Clause Explorer

Know the world your business operates in — the outside pressures and internal realities that help or hurt your ability to deliver quality — and keep that picture current.

Know who has a legitimate stake in your quality — customers, authorities, employees, suppliers, owners — and what each of them actually requires of you.

Draw the boundary honestly: which products, sites and processes your QMS covers — and justify anything you claim does not apply to you.

IATF closes the scope loopholes: supporting functions — on site or remote (head office, design centres, distribution) — must be inside the QMS, and the ONLY permitted exclusion is product design (8.3), never manufacturing process design.

Every automotive customer adds their own rulebook (CSRs) on top of IATF — these must be evaluated and woven into your QMS, not filed and forgotten.

Run the business as a set of connected processes — each with an owner, inputs, outputs, performance measures and risks — supported by the documents and records they need.

You are accountable for the conformity of everything you supply — including outsourced processes and service/spare parts — to every customer, statutory and regulatory requirement.

Safety-related products and characteristics demand documented, end-to-end management — from identification and special approvals to trained people, traceability and cascading the requirements down your supply chain.

Top management must personally own the QMS — accountable for whether it works, not spectators who delegated quality to the quality manager.

The company must define and live corporate responsibility policies — at minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation ('whistle-blower') policy.

Top management must review not only whether processes work (effectiveness) but what they cost in waste and resources (efficiency) — and the results must reach management review.

Every QMS process needs an identified owner who understands the role and is competent to do it — names, not vague departments.

Leadership must make sure customer requirements — including the legal ones — are understood and met, the risks to conformity are managed, and enhancing customer satisfaction stays the visible aim.

A quality policy that genuinely fits your business: a frame for objectives, a commitment to meeting requirements and improving — written, communicated, understood and applied, not laminated and ignored.

Everyone with a QMS role must know it — responsibilities assigned, communicated and understood, including who ensures conformity, who reports on QMS performance, and who guards system integrity during changes.

Top management must put names against the customer-facing duties: special characteristics, quality objectives and training, corrective and preventive actions, product design and development, capacity analysis, logistics, customer scorecards and customer portals.

The people responsible for product conformity must have the power to stop shipment and stop production to contain a problem — on every shift — and nonconforming product must not move without proper disposition.

Before things go wrong, work out what could — and what could go right — and plan actions proportionate to the impact on your product and customers.

Risk analysis must include, at minimum, the hard lessons: product recalls, audit findings, field returns and complaints, scrap and rework — learn from what has already hurt you.

Stop problems before they occur: a defined process to find potential nonconformities and act on them proportionate to their impact — including using lessons learned from similar processes elsewhere.

Plan for the bad days: documented, tested contingency plans for whatever could interrupt supply — equipment failure, utility interruption, labour shortage, key supplier failure, cyber-attack — so the customer keeps receiving conforming parts.

Set measurable quality objectives where they matter — relevant functions, levels and processes — consistent with the policy, and plan concretely how each will be achieved: what, who, when, with what, and how judged.

Objectives must include customer expectations, be achievable in defined timeframes, and be reviewed at least annually by top management — automotive customers expect their targets inside your targets.

Change the QMS deliberately, never by drift: consider why, what could go wrong, who needs resources and where responsibilities move — before the change, not after the chaos.

Provide the resources the QMS actually needs — money, people, equipment, time — looking honestly at what you have, what constrains you, and what must come from outside.

Provide and maintain the buildings, equipment, utilities, transport and IT your processes need to make conforming product — maintained being the operative word.

Plant layout and equipment plans must be developed cross-functionally using risk thinking and lean principles — optimise material flow and value-add, and re-evaluate whenever capacity or processes change.

Provide and maintain the working environment your processes need for conforming product — the relevant mix of physical conditions and, where it genuinely affects quality, the human climate.

Keep premises in order: clean, orderly and in good repair, consistent with product and process needs — institutionalised housekeeping, automotive style.

Making sure the instruments and methods you use to check product are themselves trustworthy — the right tool, working properly, calibrated where it matters.

