Are the auditors able to demonstrate the understanding of applicable core tool requirements related to the scope of the audit? 
Are the auditors able to demonstrate the understanding of how to plan, conduct, report, and closeout audit findings? 
Do manufacturing process auditors demonstrate technical understanding of the relevant manufacturing process to be audited, including process risk analysis such as PFMEA and control plan? 
Do product auditors demonstrate competence in understanding product requirements and use of relevant measuring and test equipment to verify product conformity? 
Where training is provided to achieve competency, is documented information retained to demonstrate the trainer’s competency with the above requirements? 
Is maintenance of and improvement in internal auditor competence demonstrated through executing a minimum number of audits per year, as defined by the organization? 
Is maintenance of and improvement in internal auditor competence demonstrated through maintaining knowledge of relevant requirements based on internal changes (e.g. process technology, product technology) and external changes (e.g. ISO 9001, IATF 16949, core tools, and customer-specific requirements)? 
7.2.4 Second-Party Auditor Competency
Does the organization demonstrate the competence of the auditors undertaking the second-party audits? 
Do second-party auditors meet customer-specific requirements for auditor qualification and demonstrate the understanding of the automotive process approach to auditing, including risk-based thinking? 
Do second-party auditors demonstrate the understanding of applicable customer and organization-specific requirements? 
Do second-party auditors demonstrate the understanding of applicable ISO 9001 and IATF 16949 requirements related to the scope of the audit? 
Do second-party auditors demonstrate the understanding of applicable manufacturing process to be audited, including PFMEA and control plan? 
Do second-party auditors demonstrate the understanding of applicable core tool requirements related to the scope of the audit? 
Do second-party auditors demonstrate the understanding of how to plan, conduct, prepare audit reports, and closeout audit findings? 
7.3 Awareness
7.3.1 Awareness – Supplemental
Does the organization maintain documented information that demonstrates that all employees are aware of their impact on product quality and the importance of the activities in achieving, maintaining, and improving quality, including customer requirements and the risks involved for the customer with the non-conforming product? 
7.3.2 Awareness – Employee Motivation and Empowerment
1Does the organization maintain a documented process to motivate employees to achieve quality objectives, to make continual improvements, and to create an environment that promotes innovation? 
2Does the process include the promotion of quality and technological awareness throughout the whole organization? 
7.5 Documented Information
7.5.1 General Documented Information: Quality Management System Documentation
1Is the organization’s quality management system documented and includes a quality manual, which can be a series of documents (electronic or hard copy)? 
2Is the format and structure of the quality manual at the discretion of the organization and does it depend on the organization’s size, culture, and complexity? 
3If a series of documents is used, is a list retained of the documents that comprise the quality manual for the organization? 
4Does the quality manual include the scope of the quality management system, including details of and justification for any exclusions? 
5Does the quality manual include documented processes established for the quality management system or reference to them? 
6Does the quality manual include the organization’s processes and their sequence and interactions (inputs and outputs), including type and extent of control of any outsourced processes? 
7Does the quality manual include a document (ie. matrix) indicating where within the organization’s quality management system their customer-specific requirements are addressed? 
NOTE: A matrix of how the requirements of this Automotive QMS standard are addressed by the organization’s processes may be used to assist with linkages of the organization’s processes and this Automotive QMS.
7.5.3 Control of Documented Information Record Retention
1Does the organization define, document, and implement a record retention policy? 
2Do the control of records satisfy statutory, regulatory, organizational, and customer requirements? 
3Are production part approvals, tooling records including maintenance and ownership, product and process design records, purchase orders (if applicable), or contracts and amendments retained for the length of time that the product is active for production and service requirements, plus one calendar year unless otherwise specified by the customer or regulatory agency? 
4Does Production part approval documented information include approved product, applicable test equipment records, or approved test data? Control of Documented Information: Engineering Specifications
1Does the organization have a documented process describing the review, distribution, and implementation of all customer engineering standards/specifications and related revisions based on customer schedules, as required? 
2 Does the organization retain a record of the date on which each change is implemented in production? 
3Does the implementation include updated documents? 
4Is review completed within 10 working days of receipt of notification of engineering standards/specification changes? 
NOTE: A change in these standards/specifications may require an updated record of customer production part approval when these specifications are referenced on the design record or if they affect documents of the production part approval process, such as control plan, risk analysis (such as FMEAs), etc.
8 Operations
8.1 Operational Planning and Control
8.1.1 Operational Planning and Control – Supplemental
1When planning for product realization, are the following topics including a) customer product requirements and technical specifications b) logistics requirements c) manufacturing feasibility d) project planning e) acceptance criteria? 
8.1.2 Confidentiality
1Has the organization ensured the confidentiality of customer-contracted products and projects under development, including related product information? 
8.2 Requirements for Products and Services
8.2.1 Customer Communication Customer Communication – Supplemental
1Is written or verbal communication in the language agreed with the customer? 
2Does the organization have the ability to run ransomware analysis and communicate necessary information, including data in a customer-specified computer language and format e.g. computer-aided design data, electronic data interchange? 
8.2.2 Determining the Requirements for Products and Services Determining the Requirements for Products and Services – Supplemental
1Do these requirements include recycling, environmental impact, and characteristics identified as a result of the organization’s knowledge of the product and manufacturing processes? 
2Does compliance with any statutory and regulatory requirement related to the product include all applicable government, safety, and environmental regulations related to the acquisition, storage, handling, recycling, elimination, or disposal of material? 
