D&D changes — supplemental (IATF only)
Plain-language summary
Every design change after product approval gets evaluated for impact, validated before implementation, and where required by the customer — approved by them first; embedded software changes are documented at both software and hardware level.
What the clause is really asking
Post-PPAP changes are the dangerous kind: assess impact on form/fit/function/performance/durability, validate against customer requirements before going live, obtain customer approval where their CSRs require it, and keep software revision documentation where applicable.
What auditors look for
Auditors cross-check change records against customer approval requirements in the CSRs, look for validation evidence dated BEFORE implementation, and for software-containing products check revision-level documentation.
Typical evidence
Change impact assessments; customer approval correspondence; pre-implementation validation records; software/hardware revision logs.
How to comply — recommendations
Add two gates to your ECN flow for post-approval changes: 'customer approval required? (check CSR)' and 'validation complete?'. Neither gate passable by deadline pressure.
Common nonconformities
Changes shipped before customer approval the CSR requires; validation after implementation; software revision undocumented.
Related clauses
Builds on ISO 9001 8.3.6; links IATF 8.3.4.4, 4.3.2
Qlause provides interpretive guidance only and is not a substitute for the standard. Refer to your licensed copy of ISO 9001 / IATF 16949 for the authoritative text.