Knowing your gauge is calibrated is not enough — MSA asks whether the whole measurement SYSTEM (gauge + operator + method + environment) can actually distinguish good from bad on each control-plan measurement.

Calibration records must tell the full story: traceable standards, as-found/as-left readings, and — critically — documented assessment of product risk whenever an instrument is found out of specification.

Internal labs need a defined scope and demonstrated competence for every test they perform; external labs must be accredited (ISO/IEC 17025 or national equivalent) or specifically customer-approved.

Capture and protect the knowledge your business runs on — the recipes, fixes and customer quirks living in people's heads — and plan how to gain what you will need next.

Make sure everyone whose work affects quality can actually do their job — define what competent means per role, check against it, close gaps, and prove it with records.

A documented training process covering awareness and competence needs (including customer requirements), plus structured on-the-job training for any new or changed role affecting quality — down to contract and agency staff.

Internal auditors must be demonstrably competent for what they audit — system, process or product — with documented criteria covering audit approach, automotive process thinking, CSRs, core tools and the standards themselves, and competence maintained over time.

The people you send to audit your suppliers must meet documented competence requirements too — supplier audits done by the unqualified create risk, not assurance.

Everyone working under your control — including contractors — must know the policy, their relevant objectives, how they contribute to quality, and what it costs when requirements are not met.

People must demonstrably know their impact on quality and the risks of bad product reaching the customer — and the company must actively work on motivation and empowerment, including making improvement everyone's business.

Decide deliberately how the QMS communicates — what gets said, when, to whom, how and by whom — internally and externally, instead of leaving it to corridor chance.

Keep the documents the standard and your own processes need — created properly, identified, current, available where the work happens, protected, and with records that cannot quietly change.

Your QMS must be documented as a quality manual (one document or a set) including scope, documented processes, their sequence and interactions, and a matrix showing where customer-specific requirements are addressed.

A defined retention policy sized to automotive reality: production part approvals, tooling records, design records and purchase orders kept for the production life plus one calendar year — minimum — unless the customer or law says longer.

When a customer engineering standard or spec changes, you must have a documented process to review, distribute and implement it fast — within the timeframe the customer sets, or two weeks if they set none — including updating your own documents and records of the change.

Plan how each product gets made before making it: requirements, criteria for processes and acceptance, resources, controls, and the records that will prove it was done right.

Product planning must include customer requirements and technical specs as inputs, plus logistics, feasibility, project planning and acceptance criteria — and you must keep customer projects and product information confidential.

Define how you talk with customers: product information, enquiries and orders, feedback and complaints, handling their property, and contingency requirements when relevant.

Before you promise, know what you are promising: capture all requirements (stated, unstated-but-necessary, statutory), review that you can actually meet them, and manage changes so everyone works to the same requirement.

Whatever the customer marks as special — safety, fit, function, regulatory — must be identified, documented and controlled exactly as they require, with their symbols and approval rules followed.

Before accepting new or changed work, a multidisciplinary team must analyse whether you can actually make it — to spec, at rate, at capacity — and the analysis must be evidenced.

If you design products (or under IATF, processes), do it as a managed project: defined stages, reviews, verification and validation activities, clear responsibilities, the right people, and records throughout.

IATF widens design to include manufacturing process design and demands a documented D&D procedure; planning must include all affected stakeholders — APQP in all but name.

People doing design must be competent in the applicable tools and techniques; products with embedded software need a documented software quality assurance process with capability assessment.

Gather everything the design must satisfy before designing: functional and performance requirements, lessons from previous designs, statutory rules, standards, and the consequences of failure — complete, unambiguous, conflicts resolved.

IATF specifies the input lists: for product design — requirements from contract review, targets for quality/life/reliability/cost, customer make/buy intent, lessons learned; for process design — product outputs, capacity targets, error-proofing methods, and experience from previous developments.

Identify special characteristics through a defined process — from risk analysis, customer designations and your own knowledge — and carry them visibly through every document: drawings, FMEA, control plan, work instructions.

Control the design as it progresses: reviews to judge progress, verification that outputs meet inputs, validation that the product works in the real application — problems acted on, everything recorded.