8.2.3 Review of the Requirements for Products and Services Review of the Requirements for Products and Services – Supplemental
1Does the organization retain documented evidence of a customer-authorized waiver for the requirements stated in ISO 9001, Section, for a formal review?  Customer-Designated Special Characteristics
1Does the organization conform to customer requirements for designation, approval documentation, and control of special characteristics? Requirements for Products and Services: Organization Manufacturing Feasibility
1Does the organization utilize a multidisciplinary approach to conduct an analysis to determine if it is feasible that the organization’s manufacturing processes are capable of consistently producing a product that meets all of the engineering and capacity requirements specified by the customer? 
2Does the organization conduct this feasibility analysis for any manufacturing or product technology new to the organization and for any changed manufacturing process or product design? 
3Additionally, does the organization validate through production runs, benchmarking studies, or other appropriate methods, their ability to make the product to specifications at the required rate? 
8.3 Design and development of products and services
8.3.1 General Design and development of products and services – supplement
1Does the requirement of product and manufacturing process design and development focus on error prevention rather on detection? 
1Does the organization document its design and development processes? 
8.3.2 Design and Development Planning Design and Development Planning – Supplemental
1Does the organization ensure that design and development planning includes all affected stakeholders within the organization and, as appropriate, its supply chain? 
2While doing the design and development planning, does the organization uses as a multidisciplinary approach which includes a) project management (for example, APQP or VDA – RGA); b) product and manufacturing process design activities (for example, DFM and DFA), such as consideration of the use of alternative designs and manufacturing processes; c) development and review of product design risk analysis (FMEAs), including actions to reduce potential risks; d) development and review of manufacturing process risk analysis (for example, FMEAs, process flows, control plans, and standard work instructions)? 
NOTE: A multidisciplinary approach typically includes the organization’s design, manufacturing, engineering, quality, production, purchasing, supplier, maintenance, and other appropriate functions. Product Design Skills
1Does the organization ensure that personnel with product design responsibility are competent to achieve design requirements and are skilled in applicable product design tools and techniques? 
2Are applicable tools and techniques identified by the organization? Development of Products with Embedded Software



Does the organization use a process for quality assurance for their products with internally developed embedded software? 
2Is a software development assessment methodology utilized to assess the organization’s software development process? 
3Using prioritization based on risk and potential impact to the customer, does the organization retain documented information of a software development capability self-assessment? 
4Does the organization include software development within the scope of its internal audit programme? 
8.3.3 Design and Development Inputs Product Design Input
1Does the organization identify, document, and review product design input requirements as a result of contract review? 
2Do product design input requirements include product specifications including but not limited to special characteristics? 
3Do product design input requirements include boundary and interface requirements? 
4Do product design input requirements include identification, traceability, and packaging? 
5Do product design input requirements include consideration of design alternatives?


NOTE: One approach for considering design alternatives is the use of trade-off curves.

6Do product design input requirements include assessment of risks with the input requirements and the organization’s ability to mitigate/manage the risks, including from the feasibility analysis? 
7Do product design input requirements include targets for conformity to product requirements including preservation, reliability, durability, serviceability, health, safety, environmental, development timing, and cost? 
8Do product design input requirements include applicable statutory and regulatory requirements of the customer-identified country of destination, if provided? 
9Do product design input requirements include embedded software requirements? 
10Does the organization have a process to deploy information gained from previous design projects, competitive product analysis (benchmarking), supplier feedback, internal input, field data, and other relevant sources for current and future projects of a similar nature? Manufacturing Process Design Input
 1Does the organization identify, document, and review manufacturing process design input requirements? 
 2Does the manufacturing process design input requirements including but not limited to the following: a) product design output data including special characteristics; b) targets for productivity, process capability, timing, and cost; c) manufacturing technology alternatives; d) customer requirements, if any; e) experience from previous developments; f) new materials; g) product handling and ergonomic requirements; and h) design for manufacturing and design for assembly? 
3Does the manufacturing process design include the use of error-proofing methods to a degree appropriate to the magnitude of the problems and commensurate with the risks encountered? Special Characteristics
 1 Does the organization use a multidisciplinary approach to establish, document, and implement its process to identify special characteristics, including those determined by the customer and the risk analysis performed by the organization? 
 2 Does it include documentation of all special characteristics in the drawings (as required), risk analysis (such as FMEA), control plans, and standard work/operator instructions; special characteristics identified with specific markings and cascaded through each of these documents? 
 3 Does the identification of special characteristics include the development of control and monitoring strategies for special characteristics of products and production processes? 
 4Does the identification of special characteristics include customer-specified approvals, when required? 
 5Does the identification of special characteristics include compliance with customer-specified definitions and symbols or the organization’s equivalent symbols or notations, as defined in a symbol conversion table? 
 6 Is the symbol conversion table submitted to the customer, if required? 
8.3.4 Design and Development Controls Monitoring
 1Are measurements at specified stages during the design and development of products and processes defined, analyzed, and reported with summary results as an input to management review? 
 2 When required by the customer, are measurements of the product and process development activity reported to the customer at stages specified, or agreed to, by the customer? 
 3When appropriate, do these measurements include quality risks, costs, lead times, critical paths, and other measurements? Design and Development Validation
1Is design and development validation performed in accordance with customer requirements, including any applicable industry and governmental agency-issued regulatory standards? 
