Customer-specific requirements (IATF only)
Plain-language summary
Every automotive customer adds their own rulebook (CSRs) on top of IATF — these must be evaluated and woven into your QMS, not filed and forgotten.
What the clause is really asking
OEMs and Tier-1s publish supplier quality manuals, PPAP levels, packaging rules, portal procedures. The clause requires you to obtain them, evaluate what they demand, and embed those demands into your processes. A CSR you have not implemented is a nonconformity waiting for the next audit — or worse, a customer escalation.
What auditors look for
Auditors pull your CSR register and check revisions against the customer portals, then sample individual CSR requirements and trace them into your procedures and records: the specified PPAP level used, required statistical methods, mandated logistics labels. They ask who monitors CSR updates and what happens when one changes.
Typical evidence
CSR register with revision and date; gap assessments per customer; procedures cross-referencing CSR requirements; portal access records and update logs.
How to comply — recommendations
Build a CSR matrix per customer: requirement, where it lives in our system, owner. Subscribe portal notifications to a role mailbox (not a person who may resign). Run a gap review whenever a CSR revision lands, and keep the review as evidence.
Common nonconformities
CSR register one revision behind the portal; a CSR requirement (e.g., annual layout inspection) simply not implemented; portal notifications going to an ex-employee's inbox.
Related clauses
Builds on ISO 9001 4.3 / 8.2.2
Qlause provides interpretive guidance only and is not a substitute for the standard. Refer to your licensed copy of ISO 9001 / IATF 16949 for the authoritative text.