Measure design projects at defined stages and report to management (and customer if required); validate per customer requirements including any industry/government timing; run a prototype programme with control plan when the customer requires one.

Before shipping, products and processes must pass the customer's approval process (typically PPAP) — and you must apply the same discipline to your suppliers before their parts enter your approved product.

Design outputs must let the rest of the business succeed: meeting input requirements, adequate for production and service, including monitoring/measuring needs and acceptance criteria, and stating what is essential for safe, proper use.

IATF specifies what design must hand over: for product — DFMEA, results, special characteristics, error-proofing, drawings/GD&T, service/repair information; for process — PFMEA, control plan, layout, work instructions, capacity analysis, process approval acceptance criteria and more.

Once designed, change carefully: identify and review every change, control it to prevent harm to conformity, and record changes, reviews, authorisations and actions.

Every design change after product approval gets evaluated for impact, validated before implementation, and where required by the customer — approved by them first; embedded software changes are documented at both software and hardware level.

Everything you buy that ends up in or affects your product must conform — so evaluate, select, monitor and re-evaluate providers against defined criteria, and keep the records.

Supplier processes get included in your QMS scope where you control them; selection follows a documented process assessing risk, quality, delivery, cost and capability; customer-directed suppliers still get your controls applied.

Match your control effort to the risk: ensure purchased items cannot degrade your output, define controls for both the provider and the incoming result, and verify adequacy.

Define your incoming verification process explicitly, and guarantee that all purchased products and services comply with the statutory and regulatory requirements of the countries of receipt, shipment AND customer destination.

Push your supply chain up the QMS ladder: unless the customer agrees otherwise, suppliers should be developed from basic conformity toward ISO 9001 certification and beyond (with automotive-software suppliers assessed appropriately).

Monitor supplier performance on defined indicators — delivered conformity, disruptions including field issues, delivery performance, premium freight — plus customer disruptions caused by suppliers; use second-party audits per your risk-based programme.

Act on what monitoring finds: prioritised supplier development based on performance and risk — and pass down to suppliers all applicable requirements, statutory/regulatory ones and special characteristics included, cascading the chain.

Tell suppliers exactly what you need before they supply it: the processes/products/services, approval rules, competence requirements, interactions, your monitoring of them, and any verification you or your customer will do at their site.

Running production under controlled conditions — people know what to make, how to make it, how to check it, and the equipment and environment are up to the job.

The control plan is the production rulebook: for every part (or family), at every phase — prototype, pre-launch, production — what is controlled, how, how often, by whom, and what happens when it goes wrong.

Operators work to standardised instructions they can actually use, in their language; every job set-up gets verified (first-off/last-off comparison where applicable); after any shutdown, verify before running.

Maintain production capability as a system: documented TPM with objectives and improvement, full lifecycle management of production tooling (in-house and at suppliers), and order-driven production scheduling fed by key planning information.

Know what every item is and its inspection status at every stage — and where traceability is required, be able to trace it, with records.

Traceability is risk-based but with teeth: documented analysis of traceability requirements per product, ability to identify nonconforming/suspect product clearly, and where customers require it, serialised or lot traceability that supports rapid containment.

Other people's property in your care — tooling, material, designs, data — gets identified, verified, protected, and any loss or damage reported to the owner with records kept.

Protect the product from the process of getting it to the customer: identification, handling, contamination control, packaging, storage, transmission/transport — preserved to the extent conformity requires.

Preservation gets automotive specifics: contamination control, detailed storage rules, cleaning, ESD where relevant — plus inventory management (FIFO expected), obsolescence control, and periodic stock condition assessment.

Your responsibility does not end at the gate: meet the post-delivery requirements that apply — warranty, service, recalls, disposal — scaled to risk, product life and customer requirements.

Information from service must flow back into manufacturing and design (including analysis where the customer requires), and where you have a service agreement with the customer, its centres must meet the agreed requirements.

Production changes — planned or forced — get reviewed and controlled so conformity survives, with records of the review, who authorised, and what actions followed.

Production changes get a documented process with risk-based validation before implementation and customer approval where required; temporary deviations from the control plan (the backup method when the poka-yoke breaks) come from an approved, customer-aware list with restoration discipline.