2Is the timing of design and development validation planned in alignment with customer-specified timing, as applicable? 
3Where contractually agreed with the customer, does this include evaluation of the interaction of the organization’s product, including embedded software, within the system of the final customer’s product? Prototype Programme
1When required by the customer, does the organization have a prototype programme and control plan? 
2Does the organization use, whenever possible, the same suppliers, tooling, and manufacturing processes as used in production? 
3Are all performance-testing activities monitored for timely completion and conformity to requirements? 
4When services are outsourced, does the organization include the type and extent of control in the scope of its quality management system to ensure that outsourced services conform to requirements? Product Approval Process
1Does the organization establish, implement, and maintain a product and manufacturing approval process conforming to requirements defined by the customer? 
2Does the organization approve externally provided products and services per ISO 9001, Section 8.4.3 (Information for the external provider), prior to submission of their part approval to the customer? 
3Does the organization obtain documented product approval prior to shipment, if required by the customer? Are records of such approval retained? 
4Are records of such approval retained? 
NOTE: Product approval should be subsequent to the verification of the manufacturing process.
8.3.5 Design and Development Outputs Design and Development Outputs – Supplemental
1Is the product design output expressed in terms that can be verified and validated against product design input requirements? 
2Does the product design output include design risk analysis (Design FMEA)? 
 3 Does the product design output include reliability study results? 
 4 Does the product design output include product special characteristics? 
 5 Does the product design output include results of product design error-proofing, such as DFSS, DFMA and FTA? 
 6 Does the product design output include product definition including 2D drawing, 3D models, technical data packages, product manufacturing information, and geometric dimensioning & tolerancing (GD & T)? 
 7 Does the product design output include product design review results? 
 8 Does the product design output include service diagnostic guidelines and repair and serviceability instructions? 
 9Does the product design output include service part requirements? 
 10Does the product design output include packaging and labelling requirements for shipping? 
 11Does the Interim design outputs include any engineering problems being resolved through a trade-off process? Manufacturing Process Design Output
 1Does the organization document the manufacturing process design output in a manner that enables verification against the manufacturing process design inputs? 
 2Does the organization verify the outputs against manufacturing process design input requirements? 
 3Does the manufacturing process design output include specifications and drawings? 
 4Does the manufacturing process design output include special characteristics for the product and manufacturing process? 
 5 Does the manufacturing process design output include identification of process input variables that impact characteristics? 
 6Does the manufacturing process design output include tooling and equipment for production and control, including capability studies of equipment and process? 
 7Does the manufacturing process design output include manufacturing process flowcharts/layout, including linkage of product, process, and tooling? 
 8Does the manufacturing process design output include capacity analysis? 
 9 Does the manufacturing process design output include manufacturing process FMEA? 
 10 Does the manufacturing process design output include maintenance plans and instructions? 
 11 Does the manufacturing process design output include the control plan? 
12Does the manufacturing process design output include standard work and work instructions? 
13Does the manufacturing process design output include process approval acceptance criteria? 
14Does the manufacturing process design output include data for quality, reliability, maintainability, and measurability? 
15Does the manufacturing process design output include results of error-proofing identification and verification, as appropriate? 
16Does the manufacturing process design output include methods of rapid detection, feedback, and correction of product/manufacturing process nonconformities? 
8.3.6 Design and Development Changes Design and Development Changes – Supplemental
1Does the organization evaluate all design changes after initial product approval, including those proposed by the organization or its suppliers, for potential impact on fit, form, function, performance, and/or durability? 
2Are these changes validated against customer requirements and approved internally, prior to production implementation? 
3If required by the customer, does the organization obtain documented approval, or a documented waiver, from the customer prior to production implementation? 
4For products with embedded software, does the organization document the revision level of software and hardware as part of the change record? 
8.4 Control of externally provided processes, products and services
8.4.1 General General – Supplemental
1Does the organization include all products and services that affect customer requirements such as sub-assembly, sequencing, sorting, rework, and calibration services in the scope of their definition of externally provided products, processes, and services? Supplier Selection Process
 1Does the organization have a documented supplier selection process? 
 2Does the selection process include an assessment of the selected supplier’s risk to product conformity and uninterrupted supply of the organization’s product to the customers? 
 3Does the selection process include relevant quality and delivery performance? 
 4Does the selection process include an evaluation of the supplier’s quality management system? 
 5 Does the selection process include multidisciplinary decision making? 
 6Does the selection process include an assessment of software development capabilities, if applicable? 
 7Are other supplier selection criteria considered including the following: volume of automotive business (absolute and as a percentage of total business); financial stability; purchased product, material, or service complexity; required technology (product or process); adequacy of available resources (e.g. people, infrastructure); design and development capabilities (including project management);  manufacturing capability; change management process; business continuity planning (e.g. disaster preparedness, contingency planning); logistics process; customer service Customer-Directed Sources (also known as “Directed-Buy”)
1When specified by the customer, does the organization purchase products, materials, or services from customer-directed sources? 
 2 Are all requirements of Section 8.4 (except the requirements in IATF 16949, Section applicable to the organization’s control of customer-directed sources unless specific agreements are otherwise defined by the contract between the organization and the customer? 
8.4.2 Type and Extent of Control Type and Extent of Control – Supplemental
1Does the organization have a documented process to identify outsourced processes and to select the types and extent of controls used to verify the conformity of externally provided products, processes, and services to internal (organizational) and external customer requirements? 
2Does the process include the criteria and actions to escalate or reduce the types and extent of controls and development activities based on supplier performance and assessment of the product, material, or service risks? Statutory and Regulatory Requirements
1Does the organization document their process to ensure that purchased products, processes, and services conform to the current applicable statutory and regulatory requirements in the country of receipt, the country of shipment, and the customer-identified country of destination if provided? 
2If the customer defines special controls for certain products with statutory and regulatory requirements, does the organization ensure they are implemented and maintained as defined, including at suppliers? Supplier Quality Management System Development
1Does the organization require their suppliers of automotive products and services to develop, implement, and improve a quality management system certified to ISO 9001, unless otherwise authorized by the customer, with the ultimate objective of becoming certified to this Automotive QMS Standard? 
2Unless otherwise specified by the customer, is the following sequence applied to achieve this requirement:


  1. compliance to ISO 9001 through second-party audits;
  2. certification to ISO 9001 through third-party audits; unless otherwise specified by the customer, do suppliers to the organization demonstrate conformity to ISO 9001 by maintaining a third-party certification issued by a certification body bearing the accreditation mark of a recognized IAF MLA (International Accreditation Forum Multilateral Recognition Arrangement) member and where the accreditation body’s main scope includes management system certification to ISO / IEC 17021;
  3. certification to ISO 9001 with compliance to other customer-defined QMS requirements (such as Minimum Automotive Quality Management System Requirements for Sub-Tier Suppliers [MAQMSR] or equivalent) through second-party audits;
  4. certification to ISO 9001 with compliance to IATF 16949 through second-party audits;
  5. certification to 16949 through third-party audits (valid third-party certification of the supplier to IATF 16949 by an IATF-recognized certification body)? Automotive product-related software or automotive products with embedded software
1Does the organization require their suppliers of automotive product-related software, or automotive products with embedded software, to implement and maintain a process for software quality assurance for their products? 
2Is a software development assessment methodology utilized to assess the supplier’s software development process? 
3Using prioritization based on risk and potential impact to the customer, does the organization require the supplier to retain documented information of a software development capability self-assessment? Supplier Monitoring
1Does the organization have a documented process and criteria to evaluate supplier performance in order to ensure the conformity of externally provided products, processes, and services to internal and external customer requirements? 
2At a minimum, are the following supplier performance indicators monitored:


  1. delivered product conformity to requirements;
  2. customer disruptions at the receiving plant, including yard, holds and stop ships;
  3. delivery schedule performance;
  4. the number of occurrences of premium freight?
3If provided by the customer, does the organization also include the following, as appropriate, in their supplier performance monitoring:


  1. special status customer notifications related to quality or delivery issues;
  2. dealer returns, warranty, field actions, and recalls? Second-party audits
1Does the organization include a second-party audit process in its supplier management approach?
Second-party audits may be used for the following: a) supplier risk assessment; b) supplier monitoring; c) supplier QMS development; d) product audits; e) process audits.
2Based on risk analysis, including product safety/regulatory requirements, the performance of the supplier, and QMS certification level, at a minimum, does the organization document the criteria for determining the need, type, frequency, and scope of second-party audits? Does the organization retain records of the second-party audit reports? 
3If the scope of the second-party audit is to assess the supplier’s quality management system, is the approach consistent with the automotive process approach? Supplier Development
1Does the organization determine the priority, type, extent, and timing of required supplier development actions for its active suppliers? 
2Do determination inputs include performance issues identified through supplier monitoring? 
3Do determination inputs include second-party audit findings? 
4Do determination inputs include third-party quality management system certification status? 
5Do determination inputs include risk analysis? 
6Does the organization implement actions necessary to resolve open (unsatisfactory) performance issues and pursue opportunities for continual improvement? 
8.4.3 Information for External Providers Information for External Providers – Supplemental
1Does the organization pass down all applicable statutory and regulatory requirements and special product and process characteristics to their suppliers and require the suppliers to cascade all applicable requirements down the supply chain to the point of manufacture? 
8.5 Production and Service provision
8.5.1 Control of Production and Service provision Control Plan
1Does the organization develop control plans at the system, subsystem, component, and/or material level for the relevant manufacturing site and all product supplied, including those for processes producing bulk materials as well as parts? 
2 Are family control plans acceptable for bulk material and similar parts using a common manufacturing process? 
3Does the organization have a control plan for pre-launch and production that shows linkage and incorporates information from the design risk analysis (if provided by the customer), process flow diagram, and manufacturing process risk analysis outputs (such as FMEA)? 
4Does the organization, if required by the customer, provide measurement and conformity data collected during execution of either the pre-launch or production control plans? 
5Does Control plan include controls used for the manufacturing process control, including verification of job set-ups? 
6Does Control plan include first-off / last-off part validation, as applicable? 
7Does Control plan include methods for monitoring of control exercised over special characteristics, defined by both the customer and the organization? 
8Does Control plan include the customer-required information, if any? 
9Does Control plan includes a specified reaction plan when nonconforming product is detected, the process becomes statistically unstable or not statistically capable? 
10Does the organization review control plans and update when it has shipped nonconforming product to the customer? 
11Does the organization review control plans and update when any change occurs affecting product, manufacturing process, measurement, logistics, supply sources, production volume changes, or risk analysis (FMEA)? 
12Does the organization review control plans and update after a customer complaint and implementation of the associated corrective action, when applicable? 
13Does the organization review control plans and update at a set frequency based on a risk analysis? 