Nothing ships until planned verification proves it conforms — and the release record names the evidence and the person who authorised it.

Layered automotive tightening: control-plan-defined release arrangements at all stages, evidence of statutory/regulatory conformity before release, and acceptance criteria — with sampling plans for attribute data set at zero-defect acceptance.

Periodically re-prove the whole part: layout inspection (every dimension) and functional verification per control plan and customer frequency — and for appearance parts, masters, evaluation conditions and qualified people.

Purchased product conformity gets assured by a defined mix: receiving inspection, supplier data with verification, assessments/audits, certificate review — your choice, but documented and risk-matched.

Bad product must not travel: identify it, control it, decide its fate (correct, segregate, contain, return, inform the customer, concession), verify corrections, and record what was found, done and decided — including who decided.

Deviating from spec needs the customer's written word: concession/deviation approval before further processing, records of expiry and quantity, compliance with customer-specified processes, prompt customer notification when nonconforming product has shipped, and disposal rules that make unusable product truly unusable.

Suspect product is treated as nonconforming until proven otherwise; rework and repair follow risk-assessed, documented processes with customer approval where required, full traceability, and disposition records.

Decide what to measure, how, when, and when to analyse it — then actually evaluate QMS performance and effectiveness from the data, keeping the evidence.

Prove your manufacturing processes can do the job and stay capable: process studies on new processes, capability maintained as the control plan specifies, and the documented reaction plan executed when capability or stability slips — including 100% containment and customer notification when required.

Statistical methods are chosen deliberately during planning (APQP/PFMEA stage), included in the control plan — and the people using them actually understand variation, control, capability and over-adjustment.

Track how customers actually perceive you — not how you hope they do — using defined methods, and act on what the perception data says.

Customer satisfaction gets measured by hard performance, continuously: delivered part quality, customer disruptions including field returns, delivery schedule performance (and premium freight), and customer notifications on quality or delivery issues — internal indicators verified against the customer's own portal view.

Turn your data into decisions: analyse and evaluate to judge conformity, satisfaction, QMS performance, planning effectiveness, risk actions, supplier performance and improvement needs.

Trends and performance data must drive the priority order of improvement actions — worst and most customer-critical first, visibly.

Audit your own system at planned intervals: does it meet your requirements and the standard's, and is it effectively implemented — with objective auditors, defined criteria, results to management, corrections without delay, and records.

IATF demands a documented audit process and three distinct audit layers over each three-year cycle: full QMS audits (CSRs sampled in), manufacturing process audits covering all shifts (with process approach effectiveness, PFMEA/control plan adherence), and product audits at appropriate stages — programme prioritised by risk, performance and changes.

Leadership reviews the whole QMS at planned intervals against a defined input list and produces real decisions: improvement opportunities, change needs, resource needs — minuted and retained.

At least annually (more often when risk demands), with automotive-specific inputs — cost of poor quality, process effectiveness AND efficiency, warranty, field failures, customer scorecards, feasibility results — and a documented action plan when customer performance targets are missed.

Find and act on improvement opportunities deliberately — better products, fewer future failures, better QMS results — covering correction, corrective action, continual improvement, breakthrough change, innovation and reorganisation.

When something goes wrong, contain it, fix it, find the real cause, and stop it coming back — then check the fix actually worked.

One documented problem-solving process (with defined approaches for different issue types and scales) covering containment through verified effectiveness and systemic prevention — using the customer's format where they prescribe one.

Error-proofing is a documented, planned discipline: opportunities identified in the FMEA process, devices tested per the control plan with failures triggering reaction plans, and challenge parts controlled like gauges.

Where you have warranty obligations: a documented warranty management process including claim analysis and NTF (no trouble found) decisions agreed with the customer; returned parts and field failures get analysed with results reported and corrective action triggered.

Keep making the QMS itself better — suitability, adequacy, effectiveness — using what analysis and management review reveal as needs or opportunities.

A documented continual improvement process: identification of methodology, objectives, measurement, effectiveness — with manufacturing process improvement focused on variation and waste reduction, acting once processes are already capable and stable.