14If required by the customer, does the organization obtain customer approval after review or revision of the control plan? Standardised Work – Operator Instructions and Visual Standards
1Does the organization ensure that standardised work documents are communicated to and understood by the employees who are responsible for performing the work? 
2Is it legible and presented in the language understood by the personnel responsible to follow them? 
3Is it accessible for use at the designated work area? 
4 Do the standardised work documents also include rules for operator safety? Verification of Job Set-Ups
1Does the organization verify job set-ups when performed, such as an initial run of a job, material changeover, or job change that requires a new set-up? 
2Does the organization maintain documented information for set-up personnel? 
3Does the organization use statistical methods of verification, where applicable? 
4Does the organization perform first-off/last-off part validation, as applicable; where appropriate, are first-off parts retained for comparison with the last-off parts; where appropriate, are last-off parts retained for comparison with first-off parts in subsequent runs? 
5Does the organization retain records of process and product approval following set-up and first-off/last-off part validations? Verification After Shutdown
1Does the organization define and implement the necessary actions to ensure product compliance with requirements after a planned or unplanned production shutdown period? Total Productive Maintenance
 1Does the organization develop, implement, and maintain a documented total productive maintenance system? 
 2Does the system include identification of process equipment necessary to produce the conforming product at the required volume? 
 3Does the system include the availability of replacement parts for the equipment identified? 
 4Does the system include the provision of resource for the machine, equipment, and facility maintenance? 
 5Does the system include packaging and preservation of equipment, tooling, and gauging? 
 6Does the system include applicable customer-specific requirements? 
 7Does the system include documented maintenance objectives, for example, OEE (Overall Equipment Effectiveness), MTBF (Mean Time Between Failure), and MTTR (Mean Time To Repair), and Preventive Maintenance compliance metrics? 
 8Does performance to the maintenance objectives form an input into management review? 
 9Does the system include a regular review of maintenance plan and objectives and a documented action plan to address corrective actions where objectives are not achieved? 
 10 Does the system include the use of preventive maintenance methods? 
 11 Does the system include the use of predictive maintenance methods, as applicable? 
 12 Does the system include periodic overhaul? Management of Production Tooling and Manufacturing, Test, Inspection Tooling and Equipment
 1 Does the organization provide resources for tool and gauge design, fabrication, and verification activities for production and service materials and for bulk materials, as applicable? 
 2Does the organization establish and implement a system for production tooling management, whether owned by the organization or the customer? 
 3Does the Production tooling management include maintenance and repair facilities and personnel? 
 4Does Production tooling management include storage and recovery? 
 5Does Production tooling management include set-up and tool-change programmes for perishable tools? 
 6Does the Production tooling management include tool design modification documentation, including engineering change level of the product? 
 7Does the Production tooling management include tool modification and revision to documentation? 
 8Does the Production tooling management include tool identification, such as serial or asset number; the status, such as production, repair or disposal; ownership; and location? 
 9 Does the organization verify that customer-owned tools, manufacturing equipment, and test/inspection equipment are permanently marked in a visible location so that the ownership and application of each item can be determined? 
 10 Does the organization implement a system to monitor these activities if any work is outsourced? Production Scheduling
1Does the organization ensure that production is scheduled in order to meet customer orders/demands such as Just-In-Time (JIT) and is supported by an information system that permits access to production information at key stages of the process and is order-driven? 
2Does the organization include relevant planning information during production scheduling, e.g. customer orders, supplier on-time delivery performance, capacity, shared loading (multi-part station), lead time, inventory level, preventive maintenance, and calibration? 
8.5.2 Identification and Traceability Identification and Traceability – Supplemental
1Does the organization implement identification and traceability processes to support identification of clear start and stop points for product received by the customer or in the field that may contain quality and/or safety-related nonconformities? 
2Does the organization conduct an analysis of internal, customer, and regulatory traceability requirements for all automotive products, including developing and documenting traceability plans, based on the levels of risk or failure severity for employees, customers, and consumers? By the way, for those of you who are looking for 18 wheeler truck accident lawyers, visit They can assist you in any legal help especially in car accidents. 
3Do these plans define the appropriate traceability systems, processes, and methods by product, process, and manufacturing location? 
4Do these plans enable the organization to identify nonconforming and/or suspect product? 
5Do these plans enable the organization to segregate non-conforming and/or suspect product? 
6Do these plans ensure the ability to meet the customer and/or regulatory response time requirements? 
7 Do these plans ensure documented information is retained in the format (electronic, hardcopy, archive) that enables the organization to meet the response time requirements? 
8 Do these plans ensure serialized identification of individual products, if specified by the customer or regulatory standards? 
9Do these plans ensure the identification and traceability requirements are extended to externally provided products with safety/regulatory characteristics? 
8.5.4 Preservation Preservation – Supplemental
1Does preservation include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection? 
2Does preservation apply to materials and components from external and/or internal providers from receipt through processing, including shipment and until delivery to/acceptance by the customer? 
3In order to detect deterioration, does the organization assess at appropriate planned intervals the condition of the product in stock, the place/type of storage container, and the storage environment? 
4Does the organization use an inventory management system to optimize inventory turns over time and ensure stock rotation, such as “first-in-first-out” (FIFO)? 
5Does the organization ensure that obsolete product is controlled in a manner similar to that of the nonconforming product? 
6Do organizations comply with preservation, packaging, shipping, and labelling requirements as provided by their customers? 
8.5.5 Post Delivery activities Feedback of Information from Service
1Does the organization ensure that a process for communication of information on service concerns to manufacturing, material handling, logistics, engineering, and design activities is established, implemented, and maintained? 



Is the organization aware of nonconforming products and materials that may be identified at the customer location or in the field. ? 
3Where applicable does “Service Concerns” include the results of field failure test analysis? Service Agreement with Customer
1When there is a service agreement with the customer, does the organization verify that the relevant service centres comply with applicable requirements? 
2Does the organization verify the effectiveness of any special purpose tools or measurement equipment? 
3Does the organization ensure that all service personnel are trained in applicable requirements? 
8.5.6 Control of Changes Control of Changes – Supplemental
1Does the organization have a documented process to control and react to changes that impact product realization? 
2Are the effects of any change, including those changes caused by the organization, the customer, or any supplier, assessed? 
3Does the organization define verification and validation activities to ensure compliance with customer requirements? 
4Does the organization validate changes before implementation? 
5Does the organization document evidence of related risk analysis? 
6Does the organization retain records of verification and validation? 
7Do changes, including those made at suppliers, require a production trial run for verification of changes such as changes to part design, manufacturing location, or manufacturing process to validate the impact of any changes on the manufacturing process? 
8When required by the customer, does the organization notify the customer of any planned product realization changes after the most recent product approval? 
9When required by the customer, does the organization obtain documented approval, prior to the implementation of the change? 
10When required by the customer, does the organization complete additional verification or identification requirements, such as production trial run and new product validation? Temporary Change of Process Controls
1Does the organization identify, document, and maintain a list of the process controls, including inspection, measuring, test, and error-proofing devices, that includes the primary process control and the approved back-up or alternate methods? 
2Does the organization document the process that manages the use of alternate control methods? 
3Does the organization include in this process, based on risk analysis (such as FMEA), severity, and the internal approvals to be obtained prior to production implementation of the alternate control method? 
4Before shipping product that was inspected or tested using the alternate method, if required, does the organization obtain approval from the customer(s)? 
5Does the organization maintain and periodically review a list of approved alternate process control methods that are referenced in the control plan? 
6Are standard work instructions available for each alternate process control method? 
7Does the organization review the operation of alternate process controls on a daily basis, at a minimum, to verify the implementation of standard work with the goal to return to the standard process as defined by the control plan as soon as possible? Example methods include but are not limited to the following:


  1. daily quality-focused audits (e.g. layered process audits, as applicable)
  2. daily leadership meetings.
8Is restart verification documented for a defined period based on severity and confirmation that all features of the error-proofing device or process are effectively reinstated? 
9Does the organization implement traceability of all product produced while any alternate process control devices or processes are being used (e.g. verification and retention of the first piece and last piece from every shift)? 
8.6 Release of Products and Services
8.6.1 Release of Products and Services – Supplemental
 1Does the organization ensure that the planned arrangements to verify that the product and service requirements have been met encompass the control plan and are documented as specified in the control plan? 
 2Does the organization ensure that the planned arrangements for the initial release of products and services encompass product or service approval? 
 3Does the organization ensure that product or service approval is accomplished after changes following the initial release, according to ISO 9001, Section 8.5.6? 
8.6.2 Layout Inspection and Functional Testing
 1Is a layout inspection and a functional verification to applicable customer engineering material and performance standards performed for each product as specified in the control plans? 
 2Are results available for customer review? 
NOTE 1: Layout inspection is the complete measurement of all product dimensions shown on the design record(s). NOTE 2: The frequency of layout inspection is determined by the customer.
8.6.3 Appearance Items
 1For organizations manufacturing parts designated by the customer as “appearance items”, does the organization provide appropriate resources, including lighting, for evaluation? 
 2Does the organization provide masters for colour, grain, gloss, metallic brilliance, texture, distinctness of image (DOI), and haptic technology, as appropriate? 
 3Does the organization provide maintenance and control of appearance masters and evaluation equipment? 
 4Does the organization provide verification that personnel making appearance evaluations are competent and qualified to do so? 
8.6.4 Verification and Acceptance of Conformity of Externally Provided Products and Services
 1Does the organization have a process to ensure the quality of externally provided processes, products, and services utilizing one or more of the following methods:


  1. receipt and evaluation of statistical data provided by the supplier to the organization;
  2. receiving inspection and/or testing, such as sampling based on performance;
  3. second-party or third-party assessments or audits of supplier sites when coupled with records of acceptable delivered product conformance to requirements;
  4. part evaluation by a designated laboratory;
  5.  another method agreed with the customer?
8.6.5 Statutory and Regulatory Conformity
 1Prior to the release of externally provided products into its production flow, does the organization confirm and is it able to provide evidence that externally provided processes, products, and services conform to the latest applicable statutory, regulatory, and other requirements in the countries where they are manufactured and in the customer-identified countries of destination if provided? 
8.6.6 Acceptance Criteria
 1Is acceptance criteria defined by the organization and, where appropriate or required, approved by the customer? 
 2 For attributed data sampling, is the acceptance level zero defects? 
8.7 Control of Non conforming outputs Customer Authorization for Concession
1Does the organization obtain a customer concession or deviation permit prior to further processing whenever the product or manufacturing process is different from that which is currently approved? 
2Does the organization obtain customer authorization prior to further processing for “use as is” and rework dispositions of the nonconforming product? 
3 If sub-components are reused in the manufacturing process, is that sub-component reuse clearly communicated to the customer in the concession or deviation permit? 
4Does the organization maintain a record of the expiration date or quantity authorized under concession? 
5Does the organization also ensure compliance with the original or superseding specifications and requirements when the authorization expires? 
6Is material shipped under concession properly identified on each shipping container (this applies equally to purchased product)? 
7Does the organization approve any requests from suppliers before submission to the customer? Control of Nonconforming Product – Customer – Specified Process
 1Does the organization comply with applicable customer-specified controls for the nonconforming product? Control of Suspect Product
 1Does the organization ensure that product with unidentified or suspect status is classified and controlled as a nonconforming product? 
 2Does the organization ensure that all appropriate manufacturing personnel receive training for containment of suspect and non-conforming product? Control of Reworked Product
1Does the organization utilize risk analysis (such as FMEA) methodology to assess risks in the rework process prior to a decision to rework the product? 
2If required by the customer, does the organization obtain approval from the customer prior to commencing rework of the product? 
3Does the organization have a documented process for rework confirmation in accordance with the control plan or other relevant documented information to verify compliance with original specifications? 
4 Are instructions for disassembly or rework, including re-inspection and traceability requirements, accessible to and utilized by the appropriate personnel? 
5Does the organization retain documented information on the disposition of reworked product including quantity, disposition, disposition date, and applicable traceability information? Control of Repaired Product
1Does the organization utilize risk analysis (such as FMEA) methodology to assess risks in the repair process prior to a decision to repair the product? 
2Does the organization obtain approval from the customer before commencing repair of the product? 
3Does the organization have a documented process for repair confirmation in accordance with the control plan or other relevant documented information? 
4Are instructions for disassembly or repair, including re-inspection and traceability requirements, accessible to and utilized by the appropriate personnel? 
5Does the organization obtain documented customer authorization for a concession for the product to be repaired? 
6Does the organization retain documented information on the disposition of repaired product including quantity, disposition, disposition date, and applicable traceability information? Customer Notification
 1Does the organization immediately notify the customers in the event that nonconforming product has been shipped? 
 2Is initial communication followed with detailed documentation of the event? Nonconforming Product Disposition
1Does the organization have a documented process for disposition of nonconforming product not subject to rework or repair? 
2For product not meeting requirements, does the organization verify that the product to be scrapped is rendered unusable prior to disposal? 
3The organization shall not divert nonconforming product to service or other use without prior customer approval. 
9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General Monitoring and Measurement of Manufacturing Processes
1Does the organization perform process studies on all new manufacturing (including assembly or sequencing) processes to verify process capability and to provide additional input for process control, including those for special characteristics? 
2For manufacturing processes where it may not be possible to demonstrate product compliance through process capability, are alternate methods such as batch conformance to the specification used? 
3Does the organization maintain manufacturing process capability or performance results as specified by the customer’s part approval process requirements? 
4Does the organization verify that the process flow diagram, PFMEA, and control plan are implemented? 
5Does the organization adherence to the following:


  1. measurement techniques;
  2. sampling plans;
  3. acceptance criteria;
  4. records of actual measurement values and/or test results for variable data;
  5. reaction plans and escalation process when acceptance criteria are not met
6Are significant process events, such as tool change or machine repair, recorded and retained as documented information? 
7Does the organization initiate a reaction plan indicated on the control plan and evaluated for impact on compliance to specifications for characteristics that are either not statistically capable or are unstable? 
8Does these reaction plans include containment of product and 100 percent inspection, as appropriate? 
9Is a corrective action plan developed and implemented by the organization indicating specific actions, timing, and assigned responsibilities to ensure that the process becomes stable and statistically capable.? 
10Do the organization review the plans with and approved by the customer, when required. ? 
11Does the organization maintain records of effective dates of process changes.? Identification of Statistical Tools
1Does the organization determine the appropriate use of statistical tools? 
2Does the organization verify that appropriate statistical tools are included as part of the advanced product quality planning (or equivalent) process and included in the design risk analysis (such as DFMEA) (where applicable), the process risk analysis (such as PFMEA), and the control plan? Application of Statistical Concepts
1Are statistical concepts, such as variation, control (stability), process capability, and the consequences of over-adjustment, understood and used by employees involved in the collection, analysis, and management of statistical data? 
9.1.2. Customer satisfaction Customer Satisfaction – Supplemental
1Is customer satisfaction with the organization monitored through continual evaluation of internal and external performance indicators to ensure compliance to the product and process specifications and other customer requirements? 
2Are performance indicators based on objective evidence and include but not limited to the following: a) delivered part quality performance? 
3Does performance indicators include customer disruptions? 
4Does performance indicators include field returns, recalls, and warranty (where applicable)? 
5Does performance indicators include delivery schedule performance (including incidents of premium freight)? 
6Does performance indicators include customer notifications related to quality or delivery issues, including special status? 
7Does the organization monitor the performance of manufacturing processes to demonstrate compliance with customer requirements for product quality and process efficiency? 
8Does the organization monitor the performance of manufacturing processes to demonstrate compliance with customer requirements for product quality and process efficiency? 
9Does the organization monitor the performance of manufacturing processes to demonstrate compliance with customer requirements for product quality and process efficiency? 
10Do the organization record analytical results and do the organization retain and control these records? 
9.1.3. Analysis and evaluation Prioritization
1Are trends in quality and operational performance compared with progress toward objectives and lead to action to support prioritization of actions for improving customer satisfaction? 
9.2 Internal Audit Internal Audit Programme
1Does the organization have a documented internal audit process? 
2Does the process include the development and implementation of an internal audit programme that covers the entire quality management system including quality management system audits, manufacturing process audits, and product audits? 
3Is the audit programme prioritized based upon risk, internal and external performance trends, and criticality of the processes? 
4Where the organization is responsible for software development, does the organization include software development capability assessments in their internal audit programme? 
5Is the frequency of audits reviewed and, where appropriate, adjusted based on the occurrence of process changes, internal and external nonconformities, and/or customer complaints? 
6 Is the effectiveness of the audit programme reviewed as a part of the management review? Quality Management System Audit
1Does the organization audit all quality management system processes over each three-year calendar period, according to an annual programme, using the process approach to verify compliance with this Automotive QMS Standard? 
2Integrated with these audits, does the organization sample customer-specific quality management system requirements for effective implementation? Manufacturing Process Audit
1Does the organization audit all manufacturing processes over each three-year calendar period to determine their effectiveness and efficiency using customer-specified required approaches for process audits? 
2Where not defined by the customer, does the organization determine the approach be used? 
3Within each individual audit plan, is each manufacturer process audited on all shifts where it occurs, including the appropriate sampling of the shift handover? 
4Does the manufacturing process audit include an audit of the effective implementation of the process risk analysis (such as PFMEA), control plan, and associated documents? Product Audit
1Does the organization audit products using customer-specific required approaches at appropriate stages of production and delivery to verify conformity to specified requirements? 
2Where not defined by the customer, does the organization define the approach to be used? 
9.3 Management review
9.3.1 General Management Review – Supplemental
1Is management review conducted at least annually? 
2Is the frequency of management review(s) increased based on risk to compliance with customer requirements resulting from internal or external changes impacting the quality management system and performance-related issues? 
9.3.2 Management review inputs Management Review Inputs – Supplemental
1Does input to management review include the cost of poor quality (cost of internal and external nonconformance)? 
2Does input to management review include measures of process effectiveness? 
3Does input to management review include measures of process efficiency? 
4Does input to management review include product conformance? 
5Does input to management review include assessments of manufacturing feasibility made for changes to existing operations and for new facilities or new product? 
6Does input to management review include customer satisfaction? 
7Does input to management review include a review of performance against maintenance objectives? 
8Does input to management review include warranty performance where applicable? 
9Does input to management review include a review of customer scorecards where applicable? 
10Does input to management review include identification of potential field failures identified through risk analysis (such as FMEA)? 
11Does input to management review include actual field failures and their impact on safety or the environment? 
9.3.3 Management review outputs Management Review Outputs – Supplemental
1Does top management document and implement an action plan when customer performance targets are not met? 
10 Improvement
10.2 Non-conformity and corrective action
10.2.3 Problem Solving
1Does the organization have documented processes for problem-solving? 
2Has the organization defined approaches for various types and scale of problems (e.g. new product development, current manufacturing issues, field failures, audit findings)? 
3Does the process include containment, interim actions, and related activities necessary for control of nonconforming outputs? 
4Does it include root cause analysis, the methodology used, analysis, and results? 
5Does it include implementation of systemic corrective actions, including consideration of the impact on similar processes and products? 
6Does the organization verify the effectiveness of implemented corrective actions? 
7 Does the organization reviews and, where necessary, update the appropriate documented information (e.g. PFMEA, control plan)? 
8Where the customer has specified prescribed processes, tools, or systems for problem-solving, does the organization use those processes, tools, or systems, unless otherwise approved by the customer? 
10.2.4 Error-Proofing
1Does the organization have a documented process to determine the use of appropriate error-proofing methodologies? 
2Are details of the method used documented in the process risk analysis (such as PFMEA) and are test frequencies documented in the control plan? 
3Does the process include the testing of error-proofing devices for failure or simulated failure? 
4Are records maintained? 
5Are challenge parts, when used, identified, controlled, verified, and calibrated where feasible? 
6Do error-proofing device failures have a reaction plan? 
10.2.5 Warranty Management Systems
1When the organization is required to provide a warranty for its products, does the organization implement a warranty management process? 
2Does the organization include in the process a method for warranty part analysis, including NTF (no trouble found)? 
3When specified by the customer, does the organization implement the required warranty management process? 
10.2.6 Customer Complaints and Field Failure Test Analysis
1Does the organization perform analysis on customer complaints and field failures, including any returned parts, and does it initiate problem-solving and corrective action to prevent recurrence? 
2Where requested by the customer, does this include analysis of the interaction of embedded software of the organization’s product within the system of the final customer’s product? 
3Does the organization communicate the results of testing/analysis to the customer and also within the organization? 
10.3 Continual improvement
10.3.1 Continual Improvement – Supplemental
1Does the organization have a documented process for continual improvement? 
2Does it include the identification of the methodology used, objectives, measurement, effectiveness, and documented information? 
3Does it include a manufacturing process improvement action plan with emphasis on the reduction of process variation and waste? 
4Does it include risk analysis (such as FMEA)? 
NOTE: Continual improvement is implemented once manufacturing processes are statistically capable and stable or when product characteristics are predictable and meet customer requirements.

Subscribe to get access

Read more of this content when you subscribe today.

Back to Home Page

If you need assistance or have any doubt and need to ask any question contact me at You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.